コード例 #1
0
def launch_arachni_scan(target, project_id, rescan_id, rescan, scan_id, user):
    global scan_run_id, scan_status
    arachni_hosts = None
    arachni_ports = None
    arachni_user = ""
    arachni_pass = ""
    all_arachni = ArachniSettingsDb.objects.filter()
    for arachni in all_arachni:
        arachni_hosts = arachni.arachni_url
        arachni_ports = arachni.arachni_port
        arachni_user = arachni.arachni_user
        arachni_pass = arachni.arachni_pass

    arachni = PyArachniapi.arachniAPI(arachni_hosts, arachni_ports,
                                      arachni_user, arachni_pass)
    check = [
        "xss_event",
        "xss",
        "xss_script_context",
        "xss_tag",
        "xss_path",
        "xss_dom_script_context",
        "xss_dom",
        "sql_injection",
        "sql_injection_differential",
        "sql_injection_timing",
        "no_sql_injection",
        "no_sql_injection_differential",
        "code_injection",
        "code_injection_timing",
        "ldap_injection",
        "path_traversal",
        "file_inclusion",
        "response_splitting",
        "os_cmd_injection",
        "os_cmd_injection_timing",
        "rfi",
        "unvalidated_redirect",
        "unvalidated_redirect_dom",
        "xpath_injection",
        "xxe",
        "source_code_disclosure",
        "allowed_methods",
        "backup_files",
        "backup_directories",
        "common_admin_interfaces",
        "common_directories",
        "common_files",
        "http_put",
        "webdav",
        "xst",
        "credit_card",
        "cvs_svn_users",
        "private_ip",
        "backdoors",
        "htaccess_limit",
        "interesting_responses",
        "html_objects",
        "emails",
        "ssn",
        "directory_listing",
        "mixed_resource",
        "insecure_cookies",
        "http_only_cookies",
        "password_autocomplete",
        "origin_spoof_access_restriction_bypass",
        "form_upload",
        "localstart_asp",
        "cookie_set_for_parent_domain",
        "hsts",
        "x_frame_options",
        "insecure_cors_policy",
        "insecure_cross_domain_policy_access",
        "insecure_cross_domain_policy_headers",
        "insecure_client_access_policy",
        "csrf",
        "common_files",
        "directory_listing",
    ]

    data = {"url": target, "checks": check, "audit": {}}
    d = json.dumps(data)

    scan_launch = arachni.scan_launch(d)
    time.sleep(3)

    try:
        scan_data = scan_launch.data

        for key, value in scan_data.items():
            if key == "id":
                scan_run_id = value
        notify.send(user,
                    recipient=user,
                    verb="Arachni Scan Started on URL %s" % target)
    except Exception:
        notify.send(user, recipient=user, verb="Arachni Connection Not found")
        print("Arachni Connection Not found")
        return

    date_time = datetime.now()

    try:
        save_all_scan = WebScansDb(
            project_id=project_id,
            scan_url=target,
            scan_id=scan_id,
            date_time=date_time,
            scanner="Arachni",
        )

        save_all_scan.save()

    except Exception as e:
        print(e)

    scan_data = scan_launch.data

    for key, value in scan_data.items():
        if key == "id":
            scan_run_id = value

    scan_sum = arachni.scan_summary(id=scan_run_id).data
    for key, value in scan_sum.items():
        if key == "status":
            scan_status = value
    while scan_status != "done":
        status = "0"
        if (scan_sum["statistics"]["browser_cluster"]["queued_job_count"] and
                scan_sum["statistics"]["browser_cluster"]["total_job_time"]):
            status = (
                100 -
                scan_sum["statistics"]["browser_cluster"]["queued_job_count"] *
                100 /
                scan_sum["statistics"]["browser_cluster"]["total_job_time"])
        WebScansDb.objects.filter(
            scan_id=scan_id, scanner="Arachni").update(scan_status=int(status))
        scan_sum = arachni.scan_summary(id=scan_run_id).data
        for key, value in scan_sum.items():
            if key == "status":
                scan_status = value
        time.sleep(3)
    if scan_status == "done":
        xml_report = arachni.scan_xml_report(id=scan_run_id).data
        root_xml = ET.fromstring(xml_report)
        arachni_xml_parser.xml_parser(
            project_id=project_id,
            scan_id=scan_id,
            root=root_xml,
            target_url=target,
        )
        WebScansDb.objects.filter(scan_id=scan_id,
                                  scanner="Arachni").update(scan_status="100")
        print("Data uploaded !!!!")

    notify.send(user,
                recipient=user,
                verb="Arachni Scan Completed on URL %s" % target)
コード例 #2
0
ファイル: views.py プロジェクト: archerysec/archerysec 
    def post(self, request, format=None):
        date_time = datetime.datetime.now()
        project_uu_id = request.data.get("project_id")
        project_id = (ProjectDb.objects.filter(
            uu_id=project_uu_id).values("id").get()["id"])
        print(project_id)
        scanner = request.data.get("scanner")
        if isinstance(request.data.get("filename"), UploadedFile):
            file = request.data.get("filename").read().decode("utf-8")
        else:
            file = request.data.get("filename")

        scan_url = request.data.get("scan_url")
        scan_id = uuid.uuid4()
        scan_status = "100"
        if scanner == "zap_scan":
            scan_dump = WebScansDb(
                scan_url=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Zap",
            )
            scan_dump.save()
            root_xml = ET.fromstring(file)
            en_root_xml = ET.tostring(root_xml, encoding="utf8").decode(
                "ascii", "ignore")
            root_xml_en = ET.fromstring(en_root_xml)

