def main(workspace="", args=None, parser=None):
WORKSPACE = workspace
parser.add_argument("--csv", help="Csv file to import")
parsed_args = parser.parse_args(args)
if not parsed_args.csv:
print "Error: Give a CSV file to import with --csv"
return 2, None
try:
file_csv = open(parsed_args.csv, "r")
except:
print "Error: Unreadeable CSV file, check the path"
raise
counter = 0
csv_reader = csv.DictReader(file_csv, delimiter=",", quotechar='"')
for register in csv_reader:
host, interface, service, vulnerability, vulnerability_web = parse_register(register)
# Set all IDs and create objects
if host is not None:
host.setID(None)
if not models.get_host(WORKSPACE, host.getID()):
counter += 1
print "New host: " + host.getName()
models.create_host(WORKSPACE, host)
if interface is not None:
interface.setID(host.getID())
if not models.get_interface(WORKSPACE, interface.getID()):
counter += 1
print "New interface: " + interface.getName()
models.create_interface(WORKSPACE, interface)
if service is not None:
service.setID(interface.getID())
if not models.get_service(WORKSPACE, service.getID()):
counter += 1
print "New service: " + service.getName()
models.create_service(WORKSPACE, service)
# Check if Service exist, then create the vuln with parent Service.
# If not exist the Service, create the vuln with parent Host.
if vulnerability is not None:
if service is None:
vulnerability.setID(host.getID())
else:
vulnerability.setID(service.getID())
if not models.get_vuln(WORKSPACE, vulnerability.getID()):
counter += 1
print "New vulnerability: " + vulnerability.getName()
models.create_vuln(WORKSPACE, vulnerability)
elif vulnerability_web is not None:
vulnerability_web.setID(service.getID())
if not models.get_web_vuln(WORKSPACE, vulnerability_web.getID()):
counter += 1
print "New web vulnerability: " + vulnerability_web.getName()
models.create_vuln_web(WORKSPACE, vulnerability_web)
print "[*]", counter, "new Faraday objects created."
file_csv.close()
return 0, None
def main(workspace='', args=None, parser=None):
parser.add_argument('service', help='Parent service ID')
parser.add_argument('name', help='Vulnerability name')
parser.add_argument('--reference',
help='Vulnerability reference',
default='') # Fixme
parser.add_argument(
'--severity',
help='Vulnerability severity',
choices=['critical', 'high', 'med', 'low', 'info', 'unclassified'],
default='unclassified')
parser.add_argument('--resolution', help='Resolution', default='')
parser.add_argument('--description',
help='Vulnerability description',
default='')
parser.add_argument('--website', help='Website', default='')
parser.add_argument('--path', help='Path', default='')
parser.add_argument('--request', help='Request', default='')
parser.add_argument('--response', help='Response', default='')
parser.add_argument('--method', help='Method', default='')
parser.add_argument('--pname', help='pname', default='') # FIXME
parser.add_argument('--params', help='Parameters', default='')
parser.add_argument('--query', help='Query', default='')
parser.add_argument('--category', help='Category', default='')
parser.add_argument('--confirmed',
help='Is the vulnerability confirmed',
choices=['true', 'false'],
default='false')
parser.add_argument(
'--dry-run',
action='store_true',
help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
params = {
'name': parsed_args.name,
'description': parsed_args.description,
'service_id': parsed_args.service,
'method': parsed_args.method,
'parameter_name': parsed_args.params,
'path': parsed_args.path,
'website': parsed_args.website,
}
obj = factory.createModelObject(
models.VulnWeb.class_signature,
parsed_args.name,
workspace,
desc=parsed_args.description,
ref=parsed_args.reference,
severity=parsed_args.severity,
resolution=parsed_args.resolution,
website=parsed_args.website,
path=parsed_args.path,
request=parsed_args.request,
response=parsed_args.response,
method=parsed_args.method,
pname=parsed_args.pname,
params=parsed_args.params,
query=parsed_args.query,
category=parsed_args.category,
confirmed=(parsed_args.confirmed == 'true'),
parent_id=parsed_args.service,
parent_type='Service')
old = models.get_web_vuln(workspace, **params)
if old is None:
if not parsed_args.dry_run:
models.create_vuln_web(workspace, obj)
old = models.get_web_vuln(workspace, **params)
else:
print("A web vulnerability with ID %s already exists!" % old.getID())
return 2, None
return 0, old.getID()
def main(workspace="", args=None, parser=None):
WORKSPACE = workspace
parser.add_argument("--csv", help="Csv file to import")
parsed_args = parser.parse_args(args)
if not parsed_args.csv:
print "Error: Give a CSV file to import with --csv"
return 2, None
try:
file_csv = open(parsed_args.csv, "r")
except:
print "Error: Unreadeable CSV file, check the path"
raise
counter = 0
csv_reader = csv.DictReader(file_csv, delimiter=",", quotechar='"')
for register in csv_reader:
host, service, vulnerability, vulnerability_web = parse_register(register)
# Set all IDs and create objects
if host is not None:
old_host = models.get_host(WORKSPACE, ip=host.getName())
if not old_host:
counter += 1
print "New host: " + host.getName()
models.create_host(WORKSPACE, host)
host = models.get_host(WORKSPACE, ip=host.getName())
if service is not None:
service.setParent(host.getID())
service_params = {
'name': service.getName(),
'port': service.getPorts()[0],
'protocol': service.getProtocol(),
'host_id': service.getParent()
}
old_service = models.get_service(WORKSPACE, **service_params)
if not old_service:
counter += 1
print "New service: " + service.getName()
models.create_service(WORKSPACE, service)
service = models.get_service(WORKSPACE, **service_params)
# Check if Service exist, then create the vuln with parent Service.
# If not exist the Service, create the vuln with parent Host.
if vulnerability is not None:
if host and not service:
parent_type = 'Host'
parent_id = host.getID()
if host and service:
parent_type = 'Service'
parent_id = service.getID()
vulnerability.setParent(parent_id)
vulnerability.setParentType(parent_type)
vuln_params = {
'name': vulnerability.getName(),
'description': vulnerability.getDescription(),
'parent_type': parent_type,
'parent': parent_id,
}
if not models.get_vuln(WORKSPACE, **vuln_params):
counter += 1
print "New vulnerability: " + vulnerability.getName()
models.create_vuln(WORKSPACE, vulnerability)
elif vulnerability_web is not None:
vuln_web_params = {
'name': vulnerability_web.getName(),
'description': vulnerability_web.getDescription(),
'parent': service.getID(),
'parent_type': 'Service',
'method': vulnerability_web.getMethod(),
'parameter_name': vulnerability_web.getParams(),
'path': vulnerability_web.getPath(),
'website': vulnerability_web.getWebsite(),
}
vulnerability_web.setParent(service.getID())
if not models.get_web_vuln(WORKSPACE, **vuln_web_params):
counter += 1
print "New web vulnerability: " + vulnerability_web.getName()
models.create_vuln_web(WORKSPACE, vulnerability_web)
print "[*]", counter, "new Faraday objects created."
file_csv.close()
return 0, None
def main(workspace="", args=None, parser=None):
WORKSPACE = workspace
parser.add_argument("--csv", help="Csv file to import")
parsed_args = parser.parse_args(args)
if not parsed_args.csv:
print "Error: Give a CSV file to import with --csv"
return 2, None
try:
file_csv = open(parsed_args.csv, "r")
except:
print "Error: Unreadeable CSV file, check the path"
raise
counter = 0
csv_reader = csv.DictReader(file_csv, delimiter=",", quotechar='"')
for register in csv_reader:
host, interface, service, vulnerability, vulnerability_web = parse_register(
register)
# Set all IDs and create objects
if host is not None:
host.setID(None)
if not models.get_host(WORKSPACE, host.getID()):
counter += 1
print "New host: " + host.getName()
models.create_host(WORKSPACE, host)
if interface is not None:
interface.setID(host.getID())
if not models.get_interface(WORKSPACE, interface.getID()):
counter += 1
print "New interface: " + interface.getName()
models.create_interface(WORKSPACE, interface)
if service is not None:
service.setID(interface.getID())
if not models.get_service(WORKSPACE, service.getID()):
counter += 1
print "New service: " + service.getName()
models.create_service(WORKSPACE, service)
# Check if Service exist, then create the vuln with parent Service.
# If not exist the Service, create the vuln with parent Host.
if vulnerability is not None:
if service is None:
vulnerability.setID(host.getID())
else:
vulnerability.setID(service.getID())
if not models.get_vuln(WORKSPACE, vulnerability.getID()):
counter += 1
print "New vulnerability: " + vulnerability.getName()
models.create_vuln(WORKSPACE, vulnerability)
elif vulnerability_web is not None:
vulnerability_web.setID(service.getID())
if not models.get_web_vuln(WORKSPACE, vulnerability_web.getID()):
counter += 1
print "New web vulnerability: " + vulnerability_web.getName()
models.create_vuln_web(WORKSPACE, vulnerability_web)
print "[*]", counter, "new Faraday objects created."
