def add_user(username, password, fullname, role): try: es = db_connect.connect_elasticsearch() try: otp_secret = base64.b32encode(os.urandom(15)).decode('utf-8') _password = hash_pass.make_hash(password) timestamp_created = datetime.timestamp(datetime.now()) body = { "username": username, "password": _password, "firstlogin": True, "fullname": fullname, "role": role, "otp_secret": otp_secret, "is_disable": False, "failure": 0, "timestamp_created": timestamp_created } raw_data = es.index(index=ElasticConfig.USERS_INDEX, body=body) if raw_data['result'] == 'created': return True return False except: logging.exception(msg="Fail") except: logging.exception(msg="Fail")
def check_username_exist(username): try: es = db_connect.connect_elasticsearch() try: body = { "query": { "bool": { "must": [{ "match": { "username": username } }] } } } raw_data = es.search(index=ElasticConfig.USERS_INDEX, body=body) if type(raw_data['hits']['total']) == dict: total = raw_data['hits']['total']['value'] else: total = raw_data['hits']['total'] if total != 0: return True return False except: logging.exception(msg="Fail") except: logging.exception(msg="Fail")
def get_user_by_username_password(username, password): try: es = db_connect.connect_elasticsearch() try: hashed_password = hash_pass.make_hash(password) body = { "query": { "bool": { "must": [{ "match": { "username": username } }, { "match": { "password": hashed_password } }] } } } raw_data = es.search(index=ElasticConfig.USERS_INDEX, body=body) return raw_data except: logging.exception(msg="Fail") except: logging.exception(msg="Fail")
def nikto_overview(): try: es = db_connect.connect_elasticsearch() try: # Process sort and body from arguments q = request.args.get('q') paging_from = int(request.args.get('page') or 1) paging_size = ElasticConfig.DEFAULT_PAGE_SIZE if 'size' in request.args: paging_size = int(request.args.get('size')) session['paging_size'] = paging_size elif 'paging_size' in session: paging_size = session['paging_size'] sort = request.args.get('sort') index = request.args.get('index') if index is None: index = "scanstat.startTime" if sort is None: sort = "desc" sort_query = generateSortQuery(sort, index) body = generateBody(q, paging_from, paging_size) # Process data rawData = es.search(index=ElasticConfig.NIKTO_INDEX, body=body, sort=sort_query) processed_data = json.loads(processNikto(rawData)) paging_total = processed_data['total'] paging = { "paging_from": paging_from, "paging_size": paging_size, "paging_total": paging_total, "left_page": max(paging_from - 2, 1), "right_page": min( max(paging_from - 2, 1) + 4, math.ceil(paging_total / paging_size)) } if sort == "desc": sort = "asc" else: sort = "desc" except: logging.exception(msg="Fail") except: logging.exception(msg="Fail") session['module'] = "nikto" session['overview'] = True return render_template('nikto.html', response=processed_data, q=q, sorting=sort, index=index, paging=paging)
def delete_scan(): try: es = db_connect.connect_elasticsearch() scanId = request.form.get('scanId') es.update(index=ElasticConfig.SCAN_INDEX, doc_type='_doc', id=scanId, body={"doc": {"isDeleted": True}}) except: logging.exception(msg="Connect database failed!") return redirect(url_for('scan_overview'))
def dashboard(): try: es = db_connect.connect_elasticsearch() try: session[ 'auto_refresh'] = ElasticConfig.DEFAULT_REFRESH_DASHBOARD_TIME # Get auto refresh time if any if request.method == 'POST': session['auto_refresh'] = request.form.get( 'auto-refresh-time' ) if request.form.get( 'auto-refresh-time' ) is not None else ElasticConfig.DEFAULT_REFRESH_DASHBOARD_TIME # Get vulnerabilities raw_vul_count = es.search(index=ElasticConfig.VULNERABILITY_INDEX, body=DashboardQueryBody.VUL_COUNT) raw_vul_critical = es.search( index=ElasticConfig.VULNERABILITY_INDEX, body=DashboardQueryBody.VUL_TOP_CRITICAL) raw_vul_recent = es.search(index=ElasticConfig.VULNERABILITY_INDEX, body=DashboardQueryBody.VUL_TOP_RECENT) raw_vul_timeline = es.search( index=ElasticConfig.VULNERABILITY_INDEX, body=DashboardQueryBody.VUL_TIMELINE) # Get targets raw_target_vul_count = es.search( index=ElasticConfig.VULNERABILITY_INDEX, body=DashboardQueryBody.TARGET_VUL_COUNT) raw_target_critical_count = es.search( index=ElasticConfig.VULNERABILITY_INDEX, body=DashboardQueryBody.TARGET_CRITICAL_COUNT) # Process vul_count = json.loads(count_vul(raw_vul_count)) vul_critical = json.loads(process_vul(raw_vul_critical)) vul_recent = json.loads(process_vul(raw_vul_recent)) print(raw_vul_timeline) json_vul_timeline = process_vul_timeline(raw_vul_timeline) target_vul_count = json.loads(process_target(raw_target_vul_count)) target_vul_critical = json.loads( process_target(raw_target_critical_count)) except: logging.exception(msg="Fail") except: logging.exception(msg="Fail") session['module'] = "dashboard" return render_template('dashboard.html', vul_count=vul_count, vul_critical=vul_critical, vul_recent=vul_recent, target_vul_count=target_vul_count, target_vul_critical=target_vul_critical, json_vul_timeline=json_vul_timeline)
def check_current_password(userid, password): try: es = db_connect.connect_elasticsearch() try: raw_data = es.get(index=ElasticConfig.USERS_INDEX, id=userid) hashed_pass = hash_pass.make_hash(password) if raw_data['found'] and raw_data['_source'][ 'password'] == hashed_pass: return True return False except: logging.exception(msg="Fail") except: logging.exception(msg="Fail")
def delete_user(userid): try: es = db_connect.connect_elasticsearch() try: raw_data = es.delete(index=ElasticConfig.USERS_INDEX, id=userid) if raw_data['result'] == 'deleted': return True return False except elasticsearch.exceptions.NotFoundError: return False except: logging.exception(msg="Fail") except: logging.exception(msg="Fail")
def check_disabled_user_by_id(userid): try: es = db_connect.connect_elasticsearch() try: raw_data = es.get(index=ElasticConfig.USERS_INDEX, id=userid) if raw_data['found']: is_disable = raw_data['_source']['is_disable'] return is_disable return True except elasticsearch.exceptions.NotFoundError: return True except: logging.exception(msg="Fail") except: logging.exception(msg="Fail")
def get_user_by_id(userid): try: es = db_connect.connect_elasticsearch() try: raw_data = es.get(index=ElasticConfig.USERS_INDEX, id=userid) if raw_data['found']: result = raw_data['_source'] result['id'] = raw_data['_id'] return result else: return [] except: logging.exception(msg="Fail") except: logging.exception(msg="Fail")
def update_user(userid, fullname): try: es = db_connect.connect_elasticsearch() try: script = "ctx._source.fullname = '{}'".format(fullname) body = {"script": script} raw_data = es.update(index=ElasticConfig.USERS_INDEX, body=body, id=userid) if raw_data['result'] == 'updated': return True return False except: logging.exception(msg="Fail") except: logging.exception(msg="Fail")
def change_password(userid, new_password): try: es = db_connect.connect_elasticsearch() try: script = "ctx._source.password = '******'".format( hash_pass.make_hash(new_password)) body = {"script": script} raw_data = es.update(index=ElasticConfig.USERS_INDEX, body=body, id=userid) if raw_data['result'] == 'updated': return True return False except: logging.exception(msg="Fail") except: logging.exception(msg="Fail")
def disable_user(userid): try: es = db_connect.connect_elasticsearch() try: body = {"script": "ctx._source.is_disable = true"} raw_data = es.update(index=ElasticConfig.USERS_INDEX, body=body, id=userid) if raw_data['result'] == 'updated': return True return False except elasticsearch.exceptions.NotFoundError: return False except: logging.exception(msg="Fail") except: logging.exception(msg="Fail")
def get_list_user(paging_size, paging_from): try: es = db_connect.connect_elasticsearch() try: sort_query = "timestamp_created:asc" query_body = { "from": (paging_from - 1) * paging_size, "size": paging_size } raw_data = es.search(index=ElasticConfig.USERS_INDEX, size=paging_size, body=query_body, sort=sort_query) return raw_data except: logging.exception(msg="Fail") except: logging.exception(msg="Fail")
