class Test_HostsModel(Common):
"""Unit tests for HostsModel"""
model = None
def setup(self):
self.model = HostsModel()
self.db.q("TRUNCATE TABLE `hosts`")
self.db.q("TRUNCATE TABLE `ips`")
def test_get_id_by_name(self):
self.db.q("INSERT INTO `hosts` (id, project_id, ip_id, name, descr) VALUES (2,1,1,'test.com', '')")
assert self.model.get_id_by_name(1, 'test.com') == 2
def test_exists(self):
self.db.q("INSERT INTO `hosts` (id, project_id, ip_id, name, descr) VALUES (2,1,1,'test.com', '')")
assert self.model.exists(1, 'test.com')
assert not self.model.exists(1, 'test1.com')
def test_add(self):
assert not self.model.exists(1, 'test.com')
assert self.model.add(1, 1, 'test.com', '') == 1
assert self.model.exists(1, 'test.com')
def test_list(self):
self.db.q("INSERT INTO `ips` (id, project_id, ip, descr) VALUES (1, 1, '111.111.111.111', '')")
self.db.q("INSERT INTO `hosts` (id, project_id, ip_id, name, descr) VALUES (1, 1, 1, 'test1.com', 'desc1')")
self.db.q("INSERT INTO `hosts` (id, project_id, ip_id, name, descr) VALUES (2, 1, 1, 'test2.com', 'desc2')")
self.db.q("INSERT INTO `hosts` (id, project_id, ip_id, name, descr) VALUES (3, 1, 1, 'test3.com', 'desc3')")
test_data = [
{'id': 1, 'name': 'test1.com', 'ip': '111.111.111.111', 'descr': 'desc1'},
{'id': 2, 'name': 'test2.com', 'ip': '111.111.111.111', 'descr': 'desc2'},
{'id': 3, 'name': 'test3.com', 'ip': '111.111.111.111', 'descr': 'desc3'},
]
assert test_data == self.model.list(1, '111.111.111.111')
def test_list_of_names(self):
self.db.q("INSERT INTO `ips` (id, project_id, ip, descr) VALUES (1, 1, '111.111.111.111', '')")
self.db.q("INSERT INTO `hosts` (id, project_id, ip_id, name, descr) VALUES (1, 1, 1, 'test1.com', 'desc1')")
self.db.q("INSERT INTO `hosts` (id, project_id, ip_id, name, descr) VALUES (2, 1, 1, 'test2.com', 'desc2')")
self.db.q("INSERT INTO `hosts` (id, project_id, ip_id, name, descr) VALUES (3, 1, 1, 'test3.com', 'desc3')")
test_data = ['test1.com', 'test2.com', 'test3.com']
assert test_data == self.model.list_of_names(1)
def test_delete(self):
self.db.q("INSERT INTO `hosts` (id, project_id, ip_id, name, descr) VALUES (2,1,1,'test.com', '')")
assert self.model.exists(1, 'test.com')
self.model.delete(1, 'test.com')
assert not self.model.exists(1, 'test.com')
def scan_action(self):
""" Scan action of module """
self.enable_logger()
self.validate_main()
self.pre_start_inf()
if self.options['proxies'].value:
Registry().get('proxies').load(self.options['proxies'].value)
result = []
q = FuzzerUrlsJob()
U = UrlsModel()
if os.path.exists('/tmp/fuzzer-urls.txt'):
os.remove('/tmp/fuzzer-urls.txt')
urls = U.list_by_host_name(Registry().get('pData')['id'],
self.options['host'].value)
for url in urls:
if url['url'].count('?'):
to_add = self._generate_fuzz_urls(url['url'])
for item in to_add:
file_put_contents('/tmp/fuzzer-urls.txt', item + "\n",
True)
generator = FileGenerator('/tmp/fuzzer-urls.txt')
q.set_generator(generator)
self.logger.log("Loaded {0} variants.".format(generator.lines_count))
counter = WSCounter(1, 60, generator.lines_count)
w_thrds = []
for _ in range(int(self.options['threads'].value)):
if self.options['selenium'].value:
worker = SFuzzerUrlsThread(
q, self.options['host'].value,
self.options['protocol'].value.lower(),
self.options['method'].value.lower(),
self.options['delay'].value,
self.options['ddos-detect-phrase'].value,
self.options['ddos-human-action'].value,
self.options['browser-recreate-phrase'].value, counter,
result)
else:
worker = FuzzerUrlsThread(
q, self.options['host'].value,
self.options['protocol'].value.lower(),
self.options['method'].value.lower(),
self.options['delay'].value, counter, result)
worker.setDaemon(True)
worker.start()
w_thrds.append(worker)
time.sleep(1)
while len(w_thrds):
for worker in w_thrds:
if worker.done or Registry().get('proxy_many_died'):
del w_thrds[w_thrds.index(worker)]
if int(time.time()) - worker.last_action > int(Registry().get(
'config')['main']['kill_thread_after_secs']):
self.logger.log("Thread killed by time")
del w_thrds[w_thrds.index(worker)]
time.sleep(2)
if result:
self.logger.log("\nPut results into DB...")
