def import_xml_scan(): """ Upload/import Nmap XML Scan file via scheduler task """ import time from skaldship.general import check_datadir try: # check to see if we have a Metasploit RPC instance configured and talking from MetasploitAPI import MetasploitAPI msf_api = MetasploitAPI(host=auth.user.f_msf_pro_url, apikey=auth.user.f_msf_pro_key) working_msf_api = msf_api.login() except: working_msf_api = False filedir = os.path.join(request.folder,'data','scanfiles') check_datadir(request.folder) response.title = "%s :: Import Nmap XML Scan Results" % (settings.title) fields = [] # buld the dropdown user list users = db(db.auth_user).select() userlist = [] for user in users: userlist.append( [ user.id, user.username ] ) fields.append(Field('f_filename', 'upload', uploadfolder=filedir, label=T('Nmap XML File'))) fields.append(Field('f_engineer', type='integer', label=T('Engineer'), default=auth.user.id, requires=IS_IN_SET(userlist))) fields.append(Field('f_asset_group', type='string', label=T('Asset Group'), requires=IS_NOT_EMPTY())) # If Metasploit available, pull a list of the workspaces and present them if working_msf_api: msf_workspaces = [] msf_workspaces.append( "None" ) for w in msf_api.pro_workspaces().keys(): msf_workspaces.append(w) fields.append(Field('f_msf_workspace', type='string', label=T('MSF Pro Workspace'), requires=IS_EMPTY_OR(IS_IN_SET(msf_workspaces, zero=None)))) fields.append(Field('f_addnoports', type='boolean', label=T('Add Hosts w/o Ports'), default=False)) fields.append(Field('f_include_list', type='text', label=T('Hosts to Only Include'))) fields.append(Field('f_ignore_list', type='text', label=T('Hosts to Ignore'))) fields.append(Field('f_update_hosts', type='boolean', label=T('Update Host Information'), default=False)) fields.append(Field('f_taskit', type='boolean', default=auth.user.f_scheduler_tasks, label=T('Run in background task'))) form = SQLFORM.factory(*fields, table_name='nmap_xml') if form.errors: response.flash = 'Error in form' elif form.accepts(request.vars, session): # process a nmap file filename = form.vars.f_filename filename = os.path.join(filedir, form.vars.f_filename) # build the hosts only/exclude list ip_exclude = [] data = form.vars.get('f_ignore_list') if data: ip_exclude = data.split('\r\n') # TODO: check for ip subnet/range and break it out to individuals ip_include = [] data = form.vars.get('f_include_list') if data: ip_include = data.split('\r\n') # TODO: check for ip subnet/range and break it out to individuals if form.vars.f_msf_workspace: msf_workspace = form.vars.f_msf_workspace if msf_workspace == "None": msf_workspace = None else: msf_workspace = None msf_settings = {'workspace': msf_workspace, 'url': auth.user.f_msf_pro_url, 'key': auth.user.f_msf_pro_key} if form.vars.f_taskit: task = scheduler.queue_task( scanner_import, pvars=dict( scanner='nmap', filename=filename, addnoports=form.vars.f_addnoports, asset_group=form.vars.f_asset_group, engineer=form.vars.f_engineer, msf_settings=msf_settings, ip_ignore_list=ip_exclude, ip_include_list=ip_include, update_hosts=form.vars.f_update_hosts, ), group_name=settings.scheduler_group_name, sync_output=5, timeout=3600 # 1 hour ) if task.id: redirect(URL('tasks', 'status', args=task.id)) else: response.flash = "Error submitting job: %s" % (task.errors) else: from skaldship.nmap import process_xml print("Starting Nmap XML Import") process_xml( filename=filename, addnoports=form.vars.f_addnoports, asset_group=form.vars.f_asset_group, engineer=form.vars.f_engineer, msf_settings=msf_settings, ip_ignore_list=ip_exclude, ip_include_list=ip_include, update_hosts=form.vars.f_update_hosts, ) response.flash = "Nmap XML upload complete" redirect(URL('default', 'index')) return dict(form=form)
