def sqlmap_task(request, id): context = crearContextBase(request) task = sqlmap_requests.objects.get(id=id) aux = task results = sqlmap_results.objects.get(id=task.id) context.update({'task': aux, 'results': results}) return render(request, 'sqlmap_task.html', context)
def openvas_download(request, id): scanner = VulnscanManager("localhost", openvas_username, openvas_password) task = openvas_requests.objects.get(id=id) if task.state == "Finished": result = openvas_results.objects.get(id=task.id) print(result.report) # Retornant pdf report = scanner.get_report_pdf(str(result.report)) nomArxiu = "Report_" + task.name.replace( " ", "-") + "_" + datetime.strftime(result.finish_date, "%Y%m%d%H%M") + ".pdf" #print("Report:" + report) reportXML = ElementTree.tostring(report.find("report"), encoding='utf-8', method='xml') print("ReportXML:" + str(reportXML).split(">")[-2].split("<")[0]) #fullReport = ElementTree.fromstring(reportXML) #response = HttpResponse(base64.b64decode(fullReport.find("in_use").tail), content_type='application/pdf') response = HttpResponse(base64.b64decode( str(reportXML).split(">")[-2].split("<")[0]), content_type='application/pdf') response['Content-Disposition'] = 'attachment; filename=' + nomArxiu return response else: context = crearContextBase(request) context.update({'openvas_tasks': "active"}) results = "fail" context.update({'task': task, 'results': results}) return render(request, 'openvas_task.html', context)
def openvas_task(request, id): context = crearContextBase(request) context.update({'openvas_tasks': "active"}) task = openvas_requests.objects.get(id=id) results = openvas_results.objects.get(id=task.id) context.update({'task': task, 'results': results}) return render(request, 'openvas_task.html', context)
def w3af_new(request): context = crearContextBase(request) u = request.user userid = u.id if request.method == 'POST': form = forms.w3afForm(request.POST, user=u) if form.is_valid(): n = form.cleaned_data['name'] # target t = form.cleaned_data['target'] to = form.cleaned_data['target_os'] tf = form.cleaned_data['target_framework'] # auth lu = form.cleaned_data['login_url'] lun = form.cleaned_data['login_username'] lp = form.cleaned_data['login_password'] luf = form.cleaned_data['login_userfield'] lpf = form.cleaned_data['login_passwordfield'] lm = form.cleaned_data['login_method'] # basic auth hd = form.cleaned_data['http_domain'] hu = form.cleaned_data['http_user'] hp = form.cleaned_data['http_password'] # parameters p = form.cleaned_data['profile'] m = form.cleaned_data['mail'] mf = form.cleaned_data['mail_field'] if 'save' in request.POST: e = "Saved" elif 'cue' in request.POST: e = "On Hold" if p == "Fast Scan": pb = "fast_scan" elif p == "Full Audit": pb = "full_audit" elif p == "OWASP Top 10": pb = "OWASP_TOP10" if m: p = models.w3af_requests.objects.create(name=n, target=t, target_os = to, target_framework = tf, login_url = lu, login_username = lun, login_password = lp, login_userfield = luf, login_passwordfield = lpf, login_method = lm, user=request.user, state=e, profile=pb, mail=mf, http_user= hu, http_password=hp, http_domain=hd) # crear la request else: p = models.w3af_requests.objects.create(name=n, target=t, target_os = to, target_framework = tf, login_url = lu, login_username = lun, login_password = lp, login_userfield = luf, login_passwordfield = lpf, login_method = lm, user=request.user, profile=pb, state=e, http_user= hu, http_password=hp, http_domain=hd) # crear la request r = models.w3af_results.objects.create(id=p.id) return HttpResponseRedirect('/w3af/tasks/') else: print(form.errors) else: form = forms.w3afForm(user=u) context.update({"initial": 0}) context.update({"form": form}) return render(request, 'w3af_new.html', context)
