def test_jboss_scan_fail(mock_args):
responses.add(**MockResponses.jboss_fp)
responses.add(**MockResponses.jboss_auth_fail)
reset_handlers()
args = core.parse_args()
core.init_logging(args['args'].verbose, args['args'].debug, args['args'].log)
config = core.Config(args['args'], args['parser'])
creds = core.load_creds(config)
se = ScanEngine(creds, config)
se._build_targets()
se.fingerprint_targets()
print(se.scanners.qsize())
scanners = list()
while se.scanners.qsize() > 0:
s = se.scanners.get()
print(s.cred['name'])
print(s.target)
print(s.username)
print(s.password)
scanners.append(s)
print("num scanners: %i" % len(scanners))
assert len(scanners) == 2
# put scanners back in queue
for s in scanners:
se.scanners.put(s)
se._scan(se.scanners, se.found_q)
assert se.found_q.qsize() == 0
def test_tomcat_match_nmap(mock_args):
responses.add(**MockResponses.tomcat_fp)
reset_handlers()
args = core.parse_args()
core.init_logging(args['args'].verbose, args['args'].debug,
args['args'].log)
config = core.Config(args['args'], args['parser'])
creds = core.load_creds(config)
s = ScanEngine(creds, config)
s._build_targets()
s.fingerprint_targets(s.fingerprints, s.scanners)
# Queue is not serializeable so we can't copy it using deepcopy
scanners = list()
while not s.scanners.empty():
scanner = s.scanners.get()
assert scanner.url == 'http://127.0.0.1:8080/manager/html' or scanner.url == 'http://127.0.0.1:8080/tomcat/manager/html'
scanners.append(scanner)
assert len(scanners) == 34
for scanner in scanners:
s.scanners.put(scanner)
responses.reset()
responses.add(**MockResponses.tomcat_auth)
s._scan(s.scanners, s.found_q)
assert s.found_q.qsize() == 17
def test_tomcat_match_nmap(mock_args):
def tomcat_callback(request):
if request.headers.get('Authorization', False):
return (200, MockResponses.tomcat_auth['adding_headers'],
MockResponses.tomcat_auth['body'])
else:
return (401, MockResponses.tomcat_fp['adding_headers'], '')
responses.add_callback(
responses.GET,
MockResponses.tomcat_fp['url'],
callback=tomcat_callback,
)
reset_handlers()
try:
os.remove(core.PERSISTENT_QUEUE)
except OSError:
pass
args = core.parse_args()
core.init_logging(args['args'].verbose, args['args'].debug,
args['args'].log)
config = core.Config(args['args'], args['parser'])
creds = core.load_creds(config)
s = ScanEngine(creds, config)
s._build_targets()
s._add_terminators(s.fingerprints)
print(("fp: %i" % s.fingerprints.qsize()))
s.fingerprint_targets()
# Queue is not serializeable so we can't copy it using deepcopy
scanners = list()
print(("scanners: %s" % s.scanners.qsize()))
t1 = Target(host='127.0.0.1',
port=8080,
protocol='http',
url='/manager/html')
t2 = Target(host='127.0.0.1',
port=8080,
protocol='http',
url='/tomcat/manager/html')
while s.scanners.qsize() > 0:
scanner = s.scanners.get()
assert scanner.target == t1 or scanner.target == t2
scanners.append(scanner)
# Load the scanners back into the queue
for scanner in scanners:
s.scanners.put(scanner)
assert s.scanners.qsize() == 34
s._add_terminators(s.scanners)
responses.reset()
responses.add(**MockResponses.tomcat_auth)
s._scan(s.scanners, s.found_q)
assert s.found_q.qsize() == 17
def test_jboss_scan_fail(mock_args):
responses.add(**MockResponses.jboss_fp)
responses.add(**MockResponses.jboss_auth_fail)
reset_handlers()
args = core.parse_args()
core.init_logging(args['args'].verbose, args['args'].debug, args['args'].log)
config = core.Config(args['args'], args['parser'])
creds = core.load_creds(config)
se = ScanEngine(creds, config)
se._build_targets()
se.fingerprint_targets(se.fingerprints, se.scanners)
print(se.scanners.qsize())
assert se.scanners.qsize() == 2
se._scan(se.scanners, se.found_q)
assert se.found_q.qsize() == 0