Cybersec
/
wapiti
mirror of https://github.com/wapiti-scanner/wapiti.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding Swagger Scanner

This commit is contained in:
Darkiros 2023-10-20 17:09:24 +02:00 committed by devloop
parent 0aa0c76bfc
commit a31bc6978e
11 changed files with 6818 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
Pipfile Normal file
View File

5
pyproject.toml
View File

@ -51,7 +51,8 @@ dependencies = [
"sqlalchemy==2.0.28",
"tld==0.13",
"typing-extensions==4.10.0",
"yaswfp==0.9.3"
"yaswfp==0.9.3",
"prance[osv]>=23.6.21.0"
]
[project.urls]
@ -69,7 +70,7 @@ ssl = [
]
test = [
"humanize==4.9.0",
"pytest==8.0.2",
"pytest==8.0.2",
"pytest-cov==4.1.0",
"pytest-asyncio==0.23.5",
"respx==0.20.2",

32
tests/cli/test_options.py
View File

@ -267,6 +267,38 @@ async def test_use_web_creds(mock_async_try_form_login, _, __):
await wapiti_main()
mock_async_try_form_login.assert_called_once()
# Test swagger option with a valid url
@pytest.mark.asyncio
@mock.patch("wapitiCore.main.wapiti.Wapiti.browse")
async def test_swagger_valid_url(mock_browse):
testargs = [
"wapiti",
"-u", "https://petstore.swagger.io",
"--swagger", "https://petstore.swagger.io/v2/swagger.json",
"-m", ""
]
with mock.patch.object(sys, "argv", testargs):
await wapiti_main()
mock_browse.assert_called_once()
# Test swagger option with an invalid url or when option break
@pytest.mark.asyncio
@mock.patch("wapitiCore.main.wapiti.Wapiti.browse")
async def test_swagger_invalid_url(mock_browse):
testargs = [
"wapiti",
"-u", "http://testphp.vulnweb.com",
"--swagger", "http://testphp.vulnweb.com/swagger.json",
"-m", ""
]
with mock.patch.object(sys, "argv", testargs):
# will raise an exception because the url is not valid
with pytest.raises(SystemExit):
await wapiti_main()
mock_browse.assert_called_once()
@pytest.mark.asyncio
@mock.patch("wapitiCore.main.wapiti.Wapiti.browse")

