def test_auditdb_dump():
main_config = OrchestratorConfig()
main_config.ui_mode = "disabled"
audit_config = AuditConfig()
audit_config.targets = ["www.example.com"]
audit_config.audit_db = "sqlite://test_auditdb.db"
with PluginTester(main_config, audit_config) as t:
disk = t.audit.database
assert t.audit.name == "test_auditdb"
assert type(disk) is AuditSQLiteDB
assert disk.filename == "test_auditdb.db"
assert disk.connection_url == "sqlite://test_auditdb.db"
print "Testing the audit database dump..."
print " -> Writing..."
for x in xrange(30):
d1 = Url("http://www.example.com/" + generate_random_string())
d2 = Text(generate_random_string())
d3 = UrlDisclosure(d1)
d1.add_information(d2)
disk.add_data(d1)
disk.add_data(d2)
disk.add_data(d3)
disk.mark_plugin_finished(d1.identity, "some_plugin")
disk.mark_plugin_finished(d2.identity, "some_plugin")
disk.mark_plugin_finished(d3.identity, "some_plugin")
disk.mark_stage_finished(d1.identity, 1)
disk.mark_stage_finished(d2.identity, 2)
disk.mark_stage_finished(d3.identity, 3)
disk.add_shared_values("fake_set_id", (
"string",
u"unicode",
100,
200L,
5.0,
True,
False,
complex(1, 1),
None,
frozenset({"string", 100, 1.0}),
(None, True, False),
))
disk.put_mapped_values("fake_map_id", (
("a_string", "string"),
("a_unicode_string", u"unicode"),
("an_integer", 100),
("a_long", 200L),
("a_float", 5.0),
("a_bool", True),
("another_bool", False),
("a_complex", complex(1, 1)),
("none", None),
("a_frozenset", frozenset({"string", 100, 1.0})),
("a_tuple", (None, True, False)),
))
print " -> Dumping..."
disk.dump("test_auditdb.sql")
def test_auditdb_dump():
main_config = OrchestratorConfig()
main_config.ui_mode = "disabled"
audit_config = AuditConfig()
audit_config.targets = ["www.example.com"]
audit_config.audit_db = "sqlite://test_auditdb.db"
with PluginTester(main_config, audit_config) as t:
disk = t.audit.database
assert t.audit.name == "test_auditdb"
assert type(disk) is AuditSQLiteDB
assert disk.filename == "test_auditdb.db"
assert disk.connection_url == "sqlite://test_auditdb.db"
print "Testing the audit database dump..."
print " -> Writing..."
for x in xrange(30):
d1 = Url("http://www.example.com/" + generate_random_string())
d2 = Text(generate_random_string())
d3 = UrlDisclosure(d1)
d1.add_information(d2)
disk.add_data(d1)
disk.add_data(d2)
disk.add_data(d3)
disk.mark_plugin_finished(d1.identity, "some_plugin")
disk.mark_plugin_finished(d2.identity, "some_plugin")
disk.mark_plugin_finished(d3.identity, "some_plugin")
disk.mark_stage_finished(d1.identity, 1)
disk.mark_stage_finished(d2.identity, 2)
disk.mark_stage_finished(d3.identity, 3)
disk.add_shared_values("fake_set_id", (
"string",
u"unicode",
100,
200L,
5.0,
True,
False,
complex(1, 1),
None,
frozenset({"string", 100, 1.0}),
(None, True, False),
))
disk.put_mapped_values("fake_map_id", (
("a_string", "string"),
("a_unicode_string", u"unicode"),
("an_integer", 100),
("a_long", 200L),
("a_float", 5.0),
("a_bool", True),
("another_bool", False),
("a_complex", complex(1, 1)),
("none", None),
("a_frozenset", frozenset({"string", 100, 1.0})),
("a_tuple", (None, True, False)),
))
print " -> Dumping..."
disk.dump("test_auditdb.sql")
def daemon_main(listen_address, listen_port, server_push):
# Get the config file name.
config_file = get_default_config_file()
if not config_file:
raise RuntimeError("Could not find config file, aborting!")
# Load the Orchestrator options.
orchestrator_config = OrchestratorConfig()
orchestrator_config.config_file = config_file
orchestrator_config.from_config_file(orchestrator_config.config_file,
allow_profile = True)
if orchestrator_config.profile:
orchestrator_config.profile_file = get_profile(
orchestrator_config.profile)
if orchestrator_config.profile_file:
orchestrator_config.from_config_file(
orchestrator_config.profile_file)
else:
raise RuntimeError("Could not find profile, aborting!")
