def start_scan(self, UserWebsite):
#add set_free server
try:
server = W3af_server.objects.filter(running=0).order_by('-last_scan')[:1]
server = server[0]
except:
server = None
if not server:
self.error = _('No server slot free, please try again later!')
else:
conn = Connection(server.host)
#add auth
scan = Scan(conn)
try:
scan.start(self.scan_profile, [UserWebsite.url])
self.succes = _('Server scan started, please wait a litte time for feedback!')
except:
self.error = _('Sorry, we got a server error, please try again later!')
if self.succes:
scan_object = W3af_scan(Website=UserWebsite)
scan_object.save()
server.last_scan = timezone.now()
server.running = True
server.Scan = scan_object
server.save()
UserWebsite.last_scan = timezone.now()
UserWebsite.save()
def get_server_status(self, server):
try:
conn = Connection(server.host)
#add auth
scan = Scan(conn)
scan.scan_id = conn.get_scans()[0].scan_id
scan.running = conn.get_scans()[0].status
except:
scan = None
return scan
def startScanner(self, scenarioId, applicationName, runningToken, conn,
scannerUrl, targetUrl):
scanProfilePath = os.path.join(parent_dir,
"w3af/profiles/OWASP_TOP10.pw3af")
scanProfile = file(scanProfilePath).read()
targetUrls = [targetUrl]
printLog("Starting scanner for target ", targetUrl)
scan = Scan(conn)
try:
scan.start(scanProfile, targetUrls)
except Exception, e:
printLog("Error while starting scanner for target", targetUrl, ":",
e)
def main():
atexit.register(kill_child)
my_env = os.environ
cmd = my_env["CS_W3AF"] if "CS_W3AF" in my_env else "/root/tools/w3af/w3af_api"
profile = my_env["CS_W3AF_PROFILE"] if "CS_W3AF_PROFILE" in my_env else "/root/tools/w3af/profiles/fast_scan.pw3af"
# Parser argument in command line
parser = argparse.ArgumentParser(description="w3af_client is develop for automating security testing")
parser.add_argument("-t", "--target", help="Network or Host for scan", required=False)
parser.add_argument("-o", "--output", help="Output file", required=False)
args = parser.parse_args()
if args.target == None or args.output == None:
print "Argument errors check -h"
exit(0)
print "Starting w3af api ..."
global child_pid
proc = subprocess.Popen([cmd])
child_pid = proc.pid
print "Waiting for W3af to load, 5 seconds ..."
time.sleep(5)
# Connect to the REST API and get it's version
conn = Connection("http://127.0.0.1:5000/")
print conn.get_version()
# Define the target and configuration
# scan_profile = file('/root/tools/w3af/profiles/fast_scan_xml.pw3af').read()
scan_profile = file(profile).read()
scan_profile = "[output.xml_file]\noutput_file = %s\n%s\n" % (args.output, scan_profile)
# scan_profile = file('/root/tools/w3af/profiles/fast_scan.pw3af').read()
target_urls = [args.target]
scan = Scan(conn)
s = scan.start(scan_profile, target_urls)
time.sleep(2)
# Wait some time for the scan to start and then
scan.get_urls()
scan.get_log()
scan.get_findings()
while scan.get_status()["status"] == "Running":
print "Scan progress: %s" + str(scan.get_status()["rpm"])
time.sleep(2)
def test_exception_list(self):
httpretty.register_uri(httpretty.GET,
self.get_url('/'),
body=INDEX_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/version'),
body=VERSION_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/exceptions/'),
body=EXCEPTION_LIST_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/exceptions/0'),
body=EXCEPTION_DETAIL_0,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/exceptions/1'),
body=EXCEPTION_DETAIL_1,
content_type='application/json')
conn = Connection(self.api_url)
scan = Scan(conn, scan_id=0)
exceptions = scan.get_exceptions()
exception_0 = exceptions[0]
exception_1 = exceptions[1]
self.assertEqual(exception_0.lineno, 112)
self.assertEqual(exception_1.lineno, 331)
self.assertEqual(exception_0.exception, 'ValueError')
self.assertEqual(exception_1.exception, 'IndexError')
# Check that update works
self.assertIsNotNone(exception_0._data)
exception_0._data = None
exception_0.update()
self.assertIsNotNone(exception_0._data)
self.assertEqual(exception_0._data['exception'], 'ValueError')
def test_fuzzable_request_list(self):
httpretty.register_uri(httpretty.GET,
self.get_url('/'),
body=INDEX_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/version'),
body=VERSION_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/fuzzable-requests/'),
body=FR_LIST_RESPONSE,
content_type='application/json')
conn = Connection(self.api_url)
scan = Scan(conn, scan_id=0)
frs = scan.get_fuzzable_requests()
self.assertEqual(frs, EXPECTED_FRS)
def test_fuzzable_request_list(self):
httpretty.register_uri(httpretty.GET,
self.get_url('/'),
body=INDEX_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/version'),
body=VERSION_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/fuzzable-requests/'),
body=FR_LIST_RESPONSE,
content_type='application/json')
conn = Connection(self.api_url)
scan = Scan(conn, scan_id=0)
frs = scan.get_fuzzable_requests()
self.assertEqual(frs, EXPECTED_FRS)
def test_url_list(self):
httpretty.register_uri(httpretty.GET,
self.get_url('/'),
body=INDEX_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/version'),
body=VERSION_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/urls/'),
body=URL_LIST_RESPONSE,
content_type='application/json')
conn = Connection(self.api_url)
scan = Scan(conn, scan_id=0)
urls = scan.get_urls()
self.assertEqual(urls, EXPECTED_URLS)
def test_integration(self):
"""
The main goal of this test is to assert that the latest version of w3af
can be consumed using the latest version of w3af-api-client.
