Beispiel #1
0
def graphs():
    """
    Products the main statistics and graphs
    """

    if request.vars.gtype.lower() == 'all':
        indexgraphs = graphs_index(db)

    return dict(indexgraphs=indexgraphs)
Beispiel #2
0
def graphs():
    """
    Products the main statistics and graphs
    """

    if request.vars.gtype.lower() == 'all':
        indexgraphs = graphs_index(db)


    return dict(indexgraphs = indexgraphs)
Beispiel #3
0
def index():
    """
    Kvasir welcoming index page.
    """
    response.files.append(URL(request.application, 'static', 'js/jquery.tagcloud-2.js'))
    response.files.append(URL(request.application, 'static', 'js/highcharts.js'))

    statistics = db_statistics()
    adv_stats = adv_db_statistics()
    graphs = graphs_index()
    return dict(statistics=statistics, adv_stats=adv_stats, graphs=graphs)
Beispiel #4
0
def index():
    """
    Kvasir welcoming index page.
    """
    response.files.append(URL(request.application, 'static', 'js/jquery.tagcloud-2.js'))
    response.files.append(URL(request.application, 'static', 'js/highcharts.js'))

    statistics = db_statistics()
    adv_stats = adv_db_statistics()
    graphs = graphs_index()
    return dict(statistics=statistics, adv_stats=adv_stats, graphs=graphs)
Beispiel #5
0
def spreadsheet():
    """
    Generate a Excel xlsx file of vulnerability and password statistics and charts
    """

    rows = db(db.t_hosts).select(db.t_hosts.f_asset_group, distinct=True)
    ags = [ag.f_asset_group for ag in rows]
    form = SQLFORM.factory(
        Field('ag_per_tab',
              'boolean',
              default=False,
              label=T('Tab per Asset Group')),
        Field('asset_group',
              'select',
              default=False,
              requires=IS_EMPTY_OR(IS_IN_SET(ags)),
              label=T('Specific Asset Group')),
    )
    response.title = "%s :: Excel Spreadsheet Generator" % (settings.title)
    if form.errors:
        response.flash = 'Error in form'
    elif form.process().accepted:
        if form.vars.asset_group:
            ags = [form.vars.asset_group]
        elif form.vars.ag_per_tab:
            rows = db(db.t_hosts).select(db.t_hosts.f_asset_group,
                                         distinct=True)
            ags = [ag.f_asset_group for ag in rows]
        else:
            ags = ['%']

        from skaldship.statistics import vulnlist, graphs_index
        from skaldship.general import vulntype_mapping
        import os
        from datetime import datetime
        from xlsxwriter.workbook import Workbook

        tmpfile = os.path.join(
            request.folder, 'data/stats/kvasir-stats-%s.xlsx' %
            datetime.now().strftime("%m%d%y-%H%M%S"))
        workbook = Workbook(tmpfile)
        bold = workbook.add_format({'bold': 1})

        # Create main statistics page / charts
        graphs = graphs_index()
        stat_worksheet = workbook.add_worksheet('Main Statistics')

        # Top Host Severity statistics / chart
        stat_worksheet.write('A1', 'Vuln Severity', bold)
        stat_worksheet.write('B1', 'Host Count', bold)
        row_num = 1
        col_num = 0
        for sev_cnt in graphs['top_host_sev_count_raw']:
            stat_worksheet.write_number(row_num, col_num, row_num)
            stat_worksheet.write_number(row_num, col_num + 1, int(sev_cnt))
            row_num += 1

        stat_chart_host = workbook.add_chart({'type': 'column'})
        stat_chart_host.add_series({
            'categories': ["'Main Statistics'", 1, 0, row_num - 1, 0],
            'values': ["'Main Statistics'", 1, 1, row_num - 1, 1],
            'name':
            'Host Count',
        })
        stat_chart_host.set_title({'name': 'Top Host Severities'})
        stat_chart_host.set_table({'show_keys': True})
        stat_chart_host.set_legend({'position': 'none'})
        stat_chart_host.set_x_axis({
            'min': 1,
            'max': 10,
            'name_font': {
                'bold': True
            },
        })
        stat_chart_host.set_size({'width': 768, 'height': 576})
        stat_worksheet.insert_chart('A13', stat_chart_host)

        # Vulnerability Severity statistics / chart
        stat_worksheet.write('D1', 'Vuln Severity', bold)
        stat_worksheet.write('E1', 'Vuln Count', bold)
        row_num = 1
        col_num = 3
        for sev_cnt in graphs['vuln_by_sev_count_raw']:
            stat_worksheet.write_number(row_num, col_num, row_num)
            stat_worksheet.write_number(row_num, col_num + 1, int(sev_cnt))
            row_num += 1

        stat_chart_vulns = workbook.add_chart({'type': 'column'})
        stat_chart_vulns.add_series({
            'categories': ["'Main Statistics'", 1, 3, row_num - 1, 3],
            'values': ["'Main Statistics'", 1, 4, row_num - 1, 4],
            'name':
            'Vulnerability Count',
        })
        stat_chart_vulns.set_title({'name': 'Top Vulnerability Severities'})
        stat_chart_vulns.set_table({'show_keys': True})
        stat_chart_vulns.set_legend({'position': 'none'})
        stat_chart_vulns.set_x_axis({
            'min': 1,
            'max': 10,
            'name_font': {
                'bold': True
            },
        })
        stat_chart_vulns.set_size({'width': 768, 'height': 576})
        stat_worksheet.insert_chart('G13', stat_chart_vulns)

