-
Notifications
You must be signed in to change notification settings - Fork 269
VulnWhisperer Mock Testing
VulnWhisperer now has a test class to intercept and mock API calls from the Nessus, Tenable and Qualys Vuln frameworks. It includes example scan data taken from Nessus, Tenable and Qualys Vuln scans of vulnweb.com.
It adds two cli flags --mock
and --mock_dir
to enable mocking API endpoints, with all test data currently stored in /test.
The best way to run VulnWhisperer in development by installing it in develop mode
python setup.py develop
The tests require you to have downloaded the test files from VulnWhisperer-test
repository, which is mapped as a submodule into the VulnWhisperer
repo under test
folder. In order to initialize the submodule, you need to run:
git submodule init && git submodule update
From your vulnwhisperer repo directory you can just run vuln_whisperer -c configs/test.ini --mock
otherwise you can specify a directory with your example data with vuln_whisperer -c configs/test.ini --mock --mock_dir /path_to_vulnwhisperer/test
; the configs/test.ini
contains paths to /tmp
folder.
Two tests are also integrated with Travis CI.
This currently requires you build you own local docker image tagged as vulnwhisperer-local
. If you wish to use the docker hub version, in docker-compose-test.yml
just replace the line
image: vulnwhisperer-local
with
image: hasecuritysolutions/vulnwhisperer:latest
.
To run the mock test suite with docker compose follow these steps:
git clone https://github.com/HASecuritySolutions/VulnWhisperer
cd VulnWhisperer
git submodule init && git submodule update
# Build the vulnwhisperer-local image
docker build -t vulnwhisperer-local .
# Ensure other environments are down
docker-compose -f docker-compose.v6.yml down
docker-compose -f docker-compose-test.yml down
# Run the mock test docker compose
docker-compose -f docker-compose-test.yml up
Scan the log messages for any errors and after a while if you should be able to browse to the VulnWhisperer - Reporting dashboard