def search_by_regex_names(name_list, stats=False, target_id=None):
"""Allows searching of the grep_outputs table using a regex name
.note::
What this function returns is a list of list containing
+ regex_name
+ grep_outputs - list of unique matches
+ transaction_ids - list of one transaction id per unique match
+ match_percent
:param name_list: List of names
:type name_list: `list`
:param stats: True/false
:type stats: `bool`
:param target_id: target ID
:type target_id: `int`
:return: List of matched ids
:rtype: `list`
"""
session = get_scoped_session()
results = [
search_by_regex_name(session,
regex_name,
stats=stats,
target_id=target_id) for regex_name in name_list
]
return results
def get_indexed_targets():
"""Get indexed targets
:return:
:rtype:
"""
session = get_scoped_session()
results = session.query(models.Target.id, models.Target.target_url).all()
return results
def get_urls_to_visit():
"""Gets urls to visit for a target
:param target: Target
:type target: `str`
:return: List of not visited URLs
:rtype: `list`
"""
session = get_scoped_session()
urls = session.query(models.Url.url).filter_by(visited=False).all()
urls = [i[0] for i in urls]
return urls
def get_all_in_scope(key):
"""Get all targets in scope by key
:param key: Key
:type key: `str`
:return: List of target keys
:rtype: `list`
"""
session = get_scoped_session()
results = session.query(getattr(models.Target, key.lower())).filter_by(scope=True).all()
results = [result[0] for result in results]
return results
def __init__(self):
self.plugin_handler = plugin_handler
self.reporter = reporter
self.requester = requester
self.shell = shell
self.timer = timer
self.session = get_scoped_session()
# Compile regular expressions only once on init:
self.robots_allow_regex = re.compile("Allow: ([^\n #]+)")
self.robots_disallow_regex = re.compile("Disallow: ([^\n #]+)")
self.robots_sitemap = re.compile("Sitemap: ([^\n #]+)")
self.logger = logger
self.logger.setup_logging()
def get_targets_as_list(key_list):
"""Get everything as list
:param key_list: Target key list
:type key_list: `list`
:return: Values list
:rtype: `list`
"""
session = get_scoped_session()
values = []
for key in key_list:
values.append(get_all_targets(session, key))
return values
def __init__(self, **kwargs):
"""
Ideally not to override this but can be done if needed. If overridden
please give a call to super() and make sure you run this
"""
self.poison_q = Queue()
self._process = None
self.output_q = None
self.session = get_scoped_session()
self.logger = logger
signal.signal(signal.SIGINT, signal_handler)
self.logger.setup_logging()
for key in list(kwargs.keys()): # Attach all kwargs to self
setattr(self, key, kwargs.get(key, None))
super(OWTFProcess, self).__init__()
def __init__(self, options):
self.timer = timer
self.plugin_group = None
self.simulation = None
self.scope = None
self.only_plugins = None
self.except_plugins = None
self.only_plugins_list = None
self.except_plugins_list = None
self.options = options
self.plugin_count = 0
self.session = get_scoped_session()
self.scanner = Scanner()
self.logger = logger
self.logger.setup_logging()
def get_transaction_by_id(id):
"""Get transaction object by id
:param id: ID to fetch
:type id: `int`
:return: Transaction object
:rtype::`Class:model.Transaction`
"""
session = get_scoped_session()
model_obj = None
try:
id = int(id)
model_obj = session.query(models.Transaction).get(id)
except ValueError:
pass
finally:
return model_obj # None returned if no such transaction.
def log_transactions_from_logger(transactions_dict):
"""Logs transactions as they come into the DB
.note::
Transaction_dict is a dictionary with target_id as key and list of owtf transactions
:param transactions_dict: Dict of target id and corresponding owtf transactions
:type transactions_dict: `dict`
:return: None
:rtype: None
"""
session = get_scoped_session()
for target_id, transaction_list in list(transactions_dict.items()):
if transaction_list:
log_transactions(session=session,
transaction_list=transaction_list,
target_id=target_id)
def __init__(self, options):
self.init = False
self.no_args = []
self.logger = logger
self.session = get_scoped_session()
self.logger.setup_logging()
def wrapped_function(*args, **kwargs):
# True if target_id doesnt exist
if (kwargs.get("session_id", "None")
== "None") or (kwargs.get("session_id", True) is None):
kwargs["session_id"] = get_session_id(get_scoped_session())
return func(*args, **kwargs)
def __init__(self, keep_working=True):
self.keep_working = keep_working
self.worklist = [] # List of unprocessed (plugin*target)
self.workers = [] # list of worker and work (worker, work)
self.session = get_scoped_session()
self.spawn_workers()
from owtf.api.handlers import ui_handlers
from owtf.api.handlers.config import ConfigurationHandler
from owtf.api.handlers.misc import ErrorDataHandler, DashboardPanelHandler, ProgressBarHandler
from owtf.api.handlers.plugin import PluginDataHandler, PluginNameOutput, PluginOutputHandler
from owtf.api.handlers.report import ReportExportHandler
from owtf.api.handlers.session import OWTFSessionHandler
from owtf.api.handlers.targets import TargetSeverityChartHandler, TargetConfigSearchHandler, TargetConfigHandler
from owtf.api.handlers.transactions import URLDataHandler, URLSearchHandler, TransactionDataHandler, \
TransactionHrtHandler, TransactionSearchHandler
from owtf.api.handlers.work import WorkerHandler, WorklistHandler, WorklistSearchHandler
from owtf.db.database import get_scoped_session
from owtf.managers.plugin import get_all_plugin_groups, get_all_plugin_types
from owtf.settings import STATIC_ROOT
session = get_scoped_session()
plugin_group_re = '(%s)?' % '|'.join(get_all_plugin_groups(session))
plugin_type_re = '(%s)?' % '|'.join(get_all_plugin_types(session))
plugin_code_re = '([0-9A-Z\-]+)?'
HANDLERS = [
tornado.web.url(r'/static/(.*)', tornado.web.StaticFileHandler, {'path': STATIC_ROOT}),
tornado.web.url(r'/output_files/(.*)', ui_handlers.FileRedirectHandler, name='file_redirect_url'),
tornado.web.url(r'/api/errors/?([0-9]+)?/?$', ErrorDataHandler, name='errors_api_url'),
tornado.web.url(r'/api/sessions/?([0-9]+)?/?(activate|add|remove)?/?$', OWTFSessionHandler, name='owtf_sessions_api_url'),
tornado.web.url(r'/api/dashboard/severitypanel/?$', DashboardPanelHandler),
tornado.web.url(r'/api/plugins/?' + plugin_group_re + '/?' + plugin_type_re + '/?' + plugin_code_re + '/?$', PluginDataHandler, name='plugins_api_url'),
tornado.web.url(r'/api/plugins/progress/?$', ProgressBarHandler, name='poutput_count'),
def __init__(self):
self.session = get_scoped_session()