        # Create tab(s) for vulnerability listings and charts
        for ag in ags:
            if ag == "%":
                ag = "Vulnlist"
                hostfilter = None
            else:
                hostfilter = {
                    'filtertype': 'assetgroup',
                    'content': ag,
                }

            vl_worksheet = workbook.add_worksheet(ag)
            vl_worksheet.write('A1', 'Vulnerability ID', bold)
            vl_worksheet.set_column(1, 0, 45)
            vl_worksheet.write('B1', 'Status', bold)
            vl_worksheet.set_column(1, 1, 20)
            vl_worksheet.write('C1', 'Count', bold)
            vl_worksheet.write('D1', 'Severity', bold)
            vl_worksheet.write('E1', 'CVSS Score', bold)

            # { 'vulnerability id': [ status, count, severity, cvss ] }
            vlist = vulnlist(hostfilter=hostfilter)
            vuln_count = 1
            vl_stats = {}
            for k, v in vlist.iteritems():
                col_num = 0
                for row in v:
                    (status, count, severity, cvss) = row
                    vl_worksheet.write_string(vuln_count, col_num, k)
                    vl_worksheet.write_string(vuln_count, col_num + 1, status)
                    vl_worksheet.write_number(vuln_count, col_num + 2,
                                              int(count))
                    vl_worksheet.write_number(vuln_count, col_num + 3,
                                              int(severity))
                    if cvss:
                        vl_worksheet.write_number(vuln_count, col_num + 4,
                                                  float(cvss))
                    vuln_count += 1

                    # make vl_stats dictionary:
                    # { 'status': { 1: count, 2:count ... }}
                    vl_tmpstatus = vl_stats.setdefault(
                        status, {
                            1: 0,
                            2: 0,
                            3: 0,
                            4: 0,
                            5: 0,
                            6: 0,
                            7: 0,
                            8: 0,
                            9: 0,
                            10: 0
                        })
                    status_tmp = vl_tmpstatus.setdefault(severity, 0)
                    vl_tmpstatus[severity] = status_tmp + count
                    vl_stats[status] = vl_tmpstatus

            # create vulnerability severity distribution chart
            vl_chart_ws_name = "%s VulnChart" % (ag)
            vl_chart_worksheet = workbook.add_worksheet(vl_chart_ws_name)
            vl_chart_worksheet.write('A1', 'Severity', bold)
            vl_chart = workbook.add_chart({'type': 'column'})
            for k, v in vl_stats.iteritems():
                vl_chart_worksheet.write(0, col_num, k, bold)
                row_num = 1
                for k2, v2 in v.iteritems():
                    vl_chart_worksheet.write(row_num, 0, k2)
                    vl_chart_worksheet.write(row_num, 1, v2)
                    row_num += 1

                vl_chart.add_series({
                    'categories':
                    ["'%s'" % (vl_chart_ws_name), 1, 0, row_num - 1, 0],
                    'values': [
                        "'%s'" % (vl_chart_ws_name), 1, col_num, row_num - 1,
                        col_num
                    ],
                    'name':
                    k,
                    'color':
                    vulntype_mapping(k)
                })
                col_num += 1

            # if multiple account groups, change title accordingly
            if ag == "Vulnlist":
                vl_chart.set_title(
                    {'name': 'Vulnerability Severity Distribution'})
            else:
                vl_chart.set_title(
                    {'name': 'Vulnerability Severity Distribution: %s' % (ag)})

            vl_chart.set_table({'show_keys': True})
            vl_chart.set_legend({'position': 'none'})
            vl_chart.set_x_axis({
                'min': 1,
                'max': 10,
                'name_font': {
                    'bold': True
                },
            })
            vl_chart.set_size({'width': 960, 'height': 576})

            vl_chart_worksheet.insert_chart('A13', vl_chart)

        # Top 15 passwords and UNIX / Windows distribution and compromised pie charts
        password_worksheet = workbook.add_worksheet('Passwords')
        pw_cnt = db.t_accounts.f_password.count()
        top15 = db(db.t_accounts.f_password != None).select(
            db.t_accounts.f_password,
            pw_cnt,
            groupby=db.t_accounts.f_password,
            orderby=~pw_cnt,
            limitby=(0, 15))
        password_worksheet.write('A1', 'Password', bold)
        password_worksheet.write('B1', 'Count', bold)
        row_num = 1
        for row in top15:
            password_worksheet.write(row_num, 0, row.t_accounts.f_password)
            password_worksheet.write(
                row_num, 1, row._extra['COUNT(t_accounts.f_password)'])
            row_num += 1

