def command_profiles(parser, P, cmdParams, auditParams):
if P.targets:
parser.error("too many arguments")
profiles = sorted(get_available_profiles())
if not profiles:
print "No available profiles!"
else:
print "--------------------"
print " " + colorize("Available profiles", "yellow")
print "--------------------"
print
for name in profiles:
try:
p = RawConfigParser()
p.read(get_profile(name))
desc = p.get("golismero", "description")
except Exception:
desc = None
if desc:
print "+ %s: %s" % (colorize(name, "cyan"), desc)
else:
print "+ %s" % colorize(name, "cyan")
if path.sep == "/":
print
exit(0)
def command_load(parser, P, cmdParams, auditParams):
if not auditParams.is_new_audit():
parser.error("audit database already exists")
if not P.imports:
parser.error("missing input filename")
if len(P.imports) > 1:
parser.error("only one input filename allowed")
import sqlite3
filename = P.imports[0]
if P.verbose != 0:
print "Loading from file: %s" % colorize(filename, "cyan")
with open(filename, 'rU') as f:
data = f.read()
if P.verbose != 0:
print "Creating database: %s" % \
colorize(auditParams.audit_db, "yellow")
db = sqlite3.connect(auditParams.audit_db)
try:
try:
cursor = db.cursor()
try:
cursor.executescript(data)
del data
db.commit()
finally:
cursor.close()
finally:
db.close()
except:
parser.error("error loading database dump: " + str(sys.exc_value))
exit(0)
def command_profiles(parser, P, cmdParams, auditParams):
if P.targets:
parser.error("too many arguments")
profiles = sorted(get_available_profiles())
if not profiles:
print "No available profiles!"
else:
print "--------------------"
print " " + colorize("Available profiles", "yellow")
print "--------------------"
print
for name in profiles:
try:
p = RawConfigParser()
p.read(get_profile(name))
desc = p.get("golismero", "description")
except Exception:
desc = None
if desc:
print "+ %s: %s" % (colorize(name, "cyan"), desc)
else:
print "+ %s" % colorize(name, "cyan")
if path.sep == "/":
print
exit(0)
def command_load(parser, P, cmdParams, auditParams):
if not auditParams.is_new_audit():
parser.error("audit database already exists")
if not P.imports:
parser.error("missing input filename")
if len(P.imports) > 1:
parser.error("only one input filename allowed")
import sqlite3
filename = P.imports[0]
if P.verbose != 0:
print "Loading from file: %s" % colorize(filename, "cyan")
with open(filename, 'rU') as f:
data = f.read()
if P.verbose != 0:
print "Creating database: %s" % \
colorize(auditParams.audit_db, "yellow")
db = sqlite3.connect(auditParams.audit_db)
try:
try:
cursor = db.cursor()
try:
cursor.executescript(data)
del data
db.commit()
finally:
cursor.close()
finally:
db.close()
except:
parser.error("error loading database dump: " + str(sys.exc_value))
exit(0)
def recv_msg(self, message):
if not isinstance(message, Message):
raise TypeError("Expected Message, got %r instead" % type(message))
print "-" * 79
print "Message:"
print " Timestamp: %s" % time.ctime(message.timestamp)
print " Audit: %s" % message.audit_name
print " Plugin: %s" % message.plugin_id
print " Type: %s" % MessageType.get_name_from_value(
message.message_type)
print " Code: %s" % MessageCode.get_name_from_value_and_type(
message.message_code, message.message_type)
print " Priority: %s" % MessagePriority.get_name_from_value(
message.priority)
print " Payload: %r" % (message.message_info, )
print
if message.message_type == MessageType.MSG_TYPE_CONTROL:
if message.message_code == MessageCode.MSG_CONTROL_STOP_AUDIT:
if get_audit_count() == 1:
Config._context.send_msg(
message_type=MessageType.MSG_TYPE_CONTROL,
message_code=MessageCode.MSG_CONTROL_STOP,
message_info=True,
priority=MessagePriority.MSG_PRIORITY_LOW)
elif message.message_code == MessageCode.MSG_CONTROL_LOG:
(text, level, is_error) = message.message_info
if is_error:
print colorize(text, "magenta")
else:
print colorize(text, "cyan")
elif message.message_code == MessageCode.MSG_CONTROL_ERROR:
(description, traceback) = message.message_info
print colorize(description, "magenta")
print colorize(traceback, "magenta")
elif message.message_code == MessageCode.MSG_CONTROL_WARNING:
for w in message.message_info:
formatted = warnings.formatwarning(w.message, w.category,
w.filename, w.lineno,
w.line)
print colorize(formatted, "yellow")
def recv_info(self, info):
