def start_scan(self, UserWebsite): #add set_free server try: server = W3af_server.objects.filter(running=0).order_by('-last_scan')[:1] server = server[0] except: server = None if not server: self.error = _('No server slot free, please try again later!') else: conn = Connection(server.host) #add auth scan = Scan(conn) try: scan.start(self.scan_profile, [UserWebsite.url]) self.succes = _('Server scan started, please wait a litte time for feedback!') except: self.error = _('Sorry, we got a server error, please try again later!') if self.succes: scan_object = W3af_scan(Website=UserWebsite) scan_object.save() server.last_scan = timezone.now() server.running = True server.Scan = scan_object server.save() UserWebsite.last_scan = timezone.now() UserWebsite.save()
def get_server_status(self, server): try: conn = Connection(server.host) #add auth scan = Scan(conn) scan.scan_id = conn.get_scans()[0].scan_id scan.running = conn.get_scans()[0].status except: scan = None return scan
def startScanner(self, scenarioId, applicationName, runningToken, conn, scannerUrl, targetUrl): scanProfilePath = os.path.join(parent_dir, "w3af/profiles/OWASP_TOP10.pw3af") scanProfile = file(scanProfilePath).read() targetUrls = [targetUrl] printLog("Starting scanner for target ", targetUrl) scan = Scan(conn) try: scan.start(scanProfile, targetUrls) except Exception, e: printLog("Error while starting scanner for target", targetUrl, ":", e)
def main(): atexit.register(kill_child) my_env = os.environ cmd = my_env["CS_W3AF"] if "CS_W3AF" in my_env else "/root/tools/w3af/w3af_api" profile = my_env["CS_W3AF_PROFILE"] if "CS_W3AF_PROFILE" in my_env else "/root/tools/w3af/profiles/fast_scan.pw3af" # Parser argument in command line parser = argparse.ArgumentParser(description="w3af_client is develop for automating security testing") parser.add_argument("-t", "--target", help="Network or Host for scan", required=False) parser.add_argument("-o", "--output", help="Output file", required=False) args = parser.parse_args() if args.target == None or args.output == None: print "Argument errors check -h" exit(0) print "Starting w3af api ..." global child_pid proc = subprocess.Popen([cmd]) child_pid = proc.pid print "Waiting for W3af to load, 5 seconds ..." time.sleep(5) # Connect to the REST API and get it's version conn = Connection("http://127.0.0.1:5000/") print conn.get_version() # Define the target and configuration # scan_profile = file('/root/tools/w3af/profiles/fast_scan_xml.pw3af').read() scan_profile = file(profile).read() scan_profile = "[output.xml_file]\noutput_file = %s\n%s\n" % (args.output, scan_profile) # scan_profile = file('/root/tools/w3af/profiles/fast_scan.pw3af').read() target_urls = [args.target] scan = Scan(conn) s = scan.start(scan_profile, target_urls) time.sleep(2) # Wait some time for the scan to start and then scan.get_urls() scan.get_log() scan.get_findings() while scan.get_status()["status"] == "Running": print "Scan progress: %s" + str(scan.get_status()["rpm"]) time.sleep(2)
def test_exception_list(self): httpretty.register_uri(httpretty.GET, self.get_url('/'), body=INDEX_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/version'), body=VERSION_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/exceptions/'), body=EXCEPTION_LIST_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/exceptions/0'), body=EXCEPTION_DETAIL_0, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/exceptions/1'), body=EXCEPTION_DETAIL_1, content_type='application/json') conn = Connection(self.api_url) scan = Scan(conn, scan_id=0) exceptions = scan.get_exceptions() exception_0 = exceptions[0] exception_1 = exceptions[1] self.assertEqual(exception_0.lineno, 112) self.assertEqual(exception_1.lineno, 331) self.assertEqual(exception_0.exception, 'ValueError') self.assertEqual(exception_1.exception, 'IndexError') # Check that update works self.assertIsNotNone(exception_0._data) exception_0._data = None exception_0.update() self.assertIsNotNone(exception_0._data) self.assertEqual(exception_0._data['exception'], 'ValueError')
def test_fuzzable_request_list(self): httpretty.register_uri(httpretty.GET, self.get_url('/'), body=INDEX_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/version'), body=VERSION_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/fuzzable-requests/'), body=FR_LIST_RESPONSE, content_type='application/json') conn = Connection(self.api_url) scan = Scan(conn, scan_id=0) frs = scan.get_fuzzable_requests() self.assertEqual(frs, EXPECTED_FRS)
