def parseOutputString(self, output, debug=False): host_info = re.search(r"Connected to (.+)\.", output) banner = re.search("220?([\w\W]+)$", output) if re.search("Connection timed out", output) is None and host_info is not None: hostname = host_info.group(1) ip_address = self.resolve(hostname) self._version = banner.groups(0) if banner else "" if debug: print ip_address h_id = self.createAndAddHost(ip_address) i_id = self.createAndAddInterface(h_id, ip_address, ipv4_address=ip_address, hostname_resolution=hostname) s_id = self.createAndAddServiceToInterface(h_id, i_id, "ftp", "tcp", ports=[self._port], status="open") print("Host detected: %s" % ip_address) api.log("New host detected: %s" % ip_address) if debug is True: api.devlog("Debug is active") return True
def parseOutputString(self, output, debug = False): host_info = re.search(r"Connected to (.+)\.", output) banner = re.search("220?([\w\W]+)$", output) if re.search("Connection timed out",output) is None and host_info is not None: hostname=host_info.group(1) ip_address = self.resolve(hostname) self._version = banner.groups(0) if banner else "" if debug: print ip_address h_id = self.createAndAddHost(ip_address) i_id = self.createAndAddInterface(h_id, ip_address, ipv4_address=ip_address,hostname_resolution=hostname) s_id = self.createAndAddServiceToInterface(h_id, i_id, "ftp", "tcp", ports = [self._port], status = "open") print ("Host detected: %s" % ip_address) api.log("New host detected: %s" % ip_address) if debug is True: api.devlog("Debug is active") return True
def get_login(self, realm, username, may_save): if self.username is None or self.password is None: msg = "[SVN] Datamanager: User or Password is None" self.username = self.password = "" api.log(msg, "[SVN] ERROR") return True, self.username, self.password, False
def _importVulnsCvs(self,item): filename = qt.QFileDialog.getOpenFileName( CONF.getDefaultTempPath(), "Csv vulnerability file (*.*)", None, "open file dialog", "Choose a vulnerability file" ); if os.path.isfile(filename): with open(filename) as f: data = f.read() f.close() for l in data.split("\n"): api.devlog(l) if re.search("^#",l): api.devlog("ERROR FILE") continue d = l.split("|") if len(d) <=8: api.log("Error vuln line: ("+l+")" ) else: self._newVulnImport(d[1],d[2],d[3],d[4],d[5],d[6],d[7])
def parseOutputString(self, output, debug=False): host_info = re.search( r"(\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)", output) if host_info is None: api.log("No hosts detected") else: for host in output.splitlines(): if host != "": h_id = self.createAndAddHost(host) i_id = self.createAndAddInterface(h_id, host, ipv4_address=host) s_id = self.createAndAddServiceToInterface( h_id, i_id, str(self._port), "tcp", ports=[self._port], status="open", version="", description="") if debug is True: api.devlog("Debug is active") return True
def get_login(self, realm, username, may_save ): if self.username is None or self.password is None: msg = "[SVN] Datamanager: User or Password is None" self.username = self.password = "" api.log(msg, "[SVN] ERROR") return True, self.username, self.password, False
def resolve(self, host): try: return socket.gethostbyname(host) except: api.log('[ERROR] Acunetix XML Plugin: Ip of host unknown ' + host, level='ERROR') return None return host
def resolve(self, host): try: return socket.gethostbyname(host) except: api.log( '[ERROR] Acunetix XML Plugin: Ip of host unknown ' + host, level='ERROR') return None return host
def _dispatchActionWithLock(self, action_callback, *args): res = False self.__acquire_host_lock() try: res = action_callback(*args) except Exception: api.log("An exception occurred while dispatching an action (%r(%r)\n%s" % (action_callback, args, traceback.format_exc()), "ERROR") finally: self.__release_host_lock() return res
def __init__(self, fileReport): api.log('[INFO] FLEX Report Plugin: Parsing report...', level='INFO') reportTree = self.parse_xml(fileReport) if reportTree: self.hosts = [data for data in self.get_hosts(reportTree)] self.vulnerabilities = [ data for data in self.get_vulnerabilities(reportTree) ] else: self.hosts = [] self.vulnerabilities = []
def checkout(self): if self.url: try: self.validate_directory() msg = "DataManager: Checkout not necessary" api.log(msg, "ERROR") except: try: self._client.checkout(self.url, self.persistence_path) except pysvn.ClientError, e: for message, code in e.args[1]: api.devlog('Code: %d Message: %s' % (code, message)) if code == 155000: p = re.compile("\'(/.*)\'") path = p.search(message) self._client.add(path.groups()[0], recurse=True, force=False, ignore=True) self._client.checkout(self.url, self.persistence_path)
def _importVulnsCvs(self, item): filename = qt.QFileDialog.getOpenFileName( CONF.getDefaultTempPath(), "Csv vulnerability file (*.*)", None, "open file dialog", "Choose a vulnerability file") if os.path.isfile(filename): with open(filename) as f: data = f.read() f.close() for l in data.split("\n"): api.devlog(l) if re.search("^#", l): api.devlog("ERROR FILE") continue d = l.split("|") if len(d) < 8: api.log("Error vuln line: (" + l + ")") else: self._newVulnImport(d[1], d[2], d[3], d[4], d[5], d[6], d[7])
def parseOutputString(self, output, debug = False): host_info = re.search(r"(\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)", output) if host_info is None: api.log("No hosts detected") else: for host in output.split('\r\n'): if host != "": h_id = self.createAndAddHost(host) i_id = self.createAndAddInterface(h_id, host, ipv4_address=host) s_id = self.createAndAddServiceToInterface(h_id, i_id, str(self._port), "tcp", ports = [self._port], status = "open", version = "", description = "") if debug is True: api.devlog("Debug is active") return True