# Don't print anything if console output is disabled.
if Console.level < Console.STANDARD:
return
# Filter out info we've already seen.
if info.identity in self.already_seen_info:
return
self.already_seen_info.add(info.identity)
# Print newly discovered vulnerabilities.
if info.data_type == Data.TYPE_VULNERABILITY:
text = "%s Vulnerability '%s' dicovered by plugin '%s'. Risk level: %s" % (
colorize("<!>", info.risk),
colorize(info.vulnerability_type, info.risk),
colorize(self.get_plugin_name(info.plugin_id),
info.risk), colorize(str(info.risk), info.risk))
Console.display(text)
def command_dump(parser, P, cmdParams, auditParams):
if auditParams.is_new_audit():
parser.error("missing audit database")
if not P.reports:
parser.error("missing output filename")
if P.verbose != 0:
print "Loading database: %s" % \
colorize(auditParams.audit_db, "yellow")
with PluginTester(autoinit=False, autodelete=False) as t:
t.orchestrator_config.verbose = 0
t.audit_config.audit_name = auditParams.audit_name
t.audit_config.audit_db = auditParams.audit_db
t.init_environment()
Console.use_colors = cmdParams.color
for filename in P.reports:
if P.verbose != 0:
print "Dumping to file: %s" % colorize(filename, "cyan")
t.audit.database.dump(filename)
exit(0)
def recv_msg(self, message):
if not isinstance(message, Message):
raise TypeError("Expected Message, got %r instead" % type(message))
print "-" * 79
print "Message:"
print " Timestamp: %s" % time.ctime(message.timestamp)
print " Audit: %s" % message.audit_name
print " Plugin: %s" % message.plugin_id
print " Type: %s" % MessageType.get_name_from_value(message.message_type)
print " Code: %s" % MessageCode.get_name_from_value_and_type(message.message_code, message.message_type)
print " Priority: %s" % MessagePriority.get_name_from_value(message.priority)
print " Payload: %r" % (message.message_info,)
print
if message.message_type == MessageType.MSG_TYPE_CONTROL:
if message.message_code == MessageCode.MSG_CONTROL_STOP_AUDIT:
if get_audit_count() == 1:
Config._context.send_msg(
message_type = MessageType.MSG_TYPE_CONTROL,
message_code = MessageCode.MSG_CONTROL_STOP,
message_info = True,
priority = MessagePriority.MSG_PRIORITY_LOW
)
elif message.message_code == MessageCode.MSG_CONTROL_LOG:
(text, level, is_error) = message.message_info
if is_error:
print colorize(text, "magenta")
else:
print colorize(text, "cyan")
elif message.message_code == MessageCode.MSG_CONTROL_ERROR:
(description, traceback) = message.message_info
print colorize(description, "magenta")
print colorize(traceback, "magenta")
elif message.message_code == MessageCode.MSG_CONTROL_WARNING:
for w in message.message_info:
formatted = warnings.formatwarning(w.message, w.category, w.filename, w.lineno, w.line)
print colorize(formatted, "yellow")
def command_dump(parser, P, cmdParams, auditParams):
if auditParams.is_new_audit():
parser.error("missing audit database")
if not P.reports:
parser.error("missing output filename")
if P.verbose != 0:
print "Loading database: %s" % \
colorize(auditParams.audit_db, "yellow")
import sqlite3
for filename in P.reports:
if P.verbose != 0:
print "Dumping to file: %s" % colorize(filename, "cyan")
db = sqlite3.connect(auditParams.audit_db)
try:
with open(filename, 'w') as f:
for line in db.iterdump():
f.write(line + "\n")
finally:
db.close()
exit(0)
def recv_info(self, info):
# Don't print anything if console output is disabled.
if Console.level < Console.STANDARD:
return
# Filter out info we've already seen.
if info.identity in self.already_seen_info:
return
self.already_seen_info.add(info.identity)
