def test_save_load_misc_settings(self):
# Save the settings
commands_to_run = ['misc-settings set msf_location /etc/',
'profiles save_as unittest',
'exit']
expected = ('Profile saved.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
self._assert_exists('unittest')
# Clean the mocked stdout
self._mock_stdout.clear()
# Load the settings
commands_to_run = ['profiles',
'use unittest',
'back',
'misc-settings view',
'exit']
expected = ('/etc/',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
class TestProfilesConsoleUI(ConsoleTestHelper):
'''
Load profiles from the console UI.
'''
def test_load_profile_exists(self):
commands_to_run = ['profiles', 'help', 'use OWASP_TOP10', 'exit']
expected = (
'The plugins configured by the scan profile have been enabled',
'Please set the target URL', ' | Use a profile.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_not_exists(self):
commands_to_run = ['profiles', 'help', 'use do_not_exist', 'exit']
expected = ('Unknown profile name: "do_not_exist"', )
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
class TestAcceptDisclaimer(unittest.TestCase):
def setUp(self):
self.console_ui = ConsoleUI(do_upd=False)
class dummy_true(Mock):
accepted_disclaimer = True
class dummy_false(Mock):
accepted_disclaimer = False
@patch('core.ui.console.console_ui.StartUpConfig',
new_callable=dummy_false)
@patch('__builtin__.raw_input', return_value='')
def test_not_saved_not_accepted(self, mocked_startup_cfg, mocked_input):
self.assertFalse(self.console_ui.accept_disclaimer())
@patch('core.ui.console.console_ui.StartUpConfig',
new_callable=dummy_false)
@patch('__builtin__.raw_input', return_value='y')
def test_not_saved_accepted(self, mocked_startup_cfg, mocked_input):
self.assertTrue(self.console_ui.accept_disclaimer())
@patch('core.ui.console.console_ui.StartUpConfig', new_callable=dummy_true)
def test_saved(self, mocked_startup_cfg):
self.assertTrue(self.console_ui.accept_disclaimer())
class TestProfilesConsoleUI(ConsoleTestHelper):
"""
Load profiles from the console UI.
"""
def test_load_profile_exists(self):
commands_to_run = ["profiles", "help", "use OWASP_TOP10", "exit"]
expected = (
"The plugins configured by the scan profile have been enabled",
"Please set the target URL",
" | Use a profile.",
)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_not_exists(self):
commands_to_run = ["profiles", "help", "use do_not_exist", "exit"]
expected = ('Unknown profile name: "do_not_exist"',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_SQL_scan(self):
target = 'http://moth/w3af/audit/sql_injection/select/sql_injection_string.php'
qs = '?name=andres'
commands_to_run = [
'plugins', 'output console,text_file', 'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back', 'output config console',
'set verbose False', 'back', 'audit sqli', 'crawl web_spider',
'crawl config web_spider', 'set only_forward True', 'back',
'grep path_disclosure', 'back', 'target',
'set target %s%s' % (target, qs), 'back', 'start', 'exit'
]
expected = ('SQL injection in ',
'A SQL error was found in the response supplied by ',
'New URL found by web_spider plugin: "%s"' % target)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(
['No such file or directory', 'Exception'])
self.assertFalse(found_errors)
def test_menu_browse_target(self):
commands_to_run = ['target', 'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:target>>> ')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_not_exists(self):
commands_to_run = ['profiles', 'help', 'use do_not_exist', 'exit']
expected = ('Unknown profile name: "do_not_exist"', )
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_exists(self):
commands_to_run = ['profiles', 'help', 'use OWASP_TOP10', 'exit']
expected = (
'The plugins configured by the scan profile have been enabled',
'Please set the target URL', ' | Use a profile.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_set_option_auto_save(self):
commands_to_run = ['target set target http://moth/',
'target view',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('| target ',
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_set_option_invalid_case01(self):
# Invalid port
commands_to_run = ['target', 'set target http://moth:301801/', 'view',
'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('Invalid URL configured by user,',
# Because nothing was really saved and the
# config is empty, this will succeed
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_plugin_desc(self):
commands_to_run = [
'plugins', 'infrastructure desc zone_h', 'back', 'exit'
]
expected = ('This plugin searches the zone-h.org',
'result. The information stored in',
'previous defacements to the target website.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_two_scans(self):
target_1 = 'http://moth/w3af/audit/sql_injection/select/sql_injection_string.php'
qs_1 = '?name=andres'
scan_commands_1 = [
'plugins', 'output console,text_file', 'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back', 'output config console',
'set verbose False', 'back', 'audit sqli', 'crawl web_spider',
'crawl config web_spider', 'set only_forward True', 'back',