def test_url_list(self): httpretty.register_uri(httpretty.GET, self.get_url('/'), body=INDEX_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/version'), body=VERSION_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/urls/'), body=URL_LIST_RESPONSE, content_type='application/json') conn = Connection(self.api_url) scan = Scan(conn, scan_id=0) urls = scan.get_urls() self.assertEqual(urls, EXPECTED_URLS)
def test_integration(self): """ The main goal of this test is to assert that the latest version of w3af can be consumed using the latest version of w3af-api-client. """ conn = Connection(self.W3AF_API_URL, verbose=False) print('Created REST API connection') target_urls = [self.TARGET_URL_FMT % self.get_network_address()] scan = Scan(conn) scan.start(FAST_TEST_PROFILE, target_urls) print('Scan started') # Wait some time for the scan to finish, these wait methods also assert # that I'm able to retrieve the scan status self.wait_until_running(scan) print('Scan is running') self.wait_until_finish(scan, wait_loops=300) print('Scan has finished') log = scan.get_log() self.assertIsInstance(log, Log) log_entry_count = 0 for log_entry in log: self.assertIsInstance(log_entry, LogEntry) self.assertIsNotNone(log_entry.message) log_entry_count += 1 if log_entry_count % 20 == 0: print('Read 20 log entries') self.assertGreater(log_entry_count, 100) findings_list = scan.get_findings() self.assertGreaterEqual(len(findings_list), 4) print('Got %s findings' % len(findings_list)) finding = findings_list[0] self.assertIsInstance(finding, Finding) self.assertEqual(finding.name, 'SQL injection')
def main(): atexit.register(kill_child) my_env = os.environ cmd = my_env[ "CS_W3AF"] if 'CS_W3AF' in my_env else "/root/tools/w3af/w3af_api" profile = my_env[ "CS_W3AF_PROFILE"] if 'CS_W3AF_PROFILE' in my_env else "/root/tools/w3af/profiles/fast_scan.pw3af" # Parser argument in command line parser = argparse.ArgumentParser( description='w3af_client is develop for automating security testing') parser.add_argument('-t', '--target', help='Network or Host for scan', required=False) parser.add_argument('-o', '--output', help='Output file', required=False) args = parser.parse_args() if args.target is None or args.output is None: print "Argument errors check -h" exit(0) print 'Starting w3af api ...' global child_pid proc = subprocess.Popen([cmd]) child_pid = proc.pid print 'Waiting for W3af to load, 5 seconds ...' time.sleep(5) # Connect to the REST API and get it's version conn = Connection('http://127.0.0.1:5000/') print conn.get_version() # Define the target and configuration # scan_profile = file('/root/tools/w3af/profiles/fast_scan_xml.pw3af').read() scan_profile = file(profile).read() scan_profile = "[output.xml_file]\noutput_file = %s\n%s\n" % (args.output, scan_profile) # scan_profile = file('/root/tools/w3af/profiles/fast_scan.pw3af').read() target_urls = [args.target] scan = Scan(conn) s = scan.start(scan_profile, target_urls) time.sleep(2) # Wait some time for the scan to start and then scan.get_urls() scan.get_log() scan.get_findings() while (scan.get_status()['status'] == "Running"): print 'Scan progress: %s' + str(scan.get_status()['rpm']) time.sleep(2)
def test_log_access(self): # # Mock all HTTP responses # responses.add(responses.GET, self.get_url('/'), body=INDEX_RESPONSE, content_type='application/json') responses.add(responses.GET, self.get_url('/version'), body=VERSION_RESPONSE, content_type='application/json') responses.add(responses.POST, self.get_url('/scans/'), body=SCAN_START_RESPONSE, content_type='application/json', status=201) responses.add(responses.GET, self.get_url('/scans/0/log'), body=LOG_RESPONSE, content_type='application/json', status=200) responses.add(responses.GET, self.get_url('/scans/0/log'), body=EMPTY_LOG_RESPONSE, content_type='application/json', status=200) responses.add(responses.GET, self.get_url('/scans/0/log'), body=LOG_RESPONSE, content_type='application/json', status=200) responses.add(responses.GET, self.get_url('/scans/0/log'), body=EMPTY_LOG_RESPONSE, content_type='application/json', status=200) conn = Connection(self.api_url) #conn.set_verbose(True) self.assertTrue(conn.can_access_api()) # # Start a scan and assert # scan = Scan(conn) self.assertIsNone(scan.scan_id) scan.start('mock_profile', [TARGET_URL]) # # Get