Exemplo n.º 1
0
 def test_enable_coloring(self):
     uri = URL(self.SQLI_GET)
     target = Target(uri)
     
     sqlmap = SQLMapWrapper(target, self.uri_opener, coloring=True)
     params = sqlmap.get_wrapper_params()
     self.assertNotIn('--disable-coloring', params)
Exemplo n.º 2
0
    def test_enable_coloring(self):
        uri = URL(self.SQLI_GET)
        target = Target(uri)

        sqlmap = SQLMapWrapper(target, self.uri_opener, coloring=True)
        params = sqlmap.get_wrapper_params()
        self.assertNotIn('--disable-coloring', params)
Exemplo n.º 3
0
class TestSQLMapWrapper(unittest.TestCase):
    
    SQLI_GET = 'http://moth/w3af/audit/sql_injection/select/'\
               'sql_injection_string.php?name=andres'

    SSL_SQLI_GET = 'http://moth/w3af/audit/sql_injection/select/'\
                   'sql_injection_string.php?name=andres'

    SQLI_POST = 'http://moth/w3af/audit/sql_injection/select/'\
                'sql_injection_string.php'
    
    DATA_POST = 'name=andres'
    
    def setUp(self):
        uri = URL(self.SQLI_GET)
        target = Target(uri)
        
        self.uri_opener = ExtendedUrllib()
        
        self.sqlmap = SQLMapWrapper(target, self.uri_opener)
    
    def tearDown(self):
        self.uri_opener.end()
        self.sqlmap.cleanup()
    
    @classmethod
    def setUpClass(cls):
        output_dir = os.path.join(SQLMapWrapper.SQLMAP_LOCATION, 'output')
        if os.path.exists(output_dir):
            shutil.rmtree(output_dir)

    @classmethod
    def tearDownClass(cls):
        # Doing this in both setupclass and teardownclass in order to be sure
        # that a ctrl+c doesn't break it
        output_dir = os.path.join(SQLMapWrapper.SQLMAP_LOCATION, 'output')
        if os.path.exists(output_dir):
            shutil.rmtree(output_dir)
        
    def test_verify_vulnerability(self):
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)
    
    def test_verify_vulnerability_ssl(self):
        uri = URL(self.SSL_SQLI_GET)
        target = Target(uri)
        
        self.uri_opener = ExtendedUrllib()
        
        self.sqlmap = SQLMapWrapper(target, self.uri_opener)
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)

    def test_verify_vulnerability_false(self):
        not_vuln = 'http://moth/w3af/audit/sql_injection/select/'\
                   'sql_injection_string.php?fake=invalid'
        uri = URL(not_vuln)
        target = Target(uri)
        
        self.sqlmap = SQLMapWrapper(target, self.uri_opener)
        
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertFalse(vulnerable)
        
    def test_verify_vulnerability_POST(self):
        target = Target(URL(self.SQLI_POST), self.DATA_POST)
        
        self.sqlmap = SQLMapWrapper(target, self.uri_opener)
        
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)
        
    def test_wrapper_invalid_url(self):
        self.assertRaises(TypeError, SQLMapWrapper, self.SQLI_GET, self.uri_opener)
    
    def test_stds(self):
        uri = URL(self.SQLI_GET)
        target = Target(uri)
        
        self.sqlmap = SQLMapWrapper(target, self.uri_opener)
        
        prms = ['--batch',]
        cmd, process = self.sqlmap.run_sqlmap_with_pipes(prms)
        
        self.assertIsInstance(process.stdout, file)
        self.assertIsInstance(process.stderr, file)
        self.assertIsInstance(process.stdin, file)
        self.assertIsInstance(cmd, basestring)
        
        self.assertIn('sqlmap.py', cmd)
        
    def test_target_basic(self):
        target = Target(URL(self.SQLI_GET))
        params = target.to_params()
        
        self.assertEqual(params, ["--url=%s" % self.SQLI_GET])
    
    def test_target_post_data(self):
        target = Target(URL(self.SQLI_GET), self.DATA_POST)
        params = target.to_params()
        
