def parseOutputString(self, output): parser = NipperParser(output, debug=False) for vuln in parser.vulns_first: for device in vuln.affected_devices: ip = resolve_hostname(device) h_id = self.createAndAddHost(ip, hostnames = device) self.createAndAddVulnToHost(h_id, name = vuln.name, desc = vuln.data, severity = vuln.rating, resolution = vuln.recommendation, data = vuln.data, ref = [], policyviolations = [] ) for vuln in parser.vulns_audit: if vuln.data: ip = resolve_hostname(device) h_id = self.createAndAddHost(ip, hostnames = vuln.device) self.createAndAddVulnToHost(h_id, name = vuln.name, desc = vuln.data, severity = '', resolution = '', data = vuln.data, ref = vuln.refs )
def parseOutputString(self, output): """ This method will discard the output the shell sends, it will read it from the xml where it expects it to be present. """ parser = ArachniXmlParser(output) # Check xml parsed ok... if not parser.system: return self.hostname = self.getHostname(parser.system.url) if parser.plugins.ip: self.address = resolve_hostname(parser.plugins.ip) else: self.address = resolve_hostname(self.hostname) # Create host and interface host_id = self.createAndAddHost(self.address, hostnames=[self.hostname]) # Create service service_id = self.createAndAddServiceToHost(host_id, self.protocol, 'tcp', ports=[self.port], status='open', version='', description='') # Create issues. for issue in parser.issues: description = str(issue.description) resol = str(issue.remedy_guidance) references = issue.references if issue.cwe != 'None': references.append('CWE-' + str(issue.cwe)) if resol == 'None': resol = '' self.createAndAddVulnWebToService(host_id, service_id, name=issue.name, desc=description, resolution=resol, ref=references, severity=issue.severity, website=self.hostname, path=issue.url, method=issue.method, pname=issue.var, params=issue.parameters, request=issue.request, response=issue.response) return
def parseOutputString(self, output): parser = NetsparkerXmlParser(output) first = True for i in parser.items: if first: ip = resolve_hostname(i.hostname) h_id = self.createAndAddHost(ip, hostnames=[ip]) s_id = self.createAndAddServiceToHost(h_id, str(i.port), protocol = str(i.protocol), ports=[str(i.port)], status="open") first = False if i.resolution is not None: resolution = BeautifulSoup(i.resolution, "lxml").text else: resolution = "" if i.desc is not None: desc = BeautifulSoup(i.desc, "lxml").text else: desc = "" if i.name_title is None: name = i.name else: name = i.name_title v_id = self.createAndAddVulnWebToService(h_id, s_id, name, ref=i.ref, website=i.hostname, severity=i.severity, desc=desc, path=i.url, method=i.method, request=i.request, response=i.response, resolution=resolution, pname=i.param, data=i.data) del parser
def parseOutputString(self, output): parser = ReconngParser(output) for host in parser.hosts: h_id = self.createAndAddHost( host['ip'], hostnames=[host['host']] ) self.host_mapper[host['host']] = h_id for vuln in parser.vulns: if vuln['host'] not in list(self.host_mapper.keys()): ip = resolve_hostname(vuln['host']) h_id = self.createAndAddHost( ip, hostnames=[vuln['host']] ) self.host_mapper[vuln['host']] = h_id else: h_id = self.host_mapper[vuln['host']] self.createAndAddVulnToHost( name='Recon-ng found: ' + vuln['category'] + ' vulnerability', desc='Found by module: ' + vuln['module'], severity=vuln['severity'], ref=[vuln['reference']], host_id=h_id, data=vuln['example'] )
def parseOutputString(self, output): parser = NetsparkerCloudXmlParser(output) first = True for i in parser.items: if first: ip = resolve_hostname(i.hostname) h_id = self.createAndAddHost(ip, hostnames=[i.hostname]) s_id = self.createAndAddServiceToHost(h_id, i.protocol, ports=[i.port], status="open") first = False v_id = self.createAndAddVulnWebToService(h_id, s_id, i.name, ref=i.ref, website=i.hostname, severity=i.severity, desc=i.desc, path=i.url.path, method=i.method, request=i.request, response=i.response, resolution=i.resolution, pname=i.param) del parser
