def main():
"""Main function"""
args = parse_arguments()
sweep = Scanner(
subnets=args.subnets,
threads=args.threads)
sweep.start()
def scan():
url = request.form.get('url')
cmsg = request.form.get('cms')
if cmsg in ['wordpress', 'drupal', 'joomla', 'vbulletin']:
cms = cmsg
else:
cms = find_cms(url)
if cms == "unknown":
resp = {"error": "Cannot Detect CMS"}
else:
resp = {"url": url, "cms": cms, "message": "Scheduled for Scan"}
scano = Scanner(app, url, cms)
Thread(target=scano.scan).start()
return jsonify(resp)
def post(self, audit_uuid):
"""Register new scan"""
schema = ScanInputSchema()
params, errors = schema.load(request.json)
if errors:
abort(400, errors)
# Scan UUID consists of upper 96 bits of audit UUID (=A) and 32 bits random number (=B),
# i.e., 'AAAAAAAA-AAAA-AAAA-AAAA-AAAABBBBBBBB'.
params["uuid"] = uuid.UUID(audit_uuid[0:24] + secrets.token_hex(4))
params["audit_id"] = AuditResource.get_audit_id_by_uuid(audit_uuid)
scanner_info = Scanner.get_info()
params["source_ip"] = scanner_info["source_ip"]
scan_insert_query = ScanTable(**params)
scan_insert_query.save()
return ScanResource.get_by_uuid(scan_insert_query.uuid)
try:
response = requests.get(target, headers=headers, timeout=60)
if response.status_code != 404:
print_failed("Unexpected HTTP status, expecting 404 got: %d" %
response.status_code)
print_red("Device is not running RomPager")
else:
if 'server' in response.headers:
server = response.headers.get('server')
if re.search('RomPager', server) is not None:
print_green("Got RomPager! Server:%s" % server)
if re.search('omg1337hax', response.text) is not None:
print_success(
"device is vulnerable to misfortune cookie")
else:
print_failed("test didn't pass.")
print_warning("Device MAY still be vulnerable")
else:
print_failed(
"RomPager not detected, device is running: %s " %
server)
else:
print_failed("Not running RomPager")
except requests.exceptions.Timeout:
print_error("Timeout!")
except requests.exceptions.ConnectionError:
print_error("No route to host")
Scanner()