def _VulnerabilitiesAsXML(self):
xml_data = create_element('Vulnerabilities')
for vulnerability_id in self.vulnerabilities_ids:
xml_vulnerability = create_element('Vulnerability',
{'id': vulnerability_id})
xml_data.append(xml_vulnerability)
return xml_data
def AsXML(self, exclude_id):
attributes = {}
if not exclude_id:
attributes['id'] = self.id
attributes['name'] = self.username
attributes['password'] = self.password
attributes['enabled'] = '1' if self.is_enabled else '0'
attributes['fullname'] = self.fullname
attributes['email'] = self.email
attributes['role-name'] = self.role_name
attributes['authsrcid'] = self.authenticator_id if self.authenticator_id else 0
attributes['allSites'] = True if self.has_access_to_all_sites else False
attributes['allGroups'] = True if self.has_access_to_all_assetgroups else False
xml_data = create_element('UserConfig', attributes)
if not self.has_access_to_all_sites:
xml_sites = create_element('Sites') # We are just nice, in practice Nexpose doesn't care for this subelement
for site_id in self.accessible_sites:
xml_site = create_element('site', {'id': site_id})
xml_sites.append(xml_site)
xml_data.append(xml_sites)
if not self.has_access_to_all_assetgroups:
xml_assetgroups = create_element('Groups') # We are just nice, in practice Nexpose doesn't care for this subelement
for site_id in self.accessible_assetgroups:
xml_assetgroup = create_element('group', {'id': site_id})
xml_assetgroups.append(xml_assetgroup)
xml_data.append(xml_assetgroups)
return xml_data
def _CreatePrivelegesElement(tag, privileges):
xml_data = create_element(tag)
for key, value in privileges.iteritems():
attribute = {'enabled': 1 if value else 0}
xml_subdata = create_element(key, attribute)
xml_data.append(xml_subdata)
return xml_data
def AsXML(self):
xml = create_element('Credential', {
'shared': 1,
'enabled': 0,
'id': self.id
})
if self.credential:
xml.append(self.credential.AsXML())
xml_name = create_element('Name')
xml_name.text = self.name
xml.append(xml_name)
xml_description = create_element('Description')
xml_description.text = self.description
xml.append(xml_description)
xml_services = create_element('Services')
xml_services.append(create_element('Service', {'type': self.service}))
xml.append(xml_services)
xml_restrictions = create_element('Restrictions')
if self.restriction_host:
xml_restriction = create_element('Restriction', {'type': 'host'})
xml_restriction.text = self.restriction_host
xml_restrictions.append(xml_restriction)
if self.restriction_port:
xml_restriction = create_element('Restriction', {'type': 'port'})
xml_restriction.text = self.restriction_port
xml_restrictions.append(xml_restriction)
xml.append(xml_restrictions)
xml.append(create_element('Sites', {'all': 1 if self.all_sites else 0
})) # TODO: enabled/disabled sites
return xml
def AsXML(self, exclude_id):
attributes = {}
if not exclude_id:
attributes['id'] = self.id
attributes['name'] = self.name
attributes['full-name'] = self.fullname
attributes['enabled'] = '1' if self.is_enabled else '0'
attributes['scope'] = self.scope
xml_description = create_element('Description')
xml_data = create_element('Role', attributes)
xml_description.text = self.description
xml_data.append(xml_description)
xml_data.append(RoleDetails._CreatePrivelegesElement('AssetGroupPrivileges', self.assetgroup_privileges))
xml_data.append(RoleDetails._CreatePrivelegesElement('GlobalPrivileges', self.global_privileges))
xml_data.append(RoleDetails._CreatePrivelegesElement('SitePrivileges', self.site_privileges))
return xml_data
def AsXML(self):
attributes = {}
attributes['from'] = self.start
if self.end != self.start:
attributes['to'] = self.end
xml_data = create_element('range', attributes)
return xml_data
def AsXML(self):
xml = create_element('Account', {'type': 'nexpose'})
_create_field_and_append(xml, 'username', self.username)
_create_field_and_append(xml, 'password', self.password)
_create_field_and_append(xml, 'domain', self.domain)
_create_field_and_append(xml, 'database', self.database)
return xml
def AsXML(self):
attributes = {}
attributes['name'] = self.name
attributes['device-id'] = self.asset_id
attributes['assigned-to'] = self.assigned_to
attributes['priority'] = self.priority
xml_data = create_element("TicketCreate", attributes)
xml_data.append(self._VulnerabilitiesAsXML())
return xml_data
def AsXML(self, exclude_id):
attributes = {}
if not exclude_id: attributes['id'] = self.id
attributes['name'] = self.name
attributes['address'] = self.host
attributes['port'] = self.port
attributes['scope'] = self.scope
attributes['priority'] = self.priority
xml_data = create_element('EnginePoolConfig', attributes)
return xml_data
def AsXML(self, exclude_id):
attributes = {}
if not exclude_id:
attributes['id'] = self.id
attributes['name'] = self.name
attributes['description'] = self.short_description
attributes['isDynamic'] = '1' if self.is_dynamic else '0'
attributes['riskfactor'] = self.risk_factor
xml_data = create_element('Site', attributes)
xml_description = create_element('Description')
xml_description.text = self.description
xml_data.append(xml_description)
xml_hosts = create_element('Hosts')
for host in self.hosts:
xml_hosts.append(host.AsXML())
xml_data.append(xml_hosts)
xml_credentials = create_element('Credentials')
for credential in self.credentials:
xml_credentials.append(credential)
xml_data.append(xml_credentials)
xml_alerting = create_element('Alerting')
for alert in self.alerting:
xml_alerting.append(alert)
