def ScriptVulnInfo(script_id):
page_number = int(request.args.get('p'))
page_result = {}
result = []
lens = Vuln.objects(script=script_id).count()
page_result['total_page'] = str(lens // page_item_number + 1)
if page_number > lens // page_item_number + 1:
return json.dumps(page_result)
if page_number * page_item_number < lens:
vulns = Vuln.objects(
script=script_id)[lens - (page_number * page_item_number):lens -
(page_item_number * (page_number - 1))]
else:
vulns = Vuln.objects(script=script_id)[0:lens - (page_item_number *
(page_number - 1))]
for each in vulns:
info = {}
script = Script.objects(script_id=each.script).first()
try:
info['task_name'] = cgi.escape(
Task.objects(task_id=each.task_id).first().task_name)
except:
info['task_name'] = u'该任务已删除,无法查看'
info['task_id'] = each.task_id
info['target'] = each.target
info['script_name'] = script.script_name
info['script_id'] = each.script
info['message'] = each.message
info['script_type'] = each.script_type
info['time'] = str(each.create_time).split('.')[0]
info['level'] = script.script_level
result.append(info)
page_result['info'] = result
return json.dumps(page_result)
def main():
nessus = authenticate()
session = Session()
for report in nessus.reports:
if report.status != 'completed':
continue
if session.query(exists().where(Report.uuid==report.uuid)).scalar():
continue
r = Report(
name=report.name,
uuid=report.uuid,
time=datetime.fromtimestamp(report.timestamp)
)
session.add(r)
for host in report.hosts:
h = Host(
hostname=host.hostname,
info=host.info['count'],
low=host.low['count'],
med=host.med['count'],
high=host.high['count'],
crit=host.critical['count'],
cpe=host.cpe.replace('The remote operating system matched the following CPE\'s : \n\n ', '')
)
h.report = r
session.add(h)
for vuln in report.vulns:
v = Vuln(
name=vuln.name,
family=vuln.family,
severity=vuln.severity,
plugin=vuln.plugin_id,
hosts_affected=len(report.hosts_affected_by(vuln)),
)
v.report = r
session.add(v)
session.commit()
def ScriptList(show_type):
result = []
page_result = {}
if show_type == 'index':
data = Vuln.objects.item_frequencies('script', normalize=True)
data = OrderedDict(
sorted(data.items(), key=lambda x: x[1], reverse=True))
for script_id, percent in data.items():
script = Script.objects(script_id=script_id).first()
info = {}
info['name'] = script.script_name
info['create_time'] = script.script_update_time
info['author'] = script.script_author
info['title'] = script.script_title
info['level'] = script.script_level
result.append(info)
if len(result) > 10:
result = result[0:10]
elif show_type == 'all':
data = Script.objects.all()
for each in data:
info = {}
info['id'] = each.script_id
info['detail'] = each.script_info
info['create_time'] = each.script_update_time
info['author'] = each.script_author
info['level'] = each.level
result.append(info)
result.reverse()
elif show_type == 'page':
page_number = int(request.args.get('p'))
lens = len(Script.objects)
page_result['total_page'] = str(lens // page_item_number + 1)
if page_number > lens // page_item_number + 1:
return json.dumps(page_result)
if page_number * page_item_number < lens:
data = Script.objects[lens -
(page_number * page_item_number):lens -
(page_item_number * (page_number - 1))]
else:
data = Script.objects[0:lens - (page_item_number *
(page_number - 1))]
for each in data:
info = {}
info['id'] = each.script_id
info['detail'] = each.script_info
info['create_time'] = each.script_update_time
info['author'] = each.script_author
info['level'] = each.script_level
info['count'] = Vuln.objects(script=each.script_id).count()
info['title'] = each.script_title
result.append(info)
result.reverse()
page_result['info'] = result
return json.dumps(page_result)
return json.dumps(result)
def SaveResultToDatabase(data):
if args.use_database == False:
return
if not len(data['result']):
return
try:
result = Result.objects(task_id=args.task_id)
result.update(result=json.dumps(data['result']),
high_count=data['high_count'],
medium_count=data['medium_count'],
low_count=data['low_count'])
for each in data['result']:
for script in each['result']:
if script['script_type'] == 'attack':
vuln_id = hashlib.md5(each['target'] +
script['script_name']).hexdigest()
if Vuln.objects(vuln_id=vuln_id).count() == 0:
Vuln(task_id=args.task_id,
vuln_id=vuln_id,
target=each['target'],
script=hashlib.md5(
script['script_name']).hexdigest(),
message=script['message'],
script_type=script['script_type']).save()
else:
vuln = Vuln.objects(vuln_id=vuln_id).first()
vuln.update(task_id=args.task_id,
target=each['target'],
script=hashlib.md5(
script['script_name']).hexdigest(),
message=script['message'],
script_type=script['script_type'])
elif script['script_type'] == 'info':
vuln_id = hashlib.md5(each['target'] +
script['script_name']).hexdigest()
if Vuln.objects(vuln_id=vuln_id).count() == 0:
Vuln(task_id=args.task_id,
vuln_id=vuln_id,
target=each['target'],
script=hashlib.md5(
script['script_name']).hexdigest(),
message=json.dumps(script['items']),
script_type=script['script_type']).save()
else:
vuln = Vuln.objects(vuln_id=vuln_id).first()
vuln.update(task_id=args.task_id,
target=each['target'],
script=hashlib.md5(
script['script_name']).hexdigest(),
message=json.dumps(script['items']),
script_type=script['script_type'])
except Exception, e:
raise DatabaseException(repr(e))
def DataInfo():