# Print newly discovered vulnerabilities.
if info.data_type == Data.TYPE_VULNERABILITY:
text = "%s Vulnerability '%s' dicovered by plugin '%s'. Risk level: %s" % (
colorize("<!>", info.risk),
colorize(info.vulnerability_type, info.risk),
colorize(self.get_plugin_name(info.plugin_id), info.risk),
colorize(str(info.risk), info.risk)
)
Console.display(text)
def command_dump(parser, P, cmdParams, auditParams):
if auditParams.is_new_audit():
parser.error("missing audit database")
if not P.reports:
parser.error("missing output filename")
if P.verbose != 0:
print "Loading database: %s" % \
colorize(auditParams.audit_db, "yellow")
import sqlite3
for filename in P.reports:
if P.verbose != 0:
print "Dumping to file: %s" % colorize(filename, "cyan")
db = sqlite3.connect(auditParams.audit_db)
try:
with open(filename, 'w') as f:
for line in db.iterdump():
f.write(line + "\n")
finally:
db.close()
exit(0)
def run(self, info):
# Don't print anything if console output is disabled.
if Console.level < Console.MINIMAL:
return
# Ignore everything but vulnerabilities.
if info.data_type != Data.TYPE_VULNERABILITY:
return
# Filter out info we've already seen.
if info.identity in self.already_seen_info[Config.audit_name]:
return
self.already_seen_info[Config.audit_name].add(info.identity)
# Print newly discovered vulnerabilities.
text = "<!> %s vulnerability dicovered by %s. Level: %s"
text %= (colorize(info.display_name, info.level),
colorize(self.get_plugin_name(info.plugin_id, None),
"blue"), colorize(info.level, info.level))
Console.display(text)
def recv_info(self, info):
# Don't print anything if console output is disabled.
if Console.level < Console.STANDARD:
return
# Ignore everything but vulnerabilities.
if info.data_type != Data.TYPE_VULNERABILITY:
return
# Filter out info we've already seen.
if info.identity in self.already_seen_info[Config.audit_name]:
return
self.already_seen_info[Config.audit_name].add(info.identity)
# Print newly discovered vulnerabilities.
text = "<!> %s vulnerability dicovered by %s. Level: %s"
text %= (
colorize(info.display_name, info.level),
colorize(self.get_plugin_name(info.plugin_id, None), "blue"),
colorize(info.level, info.level)
)
Console.display(text)
#------------------------------------------------------------------------------
def command_plugins(parser, P, cmdParams, auditParams):
# Fail if we have arguments.
if P.targets:
parser.error("too many arguments")
# Load the plugins list.
try:
manager = PluginManager()
manager.find_plugins(cmdParams)
except Exception, e:
parser.error("error loading plugins list: %s" % str(e))
# Show the list of plugins.
print colorize("-------------", "red")
print colorize(" Plugin list", "red")
print colorize("-------------", "red")
# Import plugins...
import_plugins = manager.get_plugins("import")
if import_plugins:
print
print colorize("-= Import plugins =-", "yellow")
for name in sorted(import_plugins.keys()):
info = import_plugins[name]
print "\n%s:\n %s" % \
(colorize(name[7:], "cyan"), info.description)
# Testing plugins...
testing_plugins = manager.get_plugins("testing")
def __colorize(self, txt, level_or_color):
if self.__color:
return colorize(txt, level_or_color)
return txt
if P.command == "PLUGINS":
# Fail if we have arguments.
if P.targets:
parser.error("too many arguments")
# Load the plugins list.
try:
manager = PluginManager()
manager.find_plugins(cmdParams)
except Exception, e:
parser.error("error loading plugins list: %s" % str(e))
# Show the list of plugins.
print colorize("-------------", "red")
print colorize(" Plugin list", "red")
print colorize("-------------", "red")
# Import plugins...
import_plugins = manager.get_plugins("import")
if import_plugins:
print
print colorize("-= Import plugins =-", "yellow")
for name in sorted(import_plugins.keys()):
info = import_plugins[name]
print "\n%s:\n %s" % (colorize(name[7:], "cyan"), info.description)
# Testing plugins...
testing_plugins = manager.get_plugins("testing")
if testing_plugins:
def recv_msg(self, message):
# Process status messages
if message.message_type == MessageType.MSG_TYPE_STATUS:
if message.message_code == MessageCode.MSG_STATUS_PLUGIN_BEGIN:
m_plugin_name = self.get_plugin_name(message.plugin_name)
m_plugin_name = colorize(m_plugin_name, "info")
m_text = "[*] %s: Started." % m_plugin_name
Console.display(m_text)
elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_END:
m_plugin_name = self.get_plugin_name(message.plugin_name)
m_plugin_name = colorize(m_plugin_name, "info")
m_text = "[*] %s: Finished." % m_plugin_name
Console.display(m_text)
elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_STEP:
if Console.level >= Console.VERBOSE:
m_id, m_progress = message.message_info
m_plugin_name = self.get_plugin_name(message.plugin_name)
m_plugin_name = colorize(m_plugin_name, "info")
if m_progress is not None:
m_progress_h = int(m_progress)
m_progress_l = int(
(m_progress - float(m_progress_h)) * 100)
m_progress_txt = colorize(
"%i.%.2i%%" % (m_progress_h, m_progress_l),
"middle")
m_progress_txt = m_progress_txt + " percent done..."
