Beispiel #1
0
    def stop(self):
        """Method stops proxy

        Args:
            none

        Returns:
            bool: result

        Raises:
            event: zap_before_stop
            event: zap_after_stop     

        """

        try:
            
            self._mh.demsg('htk_on_debug_info', self._mh._trn.msg('zap_stop'), self._mh.fromhere())
            ev = event.Event('zap_before_stop')
            self._mh.fire_event(ev)
            
            if (ev.will_run_default()):
                self._client.core.shutdown()
                
            self._mh.demsg('htk_on_debug_info', self._mh._trn.msg('zap_stopped'), self._mh.fromhere())
            ev = event.Event('zap_after_stop')
            self._mh.fire_event(ev)

            return True                

        except Exception as ex:
            self._mh.demsg('htk_on_error', 'error: {0}'.format(ex), self._mh.fromhere())
            return False            
Beispiel #2
0
    def call(self, method, params=[]):
        """Method calls RPC method

        Args:
            method (str): method title
            params (list): method parameters, values or dict

        Returns:
            tuple: bool (result), dict (output)

        Raises:
            event: msf_before_call
            event: msf_after_call

        """

        try:

            self._mh.demsg('htk_on_debug_info', self._mh._trn.msg('msf_call_req', method, params), self._mh.fromhere())
            ev = event.Event('msf_before_call', method, params)
            if (self._mh.fire_event(ev) > 0):
                method = ev.argv(0)
                params = ev.argv(1)

            res = None
            if (ev.will_run_default()):
                url = 'https://{0}:{1}/api/'.format(self._host, self._port)
                headers = {'Content-Type': 'binary/message-pack'}

                if (method == 'auth.login' or self._token == None):
                    data = packb([method] + params) if (method == 'auth.login') else packb(['auth.login', self._user, self._passw])
                    res = post(url, data=data, headers=headers, verify=False)
                    if (res.status_code == 200):
                        res = unpackb(res.content)
                        if ('error' not in res and b'error' not in res):
                            self._token = res['token'] if (version_info[0] == 2) else res[b'token']
                        else:
                            raise Exception(res['error_message'] if (version_info[0] == 2) else res[b'error_message'])
                    else:
                        raise Exception('Failed to connect')

                if (method != 'auth.login'):
                    data = packb([method, self._token] + params)
                    res = post(url, data=data, headers=headers, verify=False)
                    if (res.status_code == 200):
                        res = unpackb(res.content)
                        if ('error' in res or b'error' in res):
                            raise Exception(res['error_message'] if (version_info[0] == 2) else res[b'error_message'])
                    else:
                        raise Exception(res.content)

            self._mh.demsg('htk_on_debug_info', self._mh._trn.msg('msf_call_res', res), self._mh.fromhere())
            ev = event.Event('msf_after_call')
            self._mh.fire_event(ev)

            return True, res

        except (RequestException, Exception) as ex:
            self._mh.demsg('htk_on_error', 'error: {0}'.format(ex), self._mh.fromhere())
            return False, res
Beispiel #3
0
    def spider(self, url, params=None):
        """Method executes spider

        Args:
            url (str): URL
            params (dict): request parameters

        Returns:
            tuple: bool (result), int (count of urls)

        Raises:
            event: zap_before_spider
            event: zap_after_spider

        """

        try:

            self._mh.demsg('htk_on_debug_info', self._mh._trn.msg('zap_spider_start', url, params), self._mh.fromhere())
            ev = event.Event('zap_before_spider', url, params)
            if (self._mh.fire_event(ev) > 0):
                url = ev.argv(0)
                params = ev.argv(1)
                
            if (ev.will_run_default()):
                if (params != None):
                    params = urlencode(params)
                    url += '?' + params if ('?' not in url) else '&' + params

                scanid = self._client.spider.scan(url)
                if (not scanid.isnumeric()):
                    raise Exception(scanid)

                while (True):
                    progress = self._client.spider.status(scanid)
                    stdout.write('\r' + self._mh._trn.msg('zap_progress', 'spider', progress))
                    stdout.flush()

                    if (int(progress) == 100):
                        stdout.write('\n')
                        stdout.flush()
                        break

                    sleep(1)
                
            self._mh.demsg('htk_on_debug_info', self._mh._trn.msg('zap_spider_finish'), self._mh.fromhere())
            ev = event.Event('zap_after_spider')
            self._mh.fire_event(ev)

            return True, len(self._client.core.urls)

        except Exception as ex:
            self._mh.demsg('htk_on_error', 'error: {0}'.format(ex), self._mh.fromhere())
            return False, None
Beispiel #4
0
    def start(self, rpc_path=None):
        """Method starts MSF RPC