def openvas_new(request): context = crearContextBase(request) context.update({'openvas_new': "active"}) u = request.user if request.method == 'POST': form = forms.OpenVASForm(request.POST, user=u) if form.is_valid(): ips = form.cleaned_data['ips'] urls = form.cleaned_data['urls'] m = form.cleaned_data['mail'] mf = form.cleaned_data['mail_field'] c = form.cleaned_data['config'] if 'save' in request.POST: e = "Saved" elif 'cue' in request.POST: e = "On Hold" # Treiem els espais entre hostnames urls = urls.replace(" ", "") ips = ips.replace(" ", "") if ips != "" and urls != "": t = ips + "," + urls elif ips != "": t = ips else: t = urls n = form.cleaned_data['name'] if m: p = models.openvas_requests.objects.create( name=n, target=t, user=request.user, state=e, percentage=0, mail=mf, config=c) # crear la request else: p = models.openvas_requests.objects.create( name=n, target=t, user=request.user, state=e, percentage=0, config=c) # crear la request r = models.openvas_results.objects.create(id=p.id) return HttpResponseRedirect('/OpenVAS/tasks/') else: print(form.errors) else: form = forms.OpenVASForm(user=u) context.update({"form": form}) return render(request, 'openvas_new.html', context)
def w3af_download(request, id): task = w3af_requests.objects.get(id=id) if task.state == "Finished": result = w3af_results.objects.get(id=task.id) #print(result.report) # Retornant fitxer nomArxiu = "Report_" + task.name.replace(" ","-") + "_" + datetime.strftime(result.finish_date, "%Y%m%d%H%M") + ".html" response = HttpResponse(result.report, content_type='text/html') response['Content-Disposition'] = 'attachment; filename=' + nomArxiu return response else: context = crearContextBase(request) results = "fail" context.update({'task': task, 'results': results}) return render(request, 'w3af_task.html', context)
def sqlmap_howto(request): context = crearContextBase(request) context.update({'sqlmap_howto': "active"}) return render(request, 'sqlmap_howto.html', context)
def sqlmap_new(request): context = crearContextBase(request) u = request.user userid = u.id if request.method == 'POST': form = forms.SQLmapForm(request.POST, user=u) if form.is_valid(): # url target_url = form.cleaned_data['url'] # direct connection target_dbms = form.cleaned_data['dbms'] target_user = form.cleaned_data['user'] target_password = form.cleaned_data['password'] target_ip = form.cleaned_data['ip'] target_port = form.cleaned_data['port'] target_db_name = form.cleaned_data['db_name'] # parameters c = form.cleaned_data['charset'] v = form.cleaned_data['verbosity'] l = form.cleaned_data['level'] r = form.cleaned_data['risk'] d = form.cleaned_data['depth'] n = form.cleaned_data['name'] m = form.cleaned_data['mail'] mf = form.cleaned_data['mail_field'] if 'save' in request.POST: e = "Saved" elif 'cue' in request.POST: e = "On Hold" if target_url == "": t = "-d " + target_dbms + "://" + target_user + ":" + target_password + "@" + target_ip + ":" + \ str(target_port) + "/" + target_db_name else: t = "-u " + target_url if m: p = models.sqlmap_requests.objects.create( name=n, target=t, level=l, verbosity=v, risk=r, depth=d, charset=c, user=request.user, state=e, mail=mf) # crear la request else: p = models.sqlmap_requests.objects.create( name=n, target=t, level=l, verbosity=v, risk=r, depth=d, charset=c, user=request.user, state=e) # crear la request r = models.sqlmap_results.objects.create(id=p.id) return HttpResponseRedirect('/SQLmap/tasks/') else: print(form.errors) else: form = forms.SQLmapForm(user=u) context.update({"initial": 0}) context.update({"form": form}) return render(request, 'sqlmap_new.html', context)
def sqlmap_tasks(request): context = crearContextBase(request) return render(request, 'sqlmap_tasks.html', context)
