def search_all_transactions(session,
criteria,
target_id=None,
include_raw_data=True):
"""Search all transactions.Three things needed
+ Total number of transactions
+ Filtered transaction dicts
+ Filtered number of transactions
:param criteria: Filter criteria
:type criteria: `dict`
:param target_id: target ID
:type target_id: `int`
:param include_raw_data: True/False to include raw data
:type include_raw_data: `bool`
:return: Results
:rtype: `dict`
"""
total = get_count(
session.query(models.Transaction).filter_by(target_id=target_id))
filtered_transaction_objs = transaction_gen_query(session, criteria,
target_id).all()
filtered_number = get_count(
transaction_gen_query(session, criteria, target_id, for_stats=True))
results = {
"records_total": total,
"records_filtered": filtered_number,
"data": get_transaction_dicts(filtered_transaction_objs,
include_raw_data)
}
return results
def search_all_urls(session, criteria, target_id=None):
"""Search all URLs based on criteria and target ID
.note::
Three things needed
+ Total number of urls
+ Filtered url
+ Filtered number of url
:param criteria: Filter criteria
:type criteria: `dict`
:param target_id: Target ID
:type target_id: `int`
:return: Search result dict
:rtype: `dict`
"""
total = get_count(session.query(models.Url).filter_by(target_id=target_id))
filtered_url_objs = url_gen_query(session, criteria, target_id).all()
filtered_number = get_count(
url_gen_query(session, criteria, target_id, for_stats=True))
results = {
"records_total": total,
"records_filtered": filtered_number,
"data": derive_url_dicts(filtered_url_objs)
}
return results
def search_by_regex_name(session, regex_name, stats=False, target_id=None):
"""Allows searching of the grep_outputs table using a regex name
.note::
What this function returns :
+ regex_name
+ grep_outputs - list of unique matches
+ transaction_ids - list of one transaction id per unique match
+ match_percent
:param regex_name: Name of regex
:type regex_name: `str`
:param stats: true/false
:type stats: `bool`
:param target_id: target ID
:type target_id: `int`
:return: List of results
:rtype: `list`
"""
# Get the grep outputs and only unique values
grep_outputs = session.query(models.GrepOutput.output).filter_by(
name=regex_name,
target_id=target_id).group_by(models.GrepOutput.output).all()
grep_outputs = [i[0] for i in grep_outputs]
# Get one transaction per match
transaction_ids = []
for grep_output in grep_outputs:
transaction_ids.append(
session.query(models.Transaction.id).join(
models.Transaction.grep_outputs).filter(
models.GrepOutput.output == grep_output,
models.GrepOutput.target_id == target_id).limit(1).all()[0]
[0])
# Calculate stats if needed
if stats:
# Calculate the total number of matches
num_matched_transactions = get_count(
session.query(models.Transaction).join(
models.Transaction.grep_outputs).filter(
models.GrepOutput.name == regex_name,
models.GrepOutput.target_id == target_id).group_by(
models.Transaction))
# Calculate total number of transactions in scope
num_transactions_in_scope = get_count(
session.query(models.Transaction).filter_by(scope=True,
target_id=target_id))
# Calculate matched percentage
if int(num_transactions_in_scope):
match_percent = int(
(num_matched_transactions / float(num_transactions_in_scope)) *
100)
else:
match_percent = 0
else:
match_percent = None
return [
regex_name, [json.loads(i) for i in grep_outputs], transaction_ids,
match_percent
]
def plugin_count_output(session):
"""Get count stats
:return: Count stats
:rtype: `dict`
"""
from owtf.managers.worker import worker_manager
complete_count = get_count(session.query(models.PluginOutput))
left_count = get_count(session.query(models.Work))
left_count += worker_manager.get_busy_workers()
results = {'complete_count': complete_count, 'left_count': left_count}
return results
def add_work(session, target_list, plugin_list, force_overwrite=False):
"""Add work to the worklist
:param target_list: target list
:type target_list: `list`
:param plugin_list: plugin list
:type plugin_list: `list`
:param force_overwrite: True/False, user choice
:type force_overwrite: `bool`
:return: None
:rtype: None
"""
if any(plugin['group'] == 'auxiliary' for plugin in plugin_list):
# No sorting if aux plugins are run
sorted_plugin_list = plugin_list
else:
sorted_plugin_list = group_sort_order(plugin_list)
for target in target_list:
for plugin in sorted_plugin_list:
# Check if it already in worklist
if get_count(session.query(models.Work).filter_by(target_id=target["id"],
plugin_key=plugin["key"])) == 0:
# Check if it is already run ;) before adding
is_run = plugin_already_run(session=session, plugin_info=plugin, target_id=target["id"])
if (force_overwrite is True) or (force_overwrite is False and is_run is False):
# If force overwrite is true then plugin output has
# to be deleted first
if force_overwrite is True:
delete_all_poutput(session=session, filter_data={"plugin_key": plugin["key"]},
target_id=target["id"])
work_model = models.Work(target_id=target["id"], plugin_key=plugin["key"])
session.add(work_model)
session.commit()
def search_target_configs(session, filter_data=None, session_id=None):
"""Three things needed
+ Total number of targets
+ Filtered target dicts
+ Filtered number of targets
:param filter_data: Filter data
:type filter_data: `dict`
:param session_id: session id
:type session_id: `int`
:return: results
:rtype: `dict`
"""
total = get_count(session.query(models.Target).filter(models.Target.sessions.any(id=session_id)))
filtered_target_objs = target_gen_query(session, filter_data, session_id).all()
filtered_number = get_count(target_gen_query(session, filter_data, session_id, for_stats=True))
results = {
"records_total": total,
"records_filtered": filtered_number,
"data": get_target_configs(filtered_target_objs)
}
return results
def num_transactions(session, scope=True, target_id=None):
"""Return number of transactions in scope by default
:param scope: In/out scope
:type scope: `bool`
:param target_id: ID of the target
:type target_id: `int`
:return: Number of transactions in scope
:rtype: `int`
"""
count = get_count(
session.query(models.Transaction).filter_by(scope=scope,
target_id=target_id))
return count
def plugin_output_exists(session, plugin_key, target_id):
"""Check if output exists
:param plugin_key: plugin key
:type plugin_key: `str`
:param target_id: Target id
:type target_id: `int`
:return: True if count > 0
:rtype: `bool`
"""
count = get_count(
session.query(models.PluginOutput).filter_by(target_id=target_id,
plugin_key=plugin_key))
return count > 0
def search_all_work(session, criteria):
"""Search the worklist
.note::
Three things needed
+ Total number of work
+ Filtered work dicts
+ Filtered number of works
:param criteria: Filter criteria
:type criteria: `dict`
:return: Results of the search query
:rtype: `dict`
"""
total = get_count(session.query(models.Work))
filtered_work_objs = worklist_generate_query(session, criteria).all()
filtered_number = worklist_generate_query(session, criteria, for_stats=True).count()
results = {
"records_total": total,
"records_filtered": filtered_number,
"data": _derive_work_dicts(filtered_work_objs)
}
return results