def launch_zap_scan(target_url, project_id, rescan_id, rescan, scan_id, user):
"""
The function Launch ZAP Scans.
:param target_url: Target URL
:param project_id: Project ID
:return:
"""
username = user.username
zap_enabled = False
random_port = '8091'
all_zap = zap_settings_db.objects.filter(username=username)
for zap in all_zap:
zap_enabled = zap.enabled
if zap_enabled is False:
print("started local instence")
random_port = zap_plugin.zap_local()
for i in range(0, 100):
while True:
try:
# Connection Test
zap_connect = zap_plugin.zap_connect(random_port, username=username)
zap_connect.spider.scan(url=target_url)
except Exception as e:
print("ZAP Connection Not Found, re-try after 5 sec")
time.sleep(5)
continue
break
zap_plugin.zap_spider_thread(count=20, random_port=random_port, username=username)
zap_plugin.zap_spider_setOptionMaxDepth(count=5, random_port=random_port, username=username)
zap_plugin.zap_scan_thread(count=30, random_port=random_port, username=username)
zap_plugin.zap_scan_setOptionHostPerScan(count=3, random_port=random_port, username=username)
# Load ZAP Plugin
zap = zap_plugin.ZAPScanner(target_url, project_id, rescan_id, rescan, random_port=random_port, username=username)
zap.exclude_url()
time.sleep(3)
zap.cookies()
time.sleep(3)
date_time = datetime.now()
try:
save_all_scan = zap_scans_db(
username=username,
project_id=project_id,
scan_url=target_url,
scan_scanid=scan_id,
date_time=date_time,
rescan_id=rescan_id,
rescan=rescan,
vul_status='0'
)
save_all_scan.save()
notify.send(user, recipient=user, verb='ZAP Scan URL %s Added' % target_url)
except Exception as e:
print(e)
notify.send(user, recipient=user, verb='ZAP Scan Started')
zap.zap_spider_thread(thread_value=30)
spider_id = zap.zap_spider()
zap.spider_status(spider_id=spider_id)
zap.spider_result(spider_id=spider_id)
notify.send(user, recipient=user, verb='ZAP Scan Spider Completed')
time.sleep(5)
""" ZAP Scan trigger on target_url """
zap_scan_id = zap.zap_scan()
zap.zap_scan_status(
scan_id=zap_scan_id,
un_scanid=scan_id
)
""" Save Vulnerability in database """
time.sleep(5)
all_vuln = zap.zap_scan_result(target_url=target_url)
time.sleep(5)
save_all_vuln = zap.zap_result_save(
all_vuln=all_vuln,
project_id=project_id,
un_scanid=scan_id,
username=username,
)
print(save_all_vuln)
all_zap_scan = zap_scans_db.objects.filter(username=username)
total_vuln = ''
total_high = ''
total_medium = ''
total_low = ''
for data in all_zap_scan:
total_vuln = data.total_vul
total_high = data.high_vul
total_medium = data.medium_vul
total_low = data.low_vul
if zap_enabled is False:
zap.zap_shutdown()
notify.send(user, recipient=user, verb='ZAP Scan URL %s Completed' % target_url)
subject = 'Archery Tool Scan Status - ZAP Scan Completed'
message = 'ZAP Scanner has completed the scan ' \
' %s <br> Total: %s <br>High: %s <br>' \
'Medium: %s <br>Low %s' % (target_url, total_vuln, total_high, total_medium, total_low)
email_notify(user=user, subject=subject, message=message)
def setting(request):
"""
The function calling setting page.
