def import_report_xml():
"""
Upload/import Metasploit XML export file
"""
import time
import os
from skaldship.general import check_datadir
msf_settings = msf_get_config(session)
response.title = "%s :: Import Metasploit Pro Report XML" % (settings.title)
filedir = os.path.join(request.folder,'data','scanfiles')
fields = []
alert = False
error = None
# buld the dropdown user list
users = db(db.auth_user).select()
userlist = []
for user in users:
userlist.append( [ user.id, user.username ] )
fields.append(Field('f_filename', 'upload', uploadfolder=filedir, label=T('Metasploit XML File')))
# check to see if we have a Metasploit Pro instance configured and talking
# if so pull a list of the workspaces and present them
try:
from MetasploitAPI import MetasploitAPI, MSFAPIError
msf = MetasploitAPI(host=msf_settings['url'], apikey=msf_settings['key'])
except ImportError, error:
msf = None
def import_report():
"""
Import a MSF Pro XML Report.
TODO: FINISH HIM!
"""
msf_settings = msf_get_config(session)
if msf_settings['workspace'] is None:
redirect(URL('api_settings'))
msf = MetasploitAPI(host=msf_settings['url'], apikey=msf_settings['key'])
if not msf.login():
response.flash = "Error logging into Metasploit, check your settings"
redirect(URL('api_settings'))
form = SQLFORM.factory(
Field('whitelist', 'text', label=T('Whitelist hosts/nets')),
Field('blacklist', 'text', label=T('Blacklist hosts/nets')),
)
if form.accepts(request, sesssion):
# build the configuration hash
rpt_data = {}
rpt_data['DS_REPORT_TYPE'] = 'XML'
rpt_data['DS_WHITELIST_HOSTS'] = form.vars.whitelist
rpt_data['DS_BLACKLIST_HOSTS'] = form.vars.blacklist
rpt_data['Workdspace'] = msf_settings['workspace']
# send the report request and get the task id
rpt_taskid = msf.pro_start_report(rpt_data)
def list_lootfiles():
"""
Lists local loot files for import processing into Kvasir. This does not
use the Metasploit API and depends upon a directory being local to the
web2py server instance. The API is used to check if pro is installed
and sets the loot_dir to Linux or Windows path
"""
import os
import re
response.title = "%s :: Metasploit Loots" % (settings.title)
msf_settings = msf_get_config(session)
dbsvcs = db.t_services
# TODO: from skaldship.db import get_services
loot_dir = request.args(0)
if not loot_dir:
try:
from MetasploitAPI import MetasploitAPI, MSFAPIError
msf = MetasploitAPI(host=msf_settings['url'], apikey=msf_settings['key'])
if msf.pro_about():
if platform in ["linux", "linux2"]:
loot_dir = "/opt/metasploit_pro/apps/pro/loot"
else:
loot_dir = "C:\\Metasploit\\apps\\pro\\loot"
except ImportError, error:
pass
def import_xml_scan():
"""
Upload/import Nexpose XML Scan file via scheduler task
"""
from NexposeAPI import NexposeAPI, Sites, Report
from skaldship.general import check_datadir
from skaldship.metasploit import msf_get_config
import time
import os
msf_settings = msf_get_config(session)
try:
# check to see if we have a Metasploit RPC instance configured and talking
from MetasploitAPI import MetasploitAPI
msf_api = MetasploitAPI(host=msf_settings['url'],
apikey=msf_settings['key'])
working_msf_api = msf_api.login()
except:
working_msf_api = False
filedir = os.path.join(request.folder, 'data', 'scanfiles')
response.title = "%s :: Import Nexpose XML Scan Results" % (settings.title)
fields = []
# buld the dropdown user list
users = db(db.auth_user).select()
userlist = []
for user in users:
userlist.append([user.id, user.username])
# check to see if nexpose is configured/active and get site listing
nexpose_config = nexpose_get_config()
nxsitelist = []
if nexpose_config['host'] is not None and nexpose_config[
'user'] is not None:
# see if the host is open/active first
if nexpose_config['host'] is not None:
sites = Sites()
sites.host = nexpose_config['host']
sites.port = nexpose_config['port']
try:
if sites.login(user_id=nexpose_config['user'],
password=nexpose_config['password']):
sites = sites.listings()
nxsitelist.append([0, None])
for k, v in sites.iteritems():
nxsitelist.append([int(k), sites[k]['name']])
except Exception, e:
pass
def import_scan():
"""
Upload and import Nexpose Scan file
"""
msf_settings = msf_get_config(session)
try:
# check to see if we have a Metasploit RPC instance configured and talking
from MetasploitAPI import MetasploitAPI
