def run(): print("\ttesting version 2.3.0") ptp = PTP('wapiti') print('\t\ttest parse():', end=' ') res = 'OK' try: ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/wapiti/2.3.0')) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) ptp = PTP() print('\t\ttest is_mine():', end=' ') res = 'OK' try: ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/wapiti/2.3.0')) assert ptp.parser.__tool__ == 'wapiti' assert re.match(ptp.parser.__version__, '2.3.0', flags=re.IGNORECASE) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print('\t\ttest get_highest_ranking():', end=' ') res = 'OK' try: assert ptp.get_highest_ranking() == MEDIUM except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print("\ttesting version 2.2.1") print('\t\ttest parse():', end=' ') res = 'OK' try: ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/wapiti/2.2.1')) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) ptp = PTP() print('\t\ttest is_mine():', end=' ') res = 'OK' try: ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/wapiti/2.2.1')) assert ptp.parser.__tool__ == 'wapiti' assert re.match(ptp.parser.__version__, '2.2.1', flags=re.IGNORECASE) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print('\t\ttest get_highest_ranking():', end=' ') res = 'OK' try: # Haha, Wapiti 2.2.1 detects SQL injections that 2.3.0 doesn't. assert ptp.get_highest_ranking() == HIGH except Exception: print(traceback.format_exc()) res = 'FAIL' print(res)
def run(): try: reports = REPORTS.iteritems() except AttributeError: # Python3 reports = REPORTS.items() for test, outputs in reports: print('\t> %s (manual)' % test) for output in outputs: ptp = PTP(test) print('\t\ttest parse():', end=' ') res = 'OK' try: ptp.parse( pathname=os.path.join( os.getcwd(), 'tests/owasp/', test), filename=output) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print('\t\ttest get_highest_ranking():', end=' ') res = 'OK' try: assert ptp.get_highest_ranking() == outputs[output] except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print('\t> %s (auto)' % test) for output in outputs: ptp = PTP() print('\t\ttest is_mine():', end=' ') res = 'OK' try: ptp.parse( pathname=os.path.join(os.getcwd(), 'tests/owasp/', test)) assert ptp.parser.__tool__ == 'owasp-cm-008' except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) ptp = PTP() print('\t\ttest get_highest_ranking():', end=' ') res = 'OK' try: ptp.parse( pathname=os.path.join(os.getcwd(), 'tests/owasp/', test), first=False) assert ptp.get_highest_ranking() == MAX_RANKING except Exception: print(traceback.format_exc()) res = 'FAIL' print(res)
def run(): try: reports = REPORTS.iteritems() except AttributeError: # Python3 reports = REPORTS.items() for test, outputs in reports: print('\t> %s (manual)' % test) for output in outputs: ptp = PTP(test) print('\t\ttest parse():', end=' ') res = 'OK' try: ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/owasp/', test), filename=output) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print('\t\ttest get_highest_ranking():', end=' ') res = 'OK' try: assert ptp.get_highest_ranking() == outputs[output] except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print('\t> %s (auto)' % test) for output in outputs: ptp = PTP() print('\t\ttest is_mine():', end=' ') res = 'OK' try: ptp.parse( pathname=os.path.join(os.getcwd(), 'tests/owasp/', test)) assert ptp.parser.__tool__ == 'owasp-cm-008' except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) ptp = PTP() print('\t\ttest get_highest_ranking():', end=' ') res = 'OK' try: ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/owasp/', test), first=False) assert ptp.get_highest_ranking() == MAX_RANKING except Exception: print(traceback.format_exc()) res = 'FAIL' print(res)