'grep path_disclosure', 'back', 'target',
'set target %s%s' % (target_1, qs_1), 'back', 'start'
]
expected_1 = ('SQL injection in ',
'A SQL error was found in the response supplied by ',
'New URL found by web_spider plugin: "%s"' % target_1)
target_2 = 'http://moth/w3af/audit/xss/simple_xss.php'
qs_2 = '?text=1'
scan_commands_2 = [
'plugins', 'output console,text_file', 'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back', 'output config console',
'set verbose False', 'back', 'audit xss', 'crawl web_spider',
'crawl config web_spider', 'set only_forward True', 'back',
'grep path_disclosure', 'back', 'target',
'set target %s%s' % (target_2, qs_2), 'back', 'start', 'exit'
]
expected_2 = ('A Cross Site Scripting vulnerability was found at',
'New URL found by web_spider plugin: "%s"' % target_2)
scan_commands = scan_commands_1 + scan_commands_2
self.console = ConsoleUI(commands=scan_commands, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected_1)
self.assertTrue(assert_result, msg)
assert_result, msg = self.startswith_expected_in_output(expected_2)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(
['No such file or directory', 'Exception'])
self.assertFalse(found_errors)
def test_save_as_profile(self):
commands_to_run = ['profiles',
'use OWASP_TOP10',
'save_as unittest',
'exit']
expected = ('Profile saved.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
self._assert_exists('unittest')
def test_menu_set_option_case01(self):
commands_to_run = ['target', 'set target http://moth/', 'view',
'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:target>>> ',
'The configuration has been saved.\r\n')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
expected_start_with = ('| http://moth/',)
assert_result, msg = self.all_expected_substring_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_OS_commanding_exploit(self):
target = "http://moth/w3af/audit/os_commanding/simple_osc.php"
qs = "?cmd=foobar"
commands_to_run = [
"plugins",
"audit os_commanding",
"back",
"target",
"set target %s%s" % (target, qs),
"back",
"start",
"exploit",
"exploit os_commanding",
"interact 0",
"execute ls",
"execute w",
"read /etc/passwd",
# Testing the quote delimiter for strings
'read "/var/www/moth/w3af/crawl/web_spider/follow_links/a b.html"',
"help",
"lsp",
"payload tcp",
"payload list_processes",
"payload list_processes 20",
"exit", # from shell
"exit", # from w3af
]
expected = ( # start
'OS Commanding was found at: "%s' % target,
# exploit
"Vulnerability successfully exploited. Generated shell object",
"Please use the interact command to interact with the shell objects.",
# read /etc/passwd
"root:x:0:0:root:/root:/bin/bash",
"daemon:x:1:1:daemon:/usr/sbin:/bin/sh",
# read "...a b.html"
"non-zero.",
# help
"",
# lsp
"apache_config_directory",
"kernel_version",
# payload tcp
"| Id | Local Address | Remote Address",
# payload list_processes
"Usage: list_processes <max_pid>",
# payload list_processes 20
"| 1 | init | S (sleeping) | /sbin/init",
)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(["No such file or directory", "Exception"])
self.assertFalse(found_errors)
def test_menu_browse_target(self):
commands_to_run = ['target', 'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:target>>> ')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_kb_add_with_errors(self):
commands_to_run = [
'kb',
'add',
'add foobar',
'add foo bar',
'back',
'exit',
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/kb>>> ', 'Parameter "type" is missing,',
'Type foobar is unknown',
'Only one parameter is accepted,')
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_not_exists(self):
commands_to_run = ["profiles", "help", "use do_not_exist", "exit"]
expected = ('Unknown profile name: "do_not_exist"',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_kb_add_back_without_config(self):
commands_to_run = [
'kb',
'add',
'add os_commanding',
'back',
'exit',
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = (
'w3af>>> ',
'w3af/kb>>> ',
'This vulnerability requires data to be configured.',
)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_set_option_auto_save(self):
commands_to_run = ['target set target http://moth/',
'target view',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('| target ',
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_kb_add(self):
commands_to_run = [
'kb',
'add dav',
'set url http://target.com/',
'back',
'list vulns',
'back',
'exit',
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = (
'w3af>>> ', 'w3af/kb>>> ', 'w3af/kb/config:dav>>> ',
'Stored "DAV Misconfiguration" in the knowledge base.',
'| DAV | This vulnerability was added to the knowledge'
)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_exists(self):
commands_to_run = ["profiles", "help", "use OWASP_TOP10", "exit"]
expected = (
"The plugins configured by the scan profile have been enabled",
"Please set the target URL",
" | Use a profile.",
)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_set_option_invalid_case01(self):
# Invalid port
commands_to_run = ['target', 'set target http://moth:301801/', 'view',