else:
m_progress_txt = "Working..."
m_text = "[*] %s: %s" % (m_plugin_name, m_progress_txt)
Console.display(m_text)
# Process control messages
elif message.message_type == MessageType.MSG_TYPE_CONTROL:
# When an audit is finished, check if there are more running audits.
# If there aren't any, stop the Orchestrator.
if message.message_code == MessageCode.MSG_CONTROL_STOP_AUDIT:
if get_audit_count() == 1: # this is the last one
Config._context.send_msg( # XXX FIXME hide this from plugins!
message_type=MessageType.MSG_TYPE_CONTROL,
message_code=MessageCode.MSG_CONTROL_STOP,
message_info=
True, # True for finished, False for user cancel
priority=MessagePriority.MSG_PRIORITY_LOW)
# Show log messages
# (The verbosity is sent by Logger)
elif message.message_code == MessageCode.MSG_CONTROL_LOG:
(text, level, is_error) = message.message_info
if Console.level >= level:
try:
m_plugin_name = self.get_plugin_name(
message.plugin_name)
except Exception:
m_plugin_name = "GoLismero"
m_plugin_name = colorize(m_plugin_name, 'info')
text = colorize(text, 'middle')
if is_error:
text = "[!] %s: %s" % (m_plugin_name, text)
Console.display_error(text)
else:
text = "[*] %s: %s" % (m_plugin_name, text)
Console.display(text)
# Show plugin errors
# (Only the description in standard level,
# full traceback in more verbose level)
if message.message_code == MessageCode.MSG_CONTROL_ERROR:
(description, traceback) = message.message_info
try:
m_plugin_name = self.get_plugin_name(message.plugin_name)
except Exception:
m_plugin_name = "GoLismero"
text = "[!] Plugin '%s' error: %s " % (m_plugin_name,
str(description))
text = colorize(text, 'critical')
traceback = colorize(traceback, 'critical')
Console.display_error(text)
Console.display_error_more_verbose(traceback)
# Show plugin warnings
# (Only the description in verbose level,
# full traceback in more verbose level)
elif message.message_code == MessageCode.MSG_CONTROL_WARNING:
for w in message.message_info:
if Console.level >= Console.MORE_VERBOSE:
formatted = warnings.formatwarning(
w.message, w.category, w.filename, w.lineno,
w.line)
elif Console.level >= Console.VERBOSE:
formatted = w.message
else:
formatted = None
if formatted:
m_plugin_name = self.get_plugin_name(
message.plugin_name)
text = "[!] Plugin '%s' warning: %s " % (
m_plugin_name, str(formatted))
text = colorize(text, 'low')
Console.display_error(text)
def recv_msg(self, message):
# Process status messages
if message.message_type == MessageType.MSG_TYPE_STATUS:
if message.message_code == MessageCode.MSG_STATUS_PLUGIN_BEGIN:
m_plugin_name = self.get_plugin_name(message.plugin_name)
m_plugin_name = colorize(m_plugin_name, "info")
m_text = "[*] %s: Started." % m_plugin_name
Console.display(m_text)
elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_END:
m_plugin_name = self.get_plugin_name(message.plugin_name)
m_plugin_name = colorize(m_plugin_name, "info")
m_text = "[*] %s: Finished." % m_plugin_name
Console.display(m_text)
elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_STEP:
if Console.level >= Console.VERBOSE:
m_id, m_progress = message.message_info
m_plugin_name = self.get_plugin_name(message.plugin_name)
m_plugin_name = colorize(m_plugin_name, "info")
if m_progress is not None:
m_progress_h = int(m_progress)
m_progress_l = int((m_progress - float(m_progress_h)) * 100)
m_progress_txt = colorize("%i.%.2i%%" % (m_progress_h, m_progress_l), "middle")
m_progress_txt = m_progress_txt + " percent done..."
else:
m_progress_txt = "Working..."
m_text = "[*] %s: %s" % (m_plugin_name, m_progress_txt)
Console.display(m_text)
# Process control messages
elif message.message_type == MessageType.MSG_TYPE_CONTROL:
# When an audit is finished, check if there are more running audits.
# If there aren't any, stop the Orchestrator.
if message.message_code == MessageCode.MSG_CONTROL_STOP_AUDIT:
if get_audit_count() == 1: # this is the last one
Config._context.send_msg( # XXX FIXME hide this from plugins!
message_type = MessageType.MSG_TYPE_CONTROL,
message_code = MessageCode.MSG_CONTROL_STOP,
message_info = True, # True for finished, False for user cancel
priority = MessagePriority.MSG_PRIORITY_LOW
)
# Show log messages
# (The verbosity is sent by Logger)
elif message.message_code == MessageCode.MSG_CONTROL_LOG:
(text, level, is_error) = message.message_info
if Console.level >= level:
try:
m_plugin_name = self.get_plugin_name(message.plugin_name)
except Exception:
m_plugin_name = "GoLismero"
m_plugin_name = colorize(m_plugin_name, 'info')
text = colorize(text, 'middle')
if is_error:
text = "[!] %s: %s" % (m_plugin_name, text)
Console.display_error(text)
else:
text = "[*] %s: %s" % (m_plugin_name, text)
Console.display(text)
# Show plugin errors
# (Only the description in standard level,
# full traceback in more verbose level)
if message.message_code == MessageCode.MSG_CONTROL_ERROR:
(description, traceback) = message.message_info
try:
m_plugin_name = self.get_plugin_name(message.plugin_name)
except Exception:
m_plugin_name = "GoLismero"
text = "[!] Plugin '%s' error: %s " % (m_plugin_name, str(description))
text = colorize(text, 'critical')
traceback = colorize(traceback, 'critical')
Console.display_error(text)
Console.display_error_more_verbose(traceback)
# Show plugin warnings
# (Only the description in verbose level,
# full traceback in more verbose level)
elif message.message_code == MessageCode.MSG_CONTROL_WARNING:
for w in message.message_info:
if Console.level >= Console.MORE_VERBOSE:
formatted = warnings.formatwarning(w.message, w.category, w.filename, w.lineno, w.line)
elif Console.level >= Console.VERBOSE:
formatted = w.message
else:
formatted = None
if formatted:
m_plugin_name = self.get_plugin_name(message.plugin_name)
text = "[!] Plugin '%s' warning: %s " % (m_plugin_name, str(formatted))
text = colorize(text, 'low')
Console.display_error(text)
#------------------------------------------------------------------------------
def command_plugins(parser, P, cmdParams, auditParams):
# Fail if we have arguments.
if P.targets:
parser.error("too many arguments")
# Load the plugins list.
try:
manager = PluginManager()
manager.find_plugins(cmdParams)
except Exception, e:
parser.error("error loading plugins list: %s" % str(e))
# Show the list of plugins.
print colorize("-------------", "red")
print colorize(" Plugin list", "red")
print colorize("-------------", "red")
# Import plugins...
import_plugins = manager.get_plugins("import")
if import_plugins:
print
print colorize("-= Import plugins =-", "yellow")
for name in sorted(import_plugins.keys()):
info = import_plugins[name]
print "\n%s:\n %s" % \
(colorize(name[7:], "cyan"), info.description)
# Testing plugins...
testing_plugins = manager.get_plugins("testing")
def recv_msg(self, message):
# Process status messages.
if message.message_type == MessageType.MSG_TYPE_STATUS:
# A plugin has started.
if message.message_code == MessageCode.MSG_STATUS_PLUGIN_BEGIN:
# Create a simple ID for the plugin execution.
id_dict = self.current_plugins[Config.audit_name][
message.plugin_id]
simple_id = len(id_dict)
id_dict[message.ack_identity] = simple_id
# Show this event in extra verbose mode.
if Console.level >= Console.MORE_VERBOSE:
# Show a message to the user.
m_plugin_name = self.get_plugin_name(
message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[*] " + m_plugin_name,
"informational")
m_text = "%s: Started." % m_plugin_name
Console.display(m_text)
# A plugin has ended.
elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_END:
# Show this event in extra verbose mode.
if Console.level >= Console.MORE_VERBOSE:
# Show a message to the user.
m_plugin_name = self.get_plugin_name(
message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[*] " + m_plugin_name,
"informational")
m_text = "%s: Finished." % m_plugin_name
Console.display(m_text)
# Free the simple ID for the plugin execution.
try:
del self.current_plugins[Config.audit_name][
message.plugin_id][message.ack_identity]
except KeyError:
pass
# A plugin has advanced.
elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_STEP:
# Show this event in verbose mode.
if Console.level >= Console.VERBOSE:
# Get the plugin name.
m_plugin_name = self.get_plugin_name(
message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[*] " + m_plugin_name,
"informational")
# Get the progress percentage.
m_progress = message.message_info
if m_progress is not None:
m_progress_h = int(m_progress)
m_progress_l = int(
(m_progress - float(m_progress_h)) * 100)
m_progress_txt = colorize(
"%i.%.2i%%" % (m_progress_h, m_progress_l),
"middle")
m_progress_txt = m_progress_txt + " percent done..."
else:
m_progress_txt = "Working..."
