def notify_stage(self, audit_name, stage):
"""
This method is called when an audit moves to another execution stage.
:param audit_name: Name of the audit.
:type audit_name: str
:param stage: Name of the execution stage.
Must be one of the following:
- "start" - The audit has just started.
- "import" - Importing external data into the database.
- "recon" - Performing reconnaisance on the targets.
- "scan" - Scanning the targets for vulnerabilities.
- "attack" - Attacking the target using the vulnerabilities found.
- "intrude" - Gathering information after a successful attack.
- "cleanup" - Cleaning up after an attack.
- "report" - Generating a report for the audit.
- "finish" - The audit has finished.
- "cancel" - The audit has been canceled by the user.
:type stage: str
"""
# Log the event.
print "[%s] Entering stage: %s" % (audit_name,
get_stage_display_name(stage))
# Save the audit stage.
self.audit_stage[audit_name] = stage
# Clear the progress for this audit.
self.plugin_state[audit_name].clear()
# Increase steps if recon stage was reached.
if stage == "recon":
self.steps[audit_name] += 1
# Send the audit stage.
packet = ("stage", audit_name, stage)
self.bridge.send(packet)
def recv_msg(self, message):
# Process status messages.
if message.message_type == MessageType.MSG_TYPE_STATUS:
# A plugin has started.
if message.message_code == MessageCode.MSG_STATUS_PLUGIN_BEGIN:
# Create a simple ID for the plugin execution.
id_dict = self.current_plugins[Config.audit_name][
message.plugin_id]
simple_id = len(id_dict)
id_dict[message.ack_identity] = simple_id
# Show this event in extra verbose mode.
if Console.level >= Console.MORE_VERBOSE:
# Show a message to the user.
m_plugin_name = self.get_plugin_name(
message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[*] " + m_plugin_name,
"informational")
m_text = "%s: Started." % m_plugin_name
Console.display(m_text)
# A plugin has ended.
elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_END:
# Show this event in extra verbose mode.
if Console.level >= Console.MORE_VERBOSE:
# Show a message to the user.
m_plugin_name = self.get_plugin_name(
message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[*] " + m_plugin_name,
"informational")
m_text = "%s: Finished." % m_plugin_name
Console.display(m_text)
# Free the simple ID for the plugin execution.
try:
del self.current_plugins[Config.audit_name][
message.plugin_id][message.ack_identity]
except KeyError:
pass
# A plugin has advanced.
elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_STEP:
# Show this event in verbose mode.
if Console.level >= Console.VERBOSE:
# Get the plugin name.
m_plugin_name = self.get_plugin_name(
message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[*] " + m_plugin_name,
"informational")
# Get the progress percentage.
m_progress = message.message_info
if m_progress is not None:
m_progress_h = int(m_progress)
m_progress_l = int(
(m_progress - float(m_progress_h)) * 100)
m_progress_txt = colorize(
"%i.%.2i%%" % (m_progress_h, m_progress_l),
"middle")
m_progress_txt = m_progress_txt + " percent done..."
else:
m_progress_txt = "Working..."
# Show it to the user.
m_text = "%s: %s" % (m_plugin_name, m_progress_txt)
Console.display(m_text)
# The audit has moved to another execution stage.
elif message.message_code == MessageCode.MSG_STATUS_STAGE_UPDATE:
# Show this event in verbose mode.
if Console.level >= Console.VERBOSE:
# Show the new stage name.
m_stage = get_stage_display_name(message.message_info)
m_stage = colorize(m_stage, "high")
m_plugin_name = colorize("[*] GoLismero", "informational")
m_text = "%s: Current stage: %s"
m_text %= (m_plugin_name, m_stage)
Console.display(m_text)
# If on maximum verbosity level and entering report stage,
# log the current report mode.
if (Console.level >= Console.MORE_VERBOSE
and message.message_info == "report"):
if Config.audit_config.only_vulns:
m_report_type = "Brief"
else:
m_report_type = "Full"
m_report_type = colorize(m_report_type, "yellow")
m_text = "%s: Report type: %s"
m_text %= (m_plugin_name, m_report_type)
Console.display(m_text)
