Exemplo n.º 1
0
    def test_build_target_list(self):
        changeme.targets = ('127.0.0.1', )
        tlist = changeme.build_target_list(changeme.targets, self.creds, None,
                                           'web')
        tomcat = False
        assert isinstance(tlist['num_urls'], int)
        fingerprints = tlist['fingerprints']
        while not fingerprints.empty():
            fp = fingerprints.get_nowait()
            for url in fp.urls:
                if "http://127.0.0.1:8080/manager/html" == url:
                    tomcat = True
            fingerprints.task_done()

        assert tomcat

        tlist = changeme.build_target_list(changeme.targets, self.creds,
                                           self.tomcat_name, None)
        apache_cred = self.get_cred(self.tomcat_name)
        paths = apache_cred['fingerprint']['url']

        match = True
        fingerprints = tlist['fingerprints']
        while not fingerprints.empty():
            fp = fingerprints.get_nowait()
            for url in fp.urls:
                path = re.search("https?://[a-zA-Z0-9\.]+:?[0-9]{0,5}(.*)$",
                                 url).group(1)
                if path not in paths:
                    assert False
                    return

            fingerprints.task_done()
Exemplo n.º 2
0
    def test_do_scan(self):
        responses.add(**mock.tomcat_fp)
        responses.add(**mock.tomcat_fp_alt)
        responses.add(**mock.jboss_fp)

        tlist = changeme.build_target_list(('127.0.0.1', ), self.creds,
                                           self.tomcat_name, None)
        changeme.do_scan(tlist['fingerprints'], self.creds, self.config)
        sleep(2)
        tlist = changeme.build_target_list(('127.0.0.1', ), self.creds,
                                           self.jboss_name, None)
        changeme.do_scan(tlist['fingerprints'], self.creds, self.config)
Exemplo n.º 3
0
 def test_do_scan_fail(self):
     responses.add(**mock.tomcat_fp)
     tlist = changeme.build_target_list(('127.0.0.1', ), self.creds,
                                        self.jboss_name, None)
     matches = changeme.do_scan(tlist['fingerprints'], self.creds,
                                self.config)
     assert not matches
Exemplo n.º 4
0
    def test_build_target_list(self):
        changeme.targets = ["127.0.0.1"]
        urls = changeme.build_target_list(changeme.targets, self.creds, None, None)
        assert isinstance(urls, list)

        urls = changeme.build_target_list(changeme.targets, self.creds, None, 'web')
        assert isinstance(urls, list)
        assert "http://127.0.0.1:8080/manager/html" in urls

        urls = changeme.build_target_list(changeme.targets, self.creds, self.tomcat_name, None)
        apache_cred = self.get_cred(self.tomcat_name)
        paths = apache_cred['fingerprint']['url']

        match = True
        for url in urls:
            path = re.search("https?://[a-zA-Z0-9\.]+:?[0-9]{0,5}(.*)$", url).group(1)
            if path not in paths:
                assert False
                return
Exemplo n.º 5
0
    def test_do_scan_missing_sessionid(self):
        orig = mock.jboss_fp['adding_headers']
        mock.jboss_fp['adding_headers'] = None
        responses.add(**mock.jboss_fp)
        responses.add(**mock.jboss_auth)

        tlist = changeme.build_target_list(('127.0.0.1', ), self.creds,
                                           self.jboss_name, None)
        matches = changeme.do_scan(tlist['fingerprints'], self.creds,
                                   self.config)
        mock.jboss_fp['adding_headers'] = orig

        assert len(matches) == 0
Exemplo n.º 6
0
    def test_scan(self):
        responses.add(**mock.tomcat_fp)
        responses.add(**mock.tomcat_fp_alt)
        responses.add(**mock.jboss_fp)

        urls = list()
        urls.append(mock.tomcat_fp['url'])
        urls.append(mock.jboss_fp['url'])
        urls.append("http://192.168.0.99:9999/foobar/index.php")

        tlist = changeme.build_target_list(changeme.targets, self.creds, None,
                                           None)
        changeme.scan(tlist['fingerprints'], self.creds, self.config)
Exemplo n.º 7
0
    def test_build_target_list(self):
        changeme.targets = ["127.0.0.1"]
        urls = changeme.build_target_list(changeme.targets, self.creds, None,
                                          None)
        assert isinstance(urls, list)

        urls = changeme.build_target_list(changeme.targets, self.creds, None,
                                          'web')
        assert isinstance(urls, list)
        assert "http://127.0.0.1:8080/manager/html" in urls

        urls = changeme.build_target_list(changeme.targets, self.creds,
                                          self.tomcat_name, None)
        apache_cred = self.get_cred(self.tomcat_name)
        paths = apache_cred['fingerprint']['url']

        match = True
        for url in urls:
            path = re.search("https?://[a-zA-Z0-9\.]+:?[0-9]{0,5}(.*)$",
                             url).group(1)
            if path not in paths:
                assert False
                return
Exemplo n.º 8
0
    def test_do_scan_get(self):
        responses.add(**mock.ipcamera_fp)
        responses.add(**mock.ipcamera_auth)

        changeme.logger = changeme.setup_logging(True, True, None)
        tlist = changeme.build_target_list(('127.0.0.1', ), self.creds, None,
                                           None)
        self.config['fingerprint'] = False
        matches = changeme.do_scan(tlist['fingerprints'], self.creds,
                                   self.config)

        assert isinstance(matches, list)
        assert len(matches) == 1
        print "matches[0]: ", matches[0]
        assert matches[0]['name'] == 'MayGion Camera'
Exemplo n.º 9
0
    def test_do_scan_fingerprint(self):
        responses.add(**mock.tomcat_fp)
        responses.add(**mock.jboss_fp)
        self.config['fingerprint'] = True
        tlist = changeme.build_target_list(('127.0.0.1', ), self.creds, None,
                                           None)

        match = False
        matches = changeme.do_scan(tlist['fingerprints'], self.creds,
                                   self.config)
        assert isinstance(matches, list)
        assert len(matches) > 0
        assert isinstance(matches[0], changeme.Fingerprint)

        self.config['fingerprint'] = False
Exemplo n.º 10
0
    def test_do_scan_missing_csrf(self):
        orig = mock.jboss_fp['body']
        mock.jboss_fp[
            'body'] = '<p>Welcome to the JBoss AS 6 Admin Console.</p>'
        responses.add(**mock.jboss_fp)
        responses.add(**mock.jboss_auth)

        tlist = changeme.build_target_list(('127.0.0.1', ), self.creds,
                                           self.jboss_name, None)

        matches = changeme.do_scan(tlist['fingerprints'], self.creds,
                                   self.config)
        mock.jboss_fp['body'] = orig

        assert len(matches) == 0
Exemplo n.º 11
0
 def test_dry_run(self):
     tlist = changeme.build_target_list(('127.0.0.1', ), self.creds, None,
                                        None)
     changeme.dry_run(tlist['fingerprints'])