Example #1
0
def main():
    atexit.register(kill_child)

    my_env = os.environ
    cmd = my_env[
        "CS_W3AF"] if 'CS_W3AF' in my_env else "/root/tools/w3af/w3af_api"
    profile = my_env[
        "CS_W3AF_PROFILE"] if 'CS_W3AF_PROFILE' in my_env else "/root/tools/w3af/profiles/fast_scan.pw3af"

    # Parser argument in command line
    parser = argparse.ArgumentParser(
        description='w3af_client is develop for automating security testing')
    parser.add_argument('-t',
                        '--target',
                        help='Network or Host for scan',
                        required=False)
    parser.add_argument('-o', '--output', help='Output file', required=False)
    args = parser.parse_args()

    if args.target is None or args.output is None:
        print "Argument errors check -h"
        exit(0)

    print 'Starting w3af api ...'
    global child_pid
    proc = subprocess.Popen([cmd])
    child_pid = proc.pid

    print 'Waiting for W3af to load, 5 seconds ...'
    time.sleep(5)

    # Connect to the REST API and get it's version
    conn = Connection('http://127.0.0.1:5000/')
    print conn.get_version()

    # Define the target and configuration
    # scan_profile = file('/root/tools/w3af/profiles/fast_scan_xml.pw3af').read()
    scan_profile = file(profile).read()
    scan_profile = "[output.xml_file]\noutput_file = %s\n%s\n" % (args.output,
                                                                  scan_profile)
    # scan_profile = file('/root/tools/w3af/profiles/fast_scan.pw3af').read()

    target_urls = [args.target]

    scan = Scan(conn)
    s = scan.start(scan_profile, target_urls)
    time.sleep(2)

    # Wait some time for the scan to start and then
    scan.get_urls()
    scan.get_log()
    scan.get_findings()

    while (scan.get_status()['status'] == "Running"):
        print 'Scan progress: %s' + str(scan.get_status()['rpm'])
        time.sleep(2)
Example #2
0
def main():
    atexit.register(kill_child)

    my_env = os.environ
    cmd = my_env["CS_W3AF"] if "CS_W3AF" in my_env else "/root/tools/w3af/w3af_api"
    profile = my_env["CS_W3AF_PROFILE"] if "CS_W3AF_PROFILE" in my_env else "/root/tools/w3af/profiles/fast_scan.pw3af"

    # Parser argument in command line
    parser = argparse.ArgumentParser(description="w3af_client is develop for automating security testing")
    parser.add_argument("-t", "--target", help="Network or Host for scan", required=False)
    parser.add_argument("-o", "--output", help="Output file", required=False)
    args = parser.parse_args()

    if args.target == None or args.output == None:
        print "Argument errors check -h"
        exit(0)

    print "Starting w3af api ..."
    global child_pid
    proc = subprocess.Popen([cmd])
    child_pid = proc.pid

    print "Waiting for W3af to load, 5 seconds ..."
    time.sleep(5)

    # Connect to the REST API and get it's version
    conn = Connection("http://127.0.0.1:5000/")
    print conn.get_version()

    # Define the target and configuration
    # scan_profile = file('/root/tools/w3af/profiles/fast_scan_xml.pw3af').read()
    scan_profile = file(profile).read()
    scan_profile = "[output.xml_file]\noutput_file = %s\n%s\n" % (args.output, scan_profile)
    # scan_profile = file('/root/tools/w3af/profiles/fast_scan.pw3af').read()

    target_urls = [args.target]

    scan = Scan(conn)
    s = scan.start(scan_profile, target_urls)
    time.sleep(2)