# When an audit is aborted, check if there are more running audits.
# If there aren't any, stop the Orchestrator.
elif message.message_code == MessageCode.MSG_STATUS_AUDIT_ABORTED:
(audit_name, description, traceback) = message.message_info
try:
m_plugin_name = self.get_plugin_name(
message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[!] " + m_plugin_name,
'critical')
text = "%s: Error: %s " % (m_plugin_name, str(description))
traceback = colorize(traceback, 'critical')
Console.display_error(text)
Console.display_error_more_verbose(traceback)
finally:
self.audit_is_dead(audit_name)
# Process control messages.
elif message.message_type == MessageType.MSG_TYPE_CONTROL:
# When an audit is finished, check if there are more running audits.
# If there aren't any, stop the Orchestrator.
if message.message_code == MessageCode.MSG_CONTROL_STOP_AUDIT:
self.audit_is_dead(message.audit_name)
# Show log messages. The verbosity is sent by Logger.
elif message.message_code == MessageCode.MSG_CONTROL_LOG:
(text, level, is_error) = message.message_info
if Console.level >= level:
m_plugin_name = self.get_plugin_name(
message.plugin_id, message.ack_identity)
if is_error:
text = colorize_traceback(text)
m_plugin_name = colorize("[!] " + m_plugin_name,
'critical')
text = "%s: %s" % (m_plugin_name, text)
Console.display_error(text)
else:
m_plugin_name = colorize("[*] " + m_plugin_name,
'informational')
text = "%s: %s" % (m_plugin_name, text)
Console.display(text)
# Show plugin errors.
# Only the description in standard level,
# full traceback in more verbose level.
if message.message_code == MessageCode.MSG_CONTROL_ERROR:
(description, traceback) = message.message_info
m_plugin_name = self.get_plugin_name(message.plugin_id,
message.ack_identity)
m_plugin_name = colorize("[!] " + m_plugin_name, 'critical')
text = "%s: Error: %s " % (m_plugin_name, str(description))
traceback = colorize_traceback(traceback)
Console.display_error(text)
Console.display_error_more_verbose(traceback)
# Show plugin warnings.
# Only in more verbose level.
elif message.message_code == MessageCode.MSG_CONTROL_WARNING:
for w in message.message_info:
if Console.level >= Console.MORE_VERBOSE:
formatted = warnings.formatwarning(
w.message, w.category, w.filename, w.lineno,
w.line)
m_plugin_name = self.get_plugin_name(
message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[!] " + m_plugin_name, 'low')
text = "%s: Error: %s " % (m_plugin_name,
str(formatted))
Console.display_error(text)
def recv_msg(self, message):
# Process status messages.
if message.message_type == MessageType.MSG_TYPE_STATUS:
# A plugin has started.
if message.message_code == MessageCode.MSG_STATUS_PLUGIN_BEGIN:
# Create a simple ID for the plugin execution.
id_dict = self.current_plugins[Config.audit_name][message.plugin_id]
simple_id = len(id_dict)
id_dict[message.ack_identity] = simple_id
# Show this event in verbose mode.
if Console.level >= Console.VERBOSE:
# Show a message to the user.
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[*] " + m_plugin_name, "informational")
m_text = "%s: Started." % m_plugin_name
Console.display(m_text)
# A plugin has ended.
elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_END:
# Show this event in verbose mode.
if Console.level >= Console.VERBOSE:
# Show a message to the user.
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[*] " + m_plugin_name, "informational")
m_text = "%s: Finished." % m_plugin_name
Console.display(m_text)
# Free the simple ID for the plugin execution.
try:
del self.current_plugins[Config.audit_name][message.plugin_id][message.ack_identity]
except KeyError:
pass
# A plugin has advanced.
elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_STEP:
# Show this event in verbose mode.
if Console.level >= Console.VERBOSE:
# Get the plugin name.
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[*] " + m_plugin_name, "informational")
# Get the progress percentage.
m_progress = message.message_info
if m_progress is not None:
m_progress_h = int(m_progress)
m_progress_l = int((m_progress - float(m_progress_h)) * 100)
m_progress_txt = colorize("%i.%.2i%%" % (m_progress_h, m_progress_l), "middle")
m_progress_txt = m_progress_txt + " percent done..."
else:
m_progress_txt = "Working..."
