def run_xsser(self, hostname, url, args): """ Run XSSer against the given target. :param url: The URL to be tested. :type url: str :param command: Path to the XSSer script. :type command: str :param args: The arguments to pass to XSSer. :type args: list :return: True id successful, False otherwise. :rtype: bool """ Logger.log("Launching XSSer against: %s" % url) Logger.log_more_verbose("XSSer arguments: %s" % " ".join(args)) xsser_script = join(get_tools_folder(), "xsser", "xsser.py") with ConnectionSlot(hostname): t1 = time() code = run_external_tool(xsser_script, args, callback=Logger.log_verbose) t2 = time() if code: Logger.log_error("XSSer execution failed, status code: %d" % code) return False Logger.log("XSSer scan finished in %s seconds for target: %s" % (t2 - t1, url)) return True
def make_injection(self, target, args): """ Run SQLMap against the given target. :param target: URL to scan. :type target: URL :param args: Arguments to pass to SQLMap. :type args: list(str) :return: True on success, False on failure. :rtype: bool """ Logger.log("Launching SQLMap against: %s" % target) Logger.log_more_verbose("SQLMap arguments: %s" % " ".join(args)) sqlmap_script = join(get_tools_folder(), "sqlmap", "sqlmap.py") with ConnectionSlot(target): t1 = time() code = run_external_tool(sqlmap_script, args, callback=Logger.log_verbose) t2 = time() if code: Logger.log_error("SQLMap execution failed, status code: %d" % code) return False Logger.log( "SQLMap scan finished in %s seconds for target: %s" % (t2 - t1, target)) return True
def run(self, info): # Build the command line arguments for Nmap. args = shlex.split(Config.plugin_args["args"]) if info.version == 6 and "-6" not in args: args.append("-6") args.append(info.address) # The Nmap output will be saved in XML format in a temporary file. with tempfile(suffix=".xml") as output: args.append("-oX") args.append(output) # Run Nmap and capture the text output. Logger.log("Launching Nmap against: %s" % info.address) Logger.log_more_verbose("Nmap arguments: %s" % " ".join(args)) with ConnectionSlot(info.address): t1 = time() code = run_external_tool("nmap", args, callback=Logger.log_verbose) t2 = time() # Log the output in extra verbose mode. if code: Logger.log_error("Nmap execution failed, status code: %d" % code) else: Logger.log("Nmap scan finished in %s seconds for target: %s" % (t2 - t1, info.address)) # Parse and return the results. return self.parse_nmap_results(info, output)
def test(self, hostname, port, starttls=False): """ Test against the specified hostname and port. :param hostname: Hostname to test. :type hostname: str :param port: TCP port to test. :type port: int :param starttls: True to issue a STARTTLS command, False otherwise. This is useful for SMTP only. :type starttls: bool :returns: True if the host is vulnerable, False otherwise. :rtype: bool """ # Don't scan the same host and port twice. if self.state.put("%s:%d" % (hostname, port), True): Logger.log_more_verbose("Host %s:%d already scanned, skipped." % (hostname, port)) return False # Request permission to connect to the host. with ConnectionSlot(hostname): # Test the host and port. success = self.__test(hostname, port, starttls=starttls, version="1.1") if not success: success = self.__test(hostname, port, starttls=starttls, version="1.2") if not success: success = self.__test(hostname, port, starttls=starttls, version="1.0") return success
def run_nikto(self, info, output_filename, command, args): """ Run Nikto and convert the output to the GoLismero data model. :param info: Base URL to scan. :type info: BaseURL :param output_filename: Path to the output filename. The format should always be CSV. :type output_filename: str :param command: Path to the Nikto script. :type command: str :param args: Arguments to pass to Nikto. :type args: list(str) :returns: Results from the Nikto scan. :rtype: list(Data) """ # Get the Nikto directory. cwd = split(abspath(command))[0] # On Windows, we must run Perl explicitly. # Also it only works under Cygwin. if sep == "\\": perl = find_cygwin_binary_in_path("perl.exe") if not perl: Logger.log_error( "Perl interpreter not found, cannot run Nikto!") args.insert(0, command) command = perl # Run Nikto and capture the text output. Logger.log("Launching Nikto against: %s" % info.hostname) Logger.log_more_verbose("Nikto arguments: %s %s" % (command, " ".join(args))) with ConnectionSlot(info.hostname): code = run_external_tool(command, args, cwd=cwd, callback=Logger.log_verbose) # Log the output in extra verbose mode. if code: Logger.log_error("Nikto execution failed, status code: %d" % code) # Parse the results. results, vuln_count = self.parse_nikto_results(info, output_filename) # Log how many results we found. msg = ("Nikto found %d vulnerabilities for host: %s" % ( vuln_count, info.hostname, )) if vuln_count: Logger.log(msg) else: Logger.log_verbose(msg) # Return the results. return results
def launch_sslscan(self, hostname, port): """ Launch SSLScan against the specified hostname and port. :param hostname: Hostname to test. :type hostname: str :param port: TCP port to test. :type port: int """ # Don't scan the same host and port twice. if self.state.put("%s:%d" % (hostname, port), True): Logger.log_more_verbose( "Host %s:%d already scanned, skipped." % (hostname, port)) return # Workaround for a bug in SSLScan: if the target port doesn't # answer back the SSL handshake (i.e. if port 443 is open but # another protocol is being used) then SSLScan just blocks # indefinitely. try: with ConnectionSlot(hostname): s = socket(AF_INET, SOCK_STREAM) try: s.settimeout(4.0) s.connect( (hostname, port) ) s = wrap_socket(s) s.shutdown(2) finally: s.close() except Exception: Logger.log_error_more_verbose( "Host %s:%d doesn't seem to support SSL, aborting." % (hostname, port)) return # Create a temporary output file. with tempfile(suffix = ".xml") as output: # Build the command line arguments. args = [ "--no-failed", "--xml=" + output, # non standard cmdline parsing :( "%s:%d" % (hostname, port), ] # Run SSLScan and capture the text output. Logger.log("Launching SSLScan against: %s" % hostname) Logger.log_more_verbose("SSLScan arguments: %s" % " ".join(args)) with ConnectionSlot(hostname): t1 = time() code = run_external_tool("sslscan", args, callback=Logger.log_verbose) t2 = time() if code: if code < 0 and sep == "\\": asc_code = "0x%.8X" % code else: asc_code = str(code) Logger.log_error( "SSLScan execution failed, status code: %s" % asc_code) else: Logger.log("SSLScan scan finished in %s seconds for target: %s" % (t2 - t1, hostname)) # Parse and return the results. r, v = self.parse_sslscan_results(output) if v: Logger.log("Found %s SSL vulnerabilities." % v) else: Logger.log("No SSL vulnerabilities found.") return r