def main():
atexit.register(kill_child)
my_env = os.environ
cmd = my_env[
"CS_W3AF"] if 'CS_W3AF' in my_env else "/root/tools/w3af/w3af_api"
profile = my_env[
"CS_W3AF_PROFILE"] if 'CS_W3AF_PROFILE' in my_env else "/root/tools/w3af/profiles/fast_scan.pw3af"
# Parser argument in command line
parser = argparse.ArgumentParser(
description='w3af_client is develop for automating security testing')
parser.add_argument('-t',
'--target',
help='Network or Host for scan',
required=False)
parser.add_argument('-o', '--output', help='Output file', required=False)
args = parser.parse_args()
if args.target is None or args.output is None:
print "Argument errors check -h"
exit(0)
print 'Starting w3af api ...'
global child_pid
proc = subprocess.Popen([cmd])
child_pid = proc.pid
print 'Waiting for W3af to load, 5 seconds ...'
time.sleep(5)
# Connect to the REST API and get it's version
conn = Connection('http://127.0.0.1:5000/')
print conn.get_version()
# Define the target and configuration
# scan_profile = file('/root/tools/w3af/profiles/fast_scan_xml.pw3af').read()
scan_profile = file(profile).read()
scan_profile = "[output.xml_file]\noutput_file = %s\n%s\n" % (args.output,
scan_profile)
# scan_profile = file('/root/tools/w3af/profiles/fast_scan.pw3af').read()
target_urls = [args.target]
scan = Scan(conn)
s = scan.start(scan_profile, target_urls)
time.sleep(2)
# Wait some time for the scan to start and then
scan.get_urls()
scan.get_log()
scan.get_findings()
while (scan.get_status()['status'] == "Running"):
print 'Scan progress: %s' + str(scan.get_status()['rpm'])
time.sleep(2)
def main():
atexit.register(kill_child)
my_env = os.environ
cmd = my_env["CS_W3AF"] if "CS_W3AF" in my_env else "/root/tools/w3af/w3af_api"
profile = my_env["CS_W3AF_PROFILE"] if "CS_W3AF_PROFILE" in my_env else "/root/tools/w3af/profiles/fast_scan.pw3af"
# Parser argument in command line
parser = argparse.ArgumentParser(description="w3af_client is develop for automating security testing")
parser.add_argument("-t", "--target", help="Network or Host for scan", required=False)
parser.add_argument("-o", "--output", help="Output file", required=False)
args = parser.parse_args()
if args.target == None or args.output == None:
print "Argument errors check -h"
exit(0)
print "Starting w3af api ..."
global child_pid
proc = subprocess.Popen([cmd])
child_pid = proc.pid
print "Waiting for W3af to load, 5 seconds ..."
time.sleep(5)
# Connect to the REST API and get it's version
conn = Connection("http://127.0.0.1:5000/")
print conn.get_version()
# Define the target and configuration
# scan_profile = file('/root/tools/w3af/profiles/fast_scan_xml.pw3af').read()
scan_profile = file(profile).read()
scan_profile = "[output.xml_file]\noutput_file = %s\n%s\n" % (args.output, scan_profile)
# scan_profile = file('/root/tools/w3af/profiles/fast_scan.pw3af').read()
target_urls = [args.target]
scan = Scan(conn)
s = scan.start(scan_profile, target_urls)
time.sleep(2)
# Wait some time for the scan to start and then
scan.get_urls()
scan.get_log()
scan.get_findings()
while scan.get_status()["status"] == "Running":
print "Scan progress: %s" + str(scan.get_status()["rpm"])
time.sleep(2)
def test_simple_scan(self):
#
# Mock all HTTP responses
#
httpretty.register_uri(httpretty.GET,
self.get_url('/'),
body=INDEX_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/version'),
body=VERSION_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.POST,
self.get_url('/scans/'),
body=SCAN_START_RESPONSE,
content_type='application/json',
status=201)
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/status'),
body=SCAN_STATUS_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/1/status'),
body=NOT_FOUND,
content_type='application/json',
status=404)
httpretty.register_uri(
httpretty.GET,
self.get_url('/scans/0/log'),
responses=[
#
# Responses for ?page pagination
#
httpretty.Response(body=LOG_RESPONSE,
content_type='application/json',
status=200),
httpretty.Response(body=EMPTY_LOG_RESPONSE,
content_type='application/json',
status=200),
#
# Responses for ?id=0 pagination
#
httpretty.Response(body=LOG_RESPONSE,
content_type='application/json',
status=200),
httpretty.Response(body=EMPTY_LOG_RESPONSE,
content_type='application/json',
status=200),
])
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/kb/'),
body=FINDINGS_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/kb/0'),
body=FINDINGS_DETAIL_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/traffic/45'),
