def Parse(self, file_opened, **_kwargs): """ Parse a opened file to extract information Args: file_opened: the open file _kwargs: not used Returns: a tuple with 4 values (All set to None if Parsing wrong file): 0. notes: notes to be inserted in tool giving direct info to pentester 1. tags: a list of tags to be added to tool 2. lvl: the level of the command executed to assign to given targets 3. targets: a list of composed keys allowing retrieve/insert from/into database targerted objects. """ notes = "" tags = [] targets = {} result_socket = file_opened.read() domain, ip = parse_reverse_python(result_socket) if domain is None: return None, None, None, None Ip().initialize(domain).addInDb() ip_m = Ip().initialize(ip) res, iid = ip_m.addInDb() if not res: ip_m = Ip.fetchObject({"_id": iid}) hostnames = list(set(ip_m.infos.get("hostname", []) + [domain])) ip_m.updateInfos({"hostname": hostnames}) targets["ip"] = {"ip": ip} notes += "Domain found :" + domain + "\n" if notes == "": notes = "No domain found\n" return notes, tags, "ip", targets
def doInsert(self, values): """ Insert the Ip represented by this model in the database with the given values. Args: values: A dictionary crafted by MultipleIpView or IpView containg all form fields values needed. Returns: { '_id': The mongo ObjectId _id of the inserted command document. 'nbErrors': The number of objects that has not been inserted in database due to errors. } """ # Only multi insert exists at the moment for IP try: multi = True except KeyError: multi = False if multi: # Get form values ret = [] total = 0 accepted = 0 for line in values["IPs"].split("\n"): if line != "": # Insert in database model = Ip().initialize(line) inserted, iid = model.addInDb() if inserted: ret.append(iid) accepted += 1 total += 1 return ret, total - accepted # nb errors = total - accepted
def addAllTool(self, command_name): """ Add the appropriate tools (level check and wave's commands check) for this scope. Args: command_name: The command that we want to create all the tools for. """ mongoInstance = MongoCalendar.getInstance() command = mongoInstance.findInDb("pollenisator", "commands", {"name": command_name}, False) if command["lvl"] == "network": newTool = Tool() newTool.initialize(command["name"], self.wave, self.scope, "", "", "", "network") newTool.addInDb() return if command["lvl"] == "domain": if not Utils.isNetworkIp(self.scope): newTool = Tool() newTool.initialize(command["name"], self.wave, self.scope, "", "", "", "domain") newTool.addInDb() return ips = self.getIpsFitting() for ip in ips: i = Ip(ip) i.addAllTool(command_name, self.wave, self.scope)
def addDomainInDb(self, checkDomain=True): """ Add this scope domain in database. Args: checkDomain: boolean. If true (Default), checks that the domain IP is in scope Returns: a tuple with : * bool for success * mongo ObjectId : already existing object if duplicate, create object id otherwise """ # Checking unicity base = self.getDbKey() mongoInstance = MongoCalendar.getInstance() existing = mongoInstance.find("scopes", base, False) if existing is not None: return 0, None # Check if domain's ip fit in one of the Scope of the wave if checkDomain: if not Scope.checkDomainFit(self.wave, self.scope): return -1, None # insert the domains in the scopes parent = self.getParent() res_insert = mongoInstance.insert("scopes", base, parent) ret = res_insert.inserted_id self._id = ret # Adding appropriate tools for this scopes wave = mongoInstance.find("waves", {"wave": self.wave}, False) commands = wave["wave_commands"] for commName in commands: comm = mongoInstance.findInDb("pollenisator", "commands", { "name": commName, "lvl": "network" }, False) if comm is not None: newTool = Tool() newTool.initialize(comm["name"], self.wave, self.scope, "", "", "", "network") newTool.addInDb() else: comm = mongoInstance.findInDb("pollenisator", "commands", { "name": commName, "lvl": "domain" }, False) if comm is not None: newTool = Tool() newTool.initialize(comm["name"], self.wave, self.scope, "", "", "", "domain") newTool.addInDb() # Testing this scope against every ips ips = Ip.fetchObjects({}) for ip in ips: if self._id not in ip.in_scopes: if ip.fitInScope(self.scope): ip.addScopeFitting(self.getId()) ipToInsert = Ip() ipToInsert.initialize(self.scope) ipToInsert.addInDb() return 1, ret
