Python Exploitの例、fixtures.exploits.Exploit Pythonの例

コード例 #1

0

ファイルを表示

    def setUp(self):
        super(TaskMapperTest, self).setUp()
        self.executor = Mock()
        self.exploits = OrderedDict({
            'test': [
                Exploit(exploit_id=1, name='test_1'),
                Exploit(exploit_id=2, name='test_2')
            ]
        })

        self.exploits.update(test2=[Exploit(exploit_id=3)])
        self.executor.exploits.find_all_matching.return_value = self.exploits
        self.context = ScanContext(aucote=self.executor,
                                   scanner=MagicMock(scan=Scan()))

        self.task_mapper = TaskMapper(context=self.context)

        self.cfg = {
            'portdetection': {
                '_internal': {
                    'categories': ['other', 'brute']
                }
            },
            'tools': {
                'test': {
                    'enable': True
                },
                'test2': {
                    'enable': True
                }
            }
        }

コード例 #2

0

ファイルを表示

    def setUp(self):
        super(NmapToolTest, self).setUp()
        self.exploit = Exploit(exploit_id=1,
                               name='test_name',
                               risk_level=RiskLevel.NONE)

        self.exploit2 = Exploit(exploit_id=2,
                                name='test_name',
                                risk_level=RiskLevel.HIGH)

        self.exploit_conf_args = Exploit(exploit_id=3)
        self.exploit_conf_args.name = 'test_name2'
        self.exploit_conf_args.risk_level = RiskLevel.HIGH

        self.config = {
            'scripts': {
                'test_name': {
                    'args': 'test_args'
                },
                'test_name2': {
                    'args': MagicMock()
                }
            }
        }

        self.cfg = {
            'tools': {
                'nmap': {
                    'disable_scripts': [],
                },
                'common': {
                    'rate': 1337,
                    'http': {
                        'useragent': 'test_useragent'
                    }
                }
            },
            'config_filename': ''
        }

        self.exploits = [self.exploit, self.exploit2]
        self.port = Port(number=13,
                         transport_protocol=TransportProtocol.TCP,
                         node=Node(node_id=1,
                                   ip=ipaddress.ip_address('127.0.0.1')))

        self.port.scan = Scan(start=14, end=13)
        self.port.protocol = 'test_service'

        self.aucote = MagicMock(storage=Storage(":memory:"))
        self.context = ScanContext(aucote=self.aucote,
                                   scanner=MagicMock(scan=Scan()))
        self.nmap_tool = NmapTool(context=self.context,
                                  exploits=self.exploits,
                                  port=self.port,
                                  config=self.config)

コード例 #3

0

ファイルを表示

    def setUp(self):
        """
        Prepare some internal variables:
            exploit, port, exploits, script, vulnerability, scan_task

        """
        super(NmapPortScanTaskTest, self).setUp()
        self.aucote = MagicMock()

        self.exploit = Exploit(exploit_id=1, app='nmap', name='test')
        self.exploit_vuln_non_exist = Exploit(exploit_id=2,
                                              app='nmap',
                                              name='test2')
        self.exploits = Exploits()
        self.exploits.add(self.exploit)

        self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=None)
        self.node_ipv6 = Node(ip=ipaddress.ip_address('::1'), node_id=None)

        self.port = Port(number=22,
                         node=self.node,
                         transport_protocol=TransportProtocol.TCP)
        self.port.service_name = 'ssh'
        self.port.scan = Scan()

        self.port_ipv6 = Port(number=22,
                              node=self.node_ipv6,
                              transport_protocol=TransportProtocol.TCP)

        self.script = NmapScript(port=self.port,
                                 parser=NmapParser(),
                                 exploit=self.exploit,
                                 name='test',
                                 args='test_args')
        self.script.get_result = MagicMock(return_value='test')
        self.script2 = NmapScript(port=self.port,
                                  parser=NmapInfoParser(),
                                  exploit=self.exploit_vuln_non_exist,
                                  name='test2')
        self.context = ScanContext(aucote=self.aucote,
                                   scanner=MagicMock(scan=Scan()))
        self.scan_task = NmapPortScanTask(
            context=self.context,
            port=self.port,
            script_classes=[self.script, self.script2],
            rate=1337)
        self.scan_task.store_scan_end = MagicMock()

        future = Future()
        future.set_result(ElementTree.fromstring(self.XML))
        self.scan_task.command.async_call = MagicMock(return_value=future)

        self.cfg = {'tools': {'nmap': {'scripts_dir': '', 'timeout': 0}}}

コード例 #4

0

ファイルを表示

    def __init__(self, exploit=None, port=None, output: Optional[str] = '', cve=None, cvss=None, subid=0, vuln_time=None,
                 rowid=None, scan=None, context=None, expiration_time=None):
        """
        Init values

        Args:
            exploit(Exploit): Exploit used to detect vulnerability
            port(Port): Vulnerable port
            output(str): string or stringable output

        """
        self._time_ms = None
        self._expiration_time_ms = None

        self.output = str(output) if output is not None else ''
        self.exploit = exploit if exploit is not None else Exploit(exploit_id=0)
        self.port = port
        self._cve = cve
        self._cvss = cvss
        self.subid = subid
        self.time = vuln_time or time.time()
        self.rowid = rowid
        self.scan = scan
        self.context = context
        self.expiration_time = expiration_time

