def _set_variables(self, vars):
input_file = vars['input_file']
vars = vars['json']
missing = None
if 'authors' in vars:
vars['authors'] = "\n".join(
['- ' + author for author in vars['authors']])
if 'ref' in vars:
vars['ref'] = escape(vars['ref'])
# XXX type validation is missing
if 'configuration' not in vars:
missing = "['configuration']"
else:
if 'common' not in vars['configuration']:
missing = "['configuration']['common']"
elif 'target' not in vars['configuration']:
missing = "['configuration']['target']"
elif 'bios' not in vars['configuration']:
missing = "['configuration']['bios']"
else:
if 'settings' not in vars['configuration']['bios']:
missing = "['configuration']['bios']['settings']"
elif 'excerpt' not in vars['configuration']['bios']:
missing = "['configuration']['bios']['excerpt']"
if missing is not None:
raise SyntaxError("{} misses {} entry".format(input_file, missing))
# escape markdown special characters
if 'security' in vars['configuration']:
vars['configuration']['security'] = escape(
vars['configuration']['security'])
if 'description' in vars['configuration']:
vars['configuration']['description'] = escape(
vars['configuration']['description'])
for table in [
vars['configuration']['common'],
vars['configuration']['target']['details'],
vars['configuration']['bios']['settings'],
vars['configuration']['bios']['excerpt']
]:
Report._preprocess_config_table(table, vars)
self.variables = vars
def to_html(self, figno):
"""Combine a Figure's png and data table into a single HTML snippet"""
html = "<h4 class='figure'>Figure {}. {}</h4>". \
format(figno, escape(self.title))
html += '<img src="' + self.png_path() + '" alt="' + self.title + '"/>'
html += self.html_data_table()
return html
def html_data_table(self):
"""
Create an HTML snippet string with a table containing the Figure data.
"""
# header
xcommon = self._get_xcommon()
html = '<table class="data"><thead><tr><th></th><th>{}</th></tr>' \
'</thead><tbody>'. \
format('</th><th>'.join([str(x) for x in xcommon]))
# rows
for oneseries in self.series:
# Since the output is processed as markdown,
# special characters have to be escaped.
html += "<tr><td>" + escape(oneseries['label']) + "</td>"
points = Figure._points_to_dict(oneseries['points'])
points = {k: '{0:.2f}'.format(v) for k, v in points.items()}
for xarg in xcommon:
html += '<td>{}</td>'.format(points.get(xarg, '-'))
html += "</tr>"
# end the table
html += "</tbody></table>"
return html
def save_report(args, _q_results, _file, tasks_processed_count):
is_markdown = args.md
no_browser = args.no_browser
start_time = time.time()
a_template = template['markdown'] if is_markdown else template['html']
t_general = Template(a_template['general'])
t_host = Template(a_template['host'])
t_list_item = Template(a_template['list_item'])
output_file_suffix = a_template['suffix']
report_name = '%s_%s%s' % (os.path.basename(_file).lower().replace(
'.txt', ''), time.strftime('%Y%m%d_%H%M%S',
time.localtime()), output_file_suffix)
html_doc = content = ""
vulnerable_hosts_count = 0
console_width = getTerminalSize()[0] - 2
try:
while not config.stop_me or _q_results.qsize() > 0:
if _q_results.qsize() == 0:
time.sleep(0.1)
continue
while _q_results.qsize() > 0:
item = _q_results.get()
if type(item) is str:
message = '[%s] %s' % (time.strftime(
'%H:%M:%S', time.localtime()), item)
if not args.debug and args.network <= 22 and \
(item.startswith('Scan ') or item.startswith('No ports open')):
sys.stdout.write(message +
(console_width - len(message)) * ' ' +
'\r')
else:
print(message)
continue
host, results = item
vulnerable_hosts_count += 1
# print
for key in results.keys():
for url in results[key]:
print(
' [+]%s %s' %
(' [%s]' % url['status'] if url['status'] else '',
url['url']))
_str = ""
for key in results.keys():
for _ in results[key]:
_str += t_list_item.substitute({
'status':
' [%s]' % _['status'] if _['status'] else '',
'url':
_['url'],
'title':
'[%s]' % _['title'] if _['title'] else '',
'vul_type':
escape(_['vul_type'].replace('_', ' '))
if 'vul_type' in _ else ''
})
_str = t_host.substitute({'host': host, 'list': _str})
content += _str
cost_time = time.time() - start_time
cost_min = int(cost_time / 60)
cost_min = '%s min' % cost_min if cost_min > 0 else ''
cost_seconds = '%.2f' % (cost_time % 60)
html_doc = t_general.substitute({
'tasks_processed_count':
tasks_processed_count.value,
'vulnerable_hosts_count':
vulnerable_hosts_count,
'cost_min':
cost_min,
'cost_seconds':
cost_seconds,
'content':
content
})
with codecs.open('report/%s' % report_name,
'w',
encoding='utf-8') as outFile:
outFile.write(html_doc)
if config.ports_saved_to_file:
print('* Ports data saved to %s' % args.save_ports)
if html_doc:
cost_time = time.time() - start_time
cost_min = int(cost_time / 60)
cost_min = '%s min' % cost_min if cost_min > 0 else ''
cost_seconds = '%.1f' % (cost_time % 60)
html_doc = t_general.substitute({
'tasks_processed_count':
tasks_processed_count.value,
'vulnerable_hosts_count':
vulnerable_hosts_count,
'cost_min':
cost_min,
'cost_seconds':
cost_seconds,
'content':
content
})
with codecs.open('report/%s' % report_name, 'w',
encoding='utf-8') as outFile:
outFile.write(html_doc)
print('\n* %s vulnerable targets on sites in total.' %
vulnerable_hosts_count)
print('* Scan report saved to report/%s' % report_name)
if not no_browser:
webbrowser.open_new_tab(
os.path.abspath('report/%s' % report_name))
else:
print('\n* No vulnerabilities found on sites in %s.' % _file)
except Exception as e:
print('[save_report_thread Exception] %s %s' % (type(e), str(e)))
import traceback
traceback.print_exc()
sys.exit(-1)
def save_report(_q_results, _file):
start_time = time.time()
a_template = template['markdown'] if args.md else template['html']
t_general = Template(a_template['general'])
t_host = Template(a_template['host'])
t_list_item = Template(a_template['list_item'])
output_file_suffix = a_template['suffix']
report_name = '%s_%s%s' % (os.path.basename(_file).lower().replace(
'.txt', ''), time.strftime('%Y%m%d_%H%M%S',
time.localtime()), output_file_suffix)
html_doc = content = ""
global STOP_ME
try:
while not STOP_ME:
if _q_results.qsize() == 0:
time.sleep(0.5)
continue
while _q_results.qsize() > 0:
host, results = _q_results.get()
_str = ""
for key in results.keys():
for _ in results[key]:
_str += t_list_item.substitute({
'status':
' [%s]' % _['status'] if _['status'] else '',
'url':
_['url'],
'title':
'[%s]' % _['title'] if _['title'] else '',
'vul_type':
escape(_['vul_type'].replace('_', ' '))
if 'vul_type' in _ else ''
})
_str = t_host.substitute({'host': host, 'list': _str})
content += _str
cost_time = time.time() - start_time
cost_min = int(cost_time / 60)
cost_min = '%s min' % cost_min if cost_min > 0 else ''
cost_seconds = '%.2f' % (cost_time % 60)
html_doc = t_general.substitute({
'cost_min': cost_min,
'cost_seconds': cost_seconds,
'content': content
})
with codecs.open('report/%s' % report_name, 'w',
encoding='utf-8') as outFile:
outFile.write(html_doc)
if html_doc:
print_msg('Scan report saved to report/%s' % report_name)
if not args.no_browser:
webbrowser.open_new_tab(
os.path.abspath('report/%s' % report_name))
else:
print_msg('No vulnerabilities found on sites in %s.' % _file)
except Exception as e:
print_msg('[save_report_thread Exception] %s %s' % (type(e), str(e)))
sys.exit(-1)