:param request:
:return:
"""
all_notify = Notification.objects.unread()
jira_url = None
j_username = None
password = None
# Loading settings
username = request.user.username
settings = load_settings.ArcherySettings(setting_file, username=username)
lod_ov_user = settings.openvas_username()
lod_ov_pass = settings.openvas_pass()
lod_ov_host = settings.openvas_host()
lod_ov_port = settings.openvas_port()
lod_ov_enabled = settings.openvas_enabled()
# Loading ZAP Settings
zap_api_key = ''
zap_hosts = ''
zap_ports = ''
zap_enable = False
all_zap = zap_settings_db.objects.filter(username=username)
for zap in all_zap:
zap_api_key = zap.zap_api
zap_hosts = zap.zap_url
zap_ports = zap.zap_port
zap_enable = zap.enabled
lod_apikey = zap_api_key
zap_host = zap_hosts
zap_port = zap_ports
# Loading Arachni Settings
arachni_hosts = ''
arachni_ports = ''
all_arachni = arachni_settings_db.objects.filter(username=username)
for arachni in all_arachni:
arachni_hosts = arachni.arachni_url
arachni_ports = arachni.arachni_port
arachni_hosts = arachni_hosts
arachni_ports = arachni_ports
# Loading NMAP Vulners Settings
nv_enabled = False
nv_online = False
nv_version = False
nv_timing = 0
all_nv = nmap_vulners_setting_db.objects.filter(username=username)
for nv in all_nv:
nv_enabled = bool(nv.enabled)
nv_online = bool(nv.online)
nv_version = bool(nv.version)
nv_timing = int(nv.timing)
# Loading Burp Settings
burp_host = settings.burp_host()
burp_port = settings.burp_port()
burp_api_key = settings.burp_api_key()
# Loading Email Settings
all_email = email_db.objects.filter(username=username)
# Load JIRA Setting
jira_setting = jirasetting.objects.filter(username=username)
for jira in jira_setting:
jira_url = jira.jira_server
j_username = jira.jira_username
password = jira.jira_password
jira_server = jira_url
if j_username is None:
jira_username = None
else:
jira_username = signing.loads(j_username)
if password is None:
jira_password = None
else:
jira_password = signing.loads(password)
username = request.user.username
zap_enabled = False
random_port = '8091'
target_url = 'https://archerysec.com'
zap_info = ''
burp_info = ''
openvas_info = ''
arachni_info = ''
jira_info = ''
if request.method == 'POST':
setting_of = request.POST.get('setting_of')
if setting_of == 'zap':
all_zap = zap_settings_db.objects.filter(username=username)
for zap in all_zap:
zap_enabled = zap.enabled
if zap_enabled is False:
zap_info = 'Disabled'
try:
random_port = zap_plugin.zap_local()
except:
return render(request, 'setting.html',
{'zap_info': zap_info})
for i in range(0, 100):
while True:
try:
# Connection Test
zap_connect = zap_plugin.zap_connect(
random_port, username=username)
zap_connect.spider.scan(url=target_url)
except Exception as e:
print(
"ZAP Connection Not Found, re-try after 5 sec")
time.sleep(5)
continue
break
else:
try:
zap_connect = zap_plugin.zap_connect(random_port,
username=username)
zap_connect.spider.scan(url=target_url)
zap_info = True
except:
zap_info = False
if setting_of == 'burp':
host = 'http://' + burp_host + ':' + burp_port + '/'
bi = burpscanner.BurpApi(host, burp_api_key)
issue_list = bi.issue_definitions()
if issue_list.data is None:
burp_info = False
else:
burp_info = True
if setting_of == 'openvas':
sel_profile = ''
openvas = OpenVAS_Plugin(scan_ip,
project_id,
sel_profile,
username=username)
try:
openvas.connect()
openvas_info = True
except:
openvas_info = False
if setting_of == 'arachni':
global scan_run_id, scan_status
arachni_hosts = None
arachni_ports = None
all_arachni = arachni_settings_db.objects.filter(username=username)