コード例 #5

0

ファイルを表示

    def setUp(self):
        super(HydraToolTest, self).setUp()
        self.exploit = Exploit(exploit_id=1,
                               name='hydra',
                               app='hydra',
                               risk_level=RiskLevel.NONE)
        self.exploit2 = Exploit(exploit_id=2,
                                name='hydra',
                                app='hydra',
                                risk_level=RiskLevel.HIGH)

        self.config = {
            'services': ['ssh', 'vnc'],
            'mapper': {
                'test': 'ssh'
            },
            'without-login': '******'
        }

        self.exploits = [self.exploit, self.exploit2]

        self.node = Node(node_id=1, ip=ipaddress.ip_address('127.0.0.1'))

        self.port = Port(number=12,
                         transport_protocol=TransportProtocol.TCP,
                         node=self.node)
        self.port.protocol = 'test'
        self.port.scan = Scan(start=14)

        self.port_no_login = Port(number=12,
                                  transport_protocol=TransportProtocol.TCP,
                                  node=self.node)
        self.port_no_login.protocol = 'vnc'
        self.port_no_login.scan = Scan(start=14)

        self.aucote = MagicMock()
        self.context = ScanContext(aucote=self.aucote,
                                   scanner=MagicMock(scan=Scan()))
        self.hydra_tool = HydraTool(context=self.context,
                                    exploits=self.exploits,
                                    port=self.port,
                                    config=self.config)
        self.hydra_tool_without_login = HydraTool(context=self.context,
                                                  exploits=self.exploits,
                                                  port=self.port_no_login,
                                                  config=self.config)

コード例 #6

0

ファイルを表示

ファイル: test_port_info.py プロジェクト: rydzykje/aucote

    def test_diff_two_last_scans(self, serializer):
        exploit = Exploit(exploit_id=1)
        self.port_info._current_exploits = [self.exploit]
        scan_2 = Scan()
        scans = [self.context.scanner.scan, scan_2]
        self.port_info.storage.get_scans_by_security_scan.return_value = scans
        vuln_added = Vulnerability(port=self.port,
                                   exploit=exploit,
                                   subid=3,
                                   output='a')
        vuln_removed = Vulnerability(port=self.port,
                                     exploit=exploit,
                                     subid=1,
                                     output='b')
        vuln_changed_1 = Vulnerability(port=self.port,
                                       exploit=exploit,
                                       subid=2,
                                       output='c')
        vuln_changed_2 = Vulnerability(port=self.port,
                                       exploit=exploit,
                                       subid=2,
                                       output='d')
        vuln_common = Vulnerability(port=self.port,
                                    exploit=exploit,
                                    subid=5,
                                    output='e')
        self.port_info.storage.get_vulnerabilities.side_effect = ([
            vuln_added, vuln_changed_1, vuln_common
        ], [vuln_removed, vuln_changed_2, vuln_common])

        expected = [
            VulnerabilityChange(change_time=12,
                                previous_finding=None,
                                current_finding=vuln_added),
            VulnerabilityChange(change_time=12,
                                previous_finding=vuln_removed,
                                current_finding=None),
            VulnerabilityChange(change_time=12,
                                previous_finding=vuln_changed_2,
                                current_finding=vuln_changed_1),
        ]

        self.port_info.diff_with_last_scan()

        self.port_info.storage.get_vulnerabilities.assert_has_calls(
            (call(port=self.port,
                  exploit=self.exploit,
                  scan=self.context.scanner.scan),
             call(port=self.port, exploit=self.exploit, scan=scan_2)),
            any_order=True)

        self.assertCountEqual(
            self.port_info.storage.save_changes.call_args[0][0], expected)
        serializer.assert_has_calls((call(vuln) for vuln in expected))

コード例 #7

0

ファイルを表示

    def test_store_scan(self):
        port = Port(node=None,
                    number=80,
                    transport_protocol=TransportProtocol.UDP)
        port.scan = Scan(end=25.0)
        exploit = Exploit(exploit_id=5)

        self.task.store_scan_end(exploits=[exploit], port=port)

        self.task.aucote.storage.save_security_scans.assert_called_once_with(
            exploits=[exploit], port=port, scan=self.context.scanner.scan)

コード例 #8

0

ファイルを表示

 def setUp(self):
     exploit = Exploit(exploit_id=3)
     port = Port(node=Node(node_id=2, ip=ipaddress.ip_address('127.0.0.1')),
                 transport_protocol=TransportProtocol.TCP,
                 number=16)
     self.aucote = MagicMock()
     self.context = ScanContext(aucote=self.aucote,
                                scanner=MagicMock(scan=Scan()))
     self.task = SSLScriptTask(port=port,
                               exploits=[exploit],
                               context=self.context)

コード例 #9

0

ファイルを表示

    async def call(self, *args, **kwargs):
        if not self.port:
            raise PortNotSpecifiedException()

        if Exploit(exploit_id=178) in self.exploits:
            self.context.add_task(
                SietTask(context=self.context,
                         port=self.port,
                         exploits=[
                             self.context.aucote.exploits.find(
                                 'aucote-scripts', 'siet')
                         ]))

