Esempio n. 1
0
def build_texttable(events):
    """
    value['date'], value["target"], value['module_name'], value['scan_unique_id'],
                                                    value['options'], value['event']
    build a text table with generated event related to the scan

    :param events: all events
    :return:
        array [text table, event_number]
    """
    _table = texttable.Texttable()
    table_headers = [
        'date', 'target', 'module_name', 'scan_unique_id', 'port', 'event',
        'json_event'
    ]
    _table.add_rows([table_headers])
    for event in events:
        _table.add_rows([
            table_headers,
            [
                event['date'], event['target'], event['module_name'],
                event['scan_unique_id'], event['port'], event['event'],
                event['json_event']
            ]
        ])
    return _table.draw().encode(
        'utf8') + b'\n\n' + messages("nettacker_version_details").format(
            version_info()[0],
            version_info()[1], now()).encode('utf8') + b"\n"
Esempio n. 2
0
def create_report(options, scan_unique_id):
    """
    sort all events, create log file in HTML/TEXT/JSON and remove old logs

    Args:
        options: parsing options
        scan_unique_id: scan unique id

    Returns:
        True if success otherwise None
    """
    all_scan_logs = get_logs_by_scan_unique_id(scan_unique_id)
    if not all_scan_logs:
        info(messages("no_events_for_report"))
        return True
    report_path_filename = options.report_path_filename
    if (len(report_path_filename) >= 5 and report_path_filename[-5:]
            == '.html') or (len(report_path_filename) >= 4
                            and report_path_filename[-4:] == '.htm'):
        if options.graph_name:
            html_graph = build_graph(options.graph_name, all_scan_logs)
        else:
            html_graph = ''

        from lib.html_log import log_data
        html_table_content = log_data.table_title.format(
            html_graph, log_data.css_1, 'date', 'target', 'module_name',
            'scan_unique_id', 'port', 'event', 'json_event')
        for event in all_scan_logs:
            html_table_content += log_data.table_items.format(
                event["date"], event["target"], event["module_name"],
                event["scan_unique_id"], event["port"], event["event"],
                event["json_event"])
        html_table_content += log_data.table_end + '<p class="footer">' + messages(
            "nettacker_version_details").format(version_info()[0],
                                                version_info()[1],
                                                now()) + '</p>'
        with open(report_path_filename, 'w', encoding='utf-8') as save:
            save.write(html_table_content + '\n')
            save.close()
    elif len(report_path_filename
             ) >= 5 and report_path_filename[-5:] == '.json':
        with open(report_path_filename, 'w', encoding='utf-8') as save:
            save.write(str(json.dumps(all_scan_logs)) + '\n')
            save.close()
    elif len(
            report_path_filename) >= 5 and report_path_filename[-4:] == '.csv':
        keys = all_scan_logs[0].keys()
        with open(report_path_filename, 'a') as csvfile:
            writer = csv.DictWriter(csvfile, fieldnames=keys)
            writer.writeheader()
            for log in all_scan_logs:
                dict_data = {
                    key: value
                    for key, value in log.items() if key in keys
                }
                writer.writerow(dict_data)
            csvfile.close()

    else:
        with open(report_path_filename, 'wb') as save:
            save.write(build_texttable(all_scan_logs))
            save.close()

    submit_report_to_db({
        "date": now(model=None),
        "scan_unique_id": scan_unique_id,
        "options": vars(options),
    })

    info(messages("file_saved").format(report_path_filename))
    return True
Esempio n. 3
0
def nettacker_user_application_config():
    """
    core framework default config (could be modify by user)

