本文整理汇总了Python中w3af.core.ui.console.console_ui.ConsoleUI.sh方法的典型用法代码示例。如果您正苦于以下问题:Python ConsoleUI.sh方法的具体用法?Python ConsoleUI.sh怎么用?Python ConsoleUI.sh使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类w3af.core.ui.console.console_ui.ConsoleUI
的用法示例。
在下文中一共展示了ConsoleUI.sh方法的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: TestConsoleBugReport
# 需要导入模块: from w3af.core.ui.console.console_ui import ConsoleUI [as 别名]
# 或者: from w3af.core.ui.console.console_ui.ConsoleUI import sh [as 别名]
class TestConsoleBugReport(ConsoleTestHelper):
"""
Run a scan from the console UI (which fails with a bug) and report it to
a github issue.
"""
def setUp(self):
"""
This is a rather complex setUp since I need to move the failing_spider.py
plugin to the plugin directory in order to be able to run it afterwards.
In the tearDown method, I'll remove the file.
"""
self.src = os.path.join(ROOT_PATH, 'plugins', 'tests', 'crawl',
'failing_spider.py')
self.dst = os.path.join(ROOT_PATH, 'plugins', 'crawl',
'failing_spider.py')
shutil.copy(self.src, self.dst)
super(TestConsoleBugReport, self).setUp()
def tearDown(self):
if os.path.exists(self.dst):
os.remove(self.dst)
# pyc file
if os.path.exists(self.dst + 'c'):
os.remove(self.dst + 'c')
super(TestConsoleBugReport, self).tearDown()
def test_buggy_scan(self):
target = get_moth_http('/grep/csp/')
commands_to_run = ['plugins',
'output console',
'crawl failing_spider',
'crawl config failing_spider',
'set only_forward true',
'back',
'grep path_disclosure',
'back',
'target',
'set target %s' % (target),
'back',
'start',
'bug-report',
'summary',
'report',
'exit']
expected = ('During the current scan (with id: ',
'An exception was found while running crawl.failing_spider on ',
'New URL found by failing_spider plugin: ',
' [1/1] Bug with id 0 reported at https://github.com/andresriancho/w3af/issues/')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
caught_exceptions = self.console._w3af.exception_handler.get_all_exceptions()
self.assertEqual(len(caught_exceptions), 1, self._mock_stdout.messages)
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(['No such file or directory',
'Exception'])
self.assertFalse(found_errors)
# Clear the exceptions, we don't need them anymore.
self.console._w3af.exception_handler.clear()
# Close issue from github
issue_id_re = re.compile('https://github.com/andresriancho/w3af/issues/(\d*)')
for line in self._mock_stdout.messages:
mo = issue_id_re.search(line)
if mo is not None:
issue_id = mo.group(1)
gh = Github(OAUTH_TOKEN)
repo = gh.get_user('andresriancho').get_repo('w3af')
issue = repo.get_issue(int(issue_id))
issue.edit(state='closed')
break
else:
self.assertTrue(False, 'Did NOT close test ticket.')
示例2: TestBasicConsoleUI
# 需要导入模块: from w3af.core.ui.console.console_ui import ConsoleUI [as 别名]
# 或者: from w3af.core.ui.console.console_ui.ConsoleUI import sh [as 别名]
class TestBasicConsoleUI(ConsoleTestHelper):
"""
Basic test for the console UI.
"""
def test_menu_browse_misc(self):
commands_to_run = ['misc-settings', 'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:misc-settings>>> ')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_browse_http(self):
commands_to_run = ['http-settings', 'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:http-settings>>> ')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_browse_target(self):
commands_to_run = ['target', 'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:target>>> ')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_plugin_desc(self):
commands_to_run = ['plugins',
'infrastructure desc zone_h',
'back',
'exit']
expected = ('This plugin searches the zone-h.org',
'result. The information stored in',
'previous defacements to the target website.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_menu_set_option_case01(self):
commands_to_run = ['target', 'set target http://moth/', 'save', 'view',
'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected = ('w3af>>> ', 'w3af/config:target>>> ',
'The configuration has been saved.\r\n')
assert_result, msg = self.all_expected_in_output(expected)
self.assertTrue(assert_result, msg)
expected_start_with = ('| http://moth/',)
assert_result, msg = self.all_expected_substring_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_set_option_manual_save(self):
commands_to_run = ['target set target http://moth/',
'target view',
'target save',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('| target ',
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_set_option_auto_save(self):
commands_to_run = ['target set target http://moth/',
'target view',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('| target ',
'The configuration has been saved.')
assert_result, msg = self.startswith_expected_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_set_option_invalid_case01(self):
# Invalid port
commands_to_run = ['target', 'set target http://moth:301801/', 'view',
'back', 'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
#.........这里部分代码省略.........
