def test_diff_two_last_scans(self, serializer):
exploit = Exploit(exploit_id=1)
self.port_info._current_exploits = [self.exploit]
scan_2 = Scan()
scans = [self.context.scanner.scan, scan_2]
self.port_info.storage.get_scans_by_security_scan.return_value = scans
vuln_added = Vulnerability(port=self.port,
exploit=exploit,
subid=3,
output='a')
vuln_removed = Vulnerability(port=self.port,
exploit=exploit,
subid=1,
output='b')
vuln_changed_1 = Vulnerability(port=self.port,
exploit=exploit,
subid=2,
output='c')
vuln_changed_2 = Vulnerability(port=self.port,
exploit=exploit,
subid=2,
output='d')
vuln_common = Vulnerability(port=self.port,
exploit=exploit,
subid=5,
output='e')
self.port_info.storage.get_vulnerabilities.side_effect = ([
vuln_added, vuln_changed_1, vuln_common
], [vuln_removed, vuln_changed_2, vuln_common])
expected = [
VulnerabilityChange(change_time=12,
previous_finding=None,
current_finding=vuln_added),
VulnerabilityChange(change_time=12,
previous_finding=vuln_removed,
current_finding=None),
VulnerabilityChange(change_time=12,
previous_finding=vuln_changed_2,
current_finding=vuln_changed_1),
]
self.port_info.diff_with_last_scan()
self.port_info.storage.get_vulnerabilities.assert_has_calls(
(call(port=self.port,
exploit=self.exploit,
scan=self.context.scanner.scan),
call(port=self.port, exploit=self.exploit, scan=scan_2)),
any_order=True)
self.assertCountEqual(
self.port_info.storage.save_changes.call_args[0][0], expected)
serializer.assert_has_calls((call(vuln) for vuln in expected))
def get_vulnerabilities(self, results):
"""
CVE-Search could be run multiple times during one scan by different scripts, so duplicated vulnerabilities
should be filtered out.
Filtering is executed against vulnerabilities already stored in storage
"""
current_scan_vulns = self.storage.get_vulnerabilities(
port=self._port, scan=self.scan, exploit=self.exploit)
next_subid = max([-1, *[vuln.subid
for vuln in current_scan_vulns]]) + 1
cves = [vuln.cve for vuln in current_scan_vulns]
return_value = []
for result in results:
# Omit vulnerability with the same CVE found in current scan
if result.cwe in cves:
log.debug('%s:(%s) vulnerability already discovered for %s',
self.exploit, result.cve, self._port)
continue
return_value.append(
Vulnerability(exploit=self.exploit,
port=self._port,
output=result.summary,
scan=self.scan,
context=self.context,
cve=result.cve,
cvss=result.cvss,
subid=next_subid))
next_subid += 1
return return_value
def _get_vulnerabilities(self, results):
"""
Proceed results of command execution and returns list of vulnerabilities
Args:
results:
Returns:
list
"""
tmp_scripts = results.findall('host/ports/port/script') or []
tmp_scripts.extend(results.findall('prescript/script') or [])
tmp_scripts.extend(results.findall('host/hostscript/script') or [])
vulnerabilities = []
for script in tmp_scripts:
found_handler = self.scripts.get(script.get('id'))
if found_handler is None:
continue
log.debug('Parsing output from script %s', script.get('id'))
result = found_handler.get_result(script)
if result is None:
continue
vulnerabilities.append(
Vulnerability(exploit=found_handler.exploit,
port=self._port,
output=result,
context=self.context,
scan=self.scan))
return vulnerabilities
def test_init_with_params(self):
vulnerability = Vulnerability(exploit=self.exploit,
cve='CVE-XXXX-XXXX',
cvss=6.7)
self.assertEqual(vulnerability.cve, 'CVE-XXXX-XXXX')
self.assertEqual(vulnerability.cvss, 6.7)
def _get_vulnerabilities(self, results):
return [
Vulnerability(exploit=self.exploit,
scan=self.scan,
port=self._port,
output=results,
context=self.context)
]
