Skip to content

Instantly share code, notes, and snippets.

@ilyaglow
Last active April 3, 2017 16:07
Show Gist options
  • Save ilyaglow/b20be35fab7a32c51480f9d96d869ebb to your computer and use it in GitHub Desktop.
Save ilyaglow/b20be35fab7a32c51480f9d96d869ebb to your computer and use it in GitHub Desktop.
#!/usr/bin/env python
import json
import requests
PLANS = """
[{
"name": "basic",
"description": "Run basic tests",
"workflow": [
{
"plugin_name": "minion.plugins.basic.AlivePlugin",
"description": "",
"configuration": {
}
},
{
"plugin_name": "minion.plugins.basic.XFrameOptionsPlugin",
"description": "",
"configuration": {
}
},
{
"plugin_name": "minion.plugins.basic.HSTSPlugin",
"description": "",
"configuration": {
}
},
{
"plugin_name": "minion.plugins.basic.XContentTypeOptionsPlugin",
"description": "",
"configuration": {
}
},
{
"plugin_name": "minion.plugins.basic.XXSSProtectionPlugin",
"description": "",
"configuration": {
}
},
{
"plugin_name": "minion.plugins.basic.ServerDetailsPlugin",
"description": "",
"configuration": {
}
},
{
"plugin_name": "minion.plugins.basic.RobotsPlugin",
"description": "",
"configuration": {
}
},
{
"plugin_name": "minion.plugins.basic.CSPPlugin",
"description": "",
"configuration": {
}
}
]
},
{
"name": "fail",
"description": "Plan that fails",
"workflow": [
{
"plugin_name": "minion.plugins.test.FailingPlugin",
"description": "",
"configuration": {
}
}
]
},
{
"name": "long",
"description": "Plan that runs long",
"workflow": [
{
"plugin_name": "minion.plugins.test.DelayedPlugin",
"description": "",
"configuration": {
"message": "This is run #1"
}
},
{
"plugin_name": "minion.plugins.test.DelayedPlugin",
"description": "",
"configuration": {
"message": "This is run #2"
}
},
{
"plugin_name": "minion.plugins.test.DelayedPlugin",
"description": "",
"configuration": {
"message": "This is run #3"
}
},
{
"plugin_name": "minion.plugins.test.DelayedPlugin",
"description": "",
"configuration": {
"message": "This is run #4"
}
},
{
"plugin_name": "minion.plugins.test.DelayedPlugin",
"description": "",
"configuration": {
"message": "This is run #5"
}
}
]
},
{
"name": "nmap",
"description": "Run an nmap scan",
"workflow": [
{
"plugin_name": "minion.plugins.nmap.NMAPPlugin",
"description": "Run the NMAP scanner.",
"configuration": {
}
}
]
},
{
"name": "scratch",
"description": "Run Garmr and do a full port scan using NMAP.",
"workflow": [
{
"plugin_name": "minion.plugins.garmr.GarmrPlugin",
"description": "",
"configuration": {
}
},
{
"plugin_name": "minion.plugins.nmap.NMAPPlugin",
"description": "Do a full port scan",
"configuration": {
}
}
]
},
{
"name": "skipfish",
"description": "Run Skipfish in a light configuration",
"workflow": [
{
"plugin_name": "minion.plugins.skipfish.SkipfishPlugin",
"description": "",
"configuration": {
}
}
]
},
{
"name": "tickle",
"description": "Run basic tests and do a very basic port scan using NMAP.",
"workflow": [
{
"plugin_name": "minion.plugins.basic.HSTSPlugin",
"description": "",
"configuration": {
}
},
{
"plugin_name": "minion.plugins.basic.XFrameOptionsPlugin",
"description": "",
"configuration": {
}
},
{
"plugin_name": "minion.plugins.nmap.NMAPPlugin",
"description": "Only scan for known ports",
"configuration": {
"ports": "U:53,111,137,T:21-25,139,8080,8443"
}
}
]
},
{
"name": "zap",
"description": "Run the ZAP Spider and Scanner",
"workflow": [
{
"plugin_name": "minion.plugins.zap.ZAPPlugin",
"description": "Run the ZAP Spider and Scanner",
"configuration": {
"scan": true
}
}
]
}]
"""
if __name__ == "__main__":
# Import plans
plans = json.loads(PLANS)
for plan in plans:
resp = requests.post('http://localhost:8383/plans',
headers={'content-type': 'application/json'},
data=json.dumps(plan),
)
email = 'minion@example.com'
# Create groups
groups = {
"security": {
"description": "These applications suffer common vulnerabilities and are used for testing and training purpose.",
"sites": [
"http://zero.webappsecurity.com",
"http://crackme.cenzic.com",
"http://testasp.vulnweb.com",
"http://testaspnet.vulnweb.com",
"http://testfire.net"
],
"plans": ["basic"]
}
}
for group, detail in groups.iteritems():
g = { 'name': group,
'description': detail['description'],
'users': [email]}
resp = requests.post('http://localhost:8383/groups',
headers={'content-type': 'application/json'},
data=json.dumps(g))
# Import sites
for group, detail in groups.iteritems():
for site in detail['sites']:
s = {'url': site,
'plans': detail['plans'],
'groups': [group],
'verification': {'enabled': False, 'value': None}}
resp = requests.post('http://localhost:8383/sites',
headers={'content-type': 'application/json'},
data=json.dumps(s))
@ilyaglow
Copy link
Author

Compatible with my fork of minion-vm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment