This domain is for use in illustrative examples in documents. You may use this + domain in literature without prior coordination or asking for permission.
+ +llsdtVVFlJxhcGGYTo2PMGTRNFVKZxeKTVbhyosM3Sm/5apoY1/yUmN6HVcn+Xt798SPzgXQlZMttsqp1U1iJFmFO2aCGL/v3tmm/fs7itYsoNnJCelWvm9P4ic1nlKTBOpMjT5B5NmriZwTAzZ5ASjCKcmN8Vh=
" + ) + + def check(self, module_test, events): + assert not any(e.type == "FINDING" for e in events), "Found Results without word boundary" + + +class TestExcavateSerializationPositive(TestExcavate): + async def setup_before_prep(self, module_test): + module_test.httpserver.expect_request("/").respond_with_data( + """ +AAEAAAD/////AQAAAAAAAAAMAgAAAFJTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0YDFbW1N5c3RlbS5TdHJpbmddXSwgU3lzdGVtLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49YjAzZjVmN2YxMWQ1MGFlMwEAAAAIQ29tcGFyZXIQSXRlbUNvdW50AQMAAAAJAwAAAAlTeXN0ZW0uU3RyaW5nW10FAAAACQIAAAAJBAAAAAkFAAAACRcAAAAJCgAAAAkLAAAACQwAAAAJDQAAAAkOAAAACQ8AAAAJEAAAAAkRAAAACRIAAAAJEwAAAA==
+rO0ABXQADUhlbGxvLCB3b3JsZCE=
+czoyNDoiSGVsbG8sIHdvcmxkISBNb3JlIHRleHQuIjs=
+YTo0OntpOjA7aToxO2k6MTtzOjE0OiJzZWNvbmQgZWxlbWVudCI7aToyO2k6MztpOjM7czoxODoiTW9yZSB0ZXh0IGluIGFycmF5Ijt9
+TzoxMjoiU2FtcGxlT2JqZWN0IjoyOntzOjg6InByb3BlcnR5IjtzOjEzOiJJbml0aWFsIHZhbHVlIjtzOjE2OiJhZGRpdGlvbmFsU3RyaW5nIjtzOjIxOiJFeHRyYSB0ZXh0IGluIG9iamVjdC4iO30=
+H4sIAAAAAAAA/yu2MjS2UvJIzcnJ11Eozy/KSVFUsgYAZN5upRUAAAA=
+ +""" + ) + + def check(self, module_test, events): + for serialize_type in ["Java", ".NET", "PHP (Array)", "PHP (String)", "PHP (Object)", "Possible Compressed"]: + assert any( + e.type == "FINDING" and serialize_type in e.data["description"] for e in events + ), f"Did not find {serialize_type} Serialized Object" diff --git a/bbot/test/test_step_2/module_tests/test_module_ffuf_shortnames.py b/bbot/test/test_step_2/module_tests/test_module_ffuf_shortnames.py index 3d59653eb1..cbbec11ea6 100644 --- a/bbot/test/test_step_2/module_tests/test_module_ffuf_shortnames.py +++ b/bbot/test/test_step_2/module_tests/test_module_ffuf_shortnames.py @@ -177,9 +177,9 @@ def check(self, module_test, events): basic_detection = False directory_detection = False prefix_detection = False - delimeter_detection = False - directory_delimeter_detection = False - prefix_delimeter_detection = False + delimiter_detection = False + directory_delimiter_detection = False + prefix_delimiter_detection = False short_extensions_detection = False for e in events: @@ -191,18 +191,18 @@ def check(self, module_test, events): if e.data == "http://127.0.0.1:8888/adm_portal.aspx": prefix_detection = True if e.data == "http://127.0.0.1:8888/abcconsole.aspx": - delimeter_detection = True + delimiter_detection = True if e.data == "http://127.0.0.1:8888/abcconsole.aspx": - directory_delimeter_detection = True + directory_delimiter_detection = True if e.data == "http://127.0.0.1:8888/xyzdirectory/": - prefix_delimeter_detection = True + prefix_delimiter_detection = True if e.data == "http://127.0.0.1:8888/short.pl": short_extensions_detection = True assert basic_detection assert directory_detection assert prefix_detection - assert delimeter_detection - assert directory_delimeter_detection - assert prefix_delimeter_detection + assert delimiter_detection + assert directory_delimiter_detection + assert prefix_delimiter_detection assert short_extensions_detection diff --git a/bbot/test/test_step_2/module_tests/test_module_gowitness.py b/bbot/test/test_step_2/module_tests/test_module_gowitness.py index 35e0db799c..09ad6144cd 100644 --- a/bbot/test/test_step_2/module_tests/test_module_gowitness.py +++ b/bbot/test/test_step_2/module_tests/test_module_gowitness.py @@ -3,17 +3,18 @@ class TestGowitness(ModuleTestBase): targets = ["127.0.0.1:8888"] - modules_overrides = ["gowitness", "httpx"] + modules_overrides = ["gowitness", "httpx", "social", "excavate"] import shutil from pathlib import Path home_dir = Path("/tmp/.bbot_gowitness_test") shutil.rmtree(home_dir, ignore_errors=True) - config_overrides = {"force_deps": True, "home": str(home_dir)} + config_overrides = {"force_deps": True, "home": str(home_dir), "scope_report_distance": 2, "omit_event_types": []} async def setup_after_prep(self, module_test): respond_args = { "response_data": """This domain is for use in illustrative examples in documents. You may use this + domain in literature without prior coordination or asking for permission.
+ +