コード例 #10

0

ファイルを表示

ファイル: test_tasks.py プロジェクト: rydzykje/aucote

 def setUp(self):
     super(WhatWebTaskTest, self).setUp()
     self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
     self.port = Port(node=self.node,
                      number=19,
                      transport_protocol=TransportProtocol.UDP)
     self.port.protocol = 'http'
     self.aucote = MagicMock()
     self.exploit = Exploit(app='whatweb', name='whatweb', exploit_id=1)
     self.context = ScanContext(aucote=self.aucote,
                                scanner=MagicMock(scan=Scan()))
     self.task = WhatWebTask(port=self.port,
                             context=self.context,
                             exploits=[self.exploit])

コード例 #11

0

ファイルを表示

ファイル: test_tool.py プロジェクト: rydzykje/aucote

 def setUp(self):
     super(WhatWebToolTest, self).setUp()
     self.aucote = MagicMock()
     self.exploit = Exploit(exploit_id=1)
     self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
     self.port = Port(node=self.node,
                      transport_protocol=TransportProtocol.UDP,
                      number=87)
     self.config = MagicMock()
     self.context = ScanContext(aucote=self.aucote,
                                scanner=MagicMock(scan=Scan()))
     self.tool = WhatWebTool(context=self.context,
                             exploits=[self.exploit],
                             port=self.port,
                             config=self.config)

コード例 #12

0

ファイルを表示

    def __init__(self, scan_only=False, *args, **kwargs):
        """
        Initiazlize variables.

        Args:
            port (Port):
            *args:
            **kwargs:

        """
        super().__init__(exploits=[Exploit(exploit_id=0, name='portscan', app='portscan')], *args, **kwargs)

        self.command = NmapBase()
        self.scan_only = scan_only
        self.scanner = self.context.scanner

コード例 #13

0

ファイルを表示

ファイル: test_tool.py プロジェクト: rydzykje/aucote

    def setUp(self):
        super(SkipfishToolTest, self).setUp()
        self.exploit = Exploit(exploit_id=1)
        self.exploit.name = 'skipfish'
        self.exploit.risk_level = RiskLevel.NONE

        self.config = {}

        self.exploits = [self.exploit]
        self.port = Port(node=Node(node_id=1, ip=ipaddress.ip_address('127.0.0.1')), number=3,
                         transport_protocol=TransportProtocol.TCP)
        self.port.scan = Scan(start=13, end=45)

        self.aucote = MagicMock()
        self.context = ScanContext(aucote=self.aucote, scanner=MagicMock(scan=Scan()))
        self.skipfish_tool = SkipfishTool(context=self.context, exploits=self.exploits, port=self.port,
                                          config=self.config)

コード例 #14

0

ファイルを表示

ファイル: test_siet.py プロジェクト: rydzykje/aucote

 def setUp(self):
     super(SietTaskTest, self).setUp()
     self.context = ScanContext(aucote=MagicMock(),
                                scanner=TCPScanner(MagicMock(), MagicMock(),
                                                   MagicMock(),
                                                   MagicMock()))
     self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=14)
     self.scan = Scan()
     self.port = Port(node=self.node,
                      number=46,
                      transport_protocol=TransportProtocol.TCP,
                      scan=self.scan)
     self.exploit = Exploit(exploit_id=15,
                            app='aucote-scripts',
                            name='siet')
     self.task = SietTask(context=self.context,
                          port=self.port,
                          exploits=[self.exploit])
     self.cfg = {'portdetection': {'expiration_period': '7d'}}

コード例 #15

0

ファイルを表示

    async def test_assign_task_for_node(self, cfg):
        cfg._cfg = self.cfg
        self.task_mapper._filter_exploits = MagicMock()
        class_mock = self.EXECUTOR_CONFIG['apps']['test']['class']
        self.task_mapper._aucote.exploits.find_by_apps = MagicMock()
        mock_apps = self.task_mapper._aucote.exploits.find_by_apps
        exploit = Exploit(exploit_id=3, name='test_3')
        self.task_mapper._filter_exploits.return_value = [exploit]

        mock_apps.return_value = {'test': [exploit]}

        node = Node(1, ipaddress.ip_address('127.0.0.1'))

        await self.task_mapper.assign_tasks_for_node(node)

        class_mock.assert_called_once_with(
            context=self.task_mapper.context,
            exploits=[exploit],
            node=node,
            config=self.EXECUTOR_CONFIG['apps']['test'])

コード例 #16

0

ファイルを表示

    def setUp(self):
        super(HydraScriptTaskTest, self).setUp()
        self.aucote = MagicMock()
        self.port = Port(node=Node(ip='127.0.0.1', node_id=None),
                         transport_protocol=TransportProtocol.TCP,
                         number=22)
        self.port.service_name = 'ssh'
        self.port.scan = Scan()
        self.exploit = Exploit(exploit_id=1)
        self.scan = Scan()
        self.context = ScanContext(aucote=self.aucote,
                                   scanner=MagicMock(scan=Scan()))

        self.hydra_script_task = HydraScriptTask(
            exploits=[self.exploit],
            context=self.context,
            port=self.port,
            service=self.port.service_name)
        self.hydra_script_task.store_scan_end = MagicMock()
        self.hydra_script_task.aucote.exploits.find.return_value = self.exploit