# Get the plugins folder from the parameters.
# If no plugins folder is given, use the default.
plugins_folder = orchestrator_config.plugins_folder
if not plugins_folder:
plugins_folder = path.abspath(__file__)
plugins_folder = path.dirname(plugins_folder)
plugins_folder = path.join(plugins_folder, "plugins")
if not path.isdir(plugins_folder):
from golismero import common
plugins_folder = path.abspath(common.__file__)
plugins_folder = path.dirname(plugins_folder)
plugins_folder = path.join(plugins_folder, "plugins")
if not path.isdir(plugins_folder):
raise RuntimeError(
"Default plugins folder not found, aborting!")
orchestrator_config.plugins_folder = plugins_folder
# Load the daemon configuration from command line.
if listen_address:
orchestrator_config.listen_address = listen_address
if listen_port:
orchestrator_config.listen_port = listen_port
if server_push:
orchestrator_config.server_push = server_push
# Force the daemon UI plugin.
orchestrator_config.ui_mode = "daemon"
# Force disable colored output.
orchestrator_config.color = False
# Force maximum verbosity level.
orchestrator_config.verbose = Logger.MORE_VERBOSE
# Launch GoLismero.
launcher.run(orchestrator_config)
def helper_test_auditdb_consistency_setup(audit_name, audit_db):
main_config = OrchestratorConfig()
main_config.ui_mode = "disabled"
audit_config = AuditConfig()
audit_config.targets = ["www.example.com"]
audit_config.audit_name = audit_name
audit_config.audit_db = audit_db
with PluginTester(main_config, audit_config) as t:
print "--> Testing general consistency..."
helper_test_auditdb_general_consistency(t.audit.database)
print "--> Testing data consistency..."
for x in xrange(100):
key = generate_random_string(10)
data = generate_random_string(100)
helper_test_auditdb_data_consistency(t.audit.database, key, data)
def helper_test_auditdb_consistency_setup(audit_name, audit_db):
main_config = OrchestratorConfig()
main_config.ui_mode = "disabled"
audit_config = AuditConfig()
audit_config.targets = ["www.example.com"]
audit_config.audit_name = audit_name
audit_config.audit_db = audit_db
with PluginTester(main_config, audit_config) as t:
print "--> Testing general consistency..."
helper_test_auditdb_general_consistency(t.audit.database)
print "--> Testing data consistency..."
for x in xrange(100):
key = generate_random_string(10)
data = generate_random_string(100)
helper_test_auditdb_data_consistency(t.audit.database, key, data)
def test_import():
print "Testing OpenVAS importer..."
orchestrator_config = OrchestratorConfig()
orchestrator_config.ui_mode = "disabled"
audit_config = AuditConfig()
audit_config.targets = ["192.168.56.101"]
audit_config.audit_db = ":memory:"
with PluginTester(orchestrator_config, audit_config) as t:
t.run_plugin("import/xml_openvas", path.join(here, "test_openvas.xml"))
results = Database.get_many( Database.keys(Data.TYPE_VULNERABILITY) )
assert len(results) == 1, len(results)
v = results[0]
assert v.level == "informational", v.level
assert v.plugin_id == "import/xml_openvas", v.plugin_id
assert "Remote web server does not reply with 404 error code." in v.description, v.description
def test_scope_example():
print "Testing scope with: www.example.com"
main_config = OrchestratorConfig()
main_config.ui_mode = "disabled"
main_config.use_colors = False
audit_config = AuditConfig()
audit_config.targets = ["http://www.example.com"]
audit_config.include_subdomains = True
with PluginTester(main_config, audit_config) as t:
print Config.audit_scope
for token, flag in (
(None, False),
("", False),
("www.example.com", True),
("example.com", True),
("com", False),
("subdomain.example.com", True),
("subdomain.www.example.com", True),
("www.example.org", False),
("wwwexample.com", False),
("www.wrong.com", False),
("127.0.0.1", False),
("::1", False),
("[::1]", False),
("http://www.example.com", True),
("https://example.com", True),
("ftp://ftp.example.com", True),
("mailto://[email protected]", True),
##("*****@*****.**", True),
):
assert ((token in Config.audit_scope) == flag), repr(token)
assert gethostbyname("www.example.com") in Config.audit_scope
for address in gethostbyname_ex("www.example.com")[2]:
assert address in Config.audit_scope
for register in DNS.get_a("www.example.com"):
assert register.address in Config.audit_scope
for register in DNS.get_aaaa("www.example.com"):
assert register.address in Config.audit_scope
assert "[%s]" % register.address in Config.audit_scope
for register in DNS.get_a("www.google.com"):
assert register.address not in Config.audit_scope
for register in DNS.get_aaaa("www.google.com"):
assert register.address not in Config.audit_scope
assert "[%s]" % register.address not in Config.audit_scope
def main():
# Get the config file name.
config_file = get_default_config_file()
if not config_file:
raise RuntimeError("Could not find config file, aborting!")