        # all done!
        workbook.close()
        redirect(URL('default', 'data_dir/stats'))

    return dict(form=form)
Beispiel #6
0
def spreadsheet():
    """
    Generate a Excel xlsx file of vulnerability and password statistics and charts
    """

    rows = db(db.t_hosts).select(db.t_hosts.f_asset_group, distinct=True)
    ags = [ag.f_asset_group for ag in rows]
    form=SQLFORM.factory(
        Field('ag_per_tab', 'boolean', default=False, label=T('Tab per Asset Group')),
        Field('asset_group', 'select', default=False, requires=IS_EMPTY_OR(IS_IN_SET(ags)), label=T('Specific Asset Group')),
    )
    response.title = "%s :: Excel Spreadsheet Generator" % (settings.title)
    if form.errors:
        response.flash = 'Error in form'
    elif form.process().accepted:
        if form.vars.asset_group:
            ags = [form.vars.asset_group]
        elif form.vars.ag_per_tab:
            rows = db(db.t_hosts).select(db.t_hosts.f_asset_group, distinct=True)
            ags = [ag.f_asset_group for ag in rows]
        else:
            ags = ['%']

        from skaldship.statistics import vulnlist, graphs_index
        from skaldship.general import vulntype_mapping
        import os
        from datetime import datetime
        from xlsxwriter.workbook import Workbook

        tmpfile = os.path.join(request.folder, 'data/stats/kvasir-stats-%s.xlsx' % datetime.now().strftime("%m%d%y-%H%M%S"))
        workbook = Workbook(tmpfile)
        bold = workbook.add_format({'bold': 1})

        # Create main statistics page / charts
        graphs = graphs_index()
        stat_worksheet = workbook.add_worksheet('Main Statistics')

        # Top Host Severity statistics / chart
        stat_worksheet.write('A1', 'Vuln Severity', bold)
        stat_worksheet.write('B1', 'Host Count', bold)
        row_num = 1
        col_num = 0
        for sev_cnt in graphs['top_host_sev_count_raw']:
            stat_worksheet.write_number(row_num, col_num, row_num)
            stat_worksheet.write_number(row_num, col_num+1, int(sev_cnt))
            row_num += 1

        stat_chart_host = workbook.add_chart({'type': 'column'})
        stat_chart_host.add_series({
            'categories': ["'Main Statistics'", 1, 0, row_num-1, 0],
            'values': ["'Main Statistics'", 1, 1, row_num-1, 1],
            'name': 'Host Count',
        })
        stat_chart_host.set_title({'name': 'Top Host Severities'})
        stat_chart_host.set_table({'show_keys': True})
        stat_chart_host.set_legend({'position': 'none'})
        stat_chart_host.set_x_axis({
            'min': 1,
            'max': 10,
            'name_font': {'bold': True},
        })
        stat_chart_host.set_size({'width': 768, 'height': 576})
        stat_worksheet.insert_chart('A13', stat_chart_host)

        # Vulnerability Severity statistics / chart
        stat_worksheet.write('D1', 'Vuln Severity', bold)
        stat_worksheet.write('E1', 'Vuln Count', bold)
        row_num = 1
        col_num = 3
        for sev_cnt in graphs['vuln_by_sev_count_raw']:
            stat_worksheet.write_number(row_num, col_num, row_num)
            stat_worksheet.write_number(row_num, col_num+1, int(sev_cnt))
            row_num += 1

        stat_chart_vulns = workbook.add_chart({'type': 'column'})
        stat_chart_vulns.add_series({
            'categories': ["'Main Statistics'", 1, 3, row_num-1, 3],
            'values': ["'Main Statistics'", 1, 4, row_num-1, 4],
            'name': 'Vulnerability Count',
        })
        stat_chart_vulns.set_title({'name': 'Top Vulnerability Severities'})
        stat_chart_vulns.set_table({'show_keys': True})
        stat_chart_vulns.set_legend({'position': 'none'})
        stat_chart_vulns.set_x_axis({
            'min': 1,
            'max': 10,
            'name_font': {'bold': True},
        })
        stat_chart_vulns.set_size({'width': 768, 'height': 576})
        stat_worksheet.insert_chart('G13', stat_chart_vulns)

        # Create tab(s) for vulnerability listings and charts
        for ag in ags:
            if ag == "%":
                ag = "Vulnlist"
                hostfilter = [(None, None), False]
            else:
                hostfilter = [('assetgroup', ag), False]

            vl_worksheet = workbook.add_worksheet(ag)
            vl_worksheet.write('A1', 'Vulnerability ID', bold)
            vl_worksheet.set_column(1, 0, 45)
            vl_worksheet.write('B1', 'Status', bold)
            vl_worksheet.set_column(1, 1, 20)
            vl_worksheet.write('C1', 'Count', bold)
            vl_worksheet.write('D1', 'Severity', bold)
            vl_worksheet.write('E1', 'CVSS Score', bold)

            # { 'vulnerability id': [ status, count, severity, cvss ] }
            vlist = vulnlist(hostfilter)
            vuln_count = 1
            vl_stats = {}
            for k, v in vlist.iteritems():
                col_num = 0
                for row in v:
                    (status, count, severity, cvss) = row
                    vl_worksheet.write_string(vuln_count, col_num, k)
                    vl_worksheet.write_string(vuln_count, col_num + 1, status)
                    vl_worksheet.write_number(vuln_count, col_num + 2, int(count))
                    vl_worksheet.write_number(vuln_count, col_num + 3, int(severity))
                    if cvss:
                        vl_worksheet.write_number(vuln_count, col_num + 4, float(cvss))
                    vuln_count += 1

