Exemplo n.º 1
0
def openvas_setting(request):
    """
    Calling OpenVAS setting page.
    :param request:
    :return:
    """
    print load_settings
    load_openvas_setting = load_settings.ArcherySettings(api_data)
    openvas_host = load_openvas_setting.openvas_host()
    openvas_port = load_openvas_setting.openvas_port()
    openvas_enabled = load_openvas_setting.openvas_enabled()
    if openvas_enabled:
        openvas_enabled = 'True'
    else:
        openvas_enabled = 'False'
    openvas_user = load_openvas_setting.openvas_username()
    openvas_password = load_openvas_setting.openvas_pass()
    return render(
        request, 'setting_form.html', {
            'openvas_host': openvas_host,
            'openvas_port': openvas_port,
            'openvas_enabled': openvas_enabled,
            'openvas_user': openvas_user,
            'openvas_password': openvas_password
        })
Exemplo n.º 2
0
    def scan_launch(self):
        """
        The function trigger the scans.
        """

        settings = load_settings.ArcherySettings()
        burp_host = settings.burp_host()
        burp_port = settings.burp_port()

        print burp_host

        global vuln_id, burp_status
        # try:
        #     with open(setting_file, 'r+') as f:
        #         data = json.load(f)
        #         burp_path = data['burp_path']
        #         burp_port = data['burp_port']
        # except Exception as e:
        #     print e
        print self.project_id
        print self.scan_url
        time.sleep(15)
        host = 'http://' + burp_host + ':' + burp_port
        bi = burpscanner.BurpApi(host)
        bi.burp_scope_add(self.scan_url)
        bi.burp_spider(self.scan_url)
        time.sleep(15)
        bi.burp_active_scan(self.scan_url)
        print "Project_id", self.project_id
        while (int(burp_status) < 100):
            scan_status = bi.burp_scan_status()
            dat_status = scan_status.data
            for key, item in dat_status.iteritems():
                burp_status = item
                print "Burp Scan Status :", burp_status
                burp_scan_db.objects.filter(scan_id=self.scan_id).update(
                    scan_status=burp_status)
                time.sleep(5)
        burp_status = "100"
        # if burp_status == '100':
        #     burp_status = "0"
        # else:
        #     print "Scan Continue..."
        print "Result Extracting........"
        time.sleep(10)
        print "Result Extracted........"
        scan_result = bi.scan_report(self.scan_url, 'XML')
        result_xml = scan_result.data
        xml_data = ET.fromstring(result_xml)
        do_scan_dat = burp_scans(self.project_id, self.scan_url, self.scan_id)
        do_scan_dat.burp_scan_data(xml_data)
Exemplo n.º 3
0
    def get(self, request):
        load_nv_setting = load_settings.ArcherySettings(api_data, )
        nv_enabled = str(load_nv_setting.nv_enabled())
        nv_online = str(load_nv_setting.nv_enabled())
        nv_version = str(load_nv_setting.nv_enabled())
        nv_timing = load_nv_setting.nv_timing()

        return render(
            request,
            "networkscanners/nv_settings.html",
            {
                "nv_enabled": nv_enabled,
                "nv_online": nv_online,
                "nv_version": nv_version,
                "nv_timing": nv_timing,
            },
        )
Exemplo n.º 4
0
def nv_setting(request):
    """
    Calling NMAP Vulners setting page.
    :param request:
    :return:
    """
    load_nv_setting = load_settings.ArcherySettings(api_data)
    nv_enabled = str(load_nv_setting.nv_enabled())
    nv_online = str(load_nv_setting.nv_enabled())
    nv_version = str(load_nv_setting.nv_enabled())
    nv_timing = load_nv_setting.nv_timing()

    return render(
        request, 'nv_settings.html', {
            'nv_enabled': nv_enabled,
            'nv_online': nv_online,
            'nv_version': nv_version,
            'nv_timing': nv_timing,
        })
Exemplo n.º 5
0
def setting(request):
    """
    The function calling setting page.
    :param request:
    :return:
    """
    # Loading settings
    settings = load_settings.ArcherySettings(setting_file)