for arachni in all_arachni:
arachni_hosts = arachni.arachni_url
arachni_ports = arachni.arachni_port
arachni = PyArachniapi.arachniAPI(arachni_hosts, arachni_ports)
check = []
data = {
"url": 'https://archerysec.com',
"checks": check,
"audit": {}
}
d = json.dumps(data)
scan_launch = arachni.scan_launch(d)
time.sleep(3)
try:
scan_data = scan_launch.data
for key, value in scan_data.items():
if key == 'id':
scan_run_id = value
arachni_info = True
except Exception:
arachni_info = False
if setting_of == 'jira':
global jira_projects, jira_ser
jira_setting = jirasetting.objects.filter(username=username)
for jira in jira_setting:
jira_url = jira.jira_server
username = jira.jira_username
password = jira.jira_password
jira_server = jira_url
jira_username = signing.loads(username)
jira_password = signing.loads(password)
options = {'server': jira_server}
try:
jira_ser = JIRA(options,
basic_auth=(jira_username, jira_password),
timeout=5)
jira_projects = jira_ser.projects()
print(len(jira_projects))
jira_info = True
except Exception as e:
print(e)
jira_info = False
return render(
request, 'setting.html', {
'apikey': lod_apikey,
'zapath': zap_host,
'zap_port': zap_port,
'zap_enable': zap_enable,
'arachni_hosts': arachni_hosts,
'arachni_ports': arachni_ports,
'lod_ov_user': lod_ov_user,
'lod_ov_pass': lod_ov_pass,
'lod_ov_host': lod_ov_host,
'lod_ov_enabled': lod_ov_enabled,
'lod_ov_port': lod_ov_port,
'burp_path': burp_host,
'burp_port': burp_port,
'burp_api_key': burp_api_key,
'all_email': all_email,
'jira_server': jira_server,
'jira_username': jira_username,
'jira_password': jira_password,
'nv_enabled': nv_enabled,
'nv_version': nv_version,
'nv_online': nv_online,
'nv_timing': nv_timing,
'message': all_notify,
'zap_info': zap_info,
'burp_info': burp_info,
'openvas_info': openvas_info,
'arachni_info': arachni_info,
'jira_info': jira_info
})
def post(self, request):
all_zap = ZapSettingsDb.objects.filter()
all_zap.delete()
all_zap_data = SettingsDb.objects.filter(setting_scanner="Zap")
all_zap_data.delete()
if request.POST.get("zap_enabled") == "on":
zap_enabled = True
else:
zap_enabled = False
apikey = request.POST.get("apikey", )
zaphost = request.POST.get("zappath", )
port = request.POST.get("port", )
setting_id = uuid.uuid4()
save_zap_data = SettingsDb(
setting_id=setting_id,
setting_scanner="Zap",
)
save_zap_data.save()
save_data = ZapSettingsDb(
setting_id=setting_id,
zap_url=zaphost,
zap_port=port,
zap_api=apikey,
enabled=zap_enabled,
)
save_data.save()
zap_enabled = False
random_port = "8091"
target_url = "https://archerysec.com"
zap_info = ""
all_zap = ZapSettingsDb.objects.filter()
for zap in all_zap:
zap_enabled = zap.enabled
if zap_enabled is False:
zap_info = "Disabled"
try:
random_port = zap_plugin.zap_local()
except:
return render(request, "setting/settings_page.html",
{"zap_info": zap_info})
for i in range(0, 100):
while True:
try:
# Connection Test
zap_connect = zap_plugin.zap_connect(random_port)
zap_connect.spider.scan(url=target_url)
except Exception as e:
print("ZAP Connection Not Found, re-try after 5 sec")
time.sleep(5)
continue
break
else:
try:
zap_connect = zap_plugin.zap_connect(random_port, )
zap_connect.spider.scan(url=target_url)
zap_info = True
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=zap_info)
except:
zap_info = False
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=zap_info)
return HttpResponseRedirect(reverse("archerysettings:settings"))
def launch_zap_scan(target_url, project_id, rescan_id, rescan, scan_id, user):
"""
The function Launch ZAP Scans.
