def test_add_tags(app): tags = ["test", "tag", "three"] test_scope = ScopeItem(target="127.0.0.1/8", blacklist=False) db.session.add(test_scope) ScopeItem.addTags(test_scope, tags) for tag in test_scope.tags: assert test_scope.is_tagged(tag)
def test_get_scope(app): test_scope1 = ScopeItem(target="127.0.0.1/8", blacklist=False) test_scope2 = ScopeItem(target="172.16.0.0/16", blacklist=True) db.session.add(test_scope1) db.session.add(test_scope2) assert len(ScopeItem.getScope()) == 1 assert len(ScopeItem.getBlacklist()) == 1
def scope(): scope = ScopeItem.get_scope() scopeSize = current_app.ScopeManager.get_scope_size() # if it's zero, let's make sure the ScopeManager is up to date if scopeSize == 0: current_app.ScopeManager.update() scopeSize = current_app.ScopeManager.get_scope_size() # if it's zero again that's fine, we just had to check newForm = forms.NewScopeForm() delForm = forms.ScopeDeleteForm() editForm = forms.ScopeToggleForm() importForm = forms.ImportScopeForm() addTagForm = forms.TagScopeForm() addTagForm.tagname.choices = [(row.name, row.name) for row in Tag.query.all()] if newForm.validate_on_submit(): if '/' not in newForm.target.data: newForm.target.data = newForm.target.data + '/32' target = ipaddress.ip_network(newForm.target.data, False) newTarget = ScopeItem(target=target.with_prefixlen, blacklist=False) db.session.add(newTarget) db.session.commit() current_app.ScopeManager.update() flash('%s added!' % newTarget.target, 'success') return redirect(url_for('admin.scope')) return render_template( "admin/scope.html", scope=scope, scopeSize=scopeSize, delForm=delForm, editForm=editForm, newForm=newForm, importForm=importForm, addTagForm=addTagForm)
def blacklist(): scope = ScopeItem.getBlacklist() blacklistSize = current_app.ScopeManager.get_blacklist_size() newForm = forms.NewScopeForm() delForm = forms.ScopeDeleteForm() editForm = forms.ScopeToggleForm() importForm = forms.ImportBlacklistForm() addTagForm = forms.TagScopeForm() addTagForm.tagname.choices = [(row.name, row.name) for row in Tag.query.all()] if newForm.validate_on_submit(): target = ipaddress.ip_network(newForm.target.data, False) newTarget = ScopeItem(target=target.with_prefixlen, blacklist=True) db.session.add(newTarget) db.session.commit() current_app.ScopeManager.update() flash(f"{newTarget.target} blacklisted!", "success") return redirect(url_for("admin.blacklist")) return render_template( "admin/blacklist.html", scope=scope, blacklistSize=blacklistSize, delForm=delForm, editForm=editForm, newForm=newForm, importForm=importForm, addTagForm=addTagForm, )
def updateScanManager(self): from app.models import ScopeItem self.scanmanager = None try: scanrange = [IPNetwork(n.target) for n in ScopeItem.getScope()] blacklistrange = [IPNetwork(n.target) for n in ScopeItem.getBlacklist()] self.scanmanager = IPScanManager(scanrange, blacklistrange) except Exception as e: log("Scan manager could not be instantiated because there was no scope configured.", printm=True)
def test_export_items_tagged(runner): scope_items = ["10.0.0.0/8,a", "192.168.5.0/28"] blacklist_items = ["192.168.1.0/24,b"] ScopeItem.import_scope_list(scope_items, False) ScopeItem.import_scope_list(blacklist_items, True) result = runner.invoke(export_items) assert result.exit_code == 0 result_dict = json.loads(result.output) assert len(result_dict["scope"]) == 2 assert result_dict["scope"][0]["tags"] == ["a"] assert result_dict["scope"][1]["tags"] == [] assert len(result_dict["blacklist"]) == 1 assert result_dict["blacklist"][0]["blacklist"] is True assert result_dict["blacklist"][0]["tags"] == ["b"]
