def test_diff_two_last_scans(self, serializer): exploit = Exploit(exploit_id=1) self.port_info._current_exploits = [self.exploit] scan_2 = Scan() scans = [self.context.scanner.scan, scan_2] self.port_info.storage.get_scans_by_security_scan.return_value = scans vuln_added = Vulnerability(port=self.port, exploit=exploit, subid=3, output='a') vuln_removed = Vulnerability(port=self.port, exploit=exploit, subid=1, output='b') vuln_changed_1 = Vulnerability(port=self.port, exploit=exploit, subid=2, output='c') vuln_changed_2 = Vulnerability(port=self.port, exploit=exploit, subid=2, output='d') vuln_common = Vulnerability(port=self.port, exploit=exploit, subid=5, output='e') self.port_info.storage.get_vulnerabilities.side_effect = ([ vuln_added, vuln_changed_1, vuln_common ], [vuln_removed, vuln_changed_2, vuln_common]) expected = [ VulnerabilityChange(change_time=12, previous_finding=None, current_finding=vuln_added), VulnerabilityChange(change_time=12, previous_finding=vuln_removed, current_finding=None), VulnerabilityChange(change_time=12, previous_finding=vuln_changed_2, current_finding=vuln_changed_1), ] self.port_info.diff_with_last_scan() self.port_info.storage.get_vulnerabilities.assert_has_calls( (call(port=self.port, exploit=self.exploit, scan=self.context.scanner.scan), call(port=self.port, exploit=self.exploit, scan=scan_2)), any_order=True) self.assertCountEqual( self.port_info.storage.save_changes.call_args[0][0], expected) serializer.assert_has_calls((call(vuln) for vuln in expected))
def get_vulnerabilities(self, results): """ CVE-Search could be run multiple times during one scan by different scripts, so duplicated vulnerabilities should be filtered out. Filtering is executed against vulnerabilities already stored in storage """ current_scan_vulns = self.storage.get_vulnerabilities( port=self._port, scan=self.scan, exploit=self.exploit) next_subid = max([-1, *[vuln.subid for vuln in current_scan_vulns]]) + 1 cves = [vuln.cve for vuln in current_scan_vulns] return_value = [] for result in results: # Omit vulnerability with the same CVE found in current scan if result.cwe in cves: log.debug('%s:(%s) vulnerability already discovered for %s', self.exploit, result.cve, self._port) continue return_value.append( Vulnerability(exploit=self.exploit, port=self._port, output=result.summary, scan=self.scan, context=self.context, cve=result.cve, cvss=result.cvss, subid=next_subid)) next_subid += 1 return return_value
def _get_vulnerabilities(self, results): """ Proceed results of command execution and returns list of vulnerabilities Args: results: Returns: list """ tmp_scripts = results.findall('host/ports/port/script') or [] tmp_scripts.extend(results.findall('prescript/script') or []) tmp_scripts.extend(results.findall('host/hostscript/script') or []) vulnerabilities = [] for script in tmp_scripts: found_handler = self.scripts.get(script.get('id')) if found_handler is None: continue log.debug('Parsing output from script %s', script.get('id')) result = found_handler.get_result(script) if result is None: continue vulnerabilities.append( Vulnerability(exploit=found_handler.exploit, port=self._port, output=result, context=self.context, scan=self.scan)) return vulnerabilities
def test_init_with_params(self): vulnerability = Vulnerability(exploit=self.exploit, cve='CVE-XXXX-XXXX', cvss=6.7) self.assertEqual(vulnerability.cve, 'CVE-XXXX-XXXX') self.assertEqual(vulnerability.cvss, 6.7)
def _get_vulnerabilities(self, results): return [ Vulnerability(exploit=self.exploit, scan=self.scan, port=self._port, output=results, context=self.context) ]
