def ScriptVulnInfo(script_id): page_number = int(request.args.get('p')) page_result = {} result = [] lens = Vuln.objects(script=script_id).count() page_result['total_page'] = str(lens // page_item_number + 1) if page_number > lens // page_item_number + 1: return json.dumps(page_result) if page_number * page_item_number < lens: vulns = Vuln.objects( script=script_id)[lens - (page_number * page_item_number):lens - (page_item_number * (page_number - 1))] else: vulns = Vuln.objects(script=script_id)[0:lens - (page_item_number * (page_number - 1))] for each in vulns: info = {} script = Script.objects(script_id=each.script).first() try: info['task_name'] = cgi.escape( Task.objects(task_id=each.task_id).first().task_name) except: info['task_name'] = u'该任务已删除,无法查看' info['task_id'] = each.task_id info['target'] = each.target info['script_name'] = script.script_name info['script_id'] = each.script info['message'] = each.message info['script_type'] = each.script_type info['time'] = str(each.create_time).split('.')[0] info['level'] = script.script_level result.append(info) page_result['info'] = result return json.dumps(page_result)
def main(): nessus = authenticate() session = Session() for report in nessus.reports: if report.status != 'completed': continue if session.query(exists().where(Report.uuid==report.uuid)).scalar(): continue r = Report( name=report.name, uuid=report.uuid, time=datetime.fromtimestamp(report.timestamp) ) session.add(r) for host in report.hosts: h = Host( hostname=host.hostname, info=host.info['count'], low=host.low['count'], med=host.med['count'], high=host.high['count'], crit=host.critical['count'], cpe=host.cpe.replace('The remote operating system matched the following CPE\'s : \n\n ', '') ) h.report = r session.add(h) for vuln in report.vulns: v = Vuln( name=vuln.name, family=vuln.family, severity=vuln.severity, plugin=vuln.plugin_id, hosts_affected=len(report.hosts_affected_by(vuln)), ) v.report = r session.add(v) session.commit()
def ScriptList(show_type): result = [] page_result = {} if show_type == 'index': data = Vuln.objects.item_frequencies('script', normalize=True) data = OrderedDict( sorted(data.items(), key=lambda x: x[1], reverse=True)) for script_id, percent in data.items(): script = Script.objects(script_id=script_id).first() info = {} info['name'] = script.script_name info['create_time'] = script.script_update_time info['author'] = script.script_author info['title'] = script.script_title info['level'] = script.script_level result.append(info) if len(result) > 10: result = result[0:10] elif show_type == 'all': data = Script.objects.all() for each in data: info = {} info['id'] = each.script_id info['detail'] = each.script_info info['create_time'] = each.script_update_time info['author'] = each.script_author info['level'] = each.level result.append(info) result.reverse() elif show_type == 'page': page_number = int(request.args.get('p')) lens = len(Script.objects) page_result['total_page'] = str(lens // page_item_number + 1) if page_number > lens // page_item_number + 1: return json.dumps(page_result) if page_number * page_item_number < lens: data = Script.objects[lens - (page_number * page_item_number):lens - (page_item_number * (page_number - 1))] else: data = Script.objects[0:lens - (page_item_number * (page_number - 1))] for each in data: info = {} info['id'] = each.script_id info['detail'] = each.script_info info['create_time'] = each.script_update_time info['author'] = each.script_author info['level'] = each.script_level info['count'] = Vuln.objects(script=each.script_id).count() info['title'] = each.script_title result.append(info) result.reverse() page_result['info'] = result return json.dumps(page_result) return json.dumps(result)
def SaveResultToDatabase(data): if args.use_database == False: return if not len(data['result']): return try: result = Result.objects(task_id=args.task_id) result.update(result=json.dumps(data['result']), high_count=data['high_count'], medium_count=data['medium_count'], low_count=data['low_count']) for each in data['result']: for script in each['result']: if script['script_type'] == 'attack': vuln_id = hashlib.md5(each['target'] + script['script_name']).hexdigest() if Vuln.objects(vuln_id=vuln_id).count() == 0: Vuln(task_id=args.task_id, vuln_id=vuln_id, target=each['target'], script=hashlib.md5( script['script_name']).hexdigest(), message=script['message'], script_type=script['script_type']).save() else: vuln = Vuln.objects(vuln_id=vuln_id).first() vuln.update(task_id=args.task_id, target=each['target'], script=hashlib.md5( script['script_name']).hexdigest(), message=script['message'], script_type=script['script_type']) elif script['script_type'] == 'info': vuln_id = hashlib.md5(each['target'] + script['script_name']).hexdigest() if Vuln.objects(vuln_id=vuln_id).count() == 0: Vuln(task_id=args.task_id, vuln_id=vuln_id, target=each['target'], script=hashlib.md5( script['script_name']).hexdigest(), message=json.dumps(script['items']), script_type=script['script_type']).save() else: vuln = Vuln.objects(vuln_id=vuln_id).first() vuln.update(task_id=args.task_id, target=each['target'], script=hashlib.md5( script['script_name']).hexdigest(), message=json.dumps(script['items']), script_type=script['script_type']) except Exception, e: raise DatabaseException(repr(e))
