def run_xsser(self, hostname, url, args):
"""
Run XSSer against the given target.
:param url: The URL to be tested.
:type url: str
:param command: Path to the XSSer script.
:type command: str
:param args: The arguments to pass to XSSer.
:type args: list
:return: True id successful, False otherwise.
:rtype: bool
"""
Logger.log("Launching XSSer against: %s" % url)
Logger.log_more_verbose("XSSer arguments: %s" % " ".join(args))
xsser_script = join(get_tools_folder(), "xsser", "xsser.py")
with ConnectionSlot(hostname):
t1 = time()
code = run_external_tool(xsser_script,
args,
callback=Logger.log_verbose)
t2 = time()
if code:
Logger.log_error("XSSer execution failed, status code: %d" % code)
return False
Logger.log("XSSer scan finished in %s seconds for target: %s" %
(t2 - t1, url))
return True
def make_injection(self, target, args):
"""
Run SQLMap against the given target.
:param target: URL to scan.
:type target: URL
:param args: Arguments to pass to SQLMap.
:type args: list(str)
:return: True on success, False on failure.
:rtype: bool
"""
Logger.log("Launching SQLMap against: %s" % target)
Logger.log_more_verbose("SQLMap arguments: %s" % " ".join(args))
sqlmap_script = join(get_tools_folder(), "sqlmap", "sqlmap.py")
with ConnectionSlot(target):
t1 = time()
code = run_external_tool(sqlmap_script, args,
callback=Logger.log_verbose)
t2 = time()
if code:
Logger.log_error("SQLMap execution failed, status code: %d" % code)
return False
Logger.log(
"SQLMap scan finished in %s seconds for target: %s"
% (t2 - t1, target))
return True
def run(self, info):
# Build the command line arguments for Nmap.
args = shlex.split(Config.plugin_args["args"])
if info.version == 6 and "-6" not in args:
args.append("-6")
args.append(info.address)
# The Nmap output will be saved in XML format in a temporary file.
with tempfile(suffix=".xml") as output:
args.append("-oX")
args.append(output)
# Run Nmap and capture the text output.
Logger.log("Launching Nmap against: %s" % info.address)
Logger.log_more_verbose("Nmap arguments: %s" % " ".join(args))
with ConnectionSlot(info.address):
t1 = time()
code = run_external_tool("nmap",
args,
callback=Logger.log_verbose)
t2 = time()
# Log the output in extra verbose mode.
if code:
Logger.log_error("Nmap execution failed, status code: %d" %
code)
else:
Logger.log("Nmap scan finished in %s seconds for target: %s" %
(t2 - t1, info.address))
# Parse and return the results.
return self.parse_nmap_results(info, output)
def test(self, hostname, port, starttls=False):
"""
Test against the specified hostname and port.
:param hostname: Hostname to test.
:type hostname: str
:param port: TCP port to test.
:type port: int
:param starttls: True to issue a STARTTLS command, False otherwise.
This is useful for SMTP only.
:type starttls: bool
:returns: True if the host is vulnerable, False otherwise.
:rtype: bool
"""
# Don't scan the same host and port twice.
if self.state.put("%s:%d" % (hostname, port), True):
Logger.log_more_verbose("Host %s:%d already scanned, skipped." %
(hostname, port))
return False
# Request permission to connect to the host.
with ConnectionSlot(hostname):
# Test the host and port.
success = self.__test(hostname,
port,
starttls=starttls,
version="1.1")
if not success:
success = self.__test(hostname,
port,
starttls=starttls,
version="1.2")
if not success:
success = self.__test(hostname,
port,
starttls=starttls,
version="1.0")
return success
def run_nikto(self, info, output_filename, command, args):
"""
Run Nikto and convert the output to the GoLismero data model.
:param info: Base URL to scan.
:type info: BaseURL
:param output_filename: Path to the output filename.
The format should always be CSV.
:type output_filename: str
:param command: Path to the Nikto script.
:type command: str
:param args: Arguments to pass to Nikto.
:type args: list(str)
:returns: Results from the Nikto scan.
:rtype: list(Data)
"""
# Get the Nikto directory.
cwd = split(abspath(command))[0]
# On Windows, we must run Perl explicitly.
# Also it only works under Cygwin.
if sep == "\\":
perl = find_cygwin_binary_in_path("perl.exe")
if not perl:
Logger.log_error(
"Perl interpreter not found, cannot run Nikto!")
args.insert(0, command)
command = perl
# Run Nikto and capture the text output.
Logger.log("Launching Nikto against: %s" % info.hostname)
Logger.log_more_verbose("Nikto arguments: %s %s" %
(command, " ".join(args)))
with ConnectionSlot(info.hostname):
code = run_external_tool(command,
args,
cwd=cwd,
callback=Logger.log_verbose)
# Log the output in extra verbose mode.
if code:
Logger.log_error("Nikto execution failed, status code: %d" % code)
# Parse the results.
results, vuln_count = self.parse_nikto_results(info, output_filename)
# Log how many results we found.
msg = ("Nikto found %d vulnerabilities for host: %s" % (
vuln_count,
info.hostname,
))
if vuln_count:
Logger.log(msg)
else:
Logger.log_verbose(msg)
# Return the results.
return results
def launch_sslscan(self, hostname, port):
"""
Launch SSLScan against the specified hostname and port.
:param hostname: Hostname to test.
:type hostname: str
:param port: TCP port to test.
:type port: int
"""
# Don't scan the same host and port twice.
if self.state.put("%s:%d" % (hostname, port), True):
Logger.log_more_verbose(
"Host %s:%d already scanned, skipped."
% (hostname, port))
return
# Workaround for a bug in SSLScan: if the target port doesn't
# answer back the SSL handshake (i.e. if port 443 is open but
# another protocol is being used) then SSLScan just blocks
# indefinitely.
try:
with ConnectionSlot(hostname):
s = socket(AF_INET, SOCK_STREAM)
try:
s.settimeout(4.0)
s.connect( (hostname, port) )
s = wrap_socket(s)
s.shutdown(2)
finally:
s.close()
except Exception:
Logger.log_error_more_verbose(
"Host %s:%d doesn't seem to support SSL, aborting."
% (hostname, port))
return
# Create a temporary output file.
with tempfile(suffix = ".xml") as output:
# Build the command line arguments.
args = [
"--no-failed",
"--xml=" + output, # non standard cmdline parsing :(
"%s:%d" % (hostname, port),
]
# Run SSLScan and capture the text output.
Logger.log("Launching SSLScan against: %s" % hostname)
Logger.log_more_verbose("SSLScan arguments: %s" % " ".join(args))
with ConnectionSlot(hostname):
t1 = time()
code = run_external_tool("sslscan", args,
callback=Logger.log_verbose)
t2 = time()
if code:
if code < 0 and sep == "\\":
asc_code = "0x%.8X" % code
else:
asc_code = str(code)
Logger.log_error(
"SSLScan execution failed, status code: %s" % asc_code)
else:
Logger.log("SSLScan scan finished in %s seconds for target: %s"
% (t2 - t1, hostname))
# Parse and return the results.
r, v = self.parse_sslscan_results(output)
if v:
Logger.log("Found %s SSL vulnerabilities." % v)
else:
Logger.log("No SSL vulnerabilities found.")
return r