            zap_xml_parser.xml_parser(
                project_id=project_id,
                scan_id=scan_id,
                root=root_xml_en,
            )
            return self.web_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "burp_scan":

            scan_dump = WebScansDb(
                scan_url=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Burp",
            )
            scan_dump.save()
            # Burp scan XML parser
            root_xml = ET.fromstring(file)
            en_root_xml = ET.tostring(root_xml, encoding="utf8").decode(
                "ascii", "ignore")
            root_xml_en = ET.fromstring(en_root_xml)

            burp_xml_parser.burp_scan_data(
                root_xml_en,
                project_id,
                scan_id,
            )
            return self.web_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "arachni":

            scan_dump = WebScansDb(
                scan_url=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Arachni",
            )
            scan_dump.save()
            root_xml = ET.fromstring(file)
            arachni_xml_parser.xml_parser(
                project_id=project_id,
                scan_id=scan_id,
                root=root_xml,
                target_url=scan_url,
            )
            return self.web_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "acunetix":

            scan_dump = WebScansDb(
                scan_url=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Acunetix",
            )
            scan_dump.save()
            root_xml = ET.fromstring(file)
            en_root_xml = ET.tostring(root_xml, encoding="utf8").decode(
                "ascii", "ignore")
            root_xml_en = ET.fromstring(en_root_xml)
            acunetix_xml_parser.xml_parser(
                project_id=project_id,
                scan_id=scan_id,
                root=root_xml_en,
            )
            return self.web_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "netsparker":

            scan_dump = WebScansDb(
                scan_url=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Netsparker",
            )
            scan_dump.save()
            root_xml = ET.fromstring(file)
            netsparker_xml_parser.xml_parser(
                project_id=project_id,
                scan_id=scan_id,
                root=root_xml,
            )
            return self.web_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "webinspect":

            scan_dump = WebScansDb(
                scan_url=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Webinspect",
            )
            scan_dump.save()
            root_xml = ET.fromstring(file)
            webinspect_xml_parser.xml_parser(
                project_id=project_id,
                scan_id=scan_id,
                root=root_xml,
            )
            return self.web_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "banditscan":

            scan_dump = StaticScansDb(
                project_name=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Bandit",
                date_time=date_time,
            )
            scan_dump.save()
            data = json.loads(file)
            bandit_report_json(
                data=data,
                project_id=project_id,
                scan_id=scan_id,
            )
            return self.sast_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "dependencycheck":

            scan_dump = StaticScansDb(
                project_name=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Dependencycheck",
            )
            scan_dump.save()
            xml_dat = bytes(bytearray(file, encoding="utf-8"))
            data = etree.XML(xml_dat)
            dependencycheck_report_parser.xml_parser(
                project_id=project_id,
                scan_id=scan_id,
                data=data,
            )
            return self.sast_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "findbugs":

            scan_dump = StaticScansDb(
                project_name=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Findbugs",
            )
            scan_dump.save()
            root_xml = ET.fromstring(file)
            findbugs_report_parser = FindsecbugsParser(project_id=project_id,
                                                       scan_id=scan_id,
                                                       root=root_xml)
            findbugs_report_parser.xml_parser()
            return self.sast_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "checkmarx":

            scan_dump = StaticScansDb(
                project_name=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Checkmarx",
            )
            scan_dump.save()
            root_xml = ET.fromstring(file)
            checkmarx_xml_report_parser.checkmarx_report_xml(
                data=root_xml,
                project_id=project_id,
                scan_id=scan_id,
            )
            return self.sast_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "clair":

            scan_dump = StaticScansDb(
                project_name=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Clair",
            )
            scan_dump.save()
            data = json.loads(file)
            clair_json_report_parser.clair_report_json(
                project_id=project_id,
                scan_id=scan_id,
                data=data,
            )
            return self.sast_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "trivy":

            scan_dump = StaticScansDb(
                project_name=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Trivy",
            )
            scan_dump.save()
            data = json.loads(file)
            trivy_json_report_parser.trivy_report_json(
                project_id=project_id,
                scan_id=scan_id,
                data=data,
            )
            return self.sast_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "gitlabsca":

            scan_dump = StaticScansDb(
                project_name=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Gitlabsca",
            )
            scan_dump.save()
            data = json.loads(file)
            gitlab_sca_json_report_parser.gitlabsca_report_json(
                project_id=project_id,
                scan_id=scan_id,
                data=data,
            )
            return self.sast_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "gitlabsast":

            scan_dump = StaticScansDb(
                project_name=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Gitlabsast",
            )
            scan_dump.save()
            data = json.loads(file)
            gitlab_sast_json_report_parser.gitlabsast_report_json(
                project_id=project_id,
                scan_id=scan_id,
                data=data,
            )
            return self.sast_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "gitlabcontainerscan":

            scan_dump = StaticScansDb(
                project_name=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Gitlabcontainerscan",
            )
            scan_dump.save()
            data = json.loads(file)
            gitlab_container_json_report_parser.gitlabcontainerscan_report_json(
                project_id=project_id,
                scan_id=scan_id,
                data=data,
            )
            return self.sast_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "npmaudit":