file_csv.close()
return 0, None
def main(workspace='', args=None, parser=None):
parser.add_argument('service', help='Parent service ID')
parser.add_argument('name', help='Vulnerability name')
parser.add_argument('--reference', help='Vulnerability reference', default='') # Fixme
parser.add_argument('--severity',
help='Vulnerability severity',
choices=['critical', 'high', 'med', 'low', 'info', 'unclassified'],
default='unclassified')
parser.add_argument('--resolution', help='Resolution', default='')
parser.add_argument('--description', help='Vulnerability description', default='')
parser.add_argument('--website', help='Website', default='')
parser.add_argument('--path', help='Path', default='')
parser.add_argument('--request', help='Request', default='')
parser.add_argument('--response', help='Response', default='')
parser.add_argument('--method', help='Method', default='')
parser.add_argument('--pname', help='pname', default='') # FIXME
parser.add_argument('--params', help='Parameters', default='')
parser.add_argument('--query', help='Query', default='')
parser.add_argument('--category', help='Category', default='')
parser.add_argument('--confirmed', help='Is the vulnerability confirmed',
choices=['true', 'false'],
default='false')
parser.add_argument('--dry-run', action='store_true', help='Do not touch the database. Only print the object ID')
parsed_args = parser.parse_args(args)
obj = factory.createModelObject(models.VulnWeb.class_signature, parsed_args.name, workspace,
desc=parsed_args.description,
ref=parsed_args.reference,
severity=parsed_args.severity,
resolution=parsed_args.resolution,
website=parsed_args.website,
path=parsed_args.path,
request=parsed_args.request,
response=parsed_args.response,
method=parsed_args.method,
pname=parsed_args.pname,
params=parsed_args.params,
query=parsed_args.query,
category=parsed_args.category,
confirmed=(parsed_args.confirmed == 'true'),
parent_id=parsed_args.service
)
old = models.get_web_vuln(workspace, obj.getID())
if old is None:
if not parsed_args.dry_run:
models.create_vuln_web(workspace, obj)
else:
print "A web vulnerability with ID %s already exists!" % obj.getID()
return 2, None
return 0, obj.getID()
def main(workspace="", args=None, parser=None):
WORKSPACE = workspace
parser.add_argument("--csv", help="Csv file to import")
parsed_args = parser.parse_args(args)
if not parsed_args.csv:
print "Error: Give a CSV file to import with --csv"
return 2, None
try:
file_csv = open(parsed_args.csv, "r")
except:
print "Error: Unreadeable CSV file, check the path"
raise
counter = 0
csv_reader = csv.DictReader(file_csv, delimiter=",", quotechar='"')
for register in csv_reader:
try:
host, service, vulnerability, vulnerability_web = parse_register(register)
# Set all IDs and create objects
if host is not None:
old_host = models.get_host(WORKSPACE, ip=host.getName())
if not old_host:
counter += 1
print "New host: " + host.getName()
try:
models.create_host(WORKSPACE, host)
except Exception as ex:
import ipdb; ipdb.set_trace()
host = models.get_host(WORKSPACE, ip=host.getName())
if service is not None:
service.setParent(host.getID())
service_params = {
'name': service.getName(),
'port': service.getPorts()[0],
'protocol': service.getProtocol(),
'host_id': service.getParent()
}
old_service = models.get_service(WORKSPACE, **service_params)
if not old_service:
counter += 1
print "New service: " + service.getName()
models.create_service(WORKSPACE, service)
service = models.get_service(WORKSPACE, **service_params)
# Check if Service exist, then create the vuln with parent Service.
# If not exist the Service, create the vuln with parent Host.
if vulnerability is not None:
if host and not service:
parent_type = 'Host'
parent_id = host.getID()
if host and service:
parent_type = 'Service'
parent_id = service.getID()
vulnerability.setParent(parent_id)
vulnerability.setParentType(parent_type)
vuln_params = {
'name': vulnerability.getName(),
'description': vulnerability.getDescription(),
'parent_type': parent_type,
'parent': parent_id,
}
if not models.get_vuln(WORKSPACE, **vuln_params):
counter += 1
print "New vulnerability: " + vulnerability.getName()
models.create_vuln(WORKSPACE, vulnerability)
elif vulnerability_web is not None:
vuln_web_params = {
'name': vulnerability_web.getName(),
'description': vulnerability_web.getDescription(),
'parent': service.getID(),
'parent_type': 'Service',
'method': vulnerability_web.getMethod(),
'parameter_name': vulnerability_web.getParams(),
'path': vulnerability_web.getPath(),
'website': vulnerability_web.getWebsite(),
}
vulnerability_web.setParent(service.getID())
if not models.get_web_vuln(WORKSPACE, **vuln_web_params):
counter += 1
print "New web vulnerability: " + vulnerability_web.getName()
models.create_vuln_web(WORKSPACE, vulnerability_web)
except ConflictInDatabase:
print('Conflict in Database, skiping csv row')
except CantCommunicateWithServerError as ex:
print(register)
print('Error', ex)
print "[*]", counter, "new Faraday objects created."
file_csv.close()
return 0, None