msf_api = MetasploitAPI(host=msf_settings['url'], apikey=msf_settings['key'])
working_msf_api = msf_api.login()
except:
working_msf_api = False
from skaldship.general import check_datadir
import time
import os
filedir = os.path.join(request.folder, 'data', 'scanfiles')
response.title = "%s :: Import Nessus Scan Results" % (settings.title)
fields = []
# buld the dropdown user list
users = db(db.auth_user).select()
userlist = []
for user in users:
userlist.append([user.id, user.username])
nessus_config = nessus_get_config(session)
# {'ignored_vulnids': [19506, 11219, 34277],
# 'servers': {'server_1': {'password': '******',
# 'url': 'https://localhost:8834/',
# 'user': '******'}}}
nessusreports = [[0, None]]
import NessusAPI
#if auth.user.f_nessus_host is not None:
servers = nessus_config.get('servers', {})
for k, v in servers.iteritems():
try:
# check to see if NessusAPI is working
nessus = NessusAPI.NessusConnection(v.get('user'), v.get('password'), url=v.get('url'))
reports = nessus.list_reports()
for report in reports:
ts = time.ctime(float(report.timestamp))
nessusreports.append(["%s:%s" % (k, report.name), "%s: %s - %s (%s)" % (k, report.readablename, ts, report.status)])
except Exception, e:
logger.error("Error communicating with %s (u:%s/p:%s): %s" % (k, v.get('user'), v.get('password'), str(e)))
# Parse the XML <ReportItem> sections where plugins, ports and output are all in
for rpt_item in host.iterfind('ReportItem'):
(vuln_id, vulndata, extradata) = nessus_vulns.parse(rpt_item)
if not vuln_id:
# no vulnerability id
continue
_plugin_parse(host_id, vuln_id, vulndata, extradata)
else:
(vuln_id, vulndata, extradata) = nessus_vulns.parse(host)
_plugin_parse(host_id, vuln_id, vulndata, extradata)
if msf_settings.get('workspace'):
try:
# check to see if we have a Metasploit RPC instance configured and talking
from MetasploitAPI import MetasploitAPI
msf_api = MetasploitAPI(host=msf_settings.get('url'),
apikey=msf_settings.get('key'))
working_msf_api = msf_api.login()
except Exception, error:
log(" [!] Unable to authenticate to MSF API: %s" % str(error),
logging.ERROR)
working_msf_api = False
try:
scan_data = open(filename, "r+").readlines()
except Exception, error:
log(
" [!] Error loading scan data to send to Metasploit: %s" %
str(error), logging.ERROR)
scan_data = None
if scan_data and working_msf_api:
def process_xml(
filename=None,
addnoports=False,
asset_group=None,
engineer=None,
msf_workspace=False,
ip_ignore_list=None,
ip_include_list=None,
update_hosts=False,
):
# Upload and process Qualys XML Scan file
import os, time, re, HTMLParser
from StringIO import StringIO
from MetasploitAPI import MetasploitAPI
from skaldship.hosts import html_to_markmin, get_host_record, do_host_status
from skaldship.cpe import lookup_cpe
parser = HTMLParser.HTMLParser()
# output regexes
RE_NETBIOS_NAME = re.compile('NetBIOS name: (?P<d>.*),')
RE_NETBIOS_MAC = re.compile(
'NetBIOS MAC: (?P<d>([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2}))')
RE_IPV4 = re.compile('^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$')
if msf_workspace:
msf = MetasploitAPI(host=user_id.f_msf_pro_url,
apikey=user_id.f_msf_pro_key)
if msf.login():
logger.info(" [-] Authenticated to Metasploit PRO")
else:
logger.error(
" [!] Unable to login to Metasploit PRO, check your API key")
msf = None
else:
logger.warn(" [-] No Metasploit workspace provided!")
msf = None
try:
from lxml import etree
except ImportError:
try:
import xml.etree.cElementTree as etree
except ImportError:
try:
import xml.etree.ElementTree as etree
except:
raise Exception("Unable to find valid ElementTree module.")
# build the hosts only/exclude list
ip_exclude = []
if ip_ignore_list:
ip_exclude = ip_ignore_list.split('\r\n')
# TODO: check for ip subnet/range and break it out to individuals
ip_only = []
if ip_include_list:
ip_only = ip_include_list.split('\r\n')
# TODO: check for ip subnet/range and break it out to individuals
print(" [*] Processing Qualys scan file %s" % (filename))
try:
nmap_xml = etree.parse(filename)
except etree.ParseError, e:
print(" [!] Invalid XML file (%s): %s " % (filename, e))
return
rows = db(db.auth_user.username == options.engineer)
if rows.count() != 1:
exit(
"An error was encountered when selecting a user. Please try with a valid user name."
