def main(workspace='', args=None, parser=None):
parser.add_argument('-v',
'--verbose',
action='store_true',
help='Verbose output from the pcapfile library.')
parser.add_argument('pcap', help='Path to the PCAP file'),
parsed_args = parser.parse_args(args)
try:
from scapy.all import PcapReader
except ImportError:
print 'capfile not found, please install it to use this plugin.' \
' You can do install it by executing pip2 install scapy in a shell.'
return 1, None
if not os.path.isfile(parsed_args.pcap):
print "pcap file not found: " % parsed_args.pcap
return 2, None
pcap = PcapReader(parsed_args.pcap)
for (domain, ip) in get_domain_resolutions(pcap):
obj = factory.createModelObject(models.Host.class_signature,
ip,
workspace,
parent_id=None)
old = models.get_host(workspace, obj.getID())
if old is None:
models.create_host(workspace, obj)
interface = factory.createModelObject(
models.Interface.class_signature,
'',
workspace,
# mac=bssid,
ipv4_address=ip,
ipv4_gateway='',
ipv4_mask='',
ipv4_dns='',
ipv6_address='',
ipv6_gateway='',
ipv6_prefix='',
ipv6_dns='',
network_segment='',
hostnames=[domain],
parent_id=obj.getID())
old = models.get_interface(workspace, obj.getID())
if old is None:
try:
models.create_interface(workspace, interface)
except:
pass
return 0, None
def main(workspace='', args=None, parser=None):
parser.add_argument('parent', help='Parent ID')
parser.add_argument('name', help='Credential Name')
parser.add_argument('username', help='Username')
parser.add_argument('password', help='Password')
parser.add_argument('--dry-run', action='store_true', help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
obj = factory.createModelObject(models.Credential.class_signature, parsed_args.name, workspace,
username=parsed_args.username,
password=parsed_args.password,
parent_id=parsed_args.parent
)
old = models.get_credential(workspace, obj.getID())
if old is None:
if not parsed_args.dry_run:
models.create_credential(workspace, obj)
else:
print "A credential with ID %s already exists!" % obj.getID()
return 2, None
return 0, obj.getID()
def newVuln(name, desc="", ref = None, severity=""):
"""
It creates and returns a Vulnerability object.
The created object is not added to the model.
"""
return factory.createModelObject("Vulnerability", name, desc=desc,
ref=ref, severity=severity)
def main(workspace='', args=None, parser=None):
parser.add_argument('name', help='Host name')
parser.add_argument('os', help='OS')
parser.add_argument(
'--dry-run',
action='store_true',
help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
obj = factory.createModelObject(models.Host.class_signature,
parsed_args.name,
workspace,
os=parsed_args.os,
parent_id=None)
old = models.get_host(workspace, obj.getID())
if old is None:
if not parsed_args.dry_run:
models.create_host(workspace, obj)
else:
print "A host with ID %s already exists!" % obj.getID()
return 2, None
return 0, obj.getID()
def newHost(name, os = "Unknown"):
"""
It creates and returns a Host object.
The object created is not added to the model.
"""
return factory.createModelObject("Host", name, os=os)
def newCred(username,password):
"""
It creates and returns a Cred object.
The created object is not added to the model.
"""
return factory.createModelObject("Cred", username, password=password)
def newHost(name, os="Unknown"):
"""
It creates and returns a Host object.
The object created is not added to the model.
"""
return factory.createModelObject("Host", name, os=os)
def newVulnWeb(name,
desc="",
website="",
path="",
ref=None,
severity="",
request="",
response="",
method="",
pname="",
params="",
query="",
category=""):
"""
It creates and returns a Vulnerability object.
The created object is not added to the model.
"""
return factory.createModelObject("VulnerabilityWeb",
name,
desc=desc,
ref=ref,
severity=severity,
website=website,
path=path,
request=request,
response=response,
method=method,
pname=pname,
params=params,
query=query,
category=category)
def newInterface(name="",
mac="00:00:00:00:00:00",
ipv4_address="0.0.0.0",
ipv4_mask="0.0.0.0",
ipv4_gateway="0.0.0.0",
ipv4_dns=[],
ipv6_address="0000:0000:0000:0000:0000:0000:0000:0000",
ipv6_prefix="00",
ipv6_gateway="0000:0000:0000:0000:0000:0000:0000:0000",
ipv6_dns=[],
network_segment="",
hostname_resolution=[]):
"""
It creates and returns an Interface object.
The created object is not added to the model.
