Ejemplo n.º 1
0
def graphs_index():
    db = current.globalenv['db']
    cache = current.globalenv['cache']

    graph = {}

    host_by_sev = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
    if current.globalenv['settings'].use_cvss:
        maxhostsev = db.t_vulndata.f_cvss_score.max()
    else:
        maxhostsev = db.t_vulndata.f_severity.max()

    q = (db.t_service_vulns.f_services_id == db.t_services.id) & (
        db.t_vulndata.id == db.t_service_vulns.f_vulndata_id)
    for rec in db(q).select(maxhostsev,
                            db.t_services.f_hosts_id,
                            orderby=db.t_services.f_hosts_id,
                            groupby=db.t_services.f_hosts_id):
        host_by_sev[int(rec[maxhostsev])] += 1

    graph['top_host_sev_count'] = ''
    cnt = 0
    for h_rec in host_by_sev:
        graph['top_host_sev_count'] = graph[
            'top_host_sev_count'] + "{ name: 'Sev %s', color: '%s', y: %d},\n" % (
                cnt, severity_mapping(cnt)[2], h_rec)
        cnt += 1
    graph['top_host_sev_count_raw'] = host_by_sev

    vuln_by_sev = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
    count = db.t_vulndata.id.count()
    if current.globalenv['settings'].use_cvss:
        rows = db(db.t_vulndata.id == db.t_service_vulns.f_vulndata_id).select(
            db.t_vulndata.f_cvss_score,
            count,
            orderby=db.t_vulndata.f_cvss_score,
            groupby=db.t_vulndata.f_cvss_score)
    else:
        rows = db(db.t_vulndata.id == db.t_service_vulns.f_vulndata_id).select(
            db.t_vulndata.f_severity,
            count,
            orderby=db.t_vulndata.f_severity,
            groupby=db.t_vulndata.f_severity)
    for rec in rows:
        if current.globalenv['settings'].use_cvss:
            vuln_by_sev[int(rec.t_vulndata.f_cvss_score)] += rec[count]
        else:
            vuln_by_sev[rec.t_vulndata.f_severity] = rec[count]

    graph['vuln_by_sev_count'] = ''
    graph['vuln_by_sev_count_raw'] = vuln_by_sev
    cnt = 0
    for h_rec in vuln_by_sev:
        graph[
            'vuln_by_sev_count'] += "{ name: 'Sev %s', color: '%s', y: %d},\n" % (
                cnt, severity_mapping(cnt)[2], h_rec)
        cnt += 1

    return graph
Ejemplo n.º 2
0
def graphs_index():
    db = current.globalenv['db']
    cache = current.globalenv['cache']

    graph = {}

    host_by_sev = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
    maxhostsev = db.t_vulndata.f_severity.max()

    q = (db.t_service_vulns.f_services_id == db.t_services.id) & (db.t_vulndata.id == db.t_service_vulns.f_vulndata_id)
    for rec in db(q).select(maxhostsev, db.t_services.f_hosts_id, orderby=db.t_services.f_hosts_id, groupby=db.t_services.f_hosts_id):
        host_by_sev[rec[maxhostsev]] += 1

    graph['top_host_sev_count'] = ''
    cnt = 0
    for h_rec in host_by_sev:
        graph['top_host_sev_count'] = graph['top_host_sev_count'] + "{ name: 'Sev %s', color: '%s', y: %d},\n" % (cnt, severity_mapping(cnt)[2], h_rec)
        cnt += 1
    graph['top_host_sev_count_raw'] = host_by_sev

    vuln_by_sev = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
    count = db.t_vulndata.id.count()
    for rec in db(db.t_vulndata.id == db.t_service_vulns.f_vulndata_id).select(db.t_vulndata.f_severity,count, orderby=db.t_vulndata.f_severity, groupby=db.t_vulndata.f_severity):
        vuln_by_sev[rec.t_vulndata.f_severity] = rec[count]

    graph['vuln_by_sev_count'] = ''
    graph['vuln_by_sev_count_raw'] = vuln_by_sev
    cnt = 0
    for h_rec in vuln_by_sev:
        graph['vuln_by_sev_count'] += "{ name: 'Sev %s', color: '%s', y: %d},\n" % (
        cnt, severity_mapping(cnt)[2], h_rec)
        cnt += 1

    return graph
Ejemplo n.º 3
0
def graphs_index():
    db = current.globalenv['db']
    cache = current.globalenv['cache']

    graph = {}

    host_by_sev = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
    if current.globalenv['settings'].use_cvss:
        maxhostsev = db.t_vulndata.f_cvss_score.max()
        q = (db.t_vulndata.f_cvss_score >= 1.0)
    else:
        maxhostsev = db.t_vulndata.f_severity.max()
        q = (db.t_vulndata.f_severity >= 1.0)

    q &= (db.t_service_vulns.f_services_id == db.t_services.id) & (db.t_vulndata.id == db.t_service_vulns.f_vulndata_id)
    for rec in db(q).select(maxhostsev, db.t_services.f_hosts_id, orderby=db.t_services.f_hosts_id, groupby=db.t_services.f_hosts_id):
        host_by_sev[int(rec[maxhostsev])] += 1

    graph['top_host_sev_count'] = ''
    cnt = 0
    for h_rec in host_by_sev:
        graph['top_host_sev_count'] = graph['top_host_sev_count'] + "{ name: 'Sev %s', color: '%s', y: %d},\n" % (cnt, severity_mapping(cnt)[2], h_rec)
        cnt += 1
    graph['top_host_sev_count_raw'] = host_by_sev

