Available Plugins in Tortazo¶
There’s some plugins integrated in Tortazo and you can use them immediately just by loading the plugin in the interpreter using the switch “-P / –use-plugin”.
Plugins for integration with Third-Party tools¶
w3af¶
Plugin Name: w3af
Definition: plugins.thirdparty.w3afPlugin.w3afPlugin
Description:
W3AF is a powerful scanner focused on discovering vulnerabilities and attack in
web applications. As is written in Python and has a GNU/GPL license, you can use the classes and utilities from any script in Python. In this case, the plugin does not only covers the features included in w3af, but also allows the execution of audits in web applications that are hosted in the deep web. In the official release of W3AF, you can’t use any site on the deep web whose target address is an ONION TLD. Using this plugin, allows you to do that.
Function Name | Description | Usage Example |
---|---|---|
help | Shows the banner help. | self.help() |
showPluginsByType | List of available plugins filtered by type. | self.showPluginsByType(“audit”) |
showPluginTypes | List of available plugin types. | self.showPluginTypes() |
getEnabledPluginsByType | Enabled plugins by types. | self.getEnabledPluginsByType(“audit”) |
getPluginTypeDescription | Description for the plugin type specified. | self.getPluginTypeDescription(“audit”) |
getAllEnabledPlugins | List of enabled plugins. | self.getAllEnabledPlugins() |
enablePlugin | Enable a plugin. | self.enablePlugin(“blind_sqli”,”audit”) |
disablePlugin | Disable a plugin. | self.disablePlugin(“blind_sqli”,”audit”) |
enableAllPlugins | Enable all plugins. | self.enableAllPlugins(“audit”) |
disableAllPlugins | Disable all plugins. | self.disableAllPlugins(“audit”) |
getPluginOptions | Get Options for the plugin specified. | self.getPluginOptions(“audit”,”blind_sqli”) |
setPluginOptions | Set Options for the plugin specified. | self.setPluginOptions(“audit”,”eval”,”boolean”,”use_time_delay”,”False”) |
getPluginStatus | Check if the specified plugin is enabled. | self.getPluginStatus(“audit”,”eval”) |
setTarget | Sets the target for the attack (clear web). | self.setTarget(“http://www.target.com”) |
setTargetDeepWeb | Sets the target in the Deep eb of TOR. | self.setTarget(“http://torlongonionpath.onion”) |
startAttack | Starts the attack. | self.startAttack() |
listMiscConfigs | List of Misc Settings. | self.listMiscConfigs() |
setMiscConfig | Sets a Misc Setting. | self.setMiscConfig(“msf_location”,”/opt/msf”) |
listProfiles | List of Profiles. | self.listProfiles() |
useProfile | Use a Profile. | self.useProfile(“profileName”) |
createProfileWithCurrentConfig | Creates a new Profile with the current settings. | self.createProfileWithCurrentConfig(“profileName”, “Profile Description”) |
modifyProfileWithCurrentConfig | Modifies an existing profile with the current settings. | self.modifyProfileWithCurrentConfig(“profileName”, “Profile Description”) |
removeProfile | Removes an existing profile. | self.removeProfile(“profileName”) |
listShells | List of Shells. | self.listShells() |
executeCommand | Executes a command in the specified shell. | self.executeCommand(1,”lsp”) |
listAttackPlugins | List of attack plugins. | self.listAttackPlugins() |
listInfos | List of Infos in the Knowledge Base of W3AF. | self.listInfos() |
listVulnerabilities | List of Vulns in the Knowledge Base of W3AF. | self.listVulnerabilities() |
exploitAllVulns | Exploits all vulns in the Knowledge Base of W3AF. | self.exploitVulns(“sqli”) |
exploitVuln | Exploits the specified Vuln in the Knowledge Base of W3AF. | self.exploitVulns(“sqli”,18) |
w3af Plugin example¶
Interaction Example:
sudo python Tortazo.py -v -D -P w3af -U -T config/config-example/torrc-example -A
nessus¶
Plugin Name: nessus
Definition: plugins.thirdparty.nessusPlugin.nessusPlugin
Description:
This plugin is responsible for executing the authentication process against a Nessus instance and allows you to use the full features of the Nessus engine against the repeaters
analyzed by Tortazo. It has the functions necessary to list the available plugins, manage policies, users, create specific scans, scheduled scans and query reports generated by Nessus. To carry out the interaction between Tortazo and Nessus, the pynessus-rest library is used; which has been developed primarily to meet the needs of this plugin and directly uses the functions available in the latest version of Nessus REST API. In this way, you can run the same tasks that are available from the web interface enabled on Nessus. Connection and authentication must be declared in the properties file located in <TORTAZO_DIR>/config.py, which should specify the details for the connection to the server; these details include the address and port of the Nessus server and the credentials required to access. On other hand, if you want overwrite the configuration values without change the properties file, you can use the switch “-A / –plugin-arguments” with the special keywords “nessusHost”, “nessusPort”, “nessusUser”, “nessusPassword”.
