def run_recon(scan_information):
slack.send_notification_to_channel(
'Starting recon against %s' % scan_information['domain'],
'#vm-recon-module')
mongo.add_module_status_log({
'module_keyword': "recon_module",
'state': "start",
'domain': scan_information[
'domain'], #En los casos de start/stop de genericos, va None
'found': None,
'arguments': scan_information
})
#We add the domain to our domain database
mongo.add_domain(scan_information, True, True)
# Scanning for subdomains
subdomain_recon_task(scan_information)
# We resolve to get http/https urls
resolver_recon_task(scan_information)
mongo.add_module_status_log({
'module_keyword': "recon_module",
'state': "start",
'domain': scan_information[
'domain'], #En los casos de start/stop de genericos, va None
'found': None,
'arguments': scan_information
})
recon_finished(scan_information)
return
def send_module_status_log(scan_info, status):
mongo.add_module_status_log({
'module_keyword': MODULE_IDENTIFIER,
'state': status,
'domain': scan_info['domain'],
'found': None,
'arguments': scan_info
})
return
def start_scan_on_approved_resources():
slack.send_notification_to_channel(
'_ Starting scan against approved resources _', '#vm-ondemand')
resources = mongo.get_data_for_approved_scan()
print(resources)
for resource in resources:
scan_info = resource
scan_info['email'] = None
scan_info['nessus_scan'] = settings['PROJECT']['ACTIVATE_NESSUS']
scan_info['acunetix_scan'] = settings['PROJECT']['ACTIVATE_ACUNETIX']
scan_info['burp_scan'] = settings['PROJECT']['ACTIVATE_BURP']
scan_info['invasive_scans'] = settings['PROJECT'][
'ACTIVATE_INVASIVE_SCANS']
mongo.add_module_status_log({
'module_keyword': "general_vuln_module",
'state': "start",
'domain': scan_info[
'domain'], #En los casos de start/stop de genericos, va None
'found': None,
'arguments': scan_info
})
if scan_info['type'] == 'domain':
execution_chord = chord(
[
run_web_scanners.si(scan_info).set(queue='fast_queue'),
run_ip_scans.si(scan_info).set(queue='slow_queue')
],
body=on_demand_scan_finished.s(scan_info).set(
queue='fast_queue'),
immutable=True)
execution_chord.apply_async(queue='fast_queue', interval=300)
elif scan_info['type'] == 'ip':
execution_chord = chord(
[run_ip_scans.si(scan_info).set(queue='slow_queue')],
body=on_demand_scan_finished.s(scan_info).set(
queue='fast_queue'),
immutable=True)
execution_chord.apply_async(queue='fast_queue', interval=300)
elif scan_info['type'] == 'url':
execution_chord = chord(
[
run_web_scanners.si(scan_info).set(queue='fast_queue'),
run_ip_scans.si(scan_info).set(queue='slow_queue')
],
body=on_demand_scan_finished.s(scan_info).set(
queue='fast_queue'),
immutable=True)
execution_chord.apply_async(queue='fast_queue', interval=300)
return
def project_monitor_task():
monitor_data = mongo.get_domains_for_monitor()
mongo.add_module_status_log({
'module_keyword': "monitor_recon_module",
'state': "start",
'domain': None, #En los casos de start/stop de genericos, va None
'found': None,
'arguments': monitor_data
})
print(monitor_data)
slack.send_notification_to_channel(
'Starting monitor against %s' % str(monitor_data), '#vm-monitor')
for data in monitor_data:
scan_info = data
scan_info['is_first_run'] = False
scan_info['email'] = None
scan_info['type'] = 'domain'
if scan_info['type'] == 'domain':
run_recon.apply_async(args=[scan_info], queue='fast_queue')
return
def recon_against_target(information):
information['is_first_run'] = True
information['type'] = 'domain'
slack.send_notification_to_channel(
'_ Starting recon only scan against %s _' % str(information['domain']),
'#vm-ondemand')
mongo.add_module_status_log({
'module_keyword': "on_demand_recon_module",
'state': "start",
'domain': None, #En los casos de start/stop de genericos, va None
'found': None,
'arguments': information
})
for domain in information['domain']:
current_scan_info = copy.deepcopy(information)
current_scan_info['domain'] = domain
execution_chain = chain(
tasks.run_recon.si(current_scan_info).set(queue='slow_queue'))
execution_chain.apply_async(queue='fast_queue', interval=300)
def gather_data(project_dir, scan_info):
# Take final text file and run through API that checks information
# Here we call the add_to_db
lines = open(project_dir + '/all.txt', 'r').readlines()
# List is empty
if not lines:
mongo.add_module_status_log({
'module_keyword': "subdomain_recon_module",
'state': "start",
'domain': scan_info['domain'], #En los casos de start/stop de genericos, va None
'found': "not_found",
'arguments': scan_info
})
else:
mongo.add_module_status_log({
'module_keyword': "subdomain_recon_module",
'state': "start",
'domain': scan_info['domain'], #En los casos de start/stop de genericos, va None
'found': "found",
'arguments': scan_info
})
for url in lines:
url = url.replace('\n', '')
try:
is_alive = subprocess.check_output(['dig', url, '+short', '|', 'sed', "'/[a-z]/d'"])
except subprocess.CalledProcessError:
print('ERROR Called proces error at dig gather data')
continue
if is_alive.decode():
is_alive_clause = 'True'
else:
is_alive_clause = 'False'
try:
has_ip = subprocess.check_output(['dig', url, '+short', '|', 'sed', "'/[a-z]/d'", '|', 'sed', '-n', 'lp'])
except subprocess.CalledProcessError:
print('ERROR Called proces error at dig gather data bis')
continue
url_info={
'domain': scan_info['domain'],
'subdomain': url,
'is_alive': is_alive_clause,
'ip': None,
'isp': None,
'asn': None,
'country': None,
'region': None,
'city': None,
'org': None,
'lat': '0',
'lon': '0'
}
if has_ip.decode():
value = has_ip.decode().split('\n')
ip = value[-2]
url_info['ip'] = ip
# If alive with IP, we try to find more information
gather_additional_info(url_info, scan_info)
else:
# If not alive, we just add the info we have
mongo.add_resource(url_info, scan_info)
return
