def access_request_handler(): access_details = readAccessReq() # Reading the Access Request try: tree = parse('scanner_details.xml') # Reading the Scanner Details root = tree.getroot() # Access request handler for scanners # Read Nessus scanner details scanner = root.find('nessus') execute_nessus = scanner.get('enabled') if execute_nessus == '1': # print(scanner) if scanner.find('host').text is None or scanner.find('username').text is None or scanner.find('host').text is None: xml_error("Nessus data missing in scanner_details.xml") print("Nessus" + " host@:" + scanner.find('host').text) # print(scanner.find('username').text) usr_passwd = input("Please enter your password for " + " Nessus" + ": ") nessus_details = {'uname': scanner.find('username').text, 'passwd': usr_passwd, 'host': scanner.find('host').text} # Scanner task calls from here Utilities.printLog("Executing Nessus tasks") nessusObj = nes.Nessus(nessus_details) # Create Nessus scanner class obj msg = nessusObj.handleAccessReq(access_details, nessus_details) # Login | Add User | Logout # Read Nexpose scanner details scanner = root.find('nexpose') execute_nexpose = scanner.get('enabled') if execute_nexpose == '1': # print(scanner) if scanner.find('host').text is None or scanner.find('username').text is None or scanner.find('host').text is None: xml_error("Nexpose data missing in scanner_details.xml") print("Nexpose" + " host@:" + scanner.find('host').text) # print(scanner.find('username').text) usr_passwd = input("Please enter your password for " + " Nexpose" + ": ") nexpose_details = {'uname': scanner.find('username').text, 'passwd': usr_passwd, 'host': scanner.find('host').text} # Scanner task calls from here Utilities.printLog("Executing Nexpose tasks") nexposeObj = nex.Nexpose(nexpose_details) # Create Nexpose scanner class obj msg += "\n"+nexposeObj.handleAccessReq(access_details, nexpose_details) # Login | SaveSite | Add User | Logout # Read Qualys scanner details scanner = root.find('qualys') execute_qualys = scanner.get('enabled') if execute_qualys == '1': # print(scanner) if scanner.find('host').text is None or scanner.find('username').text is None or scanner.find('host').text is None: xml_error("Qualys data missing in scanner_details.xml") print("Qualys" + " host@:" + scanner.find('host').text) # print(scanner.find('username').text) usr_passwd = input("Please enter your password for " + " Qualys" + ": ") qualys_details = {'uname': scanner.find('username').text, 'passwd': usr_passwd, 'host': scanner.find('host').text} # Scanner task calls from here Utilities.printLog("Executing Qualys tasks") qualysObj = qua.Qualys(qualys_details) # Create Qualys scanner class obj qualysObj.handleAccessReq(access_details, qualys_details) # Login | Add Asset | Add Asset Grp | Add User msg +="\nQualys\nDetails send to email." Utilities.write_to_file(msg) except Exception as e: Utilities.printException("In fun access_request_handler():"+ str(e))
def readAccessReq(): # read access request from XML try: ip = "" usrlst = [] tree = parse('access_request.xml') root = tree.getroot() for child in root.findall('user'): uname = child.find('uname').text name = child.find('name').text email = child.find('email').text if uname is None or name is None or email is None: xml_error("Data missing in access_request.xml") usrlst.append(uname + ',' + name + ',' + email) asst_det = root.find('asset_details') site_det = root.find('site') site_name = site_det.get('name') site_desc = site_det.get('desc') for ipchild in asst_det.findall('ip'): if ipchild.text is None: xml_error("IP missing in access_request.xml") ip = ip + "," + ipchild.text # print(ip) ip = ip.strip(',') access_req = { 'userList': usrlst, 'ip': ip, 'site_name': site_name, 'site_desc': site_desc } # print(access_req) return access_req except Exception as e: Utilities.printException("Error with access_request.xml." + str(e))