# Show it to the user.
m_text = "%s: %s" % (m_plugin_name, m_progress_txt)
Console.display(m_text)
# The audit has moved to another execution stage.
elif message.message_code == MessageCode.MSG_STATUS_STAGE_UPDATE:
# Show this event in verbose mode.
if Console.level >= Console.VERBOSE:
# Show the new stage name.
m_stage = get_stage_display_name(message.message_info)
m_stage = colorize(m_stage, "high")
m_plugin_name = colorize("[*] GoLismero", "informational")
m_text = "%s: Current stage: %s"
m_text %= (m_plugin_name, m_stage)
Console.display(m_text)
# If on maximum verbosity level and entering report stage,
# log the current report mode.
if (
Console.level >= Console.MORE_VERBOSE and
message.message_info == "report"
):
if Config.audit_config.only_vulns:
m_report_type = "Brief"
else:
m_report_type = "Full"
m_report_type = colorize(m_report_type, "yellow")
m_text = "%s: Report type: %s"
m_text %= (m_plugin_name, m_report_type)
Console.display(m_text)
# When an audit is aborted, check if there are more running audits.
# If there aren't any, stop the Orchestrator.
elif message.message_code == MessageCode.MSG_STATUS_AUDIT_ABORTED:
(audit_name, description, traceback) = message.message_info
try:
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[!] " + m_plugin_name, 'critical')
text = "%s: Error: %s " % (m_plugin_name, str(description))
traceback = colorize(traceback, 'critical')
Console.display_error(text)
Console.display_error_more_verbose(traceback)
finally:
self.audit_is_dead(audit_name)
# Process control messages.
elif message.message_type == MessageType.MSG_TYPE_CONTROL:
# When an audit is finished, check if there are more running audits.
# If there aren't any, stop the Orchestrator.
if message.message_code == MessageCode.MSG_CONTROL_STOP_AUDIT:
self.audit_is_dead(message.audit_name)
# Show log messages. The verbosity is sent by Logger.
elif message.message_code == MessageCode.MSG_CONTROL_LOG:
(text, level, is_error) = message.message_info
if Console.level >= level:
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
if is_error:
text = colorize_traceback(text)
m_plugin_name = colorize("[!] " + m_plugin_name, 'critical')
text = "%s: %s" % (m_plugin_name, text)
Console.display_error(text)
else:
m_plugin_name = colorize("[*] " + m_plugin_name, 'informational')
text = "%s: %s" % (m_plugin_name, text)
Console.display(text)
# Show plugin errors.
# Only the description in standard level,
# full traceback in more verbose level.
if message.message_code == MessageCode.MSG_CONTROL_ERROR:
(description, traceback) = message.message_info
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[!] " + m_plugin_name, 'critical')
text = "%s: Error: %s " % (m_plugin_name, str(description))
traceback = colorize_traceback(traceback)
Console.display_error(text)
Console.display_error_more_verbose(traceback)
# Show plugin warnings.
# Only in more verbose level.
elif message.message_code == MessageCode.MSG_CONTROL_WARNING:
for w in message.message_info:
if Console.level >= Console.MORE_VERBOSE:
formatted = warnings.formatwarning(w.message, w.category, w.filename, w.lineno, w.line)
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[!] " + m_plugin_name, 'low')
text = "%s: Error: %s " % (m_plugin_name, str(formatted))
Console.display_error(text)
def recv_msg(self, message):
# Process status messages.
if message.message_type == MessageType.MSG_TYPE_STATUS:
# A plugin has started.
if message.message_code == MessageCode.MSG_STATUS_PLUGIN_BEGIN:
# Create a simple ID for the plugin execution.
id_dict = self.current_plugins[Config.audit_name][message.plugin_id]
simple_id = len(id_dict)
