Ejemplo n.º 1
0
def scan_ip_address_for_service_from_domain(
    self,
    org_uuid=None,
    ip_address_uuid=None,
    port=None,
    protocol=None,
    domain_uuid=None,
    domain_scan_uuid=None,
):
    """
    Check to see if the given network service port is currently open and listening at the given IP
    address as a result of resolving IP addresses for the given domain.
    :param org_uuid: The organization to scan the endpoint on behalf of.
    :param ip_address_uuid: The UUID of the IP address to scan.
    :param port: The port number to check.
    :param protocol: The networking protocol to use to connect to the endpoint.
    :param domain_uuid: The UUID of the domain name that resulted in this scan.
    :param domain_scan_uuid: The UUID of the domain name scan that this task is a part of.
    :return: None
    """
    ip_address = get_address_from_ip_address(ip_address_uuid=ip_address_uuid,
                                             db_session=self.db_session)
    logger.info(
        "Now checking to see if service at %s:%s (%s) is alive for domain %s, scan %s, organization %s."
        %
        (ip_address, port, protocol, domain_uuid, domain_scan_uuid, org_uuid))
    inspector = PortInspector(address=ip_address, port=port, protocol=protocol)
    is_open = inspector.check_if_open()
    logger.info("Service at %s:%s (%s) %s open!" %
                (ip_address, port, protocol, "is" if is_open else "is not"))
    liveness_model = DomainServiceLivenessModel.from_database_model_uuid(
        uuid=domain_scan_uuid,
        db_session=self.db_session,
        is_alive=is_open,
        checked_at=DatetimeHelper.now(),
    )
    liveness_model.save(org_uuid)
    if not is_open:
        logger.info(
            "Service at %s:%s (%s) was not open, therefore not continuing with inspection."
            % (ip_address, port, protocol))
        return
    logger.info(
        "Service at %s:%s (%s) was open! Setting up a single pass of network service monitoring."
        % (ip_address, port, protocol))
    network_service_model = get_or_create_network_service_from_org_ip(
        ip_uuid=ip_address_uuid,
        port=port,
        protocol=protocol,
        db_session=self.db_session,
        discovered_by="domain scan",
    )
    network_service_inspection_pass.si(
        service_uuid=network_service_model.uuid,
        org_uuid=org_uuid,
        schedule_again=False,
    ).apply_async()
Ejemplo n.º 2
0
def check_tcp_service_for_ssl_protocol_support(
        self,
        org_uuid=None,
        service_uuid=None,
        ssl_protocol=None,
        scan_uuid=None,
):
    """
    Check to see if the given TCP service supports the given SSL protocol.
    :param org_uuid: The UUID of the organization to collect information on behalf of.
    :param service_uuid: The UUID of the network service to check for SSL support.
    :param ssl_protocol: The SSL protocol to check support for.
    :param scan_uuid: The UUID of the network service scan that this SSL version check is associated
    with.
    :return: None
    """
    ip_address, port, protocol = self.get_endpoint_information(service_uuid)
    logger.info(
        "Now checking TCP service at %s:%s for support of SSL protocol %s. Organization is %s. Scan is %s."
        % (ip_address, port, ssl_protocol, org_uuid, scan_uuid)
    )
    inspector = PortInspector(address=ip_address, port=port, protocol="tcp")
    version_supported = inspector.check_ssl_support(ssl_version_name=ssl_protocol)

    logger.info(
        "TCP endpoint at %s:%s %s support SSL version %s. Elasticsearch updated successfully."
        % (ip_address, port, "does" if version_supported else "does not", ssl_protocol)
    )

    if version_supported:
        #Spin off a thread, and check ciphers since we support this version of SSL
        cipher_signature = check_tcp_service_for_ssl_protocol_cipher_support.si(
            org_uuid=org_uuid,
            service_uuid=service_uuid,
            ssl_protocol=ssl_protocol,
            scan_uuid=scan_uuid)
        self.finish_after(signature=cipher_signature)
    else:
        ssl_support_record = SslSupportModel.from_database_model_uuid(
            uuid=scan_uuid,
            db_session=self.db_session,
            ssl_version=ssl_protocol,
            supported=version_supported,
        )
        ssl_support_record.save(org_uuid)
Ejemplo n.º 3
0
def inspect_tcp_service_for_ssl_support(self, org_uuid=None, network_service_uuid=None, network_service_scan_uuid=None):
    """
    Collect all possible information about SSL support found on the referenced network service.