the log # log = scan.get_log() self.assertIsInstance(log, Log) expected_log_entries = [ LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0), LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1) ] received_log_entries = [] for log_entry in log: self.assertIsInstance(log_entry, LogEntry) received_log_entries.append(log_entry) self.assertEqual(received_log_entries, expected_log_entries) # # Get the log using the ids # log = scan.get_log() self.assertIsInstance(log, Log) expected_log_entries = [ LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0), LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1) ] received_log_entries = [] for log_entry in log.get_by_start_id(0): self.assertIsInstance(log_entry, LogEntry) received_log_entries.append(log_entry) self.assertEqual(received_log_entries, expected_log_entries)
from w3af_api_client import Connection, Scan connection = Connection('http://127.0.0.1:5000/') print connection.get_version() profile = file('w3af/profiles/OWASP_TOP10.pw3af').read() target = ['http://localhost'] scan = Scan(connection) scan.start(profile, target) scan.get_urls() scan.get_log() scan.get_findings() scan.get_fuzzable_requests()
def test_simple_scan(self): # # Mock all HTTP responses # httpretty.register_uri(httpretty.GET, self.get_url('/'), body=INDEX_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/version'), body=VERSION_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.POST, self.get_url('/scans/'), body=SCAN_START_RESPONSE, content_type='application/json', status=201) httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/status'), body=SCAN_STATUS_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/1/status'), body=NOT_FOUND, content_type='application/json', status=404) httpretty.register_uri( httpretty.GET, self.get_url('/scans/0/log'), responses=[ # # Responses for ?page pagination # httpretty.Response(body=LOG_RESPONSE, content_type='application/json', status=200), httpretty.Response(body=EMPTY_LOG_RESPONSE, content_type='application/json', status=200), # # Responses for ?id=0 pagination # httpretty.Response(body=LOG_RESPONSE, content_type='application/json', status=200), httpretty.Response(body=EMPTY_LOG_RESPONSE, content_type='application/json', status=200), ]) httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/kb/'), body=FINDINGS_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/kb/0'), body=FINDINGS_DETAIL_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/traffic/45'), body=TRAFFIC_DETAIL_RESPONSE_45, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/traffic/46'), body=TRAFFIC_DETAIL_RESPONSE_46, content_type='application/json') conn = Connection(self.api_url) #conn.set_verbose(True) self.assertTrue(conn.can_access_api()) # # Start a scan and assert # scan = Scan(conn) self.assertIsNone(scan.scan_id) scan.start('mock_profile', [TARGET_URL]) self.assertJSONEquals(httpretty.last_request(), SCAN_START_REQUEST) self.assertEqual(scan.scan_id, 0) # # Get scan status # json_data = scan.get_status() self.assertEqual(json_data['is_running'], True) self.assertEqual(json_data['is_paused'], False) self.assertEqual(json_data['exception'], None) # # Test the error handling # scan.scan_id = 1 self.assertRaises(APIException, scan.get_status) scan.scan_id = 0 # # Get the log # log = scan.get_log() self.assertIsInstance(log, Log) expected_log_entries = [ LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0), LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1) ] received_log_entries = [] for log_entry in log: self.assertIsInstance(log_entry, LogEntry) received_log_entries.append(log_entry) self.assertEqual(received_log_entries, expected_log_entries) # # Get the log using the ids # log = scan.get_log() self.assertIsInstance(log, Log) expected_log_entries = [ LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0), LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1) ] received_log_entries = [] for log_entry in log.get_by_start_id(0): self.assertIsInstance(log_entry, LogEntry) received_log_entries.append(log_entry) self.assertEqual(received_log_entries, expected_log_entries) # # Get the vulnerabilities # findings = scan.get_findings() self.assertIsInstance(findings, list) self.assertEqual(len(findings), 1) finding = findings[0] self.assertEqual(finding.name, 'SQL injection') self.assertIsInstance(finding, Finding) all_traffic = finding.get_traffic() self.assertIsInstance(all_traffic, list) self.assertEqual(len(all_traffic), 2) traffic = all_traffic[0] self.assertIn('GET ', traffic.get_request()) self.assertIn('<html>', traffic.get_response())
def test_simple_scan(self): # # Mock all HTTP responses # httpretty.register_uri(httpretty.GET, self.get_url('/'), body=INDEX_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/version'), body=VERSION_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.POST, self.get_url('/scans/'), body=SCAN_START_RESPONSE, content_type='application/json', status=201) httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/status'), body=SCAN_STATUS_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/1/status'), body=NOT_FOUND, content_type='application/json', status=404) httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/log'), responses=[ httpretty.Response(body=LOG_RESPONSE, content_type='application/json', status=200), httpretty.Response(body=EMPTY_LOG_RESPONSE, content_type='application/json', status=200), ]) httpretty.register_uri(httpretty.GET, self.get_url('/kb/'), body=FINDINGS_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/kb/0'), body=FINDINGS_DETAIL_RESPONSE, content_type='application/json') conn = Connection(self.api_url) #conn.set_verbose(True) self.assertTrue(conn.can_access_api()) # # Start a scan and assert # scan = Scan(conn) self.assertIsNone(scan.scan_id) scan.start('mock_profile', [TARGET_URL]) self.assertJSONEquals(httpretty.last_request(), SCAN_START_REQUEST) self.assertEqual(scan.scan_id, 0) # # Get scan status # json_data = scan.get_status() self.assertEqual(json_data['is_running'], True) self.assertEqual(json_data['is_paused'], False) self.assertEqual(json_data['exception'], None) # # Test the error handling # scan.scan_id = 1 self.assertRaises(APIException, scan.get_status) scan.scan_id = 0 # # Get the log # log = scan.get_log() self.assertIsInstance(log, Log) expected_log_entries = [LogEntry('debug', 'one', '23-Jun-2015 16:21', None), LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High')] received_log_entries = [] for log_entry in log: self.assertIsInstance(log_entry, LogEntry) received_log_entries.append(log_entry) self.assertEqual(received_log_entries, expected_log_entries) # # Get the vulnerabilities # findings = scan.get_findings() self.assertIsInstance(findings, list) self.assertEqual(len(findings), 1) finding = findings[0] self.assertEqual(finding.name, 'SQL injection') self.assertIsInstance(finding, Finding)
def test_log_access(self): # # Mock all HTTP responses # httpretty.register_uri(httpretty.GET, self.get_url('/'), body=INDEX_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/version'), body=VERSION_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.POST, self.get_url('/scans/'), body=SCAN_START_RESPONSE, content_type='application/json', status=201) httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/log'), responses=[ # # Responses for ?page pagination # httpretty.Response(body=LOG_RESPONSE, content_type='application/json', status=200), httpretty.Response(body=EMPTY_LOG_RESPONSE, content_type='application/json', status=200), # # Responses for ?id=0 pagination # httpretty.Response(body=LOG_RESPONSE, content_type='application/json', status=200), httpretty.Response(body=EMPTY_LOG_RESPONSE, content_type='application/json', status=200), ]) conn = Connection(self.api_url) #conn.set_verbose(True) self.assertTrue(conn.can_access_api()) # # Start a scan and assert # scan = Scan(conn) self.assertIsNone(scan.scan_id) scan.start('mock_profile', [TARGET_URL]) # # Get the log # log = scan.get_log() self.assertIsInstance(log, Log) expected_log_entries = [LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0), LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1)] received_log_entries = [] for log_entry in log: self.assertIsInstance(log_entry, LogEntry) received_log_entries.append(log_entry) self.assertEqual(received_log_entries, expected_log_entries) # # Get the log using the ids # log = scan.get_log() self.assertIsInstance(log, Log) expected_log_entries = [LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0), LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1)] received_log_entries = [] for log_entry in log.get_by_start_id(0): self.assertIsInstance(log_entry, LogEntry) received_log_entries.append(log_entry) self.assertEqual(received_log_entries, expected_log_entries)