End User Plugin Classification - owtf/reboot GitHub Wiki
There are 5 (five) types of plugins:
- Active
- Semi-Passive
- Passive
- Grep
- External
Active Plugins
An active plugin will actively test the target, meaning that potentially harmful requests will be sent (e.g. SQL injection payloads).
Example: The W3AF plugin is an active plugin because it runs the tool W3AF which sends potentially harmful requests to the target.
Note: Authorization from the target is needed in order to use such plugins.
Semi-Passive Plugins
A semi-passive plugin will send normal-looking requests to the target. Such requests will not be harmful for the target (e.g. request to /robots.txt
).
Example: The robots.txt plugin is a semi-passive plugin because it will send a legitimate-looking request to the target to GET /robots.txt
. Such request will never harm the target.
Note: No authorization needed for such plugins.
Passive Plugins
A passive plugin will not send any requests to the target. Instead, it will use third-party services (e.g. Google cache).
Example: The Backup and Old referenced files is a passive plugins because it uses Google search to find interesting files in the Google cache.
Note: No authorization needed for such plugins.
Grep Plugins
#TODO
External Plugins
#TODO