metasploit-framework/spec/tools/virustotal_spec.rb

257 lines
6.9 KiB
Ruby
Raw Normal View History

2014-01-08 08:34:43 +00:00
require 'spec_helper'
load Metasploit::Framework.root.join('tools/virustotal.rb').to_path
require 'fastlib'
require 'msfenv'
require 'msf/base'
require 'digest/sha2'
2014-01-12 21:54:56 +00:00
describe VirusTotalUtility do
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
context "Classes" do
2014-01-08 08:34:43 +00:00
let(:api_key) do
'FAKE_API_KEY'
end
let(:filename) do
'MALWARE.EXE'
end
let(:malware_data) do
'DATA'
end
2014-01-12 21:54:56 +00:00
describe VirusTotalUtility::ToolConfig do
2014-01-08 19:22:38 +00:00
context "Class methods" do
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
let(:tool_config) do
2014-01-12 21:54:56 +00:00
VirusTotalUtility::ToolConfig.new
2014-01-08 19:22:38 +00:00
end
context ".Initializer" do
it "should init the config file path as Metasploit's default config path" do
tool_config.instance_variable_get(:@config_file).should eq(Msf::Config.config_file)
end
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
it "should init the group name as 'VirusTotal'" do
tool_config.instance_variable_get(:@group_name).should eq('VirusTotal')
end
end
end
2014-01-08 08:34:43 +00:00
end
2014-01-12 21:54:56 +00:00
describe VirusTotalUtility::VirusTotal do
2014-01-08 19:22:38 +00:00
context "Class methods" do
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
let(:malware_sha256) do
Digest::SHA256.hexdigest(malware_data)
end
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
let(:sample) do
{
'filename' => filename,
'data' => malware_data,
'sha256' => malware_sha256
}
end
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
let(:boundary) do
'THEREAREMANYLIKEITBUTTHISISMYDATA'
end
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
let(:scan_sample_opts) do
opts = {
'boundary' => boundary,
'api_key' => api_key,
'filename' => filename,
'data' => malware_data
}
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
return opts
end
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
let(:retrieve_report_opts) do
opts = {
'uri' => '/vtapi/v2/file/report',
'method' => 'POST',
'vhost' => 'www.virustotal.com',
'vars_post' => {
'apikey' => api_key,
'resource' => malware_sha256
}
}
return opts
end
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
let(:vt) do
file = double(File, read: malware_data)
File.stub(:open).with(filename, 'rb') {|&block| block.yield file}
2014-01-12 21:54:56 +00:00
VirusTotalUtility::VirusTotal.new({'api_key'=>api_key, 'sample'=>filename})
2014-01-08 19:22:38 +00:00
end
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
context ".Initializer" do
it "should have an API key" do
vt.instance_variable_get(:@api_key).should eq(api_key)
end
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
it "should have a checksum for the malware sample" do
vt.instance_variable_get(:@sample_info)['sha256'].should eq(malware_sha256)
end
end
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
context "._load_sample" do
it "should contain sample info including data, filename, and sha256" do
vt.send(:_load_sample, filename).should eq(sample)
end
end
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
context ".scan_sample" do
it "should return with data" do
vt.stub(:_execute_request).and_return('')
vt.scan_sample.should eq('')
end
end
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
context ".retrieve_report" do
it "should return with data" do
vt.stub(:_execute_request).and_return('')
vt.retrieve_report.should eq('')
end
end
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
context "._execute_request" do
it "should return status code 204" do
res = double(Rex::Proto::Http::Response)
res.stub(:code).and_return(204)
vt.stub(:send_request_cgi).with(scan_sample_opts).and_return(res)
expect { vt.send(:_execute_request, scan_sample_opts) }.to raise_error(RuntimeError)
end
it "should return status code 403" do
res = double(Rex::Proto::Http::Response)
res.stub(:code).and_return(403)
vt.stub(:send_request_cgi).with(scan_sample_opts).and_return(res)
expect { vt.send(:_execute_request, scan_sample_opts) }.to raise_error(RuntimeError)
end
end
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
context "._create_upload_data" do
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
let(:form_opts) do
{
'boundary' => boundary,
'api_key' => api_key,
'filename' => filename,
'data' => malware_data
}
end
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
before(:each) do
@upload_data = vt.send(:_create_upload_data, form_opts)
end
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
it "should create form-data with a boundary" do
@upload_data.should match(/#{boundary}/)
end
it "should create form-data with the API key" do
@upload_data.should match(/#{api_key}/)
end
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
it "should create form-data with the malware filename" do
@upload_data.should match(/#{filename}/)
end
it "should create form-data with the malware data" do
@upload_data.should match(/#{malware_data}/)
end
end
2014-01-08 08:34:43 +00:00
end
end
2014-01-12 21:54:56 +00:00
describe VirusTotalUtility::Driver do
2014-01-08 19:22:38 +00:00
# Get stdout:
# http://stackoverflow.com/questions/11349270/test-output-to-command-line-with-rspec
def get_stdout(&block)
out = $stdout
$stdout = fake = StringIO.new
begin
yield
ensure
$stdout = out
end
fake.string
2014-01-08 08:34:43 +00:00
end
2014-01-08 19:22:38 +00:00
before do
$stdin = StringIO.new("Y\n")
end
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
after do
$stdin = STDIN
end
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
let(:driver) do
argv = "-k #{api_key} -f #{filename}".split
options = {
'samples' => filename,
'api_key' => api_key,
'delay' => 60
}
2014-01-08 08:34:43 +00:00
2014-01-12 21:54:56 +00:00
VirusTotalUtility::OptsConsole.stub(:parse).with(anything).and_return(options)
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
tool_config = double("tool_config")
2014-01-12 21:54:56 +00:00
VirusTotalUtility::ToolConfig.stub(:new).and_return(tool_config)
2014-01-08 19:22:38 +00:00
tool_config.stub(:has_privacy_waiver?).and_return(true)
tool_config.stub(:load_api_key).and_return(api_key)
tool_config.stub(:save_privacy_waiver)
tool_config.stub(:save_api_key).with(anything)
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
d = nil
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
out = get_stdout {
2014-01-12 21:54:56 +00:00
d = VirusTotalUtility::Driver.new
2014-01-08 19:22:38 +00:00
}
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
d
end
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
context ".Class methods" do
2014-01-08 08:34:43 +00:00
2014-01-08 19:22:38 +00:00
context ".initialize" do
it "should return a Driver object" do
2014-01-12 21:54:56 +00:00
driver.class.should eq(VirusTotalUtility::Driver)
2014-01-08 19:22:38 +00:00
end
2014-01-08 08:34:43 +00:00
end
2014-01-08 19:22:38 +00:00
context ".ask_privacy" do
it "should have a link of VirusTotal's terms of service" do
tos = 'https://www.virustotal.com/en/about/terms-of-service'
out = get_stdout { driver.ack_privacy }
out.should match(/#{tos}/)
end
2014-01-08 08:34:43 +00:00
end
2014-01-08 19:22:38 +00:00
context ".generate_report" do
it "should show a report" do
res = {
"scans" => {
"Bkav" => { "detected" => false, "version" => "1.3.0.4613", "result" => nil, "update" => "20140107" }
},
"response_code" => 1
2014-01-08 19:22:38 +00:00
}
out = get_stdout { driver.generate_report(res, filename) }
out.should match(/#{res['scans']['Bkav']['version']}/)
end
end
2014-01-08 08:34:43 +00:00
end
end
end
2014-01-08 19:22:38 +00:00
end