def test_auditdb_dump():
main_config = OrchestratorConfig()
main_config.ui_mode = "disabled"
audit_config = AuditConfig()
audit_config.targets = ["www.example.com"]
audit_config.audit_db = "sqlite://test_auditdb.db"
with PluginTester(main_config, audit_config) as t:
disk = t.audit.database
assert t.audit.name == "test_auditdb"
assert type(disk) is AuditSQLiteDB
assert disk.filename == "test_auditdb.db"
assert disk.connection_url == "sqlite://test_auditdb.db"
print "Testing the audit database dump..."
print " -> Writing..."
for x in xrange(30):
d1 = Url("http://www.example.com/" + generate_random_string())
d2 = Text(generate_random_string())
d3 = UrlDisclosure(d1)
d1.add_information(d2)
disk.add_data(d1)
disk.add_data(d2)
disk.add_data(d3)
disk.mark_plugin_finished(d1.identity, "some_plugin")
disk.mark_plugin_finished(d2.identity, "some_plugin")
disk.mark_plugin_finished(d3.identity, "some_plugin")
disk.mark_stage_finished(d1.identity, 1)
disk.mark_stage_finished(d2.identity, 2)
disk.mark_stage_finished(d3.identity, 3)
disk.add_shared_values("fake_set_id", (
"string",
u"unicode",
100,
200L,
5.0,
True,
False,
complex(1, 1),
None,
frozenset({"string", 100, 1.0}),
(None, True, False),
))
disk.put_mapped_values("fake_map_id", (
("a_string", "string"),
("a_unicode_string", u"unicode"),
("an_integer", 100),
("a_long", 200L),
("a_float", 5.0),
("a_bool", True),
("another_bool", False),
("a_complex", complex(1, 1)),
("none", None),
("a_frozenset", frozenset({"string", 100, 1.0})),
("a_tuple", (None, True, False)),
))
print " -> Dumping..."
disk.dump("test_auditdb.sql")
def test_auditdb_dump():
main_config = OrchestratorConfig()
main_config.ui_mode = "disabled"
audit_config = AuditConfig()
audit_config.targets = ["www.example.com"]
audit_config.audit_db = "sqlite://test_auditdb.db"
with PluginTester(main_config, audit_config) as t:
disk = t.audit.database
assert t.audit.name == "test_auditdb"
assert type(disk) is AuditSQLiteDB
assert disk.filename == "test_auditdb.db"
assert disk.connection_url == "sqlite://test_auditdb.db"
print "Testing the audit database dump..."
print " -> Writing..."
for x in xrange(30):
d1 = Url("http://www.example.com/" + generate_random_string())
d2 = Text(generate_random_string())
d3 = UrlDisclosure(d1)
d1.add_information(d2)
disk.add_data(d1)
disk.add_data(d2)
disk.add_data(d3)
disk.mark_plugin_finished(d1.identity, "some_plugin")
disk.mark_plugin_finished(d2.identity, "some_plugin")
disk.mark_plugin_finished(d3.identity, "some_plugin")
disk.mark_stage_finished(d1.identity, 1)
disk.mark_stage_finished(d2.identity, 2)
disk.mark_stage_finished(d3.identity, 3)
disk.add_shared_values("fake_set_id", (
"string",
u"unicode",
100,
200L,
5.0,
True,
False,
complex(1, 1),
None,
frozenset({"string", 100, 1.0}),
(None, True, False),
))
disk.put_mapped_values("fake_map_id", (
("a_string", "string"),
("a_unicode_string", u"unicode"),
("an_integer", 100),
("a_long", 200L),
("a_float", 5.0),
("a_bool", True),
("another_bool", False),
("a_complex", complex(1, 1)),
("none", None),
("a_frozenset", frozenset({"string", 100, 1.0})),
("a_tuple", (None, True, False)),
))
print " -> Dumping..."
disk.dump("test_auditdb.sql")
def test_import():
print "Testing OpenVAS importer..."