"""
return factory.createModelObject("Interface",
name,
mac=mac,
ipv4_address=ipv4_address,
ipv4_mask=ipv4_mask,
ipv4_gateway=ipv4_gateway,
ipv4_dns=ipv4_dns,
ipv6_address=ipv6_address,
ipv6_prefix=ipv6_prefix,
ipv6_gateway=ipv6_gateway,
ipv6_dns=ipv6_dns,
network_segment=network_segment,
hostname_resolution=hostname_resolution)
def main(workspace='', args=None, parser=None):
parser.add_argument('interface_id', help='Interface ID')
parser.add_argument('name', help='Service Name')
parser.add_argument('ports', help='Service ports, as a comma separated list')
parser.add_argument('--protocol', help='Service protocol', default='tcp')
parser.add_argument('--status', help='Service status', default='running')
parser.add_argument('--version', help='Service version', default='unknown')
parser.add_argument('--description', help='Service description', default='')
parser.add_argument('--dry-run', action='store_true', help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
ports = filter(None, parsed_args.ports.split(','))
obj = factory.createModelObject(models.Service.class_signature, parsed_args.name, workspace,
protocol=parsed_args.protocol,
ports=ports,
status=parsed_args.status,
version=parsed_args.version,
description=parsed_args.description,
parent_id=parsed_args.interface_id
)
old = models.get_service(workspace, obj.getID())
if old is None:
if not parsed_args.dry_run:
models.create_service(workspace, obj)
else:
print "A service with ID %s already exists!" % obj.getID()
return 2, None
return 0, obj.getID()
def main(workspace='', args=None, parser=None):
parser.add_argument('parent', help='Parent ID')
parser.add_argument('name', help='Credential Name')
parser.add_argument('username', help='Username')
parser.add_argument('password', help='Password')
parser.add_argument(
'--dry-run',
action='store_true',
help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
obj = factory.createModelObject(models.Credential.class_signature,
parsed_args.name,
workspace,
username=parsed_args.username,
password=parsed_args.password,
parent_id=parsed_args.parent)
old = models.get_credential(workspace, obj.getID())
if old is None:
if not parsed_args.dry_run:
models.create_credential(workspace, obj)
else:
print "A credential with ID %s already exists!" % obj.getID()
return 2, None
return 0, obj.getID()
def main(workspace='', args=None, parser=None):
parser.add_argument('parent', help='Parent ID')
parser.add_argument('name', help='Note name')
parser.add_argument('text', help='Note content')
parser.add_argument(
'--dry-run',
action='store_true',
help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
obj = factory.createModelObject(models.Note.class_signature,
parsed_args.name,
workspace,
text=parsed_args.text,
parent_id=parsed_args.parent)
old = models.get_note(workspace, obj.getID())
if old is None:
if not parsed_args.dry_run:
models.create_note(workspace, obj)
else:
print "A note with ID %s already exists!" % obj.getID()
return 2, None
return 0, obj.getID()
def newNote(name,text):
"""
It creates and returns a Note object.
The created object is not added to the model.
"""
return factory.createModelObject("Note", name, text=text)
def main(workspace='', args=None, parser=None):
parser.add_argument('parent_type', choices=['Host', 'Service'])
parser.add_argument('parent', help='Parent ID')
parser.add_argument('name', help='Vulnerability Name')
parser.add_argument('--reference',
help='Vulnerability reference',
default='') # Fixme
parser.add_argument(
'--severity',
help='Vulnerability severity',
choices=['critical', 'high', 'med', 'low', 'info', 'unclassified'],
default='unclassified')
parser.add_argument('--resolution', help='Resolution', default='')
parser.add_argument('--confirmed',
help='Is the vulnerability confirmed',
choices=['true', 'false'],
default='false')
parser.add_argument('--description',
help='Vulnerability description',
default='')
parser.add_argument(
'--dry-run',
action='store_true',
help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
obj = factory.createModelObject(
models.Vuln.class_signature,
parsed_args.name,
workspace,
ref=parsed_args.reference,
severity=parsed_args.severity,
resolution=parsed_args.resolution,
confirmed=(parsed_args.confirmed == 'true'),
desc=parsed_args.description,
parent_id=parsed_args.parent,
parent_type=parsed_args.parent_type.capitalize())
params = {
'name': parsed_args.name,
'description': parsed_args.description,
'parent_type': parsed_args.parent_type.capitalize(),
'parent': parsed_args.parent,
}
old = models.get_vulns(workspace, **params)
if not old:
if not parsed_args.dry_run:
models.create_vuln(workspace, obj)
old = models.get_vulns(workspace, **params)
else:
print "A vulnerability with ID %s already exists!" % old[0].getID()
return 2, None
return 0, old[0].getID()
def newVulnWeb(name, desc="", website="", path="", ref=None, severity="", request="", response="",
method="",pname="", params="",query="",category=""):
"""
It creates and returns a Vulnerability object.
The created object is not added to the model.
"""
return factory.createModelObject("VulnerabilityWeb", name, desc=desc, ref=ref,severity=severity, website=website, path=path, request=request,
response=response,method=method,pname=pname, params=params,query=query,category=category )
def newApplication(name, status = "running", version = "unknown"):
"""
It creates and returns an Application object.
The created object is not added to the model.
"""
return factory.createModelObject("HostApplication",name,
status = status,
version = version)
def createAndAddHost(self, name, os="unknown"):
host_obj = factory.createModelObject(
Host.class_signature,
name, os=os, parent_id=None)
host_obj._metadata.creator = self.id
self.__addPendingAction(modelactions.ADDHOST, host_obj)
return host_obj.getID()
def createAndAddHost(self, name, os="unknown"):
host_obj = factory.createModelObject(
Host.class_signature,
name, os=os, parent_id=None)
host_obj._metadata.creator = self.id
self.__addPendingAction(modelactions.ADDHOST, host_obj)
return host_obj.getID()
def main(workspace='', args=None, parser=None):
parser.add_argument('parent_type',
choices=['Host', 'Service'])
parser.add_argument('parent', help='Parent ID')
parser.add_argument('name', help='Vulnerability Name')
parser.add_argument('--reference', help='Vulnerability reference', default='') # Fixme
parser.add_argument('--severity',
help='Vulnerability severity',
choices=['critical', 'high', 'med', 'low', 'info', 'unclassified'],
default='unclassified')
parser.add_argument('--resolution', help='Resolution', default='')
parser.add_argument('--confirmed', help='Is the vulnerability confirmed',
choices=['true', 'false'],
default='false')
parser.add_argument('--description', help='Vulnerability description', default='')
parser.add_argument('--dry-run', action='store_true', help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
obj = factory.createModelObject(models.Vuln.class_signature,
parsed_args.name,
workspace,
ref=parsed_args.reference,
severity=parsed_args.severity,
resolution=parsed_args.resolution,
confirmed=(parsed_args.confirmed == 'true'),
desc=parsed_args.description,
parent_id=parsed_args.parent,
parent_type=parsed_args.parent_type.capitalize()
)
params = {
'name': parsed_args.name,
'description': parsed_args.description,
'parent_type': parsed_args.parent_type.capitalize(),
'parent': parsed_args.parent,
}
old = models.get_vulns(
workspace,
**params
)
if not old:
if not parsed_args.dry_run:
models.create_vuln(workspace, obj)
old = models.get_vulns(
workspace,
**params
)
else:
print "A vulnerability with ID %s already exists!" % old[0].getID()
return 2, None
return 0, old[0].getID()
def newApplication(name, status="running", version="unknown"):
"""
It creates and returns an Application object.