コード例 #17

0

ファイルを表示

ファイル: test_port_info.py プロジェクト: rydzykje/aucote

    def setUp(self):
        super(NmapPortInfoTaskTest, self).setUp()
        self.aucote = MagicMock()
        self.aucote.task_mapper.assign_tasks = MagicMock(return_value=Future())
        self.aucote.task_mapper.assign_tasks.return_value.set_result(
            MagicMock())
        self.exploit = Exploit(exploit_id=4)

        self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
        self.node.os = Service(name='os test name',
                               version='os test version',
                               cpe='cpe:2.3:o:vendor:product:-:*:*:*:*:*:*:*')
        self.node_ipv6 = Node(ip=ipaddress.ip_address('::1'), node_id=None)

        self.port = Port(number=22,
                         transport_protocol=TransportProtocol.TCP,
                         node=self.node)
        self.port.scan = Scan()
        self.port_ipv6 = Port(number=22,
                              node=self.node_ipv6,
                              transport_protocol=TransportProtocol.TCP)
        self.scanner = Scanner(aucote=self.aucote)
        self.scanner.NAME = 'tools'
        self.context = ScanContext(aucote=self.aucote, scanner=self.scanner)

        self.port_info = NmapPortInfoTask(context=self.context, port=self.port)

        self.cfg = {
            'portdetection': {
                'tools': {
                    'scan_rate': 1337
                },
                'expiration_period': '7d'
            },
            'tools': {
                'nmap': {
                    'scripts_dir': 'test'
                }
            },
        }

コード例 #18

0

ファイルを表示

    def test_serialize_vulnchange(self, output):
        output.return_value = 'test_output'
        scan_1 = Scan(start=1178603, end=17, protocol=TransportProtocol.UDP, scanner='test_name')
        scan_2 = Scan(start=187213, end=17, protocol=TransportProtocol.UDP, scanner='test_name')
        node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
        port = Port(node, transport_protocol=TransportProtocol.TCP, number=88)
        exploit = Exploit(name="exploit_name", app="exploit_app", exploit_id=18)
        previous_finding = Vulnerability(output="test_output_1", exploit=exploit, port=port, subid=13, vuln_time=13456)
        previous_finding.scan = scan_1
        previous_finding.row_id = 124
        current_finding = Vulnerability(output="test_output_2", exploit=exploit, port=port, subid=13, vuln_time=6456345)
        current_finding.row_id = 15
        current_finding.scan = scan_2
        change = VulnerabilityChange(current_finding=current_finding, change_time=124445,
                                     previous_finding=previous_finding)
        expected = bytearray(b'\x00\x64\xff\x9b\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01X\x00\x06\x12\x00'
                             b'\x00\x00\r\x00\x00\x00H\xe1j\x07\x00\x00\x00\x00\x01\x00\x00\x00\x00\x80R\xcd\x00\x00'
                             b'\x00\x00\x00\xa8\x01\xd4\x80\x01\x00\x00\x00\r\x00test_output_1\r\x00test_output_2\x15'
                             b'\x00Vulnerability changed')

        result = self.serializer.serialize_vulnerability_change(change)._data

        self.assertEqual(result, expected)

コード例 #19

0

ファイルを表示

ファイル: test_port_info.py プロジェクト: rydzykje/aucote

    def test_diff_two_last_scans_first_scan(self, serializer):
        exploit = Exploit(exploit_id=1)
        self.port_info._current_exploits = [self.exploit]
        scans = [self.context.scanner.scan]
        self.port_info.storage.get_scans_by_security_scan.return_value = scans
        vuln_added = Vulnerability(port=self.port,
                                   exploit=exploit,
                                   subid=3,
                                   output='a')
        vuln_changed_1 = Vulnerability(port=self.port,
                                       exploit=exploit,
                                       subid=2,
                                       output='c')
        self.port_info.storage.get_vulnerabilities.return_value = [
            vuln_added, vuln_changed_1
        ]

        expected = [
            VulnerabilityChange(change_time=12,
                                previous_finding=None,
                                current_finding=vuln_added),
            VulnerabilityChange(change_time=12,
                                previous_finding=None,
                                current_finding=vuln_changed_1)
        ]

        self.port_info.diff_with_last_scan()

        self.port_info.storage.get_vulnerabilities.assert_has_calls(
            (call(port=self.port,
                  exploit=self.exploit,
                  scan=self.context.scanner.scan), ))

        self.assertCountEqual(
            self.port_info.storage.save_changes.call_args[0][0], expected)
        serializer.assert_has_calls((call(vuln) for vuln in expected),
                                    any_order=True)

