Security¶

This section contains source code documentation of Security extension.

security¶

Extension for security testing tools

class hydratk.extensions.security.security.Extension(core_instance=None)¶

Class Extension

_init_extension()¶

Method initializes extension

Parameters:	none –
Returns:	void

_check_dependencies()¶

Method checks dependent modules

Parameters:	none –
Returns:	bool

_uninstall()¶

Method returns additional uninstall data

Parameters:	none –
Returns:	list (files), list (modules)
Return type:	tuple

_register_actions()¶

Method registers actions

Parameters:	none –
Returns:	void

_register_htk_actions()¶

Method registers command hooks

Parameters:	none –
Returns:	void

_register_standalone_actions()¶

Method registers command hooks for standalone mode

Parameters:	none –
Returns:	void

sec_msf()¶

Method handles command sec-msf

Run MSF (MetaSploit Framework) command

Parameters:	none –
Returns:	void

sec_zap()¶

Method handles command sec-zap

Run ZAP (Zed Attack Proxy) command

Parameters:	none –
Returns:	void

bootstrapper¶

Providing custom bootstrapper for security standalone app

hydratk.extensions.security.bootstrapper.run_app()¶

Methods runs security standalone application

Parameters:	none –
Returns:	void

msf¶

MSF (MetaSploit Framework) client

class hydratk.extensions.security.msf.Client(host=None, port=None, user=None, passw=None)¶

Class Client

__init__(host=None, port=None, user=None, passw=None)¶

Class constructor

Called when object is initialized

Parameters:	host (str) – host, override default configuration 127.0.0.1 port (int) – port, override default configuration 55553 user (str) – username, override default configuration msf passw (str) – password, override default configuration msf

path¶: path property getter

host¶: host property getter

port¶: port property getter

user¶: user property getter

passw¶: passw property getter

__weakref__¶: list of weak references to the object (if defined)

token¶: token property getter

start(rpc_path=None)¶

Method starts MSF RPC

Parameters:	rpc_path (str) – path to rpc control script
Returns:	result
Return type:	bool
Raises:	`event` – msf_before_start `event` – msf_after_start

stop()¶

Method stops RPC

Parameters:	none –
Returns:	result
Return type:	bool
Raises:	`event` – msf_before_stop `event` – msf_after_stop

call(method, params=[])¶

Method calls RPC method

Parameters:	method (str) – method title params (list) – method parameters, values or dict
Returns:	bool (result), dict (output)
Return type:	tuple
Raises:	`event` – msf_before_call `event` – msf_after_call

api_help(area=None, method=None)¶

Method provides RPC API help

method != None - help for given method area != None - list of area methods area = None - list of areas

Parameters:	area (str) – RPC area method (str) – RPC method (format area.method)
Returns:	help
Return type:	str

_get_process()¶

Method gets RPC process

Parameters:	none –
Returns:	process
Return type:	obj

zap¶

ZAP (Zed Attack Proxy) client

class hydratk.extensions.security.zap.Client(host=None, port=None)¶

Class Client

__init__(host=None, port=None)¶

Class constructor

Called when object is initialized

Parameters:	host (str) – proxy host, override default configuration 127.0.0.1 port (int) – proxy port, override default configuration 8080

client¶: client property getter

path¶: path property getter

host¶: host property getter

port¶: port property getter

__weakref__¶: list of weak references to the object (if defined)

start(proxy_path=None)¶

Method starts proxy

Parameters:	proxy_path (str) – path to proxy control script
Returns:	result
Return type:	bool
Raises:	`event` – zap_before_start `event` – zap_after_start

stop()¶

Method stops proxy

Parameters:	none –
Returns:	result
Return type:	bool
Raises:	`event` – zap_before_stop `event` – zap_after_stop

spider(url, params=None)¶

Method executes spider

Parameters:	url (str) – URL params (dict) – request parameters
Returns:	bool (result), int (count of urls)
Return type:	tuple
Raises:	`event` – zap_before_spider `event` – zap_after_spider

scan(url, method=None, params=None)¶

Method executes scan

Parameters:	url (str) – URL method (str) – HTTP method, default GET params (dict) – request parameters
Returns:	bool (result), int (count of alerts)
Return type:	tuple
Raises:	`event` – zap_before_scan `event` – zap_after_scan

export(out_type='alert', out_format='json', output=None, url=None)¶

Method executes export

Parameters:	out_type (str) – output type, alert\|msg\|url out_format (str) – output format, html\|json\|md\|xml for alert, har\|json for msg, json for url output (str) – output filename url (str) – URL for filtering
Returns:	bool (result), str (output filename)
Return type:	tuple
Raises:	`event` – zap_before_export `event` – zap_after_export