# Load the Orchestrator options.
orchestrator_config = OrchestratorConfig()
orchestrator_config.ui_mode = "web"
orchestrator_config.color = False
orchestrator_config.config_file = config_file
orchestrator_config.from_config_file(orchestrator_config.config_file,
allow_profile=True)
if orchestrator_config.profile:
orchestrator_config.profile_file = get_profile(
orchestrator_config.profile)
if orchestrator_config.profile_file:
orchestrator_config.from_config_file(
orchestrator_config.profile_file)
else:
raise RuntimeError("Could not find profile, aborting!")
# Get the plugins folder from the parameters.
# If no plugins folder is given, use the default.
plugins_folder = orchestrator_config.plugins_folder
if not plugins_folder:
plugins_folder = path.abspath(__file__)
plugins_folder = path.dirname(plugins_folder)
plugins_folder = path.join(plugins_folder, "plugins")
if not path.isdir(plugins_folder):
from golismero import common
plugins_folder = path.abspath(common.__file__)
plugins_folder = path.dirname(plugins_folder)
plugins_folder = path.join(plugins_folder, "plugins")
if not path.isdir(plugins_folder):
raise RuntimeError(
"Default plugins folder not found, aborting!")
orchestrator_config.plugins_folder = plugins_folder
# Check if all options are correct.
orchestrator_config.check_params()
# Launch GoLismero.
launcher.run(orchestrator_config)
def test_nikto():
DEBUG = False
##DEBUG = True
plugin_id = "testing/scan/nikto"
csv_file = "test_nikto.csv"
print "Testing plugin: %s" % plugin_id
orchestrator_config = OrchestratorConfig()
orchestrator_config.ui_mode = "console"
audit_config = AuditConfig()
audit_config.targets = ["http://www.example.com", "http://localhost"]
audit_config.include_subdomains = False
audit_config.enable_plugins = ["nikto"]
audit_config.disable_plugins = ["all"]
with PluginTester(orchestrator_config = orchestrator_config,
audit_config = audit_config) as t:
print "Testing Nikto plugin parser..."
plugin, plugin_info = t.get_plugin(plugin_id)
Config._context._PluginContext__plugin_info = plugin_info
try:
r, c = plugin.parse_nikto_results(
BaseUrl("http://www.example.com/"), path.join(here, csv_file))
if DEBUG:
for d in r:
print "-" * 10
print repr(d)
assert c == 6, c
assert len(r) == 10, len(r)
c = defaultdict(int)
for d in r:
c[d.__class__.__name__] += 1
#print c
assert c.pop("IP") == 1
assert c.pop("Url") == 3
assert c.pop("UncategorizedVulnerability") == 6
assert len(c) == 0
finally:
Config._context._PluginContext__plugin_info = None
print "Testing Nikto plugin against localhost..."
r = t.run_plugin(plugin_id, BaseUrl("http://localhost/"))
for d in r:
print "\t%r" % d
def test_nikto():
DEBUG = False
##DEBUG = True
plugin_id = "testing/scan/nikto"
csv_file = "test_nikto.csv"
print "Testing plugin: %s" % plugin_id
orchestrator_config = OrchestratorConfig()
orchestrator_config.ui_mode = "console"
audit_config = AuditConfig()
audit_config.targets = ["http://www.example.com", "http://localhost"]
audit_config.include_subdomains = False
audit_config.enable_plugins = ["nikto"]
audit_config.disable_plugins = ["all"]
with PluginTester(orchestrator_config = orchestrator_config,
audit_config = audit_config) as t:
print "Testing Nikto plugin parser..."
plugin, plugin_info = t.get_plugin(plugin_id)
Config._context._PluginContext__plugin_info = plugin_info
try:
r, c = plugin.parse_nikto_results(
BaseURL("http://www.example.com/"), path.join(here, csv_file))
if DEBUG:
for d in r:
print "-" * 10
print repr(d)
assert c == 6, c
assert len(r) == 10, len(r)
c = defaultdict(int)
for d in r:
c[d.__class__.__name__] += 1
#print c
assert c.pop("IP") == 1
assert c.pop("URL") == 3
assert c.pop("UncategorizedVulnerability") == 6
assert len(c) == 0
finally:
Config._context._PluginContext__plugin_info = None
print "Testing Nikto plugin against localhost..."
r = t.run_plugin(plugin_id, BaseURL("http://localhost/"))
for d in r:
print "\t%r" % d
def main():
# Get the config file name.
config_file = get_default_config_file()
if not config_file:
raise RuntimeError("Could not find config file, aborting!")