        Args:
            rpc_path (str): path to rpc control script

        Returns:
            bool: result

        Raises:
            event: msf_before_start
            event: msf_after_start

        """

        try:

            self._path = self._path if (rpc_path == None) else rpc_path
            self._mh.demsg('htk_on_debug_info', self._mh._trn.msg('msf_start', self._path, self._host, self._port,
                          self._user, self._passw), self._mh.fromhere())

            ev = event.Event('msf_before_start')
            self._mh.fire_event(ev)

            if (ev.will_run_default()):
                if (path.exists(self._path)):
                    cmd = [self._path, '-a', self._host, '-p', str(self._port), '-U', self._user, '-P', self._passw]
                    Popen(cmd, stdout=open(devnull, 'w'))
                    sleep(10)
                    if (self._get_process() == None):
                        raise Exception('Process not started')
                else:
                    raise ValueError('Path {0} not found'.format(self._path))

            self._mh.demsg('htk_on_debug_info', self._mh._trn.msg('msf_started'), self._mh.fromhere())
            ev = event.Event('msf_after_start')
            self._mh.fire_event(ev)

            return True

        except (Exception, ValueError) as ex:
            self._mh.demsg('htk_on_error', 'error: {0}'.format(ex), self._mh.fromhere())
            return False
Beispiel #5
0
    def start(self, proxy_path=None):
        """Method starts proxy

        Args:
            proxy_path (str): path to proxy control script

        Returns:
            bool: result

        Raises:
            event: zap_before_start
            event: zap_after_start     

        """

        try:

            self._path = self._path if (proxy_path == None) else proxy_path
            self._mh.demsg('htk_on_debug_info', self._mh._trn.msg('zap_start', self._path, self._host, self._port), self._mh.fromhere())

            ev = event.Event('zap_before_start')
            self._mh.fire_event(ev)

            if (ev.will_run_default()):
                if (path.exists(self._path)):
                    cmd = [self._path, '-daemon', '-config', 'api.disablekey=true', '-host', self._host, '-port', str(self._port)]
                    Popen(cmd, stdout=open(devnull, 'w'))
                    sleep(10)
                    self._client.core.version
                else:
                    raise ValueError('Path {0} not found'.format(self._path))

            self._mh.demsg('htk_on_debug_info', self._mh._trn.msg('zap_started'), self._mh.fromhere())
            ev = event.Event('zap_after_start')
            self._mh.fire_event(ev)

            return True

        except (Exception, ValueError) as ex:
            self._mh.demsg('htk_on_error', 'error: {0}'.format(ex), self._mh.fromhere())
            return False
Beispiel #6
0
    def stop(self):
        """Method stops RPC

        Args:
            none

        Returns:
            bool: result

        Raises:
            event: msf_before_stop
            event: msf_after_stop

        """

        try:

            self._mh.demsg('htk_on_debug_info', self._mh._trn.msg('msf_stop'), self._mh.fromhere())
            ev = event.Event('msf_before_stop')
            self._mh.fire_event(ev)

            if (ev.will_run_default()):
                proc = self._get_process()
                if (proc == None):
                    raise Exception('Process not started')
                proc.terminate()

            self._mh.demsg('htk_on_debug_info', self._mh._trn.msg('msf_stopped'), self._mh.fromhere())
            ev = event.Event('msf_after_stop')
            self._mh.fire_event(ev)

            return True

        except Exception as ex:
            self._mh.demsg('htk_on_error', 'error: {0}'.format(ex), self._mh.fromhere())
            return False
Beispiel #7
0
    def export(self, out_type='alert', out_format='json', output=None, url=None):
        """Method executes export

        Args:
            out_type (str): output type, alert|msg|url
            out_format (str): output format, html|json|md|xml for alert, har|json for msg, json for url
            output (str): output filename
            url (str): URL for filtering

        Returns:
            tuple: bool (result), str (output filename)