def _get_vulnerabilities(self, results): return_value = [] for result in results: return_value.append( Vulnerability(exploit=result.exploit, port=self._port, output=result.output, context=self.context, scan=self.scan)) return return_value
def test_vulnerability_serializer_port_only(self): scan = Scan(start=datetime.datetime(2016, 8, 16, 15, 23, 10, 183095, tzinfo=utc).timestamp(), scanner='scanner') result = self.serializer.serialize_vulnerability(Vulnerability(port=self.port, scan=scan))._data expected = bytearray(b'\xe7\xfb\xf2\x93V\x01\x00\x00\x16\x00\x00\x64\xff\x9b\x00\x00\x00\x00\x00\x00\x00\x00' b'\x7f\x00\x00\x01\x01\x00\x00\x00\x03\x00ssh\x00\x00\x00\x00\x06\xe7\xfb\xf2\x93V\x01' b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0`\xd5!\x03\x00\x00\x00\x15\x00' b'test_name_and_version\x05\x00OTHER\x07\x00scanner\x00\x00\x00\x00\x00\x00\x00\x00' b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') self.assertEqual(result, expected)
async def execute(self, *args, **kwargs): exploit = self.aucote.exploits.find('aucote-active-directory', 'aucote-active-directory') nodes = "\n".join(" - {0}".format(node.ip) for node in self.nodes) output = "Active Directory Controllers from {0} for {1}:\n{2}".format( self.port.node.ip, self.domain, nodes) vuln = Vulnerability(port=self.port, output=output, exploit=exploit, context=self.context, scan=self.scan) self.store_vulnerability(vuln)
def test_get_vulnerabilities_duplicated(self): results = CVESearchVulnerabilityResults() result_1 = CVESearchVulnerabilityResult(cwe='CVE-2016-435') result_1.summary = 'test_vuln' results.vulnerabilities = (result_1, ) vuln_1 = Vulnerability(cve='CVE-2016-435', output='test_vuln') self.aucote.storage.get_vulnerabilities.return_value = (vuln_1, ) result = self.task.get_vulnerabilities(results=results) self.assertEqual(result, [])
def test_diff_two_last_scans_first_scan(self, serializer): exploit = Exploit(exploit_id=1) self.port_info._current_exploits = [self.exploit] scans = [self.context.scanner.scan] self.port_info.storage.get_scans_by_security_scan.return_value = scans vuln_added = Vulnerability(port=self.port, exploit=exploit, subid=3, output='a') vuln_changed_1 = Vulnerability(port=self.port, exploit=exploit, subid=2, output='c') self.port_info.storage.get_vulnerabilities.return_value = [ vuln_added, vuln_changed_1 ] expected = [ VulnerabilityChange(change_time=12, previous_finding=None, current_finding=vuln_added), VulnerabilityChange(change_time=12, previous_finding=None, current_finding=vuln_changed_1) ] self.port_info.diff_with_last_scan() self.port_info.storage.get_vulnerabilities.assert_has_calls( (call(port=self.port, exploit=self.exploit, scan=self.context.scanner.scan), )) self.assertCountEqual( self.port_info.storage.save_changes.call_args[0][0], expected) serializer.assert_has_calls((call(vuln) for vuln in expected), any_order=True)
async def execute(self, *args, **kwargs): data = None try: result = await self.context.aucote.tftp_server.async_get_file( str(self._port.node.ip), self.callback, self.filename) try: with open(result, 'r') as f: lines = f.readlines() data = lines[:10] data.extend([ line for line in lines if line.startswith('hostname') ]) finally: try: os.unlink(result) except Exception: # pylint: disable=broad-exception log.warning('Cannot remove file %s', self.filename) if data: output = "".join(data) vulnerability = Vulnerability(exploit=self.exploit, port=self._port, output=output, scan=self.scan, context=self.context) self.store_vulnerability(vuln=vulnerability) except TFTPError as exception: log.warning('Exception during executing %s: %s', self, str(exception)) finally: self._port.scan.end = int(time.time()) self.store_scan_end(exploits=self.current_exploits, port=self._port)
