README

SPECIFICATIONS W3AF-REMOTE

INTRO

This software allows to the remote users to connect and execute common functions included in W3AF. To do that, this software uses the XML-RPC python library included in the standard installation of this language.
Any client (written in any programming language) could invoke the functions defined in the server and parse the responses in XML format. The client just needs to know the XSD schema used by the server to spawn the responses. Programming languages like Java, Perl, Python, among others, have libraries to parse XML files, the client needs to use one of them to parse the XML file returned by the server and then use the data for any porpouse.

XML-RPC SERVER
W3AFRemote runs over W3AF and works like a "proxy", receive requests that are redirected to the W3AF core functions and spawns a XML file with the information returned by W3AF.
The server must be started in the same machine where the W3AF instance is installed and need to know the path where the software is installed.

Steps to install and start the W3AFRemote server.

1- Install W3AF, let's call the installation directory %W3AF_HOME%.

2- In %W3AF_HOME% directory, perform an "svn checkout" from the SVN repository of the project

cd %W3AF_HOME%
svn checkout https://svn.code.sf.net/p/w3afremote/code/trunk w3afRemote

3- Browse to the %W3AF_HOME%/w3afRemote directory and run the server to see the help banner

python w3af_remote.py --help

4- Use the options needed to start the the server. The default settings are:

Interface: 127.0.0.1
Port: 8000
User: w3af
Password: w3af

You can use the --debug option to see the values used to start the XML-RPC service.

---

XML-RPC CLIENT (BUNDLED FOR DEMOSTRATION)
When you get a copy from the SVN repository, you'll get a copy of the XML-RPC server and a client to test the functionalities of the XML-RPC server. With this client you can query the server and get an XML file for every request. The client included in the SVN repository is written in Python, however, as I've said before, you can use any programming language to query the server and there's an active development using this library called DENRIT (https://sourceforge.net/projects/denrit/) which uses W3AFRemote from a Java client, you can checkout the project to see the features included.
To use the client bundled:

---

1. As I've explained before, perform a checkout of the project inside the W3AF Home directory.

2. Start the client:

python testerClient.py

1. Enter the settings to connect with the XML-RPC service.

python testerClient.py

W3AF Host: 0.0.0.0
W3AF Port: 8000
W3AF User: w3af
W3AF Password: w3af
Absolute path of the file to save the response (Every request will be stored in a file using this name and a sequencial number): /root/results.xml
Token Used: pXHKlXWrQApOMat1NR6o0HoeP47GnPpDLnKzXNsCm7xNja3bJpRM1Zz0pA1SdthA
Test Options:
(0) Logout
(1) List Plugins
(2) List Plugin Types
(3) List Plugins By Type
(4) Enable Plugin
(5) Disable Plugin
(6) Enable All Plugins
(7) Disable All Plugins
(8) Configure Plugin
(9) List Plugins Enabled
(10) List Plugins Disabled
(11) Search a profile
(12) List Profiles
(13) Use Profile
(14) Create Profile
(15) Modify Profile
(16) Remove Profile
(17) List Vulnerabilities
(18) Info. Vulnerabilities
(19) Exploit Vulnerability
(20) List Shells
(21) Execute command in shell
(22) List Misc Settings
(23) Change Misc Settings
(99) Exit
Select a number

---

1. Select any option and check the XML file generated. To exit, just enter 99

FOR DEVELOPERS...

Well, you can check the source code of the test client included with the project to see the functions called to the server, however the following are the XML-RPC functions that can be invoked from any client (in any programming language)

---

FUNCTION NAME: authenticate
PARAMETERS: 1. UserName 2. Password
DESCRIPTION: Used to authenticate the user and generate a token that can be used to invoke other functions in the server.