def run(): ptp = PTP('robots') print('\ttest parse():', end=' ') res = 'OK' try: ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/robots/reports')) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) ptp = PTP() print('\ttest is_mine():', end=' ') res = 'OK' try: ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/robots/reports')) assert ptp.parser.__tool__ == 'robots' except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print('\ttest get_highest_ranking():', end=' ') res = 'OK' try: assert ptp.get_highest_ranking() == INFO except Exception: print(traceback.format_exc()) res = 'FAIL' print(res)
def run(): ptp = PTP('robots') print('\ttest parse():', end=' ') res = 'OK' try: ptp.parse( pathname=os.path.join(os.getcwd(), 'tests/robots/reports')) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) ptp = PTP() print('\ttest is_mine():', end=' ') res = 'OK' try: ptp.parse( pathname=os.path.join(os.getcwd(), 'tests/robots/reports')) assert ptp.parser.__tool__ == 'robots' except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print('\ttest get_highest_ranking():', end=' ') res = 'OK' try: assert ptp.get_highest_ranking() == INFO except Exception: print(traceback.format_exc()) res = 'FAIL' print(res)
def run(): try: reports = REPORTS.iteritems() except AttributeError: # Python3 reports = REPORTS.items() for plugin, outputs in reports: print('\t> %s' % plugin) for output in outputs: ptp = PTP('metasploit') print('\t\ttest parse():', end=' ') res = 'OK' try: ptp.parse( pathname=os.path.join( os.getcwd(), 'tests/metasploit/', plugin), filename=output, plugin=plugin) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print('\t\ttest get_highest_ranking():', end=' ') res = 'OK' try: assert ptp.get_highest_ranking() == outputs[output] except Exception: print(traceback.format_exc()) res = 'FAIL' print(res)
def test_ptp_get_highest_ranking_info_vuln(self): my_ptp = PTP() my_ptp.vulns = [{ 'ranking': constants.UNKNOWN }, { 'ranking': constants.INFO }] self.assertTrue(my_ptp.get_highest_ranking() == constants.INFO)
def rank_plugin(output, pathname): """Rank the current plugin results using PTP. Returns the ranking value. """ def extract_metasploit_modules(cmd): """Extract the metasploit modules contained in the plugin output. Returns the list of (module name, output file) found, an empty list otherwise. """ return [ ( output['output'].get('ModifiedCommand', '').split(' ')[3], os.path.basename( output['output'].get('RelativeFilePath', '')) ) for output in cmd if ('output' in output and 'metasploit' in output['output'].get('ModifiedCommand', ''))] msf_modules = None if output: msf_modules = extract_metasploit_modules(output) owtf_rank = -1 # Default ranking value set to Unknown. try: parser = PTP() if msf_modules: for module in msf_modules: parser.parse( pathname=pathname, filename=module[1], # Path to output file. plugin=module[0]) # Metasploit module name. owtf_rank = max(owtf_rank, parser.get_highest_ranking()) else: parser.parse(pathname=pathname) owtf_rank = parser.get_highest_ranking() except PTPError: # Not supported tool or report not found. pass if owtf_rank == UNKNOWN: # Ugly truth... PTP gives 0 for unranked but OWTF uses -1 instead... owtf_rank = -1 return owtf_rank
def rank_plugin(output, pathname): """Rank the current plugin results using PTP. Returns the ranking value. """ def extract_metasploit_modules(cmd): """Extract the metasploit modules contained in the plugin output. Returns the list of (module name, output file) found, an empty list otherwise. """ return [ ( output['output'].get('ModifiedCommand', '').split(' ')[3], os.path.basename( output['output'].get('RelativeFilePath', '')) ) for output in cmd if ('output' in output and 'metasploit' in output['output'].get('ModifiedCommand', ''))] msf_modules = None if output: # Try to retrieve metasploit modules