def setUp(self):
self.node = Node(node_id=13, ip=ipaddress.ip_address('127.0.0.5'))
self.scan_1 = Scan(start=150421)
self.scan_2 = Scan(start=159985)
self.port_1 = Port(transport_protocol=TransportProtocol.TCP,
number=80,
node=self.node)
self.port_1.scan = self.scan_1
self.port_scan_1 = PortScan(port=self.port_1, scan=self.scan_1)
self.port_2 = Port(transport_protocol=TransportProtocol.UDP,
number=19,
node=self.node)
self.port_2.scan = self.scan_2
self.port_scan_2 = PortScan(port=self.port_2, scan=self.scan_2)
self.type = VulnerabilityChangeType.PORTDETECTION
self.change_1 = PortDetectionChange(change_time=159986,
current_finding=self.port_scan_1,
previous_finding=None)
self.change_2 = PortDetectionChange(change_time=159911,
current_finding=None,
previous_finding=self.port_scan_2)
def test_get_url(self):
node1 = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
port1 = Port(node=node1,
number=1,
transport_protocol=TransportProtocol.TCP)
port1.protocol = 'http'
expected = "http://127.0.0.1:1"
self.assertEqual(port1.url, expected)
def test_get_url_http_proxy(self):
node1 = Node(ip=ipaddress.ip_address('::1'), node_id=1)
port1 = Port(node=node1,
number=1,
transport_protocol=TransportProtocol.TCP)
port1.protocol = 'http-proxy'
expected = "http://[::1]:1"
self.assertEqual(port1.url, expected)
def test_ports_comparison_eq(self):
node1 = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
port1 = Port(node=node1,
number=1,
transport_protocol=TransportProtocol.TCP)
port2 = Port(node=node1,
number=1,
transport_protocol=TransportProtocol.TCP)
self.assertEqual(port1, port2)
def test_store_scan(self):
port = Port(node=None,
number=80,
transport_protocol=TransportProtocol.UDP)
port.scan = Scan(end=25.0)
exploit = Exploit(exploit_id=5)
self.task.store_scan_end(exploits=[exploit], port=port)
self.task.aucote.storage.save_security_scans.assert_called_once_with(
exploits=[exploit], port=port, scan=self.context.scanner.scan)
def setUp(self):
"""
Prepare some internal variables:
exploit, port, exploits, script, vulnerability, scan_task
"""
super(NmapPortScanTaskTest, self).setUp()
self.aucote = MagicMock()
self.exploit = Exploit(exploit_id=1, app='nmap', name='test')
self.exploit_vuln_non_exist = Exploit(exploit_id=2,
app='nmap',
name='test2')
self.exploits = Exploits()
self.exploits.add(self.exploit)
self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=None)
self.node_ipv6 = Node(ip=ipaddress.ip_address('::1'), node_id=None)
self.port = Port(number=22,
node=self.node,
transport_protocol=TransportProtocol.TCP)
self.port.service_name = 'ssh'
self.port.scan = Scan()
self.port_ipv6 = Port(number=22,
node=self.node_ipv6,
transport_protocol=TransportProtocol.TCP)
self.script = NmapScript(port=self.port,
parser=NmapParser(),
exploit=self.exploit,
name='test',
args='test_args')
self.script.get_result = MagicMock(return_value='test')
self.script2 = NmapScript(port=self.port,
parser=NmapInfoParser(),
exploit=self.exploit_vuln_non_exist,
name='test2')
self.context = ScanContext(aucote=self.aucote,
scanner=MagicMock(scan=Scan()))
self.scan_task = NmapPortScanTask(
context=self.context,
port=self.port,
script_classes=[self.script, self.script2],
rate=1337)
self.scan_task.store_scan_end = MagicMock()
future = Future()
future.set_result(ElementTree.fromstring(self.XML))
self.scan_task.command.async_call = MagicMock(return_value=future)
self.cfg = {'tools': {'nmap': {'scripts_dir': '', 'timeout': 0}}}
def test_not_in_range(self):
parsed_ports = {
TransportProtocol.TCP: {22, 80, 81, 82},
TransportProtocol.UDP: {78, 79, 80, 90},
TransportProtocol.SCTP: {1, 2, 18, 19, 20}
}
port = Port(node=None,
transport_protocol=TransportProtocol.SCTP,
number=80)
self.assertFalse(port.in_range(parsed_ports))
def test_diff_two_last_scans(self, serializer):
current_scan = Scan()
