def test_SQL_scan(self):
target = get_moth_http(
'/audit/sql_injection/where_string_single_qs.py')
target_path = get_moth_http('/audit/sql_injection/')
qs = '?uname=pablo'
commands_to_run = [
'plugins', 'output console,text_file', 'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back', 'output config console',
'set verbose False', 'back', 'audit sqli', 'crawl web_spider',
'crawl config web_spider', 'set only_forward True', 'back',
'grep path_disclosure', 'back', 'target',
'set target %s%s' % (target, qs), 'back', 'start', 'exit'
]
expected = ('SQL injection in ',
'A SQL error was found in the response supplied by ',
'New URL found by web_spider plugin: "%s"' % target_path)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(
['No such file or directory', 'Exception'])
self.assertFalse(found_errors)
def test_save_load_misc_settings(self):
# Save the settings
commands_to_run = [
'misc-settings set msf_location /etc/',
'profiles save_as %s' % self.get_profile_name(), 'exit'
]
expected = ('Profile saved.', )
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
self._assert_exists(self.get_profile_name())
# Clean the mocked stdout
self._mock_stdout.clear()
# Load the settings
commands_to_run = [
'profiles',
'use %s' % self.get_profile_name(), 'back', 'misc-settings view',
'exit'
]
expected = ('/etc/', )
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_save_load_misc_settings(self):
# Save the settings
commands_to_run = ['misc-settings set msf_location /etc/',
'profiles save_as %s' % self.get_profile_name(),
'exit']
expected = ('Profile saved.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
self._assert_exists(self.get_profile_name())
# Clean the mocked stdout
self._mock_stdout.clear()
# Load the settings
commands_to_run = ['profiles',
'use %s' % self.get_profile_name(),
'back',
'misc-settings view',
'exit']
expected = ('/etc/',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
class TestAcceptDisclaimer(unittest.TestCase):
def setUp(self):
self.console_ui = ConsoleUI(do_upd=False)
class dummy_true(Mock):
accepted_disclaimer = True
class dummy_false(Mock):
accepted_disclaimer = False
@patch('w3af.core.ui.console.console_ui.StartUpConfig',
new_callable=dummy_false)
@patch('__builtin__.raw_input', return_value='')
def test_not_saved_not_accepted(self, mocked_startup_cfg, mocked_input):
self.assertFalse(self.console_ui.accept_disclaimer())
@patch('w3af.core.ui.console.console_ui.StartUpConfig',
new_callable=dummy_false)
@patch('__builtin__.raw_input', return_value='y')
def test_not_saved_accepted(self, mocked_startup_cfg, mocked_input):
self.assertTrue(self.console_ui.accept_disclaimer())
@patch('w3af.core.ui.console.console_ui.StartUpConfig',
new_callable=dummy_true)
def test_saved(self, mocked_startup_cfg):
self.assertTrue(self.console_ui.accept_disclaimer())
def test_use_self_contained_profile(self):
"""
Makes sure that we're able to use a self-contained profile and that
it's transparent for the plugin code.
"""
#
# Make the profile self-contained and load it
#
commands_to_run = [
'profiles', 'use OWASP_TOP10',
'save_as %s self-contained' % self.get_profile_name(), 'back',
'profiles',
'use %s' % self.get_profile_name(), 'back',
'plugins audit config ssl_certificate', 'view', 'exit'
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
#
# Extract the temp file from the plugin configuration and read it
#
for line in self._mock_stdout.messages:
match = re.search('(/tmp/w3af-.*-sc\.dat)', line)
if not match:
continue
filename = match.group(0)
self.assertIn('Bundle of CA Root Certificates',
file(filename).read())
break
else:
self.assertTrue(False, 'No self contained file found')
def test_set_save_use(self):
"""
This is a unittest for the bug reported by a user where his settings
are not saved to the profile.
https://github.com/andresriancho/w3af/issues/291
Actually, the settings are saved but not properly displayed, but that's
not so important. The important thing is that the user was seeing the
old setting instead of the new.
"""
# We want to get the prompt, not a disclaimer message
startup_cfg = StartUpConfig()
startup_cfg.accepted_disclaimer = True
startup_cfg.save()
# Load an existing profile, modify msf_location and save it as unittest
commands_to_run = [
'profiles', 'use OWASP_TOP10', 'back', 'misc-settings',
'set msf_location /tmp/', 'back', 'profiles',
'save_as %s' % self.get_profile_name(), 'exit'
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('Profile saved.', )
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
# The easy way to do this was to simply pass 'python' to Popen
# but now that we want to run the tests in virtualenv, we need to
# find the "correct" / "virtual" python executable using which and
# then pass that one to Popen
python_executable = sys.executable
p = subprocess.Popen([python_executable, 'w3af_console', '-n'],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE,
shell=False,
universal_newlines=True)
# Now we run a new ConsoleUI that will load the saved settings. We
# should see /tmp/ as the value for msf_location
commands_to_run = [
'profiles',
'use %s' % self.get_profile_name(), 'back', 'misc-settings',
'view', 'back', 'exit'
]
expected_output = '/tmp'
stdout, stderr = p.communicate('\r'.join(commands_to_run) + '\r')
msg = 'Failed to find "%s" in "%s" using "%s" as python executable.'