def Parse(self, file_opened, **kwargs): """ Parse a opened file to extract information Args: file_opened: the open file _kwargs: not used Returns: a tuple with 4 values (All set to None if Parsing wrong file): 0. notes: notes to be inserted in tool giving direct info to pentester 1. tags: a list of tags to be added to tool 2. lvl: the level of the command executed to assign to given targets 3. targets: a list of composed keys allowing retrieve/insert from/into database targerted objects. """ targets = {} notes = file_opened.read() regex_ip = r"Nmap scan report for (\S+)" ip_group = re.search(regex_ip, notes) if ip_group is None: return None, None, None, None # Auto Detect: if "smb-vuln-ms17-010:" not in notes: return None, None, None, None # Parsing ip = ip_group.group(1).strip() Ip().initialize(ip).addInDb() port_re = r"(\d+)\/(\S+)\s+open\s+microsoft-ds" res_search = re.search(port_re, notes) res_insert = None if res_search is None: port = None proto = None else: port = res_search.group(1) proto = res_search.group(2) p_o = Port() p_o.initialize(ip, port, proto, "microsoft-ds") res_insert = p_o.addInDb() targets[str(p_o.getId())] = { "ip": ip, "port": port, "proto": proto } if "VULNERABLE" in notes: d_o = Defect() d_o.initialize(ip, port, proto, "Serveur vulnérable à EternalBlue", "Difficile", "Critique", "Critique", "N/A", ["Socle"], notes=notes, proofs=[]) d_o.addInDb() tags = ["P0wned!"] if res_insert is not None: p_o.addTag("P0wned!") return notes, tags, "port", targets
def Parse(self, file_opened, **_kwargs): """ Parse a opened file to extract information Args: file_opened: the open file _kwargs: not used Returns: a tuple with 4 values (All set to None if Parsing wrong file): 0. notes: notes to be inserted in tool giving direct info to pentester 1. tags: a list of tags to be added to tool 2. lvl: the level of the command executed to assign to given targets 3. targets: a list of composed keys allowing retrieve/insert from/into database targerted objects. """ notes = "" tags = ["todo"] marker = "- scanning for subdomain..." markerFound = False countFound = 0 for line in file_opened: if marker == line.strip(): markerFound = True if not markerFound: continue ip, domain, alias = parse_knockpy_line(line) if ip is not None and domain is not None: # a domain has been found res, iid = Ip().initialize(domain).addInDb() if res: Ip().initialize(ip).addInDb() notes += line + "\n" countFound += 1 # failed, domain is out of scope else: notes += domain + " exists but already added.\n" ip_m = Ip.fetchObject({"_id": iid}) if alias: ip_m.updateInfos({"alias": ip}) if notes.strip() == "": return None, None, None, None return notes, tags, "wave", {"wave": None}
def Parse(self, file_opened, **kwargs): """ Parse a opened file to extract information Example file: 10.0.0.1 - UNKNOWN - no connection - timeout 10.0.0.2 - VULNERABLE - ?? - ???? Args: file_opened: the open file kwargs: port("") and proto("") are valid Returns: a tuple with 4 values (All set to None if Parsing wrong file): 0. notes: notes to be inserted in tool giving direct info to pentester 1. tags: a list of tags to be added to tool 2. lvl: the level of the command executed to assign to given targets 3. targets: a list of composed keys allowing retrieve/insert from/into database targerted objects. """ # 5. Parse the file has you want. # Here add a note to the tool's notes of each warnings issued by this testssl run. notes = "" tags = ["Neutral"] targets = {} for line in file_opened: # Auto Detect infos = line.split(" - ") if len(infos) < 3: return None, None, None, None if not Ip.isIp(infos[0]): return None, None, None, None if infos[1] not in ["UNKNOWN", "SAFE", "VULNERABLE"]: return None, None, None, None # Parse ip = line.split(" ")[0].strip() Ip().initialize(ip).addInDb() p_o = Port.fetchObject({"ip": ip, "port": kwargs.get( "port", None), "proto": kwargs.get("proto", None)}) if p_o is not None: targets[str(p_o.getId())] = {"ip": ip, "port": kwargs.get( "port", None), "proto": kwargs.get("proto", None)} if "VULNERABLE" in line: Defect().initialize(ip, kwargs.get("port", None), kwargs.get("proto", None), "Serveur vulnérable à BlueKeep", "Difficile", "Critique", "Critique", "N/A", ["Socle"], notes=notes, proofs=[]).addInDb() tags=["P0wned!"] if p_o is not None: p_o.addTag("P0wned!") ip_o = Ip.fetchObject({"ip": ip}) if ip_o is not None: ip_o.addTag("P0wned!") elif "UNKNOWN" in line: tags = ["todo"] notes += line return notes, tags, "port", targets