orchestrator_config = OrchestratorConfig()
orchestrator_config.ui_mode = "disabled"
audit_config = AuditConfig()
audit_config.targets = ["192.168.56.101"]
audit_config.audit_db = ":memory:"
with PluginTester(orchestrator_config, audit_config) as t:
t.run_plugin("import/xml_openvas", path.join(here, "test_openvas.xml"))
results = Database.get_many( Database.keys(Data.TYPE_VULNERABILITY) )
assert len(results) == 1, len(results)
v = results[0]
assert v.level == "informational", v.level
assert v.plugin_id == "import/xml_openvas", v.plugin_id
assert "Remote web server does not reply with 404 error code." in v.description, v.description
def helper_test_auditdb_consistency_setup(audit_name, audit_db):
main_config = OrchestratorConfig()
main_config.ui_mode = "disabled"
audit_config = AuditConfig()
audit_config.targets = ["www.example.com"]
audit_config.audit_name = audit_name
audit_config.audit_db = audit_db
with PluginTester(main_config, audit_config) as t:
print "--> Testing general consistency..."
helper_test_auditdb_general_consistency(t.audit.database)
print "--> Testing data consistency..."
for x in xrange(100):
key = generate_random_string(10)
data = generate_random_string(100)
helper_test_auditdb_data_consistency(t.audit.database, key, data)
def helper_test_auditdb_consistency_setup(audit_name, audit_db):
main_config = OrchestratorConfig()
main_config.ui_mode = "disabled"
audit_config = AuditConfig()
audit_config.targets = ["www.example.com"]
audit_config.audit_name = audit_name
audit_config.audit_db = audit_db
with PluginTester(main_config, audit_config) as t:
print "--> Testing general consistency..."
helper_test_auditdb_general_consistency(t.audit.database)
print "--> Testing data consistency..."
for x in xrange(100):
key = generate_random_string(10)
data = generate_random_string(100)
helper_test_auditdb_data_consistency(t.audit.database, key, data)
def test_scope_example():
print "Testing scope with: www.example.com"
main_config = OrchestratorConfig()
main_config.ui_mode = "disabled"
main_config.use_colors = False
audit_config = AuditConfig()
audit_config.targets = ["http://www.example.com"]
audit_config.include_subdomains = True
with PluginTester(main_config, audit_config) as t:
print Config.audit_scope
for token, flag in (
(None, False),
("", False),
("www.example.com", True),
("example.com", True),
("com", False),
("subdomain.example.com", True),
("subdomain.www.example.com", True),
("www.example.org", False),
("wwwexample.com", False),
("www.wrong.com", False),
("127.0.0.1", False),
("::1", False),
("[::1]", False),
("http://www.example.com", True),
("https://example.com", True),
("ftp://ftp.example.com", True),
("mailto://[email protected]", True),
##("*****@*****.**", True),
):
assert ((token in Config.audit_scope) == flag), repr(token)
assert gethostbyname("www.example.com") in Config.audit_scope
for address in gethostbyname_ex("www.example.com")[2]:
assert address in Config.audit_scope
for register in DNS.get_a("www.example.com"):
assert register.address in Config.audit_scope
for register in DNS.get_aaaa("www.example.com"):
assert register.address in Config.audit_scope
assert "[%s]" % register.address in Config.audit_scope
for register in DNS.get_a("www.google.com"):
assert register.address not in Config.audit_scope
for register in DNS.get_aaaa("www.google.com"):
assert register.address not in Config.audit_scope
assert "[%s]" % register.address not in Config.audit_scope
def test():
config = OrchestratorConfig()
config.from_dictionary({
"plugins_folder":
path.abspath(path.join(here, "plugin_tests")),
"ui_mode":
"test",
})
audit = AuditConfig()
audit.from_dictionary({
"targets": [
"http://www.example.com/folder/subfolder/index.html",
],
"reports": [
"-",
],
"audit_db":
"sqlite://",
})
##audit.plugin_load_overrides = [(True, "recon/test")] # XXX DEBUG shorter run
try:
print "Launching GoLismero..."
print
t1 = time.time()
code = run(config, audit)
t2 = time.time()
print
print "GoLismero ran for %f seconds" % (t2 - t1)
print
assert code == 0
print "Validating the audit database..."
print
validate(audit.audit_name)
finally:
print "Cleaning up..."
print
try:
os.unlink("%s.db" % audit.audit_name)
except Exception:
pass
print "Done!"
def test_nikto():
DEBUG = False
##DEBUG = True
plugin_id = "testing/scan/nikto"
csv_file = "test_nikto.csv"
print "Testing plugin: %s" % plugin_id
orchestrator_config = OrchestratorConfig()
orchestrator_config.ui_mode = "console"
audit_config = AuditConfig()
audit_config.targets = ["http://www.example.com", "http://localhost"]
audit_config.include_subdomains = False
audit_config.enable_plugins = ["nikto"]
audit_config.disable_plugins = ["all"]
with PluginTester(orchestrator_config = orchestrator_config,
audit_config = audit_config) as t:
print "Testing Nikto plugin parser..."