msg = msg % (expected_output, stdout, python_executable)
self.assertIn(expected_output, stdout, msg)
def test_OS_commanding_exploit(self):
target = get_moth_http('/audit/os_commanding/trivial_osc.py')
qs = '?cmd=foobar'
commands_to_run = [
'plugins',
'audit os_commanding',
'back',
'target',
'set target %s%s' % (target, qs),
'back',
'start',
'exploit',
'exploit os_commanding',
'interact 0',
'execute ls',
'execute w',
'read /etc/passwd',
'help',
'lsp',
'payload tcp',
'payload list_processes',
'payload list_processes 20',
'exit', # from shell
'exit', # from w3af
]
expected = ( # start
'OS Commanding was found at: "%s' % target,
# exploit
'Vulnerability successfully exploited. Generated shell object',
'Please use the interact command to interact with the shell objects.',
# read /etc/passwd
'root:x:0:0:root:/root:/bin/bash',
'daemon:x:1:1:daemon:/usr/sbin:/bin/sh',
# help
'',
#lsp
'apache_config_directory',
'kernel_version',
# payload tcp
'| Id ',
# payload list_processes
'Usage: list_processes <max_pid>',
# payload list_processes 20
'| 1',
)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(
['No such file or directory', 'Exception'])
self.assertFalse(found_errors)
def test_menu_browse_target(self):
commands_to_run = ['target', 'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:target>>> ')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_not_exists(self):
commands_to_run = ['profiles', 'help', 'use do_not_exist', 'exit']
expected = ('The profile "do_not_exist.pw3af" wasn\'t found.', )
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_save_as_profile_no_param(self):
commands_to_run = ['profiles', 'use OWASP_TOP10', 'save_as', 'exit']
expected = ('Parameter missing, please see the help', )
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_two_scans(self):
target_1 = get_moth_http(
'/audit/sql_injection/where_string_single_qs.py')
target_path_1 = get_moth_http('/audit/sql_injection/')
qs_1 = '?uname=pablo'
scan_commands_1 = [
'plugins', 'output console,text_file', 'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back', 'output config console',
'set verbose False', 'back', 'audit sqli', 'crawl web_spider',
'crawl config web_spider', 'set only_forward True', 'back',
'grep path_disclosure', 'back', 'target',
'set target %s%s' % (target_1, qs_1), 'back', 'start'
]
expected_1 = ('SQL injection in ',
'A SQL error was found in the response supplied by ',
'New URL found by web_spider plugin: "%s"' %
target_path_1)
target_2 = get_moth_http('/audit/xss/simple_xss.py')
target_path_2 = get_moth_http('/audit/xss/')
qs_2 = '?text=1'
scan_commands_2 = [
'plugins', 'output console,text_file', 'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back', 'output config console',
'set verbose False', 'back', 'audit xss', 'crawl web_spider',
'crawl config web_spider', 'set only_forward True', 'back',
'grep path_disclosure', 'back', 'plugins output', 'target',
'set target %s%s' % (target_2, qs_2), 'back', 'start', 'exit'
]
expected_2 = ('A Cross Site Scripting vulnerability was found at',
'New URL found by web_spider plugin: "%s"' %
target_path_2)
scan_commands = scan_commands_1 + scan_commands_2
self.console = ConsoleUI(commands=scan_commands, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected_1)
self.assertTrue(assert_result, msg)
assert_result, msg = self.startswith_expected_in_output(expected_2)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(
['No such file or directory', 'Exception'])
self.assertFalse(found_errors)
def test_load_profile_exists(self):
commands_to_run = ['profiles', 'help', 'use OWASP_TOP10', 'exit']
expected = (
'The plugins configured by the scan profile have been enabled',
'Please set the target URL', ' | Use a profile.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_set_option_auto_save(self):
commands_to_run = [
'target set target http://moth/', 'target view', 'exit'
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('| target ',
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(
expected_start_with)
self.assertTrue(assert_result, msg)
def test_buggy_scan(self):
target = get_moth_http('/grep/csp/')
commands_to_run = [
'plugins', 'output console', 'crawl failing_spider',
'crawl config failing_spider', 'set only_forward true', 'back',
'grep path_disclosure', 'back', 'target',
'set target %s' % (target), 'back', 'start', 'bug-report',
'summary', 'report', 'exit'
]
expected = (
'During the current scan (with id: ',
'An exception was found while running crawl.failing_spider on ',
'New URL found by failing_spider plugin: ',
' [1/1] Bug with id 0 reported at https://github.com/andresriancho/w3af/issues/'
)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
caught_exceptions = self.console._w3af.exception_handler.get_all_exceptions(
)
self.assertEqual(len(caught_exceptions), 1, self._mock_stdout.messages)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(
['No such file or directory', 'Exception'])
self.assertFalse(found_errors)
# Clear the exceptions, we don't need them anymore.
self.console._w3af.exception_handler.clear()
# Close issue from github
issue_id_re = re.compile(
'https://github.com/andresriancho/w3af/issues/(\d*)')
for line in self._mock_stdout.messages:
mo = issue_id_re.search(line)
if mo is not None:
issue_id = mo.group(1)
gh = Github(OAUTH_TOKEN)
repo = gh.get_user('andresriancho').get_repo('w3af')
issue = repo.get_issue(int(issue_id))
issue.edit(state='closed')
break
else:
self.assertTrue(False, 'Did NOT close test ticket.')
def test_menu_plugin_desc(self):
commands_to_run = [
'plugins', 'infrastructure desc zone_h', 'back', 'exit'
]
expected = ('This plugin searches the zone-h.org',
'result. The information stored in',
'previous defacements to the target website.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_simple_save(self):
commands_to_run = [
'plugins crawl config dir_file_bruter',
'set file_wordlist /etc/passwd', 'save', 'view', 'back', 'exit'
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = (' /etc/passwd ',
'The configuration has been saved.')
assert_result, msg = self.all_expected_substring_in_output(
expected_start_with)
self.assertTrue(assert_result, msg)
def test_save_as_profile(self):
commands_to_run = [
'profiles', 'use OWASP_TOP10', 'save_as unittest', 'exit'
]
expected = ('Profile saved.', )
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
self._assert_exists('unittest')
def test_menu_save_with_dependencies_error(self):
commands_to_run = [
'plugins audit config rfi', 'set use_w3af_site false',
'set listen_address abc', 'save', 'view', 'back', 'exit'
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = (
'Identified an error with the user-defined settings', )
assert_result, msg = self.startswith_expected_in_output(
expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_save_with_dependencies_success(self):
commands_to_run = [
'plugins audit config rfi', 'set use_w3af_site false',
'set listen_address 127.0.0.1', 'set listen_port 8081', 'save',
'view', 'back', 'exit'
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('127.0.0.1', '8081')
assert_result, msg = self.all_expected_substring_in_output(
expected_start_with)
self.assertTrue(assert_result, msg)
def test_load_profile_by_filepath(self):
tmp_profile = tempfile.NamedTemporaryFile(suffix='.pw3af')
commands_to_run = [
'profiles', 'help', 'use ' + tmp_profile.name, 'exit'
]
expected = (
'The plugins configured by the scan profile have been enabled',
'Please set the target URL', ' | Use a profile.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_set_option_invalid_case01(self):
# Invalid port
commands_to_run = [
'target', 'set target http://moth:301801/', 'view', 'back', 'exit'
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = (
'Invalid URL configured by user,',
# Because nothing was really saved and the
# config is empty, this will succeed
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(
expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_set_option_case01(self):
commands_to_run = [
'target', 'set target http://moth/', 'save', 'view', 'back', 'exit'
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:target>>> ',
'The configuration has been saved.\r\n')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
expected_start_with = ('| http://moth/', )
assert_result, msg = self.all_expected_substring_in_output(
expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_browse_target(self):
commands_to_run = ['target', 'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:target>>> ')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_simple_save_with_view(self):
"""
Reproduces the issue at https://github.com/andresriancho/w3af/issues/474
where a "view" call overwrites any previously set value with the default
"""
commands_to_run = [
'plugins crawl config dir_file_bruter',
'set file_wordlist /etc/passwd', 'view', 'back',
'plugins crawl config dir_file_bruter', 'view', 'back', 'exit'
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = (' /etc/passwd ',
'The configuration has been saved.')
