def parseOutputString(self, output, debug=False):
host_info = re.search(r"Connected to (.+)\.", output)
banner = re.search("220?([\w\W]+)$", output)
if re.search("Connection timed out",
output) is None and host_info is not None:
hostname = host_info.group(1)
ip_address = self.resolve(hostname)
self._version = banner.groups(0) if banner else ""
if debug:
print ip_address
h_id = self.createAndAddHost(ip_address)
i_id = self.createAndAddInterface(h_id,
ip_address,
ipv4_address=ip_address,
hostname_resolution=hostname)
s_id = self.createAndAddServiceToInterface(h_id,
i_id,
"ftp",
"tcp",
ports=[self._port],
status="open")
print("Host detected: %s" % ip_address)
api.log("New host detected: %s" % ip_address)
if debug is True:
api.devlog("Debug is active")
return True
def parseOutputString(self, output, debug = False):
host_info = re.search(r"Connected to (.+)\.", output)
banner = re.search("220?([\w\W]+)$", output)
if re.search("Connection timed out",output) is None and host_info is not None:
hostname=host_info.group(1)
ip_address = self.resolve(hostname)
self._version = banner.groups(0) if banner else ""
if debug:
print ip_address
h_id = self.createAndAddHost(ip_address)
i_id = self.createAndAddInterface(h_id, ip_address, ipv4_address=ip_address,hostname_resolution=hostname)
s_id = self.createAndAddServiceToInterface(h_id, i_id, "ftp",
"tcp",
ports = [self._port],
status = "open")
print ("Host detected: %s" % ip_address)
api.log("New host detected: %s" % ip_address)
if debug is True:
api.devlog("Debug is active")
return True
def get_login(self, realm, username, may_save):
if self.username is None or self.password is None:
msg = "[SVN] Datamanager: User or Password is None"
self.username = self.password = ""
api.log(msg, "[SVN] ERROR")
return True, self.username, self.password, False
def _importVulnsCvs(self,item):
filename = qt.QFileDialog.getOpenFileName(
CONF.getDefaultTempPath(),
"Csv vulnerability file (*.*)",
None,
"open file dialog",
"Choose a vulnerability file" );
if os.path.isfile(filename):
with open(filename) as f:
data = f.read()
f.close()
for l in data.split("\n"):
api.devlog(l)
if re.search("^#",l):
api.devlog("ERROR FILE")
continue
d = l.split("|")
if len(d) <=8:
api.log("Error vuln line: ("+l+")" )
else:
self._newVulnImport(d[1],d[2],d[3],d[4],d[5],d[6],d[7])
def parseOutputString(self, output, debug=False):
host_info = re.search(
r"(\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)",
output)
if host_info is None:
api.log("No hosts detected")
else:
for host in output.splitlines():
if host != "":
h_id = self.createAndAddHost(host)
i_id = self.createAndAddInterface(h_id,
host,
ipv4_address=host)
s_id = self.createAndAddServiceToInterface(
h_id,
i_id,
str(self._port),
"tcp",
ports=[self._port],
status="open",
version="",
description="")
if debug is True:
api.devlog("Debug is active")
return True
def get_login(self, realm, username, may_save ):
if self.username is None or self.password is None:
msg = "[SVN] Datamanager: User or Password is None"
self.username = self.password = ""
api.log(msg, "[SVN] ERROR")
return True, self.username, self.password, False
def resolve(self, host):
try:
return socket.gethostbyname(host)
except:
api.log('[ERROR] Acunetix XML Plugin: Ip of host unknown ' + host,
level='ERROR')
return None
return host
def resolve(self, host):
try:
return socket.gethostbyname(host)
except:
api.log(
'[ERROR] Acunetix XML Plugin: Ip of host unknown ' + host,
level='ERROR')
return None
return host
def _dispatchActionWithLock(self, action_callback, *args):
res = False
self.__acquire_host_lock()
try:
res = action_callback(*args)
except Exception:
api.log("An exception occurred while dispatching an action (%r(%r)\n%s" %
(action_callback, args, traceback.format_exc()), "ERROR")
finally:
self.__release_host_lock()
return res
def _dispatchActionWithLock(self, action_callback, *args):
res = False
self.__acquire_host_lock()
try:
res = action_callback(*args)
except Exception:
api.log("An exception occurred while dispatching an action (%r(%r)\n%s" %
(action_callback, args, traceback.format_exc()), "ERROR")
