def main(): atexit.register(kill_child) my_env = os.environ cmd = my_env[ "CS_W3AF"] if 'CS_W3AF' in my_env else "/root/tools/w3af/w3af_api" profile = my_env[ "CS_W3AF_PROFILE"] if 'CS_W3AF_PROFILE' in my_env else "/root/tools/w3af/profiles/fast_scan.pw3af" # Parser argument in command line parser = argparse.ArgumentParser( description='w3af_client is develop for automating security testing') parser.add_argument('-t', '--target', help='Network or Host for scan', required=False) parser.add_argument('-o', '--output', help='Output file', required=False) args = parser.parse_args() if args.target is None or args.output is None: print "Argument errors check -h" exit(0) print 'Starting w3af api ...' global child_pid proc = subprocess.Popen([cmd]) child_pid = proc.pid print 'Waiting for W3af to load, 5 seconds ...' time.sleep(5) # Connect to the REST API and get it's version conn = Connection('http://127.0.0.1:5000/') print conn.get_version() # Define the target and configuration # scan_profile = file('/root/tools/w3af/profiles/fast_scan_xml.pw3af').read() scan_profile = file(profile).read() scan_profile = "[output.xml_file]\noutput_file = %s\n%s\n" % (args.output, scan_profile) # scan_profile = file('/root/tools/w3af/profiles/fast_scan.pw3af').read() target_urls = [args.target] scan = Scan(conn) s = scan.start(scan_profile, target_urls) time.sleep(2) # Wait some time for the scan to start and then scan.get_urls() scan.get_log() scan.get_findings() while (scan.get_status()['status'] == "Running"): print 'Scan progress: %s' + str(scan.get_status()['rpm']) time.sleep(2)
def main(): atexit.register(kill_child) my_env = os.environ cmd = my_env["CS_W3AF"] if "CS_W3AF" in my_env else "/root/tools/w3af/w3af_api" profile = my_env["CS_W3AF_PROFILE"] if "CS_W3AF_PROFILE" in my_env else "/root/tools/w3af/profiles/fast_scan.pw3af" # Parser argument in command line parser = argparse.ArgumentParser(description="w3af_client is develop for automating security testing") parser.add_argument("-t", "--target", help="Network or Host for scan", required=False) parser.add_argument("-o", "--output", help="Output file", required=False) args = parser.parse_args() if args.target == None or args.output == None: print "Argument errors check -h" exit(0) print "Starting w3af api ..." global child_pid proc = subprocess.Popen([cmd]) child_pid = proc.pid print "Waiting for W3af to load, 5 seconds ..." time.sleep(5) # Connect to the REST API and get it's version conn = Connection("http://127.0.0.1:5000/") print conn.get_version() # Define the target and configuration # scan_profile = file('/root/tools/w3af/profiles/fast_scan_xml.pw3af').read() scan_profile = file(profile).read() scan_profile = "[output.xml_file]\noutput_file = %s\n%s\n" % (args.output, scan_profile) # scan_profile = file('/root/tools/w3af/profiles/fast_scan.pw3af').read() target_urls = [args.target] scan = Scan(conn) s = scan.start(scan_profile, target_urls) time.sleep(2) # Wait some time for the scan to start and then scan.get_urls() scan.get_log() scan.get_findings() while scan.get_status()["status"] == "Running": print "Scan progress: %s" + str(scan.get_status()["rpm"]) time.sleep(2)
def test_integration(self): """ The main goal of this test is to assert that the latest version of w3af can be consumed using the latest version of w3af-api-client. """ conn = Connection(self.W3AF_API_URL, verbose=False) print('Created REST API connection') target_urls = [self.TARGET_URL_FMT % self.get_network_address()] scan = Scan(conn) scan.start(FAST_TEST_PROFILE, target_urls) print('Scan started') # Wait some time for the scan to finish, these wait methods also assert # that I'm able to retrieve the scan status self.wait_until_running(scan) print('Scan is running') self.wait_until_finish(scan, wait_loops=300) print('Scan has finished') log = scan.get_log() self.assertIsInstance(log, Log) log_entry_count = 0 for log_entry in log: self.assertIsInstance(log_entry, LogEntry) self.assertIsNotNone(log_entry.message) log_entry_count += 1 if log_entry_count % 20 == 0: print('Read 20 log entries') self.assertGreater(log_entry_count, 100) findings_list = scan.get_findings() self.assertGreaterEqual(len(findings_list), 4) print('Got %s findings' % len(findings_list)) finding = findings_list[0] self.assertIsInstance(finding, Finding) self.assertEqual(finding.name, 'SQL injection')
from w3af_api_client import Connection, Scan connection = Connection('http://127.0.0.1:5000/') print connection.get_version() profile = file('w3af/profiles/OWASP_TOP10.pw3af').read() target = ['http://localhost'] scan = Scan(connection) scan.start(profile, target) scan.get_urls() scan.get_log() scan.get_findings() scan.get_fuzzable_requests()
