def setUp(self): super(TaskMapperTest, self).setUp() self.executor = Mock() self.exploits = OrderedDict({ 'test': [ Exploit(exploit_id=1, name='test_1'), Exploit(exploit_id=2, name='test_2') ] }) self.exploits.update(test2=[Exploit(exploit_id=3)]) self.executor.exploits.find_all_matching.return_value = self.exploits self.context = ScanContext(aucote=self.executor, scanner=MagicMock(scan=Scan())) self.task_mapper = TaskMapper(context=self.context) self.cfg = { 'portdetection': { '_internal': { 'categories': ['other', 'brute'] } }, 'tools': { 'test': { 'enable': True }, 'test2': { 'enable': True } } }
def setUp(self): super(NmapToolTest, self).setUp() self.exploit = Exploit(exploit_id=1, name='test_name', risk_level=RiskLevel.NONE) self.exploit2 = Exploit(exploit_id=2, name='test_name', risk_level=RiskLevel.HIGH) self.exploit_conf_args = Exploit(exploit_id=3) self.exploit_conf_args.name = 'test_name2' self.exploit_conf_args.risk_level = RiskLevel.HIGH self.config = { 'scripts': { 'test_name': { 'args': 'test_args' }, 'test_name2': { 'args': MagicMock() } } } self.cfg = { 'tools': { 'nmap': { 'disable_scripts': [], }, 'common': { 'rate': 1337, 'http': { 'useragent': 'test_useragent' } } }, 'config_filename': '' } self.exploits = [self.exploit, self.exploit2] self.port = Port(number=13, transport_protocol=TransportProtocol.TCP, node=Node(node_id=1, ip=ipaddress.ip_address('127.0.0.1'))) self.port.scan = Scan(start=14, end=13) self.port.protocol = 'test_service' self.aucote = MagicMock(storage=Storage(":memory:")) self.context = ScanContext(aucote=self.aucote, scanner=MagicMock(scan=Scan())) self.nmap_tool = NmapTool(context=self.context, exploits=self.exploits, port=self.port, config=self.config)
def setUp(self): """ Prepare some internal variables: exploit, port, exploits, script, vulnerability, scan_task """ super(NmapPortScanTaskTest, self).setUp() self.aucote = MagicMock() self.exploit = Exploit(exploit_id=1, app='nmap', name='test') self.exploit_vuln_non_exist = Exploit(exploit_id=2, app='nmap', name='test2') self.exploits = Exploits() self.exploits.add(self.exploit) self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=None) self.node_ipv6 = Node(ip=ipaddress.ip_address('::1'), node_id=None) self.port = Port(number=22, node=self.node, transport_protocol=TransportProtocol.TCP) self.port.service_name = 'ssh' self.port.scan = Scan() self.port_ipv6 = Port(number=22, node=self.node_ipv6, transport_protocol=TransportProtocol.TCP) self.script = NmapScript(port=self.port, parser=NmapParser(), exploit=self.exploit, name='test', args='test_args') self.script.get_result = MagicMock(return_value='test') self.script2 = NmapScript(port=self.port, parser=NmapInfoParser(), exploit=self.exploit_vuln_non_exist, name='test2') self.context = ScanContext(aucote=self.aucote, scanner=MagicMock(scan=Scan())) self.scan_task = NmapPortScanTask( context=self.context, port=self.port, script_classes=[self.script, self.script2], rate=1337) self.scan_task.store_scan_end = MagicMock() future = Future() future.set_result(ElementTree.fromstring(self.XML)) self.scan_task.command.async_call = MagicMock(return_value=future) self.cfg = {'tools': {'nmap': {'scripts_dir': '', 'timeout': 0}}}
