def execute_action(ws, objects, rule, _server): logger.info("Running actions of rule '%s' :" % rule['id']) actions = rule['actions'] _objs_value = None if 'object' in rule: _objs_value = rule['object'] for obj in objects: for action in actions: action = action.strip('--') command, expression = action.split(':') if command == 'UPDATE': key, value = expression.split('=') if obj.class_signature == 'VulnerabilityWeb' or obj.class_signature == 'Vulnerability': if update_vulnerability(ws, obj, key, value, _server): insert_rule(rule['id'], command, obj, _objs_value, fields=None, key=key, value=value) if obj.class_signature == 'Service': update_service(ws, obj, key, value) if obj.class_signature == 'Host': update_host(ws, obj, key, value) elif command == 'DELETE': if obj.class_signature == 'VulnerabilityWeb': models.delete_vuln_web(ws, obj.id) logger.info(" Deleting vulnerability web '%s' with id '%s':" % (obj.name, obj.id)) insert_rule(rule['id'], command, obj, _objs_value) elif obj.class_signature == 'Vulnerability': models.delete_vuln(ws, obj.id) logger.info("Deleting vulnerability '%s' with id '%s':" % (obj.name, obj.id)) elif obj.class_signature == 'Service': models.delete_service(ws, obj.id) logger.info("Deleting service '%s' with id '%s':" % (obj.name, obj.id)) elif obj.class_signature == 'Host': models.delete_host(ws, obj.id) logger.info("Deleting host '%s' with id '%s':" % (obj.name, obj.id)) elif command == 'EXECUTE': if subprocess.call(expression, shell=True, stdin=None) is 0: logger.info("Running command: '%s'" % expression) insert_rule(rule['id'], command, obj, _objs_value, fields=None, key=None, value=expression) else: logger.error("Operation fail running command: '%s'" % expression) return False else: subject = 'Faraday searcher alert' body = '%s %s have been modified by rule %s at %s' % ( obj.class_signature, obj.name, rule['id'], str(datetime.now())) send_mail(expression, subject, body) insert_rule(rule['id'], command, obj, _objs_value, fields=None, key=None, value=expression) logger.info("Sending mail to: '%s'" % expression) return True
def main(workspace=''): regex = ( r"ssl\-cert|ssl\-date|Traceroute Information|TCP\/IP Timestamps Supported" r"|OS Identification|Common Platform Enumeration") for vuln in models.get_all_vulns(workspace): if re.findall(regex, vuln.name, ) != []: print("Delete Vuln: " + vuln.name) models.delete_vuln(workspace, vuln.id)
def main(workspace='', args=None, parser=None): default_regex = ( r"ssl\-cert|ssl\-date|Traceroute Information|TCP\/IP Timestamps Supported" r"|OS Identification|Common Platform Enumeration") parser.add_argument('-y', '--yes', action="store_true") parser.add_argument('-r', '--regex', default=default_regex) parsed_args = parser.parse_args(args) if not parsed_args.yes: msg = ("Are you sure you want to delete all vulnerabilities " "matching the regex {} in the worspace {}? " "This action can't be undone [y/n] ".format( parsed_args.regex, workspace)) if raw_input(msg) not in ('y', 'yes'): return 1, None for vuln in models.get_all_vulns(workspace): if re.findall(parsed_args.regex, vuln.name, ) != []: print("Delete Vuln: " + vuln.name) models.delete_vuln(workspace, vuln.id) return 0, None
def main(workspace='', args=None, parser=None): default_regex = ( r"ssl\-cert|ssl\-date|Traceroute Information|TCP\/IP Timestamps Supported" r"|OS Identification|Common Platform Enumeration") parser.add_argument('-y', '--yes', action="store_true") parser.add_argument('-r', '--regex', default=default_regex) parsed_args = parser.parse_args(args) if not parsed_args.yes: msg = ("Are you sure you want to delete all vulnerabilities " "matching the regex {} in the worspace {}? " "This action can't be undone [y/n] ".format( parsed_args.regex, workspace)) if raw_input(msg) not in ('y', 'yes'): return 1, None for vuln in models.get_all_vulns(workspace): if re.findall( parsed_args.regex, vuln.name, ) != []: print("Delete Vuln: " + vuln.name) models.delete_vuln(workspace, vuln.id) return 0, None
def execute_action(ws, objects, rule, _server): logger.info("Running actions of rule '%s' :" % rule['id']) actions = rule['actions'] _objs_value = None if 'object' in rule: _objs_value = rule['object'] for obj in objects: for action in actions: action = action.strip('--') command, expression = action.split(':') if command == 'UPDATE': key, value = expression.split('=') if obj.class_signature == 'VulnerabilityWeb' or obj.class_signature == 'Vulnerability': if update_vulnerability(ws, obj, key, value, _server): insert_rule(rule['id'], command, obj, _objs_value, fields=None, key=key, value=value) if obj.class_signature == 'Service': update_service(ws, obj, key, value) if obj.class_signature == 'Host': update_host(ws, obj, key, value) elif command == 'DELETE': if obj.class_signature == 'VulnerabilityWeb': models.delete_vuln_web(ws, obj.id) logger.info( " Deleting vulnerability web '%s' with id '%s':" % (obj.name, obj.id)) insert_rule(rule['id'], command, obj, _objs_value) elif obj.class_signature == 'Vulnerability': models.delete_vuln(ws, obj.id) logger.info("Deleting vulnerability '%s' with id '%s':" % (obj.name, obj.id)) elif obj.class_signature == 'Service': models.delete_service(ws, obj.id) logger.info("Deleting service '%s' with id '%s':" % (obj.name, obj.id)) elif obj.class_signature == 'Host': models.delete_host(ws, obj.id) logger.info("Deleting host '%s' with id '%s':" % (obj.name, obj.id)) elif command == 'EXECUTE': if subprocess.call(expression, shell=True, stdin=None) is 0: logger.info("Running command: '%s'" % expression) insert_rule(rule['id'], command, obj, _objs_value, fields=None, key=None, value=expression) else: logger.error("Operation fail running command: '%s'" % expression) return False else: subject = 'Faraday searcher alert' body = '%s %s have been modified by rule %s at %s' % ( obj.class_signature, obj.name, rule['id'], str(datetime.now())) send_mail(expression, subject, body) insert_rule(rule['id'], command, obj, _objs_value, fields=None, key=None, value=expression) logger.info("Sending mail to: '%s'" % expression) return True