assert_result, msg = self.all_expected_substring_in_output(
expected_start_with)
self.assertTrue(assert_result, msg)
def test_kb_add_with_errors(self):
commands_to_run = [
'kb',
'add',
'add foobar',
'add foo bar',
'back',
'exit',
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/kb>>> ', 'Parameter "type" is missing,',
'Type foobar is unknown',
'Only one parameter is accepted,')
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_kb_add_back_without_config(self):
commands_to_run = [
'kb',
'add',
'add os_commanding',
'back',
'exit',
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = (
'w3af>>> ',
'w3af/kb>>> ',
'This vulnerability requires data to be configured.',
)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_set_option_auto_save(self):
commands_to_run = ['target set target http://moth/',
'target view',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('| target ',
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_kb_add(self):
commands_to_run = [
'kb',
'add dav',
'set url http://target.com/',
'back',
'list vulns',
'back',
'exit',
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = (
'w3af>>> ', 'w3af/kb>>> ', 'w3af/kb/config:dav>>> ',
'Stored "DAV Misconfiguration" in the knowledge base.',
'| DAV | This vulnerability was added to the knowledge'
)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_save_as_profile_no_param(self):
commands_to_run = ['profiles',
'use OWASP_TOP10',
'save_as',
'exit']
expected = ('Parameter missing, please see the help',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_not_exists(self):
commands_to_run = ['profiles',
'help',
'use do_not_exist',
'exit']
expected = ('The profile "do_not_exist.pw3af" wasn\'t found.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_save_as_self_contained_profile(self):
commands_to_run = [
'profiles', 'use OWASP_TOP10',
'save_as %s self-contained' % self.get_profile_name(), 'exit'
]
expected = ('Profile saved.', )
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
# The profile is now self contained
p = profile(self.get_profile_name())
self.assertIn('caFileName = base64://',
file(p.profile_file_name).read())
# Before it wasn't
p = profile('OWASP_TOP10')
self.assertIn('caFileName = %ROOT_PATH%',
file(p.profile_file_name).read())
def test_menu_set_option_invalid_case01(self):
# Invalid port
commands_to_run = ['target', 'set target http://moth:301801/', 'view',
'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('Invalid URL configured by user,',
# Because nothing was really saved and the
# config is empty, this will succeed
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_save_as_profile(self):
commands_to_run = ['profiles',
'use OWASP_TOP10',
'save_as unittest',
'exit']
expected = ('Profile saved.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
self._assert_exists('unittest')
def test_menu_plugin_desc(self):
commands_to_run = ['plugins',
'infrastructure desc zone_h',
'back',
'exit']
expected = ('This plugin searches the zone-h.org',
'result. The information stored in',
'previous defacements to the target website.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_set_option_case01(self):
commands_to_run = ['target', 'set target http://moth/', 'save', 'view',
'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:target>>> ',
'The configuration has been saved.\r\n')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
expected_start_with = ('| http://moth/',)
assert_result, msg = self.all_expected_substring_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_save_with_dependencies_error(self):
commands_to_run = ['plugins audit config rfi',
'set use_w3af_site false',
'set listen_address abc',
'save',
'view',
'back',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('Identified an error with the user-defined settings',)
assert_result, msg = self.startswith_expected_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
class TestAcceptDisclaimer(unittest.TestCase):
def setUp(self):
self.console_ui = ConsoleUI(do_upd=False)
class dummy_true(Mock):
accepted_disclaimer = True
class dummy_false(Mock):
accepted_disclaimer = False
@patch('w3af.core.ui.console.console_ui.StartUpConfig', new_callable=dummy_false)
@patch('__builtin__.raw_input', return_value='')
def test_not_saved_not_accepted(self, mocked_startup_cfg, mocked_input):
self.assertFalse(self.console_ui.accept_disclaimer())
@patch('w3af.core.ui.console.console_ui.StartUpConfig', new_callable=dummy_false)
@patch('__builtin__.raw_input', return_value='y')
def test_not_saved_accepted(self, mocked_startup_cfg, mocked_input):
self.assertTrue(self.console_ui.accept_disclaimer())
@patch('w3af.core.ui.console.console_ui.StartUpConfig', new_callable=dummy_true)
def test_saved(self, mocked_startup_cfg):
self.assertTrue(self.console_ui.accept_disclaimer())
def test_menu_simple_save(self):
commands_to_run = ['plugins crawl config dir_file_bruter',
'set file_wordlist /etc/passwd',
'save',
'view',
'back',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = (' /etc/passwd ',
'The configuration has been saved.')