def _get_vulnerabilities(self, results):
return_value = []
for result in results:
return_value.append(
Vulnerability(exploit=result.exploit,
port=self._port,
output=result.output,
context=self.context,
scan=self.scan))
return return_value
def test_vulnerability_serializer_port_only(self):
scan = Scan(start=datetime.datetime(2016, 8, 16, 15, 23, 10, 183095, tzinfo=utc).timestamp(),
scanner='scanner')
result = self.serializer.serialize_vulnerability(Vulnerability(port=self.port, scan=scan))._data
expected = bytearray(b'\xe7\xfb\xf2\x93V\x01\x00\x00\x16\x00\x00\x64\xff\x9b\x00\x00\x00\x00\x00\x00\x00\x00'
b'\x7f\x00\x00\x01\x01\x00\x00\x00\x03\x00ssh\x00\x00\x00\x00\x06\xe7\xfb\xf2\x93V\x01'
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0`\xd5!\x03\x00\x00\x00\x15\x00'
b'test_name_and_version\x05\x00OTHER\x07\x00scanner\x00\x00\x00\x00\x00\x00\x00\x00'
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
self.assertEqual(result, expected)
async def execute(self, *args, **kwargs):
exploit = self.aucote.exploits.find('aucote-active-directory',
'aucote-active-directory')
nodes = "\n".join(" - {0}".format(node.ip) for node in self.nodes)
output = "Active Directory Controllers from {0} for {1}:\n{2}".format(
self.port.node.ip, self.domain, nodes)
vuln = Vulnerability(port=self.port,
output=output,
exploit=exploit,
context=self.context,
scan=self.scan)
self.store_vulnerability(vuln)
def test_get_vulnerabilities_duplicated(self):
results = CVESearchVulnerabilityResults()
result_1 = CVESearchVulnerabilityResult(cwe='CVE-2016-435')
result_1.summary = 'test_vuln'
results.vulnerabilities = (result_1, )
vuln_1 = Vulnerability(cve='CVE-2016-435', output='test_vuln')
self.aucote.storage.get_vulnerabilities.return_value = (vuln_1, )
result = self.task.get_vulnerabilities(results=results)
self.assertEqual(result, [])
def test_diff_two_last_scans_first_scan(self, serializer):
exploit = Exploit(exploit_id=1)
self.port_info._current_exploits = [self.exploit]
scans = [self.context.scanner.scan]
self.port_info.storage.get_scans_by_security_scan.return_value = scans
vuln_added = Vulnerability(port=self.port,
exploit=exploit,
subid=3,
output='a')
vuln_changed_1 = Vulnerability(port=self.port,
exploit=exploit,
subid=2,
output='c')
self.port_info.storage.get_vulnerabilities.return_value = [
vuln_added, vuln_changed_1
]
expected = [
VulnerabilityChange(change_time=12,
previous_finding=None,
current_finding=vuln_added),
VulnerabilityChange(change_time=12,
previous_finding=None,
current_finding=vuln_changed_1)
]
self.port_info.diff_with_last_scan()
self.port_info.storage.get_vulnerabilities.assert_has_calls(
(call(port=self.port,
exploit=self.exploit,
scan=self.context.scanner.scan), ))
self.assertCountEqual(
self.port_info.storage.save_changes.call_args[0][0], expected)
serializer.assert_has_calls((call(vuln) for vuln in expected),
any_order=True)
async def execute(self, *args, **kwargs):
data = None
try:
result = await self.context.aucote.tftp_server.async_get_file(
str(self._port.node.ip), self.callback, self.filename)
try:
with open(result, 'r') as f:
lines = f.readlines()
data = lines[:10]
data.extend([
line for line in lines if line.startswith('hostname')
])
finally:
try:
os.unlink(result)
except Exception: # pylint: disable=broad-exception
log.warning('Cannot remove file %s', self.filename)
if data:
output = "".join(data)
vulnerability = Vulnerability(exploit=self.exploit,
port=self._port,
output=output,
scan=self.scan,
context=self.context)
self.store_vulnerability(vuln=vulnerability)
except TFTPError as exception:
log.warning('Exception during executing %s: %s', self,