コード例 #20

0

ファイルを表示

    def setUp(self):
        self.serializer = Serializer()
        self.vuln = Vulnerability(subid=15)

        node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
        node.os = MagicMock()
        node.os.name_with_version = 'test_name_and_version'

        self.context = ScanContext(aucote=None, scanner=TCPScanner(MagicMock(), MagicMock(), MagicMock(), MagicMock()))

        self.vuln.context = self.context

        self.port = Port(node=node, number=22, transport_protocol=TransportProtocol.TCP)
        self.port.protocol = 'ssh'

        self.port.scan = Scan()
        self.port.scan.start = datetime.datetime(2016, 8, 16, 15, 23, 10, 183095, tzinfo=utc).timestamp()

        self.vuln.port = self.port
        self.vuln.output = 'Test'
        self.vuln.scan = Scan(start=datetime.datetime(2016, 8, 16, 15, 23, 10, 183095, tzinfo=utc).timestamp(),
                              scanner='tcp')

        self.exploit = Exploit(exploit_id=1)
        self.exploit.app = 'test_app'
        self.exploit.name = 'test_name'
        self.exploit.title = 'test_title'
        self.exploit.description = 'test_description'
        self.exploit.risk_level = RiskLevel.from_name('High')
        self.exploit.cve = 'CVE-2018-0001'
        self.exploit.cvss = 9.8
        self.exploit.metric = ExploitMetric.VNC_INFO
        self.exploit.category = ExploitCategory.VULN
        self.exploit.tags = {ExploitTag.HTTP, ExploitTag.SSL, ExploitTag.HTTPS}

        self.vuln.exploit = self.exploit
        self.vuln.time = datetime.datetime(2016, 8, 16, 15, 23, 10, 183095, tzinfo=utc).timestamp()

コード例 #21

0

ファイルを表示

    def setUp(self, cfg):
        super(CVESearchServiceTaskTest, self).setUp()
        cfg._cfg = {'tools': {'cve-search': {'api': 'localhost:200'}}}

        self.example_output = ''

        with open(
                path.join(path.dirname(path.abspath(__file__)),
                          'example_output.json'), 'rb') as f:
            self.example_output = f.read()

        self.node = Node(ip='127.0.0.1', node_id=None)

        self.port = Port(node=self.node,
                         transport_protocol=TransportProtocol.TCP,
                         number=22)
        self.port.service_name = 'ssh'
        self.port.scan = Scan()
        self.port.service = Service()
        self.app = Service()
        self.app_2 = Service()
        self.app.cpe = 'cpe:/a:microsoft:iexplorer:8.0.6001:beta'
        self.app_2.cpe = 'cpe:/a:microsoft:aexplorer:8.0.6001:beta'
        self.cpe_txt = 'cpe:/a:microsoft:internet_explorer:8.0.6001:beta'
        self.os_cpe_txt = 'cpe:/o:a:b:4'
        self.cpe_without_version = 'cpe:/o:cisco:ios'
        self.node.os.cpe = self.os_cpe_txt
        self.port.service.cpe = self.cpe_txt
        self.exploit = Exploit(exploit_id=1337,
                               name='cve-search',
                               app='cve-search')
        self.aucote = MagicMock()
        self.context = ScanContext(aucote=self.aucote,
                                   scanner=MagicMock(scan=Scan()))
        self.task = CVESearchServiceTask(context=self.context,
                                         port=self.port,
                                         exploits=[self.exploit])

        self.vuln_1 = Vulnerability(port=self.port,
                                    exploit=self.exploit,
                                    cve='CVE-2016-8612',
                                    cvss=3.3,
                                    output='test summary 1',
                                    context=self.context,
                                    subid=0)

        self.vuln_2 = Vulnerability(port=self.port,
                                    exploit=self.exploit,
                                    cve='CVE-2017-9798',
                                    cvss=5.0,
                                    output='test summary 2',
                                    context=self.context,
                                    subid=1)

        self.vuln_3 = Vulnerability(port=self.port,
                                    exploit=self.exploit,
                                    cve='CVE-2017-9788',
                                    cvss=6.4,
                                    output='test summary 3',
                                    context=self.context,
                                    subid=2)

コード例 #22

0

ファイルを表示

ファイル: test_storage.py プロジェクト: rydzykje/aucote

    def setUp(self):
        self.maxDiff = None
        self.storage = Storage(conn_string=getenv('AUCOTE_TEST_POSTGRES'))
        self.scan = Scan(start=1,
                         end=17,
                         protocol=TransportProtocol.UDP,
                         scanner='test_name')

        self.scan_1 = Scan(rowid=56,
                           protocol=TransportProtocol.UDP,
                           scanner='test_name',
                           start=13,
                           end=19)
        self.scan_2 = Scan(rowid=79,
                           protocol=TransportProtocol.UDP,
                           scanner='test_name',
                           start=2,
                           end=18)
        self.scan_3 = Scan(rowid=80,
                           protocol=TransportProtocol.UDP,
                           scanner='test_name_2',
                           start=20,
                           end=45)
        self.scan_4 = Scan(rowid=78,
                           protocol=TransportProtocol.TCP,
                           scanner='portdetection',
                           start=1,
                           end=2)

        self.node_1 = Node(node_id=1, ip=ipaddress.ip_address('127.0.0.1'))
        self.node_1.name = 'test_node_1'
        self.node_1.scan = Scan(start=15)