self.thread.scan = current_scan
previous_scan = Scan()
node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
self.aucote.storage.get_nodes_by_scan.return_value = [node]
port_added = Port(node,
transport_protocol=TransportProtocol.TCP,
number=88)
port_added.row_id = 17
port_removed = Port(node,
transport_protocol=TransportProtocol.TCP,
number=80)
port_removed.row_id = 18
port_unchanged = Port(node,
transport_protocol=TransportProtocol.TCP,
number=22)
port_unchanged.row_id = 19
port_scans_current = [
PortScan(port=port_unchanged, scan=current_scan),
PortScan(port=port_added, scan=current_scan)
]
port_scans_previous = [
PortScan(port=port_unchanged, scan=previous_scan),
PortScan(port=port_removed, scan=previous_scan)
]
self.aucote.storage.get_scans_by_node.return_value = [
current_scan, previous_scan
]
self.aucote.storage.get_ports_by_scan_and_node.side_effect = (
port_scans_current, port_scans_previous)
expected = [
PortDetectionChange(current_finding=port_scans_current[1],
previous_finding=None),
PortDetectionChange(current_finding=None,
previous_finding=port_scans_previous[1])
]
self.thread.diff_with_last_scan()
self.aucote.storage.get_nodes_by_scan.assert_called_once_with(
scan=current_scan)
self.assertEqual(len(self.aucote.storage.save_changes.call_args_list),
1)
result = self.aucote.storage.save_changes.call_args[0][0]
self.assertCountEqual(result, expected)
self.assertCountEqual([
serializer.call_args_list[0][0][0],
serializer.call_args_list[1][0][0]
], expected)
def parse(cls, xml, node_by_ip):
"""
Gets Element Tree objects and based on it, creates Ports collection
Args:
xml (ElementTree.Element):
node_by_ip (dict):
Returns:
list
"""
result = set()
for host in xml.findall('host'):
ip = ipaddress.ip_address(host.find('address').get('addr'))
ports = host.find('ports')
if ports is None:
continue
for xml_port in ports.findall('port'):
state = xml_port.find('state').get('state')
if PortState.from_string(state) not in (PortState.OPEN, ):
continue
number = int(xml_port.get('portid'))
transport_protocol = TransportProtocol.from_nmap_name(
xml_port.get('protocol'))
node = node_by_ip[ip]
port = Port(number=number,
node=node,
transport_protocol=transport_protocol)
service = xml_port.find('service')
port.service_name = service.get(
'name') if service is not None else None
port.service_version = service.get(
'version') if service is not None else None
log.debug('Found open port %s of %s, service is %s',
port.number, str(node), port.service_name)
for script in xml_port.findall('script'):
if script.get('id') == 'banner':
port.banner = script.get('output')
break
result.update({port})
log.info('Found %s open ports', len(result))
return list(result)
def test_get_ports_for_scan(self):
nodes = [MagicMock(), MagicMock(), MagicMock()]
ports = [
Port(node=nodes[0], number=13, transport_protocol=TransportProtocol.UDP),
Port(node=nodes[1], number=14, transport_protocol=TransportProtocol.UDP),
Port(node=nodes[0], number=13, transport_protocol=TransportProtocol.UDP),
]
expected = list(set(ports))
self.task.storage.get_ports_by_nodes.return_value = ports
result = self.task.get_ports_for_scan(nodes, timestamp=100)
self.assertCountEqual(result, expected)
self.task.storage.get_ports_by_nodes.assert_called_once_with(nodes=nodes, timestamp=100, protocol=None,
portdetection_only=True)
def setUp(self):
super(AucoteHttpHeadersTaskTest, self).setUp()
HTTPClient._instance = MagicMock()
self.port = Port(node=MagicMock(),
transport_protocol=None,
number=None)
self.port.scan = Scan()
self.aucote = MagicMock()
self.exploit = MagicMock()
self.exploit.name = "test"
self.config = {
'headers': {
'test': HeaderDefinition(pattern='test_nie', obligatory=True)
}
}
self.custom_headers = {
'Accept-Encoding': 'gzip, deflate',
'User-Agent': 'test'
}
self.context = ScanContext(aucote=self.aucote,
