Exemple #1
0
def scan(target_data, config):

    if not utils.validate_target(target_data["target"], config):
        return False

    target = target_data["target"]
    scan_id = target_data["scan_id"]

    agentConfig = target_data["agent_config"]

    command = command_builder(scan_id, agentConfig, target)
    data_dir = utils.get_data_dir(scan_id)

    result = ScanResult(target_data, config)

    try:
        subprocess.run(command,
                       stdout=subprocess.PIPE,
                       stderr=subprocess.DEVNULL,
                       timeout=int(agentConfig["scanTimeout"]))  # nosec
    except subprocess.TimeoutExpired:
        result.add_item('timed_out', True)
        logger.warning("TIMEOUT: Nmap against %s (%s)" % (target, scan_id))
        return result

    logger.info("Nmap %s (%s) complete" % (target, scan_id))

    for ext in 'nmap', 'gnmap', 'xml':
        path = f"{data_dir}/nmap.{scan_id}.{ext}"
        try:
            result.add_item(ext + "_data", open(path).read())
        except Exception:
            logger.warning(f"Couldn't read {path}")
            return False

    try:
        nmap_report = NmapParser.parse(result.result['xml_data'])
    except NmapParserException:
        logger.warning(f"Couldn't parse nmap.{scan_id}.xml")
        return False

    if nmap_report.hosts_total < 1:
        logger.warning(f"No hosts found in nmap.{scan_id}.xml")
        return False
    elif nmap_report.hosts_total > 1:
        logger.warning(f"Too many hosts found in nmap.{scan_id}.xml")
        return False
    elif nmap_report.hosts_down == 1:
        # host is down
        result.is_up(False)
        return result
    elif nmap_report.hosts_up == 1 and len(nmap_report.hosts) == 0:
        # host is up but no reportable ports were found
        result.is_up(True)
        result.add_item('port_count', 0)
        return result
    else:
        # host is up and reportable ports were found
        result.is_up(nmap_report.hosts[0].is_up())
        result.add_item('port_count', len(nmap_report.hosts[0].get_ports()))

    if agentConfig["webScreenshots"] and shutil.which("aquatone") is not None:
        screens = screenshots.get_web_screenshots(
            target, scan_id, result.result['xml_data'],
            agentConfig["webScreenshotTimeout"])
        for item in screens:
            result.add_screenshot(item)

    if agentConfig["vncScreenshots"] and shutil.which(
            "vncsnapshot") is not None:
        if "5900/tcp" in result.result['nmap_data']:
            if screenshots.get_vnc_screenshots(
                    target, scan_id,
                    agentConfig["vncScreenshotTimeout"]) is True:

                screenshotPath = f"{data_dir}/vncsnapshot.{scan_id}.jpg"
                if os.path.isfile(screenshotPath):
                    result.add_screenshot({
                        "host":
                        target,
                        "port":
                        5900,
                        "service":
                        "VNC",
                        "data":
                        screenshots.base64_image(screenshotPath)
                    })
                    logger.info("VNC screenshot acquired for %s" %
                                result.result['ip'])

    # submit result

    return result
Exemple #2
0
def scan(target_data, config):

    if not utils.validate_target(target_data["target"], config):
        return False

    target = target_data["target"]
    scan_id = target_data["scan_id"]

    agentConfig = target_data["agent_config"]

    command = command_builder(scan_id, agentConfig, target)
    scan_dir = utils.get_scan_dir(scan_id)

    result = ScanResult(target_data, config)

    try:
        subprocess.run(
            command,
            stdout=subprocess.PIPE,
            stderr=subprocess.DEVNULL,
            timeout=int(agentConfig["scanTimeout"]),
        )  # nosec
    except subprocess.TimeoutExpired:
        result.add_item("timed_out", True)
        logger.warning(f"TIMEOUT: Nmap against {target} ({scan_id})")
        return result

    logger.info(f"Nmap {target} ({scan_id}) complete")

    for ext in "nmap", "gnmap", "xml":
        path = os.path.join(scan_dir, f"nmap.{scan_id}.{ext}")
        try:
            with open(path, "r") as f:
                result.add_item(ext + "_data", f.read())
        except Exception:
            logger.warning(f"Couldn't read {path}")
            return False