def DataInfo(): result = {} result['vuln_count'] = Vuln.objects().all().count() result['script_count'] = Script.objects.all().count() return json.dumps(result)
def DataSearch(search_type): keyword = request.args.get('keyword') page_number = int(request.args.get('p')) result = [] page_result = {} if search_type == 'script': lens = len( Script.objects(__raw__={ 'script_info': re.compile(keyword) }).all()) page_result['total_page'] = str(lens // page_item_number + 1) if page_number > lens // page_item_number + 1: return json.dumps(page_result) if page_number * page_item_number < lens: scripts = Script.objects( __raw__={'script_info': re.compile(keyword) })[lens - (page_number * page_item_number):lens - (page_item_number * (page_number - 1))] else: scripts = Script.objects( __raw__={'script_info': re.compile(keyword) })[0:lens - (page_item_number * (page_number - 1))] for each in scripts: info = {} info['id'] = each.script_id info['detail'] = each.script_info info['create_time'] = each.script_update_time info['author'] = each.script_author info['level'] = each.script_level info['count'] = Vuln.objects(script=each.script_id).count() info['title'] = each.script_title result.append(info) elif search_type == 'task': lens = len( Status.objects(__raw__={ 'task_name': re.compile(keyword) }).all()) page_result['total_page'] = str(lens // page_item_number + 1) if page_number > lens // page_item_number + 1: return json.dumps(page_result) if page_number * page_item_number < lens: tasks = Status.objects(__raw__={'task_name': re.compile( keyword)})[lens - (page_number * page_item_number):lens - (page_item_number * (page_number - 1))] else: tasks = Status.objects(__raw__={'task_name': re.compile( keyword)})[0:lens - (page_item_number * (page_number - 1))] for each in tasks: info = {} info['create_time'] = str(each.create_time).split('.')[0] info['task_name'] = cgi.escape(each.task_name) info['task_id'] = each.task_id info['status'] = each.status info['progress'] = each.progress result.append(info) elif search_type == 'vuln': lens = len(Vuln.objects(__raw__={'target': re.compile(keyword)}).all()) page_result['total_page'] = str(lens // page_item_number + 1) if page_number > lens // page_item_number + 1: return json.dumps(page_result) if page_number * page_item_number < lens: vulns = Vuln.objects(__raw__={'target': re.compile( keyword)})[lens - (page_number * page_item_number):lens - (page_item_number * (page_number - 1))] else: vulns = Vuln.objects( __raw__={'target': re.compile(keyword)})[0:lens - (page_item_number * (page_number - 1))] for each in vulns: info = {} script = Script.objects(script_id=each.script).first() try: info['task_name'] = cgi.escape( Task.objects(task_id=each.task_id).first().task_name) except: info['task_name'] = u'该任务已删除,无法查看' info['task_id'] = each.task_id info['target'] = each.target info['script_name'] = script.script_name info['script_id'] = each.script info['message'] = each.message info['script_type'] = each.script_type info['time'] = str(each.create_time).split('.')[0] info['level'] = script.script_level result.append(info) page_result['info'] = result return json.dumps(page_result)
def VulnList(show_type): result = [] page_result = {} if show_type == 'index': data = Vuln.objects.item_frequencies('script', normalize=True) data = OrderedDict( sorted(data.items(), key=lambda x: x[1], reverse=True)) for script_id, percent in data.items(): info = {} info['script'] = Script.objects( script_id=script_id).first().script_name info['count'] = str(Vuln.objects(script=script_id).count()) info['percent'] = "%.02f%%" % (percent * 100) result.append(info) if len(result) > 10: result = result[0:10] elif show_type == 'all': data = Vuln.objects().all() for each in data: info = {} script = Script.objects(script_id=each.script).first() try: info['task_name'] = cgi.escape( Task.objects(task_id=each.task_id).first().task_name) except: info['task_name'] = u'该任务已删除,无法查看' info['task_id'] = each.task_id info['target'] = each.target info['script_name'] = script.script_name info['script_id'] = each.script info['message'] = each.message info['script_type'] = each.script_type info['time'] = str(each.create_time).split('.')[0] info['level'] = script.script_level result.append(info) result.reverse() elif show_type == 'page': page_number = int(request.args.get('p')) lens = len(Vuln.objects) page_result['total_page'] = str(lens // page_item_number + 1) if page_number > lens // page_item_number + 1: return json.dumps(page_result) if page_number * page_item_number < lens: data = Vuln.objects[lens - (page_number * page_item_number):lens - (page_item_number * (page_number - 1))] else: data = Vuln.objects[0:lens - (page_item_number * (page_number - 1))] for each in data: info = {} script = Script.objects(script_id=each.script).first() try: info['task_name'] = cgi.escape( Task.objects(task_id=each.task_id).first().task_name) except: info['task_name'] = u'该任务已删除,无法查看' info['task_id'] = each.task_id info['target'] = each.target info['script_name'] = script.script_name info['script_id'] = each.script info['message'] = each.message info['script_type'] = each.script_type info['time'] = str(each.create_time).split('.')[0] info['level'] = script.script_level result.append(info) result.reverse() page_result['info'] = result return json.dumps(page_result) return json.dumps(result)