def wappalyzer_detail(): id = request.args.get('id') if id is None: return render_template('404.html') try: es = db_connect.connect_elasticsearch() try: raw_data = es.get(index=ElasticConfig.WAPPALYZER_INDEX, doc_type="_doc", id=id) processed_data = json.loads(processWappalyzerDetail(raw_data)) except: logging.exception(msg="Fail") except: logging.exception(msg="Fail") session['module'] = "wappalyzer" session['overview'] = False return render_template('wappalyzer-detail.html', response=processed_data)
def acu_detail(id): if id is None: return render_template('acu-detail.html') else: try: es = db_connect.connect_elasticsearch() try: raw_data = es.get(index=ElasticConfig.ACUNETIX_SUMMARY_INDEX, doc_type="_doc", id=id) # print(raw_data) processed_data = json.loads(processAcunetixDetail(raw_data)) except: logging.exception(msg="Fail") except: logging.exception(msg="Fail") session['module'] = "acunetix" session['overview'] = False return render_template('acu-detail.html', response=processed_data)
def cve_detail(): id = request.args.get('id') if id is None: return render_template('404.html') else: try: es = db_connect.connect_elasticsearch() try: raw_data = es.get(index=ElasticConfig.CVESEARCH_INDEX, doc_type="_doc", id=id) processed_data = processCveDetail(raw_data) except: logging.exception(msg="Fail") except: logging.exception(msg="Fail") session['module'] = "cve" session['overview'] = False return render_template('cve-detail.html', response=processed_data)
def nessus_detail(id): if id is None: return render_template('404.html') else: try: es = db_connect.connect_elasticsearch() try: raw_data = es.get(index=ElasticConfig.NESSUS_INDEX, doc_type="_doc", id=id) # print(raw_data) processed_data = processNessusDetail(raw_data) except: logging.exception(msg="Fail") except: logging.exception(msg="Fail") session['module'] = "nessus" session['overview'] = False return render_template('nessus-detail.html', response=processed_data)
def nse_detail(): id = request.args.get('id') if id is None: return render_template('nse-detail.html') try: es = db_connect.connect_elasticsearch() try: raw_data = es.get(index=ElasticConfig.NSE_INDEX, doc_type="_doc", id=id) processed_data = json.loads(processNSEDetail(raw_data)) print(processed_data) except: logging.exception(msg="Fail") except: logging.exception(msg="Fail") session['module'] = "nse" session['overview'] = False return render_template('nse-detail.html', response=processed_data)
def change_status_first_login(userid, status): try: es = db_connect.connect_elasticsearch() try: if status: status = 'true' else: status = 'false' body = {"script": "ctx._source.firstlogin = {}".format(status)} raw_data = es.update(index=ElasticConfig.USERS_INDEX, body=body, id=userid) if raw_data['result'] == 'updated': return True return False except elasticsearch.exceptions.NotFoundError: return False except: logging.exception(msg="Fail") except: logging.exception(msg="Fail")
def acu_detail_row(id, vul_id): if id is None or vul_id is None: return render_template('500.html') else: try: es = db_connect.connect_elasticsearch() try: raw_data = es.get(index=ElasticConfig.ACUNETIX_DETAIL_INDEX, doc_type="_doc", id=vul_id) processed_data = json.loads( processDetailVulnerability(raw_data, vul_id=vul_id)) attack = render_template_string( processed_data.get('attack_detail')) except: logging.exception(msg="Fail") except: logging.exception(msg="Fail") return render_template('acu-detail-vul.html', response=processed_data, attack=attack)
