def test_auditdb_dump(): main_config = OrchestratorConfig() main_config.ui_mode = "disabled" audit_config = AuditConfig() audit_config.targets = ["www.example.com"] audit_config.audit_db = "sqlite://test_auditdb.db" with PluginTester(main_config, audit_config) as t: disk = t.audit.database assert t.audit.name == "test_auditdb" assert type(disk) is AuditSQLiteDB assert disk.filename == "test_auditdb.db" assert disk.connection_url == "sqlite://test_auditdb.db" print "Testing the audit database dump..." print " -> Writing..." for x in xrange(30): d1 = Url("http://www.example.com/" + generate_random_string()) d2 = Text(generate_random_string()) d3 = UrlDisclosure(d1) d1.add_information(d2) disk.add_data(d1) disk.add_data(d2) disk.add_data(d3) disk.mark_plugin_finished(d1.identity, "some_plugin") disk.mark_plugin_finished(d2.identity, "some_plugin") disk.mark_plugin_finished(d3.identity, "some_plugin") disk.mark_stage_finished(d1.identity, 1) disk.mark_stage_finished(d2.identity, 2) disk.mark_stage_finished(d3.identity, 3) disk.add_shared_values("fake_set_id", ( "string", u"unicode", 100, 200L, 5.0, True, False, complex(1, 1), None, frozenset({"string", 100, 1.0}), (None, True, False), )) disk.put_mapped_values("fake_map_id", ( ("a_string", "string"), ("a_unicode_string", u"unicode"), ("an_integer", 100), ("a_long", 200L), ("a_float", 5.0), ("a_bool", True), ("another_bool", False), ("a_complex", complex(1, 1)), ("none", None), ("a_frozenset", frozenset({"string", 100, 1.0})), ("a_tuple", (None, True, False)), )) print " -> Dumping..." disk.dump("test_auditdb.sql")
def daemon_main(listen_address, listen_port, server_push): # Get the config file name. config_file = get_default_config_file() if not config_file: raise RuntimeError("Could not find config file, aborting!") # Load the Orchestrator options. orchestrator_config = OrchestratorConfig() orchestrator_config.config_file = config_file orchestrator_config.from_config_file(orchestrator_config.config_file, allow_profile = True) if orchestrator_config.profile: orchestrator_config.profile_file = get_profile( orchestrator_config.profile) if orchestrator_config.profile_file: orchestrator_config.from_config_file( orchestrator_config.profile_file) else: raise RuntimeError("Could not find profile, aborting!") # Get the plugins folder from the parameters. # If no plugins folder is given, use the default. plugins_folder = orchestrator_config.plugins_folder if not plugins_folder: plugins_folder = path.abspath(__file__) plugins_folder = path.dirname(plugins_folder) plugins_folder = path.join(plugins_folder, "plugins") if not path.isdir(plugins_folder): from golismero import common plugins_folder = path.abspath(common.__file__) plugins_folder = path.dirname(plugins_folder) plugins_folder = path.join(plugins_folder, "plugins") if not path.isdir(plugins_folder): raise RuntimeError( "Default plugins folder not found, aborting!") orchestrator_config.plugins_folder = plugins_folder # Load the daemon configuration from command line. if listen_address: orchestrator_config.listen_address = listen_address if listen_port: orchestrator_config.listen_port = listen_port if server_push: orchestrator_config.server_push = server_push # Force the daemon UI plugin. orchestrator_config.ui_mode = "daemon" # Force disable colored output. orchestrator_config.color = False # Force maximum verbosity level. orchestrator_config.verbose = Logger.MORE_VERBOSE # Launch GoLismero. launcher.run(orchestrator_config)
def helper_test_auditdb_consistency_setup(audit_name, audit_db): main_config = OrchestratorConfig() main_config.ui_mode = "disabled" audit_config = AuditConfig() audit_config.targets = ["www.example.com"] audit_config.audit_name = audit_name audit_config.audit_db = audit_db with PluginTester(main_config, audit_config) as t: print "--> Testing general consistency..." helper_test_auditdb_general_consistency(t.audit.database) print "--> Testing data consistency..." for x in xrange(100): key = generate_random_string(10) data = generate_random_string(100) helper_test_auditdb_data_consistency(t.audit.database, key, data)
def test_import(): print "Testing OpenVAS importer..." orchestrator_config = OrchestratorConfig() orchestrator_config.ui_mode = "disabled" audit_config = AuditConfig() audit_config.targets = ["192.168.56.101"] audit_config.audit_db = ":memory:" with PluginTester(orchestrator_config, audit_config) as t: t.run_plugin("import/xml_openvas", path.join(here, "test_openvas.xml")) results = Database.get_many( Database.keys(Data.TYPE_VULNERABILITY) ) assert len(results) == 1, len(results) v = results[0] assert v.level == "informational", v.level assert v.plugin_id == "import/xml_openvas", v.plugin_id assert "Remote web server does not reply with 404 error code." in v.description, v.description