                    # make vl_stats dictionary:
                    # { 'status': { 1: count, 2:count ... }}
                    vl_tmpstatus = vl_stats.setdefault(status, {
                        1: 0, 2: 0, 3: 0, 4: 0, 5: 0, 6: 0, 7: 0, 8: 0, 9: 0, 10: 0
                    })
                    status_tmp = vl_tmpstatus.setdefault(severity, 0)
                    vl_tmpstatus[severity] = status_tmp + count
                    vl_stats[status] = vl_tmpstatus

            # create vulnerability severity distribution chart
            vl_chart_ws_name = "%s VulnChart" % (ag)
            vl_chart_worksheet = workbook.add_worksheet(vl_chart_ws_name)
            vl_chart_worksheet.write('A1', 'Severity', bold)
            vl_chart = workbook.add_chart({'type': 'column'})
            for k,v in vl_stats.iteritems():
                vl_chart_worksheet.write(0, col_num, k, bold)
                row_num = 1
                for k2,v2 in v.iteritems():
                    vl_chart_worksheet.write(row_num, 0, k2)
                    vl_chart_worksheet.write(row_num, 1, v2)
                    row_num += 1

                vl_chart.add_series({
                    'categories': ["'%s'" % (vl_chart_ws_name), 1, 0, row_num-1, 0],
                    'values': ["'%s'" % (vl_chart_ws_name), 1, col_num, row_num-1, col_num],
                    'name': k,
                    'color': vulntype_mapping(k)
                })
                col_num += 1

            # if multiple account groups, change title accordingly
            if ag == "Vulnlist":
                vl_chart.set_title({'name': 'Vulnerability Severity Distribution'})
            else:
                vl_chart.set_title({'name': 'Vulnerability Severity Distribution: %s' % (ag)})

            vl_chart.set_table({'show_keys': True})
            vl_chart.set_legend({'position': 'none'})
            vl_chart.set_x_axis({
                'min': 1,
                'max': 10,
                'name_font': {'bold': True},
            })
            vl_chart.set_size({'width': 960, 'height': 576})

            vl_chart_worksheet.insert_chart('A13', vl_chart)

        # Top 15 passwords and UNIX / Windows distribution and compromised pie charts
        password_worksheet = workbook.add_worksheet('Passwords')
        pw_cnt = db.t_accounts.f_password.count()
        top15 = db(db.t_accounts.f_password != None).select(db.t_accounts.f_password, pw_cnt, groupby=db.t_accounts.f_password, orderby=~pw_cnt, limitby=(0,15))
        password_worksheet.write('A1', 'Password', bold)
        password_worksheet.write('B1', 'Count', bold)
        row_num = 1
        for row in top15:
            password_worksheet.write(row_num, 0, row.t_accounts.f_password)
            password_worksheet.write(row_num, 1, row._extra['COUNT(t_accounts.f_password)'])
            row_num += 1

        # all done!
        workbook.close()
        redirect(URL('default', 'data_dir/stats'))

    return dict(form=form)
Beispiel #7
0
def report():
    """
    Genereate a HTML-report with fields from statistics, hosts, vulns, and summaries from the wiki
    """

    statistics = db_statistics()
    adv_stats = adv_db_statistics()
    graphs = graphs_index()

    customer = settings.customer
    assessment = settings.assessment_typed
    start_date = settings.start_date or 'START DATE'
    end_date = settings.end_date or 'END DATE'

    # grab the filter type and value if provided or from the session
    if session.hostfilter is None:
        f_type = request.vars.f_type or None
        f_value = request.vars.f_value or None
    else:
        f_type = session.hostfilter[0]
        f_value = session.hostfilter[1]

    # this is a little hack to ensure a record is either blank or None
    # use it as "if variable not in notin:"
    notin = [None, '']
    unknown_cpeid_counter = 0

    hosts = []
    vulnerabilities = {}
    # go through each host, adding the os, services and vulns accordingly
    query = create_hostfilter_query([(f_type, f_value), False])
    for host_rec in db(query).select():
        host = {}
        host['ipv4'] = host_rec.f_ipv4
        host['asset_group'] = host_rec.f_asset_group
        if host_rec.f_ipv6:
            host['ipv6'] = host_rec.f_ipv6
        if host_rec.f_macaddr:
            host['macaddr'] = host_rec.f_macaddr
        if host_rec.f_hostname:
            host['hostname'] = host_rec.f_hostname.decode('utf-8')
        if host_rec.f_netbios_name:
            host['netbios_name'] = host_rec.f_netbios_name.decode('utf-8')

        # build the os information using the highest certainty record
        highest = (0, None)
        for os_rec in db(db.t_host_os_refs.f_hosts_id == host_rec.id).select():
            if os_rec.f_certainty > highest[0]:
                highest = (os_rec.f_certainty, os_rec)

        if highest[0] > 0:
            # add os element to the host
            record = highest[1]
            host['os'] = record
            host['os']['certainty'] = str(highest[0])
            if record.f_class not in notin:
                host['os']['class'] = record.f_class
            if record.f_family not in notin:
                host['os']['family'] = record.f_family

