예제 #1
0
def db_fetch(dbx):

    try:
        conn = MySQLdb.connect(host=db_host, user=db_user, passwd=db_pass,db=db_db )
        pd("DB::starting db_connection (db-init)")

    except:
        print "[-]ERROR DB::db-connection-error (db-init)"
        sys.exit(2)

    attempts = 0
    error = 50505
    while attempts < 5:
        try:
            cx = conn.cursor()
            cx.execute(dbx)
            res = cx.fetchall()
            conn.close()

            return(res)
        except MySQLdb.Error, e:
            error = "MySQL Error %d: %s" % (e.args[0], e.args[1])
            attempts += 1
            print "try: %s" % attempts
            print error
            time.sleep(0.1)
            error = e.args[0]
예제 #2
0
def db_exec(dbx):
    # due to http://stackoverflow.com/questions/567622/is-there-a-pythonic-way-to-try-something-up-to-a-maximum-number-of-times
    # issue raised during livetests
    #

    try:
        conn = MySQLdb.connect(host=db_host, user=db_user, passwd=db_pass,db=db_db )
        pd("DB::starting db_connection (db-init)")

    except:
        print "[-]ERROR DB::db-connection-error (db-init)"
        sys.exit(2)

    attempts = 0
    error = 40404
    while attempts < 5:
        try:
            cx = conn.cursor()
            cx.execute(dbx)
            cx.close()
            conn.close()
            return(0)
        except MySQLdb.Error, e:
            error = "MySQL Error %d: %s" % (e.args[0], e.args[1])
            attempts += 1
            print "try: %s" % attempts
            print error
            time.sleep(0.1)
            error = e.args[0]
예제 #3
0
def get_ftw_user_dict():
    pd("reading user_list from %s " % ftw_user_list)
    ud = {}

    fd = open(ftw_user_list, "r").readlines()

    for line in fd:
        if line[0] == "#":
            continue
        if line.find("::") < 0:
            continue
        user = line.split("::")[0].strip()
        pw   = line.split("::")[1].strip()
        pd("    -  %s" % user)
        ud[user] = pw

    return(ud)
예제 #4
0
def start_test(ud):
    pd("--[ start-test ]--------------------")


    if len(ud) < 1:
        print "[-] ERROR ... no users found in user_dict; \n    maybe you need to setup ftw_user_list from ftw_config.py"
        sys.exit(2)
    # selecting a random user
    ul = []
    for u in ud:
        ul.append(u)
    if len(ul) == 0:
        print "\n\n[-] ERROR ... userlist is empty \n\n"
        sys.exit(2)



    ftwinit = ul[random.randrange(0,len(ud))]
    init_time = int(time.time())
    hx = "%s-%s-%s" % (time.time(), random.randrange(1,1000000), ftwinit)
    testid = hashlib.sha224(hx).hexdigest() # no more entropy needed
    pd("testid  : %s" % testid)
    pd("ftwinit : %s" % ftwinit)

    pw = ud[ftwinit]
    usr_name = ftwinit.split("@")[0].strip()
    usr_host = ftwinit.split("@")[1].strip()
    msg = """
##### federation-test %s
----------------------------------------
automated test-entry @ %s

testid: ftw.%s
date: %s
timestamp: %s
botlink: https://%s/u/%s


#federationtestwarriors #federationtestautomated



    """ % (now_date, ftwinit, testid, now_date, now_time, usr_host, usr_name)


    pd("posting now -> %s " % ftwinit)
    res = api_post(ftwinit, pw, msg)
    if res != 0:
        print "[-] ERROR while trying to create test-post @ %s " % ftwinit
        return(3000)

    # creating test-entry
    dbx = """SET autocommit=1;
    INSERT INTO tests (testid, ftwinit, init_time)
    values ('%s', '%s', '%s');

    """ % (testid, ftwinit, init_time)


    # creating test-result-defaults
    for u in ul:
        if u == ftwinit:
            continue
        dbx = """%s
    INSERT INTO test_results (testid, account, status)
    values ('%s', '%s', '0');
    """ % (dbx, testid, u)

    # creating scheduler-entries

    for val in schedule_time_steps.split(","):
        try:
            s_time = init_time + (int(val.strip()) * 60)
        except:
            continue

        dbx = """%s
    -- time-delay: %s min
    INSERT INTO schedules (testid, start_time, status)
    values ('%s', '%s', '0');
    """ % (dbx, val, testid, s_time)

    res = db_exec(dbx)
    if res != 0:
        print "[-] ERROR [ %s ] while trying to create test + scheduler-entries" % res
        pd(dbx)
    else:
        print "[+] OK Test created  %s :: %s " % (ftwinit, testid)
    print msg


    return(testid)
예제 #5
0
def exec_scheduler(ud):



    now_time = int(time.time())