def parseOutputString(self, output): # Find data path data_path_search = re.search(r"in '(.*)\/'", output) print(data_path_search) if not data_path_search: # No data path found return True # Parse "peepingtom.html" report and extract results data_path = data_path_search.groups()[0] html = open(path.join(self._path, data_path, "peepingtom.html")).read() for url in re.findall(r'href=[\'"]?([^\'" >]+)', html): if "://" in url: url_parsed = urlparse(url) address = resolve_hostname(url_parsed.netloc) host = self.createAndAddHost(address) service = self.createAndAddServiceToHost(host, "http", protocol="tcp", ports=[80]) self.createAndAddNoteToService( host, service, 'screenshot', path.join( self._path, data_path_search.groups()[0], "{}.png".format(url.replace( "://", "").replace("/", "").replace(".", "")) ) ) return True
def __init__(self, output): lists = output.split("\n") self.items = [] for line in lists: mregex = re.search("WARN: ([\w\.]+) ([\w]+) ([\w\.]+):", line) if mregex is not None: item = { 'host': mregex.group(1), 'ip': mregex.group(3), 'type': mregex.group(2)} self.items.append(item) mregex = re.search( "Getting zone transfer of ([\w\.]+) from ([\w\.]+)\.\.\.done\.", line) if mregex is not None: ip = resolve_hostname(mregex.group(2)) item = { 'host': mregex.group(1), 'ip': ip, 'type': 'info'} self.items.append(item)
def parseOutputString(self, output): parser = W3afXmlParser(output) ip = resolve_hostname(parser.host) h_id = self.createAndAddHost(ip, hostnames=[parser.host]) s_id = self.createAndAddServiceToHost(h_id, "http", "tcp", ports=[parser.port], status="open") for item in parser.items: self.createAndAddVulnWebToService(h_id, s_id, item.name, item.detail, pname=item.param, data=item.longdetail, path=item.url, website=parser.host, severity=item.severity, method=item.method, request=item.req, resolution=item.resolution, ref=item.ref, response=item.resp) del parser
def getIP(self, host): try: ip = resolve_hostname(host) except Exception: pass return ip
def resolveNS(self, item, items): try: item['hosts'][0] = item['ip'] item['ip'] = resolve_hostname(item['ip']) except: pass return item
def parseOutputString(self, output, debug=False): parser = NucleiJsonParser(output) matched_list = [] matched_json = {} for vuln in parser.list_to_vulns: if vuln != '': json_vuln = json.loads(vuln) matched = json_vuln.get('matched', None) if matched is not None: url_parser = urlparse(matched) url_scheme = f'{url_parser.scheme}://{url_parser.hostname}' if url_scheme in matched_list: matched_json[url_scheme].append(json_vuln) else: matched_list.append(url_scheme) matched_json[url_scheme] = [json_vuln] for url in matched_list: url_data = urlparse(url) url_name = url_data.hostname url_protocol = url_data.scheme ip = resolve_hostname(url_name) host_id = self.createAndAddHost(name=ip, hostnames=[url_name]) port = 80 if url_parser.scheme == 'https': port = 443 service_id = self.createAndAddServiceToHost(host_id, name=url_parser.scheme, ports=port, protocol="tcp", status='open', version='', description='') for info_vuln in matched_json[url]: desc = f'{info_vuln.get("template", None)} - {info_vuln.get("author", None)}' if info_vuln.get("author", None): ref = [f"author: {info_vuln.get('author', None)}"] else: ref = None self.createAndAddVulnWebToService( host_id, service_id, name=info_vuln.get('template', ""), desc=info_vuln.get('description', info_vuln.get('name', None)), ref=ref, severity=info_vuln.get('severity', ""), website=url, request=info_vuln.get('request', None), response=info_vuln.get('response', None), method=info_vuln.get('type', None), data=info_vuln.get('matcher_name', info_vuln.get('name', None)), external_id=info_vuln.get('template', ""))