str(exception))
finally:
self._port.scan.end = int(time.time())
self.store_scan_end(exploits=self.current_exploits,
port=self._port)
def test_serialize_vulnchange(self, output):
output.return_value = 'test_output'
scan_1 = Scan(start=1178603, end=17, protocol=TransportProtocol.UDP, scanner='test_name')
scan_2 = Scan(start=187213, end=17, protocol=TransportProtocol.UDP, scanner='test_name')
node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
port = Port(node, transport_protocol=TransportProtocol.TCP, number=88)
exploit = Exploit(name="exploit_name", app="exploit_app", exploit_id=18)
previous_finding = Vulnerability(output="test_output_1", exploit=exploit, port=port, subid=13, vuln_time=13456)
previous_finding.scan = scan_1
previous_finding.row_id = 124
current_finding = Vulnerability(output="test_output_2", exploit=exploit, port=port, subid=13, vuln_time=6456345)
current_finding.row_id = 15
current_finding.scan = scan_2
change = VulnerabilityChange(current_finding=current_finding, change_time=124445,
previous_finding=previous_finding)
expected = bytearray(b'\x00\x64\xff\x9b\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01X\x00\x06\x12\x00'
b'\x00\x00\r\x00\x00\x00H\xe1j\x07\x00\x00\x00\x00\x01\x00\x00\x00\x00\x80R\xcd\x00\x00'
b'\x00\x00\x00\xa8\x01\xd4\x80\x01\x00\x00\x00\r\x00test_output_1\r\x00test_output_2\x15'
b'\x00Vulnerability changed')
result = self.serializer.serialize_vulnerability_change(change)._data
self.assertEqual(result, expected)
def setUp(self):
self.serializer = Serializer()
self.vuln = Vulnerability(subid=15)
node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
node.os = MagicMock()
node.os.name_with_version = 'test_name_and_version'
self.context = ScanContext(aucote=None, scanner=TCPScanner(MagicMock(), MagicMock(), MagicMock(), MagicMock()))
self.vuln.context = self.context
self.port = Port(node=node, number=22, transport_protocol=TransportProtocol.TCP)
self.port.protocol = 'ssh'
self.port.scan = Scan()
self.port.scan.start = datetime.datetime(2016, 8, 16, 15, 23, 10, 183095, tzinfo=utc).timestamp()
self.vuln.port = self.port
self.vuln.output = 'Test'
self.vuln.scan = Scan(start=datetime.datetime(2016, 8, 16, 15, 23, 10, 183095, tzinfo=utc).timestamp(),
scanner='tcp')
self.exploit = Exploit(exploit_id=1)
self.exploit.app = 'test_app'
self.exploit.name = 'test_name'
self.exploit.title = 'test_title'
self.exploit.description = 'test_description'
self.exploit.risk_level = RiskLevel.from_name('High')
self.exploit.cve = 'CVE-2018-0001'
self.exploit.cvss = 9.8
self.exploit.metric = ExploitMetric.VNC_INFO
self.exploit.category = ExploitCategory.VULN
self.exploit.tags = {ExploitTag.HTTP, ExploitTag.SSL, ExploitTag.HTTPS}
self.vuln.exploit = self.exploit
self.vuln.time = datetime.datetime(2016, 8, 16, 15, 23, 10, 183095, tzinfo=utc).timestamp()
def setUp(self):
self.maxDiff = None
self.storage = Storage(conn_string=getenv('AUCOTE_TEST_POSTGRES'))
self.scan = Scan(start=1,
end=17,
protocol=TransportProtocol.UDP,
scanner='test_name')
self.scan_1 = Scan(rowid=56,
protocol=TransportProtocol.UDP,
scanner='test_name',
start=13,
end=19)
self.scan_2 = Scan(rowid=79,
protocol=TransportProtocol.UDP,
scanner='test_name',
start=2,
end=18)
self.scan_3 = Scan(rowid=80,
protocol=TransportProtocol.UDP,
scanner='test_name_2',
start=20,
end=45)
self.scan_4 = Scan(rowid=78,
protocol=TransportProtocol.TCP,
scanner='portdetection',
start=1,
end=2)
self.node_1 = Node(node_id=1, ip=ipaddress.ip_address('127.0.0.1'))
self.node_1.name = 'test_node_1'
self.node_1.scan = Scan(start=15)