def test_simple_scan(self): # # Mock all HTTP responses # httpretty.register_uri(httpretty.GET, self.get_url('/'), body=INDEX_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/version'), body=VERSION_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.POST, self.get_url('/scans/'), body=SCAN_START_RESPONSE, content_type='application/json', status=201) httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/status'), body=SCAN_STATUS_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/1/status'), body=NOT_FOUND, content_type='application/json', status=404) httpretty.register_uri( httpretty.GET, self.get_url('/scans/0/log'), responses=[ # # Responses for ?page pagination # httpretty.Response(body=LOG_RESPONSE, content_type='application/json', status=200), httpretty.Response(body=EMPTY_LOG_RESPONSE, content_type='application/json', status=200), # # Responses for ?id=0 pagination # httpretty.Response(body=LOG_RESPONSE, content_type='application/json', status=200), httpretty.Response(body=EMPTY_LOG_RESPONSE, content_type='application/json', status=200), ]) httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/kb/'), body=FINDINGS_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/kb/0'), body=FINDINGS_DETAIL_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/traffic/45'), body=TRAFFIC_DETAIL_RESPONSE_45, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/traffic/46'), body=TRAFFIC_DETAIL_RESPONSE_46, content_type='application/json') conn = Connection(self.api_url) #conn.set_verbose(True) self.assertTrue(conn.can_access_api()) # # Start a scan and assert # scan = Scan(conn) self.assertIsNone(scan.scan_id) scan.start('mock_profile', [TARGET_URL]) self.assertJSONEquals(httpretty.last_request(), SCAN_START_REQUEST) self.assertEqual(scan.scan_id, 0) # # Get scan status # json_data = scan.get_status() self.assertEqual(json_data['is_running'], True) self.assertEqual(json_data['is_paused'], False) self.assertEqual(json_data['exception'], None) # # Test the error handling # scan.scan_id = 1 self.assertRaises(APIException, scan.get_status) scan.scan_id = 0 # # Get the log # log = scan.get_log() self.assertIsInstance(log, Log) expected_log_entries = [ LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0), LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1) ] received_log_entries = [] for log_entry in log: self.assertIsInstance(log_entry, LogEntry) received_log_entries.append(log_entry) self.assertEqual(received_log_entries, expected_log_entries) # # Get the log using the ids # log = scan.get_log() self.assertIsInstance(log, Log) expected_log_entries = [ LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0), LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1) ] received_log_entries = [] for log_entry in log.get_by_start_id(0): self.assertIsInstance(log_entry, LogEntry) received_log_entries.append(log_entry) self.assertEqual(received_log_entries, expected_log_entries) # # Get the vulnerabilities # findings = scan.get_findings() self.assertIsInstance(findings, list) self.assertEqual(len(findings), 1) finding = findings[0] self.assertEqual(finding.name, 'SQL injection') self.assertIsInstance(finding, Finding) all_traffic = finding.get_traffic() self.assertIsInstance(all_traffic, list) self.assertEqual(len(all_traffic), 2) traffic = all_traffic[0] self.assertIn('GET ', traffic.get_request()) self.assertIn('<html>', traffic.get_response())
def test_simple_scan(self): # # Mock all HTTP responses # httpretty.register_uri(httpretty.GET, self.get_url('/'), body=INDEX_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/version'), body=VERSION_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.POST, self.get_url('/scans/'), body=SCAN_START_RESPONSE, content_type='application/json', status=201) httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/status'), body=SCAN_STATUS_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/1/status'), body=NOT_FOUND, content_type='application/json', status=404) httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/log'), responses=[ httpretty.Response(body=LOG_RESPONSE, content_type='application/json', status=200), httpretty.Response(body=EMPTY_LOG_RESPONSE, content_type='application/json', status=200), ]) httpretty.register_uri(httpretty.GET, self.get_url('/kb/'), body=FINDINGS_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/kb/0'), body=FINDINGS_DETAIL_RESPONSE, content_type='application/json') conn = Connection(self.api_url) #conn.set_verbose(True) self.assertTrue(conn.can_access_api()) # # Start a scan and assert # scan = Scan(conn) self.assertIsNone(scan.scan_id) scan.start('mock_profile', [TARGET_URL]) self.assertJSONEquals(httpretty.last_request(), SCAN_START_REQUEST) self.assertEqual(scan.scan_id, 0) # # Get scan status # json_data = scan.get_status() self.assertEqual(json_data['is_running'], True) self.assertEqual(json_data['is_paused'], False) self.assertEqual(json_data['exception'], None) # # Test the error handling # scan.scan_id = 1 self.assertRaises(APIException, scan.get_status) scan.scan_id = 0 # # Get the log # log = scan.get_log() self.assertIsInstance(log, Log) expected_log_entries = [LogEntry('debug', 'one', '23-Jun-2015 16:21', None), LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High')] received_log_entries = [] for log_entry in log: self.assertIsInstance(log_entry, LogEntry) received_log_entries.append(log_entry) self.assertEqual(received_log_entries, expected_log_entries) # # Get the vulnerabilities # findings = scan.get_findings() self.assertIsInstance(findings, list) self.assertEqual(len(findings), 1) finding = findings[0] self.assertEqual(finding.name, 'SQL injection') self.assertIsInstance(finding, Finding)