def Attacks(kwargs, url, data):
info('Starting attacks module...')
for file in dirs(path):
file = file.split('.py')[0]
__import__('plugins.attacks.%s' % (file))
module = sys.modules['plugins.attacks.%s' % (file)]
module = module.__dict__[file]
module(kwargs, url, data).run()
def start(self):
kwargs = ARGS
# PTIME(self.url)
vulnerabylitiesResponse = []
for file in dirs(path):
name_file = file.split('.py')[0]
result = False
at_least_one = False
if name_file in self.vulnerabilities:
# crawler
current_url = None
result = False
try:
for u in Crawler().run(kwargs, self.url, kwargs['data']):
current_url = u.split("?")[0] + "?id=1"
__import__('plugins.attacks.%s' % name_file)
module = sys.modules['plugins.attacks.%s' % name_file]
module = module.__dict__[name_file]
status = module(kwargs, current_url,
kwargs['data']).run()
if status:
result = True
at_least_one = True
vulnerabylitiesResponse.append({
'Vulnerability':
name_file,
'VulnerabilityStatus':
str(result),
'VulnerableUrl':
str(current_url)
})
if at_least_one == False:
vulnerabylitiesResponse.append({
'Vulnerability':
name_file,
'VulnerabilityStatus':
str(result),
'VulnerableUrl':
str(self.url)
})
except urllib2.URLError as e: # Exception when URL doesn't exist
vulnerabylitiesResponse.append({'Error': str(e)})
except ValueError as e: # Exception when the URL doesn't include a protocol
vulnerabylitiesResponse.append({'Error': str(e)})
except socket.error as e: # Exception when request is timed out
vulnerabylitiesResponse.append({'Error': str(e)})
# print(vulnerabylitiesResponse)
# CREATE POST
responseObject = json.dumps({
'URL_Tested': str(self.url),
'IdScann': str(self.id_scann),
'Results': vulnerabylitiesResponse
})
headers = {'Content-type': 'application/json', 'Accept': 'text/plain'}
requests.post('http://vulnerabilityscanner_web_1:3000/api/v1/notify',
data=responseObject,
headers=headers)
def Audit(kwargs,url,data):
url = CNQuery(url)
info('Starting audit module...')
for file in dirs(path):
file = file.split('.py')[0]
__import__('plugins.audit.%s'%(file))
module = sys.modules['plugins.audit.%s'%(file)]
module = module.__dict__[file]
module(kwargs,url,data).run()
def Waf(headers, content):
web_app_firewall = []
path = g_path + 'waf/'
for file in dirs(path):
file = file.split('.py')[0]
__import__('plugins.fingerprint.waf.%s' % (file))
module = sys.modules['plugins.fingerprint.waf.%s' % (file)]
module = module.__dict__[file]
web_app_firewall.append(module(headers, content))
return web_app_firewall
def Os(headers):
operating_system = []
path = g_path + 'os/'
for file in dirs(path):
file = file.split('.py')[0]
__import__('plugins.fingerprint.os.%s' % (file))
module = sys.modules['plugins.fingerprint.os.%s' % (file)]
module = module.__dict__[file]
operating_system.append(module(headers))
return operating_system
def Language(content):
language = []
path = g_path + 'language/'
for file in dirs(path):
file = file.split('.py')[0]
__import__('plugins.fingerprint.language.%s' % (file))
module = sys.modules['plugins.fingerprint.language.%s' % (file)]
module = module.__dict__[file]
language.append(module(content))
return language
def Framework(headers, content):
framework = []
path = g_path + 'framework/'
for file in dirs(path):
file = file.split('.py')[0]
__import__('plugins.fingerprint.framework.%s' % (file))
module = sys.modules['plugins.fingerprint.framework.%s' % (file)]
module = module.__dict__[file]
framework.append(module(headers, content))
return framework
def Cms(headers, content):
cms = []
path = g_path + 'cms/'
for file in dirs(path):
file = file.split('.py')[0]
__import__('plugins.fingerprint.cms.%s' % (file))
module = sys.modules['plugins.fingerprint.cms.%s' % (file)]
module = module.__dict__[file]
cms.append(module(headers, content))
return cms
def run(self):
info('Starting disclosure module...')
