def status(): progress = rds.get_scan_progress() session_state = rds.get_session_state() status = 'Ready' if session_state == 'created': status = 'Initializing...' elif session_state == 'running': if progress: status = 'Scanning... [QUEUE:{}]'.format(progress) else: status = 'Busy...' return dict(status=status)
def get(self, action=None): if not action: return {'status':'action type is missing'}, 400 if action == 'status': state = rds.get_session_state() data = rds.get_vuln_data() cfg = rds.get_scan_config() if not state: state = 'idle' return {'status':state, 'vulnerabilities':data, 'scan_config':cfg} return {'status':'unsupported action'}, 400
def scan(self, scan): if rds.get_session_state() in ('running', 'created'): return (False, 429, 'There is already a scan in progress!') cfg = ConfParser(scan) self.rds.clear_session() self.rds.create_session() logger.info('Storing the new configuration') self.rds.store_json('sess_config', scan) networks = cfg.get_cfg_networks() domains = cfg.get_cfg_domains() if networks: logger.info('Scheduling network(s): {}'.format(', '.join(networks))) if domains: logger.info('Scheduling domains(s): {}'.format(', '.join(domains))) return (True, 200, 'Registered a new scan successfully!')
def scheduler(): logger.info('Scheduler process started') net_utils = Network() int_utils = Integration() while True: time.sleep(10) session_state = rds.get_session_state() if not session_state or session_state != 'created': continue config = rds.get_scan_config() if not config: continue conf = ConfParser(config) networks = conf.get_cfg_networks() domains = conf.get_cfg_domains() excluded_networks = conf.get_cfg_exc_networks() excluded_networks.append(net_utils.get_primary_ip() + '/32') frequency = conf.get_cfg_frequency() if frequency == 'once': rds.start_session() if networks: schedule_ips(networks, excluded_networks) if domains: schedule_domains(domains) checks = 0 while True: if rds.is_session_active(): checks = 0 else: checks += 1 if checks == 10: logger.info('Session is about to end...') webhook = conf.get_cfg_webhook() email_settings = rds.get_email_settings() slack_settings = rds.get_slack_settings() vuln_data = rds.get_vuln_data() logger.info('Post assessment actions will now be taken...') if webhook: int_utils.submit_webhook(webhook, cfg = conf.get_raw_cfg(), data = vuln_data) if email_settings: logger.info('Sending email...') email_settings['action'] = 'send' send_email(email_settings, vuln_data) if slack_settings: int_utils.submit_slack(hook = slack_settings, data = vuln_data) rds.end_session() break time.sleep(20) elif frequency == 'continuous': rds.start_session() if networks: schedule_ips(networks, excluded_networks) if domains: schedule_domains(domains) checks = 0 while True: if rds.is_session_active(): checks = 0 else: checks += 1 if checks == 10: logger.info('Session is about to end...') webhook = conf.get_cfg_webhook() vuln_data = rds.get_vuln_data() logger.info('Post assessment actions will now be taken...') if webhook: int_utils.submit_webhook(webhook, cfg = conf.get_raw_cfg(), data = vuln_data) rds.create_session() break time.sleep(20)