    Returns:
        a JSON with all user default configurations
    """
    from core.compatible import version_info
    return {  # OWASP Nettacker Default Configuration
        "language":
        "en",
        "verbose_mode":
        False,
        "verbose_event":
        False,
        "show_version":
        False,
        "report_path_filename":
        "{results_path}/results_{date_time}_{random_chars}.html".format(
            results_path=nettacker_paths()["results_path"],
            date_time=now(model="%Y_%m_%d_%H_%M_%S"),
            random_chars=generate_random_token(10)),
        "graph_name":
        "d3_tree_v2_graph",
        "show_help_menu":
        False,
        "targets":
        None,
        "targets_list":
        None,
        "selected_modules":
        None,
        "excluded_modules":
        None,
        "usernames":
        None,
        "usernames_list":
        None,
        "passwords":
        None,
        "passwords_list":
        None,
        "ports":
        None,
        "timeout":
        3.0,
        "time_sleep_between_requests":
        0.0,
        "scan_ip_range":
        False,
        "scan_subdomains":
        False,
        "thread_per_host":
        100,
        "parallel_module_scan":
        1,
        "socks_proxy":
        None,
        "retries":
        1,
        "ping_before_scan":
        False,
        "profiles":
        None,
        "set_hardware_usage":
        "maximum",  # low, normal, high, maximum
        "user_agent":
        "Nettacker {version_number} {version_code}".format(
            version_number=version_info()[0], version_code=version_info()[1]),
        "show_all_modules":
        False,
        "show_all_profiles":
        False,
        "modules_extra_args":
        None
    }
Esempio n. 4
0
def check_all_required(parser, api_forms=None):
    """
    check all rules and requirements for ARGS

    Args:
        parser: parser from argparse
        api_forms: values from API

    Returns:
        all ARGS with applied rules
    """
    # Checking Requirements
    options = parser.parse_args() if not api_forms else api_forms
    modules_list = load_all_modules(full_details=True)
    profiles_list = load_all_profiles()

    # Check Help Menu
    if options.show_help_menu:
        parser.print_help()
        write("\n\n")
        write(messages("license"))
        die_success()

    # Check version
    if options.show_version:
        info(
            messages("current_version").format(
                color("yellow"),
                version_info()[0],
                color("reset"),
                color("cyan"),
                version_info()[1],
                color("reset"),
                color("green"),
            )
        )
        die_success()
    if options.show_all_modules:
        messages("loading_modules")
        for module in modules_list:
            info(
                messages("module_profile_full_information").format(
                    module,
                    ", ".join(
                        [
                            "{key}: {value}".format(
                                key=key, value=modules_list[module][key]
                            ) for key in modules_list[module]
                        ]
                    )
                )
            )
        die_success()
    if options.show_all_profiles:
        messages("loading_profiles")
        for profile in profiles_list:
            info(
                messages("module_profile_full_information").format(
                    profile,
                    ", ".join(profiles_list[profile])
                )
            )
        die_success()
    # API mode
    if options.start_api_server:
        if '--start-api' in sys.argv and api_forms:
            die_failure(messages("cannot_run_api_server"))
        from api.engine import start_api_server
        if options.api_client_whitelisted_ips:
            if type(options.api_client_whitelisted_ips) == str:
                options.api_client_whitelisted_ips = options.api_client_whitelisted_ips.split(',')
                whielisted_ips = []
                for ip in options.api_client_whitelisted_ips:
                    from core.ip import (is_single_ipv4,
                                         is_single_ipv6,
                                         is_ipv4_cidr,
                                         is_ipv6_range,
                                         is_ipv6_cidr,
                                         is_ipv4_range,
                                         generate_ip_range)
                    if is_single_ipv4(ip) or is_single_ipv6(ip):
                        whielisted_ips.append(ip)
                    elif is_ipv4_range(ip) or is_ipv6_range(ip) or is_ipv4_cidr(ip) or is_ipv6_cidr(ip):
                        whielisted_ips += generate_ip_range(ip)
                options.api_client_whitelisted_ips = whielisted_ips
        start_api_server(options)

    # Check the target(s)
    if not (options.targets or options.targets_list) or (options.targets and options.targets_list):
        parser.print_help()
        write("\n")
        die_failure(messages("error_target"))
    if options.targets:
        options.targets = list(set(options.targets.split(",")))
    if options.targets_list:
        try:
            options.targets = list(set(open(options.targets_list, "rb").read().decode().split()))
        except Exception:
            die_failure(
                messages("error_target_file").format(
                    options.targets_list
                )
            )