def __init__(self, exploit=None, port=None, output: Optional[str] = '', cve=None, cvss=None, subid=0, vuln_time=None, rowid=None, scan=None, context=None, expiration_time=None): """ Init values Args: exploit(Exploit): Exploit used to detect vulnerability port(Port): Vulnerable port output(str): string or stringable output """ self._time_ms = None self._expiration_time_ms = None self.output = str(output) if output is not None else '' self.exploit = exploit if exploit is not None else Exploit(exploit_id=0) self.port = port self._cve = cve self._cvss = cvss self.subid = subid self.time = vuln_time or time.time() self.rowid = rowid self.scan = scan self.context = context self.expiration_time = expiration_time
def setUp(self): super(HydraToolTest, self).setUp() self.exploit = Exploit(exploit_id=1, name='hydra', app='hydra', risk_level=RiskLevel.NONE) self.exploit2 = Exploit(exploit_id=2, name='hydra', app='hydra', risk_level=RiskLevel.HIGH) self.config = { 'services': ['ssh', 'vnc'], 'mapper': { 'test': 'ssh' }, 'without-login': '******' } self.exploits = [self.exploit, self.exploit2] self.node = Node(node_id=1, ip=ipaddress.ip_address('127.0.0.1')) self.port = Port(number=12, transport_protocol=TransportProtocol.TCP, node=self.node) self.port.protocol = 'test' self.port.scan = Scan(start=14) self.port_no_login = Port(number=12, transport_protocol=TransportProtocol.TCP, node=self.node) self.port_no_login.protocol = 'vnc' self.port_no_login.scan = Scan(start=14) self.aucote = MagicMock() self.context = ScanContext(aucote=self.aucote, scanner=MagicMock(scan=Scan())) self.hydra_tool = HydraTool(context=self.context, exploits=self.exploits, port=self.port, config=self.config) self.hydra_tool_without_login = HydraTool(context=self.context, exploits=self.exploits, port=self.port_no_login, config=self.config)
def test_diff_two_last_scans(self, serializer): exploit = Exploit(exploit_id=1) self.port_info._current_exploits = [self.exploit] scan_2 = Scan() scans = [self.context.scanner.scan, scan_2] self.port_info.storage.get_scans_by_security_scan.return_value = scans vuln_added = Vulnerability(port=self.port, exploit=exploit, subid=3, output='a') vuln_removed = Vulnerability(port=self.port, exploit=exploit, subid=1, output='b') vuln_changed_1 = Vulnerability(port=self.port, exploit=exploit, subid=2, output='c') vuln_changed_2 = Vulnerability(port=self.port, exploit=exploit, subid=2, output='d') vuln_common = Vulnerability(port=self.port, exploit=exploit, subid=5, output='e') self.port_info.storage.get_vulnerabilities.side_effect = ([ vuln_added, vuln_changed_1, vuln_common ], [vuln_removed, vuln_changed_2, vuln_common]) expected = [ VulnerabilityChange(change_time=12, previous_finding=None, current_finding=vuln_added), VulnerabilityChange(change_time=12, previous_finding=vuln_removed, current_finding=None), VulnerabilityChange(change_time=12, previous_finding=vuln_changed_2, current_finding=vuln_changed_1), ] self.port_info.diff_with_last_scan() self.port_info.storage.get_vulnerabilities.assert_has_calls( (call(port=self.port, exploit=self.exploit, scan=self.context.scanner.scan), call(port=self.port, exploit=self.exploit, scan=scan_2)), any_order=True) self.assertCountEqual( self.port_info.storage.save_changes.call_args[0][0], expected) serializer.assert_has_calls((call(vuln) for vuln in expected))
def test_store_scan(self): port = Port(node=None, number=80, transport_protocol=TransportProtocol.UDP) port.scan = Scan(end=25.0) exploit = Exploit(exploit_id=5) self.task.store_scan_end(exploits=[exploit], port=port) self.task.aucote.storage.save_security_scans.assert_called_once_with( exploits=[exploit], port=port, scan=self.context.scanner.scan)