finally:
self.__release_host_lock()
return res
def __init__(self, fileReport):
api.log('[INFO] FLEX Report Plugin: Parsing report...', level='INFO')
reportTree = self.parse_xml(fileReport)
if reportTree:
self.hosts = [data for data in self.get_hosts(reportTree)]
self.vulnerabilities = [
data for data in self.get_vulnerabilities(reportTree)
]
else:
self.hosts = []
self.vulnerabilities = []
def checkout(self):
if self.url:
try:
self.validate_directory()
msg = "DataManager: Checkout not necessary"
api.log(msg, "ERROR")
except:
try:
self._client.checkout(self.url, self.persistence_path)
except pysvn.ClientError, e:
for message, code in e.args[1]:
api.devlog('Code: %d Message: %s' % (code, message))
if code == 155000:
p = re.compile("\'(/.*)\'")
path = p.search(message)
self._client.add(path.groups()[0],
recurse=True,
force=False,
ignore=True)
self._client.checkout(self.url, self.persistence_path)
def _importVulnsCvs(self, item):
filename = qt.QFileDialog.getOpenFileName(
CONF.getDefaultTempPath(), "Csv vulnerability file (*.*)", None,
"open file dialog", "Choose a vulnerability file")
if os.path.isfile(filename):
with open(filename) as f:
data = f.read()
f.close()
for l in data.split("\n"):
api.devlog(l)
if re.search("^#", l):
api.devlog("ERROR FILE")
continue
d = l.split("|")
if len(d) < 8:
api.log("Error vuln line: (" + l + ")")
else:
self._newVulnImport(d[1], d[2], d[3], d[4], d[5], d[6],
d[7])
def checkout(self):
if self.url:
try:
self.validate_directory()
msg = "DataManager: Checkout not necessary"
api.log(msg, "ERROR")
except:
try:
self._client.checkout(self.url, self.persistence_path)
except pysvn.ClientError, e:
for message, code in e.args[1]:
api.devlog('Code: %d Message: %s' % (code, message))
if code == 155000:
p = re.compile("\'(/.*)\'")
path = p.search(message)
self._client.add(path.groups()[0],
recurse=True,
force=False,
ignore=True)
self._client.checkout(self.url, self.persistence_path)
def parseOutputString(self, output, debug = False):
host_info = re.search(r"(\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)", output)
if host_info is None:
api.log("No hosts detected")
else:
for host in output.split('\r\n'):
if host != "":
h_id = self.createAndAddHost(host)
i_id = self.createAndAddInterface(h_id, host, ipv4_address=host)
s_id = self.createAndAddServiceToInterface(h_id, i_id, str(self._port),
"tcp",
ports = [self._port],
status = "open",
version = "",
description = "")
if debug is True:
api.devlog("Debug is active")
return True
def parseOutputString(self, output, debug=False):
parser = FLEXReportParser(output)
###################################### Load Hosts ######################################
api.log('[INFO] FLEX Report Plugin: Loading hosts...', level='INFO')
for host in parser.hosts:
api.log('[INFO] FLEX Report Plugin: Host <' + host.id + '>',
level='INFO')
host.idFaraday = self.createAndAddHost(host.ip, os=host.os)
api.log('[INFO] FLEX Report Plugin: Loading interfaces...',
level='INFO')
for interface in host.interfaces:
api.log('[INFO] FLEX Report Plugin: Interface <' +
interface.id + '>',
level='INFO')
interface.idFaraday = self.createAndAddInterface(
host.idFaraday,
host.ip,
ipv4_address=host.ip,
hostname_resolution=interface.hostnames)
api.log('[INFO] FLEX Report Plugin: Loading services...',
level='INFO')
for service in interface.services:
api.log('[INFO] FLEX Report Plugin: Service <' +
service.id + '>',
level='INFO')
service.idFaraday = self.createAndAddServiceToInterface(
host.idFaraday,
interface.idFaraday,
service.name,
service.protocol,
ports=service.ports,
version=service.version,
status=service.status)
################################# Load Vulnerabilities #################################
api.log('[INFO] FLEX Report Plugin: Loading vulnerabilities...',
level='INFO')
for vulnerability in parser.vulnerabilities:
api.log('[INFO] FLEX Report Plugin: Vulnerability ' +
vulnerability.id,
level='INFO')
for vulnhost in vulnerability.vulnhosts:
api.log('[INFO] FLEX Report Plugin: Vulnerability ' +
vulnerability.id + ' to host ' + vulnhost.id,
level='INFO')
vulnhost_object = next(host for host in parser.hosts