4054
tests/data/complexe_swagger.json Normal file
View File

File diff suppressed because it is too large Load Diff

391
tests/data/openapi.json Normal file
View File

@ -0,0 +1,391 @@
{
"openapi": "3.0.1",
"info": {
"title": "Fake API OpenAPI 3 Specification",
"description": "Fake Cloud API",
"termsOfService": "https://fake.openapi.fr/fake_Open_API_Cloud.pdf",
"contact": {
"name": "Fake contact",
"url": "https://fake.openapi.fr/",
"email": "fake@openapi.fr"
},
"version": "1.23.456.x"
},
"servers": [
{
"url": "https://fake.openapi.fr/"
}
],
"paths": {
"/v1/Alarms/{alarmId}": {
"put": {
"tags": [
"Alarms"
],
"operationId": "Alarms_Update",
"parameters": [
{
"name": "alarmId",
"in": "path",
"required": true,
"schema": {
"type": "integer",
"format": "int32"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AlarmPutModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/AlarmPutModel"
}
},
"application/*+json": {
"schema": {
"$ref": "#/components/schemas/AlarmPutModel"
}
}
}
},
"responses": {
"200": {
"description": "Success"
}
}
}
},
"/v1/AdministrationSettings/MailAccount": {
"delete": {
"tags": [
"AdministrationSettings"
],
"operationId": "AdministrationSettings_DeleteMailAccount",
"parameters": [
{
"name": "id",
"in": "query",
"schema": {
"type": "integer",
"format": "int32"
}
}
],
"responses": {
"200": {
"description": "Success"
}
}
}
},
"/v1/AdministrationSettings/GroupUsers": {
"get": {
"tags": [
"AdministrationSettings"
],
"operationId": "AdministrationSettings_GetGroupUsers",
"responses": {
"200": {
"description": "Success",
"content": {
"text/plain": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/GroupUser"
}
}
},
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/GroupUser"
}
}
},
"text/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/GroupUser"
}
}
}
}
}
}
},
"put": {
"tags": [
"AdministrationSettings"
],
"operationId": "AdministrationSettings_UpdateGroupUsers",
"requestBody": {
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/GroupUser"
}
}
},
"text/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/GroupUser"
}
}
},
"application/*+json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/GroupUser"
}
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"text/plain": {
"schema": {
"type": "boolean"
}
},
"application/json": {
"schema": {
"type": "boolean"
}
},
"text/json": {
"schema": {
"type": "boolean"
}
}
}
}
}
},
"patch": {
"tags": [
"AdministrationSettings"
],
"operationId": "AdministrationSettings_UpdateGroupUser",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GroupUser"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/GroupUser"
}
},
"application/*+json": {
"schema": {
"$ref": "#/components/schemas/GroupUser"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"text/plain": {
"schema": {
"type": "boolean"
}
},
"application/json": {
"schema": {
"type": "boolean"
}
},
"text/json": {
"schema": {
"type": "boolean"
}
}
}
}
}
},
"post": {
"tags": [
"AdministrationSettings"
],
"operationId": "AdministrationSettings_AddNewUser",
"parameters": [
{
"name": "userId",
"in": "query",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"text/plain": {
"schema": {
"type": "boolean"
}
},
"application/json": {
"schema": {
"type": "boolean"
}
},
"text/json": {
"schema": {
"type": "boolean"
}
}
}
}
}
}
}
},
"components": {
"schemas": {
"AlarmPutModel": {
"required": [
"alarmState"
],
"type": "object",
"properties": {
"alarmState": {
"minLength": 1,
"type": "string"
},
"confirmingUserName": {
"type": "string",
"nullable": true
},
"confirmingDateTime": {
"type": "string",
"format": "date-time",
"nullable": true
},
"confirmingNote": {
"type": "string",
"nullable": true
}
},
"additionalProperties": false
},
"FtpMailAccounts": {
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "Reference id to the FtpAccount-Row-Id rsp. the MailAccount-Row-Id",
"format": "int32",
"nullable": true
},
"isAccountMailNotFtp": {
"type": "boolean",
"description": "Either it is a FTP account or a Mail account. FTP account is very much preferred.\r\nFalse: FTP / True: Mail / Default: False"
},
"ftpAccountHostName": {
"type": "string",
"description": "The account's host name",
"nullable": true
},
"ftpAccountUserName": {
"type": "string",
"description": "The account's user name",
"nullable": true
},
"ftpAccountPassword": {
"type": "string",
"description": "The account's password. IN PLAIN TEXT. Sorry.",
"nullable": true
},
"ftpAccountRestrictToDevicesCommaSeparated": {
"type": "string",
"description": "List of devices to use. If NULL or \"\" then ALL devices will be used.",
"nullable": true
},
"ftpAccountFolderStructure": {
"type": "string",
"description": "When there is a valid folder name then not the FTP root will be taken but the new folder structure on top of the root.",
"nullable": true
}
},
"additionalProperties": false
},
"GroupUser": {
"type": "object",
"properties": {
"active": {
"type": "boolean",
"description": "Is the user still active are meant to be removed from the group?\r\nTrue: Active, False: Should not see data and is meant to be removed"
},
"userName": {
"type": "string",
"description": "The user's name from AAD B2C",
"nullable": true
},
"emailAddress": {
"type": "string",
"description": "The user's E-Mail address used for authorization.\r\nIt's unclear if this is possible to extract from AAD B2C",
"nullable": true
},
"role": {
"$ref": "#/components/schemas/RoleIdValue"
},
"networksVisibility": {
"type": "object",
"additionalProperties": {
"type": "boolean"
},
"description": "List of networks the user DOES or DOES NOT have access to",
"nullable": true
}
},
"additionalProperties": false
},
"RoleIdValue": {
"enum": [
0,
100,
200,
999
],
"type": "integer",
"format": "int32"
}
},
"securitySchemes": {
"Bearer": {
"type": "apiKey",
"description": "JWT Authorization header using the Bearer scheme. Get the temporary bearer token from https://fake.openapi.fr/user-settings.",
"name": "Authorization",
"in": "header"
}
}
},
"security": [
{
"Bearer": []
}
]
}