'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('Invalid URL configured by user,',
# Because nothing was really saved and the
# config is empty, this will succeed
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
class TestAcceptDisclaimer(unittest.TestCase):
def setUp(self):
self.console_ui = ConsoleUI(do_upd=False)
class dummy_true(Mock):
accepted_disclaimer = True
class dummy_false(Mock):
accepted_disclaimer = False
@patch('core.ui.console.console_ui.StartUpConfig', new_callable=dummy_false)
@patch('__builtin__.raw_input', return_value='')
def test_not_saved_not_accepted(self, mocked_startup_cfg, mocked_input):
self.assertFalse(self.console_ui.accept_disclaimer())
@patch('core.ui.console.console_ui.StartUpConfig', new_callable=dummy_false)
@patch('__builtin__.raw_input', return_value='y')
def test_not_saved_accepted(self, mocked_startup_cfg, mocked_input):
self.assertTrue(self.console_ui.accept_disclaimer())
@patch('core.ui.console.console_ui.StartUpConfig', new_callable=dummy_true)
def test_saved(self, mocked_startup_cfg):
self.assertTrue(self.console_ui.accept_disclaimer())
def test_menu_plugin_desc(self):
commands_to_run = ['plugins',
'infrastructure desc zone_h',
'back',
'exit']
expected = ('This plugin searches the zone-h.org',
'result. The information stored in',
'previous defacements to the target website.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_set_option_case01(self):
commands_to_run = ['target', 'set target http://moth/', 'save', 'view',
'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:target>>> ',
'The configuration has been saved.\r\n')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
expected_start_with = ('| http://moth/',)
assert_result, msg = self.all_expected_substring_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_load_profile_exists(self):
commands_to_run = ['profiles',
'help',
'use OWASP_TOP10',
'exit']
expected = (
'The plugins configured by the scan profile have been enabled',
'Please set the target URL',
' | Use a profile.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_kb_add_back_without_config(self):
commands_to_run = ['kb',
'add',
'add os_commanding',
'back',
'exit',]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ',
'w3af/kb>>> ',
'This vulnerability requires data to be configured.',
)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_kb_add_with_errors(self):
commands_to_run = ['kb',
'add',
'add foobar',
'add foo bar',
'back',
'exit',]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ',
'w3af/kb>>> ',
'Parameter "type" is missing,',
'Type foobar is unknown',
'Only one parameter is accepted,')
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_kb_add(self):
commands_to_run = ['kb',
'add dav',
'set url http://target.com/',
'back',
'list vulns',
'back',
'exit',]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ',
'w3af/kb>>> ',
'w3af/kb/config:dav>>> ',
'Stored "DAV Misconfiguration" in the knowledge base.',
'| DAV | This vulnerability was added to the knowledge')
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_SQL_scan(self):
target = 'http://moth/w3af/audit/sql_injection/select/sql_injection_string.php'
qs = '?name=andres'
commands_to_run = ['plugins',
'output console,text_file',
'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back',
'output config console',
'set verbose False', 'back',
'audit sqli',
'crawl web_spider',
'crawl config web_spider',
'set only_forward True', 'back',
'grep path_disclosure',
'back',
'target',
'set target %s%s' % (target, qs), 'back',
'start',
'exit']
expected = ('SQL injection in ',
'A SQL error was found in the response supplied by ',
'New URL found by web_spider plugin: "%s"' % target)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(['No such file or directory',
'Exception'])
self.assertFalse(found_errors)
def test_two_scans(self):
target_1 = 'http://moth/w3af/audit/sql_injection/select/sql_injection_string.php'
qs_1 = '?name=andres'
scan_commands_1 = ['plugins',
'output console,text_file',
'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back',
'output config console',
'set verbose False', 'back',
'audit sqli',
'crawl web_spider',
'crawl config web_spider',
'set only_forward True', 'back',
'grep path_disclosure',
'back',
'target',
'set target %s%s' % (target_1, qs_1), 'back',
'start']
expected_1 = ('SQL injection in ',
'A SQL error was found in the response supplied by ',
'New URL found by web_spider plugin: "%s"' % target_1)
target_2 = 'http://moth/w3af/audit/xss/simple_xss.php'
qs_2 = '?text=1'
scan_commands_2 = ['plugins',
'output console,text_file',
'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back',
'output config console',
'set verbose False', 'back',
'audit xss',
'crawl web_spider',
'crawl config web_spider',
'set only_forward True', 'back',
'grep path_disclosure',
'back',
'target',
'set target %s%s' % (target_2, qs_2), 'back',
'start',
'exit']
expected_2 = ('A Cross Site Scripting vulnerability was found at',
'New URL found by web_spider plugin: "%s"' % target_2)
scan_commands = scan_commands_1 + scan_commands_2
