def test_ssl_service_for_ssl_vulnerability( self, org_uuid=None, network_service_uuid=None, network_service_scan_uuid=None, vulnerability_name=None, ): """ Test the given network service for the specified SSL vulnerability. :param org_uuid: The UUID of the organization to enumerate SSL vulnerabilities on behalf of. :param network_service_uuid: The UUID of the network service that is being scanned. :param network_service_scan_uuid: The UUID of the network service scan that this enumeration is a part of. :param vulnerability_name: A string representing the vulnerability to test for. :return: None """ logger.info( "Now testing network service %s for SSL vulnerability %s." % (network_service_uuid, vulnerability_name) ) command_map = get_ssl_vulnerabilities_command_map() ValidationHelper.validate_in(to_check=vulnerability_name, contained_by=command_map.keys()) command = command_map[vulnerability_name]["command"] ip_address, port, protocol = self.get_endpoint_information(network_service_uuid) scanner = SynchronousScanner() server_info = ServerConnectivityInfo(hostname=ip_address, ip_address=ip_address, port=port) try: server_info.test_connectivity_to_server() except ServerConnectivityError as e: logger.warning( "ServerConnectivityError thrown when attempting to test SSL at %s:%s for %s vulnerability: %s" % (ip_address, port, vulnerability_name, e.message) ) return try: result = scanner.run_scan_command(server_info, command()) vuln_model = SslVulnerabilityModel.from_database_model_uuid( uuid=network_service_scan_uuid, db_session=self.db_session, test_errored=False, vuln_test_name=vulnerability_name, ) vuln_model.test_results = [] for field in command_map[vulnerability_name]["fields"]: vuln_model.test_results.append({ "key": field, "value": getattr(result, field), }) vuln_model.save(org_uuid) except (socket.error, OpenSSLError): vuln_model = SslVulnerabilityModel.from_database_model_uuid( uuid=network_service_scan_uuid, db_session=self.db_session, test_errored=True, ) vuln_model.save(org_uuid) logger.info( "Network service %s successfully tested for SSL vulnerability %s." % (network_service_uuid, vulnerability_name) )
def __validate_sort_field(self): """ Ensure that the field in self.sort_field is a valid field to be sorted upon. :return: None """ ValidationHelper.validate_in(to_check=self.sort_field, contained_by=self.sortable_fields)
def __validate_export_value(self): """ Ensure that the value in self.export_argument is a valid string to export via. :return: None """ ValidationHelper.validate_in(to_check=self.export_argument, contained_by=self.exporter_map_keys)
def __init__(self, index=None, diffable=False, diff_key=None): from lib import ValidationHelper if index is not None: ValidationHelper.validate_bool(index) self._diffable = diffable self._diff_key = diff_key self.index = index
def add_should(self, component): """ Add the specified component as a "should" component. :param component: The component to add. :return: None """ ValidationHelper.validate_es_component_type(component) self._should.append(component)
def add_must_not(self, component): """ Add the specified component as a "must" component. :param component: The component to add. :return: None """ ValidationHelper.validate_es_component_type(component) self._must_not.append(component)
def add_ipv4_address(self, ipv4_address): """ Add the specified IPv4 address to the list of addresses to scan. :param ipv4_address: The IPv4 address to scan. :return: None """ ValidationHelper.validate_ipv4_address(ipv4_address) self._ipv4_addresses.add(ipv4_address)
def scan_type(self, new_value): """ Set the scan type that this scanner is configured to perform. :param new_value: The new value to set the scan type to. :return: None """ ValidationHelper.validate_nmap_scan_type(new_value) self._scan_type = new_value
def output_type(self, new_value): """ Set the type of file that the Nmap scan results should be written to. :param new_value: The type of file that the scan results should be written to. :return: None """ ValidationHelper.validate_nmap_output_type(new_value) self._output_type = new_value
def __init__(self, filter_class): """ Initialize this filter component to have a reference to the class that it should filter upon. :param filter_class: The Elasticsearch model class to filter on. """ ValidationHelper.validate_es_model_class(filter_class) self._filter_class = filter_class
def add_port(self, port): """ Add the specified port to the list of ports to scan. :param port: The port to add :return: None """ ValidationHelper.validate_port(port) self._ports.add(port)
def add_ipv4_network(self, network): """ Add the specified IPv4 CIDR range to the list of IP ranges to scan. :param network: The CIDR network to add. :return: None """ ValidationHelper.validate_ipv4_cidr(network) self._ipv4_networks.add(network)
def bandwidth(self, new_value): """ Set the maximum amount of bandwidth that this scan should consume. :param new_value: The maximum amount of bandwidth that this scan should consume. :return: None """ ValidationHelper.validate_zmap_bandwidth(new_value) self._bandwidth = new_value
def target_port(self, new_value): """ Set the port that should be scanned. :param new_value: The value to set as the port to scan. :return: None """ ValidationHelper.validate_port(new_value) self._target_port = int(new_value)
def speed(self, new_value): """ Set the speed this scanner should scan at. :param new_value: The speed this scanner should scan at. :return: None """ ValidationHelper.validate_nmap_speed(new_value) self._speed = new_value
