def import_xml_scan():
"""
Upload/import Nmap XML Scan file via scheduler task
"""
import time
from skaldship.general import check_datadir
try:
# check to see if we have a Metasploit RPC instance configured and talking
from MetasploitAPI import MetasploitAPI
msf_api = MetasploitAPI(host=auth.user.f_msf_pro_url, apikey=auth.user.f_msf_pro_key)
working_msf_api = msf_api.login()
except:
working_msf_api = False
filedir = os.path.join(request.folder,'data','scanfiles')
check_datadir(request.folder)
response.title = "%s :: Import Nmap XML Scan Results" % (settings.title)
fields = []
# buld the dropdown user list
users = db(db.auth_user).select()
userlist = []
for user in users:
userlist.append( [ user.id, user.username ] )
fields.append(Field('f_filename', 'upload', uploadfolder=filedir, label=T('Nmap XML File')))
fields.append(Field('f_engineer', type='integer', label=T('Engineer'), default=auth.user.id, requires=IS_IN_SET(userlist)))
fields.append(Field('f_asset_group', type='string', label=T('Asset Group'), requires=IS_NOT_EMPTY()))
# If Metasploit available, pull a list of the workspaces and present them
if working_msf_api:
msf_workspaces = []
msf_workspaces.append( "None" )
for w in msf_api.pro_workspaces().keys():
msf_workspaces.append(w)
fields.append(Field('f_msf_workspace', type='string', label=T('MSF Pro Workspace'), requires=IS_EMPTY_OR(IS_IN_SET(msf_workspaces, zero=None))))
fields.append(Field('f_addnoports', type='boolean', label=T('Add Hosts w/o Ports'), default=False))
fields.append(Field('f_include_list', type='text', label=T('Hosts to Only Include')))
fields.append(Field('f_ignore_list', type='text', label=T('Hosts to Ignore')))
fields.append(Field('f_update_hosts', type='boolean', label=T('Update Host Information'), default=False))
fields.append(Field('f_taskit', type='boolean', default=auth.user.f_scheduler_tasks, label=T('Run in background task')))
form = SQLFORM.factory(*fields, table_name='nmap_xml')
if form.errors:
response.flash = 'Error in form'
elif form.accepts(request.vars, session):
# process a nmap file
filename = form.vars.f_filename
filename = os.path.join(filedir, form.vars.f_filename)
# build the hosts only/exclude list
ip_exclude = []
data = form.vars.get('f_ignore_list')
if data:
ip_exclude = data.split('\r\n')
# TODO: check for ip subnet/range and break it out to individuals
ip_include = []
data = form.vars.get('f_include_list')
if data:
ip_include = data.split('\r\n')
# TODO: check for ip subnet/range and break it out to individuals
if form.vars.f_msf_workspace:
msf_workspace = form.vars.f_msf_workspace
if msf_workspace == "None":
msf_workspace = None
else:
msf_workspace = None
msf_settings = {'workspace': msf_workspace, 'url': auth.user.f_msf_pro_url, 'key': auth.user.f_msf_pro_key}
if form.vars.f_taskit:
task = scheduler.queue_task(
scanner_import,
pvars=dict(
scanner='nmap',
filename=filename,
addnoports=form.vars.f_addnoports,
asset_group=form.vars.f_asset_group,
engineer=form.vars.f_engineer,
msf_settings=msf_settings,
ip_ignore_list=ip_exclude,
ip_include_list=ip_include,
update_hosts=form.vars.f_update_hosts,
),
group_name=settings.scheduler_group_name,
sync_output=5,
timeout=3600 # 1 hour
)
if task.id:
redirect(URL('tasks', 'status', args=task.id))
else:
response.flash = "Error submitting job: %s" % (task.errors)
else:
from skaldship.nmap import process_xml
print("Starting Nmap XML Import")
process_xml(
filename=filename,
addnoports=form.vars.f_addnoports,
asset_group=form.vars.f_asset_group,
engineer=form.vars.f_engineer,
msf_settings=msf_settings,
ip_ignore_list=ip_exclude,
ip_include_list=ip_include,
update_hosts=form.vars.f_update_hosts,
)
response.flash = "Nmap XML upload complete"
redirect(URL('default', 'index'))
return dict(form=form)
exit("An error was encountered when selecting a user. Please try with a valid user name.")