if (host.id == vulnhost.id))
if not vulnhost_object:
api.log(
'[ERROR] FLEX Report Plugin: Vulnerable host missing <'
+ vulnhost.id + '>',
level='ERROR')
else:
if vulnerability.type == 'HOST':
self.createAndAddVulnToHost(
vulnhost_object.idFaraday,
vulnerability.name,
desc=vulnerability.description,
ref=vulnerability.refs,
severity=vulnerability.severity,
resolution=vulnerability.resolution)
elif vulnerability.type == 'SERVICE':
service_object = None
for interace_object in vulnhost_object.interfaces:
service_object = next(
service for service in interace_object.services
if (service.id == vulnhost.subid))
if service_object: break
if not service_object:
api.log(
'[ERROR] FLEX Report Plugin: Vulnerable host service missing <'
+ vulnhost.subid + '>',
level='ERROR')
else:
self.createAndAddVulnToService(
vulnhost_object.idFaraday,
service_object.idFaraday,
vulnerability.name,
desc=vulnerability.description,
ref=vulnerability.refs,
severity=vulnerability.severity,
resolution=vulnerability.resolution)
elif vulnerability.type == 'WEB':
service_object = None
for interace_object in vulnhost_object.interfaces:
service_object = next(
service for service in interace_object.services
if (service.id == vulnhost.subid))
if service_object: break
if not service_object:
api.log(
'[ERROR] FLEX Report Plugin: Vulnerable host service missing <'
+ vulnhost.subid + '>',
level='ERROR')
else:
self.createAndAddVulnWebToService(
vulnhost_object.idFaraday,
service_object.idFaraday,
vulnerability.name,
desc=vulnerability.description,
ref=vulnerability.refs,
severity=vulnerability.severity,
resolution=vulnerability.resolution,
website=vulnerability.vulnerabilityWebSite,
path=vulnerability.vulnerabilityPath,
request=vulnerability.vulnerabilityRequest,
response=vulnerability.vulnerabilityResponse,
method=vulnerability.vulnerabilityMethod,
pname=vulnerability.vulnerabilityPName,
params=vulnerability.vulnerabilityParams,
query=vulnerability.vulnerabilityQuery,
category=vulnerability.vulnerabilityCategory)
else:
api.log(
'[ERROR] FLEX Report Plugin: Vulnerability Type unknown '
+ self.type,
level='ERROR')
del parser
except pysvn.ClientError, e:
for message, code in e.args[1]:
api.devlog('Code: %d Message: %s' % (code, message))
if code == 155000:
p = re.compile("\'(/.*)\'")
path = p.search(message)
self._client.add(path.groups()[0],
recurse=True,
force=False,
ignore=True)
self._client.checkout(self.url, self.persistence_path)
else:
msg = "DataManager: SVN url is not defined"
api.log(msg, "ERROR")
raise DataManagerException(msg)
def get_login(self, realm, username, may_save):
if self.username is None or self.password is None:
msg = "[SVN] Datamanager: User or Password is None"
self.username = self.password = ""
api.log(msg, "[SVN] ERROR")
return True, self.username, self.password, False
def get_log_message(self):
return True, ""
def _safeAdd(self, path, dirname=False):
def _log(self, msg, *args, **kwargs):
# I have no idea what I am doing
api.log(msg, *args[:-1])
return True
def _showWorkspaceProperties(self, item):
if item.object is not None:
api.log("Llege a showWorkspace", "ERROR")
d = WorkspacePropertiesDialog(self, "Workspace Properties", workspace=item.object)
d.exec_loop()
def _log(self, msg, *args, **kwargs):
# I have no idea what I am doing
api.log(msg, *args[:-1])
return True
except pysvn.ClientError, e:
for message, code in e.args[1]:
api.devlog('Code: %d Message: %s' % (code, message))
if code == 155000:
p = re.compile("\'(/.*)\'")
path = p.search(message)
self._client.add(path.groups()[0],
recurse=True,
force=False,
ignore=True)
self._client.checkout(self.url, self.persistence_path)
else:
msg = "DataManager: SVN url is not defined"
api.log(msg, "ERROR")
raise DataManagerException(msg)
def get_login(self, realm, username, may_save ):
if self.username is None or self.password is None:
msg = "[SVN] Datamanager: User or Password is None"
self.username = self.password = ""
api.log(msg, "[SVN] ERROR")
return True, self.username, self.password, False
def get_log_message(self):
return True, ""
def _safeAdd(self, path, dirname=False):
