def test_cve_2019_11043_false(self):
network.init("", "", "")
output.setup(False, False, False)
url = "https://www.example.org/"
p = command_line.build_parser()
ns = p.parse_args(args=["scan"])
s = Session(ns, url)
try:
output.setup(False, True, True)
with utils.capture_sys_output() as (stdout, stderr):
with requests_mock.Mocker() as m:
m.get(requests_mock.ANY, status_code=200)
m.head(requests_mock.ANY, status_code=200)
results = php.check_cve_2019_11043(
s, ["https://www.example.org/test/"]
)
except Exception as error:
self.assertIsNone(error)
self.assertIsNotNone(results)
self.assertTrue(len(results) == 0)
self.assertNotIn("Exception", stderr.getvalue())
self.assertNotIn("Error", stdout.getvalue())
network.reset()
def test_process_urls_maybe_valid(self):
parser = command_line.build_parser()
args, urls = parser.parse_known_args(["scan", "adamcaudill.com"])
with utils.capture_sys_output() as (stdout, stderr):
command_line.process_urls(urls)
self.assertEqual("", stderr.getvalue())
def test_process_urls_unknown_param(self):
parser = command_line.build_parser()
args, urls = parser.parse_known_args(["scan", "--dfghjk"])
with utils.capture_sys_output() as (stdout, stderr):
command_line.process_urls(urls)
self.assertIn("YAWAST Error: Invalid parameter", stderr.getvalue())
def test_process_urls_invalid_ftp(self):
parser = command_line.build_parser()
args, urls = parser.parse_known_args(["scan", "ftp://adamcaudill.com"])
with self.assertRaises(SystemExit):
with utils.capture_sys_output() as (stdout, stderr):
command_line.process_urls(urls)
self.assertIn("YAWAST Error: Invalid URL Specified", stderr.getvalue())
def main():
global _start_time, _monitor
signal.signal(signal.SIGINT, signal_handler)
warnings.simplefilter("ignore")
try:
if str(sys.stdout.encoding).lower() != "utf-8":
print(
f"Output encoding is {sys.stdout.encoding}: changing to UTF-8")
sys.stdout.reconfigure(encoding="utf-8")
except Exception as error:
print(f"Unable to set UTF-8 encoding: {str(error)}")
parser = command_line.build_parser()
args, urls = parser.parse_known_args()
# setup the output system
output.setup(args.debug, args.nocolors, args.nowrap)
output.debug("Starting application...")
proxy = args.proxy if "proxy" in args else None
cookie = args.cookie if "cookie" in args else None
header = args.header if "header" in args else None
network.init(proxy, cookie, header)
# if we made it this far, it means that the parsing worked.
# version doesn't require any URLs, so it gets special handing
if args.command != "version":
urls = command_line.process_urls(urls)
else:
urls = []
# we are good to keep going
print_header()
if args.output is not None:
reporter.init(args.output)
_set_basic_info()
print(f"Saving output to '{reporter.get_output_file()}'")
print()
try:
with _KeyMonitor():
with _ProcessMonitor() as pm:
_monitor = pm
args.func(args, urls)
except KeyboardInterrupt:
output.empty()
output.error("Scan cancelled by user.")
finally:
_shutdown()
def test_process_urls_empty(self):
parser = command_line.build_parser()
args, urls = parser.parse_known_args(["scan"])
with self.assertRaises(SystemExit):
with utils.capture_sys_output() as (stdout, stderr):
command_line.process_urls(urls)
self.assertIn("YAWAST Error: You must specify at least one URL.",
stderr.getvalue())
def test_build_parser(self):
parser = command_line.build_parser()
# make sure we got something back
self.assertIsNotNone(parser)
with self.assertRaises(SystemExit) as cm:
with utils.capture_sys_output() as (stdout, stderr):
parser.parse_known_args([""])
self.assertIn("yawast: error", stderr.getvalue())
def test_pwd_rst_get_driver(self):
url = "https://example.com/"
output.setup(False, False, False)
with utils.capture_sys_output() as (stdout, stderr):
p = command_line.build_parser()
ns = p.parse_args(args=["scan"])
s = Session(ns, url)
try:
driver = _get_driver(s, url)
except Exception as error:
self.assertIsNone(error)
self.assertIsInstance(driver, WebDriver)
self.assertIn("<h1>Example Domain</h1>", driver.page_source)
self.assertNotIn("Exception", stderr.getvalue())
self.assertNotIn("Error", stderr.getvalue())
def test_pwd_rst_find_field(self):
url = "https://underhandedcrypto.com/wp-login.php?action=lostpassword"
output.setup(False, False, False)
with utils.capture_sys_output() as (stdout, stderr):
p = command_line.build_parser()
ns = p.parse_args(args=["scan"])
s = Session(ns, url)
try:
driver = _get_driver(s, url)
element = _find_user_field(driver)
except Exception as error:
self.assertIsNone(error)
self.assertIsInstance(driver, WebDriver)
self.assertIsInstance(element, WebElement)
self.assertIn("Username or Email Address", driver.page_source)
self.assertNotIn("Exception", stderr.getvalue())
self.assertNotIn("Error", stderr.getvalue())
self.assertEqual("user_login", element.get_attribute("id"))
def main():
global _start_time, _monitor
signal.signal(signal.SIGINT, signal_handler)
parser = command_line.build_parser()
args, urls = parser.parse_known_args()
# setup the output system
output.setup(args.debug, args.nocolors)
output.debug("Starting application...")
network.init(args.proxy, args.cookie)
# if we made it this far, it means that the parsing worked.
urls = command_line.process_urls(urls)
# we are good to keep going
print_header()
if args.output is not None:
reporter.init(args.output)
_set_basic_info()
print(f"Saving output to '{reporter.get_output_file()}'")
print()
try:
with _KeyMonitor():
with _ProcessMonitor() as pm:
_monitor = pm
args.func(args, urls)
except KeyboardInterrupt:
output.empty()
output.error("Scan cancelled by user.")
finally:
_shutdown()