    vuln_by_sev = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
    count = db.t_vulndata.id.count()
    if current.globalenv['settings'].use_cvss:
        q = (db.t_vulndata.id == db.t_service_vulns.f_vulndata_id) & (db.t_vulndata.f_cvss_score >= 1.0)
        rows = db(q).select(
            db.t_vulndata.f_cvss_score, count, orderby=db.t_vulndata.f_cvss_score, groupby=db.t_vulndata.f_cvss_score)
    else:
        q = (db.t_vulndata.id == db.t_service_vulns.f_vulndata_id) & (db.t_vulndata.f_severity > 0)
        rows = db(q).select(
            db.t_vulndata.f_severity, count, orderby=db.t_vulndata.f_severity, groupby=db.t_vulndata.f_severity)
    for rec in rows:
        if current.globalenv['settings'].use_cvss:
            if rec.t_vulndata.f_cvss_score is not None:
                vuln_by_sev[int(rec.t_vulndata.f_cvss_score)] += rec[count]
            else:
                # no CVSS score in record (val: None)
                vuln_by_sev[0] += rec[count]
        else:
            if rec.t_vulndata.f_severity is not None:
                vuln_by_sev[rec.t_vulndata.f_severity] = rec[count]
            else:
                # no Severity score in record (val: None)
                vuln_by_sev[0] = rec[count]

    graph['vuln_by_sev_count'] = ''
    graph['vuln_by_sev_count_raw'] = vuln_by_sev
    cnt = 0
    for h_rec in vuln_by_sev:
        graph['vuln_by_sev_count'] += "{ name: 'Sev %s', color: '%s', y: %d},\n" % (
        cnt, severity_mapping(cnt)[2], h_rec)
        cnt += 1

    return graph
Ejemplo n.º 4
0
def list():
    from skaldship.general import severity_mapping
    response.title = "%s :: Services" % (settings.title)

    if request.extension == 'json':

        q = (db.t_services.id > 0)
        proto = request.vars.f_proto
        pnum = request.vars.f_number
        if pnum:
            q &= (db.t_services.f_number == pnum)
        if proto:
            q &= (db.t_services.f_protocol == proto)

        q = create_hostfilter_query(session.hostfilter, q, 't_services')

        # Datatables Server-side: http://datatables.net/usage/server-side
        if request.vars.has_key('iDisplayStart'):
            start = int(request.vars.iDisplayStart)
        else:
            start = 0
        if request.vars.has_key('iDisplayLength'):
            if request.vars.iDisplayLength == '-1':
                limit = db(q).count()
            else:
                limit = start + int(request.vars.iDisplayLength)
        else:
            limit = int(auth.user.f_show_size)

        srch_data = request.vars.get('sSearch')
        if srch_data:
            # sSearch global search box

            # parse the search into fields (port:num proto:tcp etc)
            srch_vals = [
                ["port", db.t_services.f_number],
                ["proto", db.t_services.f_proto],
                ["status", db.t_services.f_status],
                ["name", db.t_services.f_name],
                ["banner", db.t_services.f_banner],
                ["ip", db.t_hosts.f_ipaddr],
                ["hostname", db.t_hosts.f_hostname],
            ]

            parsed = False
            for val in srch_vals:
                srch_str = "%s:(?P<f>\w+)" % val[0]
                srch_res = re.findall(srch_str, srch_data)
                for res in srch_res:
                    parsed = True
                    if val[0] == 'banner':
                        q &= (val[1].contains(res))
                    else:
                        q &= (val[1].upper() == res.upper())

            if not parsed:
                q &= db.t_services.f_proto.like("%%%s%%" % request.vars.sSearch) | \
                    db.t_services.f_number.like("%%%s%%" % request.vars.sSearch) | \
                    db.t_services.f_name.like("%%%s%%" % request.vars.sSearch) | \
                    db.t_services.f_banner.like("%%%s%%" % request.vars.sSearch) | \
                    db.t_services.f_status.like("%%%s%%" % request.vars.sSearch)

        if request.vars.iSortingCols == '1':
            cols = (
                None,
                None,
                None,
                db.t_services.f_hosts_id,
                db.t_services.f_proto,
                db.t_services.f_number,
                db.t_services.f_status,
                None,
                None,
                None,
                None,
                db.t_services.f_name,
                db.t_services.f_banner,
            )

            orderby = cols[int(request.vars.iSortCol_0)]
            if request.vars.sSortDir_0 == 'asc':
                rows=db(q).select(orderby=orderby, limitby=(start, limit))
            else:
                rows=db(q).select(orderby=~orderby, limitby=(start, limit))
        else:
            rows=db(q).select(limitby=(start, limit))

        nolimit = db(q).count()

        aaData = []

        # datatable formatting is specific
        # gather all the vulndata and exploits into a big row
        # later we'll do a find(lambda: row: row.<db>.<field> == <value>)
        # to slice it into the bits we need. Maybe it'll be faster?
        #vulndata = db().select(db.t_vulndata.f_vulnid, db.t_vulndata.id, db.t_exploit_references.f_exploit_id,
        #                       left=db.t_exploit_references.on(db.t_vulndata.id==db.t_exploit_references.f_vulndata_id))

        for r in rows:
            atxt = {}
            vulncount = 0
            vulns = db(db.t_service_vulns.f_services_id==r.t_services.id).select(db.t_service_vulns.f_vulndata_id, cache=(cache.ram, 60))

