def add_vuln(request):
if request.method == 'GET':
scan_id = request.GET['scan_id']
else:
scan_id = ''
if request.method == 'POST':
vuln_id = uuid.uuid4()
scan_id = request.POST.get("scan_id", )
vuln_name = request.POST.get("vuln_name", )
risk = request.POST.get("risk", )
url = request.POST.get("url", )
param = request.POST.get("param", )
sourceid = request.POST.get("sourceid", )
attack = request.POST.get("attack", )
ref = request.POST.get("ref", )
description = request.POST.get("description", )
solution = request.POST.get("solution", )
req_header = request.POST.get("req_header", )
res_header = request.POST.get("res_header", )
vuln_col = request.POST.get("vuln_color", )
save_vuln = zap_scan_results_db(scan_id=scan_id,
vuln_color=vuln_col,
risk=risk,
url=url,
param=param,
sourceid=sourceid,
attack=attack,
vuln_id=vuln_id,
name=vuln_name,
description=description,
reference=ref,
solution=solution,
requestHeader=req_header,
responseHeader=res_header)
save_vuln.save()
messages.success(request, "Vulnerability Added")
zap_all_vul = zap_scan_results_db.objects.filter(
scan_id=scan_id).values('name', 'risk', 'vuln_color').distinct()
total_vul = len(zap_all_vul)
total_high = len(zap_all_vul.filter(risk="High"))
total_medium = len(zap_all_vul.filter(risk="Medium"))
total_low = len(zap_all_vul.filter(risk="Low"))
zap_scans_db.objects.filter(scan_scanid=scan_id).update(
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low)
return HttpResponseRedirect("/webscanners/web_vuln_list/?scan_id=%s" %
scan_id)
return render(request, 'add_vuln.html', {'scan_id': scan_id})
def launch_web_scan(target_url, project_id):
try:
with open(api_key_path, 'r+') as f:
data = json.load(f)
lod_apikey = data['zap_api_key']
apikey = signing.loads(lod_apikey)
zapath = data['zap_path']
zap_port = data['zap_port']
except Exception as e:
print e
# Define settings to ZAP Proxy
zap = ZAPv2(apikey=apikey,
proxies={'http': zapath + ':' + zap_port, 'https': zapath + ':' + zap_port})
"""
Zap scan start
"""
# try:
# # ZAP launch function
# zapscanner.start_zap()
#
# except Exception as e:
# print e
# print "ZAP Failed.............."
# print "ZAP Restarting"
#
# time.sleep(15)
# Get Excluded URL from excluded_db models
try:
all_excluded = excluded_db.objects.filter(Q(exclude_url__icontains=target_url))
for data in all_excluded:
global excluded_url
excluded_url = data.exclude_url
print "excluded url ", excluded_url
print "Excluded url ", excluded_url
# Excluding URL from scans in zap API
url_exclude = zap.spider.exclude_from_scan(regex=excluded_url)
print "URL Excluded:", url_exclude
except Exception as e:
print "ZAP Failed.............."
print "ZAP Restarting"
all_cookie = cookie_db.objects.filter(Q(url__icontains=target_url))
for da in all_cookie:
global cookies
cookies = da.cookie
print da.url
print "Cookies from database:", cookies
try:
remove_cookie = zap.replacer.remove_rule(target_url)
except Exception as e:
print e
print "Remove Cookie :", remove_cookie
# Adding cookies value
try:
cookie_add = zap.replacer.add_rule(apikey=apikey, description=target_url, enabled="true",
matchtype='REQ_HEADER', matchregex="false", replacement=cookies,
matchstring="Cookie", initiators="")
print "Cookies Added :", cookie_add
except Exception as e:
print e
zap.ajaxSpider.scan(target_url)
try:
scanid = zap.spider.scan(target_url)
save_all = zap_spider_db(spider_url=target_url, spider_scanid=scanid)
save_all.save()
except Exception as e:
print e
try:
zap.spider.set_option_thread_count(apikey=apikey, integer='30')
except Exception as e:
print e
try:
while (int(zap.spider.status(scanid)) < 100):
global spider_status
spider_status = zap.spider.status(scanid)
print "Spider progress", spider_status
time.sleep(5)
except Exception as e:
print e
spider_status = "100"
spider_res_out = zap.spider.results(scanid)
data_out = ("\n".join(map(str, spider_res_out)))
print data_out
print 'Spider Completed------'
print 'Target :', target_url
global spider_alert
spider_alert = "Spider Completed"
time.sleep(5)
print 'Scanning Target %s' % target_url
"""
ZAP Scan trigger on target_url
"""
try:
scan_scanid = zap.ascan.scan(target_url)
except Exception as e:
print e
un_scanid = uuid.uuid4()
date_time = datetime.datetime.now()
try:
save_all_scan = zap_scans_db(project_id=project_id, scan_url=target_url, scan_scanid=un_scanid,
date_time=date_time)
save_all_scan.save()
except Exception as e:
print e
try:
while (int(zap.ascan.status(scan_scanid)) < 100):
print 'ZAP Scan Status %: ' + zap.ascan.status(scan_scanid)
global scans_status
scans_status = zap.ascan.status(scan_scanid)
zap_scans_db.objects.filter(scan_scanid=un_scanid).update(vul_status=scans_status)
time.sleep(5)
except Exception as e:
print e
# Save Vulnerability in database
scans_status = "100"
zap_scans_db.objects.filter(scan_scanid=un_scanid).update(vul_status=scans_status)
print target_url
time.sleep(5)
all_vuln = zap.core.alerts(target_url)
for vuln in all_vuln:
vuln_id = uuid.uuid4()
confidence = vuln['confidence']
wascid = vuln['wascid']
cweid = vuln['cweid']
risk = vuln['risk']
reference = vuln['reference']
url = vuln['url']
name = vuln['name']
solution = vuln['solution']
param = vuln['param']
evidence = vuln['evidence']
sourceid = vuln['sourceid']
pluginId = vuln['pluginId']
other = vuln['other']
attack = vuln['attack']