def parseOutputString(self, output): matches = re.findall("Name Server:\s*(.*)\s*", output) if not matches: matches = re.findall("nserver:\s*(.*)\s*", output) if not matches: ip = re.findall(r'[0-9]+(?:\.[0-9]+){3}', self.command_string) if not ip: url = self.command_string.replace('whois ', '') ip = [resolve_hostname(url)] matches_descr = re.findall("descr:\s*(.*)\s*", output) matches_netname = re.findall("NetName:\s*(.*)\s*", output) if not matches_netname: matches_netname = re.findall("netname:\s*(.*)\s*", output) matches_ref = re.findall("Ref:\s*(.*)\s*", output) desc = "" ref = [] os_name = "unknown" for md in matches_descr: desc = md.strip() for mr in matches_ref: ref.append(mr.strip()) for osname in matches_netname: os_name = osname.strip() self.createAndAddHost(ip[0], os_name, hostnames=[ref], description=desc) else: for m in matches: m = m.strip() url = re.findall(r'https?://[^\s<>"]+|.[^\s<>"]+', str(m)) ip = resolve_hostname(url[0]) self.createAndAddHost(ip, hostnames=[m]) matches_domain = re.findall("Domain Name:\s*(.*)\s*", output) for md in matches_domain: md = md.strip() ip = resolve_hostname(md) self.createAndAddHost(ip, hostnames=[md]) return True
def parseOutputString(self, output): """ This method will discard the output the shell sends, it will read it from the xml where it expects it to be present. NOTE: if 'debug' is true then it is being run from a test case and the output being sent is valid. """ if not os.path.isdir(self._output_file_path): return False p = SkipfishParser(self._output_file_path) hostc = {} for issue in p.issues: for sample in issue["samples"]: if not sample["url"] in hostc: reg = re.search( "(http|https|ftp)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&%\$\-]+)*@)*((25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[0-9])|localhost|([a-zA-Z0-9\-]+\.)*[a-zA-Z0-9\-]+\.(com|edu|gov|int|mil|net|org|biz|arpa|info|name|pro|aero|coop|museum|[a-zA-Z]{2}))[\:]*([0-9]+)*([/]*($|[a-zA-Z0-9\.\,\?\'\\\+&%\$#\=~_\-]+)).*?$", sample["url"]) protocol = reg.group(1) host = reg.group(4) if reg.group(11) is not None: port = reg.group(11) else: port = 443 if protocol == "https" else 80 ip = resolve_hostname(host) h_id = self.createAndAddHost(ip, hostnames=[host]) s_id = self.createAndAddServiceToHost(h_id, "http", "tcp", ports=[port], status="open") hostc[sample["url"]] = { 'h_id': h_id, 'ip': ip, 'port': port, 'host': host, 'protocol': protocol, 's_id': s_id } d = hostc[sample["url"]] self.createAndAddVulnWebToService( d['h_id'], d['s_id'], name=p.err_msg[str(issue["type"])], desc="Extra: " + sample["extra"], website=d['host'], path=sample["url"], severity=issue["severity"])
def resolveCNAME(self, item, items): for i in items: if (item['ip'] in i['hosts']): item['ip'] = i['ip'] return item try: item['ip'] = resolve_hostname(item['ip']) except: pass return item
def __init__(self, item_node): self.node = item_node self.url = self.get_url(item_node) if self.url.hostname is not None: self.ip = resolve_hostname(self.url.hostname) else: self.ip = '0.0.0.0' self.hostname = self.url.hostname self.port = self.get_port(self.url) self.scheme = self.url.scheme self.vulns = self.get_vulns(item_node)
def __init__(self, item_node): self.node = item_node self.host = self.node.get('host') self.ip = resolve_hostname(self.host) self.port = self.node.get('port') self.items = [] for alert in self.node.findall('alerts/alertitem'): self.items.append(Item(alert))
def parseOutputString(self, output): host_info = re.search(r"Connected to (.+)\.", output) hostname = host_info.group(1) ip_address = resolve_hostname(hostname) if host_info is not None: h_id = self.createAndAddHost(ip_address, hostnames=[hostname]) s_id = self.createAndAddServiceToHost(h_id, self._port, "tcp", ports=[self._port], status="open") return True