assert_result, msg = self.all_expected_substring_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_load_profile_exists(self):
commands_to_run = ['profiles',
'help',
'use OWASP_TOP10',
'exit']
expected = (
'The plugins configured by the scan profile have been enabled',
'Please set the target URL',
' | Use a profile.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_by_filepath(self):
tmp_profile = tempfile.NamedTemporaryFile(suffix='.pw3af')
commands_to_run = ['profiles',
'help',
'use ' + tmp_profile.name,
'exit']
expected = (
'The plugins configured by the scan profile have been enabled',
'Please set the target URL',
' | Use a profile.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_save_with_dependencies_success(self):
commands_to_run = ['plugins audit config rfi',
'set use_w3af_site false',
'set listen_address 127.0.0.1',
'set listen_port 8081',
'save',
'view',
'back',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('127.0.0.1',
'8081')
assert_result, msg = self.all_expected_substring_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_SQL_scan(self):
target = get_moth_http("/audit/sql_injection/where_string_single_qs.py")
qs = "?uname=pablo"
commands_to_run = [
"plugins",
"output console,text_file",
"output config text_file",
"set output_file %s" % self.OUTPUT_FILE,
"set http_output_file %s" % self.OUTPUT_HTTP_FILE,
"set verbose True",
"back",
"output config console",
"set verbose False",
"back",
"audit sqli",
"crawl web_spider",
"crawl config web_spider",
"set only_forward True",
"back",
"grep path_disclosure",
"back",
"target",
"set target %s%s" % (target, qs),
"back",
"start",
"exit",
]
expected = (
"SQL injection in ",
"A SQL error was found in the response supplied by ",
"Found 1 URLs and 1 different injections points",
"Scan finished",
)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(["No such file or directory", "Exception"])
self.assertFalse(found_errors)
def test_menu_simple_save_with_view(self):
"""
Reproduces the issue at https://github.com/andresriancho/w3af/issues/474
where a "view" call overwrites any previously set value with the default
"""
commands_to_run = ['plugins crawl config dir_file_bruter',
'set file_wordlist /etc/passwd',
'view',
'back',
'plugins crawl config dir_file_bruter',
'view',
'back',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = (' /etc/passwd ',
'The configuration has been saved.')
assert_result, msg = self.all_expected_substring_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_save_as_self_contained_profile(self):
commands_to_run = ['profiles',
'use OWASP_TOP10',
'save_as %s self-contained' % self.get_profile_name(),
'exit']
expected = ('Profile saved.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
# The profile is now self contained
p = profile(self.get_profile_name())
self.assertIn('caFileName = base64://',
file(p.profile_file_name).read())
# Before it wasn't
p = profile('OWASP_TOP10')
self.assertIn('caFileName = %ROOT_PATH%',
file(p.profile_file_name).read())
def test_SQL_scan(self):
target = get_moth_http('/audit/sql_injection/where_string_single_qs.py')
target_path = get_moth_http('/audit/sql_injection/')
qs = '?uname=pablo'
commands_to_run = ['plugins',
'output console,text_file',
'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back',
'output config console',
'set verbose False', 'back',
'audit sqli',
'crawl web_spider',
'crawl config web_spider',
'set only_forward True', 'back',
'grep path_disclosure',
'back',
'target',
'set target %s%s' % (target, qs), 'back',
'start',
'exit']
expected = ('SQL injection in ',
'A SQL error was found in the response supplied by ',
'New URL found by web_spider plugin: "%s"' % target_path)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(['No such file or directory',
'Exception'])
self.assertFalse(found_errors)
def test_use_self_contained_profile(self):
"""
Makes sure that we're able to use a self-contained profile and that
it's transparent for the plugin code.
"""
#
# Make the profile self-contained and load it
#
commands_to_run = ['profiles',
'use OWASP_TOP10',
'save_as %s self-contained' % self.get_profile_name(),
'back',
'profiles',
'use %s' % self.get_profile_name(),
'back',
'plugins audit config ssl_certificate',
'view',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
#
# Extract the temp file from the plugin configuration and read it
#
for line in self._mock_stdout.messages:
match = re.search('(/tmp/w3af-.*-sc\.dat)', line)
if not match:
continue
filename = match.group(0)
self.assertIn('Bundle of CA Root Certificates',
file(filename).read())
break
else:
self.assertTrue(False, 'No self contained file found')
def test_two_scans(self):
target_1 = get_moth_http("/audit/sql_injection/where_string_single_qs.py")
qs_1 = "?uname=pablo"
scan_commands_1 = [
"plugins",
"output console,text_file",
"output config text_file",
"set output_file %s" % self.OUTPUT_FILE,
"set http_output_file %s" % self.OUTPUT_HTTP_FILE,
"set verbose True",
"back",
"output config console",
"set verbose False",
"back",
"audit sqli",
"crawl web_spider",
"crawl config web_spider",
"set only_forward True",
"back",
"grep path_disclosure",
"back",
"target",
"set target %s%s" % (target_1, qs_1),
"back",
"start",
]
expected_1 = (
"SQL injection in ",
"A SQL error was found in the response supplied by ",
"Found 1 URLs and 1 different injections points",
"Scan finished",
)
target_2 = get_moth_http("/audit/xss/simple_xss.py")
qs_2 = "?text=1"
scan_commands_2 = [
"plugins",
"output console,text_file",
"output config text_file",
"set output_file %s" % self.OUTPUT_FILE,
"set http_output_file %s" % self.OUTPUT_HTTP_FILE,
"set verbose True",
"back",
"output config console",
"set verbose False",
"back",
"audit xss",
"crawl web_spider",
"crawl config web_spider",
"set only_forward True",
"back",
"grep path_disclosure",
"back",
"plugins output",
"target",
"set target %s%s" % (target_2, qs_2),
"back",
"start",
"exit",
]
expected_2 = ("A Cross Site Scripting vulnerability was found at", "Scan finished")
scan_commands = scan_commands_1 + scan_commands_2
self.console = ConsoleUI(commands=scan_commands, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected_1)
self.assertTrue(assert_result, msg)
assert_result, msg = self.startswith_expected_in_output(expected_2)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(["No such file or directory", "Exception"])
self.assertFalse(found_errors)
def test_set_save_use(self):
"""
This is a unittest for the bug reported by a user where his settings
are not saved to the profile.
https://github.com/andresriancho/w3af/issues/291
Actually, the settings are saved but not properly displayed, but that's
not so important. The important thing is that the user was seeing the
old setting instead of the new.