plugin, plugin_info = t.get_plugin(plugin_id)
Config._context._PluginContext__plugin_info = plugin_info
try:
r, c = plugin.parse_nikto_results(
BaseURL("http://www.example.com/"), path.join(here, csv_file))
if DEBUG:
for d in r:
print "-" * 10
print repr(d)
assert c == 6, c
assert len(r) == 10, len(r)
c = defaultdict(int)
for d in r:
c[d.__class__.__name__] += 1
#print c
assert c.pop("IP") == 1
assert c.pop("URL") == 3
assert c.pop("UncategorizedVulnerability") == 6
assert len(c) == 0
finally:
Config._context._PluginContext__plugin_info = None
print "Testing Nikto plugin against localhost..."
r = t.run_plugin(plugin_id, BaseURL("http://localhost/"))
for d in r:
print "\t%r" % d
def test_nikto():
DEBUG = False
##DEBUG = True
plugin_id = "testing/scan/nikto"
csv_file = "test_nikto.csv"
print "Testing plugin: %s" % plugin_id
orchestrator_config = OrchestratorConfig()
orchestrator_config.ui_mode = "console"
audit_config = AuditConfig()
audit_config.targets = ["http://www.example.com", "http://localhost"]
audit_config.include_subdomains = False
audit_config.enable_plugins = ["nikto"]
audit_config.disable_plugins = ["all"]
with PluginTester(orchestrator_config = orchestrator_config,
audit_config = audit_config) as t:
print "Testing Nikto plugin parser..."
plugin, plugin_info = t.get_plugin(plugin_id)
Config._context._PluginContext__plugin_info = plugin_info
try:
r, c = plugin.parse_nikto_results(
BaseUrl("http://www.example.com/"), path.join(here, csv_file))
if DEBUG:
for d in r:
print "-" * 10
print repr(d)
assert c == 6, c
assert len(r) == 10, len(r)
c = defaultdict(int)
for d in r:
c[d.__class__.__name__] += 1
#print c
assert c.pop("IP") == 1
assert c.pop("Url") == 3
assert c.pop("UncategorizedVulnerability") == 6
assert len(c) == 0
finally:
Config._context._PluginContext__plugin_info = None
print "Testing Nikto plugin against localhost..."
r = t.run_plugin(plugin_id, BaseUrl("http://localhost/"))
for d in r:
print "\t%r" % d
def test_scope_example():
print "Testing scope with: www.example.com"
main_config = OrchestratorConfig()
main_config.ui_mode = "disabled"
main_config.use_colors = False
audit_config = AuditConfig()
audit_config.targets = ["www.example.com"]
audit_config.include_subdomains = True
with PluginTester(main_config, audit_config) as t:
assert None not in Config.audit_scope
assert "" not in Config.audit_scope
assert "www.example.com" in Config.audit_scope
assert "example.com" in Config.audit_scope
assert "com" not in Config.audit_scope
assert "subdomain.example.com" in Config.audit_scope
assert "subdomain.www.example.com" in Config.audit_scope
assert "www.example.org" not in Config.audit_scope
assert "wwwexample.com" not in Config.audit_scope
assert "www.wrong.com" not in Config.audit_scope
assert "127.0.0.1" not in Config.audit_scope
assert "::1" not in Config.audit_scope
assert "[::1]" not in Config.audit_scope
assert "http://www.example.com" in Config.audit_scope
assert "https://example.com" in Config.audit_scope
assert "ftp://ftp.example.com" in Config.audit_scope
assert "mailto://[email protected]" in Config.audit_scope
## assert "*****@*****.**" in Config.audit_scope
assert gethostbyname("www.example.com") in Config.audit_scope
for address in gethostbyname_ex("www.example.com")[2]:
assert address in Config.audit_scope
for register in DNS.get_a("www.example.com"):
assert register.address in Config.audit_scope
for register in DNS.get_aaaa("www.example.com"):
assert register.address in Config.audit_scope
assert "[%s]" % register.address in Config.audit_scope
for register in DNS.get_a("www.google.com"):
assert register.address not in Config.audit_scope
for register in DNS.get_aaaa("www.google.com"):
assert register.address not in Config.audit_scope
assert "[%s]" % register.address not in Config.audit_scope
def test():
config = OrchestratorConfig()
config.from_dictionary({
"plugins_folder": path.abspath(path.join(here, "plugin_tests")),
"ui_mode": "test",
})
audit = AuditConfig()
audit.from_dictionary({
"targets": ["http://www.example.com/folder/subfolder/index.html",],
"reports": ["-",],
"audit_db": "",
})
##audit.plugin_load_overrides = [(True, "recon/test")] # XXX DEBUG shorter run
try:
print "Launching GoLismero..."