    try:
        nmap_report = NmapParser.parse(result.result["xml_data"])
    except NmapParserException:
        logger.warning(f"Couldn't parse nmap.{scan_id}.xml")
        return False

    if nmap_report.hosts_total < 1:
        logger.warning(f"No hosts found in nmap.{scan_id}.xml")
        return False
    elif nmap_report.hosts_total > 1:
        logger.warning(f"Too many hosts found in nmap.{scan_id}.xml")
        return False
    elif nmap_report.hosts_down == 1:
        # host is down
        result.is_up(False)
        return result
    elif nmap_report.hosts_up == 1 and len(nmap_report.hosts) == 0:
        # host is up but no reportable ports were found
        result.is_up(True)
        result.add_item("port_count", 0)
        return result
    else:
        # host is up and reportable ports were found
        result.is_up(nmap_report.hosts[0].is_up())
        result.add_item("port_count", len(nmap_report.hosts[0].get_ports()))

    if agentConfig["webScreenshots"] and shutil.which("aquatone") is not None:
        screens = screenshots.get_web_screenshots(
            target,
            scan_id,
            result.result["xml_data"],
            agentConfig["webScreenshotTimeout"],
        )
        for item in screens:
            result.add_screenshot(item)

    if (agentConfig["vncScreenshots"]
            and "5900/tcp" in result.result["nmap_data"]
            and screenshots.get_vnc_screenshots(
                target, scan_id, agentConfig["vncScreenshotTimeout"])):

        screenshotPath = os.path.join(scan_dir, f"vncsnapshot.{scan_id}.jpg")
        if os.path.isfile(screenshotPath):
            result.add_screenshot({
                "host":
                target,
                "port":
                5900,
                "service":
                "VNC",
                "data":
                screenshots.base64_image(screenshotPath),
            })
            logger.info(f"VNC screenshot acquired for {result.result['ip']}")

    # submit result

    return result
Exemple #3
0
def scan(target_data, config):

    if not utils.validate_target(target_data["target"], config):
        return False

    target = target_data["target"]
    scan_id = target_data["scan_id"]

    agentConfig = target_data["agent_config"]

    command = command_builder(scan_id, agentConfig, target)
    data_dir = utils.get_data_dir(scan_id)

    result = ScanResult(target_data, config)

    try:
        process = subprocess.run(command,
                                 stdout=subprocess.PIPE,
                                 stderr=subprocess.DEVNULL,
                                 timeout=int(
                                     agentConfig["scanTimeout"]))  # nosec
    except subprocess.TimeoutExpired:
        result.add_item('timed_out', True)
        logger.warning("TIMEOUT: Nmap against %s (%s)" % (target, scan_id))
        return result

    logger.info("Nmap %s (%s) complete" % (target, scan_id))

    for ext in 'nmap', 'gnmap', 'xml':
        path = f"{data_dir}/nmap.{scan_id}.{ext}"
        try:
            result.add_item(ext + "_data", open(path).read())
        except Exception:
            logger.warning(f"Couldn't read {path}")
            return False

    try:
        nmap_report = NmapParser.parse(result.result['xml_data'])
    except NmapParserException:
        logger.warning(f"Couldn't parse nmap.{scan_id}.xml")
        return False

    if nmap_report.hosts_total < 1:
        logger.warning(f"No hosts found in nmap.{scan_id}.xml")
        return False
    elif nmap_report.hosts_total > 1:
        logger.warning(f"Too many hosts found in nmap.{scan_id}.xml")
        return False
    elif nmap_report.hosts_down == 1:
        # host is down
        result.is_up(False)
        return result
    elif nmap_report.hosts_up == 1 and len(nmap_report.hosts) == 0:
        # host is up but no reportable ports were found
        result.is_up(True)
        result.add_item('port_count', 0)
        return result
    else:
        # host is up and reportable ports were found
        result.is_up(nmap_report.hosts[0].is_up())
        result.add_item('port_count', len(nmap_report.hosts[0].get_ports()))

    if agentConfig["webScreenshots"] and shutil.which("aquatone") is not None:
        targetServices = []
        if "80/tcp" in result.result['nmap_data']:
            targetServices.append("http")
        if "443/tcp" in result.result['nmap_data']:
            targetServices.append("https")
        if len(targetServices) > 0:
            screenshots.get_web_screenshots(
                target, scan_id, targetServices,
                agentConfig["webScreenshotTimeout"])