result = {}
result['vuln_count'] = Vuln.objects().all().count()
result['script_count'] = Script.objects.all().count()
return json.dumps(result)
def DataSearch(search_type):
keyword = request.args.get('keyword')
page_number = int(request.args.get('p'))
result = []
page_result = {}
if search_type == 'script':
lens = len(
Script.objects(__raw__={
'script_info': re.compile(keyword)
}).all())
page_result['total_page'] = str(lens // page_item_number + 1)
if page_number > lens // page_item_number + 1:
return json.dumps(page_result)
if page_number * page_item_number < lens:
scripts = Script.objects(
__raw__={'script_info': re.compile(keyword)
})[lens - (page_number * page_item_number):lens -
(page_item_number * (page_number - 1))]
else:
scripts = Script.objects(
__raw__={'script_info': re.compile(keyword)
})[0:lens - (page_item_number * (page_number - 1))]
for each in scripts:
info = {}
info['id'] = each.script_id
info['detail'] = each.script_info
info['create_time'] = each.script_update_time
info['author'] = each.script_author
info['level'] = each.script_level
info['count'] = Vuln.objects(script=each.script_id).count()
info['title'] = each.script_title
result.append(info)
elif search_type == 'task':
lens = len(
Status.objects(__raw__={
'task_name': re.compile(keyword)
}).all())
page_result['total_page'] = str(lens // page_item_number + 1)
if page_number > lens // page_item_number + 1:
return json.dumps(page_result)
if page_number * page_item_number < lens:
tasks = Status.objects(__raw__={'task_name': re.compile(
keyword)})[lens - (page_number * page_item_number):lens -
(page_item_number * (page_number - 1))]
else:
tasks = Status.objects(__raw__={'task_name': re.compile(
keyword)})[0:lens - (page_item_number * (page_number - 1))]
for each in tasks:
info = {}
info['create_time'] = str(each.create_time).split('.')[0]
info['task_name'] = cgi.escape(each.task_name)
info['task_id'] = each.task_id
info['status'] = each.status
info['progress'] = each.progress
result.append(info)
elif search_type == 'vuln':
lens = len(Vuln.objects(__raw__={'target': re.compile(keyword)}).all())
page_result['total_page'] = str(lens // page_item_number + 1)
if page_number > lens // page_item_number + 1:
return json.dumps(page_result)
if page_number * page_item_number < lens:
vulns = Vuln.objects(__raw__={'target': re.compile(
keyword)})[lens - (page_number * page_item_number):lens -
(page_item_number * (page_number - 1))]
else:
vulns = Vuln.objects(
__raw__={'target': re.compile(keyword)})[0:lens -
(page_item_number *
(page_number - 1))]
for each in vulns:
info = {}
script = Script.objects(script_id=each.script).first()
try:
info['task_name'] = cgi.escape(
Task.objects(task_id=each.task_id).first().task_name)
except:
info['task_name'] = u'该任务已删除,无法查看'
info['task_id'] = each.task_id
info['target'] = each.target
info['script_name'] = script.script_name
info['script_id'] = each.script
info['message'] = each.message
info['script_type'] = each.script_type
info['time'] = str(each.create_time).split('.')[0]
info['level'] = script.script_level
result.append(info)
page_result['info'] = result
return json.dumps(page_result)
def VulnList(show_type):
result = []
page_result = {}
if show_type == 'index':
data = Vuln.objects.item_frequencies('script', normalize=True)
data = OrderedDict(
sorted(data.items(), key=lambda x: x[1], reverse=True))
for script_id, percent in data.items():
info = {}
info['script'] = Script.objects(
script_id=script_id).first().script_name
info['count'] = str(Vuln.objects(script=script_id).count())
info['percent'] = "%.02f%%" % (percent * 100)
result.append(info)
if len(result) > 10:
result = result[0:10]
elif show_type == 'all':
data = Vuln.objects().all()
for each in data:
info = {}
script = Script.objects(script_id=each.script).first()
try:
info['task_name'] = cgi.escape(
Task.objects(task_id=each.task_id).first().task_name)
except:
info['task_name'] = u'该任务已删除,无法查看'
info['task_id'] = each.task_id
info['target'] = each.target
info['script_name'] = script.script_name
info['script_id'] = each.script
info['message'] = each.message
info['script_type'] = each.script_type
info['time'] = str(each.create_time).split('.')[0]
info['level'] = script.script_level
result.append(info)
result.reverse()
elif show_type == 'page':
page_number = int(request.args.get('p'))
lens = len(Vuln.objects)
page_result['total_page'] = str(lens // page_item_number + 1)
if page_number > lens // page_item_number + 1:
return json.dumps(page_result)
if page_number * page_item_number < lens:
data = Vuln.objects[lens - (page_number * page_item_number):lens -
(page_item_number * (page_number - 1))]
else:
data = Vuln.objects[0:lens - (page_item_number *
(page_number - 1))]
for each in data:
info = {}
script = Script.objects(script_id=each.script).first()
try:
info['task_name'] = cgi.escape(
Task.objects(task_id=each.task_id).first().task_name)
except:
info['task_name'] = u'该任务已删除,无法查看'
info['task_id'] = each.task_id
info['target'] = each.target
info['script_name'] = script.script_name
info['script_id'] = each.script
info['message'] = each.message
info['script_type'] = each.script_type
info['time'] = str(each.create_time).split('.')[0]
info['level'] = script.script_level
result.append(info)
result.reverse()
page_result['info'] = result
return json.dumps(page_result)
return json.dumps(result)