def onTreeviewSelect(self, event=None): """Called when a line is selected on the treeview Open the selected object view on the view frame. Args: _event: not used but mandatory """ selection = self.selection() if len(selection) == 1: item = super().onTreeviewSelect(event) if isinstance(item, str): mongoInstance = MongoCalendar.getInstance() self.saveState(mongoInstance.calendarName) if str(item) == "waves": objView = WaveView(self, self.appli.viewframe, self.appli, WaveController(Wave())) objView.openInsertWindow() elif str(item) == "commands": objView = CommandView( self, self.appli.viewframe, self.appli, CommandController( Command({"indb": mongoInstance.calendarName}))) objView.openInsertWindow() elif str(item) == "ips": objView = MultipleIpView(self, self.appli.viewframe, self.appli, IpController(Ip())) objView.openInsertWindow() elif "intervals" in str(item): wave = Wave.fetchObject({ "_id": ObjectId(IntervalView.treeviewListIdToDb(item)) }) objView = IntervalView( self, self.appli.viewframe, self.appli, IntervalController(Interval().initialize(wave.wave))) objView.openInsertWindow() elif "scopes" in str(item): wave = Wave.fetchObject( {"_id": ObjectId(ScopeView.treeviewListIdToDb(item))}) objView = MultipleScopeView( self, self.appli.viewframe, self.appli, ScopeController(Scope().initialize(wave.wave))) objView.openInsertWindow() else: self.openModifyWindowOf(item) elif len(selection) > 1: # Multi select: multiView = MultiSelectionView(self, self.appli.viewframe, self.appli) for widget in self.appli.viewframe.winfo_children(): widget.destroy() multiView.form.clear() multiView.openModifyWindow()
def Parse(self, file_opened, **_kwargs): """ Parse a opened file to extract information Args: file_opened: the open file _kwargs: not used Returns: a tuple with 4 values (All set to None if Parsing wrong file): 0. notes: notes to be inserted in tool giving direct info to pentester 1. tags: a list of tags to be added to tool 2. lvl: the level of the command executed to assign to given targets 3. targets: a list of composed keys allowing retrieve/insert from/into database targerted objects. """ tags = ["todo"] data = file_opened.read() notes = "" if data.strip() == "": return None, None, None, None else: hosts = parse_dirsearch_file(data) if not hosts.keys(): return None, None, None, None targets = {} for host in hosts: Ip().initialize(host).addInDb() for port in hosts[host]: port_o = Port() port_o.initialize(host, port, "tcp", hosts[host][port]["service"]) res, iid = port_o.addInDb() if not res: port_o = Port.fetchObject({"_id": iid}) targets[str(port_o.getId())] = { "ip": host, "port": port, "proto": "tcp"} hosts[host][port]["paths"].sort(key=lambda x: int(x[0])) results = "\n".join(hosts[host][port]["paths"]) notes += results newInfos = {} for statuscode in hosts[host][port]: if isinstance(statuscode, int): if hosts[host][port].get(statuscode, []): newInfos["Dirsearch_"+str(statuscode) ] = hosts[host][port][statuscode] newInfos["SSL"] = "True" if hosts[host][port]["service"] == "https" else "False" port_o.updateInfos(newInfos) return notes, tags, "port", targets
def Parse(self, file_opened, **_kwargs): """ Parse a opened file to extract information Args: file_opened: the open file _kwargs: not used Returns: a tuple with 4 values (All set to None if Parsing wrong file): 0. notes: notes to be inserted in tool giving direct info to pentester 1. tags: a list of tags to be added to tool 2. lvl: the level of the command executed to assign to given targets 3. targets: a list of composed keys allowing retrieve/insert from/into database targerted objects. """ notes = "" tags = ["todo"] countInserted = 0 markerSublister = "# Coded By Ahmed Aboul-Ela - @aboul3la" markerFound = False for line in file_opened: if markerSublister in line: markerFound = True if not markerFound: continue if line.startswith("\x1b[92m"): line = line[len("\x1b[92m"):] if line.endswith("\x1b[0m"): line = line[:-1 * len("\x1b[0m")] domainGroup = re.search( r"((?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9])", line.strip()) if domainGroup is not None: # a domain has been found domain = domainGroup.group(1) inserted, _ = Ip().initialize(domain).addInDb() # failed, domain is out of wave, still noting thi if not inserted: notes += domain + " exists but already added.\n" else: countInserted += 1 notes += domain + " inserted.\n" if notes.strip() == "": return None, None, None, None if not markerFound: return None, None, None, None return notes, tags, "wave", {"wave": None}
