def setUp(self):
super(TaskMapperTest, self).setUp()
self.executor = Mock()
self.exploits = OrderedDict({
'test': [
Exploit(exploit_id=1, name='test_1'),
Exploit(exploit_id=2, name='test_2')
]
})
self.exploits.update(test2=[Exploit(exploit_id=3)])
self.executor.exploits.find_all_matching.return_value = self.exploits
self.context = ScanContext(aucote=self.executor,
scanner=MagicMock(scan=Scan()))
self.task_mapper = TaskMapper(context=self.context)
self.cfg = {
'portdetection': {
'_internal': {
'categories': ['other', 'brute']
}
},
'tools': {
'test': {
'enable': True
},
'test2': {
'enable': True
}
}
}
def setUp(self):
super(NmapToolTest, self).setUp()
self.exploit = Exploit(exploit_id=1,
name='test_name',
risk_level=RiskLevel.NONE)
self.exploit2 = Exploit(exploit_id=2,
name='test_name',
risk_level=RiskLevel.HIGH)
self.exploit_conf_args = Exploit(exploit_id=3)
self.exploit_conf_args.name = 'test_name2'
self.exploit_conf_args.risk_level = RiskLevel.HIGH
self.config = {
'scripts': {
'test_name': {
'args': 'test_args'
},
'test_name2': {
'args': MagicMock()
}
}
}
self.cfg = {
'tools': {
'nmap': {
'disable_scripts': [],
},
'common': {
'rate': 1337,
'http': {
'useragent': 'test_useragent'
}
}
},
'config_filename': ''
}
self.exploits = [self.exploit, self.exploit2]
self.port = Port(number=13,
transport_protocol=TransportProtocol.TCP,
node=Node(node_id=1,
ip=ipaddress.ip_address('127.0.0.1')))
self.port.scan = Scan(start=14, end=13)
self.port.protocol = 'test_service'
self.aucote = MagicMock(storage=Storage(":memory:"))
self.context = ScanContext(aucote=self.aucote,
scanner=MagicMock(scan=Scan()))
self.nmap_tool = NmapTool(context=self.context,
exploits=self.exploits,
port=self.port,
config=self.config)
def setUp(self):
"""
Prepare some internal variables:
exploit, port, exploits, script, vulnerability, scan_task
"""
super(NmapPortScanTaskTest, self).setUp()
self.aucote = MagicMock()
self.exploit = Exploit(exploit_id=1, app='nmap', name='test')
self.exploit_vuln_non_exist = Exploit(exploit_id=2,
app='nmap',
name='test2')
self.exploits = Exploits()
self.exploits.add(self.exploit)
self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=None)
self.node_ipv6 = Node(ip=ipaddress.ip_address('::1'), node_id=None)
self.port = Port(number=22,
node=self.node,
transport_protocol=TransportProtocol.TCP)
self.port.service_name = 'ssh'
self.port.scan = Scan()
self.port_ipv6 = Port(number=22,
node=self.node_ipv6,
transport_protocol=TransportProtocol.TCP)
self.script = NmapScript(port=self.port,
parser=NmapParser(),
exploit=self.exploit,
name='test',
args='test_args')
self.script.get_result = MagicMock(return_value='test')
self.script2 = NmapScript(port=self.port,
parser=NmapInfoParser(),
exploit=self.exploit_vuln_non_exist,
name='test2')
self.context = ScanContext(aucote=self.aucote,
scanner=MagicMock(scan=Scan()))
self.scan_task = NmapPortScanTask(
context=self.context,
port=self.port,
script_classes=[self.script, self.script2],
rate=1337)
self.scan_task.store_scan_end = MagicMock()
future = Future()
future.set_result(ElementTree.fromstring(self.XML))
self.scan_task.command.async_call = MagicMock(return_value=future)
self.cfg = {'tools': {'nmap': {'scripts_dir': '', 'timeout': 0}}}
def __init__(self, exploit=None, port=None, output: Optional[str] = '', cve=None, cvss=None, subid=0, vuln_time=None,
rowid=None, scan=None, context=None, expiration_time=None):
"""
Init values
Args:
exploit(Exploit): Exploit used to detect vulnerability
port(Port): Vulnerable port
output(str): string or stringable output
"""
self._time_ms = None
self._expiration_time_ms = None
self.output = str(output) if output is not None else ''
self.exploit = exploit if exploit is not None else Exploit(exploit_id=0)
self.port = port
self._cve = cve
self._cvss = cvss
self.subid = subid
self.time = vuln_time or time.time()
self.rowid = rowid
self.scan = scan
self.context = context
self.expiration_time = expiration_time
def setUp(self):
super(HydraToolTest, self).setUp()
self.exploit = Exploit(exploit_id=1,
name='hydra',
app='hydra',
risk_level=RiskLevel.NONE)
self.exploit2 = Exploit(exploit_id=2,
name='hydra',
app='hydra',
risk_level=RiskLevel.HIGH)
self.config = {
'services': ['ssh', 'vnc'],
'mapper': {
'test': 'ssh'
},
'without-login': '******'
}
self.exploits = [self.exploit, self.exploit2]