scanner=MagicMock(scan=Scan()))
self.task = AucoteHttpHeadersTask(port=self.port,
context=self.context,
exploits=[self.exploit],
config=self.config)
def setUp(self):
super(HydraToolTest, self).setUp()
self.exploit = Exploit(exploit_id=1,
name='hydra',
app='hydra',
risk_level=RiskLevel.NONE)
self.exploit2 = Exploit(exploit_id=2,
name='hydra',
app='hydra',
risk_level=RiskLevel.HIGH)
self.config = {
'services': ['ssh', 'vnc'],
'mapper': {
'test': 'ssh'
},
'without-login': '******'
}
self.exploits = [self.exploit, self.exploit2]
self.node = Node(node_id=1, ip=ipaddress.ip_address('127.0.0.1'))
self.port = Port(number=12,
transport_protocol=TransportProtocol.TCP,
node=self.node)
self.port.protocol = 'test'
self.port.scan = Scan(start=14)
self.port_no_login = Port(number=12,
transport_protocol=TransportProtocol.TCP,
node=self.node)
self.port_no_login.protocol = 'vnc'
self.port_no_login.scan = Scan(start=14)
self.aucote = MagicMock()
self.context = ScanContext(aucote=self.aucote,
scanner=MagicMock(scan=Scan()))
self.hydra_tool = HydraTool(context=self.context,
exploits=self.exploits,
port=self.port,
config=self.config)
self.hydra_tool_without_login = HydraTool(context=self.context,
exploits=self.exploits,
port=self.port_no_login,
config=self.config)
def test_copy(self):
node1 = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
port = Port(node=node1,
number=1,
transport_protocol=TransportProtocol.TCP)
result = port.copy()
self.assertEqual(result, port)
self.assertEqual(result.interface, port.interface)
self.assertEqual(result.scan, port.scan)
self.assertEqual(result.banner, port.banner)
self.assertEqual(result.node, port.node)
self.assertEqual(result.number, port.number)
self.assertEqual(result.service.name, port.service.name)
self.assertEqual(result.service.version, port.service.version)
self.assertEqual(result.transport_protocol, port.transport_protocol)
self.assertEqual(result.vulnerabilities, port.vulnerabilities)
def test_ports_comparison_none(self):
node1 = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
port1 = Port(node=node1,
number=1,
transport_protocol=TransportProtocol.UDP)
self.assertNotEqual(port1, None)
self.assertFalse(port1 is None)
def test_run_executor(self, cfg, mock_get_ports):
cfg._cfg = self.cfg._cfg
port = Port(node=None, number=12, transport_protocol=TransportProtocol)
mock_get_ports.return_value = [port]
self.executor.add_async_task = MagicMock()
yield self.executor.run()
self.assertEqual(self.executor.add_async_task.call_count, 1)
def test_serialize_portchange(self, output):
output.return_value = 'test_output'
scan_1 = Scan(start=1178603, end=17, protocol=TransportProtocol.UDP, scanner='test_name')
scan_2 = Scan(start=187213, end=17, protocol=TransportProtocol.UDP, scanner='test_name')
node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
port_1 = Port(node, transport_protocol=TransportProtocol.TCP, number=88)
port_2 = Port(node, transport_protocol=TransportProtocol.TCP, number=88)
previous_finding = PortScan(port=port_1, scan=scan_1, rowid=124)
current_finding = PortScan(port=port_2, scan=scan_2, rowid=15)
change = PortDetectionChange(current_finding=current_finding, change_time=124445,
previous_finding=previous_finding)
expected = bytearray(b'\x00\x64\xff\x9b\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01X\x00\x06\x00\x00'
b'\x00\x00\x00\x00\x00\x00H\xe1j\x07\x00\x00\x00\x00\x01\x00\x00\x00\x00\xf8\r@F\x00'
b'\x00\x00\x00\xc8\xa4(\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x0b\x00test_output')
result = self.serializer.serialize_vulnerability_change(change)._data
self.assertEqual(result, expected)
def setUp(self):
super(NmapToolTest, self).setUp()
self.exploit = Exploit(exploit_id=1,
name='test_name',
risk_level=RiskLevel.NONE)
self.exploit2 = Exploit(exploit_id=2,
name='test_name',
risk_level=RiskLevel.HIGH)