print
t1 = time.time()
code = run(config, audit)
t2 = time.time()
print
print "GoLismero ran for %f seconds" % (t2 - t1)
print
assert code == 0
print "Validating the audit database..."
print
validate(audit)
finally:
print "Cleaning up..."
print
try:
os.unlink("%s.db" % audit.audit_name)
except Exception:
pass
print "Done!"
def build_config_from_cmdline():
# Get the command line parser.
parser = cmdline_parser()
# Parse the command line options.
try:
args = sys.argv[1:]
envcfg = getenv("GOLISMERO_SETTINGS")
if envcfg:
args = parser.convert_arg_line_to_args(envcfg) + args
P, V = parser.parse_known_args(args)
if P.targets:
P.targets += V
else:
P.targets = V
P.plugin_args = {}
command = P.command.upper()
if command in COMMANDS:
P.command = command
if command == "RESCAN":
P.command = "SCAN"
P.redo = True
else:
P.redo = False
else:
P.targets.insert(0, P.command)
P.command = "SCAN"
# Load the Orchestrator options.
cmdParams = OrchestratorConfig()
cmdParams.command = P.command
if P.config:
cmdParams.config_file = path.abspath(P.config)
if not path.isfile(cmdParams.config_file):
raise ValueError("File not found: %s" % cmdParams.config_file)
if cmdParams.config_file:
cmdParams.from_config_file(cmdParams.config_file,
allow_profile=True)
if P.user_config:
cmdParams.user_config_file = path.abspath(P.user_config)
if not path.isfile(cmdParams.user_config_file):
raise ValueError("File not found: %s" %
cmdParams.user_config_file)
if cmdParams.user_config_file:
cmdParams.from_config_file(cmdParams.user_config_file,
allow_profile=True)
if P.profile:
cmdParams.profile = P.profile
cmdParams.profile_file = get_profile(cmdParams.profile)
if cmdParams.profile_file:
cmdParams.from_config_file(cmdParams.profile_file)
cmdParams.from_object(P)
cmdParams.plugin_load_overrides = P.plugin_load_overrides
# Enable console colors if requested.
Console.use_colors = cmdParams.color
# Show the program banner.
parser.must_show_banner = False
if cmdParams.verbose:
show_banner()
# Load the target audit options.
auditParams = AuditConfig()
auditParams.profile = cmdParams.profile
auditParams.profile_file = cmdParams.profile_file
auditParams.config_file = cmdParams.config_file
auditParams.user_config_file = cmdParams.user_config_file
if auditParams.config_file:
auditParams.from_config_file(auditParams.config_file)
if auditParams.user_config_file:
auditParams.from_config_file(auditParams.user_config_file)
if auditParams.profile_file:
auditParams.from_config_file(auditParams.profile_file)
auditParams.from_object(P)
auditParams.plugin_load_overrides = P.plugin_load_overrides
# If importing is turned off, remove the list of imports.
# FIXME this should be done by argparse in argument order!
if P.disable_importing:
auditParams.imports = []
# If reports are turned off, remove the list of reports.
# Otherwise, if no reports are specified, default to screen report.
# FIXME this should be done by argparse in argument order!
if P.disable_reporting:
auditParams.reports = []
elif (not auditParams.reports
and (P.command != "REPORT" or not auditParams.targets)):
auditParams.reports = ["-"]
if auditParams.only_vulns is None:
auditParams.only_vulns = True
# Show exceptions as command line parsing errors.
except Exception, e:
##raise # XXX DEBUG
parser.error("arguments error: %s" % str(e))
def main():
# Get the config file name.
config_file = get_default_config_file()
if not config_file:
raise RuntimeError("Could not find config file, aborting!")
