def OpenVas_xml_upload(request): """ OpenVAS XML file upload. :param request: :return: """ all_project = project_db.objects.all() if request.method == "POST": project_id = request.POST.get("project_id") scanner = request.POST.get("scanner") xml_file = request.FILES['xmlfile'] scan_ip = request.POST.get("scan_url") scan_id = uuid.uuid4() scan_status = "100" if scanner == "openvas": date_time = datetime.datetime.now() scan_dump = scan_save_db(scan_ip=scan_ip, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() OpenVas_Parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return HttpResponseRedirect("/networkscanners/") return render(request, 'net_upload_xml.html', {'all_project': all_project})
def openvas_scanner(scan_ip, project_id, sel_profile, user): """ The function is launch the OpenVAS scans. :param scan_ip: :param project_id: :param sel_profile: :return: """ openvas = OpenVAS_Plugin(scan_ip, project_id, sel_profile) try: scanner = openvas.connect() except Exception as e: notify.send(user, recipient=user, verb='OpenVAS Setting not configured') subject = 'Archery Tool Notification' message = 'OpenVAS Scanner failed due to setting not found ' email_notify(user=user, subject=subject, message=message) return notify.send(user, recipient=user, verb='OpenVAS Scan Started') subject = 'Archery Tool Notification' message = 'OpenVAS Scan Started' email_notify(user=user, subject=subject, message=message) scan_id, target_id = openvas.scan_launch(scanner) date_time = datetime.now() save_all = scan_save_db(scan_id=str(scan_id), project_id=str(project_id), scan_ip=scan_ip, target_id=str(target_id), date_time=date_time, scan_status=0.0) save_all.save() openvas.scan_status(scanner=scanner, scan_id=scan_id) time.sleep(5) vuln_an_id(scan_id=scan_id, project_id=project_id) notify.send(user, recipient=user, verb='OpenVAS Scan Completed') all_openvas = scan_save_db.objects.all() all_vuln = '' total_high = '' total_medium = '' total_low = '' for openvas in all_openvas: all_vuln = openvas.total_vul total_high = openvas.high_total total_medium = openvas.medium_total total_low = openvas.low_total subject = 'Archery Tool Notification' message = 'OpenVAS Scan Completed <br>' \ 'Total: %s <br>Total High: %s <br>' \ 'Total Medium: %s <br>Total Low %s' % (all_vuln, total_high, total_medium, total_low) email_notify(user=user, subject=subject, message=message) return HttpResponse(status=201)
def OpenVAS_xml_upload(request): username = request.user.username """ OpenVAS XML file upload. :param request: :return: """ all_project = project_db.objects.filter(username=username) if request.method == "POST": project_id = request.POST.get("project_id") scanner = request.POST.get("scanner") xml_file = request.FILES['xmlfile'] scan_ip = request.POST.get("scan_url") scan_id = uuid.uuid4() scan_status = "100" if scanner == "openvas": date_time = datetime.now() tree = ET.parse(xml_file) root_xml = tree.getroot() hosts = OpenVas_Parser.get_hosts(root_xml) for host in hosts: scan_dump = scan_save_db(scan_ip=host, scan_id=host, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username ) scan_dump.save() OpenVas_Parser.updated_xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml, username=username ) return HttpResponseRedirect(reverse('networkscanners:index')) elif scanner == "nessus": date_time = datetime.now() tree = ET.parse(xml_file) root_xml = tree.getroot() Nessus_Parser.updated_nessus_parser(root=root_xml, scan_id=scan_id, project_id=project_id, username=username, ) return HttpResponseRedirect(reverse('networkscanners:nessus_scan')) elif scanner == "nmap": tree = ET.parse(xml_file) root_xml = tree.getroot() nmap_parser.xml_parser(root=root_xml, scan_id=scan_id, project_id=project_id, username=username, ) return HttpResponseRedirect(reverse('tools:nmap_scan')) return render(request, 'net_upload_xml.html', {'all_project': all_project})
def OpenVas_xml_upload(request): all_project = project_db.objects.all() if request.method == "POST": project_id = request.POST.get("project_id") scanner = request.POST.get("scanner") xml_file = request.FILES['xmlfile'] scan_ip = request.POST.get("scan_url") scan_id = uuid.uuid4() scan_status = "100" if scanner == "openvas": date_time = datetime.datetime.now() scan_dump = scan_save_db(scan_ip=scan_ip, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() OpenVas_Parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return HttpResponseRedirect("/networkscanners/") return render(request, 'net_upload_xml.html', {'all_project': all_project})