messageId = vuln['messageId']
method = vuln['method']
alert = vuln['alert']
ids = vuln['id']
description = vuln['description']
false_positive = 'No'
global vul_col
if risk == 'High':
vul_col = "important"
elif risk == 'Medium':
vul_col = "warning"
elif risk == 'Low':
vul_col = "info"
else:
vul_col = "info"
# date_time = datetime.datetime.now()
dump_all = zap_scan_results_db(vuln_id=vuln_id, vuln_color=vul_col, scan_id=un_scanid,
project_id=project_id,
confidence=confidence, wascid=wascid,
cweid=cweid,
risk=risk, reference=reference, url=url, name=name,
solution=solution,
param=param, evidence=evidence, sourceid=sourceid, pluginId=pluginId,
other=other, attack=attack, messageId=messageId, method=method,
alert=alert, ids=ids, description=description,
false_positive=false_positive)
dump_all.save()
time.sleep(5)
zap_all_vul = zap_scan_results_db.objects.filter(scan_id=un_scanid).values('name', 'risk', 'vuln_color').distinct()
total_vul = len(zap_all_vul)
total_high = len(zap_all_vul.filter(risk="High"))
total_medium = len(zap_all_vul.filter(risk="Medium"))
total_low = len(zap_all_vul.filter(risk="Low"))
zap_scans_db.objects.filter(scan_scanid=un_scanid).update(total_vul=total_vul, high_vul=total_high,
medium_vul=total_medium, low_vul=total_low)
spider_alert = "Scan Completed"
time.sleep(10)
print un_scanid
zap_web_all = zap_scan_results_db.objects.filter(scan_id=un_scanid)
for m in zap_web_all:
msg_id = m.messageId
request_response = zap.core.message(id=msg_id)
ja_son = json.dumps(request_response)
ss = ast.literal_eval(ja_son)
for key, value in ss.viewitems():
global note
if key == "note":
note = value
global rtt
if key == "rtt":
rtt = value
global tags
if key == "tags":
tags = value
global timestamp
if key == "timestamp":
timestamp = value
global responseHeader
if key == "responseHeader":
responseHeader = value
global requestBody
if key == "requestBody":
requestBody = value
global responseBody
if key == "responseBody":
responseBody = value
global requestHeader
if key == "requestHeader":
requestHeader = value
global cookieParams
if key == "cookieParams":
cookieParams = value
global res_type
if key == "type":
res_type = value
global res_id
if key == "id":
res_id = value
zap_scan_results_db.objects.filter(messageId=msg_id).update(note=note, rtt=rtt, tags=tags,
timestamp=timestamp,
responseHeader=responseHeader,
requestBody=requestBody,
responseBody=responseBody,
requestHeader=requestHeader,
cookieParams=cookieParams,
res_type=res_type,
res_id=res_id)
#zapscanner.stop_zap()
try:
email_notification.email_notify()
except Exception as e:
print e
return HttpResponse(status=201)
def add_zap_vuln(request):
"""
Adding vulnerability in Databse.
:param request:
:return:
"""
if request.method == 'GET':
scan_id = request.GET['scan_id']
scanners = request.GET['scanner']
else:
scan_id = ''
scanners = ''
if request.method == 'POST':
vuln_id = uuid.uuid4()
scan_id = request.POST.get("scan_id")
scanners = request.POST.get("scanners")
vuln_name = request.POST.get("vuln_name")
risk = request.POST.get("risk")
url = request.POST.get("url")
param = request.POST.get("param")
sourceid = request.POST.get("sourceid")
attack = request.POST.get("attack")
ref = request.POST.get("ref")
description = request.POST.get("description")
solution = request.POST.get("solution")
req_header = request.POST.get("req_header")
res_header = request.POST.get("res_header")
vuln_col = request.POST.get("vuln_color")
if scanners == 'zap':
save_vuln = zap_scan_results_db(scan_id=scan_id,
vuln_color=vuln_col,
risk=risk,
url=url,
param=param,
sourceid=sourceid,
attack=attack,
vuln_id=vuln_id,
name=vuln_name,
description=description,
reference=ref,
solution=solution,
requestHeader=req_header,
responseHeader=res_header,
vuln_status='Open')
save_vuln.save()
messages.success(request, "Vulnerability Added")
zap_all_vul = zap_scan_results_db.objects.filter(
scan_id=scan_id).values('name', 'risk',
'vuln_color').distinct()
total_vul = len(zap_all_vul)
total_high = len(zap_all_vul.filter(risk="High"))
total_medium = len(zap_all_vul.filter(risk="Medium"))
total_low = len(zap_all_vul.filter(risk="Low"))
zap_scans_db.objects.filter(scan_scanid=scan_id).update(
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low)
return HttpResponseRedirect(
"/zapscanner/zap_list_vuln/?scan_id=%s" % scan_id)
elif scanners == 'burp':
save_burp_vuln = burp_scan_result_db(
scan_id=scan_id,
severity_color=vuln_col,
severity=risk,
host=url,
location=param,
vuln_id=vuln_id,
name=vuln_name,
issueBackground=description,
references=ref,
remediationBackground=solution,
scan_request=req_header,
scan_response=res_header)
save_burp_vuln.save()
burp_all_vul = burp_scan_result_db.objects.filter(scan_id=scan_id)
total_vul = len(burp_all_vul)
total_high = len(burp_all_vul.filter(severity="High"))
total_medium = len(burp_all_vul.filter(severity="Medium"))
total_low = len(burp_all_vul.filter(severity="Low"))
burp_scan_db.objects.filter(scan_id=scan_id).update(
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low)
return HttpResponseRedirect(
"/zapscanner/burp_vuln_list?scan_id=%s" % scan_id)
return render(request, 'zapscanner/add_zap_vuln.html', {
'scan_id': scan_id,
'scanners': scanners
})
def xml_parser(root, project_id, scan_id):
"""
ZAP Proxy scanner xml report parser.
