def test_process(self): with self.assertRaises(SystemExit): with capture_sys_output() as (stdout, stderr): self.proc_class([]) self.assertIn('too few arguments', stderr.getvalue()) with self.assertRaises(SystemExit): with capture_sys_output() as (stdout, stderr): self.proc_class(['unknown']) self.assertIn("invalid choice: 'unknown'", stderr.getvalue()) with self.assertRaises(SystemExit): with capture_sys_output() as (stdout, stderr): self.proc_class(['json']) self.assertIn('too few arguments', stderr.getvalue()) file_path = 'tests/unknown_mapping.json' with self.assertRaises(IOError) as cm: self.proc_class(['json', file_path]) self.assertIn("No such file or directory: '{}'".format(file_path), cm.exception.message) file_path = 'tests/mapping.json' proc = self.proc_class(['json', file_path]) with open(file_path) as fd: self.assertEquals(proc.current_mode.mapping, json.loads(fd.read()))
def test_modes(self): self.initialize_mode2_was_called = False self.initialize_mode3_was_called = False class Mode1(ProcessMode): def set_arguments(self, subparser): pass class Mode2(Mode1): def initialize(mode_self, arguments): attr_format = 'initialize_{}_was_called' name = attr_format.format(mode_self.__class__.__name__.lower()) setattr(self, name, True) class Mode3(Mode2): pass class MyProcess(Process): MODES = [Mode1, Mode2, Mode3] with self.assertRaises(SystemExit): with capture_sys_output() as (stdout, stderr): MyProcess([]) self.assertIn('too few arguments', stderr.getvalue()) with self.assertRaises(SystemExit): with capture_sys_output() as (stdout, stderr): MyProcess(['unknown']) self.assertIn("invalid choice: 'unknown'", stderr.getvalue()) proc = MyProcess(['mode1']) for mode in [Mode1, Mode2, Mode3]: self.assertIn(mode, proc.MODES) self.assertTrue(isinstance(proc.current_mode, Mode1)) self.assertFalse(self.initialize_mode2_was_called) self.assertFalse(self.initialize_mode3_was_called) self.initialize_mode2_was_called = False self.initialize_mode3_was_called = False proc = MyProcess(['mode2']) self.assertTrue(isinstance(proc.current_mode, Mode2)) self.assertTrue(self.initialize_mode2_was_called) self.assertFalse(self.initialize_mode3_was_called) self.initialize_mode2_was_called = False self.initialize_mode3_was_called = False proc = MyProcess(['mode3']) self.assertTrue(isinstance(proc.current_mode, Mode3)) self.assertFalse(self.initialize_mode2_was_called) self.assertTrue(self.initialize_mode3_was_called)
def test_get_dnskey_good(self): output.setup(False, False) with utils.capture_sys_output() as (stdout, stderr): recs = dnssec.get_dnskey("cloudflare.com") self.assertNotIn("Exception", stderr.getvalue()) self.assertTrue(len(recs) > 0)
def test_jira_user_reg(self): url = "https://www.example.org/secure/Dashboard.jspa" target_dir = os.path.dirname(os.path.realpath("__file__")) path = os.path.join(target_dir, "tests/test_data/jira_registration.txt") contents = Path(path).read_text() try: output.setup(False, True, True) with utils.capture_sys_output() as (stdout, stderr): with requests_mock.Mocker() as m: m.get( "https://www.example.org/secure/Signup!default.jspa", text=contents, status_code=200, ) results = jira.check_jira_user_registration(url) except Exception as error: self.assertIsNone(error) self.assertIsNotNone(results) self.assertTrue(len(results) > 0) self.assertNotIn("Exception", stderr.getvalue()) self.assertNotIn("Error", stdout.getvalue()) self.assertTrue( any("Jira User Registration Enabled" in r.message for r in results) ) network.reset()
def test_jira_found(self): url = "https://www.example.org/" target_dir = os.path.dirname(os.path.realpath("__file__")) path = os.path.join(target_dir, "tests/test_data/jira_dashboard.txt") contents = Path(path).read_text() try: output.setup(False, True, True) with utils.capture_sys_output() as (stdout, stderr): with requests_mock.Mocker() as m: m.get(url, text="body", status_code=200) m.get(f"{url}secure/Dashboard.jspa", text=contents, status_code=200) m.get( f"{url}jira/secure/Dashboard.jspa", text="body", status_code=404 ) session = Session(None, url) results, jira_url = jira.check_for_jira(session) except Exception as error: self.assertIsNone(error) self.assertIsNotNone(jira_url) self.assertIsNotNone(results) self.assertTrue(len(results) > 0) self.assertNotIn("Exception", stderr.getvalue()) self.assertNotIn("Error", stdout.getvalue()) self.assertTrue(any("Jira Installation Found" in r.message for r in results)) self.assertTrue(any("v8.1.0-801000" in r.message for r in results)) network.reset()
def test_get_dnskey_none(self): output.setup(False, False) with utils.capture_sys_output() as (stdout, stderr): recs = dnssec.get_dnskey("adamcaudill.com") self.assertNotIn("Exception", stderr.getvalue()) self.assertTrue(len(recs) == 0)
