def test_scanResult(self):
# See if the keys are available as env variables
try:
a_key = os.environ["TIOA"]
s_key = os.environ["TIOS"]
except Exception:
assert False
# Let's select a known scan ID here
# this one is completed
scan_id_completed = 453
# This one is cancelled
scan_id_aborted = 715
scanner = TIOScanner(access_key=a_key, secret_key=s_key)
result_as_json = scanner.scanResult(scan_id_completed)
assert type(result_as_json) is dict
assert 'hosts' in result_as_json
assert 'history' in result_as_json
assert 'info' in result_as_json
result_as_html = scanner.scanResult(scan_id_completed,
result_format="html")
assert type(result_as_html) is str
assert "html" in result_as_html
assert "tenable" in result_as_html
assert "plugin" in result_as_html
with pytest.raises(TenableScanInterruptedException) as e:
assert scanner.scanResult(scan_id_aborted)
assert str(
e.value
) == "Tenable.io scan ended abruptly, likely stopped or aborted manually."
def test_runFromStepFunction(self):
target = "infosec.mozilla.org"
partial_stepf_event = {"target": target}
test_context = None
try:
a_key = os.environ["TIOA"]
s_key = os.environ["TIOS"]
except Exception:
assert False
tenableio_scan_handler = TIOScanHandler()
response = tenableio_scan_handler.runFromStepFunction(
partial_stepf_event, test_context)
assert type(response) is dict
# The next few lines are for cleaning up,
# we should abort the scan just launched
scan_id = response['id']
scanner = TIOScanner(access_key=a_key, secret_key=s_key)
client = scanner._TIOScanner__createClient()
scan_ref = client.scan_helper.id(scan_id)
scan_ref.stop(wait=False)
test_invalid_event = {"TEST": "TEST"}
invalid_response = tenableio_scan_handler.runFromStepFunction(
test_invalid_event, test_context)
assert invalid_response is False
def pollScanResults(self, event, context):
# This function will take a Tenable.io scan ID, and
# query Tenable.io API for the status of that scan, and
# if completed, return the results a JSON object
source_event = Event(event, context)
data = source_event.parse()
if data:
target = Target(data.get('target'))
if not target:
self.logger.error("Target validation failed of: {}".format(
target.name))
return False
scanID = event['responses']['Tenablescan']['id']
scanner = TIOScanner(logger=self.logger)
json_result = scanner.scanResult(scanID, result_format="json")
html_result = scanner.scanResult(scanID, result_format="html")
if json_result and html_result:
send_to_s3(target.name + "_tenablescan",
json_result,
client=self.s3_client,
bucket=self.s3_bucket)
send_to_s3(target.name + "_tenablescan",
html_result,
client=self.s3_client,
bucket=self.s3_bucket)
return {'statusCode': 200}
else:
self.logger.error("Unrecognized payload: {}".format(data))
return False
def test__getAPIKey(self, ssm):
scanner = TIOScanner(ssm_client=ssm)
test_akey, test_skey = scanner._TIOScanner__getAPIKey()
try:
a_key = os.environ["TIOA"]
s_key = os.environ["TIOS"]
except Exception:
assert test_akey == "TEST"
assert test_skey == "TEST"
else:
assert test_akey == a_key
assert test_skey == s_key
def test_defaults(self, ssm):
scanner = TIOScanner(ssm_client=ssm)
assert scanner.client is None
assert scanner.tio_access_key is None
assert scanner.tio_secret_key is None
assert scanner.report_format == "html"
assert scanner.ssm_client == ssm
def test_scanResult(self):
# See if the keys are available as env variables
try:
a_key = os.environ["TIOA"]
s_key = os.environ["TIOS"]
except Exception:
assert False
host_name = "www.mozilla.org"
scanner = TIOScanner(access_key=a_key, secret_key=s_key)
nscan = scanner.scan(host_name)
result_as_json = scanner.scanResult(nscan)
assert type(result_as_json) is dict
assert 'hosts' in result_as_json
assert 'history' in result_as_json
assert 'info' in result_as_json
def runScanFromQ(event, context):
# This is needed for nmap static library and
# dirb to be added to the path
_environ = dict(os.environ)