The created object is not added to the model.
"""
return factory.createModelObject("HostApplication",
name,
status=status,
version=version)
def newVuln(name, desc="", ref=None, severity=""):
"""
It creates and returns a Vulnerability object.
The created object is not added to the model.
"""
return factory.createModelObject("Vulnerability",
name,
desc=desc,
ref=ref,
severity=severity)
def newService(name, protocol = "tcp?", ports = [], status = "running",
version = "unknown", description = ""):
"""
It creates and returns a Service object.
The created object is not added to the model.
"""
return factory.createModelObject("Service",name,
protocol = protocol, ports = ports,
status = status, version = version,
description = description)
def createAndAddHost(self, name, os="unknown", hostnames=None):
host_obj = factory.createModelObject(Host.class_signature,
name,
os=os,
parent_id=None,
workspace_name=self.workspace,
hostnames=hostnames)
host_obj._metadata.creatoserverr = self.id
self.__addPendingAction(Modelactions.ADDHOST, host_obj)
return host_obj.getID()
def createAndAddHost(self, name, os="unknown", hostnames=None):
host_obj = factory.createModelObject(
Host.class_signature,
name,
os=os,
parent_id=None,
workspace_name=self.workspace,
hostnames=hostnames)
host_obj._metadata.creatoserverr = self.id
self.__addPendingAction(Modelactions.ADDHOST, host_obj)
return host_obj.getID()
def main(workspace='', args=None, parser=None):
parser.add_argument('host_id', help='Service Parent Host ID')
parser.add_argument('name', help='Service Name')
parser.add_argument('ports',
help='Service ports, as a comma separated list')
parser.add_argument('--protocol', help='Service protocol', default='tcp')
parser.add_argument('--status', help='Service status', default='open')
parser.add_argument('--version', help='Service version', default='unknown')
parser.add_argument('--description',
help='Service description',
default='')
parser.add_argument(
'--dry-run',
action='store_true',
help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
ports = filter(None, parsed_args.ports.split(','))
res_ids = [] #new service or old services ids affected by the command
for port in ports:
params = {
'name': parsed_args.name,
'port': port,
'protocol': parsed_args.protocol,
'host_id': parsed_args.host_id
}
obj = factory.createModelObject(models.Service.class_signature,
parsed_args.name,
workspace,
protocol=parsed_args.protocol,
ports=[port],
status=parsed_args.status,
version=parsed_args.version,
description=parsed_args.description,
parent_id=parsed_args.host_id)
old = models.get_service(workspace, **params)
if old is None:
if not parsed_args.dry_run:
models.create_service(workspace, obj)
old = models.get_service(workspace, **params)
else:
print("A service with ID %s already exists!" % old.getID())
res_ids.append(old.getID())
return 0, res_ids
def main(workspace='', args=None, parser=None):
parser.add_argument('parent', help='Parent ID')
parser.add_argument('name', help='Credential Name')
parser.add_argument('username', help='Username')
parser.add_argument('password', help='Password')
parser.add_argument('--parent_type',
help='Vulnerability severity',
choices=['Host', 'Service'],
default='unclassified')
parser.add_argument(
'--dry-run',
action='store_true',
help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
params = {
'username': parsed_args.username,
}
if parsed_args.parent_type == 'Host':
params.update({'host_id': parsed_args.parent})
elif parsed_args.parent_type == 'Service':
params.update({'service_id': parsed_args.parent})
else:
raise UserWarning(
'Credential only allow Host or Service as parent_type')
obj = factory.createModelObject(models.Credential.class_signature,
parsed_args.name,
workspace,
username=parsed_args.username,
password=parsed_args.password,
parent_type=parsed_args.parent_type,
parent=parsed_args.parent)
old = models.get_credential(workspace, **params)
if old is None:
if not parsed_args.dry_run:
models.create_credential(workspace, obj)
old = models.get_credential(workspace, **params)
else:
print "A credential with ID %s already exists!" % old.getID()
return 2, None
return 0, old.getID()
def process_wpa_key(workspace_name, packet):
access_point = access_point_data[packet.addr3]
if not access_point:
return
vuln = factory.createModelObject(
models.Vuln.class_signature,
'WPA Key for {0} found'.format(access_point.get('essid', '')),
workspace_name,
severity='info',
status='open',
confirmed='true',
desc=
'WPA was found for the access point. Ensure you are using a secure password.',
parent_id=access_point['host'].id)
if vuln.id not in map(lambda vuln: vuln.id, created_objs['Vulnerability']):
created_objs['Vulnerability'].add(vuln)
def newService(name,
protocol="tcp?",
ports=[],
status="running",
version="unknown",
description=""):
"""
It creates and returns a Service object.
The created object is not added to the model.
"""
return factory.createModelObject("Service",
name,
protocol=protocol,
ports=ports,
status=status,
version=version,
description=description)
def newInterface(name = "", mac = "00:00:00:00:00:00",
ipv4_address = "0.0.0.0", ipv4_mask = "0.0.0.0",
ipv4_gateway = "0.0.0.0", ipv4_dns = [],
ipv6_address = "0000:0000:0000:0000:0000:0000:0000:0000", ipv6_prefix = "00",
ipv6_gateway = "0000:0000:0000:0000:0000:0000:0000:0000", ipv6_dns = [],
network_segment = "", hostname_resolution = []):
"""
It creates and returns an Interface object.
The created object is not added to the model.
