def OpenVAS_xml_upload(request):
"""
OpenVAS XML file upload.
:param request:
:return:
"""
all_project = project_db.objects.all()
if request.method == "POST":
project_id = request.POST.get("project_id")
scanner = request.POST.get("scanner")
xml_file = request.FILES['xmlfile']
scan_ip = request.POST.get("scan_url")
scan_id = uuid.uuid4()
scan_status = "100"
if scanner == "openvas":
date_time = datetime.now()
scan_dump = scan_save_db(scan_ip=scan_ip,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
OpenVas_Parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return HttpResponseRedirect(reverse('networkscanners:index'))
elif scanner == "nessus":
date_time = datetime.now()
scan_dump = nessus_scan_db(scan_ip=scan_ip,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
Nessus_Parser.nessus_parser(
root=root_xml,
scan_id=scan_id,
project_id=project_id,
)
return HttpResponseRedirect(reverse('networkscanners:nessus_scan'))
elif scanner == "nmap":
tree = ET.parse(xml_file)
root_xml = tree.getroot()
nmap_parser.xml_parser(
root=root_xml,
scan_id=scan_id,
project_id=project_id,
)
return HttpResponseRedirect(reverse('tools:nmap_scan'))
return render(request, 'net_upload_xml.html', {'all_project': all_project})
def updated_nessus_parser(root, project_id, scan_id, username):
global agent, description, fname, \
plugin_modification_date, plugin_name, \
plugin_publication_date, plugin_type, \
risk_factor, script_version, solution, \
synopsis, plugin_output, see_also, scan_ip, \
pluginName, pluginID, protocol, severity, \
svc_name, pluginFamily, port, vuln_color, total_vul, total_high, total_medium, total_low, target, report_name
date_time = datetime.datetime.now()
for data in root:
if data.tag == 'Report':
report_name = data.attrib['name']
scan_status = "100"
scan_dump = nessus_scan_db(report_name=report_name,
target=target,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
for reportHost in data.iter('ReportHost'):
try:
for key, value in reportHost.items():
target = value
except:
continue
for ReportItem in reportHost.iter('ReportItem'):
for key, value in ReportItem.attrib.items():
if key == 'pluginName':
pluginName = value
# print ("pluginName = "+str(value))
if key == 'pluginID':
pluginID = value
# print ("pluginID = "+str(value))
if key == 'protocol':
protocol = value
# print ("protocol = "+str(value))
if key == 'severity':
severity = value
# print ("severity = "+str(value))
if key == 'svc_name':
svc_name = value
# print ("svc_name = "+str(value))
if key == 'pluginFamily':
pluginFamily = value
# print ("pluginFamily = "+str(value))
if key == 'port':
port = value
# print ("port = "+str(value))
try:
agent = ReportItem.find('agent').text
except:
agent = "NA"
try:
description = ReportItem.find('description').text
except:
description = "NA"
try:
fname = ReportItem.find('fname').text
except:
fname = "NA"
try:
plugin_modification_date = ReportItem.find(
'plugin_modification_date').text
except:
plugin_modification_date = "NA"
try:
plugin_name = ReportItem.find('plugin_name').text
except:
plugin_name = "NA"
try:
plugin_publication_date = ReportItem.find(
'plugin_publication_date').text
except:
plugin_publication_date = "NA"
try:
plugin_type = ReportItem.find('plugin_type').text
except:
plugin_type = "NA"
try:
risk_factor = ReportItem.find('risk_factor').text
except:
risk_factor = "NA"
try:
script_version = ReportItem.find('script_version').text
except:
script_version = "NA"
try:
see_also = ReportItem.find('see_also').text
except:
see_also = "NA"
try:
solution = ReportItem.find('solution').text
except:
solution = "NA"
try:
synopsis = ReportItem.find('synopsis').text
except:
synopsis = "NA"
try:
plugin_output = ReportItem.find('plugin_output').text
except:
plugin_output = "NA"
vuln_id = uuid.uuid4()
if risk_factor == 'Critical':
vuln_color = 'danger'
risk_factor = 'High'
elif risk_factor == 'High':
vuln_color = 'danger'
risk_factor = 'High'
elif risk_factor == 'Medium':
vuln_color = 'warning'
risk_factor = 'Medium'
elif risk_factor == 'Low':
vuln_color = 'info'
risk_factor = 'Low'
else:
risk_factor = 'Low'
vuln_color = 'info'
dup_data = target + plugin_name + severity + port
duplicate_hash = hashlib.sha256(
dup_data.encode('utf-8')).hexdigest()
match_dup = nessus_scan_results_db.objects.filter(
username=username,
dup_hash=duplicate_hash).values('dup_hash').distinct()
lenth_match = len(match_dup)
if lenth_match == 0:
duplicate_vuln = 'No'
global false_positive
false_p = nessus_scan_results_db.objects.filter(
username=username, false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
if fp_lenth_match == 1:
false_positive = 'Yes'
else:
false_positive = 'No'
if risk_factor == 'None':
risk_factor = 'Low'
all_data_save = nessus_scan_results_db(
project_id=project_id,
report_name=report_name,
scan_id=scan_id,
date_time=date_time,
target=target,
vuln_id=vuln_id,
agent=agent,
description=description,
fname=fname,
plugin_modification_date=plugin_modification_date,
plugin_name=plugin_name,
plugin_publication_date=plugin_publication_date,
plugin_type=plugin_type,
risk_factor=risk_factor,
script_version=script_version,
see_also=see_also,
solution=solution,
synopsis=synopsis,
plugin_output=plugin_output,
pluginName=pluginName,
pluginID=pluginID,
protocol=protocol,
severity=severity,
svc_name=svc_name,
pluginFamily=pluginFamily,
port=port,
false_positive=false_positive,
vuln_status='Open',
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
severity_color=vuln_color,
username=username,
)
all_data_save.save()
del_na = nessus_scan_results_db.objects.filter(
username=username, plugin_name='NA')
del_na.delete()
else:
duplicate_vuln = 'Yes'
all_data_save = nessus_scan_results_db(
project_id=project_id,
scan_id=scan_id,
target=target,
vuln_id=vuln_id,
date_time=date_time,
agent=agent,
description=description,
fname=fname,
plugin_modification_date=plugin_modification_date,
plugin_name=plugin_name,
plugin_publication_date=plugin_publication_date,
plugin_type=plugin_type,
risk_factor=risk_factor,
script_version=script_version,
see_also=see_also,
solution=solution,
synopsis=synopsis,
plugin_output=plugin_output,
pluginName=pluginName,
pluginID=pluginID,
protocol=protocol,
severity=severity,
svc_name=svc_name,
pluginFamily=pluginFamily,
port=port,
false_positive='Duplicate',
vuln_status='Duplicate',
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
severity_color=vuln_color,
username=username,
)
all_data_save.save()
del_na = nessus_scan_results_db.objects.filter(
username=username, plugin_name='NA')
del_na.delete()
ov_all_vul = nessus_scan_results_db.objects.filter(
username=username, scan_id=scan_id)
total_duplicate = len(
ov_all_vul.filter(vuln_duplicate='Yes'))
nessus_scan_db.objects.filter(username=username, scan_id=scan_id) \
.update(
total_dup=total_duplicate,
target=target,
)
target_filter = nessus_scan_results_db.objects.filter(
username=username,
scan_id=scan_id,
target=target,
vuln_status='Open',
vuln_duplicate='No')
duplicate_count = nessus_scan_results_db.objects.filter(
username=username,
scan_id=scan_id,
target=target,
vuln_duplicate='Yes')
target_total_vuln = len(target_filter)
target_total_high = len(target_filter.filter(risk_factor="High"))
target_total_medium = len(
target_filter.filter(risk_factor="Medium"))
target_total_low = len(target_filter.filter(risk_factor="Low"))
target_total_duplicate = len(
duplicate_count.filter(vuln_duplicate='Yes'))
target_scan_dump = nessus_targets_db(
report_name=report_name,
target=target,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
username=username,
total_vuln=target_total_vuln,
total_high=target_total_high,
total_medium=target_total_medium,
total_low=target_total_low,
total_dup=target_total_duplicate,
)
target_scan_dump.save()
ov_all_vul = nessus_scan_results_db.objects.filter(username=username,
scan_id=scan_id,
vuln_status='Open',
vuln_duplicate='No')
duplicate_count_report = nessus_scan_results_db.objects.filter(
username=username, scan_id=scan_id, vuln_duplicate='Yes')
total_vuln = len(ov_all_vul)
total_high = len(ov_all_vul.filter(risk_factor="High"))
total_medium = len(ov_all_vul.filter(risk_factor="Medium"))
total_low = len(ov_all_vul.filter(risk_factor="Low"))
total_duplicate = len(
duplicate_count_report.filter(vuln_duplicate='Yes'))
nessus_scan_db.objects.filter(username=username, scan_id=scan_id) \
.update(total_vuln=total_vuln,
total_high=total_high,
total_medium=total_medium,
total_low=total_low,
total_dup=total_duplicate,
target=target,
)
subject = 'Archery Tool Scan Status - Nessus Report Uploaded'
message = 'Nessus Scanner has completed the scan ' \
' %s <br> Total: %s <br>High: %s <br>' \
'Medium: %s <br>Low %s' % (scan_id, total_vul, total_high, total_medium, total_low)
email_sch_notify(subject=subject, message=message)
def updated_nessus_parser(root, project_id, scan_id, username):
global agent, description, fname, \
plugin_modification_date, plugin_name, \
plugin_publication_date, plugin_type, \
risk_factor, script_version, solution, \
synopsis, plugin_output, see_also, scan_ip, \
pluginName, pluginID, protocol, severity, \
svc_name, pluginFamily, port, vuln_color
for data in root:
for reportHost in data.iter('ReportHost'):
print("reportHost = " + str(reportHost.attrib))
try:
for key, value in reportHost.items():
scan_ip = value
print("IP = " + str(scan_ip))
except:
continue
scan_status = "100"
date_time = datetime.datetime.now()
scan_dump = nessus_scan_db(scan_ip=scan_ip,
scan_id=scan_ip,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
for ReportItem in reportHost.iter('ReportItem'):
for key, value in ReportItem.attrib.items():
if key == 'pluginName':
pluginName = value
# print ("pluginName = "+str(value))
if key == 'pluginID':
pluginID = value
# print ("pluginID = "+str(value))
if key == 'protocol':
protocol = value
# print ("protocol = "+str(value))
if key == 'severity':
severity = value
# print ("severity = "+str(value))
if key == 'svc_name':
svc_name = value
# print ("svc_name = "+str(value))
if key == 'pluginFamily':
pluginFamily = value
# print ("pluginFamily = "+str(value))
if key == 'port':
port = value
# print ("port = "+str(value))
try:
agent = ReportItem.find('agent').text
except:
agent = "NA"
try:
description = ReportItem.find('description').text
except:
description = "NA"
try:
fname = ReportItem.find('fname').text
except:
fname = "NA"
try:
plugin_modification_date = ReportItem.find(
'plugin_modification_date').text
except:
plugin_modification_date = "NA"
try:
plugin_name = ReportItem.find('plugin_name').text
except:
plugin_name = "NA"
try:
plugin_publication_date = ReportItem.find(
'plugin_publication_date').text
except:
plugin_publication_date = "NA"
try:
plugin_type = ReportItem.find('plugin_type').text
except:
plugin_type = "NA"
try:
risk_factor = ReportItem.find('risk_factor').text
except:
risk_factor = "NA"
try:
script_version = ReportItem.find('script_version').text
except:
script_version = "NA"
try:
see_also = ReportItem.find('see_also').text
except:
see_also = "NA"
try:
solution = ReportItem.find('solution').text
except:
solution = "NA"
try:
synopsis = ReportItem.find('synopsis').text
except:
synopsis = "NA"
try:
plugin_output = ReportItem.find('plugin_output').text
except:
plugin_output = "NA"
vul_id = uuid.uuid4()
dup_data = scan_ip + plugin_name + severity + port
duplicate_hash = hashlib.sha256(
dup_data.encode('utf-8')).hexdigest()
match_dup = nessus_report_db.objects.filter(
username=username,
dup_hash=duplicate_hash).values('dup_hash').distinct()
lenth_match = len(match_dup)
if severity == '0':
vuln_color = 'info'
if severity == '1':
vuln_color = 'info'
if severity == '2':
vuln_color = 'warning'
if severity == '3':
vuln_color = 'danger'
if severity == '4':
vuln_color = 'danger'
if lenth_match == 1:
duplicate_vuln = 'Yes'
elif lenth_match == 0:
duplicate_vuln = 'No'
else:
duplicate_vuln = 'None'
global false_positive
false_p = nessus_report_db.objects.filter(
username=username, false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
if fp_lenth_match == 1:
false_positive = 'Yes'
else:
false_positive = 'No'
if risk_factor == 'None':
risk_factor = 'Informational'
all_data_save = nessus_report_db(
project_id=project_id,
scan_id=scan_ip,
scan_ip=scan_ip,
vul_id=vul_id,
agent=agent,
description=description,
fname=fname,
plugin_modification_date=plugin_modification_date,
plugin_name=plugin_name,
plugin_publication_date=plugin_publication_date,
plugin_type=plugin_type,
risk_factor=risk_factor,
script_version=script_version,
see_also=see_also,
solution=solution,
synopsis=synopsis,
plugin_output=plugin_output,
pluginName=pluginName,
pluginID=pluginID,
protocol=protocol,
severity=severity,
svc_name=svc_name,
pluginFamily=pluginFamily,
port=port,
false_positive=false_positive,
vuln_status='Open',
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
severity_color=vuln_color,
username=username,
)
all_data_save.save()
print("RESULTS = " + str(all_data_save.scan_id))
del_na = nessus_report_db.objects.filter(username=username,
plugin_name='NA')
del_na.delete()
ov_all_vul = nessus_report_db.objects.filter(
username=username, scan_id=scan_ip).order_by('scan_ip')
total_vul = len(ov_all_vul)
total_critical = len(ov_all_vul.filter(risk_factor="Critical"))
total_high = len(ov_all_vul.filter(risk_factor="High"))
total_medium = len(ov_all_vul.filter(risk_factor="Medium"))
total_low = len(ov_all_vul.filter(risk_factor="Low"))
total_info = len(
ov_all_vul.filter(risk_factor="Informational"))
total_duplicate = len(ov_all_vul.filter(vuln_duplicate='Yes'))
nessus_scan_db.objects.filter(username=username, scan_id=scan_ip) \
.update(total_vul=total_vul,
critical_total=total_critical,
high_total=total_high,
medium_total=total_medium,
low_total=total_low,
info_total=total_info,
total_dup=total_duplicate,
scan_ip=scan_ip,
)
subject = 'Archery Tool Scan Status - Nessus Report Uploaded'
message = 'Nessus Scanner has completed the scan ' \
' %s <br> Total: %s <br>High: %s <br>' \
'Medium: %s <br>Low %s' % (scan_id, total_vul, total_high, total_medium, total_low)
email_sch_notify(subject=subject, message=message)
def post(self, request, format=None):
username = request.user.username
project_id = request.data.get("project_id")
scanner = request.data.get("scanner")
file = request.data.get("filename")
scan_url = request.data.get("scan_url")
scan_id = uuid.uuid4()
scan_status = "100"
if scanner == "zap_scan":
date_time = datetime.datetime.now()
scan_dump = zap_scans_db(scan_url=scan_url,
scan_scanid=scan_id,
date_time=date_time,
project_id=project_id,
vul_status=scan_status,
rescan='No',
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
zap_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml_en,
username=username)
return Response({
"message": "ZAP Scan Data Uploaded",
"scanner": scanner,
"project_id": project_id,
"scan_id": scan_id
})
elif scanner == "burp_scan":
date_time = datetime.datetime.now()
scan_dump = burp_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
# Burp scan XML parser
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
burp_xml_parser.burp_scan_data(root_xml_en,
project_id,
scan_id,
username=username)
return Response({
"message": "Burp Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == "arachni":
date_time = datetime.datetime.now()
scan_dump = arachni_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
arachni_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml,
username=username,
target_url=scan_url)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == "acunetix":
date_time = datetime.datetime.now()
scan_dump = acunetix_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
acunetix_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml_en,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'netsparker':
date_time = datetime.datetime.now()
scan_dump = netsparker_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
netsparker_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'webinspect':
date_time = datetime.datetime.now()
scan_dump = webinspect_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
webinspect_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'banditscan':
date_time = datetime.datetime.now()
scan_dump = bandit_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
bandit_report_json(data=data,
project_id=project_id,
scan_id=scan_id,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'dependencycheck':
date_time = datetime.datetime.now()
scan_dump = dependencycheck_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
xml_dat = bytes(bytearray(file, encoding='utf-8'))
data = etree.XML(xml_dat)
dependencycheck_report_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'findbugs':
date_time = datetime.datetime.now()
scan_dump = findbugs_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
findbugs_report_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'checkmarx':
date_time = datetime.datetime.now()
scan_dump = checkmarx_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
checkmarx_xml_report_parser.checkmarx_report_xml(
data=root_xml,
project_id=project_id,
scan_id=scan_id,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'clair':
date_time = datetime.datetime.now()
scan_dump = clair_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
clair_json_report_parser.clair_report_json(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'trivy':
date_time = datetime.datetime.now()
scan_dump = trivy_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
trivy_json_report_parser.trivy_report_json(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'npmaudit':
date_time = datetime.datetime.now()
scan_dump = npmaudit_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
npm_audit_report_json.npmaudit_report_json(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'nodejsscan':
date_time = datetime.datetime.now()
scan_dump = nodejsscan_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
nodejsscan_report_json.nodejsscan_report_json(
project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'tfsec':
date_time = datetime.datetime.now()
scan_dump = tfsec_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
tfsec_report_parser.tfsec_report_json(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'whitesource':
date_time = datetime.datetime.now()
scan_dump = whitesource_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
whitesource_json_report_parser.whitesource_report_json(
project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'inspec':
date_time = datetime.datetime.now()
scan_dump = inspec_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
inspec_json_parser.inspec_report_json(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'dockle':
date_time = datetime.datetime.now()
scan_dump = dockle_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
dockle_json_parser.dockle_report_json(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'nessus':
date_time = datetime.datetime.now()
scan_dump = nessus_scan_db(scan_ip=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
Nessus_Parser.updated_nessus_parser(root=root_xml_en,
scan_id=scan_id,
project_id=project_id,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'openvas':
date_time = datetime.datetime.now()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
hosts = OpenVas_Parser.get_hosts(root_xml_en)
for host in hosts:
scan_dump = scan_save_db(scan_ip=host,
scan_id=host,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
OpenVas_Parser.updated_xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml_en,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'nikto':
date_time = datetime.datetime.now()
scan_dump = nikto_result_db(date_time=date_time,
scan_url=scan_url,
scan_id=scan_id,
project_id=project_id,
username=username)
scan_dump.save()
nikto_html_parser(file, project_id, scan_id, username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
return Response({"message": "Scan Data Uploaded"})
def post(self, request, format=None):
project_id = request.data.get("project_id")
scanner = request.data.get("scanner")
file = request.data.get("filename")
print("Results file content: ", file)
scan_url = request.data.get("scan_url")
scan_id = uuid.uuid4()
scan_status = "100"
if scanner == "zap_scan":
print("Inside zap_scan")
date_time = datetime.datetime.now()
scan_dump = zap_scans_db(scan_url=scan_url,
scan_scanid=scan_id,
date_time=date_time,
project_id=project_id,
vul_status=scan_status,
rescan='No')
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
zap_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml_en)
return Response({
"message": "ZAP Scan Data Uploaded",
"scanner": scanner,
"project_id": project_id,
"scan_id": scan_id
})
elif scanner == "burp_scan":
date_time = datetime.datetime.now()
scan_dump = burp_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
# Burp scan XML parser
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
burp_xml_parser.burp_scan_data(root_xml_en, project_id, scan_id)
return Response({
"message": "Burp Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == "arachni":
date_time = datetime.datetime.now()
scan_dump = arachni_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
arachni_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == "acunetix":
date_time = datetime.datetime.now()
scan_dump = acunetix_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
acunetix_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml_en)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'netsparker':
date_time = datetime.datetime.now()
scan_dump = netsparker_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
netsparker_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'webinspect':
date_time = datetime.datetime.now()
scan_dump = webinspect_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
webinspect_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'banditscan':
date_time = datetime.datetime.now()
scan_dump = bandit_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
data = json.loads(file)
bandit_report_json(data=data,
project_id=project_id,
scan_id=scan_id)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'dependencycheck':
date_time = datetime.datetime.now()
scan_dump = dependencycheck_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
xml_dat = bytes(bytearray(file, encoding='utf-8'))
data = etree.XML(xml_dat)
dependencycheck_report_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
data=data)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'findbugs':
date_time = datetime.datetime.now()
scan_dump = findbugs_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
findbugs_report_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'clair':
date_time = datetime.datetime.now()
scan_dump = clair_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
data = json.loads(file)
clair_json_report_parser.clair_report_json(project_id=project_id,
scan_id=scan_id,
data=data)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'inspec':
date_time = datetime.datetime.now()
scan_dump = inspec_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
data = json.loads(file)
inspec_json_parser.inspec_report_json(project_id=project_id,
scan_id=scan_id,
data=data)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'nessus':
date_time = datetime.datetime.now()
scan_dump = nessus_scan_db(scan_ip=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
Nessus_Parser.nessus_parser(
root=root_xml_en,
scan_id=scan_id,
project_id=project_id,
)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'openvas':
date_time = datetime.datetime.now()
scan_dump = scan_save_db(scan_ip=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
OpenVas_Parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml_en)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'nikto':
date_time = datetime.datetime.now()
scan_dump = nikto_result_db(
date_time=date_time,
scan_url=scan_url,
scan_id=scan_id,
project_id=project_id,
)
scan_dump.save()
nikto_html_parser(file, project_id, scan_id)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
return Response({"message": "Scan Data Not Uploaded"})
def OpenVas_xml_upload(request):
"""
OpenVAS XML file upload.
:param request:
:return:
"""
all_project = project_db.objects.all()
if request.method == "POST":
project_id = request.POST.get("project_id")
scanner = request.POST.get("scanner")
xml_file = request.FILES['xmlfile']
scan_ip = request.POST.get("scan_url")
scan_id = uuid.uuid4()
scan_status = "100"
if scanner == "openvas":
date_time = datetime.now()
scan_dump = scan_save_db(scan_ip=scan_ip,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
OpenVas_Parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return HttpResponseRedirect("/networkscanners/")
elif scanner == "nessus":
date_time = datetime.now()
scan_dump = nessus_scan_db(
scan_ip=scan_ip,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status
)
scan_dump.save()
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
Nessus_Parser.nessus_parser(root=root_xml,
scan_id=scan_id,
project_id=project_id,
)
return HttpResponseRedirect("/networkscanners/nessus_scan")
elif scanner == "nmap":
# date_time = datetime.now()
# scan_dump = nessus_scan_db(
# scan_ip=scan_ip,
# scan_id=scan_id,
# date_time=date_time,
# project_id=project_id,
# scan_status=scan_status
# )
# scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
nmap_parser.xml_parser(root=root_xml,
scan_id=scan_id,
project_id=project_id,
)
return HttpResponseRedirect("/tools/nmap_scan/")
return render(request,
'net_upload_xml.html',
{'all_project': all_project})
