def openvas_setting(request): """ Calling OpenVAS setting page. :param request: :return: """ print load_settings load_openvas_setting = load_settings.ArcherySettings(api_data) openvas_host = load_openvas_setting.openvas_host() openvas_port = load_openvas_setting.openvas_port() openvas_enabled = load_openvas_setting.openvas_enabled() if openvas_enabled: openvas_enabled = 'True' else: openvas_enabled = 'False' openvas_user = load_openvas_setting.openvas_username() openvas_password = load_openvas_setting.openvas_pass() return render( request, 'setting_form.html', { 'openvas_host': openvas_host, 'openvas_port': openvas_port, 'openvas_enabled': openvas_enabled, 'openvas_user': openvas_user, 'openvas_password': openvas_password })
def scan_launch(self): """ The function trigger the scans. """ settings = load_settings.ArcherySettings() burp_host = settings.burp_host() burp_port = settings.burp_port() print burp_host global vuln_id, burp_status # try: # with open(setting_file, 'r+') as f: # data = json.load(f) # burp_path = data['burp_path'] # burp_port = data['burp_port'] # except Exception as e: # print e print self.project_id print self.scan_url time.sleep(15) host = 'http://' + burp_host + ':' + burp_port bi = burpscanner.BurpApi(host) bi.burp_scope_add(self.scan_url) bi.burp_spider(self.scan_url) time.sleep(15) bi.burp_active_scan(self.scan_url) print "Project_id", self.project_id while (int(burp_status) < 100): scan_status = bi.burp_scan_status() dat_status = scan_status.data for key, item in dat_status.iteritems(): burp_status = item print "Burp Scan Status :", burp_status burp_scan_db.objects.filter(scan_id=self.scan_id).update( scan_status=burp_status) time.sleep(5) burp_status = "100" # if burp_status == '100': # burp_status = "0" # else: # print "Scan Continue..." print "Result Extracting........" time.sleep(10) print "Result Extracted........" scan_result = bi.scan_report(self.scan_url, 'XML') result_xml = scan_result.data xml_data = ET.fromstring(result_xml) do_scan_dat = burp_scans(self.project_id, self.scan_url, self.scan_id) do_scan_dat.burp_scan_data(xml_data)
def get(self, request): load_nv_setting = load_settings.ArcherySettings(api_data, ) nv_enabled = str(load_nv_setting.nv_enabled()) nv_online = str(load_nv_setting.nv_enabled()) nv_version = str(load_nv_setting.nv_enabled()) nv_timing = load_nv_setting.nv_timing() return render( request, "networkscanners/nv_settings.html", { "nv_enabled": nv_enabled, "nv_online": nv_online, "nv_version": nv_version, "nv_timing": nv_timing, }, )
def nv_setting(request): """ Calling NMAP Vulners setting page. :param request: :return: """ load_nv_setting = load_settings.ArcherySettings(api_data) nv_enabled = str(load_nv_setting.nv_enabled()) nv_online = str(load_nv_setting.nv_enabled()) nv_version = str(load_nv_setting.nv_enabled()) nv_timing = load_nv_setting.nv_timing() return render( request, 'nv_settings.html', { 'nv_enabled': nv_enabled, 'nv_online': nv_online, 'nv_version': nv_version, 'nv_timing': nv_timing, })
def setting(request): """ The function calling setting page. :param request: :return: """ # Loading settings settings = load_settings.ArcherySettings(setting_file) # Loading OpenVAS Settings ov_user = settings.openvas_username() ov_pass = settings.openvas_pass() ov_ip = settings.openvas_host() lod_ov_user = signing.loads(ov_user) lod_ov_pass = signing.loads(ov_pass) lod_ov_ip = signing.loads(ov_ip) # Loading ZAP Settings lod_apikey = settings.zap_api_key() zap_host = settings.zap_host() zap_port = settings.zap_port() # Loading Burp Settings burp_host = settings.burp_host() burp_port = settings.burp_port() # Loading Email Settings email_subject = settings.email_subject() email_from = settings.email_from() to_email = settings.email_to() return render(request, 'setting.html', {'apikey': lod_apikey, 'zapath': zap_host, 'zap_port': zap_port, 'lod_ov_user': lod_ov_user, 'lod_ov_pass': lod_ov_pass, 'lod_ov_ip': lod_ov_ip, 'burp_path': burp_host, 'burp_port': burp_port, 'email_subject': email_subject, 'email_from': email_from, 'to_email': to_email})
def get(self, request): load_openvas_setting = load_settings.ArcherySettings(api_data, ) openvas_host = load_openvas_setting.openvas_host() openvas_port = load_openvas_setting.openvas_port() openvas_enabled = load_openvas_setting.openvas_enabled() if openvas_enabled: openvas_enabled = "True" else: openvas_enabled = "False" openvas_user = load_openvas_setting.openvas_username() openvas_password = load_openvas_setting.openvas_pass() return render( request, "networkscanners/setting_form.html", { "openvas_host": openvas_host, "openvas_port": openvas_port, "openvas_enabled": openvas_enabled, "openvas_user": openvas_user, "openvas_password": openvas_password, }, )
def setting(request): """ The function calling setting page. :param request: :return: """ all_notify = Notification.objects.unread() jira_url = None j_username = None password = None # Loading settings username = request.user.username settings = load_settings.ArcherySettings(setting_file, username=username) lod_ov_user = settings.openvas_username() lod_ov_pass = settings.openvas_pass() lod_ov_host = settings.openvas_host() lod_ov_port = settings.openvas_port() lod_ov_enabled = settings.openvas_enabled() # Loading ZAP Settings zap_api_key = '' zap_hosts = '' zap_ports = '' zap_enable = False all_zap = zap_settings_db.objects.filter(username=username) for zap in all_zap: zap_api_key = zap.zap_api zap_hosts = zap.zap_url zap_ports = zap.zap_port zap_enable = zap.enabled lod_apikey = zap_api_key zap_host = zap_hosts zap_port = zap_ports # Loading Arachni Settings arachni_hosts = '' arachni_ports = '' all_arachni = arachni_settings_db.objects.filter(username=username) for arachni in all_arachni: arachni_hosts = arachni.arachni_url arachni_ports = arachni.arachni_port arachni_hosts = arachni_hosts arachni_ports = arachni_ports # Loading NMAP Vulners Settings nv_enabled = False nv_online = False nv_version = False nv_timing = 0 all_nv = nmap_vulners_setting_db.objects.filter(username=username) for nv in all_nv: nv_enabled = bool(nv.enabled) nv_online = bool(nv.online) nv_version = bool(nv.version) nv_timing = int(nv.timing) # Loading Burp Settings burp_host = settings.burp_host() burp_port = settings.burp_port() burp_api_key = settings.burp_api_key() # Loading Email Settings all_email = email_db.objects.filter(username=username) # Load JIRA Setting jira_setting = jirasetting.objects.filter(username=username) for jira in jira_setting: jira_url = jira.jira_server j_username = jira.jira_username password = jira.jira_password jira_server = jira_url if j_username is None: jira_username = None else: jira_username = signing.loads(j_username) if password is None: jira_password = None else: jira_password = signing.loads(password) username = request.user.username zap_enabled = False random_port = '8091' target_url = 'https://archerysec.com' zap_info = '' burp_info = '' openvas_info = '' arachni_info = '' jira_info = '' if request.method == 'POST': setting_of = request.POST.get('setting_of') if setting_of == 'zap': all_zap = zap_settings_db.objects.filter(username=username) for zap in all_zap: zap_enabled = zap.enabled if zap_enabled is False: zap_info = 'Disabled' try: random_port = zap_plugin.zap_local() except: return render(request, 'setting.html', {'zap_info': zap_info}) for i in range(0, 100): while True: try: # Connection Test zap_connect = zap_plugin.zap_connect( random_port, username=username) zap_connect.spider.scan(url=target_url) except Exception as e: print( "ZAP Connection Not Found, re-try after 5 sec") time.sleep(5) continue break else: try: zap_connect = zap_plugin.zap_connect(random_port, username=username) zap_connect.spider.scan(url=target_url) zap_info = True except: zap_info = False if setting_of == 'burp': host = 'http://' + burp_host + ':' + burp_port + '/' bi = burpscanner.BurpApi(host, burp_api_key) issue_list = bi.issue_definitions() if issue_list.data is None: burp_info = False else: burp_info = True if setting_of == 'openvas': sel_profile = '' openvas = OpenVAS_Plugin(scan_ip, project_id, sel_profile, username=username) try: openvas.connect() openvas_info = True except: openvas_info = False if setting_of == 'arachni': global scan_run_id, scan_status arachni_hosts = None arachni_ports = None all_arachni = arachni_settings_db.objects.filter(username=username) for arachni in all_arachni: arachni_hosts = arachni.arachni_url arachni_ports = arachni.arachni_port arachni = PyArachniapi.arachniAPI(arachni_hosts, arachni_ports) check = [] data = { "url": 'https://archerysec.com', "checks": check, "audit": {} } d = json.dumps(data) scan_launch = arachni.scan_launch(d) time.sleep(3) try: scan_data = scan_launch.data for key, value in scan_data.items(): if key == 'id': scan_run_id = value arachni_info = True except Exception: arachni_info = False if setting_of == 'jira': global jira_projects, jira_ser jira_setting = jirasetting.objects.filter(username=username) for jira in jira_setting: jira_url = jira.jira_server username = jira.jira_username password = jira.jira_password jira_server = jira_url jira_username = signing.loads(username) jira_password = signing.loads(password) options = {'server': jira_server} try: jira_ser = JIRA(options, basic_auth=(jira_username, jira_password), timeout=5) jira_projects = jira_ser.projects() print(len(jira_projects)) jira_info = True except Exception as e: print(e) jira_info = False return render( request, 'setting.html', { 'apikey': lod_apikey, 'zapath': zap_host, 'zap_port': zap_port, 'zap_enable': zap_enable, 'arachni_hosts': arachni_hosts, 'arachni_ports': arachni_ports, 'lod_ov_user': lod_ov_user, 'lod_ov_pass': lod_ov_pass, 'lod_ov_host': lod_ov_host, 'lod_ov_enabled': lod_ov_enabled, 'lod_ov_port': lod_ov_port, 'burp_path': burp_host, 'burp_port': burp_port, 'burp_api_key': burp_api_key, 'all_email': all_email, 'jira_server': jira_server, 'jira_username': jira_username, 'jira_password': jira_password, 'nv_enabled': nv_enabled, 'nv_version': nv_version, 'nv_online': nv_online, 'nv_timing': nv_timing, 'message': all_notify, 'zap_info': zap_info, 'burp_info': burp_info, 'openvas_info': openvas_info, 'arachni_info': arachni_info, 'jira_info': jira_info })
def setting(request): """ The function calling setting page. :param request: :return: """ all_notify = Notification.objects.unread() jira_url = None j_username = None password = None # Loading settings username = request.user.username settings = load_settings.ArcherySettings(setting_file, username=username) lod_ov_user = settings.openvas_username() lod_ov_pass = settings.openvas_pass() lod_ov_host = settings.openvas_host() lod_ov_port = settings.openvas_port() lod_ov_enabled = settings.openvas_enabled() # Loading ZAP Settings zap_api_key = '' zap_hosts = '' zap_ports = '' zap_enable = False all_zap = zap_settings_db.objects.filter(username=username) for zap in all_zap: zap_api_key = zap.zap_api zap_hosts = zap.zap_url zap_ports = zap.zap_port zap_enable = zap.enabled lod_apikey = zap_api_key zap_host = zap_hosts zap_port = zap_ports # Loading Arachni Settings arachni_hosts = '' arachni_ports = '' all_arachni = arachni_settings_db.objects.filter(username=username) for arachni in all_arachni: arachni_hosts = arachni.arachni_url arachni_ports = arachni.arachni_port arachni_hosts = arachni_hosts arachni_ports = arachni_ports # Loading NMAP Vulners Settings nv_enabled = False nv_online = False nv_version = False nv_timing = 0 all_nv = nmap_vulners_setting_db.objects.filter(username=username) for nv in all_nv: nv_enabled = bool(nv.enabled) nv_online = bool(nv.online) nv_version = bool(nv.version) nv_timing = int(nv.timing) # Loading Burp Settings burp_host = settings.burp_host() burp_port = settings.burp_port() burp_api_key = settings.burp_api_key() # Loading Email Settings all_email = email_db.objects.filter(username=username) # Load JIRA Setting jira_setting = jirasetting.objects.filter(username=username) for jira in jira_setting: jira_url = jira.jira_server j_username = jira.jira_username password = jira.jira_password jira_server = jira_url if j_username is None: jira_username = None else: jira_username = signing.loads(j_username) if password is None: jira_password = None else: jira_password = signing.loads(password) return render( request, 'setting.html', { 'apikey': lod_apikey, 'zapath': zap_host, 'zap_port': zap_port, 'zap_enable': zap_enable, 'arachni_hosts': arachni_hosts, 'arachni_ports': arachni_ports, 'lod_ov_user': lod_ov_user, 'lod_ov_pass': lod_ov_pass, 'lod_ov_host': lod_ov_host, 'lod_ov_enabled': lod_ov_enabled, 'lod_ov_port': lod_ov_port, 'burp_path': burp_host, 'burp_port': burp_port, 'burp_api_key': burp_api_key, 'all_email': all_email, 'jira_server': jira_server, 'jira_username': jira_username, 'jira_password': jira_password, 'nv_enabled': nv_enabled, 'nv_version': nv_version, 'nv_online': nv_online, 'nv_timing': nv_timing, 'message': all_notify, })