def test_acceptable_targets(app): scope_items = ["192.168.0.0/16"] blacklist_items = ["192.168.1.0/24", "192.168.2.1/32"] for s in scope_items: item = ScopeItem(target=s, blacklist=False) db.session.add(item) for s in blacklist_items: item = ScopeItem(target=s, blacklist=True) db.session.add(item) current_app.ScopeManager.update() assert current_app.ScopeManager.is_acceptable_target("192.168.0.123") assert current_app.ScopeManager.is_acceptable_target("192.168.2.2") assert not current_app.ScopeManager.is_acceptable_target("192.168.1.234") assert not current_app.ScopeManager.is_acceptable_target("192.168.2.1") assert not current_app.ScopeManager.is_acceptable_target("192.0.2.34") assert not current_app.ScopeManager.is_acceptable_target("example.com")
def test_rescan_lifecycle(app): scope_items = ["192.168.0.0/16"] user = User(email="*****@*****.**") db.session.add(user) for s in scope_items: item = ScopeItem(target=s, blacklist=False) db.session.add(item) current_app.ScopeManager.update() assert current_app.ScopeManager.get_pending_rescans() == [] assert current_app.ScopeManager.get_dispatched_rescans() == [] assert current_app.ScopeManager.get_incomplete_scans() == [] r = RescanTask(target="192.168.123.45", user_id=user.id) db.session.add(r) current_app.ScopeManager.update_pending_rescans() assert len(current_app.ScopeManager.get_pending_rescans()) == 1 assert len(current_app.ScopeManager.get_incomplete_scans()) == 1 r.dispatchTask() db.session.add(r) current_app.ScopeManager.update_pending_rescans() current_app.ScopeManager.update_dispatched_rescans() assert len(current_app.ScopeManager.get_pending_rescans()) == 0 assert len(current_app.ScopeManager.get_dispatched_rescans()) == 1 assert len(current_app.ScopeManager.get_incomplete_scans()) == 1 r.completeTask("testscanid") db.session.add(r) current_app.ScopeManager.update_pending_rescans() current_app.ScopeManager.update_dispatched_rescans() assert len(current_app.ScopeManager.get_pending_rescans()) == 0 assert len(current_app.ScopeManager.get_dispatched_rescans()) == 0 assert len(current_app.ScopeManager.get_incomplete_scans()) == 0
def importScope(scopetype=''): if scopetype == 'blacklist': importBlacklist = True importForm = forms.ImportBlacklistForm() elif scopetype == 'scope': importBlacklist = False importForm = forms.ImportScopeForm() else: abort(404) if importForm.validate_on_submit(): successImports = [] alreadyExists = [] failedImports = [] newScopeItems = importForm.scope.data.split('\n') for item in newScopeItems: item = item.strip() fail, exist, success = ScopeItem.importScope(item, importBlacklist) failedImports = failedImports + fail alreadyExists = alreadyExists + exist successImports = successImports + success db.session.commit() current_app.ScopeManager.update() if len(successImports) > 0: flash('%s targets added to %s!' % (len(successImports), scopetype), 'success') if len(alreadyExists) > 0: flash('%s targets already existed!' % len(alreadyExists), 'info') if len(failedImports) > 0: flash('%s targets failed to import!' % len(failedImports), 'danger') for item in failedImports: flash('%s' % item, 'danger') else: for field, errors in importForm.errors.items(): for error in errors: flash(error, 'danger') return redirect(url_for('admin.%s' % scopetype))
def export_items(): result = { "timestamp": datetime.utcnow().isoformat(), "scope": [{ "target": item.target, "blacklist": item.blacklist, "tags": item.get_tag_names(), } for item in ScopeItem.getScope()], "blacklist": [{ "target": item.target, "blacklist": item.blacklist, "tags": item.get_tag_names(), } for item in ScopeItem.getBlacklist()], } print(json.dumps(result, indent=2))
def updateScanManager(self): from app.models import ScopeItem self.scanmanager = None try: self.scanmanager = IPScanManager([IPNetwork(n.target) for n in ScopeItem.getScope()], [IPNetwork(n.target) for n in ScopeItem.getBlacklist()]) except Exception as e: print("Scan manager could not be instantiated because there was no scope configured.")
