Developer Plugin Classification - owtf/reboot GitHub Wiki

Reboot uses a class-based hierarchy for defining a plugin.

Overview

Plugins are expected to return a list of dicts. A sample list might look like this

[{
    "type": "suggested_command_box",
    "args": {
        "command": "python3 sqlmap.py -u some_url.com --data 'some_parameters'",
        "header": "Command to run sqlmap"
    }
}, {
    "type": "vulnerability_search_box",
    "args": {
        "search_str": "ASPX"
    }
}]

This list is stored in the database as plugin output in the JSON form. When the interface wants to render this plugin output, a method of reporter is searched using the type parameter and the args are passed to it. A call something like

output_html = ''
for item in plugin_output:
    output_html += getattr(reporter, item["type"])(**item["args"])
return(output_html)

The final html of this output is a combination of a command box and vulnerability search box in the same order.

Hierarchy

The hierarchy in a list form will look like this

  • Base Plugin
    • Static Plugin
      • Dynamic Plugin
    • Grep Plugin

Base Plugin

This is the base class that has methods which are common to all the plugins

Methods

  • multiple_replace(self, text, replacement_dict)
    • text (string) text to be modified
    • replacement_dict (dict) key-value pairs of substrings to be replaced
    • return (string) modified text with all the replacements applied
  • initialize_dir(self, plugin_info)
    • plugin_info (dict) attributes of a plugin
    • return (string) folder path that is created
  • escape(self, text, ext=None)
    • text (string) text to be escaped
    • ext (string) extension of the file (useful in context specific escaping)
    • return (string) escaped text
  • setup(self)
    • Method that has to be overwritten by plugin authors to involve any setup
  • execute(self)
    • return (list) list of dicts
  • tear_down(self)
    • Method that has to be overwritten by plugin authors for cleaning up anything they created
  • ... some more such methods

Static Plugin

The base class consisting of methods like resource list etc..

Methods

  • link_list(self, list_name, links)
    • list_name (string) name of the list of links
    • links (list) list of links
    • return (dict)
  • ..more to be added

Dynamic Plugin

The base class for plugins involving sending any requests to the target

Methods

  • run_command(self, command)
    • command (string) command that has to be run
    • return (dict)
  • ..more to be added

Grep Plugin

The class for all the grep plugins

Methods

  • header_matches(self, regex_names)
    • regex_names (string|list) regex name(s) (Like HEADERS_FOR_XSS_PROTECTION)
    • return (dict) which will be used in reporter for rendering
  • body_matches(self, regex_names)
    • regex_names (string|list) regex names (Like RESPONSE_REGEXP_FOR_HTML_COMMENTS)
    • return (dict) which will be used in reporter for rendering