self.exploit_conf_args = Exploit(exploit_id=3)
self.exploit_conf_args.name = 'test_name2'
self.exploit_conf_args.risk_level = RiskLevel.HIGH
self.config = {
'scripts': {
'test_name': {
'args': 'test_args'
},
'test_name2': {
'args': MagicMock()
}
}
}
self.cfg = {
'tools': {
'nmap': {
'disable_scripts': [],
},
'common': {
'rate': 1337,
'http': {
'useragent': 'test_useragent'
}
}
},
'config_filename': ''
}
self.exploits = [self.exploit, self.exploit2]
self.port = Port(number=13,
transport_protocol=TransportProtocol.TCP,
node=Node(node_id=1,
ip=ipaddress.ip_address('127.0.0.1')))
self.port.scan = Scan(start=14, end=13)
self.port.protocol = 'test_service'
self.aucote = MagicMock(storage=Storage(":memory:"))
self.context = ScanContext(aucote=self.aucote,
scanner=MagicMock(scan=Scan()))
self.nmap_tool = NmapTool(context=self.context,
exploits=self.exploits,
port=self.port,
config=self.config)
def test_parse_masscan(self):
"""
Tests for proper parsing:
* remove duplicates
* returns only `open` ports
"""
expected = [
Port(node=self.node,
number=514,
transport_protocol=TransportProtocol.TCP),
Port(node=self.node,
number=80,
transport_protocol=TransportProtocol.TCP)
]
result = self.parser.parse(self.MASSCAN_OUTPUT, self.node_by_ip)
self.assertCountEqual(result, expected)
def setUp(self):
exploit = Exploit(exploit_id=3)
port = Port(node=Node(node_id=2, ip=ipaddress.ip_address('127.0.0.1')),
transport_protocol=TransportProtocol.TCP,
number=16)
self.aucote = MagicMock()
self.context = ScanContext(aucote=self.aucote,
scanner=MagicMock(scan=Scan()))
self.task = SSLScriptTask(port=port,
exploits=[exploit],
context=self.context)
def test_equality_different_types(self):
node1 = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
port1 = Port(node=node1,
number=1,
transport_protocol=TransportProtocol.TCP)
port2 = MagicMock(node=node1,
number=1,
transport_protocol=TransportProtocol.TCP)
self.assertNotEqual(port1, port2)
def setUp(self):
self.aucote = MagicMock()
self.port = Port(node=MagicMock(),
transport_protocol=None,
number=MagicMock())
self.exploit = MagicMock()
self.scan = Scan()
self.context = ScanContext(aucote=self.aucote, scanner=None)
self.task = PortTask(context=self.context,
port=self.port,
exploits=[self.exploit])
def test_get_ports_for_scanning(self):
node_1 = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
node_2 = Node(ip=ipaddress.ip_address('127.0.0.2'), node_id=2)
node_3 = Node(ip=ipaddress.ip_address('127.0.0.3'), node_id=3)
port_1 = Port(node=node_1,
number=80,
transport_protocol=TransportProtocol.TCP)
port_2 = Port(node=node_2,
number=80,
transport_protocol=TransportProtocol.TCP)
port_3 = Port(node=node_3,
number=80,
transport_protocol=TransportProtocol.TCP)
ports = [port_1, port_2]
result = self.executor._get_ports_for_scanning(ports, [port_2, port_3])
expected = [port_1]
self.assertListEqual(result, expected)
def test_hash(self):
transport_protocol = MagicMock()
number = MagicMock()
node = MagicMock()
expected = hash((transport_protocol, number, node))
result = hash(
Port(transport_protocol=transport_protocol,
number=number,
node=node))
self.assertEqual(result, expected)
def setUp(self):
super(NmapPortInfoTaskTest, self).setUp()
self.aucote = MagicMock()
self.aucote.task_mapper.assign_tasks = MagicMock(return_value=Future())
self.aucote.task_mapper.assign_tasks.return_value.set_result(
MagicMock())
self.exploit = Exploit(exploit_id=4)
self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
self.node.os = Service(name='os test name',
version='os test version',
cpe='cpe:2.3:o:vendor:product:-:*:*:*:*:*:*:*')
self.node_ipv6 = Node(ip=ipaddress.ip_address('::1'), node_id=None)
self.port = Port(number=22,
transport_protocol=TransportProtocol.TCP,
node=self.node)
self.port.scan = Scan()
self.port_ipv6 = Port(number=22,
node=self.node_ipv6,