msf_settings = msf_get_config(session)
msf_workspaces = [ None ]
try:
# check to see if we have a Metasploit RPC instance configured and talking
from MetasploitAPI import MetasploitAPI
msf_api = MetasploitAPI(host=msf_settings['url'], apikey=msf_settings['key'])
working_msf_api = msf_api.login()
except:
working_msf_api = False
if working_msf_api:
for w in msf_api.pro_workspaces().keys():
msf_workspaces.append(w)
try:
msf_workspace = msf_workspaces[int(options.msfidx)]
except IndexError:
exit("An invalid workspace index has been provided. Aborting.")
msf_settings = {'workspace': msf_workspace, 'url': msf_settings['url'], 'key': msf_settings['key']}
task_vars = dict(
scanner='nmap',
filename=options.filename,
addnoports=options.noports,
asset_group=options.asset_group,
engineer="%s" % rows.select().first().id,
fields.append(Field('f_filename', 'upload', uploadfolder=filedir, label=T('Nexpose XML File')))
fields.append(Field('f_engineer', type='integer', label=T('Engineer'), default=auth.user.id, requires=IS_IN_SET(userlist)))
fields.append(Field('f_asset_group', type='string', label=T('Asset Group'), requires=IS_NOT_EMPTY()))
# check to see if we have a Metasploit Pro instance configured and talking
# if so pull a list of the workspaces and present them
msf = MetasploitAPI(host=auth.user.f_msf_pro_url, apikey=auth.user.f_msf_pro_key)
try:
res = msf.login()
except:
res = False
if res:
msf_workspaces = []
msf_workspaces.append( "None" )
for w in msf.pro_workspaces().keys():
msf_workspaces.append(w)
fields.append(Field('f_msf_workspace', type='string', label=T('MSF Pro Workspace'), requires=IS_EMPTY_OR(IS_IN_SET(msf_workspaces, zero=None))))
fields.append(Field('f_include_list', type='text', label=T('Hosts to Only Include')))
fields.append(Field('f_ignore_list', type='text', label=T('Hosts to Ignore')))
fields.append(Field('f_update_hosts', type='boolean', label=T('Update Host Information'), default=False))
fields.append(Field('f_taskit', type='boolean', default=auth.user.f_scheduler_tasks, label=T('Run in background task')))
form = SQLFORM.factory(*fields, table_name='nexpose_xml')
# form processing
if form.errors:
response.flash = 'Error in form'
elif form.accepts(request.vars, session):
# process a nexpose file
if not nxsitelist:
msf_settings = msf_get_config(session)
msf_workspaces = [None]
try:
# check to see if we have a Metasploit RPC instance configured and talking
from MetasploitAPI import MetasploitAPI
msf_api = MetasploitAPI(host=msf_settings['url'],
apikey=msf_settings['key'])
working_msf_api = msf_api.login()
except:
working_msf_api = False
if working_msf_api:
for w in msf_api.pro_workspaces().keys():
msf_workspaces.append(w)
try:
msf_workspace = msf_workspaces[int(options.msfidx)]
except IndexError:
exit("An invalid workspace index has been provided. Aborting.")
msf_settings = {
'workspace': msf_workspace,
'url': msf_settings['url'],
'key': msf_settings['key']
}
task_vars = dict(scanner='nmap',
filename=options.filename,
def import_xml_scan():
"""
Upload/import Nmap XML Scan file via scheduler task
"""
import time
from skaldship.general import check_datadir
from skaldship.metasploit import msf_get_config
msf_settings = msf_get_config(session)
try:
# check to see if we have a Metasploit RPC instance configured and talking
from MetasploitAPI import MetasploitAPI
msf_api = MetasploitAPI(host=msf_settings['url'],
apikey=msf_settings['key'])
working_msf_api = msf_api.login()
except:
working_msf_api = False
filedir = os.path.join(request.folder, 'data', 'scanfiles')
check_datadir(request.folder)
response.title = "%s :: Import Nmap XML Scan Results" % (settings.title)
fields = []
# buld the dropdown user list
users = db(db.auth_user).select()
userlist = []
for user in users:
userlist.append([user.id, user.username])
fields.append(
Field('f_filename',
'upload',
uploadfolder=filedir,
label=T('Nmap XML File')))
fields.append(
Field('f_engineer',
type='integer',
label=T('Engineer'),
default=auth.user.id,
