コード例 #1
0
def main(argv):
    config_read = None
    config_write = None
    target_url = None

    try:
        opts, args = getopt.getopt(argv, "t:c:g:dh")
    except getopt.GetoptError:
        usage()
        sys.exit(StatusCode.other)

    for opt, arg in opts:
        if opt == '-t':
            target_url = arg
        elif opt == '-c':
            config_read = arg
        elif opt == '-g':
            config_write = arg
        elif opt == '-d':
            logging.getLogger().setLevel(logging.DEBUG)
        elif opt == '-h':
            usage()
            sys.exit(StatusCode.success)

    # Init
    zap = shared.init_zap()

    # Only want to generate the config template?
    if config_write is not None:
        shared.write_config_file(config_write, zap)
        sys.exit(StatusCode.success)

    # Read user-defined rules for tagging scan results
    config_dict = shared.read_config_file(
        config_read) if config_read is not None else {}

    # Setup session context + auth
    target_url = normalize_input_url(target_url)
    clean_zap_session(zap, target_url, config_dict)
コード例 #2
0
def main(argv):
	config_read = None
	config_write = None
	target_url = None

	try:
		opts, args = getopt.getopt(argv,"t:c:g:dh")
	except getopt.GetoptError:
		usage()
		sys.exit(StatusCode.other)

	for opt, arg in opts:
		if opt == '-t':
			target_url = arg
		elif opt == '-c':
			config_read = arg
		elif opt == '-g':
			config_write = arg
		elif opt == '-d':
			logging.getLogger().setLevel(logging.DEBUG)
		elif opt == '-h':
			usage()
			sys.exit(StatusCode.success)

	# Init
	zap = shared.init_zap()

	# Only want to generate the config template?
	if config_write is not None:
		shared.write_config_file(config_write, zap)
		sys.exit(StatusCode.success)

	# Read user-defined rules for tagging scan results
	config_dict = shared.read_config_file(config_read) if config_read is not None else {}

	# Setup session context + auth
	target_url = normalize_input_url(target_url)
	clean_zap_session(zap, target_url, config_dict)
コード例 #3
0
ファイル: scan.py プロジェクト: thc202/community-scripts
def main(argv):
	config_read = None
	config_write = None
	report_jira = False
	ctx_targets = None

	try:
		opts, args = getopt.getopt(argv,"x:c:g:rdh")
	except getopt.GetoptError:
		usage()
		sys.exit(StatusCode.other)

	for opt, arg in opts:
		if opt == '-x':
			ctx_targets = arg
		elif opt == '-c':
			config_read = arg
		elif opt == '-g':
			config_write = arg
		elif opt == '-d':
			logging.getLogger().setLevel(logging.DEBUG)
		elif opt == '-r':
			report_jira = True
		elif opt == '-h':
			usage()
			sys.exit(StatusCode.success)

	# Init
	zap = shared.init_zap()

	# Only want to generate the config template?
	if config_write is not None:
		shared.write_config_file(config_write, zap)
		sys.exit(StatusCode.success)

	# Read user-defined rules for tagging scan results
	config_dict = shared.read_config_file(config_read) if config_read is not None else {}

	# >>>>>>>>>> DEBUG:
	# zap.urlopen("http://example.com")
	# zap.core.access_url(target, True) <- doesn't use zap proxy ?
	# <<<<<<<<<< END DEBUG

	# Scanning contexts, + auth setup
	ctx_id, ctx_name = setup_zap_session_context(zap, ctx_targets)
	user_id = setup_new_user(zap, ctx_id)

	# Spider - Crawl links on webpages that we've accessed before
	# Although, our original proxy traffic might be sufficient
	if(ctx_targets is not None):
		spider(zap, config.max_duration, ctx_id, ctx_name, user_id)

	# Passive scan (wait to finish)
	passive_scan(zap)

	# Active scan all domains
	active_scan_all(zap, config.max_duration, ctx_id, user_id)

	if (len(zap.core.urls) == 0):
		logging.warning('No URLs found - is the target accessible?')
	else:
		status_code, report_string = report_results(zap, config_dict)
		if(report_jira):
			create_jira_report(zap.core.htmlreport(), status_code == StatusCode.fail, report_string)
		sys.exit(status_code)

	sys.exit(StatusCode.other)
コード例 #4
0
def main(argv):
	config_read = None
	config_write = None
	report_jira = False
	ctx_targets = None

	try:
		opts, args = getopt.getopt(argv,"x:c:g:rdh")
	except getopt.GetoptError:
		usage()
		sys.exit(StatusCode.other)

	for opt, arg in opts:
		if opt == '-x':
			ctx_targets = arg
		elif opt == '-c':
			config_read = arg
		elif opt == '-g':
			config_write = arg
		elif opt == '-d':
			logging.getLogger().setLevel(logging.DEBUG)
		elif opt == '-r':
			report_jira = True
		elif opt == '-h':
			usage()
			sys.exit(StatusCode.success)

	# Init
	zap = shared.init_zap()

	# Only want to generate the config template?
	if config_write is not None:
		shared.write_config_file(config_write, zap)
		sys.exit(StatusCode.success)

	# Read user-defined rules for tagging scan results
	config_dict = shared.read_config_file(config_read) if config_read is not None else {}

	# >>>>>>>>>> DEBUG:
	# zap.urlopen("http://example.com")
	# zap.core.access_url(target, True) <- doesn't use zap proxy ?
	# <<<<<<<<<< END DEBUG

	# Scanning contexts, + auth setup
	ctx_id, ctx_name = setup_zap_session_context(zap, ctx_targets)
	user_id = setup_new_user(zap, ctx_id)

	# Spider - Crawl links on webpages that we've accessed before
	# Although, our original proxy traffic might be sufficient
	if(ctx_targets is not None):
		spider(zap, config.max_duration, ctx_id, ctx_name, user_id)

	# Passive scan (wait to finish)
	passive_scan(zap)

	# Active scan all domains
	active_scan_all(zap, config.max_duration, ctx_id, user_id)

	if (len(zap.core.urls) == 0):
		logging.warning('No URLs found - is the target accessible?')
	else:
		status_code, report_string = report_results(zap, config_dict)
		if(report_jira):
			create_jira_report(zap.core.htmlreport(), status_code == StatusCode.fail, report_string)
		sys.exit(status_code)

	sys.exit(StatusCode.other)