def on_demand_scan_finished(results, information): add_scanned_resources(information) if information['email'] is None: return # TODO REMOVE Send email with scan results vulnerabilities = mongo.get_vulnerabilities_for_email(information) df = pd.DataFrame(vulnerabilities) if df.empty: print('No vulns found! Canceling email') return from VM_OrchestratorApp.src.utils import email_handler ROOT_DIR = os.path.dirname(os.path.abspath(__file__)) df.to_csv(ROOT_DIR + '/output.csv', index=False, columns=[ 'domain', 'resource', 'vulnerability_name', 'extra_info', 'date_found', 'last_seen', 'language', 'state' ]) email_handler.send_email_with_attachment( ROOT_DIR + '/output.csv', information['email'], "CSV with vulnerabilities attached to email", "Orchestrator: Vulnerabilities found!") try: os.remove(ROOT_DIR + '/output.csv') except FileNotFoundError: print('ERROR:Output for on demand scan was not found') pass slack.send_notification_to_channel( '_ On demand scan against %s finished! _' % information['resource'], '#vm-ondemand') return
def run_recon(scan_information): slack.send_notification_to_channel( 'Starting recon against %s' % scan_information['domain'], '#vm-recon-module') mongo.add_module_status_log({ 'module_keyword': "recon_module", 'state': "start", 'domain': scan_information[ 'domain'], #En los casos de start/stop de genericos, va None 'found': None, 'arguments': scan_information }) #We add the domain to our domain database mongo.add_domain(scan_information, True, True) # Scanning for subdomains subdomain_recon_task(scan_information) # We resolve to get http/https urls resolver_recon_task(scan_information) mongo.add_module_status_log({ 'module_keyword': "recon_module", 'state': "start", 'domain': scan_information[ 'domain'], #En los casos de start/stop de genericos, va None 'found': None, 'arguments': scan_information }) recon_finished(scan_information) return
def scan_target(scan_info, url_to_scan): # We take every .css file from our linkfinder utils css_files_found = utils.get_css_files(url_to_scan) if css_files_found: slack.send_notification_to_channel( '_ Found %s css files at %s _' % (str(len(css_files_found)), url_to_scan), SLACK_NOTIFICATION_CHANNEL) for css_file in css_files_found: url_split = css_file.split('/') host_split = url_to_scan.split('/') if css_file[-1] == '\\' or css_file[-1] == '/': css_file = css_file[:-1] response = get_response(url_to_scan) if response is None: if url_split[2] != host_split[2]: add_vulnerability_to_mongo(scan_info, css_file, 'Access') return return if response.status_code != 200: if url_split[2] != host_split[2]: add_vulnerability_to_mongo(scan_info, css_file, 'Status') return
def scan_target(scan_info, url_for_scanning): # We scan javascript files javascript_files_found = utils.get_js_files(url_for_scanning) if javascript_files_found: slack.send_notification_to_channel('_ Found %s javascript files at %s _' % (str(len(javascript_files_found)), url_for_scanning), SLACK_NOTIFICATION_CHANNEL) for javascript in javascript_files_found: scan_for_tokens(scan_info, url_for_scanning, javascript) return
def scan_target(scan_information, url_to_scan): # We first search for buckets inside the html code get_buckets(scan_information, url_to_scan) # We now scan javascript files javascript_files_found = utils.get_js_files(url_to_scan) if javascript_files_found: slack.send_notification_to_channel( '_ Found %s javascript files at %s _' % (str(len(javascript_files_found)), url_to_scan), SLACK_NOTIFICATION_CHANNEL) for javascript in javascript_files_found: get_buckets(scan_information, javascript) return
def start_scan_on_approved_resources(): slack.send_notification_to_channel( '_ Starting scan against approved resources _', '#vm-ondemand') resources = mongo.get_data_for_approved_scan() print(resources) for resource in resources: scan_info = resource scan_info['email'] = None scan_info['nessus_scan'] = settings['PROJECT']['ACTIVATE_NESSUS'] scan_info['acunetix_scan'] = settings['PROJECT']['ACTIVATE_ACUNETIX'] scan_info['burp_scan'] = settings['PROJECT']['ACTIVATE_BURP'] scan_info['invasive_scans'] = settings['PROJECT'][ 'ACTIVATE_INVASIVE_SCANS'] mongo.add_module_status_log({ 'module_keyword': "general_vuln_module", 'state': "start", 'domain': scan_info[ 'domain'], #En los casos de start/stop de genericos, va None 'found': None, 'arguments': scan_info }) if scan_info['type'] == 'domain': execution_chord = chord( [ run_web_scanners.si(scan_info).set(queue='fast_queue'), run_ip_scans.si(scan_info).set(queue='slow_queue') ], body=on_demand_scan_finished.s(scan_info).set( queue='fast_queue'), immutable=True) execution_chord.apply_async(queue='fast_queue', interval=300) elif