def OpenVAS_xml_upload(request): """ OpenVAS XML file upload. :param request: :return: """ all_project = project_db.objects.all() if request.method == "POST": project_id = request.POST.get("project_id") scanner = request.POST.get("scanner") xml_file = request.FILES['xmlfile'] scan_ip = request.POST.get("scan_url") scan_id = uuid.uuid4() scan_status = "100" if scanner == "openvas": date_time = datetime.now() scan_dump = scan_save_db(scan_ip=scan_ip, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() OpenVas_Parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return HttpResponseRedirect(reverse('networkscanners:index')) elif scanner == "nessus": date_time = datetime.now() scan_dump = nessus_scan_db(scan_ip=scan_ip, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() Nessus_Parser.nessus_parser( root=root_xml, scan_id=scan_id, project_id=project_id, ) return HttpResponseRedirect(reverse('networkscanners:nessus_scan')) elif scanner == "nmap": tree = ET.parse(xml_file) root_xml = tree.getroot() nmap_parser.xml_parser( root=root_xml, scan_id=scan_id, project_id=project_id, ) return HttpResponseRedirect(reverse('tools:nmap_scan')) return render(request, 'net_upload_xml.html', {'all_project': all_project})
def updated_nessus_parser(root, project_id, scan_id, username): global agent, description, fname, \ plugin_modification_date, plugin_name, \ plugin_publication_date, plugin_type, \ risk_factor, script_version, solution, \ synopsis, plugin_output, see_also, scan_ip, \ pluginName, pluginID, protocol, severity, \ svc_name, pluginFamily, port, vuln_color, total_vul, total_high, total_medium, total_low, target, report_name date_time = datetime.datetime.now() for data in root: if data.tag == 'Report': report_name = data.attrib['name'] scan_status = "100" scan_dump = nessus_scan_db(report_name=report_name, target=target, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() for reportHost in data.iter('ReportHost'): try: for key, value in reportHost.items(): target = value except: continue for ReportItem in reportHost.iter('ReportItem'): for key, value in ReportItem.attrib.items(): if key == 'pluginName': pluginName = value # print ("pluginName = "+str(value)) if key == 'pluginID': pluginID = value # print ("pluginID = "+str(value)) if key == 'protocol': protocol = value # print ("protocol = "+str(value)) if key == 'severity': severity = value # print ("severity = "+str(value)) if key == 'svc_name': svc_name = value # print ("svc_name = "+str(value)) if key == 'pluginFamily': pluginFamily = value # print ("pluginFamily = "+str(value)) if key == 'port': port = value # print ("port = "+str(value)) try: agent = ReportItem.find('agent').text except: agent = "NA" try: description = ReportItem.find('description').text except: description = "NA" try: fname = ReportItem.find('fname').text except: fname = "NA" try: plugin_modification_date = ReportItem.find( 'plugin_modification_date').text except: plugin_modification_date = "NA" try: plugin_name = ReportItem.find('plugin_name').text except: plugin_name = "NA" try: plugin_publication_date = ReportItem.find( 'plugin_publication_date').text except: plugin_publication_date = "NA" try: plugin_type = ReportItem.find('plugin_type').text except: plugin_type = "NA" try: risk_factor = ReportItem.find('risk_factor').text except: risk_factor = "NA" try: script_version = ReportItem.find('script_version').text except: script_version = "NA" try: see_also = ReportItem.find('see_also').text except: see_also = "NA" try: solution = ReportItem.find('solution').text except: solution = "NA" try: synopsis = ReportItem.find('synopsis').text except: synopsis = "NA" try: plugin_output = ReportItem.find('plugin_output').text except: plugin_output = "NA" vuln_id = uuid.uuid4() if risk_factor == 'Critical': vuln_color = 'danger' risk_factor = 'High' elif risk_factor == 'High': vuln_color = 'danger' risk_factor = 'High' elif risk_factor == 'Medium': vuln_color = 'warning' risk_factor = 'Medium' elif risk_factor == 'Low': vuln_color = 'info' risk_factor = 'Low' else: risk_factor = 'Low' vuln_color = 'info' dup_data = target + plugin_name + severity + port duplicate_hash = hashlib.sha256( dup_data.encode('utf-8')).hexdigest() match_dup = nessus_scan_results_db.objects.filter( username=username, dup_hash=duplicate_hash).values('dup_hash').distinct() lenth_match = len(match_dup) if lenth_match == 0: duplicate_vuln = 'No' global false_positive false_p = nessus_scan_results_db.objects.filter( username=username, false_positive_hash=duplicate_hash) fp_lenth_match = len(false_p) if fp_lenth_match == 1: false_positive = 'Yes' else: false_positive = 'No' if risk_factor == 'None': risk_factor = 'Low' all_data_save = nessus_scan_results_db( project_id=project_id, report_name=report_name, scan_id=scan_id, date_time=date_time, target=target, vuln_id=vuln_id, agent=agent, description=description, fname=fname, plugin_modification_date=plugin_modification_date, plugin_name=plugin_name, plugin_publication_date=plugin_publication_date, plugin_type=plugin_type, risk_factor=risk_factor, script_version=script_version, see_also=see_also, solution=solution, synopsis=synopsis, plugin_output=plugin_output, pluginName=pluginName, pluginID=pluginID, protocol=protocol, severity=severity, svc_name=svc_name, pluginFamily=pluginFamily, port=port, false_positive=false_positive, vuln_status='Open', dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, severity_color=vuln_color, username=username, ) all_data_save.save() del_na = nessus_scan_results_db.objects.filter( username=username, plugin_name='NA') del_na.delete() else: duplicate_vuln = 'Yes' all_data_save = nessus_scan_results_db( project_id=project_id, scan_id=scan_id, target=target, vuln_id=vuln_id, date_time=date_time, agent=agent, description=description, fname=fname, plugin_modification_date=plugin_modification_date, plugin_name=plugin_name, plugin_publication_date=plugin_publication_date, plugin_type=plugin_type, risk_factor=risk_factor, script_version=script_version, see_also=see_also, solution=solution, synopsis=synopsis, plugin_output=plugin_output, pluginName=pluginName, pluginID=pluginID, protocol=protocol, severity=severity, svc_name=svc_name, pluginFamily=pluginFamily, port=port, false_positive='Duplicate', vuln_status='Duplicate', dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, severity_color=vuln_color, username=username, ) all_data_save.save() del_na = nessus_scan_results_db.objects.filter( username=username, plugin_name='NA') del_na.delete() ov_all_vul = nessus_scan_results_db.objects.filter( username=username, scan_id=scan_id) total_duplicate = len( ov_all_vul.filter(vuln_duplicate='Yes')) nessus_scan_db.objects.filter(username=username, scan_id=scan_id) \ .update( total_dup=total_duplicate, target=target, ) target_filter = nessus_scan_results_db.objects.filter( username=username, scan_id=scan_id, target=target, vuln_status='Open', vuln_duplicate='No') duplicate_count = nessus_scan_results_db.objects.filter( username=username, scan_id=scan_id, target=target, vuln_duplicate='Yes') target_total_vuln = len(target_filter) target_total_high = len(target_filter.filter(risk_factor="High")) target_total_medium = len( target_filter.filter(risk_factor="Medium")) target_total_low = len(target_filter.filter(risk_factor="Low")) target_total_duplicate = len( duplicate_count.filter(vuln_duplicate='Yes')) target_scan_dump = nessus_targets_db( report_name=report_name, target=target, scan_id=scan_id, date_time=date_time, project_id=project_id, username=username, total_vuln=target_total_vuln, total_high=target_total_high, total_medium=target_total_medium, total_low=target_total_low, total_dup=target_total_duplicate, ) target_scan_dump.save() ov_all_vul = nessus_scan_results_db.objects.filter(username=username, scan_id=scan_id, vuln_status='Open', vuln_duplicate='No') duplicate_count_report = nessus_scan_results_db.objects.filter( username=username, scan_id=scan_id, vuln_duplicate='Yes') total_vuln = len(ov_all_vul) total_high = len(ov_all_vul.filter(risk_factor="High")) total_medium = len(ov_all_vul.filter(risk_factor="Medium")) total_low = len(ov_all_vul.filter(risk_factor="Low")) total_duplicate = len( duplicate_count_report.filter(vuln_duplicate='Yes')) nessus_scan_db.objects.filter(username=username, scan_id=scan_id) \ .update(total_vuln=total_vuln, total_high=total_high, total_medium=total_medium, total_low=total_low, total_dup=total_duplicate, target=target, ) subject = 'Archery Tool Scan Status - Nessus Report Uploaded' message = 'Nessus Scanner has completed the scan ' \ ' %s <br> Total: %s <br>High: %s <br>' \ 'Medium: %s <br>Low %s' % (scan_id, total_vul, total_high, total_medium, total_low) email_sch_notify(subject=subject, message=message)
def updated_nessus_parser(root, project_id, scan_id, username): global agent, description, fname, \ plugin_modification_date, plugin_name, \ plugin_publication_date, plugin_type, \ risk_factor, script_version, solution, \ synopsis, plugin_output, see_also, scan_ip, \ pluginName, pluginID, protocol, severity, \ svc_name, pluginFamily, port, vuln_color for data in root: for reportHost in data.iter('ReportHost'): print("reportHost = " + str(reportHost.attrib)) try: for key, value in reportHost.items(): scan_ip = value print("IP = " + str(scan_ip)) except: continue scan_status = "100" date_time = datetime.datetime.now() scan_dump = nessus_scan_db(scan_ip=scan_ip, scan_id=scan_ip, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() for ReportItem in reportHost.iter('ReportItem'): for key, value in ReportItem.attrib.items(): if key == 'pluginName': pluginName = value # print ("pluginName = "+str(value)) if key == 'pluginID': pluginID = value # print ("pluginID = "+str(value)) if key == 'protocol': protocol = value # print ("protocol = "+str(value)) if key == 'severity': severity = value # print ("severity = "+str(value)) if key == 'svc_name': svc_name = value # print ("svc_name = "+str(value)) if key == 'pluginFamily': pluginFamily = value # print ("pluginFamily = "+str(value)) if key == 'port': port = value # print ("port = "+str(value)) try: agent = ReportItem.find('agent').text except: agent = "NA" try: description = ReportItem.find('description').text except: description = "NA" try: fname = ReportItem.find('fname').text except: fname = "NA" try: plugin_modification_date = ReportItem.find( 'plugin_modification_date').text except: plugin_modification_date = "NA" try: plugin_name = ReportItem.find('plugin_name').text except: plugin_name = "NA" try: plugin_publication_date = ReportItem.find( 'plugin_publication_date').text except: plugin_publication_date = "NA" try: plugin_type = ReportItem.find('plugin_type').text except: plugin_type = "NA" try: risk_factor = ReportItem.find('risk_factor').text except: risk_factor = "NA" try: script_version = ReportItem.find('script_version').text except: script_version = "NA" try: see_also = ReportItem.find('see_also').text except: see_also = "NA" try: solution = ReportItem.find('solution').text except: solution = "NA" try: synopsis = ReportItem.find('synopsis').text except: synopsis = "NA" try: plugin_output = ReportItem.find('plugin_output').text except: plugin_output = "NA" vul_id = uuid.uuid4() dup_data = scan_ip + plugin_name + severity + port duplicate_hash = hashlib.sha256( dup_data.encode('utf-8')).hexdigest() match_dup = nessus_report_db.objects.filter( username=username, dup_hash=duplicate_hash).values('dup_hash').distinct() lenth_match = len(match_dup) if severity == '0': vuln_color = 'info' if severity == '1': vuln_color = 'info' if severity == '2': vuln_color = 'warning' if severity == '3': vuln_color = 'danger' if severity == '4': vuln_color = 'danger' if lenth_match == 1: duplicate_vuln = 'Yes' elif lenth_match == 0: duplicate_vuln = 'No' else: duplicate_vuln = 'None' global false_positive false_p = nessus_report_db.objects.filter( username=username, false_positive_hash=duplicate_hash) fp_lenth_match = len(false_p) if fp_lenth_match == 1: false_positive = 'Yes' else: false_positive = 'No' if risk_factor == 'None': risk_factor = 'Informational' all_data_save = nessus_report_db( project_id=project_id, scan_id=scan_ip, scan_ip=scan_ip, vul_id=vul_id, agent=agent, description=description, fname=fname, plugin_modification_date=plugin_modification_date, plugin_name=plugin_name, plugin_publication_date=plugin_publication_date, plugin_type=plugin_type, risk_factor=risk_factor, script_version=script_version, see_also=see_also, solution=solution, synopsis=synopsis, plugin_output=plugin_output, pluginName=pluginName, pluginID=pluginID, protocol=protocol, severity=severity, svc_name=svc_name, pluginFamily=pluginFamily, port=port, false_positive=false_positive, vuln_status='Open', dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, severity_color=vuln_color, username=username, ) all_data_save.save() print("RESULTS = " + str(all_data_save.scan_id)) del_na = nessus_report_db.objects.filter(username=username, plugin_name='NA') del_na.delete() ov_all_vul = nessus_report_db.objects.filter( username=username, scan_id=scan_ip).order_by('scan_ip') total_vul = len(ov_all_vul) total_critical = len(ov_all_vul.filter(risk_factor="Critical")) total_high = len(ov_all_vul.filter(risk_factor="High")) total_medium = len(ov_all_vul.filter(risk_factor="Medium")) total_low = len(ov_all_vul.filter(risk_factor="Low")) total_info = len( ov_all_vul.filter(risk_factor="Informational")) total_duplicate = len(ov_all_vul.filter(vuln_duplicate='Yes')) nessus_scan_db.objects.filter(username=username, scan_id=scan_ip) \ .update(total_vul=total_vul, critical_total=total_critical, high_total=total_high, medium_total=total_medium, low_total=total_low, info_total=total_info, total_dup=total_duplicate, scan_ip=scan_ip, ) subject = 'Archery Tool Scan Status - Nessus Report Uploaded' message = 'Nessus Scanner has completed the scan ' \ ' %s <br> Total: %s <br>High: %s <br>' \ 'Medium: %s <br>Low %s' % (scan_id, total_vul, total_high, total_medium, total_low) email_sch_notify(subject=subject, message=message)
def post(self, request, format=None): username = request.user.username project_id = request.data.get("project_id") scanner = request.data.get("scanner") file = request.data.get("filename") scan_url = request.data.get("scan_url") scan_id = uuid.uuid4() scan_status = "100" if scanner == "zap_scan": date_time = datetime.datetime.now() scan_dump = zap_scans_db(scan_url=scan_url, scan_scanid=scan_id, date_time=date_time, project_id=project_id, vul_status=scan_status, rescan='No', username=username) scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) zap_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml_en, username=username) return Response({ "message": "ZAP Scan Data Uploaded", "scanner": scanner, "project_id": project_id, "scan_id": scan_id }) elif scanner == "burp_scan": date_time = datetime.datetime.now() scan_dump = burp_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() # Burp scan XML parser root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) burp_xml_parser.burp_scan_data(root_xml_en, project_id, scan_id, username=username) return Response({ "message": "Burp Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == "arachni": date_time = datetime.datetime.now() scan_dump = arachni_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) arachni_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml, username=username, target_url=scan_url) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == "acunetix": date_time = datetime.datetime.now() scan_dump = acunetix_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) acunetix_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml_en, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'netsparker': date_time = datetime.datetime.now() scan_dump = netsparker_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) netsparker_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'webinspect': date_time = datetime.datetime.now() scan_dump = webinspect_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) webinspect_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'banditscan': date_time = datetime.datetime.now() scan_dump = bandit_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) bandit_report_json(data=data, project_id=project_id, scan_id=scan_id, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'dependencycheck': date_time = datetime.datetime.now() scan_dump = dependencycheck_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() xml_dat = bytes(bytearray(file, encoding='utf-8')) data = etree.XML(xml_dat) dependencycheck_report_parser.xml_parser(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'findbugs': date_time = datetime.datetime.now() scan_dump = findbugs_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) findbugs_report_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'checkmarx': date_time = datetime.datetime.now() scan_dump = checkmarx_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) checkmarx_xml_report_parser.checkmarx_report_xml( data=root_xml, project_id=project_id, scan_id=scan_id, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'clair': date_time = datetime.datetime.now() scan_dump = clair_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) clair_json_report_parser.clair_report_json(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'trivy': date_time = datetime.datetime.now() scan_dump = trivy_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) trivy_json_report_parser.trivy_report_json(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'npmaudit': date_time = datetime.datetime.now() scan_dump = npmaudit_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) npm_audit_report_json.npmaudit_report_json(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'nodejsscan': date_time = datetime.datetime.now() scan_dump = nodejsscan_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) nodejsscan_report_json.nodejsscan_report_json( project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'tfsec': date_time = datetime.datetime.now() scan_dump = tfsec_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) tfsec_report_parser.tfsec_report_json(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'whitesource': date_time = datetime.datetime.now() scan_dump = whitesource_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) whitesource_json_report_parser.whitesource_report_json( project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'inspec': date_time = datetime.datetime.now() scan_dump = inspec_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) inspec_json_parser.inspec_report_json(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'dockle': date_time = datetime.datetime.now() scan_dump = dockle_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) dockle_json_parser.dockle_report_json(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'nessus': date_time = datetime.datetime.now() scan_dump = nessus_scan_db(scan_ip=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) Nessus_Parser.updated_nessus_parser(root=root_xml_en, scan_id=scan_id, project_id=project_id, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'openvas': date_time = datetime.datetime.now() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) hosts = OpenVas_Parser.get_hosts(root_xml_en) for host in hosts: scan_dump = scan_save_db(scan_ip=host, scan_id=host, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() OpenVas_Parser.updated_xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml_en, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'nikto': date_time = datetime.datetime.now() scan_dump = nikto_result_db(date_time=date_time, scan_url=scan_url, scan_id=scan_id, project_id=project_id, username=username) scan_dump.save() nikto_html_parser(file, project_id, scan_id, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) return Response({"message": "Scan Data Uploaded"})
