def test_scan_invalid(self):
# This is needed for dirb binary to be added to the path
original_pathvar = os.environ['PATH']
os.environ['PATH'] = uppath(os.path.realpath(__file__), 2) \
+ '/vendor/dirb/' + ':' \
+ original_pathvar
host_name = "infosec.mozilla.org"
# Wordlist does not matter here, but we want to give it
# an invalid command line option (e.g '-b')
scanner = DirectoryEnumScanner(arguments_list=['-b'])
return_code, result = scanner.scan(host_name)
assert not return_code == 0
assert 'host' in result
assert 'illegal' in result['errors']
def test_scan_timeout(self):
# This is needed for dirb binary to be added to the path
original_pathvar = os.environ['PATH']
os.environ['PATH'] = uppath(os.path.realpath(__file__), 2) \
+ '/vendor/dirb/' + ':' \
+ original_pathvar
host_name = "infosec.mozilla.org"
# Give it a long wordlist to guarantee time out
scanner = DirectoryEnumScanner(wordlist='long')
return_code, result = scanner.scan(host_name)
assert not return_code == 0
assert 'host' in result
assert 'output' in result
assert 'TIMEDOUT' in result['errors']
# Set PATH to original value
os.environ['PATH'] = original_pathvar
def test_scan_no_timeout(self):
# This is needed for dirb binary to be added to the path
original_pathvar = os.environ['PATH']
os.environ['PATH'] = uppath(os.path.realpath(__file__), 2) \
+ '/vendor/dirb/' + ':' \
+ original_pathvar
host_name = "infosec.mozilla.org"
# By default this will use the short wordlist
scanner = DirectoryEnumScanner(wordlist='short')
return_code, result = scanner.scan(host_name)
assert return_code == 0
assert 'host' in result
assert 'output' in result
assert len(result['errors']) == 0
assert len(result['output']) > 0
# Set PATH to original value
os.environ['PATH'] = original_pathvar
def scan(self, hostname):
# Not very elegant, but for test purposes,
# we need to know if we are running in Lambda
if "LAMBDA_ENV" in os.environ and os.environ["LAMBDA_ENV"] == "true":
path_prefix = os.environ['LAMBDA_TASK_ROOT']
# We know we are in Amazon Linux
dirb = "dirb"
else:
path_prefix = uppath(os.path.realpath(__file__), 2)
# Here we also need to check the local platform we are
# running. This is because we have 2 vendored binaries
# for dirb, one for OSX and one for Linux
if sys.platform.startswith('darwin'):
dirb = "dirb-osx"
elif sys.platform.startswith('linux'):
dirb = "dirb"
else:
self.logger.error("[-] Unable to run dirb, unidentified or unsupported architecture.")
# Now decide on the wordlist
wordlist_options = {
'short': path_prefix + "/vendor/dirb/wordlists/custom/RobotsDisallowed-Top1000.txt",
'medium': path_prefix + "/vendor/dirb/wordlists/custom/quickhits.txt",
'long': path_prefix + "/vendor/dirb/wordlists/custom/common.txt"
}
# Currently no other tools other than dirb is supported,
# but maybe we should explore gobuster here too
if self.tool == "dirb":
# Assume here that standalone dirb binary is in the PATH
# This is done in the main handler file
self.logger.info("[+] Running dirb scan on {}".format(hostname))
results = {}
results['host'] = hostname
process_args = [dirb, "https://" + hostname, wordlist_options[self.wordlist]]
process_args.extend(self.arguments)
try:
p = subprocess.Popen(
process_args,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
universal_newlines=True,
shell=False
)
except Exception as e:
self.logger.error("[-] File/executable not found, or an unexpected error occurred: {}".format(e))
return False, False
else:
try:
# Even though a lambda function can only run for 15 mins max
# # We should probably kill a scan after 10 mins to be safe
dirb_out, dirb_err = p.communicate(timeout=600)
except subprocess.TimeoutExpired:
# If we are here, the command did run but got
# killed after the timeout period
self.logger.warning("[!] Directory enum timed out, killing process.")
p.kill()
dirb_out, dirb_err = p.communicate()
results['output'] = dirb_out
results['errors'] = dirb_err.join(' (TIMEDOUT)')
else:
# No exception, dirb ran and finished on time
results['output'] = dirb_out
results['errors'] = dirb_err
finally:
return p.returncode, results
else:
self.logger.error("[-] Unrecognized/unsupported tool for scan.")