Function Name | Description | Usage Example |
---|---|---|
help | Shows the banner help. | self.help() |
serverLoad | Shows details about the load of the server. Number of opened sessions and memory usage, etc. | self.serverLoad() |
feed | Return the Nessus Feed. | self.feed() |
serverSecureSettingsList | List of Server Secure Settings. | self.serverSecureSettingsList() |
serverRegister | Registers the Nessus server with Tenable Network Security. | self.serverRegister(‘FEED_CODE’) |
serverLoad | Server Load and Platform Type. | self.serverLoad() |
serverUuid | Server UUID. | self.serverUuid() |
userAdd | Create a new user. The third parameter defines the user as administrator (1) or regular user (0). | self.userAdd(‘adastra’,’adastra’,0) |
userEdit | Edit the user specified. The third parameter defines the user as administrator (1) or regular user (0). | self.userEdit(‘adastra’,’new_password’,1) |
userDelete | Delete the user specified. The third parameter defines the user as administrator (1) or regular user (0). | self.userDelete(‘adastra’) |
userChpasswd | Change the password for the user specified. The third parameter defines the user as administrator (1) or regular user (0). | self.userChpasswd(‘adastra’,’new_password’) |
usersList | List of users. | self.usersList() |
pluginsList | List of plugins. | self.pluginsList() |
pluginAttributesList | List of plugins attributes for plugin filtering. | self.pluginListsFamily(‘AIX Local Security Checks’) |
pluginDescription | Returns the entire description of a given plugin. | self.pluginDescription(‘ping_host.nasl’) |
pluginsAttributesFamilySearch | Filters against the family of plugins. | self.pluginsAttributesFamilySearch(‘match’,’or’,’modicon’,’description’) |
pluginsAttributesPluginSearch | Returns the plugins in a family that match a given filter criteria. Check the Nessus documentation to see filter criteria. | self.pluginsAttributesPluginSearch(‘match’,’or’,’modicon’,’description’,’FTP’) |
pluginsMd5 | List of plugin file names and corresponding MD5 hashes. | self.pluginsMd5() |
policyList | List of available policies, policy settings and default values. | self.policyList() |
policyDelete | Delete the policy specified. | self.policyDelete(POLICY_ID) |
policyCopy | Copies an existing policy to a new policy. | self.policyCopy(POLICY_ID) |
policyDownload | Download the policy from the server to the local system. | self.policyDownload(POLICY_ID, /home/user/policy.nessus) |
scanAllRelays | Create a new scan with all relays loaded. | self.scanAllRelays(<POLICY_ID>, ‘newScan’) |
scanByRelay | Create a new scan with the specified relay. | self.scanAllRelays(<POLICY_ID>, ‘newScan’, <IP_OR_NICKNAME>) |
scanStop | Stops the specified started scan. | self.scanStop(<SCAN_UUID>) |
scanResume | Resumes the specified paused scan. | self.scanResume(<SCAN_UUID>) |
scanPause | Pauses the specified actived scan. | self.scanPause(<SCAN_UUID>) |
scanList | List of scans. | self.scanList() |
scanTemplateAllRelays | Create a new scan template (scheduled) with all relays loaded. | self.scanTemplateAllRelays(<POLICY_ID>,<TEMPLATE_NAME>) |
scanTemplateByRelay | Create a new scan template (scheduled) with the specified relay. | self.scanTemplateByRelay(<POLICY_ID>,<TEMPLATE_NEW_NAME>,<IP_OR_NICKNAME>) |
scanTemplateEditAllRelays | Edit the scan template specified with all relays loaded. | self.scanTemplateEditAllRelays(<POLICY_ID>,<TEMPLATE_NEW_NAME>) |
scanTemplateEditByRelay | Edit the scan template specified with the specified relay. | self.scanTemplateEditByRelay(<TEMPLATE_UUID>,<TEMPLATE_NEW_NAME>,<POLICY_ID>,<IP_OR_NICKNAME>) |
scanTemplateDelete | Delete the scan template specified. | self.scanTemplateDelete(<TEMPLATE_UUID>) |
scanTemplateLaunch | Launch the scan template specified. | self.scanTemplateLaunch(<TEMPLATE_UUID>) |
reportList | List of available scan reports. | self.reportList() |
reportDelete | Delete the specified report. | self.reportDelete(<REPORT_UUID>) |
reportHosts | List of hosts contained in a specified report. | self.reportHosts(<REPORT_UUID>) |
reportPorts | List of ports and the number of findings on each port. | self.reportPorts(<REPORT_UUID>,<HOSTNAME>) |
reportDetails | Details of a scan for a given host. | self.reportDetails(<REPORT_UUID>,<HOSTNAME>,<PORT>,<PROTOCOL>) |
reportTags | Tags of a scan for a given host. | self.reportTags(<REPORT_UUID>, <HOSTNAME>) |
reportAttributesList | List of filter attributes associated with a given report. | self.reportAttributesList(<REPORT_UUID>) |
nessus Plugin example¶
Interaction Example:
sudo python Tortazo.py -v -D -P nessus -U -T config/config-example/torrc-example
sudo python Tortazo.py -v -D -P nessus -U -T config/config-example/torrc-example -A nessusHost=192.168.1.20,nessusPort=8834,nessusUser=adastra,nessusPassword=adastra