FUNCTION NAME: logout
PARAMETERS: None
DESCRIPTION: Destroy the current authentication token used for the users

FUNCTION NAME: attack_start
PARAMETERS: None
DESCRIPTION: Start the attack with the plugins enabled and settings specified

FUNCTION NAME: attack_target
PARAMETERS: 1. The Target
DESCRIPTION: Set the target of the attack

FUNCTION NAME: plugins_list
PARAMETERS: None
DESCRIPTION: List all plugins in W3AF

FUNCTION NAME: plugins_listByType
PARAMETERS: 1. Plugin Type
DESCRIPTION: List all plugins by type

FUNCTION NAME: plugins_listPluginTypes
PARAMETERS: None
DESCRIPTION: List the plugin types available in W3AF

FUNCTION NAME: plugins_enable
PARAMETERS: 1. Plugin Type 2. Plugin Name
DESCRIPTION: Enable the specified plugin

FUNCTION NAME: plugins_disable
PARAMETERS: 1. Plugin Type 2. Plugin Name
DESCRIPTION: Disable the specified plugin

FUNCTION NAME: plugins_enableAll
PARAMETERS: 1. Plugin Type
DESCRIPTION: Enable all the plugins by type

FUNCTION NAME: plugins_disableAll
PARAMETERS: 1. Plugin Type
DESCRIPTION: Disable all the plugins by type

FUNCTION NAME: plugins_configure
PARAMETERS: 1. Plugin Type 2. Plugin Name 3. Setting Name 4. Setting value
DESCRIPTION: Configure the specified setting in the specified plugin

FUNCTION NAME: plugins_listEnabled
PARAMETERS: None
DESCRIPTION: List the plugins currently enabled.

FUNCTION NAME: plugins_listDisabled
PARAMETERS: None
DESCRIPTION: List the plugins currently disabled.

FUNCTION NAME: profiles_search
PARAMETERS: 1. Profile Name
DESCRIPTION: Search a profile by name

FUNCTION NAME: profiles_list
PARAMETERS: None
DESCRIPTION: List the profiles available in the framework

FUNCTION NAME: profiles_use
PARAMETERS: 1. Profile Name
DESCRIPTION: Use the profile specified

FUNCTION NAME: profiles_create
PARAMETERS: 1. Profile Name 2. Profile Description
DESCRIPTION: Create a new profile with the name and description specified. The plugins for this profile will the plugins enabled in the time when the profile is created

FUNCTION NAME: profiles_modify
PARAMETERS: 1. Profile Name
DESCRIPTION: Modify the profile specified. The new plugins (this is the modification) for this profile will the plugins enabled in the time when the profile is created

FUNCTION NAME: profiles_remove
PARAMETERS: 1. Profile Name
DESCRIPTION: Remove the profile specified.

FINALLY....

If you found bugs or anything that could help to improve this software, please, contact me in the email address:

debiadastra at gmail dot com

Thank you :3

FUNCTION NAME: vulns_list
PARAMETERS: None
DESCRIPTION: List the vulnerabilities found after the attack (this function check the Knowledge Base of W3AF).

FUNCTION NAME: vulns_info
PARAMETERS: None
DESCRIPTION: List the information vulnerabilities found after the attack (this function check the Knowledge Base of W3AF).

FUNCTION NAME: vulns_exploit
PARAMETERS: 1. Plugin used to exploit 2. Vulnerability Id
DESCRIPTION: Exploit the vulnerability specified (by identifier) with the plugin specified.

FUNCTION NAME: shell_list
PARAMETERS: None
DESCRIPTION: List the shells spawned after exploit an vulnerability

FUNCTION NAME: shell_executecmd
PARAMETERS: 1. Shell Id 2. Shell Command
DESCRIPTION: Allows execute the specified command in the specified shell identifier.

FUNCTION NAME: miscSettings_list
PARAMETERS: None
DESCRIPTION: List the Misc. Settings available in W3AF.

FUNCTION NAME: miscSettings_configure
PARAMETERS: 1. Misc. Setting Name 2. Misc. Setting Value
DESCRIPTION: Allows change the value for a Misc. Setting