            vulnlist = []
            explist=[]
            for vuln in vulns:
                vuln_rec = db.t_vulndata[vuln.f_vulndata_id]
                if vuln_rec.f_vulnid not in vulnlist:
                    if settings.use_cvss:
                        vulnlist.append((vuln_rec.f_vulnid, vuln_rec.f_cvss_score))
                    else:
                        vulnlist.append((vuln_rec.f_vulnid, vuln_rec.f_severity))
                exploits = db(db.t_exploit_references.f_vulndata_id == vuln.f_vulndata_id).select(cache=(cache.ram, 60))
                if len(exploits) > 0:
                    for expinfo in exploits:
                        exp = db.t_exploits[expinfo.f_exploit_id]
                        exp_link = A(exp.f_name, _href=URL('exploits', 'edit', extension='html', args=exp.id), _target='blank')
                        explist.append(TR(TD(exp_link),
                                          TD(exp.f_title),
                                          TD(exp.f_source),
                                          TD(exp.f_rank)
                                          )  )

            q = r.t_services.t_service_info.select(cache=(cache.ram, 60))
            if (len(q) > 0) or (len(explist) > 0) or (len(vulnlist) > 0):
                atxt['0'] = IMG(_src=URL(request.application,'static','images/details_open.png')).xml()
            else:
                atxt['0'] = ""
            atxt['1'] = A("edit", _target="services_edit_%s" % (r.t_services.id), _href=URL('edit', args=[r.t_services.id], extension='html')).xml()
            if len(q) > 0:
                addl = []
                for svcinfo in q:
                    addl.append(TR(TD(svcinfo.f_name), TD(svcinfo.f_text)))
                atxt['2'] = TABLE(THEAD(TR(TH(T('Name')),
                                           TH(T('Text')))),
                                  TBODY(addl),
                                  _class="table table-condensed table-striped",
                                  _style="width:100%").xml()
            else:
                atxt['2'] = ''
            host_rec = db.t_hosts[r.t_services.f_hosts_id]
            atxt['3'] = host_a_maker(host_rec).xml(),
            atxt['4'] = r.t_services.f_proto

            # Append A tags around services with HTTP Ports
            if r.t_services.f_number in HTTP_PORTS and r.t_services.f_proto == "tcp" or r.t_services.f_name == "HTTP":
                atxt['5'] = A(r.t_services.f_number,
                              _href=URL('default', 'redirect', extension='html', vars={'url': "http://%s:%s/" % (host_rec.f_ipaddr, r.t_services.f_number)}),
                              _target="%s-tcp-%s" % (host_rec.f_ipaddr, r.t_services.f_number)).xml()
            elif r.t_services.f_number in HTTPS_PORTS and r.t_services.f_proto == "tcp" or r.t_services.f_name == "HTTPS":
                atxt['5'] = A(r.t_services.f_number,
                              _href=URL('default', 'redirect', extension='html', vars={'url': "https://%s:%s/" % (host_rec.f_ipaddr, r.t_services.f_number)}),
                              _target="%s-tcp-%s" % (host_rec.f_ipaddr, r.t_services.f_number)).xml()
            else:
                atxt['5'] = r.t_services.f_number

            atxt['6'] = r.t_services.f_status
            atxt['7'] = len(vulnlist)
            vulntxt = []
            for vuln in vulnlist:
                color = severity_mapping(vuln[1])[2]
                vulntxt.append(A(vuln[0], _id="vuln", _target="vulninfo_by_vulnid_%s" % (vuln[0]), _href=URL('vulns', 'vulninfo_by_vulnid', args=[vuln[0]], extension='html'),
                                 _style="color:"+color).xml())
            atxt['8'] = " :: ".join(vulntxt)
            if len(explist) > 0:
                atxt['9'] = "Yes (%d)" % (len(explist))
            else:
                atxt['9'] = ''
            if len(explist) > 0:
                atxt['10'] = TABLE(THEAD(TR(TH(T('Name')),
                                           TH(T('Title')),
                                           TH(T('Source')),
                                           TH(T('Rank')))),
                                  TBODY(explist),
                                  _class="table table-condensed",
                                  _style="width:100%").xml()
            else:
                atxt['10'] = ''
            atxt['11'] = r.t_services.f_name
            atxt['12'] = r.t_services.f_banner
            atxt['DT_RowId'] = r.t_services.id

            aaData.append(atxt)

        result = {
            'sEcho': request.vars.sEcho,
            'iTotalRecords': db(db.t_services).count(),
            'iTotalDisplayRecords': nolimit,
            'aaData': aaData,
        }

        return result
    else:
        add = AddModal(
            db.t_services, 'Add', 'Add', 'Add Service',
            #fields=[
            #    'f_proto', 'f_number', 'f_status', 'f_name', 'f_banner'
            #],
            cmd='servicetable.fnReloadAjax();'
        )
        db.t_services.id.comment = add.create()
        return dict(add=add)
Ejemplo n.º 5
0
def list():
    from skaldship.general import severity_mapping
    response.title = "%s :: Services" % (settings.title)

    if request.extension == 'json':

        q = (db.t_services.id > 0)
        proto = request.vars.f_proto
        pnum = request.vars.f_number
        if pnum:
            q &= (db.t_services.f_number == pnum)
        if proto:
            q &= (db.t_services.f_protocol == proto)

        q = create_hostfilter_query(session.hostfilter, q, 't_services')

        # Datatables Server-side: http://datatables.net/usage/server-side
        if 'iDisplayStart' in request.vars:
            start = int(request.vars.iDisplayStart)
        else:
            start = 0
        if 'iDisplayLength' in request.vars:
            if request.vars.iDisplayLength == '-1':
                limit = db(q).count()
            else:
                limit = start + int(request.vars.iDisplayLength)
        else:
            limit = int(auth.user.f_show_size)

        srch_data = request.vars.get('sSearch')
        if srch_data:
            # sSearch global search box