def import_scope(scopetype=""): if scopetype == "blacklist": importBlacklist = True importForm = forms.ImportBlacklistForm() elif scopetype == "scope": importBlacklist = False importForm = forms.ImportScopeForm() else: return abort(404) if importForm.validate_on_submit(): newScopeItems = importForm.scope.data.split("\n") fail, exist, success = ScopeItem.import_scope_list( newScopeItems, importBlacklist ) db.session.commit() current_app.ScopeManager.update() if success: flash(f"{len(success)} targets added to {scopetype}!", "success") if exist: flash(f"{len(exist)} targets already existed!", "info") if fail: flash(f"{len(fail)} targets failed to import!", "danger") for item in fail: flash(f"{item}", "danger") else: for field, errors in importForm.errors.items(): for error in errors: flash(error, "danger") return redirect(url_for(f"admin.{scopetype}"))
def test_scope_update(app): scope_items = ["10.0.0.0/8"] for s in scope_items: item = ScopeItem(target=s, blacklist=False) db.session.add(item) current_app.ScopeManager.update() assert current_app.ScopeManager.get_scope_size() == network_lengths["/8"] assert current_app.ScopeManager.is_acceptable_target("10.1.2.3")
def updateBlacklist(self): from app.models import ScopeItem newBlacklistSize = 0 for item in ScopeItem.getBlacklist(): newItem = ipaddress.ip_network(item.target, False) self.blacklist.append(newItem) newBlacklistSize += newItem.num_addresses self.blacklistSize = newBlacklistSize
def updateScope(self): from app.models import ScopeItem newScopeSize = 0 for item in ScopeItem.getScope(): newItem = ipaddress.ip_network(item.target, False) self.scope.append(newItem) newScopeSize += newItem.num_addresses self.scopeSize = newScopeSize
def test_blacklist_update(app): scope_items = ["10.0.0.0/8"] blacklist_items = ["10.10.10.0/24"] for s in scope_items: item = ScopeItem(target=s, blacklist=False) db.session.add(item) for s in blacklist_items: item = ScopeItem(target=s, blacklist=True) db.session.add(item) current_app.ScopeManager.update() assert current_app.ScopeManager.get_blacklist_size( ) == network_lengths["/24"] assert current_app.ScopeManager.get_scope_size() == network_lengths["/8"] assert (current_app.ScopeManager.get_effective_scope_size() == network_lengths["/8"] - network_lengths["/24"]) assert current_app.ScopeManager.is_acceptable_target("10.10.11.1") assert not current_app.ScopeManager.is_acceptable_target("10.10.10.10")
def get_target_tags(target: str) -> list: overlap = ScopeItem.get_overlapping_ranges(target) tags = [] for scope in overlap: tags.extend(scope.get_tag_names()) return list( set(tags) ) # make it a set for only uniques, then make it a list to serialize to JSON
def import_scope(scope_file: typing.TextIO, blacklist: bool): if not scope_file: return {"failed": 0, "existed": 0, "successful": 0} addresses = scope_file.readlines() fail, exist, success = ScopeItem.import_scope_list(addresses, blacklist) db.session.commit() return {"failed": fail, "existed": exist, "successful": success}
def update_blacklist(self): from app.models import ScopeItem self.blacklist = [ IPNetwork(item.target, False) for item in ScopeItem.getBlacklist() ] self.blacklist_set = IPSet(self.blacklist) self.blacklistSize = self.blacklist_set.size
def update_scope(self): from app.models import ScopeItem self.scope = [ IPNetwork(item.target, False) for item in ScopeItem.getScope() ] self.scope_set = IPSet(self.scope) self.scopeSize = self.scope_set.size
def blacklist(): scope = ScopeItem.getBlacklist() blacklistSize = current_app.ScopeManager.getBlacklistSize() newForm = NewScopeForm() delForm = ScopeDeleteForm() editForm = ScopeToggleForm() importForm = ImportBlacklistForm() if newForm.validate_on_submit(): if '/' not in newForm.target.data: newForm.target.data = newForm.target.data + '/32' target = ipaddress.ip_network(newForm.target.data, False) newTarget = ScopeItem(target=target.with_prefixlen, blacklist=True) db.session.add(newTarget) db.session.commit() current_app.ScopeManager.updateBlacklist() flash('%s blacklisted!' % newTarget.target, 'success') return redirect(url_for('admin.blacklist')) return render_template("admin/blacklist.html", scope=scope, blacklistSize=blacklistSize, delForm=delForm, editForm=editForm, newForm=newForm, importForm=importForm)
def test_import_items_no_flags(runner): with runner.isolated_filesystem(): scope_file = mock_scope_file() result = runner.invoke(import_items, [scope_file]) assert result.exit_code == 0 imported_scope = [item.target for item in ScopeItem.getScope()] assert DEFAULT_SCOPE_ITEMS == imported_scope result_dict = json.loads(result.output) assert len(result_dict["scope"]) == len(DEFAULT_SCOPE_ITEMS)
