def __get_logs_html():
__api_key_check(app, flask_request, __language())
try:
host = __get_value(flask_request, "host")
except:
host = ""
return make_response(__logs_to_report_html(host, __language()))
def __get_logs():
__api_key_check(app, flask_request, __language())
try:
host = __get_value(flask_request, "host")
except:
host = ""
return jsonify(__logs_to_report_json(host, __language())), 200
def __get_logs_csv():
"""
get host's logs through the API in JSON type
Returns:
an array with JSON events
"""
__api_key_check(app, flask_request, __language())
try:
host = __get_value(flask_request, "host")
except Exception:
host = ""
data = __logs_to_report_json(host, __language())
keys = data[0].keys()
filename = "report-" + now(model="%Y_%m_%d_%H_%M_%S") + "".join(
random.choice(string.ascii_lowercase) for x in range(10))
with open(filename, "w") as output_file:
dict_writer = csv.DictWriter(output_file,
fieldnames=keys,
quoting=csv.QUOTE_ALL)
dict_writer.writeheader()
for i in data:
dictdata = {key: value for key, value in i.items() if key in keys}
dict_writer.writerow(dictdata)
print_data = []
with open(filename, 'r') as output_file:
reader = output_file.read()
return Response(reader,
mimetype='text/csv',
headers={
'Content-Disposition':
'attachment;filename=' + filename + '.csv'
})
def __get_last_host_logs():
__api_key_check(app, flask_request, __language())
try:
page = int(__get_value(flask_request, "page"))
except:
page = 1
return jsonify(__last_host_logs(__language(), page)), 200
def new_scan():
"""
new scan through the API
Returns:
a JSON message with scan details if success otherwise a JSON error
"""
_start_scan_config = {}
__api_key_check(app, flask_request, __language())
targetValue = __get_value(flask_request, "targets")
if (target_type(targetValue) == "UNKNOWN"):
return jsonify({"error": "Please input correct target"}), 400
for key in _core_default_config():
if __get_value(flask_request, key) is not None:
_start_scan_config[key] = escape(__get_value(flask_request, key))
_start_scan_config["backup_ports"] = __get_value(flask_request, "ports")
_start_scan_config = __rules(
__remove_non_api_keys(
_builder(_start_scan_config,
_builder(_core_config(), _core_default_config()))),
_core_default_config(), __language())
_p = multiprocessing.Process(target=__scan, args=[_start_scan_config])
_p.start()
# Sometimes method_args is too big!
_start_scan_config["methods_args"] = {"as_user_set": "set_successfully"}
return jsonify(_start_scan_config), 200
def __session_set():
__api_key_check(app, flask_request, __language())
res = make_response(
jsonify(__structure(status="ok", msg=messages(__language(), 165))))
res.set_cookie(
"key", value=app.config["OWASP_NETTACKER_CONFIG"]["api_access_key"])
return res
def __get_results_json():
"""
get host's logs through the API in JSON type
Returns:
an array with JSON events
"""
session = create_connection(__language())
__api_key_check(app, flask_request, __language())
try:
_id = int(__get_value(flask_request, "id"))
scan_id_temp = session.query(Report).filter(Report.id == _id).all()
except Exception as _:
_id = ""
if(scan_id_temp):
result_id = session.query(Report).join(HostsLog, Report.scan_id == HostsLog.scan_id).filter(Report.scan_id == scan_id_temp[0].scan_id).all()
else:
result_id = []
json_object = {}
if(result_id):
scan_id = result_id[0].scan_id
data = __logs_by_scan_id(scan_id, __language())
json_object = json.dumps(data)
date_from_db = scan_id_temp[0].date
date_format = datetime.strptime(date_from_db, "%Y-%m-%d %H:%M:%S")
date_format = str(date_format).replace("-", "_").replace(":", "_").replace(" ", "_")
filename = "report-" + date_format +"".join(random.choice(string.ascii_lowercase) for x in range(10))
return Response(json_object, mimetype='application/json', headers={'Content-Disposition':'attachment;filename='+filename+'.json'})
def __get_result_content():
__api_key_check(app, flask_request, __language())
try:
id = int(__get_value(flask_request, "id"))
except:
return jsonify(
__structure(status="error", msg="your scan id is not valid!")), 400
return __get_result(__language(), id)
def __session_check():
"""
check the session if it's valid
Returns:
a JSON message if it's valid otherwise abort(401)
"""
__api_key_check(app, flask_request, __language())
return jsonify(__structure(status="ok", msg=messages(__language(), "browser_session_valid"))), 200
def ___go_for_search_logs():
__api_key_check(app, flask_request, __language())
try:
page = int(__get_value(flask_request, "page"))
except:
page = 1
try:
query = __get_value(flask_request, "q")
except:
query = ""
return jsonify(__search_logs(__language(), page, query)), 200
def __get_results_csv():
"""
get host's logs through the API in JSON type
Returns:
an array with JSON events
"""
session = create_connection(__language())
__api_key_check(app, flask_request, __language())
try:
_id = int(__get_value(flask_request, "id"))
scan_id_temp = session.query(Report).filter(Report.id == _id).all()
except Exception as _:
_id = ""
if (scan_id_temp):
result_id = session.query(Report).join(
HostsLog, Report.scan_id == HostsLog.scan_id).filter(
Report.scan_id == scan_id_temp[0].scan_id).all()
else:
result_id = []
date_from_db = scan_id_temp[0].date
date_format = datetime.strptime(date_from_db, "%Y-%m-%d %H:%M:%S")
date_format = str(date_format).replace("-",
"_").replace(":",
"_").replace(" ", "_")