self.console = ConsoleUI(commands=scan_commands, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected_1)
self.assertTrue(assert_result, msg)
assert_result, msg = self.startswith_expected_in_output(expected_2)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(['No such file or directory',
'Exception'])
self.assertFalse(found_errors)
class TestKBAdd(ConsoleTestHelper):
'''
Basic test for the console UI.
'''
def test_kb_add(self):
commands_to_run = ['kb',
'add dav',
'set url http://target.com/',
'back',
'list vulns',
'back',
'exit',]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ',
'w3af/kb>>> ',
'w3af/kb/config:dav>>> ',
'Stored "DAV Misconfiguration" in the knowledge base.',
'| DAV | This vulnerability was added to the knowledge')
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_kb_add_with_errors(self):
commands_to_run = ['kb',
'add',
'add foobar',
'add foo bar',
'back',
'exit',]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ',
'w3af/kb>>> ',
'Parameter "type" is missing,',
'Type foobar is unknown',
'Only one parameter is accepted,')
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_kb_add_back_without_config(self):
commands_to_run = ['kb',
'add',
'add os_commanding',
'back',
'exit',]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ',
'w3af/kb>>> ',
'This vulnerability requires data to be configured.',
)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
class TestBasicConsoleUI(ConsoleTestHelper):
'''
Basic test for the console UI.
'''
def test_menu_browse_misc(self):
commands_to_run = ['misc-settings', 'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:misc-settings>>> ')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_browse_http(self):
commands_to_run = ['http-settings', 'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:http-settings>>> ')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_browse_target(self):
commands_to_run = ['target', 'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:target>>> ')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_plugin_desc(self):
commands_to_run = [
'plugins', 'infrastructure desc zone_h', 'back', 'exit'
]
expected = ('This plugin searches the zone-h.org',
'result. The information stored in',
'previous defacements to the target website.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_set_option_case01(self):
commands_to_run = [
'target', 'set target http://moth/', 'save', 'view', 'back', 'exit'
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:target>>> ',
'The configuration has been saved.\r\n')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
expected_start_with = ('| http://moth/', )
assert_result, msg = self.all_expected_substring_in_output(
expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_set_option_manual_save(self):
commands_to_run = [
'target set target http://moth/', 'target view', 'target save',
'exit'
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('| target ',
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(
expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_set_option_auto_save(self):
commands_to_run = [
'target set target http://moth/', 'target view', 'exit'
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('| target ',
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(
expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_set_option_invalid_case01(self):
# Invalid port
commands_to_run = [
'target', 'set target http://moth:301801/', 'view', 'back', 'exit'
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = (
'Invalid URL configured by user,',
# Because nothing was really saved and the
# config is empty, this will succeed
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(
expected_start_with)
self.assertTrue(assert_result, msg)
def test_OS_commanding_exploit(self):
target = 'http://moth/w3af/audit/os_commanding/simple_osc.php'
qs = '?cmd=foobar'
commands_to_run = [
'plugins',
'audit os_commanding',
'back',
'target',
'set target %s%s' % (target, qs),
'back',
'start',
'exploit',
'exploit os_commanding',
'interact 0',
'execute ls',
'execute w',
'read /etc/passwd',
# Testing the quote delimiter for strings
'read "/var/www/moth/w3af/crawl/web_spider/follow_links/a b.html"',
'help',
'lsp',
'payload tcp',
'payload list_processes',
'payload list_processes 20',
'exit', # from shell
'exit', # from w3af
]
expected = ( # start
'OS Commanding was found at: "%s' % target,
# exploit
'Vulnerability successfully exploited. Generated shell object',
'Please use the interact command to interact with the shell objects.',
# read /etc/passwd
'root:x:0:0:root:/root:/bin/bash',
'daemon:x:1:1:daemon:/usr/sbin:/bin/sh',
# read "...a b.html"
'non-zero.',
# help
'',
#lsp
'apache_config_directory',
'kernel_version',
# payload tcp
'| Id | Local Address | Remote Address',
# payload list_processes
'Usage: list_processes <max_pid>',
# payload list_processes 20
'| 1 | init | S (sleeping) | /sbin/init',
)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(
['No such file or directory', 'Exception'])
self.assertFalse(found_errors)
class TestProfilesConsoleUI(ConsoleTestHelper):
'''
Load profiles from the console UI.