self.node = Node(node_id=1, ip=ipaddress.ip_address('127.0.0.1'))
self.port = Port(number=12,
transport_protocol=TransportProtocol.TCP,
node=self.node)
self.port.protocol = 'test'
self.port.scan = Scan(start=14)
self.port_no_login = Port(number=12,
transport_protocol=TransportProtocol.TCP,
node=self.node)
self.port_no_login.protocol = 'vnc'
self.port_no_login.scan = Scan(start=14)
self.aucote = MagicMock()
self.context = ScanContext(aucote=self.aucote,
scanner=MagicMock(scan=Scan()))
self.hydra_tool = HydraTool(context=self.context,
exploits=self.exploits,
port=self.port,
config=self.config)
self.hydra_tool_without_login = HydraTool(context=self.context,
exploits=self.exploits,
port=self.port_no_login,
config=self.config)
def test_diff_two_last_scans(self, serializer):
exploit = Exploit(exploit_id=1)
self.port_info._current_exploits = [self.exploit]
scan_2 = Scan()
scans = [self.context.scanner.scan, scan_2]
self.port_info.storage.get_scans_by_security_scan.return_value = scans
vuln_added = Vulnerability(port=self.port,
exploit=exploit,
subid=3,
output='a')
vuln_removed = Vulnerability(port=self.port,
exploit=exploit,
subid=1,
output='b')
vuln_changed_1 = Vulnerability(port=self.port,
exploit=exploit,
subid=2,
output='c')
vuln_changed_2 = Vulnerability(port=self.port,
exploit=exploit,
subid=2,
output='d')
vuln_common = Vulnerability(port=self.port,
exploit=exploit,
subid=5,
output='e')
self.port_info.storage.get_vulnerabilities.side_effect = ([
vuln_added, vuln_changed_1, vuln_common
], [vuln_removed, vuln_changed_2, vuln_common])
expected = [
VulnerabilityChange(change_time=12,
previous_finding=None,
current_finding=vuln_added),
VulnerabilityChange(change_time=12,
previous_finding=vuln_removed,
current_finding=None),
VulnerabilityChange(change_time=12,
previous_finding=vuln_changed_2,
current_finding=vuln_changed_1),
]
self.port_info.diff_with_last_scan()
self.port_info.storage.get_vulnerabilities.assert_has_calls(
(call(port=self.port,
exploit=self.exploit,
scan=self.context.scanner.scan),
call(port=self.port, exploit=self.exploit, scan=scan_2)),
any_order=True)
self.assertCountEqual(
self.port_info.storage.save_changes.call_args[0][0], expected)
serializer.assert_has_calls((call(vuln) for vuln in expected))
def test_store_scan(self):
port = Port(node=None,
number=80,
transport_protocol=TransportProtocol.UDP)
port.scan = Scan(end=25.0)
exploit = Exploit(exploit_id=5)
self.task.store_scan_end(exploits=[exploit], port=port)
self.task.aucote.storage.save_security_scans.assert_called_once_with(
exploits=[exploit], port=port, scan=self.context.scanner.scan)
def setUp(self):
exploit = Exploit(exploit_id=3)
port = Port(node=Node(node_id=2, ip=ipaddress.ip_address('127.0.0.1')),
transport_protocol=TransportProtocol.TCP,
number=16)
self.aucote = MagicMock()
self.context = ScanContext(aucote=self.aucote,
scanner=MagicMock(scan=Scan()))
self.task = SSLScriptTask(port=port,
exploits=[exploit],
context=self.context)
async def call(self, *args, **kwargs):
if not self.port:
raise PortNotSpecifiedException()
if Exploit(exploit_id=178) in self.exploits:
self.context.add_task(
SietTask(context=self.context,
port=self.port,
exploits=[
self.context.aucote.exploits.find(
'aucote-scripts', 'siet')
]))
def setUp(self):
super(WhatWebTaskTest, self).setUp()
self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
self.port = Port(node=self.node,
number=19,
transport_protocol=TransportProtocol.UDP)
self.port.protocol = 'http'
self.aucote = MagicMock()
self.exploit = Exploit(app='whatweb', name='whatweb', exploit_id=1)
self.context = ScanContext(aucote=self.aucote,
scanner=MagicMock(scan=Scan()))
self.task = WhatWebTask(port=self.port,
context=self.context,
exploits=[self.exploit])
def setUp(self):
super(WhatWebToolTest, self).setUp()
self.aucote = MagicMock()
self.exploit = Exploit(exploit_id=1)
self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
self.port = Port(node=self.node,
transport_protocol=TransportProtocol.UDP,
number=87)
self.config = MagicMock()
self.context = ScanContext(aucote=self.aucote,
scanner=MagicMock(scan=Scan()))
self.tool = WhatWebTool(context=self.context,
exploits=[self.exploit],
port=self.port,
config=self.config)
def __init__(self, scan_only=False, *args, **kwargs):
"""
Initiazlize variables.