def readAccessReq(): # read access request from XML try: ip = "" usrlst = [] tree = parse('access_request.xml') root = tree.getroot() for child in root.findall('user'): uname = child.find('uname').text name = child.find('name').text email = child.find('email').text if uname is None or name is None or email is None: xml_error("Data missing in access_request.xml") usrlst.append(uname + ',' + name + ',' + email) asst_det = root.find('asset_details') site_det = root.find('site') site_name = site_det.get('name') site_desc = site_det.get('desc') for ipchild in asst_det.findall('ip'): if ipchild.text is None: xml_error("IP missing in access_request.xml") ip = ip + "," + ipchild.text # print(ip) ip = ip.strip(',') access_req = {'userList': usrlst, 'ip': ip, 'site_name': site_name, 'site_desc': site_desc} # print(access_req) return access_req except Exception as e: Utilities.printException("Error with access_request.xml."+ str(e))
def create_user(self, access_req): try: # Create User create_user_URL = self.nessus_host + "/users" usrLst = access_req['userList'] for user in usrLst: userinfo = user.split(',') # uname,name,email pswd = Utilities.gen_code() payload = {'username': userinfo[0], 'password': pswd, 'permissions': '32', 'name': userinfo[1], 'email': userinfo[2], 'type': 'local'} response = self.makeRequest(create_user_URL, json.dumps(payload), self.headers) json_rep = json.loads(response.decode("utf-8")) # print(json_rep) if self.status_code == 200: Utilities.printSuccess("Created user: "******"Nessus\nUsername:"******"\nPassword:"******"User creation Failure: Invalid field request") return False if self.status_code == 403: Utilities.printError("User creation Failure: No permission to create a user") return False if self.status_code == 409: Utilities.printError("User creation Failure: Duplicate username") return False except Exception as e: Utilities.printException(str(e))
def __init__(self, scanner_info): try: # Login and get the session here self.nessus_host = scanner_info['host'] self.headers = {'Content-Type': 'application/json'} self.login_try = 0 self.message = "" except Exception as e: Utilities.printException(str(e))
def __init__(self, scanner_info): try: self.nexpose_host = scanner_info['host'] self.reqURL = self.nexpose_host + "/api/1.1/xml" self.headers = {'Content-Type': 'text/xml'} self.login_try = 0 self.msg = "" except Exception as e: Utilities.printException(str(e))
def handleAccessReq(self, access_req, scanner_info): try: asset_adittion_success = self.add_asset(access_req) if asset_adittion_success: asset_grp_add_status = self.add_asset_grp(access_req) if asset_grp_add_status: create_user_status = self.add_user(access_req) # self.logout_user() except Exception as e: Utilities.printException(str(e))
def handleAccessReq(self, access_req, scanner_info): try: if self.login_nessus(scanner_info): create_user_status = self.create_user(access_req) self.logout_user() if create_user_status: return self.message else: return "Nessus user creation failed" except Exception as e: Utilities.printException(str(e))
def logout_user(self): try: # destroy the user session logoutURL = self.nessus_host + "/session" response = self.makeRequest(logoutURL, {}, self.headers, "DELETE") if self.status_code == 200: Utilities.printSuccess("Logged out of Nessus Scanner") if self.status_code == 401: Utilities.printSuccess("Logged out failure: No session exists") except Exception as e: Utilities.printException(str(e))
def create_user(self, access_req): try: # Create User create_user_URL = self.nessus_host + "/users" usrLst = access_req['userList'] for user in usrLst: userinfo = user.split(',') # uname,name,email pswd = Utilities.gen_code() payload = { 'username': userinfo[0], 'password': pswd, 'permissions': '32', 'name': userinfo[1], 'email': userinfo[2], 'type': 'local' } response = self.makeRequest(create_user_URL, json.dumps(payload), self.headers) json_rep = json.loads(response.decode("utf-8")) # print(json_rep) if self.status_code == 200: Utilities.printSuccess("Created user: "******"Nessus\nUsername:"******"\nPassword:"******"User creation Failure: Invalid field request") return False if self.status_code == 403: Utilities.printError( "User creation Failure: No permission to create a user" ) return False if self.status_code == 409: Utilities.printError( "User creation Failure: Duplicate username") return False except Exception as e: Utilities.printException(str(e))