"""
return factory.createModelObject("Interface", name, mac = mac,
ipv4_address = ipv4_address , ipv4_mask = ipv4_mask,
ipv4_gateway = ipv4_gateway, ipv4_dns = ipv4_dns,
ipv6_address = ipv6_address , ipv6_prefix = ipv6_prefix,
ipv6_gateway = ipv6_gateway, ipv6_dns = ipv6_dns,
network_segment = network_segment,
hostname_resolution = hostname_resolution)
def main(workspace='', args=None, parser=None):
parser.add_argument('parent', help='Parent ID')
parser.add_argument('name', help='Credential Name')
parser.add_argument('username', help='Username')
parser.add_argument('password', help='Password')
parser.add_argument('--parent_type',
help='Vulnerability severity',
choices=['Host', 'Service'],
default='unclassified')
parser.add_argument('--dry-run', action='store_true', help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
params = {
'username': parsed_args.username,
}
if parsed_args.parent_type == 'Host':
params.update({'host_id': parsed_args.parent})
elif parsed_args.parent_type == 'Service':
params.update({'service_id': parsed_args.parent})
else:
raise UserWarning('Credential only allow Host or Service as parent_type')
obj = factory.createModelObject(models.Credential.class_signature,
parsed_args.name,
workspace,
username=parsed_args.username,
password=parsed_args.password,
parent_type=parsed_args.parent_type,
parent=parsed_args.parent
)
old = models.get_credential(workspace, **params)
if old is None:
if not parsed_args.dry_run:
models.create_credential(workspace, obj)
old = models.get_credential(workspace, **params)
else:
print "A credential with ID %s already exists!" % old.getID()
return 2, None
return 0, old.getID()
def main(workspace='', args=None, parser=None):
parser.add_argument('ip', help='Host IP')
parser.add_argument('os', help='OS')
parser.add_argument('mac', help='Interface MAC Address')
parser.add_argument('--gateway',
help='IPV4 or IPV6 Gateway',
default='0.0.0.0')
parser.add_argument('--netsegment', help='Network Segment', default='')
parser.add_argument(
'--dry-run',
action='store_true',
help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
params = {
'ip': parsed_args.ip,
}
obj_host = factory.createModelObject(
models.Host.class_signature,
parsed_args.ip,
workspace,
os=parsed_args.os,
mac=parsed_args.mac,
network_segment=parsed_args.netsegment,
parent_id=None)
old_host = models.get_host(workspace, **params)
if old_host is None:
if not parsed_args.dry_run:
models.create_host(workspace, obj_host)
old_host = models.get_host(workspace, **params)
else:
return 0, None
else:
print "A host with ID %s already exists!" % old_host.getID()
return 2, None
return 0, old_host.getID()
def main(workspace='', args=None, parser=None):
parser.add_argument('ip', help='Host IP')
parser.add_argument('os', help='OS')
parser.add_argument('mac', help='Interface MAC Address')
parser.add_argument('--gateway', help='IPV4 or IPV6 Gateway', default='0.0.0.0')
parser.add_argument('--netsegment', help='Network Segment', default='')
parser.add_argument('--dry-run', action='store_true', help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
params = {
'ip': parsed_args.ip,
}
obj_host = factory.createModelObject(models.Host.class_signature,
parsed_args.ip,
workspace,
os=parsed_args.os,
mac=parsed_args.mac,
network_segment=parsed_args.netsegment,
parent_id=None)
old_host = models.get_host(workspace, **params)
if old_host is None:
if not parsed_args.dry_run:
models.create_host(workspace, obj_host)
old_host = models.get_host(workspace, **params)
else:
return 0, None
else:
print("A host with ID %s already exists!" % old_host.getID())
return 2, None
return 0, old_host.getID()
def main(workspace='', args=None, parser=None):
parser.add_argument('interface_id', help='Interface ID')
parser.add_argument('name', help='Service Name')
parser.add_argument('ports',
help='Service ports, as a comma separated list')
parser.add_argument('--protocol', help='Service protocol', default='tcp')
parser.add_argument('--status', help='Service status', default='running')
parser.add_argument('--version', help='Service version', default='unknown')
parser.add_argument('--description',
help='Service description',
default='')
parser.add_argument(
'--dry-run',
action='store_true',
help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
ports = filter(None, parsed_args.ports.split(','))
obj = factory.createModelObject(models.Service.class_signature,
parsed_args.name,
workspace,
protocol=parsed_args.protocol,
ports=ports,
status=parsed_args.status,
version=parsed_args.version,
description=parsed_args.description,
parent_id=parsed_args.interface_id)
old = models.get_service(workspace, obj.getID())
if old is None:
if not parsed_args.dry_run:
models.create_service(workspace, obj)
else:
print "A service with ID %s already exists!" % obj.getID()
return 2, None
return 0, obj.getID()
def main(workspace='', args=None, parser=None):
parser.add_argument('name', help='Host name')
parser.add_argument('os', help='OS')
parser.add_argument('--dry-run', action='store_true', help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
obj = factory.createModelObject(models.Host.class_signature, parsed_args.name,
workspace, os=parsed_args.os, parent_id=None)
old = models.get_host(workspace, obj.getID())
if old is None:
if not parsed_args.dry_run:
models.create_host(workspace, obj)
else:
print "A host with ID %s already exists!" % obj.getID()
return 2, None
return 0, obj.getID()
def main(workspace='', args=None, parser=None):
parser.add_argument('parent', help='Parent ID')
parser.add_argument('name', help='Note name')
parser.add_argument('text', help='Note content')
parser.add_argument('--dry-run', action='store_true', help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
obj = factory.createModelObject(models.Note.class_signature, parsed_args.name, workspace,
text=parsed_args.text,
parent_id=parsed_args.parent
)
old = models.get_note(workspace, obj.getID())
if old is None:
if not parsed_args.dry_run:
models.create_note(workspace, obj)
else:
print "A note with ID %s already exists!" % obj.getID()
return 2, None
return 0, obj.getID()
def newNote(name, text):
"""
It creates and returns a Note object.
