def put_response(url): try: response = requests.put(url, verify=False, timeout=3, data={'key': 'value'}) except requests.exceptions.SSLError: slack.send_error_to_channel('Url %s raised SSL Error' % url, SLACK_NOTIFICATION_CHANNEL) return None except requests.exceptions.ConnectionError: slack.send_error_to_channel('Url %s raised Connection Error' % url, SLACK_NOTIFICATION_CHANNEL) return None except requests.exceptions.ReadTimeout: slack.send_error_to_channel('Url %s raised Read Timeout' % url, SLACK_NOTIFICATION_CHANNEL) return None except requests.exceptions.TooManyRedirects: slack.send_error_to_channel('Url %s raised Too Many Redirects' % url, SLACK_NOTIFICATION_CHANNEL) return None except Exception: error_string = traceback.format_exc() final_error = 'On {0}, was Found: {1}'.format(url, error_string) slack.send_error_to_channel(final_error, SLACK_NOTIFICATION_CHANNEL) return None return response
def scan_target(scan_info, url_to_scan): response = get_response(url_to_scan) if response is None: return # Firebases come in the form # https://*.firebaseio.com # ---------Way I---------- firebase_HTTPS = re.findall('"https://([^\"/,]+).firebaseio.com"', response.text) firebase_HTTPS = filter_invalids(firebase_HTTPS) firebase_HTTP = re.findall('"http://([^\"/,]+).firebaseio.com"', response.text) firebase_HTTP = filter_invalids(firebase_HTTP) firebase_list = firebase_HTTPS + firebase_HTTP firebase_list = list(dict.fromkeys(firebase_list)) for i in range(len(firebase_list)): firebase_list[ i] = 'http://' + firebase_list[i] + '.firebaseio.com/.json' for firebase in firebase_list: try: firebase_response = requests.get(firebase, verify=False, timeout=3) except Exception: error_string = traceback.format_exc() final_error = 'On {0}, was Found: {1}'.format( url_to_scan, error_string) slack.send_error_to_channel(final_error, SLACK_NOTIFICATION_CHANNEL) continue if firebase_response.status_code == 200: add_vulnerability(scan_info, firebase)
def scan_target(scan_info): scan_name = settings['PROJECT']['NAME']+'-'+uuid.uuid4().hex #Connect to the nessus token = perform_login() # Getting the session token header['X-Cookie']=token # Create the scan json_scan = { 'uuid':nessus_info['SCAN_TEMPLATE'], 'settings':{'launch_now':False, 'enabled':False, 'text_targets':scan_info['nessus_target'], 'policy_id':'170', 'scanner_id':'1', 'folder_id':int(nessus_info['FOLDER_ID']), 'description':'Scan created and launched via orchestrator', 'name':scan_name } } # Creating the scan and getting the id for the launching r = requests.post(create_url,data=json.dumps(json_scan,separators=(',', ':')),verify=verify,headers=header) # Getting the scan id for launch the scan try: scan_id = str(json.loads(r.text)['scan']['id']) except KeyError as e: error_string = traceback.format_exc() final_error = 'On {0}, was Found: {1}'.format('Nessus scan',error_string) slack.send_error_to_channel(final_error, SLACK_NOTIFICATION_CHANNEL) print("Nessus scan error " + str(e)) return #Launch the scan launch_url = nessus_info['URL']+'/scans/'+scan_id+'/launch' r = requests.post(launch_url,verify=verify,headers=header) #Monitoring the scan until it's finished scan_status = 'running' while scan_status == 'running': time.sleep(180) resp = requests.get(scan_url+scan_id,verify=verify,headers=header) json_scan = json.loads(resp.text) #Credentials expired getting new ones try: json_scan['error'] token = perform_login() # Getting the session token header['X-Cookie']=token resp = requests.get(scan_url+scan_id,verify=verify,headers=header) json_scan = json.loads(resp.text) except KeyError: pass scan_status = json_scan['info']['status'] if json_scan['info']['status'] == 'completed': add_vulnerability(scan_info, json_scan,header) else: print('The scan with id: '+scan_id+' has been paused or stopped go to nessus and checked manually')
def analyze(scan_info, url_to_scan): target = endpoint + url_to_scan headers = {'x-api-key': WAPPA_KEY} try: response = requests.get(target, headers=headers) if response.json(): libraries = response.json()[0]['applications'] for lib in libraries: lib['cves'], lib['last_version'] = get_cves_and_last_version( lib) message = fastPrint(libraries) add_libraries_vulnerability(scan_info, message) except KeyError: return except Exception as e: error_string = traceback.format_exc() final_error = 'On {0}, was Found: {1}'.format(url_to_scan, error_string) slack.send_error_to_channel(final_error, SLACK_NOTIFICATION_CHANNEL) print("Libraries scan error " + str(e))