            # parse the search into fields (port:num proto:tcp etc)
            srch_vals = [
                ["port", db.t_services.f_number],
                ["proto", db.t_services.f_proto],
                ["status", db.t_services.f_status],
                ["name", db.t_services.f_name],
                ["banner", db.t_services.f_banner],
                ["ip", db.t_hosts.f_ipaddr],
                ["hostname", db.t_hosts.f_hostname],
            ]

            parsed = False
            for val in srch_vals:
                srch_str = "%s:(?P<f>\w+)" % val[0]
                srch_res = re.findall(srch_str, srch_data)
                for res in srch_res:
                    parsed = True
                    if val[0] == 'banner':
                        q &= (val[1].contains(res))
                    else:
                        q &= (val[1].upper() == res.upper())

            if not parsed:
                q &= db.t_services.f_proto.like("%%%s%%" % request.vars.sSearch) | \
                    db.t_services.f_number.like("%%%s%%" % request.vars.sSearch) | \
                    db.t_services.f_name.like("%%%s%%" % request.vars.sSearch) | \
                    db.t_services.f_banner.like("%%%s%%" % request.vars.sSearch) | \
                    db.t_services.f_status.like("%%%s%%" % request.vars.sSearch)

        if request.vars.iSortingCols == '1':
            cols = (
                None,
                None,
                None,
                db.t_services.f_hosts_id,
                db.t_services.f_proto,
                db.t_services.f_number,
                db.t_services.f_status,
                None,
                None,
                None,
                None,
                db.t_services.f_name,
                db.t_services.f_banner,
            )

            orderby = cols[int(request.vars.iSortCol_0)]
            if request.vars.sSortDir_0 == 'asc':
                rows = db(q).select(orderby=orderby, limitby=(start, limit))
            else:
                rows = db(q).select(orderby=~orderby, limitby=(start, limit))
        else:
            rows = db(q).select(limitby=(start, limit))

        nolimit = db(q).count()

        aaData = []

        # datatable formatting is specific
        # gather all the vulndata and exploits into a big row
        # later we'll do a find(lambda: row: row.<db>.<field> == <value>)
        # to slice it into the bits we need. Maybe it'll be faster?
        #vulndata = db().select(db.t_vulndata.f_vulnid, db.t_vulndata.id, db.t_exploit_references.f_exploit_id,
        #                       left=db.t_exploit_references.on(db.t_vulndata.id==db.t_exploit_references.f_vulndata_id))

        for r in rows:
            atxt = {}
            vulncount = 0
            vulns = db(
                db.t_service_vulns.f_services_id == r.t_services.id).select(
                    db.t_service_vulns.f_vulndata_id, cache=(cache.ram, 60))

            vulnlist = []
            explist = []
            for vuln in vulns:
                vuln_rec = db.t_vulndata[vuln.f_vulndata_id]
                if vuln_rec.f_vulnid not in vulnlist:
                    if settings.use_cvss:
                        vulnlist.append(
                            (vuln_rec.f_vulnid, vuln_rec.f_cvss_score))
                    else:
                        vulnlist.append(
                            (vuln_rec.f_vulnid, vuln_rec.f_severity))
                exploits = db(db.t_exploit_references.f_vulndata_id ==
                              vuln.f_vulndata_id).select(cache=(cache.ram, 60))
                if len(exploits) > 0:
                    for expinfo in exploits:
                        exp = db.t_exploits[expinfo.f_exploit_id]
                        exp_link = A(exp.f_name,
                                     _href=URL('exploits',
                                               'edit',
                                               extension='html',
                                               args=exp.id),
                                     _target='blank')
                        explist.append(
                            TR(TD(exp_link), TD(exp.f_title), TD(exp.f_source),
                               TD(exp.f_rank)))

            q = r.t_services.t_service_info.select(cache=(cache.ram, 60))
            if (len(q) > 0) or (len(explist) > 0) or (len(vulnlist) > 0):
                atxt['0'] = IMG(_src=URL(request.application, 'static',
                                         'images/details_open.png')).xml()
            else:
                atxt['0'] = ""
            atxt['1'] = A("edit",
                          _target="services_edit_%s" % (r.t_services.id),
                          _href=URL('edit',
                                    args=[r.t_services.id],
                                    extension='html')).xml()
            if len(q) > 0:
                addl = []
                for svcinfo in q:
                    addl.append(TR(TD(svcinfo.f_name), TD(svcinfo.f_text)))
                atxt['2'] = TABLE(THEAD(TR(TH(T('Name')), TH(T('Text')))),
                                  TBODY(addl),
                                  _class="table table-condensed table-striped",
                                  _style="width:100%").xml()
            else:
                atxt['2'] = ''
            host_rec = db.t_hosts[r.t_services.f_hosts_id]
            atxt['3'] = host_a_maker(host_rec).xml(),
            atxt['4'] = r.t_services.f_proto

            # Append A tags around services with HTTP Ports
            if r.t_services.f_number in HTTP_PORTS and r.t_services.f_proto == "tcp" or r.t_services.f_name == "HTTP":
                atxt['5'] = A(
                    r.t_services.f_number,
                    _href=URL('default',
                              'redirect',
                              extension='html',
                              vars={
                                  'url':
                                  "http://%s:%s/" %
                                  (host_rec.f_ipaddr, r.t_services.f_number)
                              }),
                    _target="%s-tcp-%s" %
                    (host_rec.f_ipaddr, r.t_services.f_number)).xml()
            elif r.t_services.f_number in HTTPS_PORTS and r.t_services.f_proto == "tcp" or r.t_services.f_name == "HTTPS":
                atxt['5'] = A(
                    r.t_services.f_number,
                    _href=URL('default',
                              'redirect',
                              extension='html',
                              vars={
                                  'url':
                                  "https://%s:%s/" %
                                  (host_rec.f_ipaddr, r.t_services.f_number)
                              }),
                    _target="%s-tcp-%s" %
                    (host_rec.f_ipaddr, r.t_services.f_number)).xml()
            else:
                atxt['5'] = r.t_services.f_number