1085
tests/data/swagger.json Normal file
View File

File diff suppressed because it is too large Load Diff

718
tests/data/swagger.yaml Normal file
View File

@ -0,0 +1,718 @@
---
swagger: "2.0"
info:
description: "This is a sample server Petstore server. You can find out more about\
\ Swagger at [http://swagger.io](http://swagger.io) or on [irc.freenode.net, #swagger](http://swagger.io/irc/).\
\ For this sample, you can use the api key `special-key` to test the authorization\
\ filters."
version: "1.0.6"
title: "Swagger Petstore"
termsOfService: "http://swagger.io/terms/"
contact:
email: "apiteam@swagger.io"
license:
name: "Apache 2.0"
url: "http://www.apache.org/licenses/LICENSE-2.0.html"
host: "petstore.swagger.io"
basePath: "/v2"
tags:
- name: "pet"
description: "Everything about your Pets"
externalDocs:
description: "Find out more"
url: "http://swagger.io"
- name: "store"
description: "Access to Petstore orders"
- name: "user"
description: "Operations about user"
externalDocs:
description: "Find out more about our store"
url: "http://swagger.io"
schemes:
- "https"
- "http"
paths:
/pet/{petId}/uploadImage:
post:
tags:
- "pet"
summary: "uploads an image"
description: ""
operationId: "uploadFile"
consumes:
- "multipart/form-data"
produces:
- "application/json"
parameters:
- name: "petId"
in: "path"
description: "ID of pet to update"
required: true
type: "integer"
format: "int64"
- name: "additionalMetadata"
in: "formData"
description: "Additional data to pass to server"
required: false
type: "string"
- name: "file"
in: "formData"
description: "file to upload"
required: false
type: "file"
responses:
200:
description: "successful operation"
schema:
$ref: "#/definitions/ApiResponse"
security:
- petstore_auth:
- "write:pets"
- "read:pets"
/pet:
post:
tags:
- "pet"
summary: "Add a new pet to the store"
description: ""
operationId: "addPet"
consumes:
- "application/json"
- "application/xml"
produces:
- "application/json"
- "application/xml"
parameters:
- in: "body"
name: "body"
description: "Pet object that needs to be added to the store"
required: true
schema:
$ref: "#/definitions/Pet"
responses:
405:
description: "Invalid input"
security:
- petstore_auth:
- "write:pets"
- "read:pets"
put:
tags:
- "pet"
summary: "Update an existing pet"
description: ""
operationId: "updatePet"
consumes:
- "application/json"
- "application/xml"
produces:
- "application/json"
- "application/xml"
parameters:
- in: "body"
name: "body"
description: "Pet object that needs to be added to the store"
required: true
schema:
$ref: "#/definitions/Pet"
responses:
400:
description: "Invalid ID supplied"
404:
description: "Pet not found"
405:
description: "Validation exception"
security:
- petstore_auth:
- "write:pets"
- "read:pets"
/pet/findByStatus:
get:
tags:
- "pet"
summary: "Finds Pets by status"
description: "Multiple status values can be provided with comma separated strings"
operationId: "findPetsByStatus"
produces:
- "application/json"
- "application/xml"
parameters:
- name: "status"
in: "query"
description: "Status values that need to be considered for filter"
required: true
type: "array"
items:
type: "string"
enum:
- "available"
- "pending"
- "sold"
default: "available"
collectionFormat: "multi"
responses:
200:
description: "successful operation"
schema:
type: "array"
items:
$ref: "#/definitions/Pet"
400:
description: "Invalid status value"
security:
- petstore_auth:
- "write:pets"
- "read:pets"
/pet/findByTags:
get:
tags:
- "pet"
summary: "Finds Pets by tags"
description: "Multiple tags can be provided with comma separated strings. Use\
\ tag1, tag2, tag3 for testing."
operationId: "findPetsByTags"
produces:
- "application/json"
- "application/xml"
parameters:
- name: "tags"
in: "query"
description: "Tags to filter by"
required: true
type: "array"
items:
type: "string"
collectionFormat: "multi"
responses:
200:
description: "successful operation"
schema:
type: "array"
items:
$ref: "#/definitions/Pet"
400:
description: "Invalid tag value"
security:
- petstore_auth:
- "write:pets"
- "read:pets"
deprecated: true
/pet/{petId}:
get:
tags:
- "pet"
summary: "Find pet by ID"
description: "Returns a single pet"
operationId: "getPetById"
produces:
- "application/json"
- "application/xml"
parameters:
- name: "petId"
in: "path"
description: "ID of pet to return"
required: true
type: "integer"
format: "int64"
responses:
200:
description: "successful operation"
schema:
$ref: "#/definitions/Pet"
400:
description: "Invalid ID supplied"
404:
description: "Pet not found"
security:
- api_key: []
post:
tags:
- "pet"
summary: "Updates a pet in the store with form data"
description: ""
operationId: "updatePetWithForm"
consumes:
- "application/x-www-form-urlencoded"
produces:
- "application/json"
- "application/xml"
parameters:
- name: "petId"
in: "path"
description: "ID of pet that needs to be updated"
required: true
type: "integer"
format: "int64"
- name: "name"
in: "formData"
description: "Updated name of the pet"
required: false
type: "string"
- name: "status"
in: "formData"
description: "Updated status of the pet"
required: false
type: "string"
responses:
405:
description: "Invalid input"
security:
- petstore_auth:
- "write:pets"
- "read:pets"
delete:
tags:
- "pet"
summary: "Deletes a pet"
description: ""
operationId: "deletePet"
produces:
- "application/json"
- "application/xml"
parameters:
- name: "api_key"
in: "header"
required: false
type: "string"
- name: "petId"
in: "path"
description: "Pet id to delete"
required: true
type: "integer"
format: "int64"
responses:
400:
description: "Invalid ID supplied"
404:
description: "Pet not found"
security:
- petstore_auth:
- "write:pets"
- "read:pets"
/store/order:
post:
tags:
- "store"
summary: "Place an order for a pet"
description: ""
operationId: "placeOrder"
consumes:
- "application/json"
produces:
- "application/json"
- "application/xml"
parameters:
- in: "body"
name: "body"
description: "order placed for purchasing the pet"
required: true
schema:
$ref: "#/definitions/Order"
responses:
200:
description: "successful operation"
schema:
$ref: "#/definitions/Order"
400:
description: "Invalid Order"
/store/order/{orderId}:
get:
tags:
- "store"
summary: "Find purchase order by ID"
description: "For valid response try integer IDs with value >= 1 and <= 10.\
\ Other values will generated exceptions"
operationId: "getOrderById"
produces:
- "application/json"
- "application/xml"
parameters:
- name: "orderId"
in: "path"
description: "ID of pet that needs to be fetched"
required: true
type: "integer"
maximum: 10
minimum: 1