def increase_number_of_failure(username, flag): try: es = db_connect.connect_elasticsearch() try: body = { "query": { "bool": { "must": [{ "match": { "username": username } }] } } } raw_data = es.search(index=ElasticConfig.USERS_INDEX, body=body) if type(raw_data['hits']['total']) == dict: total = raw_data['hits']['total']['value'] else: total = raw_data['hits']['total'] if total != 0: userid = raw_data['hits']['hits'][0]['_id'] failure = raw_data['hits']['hits'][0]['_source']['failure'] if flag == 1: failure = failure + 1 body = {"script": "ctx._source.failure += 1"} else: body = {"script": "ctx._source.failure = 0"} raw_data = es.update(index=ElasticConfig.USERS_INDEX, body=body, id=userid) if failure >= 3: disable_user(userid) if raw_data['result'] == 'updated': return True return False except: logging.exception(msg="Fail") except: logging.exception(msg="Fail")
def update_user_by_admin(userid, new_password, fullname, role): try: if new_password: hashed_password = hash_pass.make_hash(new_password) script = "ctx._source.password = '******'; ctx._source.fullname = '{}'; ctx._source.role = {};".format( hashed_password, fullname, role) else: script = "ctx._source.fullname = '{}'; ctx._source.role = {};".format( fullname, role) es = db_connect.connect_elasticsearch() try: body = {"script": script} raw_data = es.update(index=ElasticConfig.USERS_INDEX, body=body, id=userid) if raw_data['result'] == 'updated': return True return False except: logging.exception(msg="Fail") except: logging.exception(msg="Fail")
def target_detail(id): if id is None: return render_template('target-detail.html') else: try: es = db_connect.connect_elasticsearch() try: query_body = { "size": 10000, "query": { "bool": { "should": [ { "query_string": { "fields": ["id"], "query": id } } ] } } } rawData = es.search(index=ElasticConfig.ALL_INDEX, body=query_body) processed_data = processTargetData(rawData) nmapData = mergeNmapAndNSE(processed_data) wappalyzerData = processed_data.get('wappalyzer', []) niktoData = processed_data.get('nikto', []) acunetixData = processed_data.get('acunetix', []) nessusData = processed_data.get('nessus', []) cvesearchData = processed_data.get('cvesearch', []) except: logging.exception(msg="Fail") except: logging.exception(msg="Fail") session['module'] = "target" session['overview'] = False return render_template('target-detail.html', nmapData = nmapData, wappalyzerData = wappalyzerData, niktoData = niktoData, acunetixData = acunetixData, nessusData = nessusData, cvesearchData = cvesearchData)
def search_list_user(paging_size, paging_from, search_query): try: es = db_connect.connect_elasticsearch() try: sort_query = "timestamp_created:asc" query_body = { "from": (paging_from - 1) * paging_size, "size": paging_size, "query": { "query_string": { "fields": ["username", "fullname"], "query": "*{}*".format(search_query) } } } raw_data = es.search(index=ElasticConfig.USERS_INDEX, size=paging_size, body=query_body, sort=sort_query) return raw_data except: logging.exception(msg="Fail") except: logging.exception(msg="Fail")
def nessus_overview(): try: es = db_connect.connect_elasticsearch() try: # Process sort and body from arguments search_query = request.args.get('q') or '' _search_query = ' '.join('*' + _ + '*' for _ in search_query.split(' ')) paging_from = int(request.args.get('page') or 1) paging_size = ElasticConfig.DEFAULT_PAGE_SIZE if 'size' in request.args: paging_size = int(request.args.get('size')) session['paging_size'] = paging_size elif 'paging_size' in session: paging_size = session['paging_size'] sort = request.args.get('sort') index = request.args.get('index') if index is None: index = "scanstat.startTime" if sort is None: sort = "desc" sort_query = generateSortQuery(sort, index) query_body = { "_source": [ "target", "vuln_stats", "scanstat", "hostname", "ports", "scan_id", "scan_name", "root_scan_id" ], "from": (paging_from - 1) * paging_size, "size": paging_size, "query": { "bool": { "filter": { "bool": { "should": [{ "query_string": { "fields": [ "target", "hostname", "scan_id", "scan_name" ], "query": _search_query } }] } } } } } # Process data rawData = es.search(index=ElasticConfig.NESSUS_INDEX, body=query_body, sort=sort_query) processed_data = processNessus(rawData) paging_total = processed_data['total'] paging = { "paging_from": paging_from, "paging_size": paging_size, "paging_total": paging_total, "left_page": max(paging_from - 2, 1), "right_page": min( max(paging_from - 2, 1) + 4, math.ceil(paging_total / paging_size)) } if sort == "desc": sort = "asc" else: sort = "desc" except: logging.exception(msg="Fail") except: logging.exception(msg="Fail") session['module'] = "nessus" session['overview'] = True return render_template('nessus.html', response=processed_data, search_query=search_query, sorting=sort, index=index, paging=paging)
def getDataFromElastic(targetIds): result = dict() try: es = db_connect.connect_elasticsearch() query_body = { "query": { "bool": { "should": [{ "query_string": { "fields": ["id"], "query": targetIds } }] } }, "size": 0, "aggs": { "group_by_target_id": { "terms": { "field": "id.keyword", "size": ElasticConfig.MAX_SIZE_AGGS }, "aggs": { "informational": { "sum": { "field": "vuln_stats.informational" } }, "low": { "sum": { "field": "vuln_stats.low" } }, "medium": { "sum": { "field": "vuln_stats.medium" } }, "high": { "sum": { "field": "vuln_stats.high" } } } } } } rawData = es.search(index=[ ElasticConfig.ACUNETIX_SUMMARY_INDEX, ElasticConfig.CVESEARCH_INDEX, ElasticConfig.NESSUS_INDEX, ElasticConfig.NIKTO_INDEX ], body=query_body) processing_data = rawData['aggregations']["group_by_target_id"][ "buckets"] for data in processing_data: res = { "low": int(data['low']['value']), "informational": int(data['informational']['value']), "high": int(data['high']['value']), "medium": int(data['medium']['value']) } result[data.get('key')] = res except: logging.exception(msg="Something went wrong!") return result
def targets_overview(): try: es = db_connect.connect_elasticsearch() try: # Bar chart raw_top_target = es.search( index=ElasticConfig.VULNERABILITY_INDEX, body=DashboardQueryBody.TARGET_VUL_COUNT) top_target = json.loads(process_bar_chart(raw_top_target)) # Process sort and body from arguments search_query = request.args.get('q') or '' _search_query = ' '.join('*' + _ + '*' for _ in search_query.split(' ')) paging_from = int(request.args.get('page') or 1) paging_size = ElasticConfig.DEFAULT_PAGE_SIZE if 'size' in request.args: paging_size = int(request.args.get('size')) session['paging_size'] = paging_size elif 'paging_size' in session: paging_size = session['paging_size'] sort = request.args.get('sort') index = request.args.get('index') if index is None: index = "scanstat.startTime" if sort is None: sort = "desc" sort_query = generateSortQuery(sort, index) query_body = { "_source": [ "target", "hostname", "status", "root_scan_id", "scan_id", "scan_name", "scanstat.startTime", "id" ], "from": (paging_from - 1) * paging_size, "size": paging_size, "query": { "bool": { "should": [{ "query_string": { "fields": [ "target", "hostname", "status", "scan_id", "scan_name" ], "query": _search_query } }] } } } # Process data rawData = es.search(index=ElasticConfig.NMAP_INDEX, body=query_body, sort=sort_query) processed_data = processScan(rawData) targetIds = '' for data in processed_data['records']: targetIds += data["id"] + ' ' summary_result = getSummaryResult(targetIds) for i in range(len(processed_data['records'])): data = processed_data['records'][i] processed_data['records'][i][ 'summary_result'] = summary_result[ processed_data['records'][i]['id']] paging_total = processed_data['total'] paging = { "paging_from": paging_from, "paging_size": paging_size, "paging_total": paging_total, "left_page": max(paging_from - 2, 1), "right_page": min( max(paging_from - 2, 1) + 4, math.ceil(paging_total / paging_size)) } if sort == "desc": sort = "asc" else: sort = "desc" except: logging.exception(msg="Fail") except: logging.exception(msg="Fail When Connect To ElasticSearch Database") session['module'] = "target" session['overview'] = True return render_template('targets.html', response=processed_data, search_query=search_query, index=index, sorting=sort, paging=paging, top_target=top_target)