Args:
port (Port):
*args:
**kwargs:
"""
super().__init__(exploits=[Exploit(exploit_id=0, name='portscan', app='portscan')], *args, **kwargs)
self.command = NmapBase()
self.scan_only = scan_only
self.scanner = self.context.scanner
def setUp(self):
super(SkipfishToolTest, self).setUp()
self.exploit = Exploit(exploit_id=1)
self.exploit.name = 'skipfish'
self.exploit.risk_level = RiskLevel.NONE
self.config = {}
self.exploits = [self.exploit]
self.port = Port(node=Node(node_id=1, ip=ipaddress.ip_address('127.0.0.1')), number=3,
transport_protocol=TransportProtocol.TCP)
self.port.scan = Scan(start=13, end=45)
self.aucote = MagicMock()
self.context = ScanContext(aucote=self.aucote, scanner=MagicMock(scan=Scan()))
self.skipfish_tool = SkipfishTool(context=self.context, exploits=self.exploits, port=self.port,
config=self.config)
def setUp(self):
super(SietTaskTest, self).setUp()
self.context = ScanContext(aucote=MagicMock(),
scanner=TCPScanner(MagicMock(), MagicMock(),
MagicMock(),
MagicMock()))
self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=14)
self.scan = Scan()
self.port = Port(node=self.node,
number=46,
transport_protocol=TransportProtocol.TCP,
scan=self.scan)
self.exploit = Exploit(exploit_id=15,
app='aucote-scripts',
name='siet')
self.task = SietTask(context=self.context,
port=self.port,
exploits=[self.exploit])
self.cfg = {'portdetection': {'expiration_period': '7d'}}
async def test_assign_task_for_node(self, cfg):
cfg._cfg = self.cfg
self.task_mapper._filter_exploits = MagicMock()
class_mock = self.EXECUTOR_CONFIG['apps']['test']['class']
self.task_mapper._aucote.exploits.find_by_apps = MagicMock()
mock_apps = self.task_mapper._aucote.exploits.find_by_apps
exploit = Exploit(exploit_id=3, name='test_3')
self.task_mapper._filter_exploits.return_value = [exploit]
mock_apps.return_value = {'test': [exploit]}
node = Node(1, ipaddress.ip_address('127.0.0.1'))
await self.task_mapper.assign_tasks_for_node(node)
class_mock.assert_called_once_with(
context=self.task_mapper.context,
exploits=[exploit],
node=node,
config=self.EXECUTOR_CONFIG['apps']['test'])
def setUp(self):
super(HydraScriptTaskTest, self).setUp()
self.aucote = MagicMock()
self.port = Port(node=Node(ip='127.0.0.1', node_id=None),
transport_protocol=TransportProtocol.TCP,
number=22)
self.port.service_name = 'ssh'
self.port.scan = Scan()
self.exploit = Exploit(exploit_id=1)
self.scan = Scan()
self.context = ScanContext(aucote=self.aucote,
scanner=MagicMock(scan=Scan()))
self.hydra_script_task = HydraScriptTask(
exploits=[self.exploit],
context=self.context,
port=self.port,
service=self.port.service_name)
self.hydra_script_task.store_scan_end = MagicMock()
self.hydra_script_task.aucote.exploits.find.return_value = self.exploit
def setUp(self):
super(NmapPortInfoTaskTest, self).setUp()
self.aucote = MagicMock()
self.aucote.task_mapper.assign_tasks = MagicMock(return_value=Future())
self.aucote.task_mapper.assign_tasks.return_value.set_result(
MagicMock())
self.exploit = Exploit(exploit_id=4)
self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
self.node.os = Service(name='os test name',
version='os test version',
cpe='cpe:2.3:o:vendor:product:-:*:*:*:*:*:*:*')
self.node_ipv6 = Node(ip=ipaddress.ip_address('::1'), node_id=None)
self.port = Port(number=22,