:param root:
:param project_id:
:param scan_id:
:return:
"""
global vul_col,\
confidence,\
wascid, risk,\
reference,\
url,\
name,\
solution,\
instance,\
sourceid,\
pluginid,\
alert,\
desc,\
riskcode
for zap in root:
host = zap.attrib
for key, items in host.iteritems():
if key == "host":
url = items
for site in zap:
for alerts in site:
for alertsitem in alerts:
vuln_id = uuid.uuid4()
if alertsitem.tag == "pluginid":
pluginid = alertsitem.text
if alertsitem.tag == "alert":
alert = alertsitem.text
if alertsitem.tag == "name":
name = alertsitem.text
if alertsitem.tag == "riskcode":
riskcode = alertsitem.text
if alertsitem.tag == "confidence":
confidence = alertsitem.text
if alertsitem.tag == "desc":
desc = alertsitem.text
if alertsitem.tag == "solution":
solution = alertsitem.text
if alertsitem.tag == "reference":
reference = alertsitem.text
if alertsitem.tag == "wascid":
wascid = alertsitem.text
if alertsitem.tag == "sourceid":
sourceid = alertsitem.text
for instances in alertsitem:
for instance in instances:
instance = instance.text
#global riskcode
if riskcode == "3":
vul_col = "important"
risk = "High"
elif riskcode == '2':
vul_col = "warning"
risk = "Medium"
elif riskcode == '1':
vul_col = "info"
risk = "Low"
elif riskcode == '0':
vul_col = "info"
risk = "Informational"
dump_data = zap_scan_results_db(vuln_id=vuln_id,
vuln_color=vul_col,
scan_id=scan_id,
project_id=project_id,
confidence=confidence,
wascid=wascid,
risk=risk,
reference=reference,
url=url,
name=name,
solution=solution,
param=instance,
sourceid=sourceid,
pluginId=pluginid,
alert=alert,
description=desc,
false_positive='No',
rescan='No',
vuln_status='Open')
dump_data.save()
zap_all_vul = zap_scan_results_db.objects.filter(scan_id=scan_id)\
.values('name', 'risk', 'vuln_color').distinct()
total_vul = len(zap_all_vul)
total_high = len(zap_all_vul.filter(risk="High"))
total_medium = len(zap_all_vul.filter(risk="Medium"))
total_low = len(zap_all_vul.filter(risk="Low"))
zap_scans_db.objects.filter(scan_scanid=scan_id)\
.update(total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low)
def zap_result_save(self, all_vuln, project_id, un_scanid):
"""
The function save all data in Archery Database
:param all_vuln:
:param project_id:
:param un_scanid:
:return:
"""
for vuln in all_vuln:
vuln_id = uuid.uuid4()
confidence = vuln['confidence']
wascid = vuln['wascid']
cweid = vuln['cweid']
risk = vuln['risk']
reference = vuln['reference']
url = vuln['url']
name = vuln['name']
solution = vuln['solution']
param = vuln['param']
evidence = vuln['evidence']
sourceid = vuln['sourceid']
pluginId = vuln['pluginId']
other = vuln['other']
attack = vuln['attack']
messageId = vuln['messageId']
method = vuln['method']
alert = vuln['alert']
ids = vuln['id']
description = vuln['description']
false_positive = 'No'
global vul_col
if risk == 'High':
vul_col = "important"
elif risk == 'Medium':
vul_col = "warning"
elif risk == 'Low':
vul_col = "info"
else:
vul_col = "info"
# date_time = datetime.datetime.now()
dump_all = zap_scan_results_db(
vuln_id=vuln_id,
vuln_color=vul_col,
scan_id=un_scanid,
project_id=project_id,
confidence=confidence,
wascid=wascid,
cweid=cweid,
risk=risk,
reference=reference,
url=url,
name=name,
solution=solution,
param=param,
evidence=evidence,
sourceid=sourceid,
pluginId=pluginId,
other=other,
attack=attack,
messageId=messageId,
method=method,
alert=alert,
ids=ids,
description=description,
false_positive=false_positive)
dump_all.save()
time.sleep(5)
zap_all_vul = zap_scan_results_db.objects.filter(
scan_id=un_scanid).values(
'name',
'risk',
'vuln_color').distinct()
total_vul = len(zap_all_vul)
total_high = len(zap_all_vul.filter(risk="High"))
total_medium = len(zap_all_vul.filter(risk="Medium"))
total_low = len(zap_all_vul.filter(risk="Low"))
zap_scans_db.objects.filter(
scan_scanid=un_scanid
).update(
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low
)
time.sleep(10)
zap_web_all = zap_scan_results_db.objects.filter(scan_id=un_scanid)
for m in zap_web_all:
msg_id = m.messageId
request_response = ZAPScanner.zap.core.message(id=msg_id)
ja_son = json.dumps(request_response)
ss = ast.literal_eval(ja_son)
for key, value in ss.viewitems():
global note
if key == "note":
note = value
global rtt
if key == "rtt":
rtt = value
global tags
if key == "tags":
tags = value
global timestamp
if key == "timestamp":
timestamp = value
global responseHeader
if key == "responseHeader":
responseHeader = value
global requestBody
if key == "requestBody":
requestBody = value
global responseBody
if key == "responseBody":
responseBody = value
global requestHeader
if key == "requestHeader":
requestHeader = value
global cookieParams
if key == "cookieParams":
cookieParams = value
global res_type
if key == "type":
res_type = value
global res_id
if key == "id":
res_id = value
zap_scan_results_db.objects.filter(
messageId=msg_id
).update(
note=note,
rtt=rtt,
tags=tags,
timestamp=timestamp,
responseHeader=responseHeader,
requestBody=requestBody,
responseBody=responseBody,
requestHeader=requestHeader,
cookieParams=cookieParams,
res_type=res_type,
res_id=res_id
)
status = "Scan Completed"
return status
def xml_parser(username, root, project_id, scan_id):
"""
ZAP Proxy scanner xml report parser.
