Beispiel #1
def start_scan():
    Starts a new w3af scan

    Receive a JSON containing:
        - A list with the target URLs
        - The profile (eg. the content of fast_scan.pw3af)

    :return: A JSON containing:
        - The URL to the newly created scan (eg. /scans/1)
        - The newly created scan ID (eg. 1)
    if not request.json or not 'scan_profile' in request.json:
        abort(400, 'Expected scan_profile in JSON object')

    if not request.json or not 'target_urls' in request.json:
        abort(400, 'Expected target_urls in JSON object')

    scan_profile = request.json['scan_profile']
    target_urls = request.json['target_urls']

    # First make sure that there are no other scans running, remember that this
    # REST API is an MVP and we can only run one scan at the time (for now)
    scan_infos = SCANS.values()
    if not all([si is None for si in scan_infos]):
        abort(400, 'This version of the REST API does not support'
                   ' concurrent scans. Remember to DELETE finished scans'
                   ' before starting a new one.')

    # Before trying to start a new scan we verify that the scan profile is
    # valid and return an informative error if it's not
    scan_profile_file_name, profile_path = create_temp_profile(scan_profile)
    w3af_core = w3afCore()

    except BaseFrameworkException, bfe:
        abort(400, str(bfe))
Beispiel #2
def start_scan():
    Starts a new w3af scan

    Receive a JSON containing:
        - A list with the target URLs
        - The profile (eg. the content of fast_scan.pw3af)

    :return: A JSON containing:
        - The URL to the newly created scan (eg. /scans/1)
        - The newly created scan ID (eg. 1)
    if not request.json or not 'scan_profile' in request.json:
        abort(400, 'Expected scan_profile in JSON object')

    if not request.json or not 'target_urls' in request.json:
        abort(400, 'Expected target_urls in JSON object')

    scan_profile = request.json['scan_profile']
    target_urls = request.json['target_urls']

    # First make sure that there are no other scans running, remember that this
    # REST API is an MVP and we can only run one scan at the time (for now)
    scan_infos = SCANS.values()
    if not all([si is None for si in scan_infos]):
            400, 'This version of the REST API does not support'
            ' concurrent scans. Remember to DELETE finished scans'
            ' before starting a new one.')

    # Before trying to start a new scan we verify that the scan profile is
    # valid and return an informative error if it's not
    scan_profile_file_name, profile_path = create_temp_profile(scan_profile)
    w3af_core = w3afCore()

    except BaseFrameworkException, bfe:
        abort(400, str(bfe))
Beispiel #3
def start_scan():
    Starts a new w3af scan

    Receive a JSON containing:
        - A list with the target URLs
        - The profile (eg. the content of fast_scan.pw3af)

    :return: A JSON containing:
        - The URL to the newly created scan (eg. /scans/1)
        - The newly created scan ID (eg. 1)
    #if not request.json or not 'scan_profile' in request.json:
    #    abort(400, 'Expected scan_profile in JSON object')

    if not request.json or not 'target_urls' in request.json:
        abort(400, 'Expected target_urls in JSON object')

    scan_profile = file('fast_scan.pw3af').read()
    target_urls = request.json['target_urls']

    if (not len(target_urls)) or len(target_urls) > 1:
	abort(400, 'Invalid URL: "%s"' % target_url)
    scanResult = None
    for target_url in target_urls:
	    scanResult = scanGet(target_url)
        except ValueError:
            abort(400, 'Invalid URL: "%s"' % target_url)

    if scanResult != None:
	return jsonify({'message': 'Success',
        	'id': scanResult.scanId,
                'href': '/scans/%s' % scanResult.scanId}), 201
    # First make sure that there are no other scans running, remember that this
    # REST API is an MVP and we can only run one scan at the time (for now)
    scan_infos = SCANS.values()
    if not all([si is None for si in scan_infos]):
        abort(400, 'This version of the REST API does not support'
                   ' concurrent scans. Remember to DELETE finished scans'
                   ' before starting a new one.')
    # Before trying to start a new scan we verify that the scan profile is
    # valid and return an informative error if it's not
    #scan_profile_file_name = 'fast_scan.pw3af'
    #profiles_path = '../../../../../profiles/'
    scan_profile_file_name, profile_path = create_temp_profile(scan_profile)
    w3af_core = w3afCore()

    except BaseFrameworkException, bfe:
        abort(400, str(bfe))
Beispiel #4
def start_scan():
    Starts a new w3af scan

