Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Initial commit

  • Loading branch information...
commit e3c80ac1c9dd5a8a79c9818d829ab03bd9d5b99d 1 parent 26000e5
@AutomatedTester AutomatedTester authored
Showing with 153 additions and 0 deletions.
  1. +4 −0 .gitignore
  2. +1 −0  __init__.py
  3. +103 −0 garmr.py
  4. +45 −0 setup.py
View
4 .gitignore
@@ -0,0 +1,4 @@
+*.swp
+dist/
+*.egg-info/
+*.pyc
View
1  __init__.py
@@ -0,0 +1 @@
+
View
103 garmr.py
@@ -0,0 +1,103 @@
+#!/usr/bin/python
+
+import httplib
+import urllib2
+from optparse import OptionParser
+
+class Reporter(object):
+ pass
+
+
+class Garmr(object):
+
+ def __init__(self, urls):
+ self.urls = urls
+
+ def xframe_checks(self):
+ try:
+ response = urllib2.urlopen(self.urls)
+ response_headers = response.headers.headers
+ headers = self._clean_header(response_headers)
+ print "Checking x-frame-options"
+ try:
+ assert headers["x-frame-options"] == "DENY" or \
+ headers["x-frame-options"] == "SAMEORIGIN", \
+ "x-frame-options were: %s" % headers["x-frame-options"]
+
+ print "x-frame-options were correct"
+ except KeyError:
+ print "x-frame-options were not found in headers"
+ except AssertionError, e:
+ print str(e)
+ finally:
+ print "\n"
+
+ def trace_checks(self):
+ try:
+ print "Checking TRACE is not valid"
+ http_urls = self._clean_url(self.urls)
+ request = httplib.HTTPConnection(http_urls[0])
+ if len(http_urls) > 1:
+ request.request("TRACE", http_urls[1])
+ else:
+ request.request("TRACE", "/")
+
+ request.getresponse()
+ raise Exception("TRACE is a valid HTTP call")
+ except httplib.BadStatusLine, e:
+ print "TRACE is not valid"
+ except Exception, e:
+ print str(e)
+ finally:
+ print "\n"
+
+
+ def redirect_checks(self):
+ response = urllib2.urlopen(self.urls)
+ try:
+ print "Checking for HTTPS"
+ assert "https://" in response.geturl(), "Have not been redirected to HTTPS"
+ print "Redirected to HTTPS version of site"
+ except AssertionError, e:
+ print str(e)
+ finally:
+ print "\n"
+
+
+ def _clean_header(self, response_headers):
+ headers = {}
+ for head in response_headers:
+ lst = head.strip(" \r\n").split(":")
+ headers[lst[0]] = lst[1].strip()
+ return headers
+
+ def _clean_url(self, urls):
+ import re
+ mtch = re.search("https?://([^/]*?)(/.*)?", urls)
+ split = []
+ for matches in mtch.groups():
+ split.append(matches)
+ return split
+
+def main():
+ usage = "Usage: %prog [option] arg"
+ parser = OptionParser(usage=usage)
+ parser.add_option("-u", "--url", action="store", type="string",
+ dest="aut", help="Url to be tested")
+ parser.add_option("-f", "--file", action="store", type="string",
+ dest="file_name",
+ help="File name with URLS to test, Currently not available")
+
+ (options, args) = parser.parse_args()
+
+ garmr = Garmr(options.aut)
+ garmr.trace_checks()
+ garmr.xframe_checks()
+ garmr.redirect_checks()
+
+
+if __name__ == "__main__":
+
+
+
+ main()
View
45 setup.py
@@ -0,0 +1,45 @@
+import os
+import sys
+from setuptools import setup, find_packages
+def main():
+ setup(name='Garmr',
+ version='0.1a',
+ description='A tool for testing a web application for basic security holes',
+ author='David Burns',
+ author_email='dburns at mozilladotcom',
+ entry_points= make_entry_points(),
+ url='https://github.com/AutomatedTester/Garmr',
+ classifiers=['Development Status :: 2 - Pre-Alpha',
+ 'Intended Audience :: Developers',
+ 'License :: OSI Approved :: Mozilla Public License 1.1 (MPL 1.1)',
+ 'Operating System :: POSIX',
+ 'Operating System :: Microsoft :: Windows',
+ 'Operating System :: MacOS :: MacOS X',
+ 'Topic :: Software Development :: Testing',
+ 'Topic :: Software Development :: Libraries',
+ 'Programming Language :: Python'],
+ packages=find_packages()
+)
+
+def cmdline_entrypoints(versioninfo, platform, basename):
+ target = 'garmr:main'
+ if platform.startswith('java'):
+ points = {'garmr': target}
+ else:
+ if basename.startswith("pypy"):
+ points = {'garmr-%s' % basename: target}
+ else: # cpython
+ points = {'garmr-%s.%s' % versioninfo[:2] : target,}
+ points['garmr'] = target
+ return points
+
+def make_entry_points():
+ basename = os.path.basename(sys.executable)
+ points = cmdline_entrypoints(sys.version_info, sys.platform, basename)
+ keys = list(points.keys())
+ keys.sort()
+ l = ["%s = %s" % (x, points[x]) for x in keys]
+ return {'console_scripts': l}
+
+if __name__ == '__main__':
+ main()
Please sign in to comment.
Something went wrong with that request. Please try again.