The created object is not added to the model.
"""
return factory.createModelObject("Note", name, text=text)
def main(workspace='', args=None, parser=None):
parser.add_argument('parent_type', choices=['Host', 'Service'])
parser.add_argument('parent', help='Parent ID')
parser.add_argument('name', help='Vulnerability Name')
parser.add_argument('--reference',
help='Vulnerability reference',
default='') # Fixme
parser.add_argument(
'--severity',
help='Vulnerability severity',
choices=['critical', 'high', 'med', 'low', 'info', 'unclassified'],
default='unclassified')
parser.add_argument('--resolution', help='Resolution', default='')
parser.add_argument('--confirmed',
help='Is the vulnerability confirmed',
choices=['true', 'false'],
default='false')
parser.add_argument('--description',
help='Vulnerability description',
default='')
parsed_args = parser.parse_args(args)
obj = factory.createModelObject(
models.Vuln.class_signature,
parsed_args.name,
workspace,
ref=parsed_args.reference,
severity=parsed_args.severity,
resolution=parsed_args.resolution,
confirmed=(parsed_args.confirmed == 'true'),
desc=parsed_args.description,
parent_id=parsed_args.parent,
parent_type=parsed_args.parent_type.capitalize())
params = {
'name': parsed_args.name,
'description': parsed_args.description,
'parent_type': parsed_args.parent_type.capitalize(),
'parent': parsed_args.parent,
}
try:
models.create_vuln(workspace, obj)
except ConflictInDatabase as ex:
if ex.answer.status_code == 409:
try:
old_id = ex.answer.json()['object']['_id']
except KeyError:
print "Vulnerability already exists. Couldn't fetch ID"
return 2, None
else:
print "A vulnerability with ID %s already exists!" % old_id
return 2, None
else:
print "Unknown error while creating the vulnerability"
return 2, None
except CantCommunicateWithServerError as ex:
print "Error while creating vulnerability:", ex.response.text
return 2, None
new = models.get_vulns(workspace, **params)
return 0, new[0].getID()
def main(workspace='', args=None, parser=None):
parser.add_argument('service', help='Parent service ID')
parser.add_argument('name', help='Vulnerability name')
parser.add_argument('--reference', help='Vulnerability reference', default='') # Fixme
parser.add_argument('--severity',
help='Vulnerability severity',
choices=['critical', 'high', 'med', 'low', 'info', 'unclassified'],
default='unclassified')
parser.add_argument('--resolution', help='Resolution', default='')
parser.add_argument('--description', help='Vulnerability description', default='')
parser.add_argument('--website', help='Website', default='')
parser.add_argument('--path', help='Path', default='')
parser.add_argument('--request', help='Request', default='')
parser.add_argument('--response', help='Response', default='')
parser.add_argument('--method', help='Method', default='')
parser.add_argument('--pname', help='pname', default='') # FIXME
parser.add_argument('--params', help='Parameters', default='')
parser.add_argument('--query', help='Query', default='')
parser.add_argument('--category', help='Category', default='')
parser.add_argument('--confirmed', help='Is the vulnerability confirmed',
choices=['true', 'false'],
default='false')
parser.add_argument('--dry-run', action='store_true', help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
obj = factory.createModelObject(models.VulnWeb.class_signature, parsed_args.name, workspace,
desc=parsed_args.description,
ref=parsed_args.reference,
severity=parsed_args.severity,
resolution=parsed_args.resolution,
website=parsed_args.website,
path=parsed_args.path,
request=parsed_args.request,
response=parsed_args.response,
method=parsed_args.method,
pname=parsed_args.pname,
params=parsed_args.params,
query=parsed_args.query,
category=parsed_args.category,
confirmed=(parsed_args.confirmed == 'true'),
parent_id=parsed_args.service
)
old = models.get_web_vuln(workspace, obj.getID())
if old is None:
if not parsed_args.dry_run:
models.create_vuln_web(workspace, obj)
else:
print "A web vulnerability with ID %s already exists!" % obj.getID()
return 2, None
return 0, obj.getID()
def process_wigle_sqlite(workspace_name, wigle_filename):
try:
import sqlite3
except ImportError:
print(
'For using wigle import, sqlite3 is required. Please install it with: pip install sqlite3'
)
conn = sqlite3.connect(wigle_filename)
cursor = conn.execute(
'SELECT bssid, ssid, capabilities, bestlat, bestlon from network')
for network in cursor:
bssid = network[0]
essid = network[1]
capability = network[2].lower()
lat = network[4]
lng = network[3]
access_point = access_point_data[bssid]
if 'wpa' in capability and 'wpa2' not in capability:
encryption = 'wpa'
if 'wpa2' in capability:
encryption = 'wpa2'
if 'wep' in capability:
encryption = 'wep'
if 'open' in capability:
encryption = 'open'
access_point['essid'] = essid
access_point['bssid'] = bssid
access_point['encryption'] = encryption
access_point['lat'] = lat
access_point['lng'] = lng
create_host_interface_and_vuln(workspace_name, access_point)
map_file = draw_map()
map_file.seek(0)
now_timestamp = time.time()
host = factory.createModelObject(models.Host.class_signature,
'War driving results',
workspace_name=workspace_name,
parent_id=None)
interface = factory.createModelObject(models.Interface.class_signature,
'',
workspace_name,
mac=bssid,
ipv4_address='',
ipv4_gateway='',
ipv4_mask='',
ipv4_dns='',
ipv6_address='',
ipv6_gateway='',
ipv6_prefix='',
ipv6_dns='',
network_segment='',
parent_id=host.id)
service = factory.createModelObject(models.Service.class_signature,
encryption,
workspace_name,
protocol='802.11',
status='open',
description='Access point encryption',
ports=[0],
version='',
service='open',
parent_id=interface.id)
try:
models.create_host(workspace_name, host)
except ConflictInDatabase:
pass
try:
models.create_interface(workspace_name, interface)
except ConflictInDatabase:
pass
try:
models.create_service(workspace_name, service)
except ConflictInDatabase:
pass
name = 'Wardriving Map'
description = 'See evidence for war driving map.'