scan_info['type'] == 'ip': execution_chord = chord( [run_ip_scans.si(scan_info).set(queue='slow_queue')], body=on_demand_scan_finished.s(scan_info).set( queue='fast_queue'), immutable=True) execution_chord.apply_async(queue='fast_queue', interval=300) elif scan_info['type'] == 'url': execution_chord = chord( [ run_web_scanners.si(scan_info).set(queue='fast_queue'), run_ip_scans.si(scan_info).set(queue='slow_queue') ], body=on_demand_scan_finished.s(scan_info).set( queue='fast_queue'), immutable=True) execution_chord.apply_async(queue='fast_queue', interval=300) return
def project_monitor_task(): monitor_data = mongo.get_domains_for_monitor() mongo.add_module_status_log({ 'module_keyword': "monitor_recon_module", 'state': "start", 'domain': None, #En los casos de start/stop de genericos, va None 'found': None, 'arguments': monitor_data }) print(monitor_data) slack.send_notification_to_channel( 'Starting monitor against %s' % str(monitor_data), '#vm-monitor') for data in monitor_data: scan_info = data scan_info['is_first_run'] = False scan_info['email'] = None scan_info['type'] = 'domain' if scan_info['type'] == 'domain': run_recon.apply_async(args=[scan_info], queue='fast_queue') return
def recon_against_target(information): information['is_first_run'] = True information['type'] = 'domain' slack.send_notification_to_channel( '_ Starting recon only scan against %s _' % str(information['domain']), '#vm-ondemand') mongo.add_module_status_log({ 'module_keyword': "on_demand_recon_module", 'state': "start", 'domain': None, #En los casos de start/stop de genericos, va None 'found': None, 'arguments': information }) for domain in information['domain']: current_scan_info = copy.deepcopy(information) current_scan_info['domain'] = domain execution_chain = chain( tasks.run_recon.si(current_scan_info).set(queue='slow_queue')) execution_chain.apply_async(queue='fast_queue', interval=300)
def on_demand_scan(information): information['is_first_run'] = True information['language'] = settings['LANGUAGE'] # The "Information" argument on chord body is temporary if information['type'] == 'domain': slack.send_notification_to_channel( '_ Starting on demand scan of type domain against %s _' % information['domain'], '#vm-ondemand') execution_chain = chain( tasks.run_recon.si(information).set(queue='slow_queue'), chord([ tasks.run_web_scanners.si(information).set(queue='fast_queue'), tasks.run_ip_scans.si(information).set(queue='slow_queue') ], body=tasks.on_demand_scan_finished.s(information).set( queue='fast_queue'), immutable=True)) execution_chain.apply_async(queue='fast_queue', interval=300) elif information['type'] == 'ip': slack.send_notification_to_channel( '_ Starting on demand scan of type ip against %s _' % information['resource'], '#vm-ondemand') execution_chord = chord( [tasks.run_ip_scans.si(information).set(queue='slow_queue')], body=tasks.on_demand_scan_finished.s(information).set( queue='fast_queue'), immutable=True) execution_chord.apply_async(queue='fast_queue', interval=300) elif information['type'] == 'url': slack.send_notification_to_channel( '_ Starting on demand scan of type url against %s _' % information['resource'], '#vm-ondemand') execution_chord = chord( [ tasks.run_web_scanners.si(information).set(queue='fast_queue'), tasks.run_ip_scans.si(information).set(queue='slow_queue') ], body=tasks.on_demand_scan_finished.s(information).set( queue='fast_queue'), immutable=True) execution_chord.apply_async(queue='fast_queue', interval=300)
def recon_finished(scan_information): slack.send_notification_to_channel( '_ Recon against %s finished _' % scan_information['domain'], '#vm-recon-module') print('Recon finished!') return
def on_demand_scan_finished(results, information): #add_scanned_resources(information) slack.send_notification_to_channel( '_ On demand scan against %s finished! _' % information['target'], '#vm-ondemand') return
def force_redmine_sync(): slack.send_notification_to_channel('_ Forcing redmine sync... _', '#vm-ondemand') execution_chain = chain( tasks.check_redmine_for_updates.si().set(queue='fast_queue')) execution_chain.apply_async(queue='fast_queue', interval=300)
def force_update_elasticsearch_logs(): slack.send_notification_to_channel( '_ Forcing update on elasticsearch... _', '#vm-ondemand') execution_chain = chain( tasks.update_elasticsearch_logs.si().set(queue='fast_queue')) execution_chain.apply_async(queue='fast_queue', interval=300)