    # check for modules
    if not (options.selected_modules or options.profiles):
        die_failure(messages("scan_method_select"))
    if options.selected_modules:
        if options.selected_modules == 'all':
            options.selected_modules = modules_list
            del options.selected_modules['all']
        else:
            options.selected_modules = list(set(options.selected_modules.split(',')))
        for module_name in options.selected_modules:
            if module_name not in modules_list:
                die_failure(
                    messages("scan_module_not_found").format(
                        module_name
                    )
                )
    if options.profiles:
        if not options.selected_modules:
            options.selected_modules = []
        if options.profiles == 'all':
            options.selected_modules = modules_list
            del options.selected_modules['all']
        else:
            options.profiles = list(set(options.profiles.split(',')))
            for profile in options.profiles:
                if profile not in profiles_list:
                    die_failure(
                        messages("profile_404").format(
                            profile
                        )
                    )
                for module_name in profiles_list[profile]:
                    if module_name not in options.selected_modules:
                        options.selected_modules.append(module_name)
    # threading & processing
    if options.set_hardware_usage not in ['low', 'normal', 'high', 'maximum']:
        die_failure(
            messages("wrong_hardware_usage")
        )
    options.set_hardware_usage = select_maximum_cpu_core(options.set_hardware_usage)

    options.thread_per_host = int(options.thread_per_host)
    if not options.thread_per_host >= 1:
        options.thread_per_host = 1
    options.parallel_module_scan = int(options.parallel_module_scan)
    if not options.parallel_module_scan >= 1:
        options.parallel_module_scan = 1

    # Check for excluding modules
    if options.excluded_modules:
        options.excluded_modules = options.excluded_modules.split(",")
        if 'all' in options.excluded_modules:
            die_failure(messages("error_exclude_all"))
        for excluded_module in options.excluded_modules:
            if excluded_module in options.selected_modules:
                del options.selected_modules[excluded_module]
    # Check port(s)
    if options.ports:
        tmp_ports = []
        for port in options.ports.split(","):
            try:
                if "-" in port:
                    for port_number in range(int(port.split('-')[0]), int(port.split('-')[1]) + 1):
                        if port_number not in tmp_ports:
                            tmp_ports.append(port_number)
                else:
                    if int(port) not in tmp_ports:
                        tmp_ports.append(int(port))
            except Exception:
                die_failure(messages("ports_int"))
        options.ports = tmp_ports

    if options.user_agent == 'random_user_agent':
        options.user_agents = open(
            nettacker_global_config()['nettacker_paths']['web_browser_user_agents']
        ).read().split('\n')

    # Check user list
    if options.usernames:
        options.usernames = list(set(options.usernames.split(",")))
    elif options.usernames_list:
        try:
            options.usernames = list(set(open(options.usernames_list).read().split("\n")))
        except Exception:
            die_failure(
                messages("error_username").format(options.usernames_list)
            )
    # Check password list
    if options.passwords:
        options.passwords = list(set(options.passwords.split(",")))
    elif options.passwords_list:
        try:
            options.passwords = list(set(open(options.passwords_list).read().split("\n")))
        except Exception:
            die_failure(
                messages("error_passwords").format(options.passwords_list)
            )
    # Check output file
    try:
        temp_file = open(options.report_path_filename, "w")
        temp_file.close()
    except Exception:
        die_failure(
            messages("file_write_error").format(options.report_path_filename)
        )
    # Check Graph
    if options.graph_name:
        if options.graph_name not in load_all_graphs():
            die_failure(
                messages("graph_module_404").format(options.graph_name)
            )
        if not (options.report_path_filename.endswith(".html") or options.report_path_filename.endswith(".htm")):
            warn(messages("graph_output"))
            options.graph_name = None
    # check modules extra args
    if options.modules_extra_args:
        all_args = {}
        for args in options.modules_extra_args.split("&"):
            all_args[args.split('=')[0]] = args.split('=')[1]
        options.modules_extra_args = all_args
    options.timeout = float(options.timeout)
    options.time_sleep_between_requests = float(options.time_sleep_between_requests)
    options.retries = int(options.retries)
    return options