transport_protocol=TransportProtocol.TCP,
node=self.node)
self.port.scan = Scan()
self.port_ipv6 = Port(number=22,
node=self.node_ipv6,
transport_protocol=TransportProtocol.TCP)
self.scanner = Scanner(aucote=self.aucote)
self.scanner.NAME = 'tools'
self.context = ScanContext(aucote=self.aucote, scanner=self.scanner)
self.port_info = NmapPortInfoTask(context=self.context, port=self.port)
self.cfg = {
'portdetection': {
'tools': {
'scan_rate': 1337
},
'expiration_period': '7d'
},
'tools': {
'nmap': {
'scripts_dir': 'test'
}
},
}
def test_serialize_vulnchange(self, output):
output.return_value = 'test_output'
scan_1 = Scan(start=1178603, end=17, protocol=TransportProtocol.UDP, scanner='test_name')
scan_2 = Scan(start=187213, end=17, protocol=TransportProtocol.UDP, scanner='test_name')
node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
port = Port(node, transport_protocol=TransportProtocol.TCP, number=88)
exploit = Exploit(name="exploit_name", app="exploit_app", exploit_id=18)
previous_finding = Vulnerability(output="test_output_1", exploit=exploit, port=port, subid=13, vuln_time=13456)
previous_finding.scan = scan_1
previous_finding.row_id = 124
current_finding = Vulnerability(output="test_output_2", exploit=exploit, port=port, subid=13, vuln_time=6456345)
current_finding.row_id = 15
current_finding.scan = scan_2
change = VulnerabilityChange(current_finding=current_finding, change_time=124445,
previous_finding=previous_finding)
expected = bytearray(b'\x00\x64\xff\x9b\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01X\x00\x06\x12\x00'
b'\x00\x00\r\x00\x00\x00H\xe1j\x07\x00\x00\x00\x00\x01\x00\x00\x00\x00\x80R\xcd\x00\x00'
b'\x00\x00\x00\xa8\x01\xd4\x80\x01\x00\x00\x00\r\x00test_output_1\r\x00test_output_2\x15'
b'\x00Vulnerability changed')
result = self.serializer.serialize_vulnerability_change(change)._data
self.assertEqual(result, expected)
def test_diff_two_last_scans_first_scan(self, serializer):
exploit = Exploit(exploit_id=1)
self.port_info._current_exploits = [self.exploit]
scans = [self.context.scanner.scan]
self.port_info.storage.get_scans_by_security_scan.return_value = scans
vuln_added = Vulnerability(port=self.port,
exploit=exploit,
subid=3,
output='a')
vuln_changed_1 = Vulnerability(port=self.port,
exploit=exploit,
subid=2,
output='c')
self.port_info.storage.get_vulnerabilities.return_value = [
vuln_added, vuln_changed_1
]
expected = [
VulnerabilityChange(change_time=12,
previous_finding=None,
current_finding=vuln_added),
VulnerabilityChange(change_time=12,
previous_finding=None,
current_finding=vuln_changed_1)
]
self.port_info.diff_with_last_scan()
self.port_info.storage.get_vulnerabilities.assert_has_calls(
(call(port=self.port,
exploit=self.exploit,
scan=self.context.scanner.scan), ))
self.assertCountEqual(
self.port_info.storage.save_changes.call_args[0][0], expected)
serializer.assert_has_calls((call(vuln) for vuln in expected),
any_order=True)
def setUp(self):
self.serializer = Serializer()
self.vuln = Vulnerability(subid=15)
node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
node.os = MagicMock()
node.os.name_with_version = 'test_name_and_version'
self.context = ScanContext(aucote=None, scanner=TCPScanner(MagicMock(), MagicMock(), MagicMock(), MagicMock()))
self.vuln.context = self.context