            atxt['6'] = r.t_services.f_status
            atxt['7'] = len(vulnlist)
            vulntxt = []
            for vuln in vulnlist:
                color = severity_mapping(vuln[1])[2]
                vulntxt.append(
                    A(vuln[0],
                      _id="vuln",
                      _target="vulninfo_by_vulnid_%s" % (vuln[0]),
                      _href=URL('vulns',
                                'vulninfo_by_vulnid',
                                args=[vuln[0]],
                                extension='html'),
                      _style="color:" + color).xml())
            atxt['8'] = " :: ".join(vulntxt)
            if len(explist) > 0:
                atxt['9'] = "Yes (%d)" % (len(explist))
            else:
                atxt['9'] = ''
            if len(explist) > 0:
                atxt['10'] = TABLE(THEAD(
                    TR(TH(T('Name')), TH(T('Title')), TH(T('Source')),
                       TH(T('Rank')))),
                                   TBODY(explist),
                                   _class="table table-condensed",
                                   _style="width:100%").xml()
            else:
                atxt['10'] = ''
            atxt['11'] = r.t_services.f_name
            atxt['12'] = r.t_services.f_banner
            atxt['DT_RowId'] = r.t_services.id

            aaData.append(atxt)

        result = {
            'sEcho': request.vars.sEcho,
            'iTotalRecords': db(db.t_services).count(),
            'iTotalDisplayRecords': nolimit,
            'aaData': aaData,
        }

        return result
    else:
        add = AddModal(
            db.t_services,
            'Add',
            'Add',
            'Add Service',
            #fields=[
            #    'f_proto', 'f_number', 'f_status', 'f_name', 'f_banner'
            #],
            cmd='servicetable.fnReloadAjax();')
        db.t_services.id.comment = add.create()
        return dict(add=add)
Ejemplo n.º 6
0
def aa_by_host():
    """
    Returns a list of vulnerabilties per port in a tree view format based upon an host identifier
    (id, ipv4, ipv6)
    """
    record = get_host_record(request.args(0))
    if record is None:
        redirect(URL('default', 'error', vars={'msg': T('Host record not found')}))

    treeul=UL(_id='aatree_ul')

    db_svcs = db.t_services
    db_svulns = db.t_service_vulns
    db_vulns = db.t_vulndata

    services = db(db_svcs.f_hosts_id==record.id).select(db_svcs.f_number, db_svcs.id,
                                                        db_svcs.f_proto, db_svcs.f_name,orderby=db_svcs.id)

    if settings.use_cvss:
        db_vsevs = db_vulns.f_cvss_score
    else:
        db_vsevs = db_vulns.f_severity

    tree = DIV(_id="aatree")
    for svc in services:

        nexlist = []
        nexlist_single = []
        expl_count = 0
        exploit_list = UL()
        exploitdb = 0
        metasploit = 0
        canvas = 0
        prev_f_status = ''
        vulnclass = ''
        for vulninfo in db(
                (db_svulns.f_services_id == svc.id) & (db_vulns.id == db_svulns.f_vulndata_id)
                ).select(orderby=~db_svulns.f_status|~db_vsevs, cache=(cache.ram, 120)):

            #init variables
            vulndetails = vulninfo.t_vulndata
            vulninfo = vulninfo.t_service_vulns

            cur_f_status = vulninfo.f_status

            #Generating the exploit lists

            exploits = db(db.t_exploit_references.f_vulndata_id == vulninfo.f_vulndata_id).select(orderby=~db.t_exploit_references.id)

            exploit_list_single = UL()
            if len(exploits) > 0:

                for expl in exploits:
                    for expl_data in db(db.t_exploits.id == expl.f_exploit_id).select(db.t_exploits.f_source, db.t_exploits.f_title, db.t_exploits.f_name, db.t_exploits.f_rank, db.t_exploits.f_level):
                        exp_link = expl_data.f_name
                        if expl_data.f_source == 'exploitdb':
                            exploitdb += 1
                            if db.t_exploitdb[expl_data.f_title]:
                                exploitdb_href = URL('exploitdb', 'detail.html', args=expl_data.f_title)
                            else:
                                exploitdb_href = URL('default', 'redirect', extension='html', vars={'url': 'http://www.exploit-db.com/exploits/%s' % expl_data.f_title})
                            exp_link = A(IMG(_align="absmiddle", _width=16, _height=16, _src=URL('static','images/exploitdb.ico')), ' exploitdb - ' + expl_data.f_name,_href=exploitdb_href, _target="exploitdb_%s" % (expl_data.f_name))
                        elif expl_data.f_source == 'metasploit':
                            metasploit += 1
                            if session.msf_workspace:
                                msf_uri = os.path.join(msf_settings['url'], session.msf_workspace, 'modules', expl_data.f_title)
                            else:
                                msf_uri = URL('default', 'redirect', extension='html', vars={'url': 'http://www.rapid7.com/db/modules/%s' % expl_data.f_title})
                            exp_link = A(IMG(_align="absmiddle", _width=16, _height=16, _src=URL('static','images/msf.gif')), ' metasploit - ' + expl_data.f_name, _href=msf_uri, _target="msf_%s" % (expl_data.f_name))
                        elif expl_data.f_source == 'canvas':
                            canvas += 1
                            exp_link = SPAN(IMG(_align="absmiddle", _width=16, _height=16, _src=URL('static','images/canvas.png')), ' canvas - ' + expl_data.f_name)
                            #expl_link = ' canvas - ' + expl_data.f_name
                        expl_count += 1
                        exploit_list_single.append(LI(expl_data.f_title , " : " , exp_link , " (" , expl_data.f_rank , "/" , expl_data.f_level, ")"))

            textdecoration=""
            if vulninfo.f_exploited == True and len(exploits) > 0:
                textdecoration="text-decoration:line-through underline; "
            elif vulninfo.f_exploited == True and len(exploits) == 0:
                textdecoration="text-decoration: line-through; "
            elif (vulninfo.f_exploited == False or vulninfo.f_exploited == None) and len(exploits) == 0:
                textdecoration="text-decoration: none;"