def Parse(self, file_opened, **_kwargs): """ Parse a opened file to extract information foe.test.fr. 801 IN A 18.19.20.21 blog.test.fr. 10800 IN CNAME 22.33.44.55 Args: file_opened: the open file _kwargs: not used Returns: a tuple with 4 values (All set to None if Parsing wrong file): 0. notes: notes to be inserted in tool giving direct info to pentester 1. tags: a list of tags to be added to tool 2. lvl: the level of the command executed to assign to given targets 3. targets: a list of composed keys allowing retrieve/insert from/into database targerted objects. """ notes = "" tags = [] countInserted = 0 for line in file_opened: domain, _record_type, ip = parse_crtsh_line(line) if domain is not None: # a domain has been found infosToAdd = {"hostname": ip} ip_m = Ip().initialize(domain, infos=infosToAdd) res, iid = ip_m.addInDb() # failed, domain is out of scope if not res: notes += domain + " exists but already added.\n" ip_m = Ip.fetchObject({"_id": iid}) infosToAdd = { "hostname": list(set([ip] + ip_m.infos.get("hostname", []))) } ip_m.updateInfos(infosToAdd) else: countInserted += 1 notes += domain + " inserted.\n" if notes.strip() == "": return None, None, None, None elif countInserted != 0: tags.append("todo") return notes, tags, "wave", {"wave": None}
def editScopeIPs(hostsInfos): """ Add all the ips and theirs ports found after parsing the file to the scope object in database. Args: hostsInfos: the dictionnary with ips as keys and a list of dictionnary containing ports informations as value. """ # Check if any ip has been found. if hostsInfos is not None: for infos in hostsInfos: tags = [] if infos.get("powned", False): tags.append("P0wned!") infosToAdd = {} OS = infos.get("OS", "") if OS != "": infosToAdd["OS"] = OS creds = infos.get("creds", "") if creds != "": infosToAdd["creds"] = creds powned = infos.get("powned", False) if powned: infosToAdd["powned"] = "True" ip_m = Ip().initialize(str(infos["ip"])) res, iid = ip_m.addInDb() if not res: ip_m = Ip.fetchObject({"_id": iid}) infosToAdd["hostname"] = list( set(ip_m.infos.get("hostname", []) + [infos["hostname"]])) ip_m.notes = "hostname:" + \ infos["hostname"] + "\n"+infos.get("OS", "") ip_m.tags = tags ip_m.update() port_m = Port().initialize(str(infos["ip"]), str(infos["port"]), "tcp", "netbios-ssn") res, iid = port_m.addInDb() if not res: port_m = Port.fetchObject({"_id": iid}) port_m.updateInfos(infosToAdd) port_m.tags = tags port_m.update()
def Parse(self, file_opened, **_kwargs): """ Parse a opened file to extract information Args: file_opened: the open file _kwargs: not used Returns: a tuple with 4 values (All set to None if Parsing wrong file): 0. notes: notes to be inserted in tool giving direct info to pentester 1. tags: a list of tags to be added to tool 2. lvl: the level of the command executed to assign to given targets 3. targets: a list of composed keys allowing retrieve/insert from/into database targerted objects. """ notes = file_opened.read() targets = {} tags = [] if "| http-methods:" not in notes: return None, None, None, None host, port, proto, service, risky_methods, supported_methods = parse( notes) if host == "": return None, None, None, None Ip().initialize(host).addInDb() p_o = Port().initialize(host, port, proto, service) res, iid = p_o.addInDb() if not res: p_o = Port.fetchObject({"_id": iid}) p_o.updateInfos({"Methods": ", ".join(supported_methods)}) targets[str(p_o.getId())] = {"ip": host, "port": port, "proto": proto} if "TRACE" in risky_methods: Defect().initialize(host, port, proto, "Méthode TRACE activée", "Difficile", "Important", "Important", "N/A", ["Socle"], notes="TRACE detected", proofs=[]).addInDb() risky_methods.remove("TRACE") if len(risky_methods) > 0: notes = "RISKY HTTP METHODS ALLOWED : " + " ".join(risky_methods) tags = [] tags.append("Interesting") return notes, tags, "port", targets
