Add spec file

void-in · void-in · commit 8c0d5d66d0f7 · 2015-04-10T15:32:03.000+05:00
diff --git a/lib/metasploit/framework/login_scanner/nessus.rb b/lib/metasploit/framework/login_scanner/nessus.rb
@@ -30,7 +30,7 @@ def check_setup
         #
         # @param username [String] The username to try
         # @param password [String] The password to try
-        # @return [String]
+        # @return [Hash]
         #   * :status [Metasploit::Model::Login::Status]
         #   * :proof [String] the HTTP response body
         def get_login_state(username, password)
diff --git a/spec/lib/metasploit/framework/login_scanner/nessus_spec.rb b/spec/lib/metasploit/framework/login_scanner/nessus_spec.rb
@@ -0,0 +1,114 @@
+require 'spec_helper'
+require 'metasploit/framework/login_scanner/nessus'
+
+describe Metasploit::Framework::LoginScanner::Nessus do
+
+    it_behaves_like 'Metasploit::Framework::LoginScanner::Base',  has_realm_key: true, has_default_realm: false
+    it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
+
+    let(:username) do
+      'username'
+    end
+
+    let(:good_password) do
+      'good_password'
+    end
+
+    let(:bad_password) do
+      'bad_password'
+    end
+
+    let(:successful_auth_response) do
+      Rex::Proto::Http::Response.new(200, 'OK')
+    end
+
+    let(:fail_auth_response) do
+      Rex::Proto::Http::Response.new(401, 'Unauthorized')
+    end
+
+    subject do
+      described_class.new
+    end
+
+    let(:response) do
+      Rex::Proto::Http::Response.new(200, 'OK')
+    end
+
+    before(:each) do
+      allow_any_instance_of(Rex::Proto::Http::Client).to receive(:request_cgi).with(any_args)
+      allow_any_instance_of(Rex::Proto::Http::Client).to receive(:send_recv).with(any_args).and_return(response)
+      allow_any_instance_of(Rex::Proto::Http::Client).to receive(:set_config).with(any_args)
+      allow_any_instance_of(Rex::Proto::Http::Client).to receive(:close)
+      allow_any_instance_of(Rex::Proto::Http::Client).to receive(:connect)
+    end
+
+    describe '#check_setup' do
+      let(:msp_html_response) do
+        res = Rex::Proto::Http::Response.new(200, 'OK')
+        res.body = 'Nessus'
+        res
+      end
+
+      context 'when target is Nessus' do
+        let(:response) { msp_html_response }
+        it 'returns true' do
+          expect(subject.check_setup).to be_truthy
+        end
+      end
+
+      context 'when target is not Nessus' do
+        it 'returns false' do
+          expect(subject.check_setup).to be_falsey
+        end
+      end
+    end
+
+    describe '#get_login_state' do
+      it 'sends a login request to /session' do
+        expect(http_scanner).to receive(:send_request).with(hash_including('uri'=>'/session'))
+      end
+
+      it 'sends a login request containing the username and password' do
+        expect(http_scanner).to receive(:send_request).with(hash_including('data'=>"username=#{username}&password=#{password}"))
+      end
+
+      context 'when the credential is valid' do
+        let(:response) { successful_auth_response }
+        it 'returns a hash indicating a successful login' do
+          successful_status = Metasploit::Model::Login::Status::SUCCESSFUL
+          expect(subject.get_login_state(username, good_password)[:status]).to eq(successful_status)
+        end
+      end
+
+      context 'when the creential is invalid' do
+        let(:response) { fail_auth_response }
+        it 'returns a hash indicating an incorrect cred' do
+          incorrect_status = Metasploit::Model::Login::Status::INCORRECT
+          expect(subject.get_login_state(username, good_password)[:status]).to eq(incorrect_status)
+        end
+      end
+    end
+
+    describe '#attempt_login' do
+      context 'when the credential is valid' do
+        let(:response) { successful_auth_response }
+
+        it 'returns a Result object indicating a successful login' do
+          cred_obj = Metasploit::Framework::Credential.new(public: username, private: good_password)
+          result = subject.attempt_login(cred_obj)
+          expect(result).to be_kind_of(::Metasploit::Framework::LoginScanner::Result)
+          expect(result.status).to eq(Metasploit::Model::Login::Status::SUCCESSFUL)
+        end
+      end
+
+      context 'when the credential is invalid' do
+        let(:response) { fail_auth_response }
+        it 'returns a Result object indicating an incorrect cred' do
+          cred_obj = Metasploit::Framework::Credential.new(public: username, private: bad_password)
+          result = subject.attempt_login(cred_obj)
+          expect(result).to be_kind_of(::Metasploit::Framework::LoginScanner::Result)
+          expect(result.status).to eq(Metasploit::Model::Login::Status::INCORRECT)
+        end
+      end
+    end
+end

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ def check_setup`
`30`	`30`	`#`
`31`	`31`	`# @param username [String] The username to try`
`32`	`32`	`# @param password [String] The password to try`
`33`		`- # @return [String]`
	`33`	`+ # @return [Hash]`
`34`	`34`	`# * :status [Metasploit::Model::Login::Status]`
`35`	`35`	`# * :proof [String] the HTTP response body`
`36`	`36`	`def get_login_state(username, password)`