示例3: TestScanRunConsoleUI
# 需要导入模块: from w3af.core.ui.console.console_ui import ConsoleUI [as 别名]
# 或者: from w3af.core.ui.console.console_ui.ConsoleUI import sh [as 别名]
class TestScanRunConsoleUI(ConsoleTestHelper):
"""
Run scans from the console UI.
"""
def test_SQL_scan(self):
target = get_moth_http("/audit/sql_injection/where_string_single_qs.py")
qs = "?uname=pablo"
commands_to_run = [
"plugins",
"output console,text_file",
"output config text_file",
"set output_file %s" % self.OUTPUT_FILE,
"set http_output_file %s" % self.OUTPUT_HTTP_FILE,
"set verbose True",
"back",
"output config console",
"set verbose False",
"back",
"audit sqli",
"crawl web_spider",
"crawl config web_spider",
"set only_forward True",
"back",
"grep path_disclosure",
"back",
"target",
"set target %s%s" % (target, qs),
"back",
"start",
"exit",
]
expected = (
"SQL injection in ",
"A SQL error was found in the response supplied by ",
"Found 1 URLs and 1 different injections points",
"Scan finished",
)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(["No such file or directory", "Exception"])
self.assertFalse(found_errors)
@attr("smoke")
@attr("ci_fails")
def test_two_scans(self):
target_1 = get_moth_http("/audit/sql_injection/where_string_single_qs.py")
qs_1 = "?uname=pablo"
scan_commands_1 = [
"plugins",
"output console,text_file",
"output config text_file",
"set output_file %s" % self.OUTPUT_FILE,
"set http_output_file %s" % self.OUTPUT_HTTP_FILE,
"set verbose True",
"back",
"output config console",
"set verbose False",
"back",
"audit sqli",
"crawl web_spider",
"crawl config web_spider",
"set only_forward True",
"back",
"grep path_disclosure",
"back",
"target",
"set target %s%s" % (target_1, qs_1),
"back",
"start",
]
expected_1 = (
"SQL injection in ",
"A SQL error was found in the response supplied by ",
"Found 1 URLs and 1 different injections points",
"Scan finished",
)
target_2 = get_moth_http("/audit/xss/simple_xss.py")
qs_2 = "?text=1"
scan_commands_2 = [
"plugins",
"output console,text_file",
"output config text_file",
"set output_file %s" % self.OUTPUT_FILE,
"set http_output_file %s" % self.OUTPUT_HTTP_FILE,
"set verbose True",
"back",
"output config console",
"set verbose False",
"back",
"audit xss",
#.........这里部分代码省略.........
示例4: TestProfilesConsoleUI
# 需要导入模块: from w3af.core.ui.console.console_ui import ConsoleUI [as 别名]
# 或者: from w3af.core.ui.console.console_ui.ConsoleUI import sh [as 别名]
class TestProfilesConsoleUI(ConsoleTestHelper):
"""
Load profiles from the console UI.
"""
def setUp(self):
super(TestProfilesConsoleUI, self).setUp()
self._remove_if_exists(self.get_profile_name())
def tearDown(self):
super(TestProfilesConsoleUI, self).tearDown()
self._remove_if_exists(self.get_profile_name())
def get_profile_name(self):
profile_name = self.id()
profile_name = profile_name.replace('.', '-')
profile_name = profile_name.replace(':', '-')
profile_name = profile_name.lower()
return profile_name
def _remove_if_exists(self, profile_name):
try:
profile_inst = profile(profile_name)
profile_inst.remove()
except:
pass
def _assert_exists(self, profile_name):
try:
profile(profile_name)
except:
assert False, 'The %s profile does NOT exist!' % profile_name
def _assert_equal(self, profile_name_a, profile_name_b):
p1 = profile(profile_name_a, workdir='.')
p2 = profile(profile_name_b, workdir='.')
assertProfilesEqual(p1.profile_file_name, p2.profile_file_name)
def test_load_profile_exists(self):
commands_to_run = ['profiles',
'help',
'use OWASP_TOP10',
'exit']
expected = (
'The plugins configured by the scan profile have been enabled',
'Please set the target URL',
' | Use a profile.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_by_filepath(self):
tmp_profile = tempfile.NamedTemporaryFile(suffix='.pw3af')
commands_to_run = ['profiles',
'help',
'use ' + tmp_profile.name,
'exit']
expected = (
'The plugins configured by the scan profile have been enabled',
'Please set the target URL',
' | Use a profile.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_not_exists(self):
commands_to_run = ['profiles',
'help',
'use do_not_exist',
'exit']
expected = ('The profile "do_not_exist.pw3af" wasn\'t found.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_save_as_profile(self):
commands_to_run = ['profiles',
'use OWASP_TOP10',
'save_as %s' % self.get_profile_name(),
'exit']
expected = ('Profile saved.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
#.........这里部分代码省略.........
