def test_bad_service():
with pytest.raises(NameError):
Services.get("example")
Services.register("example", "test")
if Services.get("example") is None:
raise AssertionError
def test_attack_launcher():
# Add services container for running
Services.register("output", Output())
Services.register("logger", logging.getLogger("sitadelLog"))
f = Attacks(None, None)
if not hasattr(f, "run"):
raise AssertionError
def test_container():
Services.register("datastore", "hello")
assert Services.get("datastore") == "hello"
a = "singleton"
Services.register("singleton", a)
assert Services.get("singleton") == a
def test_container():
Services.register("datastore", "hello")
if Services.get("datastore") != "hello":
raise AssertionError
a = "singleton"
Services.register("singleton", a)
if Services.get("singleton") != a:
raise AssertionError
def test_current_plugins():
test_url = "http://localhost"
settings.from_yaml("tests/lib/config/test_attack_config.yml")
Services.register("datastore", Datastore(settings.datastore))
Services.register("logger", logging.getLogger("sitadelLog"))
Services.register("output", Output())
Services.register("request_factory", SingleRequest(url=test_url, agent="Sitadel"))
plugins = settings.attack_plugins
Attacks(test_url, [test_url]).run(plugins)
def test_request():
Services.register("output", Output())
r = SingleRequest()
if not hasattr(r, "send"):
raise AssertionError
r1 = SingleRequest(url="test",
agent="agent",
proxy="proxy",
redirect="redirect",
timeout="timeout")
if r1.url != "test":
raise AssertionError
if r1.agent != "agent":
raise AssertionError
if r1.proxy != "proxy":
raise AssertionError
if r1.redirect != "redirect":
raise AssertionError
if r1.timeout != "timeout":
raise AssertionError
if not isinstance(r1.ruagent, str):
raise AssertionError
def test_current_plugins():
test_url = "http://localhost"
settings.from_yaml("tests/lib/config/test_fingerprint_config.yml")
Services.register("logger", logging.getLogger("sitadelLog"))
Services.register("output", Output())
Services.register("request_factory", SingleRequest(url=test_url, agent="Sitadel"))
plugins = settings.fingerprint_plugins
Fingerprints(
url=test_url,
cookie=None,
).run(plugins)
def main(self):
parser = argparse.ArgumentParser(
formatter_class=argparse.ArgumentDefaultsHelpFormatter,
usage=self.bn.banner())
# Prepare the possible values for risk levels
risk_values = [r.value for r in Risk]
# Add arguments
parser.add_argument("url", help="URL of the website to scan")
parser.add_argument("-r",
"--risk",
type=int,
help="Level of risk allowed for the scan",
choices=risk_values)
parser.add_argument("-ua",
"--user-agent",
default="Linguini " + __version__,
help="User-agent to set for the scan requests")
parser.add_argument(
"--redirect",
dest='redirect',
help="Whether or not the scan should follow redirection",
action="store_true")
parser.add_argument(
"--no-redirect",
dest='redirect',
help="Whether or not the scan should follow redirection",
action="store_false")
parser.set_defaults(redirect=True)
parser.add_argument("-t",
"--timeout",
type=int,
help="Timeout to set for the scan HTTP requests")
parser.add_argument("-c",
"--cookie",
help="Cookie to set for the scan HTTP requests")
parser.add_argument("-p",
"--proxy",
help="Proxy to set for the scan HTTP requests")
parser.add_argument("-f",
"--fingerprint",
nargs='+',
help="Fingerprint modules to activate")
parser.add_argument("-a",
"--attack",
nargs='+',
help="Attack modules to activate")
parser.add_argument("--config",
help="Path to the config file",
default="config/config.yml")
parser.add_argument("-v",
"--verbosity",
action="count",
default=0,
help="Increase output verbosity")
parser.add_argument('--version',
action='version',
version=self.bn.version())
args = parser.parse_args()
# Verify the target URL
self.url = validator.validate_target(args.url)
# Reading configuration
settings.from_yaml(args.config)
if args.risk is not None:
settings.risk = Risk(args.risk)
# Register services
Services.register("datastore", Datastore(settings.datastore))
Services.register("logger", logging.getLogger("sitadelLog"))
Services.register("output", Output())
Services.register(
"request_factory",
Request(url=self.url,
agent=args.user_agent,
proxy=args.proxy,
redirect=args.redirect,
timeout=args.timeout))
# Display target and scan starting time
self.bn.preamble(self.url)