"""
# We want to get the prompt, not a disclaimer message
startup_cfg = StartUpConfig()
startup_cfg.accepted_disclaimer = True
startup_cfg.save()
# Load an existing profile, modify msf_location and save it as unittest
commands_to_run = ['profiles',
'use OWASP_TOP10',
'back',
'misc-settings',
'set msf_location /tmp/',
'back',
'profiles',
'save_as %s' % self.get_profile_name(),
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('Profile saved.',)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
# The easy way to do this was to simply pass 'python' to Popen
# but now that we want to run the tests in virtualenv, we need to
# find the "correct" / "virtual" python executable using which and
# then pass that one to Popen
python_executable = sys.executable
p = subprocess.Popen([python_executable, 'w3af_console', '-n'],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE,
shell=False,
universal_newlines=True)
# Now we run a new ConsoleUI that will load the saved settings. We
# should see /tmp/ as the value for msf_location
commands_to_run = ['profiles',
'use %s' % self.get_profile_name(),
'back',
'misc-settings',
'view',
'back',
'exit']
expected_output = '/tmp'
stdout, stderr = p.communicate('\r'.join(commands_to_run) + '\r')
msg = 'Failed to find "%s" in "%s" using "%s" as python executable.'
msg = msg % (expected_output, stdout, python_executable)
self.assertIn(expected_output, stdout, msg)
def setUp(self):
self.console_ui = ConsoleUI(do_upd=False)
def test_two_scans(self):
target_1 = get_moth_http('/audit/sql_injection/where_string_single_qs.py')
target_path_1 = get_moth_http('/audit/sql_injection/')
qs_1 = '?uname=pablo'
scan_commands_1 = ['plugins',
'output console,text_file',
'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back',
'output config console',
'set verbose False', 'back',
'audit sqli',
'crawl web_spider',
'crawl config web_spider',
'set only_forward True', 'back',
'grep path_disclosure',
'back',
'target',
'set target %s%s' % (target_1, qs_1), 'back',
'start']
expected_1 = ('SQL injection in ',
'A SQL error was found in the response supplied by ',
'New URL found by web_spider plugin: "%s"' % target_path_1)
target_2 = get_moth_http('/audit/xss/simple_xss.py')
target_path_2 = get_moth_http('/audit/xss/')
qs_2 = '?text=1'
scan_commands_2 = ['plugins',
'output console,text_file',
'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back',
'output config console',
'set verbose False', 'back',
'audit xss',
'crawl web_spider',
'crawl config web_spider',
'set only_forward True', 'back',
'grep path_disclosure',
'back',
'plugins output',
'target',
'set target %s%s' % (target_2, qs_2), 'back',
'start',
'exit']
expected_2 = ('A Cross Site Scripting vulnerability was found at',
'New URL found by web_spider plugin: "%s"' % target_path_2)
scan_commands = scan_commands_1 + scan_commands_2
self.console = ConsoleUI(commands=scan_commands, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected_1)
self.assertTrue(assert_result, msg)
assert_result, msg = self.startswith_expected_in_output(expected_2)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(['No such file or directory',
'Exception'])
self.assertFalse(found_errors)
class TestScanRunConsoleUI(ConsoleTestHelper):
"""
Run scans from the console UI.
"""
def test_SQL_scan(self):
target = get_moth_http('/audit/sql_injection/where_string_single_qs.py')
qs = '?uname=pablo'
commands_to_run = ['plugins',
'output console,text_file',
'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back',
'output config console',
'set verbose False', 'back',
'audit sqli',
'crawl web_spider',
'crawl config web_spider',
'set only_forward True', 'back',
'grep path_disclosure',
'back',
'target',
'set target %s%s' % (target, qs), 'back',
'start',
'exit']
expected = ('SQL injection in ',
'A SQL error was found in the response supplied by ',
'Found 1 URLs and 1 different injections points',
'Scan finished')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(['No such file or directory',
'Exception'])
self.assertFalse(found_errors)
@attr('smoke')
@attr('ci_fails')
def test_two_scans(self):
target_1 = get_moth_http('/audit/sql_injection/where_string_single_qs.py')
qs_1 = '?uname=pablo'
scan_commands_1 = ['plugins',
'output console,text_file',
'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back',
'output config console',
'set verbose False', 'back',
'audit sqli',
'crawl web_spider',
'crawl config web_spider',
'set only_forward True', 'back',
'grep path_disclosure',
'back',
'target',
'set target %s%s' % (target_1, qs_1), 'back',
'start']
expected_1 = ('SQL injection in ',
'A SQL error was found in the response supplied by ',
'Found 1 URLs and 1 different injections points',
'Scan finished')
target_2 = get_moth_http('/audit/xss/simple_xss.py')
qs_2 = '?text=1'
scan_commands_2 = ['plugins',
'output console,text_file',
'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back',
'output config console',
'set verbose False', 'back',
'audit xss',
'crawl web_spider',
'crawl config web_spider',
'set only_forward True', 'back',
'grep path_disclosure',
'back',
'plugins output',
'target',
'set target %s%s' % (target_2, qs_2), 'back',
'start',
'exit']
expected_2 = ('A Cross Site Scripting vulnerability was found at',
'Scan finished')
scan_commands = scan_commands_1 + scan_commands_2
self.console = ConsoleUI(commands=scan_commands, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected_1)
self.assertTrue(assert_result, msg)
assert_result, msg = self.startswith_expected_in_output(expected_2)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(['No such file or directory',
'Exception'])
self.assertFalse(found_errors)
def test_OS_commanding_exploit(self):
target = get_moth_http('/audit/os_commanding/trivial_osc.py')
qs = '?cmd=foobar'
commands_to_run = [
'plugins',
'audit os_commanding',
'output console',
'output config console',
'set verbose true',
'back',
'back',
'target',
'set target %s%s' % (target, qs),
'back',
'start',
'exploit',
'exploit os_commanding',
'interact 0',
'execute ls',
'execute w',
'read /etc/passwd',
'help',
'lsp',
'payload tcp',
'payload list_processes',
'payload list_processes 20',
'exit', # from shell
'exit', # from w3af
]
expected = (# start
'OS Commanding was found at: "%s' % target,
# exploit
'Vulnerability successfully exploited. Generated shell object',
'Please use the interact command to interact with the shell objects.',
# read /etc/passwd
'root:x:0:0:root:/root:/bin/bash',
'www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin',
#lsp
'apache_config_directory',
'kernel_version',
# payload tcp
'| Id ',
# payload list_processes
'Usage: list_processes <max_pid>',
# payload list_processes 20
'| 1')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(['No such file or directory',
'Exception'])
self.assertFalse(found_errors)
class TestConsoleBugReport(ConsoleTestHelper):
"""
Run a scan from the console UI (which fails with a bug) and report it to
a github issue.