body=TRAFFIC_DETAIL_RESPONSE_45,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/traffic/46'),
body=TRAFFIC_DETAIL_RESPONSE_46,
content_type='application/json')
conn = Connection(self.api_url)
#conn.set_verbose(True)
self.assertTrue(conn.can_access_api())
#
# Start a scan and assert
#
scan = Scan(conn)
self.assertIsNone(scan.scan_id)
scan.start('mock_profile', [TARGET_URL])
self.assertJSONEquals(httpretty.last_request(), SCAN_START_REQUEST)
self.assertEqual(scan.scan_id, 0)
#
# Get scan status
#
json_data = scan.get_status()
self.assertEqual(json_data['is_running'], True)
self.assertEqual(json_data['is_paused'], False)
self.assertEqual(json_data['exception'], None)
#
# Test the error handling
#
scan.scan_id = 1
self.assertRaises(APIException, scan.get_status)
scan.scan_id = 0
#
# Get the log
#
log = scan.get_log()
self.assertIsInstance(log, Log)
expected_log_entries = [
LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0),
LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1)
]
received_log_entries = []
for log_entry in log:
self.assertIsInstance(log_entry, LogEntry)
received_log_entries.append(log_entry)
self.assertEqual(received_log_entries, expected_log_entries)
#
# Get the log using the ids
#
log = scan.get_log()
self.assertIsInstance(log, Log)
expected_log_entries = [
LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0),
LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1)
]
received_log_entries = []
for log_entry in log.get_by_start_id(0):
self.assertIsInstance(log_entry, LogEntry)
received_log_entries.append(log_entry)
self.assertEqual(received_log_entries, expected_log_entries)
#
# Get the vulnerabilities
#
findings = scan.get_findings()
self.assertIsInstance(findings, list)
self.assertEqual(len(findings), 1)
finding = findings[0]
self.assertEqual(finding.name, 'SQL injection')
self.assertIsInstance(finding, Finding)
all_traffic = finding.get_traffic()
self.assertIsInstance(all_traffic, list)
self.assertEqual(len(all_traffic), 2)
traffic = all_traffic[0]
self.assertIn('GET ', traffic.get_request())
self.assertIn('<html>', traffic.get_response())
def test_simple_scan(self):
#
# Mock all HTTP responses
#
httpretty.register_uri(httpretty.GET,
self.get_url('/'),
body=INDEX_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/version'),
body=VERSION_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.POST,
self.get_url('/scans/'),
body=SCAN_START_RESPONSE,
content_type='application/json',
status=201)
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/status'),
body=SCAN_STATUS_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/1/status'),
body=NOT_FOUND,
content_type='application/json',
status=404)
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/log'),
responses=[
httpretty.Response(body=LOG_RESPONSE,
content_type='application/json',
status=200),
httpretty.Response(body=EMPTY_LOG_RESPONSE,
content_type='application/json',
status=200),
])
httpretty.register_uri(httpretty.GET,
self.get_url('/kb/'),
body=FINDINGS_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/kb/0'),
body=FINDINGS_DETAIL_RESPONSE,
content_type='application/json')
conn = Connection(self.api_url)
#conn.set_verbose(True)
self.assertTrue(conn.can_access_api())
#
# Start a scan and assert
#
scan = Scan(conn)
self.assertIsNone(scan.scan_id)
scan.start('mock_profile', [TARGET_URL])
self.assertJSONEquals(httpretty.last_request(), SCAN_START_REQUEST)
self.assertEqual(scan.scan_id, 0)
#
# Get scan status
#
json_data = scan.get_status()
self.assertEqual(json_data['is_running'], True)
self.assertEqual(json_data['is_paused'], False)
self.assertEqual(json_data['exception'], None)
#
# Test the error handling
#
scan.scan_id = 1
self.assertRaises(APIException, scan.get_status)
scan.scan_id = 0
#
# Get the log
#
log = scan.get_log()
self.assertIsInstance(log, Log)
expected_log_entries = [LogEntry('debug', 'one',
'23-Jun-2015 16:21', None),
LogEntry('vulnerability', 'two',
'23-Jun-2015 16:22', 'High')]
received_log_entries = []
for log_entry in log:
self.assertIsInstance(log_entry, LogEntry)
received_log_entries.append(log_entry)
self.assertEqual(received_log_entries, expected_log_entries)
#
# Get the vulnerabilities
#
findings = scan.get_findings()
self.assertIsInstance(findings, list)
self.assertEqual(len(findings), 1)
finding = findings[0]
self.assertEqual(finding.name, 'SQL injection')
self.assertIsInstance(finding, Finding)