id_dict[message.ack_identity] = simple_id
# Show a message to the user.
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
m_plugin_name = colorize(m_plugin_name, "informational")
m_text = "[*] %s: Started." % m_plugin_name
Console.display(m_text)
# A plugin has ended.
elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_END:
# Show a message to the user.
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
m_plugin_name = colorize(m_plugin_name, "informational")
m_text = "[*] %s: Finished." % m_plugin_name
Console.display(m_text)
# Free the simple ID for the plugin execution.
del self.current_plugins[Config.audit_name][message.plugin_id][message.ack_identity]
# A plugin has advanced.
elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_STEP:
# Show this event in verbose mode.
if Console.level >= Console.VERBOSE:
# Get the plugin name.
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
m_plugin_name = colorize(m_plugin_name, "informational")
# Get the progress percentage.
m_progress = message.message_info
if m_progress is not None:
m_progress_h = int(m_progress)
m_progress_l = int((m_progress - float(m_progress_h)) * 100)
m_progress_txt = colorize("%i.%.2i%%" % (m_progress_h, m_progress_l), "middle")
m_progress_txt = m_progress_txt + " percent done..."
else:
m_progress_txt = "Working..."
# Show it to the user.
m_text = "[*] %s: %s" % (m_plugin_name, m_progress_txt)
Console.display(m_text)
# The audit has moved to another execution stage.
elif message.message_code == MessageCode.MSG_STATUS_STAGE_UPDATE:
# Show this event in verbose mode.
if Console.level >= Console.VERBOSE:
# Show the new stage name.
m_stage = get_stage_display_name(message.message_info)
m_stage = colorize(m_stage, "high")
m_plugin_name = colorize("GoLismero", "informational")
m_text = "[*] %s: Current stage: %s"
Console.display(m_text % (m_plugin_name, m_stage))
# Process control messages.
elif message.message_type == MessageType.MSG_TYPE_CONTROL:
# When an audit is finished, check if there are more running audits.
# If there aren't any, stop the Orchestrator.
if message.message_code == MessageCode.MSG_CONTROL_STOP_AUDIT:
try:
del self.already_seen_info[Config.audit_name]
except KeyError:
pass # may happen when only generating reports
try:
del self.current_plugins[Config.audit_name]
except KeyError:
pass
if get_audit_count() == 1: # this is the last one
Config._context.send_msg( # XXX FIXME hide this from plugins!
message_type = MessageType.MSG_TYPE_CONTROL,
message_code = MessageCode.MSG_CONTROL_STOP,
message_info = True, # True for finished, False for user cancel
priority = MessagePriority.MSG_PRIORITY_LOW
)
# Show log messages. The verbosity is sent by Logger.
elif message.message_code == MessageCode.MSG_CONTROL_LOG:
(text, level, is_error) = message.message_info
if Console.level >= level:
try:
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
except Exception:
m_plugin_name = "GoLismero"
m_plugin_name = colorize(m_plugin_name, 'informational')
text = colorize(text, 'middle')
if is_error:
text = "[!] %s: %s" % (m_plugin_name, text)
Console.display_error(text)
else:
text = "[*] %s: %s" % (m_plugin_name, text)
Console.display(text)
# Show plugin errors.
# Only the description in standard level,
# full traceback in more verbose level.
if message.message_code == MessageCode.MSG_CONTROL_ERROR:
(description, traceback) = message.message_info
try:
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
except Exception:
m_plugin_name = "GoLismero"
text = "[!] Plugin '%s' error: %s " % (m_plugin_name, str(description))
text = colorize(text, 'critical')
traceback = colorize(traceback, 'critical')
Console.display_error(text)
Console.display_error_more_verbose(traceback)
# Show plugin warnings.
# Only the description in verbose level,
# full traceback in more verbose level.
elif message.message_code == MessageCode.MSG_CONTROL_WARNING:
for w in message.message_info:
if Console.level >= Console.MORE_VERBOSE:
formatted = warnings.formatwarning(w.message, w.category, w.filename, w.lineno, w.line)
elif Console.level >= Console.VERBOSE:
formatted = w.message
else:
formatted = None
if formatted:
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
text = "[!] Plugin '%s' warning: %s " % (m_plugin_name, str(formatted))
text = colorize(text, 'low')
Console.display_error(text)
