-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathexploitTarget.py
111 lines (73 loc) · 2.93 KB
/
exploitTarget.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
from selenium import webdriver
from time import sleep
import csv
from config import CONFIG
from selenium.webdriver.chrome.options import Options
from login import login
import sys, os
import logging
script = os.path.basename(sys.argv[0])
logging.basicConfig(filename='./files/test_logs/%s.log' % script, format='%(asctime)s - %(levelname)s - %(message)s', level=logging.INFO)
logger = logging.getLogger('test')
_chrome_options = Options()
if CONFIG.WEBDRIVER == "Chrome":
_chrome_options = Options()
_chrome_options.add_argument('--start-fullscreen')
driver = webdriver.Chrome(chrome_options=_chrome_options)
elif CONFIG.WEBDRIVER == "Firefox":
driver = webdriver.Firefox()
else:
print('No valid Webdrive was provided. ')
# driver.set_window_size(1440, 1200)
driver.implicitly_wait(CONFIG.waittime)
# sleep(2)
host = CONFIG.HOST
def exploit_create(driver, exploitsname, exploitsource, exploitsdesc):
"""
driver = webdriver
host = string host url i.e. https://te-12257.threatq.com/
exploitsname = string for ttp title
exploitsdesc = string description for ttp. Can be very long and detailed.
"""
success = False
while success is False:
try:
driver.find_element_by_id("primary-nav-create").click()
success = True
except Exception as e:
logger.critical("Button is not there, retry.")
driver.find_element_by_xpath("(//li[@permissions='exploit_target'])").click()
sleep(5)
driver.find_element_by_id("modal_value").clear()
driver.find_element_by_id("modal_value").send_keys(exploitsname)
# change iframe to access description frame.
driver.switch_to.frame(driver.find_elements_by_tag_name('iframe')[0])
if len(exploitsdesc) == 0:
driver.find_element_by_css_selector('body').send_keys(exploitsname)
else:
driver.find_element_by_css_selector('body').send_keys(exploitsdesc)
# return to primary frame.
driver.switch_to.default_content()
# Add source
driver.find_element_by_xpath("//span[@ng-show='!form.swapSourceOption']").click()
sleep(1)
driver.find_element_by_xpath("//sources-form/div/div/input").send_keys(exploitsource)
driver.find_element_by_xpath("//DIV[@class='modal-footer ng-scope']//BUTTON[@type='submit']").click()
sleep(7)
# Run test steps here
login(logger, host, driver, usr=CONFIG.USER[0], pssword=CONFIG.USER[1], SAML=CONFIG.SAML)
logger.info('Start Exploit Target create test.')
sleep(5)
"""
csv file format: value, sources, alias
we will use alias for the desc since there is no aliase field in the create UI.
"""
with open('files/ThreatQ-exploit.csv') as exploitfile:
reader = csv.reader(exploitfile)
exploits = list(reader)
for index in range(1, len(exploits)):
exploit_create(driver, exploits[index][0], exploits[index][1], exploits[index][2])
print (exploits[index])
sleep(1)
logger.info('End Exploit Target create test.')
driver.quit()