"""
conn = Connection(self.W3AF_API_URL, verbose=False)
print('Created REST API connection')
target_urls = [self.TARGET_URL_FMT % self.get_network_address()]
scan = Scan(conn)
scan.start(FAST_TEST_PROFILE, target_urls)
print('Scan started')
# Wait some time for the scan to finish, these wait methods also assert
# that I'm able to retrieve the scan status
self.wait_until_running(scan)
print('Scan is running')
self.wait_until_finish(scan, wait_loops=300)
print('Scan has finished')
log = scan.get_log()
self.assertIsInstance(log, Log)
log_entry_count = 0
for log_entry in log:
self.assertIsInstance(log_entry, LogEntry)
self.assertIsNotNone(log_entry.message)
log_entry_count += 1
if log_entry_count % 20 == 0:
print('Read 20 log entries')
self.assertGreater(log_entry_count, 100)
findings_list = scan.get_findings()
self.assertGreaterEqual(len(findings_list), 4)
print('Got %s findings' % len(findings_list))
finding = findings_list[0]
self.assertIsInstance(finding, Finding)
self.assertEqual(finding.name, 'SQL injection')
def main():
atexit.register(kill_child)
my_env = os.environ
cmd = my_env[
"CS_W3AF"] if 'CS_W3AF' in my_env else "/root/tools/w3af/w3af_api"
profile = my_env[
"CS_W3AF_PROFILE"] if 'CS_W3AF_PROFILE' in my_env else "/root/tools/w3af/profiles/fast_scan.pw3af"
# Parser argument in command line
parser = argparse.ArgumentParser(
description='w3af_client is develop for automating security testing')
parser.add_argument('-t',
'--target',
help='Network or Host for scan',
required=False)
parser.add_argument('-o', '--output', help='Output file', required=False)
args = parser.parse_args()
if args.target is None or args.output is None:
print "Argument errors check -h"
exit(0)
print 'Starting w3af api ...'
global child_pid
proc = subprocess.Popen([cmd])
child_pid = proc.pid
print 'Waiting for W3af to load, 5 seconds ...'
time.sleep(5)
# Connect to the REST API and get it's version
conn = Connection('http://127.0.0.1:5000/')
print conn.get_version()
# Define the target and configuration
# scan_profile = file('/root/tools/w3af/profiles/fast_scan_xml.pw3af').read()
scan_profile = file(profile).read()
scan_profile = "[output.xml_file]\noutput_file = %s\n%s\n" % (args.output,
scan_profile)
# scan_profile = file('/root/tools/w3af/profiles/fast_scan.pw3af').read()
target_urls = [args.target]
scan = Scan(conn)
s = scan.start(scan_profile, target_urls)
time.sleep(2)
# Wait some time for the scan to start and then
scan.get_urls()
scan.get_log()
scan.get_findings()
while (scan.get_status()['status'] == "Running"):
print 'Scan progress: %s' + str(scan.get_status()['rpm'])
time.sleep(2)
def test_log_access(self):
#
# Mock all HTTP responses
#
responses.add(responses.GET,
self.get_url('/'),
body=INDEX_RESPONSE,
content_type='application/json')
responses.add(responses.GET,
self.get_url('/version'),
body=VERSION_RESPONSE,
content_type='application/json')
responses.add(responses.POST,
self.get_url('/scans/'),
body=SCAN_START_RESPONSE,
content_type='application/json',
status=201)
responses.add(responses.GET,
self.get_url('/scans/0/log'),
body=LOG_RESPONSE,
content_type='application/json',
status=200)
responses.add(responses.GET,
self.get_url('/scans/0/log'),
body=EMPTY_LOG_RESPONSE,
content_type='application/json',
status=200)
responses.add(responses.GET,
self.get_url('/scans/0/log'),
body=LOG_RESPONSE,
content_type='application/json',
status=200)
responses.add(responses.GET,
self.get_url('/scans/0/log'),
body=EMPTY_LOG_RESPONSE,
content_type='application/json',
status=200)
conn = Connection(self.api_url)
#conn.set_verbose(True)
self.assertTrue(conn.can_access_api())
#
# Start a scan and assert
#
scan = Scan(conn)
self.assertIsNone(scan.scan_id)
scan.start('mock_profile', [TARGET_URL])
#
# Get the log
#
log = scan.get_log()
self.assertIsInstance(log, Log)
expected_log_entries = [
LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0),
LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1)
]
received_log_entries = []
for log_entry in log:
self.assertIsInstance(log_entry, LogEntry)
received_log_entries.append(log_entry)
self.assertEqual(received_log_entries, expected_log_entries)
#
# Get the log using the ids
#
log = scan.get_log()