def __init__(self, output, goohost_scantype): self.items = [] lines = list(filter(None, output.split('\n'))) for line in lines: if goohost_scantype == 'ip': data = line.split() item = {'host': data[0], 'ip': data[1]} self.add_host_info_to_items(item['ip'], item['host']) elif goohost_scantype == 'host': data = line.strip() item = {'host': data, 'ip': resolve_hostname(data)} self.add_host_info_to_items(item['ip'], item['host']) else: item = {'data': line}
def parseOutputString(self, output): host_info = re.search(r"Connected to (.+)\.", output) banner = re.search("220?([\w\W]+)$", output) if re.search("Connection timed out", output) is None and host_info is not None: hostname = host_info.group(1) ip_address = resolve_hostname(hostname) self._version = banner.groups(0) if banner else "" h_id = self.createAndAddHost(ip_address, hostnames=[hostname]) s_id = self.createAndAddServiceToHost(h_id, "ftp", "tcp", ports=[self._port], status="open") return True
def __init__(self, xml_output): self.srv = { 'ftp': '21', 'http': '80', 'imap': '143', 'mssql': '1433', 'mysql': '3306', 'ncp': '524', 'nntp': '119', 'pcanywhere': '5631', 'pop3': '110', 'postgres': '5432', 'rexec': '512', 'rlogin': '******', 'rsh': '514', 'smbnt': 'smbnt', 'smtp': '25', 'smtp-vrfy': 'smtp-vrfy', 'snmp': '161', 'ssh': '22', 'svn': '3690', 'telnet': '23', 'vmauthd': 'vmauthd', 'vnc': '5900', 'web-form': 'web-form', 'wrapper': 'wrapper' } lines = xml_output.splitlines() self.items = [] for line in lines: reg = re.search( "ACCOUNT FOUND: \[([^$]+)\] Host: ([^$]+) User: ([^$]+) Password: ([^$]+) \[SUCCESS\]", line) if reg: item = { 'service': reg.group(1), 'host': reg.group(2), 'user': reg.group(3), 'pass': reg.group(4) } item['ip'] = resolve_hostname(item['host']) item['port'] = self.srv[item['service']] self.items.append(item)
def __init__(self, item_node): self.node = item_node url_data = self.get_url(self.node) self.protocol = url_data.scheme if url_data.hostname: self.host = url_data.hostname else: self.host = None # Use the port in the URL if it is defined, or 80 or 443 by default self.port = url_data.port or (443 if url_data.scheme == "https" else 80) self.ip = resolve_hostname(self.host) self.os = self.get_text_from_subnode('Os') self.banner = self.get_text_from_subnode('Banner') self.items = [] for alert in self.node.findall('ReportItems/ReportItem'): self.items.append(Item(alert))
def parseOutputString(self, output): """ This method will discard the output the shell sends, it will read it from the xml where it expects it to be present. NOTE: if 'debug' is true then it is being run from a test case and the output being sent is valid. """ parser = HydraParser(output) hosts = defaultdict(list) service = '' port = '' for item in parser.items: service = item['plugin'] port = item['port'] hosts[item['ip']].append([item['login'], item['password']]) for k, v in hosts.items(): ip = resolve_hostname(k) if ip != k: hostnames = [k] else: hostnames = None h_id = self.createAndAddHost(ip, hostnames=hostnames) s_id = self.createAndAddServiceToHost(h_id, service, ports=[port], protocol="tcp", status="open") for cred in v: self.createAndAddCredToService(h_id, s_id, cred[0], cred[1]) self.createAndAddVulnToService( h_id, s_id, "Weak Credentials", "[hydra found the following credentials]\nuser:%s\npass:%s" % (cred[0], cred[1]), severity="high") del parser
def parse_json(self, contents): try: data = json.loads(contents) except ValueError: self.logger.error( 'Error parsing report. Make sure the file has valid ' 'JSON', 'ERROR') return for (base_url, items) in data.items(): base_split = urlparse.urlsplit(base_url) ip = resolve_hostname(base_split.hostname) h_id = self.createAndAddHost(ip, hostnames=[base_split.hostname]) s_id = self.createAndAddServiceToHost(h_id, base_split.scheme, 'tcp', [base_split.port], status="open") for item in items: self.parse_found_url(base_url, h_id, s_id, item)