def openvas_scanner(scan_ip, project_id, sel_profile): """ The function is launch the OpenVAS scans. :param scan_ip: :param project_id: :param sel_profile: :return: """ openvas = OpenVAS_Plugin(scan_ip, project_id, sel_profile) scanner = openvas.connect() scan_id, target_id = openvas.scan_launch(scanner) date_time = datetime.now() save_all = scan_save_db(scan_id=str(scan_id), project_id=str(project_id), scan_ip=scan_ip, target_id=str(target_id), date_time=date_time) save_all.save() openvas.scan_status(scanner=scanner, scan_id=scan_id) time.sleep(5) vuln_an_id(scan_id=scan_id) return HttpResponse(status=201)
def Scan_Launch(scan_ip, project_id, sel_profile): with open(openvas_data, 'r+') as f: data = json.load(f) ov_user = data['open_vas_user'] ov_pass = data['open_vas_pass'] ov_ip = data['open_vas_ip'] lod_ov_user = signing.loads(ov_user) lod_ov_pass = signing.loads(ov_pass) lod_ov_ip = signing.loads(ov_ip) scanner = VulnscanManager(str(lod_ov_ip), str(lod_ov_user), str(lod_ov_pass)) time.sleep(5) profile = None if profile is None: profile = "Full and fast" else: profile = sel_profile scan_id, target_id = scanner.launch_scan(target=str(scan_ip), profile=str(profile)) save_all = scan_save_db(scan_id=str(scan_id), project_id=str(project_id), scan_ip=str(scan_ip), target_id=str(target_id)) save_all.save() while int(scanner.get_progress(str(scan_id))) < 100.0: print 'Scan progress %: ' + str(scanner.get_progress(str(scan_id))) status = str(scanner.get_progress(str(scan_id))) scan_save_db.objects.filter(scan_id=scan_id).update(scan_status=status) time.sleep(5) global status status = "100" scan_save_db.objects.filter(scan_id=scan_id).update(scan_status=status) if profile == "Discovery": print "returning....." else: time.sleep(10) try: openvas_results = scanner.get_raw_xml(str(scan_id)) vul_an_id(scan_id, openvas_results) except Exception as e: print e try: openvas_vul = ov_scan_result_db.objects.filter(scan_id=scan_id).order_by('scan_id') total_vul = len(openvas_vul) total_high = len(openvas_vul.filter(threat="High")) total_medium = len(openvas_vul.filter(threat="Medium")) total_low = len(openvas_vul.filter(threat="Low")) scan_save_db.objects.filter(scan_id=scan_id).update(total_vul=total_vul, high_total=total_high, medium_total=total_medium, low_total=total_low) except Exception as e: print e try: for vul_id in ov_scan_result_db.objects.values_list('vul_id', flat=True).distinct(): ov_scan_result_db.objects.filter( pk=ov_scan_result_db.objects.filter(vul_id=vul_id).values_list('id', flat=True)[1:]).delete() except Exception as e: print e
def Scan_Launch(scan_ip, project_id, sel_profile): with open(openvas_data, 'r+') as f: data = json.load(f) ov_user = data['open_vas_user'] ov_pass = data['open_vas_pass'] ov_ip = data['open_vas_ip'] lod_ov_user = signing.loads(ov_user) lod_ov_pass = signing.loads(ov_pass) lod_ov_ip = signing.loads(ov_ip) scanner = VulnscanManager(str(lod_ov_ip), str(lod_ov_user), str(lod_ov_pass)) time.sleep(5) profile = None if profile is None: profile = "Full and fast" else: profile = sel_profile scan_id, target_id = scanner.launch_scan(target=str(scan_ip), profile=str(profile)) date_time = datetime.datetime.now() save_all = scan_save_db(scan_id=str(scan_id), project_id=str(project_id), scan_ip=str(scan_ip), target_id=str(target_id), date_time=date_time) save_all.save() while int(scanner.get_progress(str(scan_id))) < 100.0: print 'Scan progress %: ' + str(scanner.get_progress(str(scan_id))) status = str(scanner.get_progress(str(scan_id))) scan_save_db.objects.filter(scan_id=scan_id).update(scan_status=status) time.sleep(5) global status status = "100" scan_save_db.objects.filter(scan_id=scan_id).update(scan_status=status) if profile == "Discovery": print "returning....." else: time.sleep(10) try: openvas_results = scanner.get_raw_xml(str(scan_id)) vul_an_id(scan_id, openvas_results) except Exception as e: print e try: openvas_vul = ov_scan_result_db.objects.filter(scan_id=scan_id).values('name', 'severity', 'vuln_color', 'threat', 'host', 'port').distinct() total_vul = len(openvas_vul) total_high = len(openvas_vul.filter(threat="High")) total_medium = len(openvas_vul.filter(threat="Medium")) total_low = len(openvas_vul.filter(threat="Low")) scan_save_db.objects.filter(scan_id=scan_id).update(total_vul=total_vul, high_total=total_high, medium_total=total_medium, low_total=total_low) except Exception as e: print e try: for vul_id in ov_scan_result_db.objects.values_list('vul_id', flat=True).distinct(): ov_scan_result_db.objects.filter( pk=ov_scan_result_db.objects.filter(vul_id=vul_id).values_list('id', flat=True)[1:]).delete() except Exception as e: print e
