Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for authenticated analysis #95

Merged
merged 29 commits into from
Dec 16, 2022
Merged
Changes from 1 commit
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
cc5c981
Initial TargetCredential model and API operations
pablosnt Nov 27, 2022
bfa1242
Fix model and serializer
pablosnt Nov 29, 2022
45b4e25
Input validation for TargetCredential
pablosnt Nov 29, 2022
c766cae
Get basic authentication value
pablosnt Nov 29, 2022
4915262
Initial unit tests
pablosnt Nov 29, 2022
dee73d8
Fix unit tests for TargetCredential
pablosnt Nov 29, 2022
5c2ef41
Fix input validation for TargetCredential
pablosnt Nov 29, 2022
c3439fa
Refactor UI code for the target port details
pablosnt Nov 29, 2022
3764362
New tab in the popup to handle the target credentials
pablosnt Nov 30, 2022
a03df5a
Fix system credentials validation
pablosnt Nov 30, 2022
01706c3
Add support to filtering target credentials by distinct type
pablosnt Nov 30, 2022
a367975
Use authentication for SMBmap, Dirsearch and JoomScan during executions
pablosnt Dec 10, 2022
9d7b2b2
Replace TargetCredential by TargetAuthentication
pablosnt Dec 10, 2022
d6f235a
Fix references to target_credentials
pablosnt Dec 10, 2022
154d459
Fix input type related to target authentication
pablosnt Dec 10, 2022
edd36cd
Apply authentication in Nikto executions
pablosnt Dec 11, 2022
8034380
Apply authentication in OWASP ZAP executions
pablosnt Dec 11, 2022
33cc53a
Fix reference to OWASP ZAP
pablosnt Dec 11, 2022
22df759
Optimize UX during the credentials configuration
pablosnt Dec 11, 2022
0df961b
Unit tests for executions using target authentication
pablosnt Dec 11, 2022
6303879
Refactoring code using new authentication module and applying authent…
pablosnt Dec 13, 2022
40d5016
Generate migrations and fix some errors
pablosnt Dec 13, 2022
85b591f
Fix some errors and prepare initial unit testing
pablosnt Dec 14, 2022
4bd8d61
Fix error in wordlist input type
pablosnt Dec 15, 2022
3f32951
Fix error obtaining the relationships between the input types
pablosnt Dec 15, 2022
a17b8b8
Optimize code to get authentication
pablosnt Dec 15, 2022
24b9581
Improve unit tests
pablosnt Dec 15, 2022
efa156e
One more unit tests, clean code and fix in arguments syntax
pablosnt Dec 16, 2022
29be2ad
Fix error in arguments with quotes
pablosnt Dec 16, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Fix input validation for TargetCredential
pablosnt committed Nov 29, 2022
commit 5c2ef4185faf9b22f22f03f5a86a1d76993ca7ab
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Generated by Django 3.2.16 on 2022-11-29 19:23
# Generated by Django 3.2.16 on 2022-11-29 22:15

from django.db import migrations, models
import django.db.models.deletion
@@ -19,7 +19,7 @@ class Migration(migrations.Migration):
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('name', models.TextField(max_length=100, validators=[security.input_validation.validate_name])),
('credential', models.TextField(max_length=500, validators=[security.input_validation.validate_credential])),
('type', models.TextField(choices=[('Cookie', 'Cookie'), ('Digest', 'Digest'), ('Bearer', 'Bearer'), ('NTLM', 'Ntlm'), ('JWT', 'Jwt'), ('Password', 'Password')], max_length=8)),
('type', models.TextField(choices=[('Basic', 'Basic'), ('Bearer', 'Bearer'), ('Cookie', 'Cookie'), ('Digest', 'Digest'), ('JWT', 'Jwt'), ('NTLM', 'Ntlm')], max_length=8)),
('target_port', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='target_credentials', to='targets.targetport')),
],
bases=(models.Model, input_types.base.BaseInput),
2 changes: 2 additions & 0 deletions rekono/targets/serializers.py
Original file line number Diff line number Diff line change
@@ -3,6 +3,7 @@
from api.serializers import ProtectedStringValueField
from django.forms import ValidationError
from rest_framework import serializers
from security.input_validation import validate_credential

from targets.models import (Target, TargetCredential, TargetPort,
TargetTechnology, TargetVulnerability)
@@ -169,6 +170,7 @@ def validate(self, attrs: Dict[str, Any]) -> Dict[str, Any]:
Dict[str, Any]: Data after validation process
'''
attrs = super().validate(attrs)
validate_credential(attrs['credential'])
if TargetCredential.objects.filter(
target_port=attrs['target_port'],
name=attrs['name'],
2 changes: 1 addition & 1 deletion rekono/testing/api/test_targets.py
Original file line number Diff line number Diff line change
@@ -197,7 +197,7 @@ def test_create(self) -> None:
def test_invalid_create(self) -> None:
'''Test target vulnerability creation with invalid data.'''
self.api_test(self.client.post, self.endpoint, 400, data=self.used_data) # Target credential already exists
self.used_data['credential'] = 'invalidpassword;reverseshell'
self.used_data['credential'] = ';reverseshell'
self.api_test(self.client.post, self.endpoint, 400, data=self.used_data) # Invalid credential value

def test_delete(self) -> None: