def isLaunchableNow(self):
"""Returns True if the tool matches criteria to be launched
(current time matches one of interval object assigned to this wave)
Returns:
bool
"""
intervals = Interval.fetchObjects({"wave": self.wave})
for intervalModel in intervals:
if Utils.fitNowTime(intervalModel.dated, intervalModel.datef):
return True
return False
def onTreeviewSelect(self, event=None):
"""Called when a line is selected on the treeview
Open the selected object view on the view frame.
Args:
_event: not used but mandatory
"""
selection = self.selection()
if len(selection) == 1:
item = super().onTreeviewSelect(event)
if isinstance(item, str):
mongoInstance = MongoCalendar.getInstance()
self.saveState(mongoInstance.calendarName)
if str(item) == "waves":
objView = WaveView(self, self.appli.viewframe, self.appli,
WaveController(Wave()))
objView.openInsertWindow()
elif str(item) == "commands":
objView = CommandView(
self, self.appli.viewframe, self.appli,
CommandController(
Command({"indb": mongoInstance.calendarName})))
objView.openInsertWindow()
elif str(item) == "ips":
objView = MultipleIpView(self, self.appli.viewframe,
self.appli, IpController(Ip()))
objView.openInsertWindow()
elif "intervals" in str(item):
wave = Wave.fetchObject({
"_id":
ObjectId(IntervalView.treeviewListIdToDb(item))
})
objView = IntervalView(
self, self.appli.viewframe, self.appli,
IntervalController(Interval().initialize(wave.wave)))
objView.openInsertWindow()
elif "scopes" in str(item):
wave = Wave.fetchObject(
{"_id": ObjectId(ScopeView.treeviewListIdToDb(item))})
objView = MultipleScopeView(
self, self.appli.viewframe, self.appli,
ScopeController(Scope().initialize(wave.wave)))
objView.openInsertWindow()
else:
self.openModifyWindowOf(item)
elif len(selection) > 1:
# Multi select:
multiView = MultiSelectionView(self, self.appli.viewframe,
self.appli)
for widget in self.appli.viewframe.winfo_children():
widget.destroy()
multiView.form.clear()
multiView.openModifyWindow()
def searchForAddressCompatibleWithTime(cls):
"""
Return a list of wave which have at least one interval fitting the actual time.
Returns:
A set of wave name
"""
waves_to_launch = set()
intervals = Interval.fetchObjects({})
for intervalModel in intervals:
if Utils.fitNowTime(intervalModel.dated, intervalModel.datef):
waves_to_launch.add(intervalModel.wave)
return waves_to_launch
def getWaveTimeLimit(waveName):
"""
Return the latest time limit in which this tool fits. The tool should timeout after that limit
Returns:
Return the latest time limit in which this tool fits.
"""
intervals = Interval.fetchObjects({"wave": waveName})
furthestTimeLimit = datetime.now()
for intervalModel in intervals:
if Utils.fitNowTime(intervalModel.dated, intervalModel.datef):
endingDate = intervalModel.getEndingDate()
if endingDate is not None:
if endingDate > furthestTimeLimit:
furthestTimeLimit = endingDate
return furthestTimeLimit
def prepareCalendar(self, dbName, pentest_type, start_date, end_date, scope, settings, pentesters):
"""
Initiate a pentest database with wizard info
Args:
dbName: the database name
pentest_type: a pentest type choosen from settings pentest_types. Used to select commands that will be launched by default
start_date: a begining date and time for the pentest
end_date: ending date and time for the pentest
scope: a list of scope valid string (IP, network IP or host name)
settings: a dict of settings with keys:
* "Add domains whose IP are in scope": if 1, will do a dns lookup on new domains and check if found IP is in scope
* "Add domains who have a parent domain in scope": if 1, will add a new domain if a parent domain is in scope
* "Add all domains found": Unsafe. if 1, all new domains found by tools will be considered in scope.
"""
commands = Command.getList({"$or":[{"types":{"$elemMatch":{"$eq":pentest_type}}}, {"types":{"$elemMatch":{"$eq":"Commun"}}}]})
if not commands:
commandslist = Command.getList()
if not commandslist:
dialog = ChildDialogQuestion(self.parent, "No command found", "There is no registered command in the database. Would you like to import the default set?")
self.parent.wait_window(dialog.app)
if dialog.rvalue != "Yes":
return
default = os.path.join(Utils.getMainDir(), "exports/pollenisator_commands.gzip")
res = self.importCommands(default)
if res:
default = os.path.join(Utils.getMainDir(), "exports/pollenisator_group_commands.gzip")
res = self.importCommands(default)
commands = Command.getList({"$or":[{"types":{"$elemMatch":{"$eq":pentest_type}}}, {"types":{"$elemMatch":{"$eq":"Commun"}}}]})
#Duplicate commands in local database
allcommands = Command.fetchObjects({})
for command in allcommands:
command.indb = MongoCalendar.getInstance().calendarName
command.addInDb()
Wave().initialize(dbName, commands).addInDb()
Interval().initialize(dbName, start_date, end_date).addInDb()
values = {"wave":dbName, "Scopes":scope, "Settings":False}
ScopeController(Scope()).doInsert(values)
self.settings.reloadSettings()
self.settings.db_settings["pentest_type"] = pentest_type
self.settings.db_settings["include_domains_with_ip_in_scope"] = settings['Add domains whose IP are in scope'] == 1
self.settings.db_settings["include_domains_with_topdomain_in_scope"] = settings["Add domains who have a parent domain in scope"] == 1
self.settings.db_settings["include_all_domains"] = settings["Add all domains found"] == 1
self.settings.db_settings["pentesters"] = list(map(lambda x: x.strip(), pentesters.split("\n")))
self.settings.save()
def addInTreeview(self, parentNode=None, addChildren=True):
"""Add this view in treeview. Also stores infos in application treeview.
Args:
parentNode: if None, will calculate the parent. If setted, forces the node to be inserted inside given parentNode.
addChildren: If False: skip interval, tools and scope insert. Useful when displaying search results.
"""
parentNode = self.getParent()
self.appliTw.views[str(self.controller.getDbId())] = {
"view": self,
'parent': ''
}
wave_node = self.appliTw.insert(parentNode,
"end",
str(self.controller.getDbId()),
text=str(
self.controller.getModelRepr()),
tags=self.controller.getTags(),
image=self.getClassIcon())
if addChildren:
dates_node, scopes_node = self.addChildrenBaseNodes(wave_node)
intervals = self.controller.getIntervals()
for interval in intervals:
interval_vw = IntervalView(
self.appliTw, self.appliViewFrame, self.mainApp,
IntervalController(Interval(interval)))
interval_vw.addInTreeview(dates_node)
tools = self.controller.getTools()
for tool in tools:
tool_o = ToolController(tool)
tool_vw = ToolView(self.appliTw, self.appliViewFrame,
self.mainApp, tool_o)
tool_vw.addInTreeview(str(self.controller.getDbId()))
scopes = self.controller.getScopes()
for scope in scopes:
scope_o = ScopeController(Scope(scope))
scope_vw = ScopeView(self.appliTw, self.appliViewFrame,
self.mainApp, scope_o)
scope_vw.addInTreeview(scopes_node)
if "hidden" in self.controller.getTags():
self.hide()
def _load(self):
"""
Load the treeview with database information
"""
mongoInstance = MongoCalendar.getInstance()
dialog = ChildDialogProgress(self.appli, "Loading "+str(
mongoInstance.calendarName), "Opening "+str(mongoInstance.calendarName) + ". Please wait for a few seconds.", 200, "determinate")
step = 0
dialog.show(100)
nbObjects = mongoInstance.find("waves").count()
nbObjects += mongoInstance.find("scopes").count()
nbObjects += mongoInstance.find("intervals").count()
nbObjects += mongoInstance.find("scopes").count()
nbObjects += mongoInstance.find("ips").count()
nbObjects += mongoInstance.find("ports").count()
nbObjects += mongoInstance.find("tools").count()
onePercentNbObject = nbObjects//100 if nbObjects > 100 else 1
nbObjectTreated = 0
for child in self.get_children():
self.delete(child)
self._hidden = []
self._detached = []
self.waves_node = self.insert("", "end", str(
"waves"), text="Waves", image=WaveView.getClassIcon())
