def print_http_headers(self): """Print HTTP Response Headers if available""" if self.get_http_headers(): logger.info('HTTP Response headers:') for l in self.get_http_headers().splitlines(): Output.print(' | {}'.format(l)) print()
def show(self, filter_service=None): """ Display information about supported attack profiles :param str filter_service: Service name to filter with (default: no filter) """ data = list() columns = [ 'Profile', 'Description', ] for p in self.profiles: #print(p.checks) if not filter_service or p.is_service_supported(filter_service): data.append([ Output.colored(p.name, attrs='bold'), StringUtils.wrap(p.description, 120) ]) if filter_service: service = 'for service {}'.format(filter_service.upper()) else: service = '' Output.title1('Attack Profiles {service}'.format(service=service)) Output.table(columns, data, hrules=False) if not filter_service: print Output.print('Run "info --attack-profiles <service>" to see the attack ' \ 'profiles supported for a given service.')
def __attack_target(self, id_, attack_progress): """ Run checks against a given target :param id_: Number of the target (as displayed in "id" column in show_summary()) """ target = self.targets[id_ - 1] if target.get_http_headers(): logger.info('HTTP Response headers:') for l in target.get_http_headers().splitlines(): Output.print(l) print() if target.get_credentials(): logger.info('Credentials set for this target:') data = list() columns = ['username', 'password'] if target.get_service_name() == 'http': columns.append('auth-type') for c in target.get_credentials(): username = '******' if c.username == '' else c.username if c.password is None: password = '******' else: password = '******' if c.password == '' else c.password line = [username, password] if target.get_service_name() == 'http': line.append(c.type) data.append(line) Output.table(columns, data, hrules=False) if target.get_specific_options(): logger.info('Context-specific options set for this target:') data = list() columns = ['option', 'value'] for o in target.get_specific_options(): data.append([o.name, o.value]) Output.table(columns, data, hrules=False) # TODO: add/edit specific options before run self.smartmodules_loader.call_start_method(target.service) service_checks = self.settings.services.get_service_checks( target.get_service_name()) service_checks.run(target, self.smartmodules_loader, self.results_requester, self.filter_categories, self.filter_checks, fast_mode=self.fast_mode, attack_progress=attack_progress)
def __run_special_mode(self, target, arguments, sqlsession, filter_checks=None, attack_profile=None, fast_mode=False, attack_progress=None): """ Run checks for the service in special mode, i.e. when user has provided either an attack profile (pre-selection of checks) or a list of checks (may even be one single check to run) :param Target target: Target :param ArgumentsParser arguments: Arguments from command-line :param Session sqlsession: SQLAlchemy session :param list filter_checks: Selection of checks to run (default: all) :param AttackProfile attack_profile: Attack profile (default: no profile) :param bool fast_mode: Set to true to disable prompts :param enlighten.Counter attack_progress: Attack progress """ # User has submitted list of checks if filter_checks: filter_checks = list(filter( lambda x: self.is_existing_check(x), filter_checks)) if not filter_checks: logger.warning('None of the selected checks is existing for the ' \ 'service {service}'.format(service=target.get_service_name())) return logger.info('Selected check(s) that will be run:') for c in filter_checks: check = self.get_check(c) if check: Output.print(' | - {name} ({category})'.format( name=c, category=check.category)) # User has submitted an attack profile else: if not attack_profile.is_service_supported(target.get_service_name()): logger.warning('The attack profile {profile} is not supported for ' \ 'target service {service}'.format( profile=attack_profile, service=target.get_service_name())) return else: filter_checks = attack_profile.get_checks_for_service( target.get_service_name()) logger.info('Selected attack profile: {}'.format(attack_profile)) # Initialize sub status/progress bar checks_progress = manager.counter(total=len(filter_checks)+1, desc='', unit='check', leave=False, bar_format=STATUSBAR_FORMAT) time.sleep(.5) # hack for progress bar display i = 1 for checkname in filter_checks: print() check = self.get_check(checkname) # Update status/progress bar status = ' +--> Current check [{cur}/{total}]: {category} > ' \ '{checkname}'.format( cur = i, total = len(filter_checks), category = check.category, checkname = checkname) checks_progress.desc = '{status}{fill}'.format( status = status, fill = ' '*(DESC_LENGTH-len(status))) checks_progress.update() if attack_progress: # Hack to refresh the attack progress bar without incrementing # useful if the tool run during the check has cleared the screen attack_progress.update(incr=0, force=True) # Run the check if: # - The check has not been already run for this target (except # if --recheck is specified in command-line) # - Target is compliant with the check, # - The tool used for the check is well installed. results_req = ResultsRequester(sqlsession) results_req.select_mission(target.service.host.mission.name) filter_ = Filter(FilterOperator.AND) filter_.add_condition(Condition(target.service.id, FilterData.SERVICE_ID)) filter_.add_condition(Condition(check.name, FilterData.CHECK_NAME)) results_req.add_filter(filter_) result = results_req.get_first_result() if result is None or arguments.args.recheck == True: if check.check_target_compliance(target): Output.title2('[Check {num:02}/{total:02}] {name} > ' \ '{description}'.format( num = i, total = len(filter_checks), name = check.name, description = check.description)) if not check.tool.installed: logger.warning('Skipped: the tool "{tool}" used by ' \ 'this check is not installed yet'.format( tool=check.tool.name)) else: try: check.run(target, arguments, sqlsession, fast_mode=fast_mode) except KeyboardInterrupt: print() logger.warning('Check {check} skipped !'.format( check=check.name)) else: logger.info('[Check {num:02}/{total:02}] ' \ '{name} > Skipped because context requirements are ' \ 'not matching the target'.format( name = check.name, num = i, total = len(filter_checks))) time.sleep(.2) else: logger.info('[Check {num:02}/{total:02}] ' \ '{name} > Skipped because the check has already ' \ 'been run'.format( name = check.name, num = i, total = len(filter_checks))) time.sleep(.2) i += 1 checks_progress.update() time.sleep(.5) checks_progress.close()