Skip to content

VulnWhisperer Mock Testing

Quim Montal edited this page Apr 16, 2019 · 2 revisions

Local development

VulnWhisperer now has a test class to intercept and mock API calls from the Nessus, Tenable and Qualys Vuln frameworks. It includes example scan data taken from Nessus, Tenable and Qualys Vuln scans of vulnweb.com.

It adds two cli flags --mock and --mock_dir to enable mocking API endpoints, with all test data currently stored in /test.

The best way to run VulnWhisperer in development by installing it in develop mode

python setup.py develop

The tests require you to have downloaded the test files from VulnWhisperer-test repository, which is mapped as a submodule into the VulnWhisperer repo under test folder. In order to initialize the submodule, you need to run: git submodule init && git submodule update

From your vulnwhisperer repo directory you can just run vuln_whisperer -c configs/test.ini --mock otherwise you can specify a directory with your example data with vuln_whisperer -c configs/test.ini --mock --mock_dir /path_to_vulnwhisperer/test; the configs/test.ini contains paths to /tmp folder.

Two tests are also integrated with Travis CI.

Mock tests with docker compose

This currently requires you build you own local docker image tagged as vulnwhisperer-local. If you wish to use the docker hub version, in docker-compose-test.yml just replace the line
image: vulnwhisperer-local with image: hasecuritysolutions/vulnwhisperer:latest.

To run the mock test suite with docker compose follow these steps:

git clone https://github.com/HASecuritySolutions/VulnWhisperer
cd VulnWhisperer
git submodule init && git submodule update
# Build the vulnwhisperer-local image
docker build -t vulnwhisperer-local .
# Ensure other environments are down
docker-compose -f docker-compose.v6.yml down
docker-compose -f docker-compose-test.yml down
# Run the mock test docker compose
docker-compose -f docker-compose-test.yml up

Scan the log messages for any errors and after a while if you should be able to browse to the VulnWhisperer - Reporting dashboard