format: "int64"
responses:
200:
description: "successful operation"
schema:
$ref: "#/definitions/Order"
400:
description: "Invalid ID supplied"
404:
description: "Order not found"
delete:
tags:
- "store"
summary: "Delete purchase order by ID"
description: "For valid response try integer IDs with positive integer value.\
\ Negative or non-integer values will generate API errors"
operationId: "deleteOrder"
produces:
- "application/json"
- "application/xml"
parameters:
- name: "orderId"
in: "path"
description: "ID of the order that needs to be deleted"
required: true
type: "integer"
minimum: 1
format: "int64"
responses:
400:
description: "Invalid ID supplied"
404:
description: "Order not found"
/store/inventory:
get:
tags:
- "store"
summary: "Returns pet inventories by status"
description: "Returns a map of status codes to quantities"
operationId: "getInventory"
produces:
- "application/json"
parameters: []
responses:
200:
description: "successful operation"
schema:
type: "object"
additionalProperties:
type: "integer"
format: "int32"
security:
- api_key: []
/user/createWithArray:
post:
tags:
- "user"
summary: "Creates list of users with given input array"
description: ""
operationId: "createUsersWithArrayInput"
consumes:
- "application/json"
produces:
- "application/json"
- "application/xml"
parameters:
- in: "body"
name: "body"
description: "List of user object"
required: true
schema:
type: "array"
items:
$ref: "#/definitions/User"
responses:
default:
description: "successful operation"
/user/createWithList:
post:
tags:
- "user"
summary: "Creates list of users with given input array"
description: ""
operationId: "createUsersWithListInput"
consumes:
- "application/json"
produces:
- "application/json"
- "application/xml"
parameters:
- in: "body"
name: "body"
description: "List of user object"
required: true
schema:
type: "array"
items:
$ref: "#/definitions/User"
responses:
default:
description: "successful operation"
/user/{username}:
get:
tags:
- "user"
summary: "Get user by user name"
description: ""
operationId: "getUserByName"
produces:
- "application/json"
- "application/xml"
parameters:
- name: "username"
in: "path"
description: "The name that needs to be fetched. Use user1 for testing. "
required: true
type: "string"
responses:
200:
description: "successful operation"
schema:
$ref: "#/definitions/User"
400:
description: "Invalid username supplied"
404:
description: "User not found"
put:
tags:
- "user"
summary: "Updated user"
description: "This can only be done by the logged in user."
operationId: "updateUser"
consumes:
- "application/json"
produces:
- "application/json"
- "application/xml"
parameters:
- name: "username"
in: "path"
description: "name that need to be updated"
required: true
type: "string"
- in: "body"
name: "body"
description: "Updated user object"
required: true
schema:
$ref: "#/definitions/User"
responses:
400:
description: "Invalid user supplied"
404:
description: "User not found"
delete:
tags:
- "user"
summary: "Delete user"
description: "This can only be done by the logged in user."
operationId: "deleteUser"
produces:
- "application/json"
- "application/xml"
parameters:
- name: "username"
in: "path"
description: "The name that needs to be deleted"
required: true
type: "string"
responses:
400:
description: "Invalid username supplied"
404:
description: "User not found"
/user/login:
get:
tags:
- "user"
summary: "Logs user into the system"
description: ""
operationId: "loginUser"
produces:
- "application/json"
- "application/xml"
parameters:
- name: "username"
in: "query"
description: "The user name for login"
required: true
type: "string"
- name: "password"
in: "query"
description: "The password for login in clear text"
required: true
type: "string"
responses:
200:
description: "successful operation"
headers:
X-Expires-After:
type: "string"
format: "date-time"
description: "date in UTC when token expires"
X-Rate-Limit:
type: "integer"
format: "int32"
description: "calls per hour allowed by the user"
schema:
type: "string"
400:
description: "Invalid username/password supplied"
/user/logout:
get:
tags:
- "user"
summary: "Logs out current logged in user session"
description: ""
operationId: "logoutUser"
produces:
- "application/json"
- "application/xml"
parameters: []
responses:
default:
description: "successful operation"
/user:
post:
tags:
- "user"
summary: "Create user"
description: "This can only be done by the logged in user."
operationId: "createUser"
consumes:
- "application/json"
produces:
- "application/json"
- "application/xml"
parameters:
- in: "body"
name: "body"
description: "Created user object"
required: true
schema:
$ref: "#/definitions/User"
responses:
default:
description: "successful operation"
securityDefinitions:
api_key:
type: "apiKey"
name: "api_key"
in: "header"
petstore_auth:
type: "oauth2"
authorizationUrl: "https://petstore.swagger.io/oauth/authorize"
flow: "implicit"
scopes:
read:pets: "read your pets"
write:pets: "modify pets in your account"
definitions:
ApiResponse:
type: "object"
properties:
code:
type: "integer"
format: "int32"
type:
type: "string"
message:
type: "string"
Category:
type: "object"
properties:
id:
type: "integer"
format: "int64"
name:
type: "string"
xml:
name: "Category"
Pet:
type: "object"
required:
- "name"
- "photoUrls"
properties:
id:
type: "integer"
format: "int64"
category:
$ref: "#/definitions/Category"
name:
type: "string"
example: "doggie"
photoUrls:
type: "array"
xml:
wrapped: true
items:
type: "string"
xml:
name: "photoUrl"
tags:
type: "array"
xml:
wrapped: true
items:
xml:
name: "tag"
$ref: "#/definitions/Tag"
status:
type: "string"
description: "pet status in the store"
enum:
- "available"
- "pending"
- "sold"
xml:
name: "Pet"
Tag:
type: "object"
properties:
id:
type: "integer"
format: "int64"
name:
type: "string"
xml:
name: "Tag"
Order:
type: "object"
properties:
id:
type: "integer"
format: "int64"
petId:
type: "integer"
format: "int64"
quantity:
type: "integer"
format: "int32"
shipDate:
type: "string"
format: "date-time"
status:
type: "string"
description: "Order Status"
enum:
- "placed"
- "approved"
- "delivered"
complete:
type: "boolean"
xml:
name: "Order"
User:
type: "object"
properties:
id:
type: "integer"
format: "int64"
username:
type: "string"
firstName:
type: "string"
lastName:
type: "string"
email:
type: "string"
password:
type: "string"
phone:
type: "string"
userStatus:
type: "integer"
format: "int32"
description: "User Status"
xml:
name: "User"
externalDocs:
description: "Find out more about Swagger"
url: "http://swagger.io"

143
tests/parsers/test_swagger_parser.py Normal file
View File

@ -0,0 +1,143 @@
from wapitiCore.parsers.swagger import Swagger
from wapitiCore.net import Request
def test_swagger_parser_as_url_json():
url = "http://petstore.swagger.io/v2/swagger.json"
page = Swagger(url)
assert{
"https://petstore.swagger.io/v2/pet",
"https://petstore.swagger.io/v2/pet/findByStatus?status=available",
"https://petstore.swagger.io/v2/pet/findByTags?tags=default",
"https://petstore.swagger.io/v2/pet/1337",
"https://petstore.swagger.io/v2/pet/1337/uploadImage",
"https://petstore.swagger.io/v2/store/inventory",
"https://petstore.swagger.io/v2/store/order",
"https://petstore.swagger.io/v2/store/order/1337",
"https://petstore.swagger.io/v2/user",
"https://petstore.swagger.io/v2/user/createWithArray",
"https://petstore.swagger.io/v2/user/createWithList",
"https://petstore.swagger.io/v2/user/logout",
"https://petstore.swagger.io/v2/user/default",
"https://petstore.swagger.io/v2/user/login?username=default&password=default"
} == {x.url for x in page.get_requests()}
def test_swagger_parser_as_url_yaml():
url = "http://petstore.swagger.io/v2/swagger.yaml"
page = Swagger(url)
assert{
"https://petstore.swagger.io/v2/pet",
"https://petstore.swagger.io/v2/pet/findByStatus?status=available",
"https://petstore.swagger.io/v2/pet/findByTags?tags=default",
"https://petstore.swagger.io/v2/pet/1337",
"https://petstore.swagger.io/v2/pet/1337/uploadImage",
"https://petstore.swagger.io/v2/store/inventory",
"https://petstore.swagger.io/v2/store/order",
"https://petstore.swagger.io/v2/store/order/1337",
"https://petstore.swagger.io/v2/user",
"https://petstore.swagger.io/v2/user/createWithArray",
"https://petstore.swagger.io/v2/user/createWithList",
"https://petstore.swagger.io/v2/user/logout",
"https://petstore.swagger.io/v2/user/default",
"https://petstore.swagger.io/v2/user/login?username=default&password=default"
} == {x.url for x in page.get_requests()}
def test_swagger_parser_as_file():
url = "tests/data/swagger.json"
page = Swagger(url)
assert{
"https://petstore.swagger.io/v2/pet",
"https://petstore.swagger.io/v2/pet/findByStatus?status=available",
"https://petstore.swagger.io/v2/pet/findByTags?tags=default",
"https://petstore.swagger.io/v2/pet/1337",
"https://petstore.swagger.io/v2/pet/1337/uploadImage",
"https://petstore.swagger.io/v2/store/inventory",
"https://petstore.swagger.io/v2/store/order",
"https://petstore.swagger.io/v2/store/order/1337",
"https://petstore.swagger.io/v2/user",
"https://petstore.swagger.io/v2/user/createWithArray",
"https://petstore.swagger.io/v2/user/createWithList",
"https://petstore.swagger.io/v2/user/logout",
"https://petstore.swagger.io/v2/user/default",
"https://petstore.swagger.io/v2/user/login?username=default&password=default",
'https://petstore.swagger.io/v2/v1.0/default/flavors&belongsTo=default'
} == {x.url for x in page.get_requests()}
def test_swagger_file_complexe():
url = "tests/data/complexe_swagger.json"
page = Swagger(url)
request_header = Request("https://fakeSwagger.fr/api/v2.0/projects?project_name=default", "HEAD", post_params="", file_params=[])
request_header.set_headers({'X-Request-Id': 'default'})
request_get = Request("https://fakeSwagger.fr/api/v2.0/labels/1337", "GET", post_params="", file_params=[])
request_get.set_headers({'X-Request-Id': 'default'})
params = '{"name": "default", "description": "default", "expires_at": "1337", "access": [{"resource": "default", "action": "default", "effect": "default"}]}'
request_post = Request("https://fakeSwagger.fr/api/v2.0/projects/default/robots", "POST", post_params=params, file_params=[])
request_post.set_headers({'X-Request-Id': 'default'})
request_delete = Request("https://fakeSwagger.fr/api/v2.0/users/1337", "DELETE", post_params="", file_params=[])
request_delete.set_headers({'X-Request-Id': 'default'})
params = '{"id": "1337", "name": "default", "description": "default", "color": "default", "scope": "default", "project_id": "1337", "creation_time": "default", "update_time": "default"}'
request_put = Request("https://fakeSwagger.fr/api/v2.0/labels/1337", "PUT", post_params=params, file_params=[])
request_put.set_headers({'X-Request-Id': 'default'})
params = '{"id": "1337", "vendor_type": "default", "vendor_id": "1337", "status": "default", "status_message": "default", "metrics": {"task_count": "1337", "success_task_count": "1337", "error_task_count": "1337", "pending_task_count": "1337", "running_task_count": "1337", "scheduled_task_count": "1337", "stopped_task_count": "1337"}, "trigger": "default", "extra_attrs": {}, "start_time": "default", "end_time": "default"}'
request_patch = Request("https://fakeSwagger.fr/api/v2.0/projects/default/preheat/policies/default/executions/1337", "PATCH", post_params=params, file_params=[])
request_patch.set_headers({'X-Request-Id': 'default'})
list_request = [request_header, request_get, request_post, request_delete, request_put, request_patch]
requests = page.get_requests()
for item in list_request:
assert item in requests
def test_swagger_file_yaml():
url = "tests/data/swagger.yaml"
page = Swagger(url)
assert{
"https://petstore.swagger.io/v2/pet",
"https://petstore.swagger.io/v2/pet/findByStatus?status=available",
"https://petstore.swagger.io/v2/pet/findByTags?tags=default",
"https://petstore.swagger.io/v2/pet/1337",
"https://petstore.swagger.io/v2/pet/1337/uploadImage",
"https://petstore.swagger.io/v2/store/inventory",
"https://petstore.swagger.io/v2/store/order",
"https://petstore.swagger.io/v2/store/order/1337",
"https://petstore.swagger.io/v2/user",
"https://petstore.swagger.io/v2/user/createWithArray",
"https://petstore.swagger.io/v2/user/createWithList",
"https://petstore.swagger.io/v2/user/logout",
"https://petstore.swagger.io/v2/user/default",
"https://petstore.swagger.io/v2/user/login?username=default&password=default"
} == {x.url for x in page.get_requests()}
def test_openapi_file():
url = "tests/data/openapi.json"
page = Swagger(base_url="https://fake.openapi.fr", swagger_url=url)
request_get = Request("https://fake.openapi.fr/v1/AdministrationSettings/GroupUsers", "GET", post_params="", file_params=[])
request_post = Request("https://fake.openapi.fr/v1/AdministrationSettings/GroupUsers?userId=default", "POST", post_params="", file_params=[])
request_delete = Request("https://fake.openapi.fr/v1/AdministrationSettings/MailAccount?id=1337", "DELETE", post_params="", file_params=[])
request_put = Request("https://fake.openapi.fr/v1/Alarms/1337", "PUT", post_params="", file_params=[])
params = '{"active": "true", "userName": "default", "emailAddress": "default", "role": "1337", "networksVisibility": "true"}'
request_put = Request("https://fake.openapi.fr/v1/AdministrationSettings/GroupUsers", "PUT", post_params=params, file_params=[])
params = '{"active": "true", "userName": "default", "emailAddress": "default", "role": "1337", "networksVisibility": "true"}'
request_patch = Request("https://fake.openapi.fr/v1/AdministrationSettings/GroupUsers", "PATCH", post_params=params, file_params=[])
list_request = [request_get, request_post, request_delete, request_put, request_patch]
requests = page.get_requests()
for item in list_request:
assert item in requests

