def burp_stop():
host = 'http://localhost:8090'
bi = burpscanner.BurpApi(host)
out = bi.burp_stop()
resp = out.message
if resp == "OK":
print "Burp Stopped"
def scan_launch(self):
"""
The function trigger the scans.
"""
settings = load_settings.ArcherySettings()
burp_host = settings.burp_host()
burp_port = settings.burp_port()
print burp_host
global vuln_id, burp_status
# try:
# with open(setting_file, 'r+') as f:
# data = json.load(f)
# burp_path = data['burp_path']
# burp_port = data['burp_port']
# except Exception as e:
# print e
print self.project_id
print self.scan_url
time.sleep(15)
host = 'http://' + burp_host + ':' + burp_port
bi = burpscanner.BurpApi(host)
bi.burp_scope_add(self.scan_url)
bi.burp_spider(self.scan_url)
time.sleep(15)
bi.burp_active_scan(self.scan_url)
print "Project_id", self.project_id
while (int(burp_status) < 100):
scan_status = bi.burp_scan_status()
dat_status = scan_status.data
for key, item in dat_status.iteritems():
burp_status = item
print "Burp Scan Status :", burp_status
burp_scan_db.objects.filter(scan_id=self.scan_id).update(
scan_status=burp_status)
time.sleep(5)
burp_status = "100"
# if burp_status == '100':
# burp_status = "0"
# else:
# print "Scan Continue..."
print "Result Extracting........"
time.sleep(10)
print "Result Extracted........"
scan_result = bi.scan_report(self.scan_url, 'XML')
result_xml = scan_result.data
xml_data = ET.fromstring(result_xml)
do_scan_dat = burp_scans(self.project_id, self.scan_url, self.scan_id)
do_scan_dat.burp_scan_data(xml_data)
def scan_lauch(self):
global vuln_id, burp_status
try:
with open(api_key_path, 'r+') as f:
data = json.load(f)
burp_path = data['burp_path']
burp_port = data['burp_port']
except Exception as e:
print e
print self.project_id
print self.scan_url
time.sleep(15)
host = 'http://' + burp_path + ':' + burp_port
bi = burpscanner.BurpApi(host)
bi.burp_scope_add(self.scan_url)
bi.burp_spider(self.scan_url)
time.sleep(15)
bi.burp_active_scan(self.scan_url)
print "Project_id", self.project_id
while (int(burp_status) < 100):
scan_status = bi.burp_scan_status()
dat_status = scan_status.data
for key, item in dat_status.iteritems():
burp_status = item
print "Burp Scan Status :", burp_status
burp_scan_db.objects.filter(scan_id=self.scan_id).update(scan_status=burp_status)
time.sleep(5)
if burp_status == '100':
burp_status = "0"
else:
print "Scan Continue..."
print "Result Extracting........"
time.sleep(10)
print "Result Extracted........"
scan_result = bi.scan_report(self.scan_url, 'XML')
result_xml = scan_result.data
xml_data = ET.fromstring(result_xml)
do_scan_dat = burp_scans(self.project_id, self.scan_url, self.scan_id)
do_scan_dat.burp_scan_data(xml_data)
def burp_setting(request):
"""
Load Burp Settings.
:param request:
:return:
"""
user = request.user
all_burp_setting = burp_setting_db.objects.all()
for data in all_burp_setting:
global burp_url, burp_port, burp_api_key, \
remediation, issue_type_id, description, \
name, references, \
vulnerability_classifications
burp_url = data.burp_url
burp_port = data.burp_port
burp_api_key = data.burp_api_key
if request.method == 'POST':
burphost = request.POST.get("burpath")
burport = request.POST.get("burport")
burpapikey = request.POST.get("burpapikey")
save_burp_settings = burp_setting_db(burp_url=burphost, burp_port=burport, burp_api_key=burpapikey)
save_burp_settings.save()
host = 'http://' + burphost + ':' + burport + '/'
bi = burpscanner.BurpApi(host, burpapikey)
issue_list = bi.issue_definitions()
json_issue_data = json.dumps(issue_list.data)
issues = json.loads(json_issue_data)
all_data = burp_issue_definitions.objects.all()
all_data.delete()
try:
for issue_dat in issues:
for key, values in issue_dat.items():
if key == 'remediation':
remediation = values
if key == 'issue_type_id':
issue_type_id = values
if key == 'description':
description = values
if key == 'name':
name = values
if key == 'references':
references = values
if key == 'vulnerability_classifications':
vulnerability_classifications = values
data_dump = burp_issue_definitions(remediation=remediation,
issue_type_id=issue_type_id,
description=description,
reference=references,
vulnerability_classifications=vulnerability_classifications,
name=name
)
data_dump.save()
except Exception as e:
print(e)
notify.send(user, recipient=user, verb='Burp Connection Not Found')
return HttpResponseRedirect('/webscanners/setting/')
return render(request, 'burpscanner/burp_setting_form.html',
{'burp_url': burp_url,
'burp_port': burp_port,
'burp_api_key': burp_api_key
})
def setting(request):
"""
The function calling setting page.
:param request:
:return:
"""
all_notify = Notification.objects.unread()
jira_url = None
j_username = None
password = None
# Loading settings
username = request.user.username
settings = load_settings.ArcherySettings(setting_file, username=username)
lod_ov_user = settings.openvas_username()
lod_ov_pass = settings.openvas_pass()
lod_ov_host = settings.openvas_host()
lod_ov_port = settings.openvas_port()
lod_ov_enabled = settings.openvas_enabled()
# Loading ZAP Settings
zap_api_key = ''
zap_hosts = ''
zap_ports = ''
zap_enable = False
all_zap = zap_settings_db.objects.filter(username=username)
for zap in all_zap:
zap_api_key = zap.zap_api
zap_hosts = zap.zap_url
zap_ports = zap.zap_port
zap_enable = zap.enabled
lod_apikey = zap_api_key
zap_host = zap_hosts
zap_port = zap_ports
# Loading Arachni Settings
arachni_hosts = ''
arachni_ports = ''
all_arachni = arachni_settings_db.objects.filter(username=username)
for arachni in all_arachni:
arachni_hosts = arachni.arachni_url
arachni_ports = arachni.arachni_port
arachni_hosts = arachni_hosts
arachni_ports = arachni_ports
# Loading NMAP Vulners Settings
nv_enabled = False
nv_online = False
nv_version = False
nv_timing = 0
all_nv = nmap_vulners_setting_db.objects.filter(username=username)
for nv in all_nv:
nv_enabled = bool(nv.enabled)
nv_online = bool(nv.online)
nv_version = bool(nv.version)
nv_timing = int(nv.timing)
# Loading Burp Settings
burp_host = settings.burp_host()
burp_port = settings.burp_port()
burp_api_key = settings.burp_api_key()
# Loading Email Settings
all_email = email_db.objects.filter(username=username)
# Load JIRA Setting
jira_setting = jirasetting.objects.filter(username=username)
for jira in jira_setting:
jira_url = jira.jira_server
j_username = jira.jira_username
password = jira.jira_password
jira_server = jira_url