    :param org_uuid: The UUID of the organization to collect information on behalf of.
    :param network_service_uuid: The UUID of the network service to check for SSL support.
    :param network_service_scan_uuid: The UUID of the network service scan that this SSL support check is associated
    with.
    :return: None
    """
    ip_address, port, protocol = self.get_endpoint_information(network_service_uuid)
    logger.info(
        "Now inspecting TCP service at %s:%s for SSL data for organization %s. Scan is %s."
        % (ip_address, port, org_uuid, network_service_scan_uuid)
    )
    inspector = PortInspector(address=ip_address, port=port, protocol="tcp")
    initial_check = inspector.check_ssl_support()
    if not initial_check:
        logger.info(
            "Service at %s:%s does not support any version of SSL."
            % (ip_address, port)
        )
        return
    logger.info(
        "Service at %s:%s supports SSL. Now kicking off subtasks to check for various version support."
        % (ip_address, port)
    )
    task_sigs = []
    task_kwargs = {
        "org_uuid": org_uuid,
        "network_service_uuid": network_service_uuid,
        "network_service_scan_uuid": network_service_scan_uuid,
    }
    collection_sigs = []
    collection_sigs.append(enumerate_vulnerabilities_for_ssl_service.si(**task_kwargs))
    collection_sigs.append(enumerate_cipher_suites_for_ssl_service.si(**task_kwargs))
    collection_sigs.append(retrieve_ssl_certificate_for_tcp_service.si(**task_kwargs))
    task_sigs.append(group(collection_sigs))
    task_sigs.append(create_ssl_support_report_for_network_service_scan.si(**task_kwargs))
    task_sigs.append(apply_flags_to_ssl_support_scan.si(**task_kwargs))
    canvas_sig = chain(task_sigs)
    logger.info(
        "Now kicking off %s tasks to inspect SSL support for network service %s."
        % (len(collection_sigs) + 1, network_service_uuid)
    )
    self.finish_after(signature=canvas_sig)
Ejemplo n.º 4
0
 def inspector(self):
     """
     Get the port inspector that this task should use to investigate the referenced network service.
     :return: The port inspector that this task should use to investigate the referenced network service.
     """
     from lib.inspection import PortInspector
     return PortInspector(
         address=self.network_service.ip_address.address,
         port=self.network_service.port,
         protocol=self.network_service.protocol,
     )
Ejemplo n.º 5
0
def retrieve_ssl_certificate_for_tcp_service(
        self,
        org_uuid=None,
        network_service_uuid=None,
        network_service_scan_uuid=None,
):
    """
    Retrieve the SSL certificate associated with the given TCP service.
    :param org_uuid: The UUID of the organization to collect information on behalf of.
    :param network_service_uuid: The UUID of the network service to retrieve the SSL certificate for.
    :param network_service_scan_uuid: The UUID of the network service scan that this SSL certificate retrieval is associated
    with.
    :return: None
    """
    ip_address, port, protocol = self.get_endpoint_information(network_service_uuid)
    logger.info(
        "Now retrieving SSL certificate for TCP service %s:%s. Organization is %s. Scan is %s."
        % (ip_address, port, org_uuid, network_service_scan_uuid)
    )
    inspector = PortInspector(address=ip_address, port=port, protocol="tcp")
    cert_string, pem_cert = inspector.get_ssl_certificate()
    cert_model = SslCertificateModel.from_database_model_uuid(
        uuid=network_service_scan_uuid,
        db_session=self.db_session,
    )
    cert_model = SslCertificateModel.populate_from_x509_certificate(certificate=pem_cert, to_populate=cert_model)
    bucket, key = upload_certificate_to_s3(
        org_uuid=org_uuid,
        local_file_path=self.get_temporary_file_path(),
        cert_string=cert_string,
    )
    cert_model.set_s3_attributes(bucket=bucket, key=key, file_type="ssl certificate")
    cert_model.save(org_uuid)
    logger.info(
        "Successfully retrieved and saved SSL certificate for TCP service %s:%s. Organization was %s, scan was %s."