def Parse(self, file_opened, **_kwargs): """ Parse a opened file to extract information Args: file_opened: the open file _kwargs: not used Returns: a tuple with 4 values (All set to None if Parsing wrong file): 0. notes: notes to be inserted in tool giving direct info to pentester 1. tags: a list of tags to be added to tool 2. lvl: the level of the command executed to assign to given targets 3. targets: a list of composed keys allowing retrieve/insert from/into database targerted objects. """ tags = ["todo"] targets = {} notes = file_opened.read() if notes == "": return None, None, None, None if not notes.startswith("- Nikto v"): return None, None, None, None host, port, service, infos = parse_nikto_plain_text(notes) if host: if port: Ip().initialize(host).addInDb() p_o = Port().initialize(host, port, "tcp", service) res, iid = p_o.addInDb() if not res: p_o = Port.fetchObject({"_id": iid}) p_o.updateInfos({ "Nikto": infos, "SSL": "True" if service == "https" else "False" }) targets[str(iid)] = {"ip": host, "port": port, "proto": "tcp"} return notes, tags, "port", targets
def getIpPortsNmap(nmapFile): """ Read the given nmap .nmap file results and return a dictionnary with ips and a list of their open ports. Args: nmapFile: the path to the .nmap file generated by an nmap scan Returns: notes about inseted ip and ports """ notes = "" countOpen = 0 all_text = nmapFile.read().strip() lines = all_text.split("\n") if len(lines) <= 3: # print("Not enough lines to be nmap") return None if not lines[0].startswith("# Nmap"): # print("Not starting with # Nmap") return None if "scan initiated" not in lines[0]: # print("Not scan initiated on first line") return None if "# Nmap done at" not in lines[-1]: # print("Not # Nmap done at at the end : "+str(lines[-1])) return None ipCIDR_m = None ipDom_m = None for line in lines: # Search ip in file # match an ip ip = re.search( r"^Nmap scan report for (\S+)(?: \(((?:[0-9]{1,3}\.){3}[0-9]{1,3})\))?$", line) if ip is not None: # regex match lastIp = [ ip.group(1), ip.group(2) if ip.group(2) is not None else "" ] notes_ip = "ip:" + \ str(lastIp[1]) if lastIp[1] != "" and lastIp[1] is not None else "" ipCIDR_m = Ip().initialize(str(lastIp[0]), notes=notes_ip) if lastIp[1].strip() != "" and lastIp[1] is not None: ipDom_m = Ip().initialize(str(lastIp[1]), notes="domain:" + str(lastIp[0])) else: ipDom_m = None if " open " in line: if ipCIDR_m is None: # Probably a gnmap return None notes += line + "\n" # regex to find open ports in gnmap file port_search = re.search( r"^(\d+)\/(\S+)\s+open\s+(\S+)(?: +(.+))?$", line) if port_search is not None: port_number = str(port_search.group(1)) proto = str(port_search.group(2)) service = "unknown" if str( port_search.group(3)) == "" else str(port_search.group(3)) product = str(port_search.group(4)) # a port unique key is its protocole/number. countOpen += 1 validIps = [] if ipCIDR_m is not None: ipCIDR_m.addInDb() validIps.append(ipCIDR_m.ip) if ipDom_m is not None: res, iid = ipDom_m.addInDb() if not res: ipDom_m = Ip.fetchObject({"_id": iid}) ipDom_m.updateInfos({ "hostname": list( set( list(ipDom_m.infos.get("hostname", [])) + [str(ipCIDR_m.ip)])) }) validIps.append(ipDom_m.ip) for ipFound in validIps: if ip == "": continue port_o = Port().initialize(ipFound, port_number, proto, service, product) res_insert, iid = port_o.addInDb() if not res_insert: port_o = Port.fetchObject({"_id": iid}) port_o.service = service port_o.update() notes = str(countOpen) + " open ports found\n" + notes return notes