        serviceMapping = {"http": 80, "https": 443}
        for service in targetServices:
            screenshotPath = f"{data_dir}/aquatone.{scan_id}/screenshots/{service}__{target.replace('.','_')}.png"
            # "data/aquatone." + scan_id + "/screenshots/" + service + "__" + target.replace('.', '_') + ".png"

            if not os.path.isfile(screenshotPath):
                continue

            result.add_screenshot({
                "host":
                target,
                "port":
                serviceMapping[service],
                "service":
                service.upper(),
                "data":
                str(base64.b64encode(open(screenshotPath, 'rb').read()))[2:-1]
            })
            logger.info("%s screenshot acquired for %s" %
                        (service.upper(), target))

    if agentConfig["vncScreenshots"] and shutil.which(
            "vncsnapshot") is not None:
        if "5900/tcp" in result.result['nmap_data']:
            if screenshots.get_vnc_screenshots(
                    target, scan_id,
                    agentConfig["vncScreenshotTimeout"]) is True:

                screenshotPath = f"{data_dir}/vncsnapshot.{scan_id}.jpg"
                if os.path.isfile(screenshotPath):
                    result.add_screenshot({
                        "host":
                        target,
                        "port":
                        5900,
                        "service":
                        "VNC",
                        "data":
                        str(base64.b64encode(
                            open(screenshotPath, 'rb').read()))[2:-1]
                    })
                    logger.info("VNC screenshot acquired for %s" %
                                result.result['ip'])

    # submit result

    return result
Exemple #4
0
def scan(target_data, config):

    if not utils.validate_target(target_data["target"], config):
        return False
    target = target_data["target"]
    scan_id = target_data["scan_id"]

    agentConfig = target_data["agent_config"]

    command = command_builder(scan_id, agentConfig, target)
    scan_dir = utils.get_scan_dir(scan_id)

    result = ScanResult(target_data, config)

    try:
        subprocess.run(
            command,
            stdout=subprocess.PIPE,
            stderr=subprocess.DEVNULL,
            timeout=int(agentConfig["scanTimeout"]),
        )  # nosec
    except subprocess.TimeoutExpired:
        add_breadcrumb(level="warn", message="Nmap scan timed out")
        result.add_item("timed_out", True)
        logger.warning(f"TIMEOUT: Nmap against {target} ({scan_id})")
        return result
    logger.info(f"Nmap {target} ({scan_id}) complete")

    for ext in "nmap", "gnmap", "xml":
        path = os.path.join(scan_dir, f"nmap.{scan_id}.{ext}")
        try:
            with open(path, "r") as f:
                result.add_item(ext + "_data", f.read())
        except Exception:
            logger.warning(f"Couldn't read {path}")
            return False
    try:
        nmap_report = NmapParser.parse(result.result["xml_data"])
    except NmapParserException:
        logger.warning(f"Couldn't parse nmap.{scan_id}.xml")
        return False
    if nmap_report.hosts_total < 1:
        logger.warning(f"No hosts found in nmap.{scan_id}.xml")
        return False
    elif nmap_report.hosts_total > 1:
        logger.warning(f"Too many hosts found in nmap.{scan_id}.xml")
        return False
    elif nmap_report.hosts_down == 1:
        # host is down
        result.is_up(False)
        return result
    elif nmap_report.hosts_up == 1 and len(nmap_report.hosts) == 0:
        # host is up but no reportable ports were found
        result.is_up(True)
        result.add_item("port_count", 0)
        return result
    else:
        # host is up and reportable ports were found
        result.is_up(nmap_report.hosts[0].is_up())
        result.add_item("port_count", len(nmap_report.hosts[0].get_ports()))
    if agentConfig["webScreenshots"]:
        screens = screenshots.get_web_screenshots(
            target, scan_id, agentConfig["webScreenshotTimeout"])
        for item in screens:
            result.add_screenshot(item)
    if agentConfig["vncScreenshots"] and "5900/tcp" in result.result[
            "nmap_data"]:
        vnc_screenshot = screenshots.get_vnc_screenshots(
            target, scan_id, agentConfig["vncScreenshotTimeout"])
        if vnc_screenshot:
            result.add_screenshot(vnc_screenshot)
    # submit result

    return result