def test_response_scanner(self):
network.init("", "", "")
url = "https://adamcaudill.com/"
resp = network.http_get(url)
http.reset()
res = response_scanner.check_response(url, resp)
self.assertTrue(any("External JavaScript File" in r.message for r in res))
self.assertTrue(any("Vulnerable JavaScript" in r.message for r in res))
def start(session: Session):
print(f"Scanning: {session.url}")
# make sure it resolves
try:
socket.gethostbyname(session.domain)
except socket.gaierror as error:
output.debug_exception()
output.error(
f"Fatal Error: Unable to resolve {session.domain} ({str(error)})")
return
try:
cutils.check_redirect(session)
except Exception as error:
output.debug_exception()
output.error(f"Unable to continue: {str(error)}")
return
if not session.args.nodns:
dns.scan(session)
if session.args.ports:
network.scan(session)
# check to see if we are looking at an HTTPS server
if session.url_parsed.scheme == "https" and not session.args.nossl:
if (session.args.internalssl or utils.is_ip(session.domain)
or utils.get_port(session.url) != 443):
# use internal scanner
ssl_internal.scan(session)
else:
try:
ssl_labs.scan(session)
except Exception as error:
output.debug_exception()
output.error(f"Error running scan with SSL Labs: {str(error)}")
output.norm("Switching to internal SSL scanner...")
ssl_internal.scan(session)
if session.args.tdessessioncount:
ssl_sweet32.scan(session)
http.scan(session)
# reset any stored data
http.reset()
return
def test_find_backup_ext(self):
network.init("", "", "")
url = "https://adamcaudill.com/"
output.setup(False, False, False)
with utils.capture_sys_output() as (stdout, stderr):
try:
http.reset()
_, _ = file_search.find_backups(
[url, f"{url}readme.html", f"{url}#test"]
)
except Exception as error:
self.assertIsNone(error)
self.assertNotIn("Exception", stderr.getvalue())
self.assertNotIn("Error", stderr.getvalue())
def test_find_backup_ext_all(self):
network.init("", "", "")
url = "https://adamcaudill.com/"
output.setup(False, False, False)
with utils.capture_sys_output() as (stdout, stderr):
with requests_mock.Mocker() as m:
m.get(requests_mock.ANY, text="body", status_code=200)
m.head(requests_mock.ANY, status_code=200)
try:
http.reset()
_, res = file_search.find_backups([url, f"{url}test/readme.html"])
except Exception as error:
self.assertIsNone(error)
self.assertNotIn("Exception", stderr.getvalue())
self.assertNotIn("Error", stderr.getvalue())
self.assertTrue(any("Found backup file" in r.message for r in res))
def start(args, url):
print(f"Scanning: {url}")
# parse the URL, we'll need this
parsed = urlparse(url)
# get rid of any port number & credentials that may exist
domain = utils.get_domain(parsed.netloc)
# make sure it resolves
try:
socket.gethostbyname(domain)
except socket.gaierror as error:
print(f"Fatal Error: Unable to resolve {domain} ({str(error)})")
return
# perform some connection testing
if parsed.scheme == "http":
try:
# check for TLS redirect
tls_redirect = network.check_ssl_redirect(url)
if tls_redirect != url:
print(f"Server redirects to TLS: Scanning: {tls_redirect}")
url = tls_redirect
parsed = urlparse(url)
except Exception:
output.debug_exception()
# we tried to connect to port 80, and it failed
# this could mean a couple things, first, we need to
# see if it answers to 443
parsed = parsed._replace(scheme="https")
url = urlunparse(parsed)
print("Server does not respond to HTTP, switching to HTTPS")
print()
print(f"Scanning: {url}")
# grab the head, to see if we get anything
try:
network.http_head(url, timeout=5)
print()
except Exception as err:
output.debug_exception()
print(f"Fatal Error: Can not connect to {url} ({str(err)})")
return
else:
# if we are scanning HTTPS, try HTTP to see what it does
try:
http_parsed = parsed._replace(scheme="http")
http_url = urlunparse(http_parsed)
network.http_head(http_url, timeout=5)
print("Server responds to HTTP requests")
print()
except Exception:
output.debug_exception()
print("Server does not respond to HTTP requests")
print()
# check for www redirect
www_redirect = network.check_www_redirect(url)
if www_redirect is not None and www_redirect != url:
print(f"Server performs WWW redirect: Scanning: {www_redirect}")
url = www_redirect
if not args.nodns:
dns.scan(args, url, domain)
# check to see if we are looking at an HTTPS server
if parsed.scheme == "https" and not args.nossl:
if args.internalssl or utils.is_ip(
domain) or utils.get_port(url) != 443:
# use internal scanner
ssl_internal.scan(args, url, domain)
else:
try:
ssl_labs.scan(args, url, domain)
except Exception as error:
output.debug_exception()
output.error(f"Error running scan with SSL Labs: {str(error)}")
if args.tdessessioncount:
ssl_sweet32.scan(args, url, domain)
http.scan(args, url, domain)
# reset any stored data
http.reset()
return