def nmap(config):
tool_name = "NMAP"
excluded_addon = f'--exclude-ports {config.get("exclusions", None)}' if config.get(
"exclusions", None) else ""
ports = config.get("inclusions", "0-65535")
nse_scripts = config.get(
"nse_scripts",
"ssl-date,http-mobileversion-checker,http-robots.txt,http-title,"
"http-waf-detect,http-chrono,http-headers,http-comments-displayer,"
"http-date")
exec_cmd = f'nmap -PN -p{ports} {excluded_addon} ' \
f'--min-rate 1000 --max-retries 0 --max-rtt-timeout 200ms ' \
f'{config["host"]}'
res = execute(exec_cmd)
tcp_ports = ''
udp_ports = ''
for each in re.findall(r'([0-9]*/[tcp|udp])', str(res[0])):
if '/t' in each:
tcp_ports += f'{each.replace("/t", "")},'
elif '/u' in each:
udp_ports += f'{each.replace("/u", "")},'
ports = f"-pT:{tcp_ports[:-1]}" if tcp_ports else ""
ports += f" -pU:{udp_ports[:-1]}" if udp_ports else ""
if not ports:
return (tool_name, [])
params = config.get("params", "-v -sVA")
exec_cmd = f'nmap {params} {ports} ' \
f'--min-rate 1000 --max-retries 0 ' \
f'--script={nse_scripts} {config["host"]} -oX /tmp/nmap.xml'
execute(exec_cmd)
result = NmapXMLParser('/tmp/nmap.xml', "NMAP").items
return tool_name, result
def nikto(config):
tool_name = "nikto"
if os.path.exists("/tmp/nikto.xml"):
os.remove("/tmp/nikto.xml")
exec_cmd = f'perl nikto.pl {config.get("param", "")} -h {config["host"]} -p {config["port"]} ' \
f'-Format xml -output /tmp/nikto.xml -Save /tmp/extended_nikto'
cwd = '/opt/nikto/program'
execute(exec_cmd, cwd)
result = NiktoXMLParser("/tmp/nikto.xml", "Nikto").items
return tool_name, result
def ruby(config):
included_checks = ''
exclude_checks = ''
if config.get('include_checks', None):
included_checks = f'-t {config.get("include_checks")} '
if config.get('exclude_checks', None):
exclude_checks = f'-x {config.get("exclude_checks")} '
if config.get('excluded_files', None):
exclude_checks = f'--skip-files {config.get("excluded_files")} '
excluded_files = ''
exec_cmd = f"brakeman {included_checks}{exclude_checks}--no-exit-on-warn --no-exit-on-error {excluded_files}" \
f"-o /tmp/brakeman.json " + SastyWrapper.get_code_path(config)
execute(exec_cmd, cwd=SastyWrapper.get_code_path(config))
result = BrakemanParser("/tmp/brakeman.json", "brakeman").items
filtered_result = common_post_processing(config, result, "brakeman")
return filtered_result
def w3af(config):
tool_name = "w3af"
config_file = config.get("config_file", "/tmp/w3af_full_audit.w3af")
w3af_execution_command = f'w3af_console -y -n -s {config_file}'
with open(config_file, 'r') as f:
config_content = f.read()
if '{target}' in config_content:
config_content = config_content.format(
target=
f'{config.get("protocol")}://{config.get("host")}:{config.get("port")}',
output_section=c.W3AF_OUTPUT_SECTION)
with open(config_file, 'w') as f:
f.write(config_content)
execute(w3af_execution_command)
result = W3AFXMLParser("/tmp/w3af.xml", "w3af").items
return tool_name, result
def aemhacker(config):
tool_name = "AEM_Hacker"
aem_hacker_output = execute(
f'aem-wrapper.sh -u {config.get("protocol")}://{config.get("host")}:{config.get("port")} --host {config.get("scanner_host", "127.0.0.1")} --port {config.get("scanner_port", "4444")}'
)[0].decode('utf-8')
result = AemOutputParser(aem_hacker_output).items
return tool_name, result
def bandit(config, results=None):
exec_cmd = "bandit -r {} --format json".format(SastyWrapper.get_code_path(config))
res = execute(exec_cmd, cwd=SastyWrapper.get_code_path(config))