Requests = RequestsModel()
Hosts = HostsModel()
project_id = Registry().get('pData')['id']
host_id = Hosts.get_id_by_name(project_id, self.options['host'].value)
added = 0
for fuzz in result:
self.logger.log("{0} {1}://{2}{3} (Word: {4})".format(
self.options['method'].value.upper(),
self.options['protocol'].value.lower(),
self.options['host'].value, fuzz['url'],
", ".join(fuzz['words'])))
_id = Requests.add(
project_id, host_id,
urlparse(fuzz['url']).path,
urlparse(fuzz['url']).query, {}, self.options['method'].value,
self.options['protocol'].value.lower(), 'fuzzer',
'Found word: {0}'.format(", ".join(fuzz['words'])))
added += 1 if _id else 0
self.logger.log("Added {0} new requests in database".format(added))
self.done = True
def scan_action(self):
""" Scan action of module """
self.enable_logger()
self.validate_main()
self.pre_start_inf()
if self.options['proxies'].value:
Registry().get('proxies').load(self.options['proxies'].value)
result = []
q = FuzzerHeadersJob()
U = UrlsModel()
urls = U.list_by_host_name(Registry().get('pData')['id'], self.options['host'].value)
to_scan = []
for url in urls:
to_scan.append(url['url'])
q.load_dict(to_scan)
self.logger.log("Loaded {0} variants.".format(len(to_scan)))
counter = WSCounter(1, 60, len(to_scan))
w_thrds = []
for _ in range(int(self.options['threads'].value)):
worker = FuzzerHeadersThread(
q,
self.options['host'].value,
self.options['protocol'].value.lower(),
self.options['method'].value.lower(),
self.options['delay'].value,
counter,
result
)
worker.setDaemon(True)
worker.start()
w_thrds.append(worker)
time.sleep(1)
while len(w_thrds):
for worker in w_thrds:
if worker.done:
del w_thrds[w_thrds.index(worker)]
time.sleep(2)
Requests = RequestsModel()
Hosts = HostsModel()
project_id = Registry().get('pData')['id']
host_id = Hosts.get_id_by_name(project_id, self.options['host'].value)
added = 0
for fuzz in result:
self.logger.log("{0} {1}://{2}{3} (Word: {4}, Header: {5})".format(
self.options['method'].value.upper(),
self.options['protocol'].value.lower(),
self.options['host'].value,
fuzz['url'],
", ".join(fuzz['words']),
fuzz['header']
))
_id = Requests.add(
project_id,
host_id,
urlparse(fuzz['url']).path,
urlparse(fuzz['url']).query,
{fuzz['header']: Registry().get('fuzzer_evil_value')},
self.options['method'].value,
self.options['protocol'].value.lower(),
'fuzzer',
'Found word(s): {0}'.format(", ".join(fuzz['words']))
)
added += 1 if _id else 0
self.logger.log("\nAdded {0} new requests in database".format(added))
self.done = True
def scan_action(self):
""" Scan action """
self.enable_logger()
self.validate_main()
self.pre_start_inf()
if self.options['proxies'].value:
Registry().get('proxies').load(self.options['proxies'].value)
result = []
if os.path.exists('/tmp/bf-urls.txt'):
os.remove('/tmp/bf-urls.txt')
urls = self.build_objects(self.options['host'].value)
for url in urls:
file_put_contents('/tmp/bf-urls.txt', url + "\n", True)
q = BackupsFinderJob()
generator = FileGenerator('/tmp/bf-urls.txt')
q.set_generator(generator)
self.logger.log("Loaded {0} variants.".format(generator.lines_count))
counter = WSCounter(5, 300, generator.lines_count)
w_thrds = []
for _ in range(int(self.options['threads'].value)):
if self.options['selenium'].value:
worker = SBackupsFinderThread(
q,
self.options['host'].value,
self.options['protocol'].value.lower(),
self.options['method'].value.lower(),
self.options['not-found-re'].value,
self.options['delay'].value,
self.options['ddos-detect-phrase'].value,
self.options['ddos-human-action'].value,
self.options['browser-recreate-re'].value,
counter,
result
)
else:
worker = BackupsFinderThread(
q,
self.options['host'].value,
self.options['protocol'].value.lower(),
self.options['method'].value.lower(),
self.options['not-found-re'].value,
self.options['not-found-codes'].value.lower(),
self.options['not-found-size'].value,