# Show it to the user.
m_text = "%s: %s" % (m_plugin_name, m_progress_txt)
Console.display(m_text)
# The audit has moved to another execution stage.
elif message.message_code == MessageCode.MSG_STATUS_STAGE_UPDATE:
# Show this event in verbose mode.
if Console.level >= Console.VERBOSE:
# Show the new stage name.
m_stage = get_stage_display_name(message.message_info)
m_stage = colorize(m_stage, "high")
m_plugin_name = colorize("[*] GoLismero", "informational")
m_text = "%s: Current stage: %s"
m_text %= (m_plugin_name, m_stage)
Console.display(m_text)
# If on maximum verbosity level and entering report stage,
# log the current report mode.
if (Console.level >= Console.MORE_VERBOSE
and message.message_info == "report"):
if Config.audit_config.only_vulns:
m_report_type = "Brief"
else:
m_report_type = "Full"
m_report_type = colorize(m_report_type, "yellow")
m_text = "%s: Report type: %s"
m_text %= (m_plugin_name, m_report_type)
Console.display(m_text)
# When an audit is aborted, check if there are more running audits.
# If there aren't any, stop the Orchestrator.
elif message.message_code == MessageCode.MSG_STATUS_AUDIT_ABORTED:
(audit_name, description, traceback) = message.message_info
try:
m_plugin_name = self.get_plugin_name(
message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[!] " + m_plugin_name,
'critical')
text = "%s: Error: %s " % (m_plugin_name, str(description))
traceback = colorize(traceback, 'critical')
Console.display_error(text)
Console.display_error_more_verbose(traceback)
finally:
self.audit_is_dead(audit_name)
# Process control messages.
elif message.message_type == MessageType.MSG_TYPE_CONTROL:
# When an audit is finished, check if there are more running audits.
# If there aren't any, stop the Orchestrator.
if message.message_code == MessageCode.MSG_CONTROL_STOP_AUDIT:
self.audit_is_dead(message.audit_name)
# Show log messages. The verbosity is sent by Logger.
elif message.message_code == MessageCode.MSG_CONTROL_LOG:
(text, level, is_error) = message.message_info
if Console.level >= level:
m_plugin_name = self.get_plugin_name(
message.plugin_id, message.ack_identity)
if is_error:
text = colorize_traceback(text)
m_plugin_name = colorize("[!] " + m_plugin_name,
'critical')
text = "%s: %s" % (m_plugin_name, text)
Console.display_error(text)
else:
m_plugin_name = colorize("[*] " + m_plugin_name,
'informational')
text = "%s: %s" % (m_plugin_name, text)
Console.display(text)
# Show plugin errors.
# Only the description in standard level,
# full traceback in more verbose level.
if message.message_code == MessageCode.MSG_CONTROL_ERROR:
(description, traceback) = message.message_info
m_plugin_name = self.get_plugin_name(message.plugin_id,
message.ack_identity)
m_plugin_name = colorize("[!] " + m_plugin_name, 'critical')
text = "%s: Error: %s " % (m_plugin_name, str(description))
traceback = colorize_traceback(traceback)
Console.display_error(text)
Console.display_error_more_verbose(traceback)
# Show plugin warnings.
# Only in more verbose level.
elif message.message_code == MessageCode.MSG_CONTROL_WARNING:
for w in message.message_info:
if Console.level >= Console.MORE_VERBOSE:
formatted = warnings.formatwarning(
w.message, w.category, w.filename, w.lineno,
w.line)
m_plugin_name = self.get_plugin_name(
message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[!] " + m_plugin_name, 'low')
text = "%s: Error: %s " % (m_plugin_name,
str(formatted))
Console.display_error(text)
def __colorize(self, txt, level_or_color):
if self.__color:
return colorize(txt, level_or_color)
return txt
def recv_msg(self, message):
# Process status messages.
if message.message_type == MessageType.MSG_TYPE_STATUS:
# A plugin has started.
if message.message_code == MessageCode.MSG_STATUS_PLUGIN_BEGIN:
# Create a simple ID for the plugin execution.
id_dict = self.current_plugins[Config.audit_name][message.plugin_id]
simple_id = len(id_dict)
