def launch_zap_scan(target_url, project_id, rescan_id, rescan, scan_id, user):
"""
The function Launch ZAP Scans.
:param target_url: Target URL
:param project_id: Project ID
:return:
"""
username = user.username
zap_enabled = False
random_port = '8091'
all_zap = zap_settings_db.objects.filter(username=username)
for zap in all_zap:
zap_enabled = zap.enabled
if zap_enabled is False:
print("started local instence")
random_port = zap_plugin.zap_local()
for i in range(0, 100):
while True:
try:
# Connection Test
zap_connect = zap_plugin.zap_connect(random_port, username=username)
zap_connect.spider.scan(url=target_url)
except Exception as e:
print("ZAP Connection Not Found, re-try after 5 sec")
time.sleep(5)
continue
break
zap_plugin.zap_spider_thread(count=20, random_port=random_port, username=username)
zap_plugin.zap_spider_setOptionMaxDepth(count=5, random_port=random_port, username=username)
zap_plugin.zap_scan_thread(count=30, random_port=random_port, username=username)
zap_plugin.zap_scan_setOptionHostPerScan(count=3, random_port=random_port, username=username)
# Load ZAP Plugin
zap = zap_plugin.ZAPScanner(target_url, project_id, rescan_id, rescan, random_port=random_port, username=username)
zap.exclude_url()
time.sleep(3)
zap.cookies()
time.sleep(3)
date_time = datetime.now()
try:
save_all_scan = zap_scans_db(
username=username,
project_id=project_id,
scan_url=target_url,
scan_scanid=scan_id,
date_time=date_time,
rescan_id=rescan_id,
rescan=rescan,
vul_status='0'
)
save_all_scan.save()
notify.send(user, recipient=user, verb='ZAP Scan URL %s Added' % target_url)
except Exception as e:
print(e)
notify.send(user, recipient=user, verb='ZAP Scan Started')
zap.zap_spider_thread(thread_value=30)
spider_id = zap.zap_spider()
zap.spider_status(spider_id=spider_id)
zap.spider_result(spider_id=spider_id)
notify.send(user, recipient=user, verb='ZAP Scan Spider Completed')
time.sleep(5)
""" ZAP Scan trigger on target_url """
zap_scan_id = zap.zap_scan()
zap.zap_scan_status(
scan_id=zap_scan_id,
un_scanid=scan_id
)
""" Save Vulnerability in database """
time.sleep(5)
all_vuln = zap.zap_scan_result(target_url=target_url)
time.sleep(5)
save_all_vuln = zap.zap_result_save(
all_vuln=all_vuln,
project_id=project_id,
un_scanid=scan_id,
username=username,
)
print(save_all_vuln)
all_zap_scan = zap_scans_db.objects.filter(username=username)
total_vuln = ''
total_high = ''
total_medium = ''
total_low = ''
for data in all_zap_scan:
total_vuln = data.total_vul
total_high = data.high_vul
total_medium = data.medium_vul
total_low = data.low_vul
if zap_enabled is False:
zap.zap_shutdown()
notify.send(user, recipient=user, verb='ZAP Scan URL %s Completed' % target_url)
subject = 'Archery Tool Scan Status - ZAP Scan Completed'
message = 'ZAP Scanner has completed the scan ' \
' %s <br> Total: %s <br>High: %s <br>' \
'Medium: %s <br>Low %s' % (target_url, total_vuln, total_high, total_medium, total_low)
email_notify(user=user, subject=subject, message=message)
def launch_zap_scan(target_url, project_id, rescan_id, rescan, scan_id, user):
"""
The function Launch ZAP Scans.
:param target_url: Target URL
:param project_id: Project ID
:return:
"""
zap_enabled = False
all_zap = zap_settings_db.objects.all()
for zap in all_zap:
zap_enabled = zap.enabled
if zap_enabled is False:
print("started local instence")
zap_plugin.zap_local()
time.sleep(20)
# Connection Test
zap_connect = zap_plugin.zap_connect()
try:
zap_connect.spider.scan(url=target_url)
notify.send(user, recipient=user, verb='ZAP Scan Started')
except Exception:
notify.send(user, recipient=user, verb='ZAP Connection Not Found')
subject = 'ZAP Connection Not Found'
message = 'ZAP Scanner failed due to setting not found '
email_notify(user=user, subject=subject, message=message)
print("ZAP Connection Not Found")
return HttpResponseRedirect(reverse('zapscanner:zap_scan_list'))
zap_plugin.zap_spider_thread(count=20)
zap_plugin.zap_spider_setOptionMaxDepth(count=5)
zap_plugin.zap_scan_thread(count=30)
zap_plugin.zap_scan_setOptionHostPerScan(count=3)
# Load ZAP Plugin
zap = zap_plugin.ZAPScanner(target_url, project_id, rescan_id, rescan)
zap.exclude_url()
time.sleep(3)
zap.cookies()
time.sleep(3)
date_time = datetime.now()
try:
save_all_scan = zap_scans_db(project_id=project_id,
scan_url=target_url,
scan_scanid=scan_id,
date_time=date_time,
rescan_id=rescan_id,
rescan=rescan,
vul_status='0')
save_all_scan.save()
notify.send(user,
recipient=user,
verb='ZAP Scan URL %s Added' % target_url)
except Exception as e:
print(e)
zap.zap_spider_thread(thread_value=30)
spider_id = zap.zap_spider()
zap.spider_status(spider_id=spider_id)
zap.spider_result(spider_id=spider_id)
notify.send(user, recipient=user, verb='ZAP Scan Spider Completed')
time.sleep(5)
""" ZAP Scan trigger on target_url """
zap_scan_id = zap.zap_scan()
zap.zap_scan_status(scan_id=zap_scan_id, un_scanid=scan_id)
""" Save Vulnerability in database """
time.sleep(5)
all_vuln = zap.zap_scan_result()
time.sleep(5)
save_all_vuln = zap.zap_result_save(
all_vuln=all_vuln,
project_id=project_id,
un_scanid=scan_id,
)
print(save_all_vuln)
all_zap_scan = zap_scans_db.objects.all()
total_vuln = ''
total_high = ''
total_medium = ''
total_low = ''
for data in all_zap_scan:
total_vuln = data.total_vul
total_high = data.high_vul
total_medium = data.medium_vul
total_low = data.low_vul
if zap_enabled is False:
zap.zap_shutdown()
notify.send(user,
recipient=user,
verb='ZAP Scan URL %s Completed' % target_url)
subject = 'Archery Tool Scan Status - ZAP Scan Completed'
message = 'ZAP Scanner has completed the scan ' \
' %s <br> Total: %s <br>High: %s <br>' \
'Medium: %s <br>Low %s' % (target_url, total_vuln, total_high, total_medium, total_low)
email_notify(user=user, subject=subject, message=message)