:param root:
:param project_id:
:param scan_id:
:return:
"""
global vul_col, \
confidence, \
wascid, risk, \
reference, \
url, \
name, \
solution, \
instance, \
sourceid, \
pluginid, \
alert, \
desc, \
riskcode, vuln_id, false_positive, duplicate_hash, duplicate_vuln, scan_url
for child in root:
d = child.attrib
scan_url = d['name']
for alert in root.iter('alertitem'):
inst = []
for vuln in alert:
vuln_id = uuid.uuid4()
if vuln.tag == "pluginid":
pluginid = vuln.text
if vuln.tag == "alert":
alert = vuln.text
if vuln.tag == "name":
name = vuln.text
if vuln.tag == "riskcode":
riskcode = vuln.text
if vuln.tag == "confidence":
confidence = vuln.text
if vuln.tag == "desc":
desc = vuln.text
if vuln.tag == "solution":
solution = vuln.text
if vuln.tag == "reference":
reference = vuln.text
if vuln.tag == "wascid":
wascid = vuln.text
if vuln.tag == "sourceid":
sourceid = vuln.text
for instances in vuln:
for ii in instances:
instance = {}
instance[ii.tag] = ii.text
inst.append(instance)
if riskcode == "3":
vul_col = "danger"
risk = "High"
elif riskcode == '2':
vul_col = "warning"
risk = "Medium"
elif riskcode == '1':
vul_col = "info"
risk = "Low"
else:
vul_col = "info"
risk = "Low"
if name == "None":
print(name)
else:
dup_data = name + risk + scan_url
print(dup_data)
duplicate_hash = hashlib.sha256(
dup_data.encode('utf-8')).hexdigest()
match_dup = zap_scan_results_db.objects.filter(
dup_hash=duplicate_hash).values('dup_hash').distinct()
lenth_match = len(match_dup)
if lenth_match == 0:
duplicate_vuln = 'No'
dump_data = zap_scan_results_db(vuln_id=vuln_id,
vuln_color=vul_col,
scan_id=scan_id,
project_id=project_id,
confidence=confidence,
wascid=wascid,
risk=risk,
reference=reference,
url=url,
name=name,
solution=solution,
param=instance,
sourceid=sourceid,
pluginId=pluginid,
alert=alert,
description=desc,
false_positive=false_positive,
rescan='No',
vuln_status='Open',
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
evidence=inst,
username=username)
dump_data.save()
else:
duplicate_vuln = 'Yes'
dump_data = zap_scan_results_db(vuln_id=vuln_id,
vuln_color=vul_col,
scan_id=scan_id,
project_id=project_id,
confidence=confidence,
wascid=wascid,
risk=risk,
reference=reference,
url=url,
name=name,
solution=solution,
param=instance,
sourceid=sourceid,
pluginId=pluginid,
alert=alert,
description=desc,
false_positive='Duplicate',
rescan='No',
vuln_status='Duplicate',
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
evidence=inst,
username=username)
dump_data.save()
false_p = zap_scan_results_db.objects.filter(
false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
if fp_lenth_match == 1:
false_positive = 'Yes'
else:
false_positive = 'No'
vul_dat = zap_scan_results_db.objects.filter(username=username,
vuln_id=vuln_id)
full_data = []
for data in vul_dat:
evi = data.evidence
evi_data = ast.literal_eval(evi)
for evidence in evi_data:
for key, value in evidence.items():
if key == 'evidence':
key = 'Evidence'
if key == 'attack':
key = 'Attack'
if key == 'uri':
key = 'URI'
if key == 'method':
key = 'Method'
if key == 'param':
key = 'Parameter'
instance = key + ': ' + value
full_data.append(instance)
removed_list_data = ','.join(full_data)
zap_scan_results_db.objects.filter(
username=username,
vuln_id=vuln_id).update(param=removed_list_data)
zap_all_vul = zap_scan_results_db.objects.filter(username=username,
scan_id=scan_id,
false_positive='No')
duplicate_count = zap_scan_results_db.objects.filter(username=username,
scan_id=scan_id,
vuln_duplicate='Yes')
total_high = len(zap_all_vul.filter(risk="High"))
total_medium = len(zap_all_vul.filter(risk="Medium"))
total_low = len(zap_all_vul.filter(risk="Low"))
total_info = len(zap_all_vul.filter(risk="Informational"))
total_duplicate = len(duplicate_count.filter(vuln_duplicate='Yes'))
total_vul = total_high + total_medium + total_low + total_info
zap_scans_db.objects.filter(username=username, scan_scanid=scan_id) \
.update(total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
info_vul=total_info,
total_dup=total_duplicate,
scan_url=scan_url
)
if total_vul == total_duplicate:
zap_scans_db.objects.filter(username=username, scan_scanid=scan_id) \
.update(total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
total_dup=total_duplicate
)
subject = 'Archery Tool Scan Status - ZAP Report Uploaded'
message = 'ZAP Scanner has completed the scan ' \
' %s <br> Total: %s <br>High: %s <br>' \
'Medium: %s <br>Low %s' % (target_url, total_vul, total_high, total_medium, total_low)
email_sch_notify(subject=subject, message=message)
def url_api_scan(request):
if request.POST.get("auth_val"):
auth_val = request.POST.get("auth_val")
print auth_val
if auth_val == 'No':
target_url = request.POST.get("scan_url")
req_header = ast.literal_eval(request.POST.get("req_header"))
req_body = request.POST.get("req_body")
method = request.POST.get("method")
project_id = request.POST.get("project_id")
scan_id = request.POST.get("scan_id")
auth_token_key = request.POST.get("auth_token_key")
try:
with open(api_key_path, 'r+') as f:
data = json.load(f)
lod_apikey = data['zap_api_key']
apikey = signing.loads(lod_apikey)
zapath = data['zap_path']
zap_port = data['zap_port']
except Exception as e:
print e
zap = ZAPv2(apikey=apikey,
proxies={
'http': 'http://127.0.0.1' + ':' + zap_port,
'https': 'http://127.0.0.1' + ':' + zap_port
})
print target_url
"""
***Starting ZAP Scanner***
"""
try:
zap_scanner = zapscanner.start_zap()
print "Status of zap scanner:", zap_scanner
except Exception as e:
print e
return HttpResponseRedirect("/webscanners/scans_list/")
"""
*****End zap scanner****
"""
time.sleep(10)
""" Excluding URL from scanner """
scanid = zap.spider.scan(target_url)
save_all = zap_spider_db(spider_url=target_url,