parent_id = host.id
raw_obj = {
"metadata": {
"update_time": now_timestamp,
"update_user": "",
"update_action": 0,
"creator": "UI Web",
"create_time": now_timestamp,
"update_controller_action": "UI Web New",
"owner": ""
},
"obj_id": "0c41d85f6dc71044518eea211bfbd12f2bad6f73",
"owner": "",
"parent": parent_id,
"type": "Vulnerability",
"ws": "wifi",
"confirmed": True,
"data": "",
"desc": description,
"easeofresolution": "",
"impact": {
"accountability": False,
"availability": False,
"confidentiality": False,
"integrity": False
},
"name": name,
"owned": False,
"policyviolations": [],
"refs": [],
"resolution": "",
"severity": "info",
"status": "opened",
"_attachments": {
"map.png": {
"content_type": "image/png",
"data": b64encode(map_file.read())
}
},
"protocol": "",
"version": ""
}
obj = models.ModelBase(raw_obj, workspace_name)
obj.setID(parent_id, name, description)
vuln_id = obj.id
raw_obj.update({"_id": vuln_id})
try:
_save_to_couch(workspace_name, vuln_id, **raw_obj)
except ConflictInDatabase:
pass
map_file.close()
def main(workspace='', args=None, parser=None):
parser.add_argument('parent_type',
choices=['Host', 'Service'])
parser.add_argument('parent', help='Parent ID')
parser.add_argument('name', help='Vulnerability Name')
parser.add_argument('--reference', help='Vulnerability reference', default='') # Fixme
parser.add_argument('--severity',
help='Vulnerability severity',
choices=['critical', 'high', 'med', 'low', 'info', 'unclassified'],
default='unclassified')
parser.add_argument('--resolution', help='Resolution', default='')
parser.add_argument('--confirmed', help='Is the vulnerability confirmed',
choices=['true', 'false'],
default='false')
parser.add_argument('--description', help='Vulnerability description', default='')
parsed_args = parser.parse_args(args)
obj = factory.createModelObject(models.Vuln.class_signature,
parsed_args.name,
workspace,
ref=parsed_args.reference,
severity=parsed_args.severity,
resolution=parsed_args.resolution,
confirmed=(parsed_args.confirmed == 'true'),
desc=parsed_args.description,
parent_id=parsed_args.parent,
parent_type=parsed_args.parent_type.capitalize()
)
params = {
'name': parsed_args.name,
'description': parsed_args.description,
'parent_type': parsed_args.parent_type.capitalize(),
'parent': parsed_args.parent,
}
try:
models.create_vuln(workspace, obj)
except ConflictInDatabase as ex:
if ex.answer.status_code == 409:
try:
old_id = ex.answer.json()['object']['_id']
except KeyError:
print("Vulnerability already exists. Couldn't fetch ID")
return 2, None
else:
print("A vulnerability with ID %s already exists!" % old_id)
return 2, None
else:
print("Unknown error while creating the vulnerability")
return 2, None
except CantCommunicateWithServerError as ex:
print("Error while creating vulnerability:", ex.response.text)
return 2, None
new = models.get_vulns(
workspace,
**params
)
return 0, new[0].getID()
def create_host_interface_and_vuln(workspace_name, access_point):
bssid = access_point['bssid']
try:
essid = access_point['essid'].encode('utf8')
except Exception:
return
encryption = access_point['encryption']
host = factory.createModelObject(models.Host.class_signature,
essid,
workspace_name=workspace_name,
os=encryption,
mac=bssid,
parent_id=None)
access_point['host'] = host
if host.id not in map(lambda host: host.id, created_objs['Host']):
created_objs['Host'].add(host)
interface = factory.createModelObject(models.Interface.class_signature,
'',
workspace_name,
mac=bssid,
ipv4_address='',
ipv4_gateway='',
ipv4_mask='',
ipv4_dns='',
ipv6_address='',
ipv6_gateway='',
ipv6_prefix='',
ipv6_dns='',
network_segment='',
parent_id=host.id)
if interface.id not in map(lambda interface: interface.id,
created_objs['Interface']):
created_objs['Interface'].add(interface)
access_point['interface'] = interface
service = factory.createModelObject(models.Service.class_signature,
encryption,
workspace_name,
protocol='802.11',
status='open',
description='Access point encryption',
ports=[0],
version='',
service='open',
parent_id=interface.id)
if service.id not in map(lambda service: service.id,
created_objs['Service']):
created_objs['Service'].add(service)
if encryption in ['open', 'wep']:
vuln = factory.createModelObject(
models.Vuln.class_signature,
'Insecure WiFi {0} found'.format(essid),
workspace_name,
severity='critical',
confirmed='true',
status='open',
desc=
'WiFi using {0} was found. Please change your router configuration.'
.format(encryption),
parent_id=host.id)
if vuln.id not in map(lambda vuln: vuln.id,
created_objs['Vulnerability']):
created_objs['Vulnerability'].add(vuln)
def newCred(username, password):
"""
It creates and returns a Cred object.
The created object is not added to the model.
