def build_fingerprints(targets, creds, config): fingerprints = list() logger = logging.getLogger('changeme') # Build a set of unique fingerprints for target in targets: for c in creds: if not c['protocol'] == 'http': continue if not config.portoverride and (target.port and not c['default_port'] == target.port): continue fp = c['fingerprint'] for url in fp.get('url'): t = Target(host=target.host, port=target.port, protocol=target.protocol) if c.get('ssl') or config.ssl: t.protocol = 'https' else: t.protocol = 'http' if not t.port: t.port = c['default_port'] t.url = url hfp = HttpFingerprint(t, fp.get('headers', None), fp.get('cookie', None), config) logger.debug('Adding %s to fingerprint list' % hfp.target) fingerprints.append(hfp) return fingerprints
def test_tomcat_match_nmap(mock_args): def tomcat_callback(request): if request.headers.get('Authorization', False): return (200, MockResponses.tomcat_auth['adding_headers'], MockResponses.tomcat_auth['body']) else: return (401, MockResponses.tomcat_fp['adding_headers'], '') responses.add_callback( responses.GET, MockResponses.tomcat_fp['url'], callback=tomcat_callback, ) reset_handlers() try: os.remove(core.PERSISTENT_QUEUE) except OSError: pass args = core.parse_args() core.init_logging(args['args'].verbose, args['args'].debug, args['args'].log) config = core.Config(args['args'], args['parser']) creds = core.load_creds(config) s = ScanEngine(creds, config) s._build_targets() s._add_terminators(s.fingerprints) print(("fp: %i" % s.fingerprints.qsize())) s.fingerprint_targets() # Queue is not serializeable so we can't copy it using deepcopy scanners = list() print(("scanners: %s" % s.scanners.qsize())) t1 = Target(host='127.0.0.1', port=8080, protocol='http', url='/manager/html') t2 = Target(host='127.0.0.1', port=8080, protocol='http', url='/tomcat/manager/html') while s.scanners.qsize() > 0: scanner = s.scanners.get() assert scanner.target == t1 or scanner.target == t2 scanners.append(scanner) # Load the scanners back into the queue for scanner in scanners: s.scanners.put(scanner) assert s.scanners.qsize() == 34 s._add_terminators(s.scanners) responses.reset() responses.add(**MockResponses.tomcat_auth) s._scan(s.scanners, s.found_q) assert s.found_q.qsize() == 17
def test_cidr(): target = '192.168.1.0/24' targets = Target.parse_target(target) assert len(targets) == 254 # TODO explicitly validate the range """
def test_ip_port(): target = '192.168.1.1:8080' targets = Target.parse_target(target) assert len(targets) == 1 t = targets.pop() assert t == Target(host='192.168.1.1', port='8080') assert str(t) == target
def test_ip(): target = '127.0.0.1' targets = Target.parse_target(target) assert len(targets) == 1 t = targets.pop() assert t == Target(host=target) assert str(t) == target
def test_hostname_proto_port(): target = 'http://example.com:80' targets = Target.parse_target(target) assert len(targets) == 1 t = targets.pop() assert t == Target(host='example.com', port='80', protocol='http')
def test_hostname(): target = 'example.com' targets = Target.parse_target(target) assert len(targets) == 1 t = targets.pop() assert t == Target(host='example.com')
def test_proto_ip_port(): target = 'snmp://192.168.1.1:8080' targets = Target.parse_target(target) assert len(targets) == 1 t = targets.pop() assert t == Target(host='192.168.1.1', port=8080, protocol='snmp') assert str(t) == target
def test_nmap(): path = os.path.dirname(os.path.abspath(__file__)) nmap = os.path.join(path, "tomcat_nmap.xml") targets = Target.parse_target(nmap) assert len(targets) == 1 t = targets.pop() path = os.path.dirname(os.path.abspath(__file__)) print("target: %s" % t) assert t == Target(host='127.0.0.1', port='8080')
def build_fingerprints(targets, creds, config): fingerprints = list() logger = logging.getLogger('changeme') # Build a set of unique fingerprints for target in targets: for c in creds: if not c['protocol'] == 'http': continue if not config.portoverride and ( target.port and not c['default_port'] == target.port): continue fp = c['fingerprint'] for url in fp.get('url'): t = Target(host=target.host, port=target.port, protocol=target.protocol) if c.get('ssl') or config.ssl: t.protocol = 'https' else: t.protocol = 'http' if not t.port: t.port = c['default_port'] t.url = url hfp = HttpFingerprint(t, fp.get('headers', None), fp.get('cookie', None), config) logger.debug('Adding %s to fingerprint list' % hfp.target) fingerprints.append(hfp) return fingerprints
def test_targets_file(): target = '/tmp/targets.txt' with open(target, 'w') as fout: fout.write('127.0.0.1\n') fout.write('127.0.0.2:8080\n') targets = Target.parse_target(target) assert len(targets) == 2 for t in targets: if t.host == '127.0.0.1': t1(t) else: t2(t) remove(target)
def test_targets_file(): target = '/tmp/targets.txt' with open(target, 'w') as fout: fout.write('127.0.0.1\n') fout.write('127.0.0.2:8080\n') targets = Target.parse_target(target) assert len(targets) == 2 for t in targets: if t.host == '127.0.0.1': t1(t) else: t2(t) os.remove(target)
def t2(t): assert t == Target(host='127.0.0.2', port=8080)
def t1(t): assert t == Target(host='127.0.0.1')
def test_nmap(): nmap = "tests/tomcat_nmap.xml" targets = Target.parse_target(nmap) assert len(targets) == 1 t = targets.pop() assert t == Target(host='127.0.0.1', port='8080')