def put_response(url):
try:
response = requests.put(url,
verify=False,
timeout=3,
data={'key': 'value'})
except requests.exceptions.SSLError:
slack.send_error_to_channel('Url %s raised SSL Error' % url,
SLACK_NOTIFICATION_CHANNEL)
return None
except requests.exceptions.ConnectionError:
slack.send_error_to_channel('Url %s raised Connection Error' % url,
SLACK_NOTIFICATION_CHANNEL)
return None
except requests.exceptions.ReadTimeout:
slack.send_error_to_channel('Url %s raised Read Timeout' % url,
SLACK_NOTIFICATION_CHANNEL)
return None
except requests.exceptions.TooManyRedirects:
slack.send_error_to_channel('Url %s raised Too Many Redirects' % url,
SLACK_NOTIFICATION_CHANNEL)
return None
except Exception:
error_string = traceback.format_exc()
final_error = 'On {0}, was Found: {1}'.format(url, error_string)
slack.send_error_to_channel(final_error, SLACK_NOTIFICATION_CHANNEL)
return None
return response
def scan_target(scan_info, url_to_scan):
response = get_response(url_to_scan)
if response is None:
return
# Firebases come in the form
# https://*.firebaseio.com
# ---------Way I----------
firebase_HTTPS = re.findall('"https://([^\"/,]+).firebaseio.com"',
response.text)
firebase_HTTPS = filter_invalids(firebase_HTTPS)
firebase_HTTP = re.findall('"http://([^\"/,]+).firebaseio.com"',
response.text)
firebase_HTTP = filter_invalids(firebase_HTTP)
firebase_list = firebase_HTTPS + firebase_HTTP
firebase_list = list(dict.fromkeys(firebase_list))
for i in range(len(firebase_list)):
firebase_list[
i] = 'http://' + firebase_list[i] + '.firebaseio.com/.json'
for firebase in firebase_list:
try:
firebase_response = requests.get(firebase, verify=False, timeout=3)
except Exception:
error_string = traceback.format_exc()
final_error = 'On {0}, was Found: {1}'.format(
url_to_scan, error_string)
slack.send_error_to_channel(final_error,
SLACK_NOTIFICATION_CHANNEL)
continue
if firebase_response.status_code == 200:
add_vulnerability(scan_info, firebase)
def scan_target(scan_info):
scan_name = settings['PROJECT']['NAME']+'-'+uuid.uuid4().hex
#Connect to the nessus
token = perform_login()
# Getting the session token
header['X-Cookie']=token
# Create the scan
json_scan = {
'uuid':nessus_info['SCAN_TEMPLATE'],
'settings':{'launch_now':False,
'enabled':False,
'text_targets':scan_info['nessus_target'],
'policy_id':'170',
'scanner_id':'1',
'folder_id':int(nessus_info['FOLDER_ID']),
'description':'Scan created and launched via orchestrator',
'name':scan_name
}
}
# Creating the scan and getting the id for the launching
r = requests.post(create_url,data=json.dumps(json_scan,separators=(',', ':')),verify=verify,headers=header)
# Getting the scan id for launch the scan
try:
scan_id = str(json.loads(r.text)['scan']['id'])
except KeyError as e:
error_string = traceback.format_exc()
final_error = 'On {0}, was Found: {1}'.format('Nessus scan',error_string)
slack.send_error_to_channel(final_error, SLACK_NOTIFICATION_CHANNEL)
print("Nessus scan error " + str(e))
return
#Launch the scan
launch_url = nessus_info['URL']+'/scans/'+scan_id+'/launch'
r = requests.post(launch_url,verify=verify,headers=header)
#Monitoring the scan until it's finished
scan_status = 'running'
while scan_status == 'running':
time.sleep(180)
resp = requests.get(scan_url+scan_id,verify=verify,headers=header)
json_scan = json.loads(resp.text)
#Credentials expired getting new ones
try:
json_scan['error']
token = perform_login()
# Getting the session token
header['X-Cookie']=token
resp = requests.get(scan_url+scan_id,verify=verify,headers=header)
json_scan = json.loads(resp.text)
except KeyError:
pass
scan_status = json_scan['info']['status']
if json_scan['info']['status'] == 'completed':
add_vulnerability(scan_info, json_scan,header)
else:
print('The scan with id: '+scan_id+' has been paused or stopped go to nessus and checked manually')
def analyze(scan_info, url_to_scan):
target = endpoint + url_to_scan
headers = {'x-api-key': WAPPA_KEY}
try:
response = requests.get(target, headers=headers)
if response.json():
libraries = response.json()[0]['applications']
for lib in libraries:
lib['cves'], lib['last_version'] = get_cves_and_last_version(
lib)
message = fastPrint(libraries)
add_libraries_vulnerability(scan_info, message)
except KeyError:
return
except Exception as e:
error_string = traceback.format_exc()
final_error = 'On {0}, was Found: {1}'.format(url_to_scan,
error_string)
slack.send_error_to_channel(final_error, SLACK_NOTIFICATION_CHANNEL)
print("Libraries scan error " + str(e))
