def test_save_load_misc_settings(self):
# Save the settings
commands_to_run = ['misc-settings set msf_location /etc/',
'profiles save_as unittest',
'exit']
expected = ('Profile saved.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
self._assert_exists('unittest')
# Clean the mocked stdout
self._mock_stdout.clear()
# Load the settings
commands_to_run = ['profiles',
'use unittest',
'back',
'misc-settings view',
'exit']
expected = ('/etc/',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_SQL_scan(self):
target = 'http://moth/w3af/audit/sql_injection/select/sql_injection_string.php'
qs = '?name=andres'
commands_to_run = [
'plugins', 'output console,text_file', 'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back', 'output config console',
'set verbose False', 'back', 'audit sqli', 'crawl web_spider',
'crawl config web_spider', 'set only_forward True', 'back',
'grep path_disclosure', 'back', 'target',
'set target %s%s' % (target, qs), 'back', 'start', 'exit'
]
expected = ('SQL injection in ',
'A SQL error was found in the response supplied by ',
'New URL found by web_spider plugin: "%s"' % target)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(
['No such file or directory', 'Exception'])
self.assertFalse(found_errors)
def test_menu_browse_target(self):
commands_to_run = ['target', 'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:target>>> ')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_not_exists(self):
commands_to_run = ['profiles', 'help', 'use do_not_exist', 'exit']
expected = ('Unknown profile name: "do_not_exist"', )
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_exists(self):
commands_to_run = ['profiles', 'help', 'use OWASP_TOP10', 'exit']
expected = (
'The plugins configured by the scan profile have been enabled',
'Please set the target URL', ' | Use a profile.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_set_option_auto_save(self):
commands_to_run = ['target set target http://moth/',
'target view',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('| target ',
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_set_option_invalid_case01(self):
# Invalid port
commands_to_run = ['target', 'set target http://moth:301801/', 'view',
'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('Invalid URL configured by user,',
# Because nothing was really saved and the
# config is empty, this will succeed
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_plugin_desc(self):
commands_to_run = [
'plugins', 'infrastructure desc zone_h', 'back', 'exit'
]
expected = ('This plugin searches the zone-h.org',
'result. The information stored in',
'previous defacements to the target website.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_two_scans(self):
target_1 = 'http://moth/w3af/audit/sql_injection/select/sql_injection_string.php'
qs_1 = '?name=andres'
scan_commands_1 = [
'plugins', 'output console,text_file', 'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back', 'output config console',
'set verbose False', 'back', 'audit sqli', 'crawl web_spider',
'crawl config web_spider', 'set only_forward True', 'back',
'grep path_disclosure', 'back', 'target',
'set target %s%s' % (target_1, qs_1), 'back', 'start'
]
expected_1 = ('SQL injection in ',
'A SQL error was found in the response supplied by ',
'New URL found by web_spider plugin: "%s"' % target_1)
target_2 = 'http://moth/w3af/audit/xss/simple_xss.php'
qs_2 = '?text=1'
scan_commands_2 = [
'plugins', 'output console,text_file', 'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back', 'output config console',
'set verbose False', 'back', 'audit xss', 'crawl web_spider',
'crawl config web_spider', 'set only_forward True', 'back',
'grep path_disclosure', 'back', 'target',
'set target %s%s' % (target_2, qs_2), 'back', 'start', 'exit'
]
expected_2 = ('A Cross Site Scripting vulnerability was found at',
'New URL found by web_spider plugin: "%s"' % target_2)
scan_commands = scan_commands_1 + scan_commands_2
self.console = ConsoleUI(commands=scan_commands, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected_1)
self.assertTrue(assert_result, msg)
assert_result, msg = self.startswith_expected_in_output(expected_2)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(
['No such file or directory', 'Exception'])
self.assertFalse(found_errors)
def test_menu_set_option_case01(self):
commands_to_run = ['target', 'set target http://moth/', 'view',
'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:target>>> ',
'The configuration has been saved.\r\n')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
expected_start_with = ('| http://moth/',)
assert_result, msg = self.all_expected_substring_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_save_as_profile(self):
commands_to_run = ['profiles',
'use OWASP_TOP10',
'save_as unittest',
'exit']
expected = ('Profile saved.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
self._assert_exists('unittest')
def test_kb_add_with_errors(self):
commands_to_run = [
'kb',
'add',
'add foobar',
'add foo bar',
'back',
'exit',
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/kb>>> ', 'Parameter "type" is missing,',
'Type foobar is unknown',
'Only one parameter is accepted,')
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_kb_add_back_without_config(self):
commands_to_run = [
'kb',
'add',
'add os_commanding',
'back',
'exit',
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = (
'w3af>>> ',
'w3af/kb>>> ',
'This vulnerability requires data to be configured.',
)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_kb_add(self):
commands_to_run = [
'kb',
'add dav',
'set url http://target.com/',
'back',
'list vulns',
'back',
'exit',
]
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = (
'w3af>>> ', 'w3af/kb>>> ', 'w3af/kb/config:dav>>> ',
'Stored "DAV Misconfiguration" in the knowledge base.',
'| DAV | This vulnerability was added to the knowledge'
)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_OS_commanding_exploit(self):
target = 'http://moth/w3af/audit/os_commanding/simple_osc.php'
qs = '?cmd=foobar'
commands_to_run = [
'plugins',
'audit os_commanding',
'back',
'target',
'set target %s%s' % (target, qs),
'back',
'start',
'exploit',
'exploit os_commanding',
'interact 0',
'execute ls',
'execute w',
'read /etc/passwd',
# Testing the quote delimiter for strings
'read "/var/www/moth/w3af/crawl/web_spider/follow_links/a b.html"',
'help',
'lsp',
'payload tcp',
'payload list_processes',
'payload list_processes 20',
'exit', # from shell
'exit', # from w3af
]
expected = ( # start
'OS Commanding was found at: "%s' % target,
# exploit
'Vulnerability successfully exploited. Generated shell object',
'Please use the interact command to interact with the shell objects.',
# read /etc/passwd
'root:x:0:0:root:/root:/bin/bash',
'daemon:x:1:1:daemon:/usr/sbin:/bin/sh',
# read "...a b.html"
'non-zero.',
# help
'',
#lsp
'apache_config_directory',
'kernel_version',
# payload tcp
'| Id | Local Address | Remote Address',
# payload list_processes
'Usage: list_processes <max_pid>',
# payload list_processes 20
'| 1 | init | S (sleeping) | /sbin/init',
)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(
['No such file or directory', 'Exception'])
self.assertFalse(found_errors)
def setUp(self):
self.console_ui = ConsoleUI(do_upd=False)
def test_buggy_scan(self):
target = 'http://moth/w3af/crawl/web_spider/follow_links/1.html'
commands_to_run = ['plugins',
'output console',
'crawl failing_spider',
'crawl config failing_spider',
'set only_forward true',
'back',
'grep path_disclosure',
'back',
'target',
'set target %s' % (target),
'back',
'start',
'bug-report',
'summary',
'report',
'exit']
expected = ('During the current scan (with id: ',
'An exception was found while running crawl.failing_spider on ',
'New URL found by failing_spider plugin: ',
' [1/1] Bug with id 0 reported at https://github.com/andresriancho/w3af/issues/')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
caught_exceptions = self.console._w3af.exception_handler.get_all_exceptions()
self.assertEqual(len(caught_exceptions), 1)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(['No such file or directory',
'Exception'])
self.assertFalse(found_errors)
# Clear the exceptions, we don't need them anymore.
self.console._w3af.exception_handler.clear()
# Close issue from github
issue_id_re = re.compile('https://github.com/andresriancho/w3af/issues/(\d*)')
for line in self._mock_stdout.messages:
mo = issue_id_re.search(line)
if mo is not None:
issue_id = mo.group(1)
gh = Github(OAUTH_TOKEN)
repo = gh.get_user('andresriancho').get_repo('w3af')
issue = repo.get_issue(int(issue_id))
issue.edit(state='closed')
break
else:
self.assertTrue(False, 'Did NOT close test ticket.')