self.port = Port(node=node, number=22, transport_protocol=TransportProtocol.TCP)
self.port.protocol = 'ssh'
self.port.scan = Scan()
self.port.scan.start = datetime.datetime(2016, 8, 16, 15, 23, 10, 183095, tzinfo=utc).timestamp()
self.vuln.port = self.port
self.vuln.output = 'Test'
self.vuln.scan = Scan(start=datetime.datetime(2016, 8, 16, 15, 23, 10, 183095, tzinfo=utc).timestamp(),
scanner='tcp')
self.exploit = Exploit(exploit_id=1)
self.exploit.app = 'test_app'
self.exploit.name = 'test_name'
self.exploit.title = 'test_title'
self.exploit.description = 'test_description'
self.exploit.risk_level = RiskLevel.from_name('High')
self.exploit.cve = 'CVE-2018-0001'
self.exploit.cvss = 9.8
self.exploit.metric = ExploitMetric.VNC_INFO
self.exploit.category = ExploitCategory.VULN
self.exploit.tags = {ExploitTag.HTTP, ExploitTag.SSL, ExploitTag.HTTPS}
self.vuln.exploit = self.exploit
self.vuln.time = datetime.datetime(2016, 8, 16, 15, 23, 10, 183095, tzinfo=utc).timestamp()
def setUp(self, cfg):
super(CVESearchServiceTaskTest, self).setUp()
cfg._cfg = {'tools': {'cve-search': {'api': 'localhost:200'}}}
self.example_output = ''
with open(
path.join(path.dirname(path.abspath(__file__)),
'example_output.json'), 'rb') as f:
self.example_output = f.read()
self.node = Node(ip='127.0.0.1', node_id=None)
self.port = Port(node=self.node,
transport_protocol=TransportProtocol.TCP,
number=22)
self.port.service_name = 'ssh'
self.port.scan = Scan()
self.port.service = Service()
self.app = Service()
self.app_2 = Service()
self.app.cpe = 'cpe:/a:microsoft:iexplorer:8.0.6001:beta'
self.app_2.cpe = 'cpe:/a:microsoft:aexplorer:8.0.6001:beta'
self.cpe_txt = 'cpe:/a:microsoft:internet_explorer:8.0.6001:beta'
self.os_cpe_txt = 'cpe:/o:a:b:4'
self.cpe_without_version = 'cpe:/o:cisco:ios'
self.node.os.cpe = self.os_cpe_txt
self.port.service.cpe = self.cpe_txt
self.exploit = Exploit(exploit_id=1337,
name='cve-search',
app='cve-search')
self.aucote = MagicMock()
self.context = ScanContext(aucote=self.aucote,
scanner=MagicMock(scan=Scan()))
self.task = CVESearchServiceTask(context=self.context,
port=self.port,
exploits=[self.exploit])
self.vuln_1 = Vulnerability(port=self.port,
exploit=self.exploit,
cve='CVE-2016-8612',
cvss=3.3,
output='test summary 1',
context=self.context,
subid=0)
self.vuln_2 = Vulnerability(port=self.port,
exploit=self.exploit,
cve='CVE-2017-9798',
cvss=5.0,
output='test summary 2',
context=self.context,
subid=1)
self.vuln_3 = Vulnerability(port=self.port,
exploit=self.exploit,
cve='CVE-2017-9788',
cvss=6.4,
output='test summary 3',
context=self.context,
subid=2)
def setUp(self):
self.maxDiff = None
self.storage = Storage(conn_string=getenv('AUCOTE_TEST_POSTGRES'))
self.scan = Scan(start=1,
end=17,
protocol=TransportProtocol.UDP,
scanner='test_name')
self.scan_1 = Scan(rowid=56,
protocol=TransportProtocol.UDP,
scanner='test_name',
start=13,
end=19)
self.scan_2 = Scan(rowid=79,
protocol=TransportProtocol.UDP,
scanner='test_name',
start=2,
end=18)
self.scan_3 = Scan(rowid=80,
protocol=TransportProtocol.UDP,
scanner='test_name_2',
start=20,
end=45)
self.scan_4 = Scan(rowid=78,
protocol=TransportProtocol.TCP,
scanner='portdetection',
start=1,
end=2)
self.node_1 = Node(node_id=1, ip=ipaddress.ip_address('127.0.0.1'))
self.node_1.name = 'test_node_1'