self.assertIsInstance(log, Log)
expected_log_entries = [
LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0),
LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1)
]
received_log_entries = []
for log_entry in log.get_by_start_id(0):
self.assertIsInstance(log_entry, LogEntry)
received_log_entries.append(log_entry)
self.assertEqual(received_log_entries, expected_log_entries)
from w3af_api_client import Connection, Scan
connection = Connection('http://127.0.0.1:5000/')
print connection.get_version()
profile = file('w3af/profiles/OWASP_TOP10.pw3af').read()
target = ['http://localhost']
scan = Scan(connection)
scan.start(profile, target)
scan.get_urls()
scan.get_log()
scan.get_findings()
scan.get_fuzzable_requests()
def test_simple_scan(self):
#
# Mock all HTTP responses
#
httpretty.register_uri(httpretty.GET,
self.get_url('/'),
body=INDEX_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/version'),
body=VERSION_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.POST,
self.get_url('/scans/'),
body=SCAN_START_RESPONSE,
content_type='application/json',
status=201)
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/status'),
body=SCAN_STATUS_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/1/status'),
body=NOT_FOUND,
content_type='application/json',
status=404)
httpretty.register_uri(
httpretty.GET,
self.get_url('/scans/0/log'),
responses=[
#
# Responses for ?page pagination
#
httpretty.Response(body=LOG_RESPONSE,
content_type='application/json',
status=200),
httpretty.Response(body=EMPTY_LOG_RESPONSE,
content_type='application/json',
status=200),
#
# Responses for ?id=0 pagination
#
httpretty.Response(body=LOG_RESPONSE,
content_type='application/json',
status=200),
httpretty.Response(body=EMPTY_LOG_RESPONSE,
content_type='application/json',
status=200),
])
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/kb/'),
body=FINDINGS_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/kb/0'),
body=FINDINGS_DETAIL_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/traffic/45'),
body=TRAFFIC_DETAIL_RESPONSE_45,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/traffic/46'),
body=TRAFFIC_DETAIL_RESPONSE_46,
content_type='application/json')
conn = Connection(self.api_url)
#conn.set_verbose(True)
self.assertTrue(conn.can_access_api())
#
# Start a scan and assert
#
scan = Scan(conn)
self.assertIsNone(scan.scan_id)
scan.start('mock_profile', [TARGET_URL])
self.assertJSONEquals(httpretty.last_request(), SCAN_START_REQUEST)
self.assertEqual(scan.scan_id, 0)
#
# Get scan status
#
json_data = scan.get_status()
self.assertEqual(json_data['is_running'], True)
self.assertEqual(json_data['is_paused'], False)
self.assertEqual(json_data['exception'], None)
#
# Test the error handling
#
scan.scan_id = 1
self.assertRaises(APIException, scan.get_status)
scan.scan_id = 0
#
# Get the log
#
log = scan.get_log()
self.assertIsInstance(log, Log)
expected_log_entries = [
LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0),
LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1)
]
received_log_entries = []
for log_entry in log:
self.assertIsInstance(log_entry, LogEntry)
received_log_entries.append(log_entry)
self.assertEqual(received_log_entries, expected_log_entries)
#
# Get the log using the ids
#
log = scan.get_log()
self.assertIsInstance(log, Log)
expected_log_entries = [
LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0),
LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1)
]
received_log_entries = []
for log_entry in log.get_by_start_id(0):
self.assertIsInstance(log_entry, LogEntry)
received_log_entries.append(log_entry)
self.assertEqual(received_log_entries, expected_log_entries)
#
# Get the vulnerabilities
#
findings = scan.get_findings()
self.assertIsInstance(findings, list)
self.assertEqual(len(findings), 1)
finding = findings[0]
self.assertEqual(finding.name, 'SQL injection')
self.assertIsInstance(finding, Finding)
all_traffic = finding.get_traffic()
self.assertIsInstance(all_traffic, list)
self.assertEqual(len(all_traffic), 2)
traffic = all_traffic[0]
self.assertIn('GET ', traffic.get_request())
self.assertIn('<html>', traffic.get_response())
def test_simple_scan(self):