def scan(self): try: #read data from config file tree = ET.parse('host_details.xml') root = tree.getroot() username = root[0][0].text password = root[0][1].text #setup connection s = requests.Session() s.headers.update({'X-Requested-With':'Qualys Vuln Api Scan'}) self.login(s, username, password) #scan each host for host in root.iter('host'): self.quick_scan(s, host[0].text, host[1].text, host[2].text, host[3].text, host[4].text, host[5].text) except: Utilities.printException("Unexpected error: " + sys.exc_info()[0]) Utilities.printException("sys.exc_info(): " + sys.exc_info()) finally: #always log out and close the session self.logout(s) s.close()
def scan(self): try: #read data from config file tree = ET.parse('host_details.xml') root = tree.getroot() username = root[0][0].text password = root[0][1].text #setup connection s = requests.Session() s.headers.update({'X-Requested-With': 'Qualys Vuln Api Scan'}) self.login(s, username, password) #scan each host for host in root.iter('host'): self.quick_scan(s, host[0].text, host[1].text, host[2].text, host[3].text, host[4].text, host[5].text) except: Utilities.printException("Unexpected error: " + sys.exc_info()[0]) Utilities.printException("sys.exc_info(): " + sys.exc_info()) finally: #always log out and close the session self.logout(s) s.close()
def access_request_handler(): access_details = readAccessReq() # Reading the Access Request try: tree = parse('scanner_details.xml') # Reading the Scanner Details root = tree.getroot() # Access request handler for scanners # Read Nessus scanner details scanner = root.find('nessus') execute_nessus = scanner.get('enabled') if execute_nessus == '1': # print(scanner) if scanner.find('host').text is None or scanner.find( 'username').text is None or scanner.find( 'host').text is None: xml_error("Nessus data missing in scanner_details.xml") print("Nessus" + " host@:" + scanner.find('host').text) # print(scanner.find('username').text) usr_passwd = input("Please enter your password for " + " Nessus" + ": ") nessus_details = { 'uname': scanner.find('username').text, 'passwd': usr_passwd, 'host': scanner.find('host').text } # Scanner task calls from here Utilities.printLog("Executing Nessus tasks") nessusObj = nes.Nessus( nessus_details) # Create Nessus scanner class obj msg = nessusObj.handleAccessReq( access_details, nessus_details) # Login | Add User | Logout # Read Nexpose scanner details scanner = root.find('nexpose') execute_nexpose = scanner.get('enabled') if execute_nexpose == '1': # print(scanner) if scanner.find('host').text is None or scanner.find( 'username').text is None or scanner.find( 'host').text is None: xml_error("Nexpose data missing in scanner_details.xml") print("Nexpose" + " host@:" + scanner.find('host').text) # print(scanner.find('username').text) usr_passwd = input("Please enter your password for " + " Nexpose" + ": ") nexpose_details = { 'uname': scanner.find('username').text, 'passwd': usr_passwd, 'host': scanner.find('host').text } # Scanner task calls from here Utilities.printLog("Executing Nexpose tasks") nexposeObj = nex.Nexpose( nexpose_details) # Create Nexpose scanner class obj msg += "\n" + nexposeObj.handleAccessReq( access_details, nexpose_details) # Login | SaveSite | Add User | Logout # Read Qualys scanner details scanner = root.find('qualys') execute_qualys = scanner.get('enabled') if execute_qualys == '1': # print(scanner) if scanner.find('host').text is None or scanner.find( 'username').text is None or scanner.find( 'host').text is None: xml_error("Qualys data missing in scanner_details.xml") print("Qualys" + " host@:" + scanner.find('host').text) # print(scanner.find('username').text) usr_passwd = input("Please enter your password for " + " Qualys" + ": ") qualys_details = { 'uname': scanner.find('username').text, 'passwd': usr_passwd, 'host': scanner.find('host').text } # Scanner task calls from here Utilities.printLog("Executing Qualys tasks") qualysObj = qua.Qualys( qualys_details) # Create Qualys scanner class obj qualysObj.handleAccessReq( access_details, qualys_details) # Login | Add Asset | Add Asset Grp | Add User msg += "\nQualys\nDetails send to email." Utilities.write_to_file(msg) except Exception as e: Utilities.printException("In fun access_request_handler():" + str(e))