self.node_1.scan = Scan(start=15)
self.node_2 = Node(node_id=2, ip=ipaddress.ip_address('127.0.0.2'))
self.node_2.name = 'test_node_2'
self.node_2.scan = Scan(start=56)
self.node_3 = Node(node_id=3, ip=ipaddress.ip_address('127.0.0.3'))
self.node_3.name = 'test_node_3'
self.node_3.scan = Scan(start=98)
self.node_4 = Node(node_id=4, ip=ipaddress.ip_address('127.0.0.4'))
self.node_4.name = 'test_node_4'
self.node_4.scan = Scan(start=3)
self.node_scan_1 = NodeScan(node=self.node_1,
rowid=13,
scan=self.scan_1,
timestamp=15)
self.node_scan_2 = NodeScan(node=self.node_2,
rowid=15,
scan=self.scan_1,
timestamp=56)
self.node_scan_3 = NodeScan(node=self.node_3,
rowid=16,
scan=self.scan_1,
timestamp=98)
self.node_scan_3 = NodeScan(node=self.node_3,
rowid=17,
scan=self.scan_2,
timestamp=90)
self.port_1 = Port(node=self.node_1,
number=45,
transport_protocol=TransportProtocol.UDP)
self.port_1.scan = self.scan_1
self.port_scan_1 = PortScan(port=self.port_1,
scan=self.scan_1,
timestamp=176,
rowid=124)
self.port_2 = Port(node=self.node_2,
transport_protocol=TransportProtocol.UDP,
number=65)
self.port_2.scan = Scan(start=3, end=45)
self.port_scan_2 = PortScan(port=self.port_2,
scan=self.scan_1,
timestamp=987,
rowid=15)
self.port_3 = Port(node=self.node_3,
transport_protocol=TransportProtocol.ICMP,
number=99)
self.port_3.scan = Scan(start=43, end=180)
self.port_scan_3 = PortScan(port=self.port_3,
scan=self.scan_1,
timestamp=619,
rowid=13)
self.port_4 = Port(node=self.node_1,
number=80,
transport_protocol=TransportProtocol.UDP)
self.port_4.scan = self.scan_1
self.port_scan_4 = PortScan(port=self.port_4,
scan=self.scan_1,
timestamp=650,
rowid=480)
self.port_5 = Port(node=self.node_4,
number=22,
transport_protocol=TransportProtocol.TCP)
self.port_5.scan = self.scan_4
self.exploit_1 = Exploit(exploit_id=14,
name='test_name',
app='test_app')
self.exploit_2 = Exploit(exploit_id=2,
name='test_name_2',
app='test_app_2')
self.exploit_3 = Exploit(exploit_id=56,
name='test_name_2',
app='test_app')
self.exploit_4 = Exploit(exploit_id=0,
name='portdetection',
app='portdetection')
self.security_scan_1 = SecurityScan(exploit=self.exploit_1,
port=self.port_1,
scan=self.scan_1,
scan_start=178,
scan_end=851)
self.security_scan_2 = SecurityScan(exploit=self.exploit_2,
port=self.port_1,
scan=self.scan_1,
scan_start=109,
scan_end=775)
self.security_scan_3 = SecurityScan(exploit=self.exploit_3,
port=self.port_1,
scan=self.scan_2,
scan_start=113,
scan_end=353)
self.security_scan_4 = SecurityScan(exploit=self.exploit_1,
port=self.port_1,
scan=self.scan_3,
scan_start=180,
scan_end=222)
self.security_scan_5 = SecurityScan(exploit=self.exploit_1,
port=self.port_1,
scan=self.scan_2,
scan_start=14,
scan_end=156)
self.security_scan_6 = SecurityScan(exploit=self.exploit_2,
port=self.port_1,
scan=self.scan_2,
scan_start=56,
scan_end=780)
self.security_scan_7 = SecurityScan(exploit=self.exploit_4,
port=self.port_5,
scan=self.scan_4,
scan_start=14,
scan_end=890)
self.vuln_change_1 = PortDetectionChange(
change_time=124445,
current_finding=self.port_scan_1,
previous_finding=self.port_scan_2)
self.vuln_change_2 = PortDetectionChange(
change_time=32434,
current_finding=self.port_scan_2,
previous_finding=self.port_scan_3)
self.vulnerability_1 = Vulnerability(port=self.port_1,
output='test_output_1',