            #generation vuln link
            if settings.use_cvss:
                severity = int(float(vulndetails.f_cvss_score))
            else:
                severity = int(vulndetails.f_severity)
            style = textdecoration + "color:" + severity_mapping(severity - 1)[2]
            vuln_title_link = A(vulndetails.f_vulnid, _title = vulninfo.f_status+ ' Severity: ' + str(severity),
                                _style=style, _target="vulndata_%s" % (vulndetails.id),
                                _href=URL(request.application,'vulns', 'vulninfo_by_vulnid',
                                          args=vulndetails.f_vulnid, extension='html'))

            if cur_f_status != prev_f_status and prev_f_status != '':
                nexlist.append(SPAN(nexlist_single, _class=vulnclass)) #for a line in the bottom
                nexlist.append(' ')
                nexlist_single = []
            else:
                nexlist_single.append(' ')

            nexlist_single.append(vuln_title_link )
            prev_f_status = vulninfo.f_status
            vulnclass = ''

            #style for vuln links
            if vulninfo.f_status == 'vulnerable-version':
                vulnclass='host_detail_vulnerable-version'
            if vulninfo.f_status == 'vulnerable-exploited':
                vulnclass='host_detail_vulnerable-exploited'
            if vulninfo.f_status == 'potential':
                vulnclass='host_detail_potential'

            if len(exploit_list_single) > 0: exploit_list.append(LI(SPAN(vuln_title_link), exploit_list_single))

        #attach the last vuln list

        if len(nexlist_single)>0: nexlist.append(SPAN(nexlist_single, _class=vulnclass))
        service_disp=SPAN(svc.f_proto + '/' + svc.f_number + ' - ' + str(svc.f_name))
        expl_count = "Exploits - (%d)" % (expl_count)

        if len(nexlist)>0:
            if len(exploit_list) == 0:
                treeul.append(LI(service_disp,UL(LI(nexlist)))) #No exploits
            else:
                expl_count = SPAN(expl_count + " : metasploit (%d) exploitdb (%d) canvas (%d)" % (metasploit, exploitdb, canvas),_style="color:red")
                treeul.append(LI(service_disp,UL(LI(nexlist)), UL(LI(expl_count,exploit_list,_class="closed"))))
        else:
            treeul.append(LI(service_disp)) #No vulns

        tree = DIV(treeul, _id="aatree")
    return dict(tree=tree)
Ejemplo n.º 7
0
def vulncloud():
    """
    Pablo's vulnerability tag cloud

    Vulnerability IDs are counted and colored via severity.
    1-3: grey
    4-5: blue
    6-7: magenta
    8-10: red

    IDs are then sized based on quantity in HTML.
    """

    if request.extension == "json":
        # build the json data
        vulncloud = {}
        vd = db.t_vulndata
        svc_vulns = db.t_service_vulns

        # grab the list of vulnerabilities

        q = (svc_vulns.f_vulndata_id == vd.id)
        if request.args(0) is not None:
            try:
                minsev = float(request.args(0))
            except:
                minsev = 8.0

            q &= (vd.f_cvss_score >= minsev)
            if settings.use_cvss:
                q &= (vd.f_cvss_score >= float(request.args(0)))
            else:
                q &= (vd.f_severity >= int(request.args(0)))

            vulns = db(q).select(vd.id,
                                 vd.f_vulnid,
                                 vd.f_severity,
                                 vd.f_cvss_score,
                                 cache=(cache.ram, 300))
        else:
            vulns = db(vd.id > 0).select(vd.id,
                                         vd.f_vulnid,
                                         vd.f_severity,
                                         vd.f_cvss_score,
                                         cache=(cache.ram, 300))

        for row in vulns:
            count = db(db.t_service_vulns.f_vulndata_id == row.id).count()

            if count > 0:
                if settings.use_cvss:
                    severity = int(row.f_cvss_score)
                else:
                    severity = int(row.f_severity)

                vulncloud[row.f_vulnid] = vulncloud.setdefault(
                    row.f_vulnid, {
                        'count': count,
                        'color': severity_mapping(severity)[2]
                    })

        cloud = []
        for k, v in vulncloud.items():
            cloud.append({'tag': k, 'count': v['count'], 'color': v['color']})
        return dict(vulncloud=cloud)

    response.title = "%s :: Vulnerability Tag Cloud" % (settings.title)
    response.files.append(
        URL(request.application, 'static', 'js/jquery.tagcloud-2.js'))
    return dict()

    response.title = "%s :: Vulnerability Tag Cloud" % (settings.title)
    response.files.append(
        URL(request.application, 'static', 'js/jquery.tagcloud-2.js'))
    return dict()
Ejemplo n.º 8
0
def vulncloud():
    """
    Pablo's vulnerability tag cloud

    Vulnerability IDs are counted and colored via severity.
    1-3: grey
    4-5: blue
    6-7: magenta
    8-10: red

