def __init__(self):
self.nessus = Nessus()
# colors
self.G = '\033[92m' # green
self.Y = '\033[93m' # yellow
self.B = '\033[94m' # blue
self.R = '\033[91m' # red
self.W = '\033[0m' # white
def __init__(self):
# colors
self.G = '\033[92m' # green
self.Y = '\033[93m' # yellow
self.B = '\033[94m' # blue
self.R = '\033[91m' # red
self.W = '\033[0m' # white
# object initialization
self.nessus = Nessus()
self.wpscan = WpScan()
# MongoDB variables
self.mongocli = MongoClient('localhost', 27017)
self.dbname = self.mongocli['RTA']
# Slack notification
self.slack = Slack()
class Scan():
""" This class will take care of the Active/Passive scanning """
def __init__(self):
self.nessus = Nessus()
# colors
self.G = '\033[92m' # green
self.Y = '\033[93m' # yellow
self.B = '\033[94m' # blue
self.R = '\033[91m' # red
self.W = '\033[0m' # white
def nessus_scan(self, target, filename):
""" This function will take care of nessus scans and getting its output"""
self.nessus.login()
self.nessus.get_custom_uuid()
self.nessus.get_policy_id()
self.nessus.add_scan(list(target))
print(self.G + "[i] Successfully added the Nessus scan")
self.nessus.launch_scan()
print(
"[i] Successfully launched the Nessus scan & waiting for the scan to complete"
)
while True:
time.sleep(60)
try:
status = self.nessus.check_status()
if (status != "running"):
break
except Exception as e:
continue
self.nessus.scan_results(filename)
print(self.G + "[+] Nessus consolidated report:")
self.nessus.slack_notify()
return
class Scan():
""" This class will take care of the Active/Passive scanning """
def __init__(self):
# colors
self.G = '\033[92m' # green
self.Y = '\033[93m' # yellow
self.B = '\033[94m' # blue
self.R = '\033[91m' # red
self.W = '\033[0m' # white
# object initialization
self.nessus = Nessus()
self.wpscan = WpScan()
# MongoDB variables
self.mongocli = MongoClient('localhost', 27017)
self.dbname = self.mongocli['RTA']
# Slack notification
self.slack = Slack()
def nessus_scan(self, target, filename):
""" This function will take care of nessus scans and getting its output"""
self.nessus.login()
self.nessus.get_custom_uuid()
self.nessus.get_policy_id()
self.nessus.add_scan(list(target))
print(self.G + "[i] Successfully added the Nessus scan")
self.nessus.launch_scan()
print(
"[i] Successfully launched the Nessus scan & waiting for the scan to complete"
)
while True:
time.sleep(60)
try:
status = self.nessus.check_status()
if (status != "running"):
break
except Exception as e:
continue
self.nessus.scan_results(filename)
print(self.G + "[+] Nessus consolidated report:")
self.nessus.slack_notify()
return
def wp_scan(self, parent):
"""
Launch WpScan if the techstack used is wordpress.
"""
collection = self.dbname['wpscan']
collection_tech = self.dbname['tech_stack']
count = self.dbname.collection.count()
# collection.create_index('domain', unique=True)
flag = True
for item in collection_tech.find({'parent': parent}):
message = ""
if 'wordpress' in str(item['tech_stack']).lower():
if flag:
message = "[+] *Wpscan report*: (" + item['domain'] + ")\n"
flag = False
result = self.wpscan.scan(item['domain'], parent)
data = {
'id': count + 1,
'domain': item['domain'],
'time': datetime.now()
}
data['version'] = result['version']['number']
message += "Version: `" + data['version'] + "`\n"
data['vulnerabilities'] = []
data['plugins'] = {}
message += "Wordpress core vulnerabilities: \n```\n"
for value in result['version']['vulnerabilities']:
data['vulnerabilities'].append(value['title'])
message += value['title'] + "\n"
message += "```\nPlugins: \n"
for key, value in result['plugins'].iteritems():
if message[-1] != "\n":
message += "```"
message += "\n" + key + ": \n```"
for vuln in value['vulnerabilities']:
message += "\n"
try:
data['plugins'][key].append(vuln['title'])
except:
data['plugins'][key] = []
data['plugins'][key].append(vuln['title'])
message += vuln['title']
# Push the above data to DB
message += "\n```"
print(self.W + message)
self.slack.notify_slack(message)
dataid = collection.insert(data)
count += 1
from scanning.nessus import Nessus
app = Flask(__name__)
# Reading config
path = os.path.dirname(os.path.abspath(__file__))
with open(path + "/../config", "r") as ymlfile:
config = yaml.load(ymlfile)
# MongoDB connection
mongocli = MongoClient('localhost', 27017)
dbname = mongocli['RTA']
# Nessus class initialization
nessus = Nessus()
# 401 Authorization handler
@app.errorhandler(401)
def not_found(error):
return make_response(jsonify({'error': 'UnAuthorized'}), 404)
# Checking Authentication header
def auth_check():
uuid = config["api"]["token"]
try:
user_uuid = request.headers.get('X-RTA-UUID')
except:
abort(401)