Python AuditConfig.include_subdomains示例，golismero.common.AuditConfig.include_subdomains Python示例

示例#1

0

显示文件

文件： test_nikto.py 项目： damarsan/golismero

def test_nikto():
    plugin_name = "testing/scan/nikto"
    csv_file = "test_nikto.csv"
    print "Testing plugin: %s" % plugin_name
    audit_config = AuditConfig()
    audit_config.targets = ["www.example.com", "localhost"]
    audit_config.include_subdomains = False
    with PluginTester(audit_config=audit_config) as t:

        print "Testing Nikto plugin parser..."
        plugin, plugin_info = t.get_plugin(plugin_name)
        Config._context._PluginContext__plugin_info = plugin_info
        try:
            r, c = plugin.parse_nikto_results(
                BaseUrl("http://www.example.com/"), path.join(here, csv_file))
            #for d in r:
            #print "-" * 10
            #print repr(d)
            assert c == 3
            assert len(r) == 5
            c = defaultdict(int)
            for d in r:
                c[d.__class__.__name__] += 1
            #print c
            assert c.pop("IP") == 1
            assert c.pop("Url") == 1
            assert c.pop("UrlVulnerability") == 3
            assert len(c) == 0
        finally:
            Config._context._PluginContext__plugin_info = None

        print "Testing Nikto plugin against localhost..."
        r = t.run_plugin(plugin_name, BaseUrl("http://localhost/"))
        for d in r:
            print "\t%r" % d

示例#2

0

显示文件

文件： test_nikto.py 项目： atimorin/golismero

def test_nikto():
    plugin_name = "testing/scan/nikto"
    csv_file = "test_nikto.csv"
    print "Testing plugin: %s" % plugin_name
    audit_config = AuditConfig()
    audit_config.targets = ["www.example.com", "localhost"]
    audit_config.include_subdomains = False
    with PluginTester(audit_config = audit_config) as t:

        print "Testing Nikto plugin parser..."
        plugin, plugin_info = t.get_plugin(plugin_name)
        Config._context._PluginContext__plugin_info = plugin_info
        try:
            r, c = plugin.parse_nikto_results(BaseUrl("http://www.example.com/"),
                                           path.join(here, csv_file))
            #for d in r:
                #print "-" * 10
                #print repr(d)
            assert c == 3
            assert len(r) == 5
            c = defaultdict(int)
            for d in r:
                c[d.__class__.__name__] += 1
            #print c
            assert c.pop("IP") == 1
            assert c.pop("Url") == 1
            assert c.pop("UrlVulnerability") == 3
            assert len(c) == 0
        finally:
            Config._context._PluginContext__plugin_info = None

        print "Testing Nikto plugin against localhost..."
        r = t.run_plugin(plugin_name, BaseUrl("http://localhost/"))
        for d in r:
            print "\t%r" % d

示例#3

0

显示文件

文件： test_scope.py 项目： 5l1v3r1/Golismero-1

def test_scope_example():
    print "Testing scope with: www.example.com"
    main_config = OrchestratorConfig()
    main_config.ui_mode = "disabled"
    main_config.use_colors = False
    audit_config = AuditConfig()
    audit_config.targets = ["http://www.example.com"]
    audit_config.include_subdomains = True
    with PluginTester(main_config, audit_config) as t:
        print Config.audit_scope

        for token, flag in (
            (None, False),
            ("", False),
            ("www.example.com", True),
            ("example.com", True),
            ("com", False),
            ("subdomain.example.com", True),
            ("subdomain.www.example.com", True),
            ("www.example.org", False),
            ("wwwexample.com", False),
            ("www.wrong.com", False),
            ("127.0.0.1", False),
            ("::1", False),
            ("[::1]", False),
            ("http://www.example.com", True),
            ("https://example.com", True),
            ("ftp://ftp.example.com", True),
            ("mailto://[email protected]", True),
            ##("*****@*****.**", True),
        ):
            assert ((token in Config.audit_scope) == flag), repr(token)

        assert gethostbyname("www.example.com") in Config.audit_scope
        for address in gethostbyname_ex("www.example.com")[2]:
            assert address in Config.audit_scope
        for register in DNS.get_a("www.example.com"):
            assert register.address in Config.audit_scope
        for register in DNS.get_aaaa("www.example.com"):
            assert register.address in Config.audit_scope
            assert "[%s]" % register.address in Config.audit_scope
        for register in DNS.get_a("www.google.com"):
            assert register.address not in Config.audit_scope
        for register in DNS.get_aaaa("www.google.com"):
            assert register.address not in Config.audit_scope
            assert "[%s]" % register.address not in Config.audit_scope