def add_field(self, field_name=None, direction="asc"): """ Add the given field as a field to sort by in the given direction. :param field_name: The name of the field to sort by. :param direction: The direction to sort in. :return: None """ ValidationHelper.validate_sort_direction(direction) self._fields[field_name] = direction
def add_or(self, component): """ Add the specified component as part of the list of "OR" components contained by this BooleanComponent. :param component: The component to add. :return: None """ ValidationHelper.validate_es_component_type(component) self._or_components.append(component)
def whitelist_file(self, new_value): """ Set the file path pointing to a file containing the network ranges to scan. :param new_value: The new value to set self._whitelist_file to. :return: None """ if new_value is not None: ValidationHelper.validate_file_exists(new_value) self._whitelist_file = new_value
def interface(self, new_value): """ Set the interface that Zmap should use for scanning. :param new_value: A string describing the interface that Zmap should use for scanning. :return: None """ if new_value is not None: ValidationHelper.validate_interface_exists(new_value) self._interface = new_value
def output_file(self, new_value): """ Set the value of self._output_file. :param new_value: The new value to set self._output_file to. :return: None """ if new_value is not None: ValidationHelper.validate_file_does_not_exist(new_value) self._output_file = new_value
def add_model_for_indexing(self, model=None, index=None): """ Add the given model to the batch queue to be indexed. :param model: The model to add to the batch queue. :param index: The index the model should be indexed within. :return: None """ ValidationHelper.validate_es_model_type(model) self._batch_queue.append(("index", index, model))
def blacklist_file(self, new_value): """ Set the value of the file path to a file containing networks that should be excluded from the scan. :param new_value: The local file path to the blacklist file. :return: None """ if new_value is not None: ValidationHelper.validate_file_exists(new_value) self._blacklist_file = new_value
def _validate_queryable_field(self, field): """ Validate that the given field is a field that can be queried upon in self.queried_class. :param field: The field to check. :return: None """ if "." in field: field = field[:field.find(".")] ValidationHelper.validate_in(to_check=field, contained_by=self.queryable_fields)
def search_model(self, model_class=None, *args, **kwargs): """ Search an index for the referenced model type using the Elasticsearch query DSL. :param model_class: A model class to search for. :param args: Positional arguments for elasticsearch.search. :param kwargs: Keyword arguments for elasticsearch.search. :return: The result of elasticsearch.search. """ ValidationHelper.validate_es_model_class(model_class) kwargs["doc_type"] = model_class.get_doc_type() return self.search_index(*args, **kwargs)
def add_aggregate(self, aggregate): """ Add the given aggregate to the current query DSL. :param aggregate: The aggregate to add. :return: None """ ValidationHelper.validate_not_in( to_check=aggregate.name, contained_by=self._aggregates.keys(), ) self._aggregates[aggregate.name] = aggregate
def from_response(cls, response): """ Create and return a list of instances of this class as populated by the results found in the given ElasticsearchQueryResponse. :param response: The ElasticsearchQueryResponse to process. :return: A list of instances of this class as populated by the results found in the given ElasticsearchQueryResponse. """ ValidationHelper.validate_type( to_check=response, expected_class=ElasticsearchQueryResponse) return [cls.from_response_result(x) for x in response.results]
def add_port_range(self, start=None, end=None): """ Add the specified range of ports to the ports to scan :param start: The beginning of the range. :param end: The end of the range (inclusive). :return: None """ ValidationHelper.validate_port_range(start=start, end=end) start = int(start) end = int(end) self._port_ranges.add((start, end))
def __init__(self, mime_string): """ Initializes the class to maintain a reference to the MIME string in mime_string. :param mime_string: A string containing a MIME type. :return: None """ try: ValidationHelper.validate_mime_string(mime_string) except ValueError as e: raise InvalidMimeStringError(message=e.message) super(MimeWrapper, self).__init__(mime_string) self.__prepare_string_components()
def index_model(self, model=None, *args, **kwargs): """ Create and index a new Elasticsearch document based on the contents of model. :param model: An instance of an Elasticsearch model to index. :param args: Positional arguments for elasticsearch.index. :param kwargs: Keyword arguments for elasticsearch.index. :return: The result of indexing the given document. """ ValidationHelper.validate_es_model_type(model) kwargs["body"] = model.to_es_dict() kwargs["doc_type"] = model.doc_type return self.index_document(*args, **kwargs)
def probe_module(self, new_value): """ Set the probe module that Zmap should use to connect to the referenced endpoints. :param new_value: A string representing the probe module that Zmap should use to connect to the referenced endpoints. :return: None """ ValidationHelper.validate_in( to_check=new_value, contained_by=self.possible_probe_modules, ) self._probe_module = new_value