def post(self, request):
setting_id = uuid.uuid4()
save_openvas_setting = save_settings.SaveSettings(api_data, )
if request.POST.get("openvas_enabled") == "on":
openvas_enabled = True
else:
openvas_enabled = False
openvas_host = request.POST.get("openvas_host")
openvas_port = request.POST.get("openvas_port")
openvas_user = request.POST.get("openvas_user")
openvas_password = request.POST.get("openvas_password")
save_openvas_setting.openvas_settings(
openvas_host=openvas_host,
openvas_port=openvas_port,
openvas_enabled=openvas_enabled,
openvas_user=openvas_user,
openvas_password=openvas_password,
setting_id=setting_id,
)
save_settings_data = SettingsDb(setting_id=setting_id,
setting_scanner="Openvas")
save_settings_data.save()
sel_profile = ""
openvas = OpenVAS_Plugin(
openvas_host,
setting_id,
sel_profile,
)
try:
openvas.connect()
openvas_info = True
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=openvas_info)
except:
openvas_info = False
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=openvas_info)
return HttpResponseRedirect(reverse("archerysettings:settings"))
def openvas_scanner(scan_ip, project_id, sel_profile, user):
"""
The function is launch the OpenVAS scans.
:param scan_ip:
:param project_id:
:param sel_profile:
:return:
"""
openvas = OpenVAS_Plugin(scan_ip, project_id, sel_profile)
try:
scanner = openvas.connect()
except Exception as e:
notify.send(user, recipient=user, verb='OpenVAS Setting not configured')
subject = 'Archery Tool Notification'
message = 'OpenVAS Scanner failed due to setting not found '
email_notify(user=user, subject=subject, message=message)
return
notify.send(user, recipient=user, verb='OpenVAS Scan Started')
subject = 'Archery Tool Notification'
message = 'OpenVAS Scan Started'
email_notify(user=user, subject=subject, message=message)
scan_id, target_id = openvas.scan_launch(scanner)
date_time = datetime.now()
save_all = scan_save_db(scan_id=str(scan_id),
project_id=str(project_id),
scan_ip=scan_ip,
target_id=str(target_id),
date_time=date_time,
scan_status=0.0)
save_all.save()
openvas.scan_status(scanner=scanner, scan_id=scan_id)
time.sleep(5)
vuln_an_id(scan_id=scan_id, project_id=project_id)
notify.send(user, recipient=user, verb='OpenVAS Scan Completed')
all_openvas = scan_save_db.objects.all()
all_vuln = ''
total_high = ''
total_medium = ''
total_low = ''
for openvas in all_openvas:
all_vuln = openvas.total_vul
total_high = openvas.high_total
total_medium = openvas.medium_total
total_low = openvas.low_total
subject = 'Archery Tool Notification'
message = 'OpenVAS Scan Completed <br>' \
'Total: %s <br>Total High: %s <br>' \
'Total Medium: %s <br>Total Low %s' % (all_vuln, total_high, total_medium, total_low)
email_notify(user=user, subject=subject, message=message)
return HttpResponse(status=201)
def openvas_scanner(scan_ip, project_id, sel_profile):
"""
The function is launch the OpenVAS scans.
:param scan_ip:
:param project_id:
:param sel_profile:
:return:
"""
openvas = OpenVAS_Plugin(scan_ip, project_id, sel_profile)
scanner = openvas.connect()
scan_id, target_id = openvas.scan_launch(scanner)
date_time = datetime.now()
save_all = scan_save_db(scan_id=str(scan_id),
project_id=str(project_id),
scan_ip=scan_ip,
target_id=str(target_id),
date_time=date_time)
save_all.save()
openvas.scan_status(scanner=scanner, scan_id=scan_id)
time.sleep(5)
vuln_an_id(scan_id=scan_id)
return HttpResponse(status=201)
def openvas_scanner(scan_ip, project_id, sel_profile):
"""
The function is launch the OpenVAS scans.
:param scan_ip:
:param project_id:
:param sel_profile:
:return:
"""
openvas = OpenVAS_Plugin(scan_ip, project_id, sel_profile)
scanner = openvas.connect()
scan_id, target_id = openvas.scan_launch(scanner)
date_time = datetime.now()
save_all = scan_save_db(scan_id=str(scan_id),
project_id=str(project_id),
scan_ip=scan_ip,
target_id=str(target_id),
date_time=date_time)
save_all.save()
openvas.scan_status(scanner=scanner, scan_id=scan_id)
time.sleep(5)
vuln_an_id(scan_id=scan_id)
return HttpResponse(status=201)
def openvas_scanner(scan_ip, project_id, sel_profile, user):
"""
The function is launch the OpenVAS scans.