def post(self, request, format=None): username = request.user.username project_id = request.data.get("project_id") scanner = request.data.get("scanner") file = request.data.get("filename") scan_url = request.data.get("scan_url") scan_id = uuid.uuid4() scan_status = "100" if scanner == "zap_scan": date_time = datetime.datetime.now() scan_dump = zap_scans_db(scan_url=scan_url, scan_scanid=scan_id, date_time=date_time, project_id=project_id, vul_status=scan_status, rescan='No', username=username) scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) zap_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml_en, username=username) return Response({ "message": "ZAP Scan Data Uploaded", "scanner": scanner, "project_id": project_id, "scan_id": scan_id }) elif scanner == "burp_scan": date_time = datetime.datetime.now() scan_dump = burp_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() # Burp scan XML parser root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) burp_xml_parser.burp_scan_data(root_xml_en, project_id, scan_id, username=username) return Response({ "message": "Burp Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == "arachni": date_time = datetime.datetime.now() scan_dump = arachni_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) arachni_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml, username=username, target_url=scan_url) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == "acunetix": date_time = datetime.datetime.now() scan_dump = acunetix_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) acunetix_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml_en, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'netsparker': date_time = datetime.datetime.now() scan_dump = netsparker_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) netsparker_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'webinspect': date_time = datetime.datetime.now() scan_dump = webinspect_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) webinspect_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'banditscan': date_time = datetime.datetime.now() scan_dump = bandit_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) bandit_report_json(data=data, project_id=project_id, scan_id=scan_id, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'dependencycheck': date_time = datetime.datetime.now() scan_dump = dependencycheck_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() xml_dat = bytes(bytearray(file, encoding='utf-8')) data = etree.XML(xml_dat) dependencycheck_report_parser.xml_parser(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'findbugs': date_time = datetime.datetime.now() scan_dump = findbugs_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) findbugs_report_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'checkmarx': date_time = datetime.datetime.now() scan_dump = checkmarx_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) checkmarx_xml_report_parser.checkmarx_report_xml( data=root_xml, project_id=project_id, scan_id=scan_id, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'clair': date_time = datetime.datetime.now() scan_dump = clair_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) clair_json_report_parser.clair_report_json(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'trivy': date_time = datetime.datetime.now() scan_dump = trivy_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) trivy_json_report_parser.trivy_report_json(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'npmaudit': date_time = datetime.datetime.now() scan_dump = npmaudit_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) npm_audit_report_json.npmaudit_report_json(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'nodejsscan': date_time = datetime.datetime.now() scan_dump = nodejsscan_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) nodejsscan_report_json.nodejsscan_report_json( project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'tfsec': date_time = datetime.datetime.now() scan_dump = tfsec_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) tfsec_report_parser.tfsec_report_json(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'whitesource': date_time = datetime.datetime.now() scan_dump = whitesource_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) whitesource_json_report_parser.whitesource_report_json( project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'inspec': date_time = datetime.datetime.now() scan_dump = inspec_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) inspec_json_parser.inspec_report_json(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'dockle': date_time = datetime.datetime.now() scan_dump = dockle_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) dockle_json_parser.dockle_report_json(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'nessus': date_time = datetime.datetime.now() scan_dump = nessus_scan_db(scan_ip=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) Nessus_Parser.updated_nessus_parser(root=root_xml_en, scan_id=scan_id, project_id=project_id, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'openvas': date_time = datetime.datetime.now() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) hosts = OpenVas_Parser.get_hosts(root_xml_en) for host in hosts: scan_dump = scan_save_db(scan_ip=host, scan_id=host, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() OpenVas_Parser.updated_xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml_en, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'nikto': date_time = datetime.datetime.now() scan_dump = nikto_result_db(date_time=date_time, scan_url=scan_url, scan_id=scan_id, project_id=project_id, username=username) scan_dump.save() nikto_html_parser(file, project_id, scan_id, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) return Response({"message": "Scan Data Uploaded"})
def post(self, request, format=None): project_id = request.data.get("project_id") scanner = request.data.get("scanner") file = request.data.get("filename") print("Results file content: ", file) scan_url = request.data.get("scan_url") scan_id = uuid.uuid4() scan_status = "100" if scanner == "zap_scan": print("Inside zap_scan") date_time = datetime.datetime.now() scan_dump = zap_scans_db(scan_url=scan_url, scan_scanid=scan_id, date_time=date_time, project_id=project_id, vul_status=scan_status, rescan='No') scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) zap_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml_en) return Response({ "message": "ZAP Scan Data Uploaded", "scanner": scanner, "project_id": project_id, "scan_id": scan_id }) elif scanner == "burp_scan": date_time = datetime.datetime.now() scan_dump = burp_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() # Burp scan XML parser root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) burp_xml_parser.burp_scan_data(root_xml_en, project_id, scan_id) return Response({ "message": "Burp Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == "arachni": date_time = datetime.datetime.now() scan_dump = arachni_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) arachni_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == "acunetix": date_time = datetime.datetime.now() scan_dump = acunetix_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) acunetix_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml_en) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'netsparker': date_time = datetime.datetime.now() scan_dump = netsparker_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) netsparker_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'webinspect': date_time = datetime.datetime.now() scan_dump = webinspect_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) webinspect_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'banditscan': date_time = datetime.datetime.now() scan_dump = bandit_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() data = json.loads(file) bandit_report_json(data=data, project_id=project_id, scan_id=scan_id) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'dependencycheck': date_time = datetime.datetime.now() scan_dump = dependencycheck_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() xml_dat = bytes(bytearray(file, encoding='utf-8')) data = etree.XML(xml_dat) dependencycheck_report_parser.xml_parser(project_id=project_id, scan_id=scan_id, data=data) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'findbugs': date_time = datetime.datetime.now() scan_dump = findbugs_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) findbugs_report_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'clair': date_time = datetime.datetime.now() scan_dump = clair_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() data = json.loads(file) clair_json_report_parser.clair_report_json(project_id=project_id, scan_id=scan_id, data=data) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'inspec': date_time = datetime.datetime.now() scan_dump = inspec_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() data = json.loads(file) inspec_json_parser.inspec_report_json(project_id=project_id, scan_id=scan_id, data=data) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'nessus': date_time = datetime.datetime.now() scan_dump = nessus_scan_db(scan_ip=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) Nessus_Parser.nessus_parser( root=root_xml_en, scan_id=scan_id, project_id=project_id, ) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'openvas': date_time = datetime.datetime.now() scan_dump = scan_save_db(scan_ip=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) OpenVas_Parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml_en) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'nikto': date_time = datetime.datetime.now() scan_dump = nikto_result_db( date_time=date_time, scan_url=scan_url, scan_id=scan_id, project_id=project_id, ) scan_dump.save() nikto_html_parser(file, project_id, scan_id) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) return Response({"message": "Scan Data Not Uploaded"})
def OpenVas_xml_upload(request): """ OpenVAS XML file upload. :param request: :return: """ all_project = project_db.objects.all() if request.method == "POST": project_id = request.POST.get("project_id") scanner = request.POST.get("scanner") xml_file = request.FILES['xmlfile'] scan_ip = request.POST.get("scan_url") scan_id = uuid.uuid4() scan_status = "100" if scanner == "openvas": date_time = datetime.now() scan_dump = scan_save_db(scan_ip=scan_ip, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() OpenVas_Parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return HttpResponseRedirect("/networkscanners/") elif scanner == "nessus": date_time = datetime.now() scan_dump = nessus_scan_db( scan_ip=scan_ip, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status ) scan_dump.save() scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() Nessus_Parser.nessus_parser(root=root_xml, scan_id=scan_id, project_id=project_id, ) return HttpResponseRedirect("/networkscanners/nessus_scan") elif scanner == "nmap": # date_time = datetime.now() # scan_dump = nessus_scan_db( # scan_ip=scan_ip, # scan_id=scan_id, # date_time=date_time, # project_id=project_id, # scan_status=scan_status # ) # scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() nmap_parser.xml_parser(root=root_xml, scan_id=scan_id, project_id=project_id, ) return HttpResponseRedirect("/tools/nmap_scan/") return render(request, 'net_upload_xml.html', {'all_project': all_project})
def launch_scan(request): all_ip = scan_save_db.objects.all() scanner = VulnscanManager(scan_host, user, password) time.sleep(5) if request.method == 'POST': all_ip = scan_save_db.objects.all() scan_ip = request.POST.get('ip') profile = None if profile is None: profile = "Full and fast" else: profile = request.POST.get('scan_profile') scan_id, target_id = scanner.launch_scan(target=str(scan_ip), profile=str(profile)) save_all = scan_save_db(scan_id=str(scan_id), scan_ip=str(scan_ip), target_id=str(target_id)) save_all.save() while int(scanner.get_progress(str(scan_id))) < 100.0: print 'Scan progress %: ' + str(scanner.get_progress(str(scan_id))) status = str(scanner.get_progress(str(scan_id))) scan_save_db.objects.filter(scan_id=scan_id).update( scan_status=status) time.sleep(5) global status status = "100" scan_save_db.objects.filter(scan_id=scan_id).update(scan_status=status) if profile == "Discovery": print "returning....." else: time.sleep(10) try: openvas_results = scanner.get_raw_xml(str(scan_id)) vul_an_id(scan_id, openvas_results) except Exception as e: print e try: openvas_vul = ov_scan_result_db.objects.filter( Q(scan_id=scan_id)).order_by('scan_id') total_vul = len(openvas_vul) total_high = len(openvas_vul.filter(threat="High")) total_medium = len(openvas_vul.filter(threat="Medium")) total_low = len(openvas_vul.filter(threat="Low")) scan_save_db.objects.filter(scan_id=scan_id).update( total_vul=total_vul, high_total=total_high, medium_total=total_medium, low_total=total_low) except Exception as e: print e try: for vul_id in ov_scan_result_db.objects.values_list( 'vul_id', flat=True).distinct(): ov_scan_result_db.objects.filter( pk=ov_scan_result_db.objects.filter(vul_id=vul_id). values_list('id', flat=True)[1:]).delete() except Exception as e: print e return render_to_response('vul_details.html', {'all_ip': all_ip})