def test_serialize_vulnchange(self, output): output.return_value = 'test_output' scan_1 = Scan(start=1178603, end=17, protocol=TransportProtocol.UDP, scanner='test_name') scan_2 = Scan(start=187213, end=17, protocol=TransportProtocol.UDP, scanner='test_name') node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1) port = Port(node, transport_protocol=TransportProtocol.TCP, number=88) exploit = Exploit(name="exploit_name", app="exploit_app", exploit_id=18) previous_finding = Vulnerability(output="test_output_1", exploit=exploit, port=port, subid=13, vuln_time=13456) previous_finding.scan = scan_1 previous_finding.row_id = 124 current_finding = Vulnerability(output="test_output_2", exploit=exploit, port=port, subid=13, vuln_time=6456345) current_finding.row_id = 15 current_finding.scan = scan_2 change = VulnerabilityChange(current_finding=current_finding, change_time=124445, previous_finding=previous_finding) expected = bytearray(b'\x00\x64\xff\x9b\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01X\x00\x06\x12\x00' b'\x00\x00\r\x00\x00\x00H\xe1j\x07\x00\x00\x00\x00\x01\x00\x00\x00\x00\x80R\xcd\x00\x00' b'\x00\x00\x00\xa8\x01\xd4\x80\x01\x00\x00\x00\r\x00test_output_1\r\x00test_output_2\x15' b'\x00Vulnerability changed') result = self.serializer.serialize_vulnerability_change(change)._data self.assertEqual(result, expected)
def setUp(self): self.serializer = Serializer() self.vuln = Vulnerability(subid=15) node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1) node.os = MagicMock() node.os.name_with_version = 'test_name_and_version' self.context = ScanContext(aucote=None, scanner=TCPScanner(MagicMock(), MagicMock(), MagicMock(), MagicMock())) self.vuln.context = self.context self.port = Port(node=node, number=22, transport_protocol=TransportProtocol.TCP) self.port.protocol = 'ssh' self.port.scan = Scan() self.port.scan.start = datetime.datetime(2016, 8, 16, 15, 23, 10, 183095, tzinfo=utc).timestamp() self.vuln.port = self.port self.vuln.output = 'Test' self.vuln.scan = Scan(start=datetime.datetime(2016, 8, 16, 15, 23, 10, 183095, tzinfo=utc).timestamp(), scanner='tcp') self.exploit = Exploit(exploit_id=1) self.exploit.app = 'test_app' self.exploit.name = 'test_name' self.exploit.title = 'test_title' self.exploit.description = 'test_description' self.exploit.risk_level = RiskLevel.from_name('High') self.exploit.cve = 'CVE-2018-0001' self.exploit.cvss = 9.8 self.exploit.metric = ExploitMetric.VNC_INFO self.exploit.category = ExploitCategory.VULN self.exploit.tags = {ExploitTag.HTTP, ExploitTag.SSL, ExploitTag.HTTPS} self.vuln.exploit = self.exploit self.vuln.time = datetime.datetime(2016, 8, 16, 15, 23, 10, 183095, tzinfo=utc).timestamp()
def setUp(self): self.maxDiff = None self.storage = Storage(conn_string=getenv('AUCOTE_TEST_POSTGRES')) self.scan = Scan(start=1, end=17, protocol=TransportProtocol.UDP, scanner='test_name') self.scan_1 = Scan(rowid=56, protocol=TransportProtocol.UDP, scanner='test_name', start=13, end=19) self.scan_2 = Scan(rowid=79, protocol=TransportProtocol.UDP, scanner='test_name', start=2, end=18) self.scan_3 = Scan(rowid=80, protocol=TransportProtocol.UDP, scanner='test_name_2', start=20, end=45) self.scan_4 = Scan(rowid=78, protocol=TransportProtocol.TCP, scanner='portdetection', start=1, end=2) self.node_1 = Node(node_id=1, ip=ipaddress.ip_address('127.0.0.1')) self.node_1.name = 'test_node_1' self.node_1.scan = Scan(start=15) self.node_2 = Node(node_id=2, ip=ipaddress.ip_address('127.0.0.2')) self.node_2.name = 'test_node_2' self.node_2.scan = Scan(start=56) self.node_3 = Node(node_id=3, ip=ipaddress.ip_address('127.0.0.3')) self.node_3.name = 'test_node_3' self.node_3.scan = Scan(start=98) self.node_4 = Node(node_id=4, ip=ipaddress.ip_address('127.0.0.4')) self.node_4.name = 'test_node_4' self.node_4.scan = Scan(start=3) self.node_scan_1 = NodeScan(node=self.node_1, rowid=13, scan=self.scan_1, timestamp=15) self.node_scan_2 = NodeScan(node=self.node_2, rowid=15, scan=self.scan_1, timestamp=56) self.node_scan_3 = NodeScan(node=self.node_3, rowid=16, scan=self.scan_1, timestamp=98) self.node_scan_3 = NodeScan(node=self.node_3, rowid=17, scan=self.scan_2, timestamp=90) self.port_1 = Port(node=self.node_1, number=45, transport_protocol=TransportProtocol.UDP) self.port_1.scan = self.scan_1 self.port_scan_1 = PortScan(port=self.port_1, scan=self.scan_1, timestamp=176, rowid=124) self.port_2 = Port(node=self.node_2, transport_protocol=TransportProtocol.UDP, number=65) self.port_2.scan = Scan(start=3, end=45) self.port_scan_2 = PortScan(port=self.port_2, scan=self.scan_1, timestamp=987, rowid=15) self.port_3 = Port(node=self.node_3, transport_protocol=TransportProtocol.ICMP, number=99) self.port_3.scan = Scan(start=43, end=180) self.port_scan_3 = PortScan(port=self.port_3, scan=self.scan_1, timestamp=619, rowid=13) self.port_4 = Port(node=self.node_1, number=80, transport_protocol=TransportProtocol.UDP) self.port_4.scan = self.scan_1 self.port_scan_4 = PortScan(port=self.port_4, scan=self.scan_1, timestamp=650, rowid=480) self.port_5 = Port(node=self.node_4, number=22, transport_protocol=TransportProtocol.TCP) self.port_5.scan = self.scan_4 self.exploit_1 = Exploit(exploit_id=14, name='test_name', app='test_app') self.exploit_2 = Exploit(exploit_id=2, name='test_name_2', app='test_app_2') self.exploit_3 = Exploit(exploit_id=56, name='test_name_2', app='test_app') self.exploit_4 = Exploit(exploit_id=0, name='portdetection', app='portdetection') self.security_scan_1 = SecurityScan(exploit=self.exploit_1, port=self.port_1, scan=self.scan_1, scan_start=178, scan_end=851) self.security_scan_2 = SecurityScan(exploit=self.exploit_2, port=self.port_1, scan=self.scan_1, scan_start=109, scan_end=775) self.security_scan_3 = SecurityScan(exploit=self.exploit_3, port=self.port_1, scan=self.scan_2, scan_start=113, scan_end=353) self.security_scan_4 = SecurityScan(exploit=self.exploit_1, port=self.port_1, scan=self.scan_3, scan_start=180, scan_end=222) self.security_scan_5 = SecurityScan(exploit=self.exploit_1, port=self.port_1, scan=self.scan_2, scan_start=14, scan_end=156) self.security_scan_6 = SecurityScan(exploit=self.exploit_2, port=self.port_1, scan=self.scan_2, scan_start=56, scan_end=780) self.security_scan_7 = SecurityScan(exploit=self.exploit_4, port=self.port_5, scan=self.scan_4, scan_start=14, scan_end=890) self.vuln_change_1 = PortDetectionChange( change_time=124445, current_finding=self.port_scan_1, previous_finding=self.port_scan_2) self.vuln_change_2 = PortDetectionChange( change_time=32434, current_finding=self.port_scan_2, previous_finding=self.port_scan_3) self.vulnerability_1 = Vulnerability(port=self.port_1, output='test_output_1', exploit=self.exploit_1, cve='CVE-2017', cvss=6.7, subid=1, vuln_time=13, rowid=134, scan=self.scan_1) self.vulnerability_2 = Vulnerability(port=self.port_1, output='test_output_2', exploit=self.exploit_2, cve='CWE-14', cvss=8.9, subid=2, vuln_time=98, rowid=152, scan=self.scan_1) self.vulnerability_3 = Vulnerability(port=self.port_1, output='test_output_3', exploit=self.exploit_1, cve='CVE-2016', cvss=3.7, subid=2, vuln_time=15, rowid=153, scan=self.scan_2) self.vulnerability_4 = Vulnerability(port=self.port_1, output='test_output_4', exploit=self.exploit_2, cve='CWE-15', cvss=2.9, subid=1, vuln_time=124, rowid=169, scan=self.scan_2) self.vulnerability_5 = Vulnerability(port=self.port_5, output='', exploit=self.exploit_4, cve=None, cvss=None, subid=0, vuln_time=124, rowid=200, scan=self.scan_4, expiration_time=400) self.vulnerability_6 = Vulnerability(port=self.port_5, output='tftp', exploit=self.exploit_4, cve=None, cvss=None, subid=1, vuln_time=124, rowid=201, scan=self.scan_4, expiration_time=400) self.vulnerability_7 = Vulnerability(port=self.port_5, output='tftp server name', exploit=self.exploit_4, cve=None, cvss=None, subid=2, vuln_time=124, rowid=202, scan=self.scan_4, expiration_time=400) self.vulnerability_8 = Vulnerability(port=self.port_5, output='6.7.8', exploit=self.exploit_4, cve=None, cvss=None, subid=3, vuln_time=124, rowid=203, scan=self.scan_4, expiration_time=400) self.vulnerability_9 = Vulnerability(port=self.port_5, output='HERE IS TFTP\n\n\n > ', exploit=self.exploit_4, cve=None, cvss=None, subid=4, vuln_time=124, rowid=204, scan=self.scan_4, expiration_time=400) self.vulnerability_10 = Vulnerability(port=self.port_5, output='test:cpe', exploit=self.exploit_4, cve=None, cvss=None, subid=5, vuln_time=124, rowid=205, scan=self.scan_4, expiration_time=400) self.vulnerability_11 = Vulnerability(port=self.port_5, output='os name', exploit=self.exploit_4, cve=None, cvss=None, subid=6, vuln_time=124, rowid=206, scan=self.scan_4, expiration_time=400) self.vulnerability_12 = Vulnerability(port=self.port_5, output='os version', exploit=self.exploit_4, cve=None, cvss=None, subid=7, vuln_time=124, rowid=207, scan=self.scan_4, expiration_time=400) self.vulnerability_13 = Vulnerability(port=self.port_5, output='test:os:cpe', exploit=self.exploit_4, cve=None, cvss=None, subid=8, vuln_time=124, rowid=208, scan=self.scan_4, expiration_time=400)
def _get_vulnerabilities(self, results): log.debug(results.with_severity_le(SSLSeverity.WARN).output) return [Vulnerability(exploit=self.exploit, port=self._port, scan=self.scan, output=results.with_severity_ge(SSLSeverity.LOW).output, context=self.context)]
async def execute(self): """ Scans port, parses output for obtain information about service name and version and pass it to the task mapper Returns: None """ if isinstance(self._port, (BroadcastPort, PhysicalPort)): await self.aucote.task_mapper.assign_tasks(self._port) return args = self.prepare_args() xml = await self.command.async_call(args=args) self.port.scan.end = int(time.time()) banner = xml.find("host/ports/port/script[@id='banner']") if banner is None: log.debug('No banner for %s:%i', self._port.node.ip, self._port.number) else: self._port.banner = banner.get('output') service = xml.find("host/ports/port/service") if service is None: log.debug('No service for %s:%i', self._port.node.ip, self._port.number) else: self._port.protocol = service.get('name') if self._port.protocol == 'http': if service.get('tunnel') == 'ssl': self._port.protocol = 'https' self._port.service.name = service.get('product') self._port.service.version = service.get('version') cpe = service.find("cpe") if cpe is not None: self._port.service.cpe = cpe.text self.storage.save_security_scan(port=self.port, exploit=self.exploit, scan=self.scan) cpe = self.port.service.cpe.as_fs() if self.port.service.cpe else None vulnerabilities = [ Vulnerability(exploit=self.exploit, port=self.port, output=self.port.protocol, subid=Vulnerability.SERVICE_PROTOCOL, context=self.context, scan=self.scan), Vulnerability(exploit=self.exploit, port=self.port, output=self.port.service.name, subid=Vulnerability.SERVICE_NAME, context=self.context, scan=self.scan), Vulnerability(exploit=self.exploit, port=self.port, output=self.port.service.version, subid=Vulnerability.SERVICE_VERSION, context=self.context, scan=self.scan), Vulnerability(exploit=self.exploit, port=self.port, output=self.port.banner, subid=Vulnerability.SERVICE_BANNER, context=self.context, scan=self.scan), Vulnerability(exploit=self.exploit, port=self.port, output=cpe, subid=Vulnerability.SERVICE_CPE, context=self.context, scan=self.scan), Vulnerability(exploit=self.exploit, port=self.port, output=self.port.node.os.name, subid=Vulnerability.OS_NAME, context=self.context, scan=self.scan), Vulnerability(exploit=self.exploit, port=self.port, output=self.port.node.os.version, subid=Vulnerability.OS_VERSION, context=self.context, scan=self.scan), Vulnerability(exploit=self.exploit, port=self.port, subid=Vulnerability.OS_CPE, context=self.context, output=str(self.port.node.os.cpe.cpe_str) if self.port.node.os.cpe else None, scan=self.scan) ] self.aucote.storage.save_vulnerabilities(vulnerabilities=vulnerabilities, scan=self.scan) self.store_vulnerability(Vulnerability(port=self._port, context=self.context, scan=self.scan)) self.diff_with_last_scan() if not self.scan_only: await TaskMapper(context=self.context).assign_tasks(self._port)
def get_vulnerabilities(self, results): return Vulnerability(exploit=self.exploit, output=str(results), port=self.port, context=self.context, scan=self.scan)
def test_init_with_exploit(self): vulnerability = Vulnerability(exploit=self.exploit) self.assertEqual(vulnerability.cve, 'CVE-2017-XXXX,CVE-2018-XXX') self.assertEqual(vulnerability.cvss, 4.6)
def test_init(self): vulnerability = Vulnerability() self.assertEqual(vulnerability.cve, '') self.assertEqual(vulnerability.cvss, 0.)
def setUp(self, cfg): super(CVESearchServiceTaskTest, self).setUp() cfg._cfg = {'tools': {'cve-search': {'api': 'localhost:200'}}} self.example_output = '' with open( path.join(path.dirname(path.abspath(__file__)), 'example_output.json'), 'rb') as f: self.example_output = f.read() self.node = Node(ip='127.0.0.1', node_id=None) self.port = Port(node=self.node, transport_protocol=TransportProtocol.TCP, number=22) self.port.service_name = 'ssh' self.port.scan = Scan() self.port.service = Service() self.app = Service() self.app_2 = Service() self.app.cpe = 'cpe:/a:microsoft:iexplorer:8.0.6001:beta' self.app_2.cpe = 'cpe:/a:microsoft:aexplorer:8.0.6001:beta' self.cpe_txt = 'cpe:/a:microsoft:internet_explorer:8.0.6001:beta' self.os_cpe_txt = 'cpe:/o:a:b:4' self.cpe_without_version = 'cpe:/o:cisco:ios' self.node.os.cpe = self.os_cpe_txt self.port.service.cpe = self.cpe_txt self.exploit = Exploit(exploit_id=1337, name='cve-search', app='cve-search') self.aucote = MagicMock() self.context = ScanContext(aucote=self.aucote, scanner=MagicMock(scan=Scan())) self.task = CVESearchServiceTask(context=self.context, port=self.port, exploits=[self.exploit]) self.vuln_1 = Vulnerability(port=self.port, exploit=self.exploit, cve='CVE-2016-8612', cvss=3.3, output='test summary 1', context=self.context, subid=0) self.vuln_2 = Vulnerability(port=self.port, exploit=self.exploit, cve='CVE-2017-9798', cvss=5.0, output='test summary 2', context=self.context, subid=1) self.vuln_3 = Vulnerability(port=self.port, exploit=self.exploit, cve='CVE-2017-9788', cvss=6.4, output='test summary 3', context=self.context, subid=2)