#
# Mock all HTTP responses
#
httpretty.register_uri(httpretty.GET,
self.get_url('/'),
body=INDEX_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/version'),
body=VERSION_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.POST,
self.get_url('/scans/'),
body=SCAN_START_RESPONSE,
content_type='application/json',
status=201)
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/status'),
body=SCAN_STATUS_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/1/status'),
body=NOT_FOUND,
content_type='application/json',
status=404)
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/log'),
responses=[
httpretty.Response(body=LOG_RESPONSE,
content_type='application/json',
status=200),
httpretty.Response(body=EMPTY_LOG_RESPONSE,
content_type='application/json',
status=200),
])
httpretty.register_uri(httpretty.GET,
self.get_url('/kb/'),
body=FINDINGS_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/kb/0'),
body=FINDINGS_DETAIL_RESPONSE,
content_type='application/json')
conn = Connection(self.api_url)
#conn.set_verbose(True)
self.assertTrue(conn.can_access_api())
#
# Start a scan and assert
#
scan = Scan(conn)
self.assertIsNone(scan.scan_id)
scan.start('mock_profile', [TARGET_URL])
self.assertJSONEquals(httpretty.last_request(), SCAN_START_REQUEST)
self.assertEqual(scan.scan_id, 0)
#
# Get scan status
#
json_data = scan.get_status()
self.assertEqual(json_data['is_running'], True)
self.assertEqual(json_data['is_paused'], False)
self.assertEqual(json_data['exception'], None)
#
# Test the error handling
#
scan.scan_id = 1
self.assertRaises(APIException, scan.get_status)
scan.scan_id = 0
#
# Get the log
#
log = scan.get_log()
self.assertIsInstance(log, Log)
expected_log_entries = [LogEntry('debug', 'one',
'23-Jun-2015 16:21', None),
LogEntry('vulnerability', 'two',
'23-Jun-2015 16:22', 'High')]
received_log_entries = []
for log_entry in log:
self.assertIsInstance(log_entry, LogEntry)
received_log_entries.append(log_entry)
self.assertEqual(received_log_entries, expected_log_entries)
#
# Get the vulnerabilities
#
findings = scan.get_findings()
self.assertIsInstance(findings, list)
self.assertEqual(len(findings), 1)
finding = findings[0]
self.assertEqual(finding.name, 'SQL injection')
self.assertIsInstance(finding, Finding)
def test_log_access(self):
#
# Mock all HTTP responses
#
httpretty.register_uri(httpretty.GET,
self.get_url('/'),
body=INDEX_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/version'),
body=VERSION_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.POST,
self.get_url('/scans/'),
body=SCAN_START_RESPONSE,
content_type='application/json',
status=201)
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/log'),
responses=[
#
# Responses for ?page pagination
#
httpretty.Response(body=LOG_RESPONSE,
content_type='application/json',
status=200),
httpretty.Response(body=EMPTY_LOG_RESPONSE,
content_type='application/json',
status=200),
#
# Responses for ?id=0 pagination
#
httpretty.Response(body=LOG_RESPONSE,
content_type='application/json',
status=200),
httpretty.Response(body=EMPTY_LOG_RESPONSE,
content_type='application/json',
status=200),
])
conn = Connection(self.api_url)
#conn.set_verbose(True)
self.assertTrue(conn.can_access_api())
#
# Start a scan and assert
#
scan = Scan(conn)
self.assertIsNone(scan.scan_id)
scan.start('mock_profile', [TARGET_URL])
#
# Get the log
#
log = scan.get_log()
self.assertIsInstance(log, Log)
expected_log_entries = [LogEntry('debug', 'one',
'23-Jun-2015 16:21', None, 0),
LogEntry('vulnerability', 'two',
'23-Jun-2015 16:22', 'High', 1)]
received_log_entries = []
for log_entry in log:
self.assertIsInstance(log_entry, LogEntry)
received_log_entries.append(log_entry)
self.assertEqual(received_log_entries, expected_log_entries)
#
# Get the log using the ids
#
log = scan.get_log()
self.assertIsInstance(log, Log)
expected_log_entries = [LogEntry('debug', 'one',
'23-Jun-2015 16:21', None, 0),
LogEntry('vulnerability', 'two',
'23-Jun-2015 16:22', 'High', 1)]
received_log_entries = []
for log_entry in log.get_by_start_id(0):
self.assertIsInstance(log_entry, LogEntry)
received_log_entries.append(log_entry)
self.assertEqual(received_log_entries, expected_log_entries)