            # since some os records may not have a cpe id we'll mask them with
            # using their title, replacing spaces with underscores
            t_os_rec = db.t_os[record.f_os_id]
            if t_os_rec.f_cpename in notin:
                cpeid = t_os_rec.f_title.replace(' ', '_')
            else:
                cpeid = t_os_rec.f_cpename

            host['os']['id'] = cpeid

            # if the id isn't in os_records, add it
            # if 1:
            #     os_rec = db.t_os[highest[1].f_os_id]
            #     host['os']['id'] = cpeid
            #     host['os']['title'] = os_rec.f_title
            #
            #     if os_rec.f_vendor not in notin:
            #         host['os']['vendor'] = os_rec.f_vendor
            #
            #     if os_rec.f_product not in notin:
            #         host['os']['product'] = os_rec.f_product
            #
            #     if os_rec.f_version not in notin:
            #         host['os']['version'] = os_rec.f_version
            #
            #     if os_rec.f_update not in notin:
            #         host['os']['update'] = os_rec.f_update
            #
            #     if os_rec.f_edition not in notin:
            #         host['os']['edition'] = os_rec.f_edition
            #
            #     if os_rec.f_language not in notin:
            #         host['os']['language'] = os_rec.f_language

        # snmp strings
        snmp_recs = db(db.t_snmp.f_hosts_id == host_rec.id).select()
        if len(snmp_recs) > 0:
            host['snmps'] = []
            for record in snmp_recs:
                snmp = {}
                if record.f_community not in notin:
                    snmp['community'] = record.f_community.decode('utf-8')
                    snmp['version'] = record.f_version
                    snmp['access'] = record.f_access
                    host['snmps'].append(snmp)

        # netbios information
        netb_record = db(
            db.t_netbios.f_hosts_id == host_rec.id).select().first() or None
        if netb_record:
            host['netbios'] = {}
            if netb_record.f_type not in notin:
                host['netbios']['type'] = netb_record.f_type
            if netb_record.f_domain not in notin:
                host['netbios']['domain'] = netb_record.f_domain.decode(
                    'utf-8')
            if netb_record.f_lockout_limit not in notin:
                host['netbios']['lockout_limit'] = str(
                    netb_record.f_lockout_limit)
            if netb_record.f_lockout_duration not in notin:
                host['netbios']['lockout_duration'] = str(
                    netb_record.f_lockout_duration)

            if netb_record.f_advertised_names is not None:
                for name in netb_record.f_advertised_names:
                    host['netbios']['advertised_name'] = name.decode('utf-8')

        # build the services and vulnerabilities
        host['services'] = []
        for svc_rec in db(db.t_services.f_hosts_id == host_rec.id).select():
            service = {}
            service['proto'] = svc_rec.f_proto
            service['number'] = int(svc_rec.f_number)

            if svc_rec.f_name not in notin:
                service['name'] = svc_rec.f_name.decode('utf-8')
            else:
                service['name'] = T('unknown')

            if svc_rec.f_banner not in notin:
                service['banner'] = svc_rec.f_banner.decode('utf-8')

            # service configuration records
            svc_info_recs = db(
                db.t_service_info.f_services_id == svc_rec.id).select()
            if len(svc_info_recs) > 0:
                service['configs'] = []
                for info_rec in svc_info_recs:
                    config = {}
                    if info_rec.f_name not in notin:
                        config['name'] = info_rec.f_name
                        if info_rec.f_text not in notin:
                            config['text'] = info_rec.f_text.decode('utf-8')
                    service['configs'].append(config)

            # vulnerabilities
            svc_vuln_recs = db(
                db.t_service_vulns.f_services_id == svc_rec.id).select()
            if len(svc_vuln_recs) > 0:
                service['vulns'] = []
                for vuln_rec in svc_vuln_recs:
                    vuln = {}
                    vuln['status'] = vuln_rec.f_status
                    vuln['proof'] = vuln_rec.f_proof

                    vulndata = db.t_vulndata[vuln_rec.f_vulndata_id]
                    vuln['vulninfo'] = vulndata
                    vuln['id'] = vulndata.f_vulnid
                    vuln['title'] = vulndata.f_title
                    vuln['severity'] = str(vulndata.f_severity)
                    vuln['pci_sev'] = str(vulndata.f_pci_sev)
                    vuln['cvss_score'] = str(vulndata.f_cvss_score)
                    vuln['cvssmetrics'] = cvss_metrics(vulndata)
                    vuln['description'] = vulndata.f_description
                    vuln['solution'] = vulndata.f_solution

                    # find vulnerability references and add them
                    vuln_refs = db(db.t_vuln_references.f_vulndata_id ==
                                   vulndata.id).select()
                    if len(vuln_refs) > 0:
                        vuln['refs'] = []
                        for ref_rec in vuln_refs:
                            ref = {}
                            record = db.t_vuln_refs[ref_rec.f_vuln_ref_id]
                            ref['source'] = record.f_source
                            ref['text'] = record.f_text.decode('utf-8')
                            vuln['refs'].append(ref)

                    # find vulnerability exploits and add them
                    vuln_exploits = ''  #db(db.t_vuln_references.f_vulndata_id == vulndata.id).select()
                    if len(vuln_exploits) > 0:
                        vuln['exploits'] = []
                        for ref_rec in vuln_refs:
                            ref = {}
                            record = db.t_vuln_refs[ref_rec.f_vuln_ref_id]
                            ref['source'] = record.f_source
                            ref['text'] = record.f_text.decode('utf-8')
                            vuln['refs'].append(ref)

                    if (int(vuln['severity']) > 0):
                        service['vulns'].append(vuln)

