option -t not working on develop

[dshah133]

I cloned a fresh repo, and tried to run following command.

./owtf.py -t active http://127.0.0.1

 _____ _ _ _ _____ _____
|     | | | |_   _|   __|
|  |  | | | | | | |   __|
|_____|_____| |_| |__|

        @owtfp
    http://owtf.org

Current Path: ./owtf.py
Syntax: owtf.py [ options ] <target1 target2 target3 ..> where target can be: <target URL / hostname / IP>
                    NOTE: targets can also be provided via a text file


Examples:

Run all web plugins:                         owtf.py http://my.website.com
Run only passive + semi_passive plugins:             owtf.py -t quiet http://my.website.com
Run only active plugins:                     owtf.py -t active http://my.website.com

Run all plugins except 'OWASP-CM-001: Testing_for_SSL-TLS': owtf.py -e 'OWASP-CM-001' http://my.website.com
Run all plugins except 'OWASP-CM-001: Testing_for_SSL-TLS': owtf.py -e 'Testing_for_SSL-TLS' http://my.website.com

Run only 'OWASP-CM-001: Testing_for_SSL-TLS':             owtf.py -o 'OWASP-CM-001' http://my.website.com
Run only 'OWASP-CM-001: Testing_for_SSL-TLS':             owtf.py -o 'Testing_for_SSL-TLS' http://my.website.com

Run only OWASP-IG-005 and OWASP-WU-VULN:             owtf.py -o 'OWASP-IG-005,OWASP-WU-VULN' http://my.website.com
Run using my resources file and proxy:             owtf.py -m r:/home/me/owtf_resources.cfg -x 127.0.0.1:8080 http://my.website.com

Run using TOR network:                    owtf.py -o OWTF-WVS-001 http://my.website.com --tor 127.0.0.1:9050:9051:password:1

Run Botnet-mode using miner:                    owtf.py -o OWTF-WVS-001 http://my.website.com -b miner

Run Botnet-mode using custom proxy list:                  owtf.py -o OWTF-WVS-001 http://my.website.com -b list:proxy_list_path.txt

ERROR: Invalid Plugin Type 'active' for Plugin Group 'None'. Valid Types: 

[DePierre]

This is a side effect of my fix e301f7b (#375).

I changed the default PluginGroup from web to None in order to test later if the target(s) were IPs or URLs AND no plugin group was specified.
Because of that, the CLI test made in owtf.py became obsolete (sorry did not see it before).

IMO, the PluginGroup test should be post-pone later and not in owtf.py. It could be done here:

owtf/framework/config/config.py

Line 151 in e301f7b

self.cli_options = deepcopy(options)

Thought on that @dscarson @tunnelshade ?

[DePierre]

I really think that the CLI options processing should be moved to framework.config.config in order to have the database available as well as the targets. What do you think?

[7a]

Desired behaviour:
slides 19,22 - http://www.slideshare.net/abrahamaranguren/introducing-owasp-owtf-workshop-brucon-2012

After GSoC 2013, the behaviour was:

owtf.py ip => network scan + web scan IF some port "speaks http"
owtf.py host_name => as above
owtf.py url => web scan ONLY, no network scan

That is also what most people would expect and pretty much the most simple possible way to start a scan imho.

[viyatb]

So following behaviour should also be in the latest version:

• owtf.py ip => network scan + web scan IF some port "speaks http"
• owtf.py host_name => as above
• owtf.py url => web scan ONLY, no network scan

[viyatb]

But the following command works (explicitly specifying the plugin group):
./owtf.py -g web -t active http://127.0.0.1 <-- -g web

[arunk-s]

@delta24 @DePierre @7a I'm interested on working on this issue. Can anyone explain what changes are needed ?

[viyatb]

@DePierre @7a should I set the default group to "web" instead of None ?