예제 #1
0
 def __init__(self):
     print >> sys.stderr, "\n\n\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Security Testing Initiated <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"
     util_obj = Utility()
     config_file = os.path.join(os.path.dirname(__file__),
                                '../data/config.yaml')
     self.config_data = util_obj.yaml_read(config_file)
     self.msf = MetaSploitFrameWork()
     self.nessus = NessusAPI(
         url=self.config_data['nessus']['url'],
         api_akey=self.config_data['nessus']['api_akey'],
         api_skey=self.config_data['nessus']['api_skey'],
         insecure=True)
     #MySQL DB Connection
     db_host = self.config_data['mysql']['host']
     db_user = self.config_data['mysql']['user']
     db_password = self.config_data['mysql']['password']
     mysql_db = self.config_data['mysql']['db']
     self.db = MySQLConnector(db_host, db_user, db_password, mysql_db)
예제 #2
0
from flask import Flask, request, redirect, render_template, session, flash
from db import MySQLConnector
from flask_bcrypt import Bcrypt
app = Flask(__name__)
mysql = MySQLConnector(app, 'friendsdb')

bcrypt = Bcrypt(app)

print('This is bcrypt')
print(len(bcrypt.generate_password_hash('hello')))


@app.route('/')
def index():
    query = "SELECT * FROM friends"
    friends = mysql.query_db(query)
    return render_template('index.html', all_friends=friends, action='view')


@app.route('/friends', methods=['POST'])
def create():
    print(request.form['first_name'])
    print(request.form['last_name'])
    print(request.form['email'])
    query = "INSERT INTO friends (first_name, last_name, email, created_at, updated_at) VALUES (:first_name, :last_name, :email, NOW(), NOW())"
    data = {
        'first_name': request.form['first_name'],
        'last_name': request.form['last_name'],
        'email': request.form['email']
    }
    mysql.query_db(query, data)
예제 #3
0
from flask import Flask, request, redirect, render_template, session, flash
from flask_bcrypt import Bcrypt
from db import MySQLConnector
import re
import datetime

app = Flask(__name__)
bcrypt = Bcrypt(app)

app.secret_key = "loginregistration"
mysql = MySQLConnector(app, 'friendface')
'''
NOTE: The code is a mess and redundant in places. I'd like to clean it up by moving duplicate code to functions and modularize it, but I think my time is best spend moving along the course to Django.

-Michael :-)
'''

EMAIL_REGEX = re.compile(r'^[a-zA-Z0-9.+_-]+@[a-zA-Z0-9._-]+\.[a-zA-Z]+$')
SPACE_REGEX = re.compile(r'\S+')
NAME_REGEX = re.compile(r'^[a-zA-Z]+$')
PASSWORD_REGEX = re.compile(r'^[a-zA-Z0-9.+=_-]+$')
UPPER_CASE_REGEX = re.compile(r'[A-Z]')
NUMBER_REGEX = re.compile(r'[0-9]+')
ILLEGAL_REGEX = re.compile(r'[~`()+={}|\\:;\'\"<>,.?/]')

today = datetime.datetime.today().strftime("%Y-%m-%d")


@app.route('/')
def index():
    # users = mysql.query_db("select * from users")
예제 #4
0
class AutoSecurity:
    def __init__(self):
        print >> sys.stderr, "\n\n\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Security Testing Initiated <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"
        util_obj = Utility()
        config_file = os.path.join(os.path.dirname(__file__),
                                   '../data/config.yaml')
        self.config_data = util_obj.yaml_read(config_file)
        self.msf = MetaSploitFrameWork()
        self.nessus = NessusAPI(
            url=self.config_data['nessus']['url'],
            api_akey=self.config_data['nessus']['api_akey'],
            api_skey=self.config_data['nessus']['api_skey'],
            insecure=True)
        #MySQL DB Connection
        db_host = self.config_data['mysql']['host']
        db_user = self.config_data['mysql']['user']
        db_password = self.config_data['mysql']['password']
        mysql_db = self.config_data['mysql']['db']
        self.db = MySQLConnector(db_host, db_user, db_password, mysql_db)

    def run_security_tests(self, scan_type, scan_name, update_db=True):
        try:
            self.msf.setup(self.config_data['metasploit']['user'],
                           self.config_data['metasploit']['password'])
            self.console_id = self.msf.create_console()

            #Time for NMap to Act
            input_hosts = self.config_data['input_hosts']
            self.nmap_action(input_hosts)

            #Extract Hosts with Open ports
            open_port_hosts = self.msf.report_openport_hosts()
            print >> sys.stdout, "\n>>>>>>>>>>>>>>>> OpenPort Hosts <<<<<<<<<<<<<<<<\n", open_port_hosts
            hosts_to_scan = ",".join(open_port_hosts.keys())