spider_scanid=scanid)
save_all.save()
try:
while (int(zap.spider.status(scanid)) < 100):
# print 'Spider progress %:' + zap.spider.status(scanid)
global spider_status
spider_status = zap.spider.status(scanid)
print "Spider progress", spider_status
time.sleep(5)
except Exception as e:
print e
spider_status = "100"
spider_res_out = zap.spider.results(scanid)
data_out = ("\n".join(map(str, spider_res_out)))
print data_out
total_spider = len(spider_res_out)
print 'Spider Completed------'
print 'Target :', target_url
global spider_alert
spider_alert = "Spider Completed"
time.sleep(5)
print 'Scanning Target %s' % target_url
scan_scanid = zap.ascan.scan(target_url)
un_scanid = uuid.uuid4()
print "updated scanid :", un_scanid
try:
save_all_scan = zap_scans_db(project_id=project_id,
scan_url=target_url,
scan_scanid=un_scanid)
save_all_scan.save()
except Exception as e:
print e
# zap_scans_db.objects.filter(pk=some_value).update(field1='some value')
try:
while (int(zap.ascan.status(scan_scanid)) < 100):
print 'Scan progress from zap_scan_lauch function %: ' + zap.ascan.status(
scan_scanid)
global scans_status
scans_status = zap.ascan.status(scan_scanid)
zap_scans_db.objects.filter(scan_scanid=un_scanid).update(
vul_status=scans_status)
time.sleep(5)
except Exception as e:
print e
# Save Vulnerability in database
scans_status = "100"
zap_scans_db.objects.filter(scan_scanid=un_scanid).update(
vul_status=scans_status)
print target_url
time.sleep(5)
all_vuln = zap.core.alerts(target_url)
# print all_vuln
for vuln in all_vuln:
vuln_id = uuid.uuid4()
confidence = vuln['confidence']
wascid = vuln['wascid']
cweid = vuln['cweid']
risk = vuln['risk']
reference = vuln['reference']
url = vuln['url']
name = vuln['name']
solution = vuln['solution']
param = vuln['param']
evidence = vuln['evidence']
sourceid = vuln['sourceid']
pluginId = vuln['pluginId']
other = vuln['other']
attack = vuln['attack']
messageId = vuln['messageId']
method = vuln['method']
alert = vuln['alert']
ids = vuln['id']
description = vuln['description']
global vul_col
if risk == 'High':
vul_col = "important"
elif risk == 'Medium':
vul_col = "warning"
elif risk == 'Low':
vul_col = "info"
dump_all = zap_scan_results_db(vuln_id=vuln_id,
vuln_color=vul_col,
scan_id=un_scanid,
project_id=project_id,
confidence=confidence,
wascid=wascid,
cweid=cweid,
risk=risk,
reference=reference,
url=url,
name=name,
solution=solution,
param=param,
evidence=evidence,
sourceid=sourceid,
pluginId=pluginId,
other=other,
attack=attack,
messageId=messageId,
method=method,
alert=alert,
id=ids,
description=description)
dump_all.save()
time.sleep(5)
zap_all_vul = zap_scan_results_db.objects.filter(
scan_id=un_scanid).order_by('scan_id')
total_vul = len(zap_all_vul)
total_high = len(zap_all_vul.filter(risk="High"))
total_medium = len(zap_all_vul.filter(risk="Medium"))
total_low = len(zap_all_vul.filter(risk="Low"))
zap_scans_db.objects.filter(scan_scanid=un_scanid).update(
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low)
spider_alert = "Scan Completed"
time.sleep(5)
for msg in zap_all_vul:
msg_id = msg.messageId
request_response = zap.core.message(id=msg_id)
ja_son = json.dumps(request_response)
ss = ast.literal_eval(ja_son)
for key, value in ss.viewitems():
global note
if key == "note":
note = value
global rtt
if key == "rtt":
rtt = value
global tags
if key == "tags":
tags = value
global timestamp
if key == "timestamp":
timestamp = value
global responseHeader
if key == "responseHeader":
responseHeader = value
global requestBody
if key == "requestBody":
requestBody = value
global responseBody
if key == "responseBody":
responseBody = value
global requestHeader
if key == "requestHeader":
requestHeader = value
global cookieParams
if key == "cookieParams":
cookieParams = value
global res_type
if key == "type":
res_type = value
global res_id
if key == "id":
res_id = value
zap_scan_results_db.objects.filter(messageId=msg_id).update(
note=note,
rtt=rtt,
tags=tags,
timestamp=timestamp,
responseHeader=responseHeader,
requestBody=requestBody,
responseBody=responseBody,
requestHeader=requestHeader,
cookieParams=cookieParams,
res_type=res_type,
res_id=res_id)
print msg_id
print res_id
# zap_scanner = zapscanner.stop_zap()
print "Status of zap scanner:", zap_scanner
return HttpResponseRedirect('/scanapi/')
return render(request, 'api_scan_list.html')
def zap_result_save(self, all_vuln, project_id, un_scanid):
"""
The function save all data in Archery Database
:param all_vuln:
:param project_id:
:param un_scanid:
:return:
"""
for vuln in all_vuln:
vuln_id = uuid.uuid4()
confidence = vuln['confidence']
wascid = vuln['wascid']
cweid = vuln['cweid']
risk = vuln['risk']
reference = vuln['reference']
url = vuln['url']
name = vuln['name']
solution = vuln['solution']
param = vuln['param']
evidence = vuln['evidence']
sourceid = vuln['sourceid']
pluginId = vuln['pluginId']
other = vuln['other']
attack = vuln['attack']
messageId = vuln['messageId']
method = vuln['method']
alert = vuln['alert']
ids = vuln['id']
description = vuln['description']
false_positive = 'No'
global vul_col
if risk == 'High':
vul_col = "important"
elif risk == 'Medium':
vul_col = "warning"
elif risk == 'Low':
vul_col = "info"
else:
vul_col = "info"
# date_time = datetime.datetime.now()
dump_all = zap_scan_results_db(
vuln_id=vuln_id,
vuln_color=vul_col,
scan_id=un_scanid,
rescan_id=self.rescan_id,
rescan=self.rescan,
project_id=project_id,
confidence=confidence,
wascid=wascid,
cweid=cweid,
risk=risk,
reference=reference,
url=url,
name=name,
solution=solution,
param=param,
evidence=evidence,
sourceid=sourceid,
pluginId=pluginId,
other=other,
attack=attack,
messageId=messageId,
method=method,
alert=alert,