:param scan_ip:
:param project_id:
:param sel_profile:
:return:
"""
openvas = OpenVAS_Plugin(
scan_ip,
project_id,
sel_profile,
)
try:
scanner = openvas.connect()
except Exception as e:
notify.send(user,
recipient=user,
verb="OpenVAS Setting not configured")
subject = "Archery Tool Notification"
message = "OpenVAS Scanner failed due to setting not found "
email_notify(user=user, subject=subject, message=message)
return
notify.send(user, recipient=user, verb="OpenVAS Scan Started")
subject = "Archery Tool Notification"
message = "OpenVAS Scan Started"
email_notify(user=user, subject=subject, message=message)
scan_id, target_id = openvas.scan_launch(scanner)
date_time = datetime.now()
save_all = NetworkScanDb(
scan_id=str(scan_id),
project_id=str(project_id),
ip=scan_ip,
date_time=date_time,
scan_status=0.0,
scanner="Openvas",
)
save_all.save()
openvas.scan_status(scanner=scanner, scan_id=scan_id)
time.sleep(5)
vuln_an_id(
scan_id=scan_id,
project_id=project_id,
)
notify.send(user, recipient=user, verb="OpenVAS Scan Completed")
all_openvas = NetworkScanDb.objects.filter()
all_vuln = ""
total_high = ""
total_medium = ""
total_low = ""
for openvas in all_openvas:
all_vuln = openvas.total_vul
total_high = openvas.high_vul
total_medium = openvas.medium_vul
total_low = openvas.low_vul
subject = "Archery Tool Notification"
message = ("OpenVAS Scan Completed <br>"
"Total: %s <br>Total High: %s <br>"
"Total Medium: %s <br>Total Low %s" %
(all_vuln, total_high, total_medium, total_low))
email_notify(user=user, subject=subject, message=message)
return HttpResponse(status=201)
def setting(request):
"""
The function calling setting page.
:param request:
:return:
"""
all_notify = Notification.objects.unread()
jira_url = None
j_username = None
password = None
# Loading settings
username = request.user.username
settings = load_settings.ArcherySettings(setting_file, username=username)
lod_ov_user = settings.openvas_username()
lod_ov_pass = settings.openvas_pass()
lod_ov_host = settings.openvas_host()
lod_ov_port = settings.openvas_port()
lod_ov_enabled = settings.openvas_enabled()
# Loading ZAP Settings
zap_api_key = ''
zap_hosts = ''
zap_ports = ''
zap_enable = False
all_zap = zap_settings_db.objects.filter(username=username)
for zap in all_zap:
zap_api_key = zap.zap_api
zap_hosts = zap.zap_url
zap_ports = zap.zap_port
zap_enable = zap.enabled
lod_apikey = zap_api_key
zap_host = zap_hosts
zap_port = zap_ports
# Loading Arachni Settings
arachni_hosts = ''
arachni_ports = ''
all_arachni = arachni_settings_db.objects.filter(username=username)
for arachni in all_arachni:
arachni_hosts = arachni.arachni_url
arachni_ports = arachni.arachni_port
arachni_hosts = arachni_hosts
arachni_ports = arachni_ports
# Loading NMAP Vulners Settings
nv_enabled = False
nv_online = False
nv_version = False
nv_timing = 0
all_nv = nmap_vulners_setting_db.objects.filter(username=username)
for nv in all_nv:
nv_enabled = bool(nv.enabled)
nv_online = bool(nv.online)
nv_version = bool(nv.version)
nv_timing = int(nv.timing)
# Loading Burp Settings
burp_host = settings.burp_host()
burp_port = settings.burp_port()
burp_api_key = settings.burp_api_key()
# Loading Email Settings
all_email = email_db.objects.filter(username=username)
# Load JIRA Setting
jira_setting = jirasetting.objects.filter(username=username)
for jira in jira_setting:
jira_url = jira.jira_server
j_username = jira.jira_username
password = jira.jira_password
jira_server = jira_url
if j_username is None:
jira_username = None
else:
jira_username = signing.loads(j_username)
if password is None:
jira_password = None
else:
jira_password = signing.loads(password)
username = request.user.username
zap_enabled = False
random_port = '8091'
target_url = 'https://archerysec.com'
zap_info = ''
burp_info = ''
openvas_info = ''
arachni_info = ''
jira_info = ''
if request.method == 'POST':
setting_of = request.POST.get('setting_of')
if setting_of == 'zap':
all_zap = zap_settings_db.objects.filter(username=username)
for zap in all_zap:
zap_enabled = zap.enabled
if zap_enabled is False:
zap_info = 'Disabled'
try:
random_port = zap_plugin.zap_local()
except:
return render(request, 'setting.html',
{'zap_info': zap_info})
for i in range(0, 100):
while True:
try:
# Connection Test
zap_connect = zap_plugin.zap_connect(
random_port, username=username)
zap_connect.spider.scan(url=target_url)
except Exception as e:
print(
"ZAP Connection Not Found, re-try after 5 sec")
time.sleep(5)
continue
break
else:
try:
zap_connect = zap_plugin.zap_connect(random_port,
username=username)
zap_connect.spider.scan(url=target_url)
zap_info = True
except:
zap_info = False
if setting_of == 'burp':
host = 'http://' + burp_host + ':' + burp_port + '/'
bi = burpscanner.BurpApi(host, burp_api_key)
issue_list = bi.issue_definitions()
if issue_list.data is None:
burp_info = False
else:
burp_info = True
if setting_of == 'openvas':
sel_profile = ''
openvas = OpenVAS_Plugin(scan_ip,
project_id,
sel_profile,
username=username)
try:
openvas.connect()
openvas_info = True
except:
openvas_info = False
if setting_of == 'arachni':
global scan_run_id, scan_status
arachni_hosts = None
arachni_ports = None
all_arachni = arachni_settings_db.objects.filter(username=username)
for arachni in all_arachni:
arachni_hosts = arachni.arachni_url
arachni_ports = arachni.arachni_port
arachni = PyArachniapi.arachniAPI(arachni_hosts, arachni_ports)
check = []
data = {
"url": 'https://archerysec.com',
"checks": check,
"audit": {}
}
d = json.dumps(data)
scan_launch = arachni.scan_launch(d)
time.sleep(3)
try:
scan_data = scan_launch.data
for key, value in scan_data.items():
if key == 'id':
scan_run_id = value
arachni_info = True
except Exception:
arachni_info = False
if setting_of == 'jira':
global jira_projects, jira_ser
jira_setting = jirasetting.objects.filter(username=username)
for jira in jira_setting:
jira_url = jira.jira_server
username = jira.jira_username
password = jira.jira_password
jira_server = jira_url
jira_username = signing.loads(username)
jira_password = signing.loads(password)
options = {'server': jira_server}
try:
jira_ser = JIRA(options,
basic_auth=(jira_username, jira_password),
timeout=5)
jira_projects = jira_ser.projects()
print(len(jira_projects))
jira_info = True
except Exception as e:
print(e)
jira_info = False
return render(
request, 'setting.html', {
'apikey': lod_apikey,
'zapath': zap_host,
'zap_port': zap_port,
'zap_enable': zap_enable,
'arachni_hosts': arachni_hosts,
'arachni_ports': arachni_ports,
'lod_ov_user': lod_ov_user,
'lod_ov_pass': lod_ov_pass,
'lod_ov_host': lod_ov_host,
'lod_ov_enabled': lod_ov_enabled,
'lod_ov_port': lod_ov_port,
'burp_path': burp_host,
'burp_port': burp_port,
'burp_api_key': burp_api_key,
'all_email': all_email,
'jira_server': jira_server,
'jira_username': jira_username,
'jira_password': jira_password,
'nv_enabled': nv_enabled,
'nv_version': nv_version,
'nv_online': nv_online,
'nv_timing': nv_timing,
'message': all_notify,
'zap_info': zap_info,
'burp_info': burp_info,
'openvas_info': openvas_info,
'arachni_info': arachni_info,
'jira_info': jira_info
})
def post(self, request):
all_notify = Notification.objects.unread()
jira_url = None
j_username = None
password = None
# Loading settings
all_settings_data = SettingsDb.objects.filter()
# Loading ZAP Settings
zap_api_key = ""
zap_hosts = ""
zap_ports = ""
zap_enable = False
all_zap = ZapSettingsDb.objects.filter()
for zap in all_zap:
zap_api_key = zap.zap_api
zap_hosts = zap.zap_url
zap_ports = zap.zap_port
zap_enable = zap.enabled
lod_apikey = zap_api_key
zap_host = zap_hosts
zap_port = zap_ports
# Loading Arachni Settings
arachni_hosts = ""
arachni_ports = ""
arachni_user = ""
arachni_pass = ""
all_arachni = ArachniSettingsDb.objects.filter()
for arachni in all_arachni:
arachni_hosts = arachni.arachni_url
arachni_ports = arachni.arachni_port
arachni_user = arachni.arachni_user
arachni_pass = arachni.arachni_pass
burp_host = ""
burp_port = ""
burp_api_key = ""
all_burp_setting = BurpSettingDb.objects.all()