def Parse(self, file_opened, **_kwargs): """ Parse a opened file to extract information Args: file_opened: the open file _kwargs: not used Returns: a tuple with 4 values (All set to None if Parsing wrong file): 0. notes: notes to be inserted in tool giving direct info to pentester 1. tags: a list of tags to be added to tool 2. lvl: the level of the command executed to assign to given targets 3. targets: a list of composed keys allowing retrieve/insert from/into database targerted objects. """ notes = "" tags = [] content = file_opened.read() targets = {} try: notes_json = json.loads(content) except json.decoder.JSONDecodeError: return None, None, None, None oneScanIsValid = False for scan in notes_json: try: if scan.get('ssh_scan_version', None) is None: continue ips = [scan["hostname"], scan["ip"]] port = str(scan["port"]) for ip in ips: if ip.strip() == "": continue Ip().initialize(ip).addInDb() port_o = Port().initialize(ip, port, "tcp", "ssh") res, iid = port_o.addInDb() if not res: port_o = Port.fetchObject({"_id": iid}) notes = "\n".join(scan["compliance"].get( "recommendations", [])) targets[str(port_o.getId())] = { "ip": ip, "port": port, "proto": "tcp" } oneScanIsValid = True if "nopassword" in scan["auth_methods"]: tags = ["P0wned!"] # Will not exit if port was not ssh is_ok = scan["compliance"]["compliant"] if str(is_ok) == "False": port_o.updateInfos({"compliant": "False"}) port_o.updateInfos( {"auth_methods": scan["auth_methods"]}) Defect().initialize( ip, port, "tcp", "Défauts d’implémentation de la configuration SSH", "Très difficile", "Majeur", "Important", "N/A", ["Socle"], notes=notes, proofs=[]).addInDb() except KeyError: continue if not oneScanIsValid: return None, None, None, None return notes, tags, "port", targets
def Parse(self, file_opened, **_kwargs): """ Parse a opened file to extract information Args: file_opened: the open file _kwargs: not used Returns: a tuple with 4 values (All set to None if Parsing wrong file): 0. notes: notes to be inserted in tool giving direct info to pentester 1. tags: a list of tags to be added to tool 2. lvl: the level of the command executed to assign to given targets 3. targets: a list of composed keys allowing retrieve/insert from/into database targerted objects. """ tags = ["todo"] targets = {} notes = file_opened.read() if notes == "": return None, None, None, None try: data = json.loads(notes) except json.decoder.JSONDecodeError: return None, None, None, None regex_host = r"https?://([^\/]+)" oneValidWhatweb = False for website in data: keys = website.keys() expected_keys = [ 'target', 'http_status', 'request_config', 'plugins' ] all_keys = True for expected in expected_keys: if expected not in keys: all_keys = False break if not all_keys: continue host_port_groups = re.search(regex_host, website["target"]) if host_port_groups is None: continue host_port = host_port_groups.group(1) service = "https" if "https://" in website["target"] else "http" if len(host_port.split(":")) == 2: port = host_port.split(":")[1] host = host_port.split(":")[0] else: host = host_port port = "443" if "https://" in website["target"] else "80" Ip().initialize(host).addInDb() p_o = Port().initialize(host, port, "tcp", service) inserted, iid = p_o.addInDb() if not inserted: p_o = Port.fetchObject({"_id": iid}) infosToAdd = {"URL": website["target"]} for plugin in website.get("plugins", {}): item = website["plugins"][plugin].get("string") if isinstance(item, list): if item: infosToAdd[plugin] = item else: item = str(item) if item != "": infosToAdd[plugin] = item p_o.updateInfos(infosToAdd) targets[str(p_o.getId())] = { "ip": host, "port": port, "proto": "tcp" } oneValidWhatweb = True if not oneValidWhatweb: return None, None, None, None return notes, tags, "port", targets
def parseWarnings(file_opened): """ Parse the result of a testssl json output file Args: file_opened: the opened file reference Returns: Returns a tuple with (None values if not matching a testssl output): - a list of string for each testssl NOT ok, WARN, or MEDIUM warnings - a dict of targeted objects with database id as key and a unique key as a mongo search pipeline ({}) """ targets = {} missconfiguredHosts = {} firstLine = True for line in file_opened: if firstLine: if line.strip() != '"id", "fqdn/ip", "port", "severity", "finding", "cve", "cwe"' and \ line.strip() != '"id","fqdn/ip","port","severity","finding","cve","cwe"': return None, None firstLine = False continue # Search ip in file warn = re.search( r"^\"[^\"]*\", ?\"([^\"]*)\", ?\"([^\"]*)\", ?\"(OK|INFO|NOT ok|WARN|LOW|MEDIUM|HIGH|CRITICAL)\", ?\"[^\"]*\", ?\"[^\"]*\", ?