def parseOutputString(self, output, debug=False): parser = FLEXReportParser(output) ###################################### Load Hosts ###################################### api.log('[INFO] FLEX Report Plugin: Loading hosts...', level='INFO') for host in parser.hosts: api.log('[INFO] FLEX Report Plugin: Host <' + host.id + '>', level='INFO') host.idFaraday = self.createAndAddHost(host.ip, os=host.os) api.log('[INFO] FLEX Report Plugin: Loading interfaces...', level='INFO') for interface in host.interfaces: api.log('[INFO] FLEX Report Plugin: Interface <' + interface.id + '>', level='INFO') interface.idFaraday = self.createAndAddInterface( host.idFaraday, host.ip, ipv4_address=host.ip, hostname_resolution=interface.hostnames) api.log('[INFO] FLEX Report Plugin: Loading services...', level='INFO') for service in interface.services: api.log('[INFO] FLEX Report Plugin: Service <' + service.id + '>', level='INFO') service.idFaraday = self.createAndAddServiceToInterface( host.idFaraday, interface.idFaraday, service.name, service.protocol, ports=service.ports, version=service.version, status=service.status) ################################# Load Vulnerabilities ################################# api.log('[INFO] FLEX Report Plugin: Loading vulnerabilities...', level='INFO') for vulnerability in parser.vulnerabilities: api.log('[INFO] FLEX Report Plugin: Vulnerability ' + vulnerability.id, level='INFO') for vulnhost in vulnerability.vulnhosts: api.log('[INFO] FLEX Report Plugin: Vulnerability ' + vulnerability.id + ' to host ' + vulnhost.id, level='INFO') vulnhost_object = next(host for host in parser.hosts if (host.id == vulnhost.id)) if not vulnhost_object: api.log( '[ERROR] FLEX Report Plugin: Vulnerable host missing <' + vulnhost.id + '>', level='ERROR') else: if vulnerability.type == 'HOST': self.createAndAddVulnToHost( vulnhost_object.idFaraday, vulnerability.name, desc=vulnerability.description, ref=vulnerability.refs, severity=vulnerability.severity, resolution=vulnerability.resolution) elif vulnerability.type == 'SERVICE': service_object = None for interace_object in vulnhost_object.interfaces: service_object = next( service for service in interace_object.services if (service.id == vulnhost.subid)) if service_object: break if not service_object: api.log( '[ERROR] FLEX Report Plugin: Vulnerable host service missing <' + vulnhost.subid + '>', level='ERROR') else: self.createAndAddVulnToService( vulnhost_object.idFaraday, service_object.idFaraday, vulnerability.name, desc=vulnerability.description, ref=vulnerability.refs, severity=vulnerability.severity, resolution=vulnerability.resolution) elif vulnerability.type == 'WEB': service_object = None for interace_object in vulnhost_object.interfaces: service_object = next( service for service in interace_object.services if (service.id == vulnhost.subid)) if service_object: break if not service_object: api.log( '[ERROR] FLEX Report Plugin: Vulnerable host service missing <' + vulnhost.subid + '>', level='ERROR') else: self.createAndAddVulnWebToService( vulnhost_object.idFaraday, service_object.idFaraday, vulnerability.name, desc=vulnerability.description, ref=vulnerability.refs, severity=vulnerability.severity, resolution=vulnerability.resolution, website=vulnerability.vulnerabilityWebSite, path=vulnerability.vulnerabilityPath, request=vulnerability.vulnerabilityRequest, response=vulnerability.vulnerabilityResponse, method=vulnerability.vulnerabilityMethod, pname=vulnerability.vulnerabilityPName, params=vulnerability.vulnerabilityParams, query=vulnerability.vulnerabilityQuery, category=vulnerability.vulnerabilityCategory) else: api.log( '[ERROR] FLEX Report Plugin: Vulnerability Type unknown ' + self.type, level='ERROR') del parser
except pysvn.ClientError, e: for message, code in e.args[1]: api.devlog('Code: %d Message: %s' % (code, message)) if code == 155000: p = re.compile("\'(/.*)\'") path = p.search(message) self._client.add(path.groups()[0], recurse=True, force=False, ignore=True) self._client.checkout(self.url, self.persistence_path) else: msg = "DataManager: SVN url is not defined" api.log(msg, "ERROR") raise DataManagerException(msg) def get_login(self, realm, username, may_save): if self.username is None or self.password is None: msg = "[SVN] Datamanager: User or Password is None" self.username = self.password = "" api.log(msg, "[SVN] ERROR") return True, self.username, self.password, False def get_log_message(self): return True, "" def _safeAdd(self, path, dirname=False):
def _log(self, msg, *args, **kwargs): # I have no idea what I am doing api.log(msg, *args[:-1]) return True
def _showWorkspaceProperties(self, item): if item.object is not None: api.log("Llege a showWorkspace", "ERROR") d = WorkspacePropertiesDialog(self, "Workspace Properties", workspace=item.object) d.exec_loop()
except pysvn.ClientError, e: for message, code in e.args[1]: api.devlog('Code: %d Message: %s' % (code, message)) if code == 155000: p = re.compile("\'(/.*)\'") path = p.search(message) self._client.add(path.groups()[0], recurse=True, force=False, ignore=True) self._client.checkout(self.url, self.persistence_path) else: msg = "DataManager: SVN url is not defined" api.log(msg, "ERROR") raise DataManagerException(msg) def get_login(self, realm, username, may_save ): if self.username is None or self.password is None: msg = "[SVN] Datamanager: User or Password is None" self.username = self.password = "" api.log(msg, "[SVN] ERROR") return True, self.username, self.password, False def get_log_message(self): return True, "" def _safeAdd(self, path, dirname=False):