def burp_scan_data(self, scan_data): """ The function parse the burp result as xml data and stored into archery database. :param xml_data: :return: """ global name, origin, confidence, caption, \ type_index, internal_data, \ serial_number, path, severity, \ url, request_type, request_datas, \ response_type, response_datas, was_redirect_followed, issue_description, \ issue_remediation, issue_reference, issue_vulnerability_classifications for data in scan_data: for key, value in data['issue'].viewitems(): if key == 'name': name = value if key == 'origin': origin = value if key == 'confidence': confidence = value if key == 'evidence': # print value evidence = value if evidence is None: print "Evidence not found" else: try: for e in evidence: for key, value in e.viewitems(): if key == 'request_response': url = value['url'] was_redirect_followed = value['was_redirect_followed'] for request_data in value['request']: request_type = request_data['type'] request_datas = base64.b64decode((request_data['data'])) for request_data in value['response']: response_type = request_data['type'] response_datas = base64.b64decode(request_data['data']) except Exception as e: print e if key == 'caption': caption = value if key == 'type_index': type_index = value if key == 'internal_data': internal_data = value if key == 'serial_number': serial_number = value if key == 'path': path = value if key == 'severity': severity = value all_issue_definitions = burp_issue_definitions.objects.filter(issue_type_id=type_index) for def_data in all_issue_definitions: issue_description = def_data.description issue_remediation = def_data.remediation issue_vulnerability_classifications = def_data.vulnerability_classifications issue_reference = def_data.reference global vul_col if severity == 'high': severity = 'High' vul_col = "important" elif severity == 'medium': severity = 'Medium' vul_col = "warning" elif severity == 'low': severity = 'Low' vul_col = "info" elif severity == 'info': severity = 'Info' vul_col = "info" else: vul_col = "info" vuln_id = uuid.uuid4() dup_data = name + path + severity duplicate_hash = hashlib.sha256(dup_data).hexdigest() match_dup = burp_scan_result_db.objects.filter( dup_hash=duplicate_hash).values('dup_hash').distinct() lenth_match = len(match_dup) if lenth_match == 1: duplicate_vuln = 'Yes' elif lenth_match == 0: duplicate_vuln = 'No' else: duplicate_vuln = 'None' false_p = burp_scan_result_db.objects.filter( false_positive_hash=duplicate_hash) fp_lenth_match = len(false_p) global false_positive if fp_lenth_match == 1: false_positive = 'Yes' elif lenth_match == 0: false_positive = 'No' else: false_positive = 'No' try: data_dump = burp_scan_result_db( scan_id=self.scan_id, project_id=self.project_id, vuln_id=vuln_id, name=name, path=path, severity=severity, severity_color=vul_col, confidence=confidence, false_positive=false_positive, vuln_status='Open', dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, type_index=type_index, serial_number=serial_number, origin=origin, caption=caption, request_response_url=url, request_response_request_type=request_type, request_response_request_data=request_datas, request_response_response_type=response_type, request_response_response_data=response_datas, was_redirect_followed=was_redirect_followed, description=issue_description, remediation=issue_remediation, reference=issue_reference, vulnerability_classifications=issue_vulnerability_classifications ) data_dump.save() except Exception as e: print e burp_all_vul = burp_scan_result_db.objects.filter(scan_id=self.scan_id).values('name', 'severity' ).distinct() total_vul = len(burp_all_vul) total_high = len(burp_all_vul.filter(severity="High")) total_medium = len(burp_all_vul.filter(severity="Medium")) total_low = len(burp_all_vul.filter(severity="Low")) total_info = len(burp_all_vul.filter(severity="Info")) total_duplicate = len(burp_all_vul.filter(vuln_duplicate='Yes')) burp_scan_db.objects.filter(scan_id=self.scan_id).update( total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, info_vul=total_info, total_dup=total_duplicate ) try: email_notification.email_notify() except Exception as e: print e HttpResponse(status=201)
def burp_scan_data(root, project_id, scan_id): """ The function parse the burp result as xml data and stored into archery database. :param xml_data: :return: """ global vuln_id, burp_status, vul_col, \ issue_description, \ issue_remediation, \ issue_reference, \ issue_vulnerability_classifications for issue in root: for data in issue.getchildren(): vuln_id = uuid.uuid4() if data.tag == "serialNumber": global serialNumber if data.text is None: serialNumber = "NA" else: serialNumber = data.text if data.tag == "type": global types if data.text is None: types = "NA" else: types = data.text if data.tag == "name": global name if data.text is None: name = "NA" else: name = data.text if data.tag == "host": global host if data.text is None: host = "NA" else: host = data.text if data.tag == "path": global path if data.text is None: path = "NA" else: path = data.text if data.tag == "location": global location if data.text is None: location = "NA" else: location = data.text if data.tag == "severity": global severity if data.text is None: severity = "NA" else: severity = data.text if data.tag == "confidence": global confidence if data.text is None: confidence = "NA" else: confidence = data.text if data.tag == "requestresponse": global requestresponse if data.text is None: requestresponse = "NA" else: requestresponse = data.text for d in data: req = d.tag met = d.attrib if req == "request": global request_datas reqst = d.text request_datas = base64.b64decode(reqst) # reqst if req == "response": global response_datas res_dat = d.text response_datas = base64.b64decode(res_dat) # res_dat for key, items in met.items(): global methods if key == "method": methods = items if data.tag == "issueBackground": global issue_description if data.text is None: issue_description = "NA" else: issue_description = data.text if data.tag == "remediationBackground": global issue_remediation if data.text is None: issue_remediation = "NA" else: issue_remediation = data.text if data.tag == "references": global issue_reference if data.text is None: issue_reference = "NA" else: issue_reference = data.text if data.tag == "vulnerabilityClassifications": global issue_vulnerability_classifications if data.text is None: issue_vulnerability_classifications = "NA" else: issue_vulnerability_classifications = data.text global vul_col if severity == 'High': vul_col = "danger" elif severity == 'Medium': vul_col = "warning" elif severity == 'Low': vul_col = "info" else: vul_col = "info" vuln_id = uuid.uuid4() dup_data = name + path + severity duplicate_hash = hashlib.sha256(dup_data.encode('utf-8')).hexdigest() match_dup = burp_scan_result_db.objects.filter( dup_hash=duplicate_hash).values('dup_hash').distinct() lenth_match = len(match_dup) if lenth_match == 1: duplicate_vuln = 'Yes' elif lenth_match == 0: duplicate_vuln = 'No' else: duplicate_vuln = 'None' false_p = burp_scan_result_db.objects.filter( false_positive_hash=duplicate_hash) fp_lenth_match = len(false_p) global false_positive if fp_lenth_match == 1: false_positive = 'Yes' elif lenth_match == 0: false_positive = 'No' else: false_positive = 'No' url = host + location # all_issue_definitions = burp_issue_definitions.objects.filter(issue_type_id=types) # for def_data in all_issue_definitions: # issue_description = def_data.description # issue_remediation = def_data.remediation # issue_vulnerability_classifications = def_data.vulnerability_classifications # issue_reference = def_data.reference try: data_dump = burp_scan_result_db( scan_id=scan_id, project_id=project_id, vuln_id=vuln_id, name=name, path=path, severity=severity, severity_color=vul_col, confidence=confidence, false_positive=false_positive, vuln_status='Open', dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, type_index=types, serial_number=serialNumber, origin=host, request_response_url=url, request_response_request_data=request_datas, request_response_response_data=response_datas, description=issue_description, remediation=issue_remediation, reference=issue_reference, vulnerability_classifications=issue_vulnerability_classifications ) data_dump.save() except Exception as e: print(e) burp_all_vul = burp_scan_result_db.objects.filter(scan_id=scan_id).values('name', 'severity' ).distinct() total_vul = len(burp_all_vul) total_high = len(burp_all_vul.filter(severity="High")) total_medium = len(burp_all_vul.filter(severity="Medium")) total_low = len(burp_all_vul.filter(severity="Low")) total_info = len(burp_all_vul.filter(severity="Information")) total_duplicate = len(burp_all_vul.filter(vuln_duplicate='Yes')) burp_scan_db.objects.filter(scan_id=scan_id).update( url=host, total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, info_vul=total_info, total_dup=total_duplicate ) try: email_notification.email_notify() except Exception as e: print(e) HttpResponse(status=201)