    # first, calculate if we're already out of sync
    outdated_ts = int(schedule_time_steps.split(",")[-1])
    outdated_time = (now_time - (outdated_ts * 60) - 1800) # give additional 30 minutes


    # dont check if older than outdated_timew
    # select only one test at a time
    dbx = "SELECT tests.testid, tests.ftwinit, schedules.start_time, tests.init_time from tests,schedules where tests.testid = schedules.testid and schedules.status = '0' and schedules.start_time < '%s' and schedules.start_time > '%s' order by schedules.start_time LIMIT 5;" % (now_time, outdated_time)

    res = db_fetch(dbx)

    try:
        
        int(res)
        print "[-] ERROR [%s] while trying to get results for scheduler" % res
        return(res)
    except:
        # we got result, even if emtpy
        pass

    if res == ():
        print "[i] no checks found for execution"

        list_schedules()



    for xt in res:
        testid = xt[0]
        testid_txt = testid[0:6]
        ftwinit = xt[1]
        start_time = xt[2]
        init_time = xt[3]

        cst = time.strftime("%F - %H:%M", time.localtime(float(start_time)))
        pd("starting scheduled test %s :: %s " % (cst, testid_txt))
        print "[i] starting check for %s :: %s \n    init_date: %s" % (ftwinit, testid_txt, time.strftime("%H:%M", time.localtime(float(init_time)))
)
        
                
        dbx = "SELECT account from test_results where testid = '%s' and checked != '1'  and account != '%s' " % (testid, ftwinit)
#        dbx = "SELECT account from test_results where testid = '%s' and checked != '1' and account != '%s' " % (testid, ftwinit)
        res = db_fetch(dbx)

        try:
            int(res)
            print "[-] ERROR [%s] while trying to get results for scheduler" % res
            return(res)
        except:
            # we got result, even if emtpy
            pass
        accounts = res
        print "[i] checking %s accounts from selection" % len(accounts)
        if accounts == ():
            print "[i] no accounts found for execution"
        for account in accounts:
            account = account[0]
            host = account.split("@")[1]
            user = account.split("@")[0]
            try:
                pw = ud[account]
            except:
                print "[-] ERROR ... cannot find pw for %s " % account
                continue
            threads = []

            find_text = "%s" % testid[0:12].strip()
            print "[i] checking #ftw [ %s ] for %s " % (find_text, account)
            start_check(account, pw, find_text, testid, start_time, init_time)
            try:
                t = threading.Thread(target=start_check, args=(account, pw, find_text, testid, start_time, init_time))
                threads.append(t)
                t.start()
                time.sleep(int(ramp_up_delay))
            except:
                print "thread-exeption"
                time.sleep(3)
                start_check(account, pw, find_text, testid, start_time, init_time)

        max_runtime = 90 # seconds
        while len(threading.enumerate()) > 1:
            xt = int(time.time())
            if xt - now_time > max_runtime:
                t.join()
                break
            print "[i] %2s checks running, waiting for threads to finish" % (len(threading.enumerate())-1)
            time.sleep(5)

        #~ # debug - keep alive 3 min to see if mysql stays open
        #~ print "debug-sleeping"
        #~ time.sleep(120)


        dbx = "set autocommit=1; update schedules set status = '1' where testid = '%s' and start_time = '%s'"% (testid, start_time)
        res = db_exec(dbx)
        if res != 0:
            print "[-] ERROR [ %s ] while trying to update scheduler-table" % res
            pd(dbx)
        else:
            print "[+] run finished %s :: %s " % (ftwinit, testid_txt)
        time.sleep(0.1)



    return(0)
예제 #6
0
    # User-Agent (this is cheating, ok?)
    br.addheaders = [('Connection', 'keep-alive'), ('User-agent', ua)  ]
#~ #~
#~ #~
    try:
        r = br.open("https://%s/users/sign_in" % usr_host, timeout=15)
    except mechanize.HTTPError, e:
        print 'ERROR! The server couldn\'t fulfill the request.'
        print 'Error code: ', e.code
        return(e.code)
    except mechanize.URLError, e:
        print 'We failed to reach a server.'
        print 'Reason: ', e.reason
        return(404)
    html = r.read()
    pd(r.info())
    
    # thanx, d*inc for breaking this again ... 
    try:
        csrf = html.split("""csrf-token" content=\"""")[1].split("\"")[0]
    except:
        csrf = html.split("""name="csrf-token""")[0].split("\"")[0]

    pd("csrf PURE    : %s" % csrf)
    h =  HTMLParser.HTMLParser()
    csrftoken = h.unescape(csrf)
    pd("csrf eascaped: %s" % csrftoken)
    # Show the response headers
    # login
    br.select_form(nr=0)
    # Let's search