requires=IS_IN_SET(userlist)))
fields.append(
Field('f_asset_group',
type='string',
label=T('Asset Group'),
requires=IS_NOT_EMPTY()))
# If Metasploit available, pull a list of the workspaces and present them
if working_msf_api:
msf_workspaces = []
msf_workspaces.append("None")
for w in msf_api.pro_workspaces().keys():
msf_workspaces.append(w)
fields.append(
Field('f_msf_workspace',
type='string',
label=T('MSF Pro Workspace'),
requires=IS_EMPTY_OR(IS_IN_SET(msf_workspaces, zero=None))))
fields.append(
Field('f_addnoports',
type='boolean',
label=T('Add Hosts w/o Ports'),
default=False))
fields.append(
Field('f_include_list', type='text', label=T('Hosts to Only Include')))
fields.append(
Field('f_ignore_list', type='text', label=T('Hosts to Ignore')))
fields.append(
Field('f_update_hosts',
type='boolean',
label=T('Update Host Information'),
default=False))
fields.append(
Field('f_taskit',
type='boolean',
default=auth.user.f_scheduler_tasks,
label=T('Run in background task')))
form = SQLFORM.factory(*fields, table_name='nmap_xml')
if form.errors:
response.flash = 'Error in form'
elif form.accepts(request.vars, session):
# process a nmap file
filename = form.vars.f_filename
filename = os.path.join(filedir, form.vars.f_filename)
# build the hosts only/exclude list
ip_exclude = []
data = form.vars.get('f_ignore_list')
if data:
ip_exclude = data.split('\r\n')
# TODO: check for ip subnet/range and break it out to individuals
ip_include = []
data = form.vars.get('f_include_list')
if data:
ip_include = data.split('\r\n')
# TODO: check for ip subnet/range and break it out to individuals
if form.vars.f_msf_workspace:
msf_workspace = form.vars.f_msf_workspace
if msf_workspace == "None":
msf_workspace = None
else:
msf_workspace = None
msf_settings = {
'workspace': msf_workspace,
'url': msf_settings['url'],
'key': msf_settings['key']
}
if form.vars.f_taskit:
task = scheduler.queue_task(
scanner_import,
pvars=dict(
scanner='nmap',
filename=filename,
addnoports=form.vars.f_addnoports,
asset_group=form.vars.f_asset_group,
engineer=form.vars.f_engineer,
msf_settings=msf_settings,
ip_ignore_list=ip_exclude,
ip_include_list=ip_include,
update_hosts=form.vars.f_update_hosts,
),
group_name=settings.scheduler_group_name,
sync_output=5,
timeout=settings.scheduler_timeout)
if task.id:
redirect(URL('tasks', 'status', args=task.id))
else:
response.flash = "Error submitting job: %s" % (task.errors)
else:
from skaldship.nmap import process_xml
print("Starting Nmap XML Import")
process_xml(
filename=filename,
addnoports=form.vars.f_addnoports,
asset_group=form.vars.f_asset_group,
engineer=form.vars.f_engineer,
msf_settings=msf_settings,
ip_ignore_list=ip_exclude,
ip_include_list=ip_include,
update_hosts=form.vars.f_update_hosts,
)
response.flash = "Nmap XML upload complete"
redirect(URL('default', 'index'))
return dict(form=form)
def api_settings():
"""Settings Metasploit API"""
msf_settings = msf_get_config(session)
response.title = "%s :: Metasploit API Settings" % (settings.title)
try:
from MetasploitAPI import MetasploitAPI, MSFAPIError
except ImportError, error:
return dict(error=str(error), alert=True, form=None)
error=None
alert=False
msf = MetasploitAPI(host=msf_settings['url'], apikey=msf_settings['key'])
try:
workspaces = [w for w in msf.pro_workspaces().keys()]
users = [u for u in msf.pro_users().get('users').keys()]
except MSFAPIError, e:
error = str(e)
alert = True
workspaces = []
users = []
form=SQLFORM.factory(
Field('workspace', 'string', default=msf_settings['workspace'], label=T('Workspace Name'), requires=IS_IN_SET(workspaces)),
Field('workspace_num', 'string', default=msf_settings['ws_num'], label=T('Workspace Number')),
Field('user', 'string', default=msf_settings['user'], label=T('MSF User'), requires=IS_IN_SET(users)),
Field('url', 'string', default=msf_settings['url'], label=T('MSF URL')),
Field('key', 'string', default=msf_settings['key'], label=T('API Key')),
)
# NOTE: workspace_num must be manually entered since there's no way for us