def burp_scan_data(self, xml_data): """ The function parse the burp result as xml data and stored into archery database. :param xml_data: :return: """ global vuln_id, burp_status, vul_col for issue in xml_data: for data in issue.getchildren(): vuln_id = uuid.uuid4() if data.tag == "serialNumber": global serialNumber if data.text is None: serialNumber = "NA" else: serialNumber = data.text if data.tag == "type": global types if data.text is None: types = "NA" else: types = data.text if data.tag == "name": global name if data.text is None: name = "NA" else: name = data.text if data.tag == "host": global host if data.text is None: host = "NA" else: host = data.text if data.tag == "path": global path if data.text is None: path = "NA" else: path = data.text if data.tag == "location": global location if data.text is None: location = "NA" else: location = data.text if data.tag == "severity": global severity if data.text is None: severity = "NA" else: severity = data.text if data.tag == "confidence": global confidence if data.text is None: confidence = "NA" else: confidence = data.text if data.tag == "issueBackground": global issueBackground if data.text is None: issueBackground = "NA" else: issueBackground = data.text if data.tag == "remediationBackground": global remediationBackground if data.text is None: remediationBackground = "NA" else: remediationBackground = data.text if data.tag == "references": global references if data.text is None: references = "NA" else: references = data.text if data.tag == "vulnerabilityClassifications": global vulnerabilityClassifications if data.text is None: vulnerabilityClassifications = "NA" else: vulnerabilityClassifications = data.text if data.tag == "issueDetail": global issueDetail if data.text is None: issueDetail = "NA" else: issueDetail = data.text if data.tag == "requestresponse": global requestresponse if data.text is None: requestresponse = "NA" else: requestresponse = data.text for d in data: req = d.tag met = d.attrib if req == "request": global dec_req reqst = d.text dec_req = base64.b64decode(reqst) # reqst if req == "response": global dec_res res_dat = d.text dec_res = base64.b64decode(res_dat) # res_dat for key, items in met.iteritems(): global methods if key == "method": methods = items global vul_col if severity == 'High': vul_col = "important" elif severity == 'Medium': vul_col = "warning" elif severity == 'Low': vul_col = "info" else: vul_col = "info" try: data_dump = burp_scan_result_db( scan_id=self.scan_id, types=types, method=methods, scan_request=dec_req, scan_response=dec_res, project_id=self.project_id, vuln_id=vuln_id, serialNumber=serialNumber, name=name, host=host, path=path, location=location, severity=severity, severity_color=vul_col, confidence=confidence, issueBackground=issueBackground, remediationBackground=remediationBackground, references=references, vulnerabilityClassifications=vulnerabilityClassifications, issueDetail=issueDetail, requestresponse=requestresponse, false_positive='No') data_dump.save() except Exception as e: print e burp_all_vul = burp_scan_result_db.objects.filter(scan_id=self.scan_id) total_vul = len(burp_all_vul) total_high = len(burp_all_vul.filter(severity="High")) total_medium = len(burp_all_vul.filter(severity="Medium")) total_low = len(burp_all_vul.filter(severity="Low")) total_info = len(burp_all_vul.filter(severity="Information")) burp_scan_db.objects.filter(scan_id=self.scan_id).update( total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low) try: email_notification.email_notify() except Exception as e: print e HttpResponse(status=201)