ids=ids,
description=description,
false_positive=false_positive)
dump_all.save()
time.sleep(5)
zap_all_vul = zap_scan_results_db.objects.filter(
scan_id=un_scanid).values(
'name',
'risk',
'vuln_color').distinct()
total_vul = len(zap_all_vul)
total_high = len(zap_all_vul.filter(risk="High"))
total_medium = len(zap_all_vul.filter(risk="Medium"))
total_low = len(zap_all_vul.filter(risk="Low"))
zap_scans_db.objects.filter(
scan_scanid=un_scanid
).update(
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low
)
time.sleep(10)
zap_web_all = zap_scan_results_db.objects.filter(scan_id=un_scanid)
for m in zap_web_all:
msg_id = m.messageId
request_response = ZAPScanner.zap.core.message(id=msg_id)
ja_son = json.dumps(request_response)
ss = ast.literal_eval(ja_son)
for key, value in ss.viewitems():
global note
if key == "note":
note = value
global rtt
if key == "rtt":
rtt = value
global tags
if key == "tags":
tags = value
global timestamp
if key == "timestamp":
timestamp = value
global responseHeader
if key == "responseHeader":
responseHeader = value
global requestBody
if key == "requestBody":
requestBody = value
global responseBody
if key == "responseBody":
responseBody = value
global requestHeader
if key == "requestHeader":
requestHeader = value
global cookieParams
if key == "cookieParams":
cookieParams = value
global res_type
if key == "type":
res_type = value
global res_id
if key == "id":
res_id = value
zap_scan_results_db.objects.filter(
messageId=msg_id
).update(
note=note,
rtt=rtt,
tags=tags,
timestamp=timestamp,
responseHeader=responseHeader,
requestBody=requestBody,
responseBody=responseBody,
requestHeader=requestHeader,
cookieParams=cookieParams,
res_type=res_type,
res_id=res_id
)
status = "Scan Completed"
return status
def xml_parser(root, project_id, scan_id):
global vul_col, confidence, wascid, risk, reference, url, name, solution, instance, sourceid, pluginid \
, alert, desc, riskcode
for zap in root:
host = zap.attrib
for key, items in host.iteritems():
if key == "host":
url = items
for site in zap:
for alerts in site:
for alertsitem in alerts:
vuln_id = uuid.uuid4()
if alertsitem.tag == "pluginid":
pluginid = alertsitem.text
if alertsitem.tag == "alert":
alert = alertsitem.text
if alertsitem.tag == "name":
name = alertsitem.text
if alertsitem.tag == "riskcode":
riskcode = alertsitem.text
if alertsitem.tag == "confidence":
confidence = alertsitem.text
if alertsitem.tag == "desc":
desc = alertsitem.text
if alertsitem.tag == "solution":
solution = alertsitem.text
if alertsitem.tag == "reference":
reference = alertsitem.text
if alertsitem.tag == "wascid":
wascid = alertsitem.text
if alertsitem.tag == "sourceid":
sourceid = alertsitem.text
for instances in alertsitem:
for instance in instances:
instance = instance.text
#global riskcode
if riskcode == "3":
vul_col = "important"
risk = "High"
elif riskcode == '2':
vul_col = "warning"
risk = "Medium"
elif riskcode == '1':
vul_col = "info"
risk = "Low"
elif riskcode == '0':
vul_col = "info"
risk = "Informational"
dump_data = zap_scan_results_db(vuln_id=vuln_id, vuln_color=vul_col, scan_id=scan_id,
project_id=project_id,
confidence=confidence, wascid=wascid,
risk=risk, reference=reference, url=url, name=name,
solution=solution,
param=instance, sourceid=sourceid,
pluginId=pluginid,
alert=alert, description=desc, false_positive='No')
dump_data.save()
zap_all_vul = zap_scan_results_db.objects.filter(scan_id=scan_id).values('name', 'risk', 'vuln_color').distinct()
total_vul = len(zap_all_vul)
total_high = len(zap_all_vul.filter(risk="High"))
total_medium = len(zap_all_vul.filter(risk="Medium"))
total_low = len(zap_all_vul.filter(risk="Low"))
zap_scans_db.objects.filter(scan_scanid=scan_id).update(total_vul=total_vul, high_vul=total_high,
medium_vul=total_medium, low_vul=total_low)
def zap_result_save(self, all_vuln, project_id, un_scanid, username, target_url):
"""
The function save all data in Archery Database
:param all_vuln:
:param project_id:
:param un_scanid:
:return:
"""
date_time = datetime.now()
zap_enabled = False
all_zap = zap_settings_db.objects.filter(username=username)
for zap in all_zap:
zap_enabled = zap.enabled
if zap_enabled is False:
root_xml = ET.fromstring(all_vuln)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode('ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
try:
zap_xml_parser.xml_parser(username=username,
project_id=project_id,
scan_id=un_scanid,
root=root_xml_en)
self.zap.core.delete_all_alerts()
except Exception as e:
print(e)
else:
global name, attack, wascid, description, reference, \
reference, sourceid, \
solution, \
param, \
method, url, messageId, alert, pluginId, other, evidence, cweid, risk, vul_col, false_positive
for data in all_vuln:
for key, value in data.items():
if key == 'name':
name = value
if key == 'attack':
attack = value
if key == 'wascid':
wascid = value
if key == 'description':
description = value
if key == 'reference':
reference = value
if key == 'sourceid':
sourceid = value
if key == 'solution':
solution = value
if key == 'param':
param = value
if key == 'method':
method = value
if key == 'url':
url = value
if key == 'pluginId':
pluginId = value
if key == 'other':
other = value
if key == 'alert':
alert = value
if key == 'attack':
attack = value
if key == 'messageId':
messageId = value
if key == 'evidence':
evidence = value
if key == 'cweid':
cweid = value
if key == 'risk':
risk = value
if risk == "High":
vul_col = "danger"
risk = "High"
elif risk == 'Medium':
vul_col = "warning"
risk = "Medium"
elif risk == 'info':
vul_col = "info"
risk = "Low"
else:
vul_col = "info"
risk = "Low"
dup_data = name + risk + target_url
duplicate_hash = hashlib.sha256(dup_data.encode('utf-8')).hexdigest()