:param target_url: Target URL
:param project_id: Project ID
:return:
"""
zap_enabled = False
all_zap = zap_settings_db.objects.all()
for zap in all_zap:
zap_enabled = zap.enabled
if zap_enabled is False:
print("started local instence")
zap_plugin.zap_local()
time.sleep(20)
# Connection Test
zap_connect = zap_plugin.zap_connect()
try:
zap_connect.spider.scan(url=target_url)
notify.send(user, recipient=user, verb='ZAP Scan Started')
except Exception:
notify.send(user, recipient=user, verb='ZAP Connection Not Found')
subject = 'ZAP Connection Not Found'
message = 'ZAP Scanner failed due to setting not found '
email_notify(user=user, subject=subject, message=message)
print("ZAP Connection Not Found")
return HttpResponseRedirect(reverse('zapscanner:zap_scan_list'))
zap_plugin.zap_spider_thread(count=20)
zap_plugin.zap_spider_setOptionMaxDepth(count=5)
zap_plugin.zap_scan_thread(count=30)
zap_plugin.zap_scan_setOptionHostPerScan(count=3)
# Load ZAP Plugin
zap = zap_plugin.ZAPScanner(target_url, project_id, rescan_id, rescan)
zap.exclude_url()
time.sleep(3)
zap.cookies()
time.sleep(3)
date_time = datetime.now()
try:
save_all_scan = zap_scans_db(project_id=project_id,
scan_url=target_url,
scan_scanid=scan_id,
date_time=date_time,
rescan_id=rescan_id,
rescan=rescan,
vul_status='0')
save_all_scan.save()
notify.send(user,
recipient=user,
verb='ZAP Scan URL %s Added' % target_url)
except Exception as e:
print(e)
zap.zap_spider_thread(thread_value=30)
spider_id = zap.zap_spider()
zap.spider_status(spider_id=spider_id)
zap.spider_result(spider_id=spider_id)
notify.send(user, recipient=user, verb='ZAP Scan Spider Completed')
time.sleep(5)
""" ZAP Scan trigger on target_url """
zap_scan_id = zap.zap_scan()
zap.zap_scan_status(scan_id=zap_scan_id, un_scanid=scan_id)
""" Save Vulnerability in database """
time.sleep(5)
all_vuln = zap.zap_scan_result()
time.sleep(5)
save_all_vuln = zap.zap_result_save(
all_vuln=all_vuln,
project_id=project_id,
un_scanid=scan_id,
)
print(save_all_vuln)
all_zap_scan = zap_scans_db.objects.all()
total_vuln = ''
total_high = ''
total_medium = ''
total_low = ''
for data in all_zap_scan:
total_vuln = data.total_vul
total_high = data.high_vul
total_medium = data.medium_vul
total_low = data.low_vul
if zap_enabled is False:
zap.zap_shutdown()
notify.send(user,
recipient=user,
verb='ZAP Scan URL %s Completed' % target_url)
subject = 'Archery Tool Scan Status - ZAP Scan Completed'
message = 'ZAP Scanner has completed the scan ' \
' %s <br> Total: %s <br>High: %s <br>' \
'Medium: %s <br>Low %s' % (target_url, total_vuln, total_high, total_medium, total_low)
email_notify(user=user, subject=subject, message=message)
def post(self, request):
all_notify = Notification.objects.unread()
jira_url = None
j_username = None
password = None
# Loading settings
all_settings_data = SettingsDb.objects.filter()
# Loading ZAP Settings
zap_api_key = ""
zap_hosts = ""
zap_ports = ""
zap_enable = False
all_zap = ZapSettingsDb.objects.filter()
for zap in all_zap:
zap_api_key = zap.zap_api
zap_hosts = zap.zap_url
zap_ports = zap.zap_port
zap_enable = zap.enabled
lod_apikey = zap_api_key
zap_host = zap_hosts
zap_port = zap_ports
# Loading Arachni Settings
arachni_hosts = ""
arachni_ports = ""
arachni_user = ""
arachni_pass = ""
all_arachni = ArachniSettingsDb.objects.filter()
for arachni in all_arachni:
arachni_hosts = arachni.arachni_url
arachni_ports = arachni.arachni_port
arachni_user = arachni.arachni_user
arachni_pass = arachni.arachni_pass
burp_host = ""
burp_port = ""
burp_api_key = ""
all_burp_setting = BurpSettingDb.objects.all()
for data in all_burp_setting:
burp_host = data.burp_url
burp_port = data.burp_port
burp_api_key = data.burp_api_key
jira_setting = jirasetting.objects.all()
for jira in jira_setting:
jira_url = jira.jira_server
j_username = jira.jira_username