req = self.Send(url=self.url, method='GET')
for file in dirs(path):
file = file.split('.py')[0]
__import__('plugins.disclosure.%s' % (file))
module = sys.modules['plugins.disclosure.%s' % (file)]
module = module.__dict__[file]
if file == 'errors': module(req.content, req.url)
else: module(req.content)
def start(self):
kwargs = ARGS
# PTIME(self.url)
kwargs['auth'] = self.get_cookie_session()
vulnerabylitiesResponse = []
for file in dirs(path):
name_file = file.split('.py')[0]
result = False
at_least_one = False
if name_file in self.vulnerabilities:
# crawler
current_url = None
result = False
list = Crawler().run(kwargs, self.url, kwargs['data'])
for u in list:
current_url = u.split("?")[0] + "?id=1"
__import__('plugins.attacks.%s' % name_file)
module = sys.modules['plugins.attacks.%s' % name_file]
module = module.__dict__[name_file]
try:
results_from_attacks = module(kwargs, current_url,
kwargs['data']).run()
if results_from_attacks is not None and results_from_attacks[
0]:
status = results_from_attacks[0]
payload = results_from_attacks[1]
else:
status = None
payload = None
if status:
result = True
at_least_one = True
current_url = current_url.split("?")[0]
vulnerabylitiesResponse.append({
'Vulnerability':
name_file,
'VulnerabilityStatus':
result,
'VulnerableUrl':
str(current_url),
'Payload':
str(payload)
})
if at_least_one == False:
vulnerabylitiesResponse.append({
'Vulnerability':
name_file,
'VulnerabilityStatus':
result,
'VulnerableUrl':
str(u)
})
except urllib2.URLError as e: # Exception when URL doesn't exist
vulnerabylitiesResponse.append({
'Error': str(e),
'Url': str(u)
})
except ValueError as e: # Exception when the URL doesn't include a protocol
vulnerabylitiesResponse.append({
'Error': str(e),
'Url': str(u)
})
except socket.error as e: # Exception when request is timed out
vulnerabylitiesResponse.append({
'Error': str(e),
'Url': str(u)
})
print(vulnerabylitiesResponse)
# CREATE POST
responseObject = json.dumps({
'URL_Tested': str(self.url),
'IdScann': str(self.id_scann),
'Results': vulnerabylitiesResponse
})
print(responseObject)
def start(self):
vulnerabylitiesResponse = []
url_status = self.test_url() # Test URL before scanning
if url_status[0]:
kwargs = ARGS
# PTIME(self.url)
kwargs['auth'] = self.get_cookie_session()
for file in dirs(path):
name_file = file.split('.py')[0]
# result = False
# at_least_one = False
if name_file in self.vulnerabilities:
# crawler
current_url = None
result = False
url_list = Crawler().run(kwargs, self.url, kwargs['data'])
for u in url_list:
if "?" not in u:
current_url = u + "?id=1"
else:
current_url = u
__import__('plugins.attacks.%s' % name_file)
module = sys.modules['plugins.attacks.%s' % name_file]
module = module.__dict__[name_file]
results_from_attacks = module(kwargs, current_url,
kwargs['data']).run()
if results_from_attacks is not None and results_from_attacks[
0]:
status = results_from_attacks[0]
payload = results_from_attacks[1]
else:
status = False
payload = None
if status:
result = True
# at_least_one = True
current_url = current_url.split("?")[0]
vulnerabylitiesResponse.append({
'Vulnerability':
name_file,
'VulnerabilityStatus':
result,
'VulnerableUrl':
str(current_url),
'Payload':
str(payload)
})
# if at_least_one == False:
# vulnerabylitiesResponse.append(
# {'Vulnerability': name_file, 'VulnerabilityStatus': result,
# 'VulnerableUrl': str(u)})
else:
vulnerabylitiesResponse.append({
'Error': str(url_status[1]),
'Url': str(self.url)
})
print(vulnerabylitiesResponse)
# CREATE POST
responseObject = json.dumps({
'URL_Tested': str(self.url),
'IdScann': str(self.id_scann),
'Results': vulnerabylitiesResponse
})
print(responseObject)
correctRequest = False
while correctRequest == False:
try:
headers = {
'Content-type': 'application/json',
'Accept': 'text/plain'
}
req = requests.post(
'http://vulnerabilityscanner_web_1:3000/api/v1/notify',
data=responseObject,
headers=headers)
# req = requests.post('http://localhost:5000/', data=responseObject, headers=headers)
if req.status_code == 200:
correctRequest = True
except requests.exceptions.RequestException as e:
print("Post Error")