        self.assertEqual(params, ["--url=%s" % self.SQLI_GET,
                                  "--data=%s" % self.DATA_POST])
    
    def test_no_coloring(self):
        params = self.sqlmap.get_wrapper_params()
        self.assertIn('--disable-coloring', params)

    def test_always_batch(self):
        params = self.sqlmap.get_wrapper_params()
        self.assertIn('--batch', params)
        
    def test_use_proxy(self):
        params = self.sqlmap.get_wrapper_params()
        
        self.assertTrue(any(i.startswith('--proxy=http://127.0.0.1:') for i in params))

    def test_enable_coloring(self):
        uri = URL(self.SQLI_GET)
        target = Target(uri)
        
        sqlmap = SQLMapWrapper(target, self.uri_opener, coloring=True)
        params = sqlmap.get_wrapper_params()
        self.assertNotIn('--disable-coloring', params)
        
    def test_dbs(self):
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)
        
        cmd, process = self.sqlmap.dbs()
        output = process.stdout.read()
        
        self.assertIn('fetching database names', output)
        self.assertIn('available databases', output)
        self.assertIn('information_schema', output)

    def test_tables(self):
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)
        
        cmd, process = self.sqlmap.tables()
        output = process.stdout.read()
        
        self.assertIn('fetching tables for databases:', output)
        self.assertIn('Database: information_schema', output)
        self.assertIn('COLUMN_PRIVILEGES', output)

    def test_users(self):
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)
        
        cmd, process = self.sqlmap.users()
        output = process.stdout.read()
        
        self.assertIn('debian-sys-maint', output)
        self.assertIn('localhost', output)
        self.assertIn('root', output)

    def test_dump(self):
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)
        
        cmd, process = self.sqlmap.dump()
        output = process.stdout.read()
        
        self.assertIn('email', output)
        self.assertIn('phone', output)
        self.assertIn('address', output)
        self.assertIn('47789900', output)
        
    def test_sqlmap(self):
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)
        
        cmd, process = self.sqlmap.direct('--dump -D w3af_test -T users')
        output = process.stdout.read()
        
        self.assertIn('email', output)
        self.assertIn('phone', output)
        self.assertIn('address', output)
        self.assertIn('47789900', output)
        
        self.assertNotIn('information_schema', output)
        self.assertNotIn('COLUMN_PRIVILEGES', output)
Exemplo n.º 4
0
class TestSQLMapWrapper(unittest.TestCase):

    SQLI_GET = 'http://moth/w3af/audit/sql_injection/select/'\
               'sql_injection_string.php?name=andres'

    SSL_SQLI_GET = 'http://moth/w3af/audit/sql_injection/select/'\
                   'sql_injection_string.php?name=andres'

    SQLI_POST = 'http://moth/w3af/audit/sql_injection/select/'\
                'sql_injection_string.php'

    DATA_POST = 'name=andres'

    def setUp(self):
        uri = URL(self.SQLI_GET)
        target = Target(uri)

        self.uri_opener = ExtendedUrllib()

        self.sqlmap = SQLMapWrapper(target, self.uri_opener)

    def tearDown(self):
        self.uri_opener.end()
        self.sqlmap.cleanup()

    @classmethod
    def setUpClass(cls):
        output_dir = os.path.join(SQLMapWrapper.SQLMAP_LOCATION, 'output')
        if os.path.exists(output_dir):
            shutil.rmtree(output_dir)