def sqlmap_modify(request, id): context = crearContextBase(request) u = request.user task = sqlmap_requests.objects.get(id=id) context.update({"task": task, "notModify": False}) if task.state != "Running" and task.state != "Blocked": if request.method == 'POST': form = forms.SQLmapForm(request.POST, user=u) if form.is_valid(): # url target_url = form.cleaned_data['url'] # direct connection target_dbms = form.cleaned_data['dbms'] target_user = form.cleaned_data['user'] target_password = form.cleaned_data['password'] target_ip = form.cleaned_data['ip'] target_port = form.cleaned_data['port'] target_db_name = form.cleaned_data['db_name'] # parameters c = form.cleaned_data['charset'] v = form.cleaned_data['verbosity'] l = form.cleaned_data['level'] r = form.cleaned_data['risk'] d = form.cleaned_data['depth'] n = form.cleaned_data['name'] m = form.cleaned_data['mail'] mf = form.cleaned_data['mail_field'] if 'save' in request.POST: e = "Saved" elif 'cue' in request.POST: e = "On Hold" if target_url == "": t = "-d " + target_dbms + "://" + target_user + ":" + target_password + "@" + target_ip + ":" + \ str(target_port) + "/" + target_db_name else: t = "-u " + target_url if task.state != "Running" and task.state != "Blocked": task.name = n task.target = t task.level = l task.verbosity = v task.risk = r task.depth = d task.charset = c task.user = u task.state = e task.modify_date = datetime.now() if m: task.mail = mf else: task.mail = None task.save() else: context.update({"notModify": True}) return render(request, 'sqlmap_new.html', context) return HttpResponseRedirect('/SQLmap/tasks/') else: print(form.errors) else: form = forms.SQLmapForm(user=u) form.fields["name"].initial = task.name if task.target[0:3] == "-u ": form.fields["url"].initial = task.target[3:] elif task.target[0:3] == "-d ": text = task.target[3:].partition("://") form.fields["dbms"].initial = text[0] text = text[2].partition(":") form.fields["user"].initial = text[0] text = text[2].partition("@") # La password no la aprofitem text = text[2].partition(":") form.fields["ip"].initial = text[0] text = text[2].partition(":") form.fields["port"].initial = text[0] form.fields["db_name"].initial = text[2] context.update({ "initial": 1, "verbosity": task.verbosity, "level": task.level, "risk": task.risk, "depth": task.depth }) form.fields["charset"].initial = task.charset if task.mail: form.fields["mail_field"].initial = task.mail form.fields["mail"].initial = True context.update({"form": form}) return render(request, 'sqlmap_new.html', context) else: context.update({"notModify": True}) return render(request, 'sqlmap_new.html', context)
def w3af_tasks(request): context = crearContextBase(request) return render(request, 'w3af_tasks.html', context)
def w3af_modify(request, id): context = crearContextBase(request) u = request.user task = w3af_requests.objects.get(id=id) context.update({"task": task, "notModify": False}) if task.state != "Running" and task.state != "Blocked": if request.method == 'POST': form = forms.w3afForm(request.POST, user=u) if form.is_valid(): n = form.cleaned_data['name'] # target t = form.cleaned_data['target'] to = form.cleaned_data['target_os'] tf = form.cleaned_data['target_framework'] # auth lu = form.cleaned_data['login_url'] lun = form.cleaned_data['login_username'] lp = form.cleaned_data['login_password'] luf = form.cleaned_data['login_userfield'] lpf = form.cleaned_data['login_passwordfield'] lm = form.cleaned_data['login_method'] # basic auth hd = form.cleaned_data['http_domain'] hu = form.cleaned_data['http_user'] hp = form.cleaned_data['http_password'] # parameters p = form.cleaned_data['profile'] m = form.cleaned_data['mail'] mf = form.cleaned_data['mail_field'] if 'save' in request.POST: e = "Saved" elif 'cue' in request.POST: e = "On Hold" if p == "Fast Scan": pb = "fast_scan" elif p == "Full Audit": pb = "full_scan" elif p == "OWASP Scan": pb = "OWASP_TOP10" if task.state != "Running" and task.state != "Blocked": task.name = n task.target = t task.target_os = to task.target_framework = tf task.login_url = lu task.login_username = lun task.login_password = lp task.login_userfield = luf task.login_passwordfield = lpf task.login_method = lm task.profile = pb task.user = u task.state = e task.http_domain = hd task.http_user = hu task.http_password = hp task.modify_date = datetime.now() if m: task.mail = mf else: task.mail = None task.save() else: context.update({"notModify": True}) return render(request, 'w3af_new.html', context) return HttpResponseRedirect('/w3af/tasks/') else: print(form.errors) else: form = forms.w3afForm(user=u) form.fields["name"].initial = task.name form.fields["target"].initial = task.target form.fields["target_os"].initial = task.target_os form.fields["target_framework"].initial = task.target_framework if task.login_url: form.fields["target_login_url"].initial = task.login_url if task.login_username: form.fields["login_username"].initial = task.login_username if task.login_password: form.fields["login_password"].initial = task.login_password if task.login_userfield: form.fields["login_userfield"].initial = task.login_userfield if task.login_passwordfield: form.fields["login_passwordfield"].initial = task.login_passwordfield if task.http_domain: form.fields["http_domain"].initial = task.http_domain if task.http_user: form.fields["http_user"].initial = task.http_user if task.http_password: form.fields["http_password"].initial = task.http_password form.fields["login_method"].initial = task.login_method form.fields["profile"].initial = task.profile context.update({"initial": 1}) if task.mail: form.fields["mail_field"].initial = task.mail form.fields["mail"].initial = True context.update({"form": form}) return render(request, 'w3af_new.html', context) else: context.update({"notModify": True}) return render(request, 'w3af_new.html', context)
def openvas_tasks(request): context = crearContextBase(request) context.update({'openvas_tasks': "active"}) return render(request, 'openvas_tasks.html', context)
def openvas_modify(request, id): context = crearContextBase(request) context.update({'openvas_tasks': "active"}) u = request.user task = openvas_requests.objects.get(id=id) context.update({"task": task, "notModify": False}) if task.state != "Running" and task.state != "Blocked": if request.method == 'POST': form = forms.OpenVASForm(request.POST, user=u) if form.is_valid(): ips = form.cleaned_data['ips'] urls = form.cleaned_data['urls'] m = form.cleaned_data['mail'] mf = form.cleaned_data['mail_field'] c = form.cleaned_data['config'] if 'save' in request.POST: e = "Saved" elif 'cue' in request.POST: e = "On Hold" # Treiem els espais entre hostnames urls = urls.replace(" ", "") ips = ips.replace(" ", "") if ips != "" and urls != "": t = ips + "," + urls elif ips != "": t = ips else: t = urls n = form.cleaned_data['name'] if task.state != "Running" and task.state != "Blocked": task.name = n task.target = t task.user = u task.state = e task.percentage = 0 task.config = c task.modify_date = timezone.now() if m: task.mail = mf else: task.mail = None task.save() else: context.update({"notModify": True}) return render(request, 'openvas_new.html', context) return HttpResponseRedirect('/OpenVAS/tasks/') else: print(form.errors) else: form = forms.OpenVASForm(user=u) form.fields["name"].initial = task.name tasks = task.target.split(",") urls = "" ips = "" try: IPNetwork(tasks[0]) except: urls += tasks[0] else: ips += tasks[0] for t in tasks[1:]: try: IPNetwork(t) except: urls += "," + t else: ips += "," + t form.fields["urls"].initial = urls form.fields["ips"].initial = ips if task.mail != "" or task.mail is not None: form.fields["mail_field"].initial = task.mail form.fields["mail"].initial = True form.fields["config"].initial = task.config context.update({"form": form}) return render(request, 'openvas_new.html', context) else: context.update({"notModify": True}) return render(request, 'openvas_new.html', context)