nmap_path = os.environ['LAMBDA_TASK_ROOT'] + '/vendor/nmap-standalone/'
dirb_path = os.environ['LAMBDA_TASK_ROOT'] + '/vendor/dirb/'
try:
os.environ.update({'PATH': os.environ['PATH'] + ':' + nmap_path + ':' + dirb_path})
# Read the queue
for record, keys in event.items():
for item in keys:
if "body" in item:
message = item['body']
scan_type, target, uuid = message.split('|')
if scan_type == "httpobservatory":
scanner = HTTPObservatoryScanner(logger=logger)
scan_result = scanner.scan(target)
send_to_s3(target + "_httpobservatory", scan_result, client=S3_CLIENT, bucket=S3_BUCKET)
elif scan_type == "sshobservatory":
scanner = SSHObservatoryScanner(logger=logger)
scan_result = scanner.scan(target)
send_to_s3(target + "_sshobservatory", scan_result, client=S3_CLIENT, bucket=S3_BUCKET)
elif scan_type == "tlsobservatory":
scanner = TLSObservatoryScanner(logger=logger)
scan_result = scanner.scan(target)
send_to_s3(target + "_tlsobservatory", scan_result, client=S3_CLIENT, bucket=S3_BUCKET)
elif scan_type == "portscan":
scanner = PortScanner(target, logger=logger)
nmap_scanner = scanner.scanTCP()
while nmap_scanner.still_scanning():
# Wait for 1 second after the end of the scan
nmap_scanner.wait(1)
elif scan_type == "tenableio":
scanner = TIOScanner(logger=logger)
nessus_scanner = scanner.scan(target)
nessus_scanner.launch(wait=False)
elif scan_type == "websearch":
searcher = WebSearcher(logger=logger)
search_results = searcher.search(target)
send_to_s3(target + "_websearch", search_results, client=S3_CLIENT, bucket=S3_BUCKET)
elif scan_type == "direnumscan":
scanner = DirectoryEnumScanner(logger=logger)
return_code, direnum_result = scanner.scan(target)
send_to_s3(target + "_direnum", direnum_result, client=S3_CLIENT, bucket=S3_BUCKET)
else:
# Manually invoked, just log the message
logger.info("Message in queue: {}".format(message))
else:
logger.error("Unrecognized message in queue: {}".format(message))
except Exception as e:
logger.error("Exception occurred while running scans from the queue: {}".format(e))
finally:
# Restore environment variables to their original values
os.environ.update(_environ)
def test_scan(self):
# See if the keys are available as env variables
try:
a_key = os.environ["TIOA"]
s_key = os.environ["TIOS"]
except Exception:
assert False
host_name = "www.mozilla.org"
scanner = TIOScanner(access_key=a_key, secret_key=s_key)
nscan = scanner.scan(host_name)
# Ref: https://github.com/tenable/Tenable.io-SDK-for-Python/blob/master/tests/integration/helpers/test_scan.py
# nscan is a ScanRef object.
# Note that we are NOT launching the scan here, we do not
# want an actual scan to be kicked off as a part of CI
# scan_details is a scan_detail object
scan_detail = nscan.details()
# ScanRef object ID should the ScanDetail object ID
assert scan_detail.info.object_id == nscan.id
nscan.delete(force_stop=True)
def runFromStepFunction(self, event, context):
source_event = Event(event, context)
data = source_event.parse()
if data:
target = Target(data.get('target'))
if not target:
self.logger.error("Target validation failed of: {}".format(
target.name))
return False
# Run the scan here and return the ScanRef object
scanner = TIOScanner(logger=self.logger)
scanner_ref = scanner.scan(target.name)
if scanner_ref:
scanner_ref.launch(wait=False)
return {'id': scanner_ref.id}
else:
return False
else:
self.logger.error("Unrecognized payload: {}".format(data))
return False
def test__createClient(self, ssm):
scanner = TIOScanner(ssm_client=ssm)
client = scanner._TIOScanner__createClient()
assert type(client) is TenableIOClient
nscanner = TIOScanner(access_key='test', secret_key='test')
nclient = nscanner._TIOScanner__createClient()
assert type(nclient) is TenableIOClient
def test__getAPIKey(self, ssm):
scanner = TIOScanner(ssm_client=ssm)
test_akey, test_skey = scanner._TIOScanner__getAPIKey()
assert test_akey == "TEST"
assert test_skey == "TEST"