def get_host(self, server_location): port = server_location.get('port', None) hostname = server_location.get('hostname', None) ip = server_location.get('ip_address', resolve_hostname(hostname)) if port != 443: url = f"https://{hostname}:{port}" else: url = f"https://{hostname}" json_host = { "name": 'https', "ip": ip, "hostname": hostname, "port": port, "protocol": 'tcp', "url": url } return json_host
def parseOutputString(self, output): parametro = [] lineas = output.split("\n") aux = 0 for linea in lineas: if not linea: continue linea = linea.lower() if ((linea.find("target:") > 0)): url = re.findall('(?:[-\w.]|(?:%[\da-fA-F]{2}))+', linea) address = resolve_hostname(url[3]) host_id = self.createAndAddHost(address, hostnames=url[3]) if ((linea.find("method") > 0)): list_a = re.findall("\w+", linea) metodo = list_a[1] if ((linea.find("query string:") > 0)): lista_parametros = linea.split('=') aux = len(lista_parametros) if ((linea.find("param:") > 0)): list2 = re.findall("\w+", linea) parametro.append(list2[1]) service_id = self.createAndAddServiceToHost(host_id, self.protocol, 'tcp', ports=['80'], status='Open', version="", description="") if aux != 0: self.createAndAddVulnWebToService(host_id, service_id, name="xss", desc="XSS", ref='', severity='med', website=url[0], path='', method=metodo, pname='', params=''.join(parametro), request='', response='')
def parseOutputString(self, output): parser = AppScanParser(output) scan_type = parser.scan_type if scan_type == 'DAST': for issue in parser.issues: host = issue.pop("host") port = issue.pop("port") service_name = issue.pop("service_name") ip = resolve_hostname(host) host_os = issue.pop("os") host_id = self.createAndAddHost(ip, hostnames=host, os=host_os) service_id = self.createAndAddServiceToHost(host_id, service_name, ports=port) self.createAndAddVulnWebToService(host_id=host_id, service_id=service_id, **issue) elif scan_type == 'SAST': for issue in parser.issues: source_file = issue.pop('source_file') host_id = self.createAndAddHost(source_file) self.createAndAddVulnToHost(host_id=host_id, **issue)
def parseOutputString(self, output): lineas = output.split("\n") parametro = [] found_vuln = False for linea in lineas: if linea.find("is available! Good!") > 0: url = re.findall('(?:[-\w.]|(?:%[\da-fA-F]{2}))+', linea)[0] port = 80 if urlparse(url).scheme == 'https': port = 443 netloc_splitted = urlparse(url).netloc.split(':') if len(netloc_splitted) > 1: port = netloc_splitted[1] if linea.find("Vulnerable") > 0 and "No" not in linea: vuln_list = re.findall("\w+", linea) if vuln_list[2] == "Vulnerable": parametro.append(vuln_list[1]) found_vuln = len(parametro) > 0 address = resolve_hostname(url) host_id = self.createAndAddHost(url, hostnames=[url]) service_id = self.createAndAddServiceToHost(host_id, self.protocol, 'tcp', ports=[port], status='Open', version="", description="") if found_vuln: self.createAndAddVulnWebToService(host_id, service_id, name="xss", desc="XSS", ref='', severity='med', website=url, path='', method='', pname='', params=''.join(parametro), request='', response='')
