def notify_summary(self, audit_name):
"""
This method is called when an audit ends and when a plugin ends.
:param audit_name: Name of the audit.
:type audit_name: str
"""
# Get the number of vulnerabilities in the database.
vulns_number = Database.count(Data.TYPE_VULNERABILITY)
# Count the vulnerabilities by severity.
vulns_counter = collections.defaultdict(int)
for l_vuln in Database.iterate(Data.TYPE_VULNERABILITY):
vulns_counter[l_vuln.level] += 1
# Get the number of IP addresses and hostnames.
total_hosts = Database.count(Data.TYPE_RESOURCE,
Resource.RESOURCE_DOMAIN)
total_hosts += Database.count(Data.TYPE_RESOURCE,
Resource.RESOURCE_IP)
# Substract the ones that were passed as targets.
discovered_hosts = total_hosts - len(Config.audit_scope.targets)
discovered_hosts = discovered_hosts if discovered_hosts > 0 else 0
# Send the summary.
packet = ("summary", audit_name, vulns_number, discovered_hosts, total_hosts,
vulns_counter['info'], vulns_counter['low'], vulns_counter['medium'],
vulns_counter['high'], vulns_counter['critical'],)
self.bridge.send(packet)
def generate_report(self, output_file):
# Dump all objects in the database.
print "-" * 79
print "Report:"
for data in Database.iterate():
print
print data.identity
print repr(data)
print sorted(data.links)
for linked in data.linked_data:
print "--> " + linked.identity
print "--> " + repr(linked)
print
def generate_report(self, output_file):
# Dump all objects in the database.
print "-" * 79
print "Report:"
for data in Database.iterate():
print
print data.identity
print repr(data)
print sorted(data.links)
for linked in data.linked_data:
print "--> " + linked.identity
print "--> " + repr(linked)
print
def common_get_resources(self, data_type=None, data_subtype=None):
"""
Get a list of datas.
:return: List of resources.
:rtype: list(Resource)
"""
# Get each resource
m_resource = None
m_len_urls = Database.count(data_type, data_type)
if m_len_urls < 200: # increase as you see fit...
# fast but memory consuming method
m_resource = Database.get_many( Database.keys(data_type=data_type, data_subtype=data_subtype))
else:
# slow but lean method
m_resource = Database.iterate(data_type=data_type, data_subtype=data_subtype)
return m_resource
def common_get_resources(self, data_type=None, data_subtype=None):
"""
Get a list of datas.
:return: List of resources.
:rtype: list(Resource)
"""
# Get each resource
m_resource = None
m_len_urls = Database.count(data_type, data_type)
if m_len_urls < 200: # increase as you see fit...
# fast but memory consuming method
m_resource = Database.get_many(
Database.keys(data_type=data_type, data_subtype=data_subtype))
else:
# slow but lean method
m_resource = Database.iterate(data_type=data_type,
data_subtype=data_subtype)
return m_resource
def __iterate(self, data_type = None, data_subtype = None):
if Database.count(data_type, data_type) < 100:
return Database.get_many(
Database.keys(data_type=data_type, data_subtype=data_subtype)
)
return Database.iterate(data_type=data_type, data_subtype=data_subtype)
def do_audit_summary(self, audit_name):
"""
Implementation of: /audit/summary
:param audit_name: Name of the audit to query.
:type audit_name: str
:returns:
Summary in the following format::
{
'vulns_number' : int,
'discovered_hosts' : int,
'total_hosts' : int,
'vulns_by_level' : {
'info' : int,
'low' : int,
'medium' : int,
'high' : int,
'critical' : int,
},
}
Returns None on error.
:rtype: dict(str -> \\*) | None
"""
# Checks for errors
if audit_name in self.audit_error:
return "error"
try:
if self.is_audit_running(audit_name):
with SwitchToAudit(audit_name):
# Get the number of vulnerabilities in the database.
vulns_number = Database.count(Data.TYPE_VULNERABILITY)
# Count the vulnerabilities by severity.
vulns_counter = collections.Counter()
for l_vuln in Database.iterate(Data.TYPE_VULNERABILITY):
vulns_counter[l_vuln.level] += 1
# Get the number of IP addresses and hostnames.
total_hosts = Database.count(Data.TYPE_RESOURCE,
Resource.RESOURCE_DOMAIN)
total_hosts += Database.count(Data.TYPE_RESOURCE,
Resource.RESOURCE_IP)
# Substract the ones that were passed as targets.
discovered_hosts = total_hosts - len(Config.audit_scope.targets)
# Return the data in the expected format.
return {
'vulns_number' : vulns_number,
'discovered_hosts' : discovered_hosts,
'total_hosts' : total_hosts,
'vulns_by_level' : {
'info' : vulns_counter['info'],
'low' : vulns_counter['low'],
'medium' : vulns_counter['medium'],
'high' : vulns_counter['high'],
'critical' : vulns_counter['critical'],
}
}
else:
# XXX TODO open the database manually here
raise NotImplementedError(
"Querying finished audits is not implemented yet!")
except Exception:
Logger.log_error(traceback.format_exc())
def __iterate(self, data_type = None, data_subtype = None):
if Database.count(data_type=data_type, data_subtype=data_subtype) <100:
return Database.get_many(
Database.keys(data_type=data_type, data_subtype=data_subtype)
)
return Database.iterate(data_type=data_type, data_subtype=data_subtype)