    # Loading OpenVAS Settings
    ov_user = settings.openvas_username()
    ov_pass = settings.openvas_pass()
    ov_ip = settings.openvas_host()
    lod_ov_user = signing.loads(ov_user)
    lod_ov_pass = signing.loads(ov_pass)
    lod_ov_ip = signing.loads(ov_ip)

    # Loading ZAP Settings
    lod_apikey = settings.zap_api_key()
    zap_host = settings.zap_host()
    zap_port = settings.zap_port()

    # Loading Burp Settings
    burp_host = settings.burp_host()
    burp_port = settings.burp_port()

    # Loading Email Settings
    email_subject = settings.email_subject()
    email_from = settings.email_from()
    to_email = settings.email_to()

    return render(request, 'setting.html',
                  {'apikey': lod_apikey,
                   'zapath': zap_host,
                   'zap_port': zap_port,
                   'lod_ov_user': lod_ov_user,
                   'lod_ov_pass': lod_ov_pass,
                   'lod_ov_ip': lod_ov_ip,
                   'burp_path': burp_host,
                   'burp_port': burp_port,
                   'email_subject': email_subject,
                   'email_from': email_from,
                   'to_email': to_email})
Exemplo n.º 6
0
 def get(self, request):
     load_openvas_setting = load_settings.ArcherySettings(api_data, )
     openvas_host = load_openvas_setting.openvas_host()
     openvas_port = load_openvas_setting.openvas_port()
     openvas_enabled = load_openvas_setting.openvas_enabled()
     if openvas_enabled:
         openvas_enabled = "True"
     else:
         openvas_enabled = "False"
     openvas_user = load_openvas_setting.openvas_username()
     openvas_password = load_openvas_setting.openvas_pass()
     return render(
         request,
         "networkscanners/setting_form.html",
         {
             "openvas_host": openvas_host,
             "openvas_port": openvas_port,
             "openvas_enabled": openvas_enabled,
             "openvas_user": openvas_user,
             "openvas_password": openvas_password,
         },
     )
Exemplo n.º 7
0
def setting(request):
    """
    The function calling setting page.
    :param request:
    :return:
    """
    all_notify = Notification.objects.unread()

    jira_url = None
    j_username = None
    password = None
    # Loading settings

    username = request.user.username

    settings = load_settings.ArcherySettings(setting_file, username=username)

    lod_ov_user = settings.openvas_username()
    lod_ov_pass = settings.openvas_pass()
    lod_ov_host = settings.openvas_host()
    lod_ov_port = settings.openvas_port()
    lod_ov_enabled = settings.openvas_enabled()

    # Loading ZAP Settings
    zap_api_key = ''
    zap_hosts = ''
    zap_ports = ''
    zap_enable = False

    all_zap = zap_settings_db.objects.filter(username=username)
    for zap in all_zap:
        zap_api_key = zap.zap_api
        zap_hosts = zap.zap_url
        zap_ports = zap.zap_port
        zap_enable = zap.enabled

    lod_apikey = zap_api_key
    zap_host = zap_hosts
    zap_port = zap_ports

    # Loading Arachni Settings
    arachni_hosts = ''
    arachni_ports = ''

    all_arachni = arachni_settings_db.objects.filter(username=username)
    for arachni in all_arachni:
        arachni_hosts = arachni.arachni_url
        arachni_ports = arachni.arachni_port

    arachni_hosts = arachni_hosts
    arachni_ports = arachni_ports

    # Loading NMAP Vulners Settings
    nv_enabled = False
    nv_online = False
    nv_version = False
    nv_timing = 0

    all_nv = nmap_vulners_setting_db.objects.filter(username=username)
    for nv in all_nv:
        nv_enabled = bool(nv.enabled)
        nv_online = bool(nv.online)
        nv_version = bool(nv.version)
        nv_timing = int(nv.timing)

    # Loading Burp Settings

    burp_host = settings.burp_host()
    burp_port = settings.burp_port()
    burp_api_key = settings.burp_api_key()

    # Loading Email Settings

    all_email = email_db.objects.filter(username=username)