def test_scope_example(): print "Testing scope with: www.example.com" main_config = OrchestratorConfig() main_config.ui_mode = "disabled" main_config.use_colors = False audit_config = AuditConfig() audit_config.targets = ["http://www.example.com"] audit_config.include_subdomains = True with PluginTester(main_config, audit_config) as t: print Config.audit_scope for token, flag in ( (None, False), ("", False), ("www.example.com", True), ("example.com", True), ("com", False), ("subdomain.example.com", True), ("subdomain.www.example.com", True), ("www.example.org", False), ("wwwexample.com", False), ("www.wrong.com", False), ("127.0.0.1", False), ("::1", False), ("[::1]", False), ("http://www.example.com", True), ("https://example.com", True), ("ftp://ftp.example.com", True), ("mailto://[email protected]", True), ##("*****@*****.**", True), ): assert ((token in Config.audit_scope) == flag), repr(token) assert gethostbyname("www.example.com") in Config.audit_scope for address in gethostbyname_ex("www.example.com")[2]: assert address in Config.audit_scope for register in DNS.get_a("www.example.com"): assert register.address in Config.audit_scope for register in DNS.get_aaaa("www.example.com"): assert register.address in Config.audit_scope assert "[%s]" % register.address in Config.audit_scope for register in DNS.get_a("www.google.com"): assert register.address not in Config.audit_scope for register in DNS.get_aaaa("www.google.com"): assert register.address not in Config.audit_scope assert "[%s]" % register.address not in Config.audit_scope
def main(): # Get the config file name. config_file = get_default_config_file() if not config_file: raise RuntimeError("Could not find config file, aborting!") # Load the Orchestrator options. orchestrator_config = OrchestratorConfig() orchestrator_config.ui_mode = "web" orchestrator_config.color = False orchestrator_config.config_file = config_file orchestrator_config.from_config_file(orchestrator_config.config_file, allow_profile=True) if orchestrator_config.profile: orchestrator_config.profile_file = get_profile( orchestrator_config.profile) if orchestrator_config.profile_file: orchestrator_config.from_config_file( orchestrator_config.profile_file) else: raise RuntimeError("Could not find profile, aborting!") # Get the plugins folder from the parameters. # If no plugins folder is given, use the default. plugins_folder = orchestrator_config.plugins_folder if not plugins_folder: plugins_folder = path.abspath(__file__) plugins_folder = path.dirname(plugins_folder) plugins_folder = path.join(plugins_folder, "plugins") if not path.isdir(plugins_folder): from golismero import common plugins_folder = path.abspath(common.__file__) plugins_folder = path.dirname(plugins_folder) plugins_folder = path.join(plugins_folder, "plugins") if not path.isdir(plugins_folder): raise RuntimeError( "Default plugins folder not found, aborting!") orchestrator_config.plugins_folder = plugins_folder # Check if all options are correct. orchestrator_config.check_params() # Launch GoLismero. launcher.run(orchestrator_config)
def test_nikto(): DEBUG = False ##DEBUG = True plugin_id = "testing/scan/nikto" csv_file = "test_nikto.csv" print "Testing plugin: %s" % plugin_id orchestrator_config = OrchestratorConfig() orchestrator_config.ui_mode = "console" audit_config = AuditConfig() audit_config.targets = ["http://www.example.com", "http://localhost"] audit_config.include_subdomains = False audit_config.enable_plugins = ["nikto"] audit_config.disable_plugins = ["all"] with PluginTester(orchestrator_config = orchestrator_config, audit_config = audit_config) as t: print "Testing Nikto plugin parser..." plugin, plugin_info = t.get_plugin(plugin_id) Config._context._PluginContext__plugin_info = plugin_info try: r, c = plugin.parse_nikto_results( BaseUrl("http://www.example.com/"), path.join(here, csv_file)) if DEBUG: for d in r: print "-" * 10 print repr(d) assert c == 6, c assert len(r) == 10, len(r) c = defaultdict(int) for d in r: c[d.__class__.__name__] += 1 #print c assert c.pop("IP") == 1 assert c.pop("Url") == 3 assert c.pop("UncategorizedVulnerability") == 6 assert len(c) == 0 finally: Config._context._PluginContext__plugin_info = None print "Testing Nikto plugin against localhost..." r = t.run_plugin(plugin_id, BaseUrl("http://localhost/")) for d in r: print "\t%r" % d