def setUp(self): exploit = Exploit(exploit_id=3) port = Port(node=Node(node_id=2, ip=ipaddress.ip_address('127.0.0.1')), transport_protocol=TransportProtocol.TCP, number=16) self.aucote = MagicMock() self.context = ScanContext(aucote=self.aucote, scanner=MagicMock(scan=Scan())) self.task = SSLScriptTask(port=port, exploits=[exploit], context=self.context)
async def call(self, *args, **kwargs): if not self.port: raise PortNotSpecifiedException() if Exploit(exploit_id=178) in self.exploits: self.context.add_task( SietTask(context=self.context, port=self.port, exploits=[ self.context.aucote.exploits.find( 'aucote-scripts', 'siet') ]))
def setUp(self): super(WhatWebTaskTest, self).setUp() self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1) self.port = Port(node=self.node, number=19, transport_protocol=TransportProtocol.UDP) self.port.protocol = 'http' self.aucote = MagicMock() self.exploit = Exploit(app='whatweb', name='whatweb', exploit_id=1) self.context = ScanContext(aucote=self.aucote, scanner=MagicMock(scan=Scan())) self.task = WhatWebTask(port=self.port, context=self.context, exploits=[self.exploit])
def setUp(self): super(WhatWebToolTest, self).setUp() self.aucote = MagicMock() self.exploit = Exploit(exploit_id=1) self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1) self.port = Port(node=self.node, transport_protocol=TransportProtocol.UDP, number=87) self.config = MagicMock() self.context = ScanContext(aucote=self.aucote, scanner=MagicMock(scan=Scan())) self.tool = WhatWebTool(context=self.context, exploits=[self.exploit], port=self.port, config=self.config)
def __init__(self, scan_only=False, *args, **kwargs): """ Initiazlize variables. Args: port (Port): *args: **kwargs: """ super().__init__(exploits=[Exploit(exploit_id=0, name='portscan', app='portscan')], *args, **kwargs) self.command = NmapBase() self.scan_only = scan_only self.scanner = self.context.scanner
def setUp(self): super(SkipfishToolTest, self).setUp() self.exploit = Exploit(exploit_id=1) self.exploit.name = 'skipfish' self.exploit.risk_level = RiskLevel.NONE self.config = {} self.exploits = [self.exploit] self.port = Port(node=Node(node_id=1, ip=ipaddress.ip_address('127.0.0.1')), number=3, transport_protocol=TransportProtocol.TCP) self.port.scan = Scan(start=13, end=45) self.aucote = MagicMock() self.context = ScanContext(aucote=self.aucote, scanner=MagicMock(scan=Scan())) self.skipfish_tool = SkipfishTool(context=self.context, exploits=self.exploits, port=self.port, config=self.config)
def setUp(self): super(SietTaskTest, self).setUp() self.context = ScanContext(aucote=MagicMock(), scanner=TCPScanner(MagicMock(), MagicMock(), MagicMock(), MagicMock())) self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=14) self.scan = Scan() self.port = Port(node=self.node, number=46, transport_protocol=TransportProtocol.TCP, scan=self.scan) self.exploit = Exploit(exploit_id=15, app='aucote-scripts', name='siet') self.task = SietTask(context=self.context, port=self.port, exploits=[self.exploit]) self.cfg = {'portdetection': {'expiration_period': '7d'}}
async def test_assign_task_for_node(self, cfg): cfg._cfg = self.cfg self.task_mapper._filter_exploits = MagicMock() class_mock = self.EXECUTOR_CONFIG['apps']['test']['class'] self.task_mapper._aucote.exploits.find_by_apps = MagicMock() mock_apps = self.task_mapper._aucote.exploits.find_by_apps exploit = Exploit(exploit_id=3, name='test_3') self.task_mapper._filter_exploits.return_value = [exploit] mock_apps.return_value = {'test': [exploit]} node = Node(1, ipaddress.ip_address('127.0.0.1')) await self.task_mapper.assign_tasks_for_node(node) class_mock.assert_called_once_with( context=self.task_mapper.context, exploits=[exploit], node=node, config=self.EXECUTOR_CONFIG['apps']['test'])
