Esempio n. 1
0
 def setUp(self):
     factory.register(Host)
     factory.register(Interface)
     factory.register(Service)
     factory.register(ModelObjectVuln)
     factory.register(ModelObjectVulnWeb)
     factory.register(ModelObjectNote)
     factory.register(ModelObjectCred)
Esempio n. 2
0
from base64 import b64encode
from tempfile import NamedTemporaryFile
from collections import defaultdict

try:
    from staticmap import StaticMap, CircleMarker
except ImportError:
    print('Please install staticmap with: pip install staticmap')

from persistence.server import models
from persistence.server.server import _save_to_couch
from persistence.server.server_io_exceptions import ConflictInDatabase, CantCommunicateWithServerError, ResourceDoesNotExist
from model.common import factory
from math import radians, cos, sin, asin, sqrt

factory.register(models.Host)
factory.register(models.Vuln)
factory.register(models.Service)
factory.register(models.Interface)

__description__ = 'Import every AP found in a PCAP file'
__prettyname__ = 'Import Wardriving PCAP'

access_point_data = defaultdict(dict)
created_objs = defaultdict(set)


def haversine(lon1, lat1, lon2, lat2):
    """
    Calculate the great circle distance between two points
    on the earth (specified in decimal degrees)
Esempio n. 3
0
 def setUp(self):
     factory.register(Host)
     factory.register(Interface)
     factory.register(Service)
     factory.register(ModelObjectVuln)
     factory.register(ModelObjectVulnWeb)
     factory.register(ModelObjectNote)
     factory.register(ModelObjectCred)
Esempio n. 4
0
 def setUp(self):
     factory.register(Host)
     factory.register(Interface)
     factory.register(Service)
     factory.register(Vuln)
     factory.register(VulnWeb)
     factory.register(Note)
     factory.register(Credential)
Esempio n. 5
0
 def setUp(self):
     factory.register(Host)
     factory.register(Interface)
     factory.register(Service)
     factory.register(Vuln)
     factory.register(VulnWeb)
     factory.register(Note)
     factory.register(Credential)
Esempio n. 6
0
    def test_Plugin_Calls_createAndAddHost(self, monkeypatch):
        self.plugin = NessusPlugin()
        factory.register(Host)
        factory.register(Service)
        factory.register(Vuln)
        factory.register(VulnWeb)
        factory.register(Note)
        factory.register(Credential)

        pending_actions = Queue()
        self.plugin.set_actions_queue(pending_actions)
        monkeypatch.setattr(ModelBase, 'getID', lambda _: 1)
        self.plugin.processReport(self.cd + '/nessus_xml')
        actions = defaultdict(list)
        while not pending_actions.empty():
            action = self.plugin._pending_actions.get(block=True)
            actions[action[0]].append(action[1])

        assert actions[2000][0].name == "12.233.108.201"
        assert actions.keys() == [2000, 2017, 2038, 20008]
        assert len(actions[20008]) == 1
        assert len(actions[2038]) == 1

        assert actions[2038][0].name == "Nessus SYN scanner"

        assert actions[20008][0].ports == [443]
        assert actions[20008][0].name == 'https?'
        assert actions[20008][0].protocol == 'tcp'
Esempio n. 7
0
 def register_factorties(self, monkeypatch):
     factory.register(Host)
     factory.register(Service)
     factory.register(Vuln)
     factory.register(VulnWeb)
     factory.register(Note)
     factory.register(Credential)
     self.pending_actions = Queue()
     self.plugin.set_actions_queue(self.pending_actions)
     monkeypatch.setattr(ModelBase, 'getID', lambda _: 1)
Esempio n. 8
0
    def test_Plugin_creates_apropiate_objects(self, monkeypatch):
        self.plugin = AcunetixPlugin()
        factory.register(Host)
        factory.register(Service)
        factory.register(Vuln)
        factory.register(VulnWeb)
        factory.register(Note)
        factory.register(Credential)

        pending_actions = Queue()
        # getID will wait for faraday-server api response.
        # Since the thread model controller is not running
        # no object will be persisted.
        # The mock is to simulated the api response
        monkeypatch.setattr(ModelBase, 'getID', lambda _: 1)
        self.plugin.set_actions_queue(pending_actions)
        self.plugin.processReport(self.cd + '/acunetix_xml')
        actions = defaultdict(list)
        while not pending_actions.empty():
            action = self.plugin._pending_actions.get(block=True)
            actions[action[0]].append(action[1])