'''
def setUp(self):
super(TestProfilesConsoleUI, self).setUp()
self._remove_if_exists('unittest')
def tearDown(self):
super(TestProfilesConsoleUI, self).tearDown()
self._remove_if_exists('unittest')
def _remove_if_exists(self, profile_name):
try:
profile_inst = profile(profile_name)
profile_inst.remove()
except:
pass
def _assert_exists(self, profile_name):
try:
profile(profile_name)
except:
assert False, 'The %s profile does NOT exist!' % profile_name
def test_load_profile_exists(self):
commands_to_run = ['profiles',
'help',
'use OWASP_TOP10',
'exit']
expected = (
'The plugins configured by the scan profile have been enabled',
'Please set the target URL',
' | Use a profile.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_not_exists(self):
commands_to_run = ['profiles',
'help',
'use do_not_exist',
'exit']
expected = ('Unknown profile name: "do_not_exist"',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_save_as_profile(self):
commands_to_run = ['profiles',
'use OWASP_TOP10',
'save_as unittest',
'exit']
expected = ('Profile saved.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
self._assert_exists('unittest')
def test_save_load_misc_settings(self):
# Save the settings
commands_to_run = ['misc-settings set msf_location /etc/',
'profiles save_as unittest',
'exit']
expected = ('Profile saved.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
self._assert_exists('unittest')
# Clean the mocked stdout
self._mock_stdout.clear()
# Load the settings
commands_to_run = ['profiles',
'use unittest',
'back',
'misc-settings view',
'exit']
expected = ('/etc/',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_buggy_scan(self):
target = 'http://moth/w3af/crawl/web_spider/follow_links/1.html'
commands_to_run = ['plugins',
'output console',
'crawl failing_spider',
'crawl config failing_spider',
'set only_forward true',
'back',
'grep path_disclosure',
'back',
'target',
'set target %s' % (target),
'back',
'start',
'bug-report',
'summary',
'report',
'exit']
expected = ('During the current scan (with id: ',
'An exception was found while running crawl.failing_spider on ',
'New URL found by failing_spider plugin: ',
' [1/1] Bug with id 0 reported at https://github.com/andresriancho/w3af/issues/')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
caught_exceptions = self.console._w3af.exception_handler.get_all_exceptions()
self.assertEqual(len(caught_exceptions), 1)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(['No such file or directory',
'Exception'])
self.assertFalse(found_errors)
# Clear the exceptions, we don't need them anymore.
self.console._w3af.exception_handler.clear()
# Close issue from github
issue_id_re = re.compile('https://github.com/andresriancho/w3af/issues/(\d*)')
for line in self._mock_stdout.messages:
mo = issue_id_re.search(line)
if mo is not None:
issue_id = mo.group(1)
gh = Github(OAUTH_TOKEN)
repo = gh.get_user('andresriancho').get_repo('w3af')
issue = repo.get_issue(int(issue_id))
issue.edit(state='closed')
break
else:
self.assertTrue(False, 'Did NOT close test ticket.')
class TestBasicConsoleUI(ConsoleTestHelper):
'''
Basic test for the console UI.