transport_protocol=TransportProtocol.TCP)
self.scanner = Scanner(aucote=self.aucote)
self.scanner.NAME = 'tools'
self.context = ScanContext(aucote=self.aucote, scanner=self.scanner)
self.port_info = NmapPortInfoTask(context=self.context, port=self.port)
self.cfg = {
'portdetection': {
'tools': {
'scan_rate': 1337
},
'expiration_period': '7d'
},
'tools': {
'nmap': {
'scripts_dir': 'test'
}
},
}
def setUp(self):
super(WhatWebTaskTest, self).setUp()
self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
self.port = Port(node=self.node,
number=19,
transport_protocol=TransportProtocol.UDP)
self.port.protocol = 'http'
self.aucote = MagicMock()
self.exploit = Exploit(app='whatweb', name='whatweb', exploit_id=1)
self.context = ScanContext(aucote=self.aucote,
scanner=MagicMock(scan=Scan()))
self.task = WhatWebTask(port=self.port,
context=self.context,
exploits=[self.exploit])
def setUp(self):
super(WhatWebToolTest, self).setUp()
self.aucote = MagicMock()
self.exploit = Exploit(exploit_id=1)
self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=1)
self.port = Port(node=self.node,
transport_protocol=TransportProtocol.UDP,
number=87)
self.config = MagicMock()
self.context = ScanContext(aucote=self.aucote,
scanner=MagicMock(scan=Scan()))
self.tool = WhatWebTool(context=self.context,
exploits=[self.exploit],
port=self.port,
config=self.config)
def setUp(self):
super(SkipfishToolTest, self).setUp()
self.exploit = Exploit(exploit_id=1)
self.exploit.name = 'skipfish'
self.exploit.risk_level = RiskLevel.NONE
self.config = {}
self.exploits = [self.exploit]
self.port = Port(node=Node(node_id=1, ip=ipaddress.ip_address('127.0.0.1')), number=3,
transport_protocol=TransportProtocol.TCP)
self.port.scan = Scan(start=13, end=45)
self.aucote = MagicMock()
self.context = ScanContext(aucote=self.aucote, scanner=MagicMock(scan=Scan()))
self.skipfish_tool = SkipfishTool(context=self.context, exploits=self.exploits, port=self.port,
config=self.config)
def setUp(self):
super(SietTaskTest, self).setUp()
self.context = ScanContext(aucote=MagicMock(),
scanner=TCPScanner(MagicMock(), MagicMock(),
MagicMock(),
MagicMock()))
self.node = Node(ip=ipaddress.ip_address('127.0.0.1'), node_id=14)
self.scan = Scan()
self.port = Port(node=self.node,
number=46,
transport_protocol=TransportProtocol.TCP,
scan=self.scan)
self.exploit = Exploit(exploit_id=15,
app='aucote-scripts',
name='siet')
self.task = SietTask(context=self.context,
port=self.port,
exploits=[self.exploit])
self.cfg = {'portdetection': {'expiration_period': '7d'}}
def setUp(self):
super(HydraScriptTaskTest, self).setUp()
self.aucote = MagicMock()
self.port = Port(node=Node(ip='127.0.0.1', node_id=None),
transport_protocol=TransportProtocol.TCP,
number=22)
self.port.service_name = 'ssh'
self.port.scan = Scan()
self.exploit = Exploit(exploit_id=1)
self.scan = Scan()
self.context = ScanContext(aucote=self.aucote,
scanner=MagicMock(scan=Scan()))
self.hydra_script_task = HydraScriptTask(
exploits=[self.exploit],
context=self.context,
port=self.port,
service=self.port.service_name)
self.hydra_script_task.store_scan_end = MagicMock()
self.hydra_script_task.aucote.exploits.find.return_value = self.exploit
def setUp(self):
super(CommandTaskTest, self).setUp()
self.aucote = MagicMock()
self.port = Port(node=MagicMock(),
transport_protocol=None,
number=None)
self.port.scan = Scan()
self.command = MagicMock(NAME='test_name')
future = Future()
self.future_return = MagicMock()
future.set_result(self.future_return)
self.command.async_call = MagicMock(return_value=future)
self.exploit = MagicMock()
self.context = ScanContext(aucote=self.aucote,
scanner=MagicMock(scan=Scan()))
self.task = CommandTask(context=self.context,
port=self.port,
command=self.command,
exploits=[self.exploit])
self.cfg = {'tools': {'test_name': {'timeout': 0}}}