    # Load JIRA Setting
    jira_setting = jirasetting.objects.filter(username=username)

    for jira in jira_setting:
        jira_url = jira.jira_server
        j_username = jira.jira_username
        password = jira.jira_password
    jira_server = jira_url
    if j_username is None:
        jira_username = None
    else:
        jira_username = signing.loads(j_username)

    if password is None:
        jira_password = None
    else:
        jira_password = signing.loads(password)

    username = request.user.username
    zap_enabled = False
    random_port = '8091'
    target_url = 'https://archerysec.com'
    zap_info = ''
    burp_info = ''
    openvas_info = ''
    arachni_info = ''
    jira_info = ''

    if request.method == 'POST':
        setting_of = request.POST.get('setting_of')
        if setting_of == 'zap':
            all_zap = zap_settings_db.objects.filter(username=username)
            for zap in all_zap:
                zap_enabled = zap.enabled

            if zap_enabled is False:
                zap_info = 'Disabled'
                try:
                    random_port = zap_plugin.zap_local()
                except:
                    return render(request, 'setting.html',
                                  {'zap_info': zap_info})

                for i in range(0, 100):
                    while True:
                        try:
                            # Connection Test
                            zap_connect = zap_plugin.zap_connect(
                                random_port, username=username)
                            zap_connect.spider.scan(url=target_url)
                        except Exception as e:
                            print(
                                "ZAP Connection Not Found, re-try after 5 sec")
                            time.sleep(5)
                            continue
                        break
            else:
                try:
                    zap_connect = zap_plugin.zap_connect(random_port,
                                                         username=username)
                    zap_connect.spider.scan(url=target_url)
                    zap_info = True
                except:
                    zap_info = False
        if setting_of == 'burp':
            host = 'http://' + burp_host + ':' + burp_port + '/'

            bi = burpscanner.BurpApi(host, burp_api_key)

            issue_list = bi.issue_definitions()
            if issue_list.data is None:
                burp_info = False
            else:
                burp_info = True

        if setting_of == 'openvas':
            sel_profile = ''

            openvas = OpenVAS_Plugin(scan_ip,
                                     project_id,
                                     sel_profile,
                                     username=username)
            try:
                openvas.connect()
                openvas_info = True
            except:
                openvas_info = False

        if setting_of == 'arachni':
            global scan_run_id, scan_status
            arachni_hosts = None
            arachni_ports = None
            all_arachni = arachni_settings_db.objects.filter(username=username)
            for arachni in all_arachni:
                arachni_hosts = arachni.arachni_url
                arachni_ports = arachni.arachni_port

            arachni = PyArachniapi.arachniAPI(arachni_hosts, arachni_ports)

            check = []
            data = {
                "url": 'https://archerysec.com',
                "checks": check,
                "audit": {}
            }
            d = json.dumps(data)

            scan_launch = arachni.scan_launch(d)
            time.sleep(3)

            try:
                scan_data = scan_launch.data

                for key, value in scan_data.items():
                    if key == 'id':
                        scan_run_id = value
                arachni_info = True
            except Exception:
                arachni_info = False

        if setting_of == 'jira':
            global jira_projects, jira_ser
            jira_setting = jirasetting.objects.filter(username=username)

            for jira in jira_setting:
                jira_url = jira.jira_server
                username = jira.jira_username
                password = jira.jira_password
            jira_server = jira_url
            jira_username = signing.loads(username)
            jira_password = signing.loads(password)

            options = {'server': jira_server}
            try:

                jira_ser = JIRA(options,
                                basic_auth=(jira_username, jira_password),
                                timeout=5)
                jira_projects = jira_ser.projects()
                print(len(jira_projects))
                jira_info = True
            except Exception as e:
                print(e)
                jira_info = False

    return render(
        request, 'setting.html', {
            'apikey': lod_apikey,
            'zapath': zap_host,
            'zap_port': zap_port,
            'zap_enable': zap_enable,
            'arachni_hosts': arachni_hosts,
            'arachni_ports': arachni_ports,
            'lod_ov_user': lod_ov_user,
            'lod_ov_pass': lod_ov_pass,
            'lod_ov_host': lod_ov_host,
            'lod_ov_enabled': lod_ov_enabled,
            'lod_ov_port': lod_ov_port,
            'burp_path': burp_host,
            'burp_port': burp_port,
            'burp_api_key': burp_api_key,
            'all_email': all_email,
            'jira_server': jira_server,
            'jira_username': jira_username,
            'jira_password': jira_password,
            'nv_enabled': nv_enabled,
            'nv_version': nv_version,
            'nv_online': nv_online,
            'nv_timing': nv_timing,
            'message': all_notify,
            'zap_info': zap_info,
            'burp_info': burp_info,
            'openvas_info': openvas_info,
            'arachni_info': arachni_info,
            'jira_info': jira_info
        })
Exemplo n.º 8
0
def setting(request):
    """
    The function calling setting page.
    :param request:
    :return:
    """
    all_notify = Notification.objects.unread()