self.node_2 = Node(node_id=2, ip=ipaddress.ip_address('127.0.0.2'))
self.node_2.name = 'test_node_2'
self.node_2.scan = Scan(start=56)
self.node_3 = Node(node_id=3, ip=ipaddress.ip_address('127.0.0.3'))
self.node_3.name = 'test_node_3'
self.node_3.scan = Scan(start=98)
self.node_4 = Node(node_id=4, ip=ipaddress.ip_address('127.0.0.4'))
self.node_4.name = 'test_node_4'
self.node_4.scan = Scan(start=3)
self.node_scan_1 = NodeScan(node=self.node_1,
rowid=13,
scan=self.scan_1,
timestamp=15)
self.node_scan_2 = NodeScan(node=self.node_2,
rowid=15,
scan=self.scan_1,
timestamp=56)
self.node_scan_3 = NodeScan(node=self.node_3,
rowid=16,
scan=self.scan_1,
timestamp=98)
self.node_scan_3 = NodeScan(node=self.node_3,
rowid=17,
scan=self.scan_2,
timestamp=90)
self.port_1 = Port(node=self.node_1,
number=45,
transport_protocol=TransportProtocol.UDP)
self.port_1.scan = self.scan_1
self.port_scan_1 = PortScan(port=self.port_1,
scan=self.scan_1,
timestamp=176,
rowid=124)
self.port_2 = Port(node=self.node_2,
transport_protocol=TransportProtocol.UDP,
number=65)
self.port_2.scan = Scan(start=3, end=45)
self.port_scan_2 = PortScan(port=self.port_2,
scan=self.scan_1,
timestamp=987,
rowid=15)
self.port_3 = Port(node=self.node_3,
transport_protocol=TransportProtocol.ICMP,
number=99)
self.port_3.scan = Scan(start=43, end=180)
self.port_scan_3 = PortScan(port=self.port_3,
scan=self.scan_1,
timestamp=619,
rowid=13)
self.port_4 = Port(node=self.node_1,
number=80,
transport_protocol=TransportProtocol.UDP)
self.port_4.scan = self.scan_1
self.port_scan_4 = PortScan(port=self.port_4,
scan=self.scan_1,
timestamp=650,
rowid=480)
self.port_5 = Port(node=self.node_4,
number=22,
transport_protocol=TransportProtocol.TCP)
self.port_5.scan = self.scan_4
self.exploit_1 = Exploit(exploit_id=14,
name='test_name',
app='test_app')
self.exploit_2 = Exploit(exploit_id=2,
name='test_name_2',
app='test_app_2')
self.exploit_3 = Exploit(exploit_id=56,
name='test_name_2',
app='test_app')
self.exploit_4 = Exploit(exploit_id=0,
name='portdetection',
app='portdetection')
self.security_scan_1 = SecurityScan(exploit=self.exploit_1,
port=self.port_1,
scan=self.scan_1,
scan_start=178,
scan_end=851)
self.security_scan_2 = SecurityScan(exploit=self.exploit_2,
port=self.port_1,
scan=self.scan_1,
scan_start=109,
scan_end=775)
self.security_scan_3 = SecurityScan(exploit=self.exploit_3,
port=self.port_1,
scan=self.scan_2,
scan_start=113,
scan_end=353)
self.security_scan_4 = SecurityScan(exploit=self.exploit_1,
port=self.port_1,
scan=self.scan_3,
scan_start=180,
scan_end=222)
self.security_scan_5 = SecurityScan(exploit=self.exploit_1,
port=self.port_1,
scan=self.scan_2,
scan_start=14,
scan_end=156)
self.security_scan_6 = SecurityScan(exploit=self.exploit_2,
port=self.port_1,
scan=self.scan_2,
scan_start=56,
scan_end=780)
self.security_scan_7 = SecurityScan(exploit=self.exploit_4,
port=self.port_5,
scan=self.scan_4,
scan_start=14,
scan_end=890)
self.vuln_change_1 = PortDetectionChange(
change_time=124445,
current_finding=self.port_scan_1,
previous_finding=self.port_scan_2)
self.vuln_change_2 = PortDetectionChange(
change_time=32434,
current_finding=self.port_scan_2,
previous_finding=self.port_scan_3)
self.vulnerability_1 = Vulnerability(port=self.port_1,
output='test_output_1',
exploit=self.exploit_1,
cve='CVE-2017',
cvss=6.7,
subid=1,
vuln_time=13,
rowid=134,
scan=self.scan_1)
self.vulnerability_2 = Vulnerability(port=self.port_1,
output='test_output_2',
exploit=self.exploit_2,
cve='CWE-14',
cvss=8.9,
subid=2,
vuln_time=98,
rowid=152,
scan=self.scan_1)
self.vulnerability_3 = Vulnerability(port=self.port_1,
output='test_output_3',
