def test_soup_url_count(self): """Test if the amount of URLs found complies with the expected amount.""" html = "" for url in self.__urls: html += "\n" + url["test"] request = Request(self.__host) response = Response() response.text = html finder = HTMLSoupFormScraper(Options(), QueueItem(request, response)) matches = finder.get_requests() self.assertEqual(len(matches), 4)
def test_soup_url_matches(self): """Test if all the URLs match the found URLs.""" for url in self.__urls: request = Request(self.__host) response = Response() response.text = url["test"] finder = SoupFormScraper(Options(), QueueItem(request, response)) requests = finder.get_requests() if url["must_pass"]: self.assertEqual(requests[0].url, url["url"]) self.assertEqual(len(requests), 1) else: self.assertEqual(len(requests), 0)
def get_item_copy(self): """Copy the current queue item. Returns: :class:`nyawc.QueueItem`: A copy of the current queue item. """ request = copy.deepcopy(self.__queue_item.request) return QueueItem(request, Response(request.url))
def test_regex_url_count(self): """Test if the amount of URLs found complies with the expected amount.""" html = "" for url in self.__urls: html += "\n" + url["test"] finder = HTMLRegexLinkScraper(Options(), QueueItem(Request(""), Response())) matches = finder.get_requests_from_content(self.__host, html) self.assertEqual(len(matches), 30)
def test_regex_url_matches(self): """Test if all the URLs match the found URLs.""" for url in self.__urls: finder = HTMLRegexLinkScraper(Options(), QueueItem(Request(""), Response())) requests = finder.get_requests_from_content(self.__host, url["test"]) if url["must_pass"]: self.assertEqual(len(requests), 1) self.assertEqual(requests[0].url, url["url"]) else: self.assertEqual(len(requests), 0)
def add_request(self, request): """Add a request to the queue. Args: request (obj): The request to add. Returns: obj: The created queue item. """ queue_item = QueueItem(request, Response()) self.add(queue_item) return queue_item
def add_request(self, request): """Add a request to the queue. Args: request (:class:`nyawc.http.Request`): The request to add. Returns: :class:`nyawc.QueueItem`: The created queue item. """ queue_item = QueueItem(request, Response(request.url)) self.add(queue_item) return queue_item
def test_version_detect(self): """Check if a single (stable) AngularJS version is detected by ACSTIS.""" server = LocalAngularServer() server.start(LocalAngularServer.HANDLER_VULNERABLE_TEST, {"asset": "https://code.angularjs.org/1.5.8/angular.min.js"}) domain = "http://" + server.url + "?vulnerable=payload" version = BrowserHelper.javascript( QueueItem(Request(domain), Response(domain)), "return angular.version.full" ) server.stop() self.assertEqual("1.5.8", version)
def has_request(self, request): """Check if the given request already exists in the queue. Args: request (obj): The request to check. Returns: bool: True if already exists, False otherwise. """ queue_item = QueueItem(request, Response()) key = self.__get_hash(queue_item) for status in QueueItem.STATUSES: if key in self.__get_var("items_" + status).keys(): return True return False
def __set_angular_version(self, startpoint): """Find and set the AngularJS version as class attribute Args: startpoint (:class:`nyawc.http.Request`): The startpoint request. Returns: str: True if found and set, False otherwise. """ if self.__args.angular_version: self.__angular_version = self.__args.angular_version colorlog.getLogger().info("Found AngularJS version " + self.__angular_version + " in the arguments.") return True colorlog.getLogger().info( "Looking for AngularJS version using a headless browser.") colorlog.getLogger().info("Waiting until DOM is completely loaded.") self.__angular_version = BrowserHelper.javascript( QueueItem(startpoint, Response(self.__args.domain)), "return angular.version.full") if self.__angular_version: colorlog.getLogger().info("Found AngularJS version " + self.__angular_version + ".") return True colorlog.getLogger().error( "Couldn't determine the AngularJS version (`angular.version.full` threw an exception)." ) colorlog.getLogger().error( "If you are certain this URL uses AngularJS, specify the version via the `--angular-version` argument." ) return False