    IDs are then sized based on quantity in HTML.
    """

    if request.extension == "json":
        # build the json data
        vulncloud = {}
        vd = db.t_vulndata
        svc_vulns = db.t_service_vulns

        # grab the list of vulnerabilities

        q = (svc_vulns.f_vulndata_id == vd.id)
        if request.args(0) is not None:
            try:
                minsev = int(request.args(0))
            except:
                minsev = 8

            q &= (vd.f_cvss_score >= minsev)
            if settings.use_cvss:
                q &= (vd.f_cvss_score >= float(request.args(0)))
            else:
                q &= (vd.f_severity >= int(request.args(0)))

            vulns = db(q).select(
                vd.id, vd.f_vulnid, vd.f_severity, vd.f_cvss_score, cache=(cache.ram, 300)
            )
        else:
            vulns = db(vd.id > 0).select(vd.id, vd.f_vulnid, vd.f_severity, vd.f_cvss_score, cache=(cache.ram, 300))

        for row in vulns:
            count = db(db.t_service_vulns.f_vulndata_id == row.id).count()

            if count > 0:
                if settings.use_cvs:
                    severity = float(row.f_cvss_score)
                else:
                    severity = int(row.f_severity)

                vulncloud[row.f_vulnid] = vulncloud.setdefault(
                    row.f_vulnid, {'count': count, 'color': severity_mapping(severity - 1)[2]}
                )

        cloud = []
        for k, v in vulncloud.iteritems():
            cloud.append({'tag': k, 'count': v['count'], 'color': v['color']})
        return dict(vulncloud=cloud)

    response.title = "%s :: Vulnerability Tag Cloud" % (settings.title)
    response.files.append(URL(request.application, 'static', 'js/jquery.tagcloud-2.js'))
    return dict()

    response.title = "%s :: Vulnerability Tag Cloud" % (settings.title)
    response.files.append(URL(request.application, 'static', 'js/jquery.tagcloud-2.js'))
    return dict()
Ejemplo n.º 9
0
def vulncloud():
    """
    Pablo's vulnerability tag cloud

    Vulnerability IDs are counted and colored via severity.
    1-3: grey
    4-5: blue
    6-7: magenta
    8-10: red

    IDs are then sized based on quantity in HTML.
    """

    if request.extension == "json":
        # build the json data
        vulncloud = {}

        # grab the list of vulnerabilities

        if(request.args(0) is not None):
            vulns = db(db.t_vulndata.f_severity>=int(request.args(0))).select(db.t_vulndata.id, db.t_vulndata.f_vulnid, db.t_vulndata.f_severity, cache=(cache.ram,300))
        else:
            vulns = db(db.t_vulndata.id > 0).select(db.t_vulndata.id, db.t_vulndata.f_vulnid, db.t_vulndata.f_severity, cache=(cache.ram,300))
        #service_vulns = db(db.t_service_vulns).select(db.t_service_vulns.f_vulndata_id, groupby=db.t_service_vulns.f_vulndata_id, cache=(cache.ram,300))

        for row in vulns:
            #vrow = db(db.t_vulndata.id == row.f_vulndata_id).select(db.t_vulndata.f_vulnid, db.t_vulndata.f_severity).first()
            count = db(db.t_service_vulns.f_vulndata_id == row.id).count()
            if count > 0:
                vulncloud[row.f_vulnid] = vulncloud.setdefault(row.f_vulnid, { 'count': count, 'color': severity_mapping(row.f_severity - 1)[2] })

        cloud = []
        for k,v in vulncloud.iteritems():
            cloud.append({'tag': k, 'count': v['count'], 'color': v['color']})
        return dict(vulncloud=cloud)

    response.title = "%s :: Vulnerability Tag Cloud" % (settings.title)
    response.files.append(URL(request.application, 'static', 'js/jquery.tagcloud-2.js'))
    return dict()
Ejemplo n.º 10
0
Archivo: vulns.py Proyecto: v0re/Kvasir
def aa_by_host():
    """
    Returns a list of vulnerabilties per port in a tree view format based upon an host identifier
    (id, ipv4, ipv6)
    """
    record = get_host_record(request.args(0))
    if record is None:
        redirect(
            URL('default', 'error', vars={'msg': T('Host record not found')}))

    treeul = UL(_id='aatree_ul')

    db_svcs = db.t_services
    db_svulns = db.t_service_vulns
    db_vulns = db.t_vulndata

    services = db(db_svcs.f_hosts_id == record.id).select(db_svcs.f_number,
                                                          db_svcs.id,
                                                          db_svcs.f_proto,
                                                          db_svcs.f_name,
                                                          orderby=db_svcs.id)

    if settings.use_cvss:
        db_vsevs = db_vulns.f_cvss_score
    else:
        db_vsevs = db_vulns.f_severity

    tree = DIV(_id="aatree")
    for svc in services:

        nexlist = []
        nexlist_single = []
        expl_count = 0
        exploit_list = UL()
        exploitdb = 0
        metasploit = 0
        canvas = 0
        prev_f_status = ''
        vulnclass = ''
        for vulninfo in db((db_svulns.f_services_id == svc.id)
                           & (db_vulns.id == db_svulns.f_vulndata_id)).select(
                               orderby=~db_svulns.f_status | ~db_vsevs,
                               cache=(cache.ram, 120)):