exploit=self.exploit_1,
cve='CVE-2016',
cvss=3.7,
subid=2,
vuln_time=15,
rowid=153,
scan=self.scan_2)
self.vulnerability_4 = Vulnerability(port=self.port_1,
output='test_output_4',
exploit=self.exploit_2,
cve='CWE-15',
cvss=2.9,
subid=1,
vuln_time=124,
rowid=169,
scan=self.scan_2)
self.vulnerability_5 = Vulnerability(port=self.port_5,
output='',
exploit=self.exploit_4,
cve=None,
cvss=None,
subid=0,
vuln_time=124,
rowid=200,
scan=self.scan_4,
expiration_time=400)
self.vulnerability_6 = Vulnerability(port=self.port_5,
output='tftp',
exploit=self.exploit_4,
cve=None,
cvss=None,
subid=1,
vuln_time=124,
rowid=201,
scan=self.scan_4,
expiration_time=400)
self.vulnerability_7 = Vulnerability(port=self.port_5,
output='tftp server name',
exploit=self.exploit_4,
cve=None,
cvss=None,
subid=2,
vuln_time=124,
rowid=202,
scan=self.scan_4,
expiration_time=400)
self.vulnerability_8 = Vulnerability(port=self.port_5,
output='6.7.8',
exploit=self.exploit_4,
cve=None,
cvss=None,
subid=3,
vuln_time=124,
rowid=203,
scan=self.scan_4,
expiration_time=400)
self.vulnerability_9 = Vulnerability(port=self.port_5,
output='HERE IS TFTP\n\n\n > ',
exploit=self.exploit_4,
cve=None,
cvss=None,
subid=4,
vuln_time=124,
rowid=204,
scan=self.scan_4,
expiration_time=400)
self.vulnerability_10 = Vulnerability(port=self.port_5,
output='test:cpe',
exploit=self.exploit_4,
cve=None,
cvss=None,
subid=5,
vuln_time=124,
rowid=205,
scan=self.scan_4,
expiration_time=400)
self.vulnerability_11 = Vulnerability(port=self.port_5,
output='os name',
exploit=self.exploit_4,
cve=None,
cvss=None,
subid=6,
vuln_time=124,
rowid=206,
scan=self.scan_4,
expiration_time=400)
self.vulnerability_12 = Vulnerability(port=self.port_5,
output='os version',
exploit=self.exploit_4,
cve=None,
cvss=None,
subid=7,
vuln_time=124,
rowid=207,
scan=self.scan_4,
expiration_time=400)
self.vulnerability_13 = Vulnerability(port=self.port_5,
output='test:os:cpe',
exploit=self.exploit_4,
cve=None,
cvss=None,
subid=8,
vuln_time=124,
rowid=208,
scan=self.scan_4,
expiration_time=400)
def _get_vulnerabilities(self, results):
log.debug(results.with_severity_le(SSLSeverity.WARN).output)
return [Vulnerability(exploit=self.exploit, port=self._port, scan=self.scan,
output=results.with_severity_ge(SSLSeverity.LOW).output, context=self.context)]
async def execute(self):
"""
Scans port, parses output for obtain information about service name and version and pass it to the task mapper
Returns:
None
"""
if isinstance(self._port, (BroadcastPort, PhysicalPort)):
await self.aucote.task_mapper.assign_tasks(self._port)
return
args = self.prepare_args()
xml = await self.command.async_call(args=args)
self.port.scan.end = int(time.time())
banner = xml.find("host/ports/port/script[@id='banner']")
if banner is None:
log.debug('No banner for %s:%i', self._port.node.ip, self._port.number)
else:
self._port.banner = banner.get('output')
service = xml.find("host/ports/port/service")
if service is None:
log.debug('No service for %s:%i', self._port.node.ip, self._port.number)
else:
self._port.protocol = service.get('name')
if self._port.protocol == 'http':
if service.get('tunnel') == 'ssl':
self._port.protocol = 'https'
self._port.service.name = service.get('product')
self._port.service.version = service.get('version')
cpe = service.find("cpe")
if cpe is not None:
self._port.service.cpe = cpe.text
self.storage.save_security_scan(port=self.port, exploit=self.exploit, scan=self.scan)
cpe = self.port.service.cpe.as_fs() if self.port.service.cpe else None
vulnerabilities = [
Vulnerability(exploit=self.exploit, port=self.port, output=self.port.protocol,