id_dict[message.ack_identity] = simple_id
# Show a message to the user.
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
m_plugin_name = colorize(m_plugin_name, "informational")
m_text = "[*] %s: Started." % m_plugin_name
Console.display(m_text)
# A plugin has ended.
elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_END:
# Show a message to the user.
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
m_plugin_name = colorize(m_plugin_name, "informational")
m_text = "[*] %s: Finished." % m_plugin_name
Console.display(m_text)
# Free the simple ID for the plugin execution.
del self.current_plugins[Config.audit_name][message.plugin_id][message.ack_identity]
# A plugin has advanced.
elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_STEP:
# Don't show this event in quiet mode.
if Console.level >= Console.VERBOSE:
# Get the plugin name.
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
m_plugin_name = colorize(m_plugin_name, "informational")
# Get the progress percentage.
m_progress = message.message_info
if m_progress is not None:
m_progress_h = int(m_progress)
m_progress_l = int((m_progress - float(m_progress_h)) * 100)
m_progress_txt = colorize("%i.%.2i%%" % (m_progress_h, m_progress_l), "middle")
m_progress_txt = m_progress_txt + " percent done..."
else:
m_progress_txt = "Working..."
# Show it to the user.
m_text = "[*] %s: %s" % (m_plugin_name, m_progress_txt)
Console.display(m_text)
# Process control messages.
elif message.message_type == MessageType.MSG_TYPE_CONTROL:
# When an audit is finished, check if there are more running audits.
# If there aren't any, stop the Orchestrator.
if message.message_code == MessageCode.MSG_CONTROL_STOP_AUDIT:
try:
del self.already_seen_info[Config.audit_name]
except KeyError:
pass # may happen when generating reports only
if get_audit_count() == 1: # this is the last one
Config._context.send_msg( # XXX FIXME hide this from plugins!
message_type = MessageType.MSG_TYPE_CONTROL,
message_code = MessageCode.MSG_CONTROL_STOP,
message_info = True, # True for finished, False for user cancel
priority = MessagePriority.MSG_PRIORITY_LOW
)
# Show log messages. The verbosity is sent by Logger.
elif message.message_code == MessageCode.MSG_CONTROL_LOG:
(text, level, is_error) = message.message_info
if Console.level >= level:
try:
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
except Exception:
m_plugin_name = "GoLismero"
m_plugin_name = colorize(m_plugin_name, 'informational')
text = colorize(text, 'middle')
if is_error:
text = "[!] %s: %s" % (m_plugin_name, text)
Console.display_error(text)
else:
text = "[*] %s: %s" % (m_plugin_name, text)
Console.display(text)
# Show plugin errors.
# Only the description in standard level,
# full traceback in more verbose level.
if message.message_code == MessageCode.MSG_CONTROL_ERROR:
(description, traceback) = message.message_info
try:
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
except Exception:
m_plugin_name = "GoLismero"
text = "[!] Plugin '%s' error: %s " % (m_plugin_name, str(description))
text = colorize(text, 'critical')
traceback = colorize(traceback, 'critical')
Console.display_error(text)
Console.display_error_more_verbose(traceback)
# Show plugin warnings.
# Only the description in verbose level,
# full traceback in more verbose level.
elif message.message_code == MessageCode.MSG_CONTROL_WARNING:
for w in message.message_info:
if Console.level >= Console.MORE_VERBOSE:
formatted = warnings.formatwarning(w.message, w.category, w.filename, w.lineno, w.line)
elif Console.level >= Console.VERBOSE:
formatted = w.message
else:
formatted = None
if formatted:
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
text = "[!] Plugin '%s' warning: %s " % (m_plugin_name, str(formatted))
text = colorize(text, 'low')
Console.display_error(text)
def recv_msg(self, message):
# Process status messages.
if message.message_type == MessageType.MSG_TYPE_STATUS:
# A plugin has started.
if message.message_code == MessageCode.MSG_STATUS_PLUGIN_BEGIN:
# Create a simple ID for the plugin execution.
id_dict = self.current_plugins[Config.audit_name][message.plugin_id]
simple_id = len(id_dict)
id_dict[message.ack_identity] = simple_id
# Show this event in verbose mode.
if Console.level >= Console.VERBOSE:
# Show a message to the user.
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[*] " + m_plugin_name, "informational")
m_text = "%s: Started." % m_plugin_name
Console.display(m_text)
# A plugin has ended.
elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_END:
# Show this event in verbose mode.
if Console.level >= Console.VERBOSE:
# Show a message to the user.
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[*] " + m_plugin_name, "informational")
m_text = "%s: Finished." % m_plugin_name
Console.display(m_text)
# Free the simple ID for the plugin execution.
try:
del self.current_plugins[Config.audit_name][message.plugin_id][message.ack_identity]
except KeyError:
pass
# A plugin has advanced.
elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_STEP:
# Show this event in verbose mode.
if Console.level >= Console.VERBOSE:
# Get the plugin name.
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[*] " + m_plugin_name, "informational")
# Get the progress percentage.
m_progress = message.message_info
if m_progress is not None:
m_progress_h = int(m_progress)
m_progress_l = int((m_progress - float(m_progress_h)) * 100)
m_progress_txt = colorize("%i.%.2i%%" % (m_progress_h, m_progress_l), "middle")
m_progress_txt = m_progress_txt + " percent done..."
else:
m_progress_txt = "Working..."
# Show it to the user.
m_text = "%s: %s" % (m_plugin_name, m_progress_txt)
Console.display(m_text)
# The audit has moved to another execution stage.
elif message.message_code == MessageCode.MSG_STATUS_STAGE_UPDATE:
# Show this event in verbose mode.
if Console.level >= Console.VERBOSE:
# Show the new stage name.
m_stage = get_stage_display_name(message.message_info)
m_stage = colorize(m_stage, "high")
m_plugin_name = colorize("[*] GoLismero", "informational")
m_text = "%s: Current stage: %s"
m_text %= (m_plugin_name, m_stage)
Console.display(m_text)
# If on maximum verbosity level and entering report stage,
# log the current report mode.
if (
Console.level >= Console.MORE_VERBOSE and
message.message_info == "report"
):
if Config.audit_config.only_vulns:
m_report_type = "Brief"
else:
m_report_type = "Full"
m_report_type = colorize(m_report_type, "yellow")
m_text = "%s: Report type: %s"
m_text %= (m_plugin_name, m_report_type)
Console.display(m_text)
# When an audit is aborted, check if there are more running audits.
# If there aren't any, stop the Orchestrator.
elif message.message_code == MessageCode.MSG_STATUS_AUDIT_ABORTED:
(audit_name, description, traceback) = message.message_info
try:
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[!] " + m_plugin_name, 'critical')
text = "%s: Error: %s " % (m_plugin_name, str(description))
traceback = colorize(traceback, 'critical')
Console.display_error(text)
Console.display_error_more_verbose(traceback)
finally:
self.audit_is_dead(audit_name)
# Process control messages.
elif message.message_type == MessageType.MSG_TYPE_CONTROL:
# When an audit is finished, check if there are more running audits.
# If there aren't any, stop the Orchestrator.
if message.message_code == MessageCode.MSG_CONTROL_STOP_AUDIT:
self.audit_is_dead(message.audit_name)
# Show log messages. The verbosity is sent by Logger.
elif message.message_code == MessageCode.MSG_CONTROL_LOG:
(text, level, is_error) = message.message_info
if Console.level >= level:
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
if is_error:
text = colorize_traceback(text)
m_plugin_name = colorize("[!] " + m_plugin_name, 'critical')
text = "%s: %s" % (m_plugin_name, text)
Console.display_error(text)
else:
m_plugin_name = colorize("[*] " + m_plugin_name, 'informational')
text = "%s: %s" % (m_plugin_name, text)
Console.display(text)
# Show plugin errors.
# Only the description in standard level,
# full traceback in more verbose level.
if message.message_code == MessageCode.MSG_CONTROL_ERROR:
(description, traceback) = message.message_info
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[!] " + m_plugin_name, 'critical')
text = "%s: Error: %s " % (m_plugin_name, str(description))
traceback = colorize_traceback(traceback)
Console.display_error(text)
Console.display_error_more_verbose(traceback)
# Show plugin warnings.
# Only in more verbose level.
elif message.message_code == MessageCode.MSG_CONTROL_WARNING:
for w in message.message_info:
if Console.level >= Console.MORE_VERBOSE:
formatted = warnings.formatwarning(w.message, w.category, w.filename, w.lineno, w.line)
m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity)
m_plugin_name = colorize("[!] " + m_plugin_name, 'low')
text = "%s: Error: %s " % (m_plugin_name, str(formatted))
Console.display_error(text)
