Last active
April 3, 2017 16:07
-
-
Save ilyaglow/b20be35fab7a32c51480f9d96d869ebb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import json | |
import requests | |
PLANS = """ | |
[{ | |
"name": "basic", | |
"description": "Run basic tests", | |
"workflow": [ | |
{ | |
"plugin_name": "minion.plugins.basic.AlivePlugin", | |
"description": "", | |
"configuration": { | |
} | |
}, | |
{ | |
"plugin_name": "minion.plugins.basic.XFrameOptionsPlugin", | |
"description": "", | |
"configuration": { | |
} | |
}, | |
{ | |
"plugin_name": "minion.plugins.basic.HSTSPlugin", | |
"description": "", | |
"configuration": { | |
} | |
}, | |
{ | |
"plugin_name": "minion.plugins.basic.XContentTypeOptionsPlugin", | |
"description": "", | |
"configuration": { | |
} | |
}, | |
{ | |
"plugin_name": "minion.plugins.basic.XXSSProtectionPlugin", | |
"description": "", | |
"configuration": { | |
} | |
}, | |
{ | |
"plugin_name": "minion.plugins.basic.ServerDetailsPlugin", | |
"description": "", | |
"configuration": { | |
} | |
}, | |
{ | |
"plugin_name": "minion.plugins.basic.RobotsPlugin", | |
"description": "", | |
"configuration": { | |
} | |
}, | |
{ | |
"plugin_name": "minion.plugins.basic.CSPPlugin", | |
"description": "", | |
"configuration": { | |
} | |
} | |
] | |
}, | |
{ | |
"name": "fail", | |
"description": "Plan that fails", | |
"workflow": [ | |
{ | |
"plugin_name": "minion.plugins.test.FailingPlugin", | |
"description": "", | |
"configuration": { | |
} | |
} | |
] | |
}, | |
{ | |
"name": "long", | |
"description": "Plan that runs long", | |
"workflow": [ | |
{ | |
"plugin_name": "minion.plugins.test.DelayedPlugin", | |
"description": "", | |
"configuration": { | |
"message": "This is run #1" | |
} | |
}, | |
{ | |
"plugin_name": "minion.plugins.test.DelayedPlugin", | |
"description": "", | |
"configuration": { | |
"message": "This is run #2" | |
} | |
}, | |
{ | |
"plugin_name": "minion.plugins.test.DelayedPlugin", | |
"description": "", | |
"configuration": { | |
"message": "This is run #3" | |
} | |
}, | |
{ | |
"plugin_name": "minion.plugins.test.DelayedPlugin", | |
"description": "", | |
"configuration": { | |
"message": "This is run #4" | |
} | |
}, | |
{ | |
"plugin_name": "minion.plugins.test.DelayedPlugin", | |
"description": "", | |
"configuration": { | |
"message": "This is run #5" | |
} | |
} | |
] | |
}, | |
{ | |
"name": "nmap", | |
"description": "Run an nmap scan", | |
"workflow": [ | |
{ | |
"plugin_name": "minion.plugins.nmap.NMAPPlugin", | |
"description": "Run the NMAP scanner.", | |
"configuration": { | |
} | |
} | |
] | |
}, | |
{ | |
"name": "scratch", | |
"description": "Run Garmr and do a full port scan using NMAP.", | |
"workflow": [ | |
{ | |
"plugin_name": "minion.plugins.garmr.GarmrPlugin", | |
"description": "", | |
"configuration": { | |
} | |
}, | |
{ | |
"plugin_name": "minion.plugins.nmap.NMAPPlugin", | |
"description": "Do a full port scan", | |
"configuration": { | |
} | |
} | |
] | |
}, | |
{ | |
"name": "skipfish", | |
"description": "Run Skipfish in a light configuration", | |
"workflow": [ | |
{ | |
"plugin_name": "minion.plugins.skipfish.SkipfishPlugin", | |
"description": "", | |
"configuration": { | |
} | |
} | |
] | |
}, | |
{ | |
"name": "tickle", | |
"description": "Run basic tests and do a very basic port scan using NMAP.", | |
"workflow": [ | |
{ | |
"plugin_name": "minion.plugins.basic.HSTSPlugin", | |
"description": "", | |
"configuration": { | |
} | |
}, | |
{ | |
"plugin_name": "minion.plugins.basic.XFrameOptionsPlugin", | |
"description": "", | |
"configuration": { | |
} | |
}, | |
{ | |
"plugin_name": "minion.plugins.nmap.NMAPPlugin", | |
"description": "Only scan for known ports", | |
"configuration": { | |
"ports": "U:53,111,137,T:21-25,139,8080,8443" | |
} | |
} | |
] | |
}, | |
{ | |
"name": "zap", | |
"description": "Run the ZAP Spider and Scanner", | |
"workflow": [ | |
{ | |
"plugin_name": "minion.plugins.zap.ZAPPlugin", | |
"description": "Run the ZAP Spider and Scanner", | |
"configuration": { | |
"scan": true | |
} | |
} | |
] | |
}] | |
""" | |
if __name__ == "__main__": | |
# Import plans | |
plans = json.loads(PLANS) | |
for plan in plans: | |
resp = requests.post('http://localhost:8383/plans', | |
headers={'content-type': 'application/json'}, | |
data=json.dumps(plan), | |
) | |
email = 'minion@example.com' | |
# Create groups | |
groups = { | |
"security": { | |
"description": "These applications suffer common vulnerabilities and are used for testing and training purpose.", | |
"sites": [ | |
"http://zero.webappsecurity.com", | |
"http://crackme.cenzic.com", | |
"http://testasp.vulnweb.com", | |
"http://testaspnet.vulnweb.com", | |
"http://testfire.net" | |
], | |
"plans": ["basic"] | |
} | |
} | |
for group, detail in groups.iteritems(): | |
g = { 'name': group, | |
'description': detail['description'], | |
'users': [email]} | |
resp = requests.post('http://localhost:8383/groups', | |
headers={'content-type': 'application/json'}, | |
data=json.dumps(g)) | |
# Import sites | |
for group, detail in groups.iteritems(): | |
for site in detail['sites']: | |
s = {'url': site, | |
'plans': detail['plans'], | |
'groups': [group], | |
'verification': {'enabled': False, 'value': None}} | |
resp = requests.post('http://localhost:8383/sites', | |
headers={'content-type': 'application/json'}, | |
data=json.dumps(s)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Compatible with my fork of minion-vm