18
wapitiCore/main/wapiti.py
View File

@ -37,6 +37,7 @@ from wapitiCore.net.classes import HttpCredential, FormCredential, RawCredential
from wapitiCore.net.auth import async_try_form_login, load_form_script, check_http_auth, login_with_raw_data
from wapitiCore.net import Request
from wapitiCore.report import GENERATORS
from wapitiCore.parsers.swagger import Swagger
global_stop_event = asyncio.Event()
@ -180,15 +181,14 @@ async def wapiti_main():
attack_options = {"level": args.level, "timeout": args.timeout,\
"wapp_url": "https://raw.githubusercontent.com/wapiti-scanner/wappalyzer/main/"}
wap.set_attack_options(attack_options)
try:
await wap.update(args.modules)
sys.exit()
except InvalidOptionValue as invalid_option:
logging.error(invalid_option)
raise
except ValueError as e:
logging.error(f"Value error: {e}")
raise
await wap.update(args.modules)
sys.exit()
if args.swagger_uri:
swagger = Swagger(swagger_url=args.swagger_uri, base_url=url)
for request in swagger.get_requests():
wap.add_start_url(request)
try:
for start_url in args.starting_urls:
if start_url.startswith(("http://", "https://")):

7
wapitiCore/parsers/commandline.py
View File

@ -34,6 +34,13 @@ def parse_args():
# required=True
)
parser.add_argument(
"--swagger",
help="Swagger file URI (path or URL) to target API endpoints",
metavar="URI", dest="swagger_uri",
default=None
)
parser.add_argument(
"--data",
help="Urlencoded data to send with the base URL if it is a POST request",