def parseOutputString(self, output): try: parser = CobaltParser(output) except: print("Error parser output") return None for row in parser.rows: url = row['BrowserUrl'] if not url: continue url_data = urlparse(url) scheme = url_data.scheme port = url_data.port try: run_date = dateutil.parser.parse(row['CreatedAt']) except: run_date = None if url_data.port is None: if scheme == 'https': port = 443 elif scheme == 'http': port = 80 else: port = url_data.port name = resolve_hostname(url_data.netloc) references = [] if row['RefKey']: references.append(row['RefKey']) if row['ResearcherUrl']: references.append(row['ResearcherUrl']) references.append(row['ReportUrl']) request = row['HttpRequest'] if row['HttpRequest'] else row['BrowserUrl'] h_id = self.createAndAddHost(name=name, hostnames=[url_data.netloc]) s_id = self.createAndAddServiceToHost(h_id, scheme, "tcp", ports=port, status="open") self.createAndAddVulnWebToService(h_id, s_id, name=row['Title'], desc=row['Description'], ref=references, resolution=row['SuggestedFix'], website=url_data.netloc, request=request, pname=url_data.params, category=row['Type'], path=url_data.path, data=row['StepsToReproduce'], external_id=row['Tag'], run_date=run_date)
def getIpAndId(self, node): # Find node ID and maltego entity node_id = node.get("id") entity = node.find( "{http://graphml.graphdrawing.org/xmlns}data/" "{http://maltego.paterva.com/xml/mtgx}MaltegoEntity") # Check if is IPv4Address if entity.get("type") not in ("maltego.IPv4Address", "maltego.Domain", "maltego.Website"): return None # Get IP value value = entity.find( "{http://maltego.paterva.com/xml/mtgx}Properties/" "{http://maltego.paterva.com/xml/mtgx}Property/" "{http://maltego.paterva.com/xml/mtgx}Value") if entity.get("type") in ("maltego.Domain", "maltego.Website"): ip = resolve_hostname(value.text) hostname = value.text else: ip = value.text hostname = None return {"node_id": node_id, "ip": ip, "hostname": hostname}
def parseOutputString(self, output, debug=False): for vuln_json in filter(lambda x: x != '', output.split("\n")): vuln_dict = json.loads(vuln_json) host = vuln_dict.get('host') url_data = urlparse(host) ip = vuln_dict.get("ip", resolve_hostname(url_data.hostname)) host_id = self.createAndAddHost( name=ip, hostnames=[url_data.hostname]) port = url_data.port if not port: if url_data.scheme == 'https': port = 443 else: port = 80 service_id = self.createAndAddServiceToHost( host_id, name=url_data.scheme, ports=port, protocol="tcp", status='open', version='', description='web server') matched = vuln_dict.get('matched') matched_data = urlparse(matched) reference = vuln_dict["info"].get('reference', []) if reference: if isinstance(reference, str): if re.match('^- ', reference): reference = list(filter(None, [re.sub('^- ','', elem) for elem in reference.split('\n')])) else: reference = [reference] references = vuln_dict["info"].get('references', []) if references: if isinstance(references, str): if re.match('^- ', references): references = list(filter(None, [re.sub('^- ','', elem) for elem in references.split('\n')])) else: references = [references] cwe = vuln_dict['info'].get('cwe', []) capec = vuln_dict['info'].get('capec', []) refs = list(set(reference + references + cwe + capec)).sort() tags = vuln_dict['info'].get('tags', '').split(',') impact = vuln_dict['info'].get('impact') resolution = vuln_dict['info'].get('resolution', '') easeofresolution = vuln_dict['info'].get('easeofresolution') request = vuln_dict.get('request', '') if request: method = request.split(" ")[0] else: method = "" data = [f"Matched: {vuln_dict.get('matched')}", f"Tags: {vuln_dict['info'].get('tags')}", f"Template ID: {vuln_dict['templateID']}"] name = vuln_dict["info"].get("name") run_date = vuln_dict.get('timestamp') if run_date: run_date = dateutil.parser.parse(run_date) self.createAndAddVulnWebToService( host_id, service_id, name=name, desc=vuln_dict["info"].get("description", name), ref=refs, severity=vuln_dict["info"].get('severity'), tags=tags, impact=impact, resolution=resolution, easeofresolution=easeofresolution, website=host, request=request, response=vuln_dict.get('response', ''), method=method, query=matched_data.query, params=matched_data.params, path=matched_data.path, data="\n".join(data), external_id=f"NUCLEI-{vuln_dict.get('templateID', '')}", run_date=run_date )