# Load the Orchestrator options.
orchestrator_config = OrchestratorConfig()
orchestrator_config.ui_mode = "web"
orchestrator_config.colorize = False
orchestrator_config.config_file = config_file
orchestrator_config.from_config_file(orchestrator_config.config_file, allow_profile = True)
if orchestrator_config.profile:
orchestrator_config.profile_file = get_profile(orchestrator_config.profile)
if orchestrator_config.profile_file:
orchestrator_config.from_config_file(orchestrator_config.profile_file)
else:
raise RuntimeError("Could not find profile, aborting!")
# Get the plugins folder from the parameters.
# If no plugins folder is given, use the default.
plugins_folder = orchestrator_config.plugins_folder
if not plugins_folder:
plugins_folder = path.abspath(__file__)
plugins_folder = path.dirname(plugins_folder)
plugins_folder = path.join(plugins_folder, "plugins")
if not path.isdir(plugins_folder):
from golismero import common
plugins_folder = path.abspath(common.__file__)
plugins_folder = path.dirname(plugins_folder)
plugins_folder = path.join(plugins_folder, "plugins")
if not path.isdir(plugins_folder):
raise RuntimeError("Default plugins folder not found, aborting!")
orchestrator_config.plugins_folder = plugins_folder
# Check if all options are correct.
orchestrator_config.check_params()
# Launch GoLismero.
launcher.run(orchestrator_config)
def main():
# Show the program banner.
show_banner()
# Get the command line parser.
parser = cmdline_parser()
# Parse the command line options.
try:
args = sys.argv[1:]
envcfg = getenv("GOLISMERO_SETTINGS")
if envcfg:
args = parser.convert_arg_line_to_args(envcfg) + args
P = parser.parse_args(args)
# Load the Orchestrator options.
cmdParams = OrchestratorConfig()
if P.config:
cmdParams.config_file = path.abspath(P.config)
if not path.isfile(cmdParams.config_file):
raise ValueError("File not found: %r" % cmdParams.config_file)
if cmdParams.config_file:
cmdParams.from_config_file(cmdParams.config_file, allow_profile = True)
if P.profile:
cmdParams.profile = P.profile
cmdParams.profile_file = get_profile(cmdParams.profile)
if cmdParams.profile_file:
cmdParams.from_config_file(cmdParams.profile_file)
cmdParams.from_object(P)
cmdParams.plugin_load_overrides = P.plugin_load_overrides
# Load the target audit options.
auditParams = AuditConfig()
auditParams.profile = cmdParams.profile
auditParams.profile_file = cmdParams.profile_file
auditParams.config_file = cmdParams.config_file
if auditParams.config_file:
auditParams.from_config_file(auditParams.config_file)
if auditParams.profile_file:
auditParams.from_config_file(auditParams.profile_file)
auditParams.from_object(P)
auditParams.plugin_load_overrides = P.plugin_load_overrides
# If importing is turned off, remove the list of imports.
if P.disable_importing:
auditParams.imports = []
# If reports are turned off, remove the list of reports.
# Otherwise, if no reports are specified, default to screen report.
if P.disable_reporting:
auditParams.reports = []
elif not auditParams.reports:
auditParams.reports = ["-"]
# If there are no targets but there's a database,
# get the targets (scope) from the database.
if not auditParams.targets and auditParams.audit_db:
try:
cfg = AuditDB.get_config_from_closed_database(
auditParams.audit_db, auditParams.audit_name)
if cfg:
auditParams.targets = cfg.targets
auditParams.include_subdomains = cfg.include_subdomains
if cmdParams.verbose > 1:
if auditParams.targets:
print "Found the following targets in the database:"
for t in auditParams.targets:
print "--> " + t
print
except Exception:
pass
##raise # XXX DEBUG
# Show exceptions as command line parsing errors.
except Exception, e:
##raise # XXX DEBUG
parser.error(str(e))
def main():
# Get the command line parser.
parser = cmdline_parser()
# Parse the command line options.
try:
args = sys.argv[1:]
envcfg = getenv("GOLISMERO_SETTINGS")
if envcfg:
args = parser.convert_arg_line_to_args(envcfg) + args
P = parser.parse_args(args)
command = P.command.upper()
if command in COMMANDS:
P.command = command
else:
P.targets.insert(0, P.command)
P.command = "SCAN"