376
wapitiCore/parsers/swagger.py Normal file
View File

@ -0,0 +1,376 @@
import json
import sys
import urllib.parse
from prance import ResolvingParser, ValidationError
from prance.util.url import ResolutionError
from wapitiCore.net import Request
from wapitiCore.main.log import logging
class Swagger():
AUTOFILL_VALUES = {
"file": ("pix.gif", b"GIF89a", "image/gif"),
"integer": "1337",
"number": "13.37",
"string": "default",
"time": "13:37",
"url": "https://wapiti-scanner.github.io/",
"boolean": "true",
"object": {},
}
swagger_dict = None
def __init__(self, swagger_url: str = None, base_url: str = None) -> None:
if swagger_url:
try:
self.swagger_dict = ResolvingParser(swagger_url, backend='openapi-spec-validator',
strict=False, recursion_limit=5).specification
except ValidationError as e:
logging.error("[-] Error: Swagger file is not valid : " + str(e.args[0]) +
". See https://swagger.io/specification/ for more information.")
sys.exit(1)
except AssertionError:
logging.error("[-] Error: File not found")
sys.exit(1)
except ResolutionError:
logging.error("[-] Error: Unable to resolve the swagger file")
sys.exit(1)
else:
logging.error("[-] Error: No URL or file")
sys.exit(1)
self.routes = self._get_routes(self.swagger_dict, swagger_url, base_url)
@staticmethod
def _get_base_url(swagger_dict: dict, url: str) -> str:
try:
parsed_host = urllib.parse.urlparse(url)
if 'schemes' not in swagger_dict:
# get http or https from url
swagger_dict['schemes'] = parsed_host.scheme
if 'host' not in swagger_dict:
if url:
swagger_dict['host'] = parsed_host.hostname
if parsed_host.port:
swagger_dict['host'] += ":" + str(parsed_host.port)
else:
swagger_dict['host'] = ""
elif swagger_dict['host'] == "localhost" and url:
swagger_dict['host'] = parsed_host.hostname
if 'basePath' not in swagger_dict:
swagger_dict['basePath'] = ""
if 'https' in swagger_dict['schemes']:
return 'https://' + swagger_dict['host'] + swagger_dict['basePath']
return 'http://' + swagger_dict['host'] + swagger_dict['basePath']
except ValueError as e:
logging.error("[-] Error: Swagger file is not valid : " + str(e) +
". See https://swagger.io/specification/ for more information.")
sys.exit(1)
@staticmethod
def _check_properties(model_name: dict) -> dict:
if "properties" in model_name:
return model_name['properties']
if "additionalProperties" in model_name:
return model_name['additionalProperties']
return model_name
# Parse object in swagger file.
# Replace all object by their type and all array by their type
# acording to their properties and definitions.
# It will be easier to create request with default value.
def _parse_object(self, model_name):
try:
model = {}
for key in model_name:
if 'type' in model_name[key]:
if 'object' in model_name[key]['type']:
ref = self._check_properties(model_name[key])
model[key] = self._parse_object(ref)
if 'type' in model[key]:
if model[key]['type'] == "array":
model[key] = {"array": model[key]['items']}
else:
model[key] = model[key]['type']
elif 'array' in model_name[key]['type']:
if 'type' in model_name[key]['items']:
model[key] = {"array": model_name[key]['items']['type']}
if 'object' in model_name[key]['items']['type']:
ref = self._check_properties(model_name[key]['items'])
model[key]["array"] = self._parse_object(ref)
else:
model[key] = model_name[key]['type']
else:
model[key] = model_name[key]
return model
except ValueError as e:
logging.error("[-] Error: Swagger file is not valid\n" + str(e) +
"\nSee https://swagger.io/specification/ for more information")
sys.exit(1)
def _check_params(self, params: dict) -> list:
raws = []
for param in params:
raw = {}
if 'in' in param or '/' in param:
if '/' in param:
raw['in'] = "body"
param = params[param]
else:
raw['in'] = param['in']
if raw['in'] == "body" and 'schema' in param:
if 'type' in param['schema']:
if 'object' in param['schema']['type']:
ref = self._check_properties(param['schema'])
model = self._parse_object(ref)
raw['model'] = model
elif 'array' in param['schema']['type']:
if 'object' in param['schema']['items']['type']:
ref = self._check_properties(param['schema']['items'])
model = self._parse_object(ref)
raw['model'] = model
else:
raw['type'] = param['schema']['type']
if 'type' in param:
if param['type'] == "array":
if 'enum' in param['items']:
raw['type'] = {"enum" : param['items']['enum']}
else:
raw['type'] = {"array" : param['items']['type']}
else:
raw['type'] = param['type']
if 'name' in param:
raw['name'] = param['name']
if 'required' in param:
raw['required'] = param['required']
if raw:
raws.append(raw)
return raws
@staticmethod
def is_valid_url(url) -> bool:
try:
result = urllib.parse.urlparse(url)
return all([result.scheme, result.netloc])
except ValueError:
return False
def _get_routes(self, swagger_dict: dict, swagger_url: str, base_url: str) -> dict:
if Swagger.is_valid_url(swagger_url):
url = swagger_url
else:
url = base_url
try:
request = {}
base_path = self._get_base_url(swagger_dict, url)
for path in swagger_dict['paths']:
for method in swagger_dict['paths'][path]:
if method == "parameters":
path = self._parse_parameters(swagger_dict['paths'][path][method], path)
continue
route = method.upper() + " " + base_path + path
params = self._get_parameters(swagger_dict, route, url)
request[route] = []
if params:
request_route = {"method": method.upper(), "route": route.replace(method.upper() + ' ', '')}
request_route['params'] = []
if 'requestBody' in params:
request_route['params'] += self._check_params(params['requestBody']['content'])
request_route['params'] += self._check_params(params)
request[route].append(request_route)
else:
request_route = {"method": method.upper(), "route": route.replace(method.upper() + ' ', '')}
request[route].append(request_route)
return request
except KeyError as e:
logging.error("[-] Error: " + str(e))