def setUp(self): super(HydraScriptTaskTest, self).setUp() self.aucote = MagicMock() self.port = Port(node=Node(ip='127.0.0.1', node_id=None), transport_protocol=TransportProtocol.TCP, number=22) self.port.service_name = 'ssh' self.port.scan = Scan() self.exploit = Exploit(exploit_id=1) self.scan = Scan() self.context = ScanContext(aucote=self.aucote, scanner=MagicMock(scan=Scan())) self.hydra_script_task = HydraScriptTask( exploits=[self.exploit], context=self.context, port=self.port, service=self.port.service_name) self.hydra_script_task.store_scan_end = MagicMock() self.hydra_script_task.aucote.exploits.find.return_value = self.exploit
def setUp(self): super(NmapPortInfoTaskTest, self).setUp() self.aucote = MagicMock() self.aucote.task_mapper.assign_tasks = MagicMock(return_value=Future()) self.aucote.task_mapper.assign_tasks.return_value.set_result( MagicMock()) self.exploit = Exploit(exploit_id=4) self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1) self.node.os = Service(name='os test name', version='os test version', cpe='cpe:2.3:o:vendor:product:-:*:*:*:*:*:*:*') self.node_ipv6 = Node(ip=ipaddress.ip_address('::1'), node_id=None) self.port = Port(number=22, transport_protocol=TransportProtocol.TCP, node=self.node) self.port.scan = Scan() self.port_ipv6 = Port(number=22, node=self.node_ipv6, transport_protocol=TransportProtocol.TCP) self.scanner = Scanner(aucote=self.aucote) self.scanner.NAME = 'tools' self.context = ScanContext(aucote=self.aucote, scanner=self.scanner) self.port_info = NmapPortInfoTask(context=self.context, port=self.port) self.cfg = { 'portdetection': { 'tools': { 'scan_rate': 1337 }, 'expiration_period': '7d' }, 'tools': { 'nmap': { 'scripts_dir': 'test' } }, }
def test_serialize_vulnchange(self, output): output.return_value = 'test_output' scan_1 = Scan(start=1178603, end=17, protocol=TransportProtocol.UDP, scanner='test_name') scan_2 = Scan(start=187213, end=17, protocol=TransportProtocol.UDP, scanner='test_name') node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1) port = Port(node, transport_protocol=TransportProtocol.TCP, number=88) exploit = Exploit(name="exploit_name", app="exploit_app", exploit_id=18) previous_finding = Vulnerability(output="test_output_1", exploit=exploit, port=port, subid=13, vuln_time=13456) previous_finding.scan = scan_1 previous_finding.row_id = 124 current_finding = Vulnerability(output="test_output_2", exploit=exploit, port=port, subid=13, vuln_time=6456345) current_finding.row_id = 15 current_finding.scan = scan_2 change = VulnerabilityChange(current_finding=current_finding, change_time=124445, previous_finding=previous_finding) expected = bytearray(b'\x00\x64\xff\x9b\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01X\x00\x06\x12\x00' b'\x00\x00\r\x00\x00\x00H\xe1j\x07\x00\x00\x00\x00\x01\x00\x00\x00\x00\x80R\xcd\x00\x00' b'\x00\x00\x00\xa8\x01\xd4\x80\x01\x00\x00\x00\r\x00test_output_1\r\x00test_output_2\x15' b'\x00Vulnerability changed') result = self.serializer.serialize_vulnerability_change(change)._data self.assertEqual(result, expected)