self.options['delay'].value,
counter,
result
)
worker.setDaemon(True)
worker.start()
w_thrds.append(worker)
time.sleep(1)
timeout_threads_count = 0
while len(w_thrds):
for worker in w_thrds:
if Registry().get('proxy_many_died') or Registry().get('positive_limit_stop'):
worker.done = True
time.sleep(3)
if worker.done:
del w_thrds[w_thrds.index(worker)]
if int(time.time()) - worker.last_action > int(Registry().get('config')['main']['kill_thread_after_secs']):
self.logger.log(
"Thread killed by time, resurected {0} times from {1}".format(
timeout_threads_count,
Registry().get('config')['main']['timeout_threads_resurect_max_count']
)
)
del w_thrds[w_thrds.index(worker)]
if timeout_threads_count <= int(Registry().get('config')['main']['timeout_threads_resurect_max_count']):
if self.options['selenium'].value:
worker = SBackupsFinderThread(
q,
self.options['host'].value,
self.options['protocol'].value.lower(),
self.options['method'].value.lower(),
self.options['not-found-re'].value,
self.options['delay'].value,
self.options['ddos-detect-phrase'].value,
self.options['ddos-human-action'].value,
self.options['browser-recreate-re'].value,
counter,
result
)
else:
worker = BackupsFinderThread(
q,
self.options['host'].value,
self.options['protocol'].value.lower(),
self.options['method'].value.lower(),
self.options['not-found-re'].value,
self.options['not-found-codes'].value.lower(),
self.options['delay'].value,
counter,
result
)
worker.setDaemon(True)
worker.start()
w_thrds.append(worker)
timeout_threads_count += 1
time.sleep(2)
if Registry().get('positive_limit_stop'):
self.logger.log("\nMany positive detections. Please, look items logs")
self.logger.log("Last items:")
for i in range(1, 5):
print result[-i]
exit(0)
if result:
print "\n",
for item in result:
print item
if int(Registry().get('config')['main']['put_data_into_db']):
if result:
self.logger.log("\nPut found into DB...")
Requests = RequestsModel()
Hosts = HostsModel()
project_id = Registry().get('pData')['id']
host_id = Hosts.get_id_by_name(project_id, self.options['host'].value)
added = 0
for backup in result:
_id = Requests.add(
project_id, host_id, backup, "", {}, self.options['method'].value,
self.options['protocol'].value.lower(), 'backups', 'May be important backup'
)
added += 1 if _id else 0
self.logger.log("Found backups: {0}, new: {1}".format(len(result), added))
self.logger.log(str(result), _print=False)
self.done = True
def scan_action(self):
""" Scan action of module """
self.enable_logger()
self.validate_main()
self.pre_start_inf()
if self.options['proxies'].value:
Registry().get('proxies').load(self.options['proxies'].value)
result = []
q = FuzzerUrlsJob()
U = UrlsModel()
if os.path.exists('/tmp/fuzzer-urls.txt'):
os.remove('/tmp/fuzzer-urls.txt')
urls = U.list_by_host_name(Registry().get('pData')['id'], self.options['host'].value)
for url in urls:
if url['url'].count('?'):
to_add = self._generate_fuzz_urls(url['url'])
for item in to_add:
file_put_contents('/tmp/fuzzer-urls.txt', item + "\n", True)
generator = FileGenerator('/tmp/fuzzer-urls.txt')
q.set_generator(generator)
self.logger.log("Loaded {0} variants.".format(generator.lines_count))
counter = WSCounter(1, 60, generator.lines_count)
w_thrds = []
for _ in range(int(self.options['threads'].value)):
if self.options['selenium'].value:
worker = SFuzzerUrlsThread(
q,
self.options['host'].value,
self.options['protocol'].value.lower(),
self.options['method'].value.lower(),
self.options['delay'].value,
self.options['ddos-detect-phrase'].value,
self.options['ddos-human-action'].value,
self.options['browser-recreate-phrase'].value,
counter,
result
)
else:
worker = FuzzerUrlsThread(
q,
self.options['host'].value,
self.options['protocol'].value.lower(),
self.options['method'].value.lower(),
self.options['delay'].value,
counter,
result
)
worker.setDaemon(True)
worker.start()
w_thrds.append(worker)