\"[^\"]*\"$", line) if warn is not None: ip = warn.group(1) domain = None port = warn.group(2) notes = warn.group(3) if "/" in ip: domain = ip.split("/")[0] ip = "/".join(ip.split("/")[1:]) Ip().initialize(domain).addInDb() Port().initialize(domain, port, "tcp", "ssl").addInDb() Ip().initialize(ip).addInDb() Port().initialize(ip, port, "tcp", "ssl").addInDb() if notes not in ["OK", "INFO"]: missconfiguredHosts[ip] = missconfiguredHosts.get(ip, {}) missconfiguredHosts[ip][port] = missconfiguredHosts[ip].get( port, []) missconfiguredHosts[ip][port].append(notes + " : " + line) if domain is not None: missconfiguredHosts[domain] = missconfiguredHosts.get( domain, {}) missconfiguredHosts[domain][port] = missconfiguredHosts[ domain].get(port, []) missconfiguredHosts[domain][port].append(notes + " : " + line) for ip in missconfiguredHosts.keys(): for port in missconfiguredHosts[ip].keys(): p_o = Port.fetchObject({"ip": ip, "port": port, "proto": "tcp"}) targets[str(p_o.getId())] = { "ip": ip, "port": port, "proto": "tcp" } missconfiguredHosts[ip][port].sort() notes = "\n".join(missconfiguredHosts[ip][port]) res, _ = Defect().initialize(ip, port, "tcp", "Défauts d'implémentation du SSL/TLS", "Très difficile", "Majeur", "Important", "N/A", ["Socle"], notes=notes, proofs=[]).addInDb() if not res: p_o.updateInfos({"compliant": "False"}) defect_o = Defect.fetchObject({ "ip": ip, "title": "Défauts d'implémentation du SSL/TLS", "port": port, "proto": "tcp" }) defect_o.notes += notes defect_o.update() if firstLine: return None, None return str(len(missconfiguredHosts.keys()) ) + " misconfigured hosts found. Defects created.", targets
def smbmap_format(smbmap_output): """Parse raw smbmap file Args: smbmap_output: raw smbmap file content Returns: A tuple with values: 0. a string formated where each line are : fullpath permissions date 1. a list of interesting name file found 2. targets as described in Parse """ targets = {} regex_only_match_serv = re.compile( r"^\[\+\] IP: ([^:\s]+)(?::\d+)?\sName: \S+\s+$") # group 1 = SHARE NAME group 2 = PERMISSIONS regex_only_match_share_header = re.compile(r"^\t(\S+)\s+([A-Z , ]+)$") # group 1 = directory full path regex_only_match_dir = re.compile(r"^\t(\S+)$") # group 1 = d ou -, group 2 = permissions, group 3 = date, group 4 = filename regex_only_match_files = re.compile( r"^\s+([d-])([xrw-]{9})\s+([^\t]+)\t(.+)$") ret = "" interesting_files = {} interesting_name_list = [ "passwd", "password", "pwd", "mot_de_passe", "motdepasse", "auth", "creds", "confidentiel", "confidential", "backup", ".xml", ".conf", ".cfg", "unattended" ] current_serv = "" current_share = "" current_dir = "" ip_states = [] lines = smbmap_output.split("\n") for line in lines: result = regex_only_match_serv.match(line) if result is not None: ip = str(result.group(1)) current_serv = ip if ip not in ip_states: ip_o = Ip().initialize(ip) ip_o.addInDb() Port().initialize(ip, "445", "tcp", "samba").addInDb() targets[str(ip_o.getId())] = { "ip": ip, "port": "445", "proto": "tcp" } ip_states.append(ip) continue result = regex_only_match_share_header.match(line) if result is not None: share_name = str(result.group(1)) permissions = str(result.group(2)) current_share = share_name continue result = regex_only_match_dir.match(line) if result is not None: dir_path = str(result.group(1)) current_dir = dir_path continue result = regex_only_match_files.match(line) if result is not None: # isDirectory = (str(result.group(1)) == "d") permissions = str(result.group(2)) date = str(result.group(3)) file_name = str(result.group(4)) fullpath = "\\\\"+current_serv+"\\" + \ current_share+current_dir[1:]+file_name for interesting_names in interesting_name_list: if interesting_names.lower() in file_name.lower(): interesting_files[ "Shared " + interesting_names] = interesting_files.get( "Shared " + interesting_names, []) interesting_files["Shared " + interesting_names].append(fullpath + "\t" + permissions + "\t" + date) ret += fullpath + "\t" + permissions + "\t" + date + "\n" continue return ret, interesting_files, targets