示例5: TestExploitConsoleUI
# 需要导入模块: from w3af.core.ui.console.console_ui import ConsoleUI [as 别名]
# 或者: from w3af.core.ui.console.console_ui.ConsoleUI import sh [as 别名]
class TestExploitConsoleUI(ConsoleTestHelper):
"""
Run scan and exploit vulnerabilities from the console UI.
"""
def test_OS_commanding_exploit(self):
target = get_moth_http('/audit/os_commanding/trivial_osc.py')
qs = '?cmd=foobar'
commands_to_run = [
'plugins',
'audit os_commanding',
'output console',
'output config console',
'set verbose true',
'back',
'back',
'target',
'set target %s%s' % (target, qs),
'back',
'start',
'exploit',
'exploit os_commanding',
'interact 0',
'execute ls',
'execute w',
'read /etc/passwd',
'help',
'lsp',
'payload tcp',
'payload list_processes',
'payload list_processes 20',
'exit', # from shell
'exit', # from w3af
]
expected = (# start
'OS Commanding was found at: "%s' % target,
# exploit
'Vulnerability successfully exploited. Generated shell object',
'Please use the interact command to interact with the shell objects.',
# read /etc/passwd
'root:x:0:0:root:/root:/bin/bash',
'www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin',
#lsp
'apache_config_directory',
'kernel_version',
# payload tcp
'| Id ',
# payload list_processes
'Usage: list_processes <max_pid>',
# payload list_processes 20
'| 1')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(['No such file or directory',
'Exception'])
self.assertFalse(found_errors)
示例6: TestScanRunConsoleUI
# 需要导入模块: from w3af.core.ui.console.console_ui import ConsoleUI [as 别名]
# 或者: from w3af.core.ui.console.console_ui.ConsoleUI import sh [as 别名]
class TestScanRunConsoleUI(ConsoleTestHelper):
"""
Run scans from the console UI.
"""
def test_SQL_scan(self):
target = get_moth_http('/audit/sql_injection/where_string_single_qs.py')
target_path = get_moth_http('/audit/sql_injection/')
qs = '?uname=pablo'
commands_to_run = ['plugins',
'output console,text_file',
'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back',
'output config console',
'set verbose False', 'back',
'audit sqli',
'crawl web_spider',
'crawl config web_spider',
'set only_forward True', 'back',
'grep path_disclosure',
'back',
'target',
'set target %s%s' % (target, qs), 'back',
'start',
'exit']
expected = ('SQL injection in ',
'A SQL error was found in the response supplied by ',
'New URL found by web_spider plugin: "%s"' % target_path)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
found_errors = self.error_in_output(['No such file or directory',
'Exception'])
self.assertFalse(found_errors)
@attr('smoke')
@attr('ci_fails')
def test_two_scans(self):
target_1 = get_moth_http('/audit/sql_injection/where_string_single_qs.py')
target_path_1 = get_moth_http('/audit/sql_injection/')
qs_1 = '?uname=pablo'
scan_commands_1 = ['plugins',
'output console,text_file',
'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back',
'output config console',
'set verbose False', 'back',
'audit sqli',
'crawl web_spider',
'crawl config web_spider',
'set only_forward True', 'back',
'grep path_disclosure',
'back',
'target',
'set target %s%s' % (target_1, qs_1), 'back',
'start']
expected_1 = ('SQL injection in ',
'A SQL error was found in the response supplied by ',
'New URL found by web_spider plugin: "%s"' % target_path_1)
target_2 = get_moth_http('/audit/xss/simple_xss.py')
target_path_2 = get_moth_http('/audit/xss/')
qs_2 = '?text=1'
scan_commands_2 = ['plugins',
'output console,text_file',
'output config text_file',
'set output_file %s' % self.OUTPUT_FILE,
'set http_output_file %s' % self.OUTPUT_HTTP_FILE,
'set verbose True', 'back',
'output config console',
'set verbose False', 'back',
'audit xss',
'crawl web_spider',
'crawl config web_spider',
'set only_forward True', 'back',
'grep path_disclosure',
'back',
'plugins output',
'target',
'set target %s%s' % (target_2, qs_2), 'back',
'start',
'exit']
expected_2 = ('A Cross Site Scripting vulnerability was found at',
'New URL found by web_spider plugin: "%s"' % target_path_2)
scan_commands = scan_commands_1 + scan_commands_2
self.console = ConsoleUI(commands=scan_commands, do_upd=False)
#.........这里部分代码省略.........