with open("/tmp/bandit.json", "w") as f:
f.write(res[0].decode('utf-8', errors='ignore'))
result = BanditParser("/tmp/bandit.json", "pybandit").items
return SastyWrapper.extend_result(results, result)
def retirejs(config, results=None):
deps = get_dependencies(SastyWrapper.get_code_path(config), config.get('add_devdep'))
exec_cmd = "retire --jspath={} --outputformat=json " \
"--outputpath=/tmp/retirejs.json --includemeta --exitwith=0"\
.format(SastyWrapper.get_code_path(config))
res = execute(exec_cmd, cwd='/tmp')
result = RetireScanParser("/tmp/retirejs.json", "RetireScan", deps).items
return SastyWrapper.extend_result(results, result)
def npm(config, results=None):
deps = get_dependencies(SastyWrapper.get_code_path(config), config.get('add_devdep'))
exec_cmd = "npm audit --json"
res = execute(exec_cmd, cwd=SastyWrapper.get_code_path(config))
with open('/tmp/npm_audit.json', 'w') as npm_audit:
print(res[0].decode(encoding='ascii', errors='ignore'), file=npm_audit)
result = NpmScanParser("/tmp/npm_audit.json", "NpmScan", deps).items
return SastyWrapper.extend_result(results, result)
def python(config):
exec_cmd = "bandit -r /code --format json"
res = execute(exec_cmd, cwd='/code')
with open("/tmp/bandit.json", "w") as f:
f.write(res[0].decode('utf-8', errors='ignore'))
result = BanditParser("/tmp/bandit.json", "pybandit").items
common_post_processing(config, result, "pybandit")
return result
def masscan(config):
tool_name = "masscan"
host = config["host"]
result = list()
if not (find_ip(host)):
host = find_ip(str(execute(f'getent hosts {host}')[0]))
if len(host) > 0:
host = host[0].strip()
if host:
if config.get("exclusions", None):
excluded_addon = f'--exclude-ports {config.get("exclusions", None)}'
else:
excluded_addon = ''
ports = config.get("inclusions", "0-65535")
exec_cmd = f'masscan {host} -p {ports} -pU:{ports} --rate 1000 -oJ /tmp/masscan.json {excluded_addon}'
execute(exec_cmd.strip())
result = MasscanJSONParser("/tmp/masscan.json", "masscan").items
return tool_name, result
def retirejs(config):
devdeps = [] if config.get('devdep') \
else json.load(open('/code/package.json')).get('devDependencies', {}).keys()
exec_cmd = "retire --jspath=/code --outputformat=json " \
"--outputpath=/tmp/retirejs.json --includemeta --exitwith=0"
res = execute(exec_cmd, cwd='/tmp')
result = RetireScanParser("/tmp/retirejs.json", "RetireScan",
devdeps).items
common_post_processing(config, result, "RetireScan")
return result
def safety(config, results=None):
params_str = ''
for file_path in config.get('files', []):
params_str += '-r {} '.format(file_path)
exec_cmd = "safety check {}--full-report --json".format(params_str)
res = execute(exec_cmd, cwd=SastyWrapper.get_code_path(config))
with open('/tmp/safety_report.json', 'w') as safety_audit:
print(res[0].decode(encoding='ascii', errors='ignore'), file=safety_audit)
result = SafetyScanParser("/tmp/safety_report.json", "SafetyScan").items
return SastyWrapper.extend_result(results, result)
def npm(config):
devdeps = [] if config.get('devdep') \
else json.load(open('/code/package.json')).get('devDependencies', {}).keys()
exec_cmd = "npm audit --json"
res = execute(exec_cmd, cwd='/code')
with open('/tmp/npm_audit.json', 'w') as npm_audit:
print(res[0].decode(encoding='ascii', errors='ignore'),
file=npm_audit)
result = NpmScanParser("/tmp/npm_audit.json", "NpmScan", devdeps).items
common_post_processing(config, result, "NpmScan")
