def download_page(self,
url,
parameters={"value": "test"},
remember_visited=None):
first_parameter, value = parameters.popitem()
html = "<html>" + form + value + unquote(url) + "</html>"
return Page(url, html, {}, 300)
def download_page(self,
url,
parameters=None,
remember_visited=None):
url = unquote(str(url.encode('ascii', 'replace')))
return Page("/", "<html>" + url.replace('>', '') + "</html>",
{}, 200)
def download_page(self, url, parameters=None,
remember_visited=None):
if "token" in parameters:
if parameters["token"] == token:
return default_page
return Page("/", "<html></html>", {}, 400)
def download_page(self,
url,
parameters=None,
remember_visited=None):
first_parameter, value = parameters.popitem()
html = "<html>" + form + value + "</html>"
return Page("/", html, {}, 200)
def test_combo_vulnerable_site(self):
default_page = Page(
"/?test=random", '<html><form action="/test">'
'<input type="text" name="random" />'
'</form></html>', {}, 200)
class ComboVulnerableSite(tutil.ClientSite):
def download_page(self,
url,
parameters={"random": "none"},
remember_visited=None):
if parameters["random"]:
item = parameters["random"].encode('ascii', 'ignore')
else:
item = "none"
try:
url = url.decode('ascii', 'replace')
except AttributeError:
url = url
return Page(
"/", "<html>" + item.decode() + unquote(url) + "</html>",
{}, 500)
webvulnscan.attacks.exotic_characters(default_page,
ComboVulnerableSite())
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
def download_page(self,
url,
parameters=None,
remember_visited=None):
if parameters["random"]:
item = parameters["random"].encode('ascii', 'replace')
else:
item = "none"
return Page("/", "<html>" + str(item) + "</html>", {}, 200)
def download_page(self,
url,
parameters=None,
remember_visited=None):
try:
url = url.decode('ascii', 'replace')
except AttributeError:
url = url
return Page("/", "<html>" + url.replace('>', '') + "</html>",
{}, 200)
def download_page(self,
url,
parameters={"random": "none"},
remember_visited=None):
if parameters["random"]:
item = parameters["random"].encode('ascii', 'ignore')
else:
item = "none"
return Page(
"/",
"<html>" + item.decode() + unquote(str(url)) + "</html>",
{}, 500)
def test_static_site(self):
default_page = Page("/", "<html></html>", {}, 200)
class StaticSite(tutil.ClientSite):
def download_page(self, url, parameters=None,
remember_visited=None):
return default_page
webvulnscan.attacks.csrf(default_page, StaticSite())
output = sys.stdout.getvalue().strip()
self.assertEqual(output, "")
def test_csrf_vulnerable(self):
form = '<form action="/"><input name="text" type="text" /></form>'
default_page = Page("/", "<html>" + form + "</html>", {}, 200)
class VulnerableSite(tutil.ClientSite):
def download_page(self, url, parameters=None,
remember_visited=None):
return default_page
webvulnscan.attacks.csrf(default_page, VulnerableSite())
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
def test_vulnerable_site_with_link(self):
default_page = Page("/", '<html><a href="/somesite?test"></a></html>',
{'Content-Type': 'text/html'}, 200)
class VulnerableLinkSite(tutil.ClientSite):
def download_page(self,
url,
parameters=None,
remember_visited=None):
return default_page
webvulnscan.attacks.clickjack(default_page, VulnerableLinkSite())
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
def test_other_content_type(self):
default_page = Page("/", "<html></html>", {"Content-Type": "none"},
200)
class StaticSite(tutil.ClientSite):
def download_page(self,
url,
parameters=None,
remember_visited=None):
return default_page
webvulnscan.attacks.clickjack(default_page, StaticSite())
output = sys.stdout.getvalue().strip()
self.assertEqual(output, "")
def test_url_vulnerable_site(self):
default_page = Page("/test?random=get", "<html></html>", {}, 200)
class UrlVulnerableSite(tutil.ClientSite):
def download_page(self,
url,
parameters=None,
remember_visited=None):
html = "<html>" + unquote(url) + "</html>"
return Page(url, html, {}, 200)
webvulnscan.attacks.xss(default_page, UrlVulnerableSite())
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
def download_page(self,
url,
parameters={"random": "none"},
remember_visited=None):
if parameters["random"]:
item = parameters["random"].encode('ascii', 'ignore')
else:
item = "none"
try:
url = url.decode('ascii', 'replace')
except AttributeError:
url = url
return Page(
"/", "<html>" + item.decode() + unquote(url) + "</html>",
{}, 500)
def test_activated_gzip(self):
default_page = Page("/", "<html></html>", {"Content-Encoding": "GZIP"},
200)
class GzippedSite(tutil.ClientSite):
def download_page(self,
url,
parameters=None,
remember_visited=None):
return default_page
webvulnscan.attacks.breach(default_page, GzippedSite())
print_logs()
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
def test_url_vulnerable_site(self):
default_page = Page("/?test=random", "<html></html>", {}, 200)
class UrlVulnerableSite(tutil.ClientSite):
def download_page(self,
url,
parameters=None,
remember_visited=None):
url = unquote(str(url.encode('ascii', 'replace')))
return Page("/", "<html>" + url.replace('>', '') + "</html>",
{}, 200)
broken_chars(default_page, UrlVulnerableSite())
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
def test_vulnerable_site(self):
default_page = Page("/", '<html><form action="somewhere">'
'</form></html>', {'Content-Type': 'text/html'},
200)
class VulnerableSite(tutil.ClientSite):
def download_page(self,
url,
parameters=None,
remember_visited=None):
return default_page