# Load the Orchestrator options.
orchestrator_config = OrchestratorConfig()
orchestrator_config.ui_mode = "web"
orchestrator_config.colorize = False
orchestrator_config.config_file = config_file
orchestrator_config.from_config_file(orchestrator_config.config_file, allow_profile = True)
if orchestrator_config.profile:
orchestrator_config.profile_file = get_profile(orchestrator_config.profile)
if orchestrator_config.profile_file:
orchestrator_config.from_config_file(orchestrator_config.profile_file)
else:
raise RuntimeError("Could not find profile, aborting!")
# Get the plugins folder from the parameters.
# If no plugins folder is given, use the default.
plugins_folder = orchestrator_config.plugins_folder
if not plugins_folder:
plugins_folder = path.abspath(__file__)
plugins_folder = path.dirname(plugins_folder)
plugins_folder = path.join(plugins_folder, "plugins")
if not path.isdir(plugins_folder):
from golismero import common
plugins_folder = path.abspath(common.__file__)
plugins_folder = path.dirname(plugins_folder)
plugins_folder = path.join(plugins_folder, "plugins")
if not path.isdir(plugins_folder):
raise RuntimeError("Default plugins folder not found, aborting!")
orchestrator_config.plugins_folder = plugins_folder
# Check if all options are correct.
orchestrator_config.check_params()
# Launch GoLismero.
launcher.run(orchestrator_config)
def test_scope_example():
print "Testing scope with: www.example.com"
main_config = OrchestratorConfig()
main_config.ui_mode = "disabled"
main_config.use_colors = False
audit_config = AuditConfig()
audit_config.targets = ["www.example.com"]
audit_config.include_subdomains = True
with PluginTester(main_config, audit_config) as t:
assert None not in Config.audit_scope
assert "" not in Config.audit_scope
assert "www.example.com" in Config.audit_scope
assert "example.com" in Config.audit_scope
assert "com" not in Config.audit_scope
assert "subdomain.example.com" in Config.audit_scope
assert "subdomain.www.example.com" in Config.audit_scope
assert "www.example.org" not in Config.audit_scope
assert "wwwexample.com" not in Config.audit_scope
assert "www.wrong.com" not in Config.audit_scope
assert "127.0.0.1" not in Config.audit_scope
assert "::1" not in Config.audit_scope
assert "[::1]" not in Config.audit_scope
assert "http://www.example.com" in Config.audit_scope
assert "https://example.com" in Config.audit_scope
assert "ftp://ftp.example.com" in Config.audit_scope
assert "mailto://[email protected]" in Config.audit_scope
## assert "*****@*****.**" in Config.audit_scope
assert gethostbyname("www.example.com") in Config.audit_scope
for address in gethostbyname_ex("www.example.com")[2]:
assert address in Config.audit_scope
for register in DNS.get_a("www.example.com"):
assert register.address in Config.audit_scope
for register in DNS.get_aaaa("www.example.com"):
assert register.address in Config.audit_scope
assert "[%s]" % register.address in Config.audit_scope
for register in DNS.get_a("www.google.com"):
assert register.address not in Config.audit_scope
for register in DNS.get_aaaa("www.google.com"):
assert register.address not in Config.audit_scope
assert "[%s]" % register.address not in Config.audit_scope
def helper_auditdb_stress(n, dbname = ":auto:"):
main_config = OrchestratorConfig()
main_config.ui_mode = "disabled"
audit_config = AuditConfig()
audit_config.targets = ["www.example.com"]
audit_config.audit_db = dbname
with PluginTester(main_config, audit_config) as t:
disk = t.audit.database
assert type(disk) is AuditSQLiteDB
print " Testing %d elements..." % (n * 3)
t1 = time.time()
print " -> Writing..."
for x in xrange(n):
d1 = Url("http://www.example.com/" + generate_random_string())
d2 = Text(generate_random_string())
d3 = UrlDisclosure(d1)
d1.add_information(d2)
disk.add_data(d1)
disk.add_data(d2)
disk.add_data(d3)
t2 = time.time()
print " -- Reading..."