        assert actions.keys() == [2000, 20008, 2038]
        assert len(actions[2000]) == 1
        assert actions[2000][0].name == "5.175.17.140"
        assert len(actions[20008]) == 1
        assert len(actions[2038]) == 52

        assert actions[20008][0].ports == [80]
        assert actions[20008][0].name == 'http'
        assert actions[20008][0].protocol == 'tcp'

        assert "ASP.NET error message" in map(lambda vuln_web: vuln_web.name,
                                              actions[2038])
Esempio n. 9
0
    def test_Plugin_creates_apropiate_objects(self, monkeypatch):
        self.plugin = AcunetixPlugin()
        factory.register(Host)
        factory.register(Service)
        factory.register(Vuln)
        factory.register(VulnWeb)
        factory.register(Note)
        factory.register(Credential)

        pending_actions = Queue()
        # getID will wait for faraday-server api response.
        # Since the thread model controller is not running
        # no object will be persisted.
        # The mock is to simulated the api response
        monkeypatch.setattr(ModelBase, 'getID', lambda _: 1)
        self.plugin.set_actions_queue(pending_actions)
        self.plugin.processReport(self.cd + '/acunetix_xml')
        actions = defaultdict(list)
        while not pending_actions.empty():
            action = self.plugin._pending_actions.get(block=True)
            actions[action[0]].append(action[1])

        assert actions.keys() == [2000, 20008, 2038]
        assert len(actions[2000]) == 1
        assert actions[2000][0].name == "5.175.17.140"
        assert len(actions[20008]) == 1
        assert len(actions[2038]) == 52

        assert actions[20008][0].ports == [80]
        assert actions[20008][0].name == 'http'
        assert actions[20008][0].protocol == 'tcp'

        assert "ASP.NET error message" in map(lambda vuln_web: vuln_web.name, actions[2038])
Esempio n. 10
0
    def test_Plugin_creates_adecuate_objects(self, monkeypatch):
        self.plugin = BurpPlugin()
        factory.register(Host)
        factory.register(Service)
        factory.register(Vuln)
        factory.register(VulnWeb)
        factory.register(Note)
        factory.register(Credential)
        pending_actions = Queue()
        self.plugin.set_actions_queue(pending_actions)
        monkeypatch.setattr(ModelBase, 'getID', lambda _: 1)
        self.plugin.processReport(self.cd + '/burp_xml')
        actions = defaultdict(list)
        while not pending_actions.empty():
            action = self.plugin._pending_actions.get(block=True)
            actions[action[0]].append(action[1])

        assert actions[2000][0].name == "200.20.20.201"
        assert actions.keys() == [2000, 20008, 2038]
        assert len(actions[20008]) == 14
        assert len(actions[2038]) == 14

        assert all('http' == name for name in map(lambda service: service.name, actions[20008]))
        assert all([80] == ports for ports in map(lambda service: service.getPorts(), actions[20008]))
        assert all('tcp' == protocol for protocol in map(lambda service: service.protocol, actions[20008]))
        assert all('open' for status in map(lambda service: service.status, actions[20008]))
Esempio n. 11
0
    def test_Plugin_Calls_createAndAddHost(self, monkeypatch):
        factory.register(Host)
        factory.register(Service)
        factory.register(Vuln)
        factory.register(VulnWeb)
        factory.register(Note)
        factory.register(Credential)
        pending_actions = Queue()
        self.plugin.set_actions_queue(pending_actions)
        monkeypatch.setattr(ModelBase, 'getID', lambda _: 1)
        self.plugin.parseOutputString(self.outputWhoisInfobyte)

        actions = defaultdict(list)
        while not pending_actions.empty():
            action = self.plugin._pending_actions.get(block=True)
            actions[action[0]].append(action[1])

        assert actions[2000][0].name == "205.251.196.172"
        assert actions.keys() == [2000]

        assert len(actions[2000]) == 8
Esempio n. 12
0
    def test_Plugin_Calls_createAndAddHost(self, monkeypatch):
        self.plugin = NessusPlugin()
        factory.register(Host)
        factory.register(Service)
        factory.register(Vuln)
        factory.register(VulnWeb)
        factory.register(Note)
        factory.register(Credential)

        pending_actions = Queue()
        self.plugin.set_actions_queue(pending_actions)
        monkeypatch.setattr(ModelBase, 'getID', lambda _: 1)
        self.plugin.processReport(self.cd + '/nessus_xml')
        actions = defaultdict(list)
        while not pending_actions.empty():
            action = self.plugin._pending_actions.get(block=True)
            actions[action[0]].append(action[1])