            scan_dump = StaticScansDb(
                project_name=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Npmaudit",
            )
            scan_dump.save()
            data = json.loads(file)
            npm_audit_report_json.npmaudit_report_json(
                project_id=project_id,
                scan_id=scan_id,
                data=data,
            )
            return self.sast_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "nodejsscan":

            scan_dump = StaticScansDb(
                project_name=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Nodejsscan",
            )
            scan_dump.save()
            data = json.loads(file)
            nodejsscan_report_json.nodejsscan_report_json(
                project_id=project_id,
                scan_id=scan_id,
                data=data,
            )
            return self.sast_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "semgrepscan":

            scan_dump = StaticScansDb(
                project_name=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Semgrepscan",
            )
            scan_dump.save()
            data = json.loads(file)
            semgrep_json_report_parser.semgrep_report_json(
                project_id=project_id,
                scan_id=scan_id,
                data=data,
            )
            return self.sast_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "tfsec":

            scan_dump = StaticScansDb(
                project_name=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Tfsec",
            )
            scan_dump.save()
            data = json.loads(file)
            tfsec_report_parser.tfsec_report_json(
                project_id=project_id,
                scan_id=scan_id,
                data=data,
            )
            return self.sast_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "whitesource":

            scan_dump = StaticScansDb(
                project_name=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Whitesource",
            )
            scan_dump.save()
            data = json.loads(file)
            whitesource_json_report_parser.whitesource_report_json(
                project_id=project_id,
                scan_id=scan_id,
                data=data,
            )
            return self.sast_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "inspec":

            scan_dump = InspecScanDb(
                project_name=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
            )
            scan_dump.save()
            data = json.loads(file)
            inspec_json_parser.inspec_report_json(
                project_id=project_id,
                scan_id=scan_id,
                data=data,
            )
            return Response({
                "message": "Scan Data Uploaded",
                "project_id": escape(project_uu_id),
                "scan_id": escape(scan_id),
                "scanner": escape(scanner),
            })

        elif scanner == "dockle":

            scan_dump = DockleScanDb(
                project_name=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
            )
            scan_dump.save()
            data = json.loads(file)
            dockle_json_parser.dockle_report_json(
                project_id=project_id,
                scan_id=scan_id,
                data=data,
            )
            return Response({
                "message": "Scan Data Uploaded",
                "project_id": escape(project_uu_id),
                "scan_id": escape(scan_id),
                "scanner": escape(scanner),
            })

        elif scanner == "nessus":
            root_xml = ET.fromstring(file)
            en_root_xml = ET.tostring(root_xml, encoding="utf8").decode(
                "ascii", "ignore")
            root_xml_en = ET.fromstring(en_root_xml)
            Nessus_Parser.updated_nessus_parser(
                root=root_xml_en,
                scan_id=scan_id,
                project_id=project_id,
            )
            return self.network_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "openvas":

            root_xml = ET.fromstring(file)
            en_root_xml = ET.tostring(root_xml, encoding="utf8").decode(
                "ascii", "ignore")
            root_xml_en = ET.fromstring(en_root_xml)
            hosts = OpenVas_Parser.get_hosts(root_xml_en)
            for host in hosts:
                scan_dump = NetworkScanDb(
                    ip=host,
                    scan_id=scan_id,
                    project_id=project_id,
                    scan_status=scan_status,
                    scanner="Openvas",
                )
                scan_dump.save()
            OpenVas_Parser.updated_xml_parser(
                project_id=project_id,
                scan_id=scan_id,
                root=root_xml_en,
            )
            return self.network_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "nikto":

            scan_dump = NiktoResultDb(
                scan_url=scan_url,
                scan_id=scan_id,
                project_id=project_id,
            )
            scan_dump.save()

            nikto_html_parser(
                file,
                project_id,
                scan_id,
            )
            return Response({
                "message": "Scan Data Uploaded",
                "project_id": escape(project_uu_id),
                "scan_id": escape(scan_id),
                "scanner": escape(scanner),
            })

        elif scanner == "twistlock":

            scan_dump = StaticScansDb(
                project_name=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Twistlock",
            )
            scan_dump.save()
            data = json.loads(file)
            twistlock_json_report_parser.twistlock_report_json(
                project_id=project_id,
                scan_id=scan_id,
                data=data,
            )
            return self.sast_result_data(scan_id, project_uu_id, scanner)

        elif scanner == "brakeman":

            scan_dump = StaticScansDb(
                project_name=scan_url,
                scan_id=scan_id,
                project_id=project_id,
                scan_status=scan_status,
                scanner="Brakeman",
            )
            scan_dump.save()
            data = json.loads(file)
            brakeman_json_report_parser.brakeman_report_json(
                project_id=project_id,
                scan_id=scan_id,
                data=data,
            )
            return self.sast_result_data(scan_id, project_uu_id, scanner)

        else:
            return Response({"message": "Scanner Not Found"})
コード例 #3
0
ファイル: burp_plugin.py プロジェクト: archerysec/archerysec 
    def scan_launch(self):
        """
        The function trigger the scans.
        """
        burp_host = None
        burp_port = None
        burp_api_key = None

        global burp_status, data

        # Load setting parameters from BurpSettingDb models
        all_burp_settings = BurpSettingDb.objects.filter()

        for data in all_burp_settings:
            burp_host = data.burp_url
            burp_port = data.burp_port
            burp_api_key = data.burp_api_key

        date_time = datetime.now()
        scan_dump = WebScansDb(
            scan_id=self.scan_id,
            project_id=self.project_id,
            scan_url=self.scan_url,
            date_time=date_time,
            scanner="Burp",
        )
        scan_dump.save()

        host = "http://" + burp_host + ":" + burp_port + "/"
        bi = burpscanner.BurpApi(host, burp_api_key)
        data = '{"urls":["%s"]}' % self.scan_url
        response = bi.scan(data)
        scan_data = response.response_headers
        burp_scan_id = scan_data["location"]

        # Email Notification
        message = "Burp Scan Launched "
        subject = "Archery Burp Scan Notification"
        email_notify(user=self.user, subject=subject, message=message)

        # Dashboard Notification
        notify.send(self.user, recipient=self.user, verb="Burp Scan Launched")

        scan_info = bi.scan_info(burp_scan_id)
        json_scan_data = json.dumps(scan_info.data)
        scan_info_data = json.loads(json_scan_data)
        scan_status = scan_info_data["scan_metrics"][
            "crawl_and_audit_progress"]
        print(scan_status)

        while int(scan_status) < 100:
            scan_info = bi.scan_info(burp_scan_id)
            json_scan_data = json.dumps(scan_info.data)
            scan_info_data = json.loads(json_scan_data)
            scan_status = scan_info_data["scan_metrics"][
                "crawl_and_audit_progress"]
            print("Scan Status:", scan_status)
            WebScansDb.objects.filter(
                scan_id=self.scan_id,
                scanner="Burp").update(scan_status=scan_status)
            time.sleep(5)

        scan_info = bi.scan_info(burp_scan_id)
        json_scan_data = json.dumps(scan_info.data)
        scan_info_data = json.loads(json_scan_data)
        scan_data = scan_info_data["issue_events"]
        do_scan_dat = burp_scans(self.project_id, self.scan_url, self.scan_id,
                                 self.user)
        do_scan_dat.burp_scan_data(scan_data)
コード例 #4
0
    def post(self, request):
        all_project = ProjectDb.objects.filter()
        project_uu_id = request.POST.get("project_id")
        project_id = (ProjectDb.objects.filter(
            uu_id=project_uu_id).values("id").get()["id"])
        scanner = request.POST.get("scanner")
        file = request.FILES["file"]
        target = request.POST.get("target")
        scan_id = uuid.uuid4()
        scan_status = "100"
        if scanner == "zap_scan":
            try:
                if self.check_file_ext(str(file)) != ".xml":
                    messages.error(request,
                                   "ZAP Scanner Only XML file Support")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                tree = ET.parse(file)
                date_time = datetime.now()

                root_xml = tree.getroot()
                en_root_xml = ET.tostring(root_xml, encoding="utf8").decode(
                    "ascii", "ignore")
                root_xml_en = ET.fromstring(en_root_xml)
                scan_dump = WebScansDb(
                    scan_url=target,
                    scan_id=scan_id,
                    date_time=date_time,
                    project_id=project_id,
                    scan_status=scan_status,
                    rescan="No",
                    scanner="Zap",
                )
                scan_dump.save()
                zap_xml_parser.xml_parser(
                    project_id=project_id,
                    scan_id=scan_id,
                    root=root_xml_en,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(reverse("webscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(request, "report_upload/upload.html",
                              {"all_project": all_project})

        elif scanner == "burp_scan":
            try:
                if self.check_file_ext(str(file)) != ".xml":
                    messages.error(request, "Burp Scan Only XML file Support")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()
                # Burp scan XML parser
                tree = ET.parse(file)
                root_xml = tree.getroot()
                en_root_xml = ET.tostring(root_xml, encoding="utf8").decode(
                    "ascii", "ignore")
                root_xml_en = ET.fromstring(en_root_xml)
                scan_dump = WebScansDb(
                    scan_url=target,
                    scan_id=scan_id,
                    date_time=date_time,
                    project_id=project_id,
                    scan_status=scan_status,
                    scanner="Burp",
                )
                scan_dump.save()
                burp_xml_parser.burp_scan_data(root_xml_en, project_id,
                                               scan_id)
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(reverse("webscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(request, "report_upload/upload.html",
                              {"all_project": all_project})

        elif scanner == "arachni":
            try:
                if self.check_file_ext(str(file)) != ".xml":
                    messages.error(request, "Arachni Only XML file Support")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                tree = ET.parse(file)
                root_xml = tree.getroot()
                scan_dump = WebScansDb(
                    scan_url=target,
                    scan_id=scan_id,
                    date_time=date_time,
                    project_id=project_id,
                    scan_status=scan_status,
                    scanner="Arachni",
                )
                scan_dump.save()
                arachni_xml_parser.xml_parser(
                    project_id=project_id,
                    scan_id=scan_id,
                    root=root_xml,
                    target_url=target,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(reverse("webscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(request, "report_upload/upload.html",
                              {"all_project": all_project})