subid=Vulnerability.SERVICE_PROTOCOL, context=self.context, scan=self.scan),
Vulnerability(exploit=self.exploit, port=self.port, output=self.port.service.name,
subid=Vulnerability.SERVICE_NAME, context=self.context, scan=self.scan),
Vulnerability(exploit=self.exploit, port=self.port, output=self.port.service.version,
subid=Vulnerability.SERVICE_VERSION, context=self.context, scan=self.scan),
Vulnerability(exploit=self.exploit, port=self.port, output=self.port.banner,
subid=Vulnerability.SERVICE_BANNER, context=self.context, scan=self.scan),
Vulnerability(exploit=self.exploit, port=self.port, output=cpe,
subid=Vulnerability.SERVICE_CPE, context=self.context, scan=self.scan),
Vulnerability(exploit=self.exploit, port=self.port, output=self.port.node.os.name,
subid=Vulnerability.OS_NAME, context=self.context, scan=self.scan),
Vulnerability(exploit=self.exploit, port=self.port, output=self.port.node.os.version,
subid=Vulnerability.OS_VERSION, context=self.context, scan=self.scan),
Vulnerability(exploit=self.exploit, port=self.port, subid=Vulnerability.OS_CPE, context=self.context,
output=str(self.port.node.os.cpe.cpe_str) if self.port.node.os.cpe else None, scan=self.scan)
]
self.aucote.storage.save_vulnerabilities(vulnerabilities=vulnerabilities, scan=self.scan)
self.store_vulnerability(Vulnerability(port=self._port, context=self.context, scan=self.scan))
self.diff_with_last_scan()
if not self.scan_only:
await TaskMapper(context=self.context).assign_tasks(self._port)
def get_vulnerabilities(self, results):
return Vulnerability(exploit=self.exploit, output=str(results), port=self.port, context=self.context,
scan=self.scan)
def test_init_with_exploit(self):
vulnerability = Vulnerability(exploit=self.exploit)
self.assertEqual(vulnerability.cve, 'CVE-2017-XXXX,CVE-2018-XXX')
self.assertEqual(vulnerability.cvss, 4.6)
def test_init(self):
vulnerability = Vulnerability()
self.assertEqual(vulnerability.cve, '')
self.assertEqual(vulnerability.cvss, 0.)
def setUp(self, cfg):
super(CVESearchServiceTaskTest, self).setUp()
cfg._cfg = {'tools': {'cve-search': {'api': 'localhost:200'}}}
self.example_output = ''
with open(
path.join(path.dirname(path.abspath(__file__)),
'example_output.json'), 'rb') as f:
self.example_output = f.read()
self.node = Node(ip='127.0.0.1', node_id=None)
self.port = Port(node=self.node,
transport_protocol=TransportProtocol.TCP,
number=22)
self.port.service_name = 'ssh'
self.port.scan = Scan()
self.port.service = Service()
self.app = Service()
self.app_2 = Service()
self.app.cpe = 'cpe:/a:microsoft:iexplorer:8.0.6001:beta'
self.app_2.cpe = 'cpe:/a:microsoft:aexplorer:8.0.6001:beta'
self.cpe_txt = 'cpe:/a:microsoft:internet_explorer:8.0.6001:beta'
self.os_cpe_txt = 'cpe:/o:a:b:4'
self.cpe_without_version = 'cpe:/o:cisco:ios'
self.node.os.cpe = self.os_cpe_txt
self.port.service.cpe = self.cpe_txt
self.exploit = Exploit(exploit_id=1337,
name='cve-search',
app='cve-search')
self.aucote = MagicMock()
self.context = ScanContext(aucote=self.aucote,
scanner=MagicMock(scan=Scan()))
self.task = CVESearchServiceTask(context=self.context,
port=self.port,
exploits=[self.exploit])
self.vuln_1 = Vulnerability(port=self.port,
exploit=self.exploit,
cve='CVE-2016-8612',
cvss=3.3,
output='test summary 1',
context=self.context,
subid=0)
self.vuln_2 = Vulnerability(port=self.port,
exploit=self.exploit,
cve='CVE-2017-9798',
cvss=5.0,
output='test summary 2',
context=self.context,
subid=1)
self.vuln_3 = Vulnerability(port=self.port,
exploit=self.exploit,
cve='CVE-2017-9788',
cvss=6.4,
output='test summary 3',
context=self.context,
subid=2)
def get_app(self):