        assert actions[2000][0].name == "12.233.108.201"
        assert actions.keys() == [2000, 2017, 2038, 20008]
        assert len(actions[20008]) == 1
        assert len(actions[2038]) == 1

        assert actions[2038][0].name == "Nessus SYN scanner"

        assert actions[20008][0].ports == [443]
        assert actions[20008][0].name == 'https?'
        assert actions[20008][0].protocol == 'tcp'
Esempio n. 13
0
    def test_Plugin_creates_apropiate_objects(self, monkeypatch):
        self.plugin = NexposeFullPlugin()
        factory.register(Host)
        factory.register(Service)
        factory.register(Vuln)
        factory.register(VulnWeb)
        factory.register(Note)
        factory.register(Credential)
        pending_actions = Queue()
        self.plugin.set_actions_queue(pending_actions)
        monkeypatch.setattr(ModelBase, 'getID', lambda _: 1)
        self.plugin.processReport(self.cd + '/nexpose_full_xml')

        actions = defaultdict(list)
        while not pending_actions.empty():
            action = self.plugin._pending_actions.get(block=True)
            actions[action[0]].append(action[1])

        assert actions[2000][0].name == "192.168.1.1"
        assert actions.keys() == [2000, 2017, 2019, 2038, 20008]

        assert len(actions[2000]) == 8
        assert len(actions[20008]) == 20
        assert len(actions[2027]) == 0
        assert len(actions[2038]) == 403
        assert len(actions[2039]) == 0
Esempio n. 14
0
    def test_Plugin_creates_adecuate_objects(self, monkeypatch):
        self.plugin = BurpPlugin()
        factory.register(Host)
        factory.register(Service)
        factory.register(Vuln)
        factory.register(VulnWeb)
        factory.register(Note)
        factory.register(Credential)
        pending_actions = Queue()
        self.plugin.set_actions_queue(pending_actions)
        monkeypatch.setattr(ModelBase, 'getID', lambda _: 1)
        self.plugin.processReport(self.cd + '/burp_xml')
        actions = defaultdict(list)
        while not pending_actions.empty():
            action = self.plugin._pending_actions.get(block=True)
            actions[action[0]].append(action[1])

        assert actions[2000][0].name == "200.20.20.201"
        assert actions.keys() == [2000, 20008, 2038]
        assert len(actions[20008]) == 14
        assert len(actions[2038]) == 14

        assert all(
            'http' == name
            for name in map(lambda service: service.name, actions[20008]))
        assert all([80] == ports for ports in map(
            lambda service: service.getPorts(), actions[20008]))
        assert all('tcp' == protocol for protocol in map(
            lambda service: service.protocol, actions[20008]))
        assert all(
            'open'
            for status in map(lambda service: service.status, actions[20008]))
Esempio n. 15
0
 def setUp(self):
     self.plugin = AcunetixPlugin()
     factory.register(Host)
     factory.register(Interface)
     factory.register(Service)
     factory.register(Vuln)
     factory.register(VulnWeb)
     factory.register(Note)
     factory.register(Credential)
Esempio n. 16
0
 def setUp(self):
     self.plugin = NessusPlugin()
     factory.register(Host)
     factory.register(Interface)
     factory.register(Service)
     factory.register(ModelObjectVuln)
     factory.register(ModelObjectVulnWeb)
     factory.register(ModelObjectNote)
     factory.register(ModelObjectCred)
Esempio n. 17
0
    def test_Plugin_Calls_createAndAddHost(self, monkeypatch):
        factory.register(Host)
        factory.register(Service)
        factory.register(Vuln)
        factory.register(VulnWeb)
        factory.register(Note)
        factory.register(Credential)
        pending_actions = Queue()
        self.plugin.set_actions_queue(pending_actions)
        monkeypatch.setattr(ModelBase, 'getID', lambda _: 1)

        self.plugin.parseOutputString(self.outputTelnetLocalhost)

        actions = defaultdict(list)
        while not pending_actions.empty():
            action = self.plugin._pending_actions.get(block=True)
            actions[action[0]].append(action[1])

        assert actions[2000][0].name == "127.0.0.1"
        assert actions.keys() == [2000, 20008]

        assert len(actions[2000]) == 1
        assert len(actions[20008]) == 1
Esempio n. 18
0
 def register_factorties(self, monkeypatch):
     factory.register(Host)
     factory.register(Service)
     factory.register(Vuln)
     factory.register(VulnWeb)
     factory.register(Note)
     factory.register(Credential)
     self.pending_actions = Queue()
     self.plugin.set_actions_queue(self.pending_actions)
     monkeypatch.setattr(ModelBase, 'getID', lambda _: 1)