# Loading every category separatly is faster than recursivly.
# This is due to cursor.next function calls in pymongo
# Adding wave objects
waves = Wave.fetchObjects({})
for wave in waves:
wave_o = WaveController(wave)
wave_vw = WaveView(self, self.appli.viewframe, self.appli, wave_o)
wave_vw.addInTreeview(self.waves_node, False)
nbObjectTreated += 1
if nbObjectTreated % onePercentNbObject == 0:
step += 1
dialog.update(step)
scopes = Scope.fetchObjects({})
for scope in scopes:
scope_o = ScopeController(scope)
scope_vw = ScopeView(self, self.appli.viewframe, self.appli, scope_o)
scope_vw.addInTreeview(None, False)
nbObjectTreated += 1
if nbObjectTreated % onePercentNbObject == 0:
step += 1
dialog.update(step)
intervals = Interval.fetchObjects({})
for interval in intervals:
interval_o = IntervalController(interval)
interval_vw = IntervalView(self, self.appli.viewframe, self.appli, interval_o)
interval_vw.addInTreeview(None, False)
nbObjectTreated += 1
if nbObjectTreated % onePercentNbObject == 0:
step += 1
dialog.update(step)
# Adding ip objects
self.ips_node = self.insert("", "end", str(
"ips"), text="IPs", image=IpView.getClassIcon())
ips = Ip.fetchObjects({})
for ip in ips:
ip_o = IpController(ip)
ip_vw = IpView(self, self.appli.viewframe, self.appli, ip_o)
ip_vw.addInTreeview(None, False)
self.appli.statusbar.notify(ip_vw.controller.getTags())
nbObjectTreated += 1
if nbObjectTreated % onePercentNbObject == 0:
step += 1
dialog.update(step)
# Adding port objects
ports = Port.fetchObjects({})
for port in ports:
port_o = PortController(port)
port_vw = PortView(self, self.appli.viewframe, self.appli, port_o)
port_vw.addInTreeview(None, False)
self.appli.statusbar.notify(port_vw.controller.getTags())
nbObjectTreated += 1
if nbObjectTreated % onePercentNbObject == 0:
step += 1
dialog.update(step)
# Adding defect objects
defects = Defect.fetchObjects({"ip":{"$ne":""}})
for defect in defects:
defect_o = DefectController(defect)
defect_vw = DefectView(
self, self.appli.viewframe, self.appli, defect_o)
defect_vw.addInTreeview(None)
nbObjectTreated += 1
if nbObjectTreated % onePercentNbObject == 0:
step += 1
dialog.update(step)
# Adding tool objects
tools = Tool.fetchObjects({})
for tool in tools:
tool_o = ToolController(tool)
tool_vw = ToolView(self, self.appli.viewframe, self.appli, tool_o)
tool_vw.addInTreeview(None, False)
self.appli.statusbar.notify(tool_vw.controller.getTags())
nbObjectTreated += 1
if nbObjectTreated % onePercentNbObject == 0:
step += 1
dialog.update(step)
self.sort(self.ips_node)
self.appli.statusbar.update()
dialog.destroy()
def notify(self, db, collection, iid, action, _parent):
"""
Callback for the observer implemented in mongo.py.
Each time an object is inserted, updated or deleted the standard way, this function will be called.
Args:
collection: the collection that has been modified
iid: the mongo ObjectId _id that was modified/inserted/deleted
action: string "update" or "insert" or "delete". It was the action performed on the iid
_parent: Not used. the mongo ObjectId of the parent. Only if action in an insert. Not used anymore
"""
mongoInstance = MongoCalendar.getInstance()
if not mongoInstance.hasACalendarOpen():
return
if mongoInstance.calendarName != db:
return
# Delete
if action == "delete":
if collection == "defects":
view = self.getViewFromId(str(iid))
if view is not None:
view.beforeDelete()
self.appli.statusbar.notify([],view.controller.getTags())
try:
self.delete(ObjectId(iid))
except tk.TclError:
pass # item was not inserted in the treeview
# Insert
if action == "insert":
view = None
res = mongoInstance.find(collection, {"_id": ObjectId(iid)}, False)
if collection == "tools":
view = ToolView(self, self.appli.viewframe,
self.appli, ToolController(Tool(res)))
elif collection == "waves":
view = WaveView(self, self.appli.viewframe,
self.appli, WaveController(Wave(res)))
elif collection == "scopes":
view = ScopeView(self, self.appli.viewframe,
self.appli, ScopeController(Scope(res)))
elif collection == "ports":
view = PortView(self, self.appli.viewframe,
self.appli, PortController(Port(res)))
elif collection == "ips":
view = IpView(self, self.appli.viewframe,
self.appli, IpController(Ip(res)))
elif collection == "intervals":
view = IntervalView(self, self.appli.viewframe,
self.appli, IntervalController(Interval(res)))
elif collection == "defects":
view = DefectView(self, self.appli.viewframe,
self.appli, DefectController(Defect(res)))
try:
if view is not None:
view.addInTreeview()
view.insertReceived()
self.appli.statusbar.notify(view.controller.getTags())
except tk.TclError:
pass
if action == "update":
try:
view = self.getViewFromId(str(iid))
if view is not None:
oldTags = self.item(str(iid))["tags"]
view.controller.actualize()
self.appli.statusbar.notify(view.controller.getTags(), oldTags)
self.item(str(iid), text=str(
view.controller.getModelRepr()), image=view.getIcon())
except tk.TclError:
if view is not None:
view.addInTreeview()
if str(self.appli.openedViewFrameId) == str(iid):
for widget in self.appli.viewframe.winfo_children():
widget.destroy()
view.openModifyWindow()
if view is not None:
view.updateReceived()
self.appli.statusbar.update()