示例7: TestProfilesConsoleUI
# 需要导入模块: from w3af.core.ui.console.console_ui import ConsoleUI [as 别名]
# 或者: from w3af.core.ui.console.console_ui.ConsoleUI import sh [as 别名]
class TestProfilesConsoleUI(ConsoleTestHelper):
"""
Load profiles from the console UI.
"""
def setUp(self):
super(TestProfilesConsoleUI, self).setUp()
self._remove_if_exists('unittest')
def tearDown(self):
super(TestProfilesConsoleUI, self).tearDown()
self._remove_if_exists('unittest')
def _remove_if_exists(self, profile_name):
try:
profile_inst = profile(profile_name)
profile_inst.remove()
except:
pass
def _assert_exists(self, profile_name):
try:
profile(profile_name)
except:
assert False, 'The %s profile does NOT exist!' % profile_name
def test_load_profile_exists(self):
commands_to_run = ['profiles',
'help',
'use OWASP_TOP10',
'exit']
expected = (
'The plugins configured by the scan profile have been enabled',
'Please set the target URL',
' | Use a profile.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_by_filepath(self):
tmp_profile = tempfile.NamedTemporaryFile(suffix='.pw3af')
commands_to_run = ['profiles',
'help',
'use ' + tmp_profile.name,
'exit']
expected = (
'The plugins configured by the scan profile have been enabled',
'Please set the target URL',
' | Use a profile.')
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.all_expected_substring_in_output(expected)
self.assertTrue(assert_result, msg)
def test_load_profile_not_exists(self):
commands_to_run = ['profiles',
'help',
'use do_not_exist',
'exit']
expected = ('The profile "do_not_exist.pw3af" wasn\'t found.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
def test_save_as_profile(self):
commands_to_run = ['profiles',
'use OWASP_TOP10',
'save_as unittest',
'exit']
expected = ('Profile saved.',)
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
assert_result, msg = self.startswith_expected_in_output(expected)
self.assertTrue(assert_result, msg)
self._assert_exists('unittest')
def test_set_save_use(self):
"""
This is a unittest for the bug reported by a user where his settings
are not saved to the profile.
https://github.com/andresriancho/w3af/issues/291
Actually, the settings are saved but not properly displayed, but that's
not so important. The important thing is that the user was seeing the
#.........这里部分代码省略.........
示例8: TestSaveConsoleUI
# 需要导入模块: from w3af.core.ui.console.console_ui import ConsoleUI [as 别名]
# 或者: from w3af.core.ui.console.console_ui.ConsoleUI import sh [as 别名]
class TestSaveConsoleUI(ConsoleTestHelper):
"""
Save test for the console UI.
"""
def test_menu_simple_save(self):
commands_to_run = ['plugins crawl config dir_file_bruter',
'set file_wordlist /etc/passwd',
'save',
'view',
'back',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = (' /etc/passwd ',
'The configuration has been saved.')
assert_result, msg = self.all_expected_substring_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_save_with_dependencies_error(self):
commands_to_run = ['plugins audit config rfi',
'set use_w3af_site false',
'set listen_address abc',
'save',
'view',
'back',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('Identified an error with the user-defined settings',)
assert_result, msg = self.startswith_expected_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_save_with_dependencies_success(self):
commands_to_run = ['plugins audit config rfi',
'set use_w3af_site false',
'set listen_address 127.0.0.1',
'set listen_port 8081',
'save',
'view',
'back',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = ('127.0.0.1',
'8081')
assert_result, msg = self.all_expected_substring_in_output(expected_start_with)
self.assertTrue(assert_result, msg)
def test_menu_simple_save_with_view(self):
"""
Reproduces the issue at https://github.com/andresriancho/w3af/issues/474
where a "view" call overwrites any previously set value with the default
"""
commands_to_run = ['plugins crawl config dir_file_bruter',
'set file_wordlist /etc/passwd',
'view',
'back',
'plugins crawl config dir_file_bruter',
'view',
'back',
'exit']
self.console = ConsoleUI(commands=commands_to_run, do_upd=False)
self.console.sh()
expected_start_with = (' /etc/passwd ',
'The configuration has been saved.')
assert_result, msg = self.all_expected_substring_in_output(expected_start_with)
self.assertTrue(assert_result, msg)