def execute_action(ws, objects, rule, _server):
logger.info("Running actions of rule '%s' :" % rule['id'])
actions = rule['actions']
_objs_value = None
if 'object' in rule:
_objs_value = rule['object']
for obj in objects:
for action in actions:
action = action.strip('--')
command, expression = action.split(':')
if command == 'UPDATE':
key, value = expression.split('=')
if obj.class_signature == 'VulnerabilityWeb' or obj.class_signature == 'Vulnerability':
if update_vulnerability(ws, obj, key, value, _server):
insert_rule(rule['id'], command, obj, _objs_value, fields=None, key=key, value=value)
if obj.class_signature == 'Service':
update_service(ws, obj, key, value)
if obj.class_signature == 'Host':
update_host(ws, obj, key, value)
elif command == 'DELETE':
if obj.class_signature == 'VulnerabilityWeb':
models.delete_vuln_web(ws, obj.id)
logger.info(" Deleting vulnerability web '%s' with id '%s':" % (obj.name, obj.id))
insert_rule(rule['id'], command, obj, _objs_value)
elif obj.class_signature == 'Vulnerability':
models.delete_vuln(ws, obj.id)
logger.info("Deleting vulnerability '%s' with id '%s':" % (obj.name, obj.id))
elif obj.class_signature == 'Service':
models.delete_service(ws, obj.id)
logger.info("Deleting service '%s' with id '%s':" % (obj.name, obj.id))
elif obj.class_signature == 'Host':
models.delete_host(ws, obj.id)
logger.info("Deleting host '%s' with id '%s':" % (obj.name, obj.id))
elif command == 'EXECUTE':
if subprocess.call(expression, shell=True, stdin=None) is 0:
logger.info("Running command: '%s'" % expression)
insert_rule(rule['id'], command, obj, _objs_value, fields=None, key=None, value=expression)
else:
logger.error("Operation fail running command: '%s'" % expression)
return False
else:
subject = 'Faraday searcher alert'
body = '%s %s have been modified by rule %s at %s' % (
obj.class_signature, obj.name, rule['id'], str(datetime.now()))
send_mail(expression, subject, body)
insert_rule(rule['id'], command, obj, _objs_value, fields=None, key=None, value=expression)
logger.info("Sending mail to: '%s'" % expression)
return True
def main(workspace=''):
regex = (
r"ssl\-cert|ssl\-date|Traceroute Information|TCP\/IP Timestamps Supported"
r"|OS Identification|Common Platform Enumeration")
for vuln in models.get_all_vulns(workspace):
if re.findall(regex, vuln.name, ) != []:
print("Delete Vuln: " + vuln.name)
models.delete_vuln(workspace, vuln.id)
def main(workspace='', args=None, parser=None):
default_regex = (
r"ssl\-cert|ssl\-date|Traceroute Information|TCP\/IP Timestamps Supported"
r"|OS Identification|Common Platform Enumeration")
parser.add_argument('-y', '--yes', action="store_true")
parser.add_argument('-r', '--regex', default=default_regex)
parsed_args = parser.parse_args(args)
if not parsed_args.yes:
msg = ("Are you sure you want to delete all vulnerabilities "
"matching the regex {} in the worspace {}? "
"This action can't be undone [y/n] ".format(
parsed_args.regex, workspace))
if raw_input(msg) not in ('y', 'yes'):
return 1, None
for vuln in models.get_all_vulns(workspace):
if re.findall(parsed_args.regex, vuln.name, ) != []:
print("Delete Vuln: " + vuln.name)
models.delete_vuln(workspace, vuln.id)
return 0, None
def main(workspace='', args=None, parser=None):
default_regex = (
r"ssl\-cert|ssl\-date|Traceroute Information|TCP\/IP Timestamps Supported"
r"|OS Identification|Common Platform Enumeration")
parser.add_argument('-y', '--yes', action="store_true")
parser.add_argument('-r', '--regex', default=default_regex)
parsed_args = parser.parse_args(args)
if not parsed_args.yes:
msg = ("Are you sure you want to delete all vulnerabilities "
"matching the regex {} in the worspace {}? "
"This action can't be undone [y/n] ".format(
parsed_args.regex, workspace))
if raw_input(msg) not in ('y', 'yes'):
return 1, None
for vuln in models.get_all_vulns(workspace):
if re.findall(
parsed_args.regex,
vuln.name,
) != []:
print("Delete Vuln: " + vuln.name)
models.delete_vuln(workspace, vuln.id)
return 0, None
def execute_action(ws, objects, rule, _server):
logger.info("Running actions of rule '%s' :" % rule['id'])
actions = rule['actions']
_objs_value = None
if 'object' in rule:
_objs_value = rule['object']
for obj in objects:
for action in actions:
action = action.strip('--')
command, expression = action.split(':')
if command == 'UPDATE':
key, value = expression.split('=')
if obj.class_signature == 'VulnerabilityWeb' or obj.class_signature == 'Vulnerability':
if update_vulnerability(ws, obj, key, value, _server):
insert_rule(rule['id'],
command,
obj,
_objs_value,
fields=None,
key=key,
value=value)
if obj.class_signature == 'Service':
update_service(ws, obj, key, value)
if obj.class_signature == 'Host':
update_host(ws, obj, key, value)
elif command == 'DELETE':
if obj.class_signature == 'VulnerabilityWeb':
models.delete_vuln_web(ws, obj.id)
logger.info(
" Deleting vulnerability web '%s' with id '%s':" %
(obj.name, obj.id))
insert_rule(rule['id'], command, obj, _objs_value)
elif obj.class_signature == 'Vulnerability':
models.delete_vuln(ws, obj.id)
logger.info("Deleting vulnerability '%s' with id '%s':" %
(obj.name, obj.id))
elif obj.class_signature == 'Service':
models.delete_service(ws, obj.id)
logger.info("Deleting service '%s' with id '%s':" %
(obj.name, obj.id))
elif obj.class_signature == 'Host':
models.delete_host(ws, obj.id)
logger.info("Deleting host '%s' with id '%s':" %
(obj.name, obj.id))
elif command == 'EXECUTE':
if subprocess.call(expression, shell=True, stdin=None) is 0:
logger.info("Running command: '%s'" % expression)
insert_rule(rule['id'],
command,
obj,
_objs_value,
fields=None,
key=None,
value=expression)
else:
logger.error("Operation fail running command: '%s'" %
expression)
return False
else:
subject = 'Faraday searcher alert'
body = '%s %s have been modified by rule %s at %s' % (
obj.class_signature, obj.name, rule['id'],
str(datetime.now()))
send_mail(expression, subject, body)
insert_rule(rule['id'],
command,
obj,
_objs_value,
fields=None,
key=None,
value=expression)
logger.info("Sending mail to: '%s'" % expression)
return True