time.sleep(1)
timeout_threads_count = 0
while len(w_thrds):
for worker in w_thrds:
if worker.done or Registry().get('proxy_many_died'):
del w_thrds[w_thrds.index(worker)]
if int(time.time()) - worker.last_action > int(Registry().get('config')['main']['kill_thread_after_secs']):
self.logger.log(
"Thread killed by time, resurected {0} times from {1}".format(
timeout_threads_count,
Registry().get('config')['main']['timeout_threads_resurect_max_count']
)
)
del w_thrds[w_thrds.index(worker)]
if timeout_threads_count <= int(Registry().get('config')['main']['timeout_threads_resurect_max_count']):
if self.options['selenium'].value:
worker = SFuzzerUrlsThread(
q,
self.options['host'].value,
self.options['protocol'].value.lower(),
self.options['method'].value.lower(),
self.options['delay'].value,
self.options['ddos-detect-phrase'].value,
self.options['ddos-human-action'].value,
self.options['browser-recreate-phrase'].value,
counter,
result
)
else:
worker = FuzzerUrlsThread(
q,
self.options['host'].value,
self.options['protocol'].value.lower(),
self.options['method'].value.lower(),
self.options['delay'].value,
counter,
result
)
worker.setDaemon(True)
worker.start()
w_thrds.append(worker)
timeout_threads_count += 1
time.sleep(2)
if result:
self.logger.log("\nPut results into DB...")
Requests = RequestsModel()
Hosts = HostsModel()
project_id = Registry().get('pData')['id']
host_id = Hosts.get_id_by_name(project_id, self.options['host'].value)
added = 0
for fuzz in result:
self.logger.log("{0} {1}://{2}{3} (Word: {4})".format(
self.options['method'].value.upper(),
self.options['protocol'].value.lower(),
self.options['host'].value,
fuzz['url'],
", ".join(fuzz['words'])
))
if int(Registry().get('config')['main']['put_data_into_db']):
_id = Requests.add(
project_id,
host_id,
urlparse(fuzz['url']).path,
urlparse(fuzz['url']).query,
{},
self.options['method'].value,
self.options['protocol'].value.lower(),
'fuzzer',
'Found word: {0}'.format(", ".join(fuzz['words']))
)
added += 1 if _id else 0
self.logger.log("Added {0} new requests in database".format(added))
self.done = True
def scan_action(self):
""" Scan action of module """
self.enable_logger()
self.validate_main()
self.pre_start_inf()
if self.options['proxies'].value:
Registry().get('proxies').load(self.options['proxies'].value)
result = []
q = FuzzerHeadersJob()
U = UrlsModel()
urls = U.list_by_host_name(Registry().get('pData')['id'],
self.options['host'].value)
to_scan = []
for url in urls:
to_scan.append(url['url'])
q.load_dict(to_scan)
self.logger.log("Loaded {0} variants.".format(len(to_scan)))
counter = WSCounter(1, 60, len(to_scan))
w_thrds = []
for _ in range(int(self.options['threads'].value)):
worker = FuzzerHeadersThread(
q, self.options['host'].value,
self.options['protocol'].value.lower(),
self.options['method'].value.lower(),
self.options['delay'].value, counter, result)
worker.setDaemon(True)
worker.start()
w_thrds.append(worker)
time.sleep(1)
while len(w_thrds):
for worker in w_thrds:
if worker.done:
del w_thrds[w_thrds.index(worker)]
time.sleep(2)
Requests = RequestsModel()
Hosts = HostsModel()
project_id = Registry().get('pData')['id']
host_id = Hosts.get_id_by_name(project_id, self.options['host'].value)
added = 0
for fuzz in result:
self.logger.log("{0} {1}://{2}{3} (Word: {4}, Header: {5})".format(
self.options['method'].value.upper(),
self.options['protocol'].value.lower(),
self.options['host'].value, fuzz['url'],
", ".join(fuzz['words']), fuzz['header']))
_id = Requests.add(
project_id, host_id,
urlparse(fuzz['url']).path,
urlparse(fuzz['url']).query,
{fuzz['header']: Registry().get('fuzzer_evil_value')},
self.options['method'].value,
self.options['protocol'].value.lower(), 'fuzzer',
'Found word(s): {0}'.format(", ".join(fuzz['words'])))
added += 1 if _id else 0
self.logger.log("\nAdded {0} new requests in database".format(added))
self.done = True