    # Wait some time for the scan to start and then
    scan.get_urls()
    scan.get_log()
    scan.get_findings()

    while scan.get_status()["status"] == "Running":
        print "Scan progress: %s" + str(scan.get_status()["rpm"])
        time.sleep(2)
Example #3
0
    def test_simple_scan(self):
        #
        # Mock all HTTP responses
        #
        httpretty.register_uri(httpretty.GET,
                               self.get_url('/'),
                               body=INDEX_RESPONSE,
                               content_type='application/json')

        httpretty.register_uri(httpretty.GET,
                               self.get_url('/version'),
                               body=VERSION_RESPONSE,
                               content_type='application/json')

        httpretty.register_uri(httpretty.POST,
                               self.get_url('/scans/'),
                               body=SCAN_START_RESPONSE,
                               content_type='application/json',
                               status=201)

        httpretty.register_uri(httpretty.GET,
                               self.get_url('/scans/0/status'),
                               body=SCAN_STATUS_RESPONSE,
                               content_type='application/json')

        httpretty.register_uri(httpretty.GET,
                               self.get_url('/scans/1/status'),
                               body=NOT_FOUND,
                               content_type='application/json',
                               status=404)

        httpretty.register_uri(
            httpretty.GET,
            self.get_url('/scans/0/log'),
            responses=[
                #
                #    Responses for ?page pagination
                #
                httpretty.Response(body=LOG_RESPONSE,
                                   content_type='application/json',
                                   status=200),
                httpretty.Response(body=EMPTY_LOG_RESPONSE,
                                   content_type='application/json',
                                   status=200),
                #
                #    Responses for ?id=0 pagination
                #
                httpretty.Response(body=LOG_RESPONSE,
                                   content_type='application/json',
                                   status=200),
                httpretty.Response(body=EMPTY_LOG_RESPONSE,
                                   content_type='application/json',
                                   status=200),
            ])

        httpretty.register_uri(httpretty.GET,
                               self.get_url('/scans/0/kb/'),
                               body=FINDINGS_RESPONSE,
                               content_type='application/json')

        httpretty.register_uri(httpretty.GET,
                               self.get_url('/scans/0/kb/0'),
                               body=FINDINGS_DETAIL_RESPONSE,
                               content_type='application/json')

        httpretty.register_uri(httpretty.GET,
                               self.get_url('/scans/0/traffic/45'),
                               body=TRAFFIC_DETAIL_RESPONSE_45,
                               content_type='application/json')

        httpretty.register_uri(httpretty.GET,
                               self.get_url('/scans/0/traffic/46'),
                               body=TRAFFIC_DETAIL_RESPONSE_46,
                               content_type='application/json')

        conn = Connection(self.api_url)
        #conn.set_verbose(True)

        self.assertTrue(conn.can_access_api())

        #
        #   Start a scan and assert
        #
        scan = Scan(conn)
        self.assertIsNone(scan.scan_id)

        scan.start('mock_profile', [TARGET_URL])

        self.assertJSONEquals(httpretty.last_request(), SCAN_START_REQUEST)
        self.assertEqual(scan.scan_id, 0)

        #
        #   Get scan status
        #
        json_data = scan.get_status()

        self.assertEqual(json_data['is_running'], True)
        self.assertEqual(json_data['is_paused'], False)
        self.assertEqual(json_data['exception'], None)

        #
        #   Test the error handling
        #
        scan.scan_id = 1
        self.assertRaises(APIException, scan.get_status)

        scan.scan_id = 0

        #
        #   Get the log
        #
        log = scan.get_log()
        self.assertIsInstance(log, Log)

        expected_log_entries = [
            LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0),
            LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1)
        ]
        received_log_entries = []

        for log_entry in log:
            self.assertIsInstance(log_entry, LogEntry)
            received_log_entries.append(log_entry)

        self.assertEqual(received_log_entries, expected_log_entries)

        #
        #   Get the log using the ids
        #
        log = scan.get_log()
        self.assertIsInstance(log, Log)

        expected_log_entries = [
            LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0),
            LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1)
        ]
        received_log_entries = []

        for log_entry in log.get_by_start_id(0):
            self.assertIsInstance(log_entry, LogEntry)
            received_log_entries.append(log_entry)

        self.assertEqual(received_log_entries, expected_log_entries)