if j_username is None:
jira_username = None
else:
jira_username = signing.loads(j_username)
if password is None:
jira_password = None
else:
jira_password = signing.loads(password)
username = request.user.username
zap_enabled = False
random_port = '8091'
target_url = 'https://archerysec.com'
zap_info = ''
burp_info = ''
openvas_info = ''
arachni_info = ''
jira_info = ''
if request.method == 'POST':
setting_of = request.POST.get('setting_of')
if setting_of == 'zap':
all_zap = zap_settings_db.objects.filter(username=username)
for zap in all_zap:
zap_enabled = zap.enabled
if zap_enabled is False:
zap_info = 'Disabled'
try:
random_port = zap_plugin.zap_local()
except:
return render(request, 'setting.html',
{'zap_info': zap_info})
for i in range(0, 100):
while True:
try:
# Connection Test
zap_connect = zap_plugin.zap_connect(
random_port, username=username)
zap_connect.spider.scan(url=target_url)
except Exception as e:
print(
"ZAP Connection Not Found, re-try after 5 sec")
time.sleep(5)
continue
break
else:
try:
zap_connect = zap_plugin.zap_connect(random_port,
username=username)
zap_connect.spider.scan(url=target_url)
zap_info = True
except:
zap_info = False
if setting_of == 'burp':
host = 'http://' + burp_host + ':' + burp_port + '/'
bi = burpscanner.BurpApi(host, burp_api_key)
issue_list = bi.issue_definitions()
if issue_list.data is None:
burp_info = False
else:
burp_info = True
if setting_of == 'openvas':
sel_profile = ''
openvas = OpenVAS_Plugin(scan_ip,
project_id,
sel_profile,
username=username)
try:
openvas.connect()
openvas_info = True
except:
openvas_info = False
if setting_of == 'arachni':
global scan_run_id, scan_status
arachni_hosts = None
arachni_ports = None
all_arachni = arachni_settings_db.objects.filter(username=username)
for arachni in all_arachni:
arachni_hosts = arachni.arachni_url
arachni_ports = arachni.arachni_port
arachni = PyArachniapi.arachniAPI(arachni_hosts, arachni_ports)
check = []
data = {
"url": 'https://archerysec.com',
"checks": check,
"audit": {}
}
d = json.dumps(data)
scan_launch = arachni.scan_launch(d)
time.sleep(3)
try:
scan_data = scan_launch.data
for key, value in scan_data.items():
if key == 'id':
scan_run_id = value
arachni_info = True
except Exception:
arachni_info = False
if setting_of == 'jira':
global jira_projects, jira_ser
jira_setting = jirasetting.objects.filter(username=username)
for jira in jira_setting:
jira_url = jira.jira_server
username = jira.jira_username
password = jira.jira_password
jira_server = jira_url
jira_username = signing.loads(username)
jira_password = signing.loads(password)
options = {'server': jira_server}
try:
jira_ser = JIRA(options,
basic_auth=(jira_username, jira_password),
timeout=5)
jira_projects = jira_ser.projects()
print(len(jira_projects))
jira_info = True
except Exception as e:
print(e)
jira_info = False
return render(
request, 'setting.html', {
'apikey': lod_apikey,
'zapath': zap_host,
'zap_port': zap_port,
'zap_enable': zap_enable,
'arachni_hosts': arachni_hosts,
'arachni_ports': arachni_ports,
'lod_ov_user': lod_ov_user,
'lod_ov_pass': lod_ov_pass,
'lod_ov_host': lod_ov_host,
'lod_ov_enabled': lod_ov_enabled,
'lod_ov_port': lod_ov_port,
'burp_path': burp_host,
'burp_port': burp_port,
'burp_api_key': burp_api_key,
'all_email': all_email,
'jira_server': jira_server,
'jira_username': jira_username,
'jira_password': jira_password,
'nv_enabled': nv_enabled,
'nv_version': nv_version,
'nv_online': nv_online,
'nv_timing': nv_timing,
'message': all_notify,
'zap_info': zap_info,
'burp_info': burp_info,
'openvas_info': openvas_info,
'arachni_info': arachni_info,
'jira_info': jira_info
})
def scan_launch(self):
"""
The function trigger the scans.