    Receive a JSON containing:
        - A list with the target URLs
        - The profile (eg. the content of fast_scan.pw3af)

    :return: A JSON containing:
        - The URL to the newly created scan (eg. /scans/1)
        - The newly created scan ID (eg. 1)
    if not request.json or 'scan_profile' not in request.json:
        abort(400, 'Expected scan_profile in JSON object')

    if 'target_urls' not in request.json:
        abort(400, 'Expected target_urls in JSON object')

    scan_profile = request.json['scan_profile']
    target_urls = request.json['target_urls']

    # First make sure that there are no other scans running, remember that this
    # REST API is an MVP and we can only run one scan at the time (for now)
    scan_infos = SCANS.values()
    if not all([si is None for si in scan_infos]):
        abort(400, 'This version of the REST API does not support'
                   ' concurrent scans. Remember to DELETE finished scans'
                   ' before starting a new one.')

    # Before trying to start a new scan we verify that the scan profile is
    # valid and return an informative error if it's not
    # scan_profile_file_name, profile_path = create_temp_profile(scan_profile)
    # w3af_core = w3afCore()
    # try:
    #     w3af_core.profiles.use_profile(scan_profile_file_name,
    #                                    workdir=profile_path)
    # except BaseFrameworkException, bfe:
    #     abort(400, str(bfe))

    # Now that we know that the profile is valid I verify the scan target info
    if not len(target_urls):
        abort(400, 'No target URLs specified')

    for target_url in target_urls:
        except ValueError:
            abort(400, 'Invalid URL: "%s"' % target_url)

    # target_options =
    # target_option = target_options['target']
    # try:
    #     target_option.set_value([URL(u) for u in target_urls])
    # except BaseFrameworkException, bfe:
    #     abort(400, str(bfe))

    # Finally, start the scan in a different thread
    scan_id = get_new_scan_id()
    scan_info_setup = Event()

    args = (target_urls, scan_profile, scan_info_setup)
    t = Process(target=start_scan_helper, name='ScanThread', args=args)
    t.daemon = True


    # Wait until the thread starts

    return jsonify({'message': 'Success',
                    'id': scan_id,
                    'href': '/scans/%s' % scan_id}), 201
Beispiel #5
def start_scan():
    Starts a new w3af scan

    Receive a JSON containing:
        - A list with the target URLs
        - The profile (eg. the content of fast_scan.pw3af)

    :return: A JSON containing:
        - The URL to the newly created scan (eg. /scans/1)
        - The newly created scan ID (eg. 1)
    if not request.json or 'scan_profile' not in request.json:
        abort(400, 'Expected scan_profile in JSON object')

    if 'target_urls' not in request.json:
        abort(400, 'Expected target_urls in JSON object')

    scan_profile = request.json['scan_profile']
    target_urls = request.json['target_urls']

    # First make sure that there are no other scans running, remember that this
    # REST API is an MVP and we can only run one scan at the time (for now)
    scan_infos = SCANS.values()
    if not all([si is None for si in scan_infos]):
            400, 'This version of the REST API does not support'
            ' concurrent scans. Remember to DELETE finished scans'
            ' before starting a new one.')

    # Before trying to start a new scan we verify that the scan profile is
    # valid and return an informative error if it's not
    # scan_profile_file_name, profile_path = create_temp_profile(scan_profile)
    # w3af_core = w3afCore()
    # try:
    #     w3af_core.profiles.use_profile(scan_profile_file_name,
    #                                    workdir=profile_path)
    # except BaseFrameworkException, bfe:
    #     abort(400, str(bfe))

    # Now that we know that the profile is valid I verify the scan target info
    if not len(target_urls):
        abort(400, 'No target URLs specified')

    for target_url in target_urls:
        except ValueError:
            abort(400, 'Invalid URL: "%s"' % target_url)

    # target_options =
    # target_option = target_options['target']
    # try:
    #     target_option.set_value([URL(u) for u in target_urls])
    # except BaseFrameworkException, bfe:
    #     abort(400, str(bfe))

    # Finally, start the scan in a different thread
    scan_id = get_new_scan_id()
    scan_info_setup = Event()

    args = (target_urls, scan_profile, scan_info_setup)
    t = Process(target=start_scan_helper, name='ScanThread', args=args)
    t.daemon = True


    # Wait until the thread starts

    return jsonify({
        'message': 'Success',
        'id': scan_id,
        'href': '/scans/%s' % scan_id
    }), 201