    jira_url = None
    j_username = None
    password = None
    # Loading settings

    username = request.user.username

    settings = load_settings.ArcherySettings(setting_file, username=username)

    lod_ov_user = settings.openvas_username()
    lod_ov_pass = settings.openvas_pass()
    lod_ov_host = settings.openvas_host()
    lod_ov_port = settings.openvas_port()
    lod_ov_enabled = settings.openvas_enabled()

    # Loading ZAP Settings
    zap_api_key = ''
    zap_hosts = ''
    zap_ports = ''
    zap_enable = False

    all_zap = zap_settings_db.objects.filter(username=username)
    for zap in all_zap:
        zap_api_key = zap.zap_api
        zap_hosts = zap.zap_url
        zap_ports = zap.zap_port
        zap_enable = zap.enabled

    lod_apikey = zap_api_key
    zap_host = zap_hosts
    zap_port = zap_ports

    # Loading Arachni Settings
    arachni_hosts = ''
    arachni_ports = ''

    all_arachni = arachni_settings_db.objects.filter(username=username)
    for arachni in all_arachni:
        arachni_hosts = arachni.arachni_url
        arachni_ports = arachni.arachni_port

    arachni_hosts = arachni_hosts
    arachni_ports = arachni_ports

    # Loading NMAP Vulners Settings
    nv_enabled = False
    nv_online = False
    nv_version = False
    nv_timing = 0

    all_nv = nmap_vulners_setting_db.objects.filter(username=username)
    for nv in all_nv:
        nv_enabled = bool(nv.enabled)
        nv_online = bool(nv.online)
        nv_version = bool(nv.version)
        nv_timing = int(nv.timing)

    # Loading Burp Settings

    burp_host = settings.burp_host()
    burp_port = settings.burp_port()
    burp_api_key = settings.burp_api_key()

    # Loading Email Settings

    all_email = email_db.objects.filter(username=username)

    # Load JIRA Setting
    jira_setting = jirasetting.objects.filter(username=username)

    for jira in jira_setting:
        jira_url = jira.jira_server
        j_username = jira.jira_username
        password = jira.jira_password
    jira_server = jira_url
    if j_username is None:
        jira_username = None
    else:
        jira_username = signing.loads(j_username)

    if password is None:
        jira_password = None
    else:
        jira_password = signing.loads(password)

    return render(
        request, 'setting.html', {
            'apikey': lod_apikey,
            'zapath': zap_host,
            'zap_port': zap_port,
            'zap_enable': zap_enable,
            'arachni_hosts': arachni_hosts,
            'arachni_ports': arachni_ports,
            'lod_ov_user': lod_ov_user,
            'lod_ov_pass': lod_ov_pass,
            'lod_ov_host': lod_ov_host,
            'lod_ov_enabled': lod_ov_enabled,
            'lod_ov_port': lod_ov_port,
            'burp_path': burp_host,
            'burp_port': burp_port,
            'burp_api_key': burp_api_key,
            'all_email': all_email,
            'jira_server': jira_server,
            'jira_username': jira_username,
            'jira_password': jira_password,
            'nv_enabled': nv_enabled,
            'nv_version': nv_version,
            'nv_online': nv_online,
            'nv_timing': nv_timing,
            'message': all_notify,
        })
Exemplo n.º 9
0
import uuid
import json
import ast