# Load the Orchestrator options.
cmdParams = OrchestratorConfig()
cmdParams.command = P.command
if P.config:
cmdParams.config_file = path.abspath(P.config)
if not path.isfile(cmdParams.config_file):
raise ValueError("File not found: %r" % cmdParams.config_file)
if cmdParams.config_file:
cmdParams.from_config_file(cmdParams.config_file, allow_profile = True)
if P.profile:
cmdParams.profile = P.profile
cmdParams.profile_file = get_profile(cmdParams.profile)
if cmdParams.profile_file:
cmdParams.from_config_file(cmdParams.profile_file)
cmdParams.from_object(P)
cmdParams.plugin_load_overrides = P.plugin_load_overrides
# Enable console colors if requested.
Console.use_colors = cmdParams.color
# Show the program banner.
parser.must_show_banner = False
if cmdParams.verbose:
show_banner()
# Load the target audit options.
auditParams = AuditConfig()
auditParams.profile = cmdParams.profile
auditParams.profile_file = cmdParams.profile_file
auditParams.config_file = cmdParams.config_file
if auditParams.config_file:
auditParams.from_config_file(auditParams.config_file)
if auditParams.profile_file:
auditParams.from_config_file(auditParams.profile_file)
auditParams.from_object(P)
auditParams.plugin_load_overrides = P.plugin_load_overrides
# If importing is turned off, remove the list of imports.
if P.disable_importing:
auditParams.imports = []
# If reports are turned off, remove the list of reports.
# Otherwise, if no reports are specified, default to screen report.
if P.disable_reporting:
auditParams.reports = []
elif not auditParams.reports and P.command in ("SCAN", "REPORT"):
auditParams.reports = ["-"]
if auditParams.only_vulns is None:
auditParams.only_vulns = True
# Show exceptions as command line parsing errors.
except Exception, e:
##raise # XXX DEBUG
parser.error(str(e))
def helper_auditdb_stress(n, dbname = ":auto:"):
main_config = OrchestratorConfig()
main_config.ui_mode = "disabled"
audit_config = AuditConfig()
audit_config.targets = ["www.example.com"]
audit_config.audit_db = dbname
with PluginTester(main_config, audit_config) as t:
disk = t.audit.database
assert type(disk) is AuditSQLiteDB
print " Testing %d elements..." % (n * 3)
t1 = time.time()
print " -> Writing..."
for x in xrange(n):
d1 = Url("http://www.example.com/" + generate_random_string())
d2 = Text(generate_random_string())
d3 = UrlDisclosure(d1)
d1.add_information(d2)
disk.add_data(d1)
disk.add_data(d2)
disk.add_data(d3)
t2 = time.time()
print " -- Reading..."
keys = disk.get_data_keys()
assert len(keys) == (n * 3)
for key in keys:
assert disk.has_data_key(key)
data = disk.get_data(key)
assert data is not None
keys = disk.get_data_keys(Data.TYPE_INFORMATION)
assert len(keys) == n
for key in keys:
assert disk.has_data_key(key, Data.TYPE_INFORMATION)
data = disk.get_data(key, Data.TYPE_INFORMATION)
assert data is not None
assert data.data_type == Data.TYPE_INFORMATION
assert isinstance(data, Text)
keys = disk.get_data_keys(Data.TYPE_RESOURCE)
assert len(keys) == n
for key in keys:
assert disk.has_data_key(key, Data.TYPE_RESOURCE)
data = disk.get_data(key, Data.TYPE_RESOURCE)
assert data is not None
assert data.data_type == Data.TYPE_RESOURCE
assert isinstance(data, Url)
keys = disk.get_data_keys(Data.TYPE_VULNERABILITY)
assert len(keys) == n
for key in keys:
assert disk.has_data_key(key, Data.TYPE_VULNERABILITY)
data = disk.get_data(key, Data.TYPE_VULNERABILITY)
assert data is not None
assert data.data_type == Data.TYPE_VULNERABILITY
assert isinstance(data, UrlDisclosure)
t3 = time.time()
print " <- Deleting..."