)
msf_settings = msf_get_config(session)
msf_workspaces = [None]
try:
# check to see if we have a Metasploit RPC instance configured and talking
from MetasploitAPI import MetasploitAPI
msf_api = MetasploitAPI(host=msf_settings['url'],
apikey=msf_settings['key'])
working_msf_api = msf_api.login()
except:
working_msf_api = False
if working_msf_api:
for w in msf_api.pro_workspaces().keys():
msf_workspaces.append(w)
try:
msf_workspace = msf_workspaces[int(options.msfidx)]
except IndexError:
exit("An invalid workspace index has been provided. Aborting.")
msf_settings = {
'workspace': msf_workspace,
def import_xml_scan():
"""
Upload/import Nmap XML Scan file via scheduler task
"""
import time
from skaldship.general import check_datadir
from skaldship.metasploit import msf_get_config
msf_settings = msf_get_config(session)
try:
# check to see if we have a Metasploit RPC instance configured and talking
from MetasploitAPI import MetasploitAPI
msf_api = MetasploitAPI(host=msf_settings['url'],
apikey=msf_settings['key'])
working_msf_api = msf_api.login()
except:
working_msf_api = False
filedir = os.path.join(request.folder, 'data', 'scanfiles')
check_datadir(request.folder)
response.title = "%s :: Import Nmap XML Scan Results" % (settings.title)
fields = []
# buld the dropdown user list
users = db(db.auth_user).select()
userlist = []
for user in users:
userlist.append([user.id, user.username])
fields.append(
Field('f_filename',
'upload',
uploadfolder=filedir,
label=T('Nmap XML File')))
fields.append(
Field('f_engineer',
type='integer',
label=T('Engineer'),
default=auth.user.id,
requires=IS_IN_SET(userlist)))
fields.append(
Field('f_asset_group',
type='string',
label=T('Asset Group'),
requires=IS_NOT_EMPTY()))
# If Metasploit available, pull a list of the workspaces and present them
if working_msf_api:
msf_workspaces = []
msf_workspaces.append("None")
for w in msf_api.pro_workspaces().keys():
msf_workspaces.append(w)
fields.append(
Field('f_msf_workspace',
type='string',
label=T('MSF Pro Workspace'),
requires=IS_EMPTY_OR(IS_IN_SET(msf_workspaces, zero=None))))
fields.append(
Field('f_addnoports',
type='boolean',
label=T('Add Hosts w/o Ports'),
default=False))
fields.append(
Field('f_include_list', type='text', label=T('Hosts to Only Include')))
fields.append(
Field('f_ignore_list', type='text', label=T('Hosts to Ignore')))
fields.append(
Field('f_update_hosts',
type='boolean',
label=T('Update Host Information'),
default=False))
fields.append(
Field('f_taskit',
type='boolean',
default=auth.user.f_scheduler_tasks,
label=T('Run in background task')))
form = SQLFORM.factory(*fields, table_name='nmap_xml')
if form.errors:
response.flash = 'Error in form'
elif form.accepts(request.vars, session):
# process a nmap file
filename = form.vars.f_filename
filename = os.path.join(filedir, form.vars.f_filename)
# build the hosts only/exclude list
ip_exclude = []
data = form.vars.get('f_ignore_list')
if data:
ip_exclude = data.split('\r\n')
# TODO: check for ip subnet/range and break it out to individuals
ip_include = []
data = form.vars.get('f_include_list')
if data:
ip_include = data.split('\r\n')
# TODO: check for ip subnet/range and break it out to individuals
if form.vars.f_msf_workspace:
msf_workspace = form.vars.f_msf_workspace
if msf_workspace == "None":
msf_workspace = None
else:
msf_workspace = None
msf_settings = {
'workspace': msf_workspace,
'url': msf_settings['url'],
'key': msf_settings['key']
}
if form.vars.f_taskit:
task = scheduler.queue_task(
scanner_import,
pvars=dict(
scanner='nmap',
filename=filename,
addnoports=form.vars.f_addnoports,
asset_group=form.vars.f_asset_group,
engineer=form.vars.f_engineer,
msf_settings=msf_settings,
ip_ignore_list=ip_exclude,
ip_include_list=ip_include,
update_hosts=form.vars.f_update_hosts,
),
group_name=settings.scheduler_group_name,
sync_output=5,
timeout=settings.scheduler_timeout)
if task.id:
redirect(URL('tasks', 'status', args=task.id))
else:
response.flash = "Error submitting job: %s" % (task.errors)
else:
from skaldship.nmap import process_xml
print("Starting Nmap XML Import")
process_xml(
filename=filename,
addnoports=form.vars.f_addnoports,
asset_group=form.vars.f_asset_group,
engineer=form.vars.f_engineer,
msf_settings=msf_settings,
ip_ignore_list=ip_exclude,
ip_include_list=ip_include,
update_hosts=form.vars.f_update_hosts,
)
response.flash = "Nmap XML upload complete"
redirect(URL('default', 'index'))
return dict(form=form)