        % (ip_address, port, org_uuid, network_service_scan_uuid)
    )
Ejemplo n.º 6
0
def scan_endpoint_from_bitsquat_file(self,
                                     org_uuid=None,
                                     domain=None,
                                     ip_address=None):
    """
    Perform a custom scan for the web application on the given IP address and with the given
    domain name.
    :param org_uuid: The UUID of the organization to associate scan results with.
    :param domain: The domain name of the web application.
    :param ip_address: The IP address of the web application.
    :return: None
    """
    inspector = PortInspector(address=ip_address, port=80, protocol="tcp")
    http_is_open = inspector.check_if_open()
    inspector = PortInspector(address=ip_address, port=443, protocol="tcp")
    https_is_open = inspector.check_if_open()
    https_uses_ssl = inspector.check_ssl_support()
    if not http_is_open and not https_is_open:
        return
    task_sigs = []
    if http_is_open:
        task_sigs.append(
            gather_data_on_bitsquat_web_app.si(
                org_uuid=org_uuid,
                ip_address=ip_address,
                domain=domain,
                port=80,
                use_ssl=False,
            ))
    if https_is_open and https_uses_ssl:
        ssl_sigs = []
        ssl_sigs.append(
            gather_data_on_bitsquat_ssl_cert.si(org_uuid=org_uuid,
                                                ip_address=ip_address,
                                                port=443))
        ssl_sigs.append(
            gather_data_on_bitsquat_web_app.si(
                org_uuid=org_uuid,
                ip_address=ip_address,
                port=443,
                domain=domain,
                use_ssl=True,
            ))
        task_sigs.append(chain(ssl_sigs))
    group(task_sigs).apply_async()
Ejemplo n.º 7
0
def check_tcp_service_for_liveness(
        self,
        org_uuid=None,
        do_fingerprinting=True,
        do_ssl_inspection=True,
        scan_uuid=None,
        service_uuid=None,
):
    """
    Check to see if the given TCP network service is alive.
    :param org_uuid: The UUID of the organization to check the service on behalf of.
    :param do_fingerprinting: Whether or not to continue with service fingerprinting.
    :param do_ssl_inspection: Whether or not to gather information about SSL if the service
    is alive and supports SSL.
    :param scan_uuid: The UUID of the network service scan that this liveness check is associated
    with.
    :param service_uuid: The UUID of the network service to check for liveness.
    :return: None
    """
    ip_address, port, protocol = self.get_endpoint_information(service_uuid)
    logger.info(
        "Checking to see if TCP service at %s:%s is alive for organization %s. Scan is %s."
        % (ip_address, port, org_uuid, scan_uuid)
    )
    inspector = PortInspector(address=ip_address, port=port, protocol="tcp")
    service_alive = inspector.check_if_open()
    liveness_check = NetworkServiceLivenessModel.from_database_model_uuid(
        uuid=scan_uuid,
        db_session=self.db_session,
        is_alive=service_alive,
        checked_at=DatetimeHelper.now(),
    )
    liveness_check.save(org_uuid)
    logger.info(
        "TCP service at %s:%s %s alive. Updated Elasticsearch successfully."
        % (ip_address, port, "is" if service_alive else "is not")
    )
    next_tasks = []
    if not service_alive:
        logger.info(
            "TCP service at %s:%s was not alive. Not performing any additional inspection."
            % (ip_address, port)
        )
        return
    if do_ssl_inspection:
        next_tasks.append(inspect_tcp_service_for_ssl_support.si(
            org_uuid=org_uuid,
            network_service_uuid=service_uuid,
            network_service_scan_uuid=scan_uuid,
        ))
    if do_fingerprinting:
        next_tasks.append(fingerprint_tcp_service.si(
            org_uuid=org_uuid,
            service_uuid=service_uuid,
            scan_uuid=scan_uuid,
        ))
    if len(next_tasks) > 0:
        logger.info(
            "Kicking off %s tasks to continue investigation of TCP service at %s:%s for organization %s."
            % (len(next_tasks), ip_address, port, org_uuid)
        )
        canvas_sig = chain(next_tasks)
        self.finish_after(signature=canvas_sig)
    else:
        logger.info(
            "No further tasks to be performed after TCP liveness check at %s:%s for organization %s."
            % (ip_address, port, org_uuid)
        )