        #
        #   Get the vulnerabilities
        #
        findings = scan.get_findings()
        self.assertIsInstance(findings, list)
        self.assertEqual(len(findings), 1)

        finding = findings[0]
        self.assertEqual(finding.name, 'SQL injection')
        self.assertIsInstance(finding, Finding)

        all_traffic = finding.get_traffic()
        self.assertIsInstance(all_traffic, list)
        self.assertEqual(len(all_traffic), 2)

        traffic = all_traffic[0]
        self.assertIn('GET ', traffic.get_request())
        self.assertIn('<html>', traffic.get_response())
Example #4
0
    def test_simple_scan(self):
        #
        # Mock all HTTP responses
        #
        httpretty.register_uri(httpretty.GET,
                               self.get_url('/'),
                               body=INDEX_RESPONSE,
                               content_type='application/json')

        httpretty.register_uri(httpretty.GET,
                               self.get_url('/version'),
                               body=VERSION_RESPONSE,
                               content_type='application/json')

        httpretty.register_uri(httpretty.POST,
                               self.get_url('/scans/'),
                               body=SCAN_START_RESPONSE,
                               content_type='application/json',
                               status=201)

        httpretty.register_uri(httpretty.GET,
                               self.get_url('/scans/0/status'),
                               body=SCAN_STATUS_RESPONSE,
                               content_type='application/json')

        httpretty.register_uri(httpretty.GET,
                               self.get_url('/scans/1/status'),
                               body=NOT_FOUND,
                               content_type='application/json',
                               status=404)

        httpretty.register_uri(httpretty.GET,
                               self.get_url('/scans/0/log'),
                               responses=[
                                   httpretty.Response(body=LOG_RESPONSE,
                                                      content_type='application/json',
                                                      status=200),
                                   httpretty.Response(body=EMPTY_LOG_RESPONSE,
                                                      content_type='application/json',
                                                      status=200),
                               ])

        httpretty.register_uri(httpretty.GET,
                               self.get_url('/kb/'),
                               body=FINDINGS_RESPONSE,
                               content_type='application/json')

        httpretty.register_uri(httpretty.GET,
                               self.get_url('/kb/0'),
                               body=FINDINGS_DETAIL_RESPONSE,
                               content_type='application/json')

        conn = Connection(self.api_url)
        #conn.set_verbose(True)

        self.assertTrue(conn.can_access_api())

        #
        #   Start a scan and assert
        #
        scan = Scan(conn)
        self.assertIsNone(scan.scan_id)

        scan.start('mock_profile', [TARGET_URL])

        self.assertJSONEquals(httpretty.last_request(), SCAN_START_REQUEST)
        self.assertEqual(scan.scan_id, 0)

        #
        #   Get scan status
        #
        json_data = scan.get_status()

        self.assertEqual(json_data['is_running'], True)
        self.assertEqual(json_data['is_paused'], False)
        self.assertEqual(json_data['exception'], None)

        #
        #   Test the error handling
        #
        scan.scan_id = 1
        self.assertRaises(APIException, scan.get_status)

        scan.scan_id = 0

        #
        #   Get the log
        #
        log = scan.get_log()
        self.assertIsInstance(log, Log)

        expected_log_entries = [LogEntry('debug', 'one',
                                         '23-Jun-2015 16:21', None),
                                LogEntry('vulnerability', 'two',
                                         '23-Jun-2015 16:22', 'High')]
        received_log_entries = []

        for log_entry in log:
            self.assertIsInstance(log_entry, LogEntry)
            received_log_entries.append(log_entry)

        self.assertEqual(received_log_entries, expected_log_entries)

        #
        #   Get the vulnerabilities
        #
        findings = scan.get_findings()
        self.assertIsInstance(findings, list)
        self.assertEqual(len(findings), 1)

        finding = findings[0]
        self.assertEqual(finding.name, 'SQL injection')
        self.assertIsInstance(finding, Finding)