        self.node_2 = Node(node_id=2, ip=ipaddress.ip_address('127.0.0.2'))
        self.node_2.name = 'test_node_2'
        self.node_2.scan = Scan(start=56)

        self.node_3 = Node(node_id=3, ip=ipaddress.ip_address('127.0.0.3'))
        self.node_3.name = 'test_node_3'
        self.node_3.scan = Scan(start=98)

        self.node_4 = Node(node_id=4, ip=ipaddress.ip_address('127.0.0.4'))
        self.node_4.name = 'test_node_4'
        self.node_4.scan = Scan(start=3)

        self.node_scan_1 = NodeScan(node=self.node_1,
                                    rowid=13,
                                    scan=self.scan_1,
                                    timestamp=15)
        self.node_scan_2 = NodeScan(node=self.node_2,
                                    rowid=15,
                                    scan=self.scan_1,
                                    timestamp=56)
        self.node_scan_3 = NodeScan(node=self.node_3,
                                    rowid=16,
                                    scan=self.scan_1,
                                    timestamp=98)
        self.node_scan_3 = NodeScan(node=self.node_3,
                                    rowid=17,
                                    scan=self.scan_2,
                                    timestamp=90)

        self.port_1 = Port(node=self.node_1,
                           number=45,
                           transport_protocol=TransportProtocol.UDP)
        self.port_1.scan = self.scan_1

        self.port_scan_1 = PortScan(port=self.port_1,
                                    scan=self.scan_1,
                                    timestamp=176,
                                    rowid=124)

        self.port_2 = Port(node=self.node_2,
                           transport_protocol=TransportProtocol.UDP,
                           number=65)
        self.port_2.scan = Scan(start=3, end=45)

        self.port_scan_2 = PortScan(port=self.port_2,
                                    scan=self.scan_1,
                                    timestamp=987,
                                    rowid=15)

        self.port_3 = Port(node=self.node_3,
                           transport_protocol=TransportProtocol.ICMP,
                           number=99)
        self.port_3.scan = Scan(start=43, end=180)

        self.port_scan_3 = PortScan(port=self.port_3,
                                    scan=self.scan_1,
                                    timestamp=619,
                                    rowid=13)

        self.port_4 = Port(node=self.node_1,
                           number=80,
                           transport_protocol=TransportProtocol.UDP)
        self.port_4.scan = self.scan_1

        self.port_scan_4 = PortScan(port=self.port_4,
                                    scan=self.scan_1,
                                    timestamp=650,
                                    rowid=480)

        self.port_5 = Port(node=self.node_4,
                           number=22,
                           transport_protocol=TransportProtocol.TCP)
        self.port_5.scan = self.scan_4

        self.exploit_1 = Exploit(exploit_id=14,
                                 name='test_name',
                                 app='test_app')
        self.exploit_2 = Exploit(exploit_id=2,
                                 name='test_name_2',
                                 app='test_app_2')
        self.exploit_3 = Exploit(exploit_id=56,
                                 name='test_name_2',
                                 app='test_app')
        self.exploit_4 = Exploit(exploit_id=0,
                                 name='portdetection',
                                 app='portdetection')

        self.security_scan_1 = SecurityScan(exploit=self.exploit_1,
                                            port=self.port_1,
                                            scan=self.scan_1,
                                            scan_start=178,
                                            scan_end=851)
        self.security_scan_2 = SecurityScan(exploit=self.exploit_2,
                                            port=self.port_1,
                                            scan=self.scan_1,
                                            scan_start=109,
                                            scan_end=775)
        self.security_scan_3 = SecurityScan(exploit=self.exploit_3,
                                            port=self.port_1,
                                            scan=self.scan_2,
                                            scan_start=113,
                                            scan_end=353)
        self.security_scan_4 = SecurityScan(exploit=self.exploit_1,
                                            port=self.port_1,
                                            scan=self.scan_3,
                                            scan_start=180,
                                            scan_end=222)
        self.security_scan_5 = SecurityScan(exploit=self.exploit_1,
                                            port=self.port_1,
                                            scan=self.scan_2,
                                            scan_start=14,
                                            scan_end=156)
        self.security_scan_6 = SecurityScan(exploit=self.exploit_2,
                                            port=self.port_1,
                                            scan=self.scan_2,
                                            scan_start=56,
                                            scan_end=780)
        self.security_scan_7 = SecurityScan(exploit=self.exploit_4,
                                            port=self.port_5,
                                            scan=self.scan_4,
                                            scan_start=14,
                                            scan_end=890)

        self.vuln_change_1 = PortDetectionChange(
            change_time=124445,
            current_finding=self.port_scan_1,
            previous_finding=self.port_scan_2)

        self.vuln_change_2 = PortDetectionChange(
            change_time=32434,
            current_finding=self.port_scan_2,
            previous_finding=self.port_scan_3)

