Example #1
0
def test_tomcat_match_nmap(mock_args):
    responses.add(**MockResponses.tomcat_fp)

    reset_handlers()
    args = core.parse_args()
    core.init_logging(args['args'].verbose, args['args'].debug,
                      args['args'].log)
    config = core.Config(args['args'], args['parser'])
    creds = core.load_creds(config)
    s = ScanEngine(creds, config)
    s._build_targets()
    s.fingerprint_targets(s.fingerprints, s.scanners)

    # Queue is not serializeable so we can't copy it using deepcopy
    scanners = list()
    while not s.scanners.empty():
        scanner = s.scanners.get()
        assert scanner.url == 'http://127.0.0.1:8080/manager/html' or scanner.url == 'http://127.0.0.1:8080/tomcat/manager/html'
        scanners.append(scanner)

    assert len(scanners) == 34

    for scanner in scanners:
        s.scanners.put(scanner)

    responses.reset()
    responses.add(**MockResponses.tomcat_auth)
    s._scan(s.scanners, s.found_q)
    assert s.found_q.qsize() == 17
Example #2
0
def test_jboss_scan_fail(mock_args):
    responses.add(**MockResponses.jboss_fp)
    responses.add(**MockResponses.jboss_auth_fail)

    reset_handlers()
    args = core.parse_args()
    core.init_logging(args['args'].verbose, args['args'].debug, args['args'].log)
    config = core.Config(args['args'], args['parser'])
    creds = core.load_creds(config)
    se = ScanEngine(creds, config)
    se._build_targets()
    se.fingerprint_targets()
    print(se.scanners.qsize())
    scanners = list()
    while se.scanners.qsize() > 0:
        s = se.scanners.get()
        print(s.cred['name'])
        print(s.target)
        print(s.username)
        print(s.password)
        scanners.append(s)

    print("num scanners: %i" % len(scanners))
    assert len(scanners) == 2

    # put scanners back in queue
    for s in scanners:
        se.scanners.put(s)

    se._scan(se.scanners, se.found_q)
    assert se.found_q.qsize() == 0
Example #3
0
def test_jboss_scan_fail(mock_args):
    responses.add(**MockResponses.jboss_fp)
    responses.add(**MockResponses.jboss_auth_fail)

    reset_handlers()
    args = core.parse_args()
    core.init_logging(args['args'].verbose, args['args'].debug, args['args'].log)
    config = core.Config(args['args'], args['parser'])
    creds = core.load_creds(config)
    se = ScanEngine(creds, config)
    se._build_targets()
    se._add_terminators(se.fingerprints)
    se.fingerprint_targets()
    print(se.scanners.qsize())
    scanners = list()
    while se.scanners.qsize() > 0:
        s = se.scanners.get()
        print(s.cred['name'])
        print(s.target)
        print(s.username)
        print(s.password)
        scanners.append(s)

    print("num scanners: %i" % len(scanners))
    assert len(scanners) == 2

    # put scanners back in queue
    for s in scanners:
        se.scanners.put(s)

    se._add_terminators(se.scanners)
    se._scan(se.scanners, se.found_q)
    assert se.found_q.qsize() == 0
Example #4
0
def test_tomcat_match_nmap(mock_args):
    def tomcat_callback(request):
        if request.headers.get('Authorization', False):
            return (200, MockResponses.tomcat_auth['adding_headers'],
                    MockResponses.tomcat_auth['body'])
        else:
            return (401, MockResponses.tomcat_fp['adding_headers'], '')

    responses.add_callback(
        responses.GET,
        MockResponses.tomcat_fp['url'],
        callback=tomcat_callback,
    )

    reset_handlers()
    try:
        os.remove(core.PERSISTENT_QUEUE)
    except OSError:
        pass

    args = core.parse_args()
    core.init_logging(args['args'].verbose, args['args'].debug,
                      args['args'].log)
    config = core.Config(args['args'], args['parser'])
    creds = core.load_creds(config)
    s = ScanEngine(creds, config)
    s._build_targets()
    s._add_terminators(s.fingerprints)

    print(("fp: %i" % s.fingerprints.qsize()))
    s.fingerprint_targets()

    # Queue is not serializeable so we can't copy it using deepcopy
    scanners = list()
    print(("scanners: %s" % s.scanners.qsize()))

    t1 = Target(host='127.0.0.1',
                port=8080,
                protocol='http',
                url='/manager/html')
    t2 = Target(host='127.0.0.1',
                port=8080,
                protocol='http',
                url='/tomcat/manager/html')
    while s.scanners.qsize() > 0:
        scanner = s.scanners.get()
        assert scanner.target == t1 or scanner.target == t2
        scanners.append(scanner)

    # Load the scanners back into the queue
    for scanner in scanners:
        s.scanners.put(scanner)
    assert s.scanners.qsize() == 34
    s._add_terminators(s.scanners)

    responses.reset()
    responses.add(**MockResponses.tomcat_auth)
    s._scan(s.scanners, s.found_q)
    assert s.found_q.qsize() == 17
Example #5
0
def test_tomcat_match_nmap(mock_args):
    def tomcat_callback(request):
        if request.headers.get('Authorization', False):
            return (200, MockResponses.tomcat_auth['adding_headers'], MockResponses.tomcat_auth['body'])
        else:
            return (401, MockResponses.tomcat_fp['adding_headers'], '')

    responses.add_callback(
        responses.GET,
        MockResponses.tomcat_fp['url'],
        callback=tomcat_callback,
    )

    reset_handlers()
    try:
        os.remove(core.PERSISTENT_QUEUE)
    except OSError:
        pass

    args = core.parse_args()
    core.init_logging(args['args'].verbose, args['args'].debug, args['args'].log)
    config = core.Config(args['args'], args['parser'])
    creds = core.load_creds(config)
    s = ScanEngine(creds, config)
    s._build_targets()
    s._add_terminators(s.fingerprints)

    print(("fp: %i" % s.fingerprints.qsize()))
    s.fingerprint_targets()

    # Queue is not serializeable so we can't copy it using deepcopy
    scanners = list()
    print(("scanners: %s" % s.scanners.qsize()))

    t1 = Target(host='127.0.0.1', port=8080, protocol='http', url='/manager/html')
    t2 = Target(host='127.0.0.1', port=8080, protocol='http', url='/tomcat/manager/html')
    while s.scanners.qsize() > 0:
        scanner = s.scanners.get()
        assert scanner.target == t1 or scanner.target == t2
        scanners.append(scanner)

    # Load the scanners back into the queue
    for scanner in scanners:
        s.scanners.put(scanner)
    assert s.scanners.qsize() == 34
    s._add_terminators(s.scanners)

    responses.reset()
    responses.add(**MockResponses.tomcat_auth)
    s._scan(s.scanners, s.found_q)
    assert s.found_q.qsize() == 17
Example #6
0
def test_jboss_scan_fail(mock_args):
    responses.add(**MockResponses.jboss_fp)
    responses.add(**MockResponses.jboss_auth_fail)

    reset_handlers()
    args = core.parse_args()
    core.init_logging(args['args'].verbose, args['args'].debug, args['args'].log)
    config = core.Config(args['args'], args['parser'])
    creds = core.load_creds(config)
    se = ScanEngine(creds, config)
    se._build_targets()
    se.fingerprint_targets(se.fingerprints, se.scanners)
    print(se.scanners.qsize())
    assert se.scanners.qsize() == 2

    se._scan(se.scanners, se.found_q)
    assert se.found_q.qsize() == 0