self.aucote = MagicMock()
self.storage = Storage(getenv('AUCOTE_TEST_POSTGRES'))
self.aucote.storage = self.storage
self.storage.connect()
self.storage.remove_all()
self.storage.init_schema()
self.scan_1 = Scan(start=123,
end=446,
protocol=TransportProtocol.TCP,
scanner='tcp')
self.scan_2 = Scan(start=230,
end=447,
protocol=TransportProtocol.UDP,
scanner='udp')
for scan in (self.scan_1, self.scan_2):
self.storage.save_scan(scan)
self.node_1 = Node(node_id=13, ip=ipaddress.ip_address("10.156.67.18"))
self.node_2 = Node(node_id=75, ip=ipaddress.ip_address("10.156.67.34"))
self.node_scan_1 = NodeScan(node=self.node_1,
scan=self.scan_1,
timestamp=45)
self.node_scan_2 = NodeScan(node=self.node_2,
scan=self.scan_2,
timestamp=88)
self.node_scan_3 = NodeScan(node=self.node_1,
scan=self.scan_2,
timestamp=67)
for node_scan in (self.node_scan_1, self.node_scan_2,
self.node_scan_3):
self.storage.save_node_scan(node_scan)
self.port_1 = Port(node=self.node_1,
number=34,
transport_protocol=TransportProtocol.UDP)
self.port_2 = Port(node=self.node_2,
number=78,
transport_protocol=TransportProtocol.TCP)
self.port_scan_1 = PortScan(port=self.port_1,
timestamp=1234,
scan=self.scan_1,
rowid=13)
self.port_scan_2 = PortScan(port=self.port_2,
timestamp=2345,
scan=self.scan_1,
rowid=15)
for port_scan in (self.port_scan_1, self.port_scan_2):
self.storage.save_port_scan(port_scan)
self.exploit_1 = Exploit(exploit_id=14,
name='test_name',
app='test_app')
self.exploit_2 = Exploit(exploit_id=2,
name='test_name_2',
app='test_app_2')
self.security_scan_1 = SecurityScan(exploit=self.exploit_1,
port=self.port_1,
scan=self.scan_1,
scan_start=178,
scan_end=851)
self.security_scan_2 = SecurityScan(exploit=self.exploit_2,
port=self.port_1,
scan=self.scan_1,
scan_start=109,
scan_end=775)
self.security_scan_3 = SecurityScan(exploit=self.exploit_1,
port=self.port_1,
scan=self.scan_2,
scan_start=114,
scan_end=981)
for scan in (self.security_scan_1, self.security_scan_2,
self.security_scan_3):
self.storage.save_sec_scan(scan)
self.vulnerability_1 = Vulnerability(exploit=self.exploit_1,
port=self.port_1,
cvss="6.8",
cve="CVE-2017-1231",
scan=self.scan_1,
output="Vulnerable stuff",
vuln_time=134,
subid=34)
self.vulnerability_2 = Vulnerability(exploit=self.exploit_1,
port=self.port_1,
cvss="6.8",
cve="CVE-2017-1232",
scan=self.scan_2,
output=None,
vuln_time=718,
subid=34)
for vulnerability in (self.vulnerability_1, self.vulnerability_2):
self.storage.save_vulnerability(vulnerability)
self.scanner = TCPScanner(aucote=self.aucote,
host='localhost',
port=1339)
self.scanner.NAME = 'test_name'
self.scanner.scan.start = 1290
self.scanner.nodes = [
Node(node_id=1, ip=ipaddress.ip_address('127.0.0.1'))
]
self.aucote.scanners = [
self.scanner,
ToolsScanner(name='tools', aucote=self.aucote)
]
endpoints = [(url, handler, {
'aucote': self.aucote
}) for url, handler in [
(r"/api/v1/kill", KillHandler),
(r"/api/v1/scanners", ScannersHandler),
(r"/api/v1/scanners/([\w_]+)", ScannersHandler),
(r"/api/v1/tasks", TasksHandler),
(r"/api/v1/scans", ScansHandler),
(r"/api/v1/scans/([\d]+)", ScansHandler),
(r"/api/v1/nodes", NodesHandler),
(r"/api/v1/nodes/([\d]+)", NodesHandler),
(r"/api/v1/ports", PortsHandler),
(r"/api/v1/ports/([\d]+)", PortsHandler),
(r"/api/v1/security_scans", SecurityScansHandler),
(r"/api/v1/security_scans/([\d]+)", SecurityScansHandler),
(r"/api/v1/vulnerabilities", VulnerabilitiesHandler),
]]
endpoints.append(
(r"/api/v1/vulnerabilities/([\d]+)", VulnerabilitiesHandler, {
'aucote': self.aucote,
'path': '/aucote/'
}))
self.app = Application(endpoints)
return self.app