    @classmethod
    def tearDownClass(cls):
        # Doing this in both setupclass and teardownclass in order to be sure
        # that a ctrl+c doesn't break it
        output_dir = os.path.join(SQLMapWrapper.SQLMAP_LOCATION, 'output')
        if os.path.exists(output_dir):
            shutil.rmtree(output_dir)

    def test_verify_vulnerability(self):
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)

    def test_verify_vulnerability_ssl(self):
        uri = URL(self.SSL_SQLI_GET)
        target = Target(uri)

        self.uri_opener = ExtendedUrllib()

        self.sqlmap = SQLMapWrapper(target, self.uri_opener)
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)

    def test_verify_vulnerability_false(self):
        not_vuln = 'http://moth/w3af/audit/sql_injection/select/'\
                   'sql_injection_string.php?fake=invalid'
        uri = URL(not_vuln)
        target = Target(uri)

        self.sqlmap = SQLMapWrapper(target, self.uri_opener)

        vulnerable = self.sqlmap.is_vulnerable()
        self.assertFalse(vulnerable)

    def test_verify_vulnerability_POST(self):
        target = Target(URL(self.SQLI_POST), self.DATA_POST)

        self.sqlmap = SQLMapWrapper(target, self.uri_opener)

        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)

    def test_wrapper_invalid_url(self):
        self.assertRaises(TypeError, SQLMapWrapper, self.SQLI_GET,
                          self.uri_opener)

    def test_stds(self):
        uri = URL(self.SQLI_GET)
        target = Target(uri)

        self.sqlmap = SQLMapWrapper(target, self.uri_opener)

        prms = [
            '--batch',
        ]
        cmd, process = self.sqlmap.run_sqlmap_with_pipes(prms)

        self.assertIsInstance(process.stdout, file)
        self.assertIsInstance(process.stderr, file)
        self.assertIsInstance(process.stdin, file)
        self.assertIsInstance(cmd, basestring)

        self.assertIn('sqlmap.py', cmd)

    def test_target_basic(self):
        target = Target(URL(self.SQLI_GET))
        params = target.to_params()

        self.assertEqual(params, ["--url=%s" % self.SQLI_GET])

    def test_target_post_data(self):
        target = Target(URL(self.SQLI_GET), self.DATA_POST)
        params = target.to_params()

        self.assertEqual(
            params, ["--url=%s" % self.SQLI_GET,
                     "--data=%s" % self.DATA_POST])

    def test_no_coloring(self):
        params = self.sqlmap.get_wrapper_params()
        self.assertIn('--disable-coloring', params)

    def test_always_batch(self):
        params = self.sqlmap.get_wrapper_params()
        self.assertIn('--batch', params)

    def test_use_proxy(self):
        params = self.sqlmap.get_wrapper_params()

        self.assertTrue(
            any(i.startswith('--proxy=http://127.0.0.1:') for i in params))

    def test_enable_coloring(self):
        uri = URL(self.SQLI_GET)
        target = Target(uri)

        sqlmap = SQLMapWrapper(target, self.uri_opener, coloring=True)
        params = sqlmap.get_wrapper_params()
        self.assertNotIn('--disable-coloring', params)

    def test_dbs(self):
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)

        cmd, process = self.sqlmap.dbs()
        output = process.stdout.read()

        self.assertIn('fetching database names', output)
        self.assertIn('available databases', output)
        self.assertIn('information_schema', output)

    def test_tables(self):
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)

        cmd, process = self.sqlmap.tables()
        output = process.stdout.read()

        self.assertIn('fetching tables for databases:', output)
        self.assertIn('Database: information_schema', output)
        self.assertIn('COLUMN_PRIVILEGES', output)

    def test_users(self):
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)

        cmd, process = self.sqlmap.users()
        output = process.stdout.read()

        self.assertIn('debian-sys-maint', output)
        self.assertIn('localhost', output)
        self.assertIn('root', output)

    def test_dump(self):
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)

        cmd, process = self.sqlmap.dump()
        output = process.stdout.read()

        self.assertIn('email', output)
        self.assertIn('phone', output)
        self.assertIn('address', output)
        self.assertIn('47789900', output)

    def test_sqlmap(self):
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)

        cmd, process = self.sqlmap.direct('--dump -D w3af_test -T users')
        output = process.stdout.read()

        self.assertIn('email', output)
        self.assertIn('phone', output)
        self.assertIn('address', output)
        self.assertIn('47789900', output)

        self.assertNotIn('information_schema', output)
        self.assertNotIn('COLUMN_PRIVILEGES', output)