xml_data.append(xml_alerting)
xml_users = create_element('Users')
for user in self.users:
xml_users.append(user)
xml_data.append(xml_users)
# Include ScanConfig attributes
attributes = {}
attributes['configID'] = self.configid
attributes['name'] = self.configname
attributes['templateID'] = self.configtemplateid
attributes['engineID'] = self.configengineid
attributes['configVersion'] = self.configversion
xml_scanconfig = create_element('ScanConfig', attributes)
xml_scheduling = create_element('Scheduling')
for schedule in self.schedules:
xml_scheduling.append(schedule)
xml_scanconfig.append(xml_scheduling)
xml_data.append(xml_scanconfig)
# TODO: implement the xxxPrivileges
# print(as_string(as_xml(as_string(xml_data))))
return xml_data
def AsXML(self):
xml = create_element('Account', {'type': 'nexpose'})
_create_field_and_append(xml, 'username', self.username)
_create_field_and_append(xml, 'password', self.password)
_create_field_and_append(xml, 'snmpv3authtype',
self.snmpv3_authentication_type)
_create_field_and_append(xml, 'snmpv3privtype',
self.snmpv3_private_type)
_create_field_and_append(xml, 'snmpv3privpassword',
self.snmpv3_private_password)
return xml
def AsXML(self):
xml = create_element('Account', {'type': 'nexpose'})
_create_field_and_append(xml, 'username', self.username)
_create_field_and_append(xml, 'password', self.password)
_create_field_and_append(xml, 'privilegeelevationusername',
self.privilege_elevation_username)
_create_field_and_append(xml, 'privilegeelevationpassword',
self.privilege_elevation_password)
_create_field_and_append(xml, 'privilegeelevationtype',
self.privilege_elevation_type)
return xml
def AsXML(self, exclude_id):
attributes = {}
if not exclude_id: attributes['id'] = self.id
attributes['name'] = self.name
attributes['address'] = self.host
attributes['port'] = self.port
attributes['protocol'] = self.protocol
attributes['user-name'] = self.username
attributes['password'] = self.password
xml_data = create_element('DiscoveryConnection', attributes)
return xml_data
def AsXML(self, exclude_id):
attributes = {}
if not exclude_id: attributes['id'] = self.id
attributes['name'] = self.name
attributes['description'] = self.short_description
attributes['isDynamic'] = '1' if self.is_dynamic else '0'
attributes['riskfactor'] = self.risk_factor
xml_data = create_element('Site', attributes)
xml_description = create_element('Description')
xml_description.text = self.description
xml_data.append(xml_description)
xml_hosts = create_element('Hosts')
for host in self.hosts:
xml_hosts.append(host.AsXML())
xml_data.append(xml_hosts)
xml_credentials = create_element('Credentials')
xml_data.append(xml_credentials)
xml_alerting = create_element('Alerting')
xml_data.append(xml_alerting)
# TODO: !!!
attributes = {}
attributes['configID'] = 3
attributes['name'] = 'Full audit without Web Spider'
attributes['templateID'] = 'full-audit-without-web-spider'
attributes['engineID'] = 3
attributes['configVersion'] = 3
xml_scanconfig = create_element('ScanConfig')
xml_scheduling = create_element('Scheduling')
xml_scanconfig.append(xml_scheduling)
xml_data.append(xml_scanconfig)
#TODO: implement the xxxPrivileges
print as_string(as_xml(as_string(xml_data)))
return xml_data
def AsXML(self):
xml = create_element('Account', {'type': 'nexpose'})
_create_field_and_append(xml, 'password', self.password)
return xml
def AsXML(self):
xml = create_element('Account', {'type': 'nexpose'})
_create_field_and_append(xml, 'username', self.username)
_create_field_and_append(xml, 'domain', self.domain)
_create_field_and_append(xml, 'ntlmhash', self.ntlm_hash)
return xml
def _create_field(key, value):
field = create_element('Field', {'name': key})
field.text = value
return field
def store_voc_result(img_fullname, detections_list, xml_fullName):
"""
Purpose: generate and write a xml to store detection results
Args:
img_fullname: the full path to image detected
detections_list[dict]: the list of detection dict
xml_fullName: the full path to store xml file
"""
# root == results
_results = create_element("results", {}, None)
# results->imgFUllName
_imgFullName = create_element("imgFullName", {}, img_fullname)
add_childElement(_results, _imgFullName)
# results->detection
for det_dict in detections_list:
# get argments from dict
class_name = det_dict["class"]
x, y, w, h = det_dict["bndbox"]
seg = det_dict["segmentation"]
rotbox = det_dict["rotbox"]
_detection = create_element("detection", {}, None)
# results->detection->name
_name = create_element("name", {}, class_name)
add_childElement(_detection, _name)
# results->detection->bndbox->x,y,w,h
_bndbox = create_element("bndbox", {}, None)
_x = create_element("x", {}, str(x))
_y = create_element("y", {}, str(y))
_w = create_element("w", {}, str(w))
_h = create_element("h", {}, str(h))
add_childElement(_bndbox, _x)
add_childElement(_bndbox, _y)
add_childElement(_bndbox, _w)
add_childElement(_bndbox, _h)
add_childElement(_detection, _bndbox)
# results->detection->segmentaion
_segmentation = create_element("segmentation", {}, str(seg))
add_childElement(_detection, _segmentation)
# results->detection->rotationbox
_rotbox = create_element("rotationbox", {}, str(rotbox))
add_childElement(_detection, _rotbox)
add_childElement(_results, _detection)
formatXml(_results, '\t', '\n') # 美化xml格式
tree = create_elementTree(_results) # 以根元素创建elementtree对象
tree.write(xml_fullName) # 将构建的XML文档写入文件
def AsXML(self):
xml_data = create_element('host')
xml_data.text = self.name
return xml_data