def vulnerability_overview(): try: es = db_connect.connect_elasticsearch() try: # Chart vul_count_raw = es.search(index=ElasticConfig.VULNERABILITY_INDEX, body=DashboardQueryBody.VUL_COUNT) vul_count = json.loads(count_vul(vul_count_raw)) # Process sort and body from arguments q = request.args.get('q') paging_from = int(request.args.get('page') or 1) paging_size = ElasticConfig.DEFAULT_PAGE_SIZE if 'size' in request.args: paging_size = int(request.args.get('size')) session['paging_size'] = paging_size elif 'paging_size' in session: paging_size = session['paging_size'] sort = request.args.get('sort') index = request.args.get('index') if index is None: index = "scanstat.startTime" if sort is None: sort = "desc" sort_query = generateSortQuery(sort, index) body = generateBody(q, paging_from, paging_size) # Process data rawData = es.search(index=ElasticConfig.VULNERABILITY_INDEX, body=body, sort=sort_query) processed_data = process_vulnerability(rawData) # Backward version of elasticSearch compatitive if type(rawData['hits']['total']) == dict: paging_total = rawData['hits']['total']['value'] else: paging_total = rawData['hits']['total'] paging = { "paging_from": paging_from, "paging_size": paging_size, "paging_total": paging_total, "left_page": max(paging_from - 2, 1), "right_page": min( max(paging_from - 2, 1) + 4, math.ceil(paging_total / paging_size)) } if sort == "desc": sort = "asc" else: sort = "desc" except: logging.exception(msg="Fail!") except: logging.exception(msg="Fail") session['module'] = "vulnerability" session['overview'] = True return render_template('vulnerability.html', response=processed_data, q=q, sorting=sort, index=index, paging=paging, vul_count=vul_count)
def scan_overview(): try: es = db_connect.connect_elasticsearch() try: # Process sort and body from arguments search_query = request.args.get('q') or '' _search_query = ' '.join( '*'+_+'*' for _ in search_query.split(' ')) paging_from = int(request.args.get('page') or 1) paging_size = ElasticConfig.DEFAULT_PAGE_SIZE if 'size' in request.args: paging_size = int(request.args.get('size')) session['paging_size'] = paging_size elif 'paging_size' in session: paging_size = session['paging_size'] sort = request.args.get('sort') index = request.args.get('index') if index is None: index = "scanstat.startTime" if sort is None: sort = "desc" sort_query = generateSortQuery(sort, index) query_body = { "_source": ["target", "created_date", "next_run_at", "next_run_at", "run_interval", "scan_type", "scanned_time", "name", "description", "isStopped"], "from": (paging_from - 1) * paging_size, "size": paging_size, "query": { "bool": { "filter": { "bool": { "must_not": [ {"match": {"isDeleted": True}} ], "should": [ { "query_string": { "fields": ["target"], "query": _search_query } } ] } } } } } # Process data rawData = es.search( index=ElasticConfig.SCAN_INDEX, body=query_body, sort=sort_query) processed_data = processScan(rawData) root_scan_id = '' for data in processed_data['records']: root_scan_id += data["id"] + ' ' summary_result = getSummaryResult(root_scan_id) for i in range(len(processed_data['records'])): data = processed_data['records'][i] processed_data['records'][i]['summary_result'] = summary_result[processed_data['records'][i]['id']] paging_total = processed_data['total'] paging = { "paging_from": paging_from, "paging_size": paging_size, "paging_total": paging_total, "left_page": max(paging_from - 2, 1), "right_page": min(max(paging_from - 2, 1) + 4, math.ceil(paging_total / paging_size)) } if sort == "desc": sort = "asc" else: sort = "desc" except: logging.exception(msg="Fail") except: logging.exception(msg="Fail") session['module'] = "scan" session['overview'] = True return render_template('scan.html', response=processed_data, search_query=search_query, sorting=sort, index=index, paging=paging)