webvulnscan.attacks.clickjack(default_page, VulnerableSite())
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
def test_post_vulnerable_site(self):
form = '<form action="/"><input name="text" type="text" /></form>'
default_page = Page("/", "<html>" + form + "</html>", {}, 200)
class PostVulnerableSite(tutil.ClientSite):
def download_page(self,
url,
parameters=None,
remember_visited=None):
first_parameter, value = parameters.popitem()
html = "<html>" + form + value + "</html>"
return Page("/", html, {}, 200)
webvulnscan.attacks.xss(default_page, PostVulnerableSite())
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
def test_insecure_site(self):
default_page = Page("/", "<html></html>", {
"Content-Type": "text/html",
"Set-Cookie": "random=test"
}, 200)
class InSecureSite(tutil.ClientSite):
def download_page(self,
url,
parameters=None,
remember_visited=None):
return default_page
webvulnscan.attacks.cookiescan(default_page, InSecureSite())
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
def test_invalid_header_with_link(self):
default_page = Page("/", '<html><a href="/somesite?test"></a></html>',
{
'X-Frame-Options': 'None please!',
'Content-Type': 'text/html'
}, 200)
class InvalidHeaderSite(tutil.ClientSite):
def download_page(self,
url,
parameters=None,
remember_visited=None):
return default_page
webvulnscan.attacks.clickjack(default_page, InvalidHeaderSite())
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
def test_allowfrom_link_site(self):
default_page = Page(
"/", '<html><a href="/somesite?test"></a></html>', {
'X-Frame-Options': 'ALLOW-FROM http://test/',
'Content-Type': 'text/html'
}, 200)
class AllowFromLinkSite(tutil.ClientSite):
def download_page(self,
url,
parameters=None,
remember_visited=None):
return default_page
webvulnscan.attacks.clickjack(default_page, AllowFromLinkSite())
output = sys.stdout.getvalue().strip()
self.assertEqual(output, "")
def test_sameorigin_link_site(self):
default_page = Page("/", '<html><a href="/somesite?test"></a></html>',
{
'X-Frame-Options': 'SAMEORIGIN',
'Content-Type': 'text/html'
}, 200)
class SameOriginLinkSite(tutil.ClientSite):
def download_page(self,
url,
parameters=None,
remember_visited=None):
return default_page
webvulnscan.attacks.clickjack(default_page, SameOriginLinkSite())
output = sys.stdout.getvalue().strip()
self.assertEqual(output, "")
def test_combo_vulnerable_site(self):
form = '<form action="/?value=test">' \
+ '<input name="text" type="text" /></form>'
default_page = Page("/?value=test", "<html>" + form + "</html>", {},
300)
class ComboVulnerableSite(tutil.ClientSite):
def download_page(self,
url,
parameters={"value": "test"},
remember_visited=None):
first_parameter, value = parameters.popitem()
html = "<html>" + form + value + unquote(url) + "</html>"
return Page(url, html, {}, 300)
webvulnscan.attacks.xss(default_page, ComboVulnerableSite())
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
def test_url_vulnerable_site(self):
default_page = Page("/?test=random", "<html></html>", {}, 200)
class UrlVulnerableSite(tutil.ClientSite):
def download_page(self,
url,
parameters=None,
remember_visited=None):
try:
url = url.decode('ascii', 'replace')
except AttributeError:
url = url
return Page("/", "<html>" + url.replace('>', '') + "</html>",
{}, 200)
webvulnscan.attacks.exotic_characters(default_page,
UrlVulnerableSite())
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
def test_post_vulnerable_site(self):
default_page = Page(
"/?test", '<html><form action="/test">'
'<input type="text" name="random" />'
'</form></html>', {}, 200)
class FormVulnerableSite(tutil.ClientSite):
def download_page(self,
url,
parameters=None,
remember_visited=None):
if parameters["random"]:
item = parameters["random"].encode('ascii', 'replace')
else:
item = "none"
return Page("/", "<html>" + str(item) + "</html>", {}, 200)
broken_chars(default_page, FormVulnerableSite())
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
def test_csrf_protected_form(self):
token = tutil.random_string(8)
form = '<form action="/"><input name="text" type="text" />' \
+ '<input name="token" type="hidden" value="' + token \
+ '" /></form>'
default_page = Page("/", "<html>" + form + "</html>", {}, 200)
class ProtectedSite(tutil.ClientSite):
def download_page(self, url, parameters=None,
remember_visited=None):
if "token" in parameters:
if parameters["token"] == token:
return default_page
return Page("/", "<html></html>", {}, 400)
webvulnscan.attacks.csrf(default_page, ProtectedSite())
output = sys.stdout.getvalue().strip()
self.assertEqual(output, "")
def test_breach_vulnerable(self):
token = tutil.random_string(8)
form = '<form action="/?a=b"><input name="text" type="text" />' \
+ '<input name="token" type="hidden" value="' + token \
+ '" /></form>'
default_page = Page("/?a=b", "<html>" + form + "</html>",
{"Content-Encoding": "GZIP"}, 200)
class VulnerableSite(tutil.ClientSite):
def download_page(self,
url,
parameters=None,
remember_visited=None):
return Page(url, "<html>" + form + unquote(url) + "</html>",
{"Content-Encoding": "GZIP"}, 200)
webvulnscan.attacks.breach(default_page, VulnerableSite())
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
def download_page(self,
url,
parameters=None,
remember_visited=None):
html = "<html>" + unquote(url) + "</html>"
return Page(url, html, {}, 200)
def download_page(self,
url,
parameters=None,
remember_visited=None):
return Page(url, "<html></html>", {"Content-Encoding": "GZIP"},
200)