        elif scanner == "netsparker":
            try:
                if self.check_file_ext(str(file)) != ".xml":
                    messages.error(request, "Netsparker Only XML file Support")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                tree = ET.parse(file)
                root_xml = tree.getroot()
                scan_dump = WebScansDb(
                    scan_url=target,
                    scan_id=scan_id,
                    date_time=date_time,
                    project_id=project_id,
                    scan_status=scan_status,
                    scanner="Netsparker",
                )
                scan_dump.save()
                netsparker_xml_parser.xml_parser(
                    project_id=project_id,
                    scan_id=scan_id,
                    root=root_xml,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(reverse("webscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(request, "report_upload/upload.html",
                              {"all_project": all_project})
        elif scanner == "webinspect":
            try:
                if self.check_file_ext(str(file)) != ".xml":
                    messages.error(request, "Webinspect Only XML file Support")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                tree = ET.parse(file)
                root_xml = tree.getroot()
                scan_dump = WebScansDb(
                    scan_url=target,
                    scan_id=scan_id,
                    date_time=date_time,
                    project_id=project_id,
                    scan_status=scan_status,
                    scanner="Webinspect",
                )
                scan_dump.save()
                webinspect_xml_parser.xml_parser(
                    project_id=project_id,
                    scan_id=scan_id,
                    root=root_xml,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(reverse("webscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(request, "report_upload/upload.html",
                              {"all_project": all_project})

        elif scanner == "acunetix":
            try:
                if self.check_file_ext(str(file)) != ".xml":
                    messages.error(request, "Acunetix Only XML file Support")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                tree = ET.parse(file)
                root_xml = tree.getroot()
                scan_dump = WebScansDb(
                    scan_url=target,
                    scan_id=scan_id,
                    date_time=date_time,
                    project_id=project_id,
                    scanner="Acunetix",
                    scan_status=scan_status,
                )
                scan_dump.save()
                acunetix_xml_parser.xml_parser(
                    project_id=project_id,
                    scan_id=scan_id,
                    root=root_xml,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(reverse("webscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(request, "report_upload/upload.html",
                              {"all_project": all_project})

        elif scanner == "dependencycheck":
            try:
                if self.check_file_ext(str(file)) != ".xml":
                    messages.error(request,
                                   "Dependencycheck Only XML file Support")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                data = etree.parse(file)
                root = data.getroot()
                scan_dump = StaticScansDb(
                    project_name=target,
                    scan_id=scan_id,
                    date_time=date_time,
                    project_id=project_id,
                    scan_status=scan_status,
                    scanner="Dependencycheck",
                )
                scan_dump.save()
                dependencycheck_report_parser.xml_parser(project_id=project_id,
                                                         scan_id=scan_id,
                                                         data=root)
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(
                    reverse("staticscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(request, "report_upload/upload.html",
                              {"all_project": all_project})

        elif scanner == "checkmarx":
            try:
                if self.check_file_ext(str(file)) != ".xml":
                    messages.error(request, "Checkmarx Only XML file Support")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                data = etree.parse(file)
                root = data.getroot()
                scan_dump = StaticScansDb(
                    project_name=target,
                    scan_id=scan_id,
                    date_time=date_time,
                    project_id=project_id,
                    scan_status=scan_status,
                )
                scan_dump.save()
                checkmarx_xml_report_parser.checkmarx_report_xml(
                    project_id=project_id, scan_id=scan_id, data=root)
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(
                    reverse("staticscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(request, "report_upload/upload.html",
                              {"all_project": all_project})

        elif scanner == "findbugs":
            try:
                if self.check_file_ext(str(file)) != ".xml":
                    messages.error(request, "Findbugs Only XML file Support")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                tree = ET.parse(file)
                root = tree.getroot()
                scan_dump = StaticScansDb(
                    project_name=target,
                    scan_id=scan_id,
                    date_time=date_time,
                    project_id=project_id,
                    scan_status=scan_status,
                )
                scan_dump.save()
                findbugs_report_parser.xml_parser(project_id=project_id,
                                                  scan_id=scan_id,
                                                  root=root)
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(
                    reverse("staticscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(request, "report_upload/upload.html",
                              {"all_project": all_project})

        elif scanner == "nikto":
            try:
                if self.check_file_ext(str(file)) != ".xml":
                    messages.error(request, "Nikto Only XML file Support")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()
                scan_dump = NiktoResultDb(
                    date_time=date_time,
                    scan_url=target,
                    scan_id=scan_id,
                    project_id=project_id,
                )
                scan_dump.save()

                nikto_html_parser(file, project_id, scan_id)
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(reverse("tools:nikto"))
            except:
                messages.error(request, "File Not Supported")
                return render(request, "report_upload/upload.html",
                              {"all_project": all_project})

        if scanner == "bandit_scan":
            try:
                if self.check_file_ext(str(file)) != ".json":
                    messages.error(request, "Bandit Only JSON file Supported")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                j = file.read()
                data = json.loads(j)
                scanner = "Bandit"

                upload(
                    target,
                    scan_id,
                    date_time,
                    project_id,
                    scan_status,
                    scanner,
                    data,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(
                    reverse("staticscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(
                    request,
                    "report_upload/upload.html",
                    {"all_project": all_project},
                )

        if scanner == "retirejs_scan":
            try:
                if self.check_file_ext(str(file)) != ".json":
                    messages.error(request,
                                   "Retirejs Only JSON file Supported")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                j = file.read()
                data = json.loads(j)
                scanner = "Retirejs"

                upload(
                    target,
                    scan_id,
                    date_time,
                    project_id,
                    scan_status,
                    scanner,
                    data,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(
                    reverse("staticscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(
                    request,
                    "report_upload/upload.html",
                    {"all_project": all_project},
                )

        if scanner == "clair_scan":
            try:
                if self.check_file_ext(str(file)) != ".json":
                    messages.error(request, "Clair Only JSON file Supported")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                j = file.read()
                data = json.loads(j)
                scanner = "Clair"