"""
burp_host = None
burp_port = None
burp_api_key = None
global burp_status, data
# Load setting parameters from burp_setting_db models
all_burp_settings = burp_setting_db.objects.all()
for data in all_burp_settings:
burp_host = data.burp_url
burp_port = data.burp_port
burp_api_key = data.burp_api_key
date_time = datetime.now()
scan_dump = burp_scan_db(scan_id=self.scan_id,
project_id=self.project_id,
url=self.scan_url,
date_time=date_time)
scan_dump.save()
host = 'http://' + burp_host + ':' + burp_port + '/'
bi = burpscanner.BurpApi(host, burp_api_key)
data = '{"urls":["%s"]}' % self.scan_url
response = bi.scan(data)
scan_data = response.response_headers
burp_scan_id = scan_data['location']
# Email Notification
message = 'Burp Scan Launched '
subject = 'Archery Burp Scan Notification'
email_notify(user=self.user, subject=subject, message=message)
# Dashboard Notification
notify.send(self.user, recipient=self.user, verb='Burp Scan Launched')
scan_info = bi.scan_info(burp_scan_id)
json_scan_data = json.dumps(scan_info.data)
scan_info_data = json.loads(json_scan_data)
scan_status = scan_info_data['scan_metrics']['crawl_and_audit_progress']
while (int(scan_status) < 100):
scan_info = bi.scan_info(burp_scan_id)
json_scan_data = json.dumps(scan_info.data)
scan_info_data = json.loads(json_scan_data)
scan_status = scan_info_data['scan_metrics']['crawl_and_audit_progress']
print "Burp Scan Status :", scan_status
burp_scan_db.objects.filter(
scan_id=self.scan_id).update(
scan_status=scan_status)
time.sleep(5)
scan_info = bi.scan_info(burp_scan_id)
json_scan_data = json.dumps(scan_info.data)
scan_info_data = json.loads(json_scan_data)
scan_data = scan_info_data['issue_events']
do_scan_dat = burp_scans(self.project_id, self.scan_url, self.scan_id, self.user)
do_scan_dat.burp_scan_data(scan_data)
def post(self, request):
remediation = ""
issue_type_id = ""
description = ""
name = ""
references = ""
vulnerability_classifications = ""
user = request.user
setting_id = uuid.uuid4()
burphost = request.POST.get("burpath")
burport = request.POST.get("burport")
burpapikey = request.POST.get("burpapikey")
save_burp_settings = BurpSettingDb(
setting_id=setting_id,
burp_url=burphost,
burp_port=burport,
burp_api_key=burpapikey,
)
save_burp_settings.save()
setting_dat = SettingsDb(
setting_id=setting_id,
setting_scanner="Burp",
)
setting_dat.save()
host = "http://" + burphost + ":" + burport + "/"
bi = burpscanner.BurpApi(host, burpapikey)
issue_list = bi.issue_definitions()
json_issue_data = json.dumps(issue_list.data)
issues = json.loads(json_issue_data)
all_data = burp_issue_definitions.objects.filter()
all_data.delete()
try:
for issue_dat in issues:
for key, values in issue_dat.items():
if key == "remediation":
remediation = values
if key == "issue_type_id":
issue_type_id = values
if key == "description":
description = values
if key == "name":
name = values
if key == "references":
references = values
if key == "vulnerability_classifications":
vulnerability_classifications = values
data_dump = burp_issue_definitions(
remediation=remediation,
issue_type_id=issue_type_id,
description=description,
reference=references,
vulnerability_classifications=vulnerability_classifications,
name=name,
)
data_dump.save()
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=True)
except Exception as e:
print(e)
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=False)
notify.send(user, recipient=user, verb="Burp Connection Not Found")
return HttpResponseRedirect(reverse("archerysettings:settings"))
def scan_launch(self):
"""
The function trigger the scans.