def test_diff_two_last_scans_first_scan(self, serializer): exploit = Exploit(exploit_id=1) self.port_info._current_exploits = [self.exploit] scans = [self.context.scanner.scan] self.port_info.storage.get_scans_by_security_scan.return_value = scans vuln_added = Vulnerability(port=self.port, exploit=exploit, subid=3, output='a') vuln_changed_1 = Vulnerability(port=self.port, exploit=exploit, subid=2, output='c') self.port_info.storage.get_vulnerabilities.return_value = [ vuln_added, vuln_changed_1 ] expected = [ VulnerabilityChange(change_time=12, previous_finding=None, current_finding=vuln_added), VulnerabilityChange(change_time=12, previous_finding=None, current_finding=vuln_changed_1) ] self.port_info.diff_with_last_scan() self.port_info.storage.get_vulnerabilities.assert_has_calls( (call(port=self.port, exploit=self.exploit, scan=self.context.scanner.scan), )) self.assertCountEqual( self.port_info.storage.save_changes.call_args[0][0], expected) serializer.assert_has_calls((call(vuln) for vuln in expected), any_order=True)
def setUp(self): self.serializer = Serializer() self.vuln = Vulnerability(subid=15) node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1) node.os = MagicMock() node.os.name_with_version = 'test_name_and_version' self.context = ScanContext(aucote=None, scanner=TCPScanner(MagicMock(), MagicMock(), MagicMock(), MagicMock())) self.vuln.context = self.context self.port = Port(node=node, number=22, transport_protocol=TransportProtocol.TCP) self.port.protocol = 'ssh' self.port.scan = Scan() self.port.scan.start = datetime.datetime(2016, 8, 16, 15, 23, 10, 183095, tzinfo=utc).timestamp() self.vuln.port = self.port self.vuln.output = 'Test' self.vuln.scan = Scan(start=datetime.datetime(2016, 8, 16, 15, 23, 10, 183095, tzinfo=utc).timestamp(), scanner='tcp') self.exploit = Exploit(exploit_id=1) self.exploit.app = 'test_app' self.exploit.name = 'test_name' self.exploit.title = 'test_title' self.exploit.description = 'test_description' self.exploit.risk_level = RiskLevel.from_name('High') self.exploit.cve = 'CVE-2018-0001' self.exploit.cvss = 9.8 self.exploit.metric = ExploitMetric.VNC_INFO self.exploit.category = ExploitCategory.VULN self.exploit.tags = {ExploitTag.HTTP, ExploitTag.SSL, ExploitTag.HTTPS} self.vuln.exploit = self.exploit self.vuln.time = datetime.datetime(2016, 8, 16, 15, 23, 10, 183095, tzinfo=utc).timestamp()
def setUp(self, cfg): super(CVESearchServiceTaskTest, self).setUp() cfg._cfg = {'tools': {'cve-search': {'api': 'localhost:200'}}} self.example_output = '' with open( path.join(path.dirname(path.abspath(__file__)), 'example_output.json'), 'rb') as f: self.example_output = f.read() self.node = Node(ip='127.0.0.1', node_id=None) self.port = Port(node=self.node, transport_protocol=TransportProtocol.TCP, number=22) self.port.service_name = 'ssh' self.port.scan = Scan() self.port.service = Service() self.app = Service() self.app_2 = Service() self.app.cpe = 'cpe:/a:microsoft:iexplorer:8.0.6001:beta' self.app_2.cpe = 'cpe:/a:microsoft:aexplorer:8.0.6001:beta' self.cpe_txt = 'cpe:/a:microsoft:internet_explorer:8.0.6001:beta' self.os_cpe_txt = 'cpe:/o:a:b:4' self.cpe_without_version = 'cpe:/o:cisco:ios' self.node.os.cpe = self.os_cpe_txt self.port.service.cpe = self.cpe_txt self.exploit = Exploit(exploit_id=1337, name='cve-search', app='cve-search') self.aucote = MagicMock() self.context = ScanContext(aucote=self.aucote, scanner=MagicMock(scan=Scan())) self.task = CVESearchServiceTask(context=self.context, port=self.port, exploits=[self.exploit]) self.vuln_1 = Vulnerability(port=self.port, exploit=self.exploit, cve='CVE-2016-8612', cvss=3.3, output='test summary 1', context=self.context, subid=0) self.vuln_2 = Vulnerability(port=self.port, exploit=self.exploit, cve='CVE-2017-9798', cvss=5.0, output='test summary 2', context=self.context, subid=1) self.vuln_3 = Vulnerability(port=self.port, exploit=self.exploit, cve='CVE-2017-9788', cvss=6.4, output='test summary 3', context=self.context, subid=2)