keys = disk.get_data_keys()
assert len(keys) == (n * 3)
for key in keys:
assert disk.has_data_key(key)
data = disk.get_data(key)
assert data is not None
keys = disk.get_data_keys(Data.TYPE_INFORMATION)
assert len(keys) == n
for key in keys:
assert disk.has_data_key(key, Data.TYPE_INFORMATION)
data = disk.get_data(key, Data.TYPE_INFORMATION)
assert data is not None
assert data.data_type == Data.TYPE_INFORMATION
assert isinstance(data, Text)
keys = disk.get_data_keys(Data.TYPE_RESOURCE)
assert len(keys) == n
for key in keys:
assert disk.has_data_key(key, Data.TYPE_RESOURCE)
data = disk.get_data(key, Data.TYPE_RESOURCE)
assert data is not None
assert data.data_type == Data.TYPE_RESOURCE
assert isinstance(data, Url)
keys = disk.get_data_keys(Data.TYPE_VULNERABILITY)
assert len(keys) == n
for key in keys:
assert disk.has_data_key(key, Data.TYPE_VULNERABILITY)
data = disk.get_data(key, Data.TYPE_VULNERABILITY)
assert data is not None
assert data.data_type == Data.TYPE_VULNERABILITY
assert isinstance(data, UrlDisclosure)
t3 = time.time()
print " <- Deleting..."
for key in keys:
disk.remove_data(key)
t4 = time.time()
print " Write time: %d seconds (%f seconds per element)" % (t2 - t1, (t2 - t1) / (n * 3.0))
print " Read time: %d seconds (%f seconds per element)" % (t3 - t2, (t3 - t2) / (n * 3.0))
print " Delete time: %d seconds (%f seconds per element)" % (t4 - t3, (t4 - t3) / (n * 3.0))
print " Total time: %d seconds (%f seconds per element)" % (t4 - t1, (t4 - t1) / (n * 3.0))
def helper_auditdb_stress(n):
main_config = OrchestratorConfig()
main_config.ui_mode = "disabled"
audit_config = AuditConfig()
audit_config.targets = ["www.example.com"]
audit_config.audit_db = "sqlite://"
with PluginTester(main_config, audit_config) as t:
disk = t.audit.database
assert type(disk) is AuditSQLiteDB
print " Testing %d elements..." % (n * 3)
t1 = time.time()
print " -> Writing..."
for x in xrange(n):
d1 = Url("http://www.example.com/" + generate_random_string())
d2 = Text(generate_random_string())
d3 = UrlDisclosure(d1)
d1.add_information(d2)
disk.add_data(d1)
disk.add_data(d2)
disk.add_data(d3)
t2 = time.time()
print " -- Reading..."
keys = disk.get_data_keys()
assert len(keys) == (n * 3)
for key in keys:
assert disk.has_data_key(key)
data = disk.get_data(key)
assert data is not None
keys = disk.get_data_keys(Data.TYPE_INFORMATION)
assert len(keys) == n
for key in keys:
assert disk.has_data_key(key, Data.TYPE_INFORMATION)
data = disk.get_data(key, Data.TYPE_INFORMATION)
assert data is not None
assert data.data_type == Data.TYPE_INFORMATION
assert isinstance(data, Text)
keys = disk.get_data_keys(Data.TYPE_RESOURCE)
assert len(keys) == n
for key in keys:
assert disk.has_data_key(key, Data.TYPE_RESOURCE)
data = disk.get_data(key, Data.TYPE_RESOURCE)
assert data is not None
assert data.data_type == Data.TYPE_RESOURCE
assert isinstance(data, Url)
keys = disk.get_data_keys(Data.TYPE_VULNERABILITY)
assert len(keys) == n
for key in keys:
assert disk.has_data_key(key, Data.TYPE_VULNERABILITY)
data = disk.get_data(key, Data.TYPE_VULNERABILITY)
assert data is not None
assert data.data_type == Data.TYPE_VULNERABILITY
assert isinstance(data, UrlDisclosure)
t3 = time.time()
print " <- Deleting..."
for key in keys:
disk.remove_data(key)
t4 = time.time()
print " Write time: %d seconds (%f seconds per element)" % (
t2 - t1, (t2 - t1) / (n * 3.0))
print " Read time: %d seconds (%f seconds per element)" % (
t3 - t2, (t3 - t2) / (n * 3.0))
print " Delete time: %d seconds (%f seconds per element)" % (
t4 - t3, (t4 - t3) / (n * 3.0))
print " Total time: %d seconds (%f seconds per element)" % (
t4 - t1, (t4 - t1) / (n * 3.0))
