def build_fingerprints(targets, creds, config):
fingerprints = list()
logger = logging.getLogger('changeme')
# Build a set of unique fingerprints
for target in targets:
for c in creds:
if not c['protocol'] == 'http':
continue
if not config.portoverride and (target.port and not c['default_port'] == target.port):
continue
fp = c['fingerprint']
for url in fp.get('url'):
t = Target(host=target.host, port=target.port, protocol=target.protocol)
if c.get('ssl') or config.ssl:
t.protocol = 'https'
else:
t.protocol = 'http'
if not t.port:
t.port = c['default_port']
t.url = url
hfp = HttpFingerprint(t, fp.get('headers', None), fp.get('cookie', None), config)
logger.debug('Adding %s to fingerprint list' % hfp.target)
fingerprints.append(hfp)
return fingerprints
def test_tomcat_match_nmap(mock_args):
def tomcat_callback(request):
if request.headers.get('Authorization', False):
return (200, MockResponses.tomcat_auth['adding_headers'], MockResponses.tomcat_auth['body'])
else:
return (401, MockResponses.tomcat_fp['adding_headers'], '')
responses.add_callback(
responses.GET,
MockResponses.tomcat_fp['url'],
callback=tomcat_callback,
)
reset_handlers()
try:
os.remove(core.PERSISTENT_QUEUE)
except OSError:
pass
args = core.parse_args()
core.init_logging(args['args'].verbose, args['args'].debug, args['args'].log)
config = core.Config(args['args'], args['parser'])
creds = core.load_creds(config)
s = ScanEngine(creds, config)
s._build_targets()
s._add_terminators(s.fingerprints)
print(("fp: %i" % s.fingerprints.qsize()))
s.fingerprint_targets()
# Queue is not serializeable so we can't copy it using deepcopy
scanners = list()
print(("scanners: %s" % s.scanners.qsize()))
t1 = Target(host='127.0.0.1', port=8080, protocol='http', url='/manager/html')
t2 = Target(host='127.0.0.1', port=8080, protocol='http', url='/tomcat/manager/html')
while s.scanners.qsize() > 0:
scanner = s.scanners.get()
assert scanner.target == t1 or scanner.target == t2
scanners.append(scanner)
# Load the scanners back into the queue
for scanner in scanners:
s.scanners.put(scanner)
assert s.scanners.qsize() == 34
s._add_terminators(s.scanners)
responses.reset()
responses.add(**MockResponses.tomcat_auth)
s._scan(s.scanners, s.found_q)
assert s.found_q.qsize() == 17
def test_cidr():
target = '192.168.1.0/24'
targets = Target.parse_target(target)
assert len(targets) == 254
# TODO explicitly validate the range
"""
def test_cidr():
target = '192.168.1.0/24'
targets = Target.parse_target(target)
assert len(targets) == 254
# TODO explicitly validate the range
"""
def test_ip_port():
target = '192.168.1.1:8080'
targets = Target.parse_target(target)
assert len(targets) == 1
t = targets.pop()
assert t == Target(host='192.168.1.1', port='8080')
assert str(t) == target
def test_ip():
target = '127.0.0.1'
targets = Target.parse_target(target)
assert len(targets) == 1
t = targets.pop()
assert t == Target(host=target)
assert str(t) == target
def test_hostname_proto_port():
target = 'http://example.com:80'
targets = Target.parse_target(target)
assert len(targets) == 1
t = targets.pop()
assert t == Target(host='example.com', port='80', protocol='http')
def test_hostname():
target = 'example.com'
targets = Target.parse_target(target)
assert len(targets) == 1
t = targets.pop()
assert t == Target(host='example.com')
def test_proto_ip_port():
target = 'snmp://192.168.1.1:8080'
targets = Target.parse_target(target)
assert len(targets) == 1
t = targets.pop()
assert t == Target(host='192.168.1.1', port=8080, protocol='snmp')
assert str(t) == target
def test_nmap():
path = os.path.dirname(os.path.abspath(__file__))
nmap = os.path.join(path, "tomcat_nmap.xml")
targets = Target.parse_target(nmap)
assert len(targets) == 1
t = targets.pop()
path = os.path.dirname(os.path.abspath(__file__))
print("target: %s" % t)
assert t == Target(host='127.0.0.1', port='8080')
def build_fingerprints(targets, creds, config):
fingerprints = list()
logger = logging.getLogger('changeme')
# Build a set of unique fingerprints
for target in targets:
for c in creds:
if not c['protocol'] == 'http':
continue
if not config.portoverride and (
target.port and not c['default_port'] == target.port):
continue
fp = c['fingerprint']
for url in fp.get('url'):
t = Target(host=target.host,
port=target.port,
protocol=target.protocol)
if c.get('ssl') or config.ssl:
t.protocol = 'https'
else:
t.protocol = 'http'
if not t.port:
t.port = c['default_port']
t.url = url
hfp = HttpFingerprint(t, fp.get('headers', None),
fp.get('cookie', None), config)
logger.debug('Adding %s to fingerprint list' % hfp.target)
fingerprints.append(hfp)
return fingerprints
def test_targets_file():
target = '/tmp/targets.txt'
with open(target, 'w') as fout:
fout.write('127.0.0.1\n')
fout.write('127.0.0.2:8080\n')
targets = Target.parse_target(target)
assert len(targets) == 2
for t in targets:
if t.host == '127.0.0.1':
t1(t)
else:
t2(t)
remove(target)
def test_targets_file():
target = '/tmp/targets.txt'
with open(target, 'w') as fout:
fout.write('127.0.0.1\n')
fout.write('127.0.0.2:8080\n')
targets = Target.parse_target(target)
assert len(targets) == 2
for t in targets:
if t.host == '127.0.0.1':
t1(t)
else:
t2(t)
os.remove(target)
def t2(t):
assert t == Target(host='127.0.0.2', port=8080)
def t1(t):
assert t == Target(host='127.0.0.1')
def test_nmap():
nmap = "tests/tomcat_nmap.xml"
targets = Target.parse_target(nmap)
assert len(targets) == 1
t = targets.pop()
assert t == Target(host='127.0.0.1', port='8080')