def test_cve_2019_11043_false(self): network.init("", "", "") output.setup(False, False, False) url = "https://www.example.org/" p = command_line.build_parser() ns = p.parse_args(args=["scan"]) s = Session(ns, url) try: output.setup(False, True, True) with utils.capture_sys_output() as (stdout, stderr): with requests_mock.Mocker() as m: m.get(requests_mock.ANY, status_code=200) m.head(requests_mock.ANY, status_code=200) results = php.check_cve_2019_11043( s, ["https://www.example.org/test/"] ) except Exception as error: self.assertIsNone(error) self.assertIsNotNone(results) self.assertTrue(len(results) == 0) self.assertNotIn("Exception", stderr.getvalue()) self.assertNotIn("Error", stdout.getvalue()) network.reset()
def test_get_info_message(self): output.setup(False, False, False) with utils.capture_sys_output() as (stdout, stderr): recs = api.get_info_message() self.assertNotIn("Exception", stderr.getvalue()) self.assertTrue(len(recs) > 0)
def test_get_header_issues_dup_header(self): network.init("", "", "") output.setup(False, False, False) # we are using www.google.com as they return multiple Set-Cookie headers url = "https://www.google.com" output.setup(False, True, True) with utils.capture_sys_output() as (stdout, stderr): resp = requests.get(url) results = http_basic.get_header_issues( resp, network.http_build_raw_response(resp), url ) self.assertIsNotNone(results) self.assertTrue(len(results) > 0) self.assertNotIn("Exception", stderr.getvalue()) self.assertNotIn("Error", stdout.getvalue()) self.assertTrue( any( "Header Set-Cookie set multiple times with different values" in r.message for r in results ) )
def test_process_urls_maybe_valid(self): parser = command_line.build_parser() args, urls = parser.parse_known_args(["scan", "adamcaudill.com"]) with utils.capture_sys_output() as (stdout, stderr): command_line.process_urls(urls) self.assertEqual("", stderr.getvalue())
def test_process_urls_unknown_param(self): parser = command_line.build_parser() args, urls = parser.parse_known_args(["scan", "--dfghjk"]) with utils.capture_sys_output() as (stdout, stderr): command_line.process_urls(urls) self.assertIn("YAWAST Error: Invalid parameter", stderr.getvalue())
def test_process_urls_invalid_ftp(self): parser = command_line.build_parser() args, urls = parser.parse_known_args(["scan", "ftp://adamcaudill.com"]) with self.assertRaises(SystemExit): with utils.capture_sys_output() as (stdout, stderr): command_line.process_urls(urls) self.assertIn("YAWAST Error: Invalid URL Specified", stderr.getvalue())
def test_check_open_ports_cli_bad_domain(self): output.setup(False, False, False) target_dir = os.path.dirname(os.path.realpath("__file__")) path = os.path.join(target_dir, "tests/test_data/common_ports.json") with utils.capture_sys_output() as (stdout, stderr): _check_open_ports("invalidaksjdhkajshd.com", "https://adamcaudill.com", path) self.assertNotIn("Exception", stderr.getvalue())
def test_process_urls_empty(self): parser = command_line.build_parser() args, urls = parser.parse_known_args(["scan"]) with self.assertRaises(SystemExit): with utils.capture_sys_output() as (stdout, stderr): command_line.process_urls(urls) self.assertIn("YAWAST Error: You must specify at least one URL.", stderr.getvalue())
def test_build_parser(self): parser = command_line.build_parser() # make sure we got something back self.assertIsNotNone(parser) with self.assertRaises(SystemExit) as cm: with utils.capture_sys_output() as (stdout, stderr): parser.parse_known_args([""]) self.assertIn("yawast: error", stderr.getvalue())
def test_net_init_valid_proxy_alt(self): try: output.setup(False, True, True) with utils.capture_sys_output() as (stdout, stderr): network.init("127.0.0.1:1234", "", "") except Exception as error: self.assertIsNone(error) self.assertIsNotNone(network._requester) self.assertNotIn("Exception", stderr.getvalue()) self.assertNotIn("Error", stdout.getvalue()) self.assertNotIn("Invalid proxy server specified", stdout.getvalue()) network.reset()
def test_wp_ident(self): network.init("", "", "") url = "https://adamcaudill.com/" output.setup(False, False, False) with utils.capture_sys_output() as (stdout, stderr): try: _, res = wordpress.identify(url) except Exception as error: self.assertIsNone(error) self.assertNotIn("Exception", stderr.getvalue()) self.assertNotIn("Error", stderr.getvalue()) self.assertTrue(any("Found WordPress" in r.message for r in res))
def test__get_vulnerability_info(self): target_dir = os.path.dirname(os.path.realpath("__file__")) path = os.path.join(target_dir, "tests/test_data/ssl_labs_analyze_data.json") with open(path) as json_file: body = json.load(json_file) try: for ep in body["endpoints"]: with utils.capture_sys_output() as (stdout, stderr): _get_vulnerability_info(ep, "http://adamcaudill.com") except Exception as error: print(error) self.assertIsNone(error)