# Run the fingerprint modules
self.ma.fingerprints(args.fingerprint, args.user_agent, args.proxy,
args.redirect, args.timeout, self.url,
args.cookie)
# Run the crawler to discover urls
discovered_urls = self.ma.crawler(self.url, args.user_agent)
# Run the attack modules on discovered urls
self.ma.attacks(args.attack, self.url, discovered_urls)
def test_attack_launcher():
# Add services container for running
Services.register("output", Output())
f = Attacks(None, None)
assert hasattr(f, 'run')
def main(self):
parser = argparse.ArgumentParser(
formatter_class=argparse.ArgumentDefaultsHelpFormatter,
usage=self.bn.banner(),
)
# Prepare the possible values for risk levels
risk_values = [r.value for r in Risk]
# Add arguments
parser.add_argument("url", help="URL of the website to scan")
parser.add_argument(
"-r",
"--risk",
type=int,
help="Level of risk allowed for the scan",
choices=risk_values,
)
parser.add_argument(
"-ua",
"--user-agent",
default="Sitadel " + __version__,
help="User-agent to set for the scan requests",
)
parser.add_argument(
"--redirect",
dest="redirect",
help="Whether or not the scan should follow redirection",
action="store_true",
)
parser.add_argument(
"--no-redirect",
dest="redirect",
help="Whether or not the scan should follow redirection",
action="store_false",
)
parser.set_defaults(redirect=True)
parser.add_argument(
"-t",
"--timeout",
type=int,
default=30,
help="Timeout to set for the scan HTTP requests",
)
parser.add_argument("-c",
"--cookie",
help="Cookie to set for the scan HTTP requests")
parser.add_argument("-p",
"--proxy",
help="Proxy to set for the scan HTTP requests")
parser.add_argument("-f",
"--fingerprint",
nargs="+",
help="Fingerprint modules to activate")
parser.add_argument("-a",
"--attack",
nargs="+",
help="Attack modules to activate")
parser.add_argument("--config",
help="Path to the config file",
default="config/config.yml")
parser.add_argument(
"-v",
"--verbosity",
action="count",
default=0,
help="Increase output verbosity",
)
parser.add_argument("--version",
action="version",
version=self.bn.version())
args = parser.parse_args()
# Verify the target URL
self.url = validator.validate_target(args.url)
# Reading configuration
settings.from_yaml(args.config)
if args.risk is not None:
settings.risk = Risk(args.risk)
# Setting up the logger
logger = logging.getLogger("sitadelLog")
logging.basicConfig(
filename="sitadel.log",
filemode="w",
format="%(asctime)s - %(name)s - %(levelname)s - %(message)s",
datefmt="%d-%b-%y %H:%M:%S",
level=(logging.CRITICAL - (args.verbosity * 10)),
)
# Create handlers
console_handler = logging.StreamHandler()
console_handler.setLevel(logging.WARNING)
file_handler = logging.FileHandler("sitadel.log")
file_handler.setLevel(level=(logging.CRITICAL - (args.verbosity * 10)))
# Create formatters and add it to handlers
console_format = logging.Formatter(
"%(name)s - %(levelname)s - %(message)s")
console_handler.setFormatter(console_format)
file_format = logging.Formatter(
"%(asctime)s - %(name)s - %(levelname)s - %(message)s")
file_handler.setFormatter(file_format)
# Add handlers to the logger
logger.addHandler(console_handler)
logger.addHandler(file_handler)
# Register services
Services.register("datastore", Datastore(settings.datastore))
Services.register("logger", logger)
Services.register("output", Output())
Services.register(
"request_factory",
SingleRequest(
url=self.url,
agent=args.user_agent,
proxy=args.proxy,
redirect=args.redirect,
timeout=args.timeout,
),
)
# Display target and scan starting time
self.bn.preamble(self.url)
try:
# Run the fingerprint modules
self.ma.fingerprints(
args.fingerprint,
self.url,
args.cookie,
)
# Run the crawler to discover urls
discovered_urls = self.ma.crawler(self.url, args.user_agent)
# Hotfix on KeyboardInterrupt being redirected to scrapy crawler process
signal.signal(signal.SIGINT, signal.default_int_handler)
# Run the attack modules on discovered urls
self.ma.attacks(args.attack, self.url, discovered_urls)
except KeyboardInterrupt:
raise
finally:
self.bn.postscript()
def test_fingerprint_launcher():
Services.register("output", Output())
Services.register("request_factory", SingleRequest())
f = Fingerprints(None, None)
if not hasattr(f, "run"):
raise AssertionError
def test_bad_service():
with pytest.raises(NameError):
Services.get("example")
Services.register("example", "test")
assert Services.get("example") is not None