Skip to content

Instantly share code, notes, and snippets.

Nerdin' out

Charles Neill cneill

Nerdin' out
Block or report user

Report or block cneill

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View glance-log
2016-09-19 19:03:38.916 32495 INFO eventlet.wsgi.server [req-fa70e3a2-91ed-4cd8-a59d-8e0095cbfd31 1fadb086cfd94c1d8ab9d554657054d1 3330be90ba344c34b34afc27de7e7195 - default default] - - [19/Sep/2016 19:03:38] "POST /v2/tasks HTTP/1.1" 201 850 0.181028
2016-09-19 19:03:38.985 32495 INFO glance.domain [-] Task [e4bcbd26-c8d5-4d81-87f0-2f8c64fabd4e] status changing from processing to processing
2016-09-19 19:03:38.987 32495 DEBUG oslo_messaging._drivers.amqpdriver [-] CAST unique_id: caef117456034a4aaa1c30d4043b86f7 NOTIFY exchange 'glance' topic '' _send /usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/
2016-09-19 19:03:39.082 32495 DEBUG glance.async.taskflow_executor [-] Taskflow executor picked up the execution of task ID e4bcbd26-c8d5-4d81-87f0-2f8c64fabd4e of task type import _run /opt/stack/glance/glance/async/
2016-09-19 19:03:39.139 32495 ERROR glance.async.flows.base_import [-] Bad task configuration: Task was not config


  "errors": [ ErrorObjects ],
  "failures": [ FailureObjects ],
  "stats": {
    "severity": {
      "HIGH": 0,
      "MEDIUM": 0,

Requesting with these templates (all non-GET requests to SimpleHTTPServer return 501 status codes):

GET /derp HTTP/1.1
Accept: application/json

View idea.json
"errors": [],
"failures": {
"localhost:9000/test": {
"500_errors": {
"description": "This request returns an error with status code 501, which might indicate some server-side fault that could lead to further vulnerabilities",
"payloads": [
"confidence": "High",
"param": {

Syntribos Checks / Signals

Exception Checks

HTTP Request Failures

  • Inputs: Single requestslib exception object
  • Description: This signal is returned when requests throws an exception on a request
  • Check Location: syntribos.clients.http.checks
View syntribos-cafe-code.txt
doc/source/ = {'cafe': ('', None)}
doc/source/ 'cafe',
doc/source/ 'cafe.engine.http.client',
doc/source/ 'cafe.drivers.unittest.arguments'
syntribos/ cafe.drivers.unittest.arguments
syntribos/ action=cafe.drivers.unittest.arguments.ConfigAction,
syntribos/ help="test config. Looks in the ~/.opencafe/configs directory"
syntribos/clients/http/ Original from OpenCafe (
syntribos/clients/http/ cafe.engine.models.data_interfaces import ConfigSectionInterface
syntribos/ cafe.engine.models.data_interfaces import ConfigSectionInterface
View syntribos-cafe-docs.txt
CONTRIBUTING.rst:10:4. No new code will be accepted if it adds a new dependency on OpenCAFE, or adds
CONTRIBUTING.rst:11: on top of existing CAFE functionality IF it cannot stand on its own without
README.rst:35:CAFE Framework <>`__.
README.rst:83:- Create a directory named .opencafe in the user's home directory, or in the case of a python virtualenv, in the virtualenv root folder.
README.rst:87: $ cafe-config init
README.rst:93: $ cafe-config plugins install http
README.rst:98:Copy the data files from Syntribos data directory to .opencafe/data directory created during "cafe-config init". This directory contains the fuzz string files. Copy the example configuration file to .opencafe/configs directory created during "cafe-config init".
README.rst:102: $ cp syntribos/data/* .opencafe/data/
README.rst:103: $ cp syntribos/examples/configs/keystone.config .opencafe/configs/.
cneill /
Last active May 24, 2016
Description of testing concepts / etc. in Syntribos

Terminology for Syntribos


  • Meaning: A set of checks that is conducted to uncover the presence of a specific type of vulnerability. Tests should be able to specify requests or Request Chains that it knows how to interact with
  • Purpose: Identify vulnerabilities
  • Example: SQL Injection

Test Case

def _logTests(self, tests, bucket, status=None):
"""Log each test by adding to self.all_tests and the right "bucket"
based on the status of the test (e.g. self.aggregated_errors)
:param list tests: test results (e.g. test.failures)
:param dict bucket: place to store the tests (e.g. self.aggregated_errors)
for issue in tests:
url = issue.request.url
method = issue.request.method
View gist:0c260009f5cc06084efa3feb613648c4
16:27:43 weechat whee => msg $channel (∩▂∩)
16:27:43 weechat wheee => msg $channel (ノ^_^)ノ
16:27:43 weechat wheeee => msg $channel ゚・✿ヾ╲(。◕‿◕。)╱✿・゚
16:27:43 weechat wheeeee => msg $channel ᕕ(ᐛ)ᕗ
You can’t perform that action at this time.