password = jira.jira_password
jira_server = jira_url
if j_username is None:
jira_username = None
else:
jira_username = signing.loads(j_username)
if password is None:
jira_password = None
else:
jira_password = signing.loads(password)
zap_enabled = False
random_port = "8091"
target_url = "https://archerysec.com"
setting_of = request.POST.get("setting_of")
setting_id = request.POST.get("setting_id")
if setting_of == "zap":
all_zap = ZapSettingsDb.objects.filter()
for zap in all_zap:
zap_enabled = zap.enabled
if zap_enabled is False:
zap_info = "Disabled"
try:
random_port = zap_plugin.zap_local()
except:
return render(
request, "setting/settings_page.html", {"zap_info": zap_info}
)
for i in range(0, 100):
while True:
try:
# Connection Test
zap_connect = zap_plugin.zap_connect(random_port)
zap_connect.spider.scan(url=target_url)
except Exception as e:
print("ZAP Connection Not Found, re-try after 5 sec")
time.sleep(5)
continue
break
else:
try:
zap_connect = zap_plugin.zap_connect(random_port)
zap_connect.spider.scan(url=target_url)
zap_info = True
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=zap_info
)
except:
zap_info = False
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=zap_info
)
if setting_of == "burp":
host = "http://" + burp_host + ":" + burp_port + "/"
try:
bi = burpscanner.BurpApi(host, burp_api_key)
except:
burp_info = False
return burp_info
issue_list = bi.issue_definitions()
if issue_list.data is None:
burp_info = False
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=burp_info
)
else:
burp_info = True
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=burp_info
)
if setting_of == "openvas":
sel_profile = ""
scan_ip = ""
project_id = ""
openvas = OpenVAS_Plugin(scan_ip, project_id, sel_profile)
try:
openvas.connect()
openvas_info = True
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=openvas_info
)
except:
openvas_info = False
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=openvas_info
)
if setting_of == "arachni":
global scan_run_id, scan_status
arachni_hosts = None
arachni_ports = None
arachni_user = None
arachni_pass = None
all_arachni = ArachniSettingsDb.objects.filter()
for arachni in all_arachni:
arachni_hosts = arachni.arachni_url
arachni_ports = arachni.arachni_port
arachni_user = arachni.arachni_user
arachni_pass = arachni.arachni_pass
arachni = PyArachniapi.arachniAPI(
arachni_hosts, arachni_ports, arachni_user, arachni_pass
)
check = []
data = {"url": "https://archerysec.com", "checks": check, "audit": {}}
d = json.dumps(data)
scan_launch = arachni.scan_launch(d)
time.sleep(3)
try:
scan_data = scan_launch.data
for key, value in scan_data.items():
if key == "id":
scan_run_id = value
arachni_info = True
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=arachni_info
)
except Exception:
arachni_info = False
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=arachni_info
)
if setting_of == "jira":
global jira_projects, jira_ser
jira_setting = jirasetting.objects.filter()
for jira in jira_setting:
jira_url = jira.jira_server
username = jira.jira_username
password = jira.jira_password
if jira_url is None:
print("No jira url found")
try:
jira_server = jira_url
jira_username = signing.loads(username)
jira_password = signing.loads(password)
except:
jira_info = False
options = {"server": jira_server}
try:
jira_ser = JIRA(
options, basic_auth=(jira_username, jira_password), timeout=5
)
jira_projects = jira_ser.projects()
print(len(jira_projects))
jira_info = True
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=jira_info
)
except Exception as e:
print(e)
jira_info = False
SettingsDb.objects.filter(setting_id=setting_id).update(
setting_status=jira_info
)
return render(
request,
"setting/settings_page.html",
{"all_settings_data": all_settings_data, "all_notify": all_notify},
)