        self.vulnerability_1 = Vulnerability(port=self.port_1,
                                             output='test_output_1',
                                             exploit=self.exploit_1,
                                             cve='CVE-2017',
                                             cvss=6.7,
                                             subid=1,
                                             vuln_time=13,
                                             rowid=134,
                                             scan=self.scan_1)
        self.vulnerability_2 = Vulnerability(port=self.port_1,
                                             output='test_output_2',
                                             exploit=self.exploit_2,
                                             cve='CWE-14',
                                             cvss=8.9,
                                             subid=2,
                                             vuln_time=98,
                                             rowid=152,
                                             scan=self.scan_1)
        self.vulnerability_3 = Vulnerability(port=self.port_1,
                                             output='test_output_3',
                                             exploit=self.exploit_1,
                                             cve='CVE-2016',
                                             cvss=3.7,
                                             subid=2,
                                             vuln_time=15,
                                             rowid=153,
                                             scan=self.scan_2)
        self.vulnerability_4 = Vulnerability(port=self.port_1,
                                             output='test_output_4',
                                             exploit=self.exploit_2,
                                             cve='CWE-15',
                                             cvss=2.9,
                                             subid=1,
                                             vuln_time=124,
                                             rowid=169,
                                             scan=self.scan_2)

        self.vulnerability_5 = Vulnerability(port=self.port_5,
                                             output='',
                                             exploit=self.exploit_4,
                                             cve=None,
                                             cvss=None,
                                             subid=0,
                                             vuln_time=124,
                                             rowid=200,
                                             scan=self.scan_4,
                                             expiration_time=400)
        self.vulnerability_6 = Vulnerability(port=self.port_5,
                                             output='tftp',
                                             exploit=self.exploit_4,
                                             cve=None,
                                             cvss=None,
                                             subid=1,
                                             vuln_time=124,
                                             rowid=201,
                                             scan=self.scan_4,
                                             expiration_time=400)
        self.vulnerability_7 = Vulnerability(port=self.port_5,
                                             output='tftp server name',
                                             exploit=self.exploit_4,
                                             cve=None,
                                             cvss=None,
                                             subid=2,
                                             vuln_time=124,
                                             rowid=202,
                                             scan=self.scan_4,
                                             expiration_time=400)
        self.vulnerability_8 = Vulnerability(port=self.port_5,
                                             output='6.7.8',
                                             exploit=self.exploit_4,
                                             cve=None,
                                             cvss=None,
                                             subid=3,
                                             vuln_time=124,
                                             rowid=203,
                                             scan=self.scan_4,
                                             expiration_time=400)
        self.vulnerability_9 = Vulnerability(port=self.port_5,
                                             output='HERE IS TFTP\n\n\n > ',
                                             exploit=self.exploit_4,
                                             cve=None,
                                             cvss=None,
                                             subid=4,
                                             vuln_time=124,
                                             rowid=204,
                                             scan=self.scan_4,
                                             expiration_time=400)
        self.vulnerability_10 = Vulnerability(port=self.port_5,
                                              output='test:cpe',
                                              exploit=self.exploit_4,
                                              cve=None,
                                              cvss=None,
                                              subid=5,
                                              vuln_time=124,
                                              rowid=205,
                                              scan=self.scan_4,
                                              expiration_time=400)
        self.vulnerability_11 = Vulnerability(port=self.port_5,
                                              output='os name',
                                              exploit=self.exploit_4,
                                              cve=None,
                                              cvss=None,
                                              subid=6,
                                              vuln_time=124,
                                              rowid=206,
                                              scan=self.scan_4,
                                              expiration_time=400)
        self.vulnerability_12 = Vulnerability(port=self.port_5,
                                              output='os version',
                                              exploit=self.exploit_4,
                                              cve=None,
                                              cvss=None,
                                              subid=7,
                                              vuln_time=124,
                                              rowid=207,
                                              scan=self.scan_4,
                                              expiration_time=400)
        self.vulnerability_13 = Vulnerability(port=self.port_5,
                                              output='test:os:cpe',
                                              exploit=self.exploit_4,
                                              cve=None,
                                              cvss=None,
                                              subid=8,
                                              vuln_time=124,
                                              rowid=208,
                                              scan=self.scan_4,
                                              expiration_time=400)

コード例 #23

0

ファイルを表示

    def test_is_exploit_allowed_allowed_string(self, cfg):
        self.thread.NAME = 'test_name'
        cfg['portdetection.test_name.scripts'] = ["1"]

        exploit = Exploit(exploit_id=1)
        self.assertTrue(self.thread.is_exploit_allowed(exploit))

コード例 #24

0

ファイルを表示

    def test_is_exploit_allowed_not_allowed(self, cfg):
        self.thread.NAME = 'test_name'
        cfg['portdetection.test_name.scripts'] = []

        exploit = Exploit(exploit_id=1)
        self.assertFalse(self.thread.is_exploit_allowed(exploit))

コード例 #25

0

ファイルを表示

ファイル: test_structs.py プロジェクト: rydzykje/aucote

 def setUp(self):
     self.exploit = Exploit(exploit_id=15,
                            name='test_name',
                            app='test_app',
                            cve='CVE-2017-XXXX,CVE-2018-XXX',
                            cvss='4.6')