示例#4

0

显示文件

文件： test_nikto.py 项目： elcodigok/golismero

def test_nikto():
    DEBUG = False
    ##DEBUG = True

    plugin_id = "testing/scan/nikto"
    csv_file = "test_nikto.csv"
    print "Testing plugin: %s" % plugin_id
    orchestrator_config = OrchestratorConfig()
    orchestrator_config.ui_mode = "console"
    audit_config = AuditConfig()
    audit_config.targets = ["http://www.example.com", "http://localhost"]
    audit_config.include_subdomains = False
    audit_config.enable_plugins = ["nikto"]
    audit_config.disable_plugins = ["all"]
    with PluginTester(orchestrator_config = orchestrator_config,
                      audit_config = audit_config) as t:

        print "Testing Nikto plugin parser..."
        plugin, plugin_info = t.get_plugin(plugin_id)
        Config._context._PluginContext__plugin_info = plugin_info
        try:
            r, c = plugin.parse_nikto_results(
                BaseUrl("http://www.example.com/"), path.join(here, csv_file))
            if DEBUG:
                for d in r:
                    print "-" * 10
                    print repr(d)
            assert c == 6, c
            assert len(r) == 10, len(r)
            c = defaultdict(int)
            for d in r:
                c[d.__class__.__name__] += 1
            #print c
            assert c.pop("IP") == 1
            assert c.pop("Url") == 3
            assert c.pop("UncategorizedVulnerability") == 6
            assert len(c) == 0
        finally:
            Config._context._PluginContext__plugin_info = None

        print "Testing Nikto plugin against localhost..."
        r = t.run_plugin(plugin_id, BaseUrl("http://localhost/"))
        for d in r:
            print "\t%r" % d

示例#5

0

显示文件

文件： test_nikto.py 项目： repodiscover/golismero

def test_nikto():
    DEBUG = False
    ##DEBUG = True

    plugin_id = "testing/scan/nikto"
    csv_file = "test_nikto.csv"
    print "Testing plugin: %s" % plugin_id
    orchestrator_config = OrchestratorConfig()
    orchestrator_config.ui_mode = "console"
    audit_config = AuditConfig()
    audit_config.targets = ["http://www.example.com", "http://localhost"]
    audit_config.include_subdomains = False
    audit_config.enable_plugins = ["nikto"]
    audit_config.disable_plugins = ["all"]
    with PluginTester(orchestrator_config = orchestrator_config,
                      audit_config = audit_config) as t:

        print "Testing Nikto plugin parser..."
        plugin, plugin_info = t.get_plugin(plugin_id)
        Config._context._PluginContext__plugin_info = plugin_info
        try:
            r, c = plugin.parse_nikto_results(
                BaseURL("http://www.example.com/"), path.join(here, csv_file))
            if DEBUG:
                for d in r:
                    print "-" * 10
                    print repr(d)
            assert c == 6, c
            assert len(r) == 10, len(r)
            c = defaultdict(int)
            for d in r:
                c[d.__class__.__name__] += 1
            #print c
            assert c.pop("IP") == 1
            assert c.pop("URL") == 3
            assert c.pop("UncategorizedVulnerability") == 6
            assert len(c) == 0
        finally:
            Config._context._PluginContext__plugin_info = None

        print "Testing Nikto plugin against localhost..."
        r = t.run_plugin(plugin_id, BaseURL("http://localhost/"))
        for d in r:
            print "\t%r" % d

