def test_scan_invalid(self):
# This is needed for dirb binary to be added to the path
original_pathvar = os.environ['PATH']
os.environ['PATH'] = uppath(os.path.realpath(__file__), 2) \
+ '/vendor/dirb/' + ':' \
+ original_pathvar
host_name = "infosec.mozilla.org"
# Wordlist does not matter here, but we want to give it
# an invalid command line option (e.g '-b')
scanner = DirectoryEnumScanner(arguments_list=['-b'])
return_code, result = scanner.scan(host_name)
assert not return_code == 0
assert 'host' in result
assert 'illegal' in result['errors']
def test_scan_timeout(self):
# This is needed for dirb binary to be added to the path
original_pathvar = os.environ['PATH']
os.environ['PATH'] = uppath(os.path.realpath(__file__), 2) \
+ '/vendor/dirb/' + ':' \
+ original_pathvar
host_name = "infosec.mozilla.org"
# Give it a long wordlist to guarantee time out
scanner = DirectoryEnumScanner(wordlist='long')
return_code, result = scanner.scan(host_name)
assert not return_code == 0
assert 'host' in result
assert 'output' in result
assert 'TIMEDOUT' in result['errors']
# Set PATH to original value
os.environ['PATH'] = original_pathvar
def runScanFromQ(event, context):
# This is needed for nmap static library and
# dirb to be added to the path
_environ = dict(os.environ)
nmap_path = os.environ['LAMBDA_TASK_ROOT'] + '/vendor/nmap-standalone/'
dirb_path = os.environ['LAMBDA_TASK_ROOT'] + '/vendor/dirb/'
try:
os.environ.update({'PATH': os.environ['PATH'] + ':' + nmap_path + ':' + dirb_path})
# Read the queue
for record, keys in event.items():
for item in keys:
if "body" in item:
message = item['body']
scan_type, target, uuid = message.split('|')
if scan_type == "httpobservatory":
scanner = HTTPObservatoryScanner(logger=logger)
scan_result = scanner.scan(target)
send_to_s3(target + "_httpobservatory", scan_result, client=S3_CLIENT, bucket=S3_BUCKET)
elif scan_type == "sshobservatory":
scanner = SSHObservatoryScanner(logger=logger)
scan_result = scanner.scan(target)
send_to_s3(target + "_sshobservatory", scan_result, client=S3_CLIENT, bucket=S3_BUCKET)
elif scan_type == "tlsobservatory":
scanner = TLSObservatoryScanner(logger=logger)
scan_result = scanner.scan(target)
send_to_s3(target + "_tlsobservatory", scan_result, client=S3_CLIENT, bucket=S3_BUCKET)
elif scan_type == "portscan":
scanner = PortScanner(target, logger=logger)
nmap_scanner = scanner.scanTCP()
while nmap_scanner.still_scanning():
# Wait for 1 second after the end of the scan
nmap_scanner.wait(1)
elif scan_type == "tenableio":
scanner = TIOScanner(logger=logger)
nessus_scanner = scanner.scan(target)
nessus_scanner.launch(wait=False)
elif scan_type == "websearch":
searcher = WebSearcher(logger=logger)
search_results = searcher.search(target)
send_to_s3(target + "_websearch", search_results, client=S3_CLIENT, bucket=S3_BUCKET)
elif scan_type == "direnumscan":
scanner = DirectoryEnumScanner(logger=logger)
return_code, direnum_result = scanner.scan(target)
send_to_s3(target + "_direnum", direnum_result, client=S3_CLIENT, bucket=S3_BUCKET)
else:
# Manually invoked, just log the message
logger.info("Message in queue: {}".format(message))
else:
logger.error("Unrecognized message in queue: {}".format(message))
except Exception as e:
logger.error("Exception occurred while running scans from the queue: {}".format(e))
finally:
# Restore environment variables to their original values
os.environ.update(_environ)
def test_scan_no_timeout(self):
# This is needed for dirb binary to be added to the path
original_pathvar = os.environ['PATH']
os.environ['PATH'] = uppath(os.path.realpath(__file__), 2) \
+ '/vendor/dirb/' + ':' \
+ original_pathvar
host_name = "infosec.mozilla.org"
# By default this will use the short wordlist
scanner = DirectoryEnumScanner(wordlist='short')
return_code, result = scanner.scan(host_name)
assert return_code == 0
assert 'host' in result
assert 'output' in result
assert len(result['errors']) == 0
assert len(result['output']) > 0
# Set PATH to original value
os.environ['PATH'] = original_pathvar
def test_invalid_wordlist(self):
with pytest.raises(AssertionError):
# We are expecting a failure here with an assertion error
assert DirectoryEnumScanner(wordlist='invalid')
def test_defaults(self):
scanner = DirectoryEnumScanner()
assert scanner.tool == 'dirb'
assert scanner.arguments == ['-f', '-w', '-S', '-r']
assert scanner.wordlist == 'short'
def test_invalid_wordlist(self):
# We are expecting a failure here with an assertion error
DirectoryEnumScanner(wordlist='invalid')