                        vuln['hosts'] = []
                        vulnhost = {}
                        vulnhost['ipv4'] = host['ipv4']
                        if 'hostname' in host:
                            vulnhost['hostname'] = host['hostname']
                        else:
                            vulnhost['hostname'] = host['ipv4']
                        vulnhost['svcproto'] = service['proto']
                        vulnhost['svcnumber'] = service['number']
                        vulnhost['status'] = vuln_rec.f_status
                        vulnhost['proof'] = vuln_rec.f_proof
                        vulnhost['url'] = ''
                        if svc_rec.f_name not in notin:
                            vulnhost['svcname'] = svc_rec.f_name.decode(
                                'utf-8')
                        else:
                            vulnhost['svcname'] = T('unknown')
                        if svc_rec.f_banner not in notin:
                            vulnhost['svcbanner'] = svc_rec.f_banner.decode(
                                'utf-8')
                        id = str(vuln_rec.f_vulndata_id)
                        if id not in vulnerabilities:
                            vulnerabilities[id] = vuln
                        vulnerabilities[id]['hosts'].append(vulnhost)

                if len(service['vulns']) is 0:
                    del service['vulns']

            host['services'].append(service)
            # accounts
            #accounts = db(db.t_accounts.f_services_id == svc_rec.id).select()
            # if len(accounts) > 0:
            #     host['accounts'] = []
            #
            #     for acct_rec in accounts:
            #         account = {}
            #
            #         if acct_rec.f_username not in notin:
            #             account['username'] = acct_rec.f_username.decode('utf-8')
            #
            #         if acct_rec.f_fullname not in notin:
            #             account['fullname'] = acct_rec.f_fullname.decode('utf-8')
            #
            #         if acct_rec.f_password not in notin:
            #             account['password'] = acct_rec.f_password.decode('utf-8')
            #
            #         if acct_rec.f_hash1 not in notin:
            #             account['hash1'] = acct_rec.f_hash1
            #
            #         if acct_rec.f_hash1_type not in notin:
            #             account['hash1_type'] = acct_rec.f_hash1_type
            #
            #         if acct_rec.f_hash2 not in notin:
            #             account['hash2'] = acct_rec.f_hash2
            #
            #         if acct_rec.f_hash2_type not in notin:
            #             account['hash2_type'] = acct_rec.f_hash2_type
            #
            #         if acct_rec.f_uid not in notin:
            #             account['uid'] = acct_rec.f_uid
            #
            #         if acct_rec.f_gid not in notin:
            #             account['gid'] = acct_rec.f_gid
            #
            #         if acct_rec.f_level not in notin:
            #             account['level'] = acct_rec.f_level
            #
            #         if acct_rec.f_domain not in notin:
            #             account['domain'] = acct_rec.f_domain.decode('utf-8')
            #
            #         if acct_rec.f_description not in notin:
            #             account['description'] = acct_rec.f_description.decode('utf-8')
            #         host['accounts'].append(account)
        hosts.append(host)
    #response.files.append(URL(request.application,'static','js/jquery.sparkline.js'))

    #get JSON from host.list and use mockjax
    ext = request.extension
    request.extension = 'json'
    hostlist = list()  #Not an empty list
    request.extension = ext
    #remove the engineer field from the customers report
    hostlist['aaData'][-1]['10'] = None
    import re
    hostlist = re.sub("href=\"[^>]*>([^<]*)", "href=\"#\\1\">\\1",
                      str(hostlist))
    listjson = hostlist.replace('\"', '\\\"').replace('\'', '\"').replace(
        'L, ', ', ').replace('None', 'null')
    vulnlst = sorted(vulnerabilities,
                     key=lambda x: int(vulnerabilities[x]['severity']),
                     reverse=True)
    return dict(vulnlst=vulnlst,
                vulnerabilities=vulnerabilities,
                statistics=statistics,
                adv_stats=adv_stats,
                graphs=graphs,
                hosts=hosts,
                hostfilter=session.hostfilter,
                listjson=listjson)
Beispiel #8
0
def report():
    """
    Genereate a HTML-report with fields from statistics, hosts, vulns, and summaries from the wiki
    """

    statistics = db_statistics()
    adv_stats = adv_db_statistics()
    graphs = graphs_index()

    customer = settings.customer
    assessment = settings.assessment_typed
    start_date = settings.start_date or 'START DATE'
    end_date = settings.end_date or 'END DATE'

    # grab the filter type and value if provided or from the session
    if session.hostfilter is None:
        f_type  = request.vars.f_type or None
        f_value = request.vars.f_value or None
    else:
        f_type  = session.hostfilter[0]
        f_value = session.hostfilter[1]