def burp_scan_data(root, project_id, scan_id): date_time = datetime.now() """ The function parse the burp result as xml data and stored into archery database. :param xml_data: :return: """ global vuln_id, burp_status, vul_col, issue_description, issue_remediation, issue_reference, issue_vulnerability_classifications, vul_col, severity, name, path, host, location, confidence, types, serialNumber, request_datas, response_datas, url for issue in root: for data in issue: vuln_id = uuid.uuid4() if data.tag == "name": global name if data.text is None: name = "NA" else: name = data.text if data.tag == "host": global host if data.text is None: host = "NA" else: host = data.text if data.tag == "path": global path if data.text is None: path = "NA" else: path = data.text if data.tag == "location": global location if data.text is None: location = "NA" else: location = data.text if data.tag == "severity": global severity if data.text is None: severity = "NA" else: severity = data.text if data.tag == "requestresponse": global requestresponse if data.text is None: requestresponse = "NA" else: requestresponse = data.text for d in data: req = d.tag met = d.attrib if req == "request": global request_datas reqst = d.text request_datas = base64.b64decode(reqst) # reqst if req == "response": global response_datas res_dat = d.text response_datas = base64.b64decode(res_dat) # res_dat for key, items in met.items(): global methods if key == "method": methods = items if data.tag == "issueBackground": global issue_description if data.text is None: issue_description = "NA" else: issue_description = data.text if data.tag == "remediationBackground": global issue_remediation if data.text is None: issue_remediation = "NA" else: issue_remediation = data.text if data.tag == "references": global issue_reference if data.text is None: issue_reference = "NA" else: issue_reference = data.text if data.tag == "vulnerabilityClassifications": global issue_vulnerability_classifications if data.text is None: issue_vulnerability_classifications = "NA" else: issue_vulnerability_classifications = data.text details = ( str(issue_description) + str("\n") + str(request_datas) + str("\n\n") + str(response_datas) + str("\n\n") + str("\n\n") + str(issue_description) + str("\n\n") + str(issue_vulnerability_classifications) ) if severity == "High": vul_col = "danger" elif severity == "Medium": vul_col = "warning" elif severity == "Low": vul_col = "info" else: severity = "Low" vul_col = "info" vuln_id = uuid.uuid4() dup_data = name + host + location + details + severity duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest() match_dup = ( WebScanResultsDb.objects.filter(dup_hash=duplicate_hash, scanner="Burp") .values("dup_hash") .distinct() ) lenth_match = len(match_dup) if lenth_match == 0: duplicate_vuln = "No" false_p = WebScanResultsDb.objects.filter( false_positive_hash=duplicate_hash, scanner="Burp" ) fp_lenth_match = len(false_p) global false_positive if fp_lenth_match == 1: false_positive = "Yes" elif lenth_match == 0: false_positive = "No" else: false_positive = "No" url = host + location try: data_dump = WebScanResultsDb( scan_id=scan_id, vuln_id=vuln_id, url=url, title=name, solution=issue_remediation, description=details, reference=issue_reference, project_id=project_id, severity_color=vul_col, severity=severity, date_time=date_time, false_positive=false_positive, vuln_status="Open", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, scanner="Burp", ) data_dump.save() except Exception as e: print(e) else: duplicate_vuln = "Yes" try: data_dump = WebScanResultsDb( scan_id=scan_id, vuln_id=vuln_id, url=url, title=name, solution=issue_remediation, description=issue_description, reference=issue_reference, project_id=project_id, severity_color=vul_col, severity=severity, date_time=date_time, false_positive="Duplicate", vuln_status="Duplicate", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, scanner="Burp", ) data_dump.save() except Exception as e: print(e) burp_all_vul = WebScanResultsDb.objects.filter( scan_id=scan_id, scanner="Burp", false_positive="No" ) duplicate_count = WebScanResultsDb.objects.filter( scan_id=scan_id, scanner="Burp", vuln_duplicate="Yes" ) total_vul = len(burp_all_vul) total_high = len(burp_all_vul.filter(severity="High")) total_medium = len(burp_all_vul.filter(severity="Medium")) total_low = len(burp_all_vul.filter(severity="Low")) total_info = len(burp_all_vul.filter(severity="Information")) total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes")) WebScansDb.objects.filter(scan_id=scan_id, scanner="Burp").update( scan_url=host, date_time=date_time, total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, info_vul=total_info, total_dup=total_duplicate, ) print(host) trend_update() subject = "Archery Tool Scan Status - Burp Report Uploaded" message = ( "Burp Scanner has completed the scan " " %s <br> Total: %s <br>High: %s <br>" "Medium: %s <br>Low %s" % (host, total_vul, total_high, total_medium, total_low) ) email_sch_notify(subject=subject, message=message) try: email_notification.email_notify() except Exception as e: print(e) HttpResponse(status=201)