def get_app(self): self.aucote = MagicMock() self.storage = Storage(getenv('AUCOTE_TEST_POSTGRES')) self.aucote.storage = self.storage self.storage.connect() self.storage.remove_all() self.storage.init_schema() self.scan_1 = Scan(start=123, end=446, protocol=TransportProtocol.TCP, scanner='tcp') self.scan_2 = Scan(start=230, end=447, protocol=TransportProtocol.UDP, scanner='udp') for scan in (self.scan_1, self.scan_2): self.storage.save_scan(scan) self.node_1 = Node(node_id=13, ip=ipaddress.ip_address("10.156.67.18")) self.node_2 = Node(node_id=75, ip=ipaddress.ip_address("10.156.67.34")) self.node_scan_1 = NodeScan(node=self.node_1, scan=self.scan_1, timestamp=45) self.node_scan_2 = NodeScan(node=self.node_2, scan=self.scan_2, timestamp=88) self.node_scan_3 = NodeScan(node=self.node_1, scan=self.scan_2, timestamp=67) for node_scan in (self.node_scan_1, self.node_scan_2, self.node_scan_3): self.storage.save_node_scan(node_scan) self.port_1 = Port(node=self.node_1, number=34, transport_protocol=TransportProtocol.UDP) self.port_2 = Port(node=self.node_2, number=78, transport_protocol=TransportProtocol.TCP) self.port_scan_1 = PortScan(port=self.port_1, timestamp=1234, scan=self.scan_1, rowid=13) self.port_scan_2 = PortScan(port=self.port_2, timestamp=2345, scan=self.scan_1, rowid=15) for port_scan in (self.port_scan_1, self.port_scan_2): self.storage.save_port_scan(port_scan) self.exploit_1 = Exploit(exploit_id=14, name='test_name', app='test_app') self.exploit_2 = Exploit(exploit_id=2, name='test_name_2', app='test_app_2') self.security_scan_1 = SecurityScan(exploit=self.exploit_1, port=self.port_1, scan=self.scan_1, scan_start=178, scan_end=851) self.security_scan_2 = SecurityScan(exploit=self.exploit_2, port=self.port_1, scan=self.scan_1, scan_start=109, scan_end=775) self.security_scan_3 = SecurityScan(exploit=self.exploit_1, port=self.port_1, scan=self.scan_2, scan_start=114, scan_end=981) for scan in (self.security_scan_1, self.security_scan_2, self.security_scan_3): self.storage.save_sec_scan(scan) self.vulnerability_1 = Vulnerability(exploit=self.exploit_1, port=self.port_1, cvss="6.8", cve="CVE-2017-1231", scan=self.scan_1, output="Vulnerable stuff", vuln_time=134, subid=34) self.vulnerability_2 = Vulnerability(exploit=self.exploit_1, port=self.port_1, cvss="6.8", cve="CVE-2017-1232", scan=self.scan_2, output=None, vuln_time=718, subid=34) for vulnerability in (self.vulnerability_1, self.vulnerability_2): self.storage.save_vulnerability(vulnerability) self.scanner = TCPScanner(aucote=self.aucote, host='localhost', port=1339) self.scanner.NAME = 'test_name' self.scanner.scan.start = 1290 self.scanner.nodes = [ Node(node_id=1, ip=ipaddress.ip_address('127.0.0.1')) ] self.aucote.scanners = [ self.scanner, ToolsScanner(name='tools', aucote=self.aucote) ] endpoints = [(url, handler, { 'aucote': self.aucote }) for url, handler in [ (r"/api/v1/kill", KillHandler), (r"/api/v1/scanners", ScannersHandler), (r"/api/v1/scanners/([\w_]+)", ScannersHandler), (r"/api/v1/tasks", TasksHandler), (r"/api/v1/scans", ScansHandler), (r"/api/v1/scans/([\d]+)", ScansHandler), (r"/api/v1/nodes", NodesHandler), (r"/api/v1/nodes/([\d]+)", NodesHandler), (r"/api/v1/ports", PortsHandler), (r"/api/v1/ports/([\d]+)", PortsHandler), (r"/api/v1/security_scans", SecurityScansHandler), (r"/api/v1/security_scans/([\d]+)", SecurityScansHandler), (r"/api/v1/vulnerabilities", VulnerabilitiesHandler), ]] endpoints.append( (r"/api/v1/vulnerabilities/([\d]+)", VulnerabilitiesHandler, { 'aucote': self.aucote, 'path': '/aucote/' })) self.app = Application(endpoints) return self.app