exploit=self.exploit_1,
cve='CVE-2017',
cvss=6.7,
subid=1,
vuln_time=13,
rowid=134,
scan=self.scan_1)
self.vulnerability_2 = Vulnerability(port=self.port_1,
output='test_output_2',
exploit=self.exploit_2,
cve='CWE-14',
cvss=8.9,
subid=2,
vuln_time=98,
rowid=152,
scan=self.scan_1)
self.vulnerability_3 = Vulnerability(port=self.port_1,
output='test_output_3',
exploit=self.exploit_1,
cve='CVE-2016',
cvss=3.7,
subid=2,
vuln_time=15,
rowid=153,
scan=self.scan_2)
self.vulnerability_4 = Vulnerability(port=self.port_1,
output='test_output_4',
exploit=self.exploit_2,
cve='CWE-15',
cvss=2.9,
subid=1,
vuln_time=124,
rowid=169,
scan=self.scan_2)
self.vulnerability_5 = Vulnerability(port=self.port_5,
output='',
exploit=self.exploit_4,
cve=None,
cvss=None,
subid=0,
vuln_time=124,
rowid=200,
scan=self.scan_4,
expiration_time=400)
self.vulnerability_6 = Vulnerability(port=self.port_5,
output='tftp',
exploit=self.exploit_4,
cve=None,
cvss=None,
subid=1,
vuln_time=124,
rowid=201,
scan=self.scan_4,
expiration_time=400)
self.vulnerability_7 = Vulnerability(port=self.port_5,
output='tftp server name',
exploit=self.exploit_4,
cve=None,
cvss=None,
subid=2,
vuln_time=124,
rowid=202,
scan=self.scan_4,
expiration_time=400)
self.vulnerability_8 = Vulnerability(port=self.port_5,
output='6.7.8',
exploit=self.exploit_4,
cve=None,
cvss=None,
subid=3,
vuln_time=124,
rowid=203,
scan=self.scan_4,
expiration_time=400)
self.vulnerability_9 = Vulnerability(port=self.port_5,
output='HERE IS TFTP\n\n\n > ',
exploit=self.exploit_4,
cve=None,
cvss=None,
subid=4,
vuln_time=124,
rowid=204,
scan=self.scan_4,
expiration_time=400)
self.vulnerability_10 = Vulnerability(port=self.port_5,
output='test:cpe',
exploit=self.exploit_4,
cve=None,
cvss=None,
subid=5,
vuln_time=124,
rowid=205,
scan=self.scan_4,
expiration_time=400)
self.vulnerability_11 = Vulnerability(port=self.port_5,
output='os name',
exploit=self.exploit_4,
cve=None,
cvss=None,
subid=6,
vuln_time=124,
rowid=206,
scan=self.scan_4,
expiration_time=400)
self.vulnerability_12 = Vulnerability(port=self.port_5,
output='os version',
exploit=self.exploit_4,
cve=None,
cvss=None,
subid=7,
vuln_time=124,
rowid=207,
scan=self.scan_4,
expiration_time=400)
self.vulnerability_13 = Vulnerability(port=self.port_5,
output='test:os:cpe',
exploit=self.exploit_4,
cve=None,
cvss=None,
subid=8,
vuln_time=124,
rowid=208,
scan=self.scan_4,
expiration_time=400)
def test_is_exploit_allowed_allowed_string(self, cfg):
self.thread.NAME = 'test_name'
cfg['portdetection.test_name.scripts'] = ["1"]
exploit = Exploit(exploit_id=1)
self.assertTrue(self.thread.is_exploit_allowed(exploit))
def test_is_exploit_allowed_not_allowed(self, cfg):
self.thread.NAME = 'test_name'
cfg['portdetection.test_name.scripts'] = []
exploit = Exploit(exploit_id=1)
self.assertFalse(self.thread.is_exploit_allowed(exploit))
def setUp(self):
self.exploit = Exploit(exploit_id=15,
name='test_name',
app='test_app',
cve='CVE-2017-XXXX,CVE-2018-XXX',
cvss='4.6')
def get_app(self):
self.aucote = MagicMock()
self.storage = Storage(getenv('AUCOTE_TEST_POSTGRES'))
self.aucote.storage = self.storage
self.storage.connect()
self.storage.remove_all()
self.storage.init_schema()
self.scan_1 = Scan(start=123,
end=446,
protocol=TransportProtocol.TCP,
scanner='tcp')
self.scan_2 = Scan(start=230,
