def print_http_headers(self):
"""Print HTTP Response Headers if available"""
if self.get_http_headers():
logger.info('HTTP Response headers:')
for l in self.get_http_headers().splitlines():
Output.print(' | {}'.format(l))
print()
def show(self, filter_service=None):
"""
Display information about supported attack profiles
:param str filter_service: Service name to filter with (default: no filter)
"""
data = list()
columns = [
'Profile',
'Description',
]
for p in self.profiles:
#print(p.checks)
if not filter_service or p.is_service_supported(filter_service):
data.append([
Output.colored(p.name, attrs='bold'),
StringUtils.wrap(p.description, 120)
])
if filter_service:
service = 'for service {}'.format(filter_service.upper())
else:
service = ''
Output.title1('Attack Profiles {service}'.format(service=service))
Output.table(columns, data, hrules=False)
if not filter_service:
print
Output.print('Run "info --attack-profiles <service>" to see the attack ' \
'profiles supported for a given service.')
def __attack_target(self, id_, attack_progress):
"""
Run checks against a given target
:param id_: Number of the target (as displayed in "id" column in show_summary())
"""
target = self.targets[id_ - 1]
if target.get_http_headers():
logger.info('HTTP Response headers:')
for l in target.get_http_headers().splitlines():
Output.print(l)
print()
if target.get_credentials():
logger.info('Credentials set for this target:')
data = list()
columns = ['username', 'password']
if target.get_service_name() == 'http': columns.append('auth-type')
for c in target.get_credentials():
username = '******' if c.username == '' else c.username
if c.password is None:
password = '******'
else:
password = '******' if c.password == '' else c.password
line = [username, password]
if target.get_service_name() == 'http': line.append(c.type)
data.append(line)
Output.table(columns, data, hrules=False)
if target.get_specific_options():
logger.info('Context-specific options set for this target:')
data = list()
columns = ['option', 'value']
for o in target.get_specific_options():
data.append([o.name, o.value])
Output.table(columns, data, hrules=False)
# TODO: add/edit specific options before run
self.smartmodules_loader.call_start_method(target.service)
service_checks = self.settings.services.get_service_checks(
target.get_service_name())
service_checks.run(target,
self.smartmodules_loader,
self.results_requester,
self.filter_categories,
self.filter_checks,
fast_mode=self.fast_mode,
attack_progress=attack_progress)
def __run_special_mode(self,
target,
arguments,
sqlsession,
filter_checks=None,
attack_profile=None,
fast_mode=False,
attack_progress=None):
"""
Run checks for the service in special mode, i.e. when user has provided
either an attack profile (pre-selection of checks) or a list of checks
(may even be one single check to run)
:param Target target: Target
:param ArgumentsParser arguments: Arguments from command-line
:param Session sqlsession: SQLAlchemy session
:param list filter_checks: Selection of checks to run (default: all)
:param AttackProfile attack_profile: Attack profile (default: no profile)
:param bool fast_mode: Set to true to disable prompts
:param enlighten.Counter attack_progress: Attack progress
"""
# User has submitted list of checks
if filter_checks:
filter_checks = list(filter(
lambda x: self.is_existing_check(x), filter_checks))
if not filter_checks:
logger.warning('None of the selected checks is existing for the ' \
'service {service}'.format(service=target.get_service_name()))
return
logger.info('Selected check(s) that will be run:')
for c in filter_checks:
check = self.get_check(c)
if check:
Output.print(' | - {name} ({category})'.format(
name=c, category=check.category))
# User has submitted an attack profile
else:
if not attack_profile.is_service_supported(target.get_service_name()):
logger.warning('The attack profile {profile} is not supported for ' \
'target service {service}'.format(
profile=attack_profile, service=target.get_service_name()))
return
else:
filter_checks = attack_profile.get_checks_for_service(
target.get_service_name())
logger.info('Selected attack profile: {}'.format(attack_profile))
# Initialize sub status/progress bar
checks_progress = manager.counter(total=len(filter_checks)+1,
desc='',
unit='check',
leave=False,
bar_format=STATUSBAR_FORMAT)
time.sleep(.5) # hack for progress bar display
i = 1
for checkname in filter_checks:
print()
check = self.get_check(checkname)
# Update status/progress bar
status = ' +--> Current check [{cur}/{total}]: {category} > ' \
'{checkname}'.format(
cur = i,
total = len(filter_checks),
category = check.category,
checkname = checkname)
checks_progress.desc = '{status}{fill}'.format(
status = status,
fill = ' '*(DESC_LENGTH-len(status)))
checks_progress.update()
if attack_progress:
# Hack to refresh the attack progress bar without incrementing
# useful if the tool run during the check has cleared the screen
attack_progress.update(incr=0, force=True)
# Run the check if:
# - The check has not been already run for this target (except
# if --recheck is specified in command-line)
# - Target is compliant with the check,
# - The tool used for the check is well installed.
results_req = ResultsRequester(sqlsession)
results_req.select_mission(target.service.host.mission.name)
filter_ = Filter(FilterOperator.AND)
filter_.add_condition(Condition(target.service.id,
FilterData.SERVICE_ID))
filter_.add_condition(Condition(check.name, FilterData.CHECK_NAME))
results_req.add_filter(filter_)
result = results_req.get_first_result()
if result is None or arguments.args.recheck == True:
if check.check_target_compliance(target):
Output.title2('[Check {num:02}/{total:02}] {name} > ' \
'{description}'.format(
num = i,
total = len(filter_checks),
name = check.name,
description = check.description))
if not check.tool.installed:
logger.warning('Skipped: the tool "{tool}" used by ' \
'this check is not installed yet'.format(
tool=check.tool.name))
else:
try:
check.run(target,
arguments,
sqlsession,
fast_mode=fast_mode)
except KeyboardInterrupt:
print()
logger.warning('Check {check} skipped !'.format(
check=check.name))
else:
logger.info('[Check {num:02}/{total:02}] ' \
'{name} > Skipped because context requirements are ' \
'not matching the target'.format(
name = check.name,
num = i,
total = len(filter_checks)))
time.sleep(.2)
else:
logger.info('[Check {num:02}/{total:02}] ' \
'{name} > Skipped because the check has already ' \
'been run'.format(
name = check.name,
num = i,
total = len(filter_checks)))
time.sleep(.2)
i += 1
checks_progress.update()
time.sleep(.5)
checks_progress.close()