def test_nikto(): DEBUG = False ##DEBUG = True plugin_id = "testing/scan/nikto" csv_file = "test_nikto.csv" print "Testing plugin: %s" % plugin_id orchestrator_config = OrchestratorConfig() orchestrator_config.ui_mode = "console" audit_config = AuditConfig() audit_config.targets = ["http://www.example.com", "http://localhost"] audit_config.include_subdomains = False audit_config.enable_plugins = ["nikto"] audit_config.disable_plugins = ["all"] with PluginTester(orchestrator_config = orchestrator_config, audit_config = audit_config) as t: print "Testing Nikto plugin parser..." plugin, plugin_info = t.get_plugin(plugin_id) Config._context._PluginContext__plugin_info = plugin_info try: r, c = plugin.parse_nikto_results( BaseURL("http://www.example.com/"), path.join(here, csv_file)) if DEBUG: for d in r: print "-" * 10 print repr(d) assert c == 6, c assert len(r) == 10, len(r) c = defaultdict(int) for d in r: c[d.__class__.__name__] += 1 #print c assert c.pop("IP") == 1 assert c.pop("URL") == 3 assert c.pop("UncategorizedVulnerability") == 6 assert len(c) == 0 finally: Config._context._PluginContext__plugin_info = None print "Testing Nikto plugin against localhost..." r = t.run_plugin(plugin_id, BaseURL("http://localhost/")) for d in r: print "\t%r" % d
def main(): # Get the config file name. config_file = get_default_config_file() if not config_file: raise RuntimeError("Could not find config file, aborting!") # Load the Orchestrator options. orchestrator_config = OrchestratorConfig() orchestrator_config.ui_mode = "web" orchestrator_config.colorize = False orchestrator_config.config_file = config_file orchestrator_config.from_config_file(orchestrator_config.config_file, allow_profile = True) if orchestrator_config.profile: orchestrator_config.profile_file = get_profile(orchestrator_config.profile) if orchestrator_config.profile_file: orchestrator_config.from_config_file(orchestrator_config.profile_file) else: raise RuntimeError("Could not find profile, aborting!") # Get the plugins folder from the parameters. # If no plugins folder is given, use the default. plugins_folder = orchestrator_config.plugins_folder if not plugins_folder: plugins_folder = path.abspath(__file__) plugins_folder = path.dirname(plugins_folder) plugins_folder = path.join(plugins_folder, "plugins") if not path.isdir(plugins_folder): from golismero import common plugins_folder = path.abspath(common.__file__) plugins_folder = path.dirname(plugins_folder) plugins_folder = path.join(plugins_folder, "plugins") if not path.isdir(plugins_folder): raise RuntimeError("Default plugins folder not found, aborting!") orchestrator_config.plugins_folder = plugins_folder # Check if all options are correct. orchestrator_config.check_params() # Launch GoLismero. launcher.run(orchestrator_config)
def test_scope_example(): print "Testing scope with: www.example.com" main_config = OrchestratorConfig() main_config.ui_mode = "disabled" main_config.use_colors = False audit_config = AuditConfig() audit_config.targets = ["www.example.com"] audit_config.include_subdomains = True with PluginTester(main_config, audit_config) as t: assert None not in Config.audit_scope assert "" not in Config.audit_scope assert "www.example.com" in Config.audit_scope assert "example.com" in Config.audit_scope assert "com" not in Config.audit_scope assert "subdomain.example.com" in Config.audit_scope assert "subdomain.www.example.com" in Config.audit_scope assert "www.example.org" not in Config.audit_scope assert "wwwexample.com" not in Config.audit_scope assert "www.wrong.com" not in Config.audit_scope assert "127.0.0.1" not in Config.audit_scope assert "::1" not in Config.audit_scope assert "[::1]" not in Config.audit_scope assert "http://www.example.com" in Config.audit_scope assert "https://example.com" in Config.audit_scope assert "ftp://ftp.example.com" in Config.audit_scope assert "mailto://[email protected]" in Config.audit_scope ## assert "*****@*****.**" in Config.audit_scope assert gethostbyname("www.example.com") in Config.audit_scope for address in gethostbyname_ex("www.example.com")[2]: assert address in Config.audit_scope for register in DNS.get_a("www.example.com"): assert register.address in Config.audit_scope for register in DNS.get_aaaa("www.example.com"): assert register.address in Config.audit_scope assert "[%s]" % register.address in Config.audit_scope for register in DNS.get_a("www.google.com"): assert register.address not in Config.audit_scope for register in DNS.get_aaaa("www.google.com"): assert register.address not in Config.audit_scope assert "[%s]" % register.address not in Config.audit_scope