end=447,
protocol=TransportProtocol.UDP,
scanner='udp')
for scan in (self.scan_1, self.scan_2):
self.storage.save_scan(scan)
self.node_1 = Node(node_id=13, ip=ipaddress.ip_address("10.156.67.18"))
self.node_2 = Node(node_id=75, ip=ipaddress.ip_address("10.156.67.34"))
self.node_scan_1 = NodeScan(node=self.node_1,
scan=self.scan_1,
timestamp=45)
self.node_scan_2 = NodeScan(node=self.node_2,
scan=self.scan_2,
timestamp=88)
self.node_scan_3 = NodeScan(node=self.node_1,
scan=self.scan_2,
timestamp=67)
for node_scan in (self.node_scan_1, self.node_scan_2,
self.node_scan_3):
self.storage.save_node_scan(node_scan)
self.port_1 = Port(node=self.node_1,
number=34,
transport_protocol=TransportProtocol.UDP)
self.port_2 = Port(node=self.node_2,
number=78,
transport_protocol=TransportProtocol.TCP)
self.port_scan_1 = PortScan(port=self.port_1,
timestamp=1234,
scan=self.scan_1,
rowid=13)
self.port_scan_2 = PortScan(port=self.port_2,
timestamp=2345,
scan=self.scan_1,
rowid=15)
for port_scan in (self.port_scan_1, self.port_scan_2):
self.storage.save_port_scan(port_scan)
self.exploit_1 = Exploit(exploit_id=14,
name='test_name',
app='test_app')
self.exploit_2 = Exploit(exploit_id=2,
name='test_name_2',
app='test_app_2')
self.security_scan_1 = SecurityScan(exploit=self.exploit_1,
port=self.port_1,
scan=self.scan_1,
scan_start=178,
scan_end=851)
self.security_scan_2 = SecurityScan(exploit=self.exploit_2,
port=self.port_1,
scan=self.scan_1,
scan_start=109,
scan_end=775)
self.security_scan_3 = SecurityScan(exploit=self.exploit_1,
port=self.port_1,
scan=self.scan_2,
scan_start=114,
scan_end=981)
for scan in (self.security_scan_1, self.security_scan_2,
self.security_scan_3):
self.storage.save_sec_scan(scan)
self.vulnerability_1 = Vulnerability(exploit=self.exploit_1,
port=self.port_1,
cvss="6.8",
cve="CVE-2017-1231",
scan=self.scan_1,
output="Vulnerable stuff",
vuln_time=134,
subid=34)
self.vulnerability_2 = Vulnerability(exploit=self.exploit_1,
port=self.port_1,
cvss="6.8",
cve="CVE-2017-1232",
scan=self.scan_2,
output=None,
vuln_time=718,
subid=34)
for vulnerability in (self.vulnerability_1, self.vulnerability_2):
self.storage.save_vulnerability(vulnerability)
self.scanner = TCPScanner(aucote=self.aucote,
host='localhost',
port=1339)
self.scanner.NAME = 'test_name'
self.scanner.scan.start = 1290
self.scanner.nodes = [
Node(node_id=1, ip=ipaddress.ip_address('127.0.0.1'))
]
self.aucote.scanners = [
self.scanner,
ToolsScanner(name='tools', aucote=self.aucote)
]
endpoints = [(url, handler, {
'aucote': self.aucote
}) for url, handler in [
(r"/api/v1/kill", KillHandler),
(r"/api/v1/scanners", ScannersHandler),
(r"/api/v1/scanners/([\w_]+)", ScannersHandler),
(r"/api/v1/tasks", TasksHandler),
(r"/api/v1/scans", ScansHandler),
(r"/api/v1/scans/([\d]+)", ScansHandler),
(r"/api/v1/nodes", NodesHandler),
(r"/api/v1/nodes/([\d]+)", NodesHandler),
(r"/api/v1/ports", PortsHandler),
(r"/api/v1/ports/([\d]+)", PortsHandler),
(r"/api/v1/security_scans", SecurityScansHandler),
(r"/api/v1/security_scans/([\d]+)", SecurityScansHandler),
(r"/api/v1/vulnerabilities", VulnerabilitiesHandler),
]]
endpoints.append(
(r"/api/v1/vulnerabilities/([\d]+)", VulnerabilitiesHandler, {
'aucote': self.aucote,
'path': '/aucote/'
}))
self.app = Application(endpoints)
return self.app