                upload(
                    target,
                    scan_id,
                    date_time,
                    project_id,
                    scan_status,
                    scanner,
                    data,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(
                    reverse("staticscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(
                    request,
                    "report_upload/upload.html",
                    {"all_project": all_project},
                )

        if scanner == "trivy_scan":
            try:
                if self.check_file_ext(str(file)) != ".json":
                    messages.error(request, "Trivy Only JSON file Supported")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                j = file.read()
                data = json.loads(j)
                scanner = "Trivy"

                upload(
                    target,
                    scan_id,
                    date_time,
                    project_id,
                    scan_status,
                    scanner,
                    data,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(
                    reverse("staticscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(
                    request,
                    "report_upload/upload.html",
                    {"all_project": all_project},
                )

        if scanner == "npmaudit_scan":
            try:
                if self.check_file_ext(str(file)) != ".json":
                    messages.error(request,
                                   "NPM Audit Only JSON file Supported")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                j = file.read()
                data = json.loads(j)
                scanner = "Npmaudit"
                upload(
                    target,
                    scan_id,
                    date_time,
                    project_id,
                    scan_status,
                    scanner,
                    data,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(
                    reverse("staticscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(
                    request,
                    "report_upload/upload.html",
                    {"all_project": all_project},
                )

        if scanner == "nodejsscan_scan":
            try:
                if self.check_file_ext(str(file)) != ".json":
                    messages.error(request,
                                   "Nodejs scan Only JSON file Supported")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                j = file.read()
                data = json.loads(j)
                scanner = "Nodejsscan"
                upload(
                    target,
                    scan_id,
                    date_time,
                    project_id,
                    scan_status,
                    scanner,
                    data,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(
                    reverse("staticscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(
                    request,
                    "report_upload/upload.html",
                    {"all_project": all_project},
                )

        if scanner == "semgrepscan_scan":
            try:
                if self.check_file_ext(str(file)) != ".json":
                    messages.error(request,
                                   "Semgrep scan Only JSON file Supported")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                j = file.read()
                data = json.loads(j)
                scanner = "Semgrep"
                upload(
                    target,
                    scan_id,
                    date_time,
                    project_id,
                    scan_status,
                    scanner,
                    data,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(
                    reverse("staticscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(
                    request,
                    "report_upload/upload.html",
                    {"all_project": all_project},
                )

        if scanner == "tfsec_scan":
            try:
                if self.check_file_ext(str(file)) != ".json":
                    messages.error(request, "Tfsec Only JSON file Supported")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                j = file.read()
                data = json.loads(j)
                scanner = "Tfsec"
                upload(
                    target,
                    scan_id,
                    date_time,
                    project_id,
                    scan_status,
                    scanner,
                    data,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(
                    reverse("staticscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(
                    request,
                    "report_upload/upload.html",
                    {"all_project": all_project},
                )

        if scanner == "whitesource_scan":
            try:
                if self.check_file_ext(str(file)) != ".json":
                    messages.error(request,
                                   "Whitesource Only JSON file Supported")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                j = file.read()
                data = json.loads(j)
                scanner = "Whitesource"
                upload(
                    target,
                    scan_id,
                    date_time,
                    project_id,
                    scan_status,
                    scanner,
                    data,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(
                    reverse("staticscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(
                    request,
                    "report_upload/upload.html",
                    {"all_project": all_project},
                )

        if scanner == "inspec_scan":
            try:
                if self.check_file_ext(str(file)) != ".json":
                    messages.error(request, "Inspec Only JSON file Supported")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                j = file.read()
                data = json.loads(j)
                scan_dump = InspecScanDb(
                    scan_id=scan_id,
                    date_time=date_time,
                    project_id=project_id,
                    scan_status=scan_status,
                )
                scan_dump.save()
                inspec_report_json(
                    data=data,
                    project_id=project_id,
                    scan_id=scan_id,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(reverse("inspec:inspec_list"))
            except:
                messages.error(request, "File Not Supported")
                return render(
                    request,
                    "report_upload/upload.html",
                    {"all_project": all_project},
                )

        if scanner == "dockle_scan":
            try:
                if self.check_file_ext(str(file)) != ".json":
                    messages.error(request, "Dockle Only JSON file Supported")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                j = file.read()
                data = json.loads(j)
                scan_dump = DockleScanDb(
                    scan_id=scan_id,
                    date_time=date_time,
                    project_id=project_id,
                    scan_status=scan_status,
                )
                scan_dump.save()
                dockle_report_json(
                    data=data,
                    project_id=project_id,
                    scan_id=scan_id,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(reverse("dockle:dockle_list"))
            except:
                messages.error(request, "File Not Supported")
                return render(
                    request,
                    "report_upload/upload.html",
                    {"all_project": all_project},
                )

        if scanner == "gitlabsast_scan":
            try:
                if self.check_file_ext(str(file)) != ".json":
                    messages.error(request,
                                   "Gitlabsast Only JSON file Supported")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                j = file.read()
                data = json.loads(j)
                scanner = "Gitlabsast"
                upload(
                    target,
                    scan_id,
                    date_time,
                    project_id,
                    scan_status,
                    scanner,
                    data,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(
                    reverse("staticscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(
                    request,
                    "report_upload/upload.html",
                    {"all_project": all_project},
                )