for key in keys:
disk.remove_data(key)
t4 = time.time()
print " Write time: %d seconds (%f seconds per element)" % (t2 - t1, (t2 - t1) / (n * 3.0))
print " Read time: %d seconds (%f seconds per element)" % (t3 - t2, (t3 - t2) / (n * 3.0))
print " Delete time: %d seconds (%f seconds per element)" % (t4 - t3, (t4 - t3) / (n * 3.0))
print " Total time: %d seconds (%f seconds per element)" % (t4 - t1, (t4 - t1) / (n * 3.0))
def gen():
pluginManager = PluginManager()
pluginManager.find_plugins(OrchestratorConfig())
for plugin_type in categories:
with open(path.join(here, plugin_type + ".rst"), "w") as f:
name = get_plugin_type_display_name(plugin_type)
print >> f, name
print >> f, "*" * len(name)
print >> f, ""
print >> f, get_plugin_type_description(plugin_type)
print >> f, ""
plugins = pluginManager.get_plugins(plugin_type)
if plugins:
for plugin_id in sorted(plugins.keys()):
plugin_info = plugins[plugin_id]
display_name = "%s (*%s*)" % (
plugin_info.display_name,
plugin_id[plugin_id.rfind("/") + 1:])
description = plugin_info.description
description = description.replace("\r\n", "\n")
description = description.replace("\n", "\n\n")
print >> f, display_name
print >> f, "=" * len(display_name)
print >> f, ""
print >> f, description
print >> f, ""
if plugin_info.plugin_args:
width_key = 17
width_value = 17
for key, value in plugin_info.plugin_args.iteritems():
if key in plugin_info.plugin_passwd_args:
value = "\\*" * 16
width_key = max(width_key, len(key))
width_value = max(width_value, len(value))
print >> f, "%s %s" % (("=" * width_key),
("=" * width_value))
print >> f, (
"**Argument name**%s **Default value**%s" %
((" " * (width_key - 17)),
(" " * (width_value - 17)))).rstrip()
print >> f, "%s %s" % (("-" * width_key),
("-" * width_value))
for key, value in plugin_info.plugin_args.iteritems():
value = value.replace("\r\n", "\n")
value = value.replace("\n", " ")
if key in plugin_info.plugin_passwd_args:
value = "\\*" * 16
pad_key = (" " * (width_key - len(key)))
pad_value = (" " * (width_value - len(value)))
print >> f, (
"%s%s %s%s" %
(key, pad_key, value, pad_value)).rstrip()
print >> f, ("%s %s" % (("=" * width_key),
("=" * width_value))).rstrip()
print >> f, ""
else:
print >> f, "There are currently no plugins in this category."
print >> f, ""
with open(path.join(here, plugin_type + ".rst"), "rU") as f:
data = f.read()
with open(path.join(here, plugin_type + ".rst"), "wb") as f:
f.write(data)
with open("index.rst", "wb") as f:
f.write(index)
for plugin_type in categories:
f.write(" %s\n" % plugin_type)
def main():
# Get the config file name.
config_file = get_default_config_file()
if not config_file:
raise RuntimeError("Could not find config file, aborting!")
# Load the Orchestrator options.
orchestrator_config = OrchestratorConfig()
orchestrator_config.ui_mode = "web"
orchestrator_config.color = False
orchestrator_config.config_file = config_file
orchestrator_config.from_config_file(orchestrator_config.config_file,
allow_profile=True)
if orchestrator_config.profile:
orchestrator_config.profile_file = get_profile(
orchestrator_config.profile)
if orchestrator_config.profile_file:
orchestrator_config.from_config_file(
orchestrator_config.profile_file)
else:
raise RuntimeError("Could not find profile, aborting!")
# Get the plugins folder from the parameters.
# If no plugins folder is given, use the default.
plugins_folder = orchestrator_config.plugins_folder
if not plugins_folder:
plugins_folder = path.abspath(__file__)
plugins_folder = path.dirname(plugins_folder)
plugins_folder = path.join(plugins_folder, "plugins")
if not path.isdir(plugins_folder):
from golismero import common
plugins_folder = path.abspath(common.__file__)
plugins_folder = path.dirname(plugins_folder)
plugins_folder = path.join(plugins_folder, "plugins")
if not path.isdir(plugins_folder):
raise RuntimeError(
"Default plugins folder not found, aborting!")
orchestrator_config.plugins_folder = plugins_folder
# Check if all options are correct.
orchestrator_config.check_params()
# Launch GoLismero.
launcher.run(orchestrator_config)
def daemon_main(listen_address, listen_port, server_push):
# Get the config file name.
config_file = get_default_config_file()
if not config_file:
raise RuntimeError("Could not find config file, aborting!")