def test_import_items_blacklist_flag(runner): with runner.isolated_filesystem(): scope_file = mock_scope_file() result = runner.invoke(import_items, ["--blacklist", scope_file]) assert result.exit_code == 0 imported_blacklist = [item.target for item in ScopeItem.getBlacklist()] assert DEFAULT_SCOPE_ITEMS == imported_blacklist result_dict = json.loads(result.output) assert len(result_dict["blacklist"]) == len(DEFAULT_SCOPE_ITEMS)
def test_import_scope(app): fails, exists, succeeds = ScopeItem.import_scope_list( scopefile.split(), False) assert len(fails) == 1 assert len(exists) == 1 assert len(succeeds) == 4 item = ScopeItem.query.filter_by(target="127.0.0.1/32").first() tags = [t.name for t in item.tags] assert len(tags) == 3 assert "one" in tags assert "four" not in tags
def update_scan_manager(self): from app.models import ScopeItem self.scanmanager = None try: scanrange = [IPNetwork(n.target) for n in ScopeItem.getScope()] blacklistrange = [ IPNetwork(n.target) for n in ScopeItem.getBlacklist() ] self.scanmanager = IPScanManager( scanrange, blacklistrange, current_app.config["CONSISTENT_SCAN_CYCLE"]) except Exception as e: if self.scanmanager is None or self.scanmanager.get_total() == 0: log( "Scan manager could not be instantiated because there was no scope configured.", printm=True, ) else: raise e
def test_import_scope(app): result = ScopeItem.import_scope_list(scopefile.split(), False) assert len(result["fail"]) == 1 assert result["exist"] == 1 assert result["success"] == 5 item = ScopeItem.query.filter_by(target="127.0.0.1/32").first() tags = [t.name for t in item.tags] assert len(tags) == 3 assert "one" in tags assert "four" not in tags item = ScopeItem.query.filter_by(target="10.12.13.14/32").first() assert len(item.tags) == 0
def scope(): scope = ScopeItem.getScope() scopeSize = current_app.ScopeManager.getScopeSize() if scopeSize == 0: # if it's zero, let's update the app's scopemanager current_app.ScopeManager.update() scopeSize = current_app.ScopeManager.getScopeSize() # if it's zero again that's fine, we just had to check newForm = NewScopeForm() delForm = ScopeDeleteForm() editForm = ScopeToggleForm() importForm = ImportScopeForm() if newForm.validate_on_submit(): if '/' not in newForm.target.data: newForm.target.data = newForm.target.data + '/32' target = ipaddress.ip_network(newForm.target.data, False) newTarget = ScopeItem(target=target.with_prefixlen, blacklist=False) db.session.add(newTarget) db.session.commit() current_app.ScopeManager.updateScope() flash('%s added!' % newTarget.target, 'success') return redirect(url_for('admin.scope')) return render_template("admin/scope.html", scope=scope, scopeSize=scopeSize, delForm=delForm, editForm=editForm, newForm=newForm, importForm=importForm)
def update_blacklist(self): from app.models import ScopeItem newBlacklist = [] newBlacklistSet = IPSet() for item in ScopeItem.getBlacklist(): newItem = ipaddress.ip_network(item.target, False) newSetItem = IPNetwork(item.target, False) newBlacklist.append(newItem) newBlacklistSet.add(newSetItem) self.blacklist = newBlacklist self.blacklist_set = newBlacklistSet self.blacklistSize = len(self.blacklist_set)
def update_scope(self): from app.models import ScopeItem newScope = [] newScopeSet = IPSet() for item in ScopeItem.getScope(): newItem = ipaddress.ip_network(item.target, False) newSetItem = IPNetwork(item.target, False) newScope.append(newItem) newScopeSet.add(newSetItem) self.scope = newScope self.scope_set = newScopeSet self.scopeSize = len(self.scope_set)
def importScope(scopetype=''): if scopetype == 'blacklist': importBlacklist = True importForm = ImportBlacklistForm() elif scopetype == 'scope': importBlacklist = False importForm = ImportScopeForm() else: abort(404) if importForm.validate_on_submit(): successImport = [] alreadyExists = [] failedImport = [] newScopeItems = importForm.scope.data.split('\n') for item in newScopeItems: item = item.strip() if '/' not in item: item = item + '/32' try: target = ipaddress.ip_network(item, False) except ValueError as e: failedImport.append( item) # this item couldn't be validated as an ip network continue exists = ScopeItem.query.filter_by( target=target.with_prefixlen).first() if exists: alreadyExists.append(target.with_prefixlen ) # this range is already a scope item continue newTarget = ScopeItem(target=target.with_prefixlen, blacklist=importBlacklist) db.session.add(newTarget) successImport.append(newTarget.target) db.session.commit() current_app.ScopeManager.update() if len(successImport) > 0: flash('%s targets added to %s!' % (len(successImport), scopetype), 'success') if len(alreadyExists) > 0: flash('%s targets already existed!' % len(alreadyExists), 'info') if len(failedImport) > 0: flash('%s targets failed to import!' % len(failedImport), 'danger') for item in failedImport: flash('%s' % item, 'danger') return redirect(url_for('admin.%s' % scopetype)) else: for field, errors in importForm.errors.items(): for error in errors: flash(error, 'danger') return redirect(url_for('admin.%s' % scopetype))