"""
burp_host = None
burp_port = None
burp_api_key = None
global burp_status, data
# Load setting parameters from BurpSettingDb models
all_burp_settings = BurpSettingDb.objects.filter()
for data in all_burp_settings:
burp_host = data.burp_url
burp_port = data.burp_port
burp_api_key = data.burp_api_key
date_time = datetime.now()
scan_dump = WebScansDb(
scan_id=self.scan_id,
project_id=self.project_id,
scan_url=self.scan_url,
date_time=date_time,
scanner="Burp",
)
scan_dump.save()
host = "http://" + burp_host + ":" + burp_port + "/"
bi = burpscanner.BurpApi(host, burp_api_key)
data = '{"urls":["%s"]}' % self.scan_url
response = bi.scan(data)
scan_data = response.response_headers
burp_scan_id = scan_data["location"]
# Email Notification
message = "Burp Scan Launched "
subject = "Archery Burp Scan Notification"
email_notify(user=self.user, subject=subject, message=message)
# Dashboard Notification
notify.send(self.user, recipient=self.user, verb="Burp Scan Launched")
scan_info = bi.scan_info(burp_scan_id)
json_scan_data = json.dumps(scan_info.data)
scan_info_data = json.loads(json_scan_data)
scan_status = scan_info_data["scan_metrics"][
"crawl_and_audit_progress"]
print(scan_status)
while int(scan_status) < 100:
scan_info = bi.scan_info(burp_scan_id)
json_scan_data = json.dumps(scan_info.data)
scan_info_data = json.loads(json_scan_data)
scan_status = scan_info_data["scan_metrics"][
"crawl_and_audit_progress"]
print("Scan Status:", scan_status)
WebScansDb.objects.filter(
scan_id=self.scan_id,
scanner="Burp").update(scan_status=scan_status)
time.sleep(5)
scan_info = bi.scan_info(burp_scan_id)
json_scan_data = json.dumps(scan_info.data)
scan_info_data = json.loads(json_scan_data)
scan_data = scan_info_data["issue_events"]
do_scan_dat = burp_scans(self.project_id, self.scan_url, self.scan_id,
self.user)
do_scan_dat.burp_scan_data(scan_data)
def scan_launch(self):
"""
The function trigger the scans.
"""
all_burp_settings = burp_setting_db.objects.all()
for data in all_burp_settings:
# settings = load_settings.ArcherySettings()
burp_host = data.burp_url
burp_port = data.burp_port
print burp_host
global vuln_id, burp_status
time.sleep(15)
host = 'http://' + burp_host + ':' + burp_port
print host
bi = burpscanner.BurpApi(host)
try:
print bi.burp_scope_add(self.scan_url)
except Exception:
print "Scanner not found"
return
date_time = datetime.now()
scan_dump = burp_scan_db(scan_id=self.scan_id,
project_id=self.project_id,
url=self.scan_url,
date_time=date_time)
scan_dump.save()
bi = burpscanner.BurpApi(host)
bi.burp_scope_add(self.scan_url)
bi.burp_spider(self.scan_url)
time.sleep(15)
bi.burp_active_scan(self.scan_url)
print "Project_id", self.project_id
while (int(burp_status) < 100):
scan_status = bi.burp_scan_status()
dat_status = scan_status.data
for key, item in dat_status.iteritems():
burp_status = item
print "Burp Scan Status :", burp_status
burp_scan_db.objects.filter(scan_id=self.scan_id).update(
scan_status=burp_status)
time.sleep(5)
burp_status = "100"
# if burp_status == '100':
# burp_status = "0"
# else:
# print "Scan Continue..."
print "Result Extracting........"
time.sleep(10)
print "Result Extracted........"
scan_result = bi.scan_report(self.scan_url, 'XML')
result_xml = scan_result.data
xml_data = ET.fromstring(result_xml)
do_scan_dat = burp_scans(self.project_id, self.scan_url, self.scan_id)
do_scan_dat.burp_scan_data(xml_data)
def main():
args = parse_cmd_line_args()
# setup burp connection
host = '{}:{}'.format(args.proxy_url, args.api_port)
api_port = args.api_port
proxy_url = args.proxy_url
target_url = []
target_url = args.target
url_prefix = "ALL"
rtype = "HTML"
bi = burpscanner.BurpApi(host)
## Report
def scan_report(api_port, proxy_url, rtype, url_prefix):
"""
Downloads the scan report with current Scanner issues for
URLs matching the specified urlPrefix (HTML/XML)
"""
try:
if url_prefix == "ALL":
r = requests.get("{}:{}/burp/report?reportType={}".format(
proxy_url, api_port, rtype))
else:
r = requests.get(
"{}:{}/burp/report?urlPrefix={}&reportType={}".format(