        if scanner == "gitlabcontainerscan_scan":
            try:
                if self.check_file_ext(str(file)) != ".json":
                    messages.error(
                        request,
                        "Gitlabcontainerscan Only JSON file Supported")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                j = file.read()
                data = json.loads(j)
                scanner = "Gitlabcontainerscan"

                upload(
                    target,
                    scan_id,
                    date_time,
                    project_id,
                    scan_status,
                    scanner,
                    data,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(
                    reverse("staticscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(
                    request,
                    "report_upload/upload.html",
                    {"all_project": all_project},
                )

        if scanner == "gitlabsca_scan":
            try:
                if self.check_file_ext(str(file)) != ".json":
                    messages.error(request,
                                   "Gitlabsca Only JSON file Supported")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                j = file.read()
                data = json.loads(j)
                scanner = "Gitlabsca"
                upload(
                    target,
                    scan_id,
                    date_time,
                    project_id,
                    scan_status,
                    scanner,
                    data,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(
                    reverse("staticscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(
                    request,
                    "report_upload/upload.html",
                    {"all_project": all_project},
                )

        if scanner == "twistlock_scan":
            try:
                if self.check_file_ext(str(file)) != ".json":
                    messages.error(request,
                                   "Twistlock Only JSON file Supported")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()

                j = file.read()
                data = json.loads(j)
                scanner = "Twistlock"
                upload(
                    target,
                    scan_id,
                    date_time,
                    project_id,
                    scan_status,
                    scanner,
                    data,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(
                    reverse("staticscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(
                    request,
                    "report_upload/upload.html",
                    {"all_project": all_project},
                )

        if scanner == "brakeman_scan":
            try:
                if self.check_file_ext(str(file)) != ".json":
                    messages.error(request,
                                   "Brakeman Only JSON file Supported")
                    return HttpResponseRedirect(
                        reverse("report_upload:upload"))
                date_time = datetime.now()
                j = file.read()
                data = json.loads(j)
                scanner = "Brakeman_scan"
                upload(
                    target,
                    scan_id,
                    date_time,
                    project_id,
                    scan_status,
                    scanner,
                    data,
                )
                messages.success(request, "File Uploaded")
                return HttpResponseRedirect(
                    reverse("staticscanners:list_scans"))
            except Exception as e:
                print(e)
                messages.error(request, "File Not Supported")
                return render(
                    request,
                    "report_upload/upload.html",
                    {"all_project": all_project},
                )

        if scanner == "openvas":
            if self.check_file_ext(str(file)) != ".xml":
                messages.error(request, "Openvas Only XML file Supported")
                return HttpResponseRedirect(reverse("report_upload:upload"))
            date_time = datetime.now()
            tree = ET.parse(file)
            root_xml = tree.getroot()
            hosts = OpenVas_Parser.get_hosts(root_xml)
            for host in hosts:
                scan_dump = NetworkScanDb(
                    ip=host,
                    scan_id=scan_id,
                    date_time=date_time,
                    project_id=project_id,
                    scan_status=scan_status,
                    scanner="Openvas",
                )
                scan_dump.save()
            OpenVas_Parser.updated_xml_parser(
                project_id=project_id,
                scan_id=scan_id,
                root=root_xml,
            )
            messages.success(request, "File Uploaded")
            return HttpResponseRedirect(reverse("networkscanners:list_scans"))
        elif scanner == "nessus":
            if self.check_file_ext(str(file)) != ".nessus":
                messages.error(request, "Nessus Only .nessus file Supported")
                return HttpResponseRedirect(reverse("report_upload:upload"))
            date_time = datetime.now()
            tree = ET.parse(file)
            root_xml = tree.getroot()
            Nessus_Parser.updated_nessus_parser(
                root=root_xml,
                scan_id=scan_id,
                project_id=project_id,
            )
            messages.success(request, "File Uploaded")
            return HttpResponseRedirect(reverse("networkscanners:list_scans"))
        elif scanner == "nmap":
            tree = ET.parse(file)
            root_xml = tree.getroot()
            nmap_parser.xml_parser(
                root=root_xml,
                scan_id=scan_id,
                project_id=project_id,
            )
            messages.success(request, "File Uploaded")
            return HttpResponseRedirect(reverse("tools:nmap_scan"))
コード例 #5
0
ファイル: views.py プロジェクト: archerysec/archerysec 
def launch_zap_scan(target_url, project_id, rescan_id, rescan, scan_id, user):
    """
    The function Launch ZAP Scans.
    :param target_url: Target URL
    :param project_id: Project ID
    :return:
    """
    zap_enabled = False
    random_port = "8091"

    all_zap = ZapSettingsDb.objects.filter()
    for zap in all_zap:
        zap_enabled = zap.enabled

    if zap_enabled is False:
        print("started local instence")
        random_port = zap_plugin.zap_local()

        for i in range(0, 100):
            while True:
                try:
                    # Connection Test
                    zap_connect = zap_plugin.zap_connect(random_port)
                    zap_connect.spider.scan(url=target_url)
                except Exception as e:
                    print("ZAP Connection Not Found, re-try after 5 sec")
                    time.sleep(5)
                    continue
                break

    zap_plugin.zap_spider_thread(count=20, random_port=random_port)
    zap_plugin.zap_spider_setOptionMaxDepth(count=5, random_port=random_port)

    zap_plugin.zap_scan_thread(count=30, random_port=random_port)
    zap_plugin.zap_scan_setOptionHostPerScan(count=3, random_port=random_port)