def setUp(self): self.maxDiff = None self.storage = Storage(conn_string=getenv('AUCOTE_TEST_POSTGRES')) self.scan = Scan(start=1, end=17, protocol=TransportProtocol.UDP, scanner='test_name') self.scan_1 = Scan(rowid=56, protocol=TransportProtocol.UDP, scanner='test_name', start=13, end=19) self.scan_2 = Scan(rowid=79, protocol=TransportProtocol.UDP, scanner='test_name', start=2, end=18) self.scan_3 = Scan(rowid=80, protocol=TransportProtocol.UDP, scanner='test_name_2', start=20, end=45) self.scan_4 = Scan(rowid=78, protocol=TransportProtocol.TCP, scanner='portdetection', start=1, end=2) self.node_1 = Node(node_id=1, ip=ipaddress.ip_address('127.0.0.1')) self.node_1.name = 'test_node_1' self.node_1.scan = Scan(start=15) self.node_2 = Node(node_id=2, ip=ipaddress.ip_address('127.0.0.2')) self.node_2.name = 'test_node_2' self.node_2.scan = Scan(start=56) self.node_3 = Node(node_id=3, ip=ipaddress.ip_address('127.0.0.3')) self.node_3.name = 'test_node_3' self.node_3.scan = Scan(start=98) self.node_4 = Node(node_id=4, ip=ipaddress.ip_address('127.0.0.4')) self.node_4.name = 'test_node_4' self.node_4.scan = Scan(start=3) self.node_scan_1 = NodeScan(node=self.node_1, rowid=13, scan=self.scan_1, timestamp=15) self.node_scan_2 = NodeScan(node=self.node_2, rowid=15, scan=self.scan_1, timestamp=56) self.node_scan_3 = NodeScan(node=self.node_3, rowid=16, scan=self.scan_1, timestamp=98) self.node_scan_3 = NodeScan(node=self.node_3, rowid=17, scan=self.scan_2, timestamp=90) self.port_1 = Port(node=self.node_1, number=45, transport_protocol=TransportProtocol.UDP) self.port_1.scan = self.scan_1 self.port_scan_1 = PortScan(port=self.port_1, scan=self.scan_1, timestamp=176, rowid=124) self.port_2 = Port(node=self.node_2, transport_protocol=TransportProtocol.UDP, number=65) self.port_2.scan = Scan(start=3, end=45) self.port_scan_2 = PortScan(port=self.port_2, scan=self.scan_1, timestamp=987, rowid=15) self.port_3 = Port(node=self.node_3, transport_protocol=TransportProtocol.ICMP, number=99) self.port_3.scan = Scan(start=43, end=180) self.port_scan_3 = PortScan(port=self.port_3, scan=self.scan_1, timestamp=619, rowid=13) self.port_4 = Port(node=self.node_1, number=80, transport_protocol=TransportProtocol.UDP) self.port_4.scan = self.scan_1 self.port_scan_4 = PortScan(port=self.port_4, scan=self.scan_1, timestamp=650, rowid=480) self.port_5 = Port(node=self.node_4, number=22, transport_protocol=TransportProtocol.TCP) self.port_5.scan = self.scan_4 self.exploit_1 = Exploit(exploit_id=14, name='test_name', app='test_app') self.exploit_2 = Exploit(exploit_id=2, name='test_name_2', app='test_app_2') self.exploit_3 = Exploit(exploit_id=56, name='test_name_2', app='test_app') self.exploit_4 = Exploit(exploit_id=0, name='portdetection', app='portdetection') self.security_scan_1 = SecurityScan(exploit=self.exploit_1, port=self.port_1, scan=self.scan_1, scan_start=178, scan_end=851) self.security_scan_2 = SecurityScan(exploit=self.exploit_2, port=self.port_1, scan=self.scan_1, scan_start=109, scan_end=775) self.security_scan_3 = SecurityScan(exploit=self.exploit_3, port=self.port_1, scan=self.scan_2, scan_start=113, scan_end=353) self.security_scan_4 = SecurityScan(exploit=self.exploit_1, port=self.port_1, scan=self.scan_3, scan_start=180, scan_end=222) self.security_scan_5 = SecurityScan(exploit=self.exploit_1, port=self.port_1, scan=self.scan_2, scan_start=14, scan_end=156) self.security_scan_6 = SecurityScan(exploit=self.exploit_2, port=self.port_1, scan=self.scan_2, scan_start=56, scan_end=780) self.security_scan_7 = SecurityScan(exploit=self.exploit_4, port=self.port_5, scan=self.scan_4, scan_start=14, scan_end=890) self.vuln_change_1 = PortDetectionChange( change_time=124445, current_finding=self.port_scan_1, previous_finding=self.port_scan_2) self.vuln_change_2 = PortDetectionChange( change_time=32434, current_finding=self.port_scan_2, previous_finding=self.port_scan_3) self.vulnerability_1 = Vulnerability(port=self.port_1, output='test_output_1', exploit=self.exploit_1, cve='CVE-2017', cvss=6.7, subid=1, vuln_time=13, rowid=134, scan=self.scan_1) self.vulnerability_2 = Vulnerability(port=self.port_1, output='test_output_2', exploit=self.exploit_2, cve='CWE-14', cvss=8.9, subid=2, vuln_time=98, rowid=152, scan=self.scan_1) self.vulnerability_3 = Vulnerability(port=self.port_1, output='test_output_3', exploit=self.exploit_1, cve='CVE-2016', cvss=3.7, subid=2, vuln_time=15, rowid=153, scan=self.scan_2) self.vulnerability_4 = Vulnerability(port=self.port_1, output='test_output_4', exploit=self.exploit_2, cve='CWE-15', cvss=2.9, subid=1, vuln_time=124, rowid=169, scan=self.scan_2) self.vulnerability_5 = Vulnerability(port=self.port_5, output='', exploit=self.exploit_4, cve=None, cvss=None, subid=0, vuln_time=124, rowid=200, scan=self.scan_4, expiration_time=400) self.vulnerability_6 = Vulnerability(port=self.port_5, output='tftp', exploit=self.exploit_4, cve=None, cvss=None, subid=1, vuln_time=124, rowid=201, scan=self.scan_4, expiration_time=400) self.vulnerability_7 = Vulnerability(port=self.port_5, output='tftp server name', exploit=self.exploit_4, cve=None, cvss=None, subid=2, vuln_time=124, rowid=202, scan=self.scan_4, expiration_time=400) self.vulnerability_8 = Vulnerability(port=self.port_5, output='6.7.8', exploit=self.exploit_4, cve=None, cvss=None, subid=3, vuln_time=124, rowid=203, scan=self.scan_4, expiration_time=400) self.vulnerability_9 = Vulnerability(port=self.port_5, output='HERE IS TFTP\n\n\n > ', exploit=self.exploit_4, cve=None, cvss=None, subid=4, vuln_time=124, rowid=204, scan=self.scan_4, expiration_time=400) self.vulnerability_10 = Vulnerability(port=self.port_5, output='test:cpe', exploit=self.exploit_4, cve=None, cvss=None, subid=5, vuln_time=124, rowid=205, scan=self.scan_4, expiration_time=400) self.vulnerability_11 = Vulnerability(port=self.port_5, output='os name', exploit=self.exploit_4, cve=None, cvss=None, subid=6, vuln_time=124, rowid=206, scan=self.scan_4, expiration_time=400) self.vulnerability_12 = Vulnerability(port=self.port_5, output='os version', exploit=self.exploit_4, cve=None, cvss=None, subid=7, vuln_time=124, rowid=207, scan=self.scan_4, expiration_time=400) self.vulnerability_13 = Vulnerability(port=self.port_5, output='test:os:cpe', exploit=self.exploit_4, cve=None, cvss=None, subid=8, vuln_time=124, rowid=208, scan=self.scan_4, expiration_time=400)
def test_is_exploit_allowed_allowed_string(self, cfg): self.thread.NAME = 'test_name' cfg['portdetection.test_name.scripts'] = ["1"] exploit = Exploit(exploit_id=1) self.assertTrue(self.thread.is_exploit_allowed(exploit))
def test_is_exploit_allowed_not_allowed(self, cfg): self.thread.NAME = 'test_name' cfg['portdetection.test_name.scripts'] = [] exploit = Exploit(exploit_id=1) self.assertFalse(self.thread.is_exploit_allowed(exploit))
def setUp(self): self.exploit = Exploit(exploit_id=15, name='test_name', app='test_app', cve='CVE-2017-XXXX,CVE-2018-XXX', cvss='4.6')
