def launchCallback(self, _event=None): """ Callback for the launch tool button. Will queue this tool to a celery worker. #TODO move to ToolController Will try to launch respecting limits first. If it does not work, it will asks the user to force launch. Args: _event: Automatically generated with a button Callback, not used. """ res = self.safeLaunchCallback() if not res: dialog = ChildDialogQuestion( self.appliViewFrame, "Safe queue failed", "This tool cannot be launched because no worker add space for its thread.\nDo you want to launch it anyway?" ) self.appliViewFrame.wait_window(dialog.app) answer = dialog.rvalue if answer == "Yes": mongoInstance = MongoCalendar.getInstance() res = self.mainApp.scanManager.monitor.launchTask( mongoInstance.calendarName, self.controller.model, "", False) if res: self.controller.update() self.form.clear() for widget in self.appliViewFrame.winfo_children(): widget.destroy() self.openModifyWindow()
def removeItem(self, toDeleteIid): """ Remove defect from given iid in defect treeview Args: toDeleteIid: database ID of defect to delete """ item = self.treevw.item(toDeleteIid) dialog = ChildDialogQuestion( self.parent, "DELETE WARNING", "Are you sure you want to delete defect " + str(item["text"]) + " ?", ["Delete", "Cancel"]) self.parent.wait_window(dialog.app) if dialog.rvalue != "Delete": return self.treevw.delete(toDeleteIid) defectToDelete = Defect.fetchObject({ "title": item["text"], "ip": "", "port": "", "proto": "" }) if defectToDelete is not None: if defectToDelete.index is not None: index = int(defectToDelete.index) children = self.treevw.get_children() for i in range(index + 1, len(children), 1): d_o = Defect({"_id": children[i]}) d_o.update({"index": str(i)}) defectToDelete.delete() self.resizeDefectTreeview()
def prepareCalendar(self, dbName, pentest_type, start_date, end_date, scope, settings, pentesters): """ Initiate a pentest database with wizard info Args: dbName: the database name pentest_type: a pentest type choosen from settings pentest_types. Used to select commands that will be launched by default start_date: a begining date and time for the pentest end_date: ending date and time for the pentest scope: a list of scope valid string (IP, network IP or host name) settings: a dict of settings with keys: * "Add domains whose IP are in scope": if 1, will do a dns lookup on new domains and check if found IP is in scope * "Add domains who have a parent domain in scope": if 1, will add a new domain if a parent domain is in scope * "Add all domains found": Unsafe. if 1, all new domains found by tools will be considered in scope. """ commands = Command.getList({"$or":[{"types":{"$elemMatch":{"$eq":pentest_type}}}, {"types":{"$elemMatch":{"$eq":"Commun"}}}]}) if not commands: commandslist = Command.getList() if not commandslist: dialog = ChildDialogQuestion(self.parent, "No command found", "There is no registered command in the database. Would you like to import the default set?") self.parent.wait_window(dialog.app) if dialog.rvalue != "Yes": return default = os.path.join(Utils.getMainDir(), "exports/pollenisator_commands.gzip") res = self.importCommands(default) if res: default = os.path.join(Utils.getMainDir(), "exports/pollenisator_group_commands.gzip") res = self.importCommands(default) commands = Command.getList({"$or":[{"types":{"$elemMatch":{"$eq":pentest_type}}}, {"types":{"$elemMatch":{"$eq":"Commun"}}}]}) #Duplicate commands in local database allcommands = Command.fetchObjects({}) for command in allcommands: command.indb = MongoCalendar.getInstance().calendarName command.addInDb() Wave().initialize(dbName, commands).addInDb() Interval().initialize(dbName, start_date, end_date).addInDb() values = {"wave":dbName, "Scopes":scope, "Settings":False} ScopeController(Scope()).doInsert(values) self.settings.reloadSettings() self.settings.db_settings["pentest_type"] = pentest_type self.settings.db_settings["include_domains_with_ip_in_scope"] = settings['Add domains whose IP are in scope'] == 1 self.settings.db_settings["include_domains_with_topdomain_in_scope"] = settings["Add domains who have a parent domain in scope"] == 1 self.settings.db_settings["include_all_domains"] = settings["Add all domains found"] == 1 self.settings.db_settings["pentesters"] = list(map(lambda x: x.strip(), pentesters.split("\n"))) self.settings.save()
def downloadResultFile(self, _event=None): """Callback for tool click #TODO move to ToolController Download the tool result file and asks the user if he or she wants to open it. If OK, tries to open it using xdg-open or os.startsfile Args: _event: not used """ fs = FileStorage() fs.open() path = None if fs.sftp_connection is not None: dialog = ChildDialogInfo(self.appliViewFrame, "Download Started", "Downloading...") resultFile = self.controller.getResultFile() dialog.show() if resultFile != "" and resultFile is not None: path = fs.getToolResult(resultFile) else: tkinter.messagebox.showerror( "Download failed", "The result file does not exist.") dialog.destroy() else: tkinter.messagebox.showerror("Download failed", "The sftp connection failed.") return fs.close() if path is not None: if os.path.isfile(path): if which("xdg-open") is not None: dialog = ChildDialogQuestion( self.appliViewFrame, "Download completed", "The file has been downloaded.\n Would you like to open it?", answers=["Open", "Cancel"]) self.appliViewFrame.wait_window(dialog.app) if dialog.rvalue == "Open": Utils.execute("xdg-open " + path) return else: return path = None if path is None: tkinter.messagebox.showerror( "Download failed", "the file does not exist on sftp server")
def deleteSelected(self, _event): """ Interface to delete a database object from an event. Prompt the user a confirmation window. Args: _event: not used, a ttk Treeview event autofilled. Contains information on what treeview node was clicked. """ n = len(self.selection()) dialog = ChildDialogQuestion( self.parentFrame, "DELETE WARNING", "Becareful for you are about to delete " + str(n) + " entries and there is no turning back.", ["Delete", "Cancel"]) self.wait_window(dialog.app) if dialog.rvalue != "Delete": return for selected in self.selection(): view = self.getViewFromId(selected) if view is not None: view.delete(None, False)
def openInBrowser(self, _event=None): """Callback of action Open 200 in browser Open all 200 status code in browser as tabs. If more that 10 status code 200 are to be opened, shows a warning. Args: _event: not used but mandatory """ ssl = self.port_m.infos.get("SSL", "False") paths = self.port_m.infos.get("Dirsearch_200", []) url_base = "https://" if ssl == "True" else "http://" toplevel = tk.Toplevel() if len(paths) > 10: dialog = ChildDialogQuestion(toplevel, "OPEN WARNING", "Becareful for you are about to open "+str(len(paths)) + "in your browser. This may a bit too much.", ["Continue", "Cancel"]) toplevel.wait_window(dialog.app) if dialog.rvalue != "Continue": return toplevel.destroy() for path in paths: url = url_base + self.port_m.ip+":"+str(self.port_m.port)+path webbrowser.open_new_tab(url)