proxy_url, api_port, url_prefix, rtype))
r.raise_for_status()
except requests.exceptions.RequestException as e:
print("Error downloading the scan report: {}".format(e))
else:
print("[+] Downloading HTML/XML report for {}".format(url_prefix))
# Write the response body (byte array) to file
file_name = "burp-report_{}_{}.{}".format(
time.strftime("%Y%m%d-%H%M%S", time.localtime()),
url_prefix.replace("://", "-"), rtype.lower())
file = os.path.join(tempfile.gettempdir(), file_name)
with open(file, 'wb') as f:
f.write(r.text)
print("[-] Scan report saved to {}".format(file))
return file_name
# Scan issues
def scan_issues(api_port, proxy_url, url_prefix):
"""
Returns all of the current scan issues for URLs
matching the specified urlPrefix
"""
try:
if url_prefix == "ALL":
r = requests.get("{}:{}/burp/scanner/issues".format(
proxy_url,
api_port,
))
else:
r = requests.get(
"{}:{}/burp/scanner/issues?urlPrefix={}".format(
proxy_url, api_port, url_prefix))
r.raise_for_status()
except requests.exceptions.RequestException as e:
print("Error getting the scan issues: {}".format(e))
else:
resp = r.json()
if resp['issues']:
print("[+] Scan issues for {}:".format(url_prefix))
uniques_issues = {
"Issue: {issueName}, Severity: {severity}".format(**issue)
for issue in resp['issues']
}
for issue in uniques_issues:
print(" - {}".format(issue))
return True
else:
return False
#### get scan status
def scan_status(api_port, proxy_url):
"""Get the percentage completed for the scan queue items"""
try:
r = requests.get("{}:{}/burp/scanner/status".format(
proxy_url, api_port))
r.raise_for_status()
except requests.exceptions.RequestException as e:
print("Error getting the scan status: {}".format(e))
else:
resp = r.json()
sys.stdout.write("\r[-] Scan in progress: %{}".format(
resp['scanPercentage']))
sys.stdout.flush()
return resp['scanPercentage']
## show progress bar
def progress(count, total, status=''):
bar_len = 60
filled_len = int(round(bar_len * count / float(total)))
percents = round(100.0 * count / float(total), 1)
bar = '=' * filled_len + '-' * (bar_len - filled_len)
sys.stdout.write('[%s] %s%s ...%s\r' % (bar, percents, '%', status))
sys.stdout.flush()
# Add target in burp scope
burp_scope = bi.burp_scope(target_url)
# Add target to scope
burp_scope_add = bi.burp_scope_add(target_url)
# Add to spider
burp_spider = bi.burp_spider(target_url)
total = 600
i = 0
while i < total:
progress(i, total, status='[+] Spidering the website')
time.sleep(0.5)
i += 1
# Start active scan
active_scan(api_port, target_url, proxy_url)
resp = 0
while (int(resp) != 1):
resp = scan_status(api_port=args.api_port, proxy_url=args.proxy_url)
time.sleep(20)
print("\n[+] Scan completed")
# Get issue list
scan_issues(api_port, proxy_url, url_prefix)
rfile = scan_report(api_port, proxy_url, rtype, url_prefix)
def post(self, request):
all_notify = Notification.objects.unread()
jira_url = None
j_username = None
password = None
# Loading settings
all_settings_data = SettingsDb.objects.filter()
# Loading ZAP Settings
zap_api_key = ""
zap_hosts = ""
zap_ports = ""
zap_enable = False
all_zap = ZapSettingsDb.objects.filter()
for zap in all_zap:
zap_api_key = zap.zap_api
zap_hosts = zap.zap_url
zap_ports = zap.zap_port
zap_enable = zap.enabled
lod_apikey = zap_api_key
zap_host = zap_hosts
zap_port = zap_ports
# Loading Arachni Settings
arachni_hosts = ""
arachni_ports = ""
arachni_user = ""
arachni_pass = ""
all_arachni = ArachniSettingsDb.objects.filter()
for arachni in all_arachni:
arachni_hosts = arachni.arachni_url
arachni_ports = arachni.arachni_port
arachni_user = arachni.arachni_user
arachni_pass = arachni.arachni_pass
burp_host = ""
burp_port = ""
burp_api_key = ""
all_burp_setting = BurpSettingDb.objects.all()
for data in all_burp_setting:
burp_host = data.burp_url
burp_port = data.burp_port
burp_api_key = data.burp_api_key
jira_setting = jirasetting.objects.all()
for jira in jira_setting:
jira_url = jira.jira_server
j_username = jira.jira_username
password = jira.jira_password