    # Load ZAP Plugin
    zap = zap_plugin.ZAPScanner(
        target_url,
        project_id,
        rescan_id,
        rescan,
        random_port=random_port,
    )
    zap.exclude_url()
    time.sleep(3)
    zap.cookies()
    time.sleep(3)
    date_time = datetime.now()
    try:
        save_all_scan = WebScansDb(
            project_id=project_id,
            scan_url=target_url,
            scan_id=scan_id,
            date_time=date_time,
            rescan_id=rescan_id,
            rescan=rescan,
            scan_status="0",
            scanner="Zap",
        )

        save_all_scan.save()
        notify.send(user,
                    recipient=user,
                    verb="ZAP Scan URL %s Added" % target_url)
    except Exception as e:
        print(e)

    notify.send(user, recipient=user, verb="ZAP Scan Started")
    zap.zap_spider_thread(thread_value=30)
    spider_id = zap.zap_spider()
    zap.spider_status(spider_id=spider_id)
    zap.spider_result(spider_id=spider_id)
    notify.send(user, recipient=user, verb="ZAP Scan Spider Completed")
    time.sleep(5)
    """ ZAP Scan trigger on target_url  """
    zap_scan_id = zap.zap_scan()
    zap.zap_scan_status(scan_id=zap_scan_id, un_scanid=scan_id)
    """ Save Vulnerability in database """
    time.sleep(5)
    all_vuln = zap.zap_scan_result(target_url=target_url)
    time.sleep(5)
    save_all_vuln = zap.zap_result_save(
        all_vuln=all_vuln,
        project_id=project_id,
        un_scanid=scan_id,
        target_url=target_url,
    )
    all_zap_scan = WebScansDb.objects.filter(scanner="zap")

    total_vuln = ""
    total_high = ""
    total_medium = ""
    total_low = ""
    for data in all_zap_scan:
        total_vuln = data.total_vul
        total_high = data.high_vul
        total_medium = data.medium_vul
        total_low = data.low_vul

    if zap_enabled is False:
        zap.zap_shutdown()

    notify.send(user,
                recipient=user,
                verb="ZAP Scan URL %s Completed" % target_url)

    subject = "Archery Tool Scan Status - ZAP Scan Completed"
    message = ("ZAP Scanner has completed the scan "
               "  %s <br> Total: %s <br>High: %s <br>"
               "Medium: %s <br>Low %s" %
               (target_url, total_vuln, total_high, total_medium, total_low))
    email_sch_notify(subject=subject, message=message)
コード例 #6
0
ファイル: views.py プロジェクト: archerysec/archerysec 
def launch_schudle_zap_scan(target_url, project_id, rescan_id, rescan,
                            scan_id):
    """
    The function Launch ZAP Scans.
    :param target_url: Target URL
    :param project_id: Project ID
    :return:
    """
    random_port = "8090"

    # Connection Test
    zap_connect = zap_plugin.zap_connect(random_port)

    try:
        zap_connect.spider.scan(url=target_url)

    except Exception:
        subject = "ZAP Connection Not Found"
        message = "ZAP Scanner failed due to setting not found "

        email_sch_notify(subject=subject, message=message)
        print("ZAP Connection Not Found")
        return HttpResponseRedirect(reverse("webscanners:index"))

    # Load ZAP Plugin
    zap = zap_plugin.ZAPScanner(target_url,
                                project_id,
                                rescan_id,
                                rescan,
                                random_port=random_port)
    zap.exclude_url()
    time.sleep(3)
    zap.cookies()
    time.sleep(3)
    date_time = datetime.now()
    try:
        save_all_scan = WebScansDb(
            project_id=project_id,
            scan_url=target_url,
            scan_id=scan_id,
            date_time=date_time,
            rescan_id=rescan_id,
            rescan=rescan,
            scan_status="0",
            scanner="Zap",
        )

        save_all_scan.save()
    except Exception as e:
        print(e)
    zap.zap_spider_thread(thread_value=30)
    spider_id = zap.zap_spider()
    zap.spider_status(spider_id=spider_id)
    zap.spider_result(spider_id=spider_id)
    time.sleep(5)
    """ ZAP Scan trigger on target_url  """
    zap_scan_id = zap.zap_scan()
    zap.zap_scan_status(scan_id=zap_scan_id, un_scanid=scan_id)
    """ Save Vulnerability in database """
    time.sleep(5)
    all_vuln = zap.zap_scan_result(target_url=target_url)
    time.sleep(5)
    zap.zap_result_save(
        all_vuln=all_vuln,
        project_id=project_id,
        un_scanid=scan_id,
        target_url=target_url,
    )
    all_zap_scan = WebScansDb.objects.filter(scanner="zap")

    total_vuln = ""
    total_high = ""
    total_medium = ""
    total_low = ""
    for data in all_zap_scan:
        total_vuln = data.total_vul
        total_high = data.high_vul
        total_medium = data.medium_vul
        total_low = data.low_vul

    subject = "Archery Tool Scan Status - ZAP Scan Completed"
    message = ("ZAP Scanner has completed the scan "
               "  %s <br> Total: %s <br>High: %s <br>"
               "Medium: %s <br>Low %s" %
               (target_url, total_vuln, total_high, total_medium, total_low))

    email_sch_notify(subject=subject, message=message)