"""
return factory.createModelObject("Cred", username, password=password)
def main(workspace='', args=None, parser=None):
parser.add_argument('-s', '--source', nargs='*', help='Filter packets by source'),
parser.add_argument('-d', '--dest', nargs='*', help='Filter packets by destination'),
parser.add_argument('--dry-run', action='store_true', help='Do not touch the database. Only print the object ID')
parser.add_argument('-v', '--verbose', action='store_true', help='Verbose output from the pcapfile library.')
parser.add_argument('pcap', help='Path to the PCAP file'),
parsed_args = parser.parse_args(args)
try:
from pcapfile import savefile
import pcapfile
except ImportError:
print 'capfile not found, please install it to use this plugin.' \
' You can do it executing pip2 install pcapfile in a shell.'
return 1, None
if not os.path.isfile(parsed_args.pcap):
print "pcap file not found: " % parsed_args.pcap
return 2, None
testcap = open(parsed_args.pcap, 'rb')
try:
capfile = savefile.load_savefile(testcap, layers=2, verbose=parsed_args.verbose)
except pcapfile.Error:
print "Invalid pcap file"
return 3, None
print 'pcap file loaded. Parsing packets...'
# Set() to store already added hosts. This will save an enormous amount of time by not querying the database
# for hosts we already know are in Faraday
added = set()
for packet in capfile.packets:
if packet.packet.type != 2048:
continue
src = packet.packet.payload.src
dst = packet.packet.payload.dst
if parsed_args.source and not src in parsed_args.source:
continue
if parsed_args.dest and not dst in parsed_args.dest:
continue
if src not in added:
# Lets save additional queries for this IP, it will already be on the database anyway!
added.add(packet.packet.payload.src)
# Parsing of source field
obj = factory.createModelObject(models.Host.class_signature, src,
workspace, os=None, parent_id=None)
old = models.get_host(workspace, obj.getID())
if old is None:
if not parsed_args.dry_run:
models.create_host(workspace, obj)
print '%s\t%s' % (src, obj.getID())
if dst not in added:
# Lets save additional queries for this IP, it will already be on the database anyway!
added.add(packet.packet.payload.dst)
# Parsing of destination field
obj = factory.createModelObject(models.Host.class_signature, dst,
workspace, os=None, parent_id=None)
old = models.get_host(workspace, obj.getID())
if old is None:
if not parsed_args.dry_run:
models.create_host(workspace, obj)
print '%s\t%s' % (dst, obj.getID())
return 0, None
def main(workspace='', args=None, parser=None):
parser.add_argument('service', help='Parent service ID')
parser.add_argument('name', help='Vulnerability name')
parser.add_argument('--reference',
help='Vulnerability reference',
default='') # Fixme
parser.add_argument(
'--severity',
help='Vulnerability severity',
choices=['critical', 'high', 'med', 'low', 'info', 'unclassified'],
default='unclassified')
parser.add_argument('--resolution', help='Resolution', default='')
parser.add_argument('--description',
help='Vulnerability description',
default='')
parser.add_argument('--website', help='Website', default='')
parser.add_argument('--path', help='Path', default='')
parser.add_argument('--request', help='Request', default='')
parser.add_argument('--response', help='Response', default='')
parser.add_argument('--method', help='Method', default='')
parser.add_argument('--pname', help='pname', default='') # FIXME
parser.add_argument('--params', help='Parameters', default='')
parser.add_argument('--query', help='Query', default='')
parser.add_argument('--category', help='Category', default='')
parser.add_argument('--confirmed',
help='Is the vulnerability confirmed',
choices=['true', 'false'],
default='false')
parser.add_argument(
'--dry-run',
action='store_true',
help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
params = {
'name': parsed_args.name,
'description': parsed_args.description,
'service_id': parsed_args.service,
'method': parsed_args.method,
'parameter_name': parsed_args.params,
'path': parsed_args.path,
'website': parsed_args.website,
}
obj = factory.createModelObject(
models.VulnWeb.class_signature,
parsed_args.name,
workspace,
desc=parsed_args.description,
ref=parsed_args.reference,
severity=parsed_args.severity,
resolution=parsed_args.resolution,
website=parsed_args.website,
path=parsed_args.path,
request=parsed_args.request,
response=parsed_args.response,
method=parsed_args.method,
pname=parsed_args.pname,
params=parsed_args.params,
query=parsed_args.query,
category=parsed_args.category,
confirmed=(parsed_args.confirmed == 'true'),
parent_id=parsed_args.service,
parent_type='Service')
old = models.get_web_vuln(workspace, **params)
if old is None:
if not parsed_args.dry_run:
models.create_vuln_web(workspace, obj)
old = models.get_web_vuln(workspace, **params)
else:
print("A web vulnerability with ID %s already exists!" % old.getID())
return 2, None
return 0, old.getID()
def main(workspace='', args=None, parser=None):
parser.add_argument('-s',
'--source',
nargs='*',
help='Filter packets by source'),
parser.add_argument('-d',
'--dest',
nargs='*',
help='Filter packets by destination'),
parser.add_argument(
'--dry-run',
action='store_true',
help='Do not touch the database. Only print the object ID')
parser.add_argument('-v',
'--verbose',
action='store_true',
help='Verbose output from the pcapfile library.')
parser.add_argument('pcap', help='Path to the PCAP file'),
parsed_args = parser.parse_args(args)
try:
from pcapfile import savefile
import pcapfile
except ImportError:
print 'capfile not found, please install it to use this plugin.' \
' You can do it executing pip2 install pcapfile in a shell.'
return 1, None
if not os.path.isfile(parsed_args.pcap):
print "pcap file not found: " % parsed_args.pcap
return 2, None
testcap = open(parsed_args.pcap, 'rb')
try:
capfile = savefile.load_savefile(testcap,
layers=2,
verbose=parsed_args.verbose)
except pcapfile.Error:
print "Invalid pcap file"
return 3, None
print 'pcap file loaded. Parsing packets...'