exit("An error was encountered when selecting a user. Please try with a valid user name.") msf_settings = msf_get_config(session) msf_workspaces = [ None ] try: # check to see if we have a Metasploit RPC instance configured and talking from MetasploitAPI import MetasploitAPI msf_api = MetasploitAPI(host=msf_settings['url'], apikey=msf_settings['key']) working_msf_api = msf_api.login() except: working_msf_api = False if working_msf_api: for w in msf_api.pro_workspaces().keys(): msf_workspaces.append(w) try: msf_workspace = msf_workspaces[int(options.msfidx)] except IndexError: exit("An invalid workspace index has been provided. Aborting.") msf_settings = {'workspace': msf_workspace, 'url': msf_settings['url'], 'key': msf_settings['key']} task_vars = dict( scanner='nmap', filename=options.filename, addnoports=options.noports, asset_group=options.asset_group, engineer="%s" % rows.select().first().id,
fields.append(Field('f_filename', 'upload', uploadfolder=filedir, label=T('Nexpose XML File'))) fields.append(Field('f_engineer', type='integer', label=T('Engineer'), default=auth.user.id, requires=IS_IN_SET(userlist))) fields.append(Field('f_asset_group', type='string', label=T('Asset Group'), requires=IS_NOT_EMPTY())) # check to see if we have a Metasploit Pro instance configured and talking # if so pull a list of the workspaces and present them msf = MetasploitAPI(host=auth.user.f_msf_pro_url, apikey=auth.user.f_msf_pro_key) try: res = msf.login() except: res = False if res: msf_workspaces = [] msf_workspaces.append( "None" ) for w in msf.pro_workspaces().keys(): msf_workspaces.append(w) fields.append(Field('f_msf_workspace', type='string', label=T('MSF Pro Workspace'), requires=IS_EMPTY_OR(IS_IN_SET(msf_workspaces, zero=None)))) fields.append(Field('f_include_list', type='text', label=T('Hosts to Only Include'))) fields.append(Field('f_ignore_list', type='text', label=T('Hosts to Ignore'))) fields.append(Field('f_update_hosts', type='boolean', label=T('Update Host Information'), default=False)) fields.append(Field('f_taskit', type='boolean', default=auth.user.f_scheduler_tasks, label=T('Run in background task'))) form = SQLFORM.factory(*fields, table_name='nexpose_xml') # form processing if form.errors: response.flash = 'Error in form' elif form.accepts(request.vars, session): # process a nexpose file if not nxsitelist:
msf_settings = msf_get_config(session) msf_workspaces = [None] try: # check to see if we have a Metasploit RPC instance configured and talking from MetasploitAPI import MetasploitAPI msf_api = MetasploitAPI(host=msf_settings['url'], apikey=msf_settings['key']) working_msf_api = msf_api.login() except: working_msf_api = False if working_msf_api: for w in msf_api.pro_workspaces().keys(): msf_workspaces.append(w) try: msf_workspace = msf_workspaces[int(options.msfidx)] except IndexError: exit("An invalid workspace index has been provided. Aborting.") msf_settings = { 'workspace': msf_workspace, 'url': msf_settings['url'], 'key': msf_settings['key'] } task_vars = dict(scanner='nmap', filename=options.filename,
def import_xml_scan(): """ Upload/import Nmap XML Scan file via scheduler task """ import time from skaldship.general import check_datadir from skaldship.metasploit import msf_get_config msf_settings = msf_get_config(session) try: # check to see if we have a Metasploit RPC instance configured and talking from MetasploitAPI import MetasploitAPI msf_api = MetasploitAPI(host=msf_settings['url'], apikey=msf_settings['key']) working_msf_api = msf_api.login() except: working_msf_api = False filedir = os.path.join(request.folder, 'data', 'scanfiles') check_datadir(request.folder) response.title = "%s :: Import Nmap XML Scan Results" % (settings.title) fields = [] # buld the dropdown user list users = db(db.auth_user).select() userlist = [] for user in users: userlist.append([user.id, user.username]) fields.append( Field('f_filename', 'upload', uploadfolder=filedir, label=T('Nmap XML File'))) fields.append( Field('f_engineer', type='integer', label=T('Engineer'), default=auth.user.id, requires=IS_IN_SET(userlist))) fields.append( Field('f_asset_group', type='string', label=T('Asset