filename = "report-" + date_format + "".join(
random.choice(string.ascii_lowercase) for x in range(10))
_reader = ''
if (result_id):
scan_id = result_id[0].scan_id
data = __logs_by_scan_id(scan_id, __language())
keys = data[0].keys()
with open(filename, "w") as output_file:
dict_writer = csv.DictWriter(output_file,
fieldnames=keys,
quoting=csv.QUOTE_ALL)
dict_writer.writeheader()
for i in data:
dictdata = {
key: value
for key, value in i.items() if key in keys
}
dict_writer.writerow(dictdata)
print_data = []
with open(filename, 'r') as output_file:
_reader = output_file.read()
return Response(_reader,
mimetype='text/csv',
headers={
'Content-Disposition':
'attachment;filename=' + filename + '.csv'
})
def __get_logs():
"""
get host's logs through the API in JSON type
Returns:
an array with JSON events
"""
__api_key_check(app, flask_request, __language())
try:
host = __get_value(flask_request, "host")
except:
host = ""
return jsonify(__logs_to_report_json(host, __language())), 200
def __get_logs_html():
"""
get host's logs through the API in HTML type
Returns:
HTML report
"""
__api_key_check(app, flask_request, __language())
try:
host = __get_value(flask_request, "host")
except:
host = ""
return make_response(__logs_to_report_html(host, __language()))
def __get_last_host_logs():
"""
get list of logs through the API
Returns:
an array of JSON logs if success otherwise abort(403)
"""
__api_key_check(app, flask_request, __language())
try:
page = int(__get_value(flask_request, "page"))
except:
page = 1
return jsonify(__last_host_logs(__language(), page)), 200
def __get_result_content():
"""
get a result HTML/TEXT/JSON content
Returns:
content of the scan result
"""
__api_key_check(app, flask_request, __language())
try:
id = int(__get_value(flask_request, "id"))
except Exception:
return jsonify(__structure(status="error", msg="your scan id is not valid!")), 400
return __get_result(__language(), id)
def __get_results():
"""
get list of scan's results through the API
Returns:
an array of JSON scan's results if success otherwise abort(403)
"""
__api_key_check(app, flask_request, __language())
try:
page = int(__get_value(flask_request, "page"))
except Exception:
page = 1
return jsonify(__select_results(__language(), page)), 200
def __session_set():
"""
set session on the browser
Returns:
200 HTTP response if session is valid and a set-cookie in the response if success otherwise abort(403)
"""
__api_key_check(app, flask_request, __language())
res = make_response(
jsonify(__structure(status="ok", msg=messages(__language(), "browser_session_valid"))))
res.set_cookie("key", value=app.config[
"OWASP_NETTACKER_CONFIG"]["api_access_key"])
return res
def new_scan():
_start_scan_config = {}
language = app.config["OWASP_NETTACKER_CONFIG"]["language"]
__api_key_check(app, flask_request, language)
for key in _core_default_config():
if __get_value(flask_request, key) is not None:
_start_scan_config[key] = __get_value(flask_request, key)
_start_scan_config = __rules(__remove_non_api_keys(_builder(_start_scan_config,
_builder(_core_config(), _core_default_config()))),
_core_default_config(), language)
scan_id = "".join(random.choice("0123456789abcdef") for x in range(32))
scan_cmd = messages(language, 158)
_start_scan_config["scan_id"] = scan_id
p = multiprocessing.Process(target=__scan, args=[_start_scan_config, scan_id, scan_cmd])
p.start()
return jsonify(_start_scan_config)
def __get_logs():
"""
get host's logs through the API in JSON type
Returns:
an array with JSON events
"""
__api_key_check(app, flask_request, __language())
try:
host = __get_value(flask_request, "host")
except Exception:
host = ""
data = __logs_to_report_json(host, __language())
json_object = json.dumps(data)
filename = "report-" + now(model="%Y_%m_%d_%H_%M_%S")+"".join(random.choice(string.ascii_lowercase) for x in range(10))
return Response(json_object, mimetype='application/json', headers={'Content-Disposition':'attachment;filename='+filename+'.json'})
def ___go_for_search_logs():
"""
search in all events
Returns:
an array with JSON events
"""
__api_key_check(app, flask_request, __language())
try:
page = int(__get_value(flask_request, "page"))
except:
page = 1
try:
query = __get_value(flask_request, "q")
except:
query = ""
return jsonify(__search_logs(__language(), page, query)), 200
def new_scan():
_start_scan_config = {}
__api_key_check(app, flask_request, __language())
for key in _core_default_config():
if __get_value(flask_request, key) is not None:
_start_scan_config[key] = __get_value(flask_request, key)
_start_scan_config["backup_ports"] = __get_value(flask_request, "ports")
_start_scan_config = __rules(
__remove_non_api_keys(
_builder(_start_scan_config,
_builder(_core_config(), _core_default_config()))),
_core_default_config(), __language())
p = multiprocessing.Process(target=__scan, args=[_start_scan_config])
p.start()
# Sometimes method_args is too big!
_start_scan_config["methods_args"] = {"as_user_set": "set_successfully"}
return jsonify(_start_scan_config), 200
def __session_check():
language = app.config["OWASP_NETTACKER_CONFIG"]["language"]
__api_key_check(app, flask_request, language)
return jsonify(__structure(status="ok", msg=messages(language, 165))), 200
def __session_check():
__api_key_check(app, flask_request, __language())
return jsonify(__structure(status="ok", msg=messages(__language(),
165))), 200