match_dup = zap_scan_results_db.objects.filter(
dup_hash=duplicate_hash).values('dup_hash').distinct()
lenth_match = len(match_dup)
vuln_id = uuid.uuid4()
if lenth_match == 0:
duplicate_vuln = 'No'
dump_data = zap_scan_results_db(vuln_id=vuln_id,
vuln_color=vul_col,
scan_id=un_scanid,
project_id=project_id,
confidence=confidence,
wascid=wascid,
risk=risk,
reference=reference,
url=url,
name=name,
solution=solution,
param=url,
sourceid=sourceid,
pluginId=pluginId,
alert=alert,
description=description,
false_positive='No',
rescan='No',
vuln_status='Open',
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
evidence=evidence,
username=username
)
dump_data.save()
else:
duplicate_vuln = 'Yes'
dump_data = zap_scan_results_db(vuln_id=vuln_id,
vuln_color=vul_col,
scan_id=un_scanid,
project_id=project_id,
confidence=confidence,
wascid=wascid,
risk=risk,
reference=reference,
url=url,
name=name,
solution=solution,
param=url,
sourceid=sourceid,
pluginId=pluginId,
alert=alert,
description=description,
false_positive='Duplicate',
rescan='No',
vuln_status='Duplicate',
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
evidence=evidence,
username=username
)
dump_data.save()
false_p = zap_scan_results_db.objects.filter(
false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
if fp_lenth_match == 1:
false_positive = 'Yes'
else:
false_positive = 'No'
vul_dat = zap_scan_results_db.objects.filter(username=username, vuln_id=vuln_id)
full_data = []
for data in vul_dat:
key = 'Evidence'
value = data.evidence
instance = key + ': ' + value
full_data.append(instance)
removed_list_data = ','.join(full_data)
zap_scan_results_db.objects.filter(username=username, vuln_id=vuln_id).update(param=full_data)
zap_all_vul = zap_scan_results_db.objects.filter(username=username, scan_id=un_scanid, false_positive='No')
duplicate_count = zap_scan_results_db.objects.filter(username=username, scan_id=un_scanid,
vuln_duplicate='Yes')
total_high = len(zap_all_vul.filter(risk="High"))
total_medium = len(zap_all_vul.filter(risk="Medium"))
total_low = len(zap_all_vul.filter(risk="Low"))
total_info = len(zap_all_vul.filter(risk="Informational"))
total_duplicate = len(duplicate_count.filter(vuln_duplicate='Yes'))
total_vul = total_high + total_medium + total_low + total_info
zap_scans_db.objects.filter(username=username, scan_scanid=un_scanid) \
.update(total_vul=total_vul,
date_time=date_time,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
info_vul=total_info,
total_dup=total_duplicate,
scan_url=target_url
)
if total_vul == total_duplicate:
zap_scans_db.objects.filter(username=username, scan_scanid=un_scanid) \
.update(total_vul=total_vul,
date_time=date_time,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
total_dup=total_duplicate
)
def url_api_scan(request):
if request.POST.get("auth_val"):
auth_val = request.POST.get("auth_val")
print auth_val
if auth_val == 'No':
target_url = request.POST.get("scan_url")
req_header = ast.literal_eval(request.POST.get("req_header"))
req_body = request.POST.get("req_body")
method = request.POST.get("method")
project_id = request.POST.get("project_id")
scan_id = request.POST.get("scan_id")
auth_token_key = request.POST.get("auth_token_key")
try:
with open(api_key_path, 'r+') as f:
data = json.load(f)
lod_apikey = data['zap_api_key']
apikey = signing.loads(lod_apikey)
zapath = data['zap_path']
zap_port = data['zap_port']
except Exception as e:
print e
zap = ZAPv2(apikey=apikey,
proxies={'http': 'http://127.0.0.1' + ':' + zap_port,
'https': 'http://127.0.0.1' + ':' + zap_port})
print target_url
"""
***Starting ZAP Scanner***
"""
try:
zap_scanner = zapscanner.start_zap()
print "Status of zap scanner:", zap_scanner
except Exception as e:
print e
return HttpResponseRedirect("/webscanners/scans_list/")
"""
*****End zap scanner****
"""
time.sleep(10)
""" Excluding URL from scanner """
scanid = zap.spider.scan(target_url)
save_all = zap_spider_db(spider_url=target_url, spider_scanid=scanid)
save_all.save()
try:
while (int(zap.spider.status(scanid)) < 100):
# print 'Spider progress %:' + zap.spider.status(scanid)
global spider_status
spider_status = zap.spider.status(scanid)
print "Spider progress", spider_status
time.sleep(5)
except Exception as e:
print e
spider_status = "100"
spider_res_out = zap.spider.results(scanid)
data_out = ("\n".join(map(str, spider_res_out)))
print data_out
total_spider = len(spider_res_out)
print 'Spider Completed------'
print 'Target :', target_url
global spider_alert
spider_alert = "Spider Completed"
time.sleep(5)
print 'Scanning Target %s' % target_url
scan_scanid = zap.ascan.scan(target_url)
un_scanid = uuid.uuid4()
print "updated scanid :", un_scanid
try:
save_all_scan = zap_scans_db(project_id=project_id, scan_url=target_url, scan_scanid=un_scanid)
save_all_scan.save()
except Exception as e:
print e
# zap_scans_db.objects.filter(pk=some_value).update(field1='some value')
try:
while (int(zap.ascan.status(scan_scanid)) < 100):
print 'Scan progress from zap_scan_lauch function %: ' + zap.ascan.status(scan_scanid)
global scans_status
scans_status = zap.ascan.status(scan_scanid)
zap_scans_db.objects.filter(scan_scanid=un_scanid).update(vul_status=scans_status)
time.sleep(5)
except Exception as e:
print e
# Save Vulnerability in database
scans_status = "100"
zap_scans_db.objects.filter(scan_scanid=un_scanid).update(vul_status=scans_status)
print target_url
time.sleep(5)
all_vuln = zap.core.alerts(target_url)
# print all_vuln
for vuln in all_vuln:
vuln_id = uuid.uuid4()
confidence = vuln['confidence']
wascid = vuln['wascid']
cweid = vuln['cweid']
risk = vuln['risk']
reference = vuln['reference']
url = vuln['url']
name = vuln['name']
solution = vuln['solution']
param = vuln['param']