# ZAP Database import
from webscanners.models import zap_scan_results_db,\
    zap_scans_db,\
    zap_spider_db,\
    cookie_db,\
    excluded_db

from archerysettings import load_settings

# Global Variables
setting_file = os.getcwd() + '/apidata.json'
zap_setting = load_settings.ArcherySettings(setting_file)
zap_api_key = zap_setting.zap_api_key()
zap_hosts = zap_setting.zap_host()
zap_ports = zap_setting.zap_port()


def zap_connect():
    zap = ZAPv2(apikey=zap_api_key,
                proxies={
                    'http': zap_hosts + ':' + zap_ports,
                    'https': zap_hosts + ':' + zap_ports})
    return zap


class ZAPScanner:
    """
Exemplo n.º 10
0
def setting(request):
    """
    The function calling setting page.
    :param request:
    :return:
    """
    jira_url = None
    username = None
    password = None
    # Loading settings
    settings = load_settings.ArcherySettings(setting_file)

    lod_ov_user = settings.openvas_username()
    lod_ov_pass = settings.openvas_pass()
    lod_ov_host = settings.openvas_host()
    lod_ov_port = settings.openvas_port()
    lod_ov_enabled = settings.openvas_enabled()

    # Loading ZAP Settings
    zap_api_key = ''
    zap_hosts = ''
    zap_ports = ''

    all_zap = zap_settings_db.objects.all()
    for zap in all_zap:
        zap_api_key = zap.zap_api
        zap_hosts = zap.zap_url
        zap_ports = zap.zap_port

    lod_apikey = zap_api_key
    zap_host = zap_hosts
    zap_port = zap_ports

    # Loading Arachni Settings
    arachni_hosts = ''
    arachni_ports = ''

    all_arachni = arachni_settings_db.objects.all()
    for arachni in all_arachni:
        arachni_hosts = arachni.arachni_url
        arachni_ports = arachni.arachni_port

    arachni_hosts = arachni_hosts
    arachni_ports = arachni_ports

    # Loading NMAP Vulners Settings
    nv_enabled = False
    nv_online = False
    nv_version = False
    nv_timing = 0

    all_nv = nmap_vulners_setting_db.objects.all()
    for nv in all_nv:
        nv_enabled = bool(nv.enabled)
        nv_online = bool(nv.online)
        nv_version = bool(nv.version)
        nv_timing = int(nv.timing)

    # Loading Burp Settings

    burp_host = settings.burp_host()
    burp_port = settings.burp_port()

    # Loading Email Settings
    email_subject = settings.email_subject()
    email_from = settings.email_from()
    to_email = settings.email_to()

    # Load JIRA Setting
    jira_setting = jirasetting.objects.all()

    for jira in jira_setting:
        jira_url = jira.jira_server
        username = jira.jira_username
        password = jira.jira_password
    jira_server = jira_url
    if username is None:
        jira_username = None
    else:
        jira_username = signing.loads(username)

    if password is None:
        jira_password = None
    else:
        jira_password = signing.loads(password)

    return render(
        request, 'setting.html', {
            'apikey': lod_apikey,
            'zapath': zap_host,
            'zap_port': zap_port,
            'arachni_hosts': arachni_hosts,
            'arachni_ports': arachni_ports,
            'lod_ov_user': lod_ov_user,
            'lod_ov_pass': lod_ov_pass,
            'lod_ov_host': lod_ov_host,
            'lod_ov_enabled': lod_ov_enabled,
            'lod_ov_port': lod_ov_port,
            'burp_path': burp_host,
            'burp_port': burp_port,
            'email_subject': email_subject,
            'email_from': email_from,
            'to_email': to_email,
            'jira_server': jira_server,
            'jira_username': jira_username,
            'jira_password': jira_password,
            'nv_enabled': nv_enabled,
            'nv_version': nv_version,
            'nv_online': nv_online,
            'nv_timing': nv_timing,
        })
Exemplo n.º 11
0
from openvas_lib import VulnscanManager, VulnscanException
from networkscanners.models import scan_save_db, ov_scan_result_db
from django.utils import timezone
from archerysettings import load_settings
from django.core import signing
import time
import os
import uuid

openvas_data = os.getcwd() + '/' + 'apidata.json'
openvas_setting = load_settings.ArcherySettings(openvas_data)


class OpenVAS_Plugin:
    """
    OpenVAS plugin Class
    """
    def __init__(self, scan_ip, project_id, sel_profile):
        """

        :param scan_ip:
        :param project_id:
        :param sel_profile:
        """

        self.scan_ip = scan_ip
        self.project_id = project_id
        self.sel_profile = sel_profile

    def connect(self):
        """