def test_net_init_invalid_header(self): try: output.setup(False, True, True) with utils.capture_sys_output() as (stdout, stderr): network.init("", "", "AUTH123") _ = network.http_get("http://example.com") except Exception as error: self.assertIsNone(error) self.assertIsNotNone(network._requester) self.assertNotIn("Exception", stderr.getvalue()) self.assertIn("Error", stdout.getvalue()) self.assertIn("header must be in NAME=VALUE format", stdout.getvalue()) network.reset()
def test_find_backup_ext(self): network.init("", "", "") url = "https://adamcaudill.com/" output.setup(False, False, False) with utils.capture_sys_output() as (stdout, stderr): try: http.reset() _, _ = file_search.find_backups( [url, f"{url}readme.html", f"{url}#test"] ) except Exception as error: self.assertIsNone(error) self.assertNotIn("Exception", stderr.getvalue()) self.assertNotIn("Error", stderr.getvalue())
def test_wp_json_user_enum(self): network.init("", "", "") url = "https://adamcaudill.com/" output.setup(False, False, False) with utils.capture_sys_output() as (stdout, stderr): try: res = wordpress.check_json_user_enum(url) except Exception as error: self.assertIsNone(error) self.assertNotIn("Exception", stderr.getvalue()) self.assertNotIn("Error", stderr.getvalue()) self.assertTrue( any("WordPress WP-JSON User Enumeration" in r.message for r in res) )
def test_check_404(self): network.init("", "", "X-Test=123") url = "https://adamcaudill.com/" output.setup(False, False, False) with utils.capture_sys_output() as (stdout, stderr): with requests_mock.Mocker() as m: m.get(requests_mock.ANY, text="body", status_code=200) try: file, _, _, _ = network.check_404_response(url) except Exception as error: self.assertIsNone(error) self.assertNotIn("Exception", stderr.getvalue()) self.assertNotIn("Error", stderr.getvalue())
def test_check_put(self): network.init("", "", "") url = "https://adamcaudill.com/" output.setup(False, False, False) with utils.capture_sys_output() as (stdout, stderr): with requests_mock.Mocker() as m: m.put(requests_mock.ANY, text="body", status_code=200) try: res = network.http_put(url, "data") except Exception as error: self.assertIsNone(error) self.assertNotIn("Exception", stderr.getvalue()) self.assertNotIn("Error", stderr.getvalue()) self.assertIsNotNone(res)
def test_pwd_rst_get_driver(self): url = "https://example.com/" output.setup(False, False, False) with utils.capture_sys_output() as (stdout, stderr): p = command_line.build_parser() ns = p.parse_args(args=["scan"]) s = Session(ns, url) try: driver = _get_driver(s, url) except Exception as error: self.assertIsNone(error) self.assertIsInstance(driver, WebDriver) self.assertIn("<h1>Example Domain</h1>", driver.page_source) self.assertNotIn("Exception", stderr.getvalue()) self.assertNotIn("Error", stderr.getvalue())
def test_find_backup_ext_all(self): network.init("", "", "") url = "https://adamcaudill.com/" output.setup(False, False, False) with utils.capture_sys_output() as (stdout, stderr): with requests_mock.Mocker() as m: m.get(requests_mock.ANY, text="body", status_code=200) m.head(requests_mock.ANY, status_code=200) try: http.reset() _, res = file_search.find_backups([url, f"{url}test/readme.html"]) except Exception as error: self.assertIsNone(error) self.assertNotIn("Exception", stderr.getvalue()) self.assertNotIn("Error", stderr.getvalue()) self.assertTrue(any("Found backup file" in r.message for r in res))
def test_ds_store(self): url = "https://www.example.org/" try: output.setup(False, True, True) with utils.capture_sys_output() as (stdout, stderr): with requests_mock.Mocker() as m: m.get(requests_mock.ANY, content=b"\0\0\0\1Bud1\0", status_code=200) results = file_search.find_ds_store([url]) except Exception as error: self.assertIsNone(error) self.assertIsNotNone(results) self.assertTrue(len(results) > 0) self.assertNotIn("Exception", stderr.getvalue()) self.assertNotIn("Error", stdout.getvalue()) self.assertTrue(any(".DS_Store File Found" in r.message for r in results)) network.reset()
def test_pwd_rst_find_field(self): url = "https://underhandedcrypto.com/wp-login.php?action=lostpassword" output.setup(False, False, False) with utils.capture_sys_output() as (stdout, stderr): p = command_line.build_parser() ns = p.parse_args(args=["scan"]) s = Session(ns, url) try: driver = _get_driver(s, url) element = _find_user_field(driver) except Exception as error: self.assertIsNone(error) self.assertIsInstance(driver, WebDriver) self.assertIsInstance(element, WebElement) self.assertIn("Username or Email Address", driver.page_source) self.assertNotIn("Exception", stderr.getvalue()) self.assertNotIn("Error", stderr.getvalue()) self.assertEqual("user_login", element.get_attribute("id"))
def test_print_header(self): with utils.capture_sys_output() as (stdout, stderr): main.print_header() self.assertIn("(v%s)" % get_version(), stdout.getvalue())