'''
def test_menu_browse_misc(self):
commands_to_run = ['misc-settings', 'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:misc-settings>>> ')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_browse_http(self):
commands_to_run = ['http-settings', 'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:http-settings>>> ')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_browse_target(self):
commands_to_run = ['target', 'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:target>>> ')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_plugin_desc(self):
commands_to_run = ['plugins',
'infrastructure desc zone_h',
'back',
'exit']
expected = ('This plugin searches the zone-h.org',
'result. The information stored in',
'previous defacements to the target website.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_set_option_case01(self):
commands_to_run = ['target', 'set target http://moth/', 'save', 'view',
'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:target>>> ',
'The configuration has been saved.\r\n')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
expected_start_with = ('| http://moth/',)
assert_result, msg = self.all_expected_substring_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_set_option_manual_save(self):
commands_to_run = ['target set target http://moth/',
'target view',
'target save',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('| target ',
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_set_option_auto_save(self):
commands_to_run = ['target set target http://moth/',
'target view',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('| target ',
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_set_option_invalid_case01(self):
# Invalid port
commands_to_run = ['target', 'set target http://moth:301801/', 'view',
'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('Invalid URL configured by user,',
# Because nothing was really saved and the
# config is empty, this will succeed
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def setUp(self):
self.console_ui = ConsoleUI(do_upd=False)
class TestKBAdd(ConsoleTestHelper):
'''
Basic test for the console UI.
'''
def test_kb_add(self):
commands_to_run = [
'kb',
'add dav',
'set url http://target.com/',
'back',
'list vulns',
'back',
'exit',
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = (
'w3af>>> ', 'w3af/kb>>> ', 'w3af/kb/config:dav>>> ',
'Stored "DAV Misconfiguration" in the knowledge base.',
'| DAV | This vulnerability was added to the knowledge'
)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_kb_add_with_errors(self):
commands_to_run = [
'kb',
'add',
'add foobar',
'add foo bar',
'back',
'exit',
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/kb>>> ', 'Parameter "type" is missing,',
'Type foobar is unknown',
'Only one parameter is accepted,')
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_kb_add_back_without_config(self):
commands_to_run = [
'kb',
'add',
'add os_commanding',
'back',
'exit',
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = (
'w3af>>> ',
'w3af/kb>>> ',
'This vulnerability requires data to be configured.',
)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def setUp(self):
self.console_ui = ConsoleUI(do_upd=False)
class TestConsoleBugReport(ConsoleTestHelper):
'''
Run a scan from the console UI (which fails with a bug) and report it to
a github issue.
'''
def setUp(self):
'''
This is a rather complex setUp since I need to move the failing_spider.py
plugin to the plugin directory in order to be able to run it afterwards.
In the tearDown method, I'll remove the file.
'''
self.src = os.path.join('plugins', 'tests', 'crawl',
'failing_spider.py')
self.dst = os.path.join('plugins', 'crawl', 'failing_spider.py')
shutil.copy(self.src, self.dst)
super(TestConsoleBugReport, self).setUp()
def tearDown(self):
if os.path.exists(self.dst):
os.remove(self.dst)
# pyc file
if os.path.exists(self.dst + 'c'):
os.remove(self.dst + 'c')
super(TestConsoleBugReport, self).tearDown()
def test_buggy_scan(self):
target = 'http://moth/w3af/crawl/web_spider/follow_links/1.html'
commands_to_run = ['plugins',
'output console',
'crawl failing_spider',
'crawl config failing_spider',
'set only_forward true',
'back',
'grep path_disclosure',
'back',
'target',
'set target %s' % (target),
'back',
'start',
'bug-report',
'summary',
'report',
'exit']
expected = ('During the current scan (with id: ',
'An exception was found while running crawl.failing_spider on ',
'New URL found by failing_spider plugin: ',
' [1/1] Bug with id 0 reported at https://github.com/andresriancho/w3af/issues/')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
caught_exceptions = self.console._w3af.exception_handler.get_all_exceptions()
self.assertEqual(len(caught_exceptions), 1)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(['No such file or directory',
'Exception'])
self.assertFalse(found_errors)
# Clear the exceptions, we don't need them anymore.
self.console._w3af.exception_handler.clear()
# Close issue from github
issue_id_re = re.compile('https://github.com/andresriancho/w3af/issues/(\d*)')
for line in self._mock_stdout.messages:
mo = issue_id_re.search(line)
if mo is not None:
issue_id = mo.group(1)
gh = Github(OAUTH_TOKEN)
repo = gh.get_user('andresriancho').get_repo('w3af')
issue = repo.get_issue(int(issue_id))
issue.edit(state='closed')
break
else:
self.assertTrue(False, 'Did NOT close test ticket.')
