Exemple #1
0
def status():
    progress = rds.get_scan_progress()
    session_state = rds.get_session_state()
    status = 'Ready'
    if session_state == 'created':
        status = 'Initializing...'
    elif session_state == 'running':
        if progress:
            status = 'Scanning... [QUEUE:{}]'.format(progress)
        else:
            status = 'Busy...'

    return dict(status=status)
Exemple #2
0
 def get(self, action=None):  
   if not action:
     return {'status':'action type is missing'}, 400
   
   if action == 'status':
     state = rds.get_session_state()
     data = rds.get_vuln_data()
     cfg = rds.get_scan_config()
     
     if not state:
       state = 'idle'
     
     return {'status':state, 'vulnerabilities':data, 'scan_config':cfg}
   
   return {'status':'unsupported action'}, 400
Exemple #3
0
  def scan(self, scan):
    if rds.get_session_state() in ('running', 'created'):
      return (False, 429, 'There is already a scan in progress!')

    cfg = ConfParser(scan)
    
    self.rds.clear_session()
    self.rds.create_session()
    
    logger.info('Storing the new configuration')
    self.rds.store_json('sess_config', scan)
    
    networks = cfg.get_cfg_networks()
    domains = cfg.get_cfg_domains()
    
    if networks:
      logger.info('Scheduling network(s): {}'.format(', '.join(networks)))
    
    if domains:
      logger.info('Scheduling domains(s): {}'.format(', '.join(domains)))
    
    return (True, 200, 'Registered a new scan successfully!')
Exemple #4
0
def scheduler():
  logger.info('Scheduler process started')
  net_utils = Network()
  int_utils = Integration()
  
  while True:
    time.sleep(10)
    session_state = rds.get_session_state()
    
    if not session_state or session_state != 'created':
      continue
    
    config = rds.get_scan_config()
    
    if not config:
      continue
    
    conf = ConfParser(config)
    
    networks = conf.get_cfg_networks()
    domains  = conf.get_cfg_domains()
    excluded_networks = conf.get_cfg_exc_networks()
    excluded_networks.append(net_utils.get_primary_ip() + '/32')
    frequency = conf.get_cfg_frequency()
    
    if frequency == 'once':
      rds.start_session()
      
      if networks:
        schedule_ips(networks, excluded_networks)
      
      if domains:
        schedule_domains(domains)
      
      checks = 0
      
      while True:
        if rds.is_session_active():
          checks = 0
        else:
          checks += 1 
        
        if checks == 10:
          logger.info('Session is about to end...')
          webhook = conf.get_cfg_webhook()
          email_settings = rds.get_email_settings()
          slack_settings = rds.get_slack_settings()
          vuln_data = rds.get_vuln_data()
          
          logger.info('Post assessment actions will now be taken...')
          if webhook:
            int_utils.submit_webhook(webhook, 
                                     cfg  = conf.get_raw_cfg(), 
                                     data = vuln_data)
          
          if email_settings:
            logger.info('Sending email...')
            email_settings['action'] = 'send'
            send_email(email_settings, vuln_data)
          
          if slack_settings:
            int_utils.submit_slack(hook = slack_settings, 
                                   data = vuln_data)

          rds.end_session()  
          break  
        
        time.sleep(20)
    
    elif frequency == 'continuous':
      rds.start_session()
      
      if networks:
        schedule_ips(networks, excluded_networks)
      
      if domains:
        schedule_domains(domains)
        
      checks = 0
      
      while True:
        if rds.is_session_active():
          checks = 0
        else:
          checks += 1 
        
        if checks == 10:
          logger.info('Session is about to end...')
          webhook = conf.get_cfg_webhook()
          vuln_data = rds.get_vuln_data()
          
          logger.info('Post assessment actions will now be taken...')
          if webhook:
            int_utils.submit_webhook(webhook, 
                                     cfg = conf.get_raw_cfg(), 
                                     data = vuln_data)
            
          rds.create_session()
          break
          
        time.sleep(20)