def get_app(self): self.aucote = MagicMock() self.storage = Storage(getenv('AUCOTE_TEST_POSTGRES')) self.aucote.storage = self.storage self.storage.connect() self.storage.remove_all() self.storage.init_schema() self.scan_1 = Scan(start=123, end=446, protocol=TransportProtocol.TCP, scanner='tcp') self.scan_2 = Scan(start=230, end=447, protocol=TransportProtocol.UDP, scanner='udp') for scan in (self.scan_1, self.scan_2): self.storage.save_scan(scan) self.node_1 = Node(node_id=13, ip=ipaddress.ip_address("10.156.67.18")) self.node_2 = Node(node_id=75, ip=ipaddress.ip_address("10.156.67.34")) self.node_scan_1 = NodeScan(node=self.node_1, scan=self.scan_1, timestamp=45) self.node_scan_2 = NodeScan(node=self.node_2, scan=self.scan_2, timestamp=88) self.node_scan_3 = NodeScan(node=self.node_1, scan=self.scan_2, timestamp=67) for node_scan in (self.node_scan_1, self.node_scan_2, self.node_scan_3): self.storage.save_node_scan(node_scan) self.port_1 = Port(node=self.node_1, number=34, transport_protocol=TransportProtocol.UDP) self.port_2 = Port(node=self.node_2, number=78, transport_protocol=TransportProtocol.TCP) self.port_scan_1 = PortScan(port=self.port_1, timestamp=1234, scan=self.scan_1, rowid=13) self.port_scan_2 = PortScan(port=self.port_2, timestamp=2345, scan=self.scan_1, rowid=15) for port_scan in (self.port_scan_1, self.port_scan_2): self.storage.save_port_scan(port_scan) self.exploit_1 = Exploit(exploit_id=14, name='test_name', app='test_app') self.exploit_2 = Exploit(exploit_id=2, name='test_name_2', app='test_app_2') self.security_scan_1 = SecurityScan(exploit=self.exploit_1, port=self.port_1, scan=self.scan_1, scan_start=178, scan_end=851) self.security_scan_2 = SecurityScan(exploit=self.exploit_2, port=self.port_1, scan=self.scan_1, scan_start=109, scan_end=775) self.security_scan_3 = SecurityScan(exploit=self.exploit_1, port=self.port_1, scan=self.scan_2, scan_start=114, scan_end=981) for scan in (self.security_scan_1, self.security_scan_2, self.security_scan_3): self.storage.save_sec_scan(scan) self.vulnerability_1 = Vulnerability(exploit=self.exploit_1, port=self.port_1, cvss="6.8", cve="CVE-2017-1231", scan=self.scan_1, output="Vulnerable stuff", vuln_time=134, subid=34) self.vulnerability_2 = Vulnerability(exploit=self.exploit_1, port=self.port_1, cvss="6.8", cve="CVE-2017-1232", scan=self.scan_2, output=None, vuln_time=718, subid=34) for vulnerability in (self.vulnerability_1, self.vulnerability_2): self.storage.save_vulnerability(vulnerability) self.scanner = TCPScanner(aucote=self.aucote, host='localhost', port=1339) self.scanner.NAME = 'test_name' self.scanner.scan.start = 1290 self.scanner.nodes = [ Node(node_id=1, ip=ipaddress.ip_address('127.0.0.1')) ] self.aucote.scanners = [ self.scanner, ToolsScanner(name='tools', aucote=self.aucote) ] endpoints = [(url, handler, { 'aucote': self.aucote }) for url, handler in [ (r"/api/v1/kill", KillHandler), (r"/api/v1/scanners", ScannersHandler), (r"/api/v1/scanners/([\w_]+)", ScannersHandler), (r"/api/v1/tasks", TasksHandler), (r"/api/v1/scans", ScansHandler), (r"/api/v1/scans/([\d]+)", ScansHandler), (r"/api/v1/nodes", NodesHandler), (r"/api/v1/nodes/([\d]+)", NodesHandler), (r"/api/v1/ports", PortsHandler), (r"/api/v1/ports/([\d]+)", PortsHandler), (r"/api/v1/security_scans", SecurityScansHandler), (r"/api/v1/security_scans/([\d]+)", SecurityScansHandler), (r"/api/v1/vulnerabilities", VulnerabilitiesHandler), ]] endpoints.append( (r"/api/v1/vulnerabilities/([\d]+)", VulnerabilitiesHandler, { 'aucote': self.aucote, 'path': '/aucote/' })) self.app = Application(endpoints) return self.app