Tweak reversescan core test to avoid false negative
This commit is contained in:
parent
0e9f29cc52
commit
78a29e65ea
|
@ -6,7 +6,7 @@ services:
|
|||
environment:
|
||||
PYTHONUNBUFFERED: "1"
|
||||
USE_REVERSE_SCAN: "yes"
|
||||
REVERSE_SCAN_PORTS: "22 80 443 3128 8000 8080"
|
||||
REVERSE_SCAN_PORTS: "80"
|
||||
REVERSE_SCAN_TIMEOUT: "500"
|
||||
extra_hosts:
|
||||
- "www.example.com:192.168.0.2"
|
||||
|
|
|
@ -17,7 +17,7 @@ services:
|
|||
|
||||
# ? REVERSE_SCAN settings
|
||||
USE_REVERSE_SCAN: "yes"
|
||||
REVERSE_SCAN_PORTS: "22 80 443 3128 8000 8080"
|
||||
REVERSE_SCAN_PORTS: "80"
|
||||
REVERSE_SCAN_TIMEOUT: "500"
|
||||
networks:
|
||||
bw-universe:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
from re import search
|
||||
from time import sleep
|
||||
from fastapi import FastAPI
|
||||
from os import getenv
|
||||
|
@ -19,7 +20,7 @@ if getenv("TEST_TYPE", "docker") == "docker":
|
|||
|
||||
try:
|
||||
use_reverse_scan = getenv("USE_REVERSE_SCAN", "yes") == "yes"
|
||||
reverse_scan_ports = getenv("REVERSE_SCAN_PORTS", "22 80 443 3128 8000 8080")
|
||||
reverse_scan_ports = getenv("REVERSE_SCAN_PORTS", "80")
|
||||
|
||||
print(f"ℹ️ Trying to access http://www.example.com ...", flush=True)
|
||||
status_code = get(
|
||||
|
@ -30,7 +31,7 @@ try:
|
|||
|
||||
if status_code == 403:
|
||||
pass
|
||||
elif use_reverse_scan and " 80 " in reverse_scan_ports:
|
||||
elif use_reverse_scan and search(r"\b80\b", reverse_scan_ports):
|
||||
print(
|
||||
"❌ Request didn't return 403, but reverse scan is enabled and port 80 is in the reverse scan ports list, exiting ...",
|
||||
flush=True,
|
||||
|
|
|
@ -27,7 +27,7 @@ if [ "$integration" = "docker" ] ; then
|
|||
else
|
||||
sudo systemctl stop bunkerweb
|
||||
echo "USE_REVERSE_SCAN=yes" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo "REVERSE_SCAN_PORTS=22 80 443 3128 8000 8080" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo "REVERSE_SCAN_PORTS=80" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo "REVERSE_SCAN_TIMEOUT=500" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
sudo touch /var/www/html/index.html
|
||||
export TEST_TYPE="linux"
|
||||
|
@ -40,10 +40,10 @@ cleanup_stack () {
|
|||
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
|
||||
if [ "$integration" == "docker" ] ; then
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "no"@USE_REVERSE_SCAN: "yes"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@REVERSE_SCAN_PORTS: ".*"$@REVERSE_SCAN_PORTS: "22 80 443 3128 8000 8080"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@REVERSE_SCAN_PORTS: ".*"$@REVERSE_SCAN_PORTS: "80"@' {} \;
|
||||
else
|
||||
sudo sed -i 's@USE_REVERSE_SCAN=.*$@USE_REVERSE_SCAN=yes@' /etc/bunkerweb/variables.env
|
||||
sudo sed -i 's@REVERSE_SCAN_PORTS=.*$@REVERSE_SCAN_PORTS=22 80 443 3128 8000 8080@' /etc/bunkerweb/variables.env
|
||||
sudo sed -i 's@REVERSE_SCAN_PORTS=.*$@REVERSE_SCAN_PORTS=80@' /etc/bunkerweb/variables.env
|
||||
unset USE_REVERSE_SCAN
|
||||
unset REVERSE_SCAN_PORTS
|
||||
fi
|
||||
|
@ -79,10 +79,10 @@ do
|
|||
elif [ "$test" = "tweaked_ports" ] ; then
|
||||
echo "🕵️ Running tests while removing the 80 port being scanned ..."
|
||||
if [ "$integration" == "docker" ] ; then
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@REVERSE_SCAN_PORTS: ".*"$@REVERSE_SCAN_PORTS: "22 443 3128 8000 8080"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@REVERSE_SCAN_PORTS: ".*"$@REVERSE_SCAN_PORTS: ""@' {} \;
|
||||
else
|
||||
sudo sed -i 's@REVERSE_SCAN_PORTS=.*$@REVERSE_SCAN_PORTS=22 443 3128 8000 8080@' /etc/bunkerweb/variables.env
|
||||
export REVERSE_SCAN_PORTS="22 443 3128 8000 8080"
|
||||
sudo sed -i 's@REVERSE_SCAN_PORTS=.*$@REVERSE_SCAN_PORTS=@' /etc/bunkerweb/variables.env
|
||||
export REVERSE_SCAN_PORTS=""
|
||||
fi
|
||||
elif [ "$test" = "deactivated" ] ; then
|
||||
echo "🕵️ Running tests without the reverse scan ..."
|
||||
|
|
Loading…
Reference in New Issue