def burp_scan_data(self, scan_data): """ The function parse the burp result as xml data and stored into archery database. :param xml_data: :return: """ severity = "" type_index = "" name = "" path = "" issue_description = "" request_datas = "" response_datas = "" issue_vulnerability_classifications = "" url = "" issue_remediation = "" issue_reference = "" for data in scan_data: for key, value in data["issue"].items(): if key == "name": name = value if key == "origin": origin = value if key == "confidence": confidence = value if key == "evidence": evidence = value if evidence is None: print("Evidence not found") else: try: for e in evidence: for key, value in e.items(): if key == "request_response": url = value["url"] was_redirect_followed = value[ "was_redirect_followed"] for request_data in value["request"]: request_type = request_data["type"] request_datas = base64.b64decode( (request_data["data"])) for request_data in value["response"]: response_type = request_data[ "type"] response_datas = base64.b64decode( request_data["data"]) except Exception as e: print(e) if key == "caption": caption = value if key == "type_index": type_index = value if key == "internal_data": internal_data = value if key == "serial_number": serial_number = value if key == "path": path = value if key == "severity": severity = value all_issue_definitions = burp_issue_definitions.objects.filter( issue_type_id=type_index) for def_data in all_issue_definitions: issue_description = def_data.description issue_remediation = def_data.remediation issue_vulnerability_classifications = ( def_data.vulnerability_classifications) issue_reference = def_data.reference vul_col = "" if severity == "high": severity = "High" vul_col = "danger" elif severity == "medium": severity = "Medium" vul_col = "warning" elif severity == "low": severity = "Low" vul_col = "info" elif severity == "info": severity = "Info" vul_col = "info" else: vul_col = "info" vuln_id = uuid.uuid4() dup_data = name + path + severity duplicate_hash = hashlib.sha256( dup_data.encode("utf-8")).hexdigest() match_dup = (WebScanResultsDb.objects.filter( dup_hash=duplicate_hash).values("dup_hash").distinct()) lenth_match = len(match_dup) if lenth_match == 1: duplicate_vuln = "Yes" elif lenth_match == 0: duplicate_vuln = "No" else: duplicate_vuln = "None" false_p = WebScanResultsDb.objects.filter( false_positive_hash=duplicate_hash) fp_lenth_match = len(false_p) details = (str(issue_description) + str("\n") + str(request_datas) + str("\n\n") + str(response_datas) + str("\n\n") + str(issue_vulnerability_classifications)) global false_positive if fp_lenth_match == 1: false_positive = "Yes" elif lenth_match == 0: false_positive = "No" else: false_positive = "No" date_time = datetime.now() try: data_dump = WebScanResultsDb( scan_id=self.scan_id, vuln_id=vuln_id, url=url, title=name, solution=issue_remediation, description=details, reference=issue_reference, project_id=self.project_id, severity_color=vul_col, severity=severity, date_time=date_time, false_positive=false_positive, vuln_status="Open", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, scanner="Burp", ) data_dump.save() except Exception as e: print(e) burp_all_vul = (WebScanResultsDb.objects.filter( scan_id=self.scan_id).values("title", "severity").distinct()) total_vul = len(burp_all_vul) total_high = len(burp_all_vul.filter(severity="High")) total_medium = len(burp_all_vul.filter(severity="Medium")) total_low = len(burp_all_vul.filter(severity="Low")) total_info = len(burp_all_vul.filter(severity="Info")) total_duplicate = len(burp_all_vul.filter(vuln_duplicate="Yes")) WebScansDb.objects.filter(scan_id=self.scan_id, scanner="Burp").update( total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, info_vul=total_info, total_dup=total_duplicate, ) try: email_notification.email_notify() except Exception as e: print(e) HttpResponse(status=201)