# Load the Orchestrator options.
orchestrator_config = OrchestratorConfig()
orchestrator_config.config_file = config_file
orchestrator_config.from_config_file(orchestrator_config.config_file, allow_profile=True)
if orchestrator_config.profile:
orchestrator_config.profile_file = get_profile(orchestrator_config.profile)
if orchestrator_config.profile_file:
orchestrator_config.from_config_file(orchestrator_config.profile_file)
else:
raise RuntimeError("Could not find profile, aborting!")
# Get the plugins folder from the parameters.
# If no plugins folder is given, use the default.
plugins_folder = orchestrator_config.plugins_folder
if not plugins_folder:
plugins_folder = path.abspath(__file__)
plugins_folder = path.dirname(plugins_folder)
plugins_folder = path.join(plugins_folder, "plugins")
if not path.isdir(plugins_folder):
from golismero import common
plugins_folder = path.abspath(common.__file__)
plugins_folder = path.dirname(plugins_folder)
plugins_folder = path.join(plugins_folder, "plugins")
if not path.isdir(plugins_folder):
raise RuntimeError("Default plugins folder not found, aborting!")
orchestrator_config.plugins_folder = plugins_folder
# Load the daemon configuration from command line.
if listen_address:
orchestrator_config.listen_address = listen_address
if listen_port:
orchestrator_config.listen_port = listen_port
if server_push:
orchestrator_config.server_push = server_push
# Force the daemon UI plugin.
orchestrator_config.ui_mode = "daemon"
# Force disable colored output.
orchestrator_config.color = False
# Force maximum verbosity level.
orchestrator_config.verbose = Logger.MORE_VERBOSE
# Launch GoLismero.
launcher.run(orchestrator_config)
def helper_auditdb_stress(n):
main_config = OrchestratorConfig()
main_config.ui_mode = "disabled"
audit_config = AuditConfig()
audit_config.targets = ["www.example.com"]
audit_config.audit_db = "sqlite://"
with PluginTester(main_config, audit_config) as t:
disk = t.audit.database
assert type(disk) is AuditSQLiteDB
print " Testing %d elements..." % (n * 3)
t1 = time.time()
print " -> Writing..."
for x in xrange(n):
d1 = Url("http://www.example.com/" + generate_random_string())
d2 = Text(generate_random_string())
d3 = UrlDisclosure(d1)
d1.add_information(d2)
disk.add_data(d1)
disk.add_data(d2)
disk.add_data(d3)
t2 = time.time()
print " -- Reading..."
keys = disk.get_data_keys()
assert len(keys) == (n * 3)
for key in keys:
assert disk.has_data_key(key)
data = disk.get_data(key)
assert data is not None
keys = disk.get_data_keys(Data.TYPE_INFORMATION)
assert len(keys) == n
for key in keys:
assert disk.has_data_key(key, Data.TYPE_INFORMATION)
data = disk.get_data(key, Data.TYPE_INFORMATION)
assert data is not None
assert data.data_type == Data.TYPE_INFORMATION
assert isinstance(data, Text)
keys = disk.get_data_keys(Data.TYPE_RESOURCE)
assert len(keys) == n
for key in keys:
assert disk.has_data_key(key, Data.TYPE_RESOURCE)
data = disk.get_data(key, Data.TYPE_RESOURCE)
assert data is not None
assert data.data_type == Data.TYPE_RESOURCE
assert isinstance(data, Url)
keys = disk.get_data_keys(Data.TYPE_VULNERABILITY)
assert len(keys) == n
for key in keys:
assert disk.has_data_key(key, Data.TYPE_VULNERABILITY)
data = disk.get_data(key, Data.TYPE_VULNERABILITY)
assert data is not None
assert data.data_type == Data.TYPE_VULNERABILITY
assert isinstance(data, UrlDisclosure)
t3 = time.time()
print " <- Deleting..."
for key in keys:
disk.remove_data(key)
t4 = time.time()
print " Write time: %d seconds (%f seconds per element)" % (
t2 - t1, (t2 - t1) / (n * 3.0))
print " Read time: %d seconds (%f seconds per element)" % (
t3 - t2, (t3 - t2) / (n * 3.0))
print " Delete time: %d seconds (%f seconds per element)" % (
t4 - t3, (t4 - t3) / (n * 3.0))
print " Total time: %d seconds (%f seconds per element)" % (
t4 - t1, (t4 - t1) / (n * 3.0))