        Raises:
            event: zap_before_export
            event: zap_after_export

        """

        try:
            
            self._mh.demsg('htk_on_debug_info', self._mh._trn.msg('zap_export_start', out_type, out_format, output, url), self._mh.fromhere())
            ev = event.Event('zap_before_export', out_type, out_format, output, url)
            if (self._mh.fire_event(ev) > 0):
                out_type = ev.argv(0)
                out_format = ev.argv(1)
                output = ev.argv(2)
                url = ev.argv(3)

            if (ev.will_run_default()):
                if (out_type not in ['alert', 'msg', 'url']):
                    raise ValueError('Invalid type {0}'.format(out_type))
                elif (out_format not in ['har', 'html', 'json', 'md', 'xml']):
                    raise ValueError('Invalid format {0}'.format(out_format))
                elif ((out_type == 'alert' and out_format not in ['html', 'json', 'md', 'xml']) or
                      (out_type == 'msg' and out_format not in ['har', 'json']) or (out_type == 'url' and out_format != 'json')):
                    raise ValueError('Invalid format {0} for type {1}'.format(out_format, out_type))

                if (out_type == 'url'):
                    data = dumps(self._client.core.urls, indent=1)
                elif (out_type == 'msg'):
                    data = dumps(self._client.core.messages(url), indent=4) if (out_format == 'json') else self._client.core.messages_har(url)
                elif (out_type == 'alert'):
                    if (out_format == 'json'):
                        data = dumps(self._client.core.alerts(url), indent=4)
                    elif (out_format == 'html'):
                        data = self._client.core.htmlreport()
                    elif (out_format == 'md'):
                        data = self._client.core.mdreport()
                    elif (out_format == 'xml'):
                        data = self._client.core.xmlreport()

                output = output if (output != None) else '{0}.{1}'.format(out_type, out_format)
                with open(output, 'w') as f:
                    f.write(data)

            self._mh.demsg('htk_on_debug_info', self._mh._trn.msg('zap_export_finish'), self._mh.fromhere())
            ev = event.Event('zap_after_export')
            self._mh.fire_event(ev)
            
            return True, output

        except (Exception, ValueError) as ex:
            self._mh.demsg('htk_on_error', 'error: {0}'.format(ex), self._mh.fromhere())
            return False, None
Beispiel #8
0
    def scan(self, url, method=None, params=None):
        """Method executes scan

        Args:
            url (str): URL
            method (str): HTTP method, default GET
            params (dict): request parameters

        Returns:
            tuple: bool (result), int (count of alerts)

        Raises:
            event: zap_before_scan
            event: zap_after_scan

        """

        try:

            self._mh.demsg('htk_on_debug_info', self._mh._trn.msg('zap_scan_start', url, method, params), self._mh.fromhere())
            ev = event.Event('zap_before_scan', url, method, params)
            if (self._mh.fire_event(ev) > 0):
                url = ev.argv(0)
                method = ev.argv(1)
                params = ev.argv(2)

            if (ev.will_run_default()):
                if (method in [None, 'GET']):
                    if (params != None):
                        params = urlencode(params)
                        new_url = url + '?' + params if ('?' not in url) else url + '&' + params
                        scanid = self._client.ascan.scan(new_url)
                    else:
                        scanid = self._client.ascan.scan(url)
                else:
                    params = '' if (params == None) else urlencode(params)
                    scanid = self._client.ascan.scan(url, method=method, postdata=params)

                if (not scanid.isnumeric()):
                    raise Exception(scanid)

                while (True):
                    progress = self._client.ascan.status(scanid)
                    stdout.write('\r' + self._mh._trn.msg('zap_progress', 'scan', progress))
                    stdout.flush()

                    if (int(progress) == 100):
                        stdout.write('\n')
                        stdout.flush()
                        break

                    sleep(1)

            self._mh.demsg('htk_on_debug_info', self._mh._trn.msg('zap_scan_finish'), self._mh.fromhere())
            ev = event.Event('zap_after_scan')
            self._mh.fire_event(ev)

            cnt = self._client.core.number_of_alerts(url) if (version_info[0] == 2) else int(float(self._client.core.number_of_alerts(url)))
            return True, cnt

        except Exception as ex:
            self._mh.demsg('htk_on_error', 'error: {0}'.format(ex), self._mh.fromhere())
            return False, None