return result
def zap(config):
if 'supervisor.sock no such file' in execute(
'supervisorctl restart zap')[0].decode('utf-8'):
execute('/usr/bin/supervisord', communicate=False)
status = execute('zap-cli status')[0].decode('utf-8')
while 'ZAP is running' not in status:
sleep(10)
status = execute('zap-cli status')[0].decode('utf-8')
if config.get('zap_context_file_path', None):
context = os.path.join('/tmp', config.get('zap_context_file_path'))
if os.path.exists(context):
execute(
f'zap-cli context import /tmp/{config.get("zap_context_file_path")}'
)
execute(
f'zap-cli quick-scan -s {config.get("scan_types", "xss,sqli")} {config.get("params", "")}'
f' -c "{context}" -l Informational'
f' {config.get("protocol")}://{config.get("host")}:{config.get("port")}'
)
else:
execute(
f'zap-cli quick-scan -s {config.get("scan_types", "xss,sqli")} {config.get("params", "")}'
f'-l Informational {config.get("protocol")}://{config.get("host")}:{config.get("port")}'
)
execute('zap-cli report -o /tmp/zap.xml -f xml')
result = ZapXmlParser('/tmp/zap.xml', "ZAP").items
execute('supervisorctl stop zap')
common_post_processing(config, result, "ZAP")
return result
def java(config):
exec_cmd = "spotbugs -xml:withMessages -output /tmp/spotbugs.xml /code"
res = execute(exec_cmd, cwd='/code')
result = SpotbugsParser("/tmp/spotbugs.xml", "spotbugs").items
common_post_processing(config, result, "spotbugs")
return result
def nodejs(config):
exec_cmd = "nodejsscan -o nodejsscan -d /code"
res = execute(exec_cmd, cwd='/tmp')
result = NodeJsScanParser("/tmp/nodejsscan.json", "NodeJsScan").items
common_post_processing(config, result, "NodeJsScan")
return result
def sslyze(config):
tool_name = "SSlyze"
exec_cmd = f'sslyze --regular --json_out=/tmp/sslyze.json --quiet {config["host"]}:{config["port"]}'
execute(exec_cmd)
result = SslyzeJSONParser("/tmp/sslyze.json", "SSlyze").items
return tool_name, result
def spotbugs(config, results=None):
exec_cmd = "spotbugs -xml:withMessages {} -output /tmp/spotbugs.xml {}" \
"".format(config.get("scan_opts", ""), SastyWrapper.get_code_path(config))
execute(exec_cmd, cwd=SastyWrapper.get_code_path(config))
result = SpotbugsParser("/tmp/spotbugs.xml", "spotbugs").items
return SastyWrapper.extend_result(results, result)
def nodejsscan(config, results=None):
exec_cmd = "nodejsscan -o nodejsscan -d {}".format(SastyWrapper.get_code_source(config))
res = execute(exec_cmd, cwd='/tmp')
result = NodeJsScanParser("/tmp/nodejsscan.json", "NodeJsScan").items
return SastyWrapper.extend_result(results, result)
def sslyze(config):
exec_cmd = f'sslyze --regular --json_out=/tmp/sslyze.json --quiet {config["host"]}:{config["port"]}'
execute(exec_cmd)
result = SslyzeJSONParser("/tmp/sslyze.json", "SSlyze").items
common_post_processing(config, result, "SSlyze")
return result
def gosec(config, results=None):
""" Golang Security Checker """
exec_cmd = f"gosec -fmt=json ./..."
cmd_output = execute(exec_cmd, cwd=SastyWrapper.get_code_path(config))
result = GosecOutputParser(cmd_output, "gosec").items
return SastyWrapper.extend_result(results, result)
def dependency_check(config, results=None):
exec_cmd = 'dependency-check.sh -n -f JSON -o /tmp -s {} {}'.format(config['comp_path'], config['comp_opts'])
execute(exec_cmd, cwd=SastyWrapper.get_code_path(config))
result = DependencyCheckParser("/tmp/dependency-check-report.json", "dependency_check").items
return SastyWrapper.extend_result(results, result)
