def test_ssl_service_for_ssl_vulnerability(
self,
org_uuid=None,
network_service_uuid=None,
network_service_scan_uuid=None,
vulnerability_name=None,
):
"""
Test the given network service for the specified SSL vulnerability.
:param org_uuid: The UUID of the organization to enumerate SSL vulnerabilities on behalf of.
:param network_service_uuid: The UUID of the network service that is being scanned.
:param network_service_scan_uuid: The UUID of the network service scan that this enumeration is
a part of.
:param vulnerability_name: A string representing the vulnerability to test for.
:return: None
"""
logger.info(
"Now testing network service %s for SSL vulnerability %s."
% (network_service_uuid, vulnerability_name)
)
command_map = get_ssl_vulnerabilities_command_map()
ValidationHelper.validate_in(to_check=vulnerability_name, contained_by=command_map.keys())
command = command_map[vulnerability_name]["command"]
ip_address, port, protocol = self.get_endpoint_information(network_service_uuid)
scanner = SynchronousScanner()
server_info = ServerConnectivityInfo(hostname=ip_address, ip_address=ip_address, port=port)
try:
server_info.test_connectivity_to_server()
except ServerConnectivityError as e:
logger.warning(
"ServerConnectivityError thrown when attempting to test SSL at %s:%s for %s vulnerability: %s"
% (ip_address, port, vulnerability_name, e.message)
)
return
try:
result = scanner.run_scan_command(server_info, command())
vuln_model = SslVulnerabilityModel.from_database_model_uuid(
uuid=network_service_scan_uuid,
db_session=self.db_session,
test_errored=False,
vuln_test_name=vulnerability_name,
)
vuln_model.test_results = []
for field in command_map[vulnerability_name]["fields"]:
vuln_model.test_results.append({
"key": field,
"value": getattr(result, field),
})
vuln_model.save(org_uuid)
except (socket.error, OpenSSLError):
vuln_model = SslVulnerabilityModel.from_database_model_uuid(
uuid=network_service_scan_uuid,
db_session=self.db_session,
test_errored=True,
)
vuln_model.save(org_uuid)
logger.info(
"Network service %s successfully tested for SSL vulnerability %s."
% (network_service_uuid, vulnerability_name)
)
def __validate_sort_field(self):
"""
Ensure that the field in self.sort_field is a valid field to be sorted upon.
:return: None
"""
ValidationHelper.validate_in(to_check=self.sort_field,
contained_by=self.sortable_fields)
def __validate_export_value(self):
"""
Ensure that the value in self.export_argument is a valid string to export via.
:return: None
"""
ValidationHelper.validate_in(to_check=self.export_argument,
contained_by=self.exporter_map_keys)
def __init__(self, index=None, diffable=False, diff_key=None):
from lib import ValidationHelper
if index is not None:
ValidationHelper.validate_bool(index)
self._diffable = diffable
self._diff_key = diff_key
self.index = index
def add_should(self, component):
"""
Add the specified component as a "should" component.
:param component: The component to add.
:return: None
"""
ValidationHelper.validate_es_component_type(component)
self._should.append(component)
def add_must_not(self, component):
"""
Add the specified component as a "must" component.
:param component: The component to add.
:return: None
"""
ValidationHelper.validate_es_component_type(component)
self._must_not.append(component)
def add_ipv4_address(self, ipv4_address):
"""
Add the specified IPv4 address to the list of addresses to scan.
:param ipv4_address: The IPv4 address to scan.
:return: None
"""
ValidationHelper.validate_ipv4_address(ipv4_address)
self._ipv4_addresses.add(ipv4_address)
def scan_type(self, new_value):
"""
Set the scan type that this scanner is configured to perform.
:param new_value: The new value to set the scan type to.
:return: None
"""
ValidationHelper.validate_nmap_scan_type(new_value)
self._scan_type = new_value
def output_type(self, new_value):
"""
Set the type of file that the Nmap scan results should be written to.
:param new_value: The type of file that the scan results should be written to.
:return: None
"""
ValidationHelper.validate_nmap_output_type(new_value)
self._output_type = new_value
def __init__(self, filter_class):
"""
Initialize this filter component to have a reference to the class that it should filter
upon.
:param filter_class: The Elasticsearch model class to filter on.
"""
ValidationHelper.validate_es_model_class(filter_class)
self._filter_class = filter_class
def add_port(self, port):
"""
Add the specified port to the list of ports to scan.
:param port: The port to add
:return: None
"""
ValidationHelper.validate_port(port)
self._ports.add(port)
def add_ipv4_network(self, network):
"""
Add the specified IPv4 CIDR range to the list of IP ranges to scan.
:param network: The CIDR network to add.
:return: None
"""
ValidationHelper.validate_ipv4_cidr(network)
self._ipv4_networks.add(network)
def bandwidth(self, new_value):
"""
Set the maximum amount of bandwidth that this scan should consume.
:param new_value: The maximum amount of bandwidth that this scan should consume.
:return: None
"""
ValidationHelper.validate_zmap_bandwidth(new_value)
self._bandwidth = new_value
def target_port(self, new_value):
"""
Set the port that should be scanned.
:param new_value: The value to set as the port to scan.
:return: None
"""
ValidationHelper.validate_port(new_value)
self._target_port = int(new_value)
def speed(self, new_value):
"""
Set the speed this scanner should scan at.