Group'), requires=IS_NOT_EMPTY())) # If Metasploit available, pull a list of the workspaces and present them if working_msf_api: msf_workspaces = [] msf_workspaces.append("None") for w in msf_api.pro_workspaces().keys(): msf_workspaces.append(w) fields.append( Field('f_msf_workspace', type='string', label=T('MSF Pro Workspace'), requires=IS_EMPTY_OR(IS_IN_SET(msf_workspaces, zero=None)))) fields.append( Field('f_addnoports', type='boolean', label=T('Add Hosts w/o Ports'), default=False)) fields.append( Field('f_include_list', type='text', label=T('Hosts to Only Include'))) fields.append( Field('f_ignore_list', type='text', label=T('Hosts to Ignore'))) fields.append( Field('f_update_hosts', type='boolean', label=T('Update Host Information'), default=False)) fields.append( Field('f_taskit', type='boolean', default=auth.user.f_scheduler_tasks, label=T('Run in background task'))) form = SQLFORM.factory(*fields, table_name='nmap_xml') if form.errors: response.flash = 'Error in form' elif form.accepts(request.vars, session): # process a nmap file filename = form.vars.f_filename filename = os.path.join(filedir, form.vars.f_filename) # build the hosts only/exclude list ip_exclude = [] data = form.vars.get('f_ignore_list') if data: ip_exclude = data.split('\r\n') # TODO: check for ip subnet/range and break it out to individuals ip_include = [] data = form.vars.get('f_include_list') if data: ip_include = data.split('\r\n') # TODO: check for ip subnet/range and break it out to individuals if form.vars.f_msf_workspace: msf_workspace = form.vars.f_msf_workspace if msf_workspace == "None": msf_workspace = None else: msf_workspace = None msf_settings = { 'workspace': msf_workspace, 'url': msf_settings['url'], 'key': msf_settings['key'] } if form.vars.f_taskit: task = scheduler.queue_task( scanner_import, pvars=dict( scanner='nmap', filename=filename, addnoports=form.vars.f_addnoports, asset_group=form.vars.f_asset_group, engineer=form.vars.f_engineer, msf_settings=msf_settings, ip_ignore_list=ip_exclude, ip_include_list=ip_include, update_hosts=form.vars.f_update_hosts, ), group_name=settings.scheduler_group_name, sync_output=5, timeout=settings.scheduler_timeout) if task.id: redirect(URL('tasks', 'status', args=task.id)) else: response.flash = "Error submitting job: %s" % (task.errors) else: from skaldship.nmap import process_xml print("Starting Nmap XML Import") process_xml( filename=filename, addnoports=form.vars.f_addnoports, asset_group=form.vars.f_asset_group, engineer=form.vars.f_engineer, msf_settings=msf_settings, ip_ignore_list=ip_exclude, ip_include_list=ip_include, update_hosts=form.vars.f_update_hosts, ) response.flash = "Nmap XML upload complete" redirect(URL('default', 'index')) return dict(form=form)
def api_settings(): """Settings Metasploit API""" msf_settings = msf_get_config(session) response.title = "%s :: Metasploit API Settings" % (settings.title) try: from MetasploitAPI import MetasploitAPI, MSFAPIError except ImportError, error: return dict(error=str(error), alert=True, form=None) error=None alert=False msf = MetasploitAPI(host=msf_settings['url'], apikey=msf_settings['key']) try: workspaces = [w for w in msf.pro_workspaces().keys()] users = [u for u in msf.pro_users().get('users').keys()] except MSFAPIError, e: error = str(e) alert = True workspaces = [] users = [] form=SQLFORM.factory( Field('workspace', 'string', default=msf_settings['workspace'], label=T('Workspace Name'), requires=IS_IN_SET(workspaces)), Field('workspace_num', 'string', default=msf_settings['ws_num'], label=T('Workspace Number')), Field('user', 'string', default=msf_settings['user'], label=T('MSF User'), requires=IS_IN_SET(users)), Field('url', 'string', default=msf_settings['url'], label=T('MSF URL')), Field('key', 'string', default=msf_settings['key'], label=T('API Key')), ) # NOTE: workspace_num must be manually entered since there's no way for us