            #Time for Nessus to Act
            hosts_total_scan_info, html_content = self.nessus_action(
                hosts_to_scan=hosts_to_scan, scan_name=scan_name)
            hosts_total_scan_info['scan_name'] = scan_name
            hosts_total_scan_info['scan_type'] = scan_type

            if update_db:
                self.db.update_secutiry_dashboard_tables(
                    open_port_hosts, hosts_total_scan_info)
                report_dir = self.config_data['nessus']['report_dir']
                file_name = scan_type + "_report.html"
                file_path = report_dir + file_name
                print >> sys.stdout, "\n>>>>>>>>>>>> Going to write scan report to : %s <<<<<<<<<<<<<<\n" % (
                    file_path)
                with open(file_path, 'w') as html_write:
                    html_write.write(html_content)

            self.msf.destroy_console(self.console_id)

        except:
            err_msg = traceback.format_exc()
            print >> sys.stderr, "\n>>>>>>>>>> Security Test execution failed with traceback <<<<<<<<<<<\n", err_msg

    def nmap_action(self, input_hosts):
        try:
            #Run 'hosts -d' to clean the Postgres database of Metasploit
            clean_db_command = """
			hosts -d
			"""
            self.msf.command_execution(self.console_id, clean_db_command)

            #Run Nmap to load the database with Host details
            dbnmap_command = """
			db_nmap -v %s
			""" % (input_hosts)
            exec_info = self.msf.command_execution(self.console_id,
                                                   dbnmap_command)
            print >> sys.stdout, "\n~~~~~~~~~~~~~~~~~~~~ NMap Command Execution Info ~~~~~~~~~~~~~~~~~~~~\n", exec_info, "\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"

        except:
            err_msg = traceback.format_exc()
            print >> sys.stderr, "\n>>>>>>>>>> Security Test execution failed with traceback <<<<<<<<<<<", err_msg

    def nessus_action(self,
                      hosts_to_scan='',
                      scan_name='',
                      scan_type='BasicNetworkScan',
                      update_db=False):
        try:
            print >> sys.stdout, "\n\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Going to run Vulenerability Scan for: %s ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n" % (
                hosts_to_scan)

            #Update targets and launch BasicNetwork Scan
            if not scan_name:
                scan_name = self.config_data['nessus']['scans'][scan_type]

            if self.nessus.scan_exists(scan_name):
                print >> sys.stdout, "\n>>>>>>>>>>>>>>>>>>> Update Scan Targets <<<<<<<<<<<<<<<<<<<<<\n"
                self.nessus.scan_update_targets(hosts_to_scan, scan_name)

                self.nessus.launch_scan(scan_name)

                scan_ids = self.nessus.get_scan_ids_byname(scan_name)

                curr_scan_status = 'running'
                while (curr_scan_status == 'running'):
                    curr_scan_status = self.nessus.get_scan_execution_status(
                        scan_name)
                    if curr_scan_status == 'running':
                        time.sleep(300)

                #Set Hosts Total Info to Null
                hosts_total_info = {}
                hosts_total_info['scan_uuid'] = scan_ids['uuid']

                #Get Host Severity Info
                hosts_severity_info = self.nessus.get_scan_hosts_severity_info(
                    scan_name)

                scanned_hosts_info = self.nessus.get_scanned_hosts_info(
                    scan_name)

                for each_host in scanned_hosts_info.keys():
                    hosts_total_info[each_host] = {}
                    hosts_total_info[each_host]['vulnerabilities'] = {}
                    hosts_total_info[each_host]['severity'] = {}
                    hosts_total_info[each_host][
                        'vulnerabilities'] = scanned_hosts_info[each_host][
                            'vulnerabilities']
                    hosts_total_info[each_host][
                        'severity'] = hosts_severity_info[each_host]

                html_content = self.nessus.download_scan(
                    scan_name, export_format='html').encode('utf-8')

                print >> sys.stdout, "\n~~~~~~~~~~~~~~~~~~~~~~~ Vulenerability Scan '%s' is DONE ~~~~~~~~~~~~~~~~~~~~~\n" % (
                    scan_name)

                return hosts_total_info, html_content

            else:
                raise Exception(
                    ">>>>>>>>>>>>>>>>>>> Scan not Found <<<<<<<<<<<<<<<<<<<<<")

        except:
            err_msg = traceback.format_exc()
            print >> sys.stderr, ">>>>>>>>>> Nessus Vulenerability scanning failed with traceback <<<<<<<<<<<", err_msg
예제 #5
0
from flask import Flask, render_template, request, redirect, flash, session
from db import MySQLConnector
app = Flask(__name__)
app.secret_key = 'NINJAZ!'

mysql = MySQLConnector(app, 'world')

print(mysql.query_db("SELECT * FROM countries"))


@app.route('/')
def index():
    return render_template("index.html")


@app.route('/result', methods=['POST'])
def form():
    session['name'] = request.form['name']
    session['dojo'] = request.form['dojo']
    session['language'] = request.form['language']
    session['comment'] = request.form['comment']

    valid = True
    if len(session['name']) < 1:
        flash("Name cannot be empty!")
        valid = False
    if len(session['comment']) < 1:
        flash("Comment cannot be empty!")
        valid = False
    if len(session['comment']) > 121:
        flash("Comment cannot more than 120 characters!")