:param new_value: The speed this scanner should scan at.
:return: None
"""
ValidationHelper.validate_nmap_speed(new_value)
self._speed = new_value
def add_field(self, field_name=None, direction="asc"):
"""
Add the given field as a field to sort by in the given direction.
:param field_name: The name of the field to sort by.
:param direction: The direction to sort in.
:return: None
"""
ValidationHelper.validate_sort_direction(direction)
self._fields[field_name] = direction
def add_or(self, component):
"""
Add the specified component as part of the list of "OR" components contained
by this BooleanComponent.
:param component: The component to add.
:return: None
"""
ValidationHelper.validate_es_component_type(component)
self._or_components.append(component)
def whitelist_file(self, new_value):
"""
Set the file path pointing to a file containing the network ranges to scan.
:param new_value: The new value to set self._whitelist_file to.
:return: None
"""
if new_value is not None:
ValidationHelper.validate_file_exists(new_value)
self._whitelist_file = new_value
def interface(self, new_value):
"""
Set the interface that Zmap should use for scanning.
:param new_value: A string describing the interface that Zmap should use for scanning.
:return: None
"""
if new_value is not None:
ValidationHelper.validate_interface_exists(new_value)
self._interface = new_value
def output_file(self, new_value):
"""
Set the value of self._output_file.
:param new_value: The new value to set self._output_file to.
:return: None
"""
if new_value is not None:
ValidationHelper.validate_file_does_not_exist(new_value)
self._output_file = new_value
def add_model_for_indexing(self, model=None, index=None):
"""
Add the given model to the batch queue to be indexed.
:param model: The model to add to the batch queue.
:param index: The index the model should be indexed within.
:return: None
"""
ValidationHelper.validate_es_model_type(model)
self._batch_queue.append(("index", index, model))
def blacklist_file(self, new_value):
"""
Set the value of the file path to a file containing networks that should be excluded from
the scan.
:param new_value: The local file path to the blacklist file.
:return: None
"""
if new_value is not None:
ValidationHelper.validate_file_exists(new_value)
self._blacklist_file = new_value
def _validate_queryable_field(self, field):
"""
Validate that the given field is a field that can be queried upon in self.queried_class.
:param field: The field to check.
:return: None
"""
if "." in field:
field = field[:field.find(".")]
ValidationHelper.validate_in(to_check=field,
contained_by=self.queryable_fields)
def search_model(self, model_class=None, *args, **kwargs):
"""
Search an index for the referenced model type using the Elasticsearch query DSL.
:param model_class: A model class to search for.
:param args: Positional arguments for elasticsearch.search.
:param kwargs: Keyword arguments for elasticsearch.search.
:return: The result of elasticsearch.search.
"""
ValidationHelper.validate_es_model_class(model_class)
kwargs["doc_type"] = model_class.get_doc_type()
return self.search_index(*args, **kwargs)
def add_aggregate(self, aggregate):
"""
Add the given aggregate to the current query DSL.
:param aggregate: The aggregate to add.
:return: None
"""
ValidationHelper.validate_not_in(
to_check=aggregate.name,
contained_by=self._aggregates.keys(),
)
self._aggregates[aggregate.name] = aggregate
def from_response(cls, response):
"""
Create and return a list of instances of this class as populated by the results found in the
given ElasticsearchQueryResponse.
:param response: The ElasticsearchQueryResponse to process.
:return: A list of instances of this class as populated by the results found in the
given ElasticsearchQueryResponse.
"""
ValidationHelper.validate_type(
to_check=response, expected_class=ElasticsearchQueryResponse)
return [cls.from_response_result(x) for x in response.results]
def add_port_range(self, start=None, end=None):
"""
Add the specified range of ports to the ports to scan
:param start: The beginning of the range.
:param end: The end of the range (inclusive).
:return: None
"""
ValidationHelper.validate_port_range(start=start, end=end)
start = int(start)
end = int(end)
self._port_ranges.add((start, end))
def __init__(self, mime_string):
"""
Initializes the class to maintain a reference to the MIME string in mime_string.
:param mime_string: A string containing a MIME type.
:return: None
"""
try:
ValidationHelper.validate_mime_string(mime_string)
except ValueError as e:
raise InvalidMimeStringError(message=e.message)
super(MimeWrapper, self).__init__(mime_string)
self.__prepare_string_components()
def index_model(self, model=None, *args, **kwargs):
"""
Create and index a new Elasticsearch document based on the contents of model.
:param model: An instance of an Elasticsearch model to index.
:param args: Positional arguments for elasticsearch.index.
:param kwargs: Keyword arguments for elasticsearch.index.
:return: The result of indexing the given document.
"""
ValidationHelper.validate_es_model_type(model)
kwargs["body"] = model.to_es_dict()
kwargs["doc_type"] = model.doc_type
return self.index_document(*args, **kwargs)
def probe_module(self, new_value):
"""
Set the probe module that Zmap should use to connect to the referenced endpoints.
:param new_value: A string representing the probe module that Zmap should use to connect
to the referenced endpoints.
:return: None
"""
ValidationHelper.validate_in(
to_check=new_value,
contained_by=self.possible_probe_modules,
)
self._probe_module = new_value