def notify(self, db, collection, iid, action, _parent): """ Callback for the observer implemented in mongo.py. Each time an object is inserted, updated or deleted the standard way, this function will be called. Args: collection: the collection that has been modified iid: the mongo ObjectId _id that was modified/inserted/deleted action: string "update" or "insert" or "delete". It was the action performed on the iid _parent: Not used. the mongo ObjectId of the parent. Only if action in an insert. Not used anymore """ mongoInstance = MongoCalendar.getInstance() if not mongoInstance.hasACalendarOpen(): return if mongoInstance.calendarName != db: return # Delete if action == "delete": if collection == "defects": view = self.getViewFromId(str(iid)) if view is not None: view.beforeDelete() self.appli.statusbar.notify([],view.controller.getTags()) try: self.delete(ObjectId(iid)) except tk.TclError: pass # item was not inserted in the treeview # Insert if action == "insert": view = None res = mongoInstance.find(collection, {"_id": ObjectId(iid)}, False) if collection == "tools": view = ToolView(self, self.appli.viewframe, self.appli, ToolController(Tool(res))) elif collection == "waves": view = WaveView(self, self.appli.viewframe, self.appli, WaveController(Wave(res))) elif collection == "scopes": view = ScopeView(self, self.appli.viewframe, self.appli, ScopeController(Scope(res))) elif collection == "ports": view = PortView(self, self.appli.viewframe, self.appli, PortController(Port(res))) elif collection == "ips": view = IpView(self, self.appli.viewframe, self.appli, IpController(Ip(res))) elif collection == "intervals": view = IntervalView(self, self.appli.viewframe, self.appli, IntervalController(Interval(res))) elif collection == "defects": view = DefectView(self, self.appli.viewframe, self.appli, DefectController(Defect(res))) try: if view is not None: view.addInTreeview() view.insertReceived() self.appli.statusbar.notify(view.controller.getTags()) except tk.TclError: pass if action == "update": try: view = self.getViewFromId(str(iid)) if view is not None: oldTags = self.item(str(iid))["tags"] view.controller.actualize() self.appli.statusbar.notify(view.controller.getTags(), oldTags) self.item(str(iid), text=str( view.controller.getModelRepr()), image=view.getIcon()) except tk.TclError: if view is not None: view.addInTreeview() if str(self.appli.openedViewFrameId) == str(iid): for widget in self.appli.viewframe.winfo_children(): widget.destroy() view.openModifyWindow() if view is not None: view.updateReceived() self.appli.statusbar.update()
def Parse(self, file_opened, **_kwargs): """ Parse a opened file to extract information Example: [ { "arguments": "./dnsrecon.py -r 10.0.0.0/24 -j /home/barre/test.json", "date": "2020-01-06 11:43:37.701513", "type": "ScanInfo" }, { "address": "10.0.0.1", "name": "_gateway", "type": "PTR" }, { "address": "10.0.0.77", "name": "barre-ThinkPad-E480", "type": "PTR" }, { "address": "10.0.0.77", "name": "barre-ThinkPad-E480.local", "type": "PTR" } ] Args: file_opened: the open file _kwargs: not used Returns: a tuple with 4 values (All set to None if Parsing wrong file): 0. notes: notes to be inserted in tool giving direct info to pentester 1. tags: a list of tags to be added to tool 2. lvl: the level of the command executed to assign to given targets 3. targets: a list of composed keys allowing retrieve/insert from/into database targerted objects. """ notes = "" tags = [] countInserted = 0 try: dnsrecon_content = json.loads(file_opened.read()) except json.decoder.JSONDecodeError: return None, None, None, None if len(dnsrecon_content) == 0: return None, None, None, None if not isinstance(dnsrecon_content[0], dict): return None, None, None, None if dnsrecon_content[0].get("type", "") != "ScanInfo": return None, None, None, None if dnsrecon_content[0].get("date", "") == "": return None, None, None, None for record in dnsrecon_content[1:]: ip = record["address"] name = record["name"] infosToAdd = {"hostname": name} ip_m = Ip().initialize(ip, infos=infosToAdd) res, iid = ip_m.addInDb() infosToAdd = {"ip": ip} ip_m = Ip().initialize(name, infos=infosToAdd) res, iid = ip_m.addInDb() # failed, domain is out of scope if not res: notes += name + " exists but already added.\n" ip_m = Ip.fetchObject({"_id": iid}) infosToAdd = {"ip": list(set([ip] + ip_m.infos.get("ip", [])))} ip_m.updateInfos(infosToAdd) else: countInserted += 1 notes += name + " inserted.\n" return notes, tags, "wave", {"wave": None}