for data in all_burp_setting:
burp_host = data.burp_url
burp_port = data.burp_port
burp_api_key = data.burp_api_key
jira_setting = jirasetting.objects.all()
for jira in jira_setting:
jira_url = jira.jira_server
j_username = jira.jira_username
password = jira.jira_password
jira_server = jira_url
if j_username is None:
jira_username = None
else:
jira_username = signing.loads(j_username)
if password is None:
jira_password = None
else:
jira_password = signing.loads(password)
zap_enabled = False
random_port = "8091"
target_url = "https://archerysec.com"
setting_of = request.POST.get("setting_of")
setting_id = request.POST.get("setting_id")
if setting_of == "zap":
all_zap = ZapSettingsDb.objects.filter()
for zap in all_zap:
zap_enabled = zap.enabled
if zap_enabled is False:
zap_info = "Disabled"
try:
random_port = zap_plugin.zap_local()
except:
return render(
request, "setting/settings_page.html", {"zap_info": zap_info}
)
for i in range(0, 100):
while True:
try:
# Connection Test
zap_connect = zap_plugin.zap_connect(random_port)
zap_connect.spider.scan(url=target_url)
except Exception as e:
print("ZAP Connection Not Found, re-try after 5 sec")
time.sleep(5)
continue
break
else:
try:
zap_connect = zap_plugin.zap_connect(random_port)
zap_connect.spider.scan(url=target_url)
zap_info = True
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=zap_info
)
except:
zap_info = False
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=zap_info
)
if setting_of == "burp":
host = "http://" + burp_host + ":" + burp_port + "/"
try:
bi = burpscanner.BurpApi(host, burp_api_key)
except:
burp_info = False
return burp_info
issue_list = bi.issue_definitions()
if issue_list.data is None:
burp_info = False
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=burp_info
)
else:
burp_info = True
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=burp_info
)
if setting_of == "openvas":
sel_profile = ""
scan_ip = ""
project_id = ""
openvas = OpenVAS_Plugin(scan_ip, project_id, sel_profile)
try:
openvas.connect()
openvas_info = True
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=openvas_info
)
except:
openvas_info = False
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=openvas_info
)
if setting_of == "arachni":
global scan_run_id, scan_status
arachni_hosts = None
arachni_ports = None
arachni_user = None
arachni_pass = None
all_arachni = ArachniSettingsDb.objects.filter()
for arachni in all_arachni:
arachni_hosts = arachni.arachni_url
arachni_ports = arachni.arachni_port
arachni_user = arachni.arachni_user
arachni_pass = arachni.arachni_pass
arachni = PyArachniapi.arachniAPI(
arachni_hosts, arachni_ports, arachni_user, arachni_pass
)
check = []
data = {"url": "https://archerysec.com", "checks": check, "audit": {}}
d = json.dumps(data)
scan_launch = arachni.scan_launch(d)
time.sleep(3)
try:
scan_data = scan_launch.data
for key, value in scan_data.items():
if key == "id":
scan_run_id = value
arachni_info = True
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=arachni_info
)
except Exception:
arachni_info = False
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=arachni_info
)
if setting_of == "jira":
global jira_projects, jira_ser
jira_setting = jirasetting.objects.filter()
for jira in jira_setting:
jira_url = jira.jira_server
username = jira.jira_username
password = jira.jira_password
if jira_url is None:
print("No jira url found")
try:
jira_server = jira_url
jira_username = signing.loads(username)
jira_password = signing.loads(password)
except:
jira_info = False
options = {"server": jira_server}
try:
jira_ser = JIRA(
options, basic_auth=(jira_username, jira_password), timeout=5
)
jira_projects = jira_ser.projects()
print(len(jira_projects))
jira_info = True
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=jira_info
)
except Exception as e:
print(e)
jira_info = False
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=jira_info
)
return render(
request,
"setting/settings_page.html",
{"all_settings_data": all_settings_data, "all_notify": all_notify},
)