def helper_auditdb_stress(n, dbname = ":auto:"): main_config = OrchestratorConfig() main_config.ui_mode = "disabled" audit_config = AuditConfig() audit_config.targets = ["www.example.com"] audit_config.audit_db = dbname with PluginTester(main_config, audit_config) as t: disk = t.audit.database assert type(disk) is AuditSQLiteDB print " Testing %d elements..." % (n * 3) t1 = time.time() print " -> Writing..." for x in xrange(n): d1 = Url("http://www.example.com/" + generate_random_string()) d2 = Text(generate_random_string()) d3 = UrlDisclosure(d1) d1.add_information(d2) disk.add_data(d1) disk.add_data(d2) disk.add_data(d3) t2 = time.time() print " -- Reading..." keys = disk.get_data_keys() assert len(keys) == (n * 3) for key in keys: assert disk.has_data_key(key) data = disk.get_data(key) assert data is not None keys = disk.get_data_keys(Data.TYPE_INFORMATION) assert len(keys) == n for key in keys: assert disk.has_data_key(key, Data.TYPE_INFORMATION) data = disk.get_data(key, Data.TYPE_INFORMATION) assert data is not None assert data.data_type == Data.TYPE_INFORMATION assert isinstance(data, Text) keys = disk.get_data_keys(Data.TYPE_RESOURCE) assert len(keys) == n for key in keys: assert disk.has_data_key(key, Data.TYPE_RESOURCE) data = disk.get_data(key, Data.TYPE_RESOURCE) assert data is not None assert data.data_type == Data.TYPE_RESOURCE assert isinstance(data, Url) keys = disk.get_data_keys(Data.TYPE_VULNERABILITY) assert len(keys) == n for key in keys: assert disk.has_data_key(key, Data.TYPE_VULNERABILITY) data = disk.get_data(key, Data.TYPE_VULNERABILITY) assert data is not None assert data.data_type == Data.TYPE_VULNERABILITY assert isinstance(data, UrlDisclosure) t3 = time.time() print " <- Deleting..." for key in keys: disk.remove_data(key) t4 = time.time() print " Write time: %d seconds (%f seconds per element)" % (t2 - t1, (t2 - t1) / (n * 3.0)) print " Read time: %d seconds (%f seconds per element)" % (t3 - t2, (t3 - t2) / (n * 3.0)) print " Delete time: %d seconds (%f seconds per element)" % (t4 - t3, (t4 - t3) / (n * 3.0)) print " Total time: %d seconds (%f seconds per element)" % (t4 - t1, (t4 - t1) / (n * 3.0))
def helper_auditdb_stress(n): main_config = OrchestratorConfig() main_config.ui_mode = "disabled" audit_config = AuditConfig() audit_config.targets = ["www.example.com"] audit_config.audit_db = "sqlite://" with PluginTester(main_config, audit_config) as t: disk = t.audit.database assert type(disk) is AuditSQLiteDB print " Testing %d elements..." % (n * 3) t1 = time.time() print " -> Writing..." for x in xrange(n): d1 = Url("http://www.example.com/" + generate_random_string()) d2 = Text(generate_random_string()) d3 = UrlDisclosure(d1) d1.add_information(d2) disk.add_data(d1) disk.add_data(d2) disk.add_data(d3) t2 = time.time() print " -- Reading..." keys = disk.get_data_keys() assert len(keys) == (n * 3) for key in keys: assert disk.has_data_key(key) data = disk.get_data(key) assert data is not None keys = disk.get_data_keys(Data.TYPE_INFORMATION) assert len(keys) == n for key in keys: assert disk.has_data_key(key, Data.TYPE_INFORMATION) data = disk.get_data(key, Data.TYPE_INFORMATION) assert data is not None assert data.data_type == Data.TYPE_INFORMATION assert isinstance(data, Text) keys = disk.get_data_keys(Data.TYPE_RESOURCE) assert len(keys) == n for key in keys: assert disk.has_data_key(key, Data.TYPE_RESOURCE) data = disk.get_data(key, Data.TYPE_RESOURCE) assert data is not None assert data.data_type == Data.TYPE_RESOURCE assert isinstance(data, Url) keys = disk.get_data_keys(Data.TYPE_VULNERABILITY) assert len(keys) == n for key in keys: assert disk.has_data_key(key, Data.TYPE_VULNERABILITY) data = disk.get_data(key, Data.TYPE_VULNERABILITY) assert data is not None assert data.data_type == Data.TYPE_VULNERABILITY assert isinstance(data, UrlDisclosure) t3 = time.time() print " <- Deleting..." for key in keys: disk.remove_data(key) t4 = time.time() print " Write time: %d seconds (%f seconds per element)" % ( t2 - t1, (t2 - t1) / (n * 3.0)) print " Read time: %d seconds (%f seconds per element)" % ( t3 - t2, (t3 - t2) / (n * 3.0)) print " Delete time: %d seconds (%f seconds per element)" % ( t4 - t3, (t4 - t3) / (n * 3.0)) print " Total time: %d seconds (%f seconds per element)" % ( t4 - t1, (t4 - t1) / (n * 3.0))