Esempio n. 1
0
def launch_zap_scan(target_url, project_id, rescan_id, rescan, scan_id, user):
    """
    The function Launch ZAP Scans.
    :param target_url: Target URL
    :param project_id: Project ID
    :return:
    """
    username = user.username
    zap_enabled = False
    random_port = '8091'

    all_zap = zap_settings_db.objects.filter(username=username)
    for zap in all_zap:
        zap_enabled = zap.enabled

    if zap_enabled is False:
        print("started local instence")
        random_port = zap_plugin.zap_local()

    for i in range(0, 100):
        while True:
            try:
                # Connection Test
                zap_connect = zap_plugin.zap_connect(random_port, username=username)
                zap_connect.spider.scan(url=target_url)
            except Exception as e:
                print("ZAP Connection Not Found, re-try after 5 sec")
                time.sleep(5)
                continue
            break

    zap_plugin.zap_spider_thread(count=20, random_port=random_port, username=username)
    zap_plugin.zap_spider_setOptionMaxDepth(count=5, random_port=random_port, username=username)

    zap_plugin.zap_scan_thread(count=30, random_port=random_port, username=username)
    zap_plugin.zap_scan_setOptionHostPerScan(count=3, random_port=random_port, username=username)

    # Load ZAP Plugin
    zap = zap_plugin.ZAPScanner(target_url, project_id, rescan_id, rescan, random_port=random_port, username=username)
    zap.exclude_url()
    time.sleep(3)
    zap.cookies()
    time.sleep(3)
    date_time = datetime.now()
    try:
        save_all_scan = zap_scans_db(
            username=username,
            project_id=project_id,
            scan_url=target_url,
            scan_scanid=scan_id,
            date_time=date_time,
            rescan_id=rescan_id,
            rescan=rescan,
            vul_status='0'
        )

        save_all_scan.save()
        notify.send(user, recipient=user, verb='ZAP Scan URL %s Added' % target_url)
    except Exception as e:
        print(e)

    notify.send(user, recipient=user, verb='ZAP Scan Started')
    zap.zap_spider_thread(thread_value=30)
    spider_id = zap.zap_spider()
    zap.spider_status(spider_id=spider_id)
    zap.spider_result(spider_id=spider_id)
    notify.send(user, recipient=user, verb='ZAP Scan Spider Completed')
    time.sleep(5)
    """ ZAP Scan trigger on target_url  """
    zap_scan_id = zap.zap_scan()
    zap.zap_scan_status(
        scan_id=zap_scan_id,
        un_scanid=scan_id
    )
    """ Save Vulnerability in database """
    time.sleep(5)
    all_vuln = zap.zap_scan_result(target_url=target_url)
    time.sleep(5)
    save_all_vuln = zap.zap_result_save(
        all_vuln=all_vuln,
        project_id=project_id,
        un_scanid=scan_id,
        username=username,
    )
    print(save_all_vuln)
    all_zap_scan = zap_scans_db.objects.filter(username=username)

    total_vuln = ''
    total_high = ''
    total_medium = ''
    total_low = ''
    for data in all_zap_scan:
        total_vuln = data.total_vul
        total_high = data.high_vul
        total_medium = data.medium_vul
        total_low = data.low_vul

    if zap_enabled is False:
        zap.zap_shutdown()

    notify.send(user, recipient=user, verb='ZAP Scan URL %s Completed' % target_url)

    subject = 'Archery Tool Scan Status - ZAP Scan Completed'
    message = 'ZAP Scanner has completed the scan ' \
              '  %s <br> Total: %s <br>High: %s <br>' \
              'Medium: %s <br>Low %s' % (target_url, total_vuln, total_high, total_medium, total_low)

    email_notify(user=user, subject=subject, message=message)
Esempio n. 2
0
def launch_zap_scan(target_url, project_id, rescan_id, rescan, scan_id, user):
    """
    The function Launch ZAP Scans.
    :param target_url: Target URL
    :param project_id: Project ID
    :return:
    """
    zap_enabled = False

    all_zap = zap_settings_db.objects.all()
    for zap in all_zap:
        zap_enabled = zap.enabled

    if zap_enabled is False:
        print("started local instence")
        zap_plugin.zap_local()
        time.sleep(20)

    # Connection Test
    zap_connect = zap_plugin.zap_connect()

    try:
        zap_connect.spider.scan(url=target_url)
        notify.send(user, recipient=user, verb='ZAP Scan Started')

    except Exception:
        notify.send(user, recipient=user, verb='ZAP Connection Not Found')
        subject = 'ZAP Connection Not Found'
        message = 'ZAP Scanner failed due to setting not found '

        email_notify(user=user, subject=subject, message=message)
        print("ZAP Connection Not Found")
        return HttpResponseRedirect(reverse('zapscanner:zap_scan_list'))

    zap_plugin.zap_spider_thread(count=20)
    zap_plugin.zap_spider_setOptionMaxDepth(count=5)

    zap_plugin.zap_scan_thread(count=30)
    zap_plugin.zap_scan_setOptionHostPerScan(count=3)

    # Load ZAP Plugin
    zap = zap_plugin.ZAPScanner(target_url, project_id, rescan_id, rescan)
    zap.exclude_url()
    time.sleep(3)
    zap.cookies()
    time.sleep(3)
    date_time = datetime.now()
    try:
        save_all_scan = zap_scans_db(project_id=project_id,
                                     scan_url=target_url,
                                     scan_scanid=scan_id,
                                     date_time=date_time,
                                     rescan_id=rescan_id,
                                     rescan=rescan,
                                     vul_status='0')

        save_all_scan.save()
        notify.send(user,
                    recipient=user,
                    verb='ZAP Scan URL %s Added' % target_url)
    except Exception as e:
        print(e)
    zap.zap_spider_thread(thread_value=30)
    spider_id = zap.zap_spider()
    zap.spider_status(spider_id=spider_id)
    zap.spider_result(spider_id=spider_id)
    notify.send(user, recipient=user, verb='ZAP Scan Spider Completed')
    time.sleep(5)
    """ ZAP Scan trigger on target_url  """
    zap_scan_id = zap.zap_scan()
    zap.zap_scan_status(scan_id=zap_scan_id, un_scanid=scan_id)
    """ Save Vulnerability in database """
    time.sleep(5)
    all_vuln = zap.zap_scan_result()
    time.sleep(5)
    save_all_vuln = zap.zap_result_save(
        all_vuln=all_vuln,
        project_id=project_id,
        un_scanid=scan_id,
    )
    print(save_all_vuln)
    all_zap_scan = zap_scans_db.objects.all()

    total_vuln = ''
    total_high = ''
    total_medium = ''
    total_low = ''
    for data in all_zap_scan:
        total_vuln = data.total_vul
        total_high = data.high_vul
        total_medium = data.medium_vul
        total_low = data.low_vul

    if zap_enabled is False:
        zap.zap_shutdown()

    notify.send(user,
                recipient=user,
                verb='ZAP Scan URL %s Completed' % target_url)

    subject = 'Archery Tool Scan Status - ZAP Scan Completed'
    message = 'ZAP Scanner has completed the scan ' \
              '  %s <br> Total: %s <br>High: %s <br>' \
              'Medium: %s <br>Low %s' % (target_url, total_vuln, total_high, total_medium, total_low)

    email_notify(user=user, subject=subject, message=message)