    # this is a little hack to ensure a record is either blank or None
    # use it as "if variable not in notin:"
    notin = [ None, '' ]
    unknown_cpeid_counter = 0

    hosts = []
    vulnerabilities = {}
    # go through each host, adding the os, services and vulns accordingly
    query = create_hostfilter_query([(f_type, f_value), False])
    for host_rec in db(query).select():
        host = {}
        host['ipv4'] = host_rec.f_ipv4
        host['asset_group'] = host_rec.f_asset_group
        if host_rec.f_ipv6:
            host['ipv6'] = host_rec.f_ipv6
        if host_rec.f_macaddr:
            host['macaddr'] = host_rec.f_macaddr
        if host_rec.f_hostname:
            host['hostname'] = host_rec.f_hostname.decode('utf-8')
        if host_rec.f_netbios_name:
            host['netbios_name'] = host_rec.f_netbios_name.decode('utf-8')

        # build the os information using the highest certainty record
        highest = (0, None)
        for os_rec in db(db.t_host_os_refs.f_hosts_id == host_rec.id).select():
            if os_rec.f_certainty > highest[0]:
                highest = (os_rec.f_certainty, os_rec)

        if highest[0] > 0:
            # add os element to the host
            record = highest[1]
            host['os']=record
            host['os']['certainty'] = str(highest[0])
            if record.f_class not in notin:
                host['os']['class'] = record.f_class
            if record.f_family not in notin:
                host['os']['family'] = record.f_family

            # since some os records may not have a cpe id we'll mask them with
            # using their title, replacing spaces with underscores
            t_os_rec = db.t_os[record.f_os_id]
            if t_os_rec.f_cpename in notin:
                cpeid = t_os_rec.f_title.replace(' ', '_')
            else:
                cpeid = t_os_rec.f_cpename

            host['os']['id'] = cpeid

            # if the id isn't in os_records, add it
            # if 1:
            #     os_rec = db.t_os[highest[1].f_os_id]
            #     host['os']['id'] = cpeid
            #     host['os']['title'] = os_rec.f_title
            #
            #     if os_rec.f_vendor not in notin:
            #         host['os']['vendor'] = os_rec.f_vendor
            #
            #     if os_rec.f_product not in notin:
            #         host['os']['product'] = os_rec.f_product
            #
            #     if os_rec.f_version not in notin:
            #         host['os']['version'] = os_rec.f_version
            #
            #     if os_rec.f_update not in notin:
            #         host['os']['update'] = os_rec.f_update
            #
            #     if os_rec.f_edition not in notin:
            #         host['os']['edition'] = os_rec.f_edition
            #
            #     if os_rec.f_language not in notin:
            #         host['os']['language'] = os_rec.f_language

        # snmp strings
        snmp_recs = db(db.t_snmp.f_hosts_id == host_rec.id).select()
        if len(snmp_recs) > 0:
            host['snmps'] = []
            for record in snmp_recs:
                snmp = {}
                if record.f_community not in notin:
                    snmp['community'] = record.f_community.decode('utf-8')
                    snmp['version'] = record.f_version
                    snmp['access'] = record.f_access
                    host['snmps'].append(snmp)

        # netbios information
        netb_record = db(db.t_netbios.f_hosts_id == host_rec.id).select().first() or None
        if netb_record:
            host['netbios'] = {}
            if netb_record.f_type not in notin:
                host['netbios']['type'] =  netb_record.f_type
            if netb_record.f_domain not in notin:
                host['netbios']['domain'] =  netb_record.f_domain.decode('utf-8')
            if netb_record.f_lockout_limit not in notin:
                host['netbios']['lockout_limit'] =  str(netb_record.f_lockout_limit)
            if netb_record.f_lockout_duration not in notin:
                host['netbios']['lockout_duration'] =  str(netb_record.f_lockout_duration)

            if netb_record.f_advertised_names is not None:
                for name in netb_record.f_advertised_names:
                    host['netbios']['advertised_name'] = name.decode('utf-8')

        # build the services and vulnerabilities
        host['services'] = []
        for svc_rec in db(db.t_services.f_hosts_id == host_rec.id).select():
            service = {}
            service['proto'] = svc_rec.f_proto
            service['number'] = int(svc_rec.f_number)

            if svc_rec.f_name not in notin:
                service['name'] = svc_rec.f_name.decode('utf-8')
            else:
                service['name'] = T('unknown')

            if svc_rec.f_banner not in notin:
                service['banner'] = svc_rec.f_banner.decode('utf-8')

            # service configuration records
            svc_info_recs = db(db.t_service_info.f_services_id == svc_rec.id).select()
            if len(svc_info_recs) > 0:
                service['configs'] = []
                for info_rec in svc_info_recs:
                    config = {}
                    if info_rec.f_name not in notin:
                        config['name'] = info_rec.f_name
                        if info_rec.f_text not in notin:
                            config['text'] = info_rec.f_text.decode('utf-8')
                    service['configs'].append(config)

            # vulnerabilities
            svc_vuln_recs = db(db.t_service_vulns.f_services_id == svc_rec.id).select()
            if len(svc_vuln_recs) > 0:
                service['vulns'] = []
                for vuln_rec in svc_vuln_recs:
                    vuln = {}
                    vuln['status'] = vuln_rec.f_status
                    vuln['proof'] = vuln_rec.f_proof

                    vulndata = db.t_vulndata[vuln_rec.f_vulndata_id]
                    vuln['vulninfo'] = vulndata
                    vuln['id'] = vulndata.f_vulnid
                    vuln['title'] = vulndata.f_title
                    vuln['severity'] = str(vulndata.f_severity)
                    vuln['pci_sev'] = str(vulndata.f_pci_sev)
                    vuln['cvss_score'] = str(vulndata.f_cvss_score)
                    vuln['cvssmetrics'] = cvss_metrics(vulndata)
                    vuln['description'] = vulndata.f_description
                    vuln['solution'] = vulndata.f_solution