示例#6

0

显示文件

def test_scope_example():
    print "Testing scope with: www.example.com"
    main_config = OrchestratorConfig()
    main_config.ui_mode = "disabled"
    main_config.use_colors = False
    audit_config = AuditConfig()
    audit_config.targets = ["www.example.com"]
    audit_config.include_subdomains = True
    with PluginTester(main_config, audit_config) as t:

        assert None not in Config.audit_scope
        assert "" not in Config.audit_scope
        assert "www.example.com" in Config.audit_scope
        assert "example.com" in Config.audit_scope
        assert "com" not in Config.audit_scope
        assert "subdomain.example.com" in Config.audit_scope
        assert "subdomain.www.example.com" in Config.audit_scope
        assert "www.example.org" not in Config.audit_scope
        assert "wwwexample.com" not in Config.audit_scope
        assert "www.wrong.com" not in Config.audit_scope
        assert "127.0.0.1" not in Config.audit_scope
        assert "::1" not in Config.audit_scope
        assert "[::1]" not in Config.audit_scope
        assert "http://www.example.com" in Config.audit_scope
        assert "https://example.com" in Config.audit_scope
        assert "ftp://ftp.example.com" in Config.audit_scope
        assert "mailto://[email protected]" in Config.audit_scope
    ##    assert "*****@*****.**" in Config.audit_scope
        assert gethostbyname("www.example.com") in Config.audit_scope
        for address in gethostbyname_ex("www.example.com")[2]:
            assert address in Config.audit_scope
        for register in DNS.get_a("www.example.com"):
            assert register.address in Config.audit_scope
        for register in DNS.get_aaaa("www.example.com"):
            assert register.address in Config.audit_scope
            assert "[%s]" % register.address in Config.audit_scope
        for register in DNS.get_a("www.google.com"):
            assert register.address not in Config.audit_scope
        for register in DNS.get_aaaa("www.google.com"):
            assert register.address not in Config.audit_scope
            assert "[%s]" % register.address not in Config.audit_scope

示例#7

0

显示文件

文件： golismero.py 项目： damarsan/golismero

def main():

    # Show the program banner.
    show_banner()

    # Get the command line parser.
    parser = cmdline_parser()

    # Parse the command line options.
    try:
        args = sys.argv[1:]
        envcfg = getenv("GOLISMERO_SETTINGS")
        if envcfg:
            args = parser.convert_arg_line_to_args(envcfg) + args
        P = parser.parse_args(args)

        # Load the Orchestrator options.
        cmdParams = OrchestratorConfig()
        if P.config:
            cmdParams.config_file = path.abspath(P.config)
            if not path.isfile(cmdParams.config_file):
                raise ValueError("File not found: %r" % cmdParams.config_file)
        if cmdParams.config_file:
            cmdParams.from_config_file(cmdParams.config_file, allow_profile = True)
        if P.profile:
            cmdParams.profile = P.profile
            cmdParams.profile_file = get_profile(cmdParams.profile)
        if cmdParams.profile_file:
            cmdParams.from_config_file(cmdParams.profile_file)
        cmdParams.from_object(P)
        cmdParams.plugin_load_overrides = P.plugin_load_overrides

        # Load the target audit options.
        auditParams = AuditConfig()
        auditParams.profile = cmdParams.profile
        auditParams.profile_file = cmdParams.profile_file
        auditParams.config_file = cmdParams.config_file
        if auditParams.config_file:
            auditParams.from_config_file(auditParams.config_file)
        if auditParams.profile_file:
            auditParams.from_config_file(auditParams.profile_file)
        auditParams.from_object(P)
        auditParams.plugin_load_overrides = P.plugin_load_overrides

        # If importing is turned off, remove the list of imports.
        if P.disable_importing:
            auditParams.imports = []

        # If reports are turned off, remove the list of reports.
        # Otherwise, if no reports are specified, default to screen report.
        if P.disable_reporting:
            auditParams.reports = []
        elif not auditParams.reports:
            auditParams.reports = ["-"]

        # If there are no targets but there's a database,
        # get the targets (scope) from the database.
        if not auditParams.targets and auditParams.audit_db:
            try:
                cfg = AuditDB.get_config_from_closed_database(
                    auditParams.audit_db, auditParams.audit_name)
                if cfg:
                    auditParams.targets = cfg.targets
                    auditParams.include_subdomains = cfg.include_subdomains
                    if cmdParams.verbose > 1:
                        if auditParams.targets:
                            print "Found the following targets in the database:"
                            for t in auditParams.targets:
                                print "--> " + t
                            print
            except Exception:
                pass
                ##raise    # XXX DEBUG

    # Show exceptions as command line parsing errors.
    except Exception, e:
        ##raise    # XXX DEBUG
        parser.error(str(e))