that were used. msf_modules = extract_metasploit_modules(output) owtf_rank = -1 # Default ranking value set to Unknown. try: parser = PTP() if msf_modules: # PTP needs to know the msf module name. for module in msf_modules: parser.parse( pathname=pathname, filename=module[1], # Path to output file. plugin=module[0]) # Metasploit module name. owtf_rank = max( owtf_rank, parser.get_highest_ranking()) else: # Otherwise use the auto-detection mode. parser.parse(pathname=pathname) owtf_rank = parser.get_highest_ranking() except PTPError: # Not supported tool or report not found. pass return owtf_rank
def rank_plugin(output, pathname): """Rank the current plugin results using PTP. Returns the ranking value. """ def extract_metasploit_modules(cmd): """Extract the metasploit modules contained in the plugin output. Returns the list of (module name, output file) found, an empty list otherwise. """ return [ (output['output'].get('ModifiedCommand', '').split(' ')[3], os.path.basename(output['output'].get('RelativeFilePath', ''))) for output in cmd if ('output' in output and 'metasploit' in output['output'].get('ModifiedCommand', '')) ] msf_modules = None if output: msf_modules = extract_metasploit_modules(output) owtf_rank = -1 # Default ranking value set to Unknown. try: parser = PTP() if msf_modules: for module in msf_modules: parser.parse( pathname=pathname, filename=module[1], # Path to output file. plugin=module[0]) # Metasploit module name. owtf_rank = max(owtf_rank, parser.get_highest_ranking()) else: parser.parse(pathname=pathname) owtf_rank = parser.get_highest_ranking() except PTPError: # Not supported tool or report not found. pass if owtf_rank == UNKNOWN: # Ugly truth... PTP gives 0 for unranked but OWTF uses -1 instead... owtf_rank = -1 return owtf_rank
def test_ptp_get_highest_ranking_medium_vuln(self): my_ptp = PTP() my_ptp.vulns = [{ 'ranking': constants.UNKNOWN }, { 'ranking': constants.INFO }, { 'ranking': constants.LOW }, { 'ranking': constants.MEDIUM }] self.assertTrue(my_ptp.get_highest_ranking() == constants.MEDIUM)
def rank_plugin(output, pathname): """Rank the current plugin results using PTP. Returns the ranking value. """ def extract_metasploit_modules(cmd): """Extract the metasploit modules contained in the plugin output. Returns the list of (module name, output file) found, an empty list otherwise. """ return [ (output['output'].get('ModifiedCommand', '').split(' ')[3], os.path.basename(output['output'].get('RelativeFilePath', ''))) for output in cmd if ('output' in output and 'metasploit' in output['output'].get('ModifiedCommand', '')) ] msf_modules = None if output: # Try to retrieve metasploit modules that were used. msf_modules = extract_metasploit_modules(output) owtf_rank = -1 # Default ranking value set to Unknown. try: parser = PTP() if msf_modules: # PTP needs to know the msf module name. for module in msf_modules: parser.parse( pathname=pathname, filename=module[1], # Path to output file. plugin=module[0]) # Metasploit module name. owtf_rank = max(owtf_rank, parser.get_highest_ranking()) else: # Otherwise use the auto-detection mode. parser.parse(pathname=pathname) owtf_rank = parser.get_highest_ranking() except PTPError: # Not supported tool or report not found. pass return owtf_rank
def run(): try: reports = REPORTS.iteritems() except AttributeError: # Python3 reports = REPORTS.items() for report, ranking in reports: ptp = PTP('dirbuster') print('\ttest parse():', end=' ') res = 'OK' try: ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/dirbuster/1.0'), filename=report) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) ptp = PTP() print('\ttest is_mine():', end=' ') res = 'OK' try: ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/dirbuster/1.0'), filename=report) assert ptp.parser.__tool__ == 'dirbuster' except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print('\ttest get_highest_ranking():', end=' ') res = 'OK' try: assert ptp.get_highest_ranking() == ranking except Exception: print(traceback.format_exc()) res = 'FAIL' print(res)