import uuid import json import ast # ZAP Database import from webscanners.models import zap_scan_results_db,\ zap_scans_db,\ zap_spider_db,\ cookie_db,\ excluded_db from archerysettings import load_settings # Global Variables setting_file = os.getcwd() + '/apidata.json' zap_setting = load_settings.ArcherySettings(setting_file) zap_api_key = zap_setting.zap_api_key() zap_hosts = zap_setting.zap_host() zap_ports = zap_setting.zap_port() def zap_connect(): zap = ZAPv2(apikey=zap_api_key, proxies={ 'http': zap_hosts + ':' + zap_ports, 'https': zap_hosts + ':' + zap_ports}) return zap class ZAPScanner: """
def setting(request): """ The function calling setting page. :param request: :return: """ jira_url = None username = None password = None # Loading settings settings = load_settings.ArcherySettings(setting_file) lod_ov_user = settings.openvas_username() lod_ov_pass = settings.openvas_pass() lod_ov_host = settings.openvas_host() lod_ov_port = settings.openvas_port() lod_ov_enabled = settings.openvas_enabled() # Loading ZAP Settings zap_api_key = '' zap_hosts = '' zap_ports = '' all_zap = zap_settings_db.objects.all() for zap in all_zap: zap_api_key = zap.zap_api zap_hosts = zap.zap_url zap_ports = zap.zap_port lod_apikey = zap_api_key zap_host = zap_hosts zap_port = zap_ports # Loading Arachni Settings arachni_hosts = '' arachni_ports = '' all_arachni = arachni_settings_db.objects.all() for arachni in all_arachni: arachni_hosts = arachni.arachni_url arachni_ports = arachni.arachni_port arachni_hosts = arachni_hosts arachni_ports = arachni_ports # Loading NMAP Vulners Settings nv_enabled = False nv_online = False nv_version = False nv_timing = 0 all_nv = nmap_vulners_setting_db.objects.all() for nv in all_nv: nv_enabled = bool(nv.enabled) nv_online = bool(nv.online) nv_version = bool(nv.version) nv_timing = int(nv.timing) # Loading Burp Settings burp_host = settings.burp_host() burp_port = settings.burp_port() # Loading Email Settings email_subject = settings.email_subject() email_from = settings.email_from() to_email = settings.email_to() # Load JIRA Setting jira_setting = jirasetting.objects.all() for jira in jira_setting: jira_url = jira.jira_server username = jira.jira_username password = jira.jira_password jira_server = jira_url if username is None: jira_username = None else: jira_username = signing.loads(username) if password is None: jira_password = None else: jira_password = signing.loads(password) return render( request, 'setting.html', { 'apikey': lod_apikey, 'zapath': zap_host, 'zap_port': zap_port, 'arachni_hosts': arachni_hosts, 'arachni_ports': arachni_ports, 'lod_ov_user': lod_ov_user, 'lod_ov_pass': lod_ov_pass, 'lod_ov_host': lod_ov_host, 'lod_ov_enabled': lod_ov_enabled, 'lod_ov_port': lod_ov_port, 'burp_path': burp_host, 'burp_port': burp_port, 'email_subject': email_subject, 'email_from': email_from, 'to_email': to_email, 'jira_server': jira_server, 'jira_username': jira_username, 'jira_password': jira_password, 'nv_enabled': nv_enabled, 'nv_version': nv_version, 'nv_online': nv_online, 'nv_timing': nv_timing, })
from openvas_lib import VulnscanManager, VulnscanException from networkscanners.models import scan_save_db, ov_scan_result_db from django.utils import timezone from archerysettings import load_settings from django.core import signing import time import os import uuid openvas_data = os.getcwd() + '/' + 'apidata.json' openvas_setting = load_settings.ArcherySettings(openvas_data) class OpenVAS_Plugin: """ OpenVAS plugin Class """ def __init__(self, scan_ip, project_id, sel_profile): """ :param scan_ip: :param project_id: :param sel_profile: """ self.scan_ip = scan_ip self.project_id = project_id self.sel_profile = sel_profile def connect(self): """