async def test_configure_hammertime_add_user_agent_to_request_header(self):
user_agent = "My-user-agent"
with patch("tachyon.config.SetHeader") as set_header:
set_header.return_value = SetHeader("a", "b")
await config.configure_hammertime(user_agent=user_agent)
set_header.assert_any_call("User-Agent", user_agent)
async def test_configure_hammertime_add_host_header_to_request_header(
self):
conf.target_host = "example.com"
with patch("tachyon.config.SetHeader") as set_header:
set_header.return_value = SetHeader("a", "b")
await config.configure_hammertime()
set_header.assert_any_call("Host", conf.target_host)
async def test_configure_hammertime_use_user_supplied_vhost_for_host_header(
self):
conf.target_host = "example.com"
forge_vhost = "vhost.example.com"
with patch("tachyon.config.SetHeader") as set_header:
set_header.return_value = SetHeader("a", "b")
await config.configure_hammertime(vhost=forge_vhost)
set_header.assert_any_call("Host", forge_vhost)
def config_hammertime(self, user_agent):
global_heuristics = [DynamicTimeout(0.05, 2), RetryOnErrors(range(500, 503)), DeadHostDetection(threshold=200),
ContentHashSampling(), ContentSampling(), ContentSimhashSampling()]
soft_404 = DetectSoft404()
follow_redirects = FollowRedirects()
reject_error_code = RejectStatusCode(range(400, 600))
heuristics = [reject_error_code, RejectWebApplicationFirewall(), RejectCatchAllRedirect(),
follow_redirects, soft_404, HashResponse(), SetExpectedMimeType(), RejectUnexpectedResponse()]
self.hammertime.heuristics.add_multiple(global_heuristics)
self.hammertime.heuristics.add_multiple(heuristics)
user_agent = [SetHeader("User-Agent", user_agent)]
self.hammertime.heuristics.add_multiple(user_agent)
soft_404.child_heuristics.add_multiple(global_heuristics)
follow_redirects.child_heuristics.add(reject_error_code)
follow_redirects.child_heuristics.add_multiple(global_heuristics)
def setup_hammertime_heuristics(hammertime,
*,
user_agent=default_user_agent,
vhost=None,
confirmation_factor=1,
har_output_dir=None):
global heuristics_with_child
dead_host_detection = DeadHostDetection(threshold=200)
detect_soft_404 = DetectSoft404(distance_threshold=6,
confirmation_factor=confirmation_factor)
follow_redirects = FollowRedirects()
heuristics_with_child = [
RejectCatchAllRedirect(), follow_redirects,
RejectIgnoredQuery()
]
hosts = (vhost,
conf.target_host) if vhost is not None else conf.target_host
init_heuristics = [
SetHeader("User-Agent", user_agent),
SetHeader("Host", vhost if vhost is not None else conf.target_host),
ContentHashSampling(),
ContentSampling(),
ContentSimhashSampling(), dead_host_detection,
RejectStatusCode({503, 508}, exception_class=StopRequest),
StripTag('input'),
StripTag('script')
]
global_heuristics = [
RejectStatusCode({404, 406, 502}),
RejectWebApplicationFirewall(),
DynamicTimeout(1.0, 5),
RedirectLimiter(),
FilterRequestFromURL(allowed_urls=hosts),
IgnoreLargeBody(initial_limit=initial_limit)
]
# Dead host detection must be first to make sure there is no skipped after_headers
hammertime.heuristics.add_multiple(init_heuristics)
# General
hammertime.heuristics.add_multiple(global_heuristics)
hammertime.heuristics.add_multiple(heuristics_with_child)
hammertime.heuristics.add_multiple([
detect_soft_404,
MatchString(),
ValidateEntry(),
DetectBehaviorChange(buffer_size=100),
LogBehaviorChange(),
ValidateEntry(),
])
detect_soft_404.child_heuristics.add_multiple(init_heuristics)
detect_soft_404.child_heuristics.add_multiple(heuristics_with_child)
for heuristic in heuristics_with_child:
heuristic.child_heuristics.add_multiple(init_heuristics)
heuristic.child_heuristics.add_multiple(global_heuristics)
if har_output_dir is not None:
from tachyon.har import StoreHAR, FileWriter
hammertime.heuristics.add(StoreHAR(writer=FileWriter(har_output_dir)))
def add_http_header(hammertime, header_name, header_value):
set_header = SetHeader(header_name, header_value)
hammertime.heuristics.add(set_header)
for heuristic in heuristics_with_child:
heuristic.child_heuristics.add(set_header)