def run(): try: reports = REPORTS.iteritems() except AttributeError: # Python3 reports = REPORTS.items() for report, ranking in reports: ptp = PTP('dirbuster') print('\ttest parse():', end=' ') res = 'OK' try: ptp.parse( pathname=os.path.join(os.getcwd(), 'tests/dirbuster/1.0'), filename=report) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) ptp = PTP() print('\ttest is_mine():', end=' ') res = 'OK' try: ptp.parse( pathname=os.path.join(os.getcwd(), 'tests/dirbuster/1.0'), filename=report) assert ptp.parser.__tool__ == 'dirbuster' except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print('\ttest get_highest_ranking():', end=' ') res = 'OK' try: assert ptp.get_highest_ranking() == ranking except Exception: print(traceback.format_exc()) res = 'FAIL' print(res)
def test_ptp_get_highest_ranking_unknown_vuln(self): my_ptp = PTP() my_ptp.vulns = [{'ranking': constants.UNKNOWN}] self.assertTrue(my_ptp.get_highest_ranking() == constants.UNKNOWN)
def run(): ptp = PTP('skipfish') print('\ttest parse():', end=' ') res = 'OK' try: ptp.parse( pathname=os.path.join( os.getcwd(), 'tests/skipfish/2.10b/demo.testfire.net') ) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) ptp = PTP() print('\ttest is_mine():', end=' ') res = 'OK' try: ptp.parse( pathname=os.path.join( os.getcwd(), 'tests/skipfish/2.10b/demo.testfire.net') ) assert ptp.parser.__tool__ == 'skipfish' except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print('\ttest get_highest_ranking():', end=' ') res = 'OK' try: assert ptp.get_highest_ranking() == HIGH except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) ptp = PTP('skipfish') print('\ttest parse():', end=' ') res = 'OK' try: ptp.parse( pathname=os.path.join( os.getcwd(), 'tests/skipfish/2.10b/local.xss') ) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) ptp = PTP() print('\ttest is_mine():', end=' ') res = 'OK' try: ptp.parse( pathname=os.path.join( os.getcwd(), 'tests/skipfish/2.10b/local.xss') ) assert ptp.parser.__tool__ == 'skipfish' except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print('\ttest get_highest_ranking():', end=' ') res = 'OK' try: assert ptp.get_highest_ranking() == MEDIUM except Exception: print(traceback.format_exc()) res = 'FAIL' print(res)
def test_ptp_get_highest_ranking_vuln_with_no_ranking(self): my_ptp = PTP() my_ptp.vulns = [{'foo': 'bar'}] self.assertTrue(my_ptp.get_highest_ranking() == constants.UNKNOWN)
def run(): try: versions = TESTFILES.iterkeys() except AttributeError: # Python3 versions = TESTFILES.keys() for version in versions: print("\ttesting version '%s' (auto)" % version) ptp = PTP() print('\t\ttest is_mine():', end=' ') res = 'OK' try: ptp.parse(pathname=os.path.join(os.getcwd(), '%s/%s' % (TESTPATH, version))) assert ptp.parser.__tool__ == 'w3af' except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) ptp = PTP('w3af') print('\t\ttest parse():', end=' ') res = 'OK' try: ptp.parse(pathname=os.path.join(os.getcwd(), '%s/%s' % (TESTPATH, version))) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print("\ttesting version '%s' (manual)" % version) try: couples = TESTFILES[version].iteritems() except AttributeError: # Python3 couples = TESTFILES[version].items() for testfile, ranking in couples: ptp = PTP('w3af') print('\t\ttest is_mine():', end=' ') res = 'OK' try: ptp.parse( pathname=os.path.join(os.getcwd(), '%s/%s' % (TESTPATH, version)), filename=testfile) assert ptp.parser.__tool__ == 'w3af' except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print('\t\ttest parse():', end=' ') res = 'OK' try: ptp.parse( pathname=os.path.join(os.getcwd(), '%s/%s' % (TESTPATH, version)), filename=testfile) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print('\t\ttest get_highest_ranking():', end=' ') res = 'OK' try: assert ptp.get_highest_ranking() == ranking except Exception: print(traceback.format_exc()) res = 'FAIL' print(res)
