Exemple #1
0
def search_all_transactions(session,
                            criteria,
                            target_id=None,
                            include_raw_data=True):
    """Search all transactions.Three things needed
        + Total number of transactions
        + Filtered transaction dicts
        + Filtered number of transactions

    :param criteria: Filter criteria
    :type criteria: `dict`
    :param target_id: target ID
    :type target_id: `int`
    :param include_raw_data: True/False to include raw data
    :type include_raw_data: `bool`
    :return: Results
    :rtype: `dict`
    """
    total = get_count(
        session.query(models.Transaction).filter_by(target_id=target_id))
    filtered_transaction_objs = transaction_gen_query(session, criteria,
                                                      target_id).all()
    filtered_number = get_count(
        transaction_gen_query(session, criteria, target_id, for_stats=True))
    results = {
        "records_total": total,
        "records_filtered": filtered_number,
        "data": get_transaction_dicts(filtered_transaction_objs,
                                      include_raw_data)
    }
    return results
Exemple #2
0
def search_all_urls(session, criteria, target_id=None):
    """Search all URLs based on criteria and target ID

    .note::
        Three things needed
            + Total number of urls
            + Filtered url
            + Filtered number of url

    :param criteria: Filter criteria
    :type criteria: `dict`
    :param target_id: Target ID
    :type target_id: `int`
    :return: Search result dict
    :rtype: `dict`
    """
    total = get_count(session.query(models.Url).filter_by(target_id=target_id))
    filtered_url_objs = url_gen_query(session, criteria, target_id).all()
    filtered_number = get_count(
        url_gen_query(session, criteria, target_id, for_stats=True))
    results = {
        "records_total": total,
        "records_filtered": filtered_number,
        "data": derive_url_dicts(filtered_url_objs)
    }
    return results
Exemple #3
0
def search_by_regex_name(session, regex_name, stats=False, target_id=None):
    """Allows searching of the grep_outputs table using a regex name

    .note::
        What this function returns :
        + regex_name
        + grep_outputs - list of unique matches
        + transaction_ids - list of one transaction id per unique match
        + match_percent

    :param regex_name: Name of regex
    :type regex_name: `str`
    :param stats: true/false
    :type stats: `bool`
    :param target_id: target ID
    :type target_id: `int`
    :return: List of results
    :rtype: `list`
    """
    # Get the grep outputs and only unique values
    grep_outputs = session.query(models.GrepOutput.output).filter_by(
        name=regex_name,
        target_id=target_id).group_by(models.GrepOutput.output).all()
    grep_outputs = [i[0] for i in grep_outputs]
    # Get one transaction per match
    transaction_ids = []
    for grep_output in grep_outputs:
        transaction_ids.append(
            session.query(models.Transaction.id).join(
                models.Transaction.grep_outputs).filter(
                    models.GrepOutput.output == grep_output,
                    models.GrepOutput.target_id == target_id).limit(1).all()[0]
            [0])
    # Calculate stats if needed
    if stats:
        # Calculate the total number of matches
        num_matched_transactions = get_count(
            session.query(models.Transaction).join(
                models.Transaction.grep_outputs).filter(
                    models.GrepOutput.name == regex_name,
                    models.GrepOutput.target_id == target_id).group_by(
                        models.Transaction))
        # Calculate total number of transactions in scope
        num_transactions_in_scope = get_count(
            session.query(models.Transaction).filter_by(scope=True,
                                                        target_id=target_id))
        # Calculate matched percentage
        if int(num_transactions_in_scope):
            match_percent = int(
                (num_matched_transactions / float(num_transactions_in_scope)) *
                100)
        else:
            match_percent = 0
    else:
        match_percent = None
    return [
        regex_name, [json.loads(i) for i in grep_outputs], transaction_ids,
        match_percent
    ]
Exemple #4
0
def plugin_count_output(session):
    """Get count stats

    :return: Count stats
    :rtype: `dict`
    """
    from owtf.managers.worker import worker_manager
    complete_count = get_count(session.query(models.PluginOutput))
    left_count = get_count(session.query(models.Work))
    left_count += worker_manager.get_busy_workers()
    results = {'complete_count': complete_count, 'left_count': left_count}
    return results
Exemple #5
0
def add_work(session, target_list, plugin_list, force_overwrite=False):
    """Add work to the worklist

    :param target_list: target list
    :type target_list: `list`
    :param plugin_list: plugin list
    :type plugin_list: `list`
    :param force_overwrite: True/False, user choice
    :type force_overwrite: `bool`
    :return: None
    :rtype: None
    """
    if any(plugin['group'] == 'auxiliary' for plugin in plugin_list):
        # No sorting if aux plugins are run
        sorted_plugin_list = plugin_list
    else:
        sorted_plugin_list = group_sort_order(plugin_list)
    for target in target_list:
        for plugin in sorted_plugin_list:
            # Check if it already in worklist
            if get_count(session.query(models.Work).filter_by(target_id=target["id"],
                                                            plugin_key=plugin["key"])) == 0:
                # Check if it is already run ;) before adding
                is_run = plugin_already_run(session=session, plugin_info=plugin, target_id=target["id"])
                if (force_overwrite is True) or (force_overwrite is False and is_run is False):
                    # If force overwrite is true then plugin output has
                    # to be deleted first
                    if force_overwrite is True:
                        delete_all_poutput(session=session, filter_data={"plugin_key": plugin["key"]},
                                           target_id=target["id"])
                    work_model = models.Work(target_id=target["id"], plugin_key=plugin["key"])
                    session.add(work_model)
    session.commit()
Exemple #6
0
def search_target_configs(session, filter_data=None, session_id=None):
    """Three things needed
    + Total number of targets
    + Filtered target dicts
    + Filtered number of targets

    :param filter_data: Filter data
    :type filter_data: `dict`
    :param session_id: session id
    :type session_id: `int`
    :return: results
    :rtype: `dict`
    """
    total = get_count(session.query(models.Target).filter(models.Target.sessions.any(id=session_id)))
    filtered_target_objs = target_gen_query(session, filter_data, session_id).all()
    filtered_number = get_count(target_gen_query(session, filter_data, session_id, for_stats=True))
    results = {
        "records_total": total,
        "records_filtered": filtered_number,
        "data": get_target_configs(filtered_target_objs)
    }
    return results
Exemple #7
0
def num_transactions(session, scope=True, target_id=None):
    """Return number of transactions in scope by default

    :param scope: In/out scope
    :type scope: `bool`
    :param target_id: ID of the target
    :type target_id: `int`
    :return: Number of transactions in scope
    :rtype: `int`
    """
    count = get_count(
        session.query(models.Transaction).filter_by(scope=scope,
                                                    target_id=target_id))
    return count
Exemple #8
0
def plugin_output_exists(session, plugin_key, target_id):
    """Check if output exists

    :param plugin_key: plugin key
    :type plugin_key: `str`
    :param target_id: Target id
    :type target_id: `int`
    :return: True if count > 0
    :rtype: `bool`
    """
    count = get_count(
        session.query(models.PluginOutput).filter_by(target_id=target_id,
                                                     plugin_key=plugin_key))
    return count > 0
Exemple #9
0
def search_all_work(session, criteria):
    """Search the worklist

    .note::
        Three things needed
            + Total number of work
            + Filtered work dicts
            + Filtered number of works

    :param criteria: Filter criteria
    :type criteria: `dict`
    :return: Results of the search query
    :rtype: `dict`
    """
    total = get_count(session.query(models.Work))
    filtered_work_objs = worklist_generate_query(session, criteria).all()
    filtered_number = worklist_generate_query(session, criteria, for_stats=True).count()
    results = {
        "records_total": total,
        "records_filtered": filtered_number,
        "data": _derive_work_dicts(filtered_work_objs)
    }
    return results