def post(self, request, format=None): project_id = request.data.get("project_id") scanner = request.data.get("scanner") file = request.data.get("filename") print("Results file content: ", file) scan_url = request.data.get("scan_url") scan_id = uuid.uuid4() scan_status = "100" if scanner == "zap_scan": print("Inside zap_scan") date_time = datetime.datetime.now() scan_dump = zap_scans_db(scan_url=scan_url, scan_scanid=scan_id, date_time=date_time, project_id=project_id, vul_status=scan_status, rescan='No') scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) zap_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml_en) return Response({ "message": "ZAP Scan Data Uploaded", "scanner": scanner, "project_id": project_id, "scan_id": scan_id }) elif scanner == "burp_scan": date_time = datetime.datetime.now() scan_dump = burp_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() # Burp scan XML parser root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) burp_xml_parser.burp_scan_data(root_xml_en, project_id, scan_id) return Response({ "message": "Burp Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == "arachni": date_time = datetime.datetime.now() scan_dump = arachni_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) arachni_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == "acunetix": date_time = datetime.datetime.now() scan_dump = acunetix_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) acunetix_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml_en) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'netsparker': date_time = datetime.datetime.now() scan_dump = netsparker_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) netsparker_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'webinspect': date_time = datetime.datetime.now() scan_dump = webinspect_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) webinspect_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'banditscan': date_time = datetime.datetime.now() scan_dump = bandit_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() data = json.loads(file) bandit_report_json(data=data, project_id=project_id, scan_id=scan_id) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'dependencycheck': date_time = datetime.datetime.now() scan_dump = dependencycheck_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() xml_dat = bytes(bytearray(file, encoding='utf-8')) data = etree.XML(xml_dat) dependencycheck_report_parser.xml_parser(project_id=project_id, scan_id=scan_id, data=data) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'findbugs': date_time = datetime.datetime.now() scan_dump = findbugs_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) findbugs_report_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'clair': date_time = datetime.datetime.now() scan_dump = clair_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() data = json.loads(file) clair_json_report_parser.clair_report_json(project_id=project_id, scan_id=scan_id, data=data) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'inspec': date_time = datetime.datetime.now() scan_dump = inspec_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() data = json.loads(file) inspec_json_parser.inspec_report_json(project_id=project_id, scan_id=scan_id, data=data) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'nessus': date_time = datetime.datetime.now() scan_dump = nessus_scan_db(scan_ip=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) Nessus_Parser.nessus_parser( root=root_xml_en, scan_id=scan_id, project_id=project_id, ) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'openvas': date_time = datetime.datetime.now() scan_dump = scan_save_db(scan_ip=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) OpenVas_Parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml_en) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'nikto': date_time = datetime.datetime.now() scan_dump = nikto_result_db( date_time=date_time, scan_url=scan_url, scan_id=scan_id, project_id=project_id, ) scan_dump.save() nikto_html_parser(file, project_id, scan_id) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) return Response({"message": "Scan Data Not Uploaded"})
def OpenVas_xml_upload(request): """ OpenVAS XML file upload. :param request: :return: """ all_project = project_db.objects.all() if request.method == "POST": project_id = request.POST.get("project_id") scanner = request.POST.get("scanner") xml_file = request.FILES['xmlfile'] scan_ip = request.POST.get("scan_url") scan_id = uuid.uuid4() scan_status = "100" if scanner == "openvas": date_time = datetime.now() scan_dump = scan_save_db(scan_ip=scan_ip, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() OpenVas_Parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return HttpResponseRedirect("/networkscanners/") elif scanner == "nessus": date_time = datetime.now() scan_dump = nessus_scan_db( scan_ip=scan_ip, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status ) scan_dump.save() scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() Nessus_Parser.nessus_parser(root=root_xml, scan_id=scan_id, project_id=project_id, ) return HttpResponseRedirect("/networkscanners/nessus_scan") elif scanner == "nmap": # date_time = datetime.now() # scan_dump = nessus_scan_db( # scan_ip=scan_ip, # scan_id=scan_id, # date_time=date_time, # project_id=project_id, # scan_status=scan_status # ) # scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() nmap_parser.xml_parser(root=root_xml, scan_id=scan_id, project_id=project_id, ) return HttpResponseRedirect("/tools/nmap_scan/") return render(request, 'net_upload_xml.html', {'all_project': all_project})