            #init variables
            vulndetails = vulninfo.t_vulndata
            vulninfo = vulninfo.t_service_vulns

            cur_f_status = vulninfo.f_status

            #Generating the exploit lists

            exploits = db(db.t_exploit_references.f_vulndata_id ==
                          vulninfo.f_vulndata_id).select(
                              orderby=~db.t_exploit_references.id)

            exploit_list_single = UL()
            if len(exploits) > 0:

                for expl in exploits:
                    for expl_data in db(
                            db.t_exploits.id == expl.f_exploit_id).select(
                                db.t_exploits.f_source, db.t_exploits.f_title,
                                db.t_exploits.f_name, db.t_exploits.f_rank,
                                db.t_exploits.f_level):
                        exp_link = expl_data.f_name
                        if expl_data.f_source == 'exploitdb':
                            exploitdb += 1
                            if db.t_exploitdb[expl_data.f_title]:
                                exploitdb_href = URL('exploitdb',
                                                     'detail.html',
                                                     args=expl_data.f_title)
                            else:
                                exploitdb_href = URL(
                                    'default',
                                    'redirect',
                                    extension='html',
                                    vars={
                                        'url':
                                        'http://www.exploit-db.com/exploits/%s'
                                        % expl_data.f_title
                                    })
                            exp_link = A(IMG(_align="absmiddle",
                                             _width=16,
                                             _height=16,
                                             _src=URL('static',
                                                      'images/exploitdb.ico')),
                                         ' exploitdb - ' + expl_data.f_name,
                                         _href=exploitdb_href,
                                         _target="exploitdb_%s" %
                                         (expl_data.f_name))
                        elif expl_data.f_source == 'metasploit':
                            metasploit += 1
                            if session.msf_workspace:
                                msf_uri = os.path.join(msf_settings['url'],
                                                       session.msf_workspace,
                                                       'modules',
                                                       expl_data.f_title)
                            else:
                                msf_uri = URL(
                                    'default',
                                    'redirect',
                                    extension='html',
                                    vars={
                                        'url':
                                        'http://www.rapid7.com/db/modules/%s' %
                                        expl_data.f_title
                                    })
                            exp_link = A(IMG(_align="absmiddle",
                                             _width=16,
                                             _height=16,
                                             _src=URL('static',
                                                      'images/msf.gif')),
                                         ' metasploit - ' + expl_data.f_name,
                                         _href=msf_uri,
                                         _target="msf_%s" % (expl_data.f_name))
                        elif expl_data.f_source == 'canvas':
                            canvas += 1
                            exp_link = SPAN(
                                IMG(_align="absmiddle",
                                    _width=16,
                                    _height=16,
                                    _src=URL('static', 'images/canvas.png')),
                                ' canvas - ' + expl_data.f_name)
                            #expl_link = ' canvas - ' + expl_data.f_name
                        expl_count += 1
                        exploit_list_single.append(
                            LI(expl_data.f_title, " : ", exp_link, " (",
                               expl_data.f_rank, "/", expl_data.f_level, ")"))

            textdecoration = ""
            if vulninfo.f_exploited == True and len(exploits) > 0:
                textdecoration = "text-decoration:line-through underline; "
            elif vulninfo.f_exploited == True and len(exploits) == 0:
                textdecoration = "text-decoration: line-through; "
            elif (vulninfo.f_exploited == False
                  or vulninfo.f_exploited == None) and len(exploits) == 0:
                textdecoration = "text-decoration: none;"

            #generation vuln link
            if settings.use_cvss:
                if vulndetails.f_cvss_score is not None:
                    severity = int(float(vulndetails.f_cvss_score))
                else:
                    severity = 0
            else:
                if vulndetails.f_severity is not None:
                    severity = int(vulndetails.f_severity)
                else:
                    severity = 0
            style = textdecoration + "color:" + severity_mapping(severity)[2]
            vuln_title_link = A(vulndetails.f_vulnid,
                                _title=vulninfo.f_status + ' Severity: ' +
                                str(severity),
                                _style=style,
                                _target="vulndata_%s" % (vulndetails.id),
                                _href=URL(request.application,
                                          'vulns',
                                          'vulninfo_by_vulnid',
                                          args=vulndetails.f_vulnid,
                                          extension='html'))

            if cur_f_status != prev_f_status and prev_f_status != '':
                nexlist.append(
                    SPAN(nexlist_single,
                         _class=vulnclass))  #for a line in the bottom
                nexlist.append(' ')
                nexlist_single = []
            else:
                nexlist_single.append(' ')

            nexlist_single.append(vuln_title_link)
            prev_f_status = vulninfo.f_status
            vulnclass = ''

            #style for vuln links
            if vulninfo.f_status == 'vulnerable-version':
                vulnclass = 'host_detail_vulnerable-version'
            if vulninfo.f_status == 'vulnerable-exploited':
                vulnclass = 'host_detail_vulnerable-exploited'
            if vulninfo.f_status == 'potential':
                vulnclass = 'host_detail_potential'

            if len(exploit_list_single) > 0:
                exploit_list.append(
                    LI(SPAN(vuln_title_link), exploit_list_single))

        #attach the last vuln list

        if len(nexlist_single) > 0:
            nexlist.append(SPAN(nexlist_single, _class=vulnclass))
        service_disp = SPAN(svc.f_proto + '/' + svc.f_number + ' - ' +
                            str(svc.f_name))
        expl_count = "Exploits - (%d)" % (expl_count)

        if len(nexlist) > 0:
            if len(exploit_list) == 0:
                treeul.append(LI(service_disp, UL(LI(nexlist))))  #No exploits
            else:
                expl_count = SPAN(
                    expl_count +
                    " : metasploit (%d) exploitdb (%d) canvas (%d)" %
                    (metasploit, exploitdb, canvas),
                    _style="color:red")
                treeul.append(
                    LI(service_disp, UL(LI(nexlist)),
                       UL(LI(expl_count, exploit_list, _class="closed"))))
        else:
            treeul.append(LI(service_disp))  #No vulns

        tree = DIV(treeul, _id="aatree")
    return dict(tree=tree)