コード例 #26

0

ファイルを表示

    def get_app(self):
        self.aucote = MagicMock()
        self.storage = Storage(getenv('AUCOTE_TEST_POSTGRES'))
        self.aucote.storage = self.storage

        self.storage.connect()
        self.storage.remove_all()
        self.storage.init_schema()
        self.scan_1 = Scan(start=123,
                           end=446,
                           protocol=TransportProtocol.TCP,
                           scanner='tcp')
        self.scan_2 = Scan(start=230,
                           end=447,
                           protocol=TransportProtocol.UDP,
                           scanner='udp')

        for scan in (self.scan_1, self.scan_2):
            self.storage.save_scan(scan)

        self.node_1 = Node(node_id=13, ip=ipaddress.ip_address("10.156.67.18"))
        self.node_2 = Node(node_id=75, ip=ipaddress.ip_address("10.156.67.34"))

        self.node_scan_1 = NodeScan(node=self.node_1,
                                    scan=self.scan_1,
                                    timestamp=45)
        self.node_scan_2 = NodeScan(node=self.node_2,
                                    scan=self.scan_2,
                                    timestamp=88)
        self.node_scan_3 = NodeScan(node=self.node_1,
                                    scan=self.scan_2,
                                    timestamp=67)

        for node_scan in (self.node_scan_1, self.node_scan_2,
                          self.node_scan_3):
            self.storage.save_node_scan(node_scan)

        self.port_1 = Port(node=self.node_1,
                           number=34,
                           transport_protocol=TransportProtocol.UDP)
        self.port_2 = Port(node=self.node_2,
                           number=78,
                           transport_protocol=TransportProtocol.TCP)
        self.port_scan_1 = PortScan(port=self.port_1,
                                    timestamp=1234,
                                    scan=self.scan_1,
                                    rowid=13)
        self.port_scan_2 = PortScan(port=self.port_2,
                                    timestamp=2345,
                                    scan=self.scan_1,
                                    rowid=15)

        for port_scan in (self.port_scan_1, self.port_scan_2):
            self.storage.save_port_scan(port_scan)

        self.exploit_1 = Exploit(exploit_id=14,
                                 name='test_name',
                                 app='test_app')
        self.exploit_2 = Exploit(exploit_id=2,
                                 name='test_name_2',
                                 app='test_app_2')

        self.security_scan_1 = SecurityScan(exploit=self.exploit_1,
                                            port=self.port_1,
                                            scan=self.scan_1,
                                            scan_start=178,
                                            scan_end=851)
        self.security_scan_2 = SecurityScan(exploit=self.exploit_2,
                                            port=self.port_1,
                                            scan=self.scan_1,
                                            scan_start=109,
                                            scan_end=775)
        self.security_scan_3 = SecurityScan(exploit=self.exploit_1,
                                            port=self.port_1,
                                            scan=self.scan_2,
                                            scan_start=114,
                                            scan_end=981)

        for scan in (self.security_scan_1, self.security_scan_2,
                     self.security_scan_3):
            self.storage.save_sec_scan(scan)

        self.vulnerability_1 = Vulnerability(exploit=self.exploit_1,
                                             port=self.port_1,
                                             cvss="6.8",
                                             cve="CVE-2017-1231",
                                             scan=self.scan_1,
                                             output="Vulnerable stuff",
                                             vuln_time=134,
                                             subid=34)
        self.vulnerability_2 = Vulnerability(exploit=self.exploit_1,
                                             port=self.port_1,
                                             cvss="6.8",
                                             cve="CVE-2017-1232",
                                             scan=self.scan_2,
                                             output=None,
                                             vuln_time=718,
                                             subid=34)

        for vulnerability in (self.vulnerability_1, self.vulnerability_2):
            self.storage.save_vulnerability(vulnerability)

        self.scanner = TCPScanner(aucote=self.aucote,
                                  host='localhost',
                                  port=1339)
        self.scanner.NAME = 'test_name'
        self.scanner.scan.start = 1290
        self.scanner.nodes = [
            Node(node_id=1, ip=ipaddress.ip_address('127.0.0.1'))
        ]
        self.aucote.scanners = [
            self.scanner,
            ToolsScanner(name='tools', aucote=self.aucote)
        ]
        endpoints = [(url, handler, {
            'aucote': self.aucote
        }) for url, handler in [
            (r"/api/v1/kill", KillHandler),
            (r"/api/v1/scanners", ScannersHandler),
            (r"/api/v1/scanners/([\w_]+)", ScannersHandler),
            (r"/api/v1/tasks", TasksHandler),
            (r"/api/v1/scans", ScansHandler),
            (r"/api/v1/scans/([\d]+)", ScansHandler),
            (r"/api/v1/nodes", NodesHandler),
            (r"/api/v1/nodes/([\d]+)", NodesHandler),
            (r"/api/v1/ports", PortsHandler),
            (r"/api/v1/ports/([\d]+)", PortsHandler),
            (r"/api/v1/security_scans", SecurityScansHandler),
            (r"/api/v1/security_scans/([\d]+)", SecurityScansHandler),
            (r"/api/v1/vulnerabilities", VulnerabilitiesHandler),
        ]]
        endpoints.append(
            (r"/api/v1/vulnerabilities/([\d]+)", VulnerabilitiesHandler, {
                'aucote': self.aucote,
                'path': '/aucote/'
            }))
        self.app = Application(endpoints)

        return self.app