"""
def setUp(self):
"""
This is a rather complex setUp since I need to move the failing_spider.py
plugin to the plugin directory in order to be able to run it afterwards.
In the tearDown method, I'll remove the file.
"""
self.src = os.path.join(ROOT_PATH, 'plugins', 'tests', 'crawl',
'failing_spider.py')
self.dst = os.path.join(ROOT_PATH, 'plugins', 'crawl',
'failing_spider.py')
shutil.copy(self.src, self.dst)
super(TestConsoleBugReport, self).setUp()
def tearDown(self):
if os.path.exists(self.dst):
os.remove(self.dst)
# pyc file
if os.path.exists(self.dst + 'c'):
os.remove(self.dst + 'c')
super(TestConsoleBugReport, self).tearDown()
def test_buggy_scan(self):
target = get_moth_http('/grep/csp/')
commands_to_run = [
'plugins', 'output console', 'crawl failing_spider',
'crawl config failing_spider', 'set only_forward true', 'back',
'grep path_disclosure', 'back', 'target',
'set target %s' % (target), 'back', 'start', 'bug-report',
'summary', 'report', 'exit'
]
expected = (
'During the current scan (with id: ',
'An exception was found while running crawl.failing_spider on ',
'New URL found by failing_spider plugin: ',
' [1/1] Bug with id 0 reported at https://github.com/andresriancho/w3af/issues/'
)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
caught_exceptions = self.console._w3af.exception_handler.get_all_exceptions(
)
self.assertEqual(len(caught_exceptions), 1, self._mock_stdout.messages)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(
['No such file or directory', 'Exception'])
self.assertFalse(found_errors)
# Clear the exceptions, we don't need them anymore.
self.console._w3af.exception_handler.clear()
# Close issue from github
issue_id_re = re.compile(
'https://github.com/andresriancho/w3af/issues/(\d*)')
for line in self._mock_stdout.messages:
mo = issue_id_re.search(line)
if mo is not None:
issue_id = mo.group(1)
gh = Github(OAUTH_TOKEN)
repo = gh.get_user('andresriancho').get_repo('w3af')
issue = repo.get_issue(int(issue_id))
issue.edit(state='closed')
break
else:
self.assertTrue(False, 'Did NOT close test ticket.')
class TestConsoleBugReport(ConsoleTestHelper):
"""
Run a scan from the console UI (which fails with a bug) and report it to
a github issue.
"""
def setUp(self):
"""
This is a rather complex setUp since I need to move the failing_spider.py
plugin to the plugin directory in order to be able to run it afterwards.
In the tearDown method, I'll remove the file.
"""
self.src = os.path.join(ROOT_PATH, 'plugins', 'tests', 'crawl',
'failing_spider.py')
self.dst = os.path.join(ROOT_PATH, 'plugins', 'crawl',
'failing_spider.py')
shutil.copy(self.src, self.dst)
super(TestConsoleBugReport, self).setUp()
def tearDown(self):
if os.path.exists(self.dst):
os.remove(self.dst)
# pyc file
if os.path.exists(self.dst + 'c'):
os.remove(self.dst + 'c')
super(TestConsoleBugReport, self).tearDown()
def test_buggy_scan(self):
target = get_moth_http('/grep/csp/')
commands_to_run = ['plugins',
'output console',
'crawl failing_spider',
'crawl config failing_spider',
'set only_forward true',
'back',
'grep path_disclosure',
'back',
'target',
'set target %s' % (target),
'back',
'start',
'bug-report',
'summary',
'report',
'exit']
expected = ('During the current scan (with id: ',
'An exception was found while running crawl.failing_spider on ',
'New URL found by failing_spider plugin: ',
' [1/1] Bug with id 0 reported at https://github.com/andresriancho/w3af/issues/')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
caught_exceptions = self.console._w3af.exception_handler.get_all_exceptions()
self.assertEqual(len(caught_exceptions), 1, self._mock_stdout.messages)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(['No such file or directory',
'Exception'])
self.assertFalse(found_errors)
# Clear the exceptions, we don't need them anymore.
self.console._w3af.exception_handler.clear()
# Close issue from github
issue_id_re = re.compile('https://github.com/andresriancho/w3af/issues/(\d*)')
for line in self._mock_stdout.messages:
mo = issue_id_re.search(line)
if mo is not None:
issue_id = mo.group(1)
gh = Github(OAUTH_TOKEN)
repo = gh.get_user('andresriancho').get_repo('w3af')
issue = repo.get_issue(int(issue_id))
issue.edit(state='closed')
break
else:
self.assertTrue(False, 'Did NOT close test ticket.')
class TestProfilesConsoleUI(ConsoleTestHelper):
"""
Load profiles from the console UI.
"""
def setUp(self):
super(TestProfilesConsoleUI, self).setUp()
self._remove_if_exists('unittest')
def tearDown(self):
super(TestProfilesConsoleUI, self).tearDown()
self._remove_if_exists('unittest')
def _remove_if_exists(self, profile_name):
try:
profile_inst = profile(profile_name)
profile_inst.remove()
except:
pass
def _assert_exists(self, profile_name):
try:
profile(profile_name)
except:
assert False, 'The %s profile does NOT exist!' % profile_name
def test_load_profile_exists(self):
commands_to_run = ['profiles',
'help',
'use OWASP_TOP10',
'exit']
expected = (
'The plugins configured by the scan profile have been enabled',
'Please set the target URL',
' | Use a profile.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_by_filepath(self):
tmp_profile = tempfile.NamedTemporaryFile(suffix='.pw3af')
commands_to_run = ['profiles',
'help',
'use ' + tmp_profile.name,
'exit']
expected = (
'The plugins configured by the scan profile have been enabled',
'Please set the target URL',
' | Use a profile.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_not_exists(self):
commands_to_run = ['profiles',
'help',
'use do_not_exist',
'exit']
expected = ('The profile "do_not_exist.pw3af" wasn\'t found.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_save_as_profile(self):
commands_to_run = ['profiles',
'use OWASP_TOP10',
'save_as unittest',
'exit']
expected = ('Profile saved.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
self._assert_exists('unittest')
def test_set_save_use(self):
"""
This is a unittest for the bug reported by a user where his settings
are not saved to the profile.
https://github.com/andresriancho/w3af/issues/291
Actually, the settings are saved but not properly displayed, but that's
not so important. The important thing is that the user was seeing the
old setting instead of the new.