# Set() to store already added hosts. This will save an enormous amount of time by not querying the database
# for hosts we already know are in Faraday
added = set()
for packet in capfile.packets:
if packet.packet.type != 2048:
continue
src = packet.packet.payload.src
dst = packet.packet.payload.dst
if parsed_args.source and not src in parsed_args.source:
continue
if parsed_args.dest and not dst in parsed_args.dest:
continue
if src not in added:
# Lets save additional queries for this IP, it will already be on the database anyway!
added.add(packet.packet.payload.src)
# Parsing of source field
obj = factory.createModelObject(models.Host.class_signature,
src,
workspace,
os=None,
parent_id=None)
old = models.get_host(workspace, obj.getID())
if old is None:
if not parsed_args.dry_run:
models.create_host(workspace, obj)
print '%s\t%s' % (src, obj.getID())
if dst not in added:
# Lets save additional queries for this IP, it will already be on the database anyway!
added.add(packet.packet.payload.dst)
# Parsing of destination field
obj = factory.createModelObject(models.Host.class_signature,
dst,
workspace,
os=None,
parent_id=None)
old = models.get_host(workspace, obj.getID())
if old is None:
if not parsed_args.dry_run:
models.create_host(workspace, obj)
print '%s\t%s' % (dst, obj.getID())
return 0, None
def main(workspace='', args=None, parser=None):
parser.add_argument('host_name', help='Host name')
parser.add_argument('os', help='OS')
parser.add_argument('interface_name', help='Interface Name')
parser.add_argument('mac', help='Interface MAC Address')
parser.add_argument('--ipv4address', help='IPV4 Address', default='0.0.0.0')
parser.add_argument('--ipv4gateway', help='IPV4 Gateway', default='0.0.0.0')
parser.add_argument('--ipv4mask', help='IPV4 Mask', default='0.0.0.0')
parser.add_argument('--ipv4dns', help='IPV4 DNS, as a comma separated list', default='[]')
parser.add_argument('--ipv6address', help='IPV6 Address', default='0000:0000:0000:0000:0000:0000:0000:0000')
parser.add_argument('--ipv6prefix', help='IPV6 Prefix', default='00')
parser.add_argument('--ipv6gateway', help='IPV4 Gateway', default='0000:0000:0000:0000:0000:0000:0000:0000')
parser.add_argument('--ipv6dns', help='IPV6 DNS, as a comma separated list', default='')
parser.add_argument('--netsegment', help='Network Segment', default='')
parser.add_argument('--hostres', help='Hostname Resolution', default='')
parser.add_argument('--dry-run', action='store_true', help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
obj_host = factory.createModelObject(models.Host.class_signature, parsed_args.host_name,
workspace, os=parsed_args.os, parent_id=None)
old_host = models.get_host(workspace, obj_host.getID())
if old_host is None:
if not parsed_args.dry_run:
models.create_host(workspace, obj_host)
else:
print "A host with ID %s already exists!" % obj_host.getID()
return 2, None
obj_interface = factory.createModelObject(models.Interface.class_signature, parsed_args.interface_name, workspace,
mac=parsed_args.mac,
ipv4_address=parsed_args.ipv4address,
ipv4_mask=parsed_args.ipv4mask,
ipv4_gateway=parsed_args.ipv4gateway,
ipv4_dns=parsed_args.ipv4dns,
ipv6_address=parsed_args.ipv6address,
ipv6_prefix=parsed_args.ipv6prefix,
ipv6_gateway=parsed_args.ipv6gateway,
ipv6_dns=parsed_args.ipv6dns,
network_segment=parsed_args.netsegment,
hostname_resolution=parsed_args.hostres,
parent_id= obj_host.getID() )
old_interface = models.get_interface(workspace, obj_interface.getID())
if old_interface is None:
if not parsed_args.dry_run:
models.create_interface(workspace, obj_interface)
else:
print "An interface with ID %s already exists!" % obj_interface.getID()
return 2, None
return 0, obj_interface.getID()
def main(workspace='', args=None, parser=None):
parser.add_argument('host_id', help='Host ID')
parser.add_argument('name', help='Interface Name')
parser.add_argument('mac', help='Interface MAC Address')
parser.add_argument('--ipv4address',
help='IPV4 Address',
default='0.0.0.0')
parser.add_argument('--ipv4gateway',
help='IPV4 Gateway',
default='0.0.0.0')
parser.add_argument('--ipv4mask', help='IPV4 Mask', default='0.0.0.0')
parser.add_argument('--ipv4dns',
help='IPV4 DNS, as a comma separated list',
default='')
parser.add_argument('--ipv6address',
help='IPV6 Address',
default='0000:0000:0000:0000:0000:0000:0000:0000')
parser.add_argument('--ipv6prefix', help='IPV6 Prefix', default='00')
parser.add_argument('--ipv6gateway',
help='IPV4 Gateway',
default='0000:0000:0000:0000:0000:0000:0000:0000')
parser.add_argument('--ipv6dns',
help='IPV6 DNS, as a comma separated list',
default='')
parser.add_argument('--netsegment', help='Network Segment', default='')
parser.add_argument('--hostres', help='Hostname Resolution', default='')
parser.add_argument(
'--dry-run',
action='store_true',
help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
ipv4_dns = filter(None, parsed_args.ipv4dns.split(','))
ipv6_dns = filter(None, parsed_args.ipv6dns.split(','))
obj = factory.createModelObject(models.Interface.class_signature,
parsed_args.name,
workspace,
mac=parsed_args.mac,
ipv4_address=parsed_args.ipv4address,
ipv4_mask=parsed_args.ipv4mask,
ipv4_gateway=parsed_args.ipv4gateway,
ipv4_dns=ipv4_dns,
ipv6_address=parsed_args.ipv6address,
ipv6_prefix=parsed_args.ipv6prefix,
ipv6_gateway=parsed_args.ipv6gateway,
ipv6_dns=ipv6_dns,
network_segment=parsed_args.netsegment,
hostname_resolution=parsed_args.hostres,
parent_id=parsed_args.host_id)
old = models.get_interface(workspace, obj.getID())
if old is None:
if not parsed_args.dry_run:
models.create_interface(workspace, obj)
else:
print "An interface with ID %s already exists!" % obj.getID()
return 2, None
return 0, obj.getID()