sys.exit(1)
def _parse_parameters(self, params: list, route: str) -> str:
for param in params:
if "in" in param:
if param['in'] == "path":
route = route.replace("{" + param['name'] + "}", self.AUTOFILL_VALUES[param['type']])
elif param['in'] == "query":
route += "&" + param['name'] + "=" + self.AUTOFILL_VALUES[param['type']]
return route
def _get_parameters(self, swagger_dict: dict, route: str, url: str) -> list:
try:
base_path = self._get_base_url(swagger_dict, url)
route = route.replace(base_path, '')
method = route.split(' ')[0].lower()
route = route.replace(method.upper() + ' ', '')
for path in swagger_dict['paths']:
if route == path:
if 'parameters' in swagger_dict['paths'][path][method]:
return swagger_dict['paths'][path][method]['parameters']
return swagger_dict['paths'][path][method]
return None
except KeyError as e:
logging.warning("[-] Skipping " + route + " : " + str(e))
return None
# transform dict {array: something} and if something is a dict and contains {array: something} transform it
def _transform_array(self, array: dict) -> list:
if 'array' in array:
if isinstance(array['array'], dict):
array = [self._transform_array(array['array'])]
else:
array = [self.AUTOFILL_VALUES[array['array']]]
else:
for key in array:
if isinstance(array[key], dict):
array[key] = self._transform_array(array[key])
elif 'array' in array[key]:
array[key] = [self.AUTOFILL_VALUES[array[key]['array']]]
else:
array[key] = self.AUTOFILL_VALUES[array[key]]
return array
def _transform_query(self, route: str, param: dict, option: str):
if '?' in self.routes[route][0]['route'] or '?' in option:
option += "&" + param['name'] + "="
else:
option += "?" + param['name'] + "="
if "type" in param:
if 'enum' in param['type']:
option += param['type']['enum'][0]
elif 'array' in param['type']:
option += self.AUTOFILL_VALUES[param['type']['array']]
else:
option += self.AUTOFILL_VALUES[param['type']]
elif "in" in param:
if param['in'] == "query":
if self.swagger_dict['basePath']:
route_parsed = route.split(self.swagger_dict['basePath'])[1]
elif self.swagger_dict['host']:
route_parsed = route.split(self.swagger_dict['host'])[1]
else:
print("todo")
method = route.split(' ')[0].lower()
param = self.swagger_dict['paths'][route_parsed][method]['parameters'][0]['schema']
if 'enum' in param:
option += param['enum'][0]
elif 'array' in param:
option += self.AUTOFILL_VALUES[param['array']]
else:
if 'array' in param['type']:
option += self.AUTOFILL_VALUES[param['items']['type']]
else:
option += self.AUTOFILL_VALUES[param['type']]
return option
def _transform_url(self, param: dict, url: str, route: str) -> str:
name = param['name']
if "{" in url:
if self.swagger_dict['basePath']:
route_parsed = route.split(self.swagger_dict['basePath'])[1]
elif self.swagger_dict['host']:
route_parsed = route.split(self.swagger_dict['host'])[1]
else:
print("todo")
method = route.split(' ')[0].lower()
if not 'type' in param:
param = self.swagger_dict['paths'][route_parsed][method]['parameters'][0]['schema']
return url.replace("{" + name + "}", self.AUTOFILL_VALUES[param['type']])
def _transform_body(self, param: dict) -> str:
json_dict = {}
for key in param['model']:
if 'array' in param['model'][key]:
json_dict[key] = self._transform_array(param['model'][key])
elif isinstance(param['model'][key], dict):
json_dict[key] = self._replace_param(param['model'][key])
else:
json_dict[key] = self.AUTOFILL_VALUES[param['model'][key]]
return json.dumps(json_dict)
def _transform_formData(self, param: dict, files: list) -> str:
data = ""
if 'enum' in param['type']:
data = self._add_data(data, param['name'], param['type']['enum'][0])
elif 'array' in param['type']:
data = self._add_data(data, param['name'], "[" + self.AUTOFILL_VALUES[param['type']['array']] + "]")
else:
if param['type'] == "file":
files.append([param['name'], self.AUTOFILL_VALUES[param['type']]])
else:
data = self._add_data(data, param['name'], self.AUTOFILL_VALUES[param['type']])
return data
# create request with default value from swagger file
def _create_request(self, routes: dict) -> list[Request]:
requests_list = []
for route in routes:
url = routes[route][0]['route']
data = ""
header = {}
option = ""
files = []
if 'params' in routes[route][0]:
for param in routes[route][0]['params']:
if 'in' in param:
if param['in'] == "path":
url = self._transform_url(param, url, route)
elif param['in'] == "query":
option = self._transform_query(route, param, option)
elif param['in'] == "body" and 'model' in param:
data = self._transform_body(param)
elif param['in'] == "formData":
data = self._transform_formData(param, files)
elif param['in'] == "header":
header[param['name']] = self.AUTOFILL_VALUES[param['type']]
request = Request(path=url+option, method=routes[route][0]['method'], post_params=data, file_params=files)
request.set_headers(header)
requests_list.append(request)
return requests_list
@staticmethod
def _add_data(data, name: str, value: str) -> str:
if data != "":
data += "&" + name + "=" + value
else:
data += name + "=" + value
return data
def _replace_param(self, json_dict: dict) -> dict:
if 'array' in json_dict:
if isinstance(json_dict['array'], dict):
json_dict = [self._replace_param(json_dict['array'])]
else:
json_dict = [self.AUTOFILL_VALUES[json_dict['array']]]
else:
for key in json_dict:
if isinstance(json_dict[key], dict):
self._replace_param(json_dict[key])
elif 'array' in json_dict[key]:
json_dict[key] = [self.AUTOFILL_VALUES[json_dict[key]['array']]]
else:
try:
json_dict[key] = self.AUTOFILL_VALUES[json_dict[key]]
except TypeError as e:
logging.warning("[-] Warning: Unexpected type for AUTOFILL_VALUES key," +
" probably due to unsupported format: " + str(e))
return json_dict
def get_requests(self) -> list[Request]:
return self._create_request(self.routes)