"""
# We want to get the prompt, not a disclaimer message
startup_cfg = StartUpConfig()
startup_cfg.accepted_disclaimer = True
startup_cfg.save()
# Load an existing profile, modify msf_location and save it as unittest
commands_to_run = ['profiles',
'use OWASP_TOP10',
'back',
'misc-settings',
'set msf_location /tmp/',
'back',
'profiles',
'save_as unittest',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('Profile saved.',)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
# The easy way to do this was to simply pass 'python' to Popen
# but now that we want to run the tests in virtualenv, we need to
# find the "correct" / "virtual" python executable using which and
# then pass that one to Popen
python_executable = sys.executable
p = subprocess.Popen([python_executable, 'w3af_console', '-n'],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE,
shell=False,
universal_newlines=True)
# Now we run a new ConsoleUI that will load the saved settings. We
# should see /tmp/ as the value for msf_location
commands_to_run = ['profiles',
'use unittest',
'back',
'misc-settings',
'view',
'back',
'exit']
expected_output = '/tmp'
stdout, stderr = p.communicate('\r'.join(commands_to_run) + '\r')
msg = 'Failed to find "%s" in "%s" using "%s" as python executable.'
msg = msg % (expected_output, stdout, python_executable)
self.assertIn(expected_output, stdout, msg)
def test_save_as_profile_no_param(self):
commands_to_run = ['profiles',
'use OWASP_TOP10',
'save_as',
'exit']
expected = ('Parameter missing, please see the help',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_save_load_misc_settings(self):
# Save the settings
commands_to_run = ['misc-settings set msf_location /etc/',
'profiles save_as unittest',
'exit']
expected = ('Profile saved.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
self._assert_exists('unittest')
# Clean the mocked stdout
self._mock_stdout.clear()
# Load the settings
commands_to_run = ['profiles',
'use unittest',
'back',
'misc-settings view',
'exit']
expected = ('/etc/',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def setUp(self):
self.console_ui = ConsoleUI(do_upd=False)
class TestSaveConsoleUI(ConsoleTestHelper):
"""
Save test for the console UI.
"""
def test_menu_simple_save(self):
commands_to_run = [
'plugins crawl config dir_file_bruter',
'set file_wordlist /etc/passwd', 'save', 'view', 'back', 'exit'
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = (' /etc/passwd ',
'The configuration has been saved.')
assert_result, msg = self.all_expected_substring_in_output(
expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_save_with_dependencies_error(self):
commands_to_run = [
'plugins audit config rfi', 'set use_w3af_site false',
'set listen_address abc', 'save', 'view', 'back', 'exit'
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = (
'Identified an error with the user-defined settings', )
assert_result, msg = self.startswith_expected_in_output(
expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_save_with_dependencies_success(self):
commands_to_run = [
'plugins audit config rfi', 'set use_w3af_site false',
'set listen_address 127.0.0.1', 'set listen_port 8081', 'save',
'view', 'back', 'exit'
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('127.0.0.1', '8081')
assert_result, msg = self.all_expected_substring_in_output(
expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_simple_save_with_view(self):
"""
Reproduces the issue at https://github.com/andresriancho/w3af/issues/474
where a "view" call overwrites any previously set value with the default
"""
commands_to_run = [
'plugins crawl config dir_file_bruter',
'set file_wordlist /etc/passwd', 'view', 'back',
'plugins crawl config dir_file_bruter', 'view', 'back', 'exit'
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = (' /etc/passwd ',
'The configuration has been saved.')
assert_result, msg = self.all_expected_substring_in_output(
expected_start_with)
self.assertTrue(assert_result, msg)
class TestProfilesConsoleUI(ConsoleTestHelper):
"""
Load profiles from the console UI.
"""
def setUp(self):
super(TestProfilesConsoleUI, self).setUp()
self._remove_if_exists(self.get_profile_name())
def tearDown(self):
super(TestProfilesConsoleUI, self).tearDown()
self._remove_if_exists(self.get_profile_name())
def get_profile_name(self):
profile_name = self.id()
profile_name = profile_name.replace('.', '-')
profile_name = profile_name.replace(':', '-')
profile_name = profile_name.lower()
return profile_name
def _remove_if_exists(self, profile_name):
try:
profile_inst = profile(profile_name)
profile_inst.remove()
except:
pass
def _assert_exists(self, profile_name):
try:
profile(profile_name)
except:
assert False, 'The %s profile does NOT exist!' % profile_name
def _assert_equal(self, profile_name_a, profile_name_b):
p1 = profile(profile_name_a, workdir='.')
p2 = profile(profile_name_b, workdir='.')
assertProfilesEqual(p1.profile_file_name, p2.profile_file_name)
def test_load_profile_exists(self):
commands_to_run = ['profiles',
'help',
'use OWASP_TOP10',
'exit']
expected = (
'The plugins configured by the scan profile have been enabled',
'Please set the target URL',
' | Use a profile.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_by_filepath(self):
tmp_profile = tempfile.NamedTemporaryFile(suffix='.pw3af')
commands_to_run = ['profiles',
'help',
'use ' + tmp_profile.name,
'exit']
expected = (
'The plugins configured by the scan profile have been enabled',
'Please set the target URL',
' | Use a profile.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_not_exists(self):
commands_to_run = ['profiles',
'help',
'use do_not_exist',
'exit']
expected = ('The profile "do_not_exist.pw3af" wasn\'t found.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_save_as_profile(self):
commands_to_run = ['profiles',
'use OWASP_TOP10',
'save_as %s' % self.get_profile_name(),
'exit']
expected = ('Profile saved.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
self._assert_exists(self.get_profile_name())
self._assert_equal(self.get_profile_name(), 'OWASP_TOP10')
def test_save_as_self_contained_profile(self):
commands_to_run = ['profiles',
'use OWASP_TOP10',
'save_as %s self-contained' % self.get_profile_name(),
'exit']
expected = ('Profile saved.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
# The profile is now self contained
p = profile(self.get_profile_name())
self.assertIn('caFileName = base64://',
file(p.profile_file_name).read())
# Before it wasn't
p = profile('OWASP_TOP10')
self.assertIn('caFileName = %ROOT_PATH%',
file(p.profile_file_name).read())
def test_use_self_contained_profile(self):
"""
Makes sure that we're able to use a self-contained profile and that
it's transparent for the plugin code.
"""
#
# Make the profile self-contained and load it
#
commands_to_run = ['profiles',
'use OWASP_TOP10',
'save_as %s self-contained' % self.get_profile_name(),
'back',
'profiles',
'use %s' % self.get_profile_name(),
'back',
'plugins audit config ssl_certificate',
'view',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
#
# Extract the temp file from the plugin configuration and read it
#
for line in self._mock_stdout.messages:
match = re.search('(/tmp/w3af-.*-sc\.dat)', line)
if not match:
continue
filename = match.group(0)
self.assertIn('Bundle of CA Root Certificates',
file(filename).read())
break
else:
self.assertTrue(False, 'No self contained file found')
def test_set_save_use(self):
"""
This is a unittest for the bug reported by a user where his settings
are not saved to the profile.
https://github.com/andresriancho/w3af/issues/291
Actually, the settings are saved but not properly displayed, but that's
not so important. The important thing is that the user was seeing the
old setting instead of the new.
"""
# We want to get the prompt, not a disclaimer message
startup_cfg = StartUpConfig()
startup_cfg.accepted_disclaimer = True
startup_cfg.save()
# Load an existing profile, modify msf_location and save it as unittest
commands_to_run = ['profiles',
'use OWASP_TOP10',
'back',
'misc-settings',
'set msf_location /tmp/',
'back',
'profiles',
'save_as %s' % self.get_profile_name(),
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('Profile saved.',)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
# The easy way to do this was to simply pass 'python' to Popen
# but now that we want to run the tests in virtualenv, we need to
# find the "correct" / "virtual" python executable using which and
# then pass that one to Popen
python_executable = sys.executable
p = subprocess.Popen([python_executable, 'w3af_console', '-n'],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE,
shell=False,
universal_newlines=True)
# Now we run a new ConsoleUI that will load the saved settings. We
# should see /tmp/ as the value for msf_location
commands_to_run = ['profiles',
'use %s' % self.get_profile_name(),
'back',
'misc-settings',
'view',
'back',
'exit']
expected_output = '/tmp'
stdout, stderr = p.communicate('\r'.join(commands_to_run) + '\r')
msg = 'Failed to find "%s" in "%s" using "%s" as python executable.'
msg = msg % (expected_output, stdout, python_executable)
self.assertIn(expected_output, stdout, msg)
def test_save_as_profile_no_param(self):
commands_to_run = ['profiles',
'use OWASP_TOP10',
'save_as',
'exit']
expected = ('Parameter missing, please see the help',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_save_load_misc_settings(self):
# Save the settings
commands_to_run = ['misc-settings set msf_location /etc/',
'profiles save_as %s' % self.get_profile_name(),
'exit']
expected = ('Profile saved.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
self._assert_exists(self.get_profile_name())
# Clean the mocked stdout
self._mock_stdout.clear()
# Load the settings
commands_to_run = ['profiles',
'use %s' % self.get_profile_name(),
'back',
'misc-settings view',
'exit']
expected = ('/etc/',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_buggy_scan(self):
target = get_moth_http('/grep/csp/')
commands_to_run = ['plugins',
'output console',
'crawl failing_spider',
'crawl config failing_spider',
'set only_forward true',
'back',
'grep path_disclosure',
'back',
'target',
'set target %s' % (target),
'back',
'start',
'bug-report',
'summary',
'report',
'exit']
expected = ('During the current scan (with id: ',
'An exception was found while running crawl.failing_spider on ',
'New URL found by failing_spider plugin: ',
' [1/1] Bug with id 0 reported at https://github.com/andresriancho/w3af/issues/')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
caught_exceptions = self.console._w3af.exception_handler.get_all_exceptions()
self.assertEqual(len(caught_exceptions), 1, self._mock_stdout.messages)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(['No such file or directory',
'Exception'])
self.assertFalse(found_errors)
# Clear the exceptions, we don't need them anymore.
self.console._w3af.exception_handler.clear()
# Close issue from github
issue_id_re = re.compile('https://github.com/andresriancho/w3af/issues/(\d*)')
for line in self._mock_stdout.messages:
mo = issue_id_re.search(line)
if mo is not None:
issue_id = mo.group(1)
gh = Github(OAUTH_TOKEN)
repo = gh.get_user('andresriancho').get_repo('w3af')
issue = repo.get_issue(int(issue_id))
issue.edit(state='closed')
break
else:
self.assertTrue(False, 'Did NOT close test ticket.')
class TestBasicConsoleUI(ConsoleTestHelper):
"""
Basic test for the console UI.
"""
def test_menu_browse_misc(self):
commands_to_run = ['misc-settings', 'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:misc-settings>>> ')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_browse_http(self):
commands_to_run = ['http-settings', 'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:http-settings>>> ')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_browse_target(self):
commands_to_run = ['target', 'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:target>>> ')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_plugin_desc(self):
commands_to_run = ['plugins',
'infrastructure desc zone_h',
'back',
'exit']
expected = ('This plugin searches the zone-h.org',
'result. The information stored in',
'previous defacements to the target website.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_set_option_case01(self):
commands_to_run = ['target', 'set target http://moth/', 'save', 'view',
'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:target>>> ',
'The configuration has been saved.\r\n')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
expected_start_with = ('| http://moth/',)
assert_result, msg = self.all_expected_substring_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_set_option_manual_save(self):
commands_to_run = ['target set target http://moth/',
'target view',
'target save',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('| target ',
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_set_option_auto_save(self):
commands_to_run = ['target set target http://moth/',
'target view',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('| target ',
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_set_option_invalid_case01(self):
# Invalid port
commands_to_run = ['target', 'set target http://moth:301801/', 'view',
'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('Invalid URL configured by user,',
# Because nothing was really saved and the
# config is empty, this will succeed
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(expected_start_with)
self.assertTrue(assert_result, msg)