evidence = vuln['evidence']
sourceid = vuln['sourceid']
pluginId = vuln['pluginId']
other = vuln['other']
attack = vuln['attack']
messageId = vuln['messageId']
method = vuln['method']
alert = vuln['alert']
ids = vuln['id']
description = vuln['description']
global vul_col
if risk == 'High':
vul_col = "important"
elif risk == 'Medium':
vul_col = "warning"
elif risk == 'Low':
vul_col = "info"
dump_all = zap_scan_results_db(vuln_id=vuln_id, vuln_color=vul_col, scan_id=un_scanid,
project_id=project_id,
confidence=confidence, wascid=wascid,
cweid=cweid,
risk=risk, reference=reference, url=url, name=name,
solution=solution,
param=param, evidence=evidence, sourceid=sourceid, pluginId=pluginId,
other=other, attack=attack, messageId=messageId, method=method,
alert=alert, id=ids, description=description)
dump_all.save()
time.sleep(5)
zap_all_vul = zap_scan_results_db.objects.filter(scan_id=un_scanid).order_by('scan_id')
total_vul = len(zap_all_vul)
total_high = len(zap_all_vul.filter(risk="High"))
total_medium = len(zap_all_vul.filter(risk="Medium"))
total_low = len(zap_all_vul.filter(risk="Low"))
zap_scans_db.objects.filter(scan_scanid=un_scanid).update(total_vul=total_vul, high_vul=total_high,
medium_vul=total_medium, low_vul=total_low)
spider_alert = "Scan Completed"
time.sleep(5)
for msg in zap_all_vul:
msg_id = msg.messageId
request_response = zap.core.message(id=msg_id)
ja_son = json.dumps(request_response)
ss = ast.literal_eval(ja_son)
for key, value in ss.viewitems():
global note
if key == "note":
note = value
global rtt
if key == "rtt":
rtt = value
global tags
if key == "tags":
tags = value
global timestamp
if key == "timestamp":
timestamp = value
global responseHeader
if key == "responseHeader":
responseHeader = value
global requestBody
if key == "requestBody":
requestBody = value
global responseBody
if key == "responseBody":
responseBody = value
global requestHeader
if key == "requestHeader":
requestHeader = value
global cookieParams
if key == "cookieParams":
cookieParams = value
global res_type
if key == "type":
res_type = value
global res_id
if key == "id":
res_id = value
zap_scan_results_db.objects.filter(messageId=msg_id).update(note=note, rtt=rtt, tags=tags,
timestamp=timestamp,
responseHeader=responseHeader,
requestBody=requestBody,
responseBody=responseBody,
requestHeader=requestHeader,
cookieParams=cookieParams,
res_type=res_type,
res_id=res_id)
print msg_id
print res_id
zap_scanner = zapscanner.stop_zap()
print "Status of zap scanner:", zap_scanner
return HttpResponseRedirect('/scanapi/')
return render(request, 'api_scan_list.html')
def xml_parser(root, project_id, scan_id):
"""
ZAP Proxy scanner xml report parser.
:param root:
:param project_id:
:param scan_id:
:return:
"""
global vul_col, \
confidence, \
wascid, risk, \
reference, \
url, \
name, \
solution, \
instance, \
sourceid, \
pluginid, \
alert, \
desc, \
riskcode, vuln_id, false_positive, duplicate_hash, duplicate_vuln
for child in root:
d = child.attrib
scan_url = d['name']
inst = []
for alert in root.iter('alertitem'):
for vuln in alert:
vuln_id = uuid.uuid4()
if vuln.tag == "pluginid":
pluginid = vuln.text
if vuln.tag == "alert":
alert = vuln.text
if vuln.tag == "name":
name = vuln.text
if vuln.tag == "riskcode":
riskcode = vuln.text
if vuln.tag == "confidence":
confidence = vuln.text
if vuln.tag == "desc":
desc = vuln.text
if vuln.tag == "solution":
solution = vuln.text
if vuln.tag == "reference":
reference = vuln.text
if vuln.tag == "wascid":
wascid = vuln.text
if vuln.tag == "sourceid":
sourceid = vuln.text
for instances in vuln:
for ii in instances:
instance = {}
instance[ii.tag] = ii.text
inst.append(instance)
if riskcode == "3":
vul_col = "important"
risk = "High"
elif riskcode == '2':
vul_col = "warning"
risk = "Medium"
elif riskcode == '1':
vul_col = "info"
risk = "Low"
elif riskcode == '0':
vul_col = "info"
risk = "Informational"
dup_data = name + url + risk
duplicate_hash = hashlib.sha256(dup_data).hexdigest()
match_dup = zap_scan_results_db.objects.filter(
dup_hash=duplicate_hash).values('dup_hash').distinct()
lenth_match = len(match_dup)
if lenth_match == 1:
duplicate_vuln = 'Yes'
elif lenth_match == 0:
duplicate_vuln = 'No'
else:
duplicate_vuln = 'None'
false_p = zap_scan_results_db.objects.filter(
false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
if fp_lenth_match == 1:
false_positive = 'Yes'
else:
false_positive = 'No'
if name == "None":
print name
else:
dump_data = zap_scan_results_db(
vuln_id=vuln_id,
vuln_color=vul_col,
scan_id=scan_id,
project_id=project_id,
confidence=confidence,
wascid=wascid,
risk=risk,
reference=reference,
url=url,
name=name,
solution=solution,
param=instance,
sourceid=sourceid,
pluginId=pluginid,
alert=alert,
description=desc,
false_positive=false_positive,
rescan='No',
vuln_status='Open',
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
evidence=inst,
)
dump_data.save()
zap_all_vul = zap_scan_results_db.objects.filter(scan_id=scan_id) \
.values('name', 'risk').distinct()
total_high = len(zap_all_vul.filter(risk="High"))
total_medium = len(zap_all_vul.filter(risk="Medium"))
total_low = len(zap_all_vul.filter(risk="Low"))
total_info = len(zap_all_vul.filter(risk="Informational"))
total_duplicate = len(zap_all_vul.filter(vuln_duplicate='Yes'))
total_vul = total_high + total_medium + total_low + total_info
zap_scans_db.objects.filter(scan_scanid=scan_id) \
.update(total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
info_vul=total_info,
total_dup=total_duplicate,
scan_url=scan_url
)
if total_vul == total_duplicate:
zap_scans_db.objects.filter(scan_scanid=scan_id) \
.update(total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
total_dup=total_duplicate
)