jira_server = jira_url
if j_username is None:
jira_username = None
else:
jira_username = signing.loads(j_username)
if password is None:
jira_password = None
else:
jira_password = signing.loads(password)
zap_enabled = False
random_port = "8091"
target_url = "https://archerysec.com"
setting_of = request.POST.get("setting_of")
setting_id = request.POST.get("setting_id")
if setting_of == "zap":
all_zap = ZapSettingsDb.objects.filter()
for zap in all_zap:
zap_enabled = zap.enabled
if zap_enabled is False:
zap_info = "Disabled"
try:
random_port = zap_plugin.zap_local()
except:
return render(
request, "setting/settings_page.html", {"zap_info": zap_info}
)
for i in range(0, 100):
while True:
try:
# Connection Test
zap_connect = zap_plugin.zap_connect(random_port)
zap_connect.spider.scan(url=target_url)
except Exception as e:
print("ZAP Connection Not Found, re-try after 5 sec")
time.sleep(5)
continue
break
else:
try:
zap_connect = zap_plugin.zap_connect(random_port)
zap_connect.spider.scan(url=target_url)
zap_info = True
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=zap_info
)
except:
zap_info = False
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=zap_info
)
if setting_of == "burp":
host = "http://" + burp_host + ":" + burp_port + "/"
try:
bi = burpscanner.BurpApi(host, burp_api_key)
except:
burp_info = False
return burp_info
issue_list = bi.issue_definitions()
if issue_list.data is None:
burp_info = False
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=burp_info
)
else:
burp_info = True
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=burp_info
)
if setting_of == "openvas":
sel_profile = ""
scan_ip = ""
project_id = ""
openvas = OpenVAS_Plugin(scan_ip, project_id, sel_profile)
try:
openvas.connect()
openvas_info = True
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=openvas_info
)
except:
openvas_info = False
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=openvas_info
)
if setting_of == "arachni":
global scan_run_id, scan_status
arachni_hosts = None
arachni_ports = None
arachni_user = None
arachni_pass = None
all_arachni = ArachniSettingsDb.objects.filter()
for arachni in all_arachni:
arachni_hosts = arachni.arachni_url
arachni_ports = arachni.arachni_port
arachni_user = arachni.arachni_user
arachni_pass = arachni.arachni_pass
arachni = PyArachniapi.arachniAPI(
arachni_hosts, arachni_ports, arachni_user, arachni_pass
)
check = []
data = {"url": "https://archerysec.com", "checks": check, "audit": {}}
d = json.dumps(data)
scan_launch = arachni.scan_launch(d)
time.sleep(3)
try:
scan_data = scan_launch.data
for key, value in scan_data.items():
if key == "id":
scan_run_id = value
arachni_info = True
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=arachni_info
)
except Exception:
arachni_info = False
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=arachni_info
)
if setting_of == "jira":
global jira_projects, jira_ser
jira_setting = jirasetting.objects.filter()
for jira in jira_setting:
jira_url = jira.jira_server
username = jira.jira_username
password = jira.jira_password
if jira_url is None:
print("No jira url found")
try:
jira_server = jira_url
jira_username = signing.loads(username)
jira_password = signing.loads(password)
except:
jira_info = False
options = {"server": jira_server}
try:
jira_ser = JIRA(
options, basic_auth=(jira_username, jira_password), timeout=5
)
jira_projects = jira_ser.projects()
print(len(jira_projects))
jira_info = True
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=jira_info
)
except Exception as e:
print(e)
jira_info = False
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=jira_info
)
return render(
request,
"setting/settings_page.html",
{"all_settings_data": all_settings_data, "all_notify": all_notify},
)
# import the package
from PyBurprestapi import burpscanner
# setup burp connection
host = 'http://localhost:8080'
#
bi = burpscanner.BurpApi(host)
# Add target in burp scope
response = bi.burp_scope('http://testwebsite.com')
# Get the response message
print(response.message)