def test_ptp_get_highest_ranking_high_vuln(self): my_ptp = PTP() my_ptp.vulns = [ {'ranking': constants.UNKNOWN}, {'ranking': constants.INFO}, {'ranking': constants.LOW}, {'ranking': constants.MEDIUM}, {'ranking': constants.HIGH}] self.assertTrue(my_ptp.get_highest_ranking() == constants.HIGH)
def test_ptp_get_highest_ranking_info_vuln(self): my_ptp = PTP() my_ptp.vulns = [{'ranking': constants.UNKNOWN}, {'ranking': constants.INFO}] self.assertTrue(my_ptp.get_highest_ranking() == constants.INFO)
def run(): try: versions = TESTFILES.iterkeys() except AttributeError: # Python3 versions = TESTFILES.keys() for version in versions: print("\ttesting version '%s' (auto)" % version) ptp = PTP() print('\t\ttest is_mine():', end=' ') res = 'OK' try: ptp.parse(pathname=os.path.join(os.getcwd(), '%s/%s' % (TESTPATH, version))) assert ptp.parser.__tool__ == 'w3af' except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) ptp = PTP('w3af') print('\t\ttest parse():', end=' ') res = 'OK' try: ptp.parse(pathname=os.path.join(os.getcwd(), '%s/%s' % (TESTPATH, version))) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print("\ttesting version '%s' (manual)" % version) try: couples = TESTFILES[version].iteritems() except AttributeError: # Python3 couples = TESTFILES[version].items() for testfile, ranking in couples: ptp = PTP('w3af') print('\t\ttest is_mine():', end=' ') res = 'OK' try: ptp.parse(pathname=os.path.join(os.getcwd(), '%s/%s' % (TESTPATH, version)), filename=testfile) assert ptp.parser.__tool__ == 'w3af' except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print('\t\ttest parse():', end=' ') res = 'OK' try: ptp.parse(pathname=os.path.join(os.getcwd(), '%s/%s' % (TESTPATH, version)), filename=testfile) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print('\t\ttest get_highest_ranking():', end=' ') res = 'OK' try: assert ptp.get_highest_ranking() == ranking except Exception: print(traceback.format_exc()) res = 'FAIL' print(res)
def run(): print("\ttesting version 2.3.0") ptp = PTP('wapiti') print('\t\ttest parse():', end=' ') res = 'OK' try: ptp.parse( pathname=os.path.join(os.getcwd(), 'tests/wapiti/2.3.0')) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) ptp = PTP() print('\t\ttest is_mine():', end=' ') res = 'OK' try: ptp.parse( pathname=os.path.join(os.getcwd(), 'tests/wapiti/2.3.0')) assert ptp.parser.__tool__ == 'wapiti' assert re.match(ptp.parser.__version__, '2.3.0', flags=re.IGNORECASE) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print('\t\ttest get_highest_ranking():', end=' ') res = 'OK' try: assert ptp.get_highest_ranking() == MEDIUM except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print("\ttesting version 2.2.1") print('\t\ttest parse():', end=' ') res = 'OK' try: ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/wapiti/2.2.1')) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) ptp = PTP() print('\t\ttest is_mine():', end=' ') res = 'OK' try: ptp.parse( pathname=os.path.join(os.getcwd(), 'tests/wapiti/2.2.1')) assert ptp.parser.__tool__ == 'wapiti' assert re.match(ptp.parser.__version__, '2.2.1', flags=re.IGNORECASE) except Exception: print(traceback.format_exc()) res = 'FAIL' print(res) print('\t\ttest get_highest_ranking():', end=' ') res = 'OK' try: # Haha, Wapiti 2.2.1 detects SQL injections that 2.3.0 doesn't. assert ptp.get_highest_ranking() == HIGH except Exception: print(traceback.format_exc()) res = 'FAIL' print(res)