                    # find vulnerability references and add them
                    vuln_refs = db(db.t_vuln_references.f_vulndata_id == vulndata.id).select()
                    if len(vuln_refs) > 0:
                        vuln['refs'] = []
                        for ref_rec in vuln_refs:
                            ref = {}
                            record = db.t_vuln_refs[ref_rec.f_vuln_ref_id]
                            ref['source'] = record.f_source
                            ref['text'] = record.f_text.decode('utf-8')
                            vuln['refs'].append(ref)

                    # find vulnerability exploits and add them
                    vuln_exploits = '' #db(db.t_vuln_references.f_vulndata_id == vulndata.id).select()
                    if len(vuln_exploits) > 0:
                      vuln['exploits'] = []
                      for ref_rec in vuln_refs:
                        ref = {}
                        record = db.t_vuln_refs[ref_rec.f_vuln_ref_id]
                        ref['source'] = record.f_source
                        ref['text'] = record.f_text.decode('utf-8')
                        vuln['refs'].append(ref)

                    if (int(vuln['severity'])>0):
                      service['vulns'].append(vuln)

                      vuln['hosts'] = []
                      vulnhost = {}
                      vulnhost['ipv4'] = host['ipv4']
                      if 'hostname' in host:
                        vulnhost['hostname'] = host['hostname']
                      else:
                        vulnhost['hostname'] = host['ipv4']
                      vulnhost['svcproto'] = service['proto']
                      vulnhost['svcnumber'] = service['number']
                      vulnhost['status'] = vuln_rec.f_status
                      vulnhost['proof'] = vuln_rec.f_proof
                      vulnhost['url'] = ''
                      if svc_rec.f_name not in notin:
                          vulnhost['svcname'] = svc_rec.f_name.decode('utf-8')
                      else:
                          vulnhost['svcname'] = T('unknown')
                      if svc_rec.f_banner not in notin:
                          vulnhost['svcbanner'] = svc_rec.f_banner.decode('utf-8')
                      id = str(vuln_rec.f_vulndata_id)
                      if id not in vulnerabilities:
                          vulnerabilities[id] = vuln
                      vulnerabilities[id]['hosts'].append(vulnhost)

                if len(service['vulns']) is 0:
                  del service['vulns']

            host['services'].append(service)
            # accounts
            #accounts = db(db.t_accounts.f_services_id == svc_rec.id).select()
            # if len(accounts) > 0:
            #     host['accounts'] = []
            #
            #     for acct_rec in accounts:
            #         account = {}
            #
            #         if acct_rec.f_username not in notin:
            #             account['username'] = acct_rec.f_username.decode('utf-8')
            #
            #         if acct_rec.f_fullname not in notin:
            #             account['fullname'] = acct_rec.f_fullname.decode('utf-8')
            #
            #         if acct_rec.f_password not in notin:
            #             account['password'] = acct_rec.f_password.decode('utf-8')
            #
            #         if acct_rec.f_hash1 not in notin:
            #             account['hash1'] = acct_rec.f_hash1
            #
            #         if acct_rec.f_hash1_type not in notin:
            #             account['hash1_type'] = acct_rec.f_hash1_type
            #
            #         if acct_rec.f_hash2 not in notin:
            #             account['hash2'] = acct_rec.f_hash2
            #
            #         if acct_rec.f_hash2_type not in notin:
            #             account['hash2_type'] = acct_rec.f_hash2_type
            #
            #         if acct_rec.f_uid not in notin:
            #             account['uid'] = acct_rec.f_uid
            #
            #         if acct_rec.f_gid not in notin:
            #             account['gid'] = acct_rec.f_gid
            #
            #         if acct_rec.f_level not in notin:
            #             account['level'] = acct_rec.f_level
            #
            #         if acct_rec.f_domain not in notin:
            #             account['domain'] = acct_rec.f_domain.decode('utf-8')
            #
            #         if acct_rec.f_description not in notin:
            #             account['description'] = acct_rec.f_description.decode('utf-8')
            #         host['accounts'].append(account)
        hosts.append(host)
    #response.files.append(URL(request.application,'static','js/jquery.sparkline.js'))

    #get JSON from host.list and use mockjax
    ext = request.extension
    request.extension = 'json'
    hostlist = list() #Not an empty list
    request.extension = ext
    #remove the engineer field from the customers report
    hostlist['aaData'][-1]['10']=None
    import re
    hostlist = re.sub("href=\"[^>]*>([^<]*)","href=\"#\\1\">\\1", str(hostlist))
    listjson=hostlist.replace('\"','\\\"').replace('\'','\"').replace('L, ',', ').replace('None','null')
    vulnlst=sorted(vulnerabilities, key=lambda x: int(vulnerabilities[x]['severity']), reverse=True)
    return dict(
    vulnlst=vulnlst,
    vulnerabilities=vulnerabilities,
    statistics=statistics,
    adv_stats=adv_stats,
    graphs=graphs,
    hosts=hosts,
    hostfilter=session.hostfilter,
    listjson=listjson)