def perform_httpobs_scan(target, outpath):
logger.info("[+] Attempting to run HTTP Observatory scan...")
domain = urlparse(target[0]).netloc
try:
httpobs_result = scan(domain)
# This output we should send it somewhere, for now logging to a file
httpobs_file = open(
os.path.join(outpath, domain + '__httpobs_scan.json'), 'w+')
httpobs_file.write(str(httpobs_result))
# Printing to screen if verbose
logger.debug("HTTP Observatory scan output:\n" +
json.dumps(httpobs_result, indent=2))
return True
except Exception as httpobsError:
tool_path = find_executable('observatory')
if (is_observatory_installed()):
# We'd like to capture the tool output and save to a file
httpobs_out_handler = open(
os.path.join(outpath, domain + "__httpobs_scan.json"), "w+")
logger.debug("Running command: " + tool_path +
" --format json -z --rescan " + domain)
proc = subprocess.call(
[tool_path, "--format json", "-z", "--rescan", domain],
shell=False,
stdout=httpobs_out_handler,
stderr=subprocess.DEVNULL)
# logger.debug("HTTP Observatory scan output: " + json.dumps(httpobs_out_handler, indent=2))
return proc
else:
logger.warning(
"[!] HTTP Observatory is either not installed or is not in your $PATH. Skipping HTTP Observatory scan."
)
return False
def perform_httpobs_scan(target, outpath):
logger.info("[+] Attempting to run HTTP Observatory scan...")
domain = urlparse(target[0]).netloc
try:
httpobs_result = scan(domain)
logger.debug("HTTP Observatory output: " + httpobs_result)
# TODO: Implement write to file here
return True
except Exception as httpobsError:
tool_path = find_executable('observatory')
if (is_observatory_installed()):
# We'd like to capture the tool output and save to a file
httpobs_out_handler = open(
os.path.join(outpath, domain + "__httpobs_scan.json"), "w+")
proc = subprocess.call(
[tool_path, "--format json", "-z", "--rescan", domain],
shell=False,
stdout=httpobs_out_handler,
stderr=subprocess.DEVNULL)
return proc
else:
logger.warning(
"[!] HTTP Observatory is either not installed or is not in your $PATH. Skipping HTTP Observatory scan."
)
return False
def analyze(url: str):
parsed_url = urlparse(url)
grade_url = USER_ENDPOINT.format(parsed_url.hostname)
grade = None
try:
result = scan(str(parsed_url.hostname), path=str(parsed_url.path), headers=DEFAULT_HEADERS)
grade = result.get('scan', {}).get('grade', None)
except Exception as ex:
print(url, exception_to_str(ex))
grade = None
return (grade, grade_url)
def worker(self):
sys.path.append(self.basedir + '/scripts/util/http_observatory')
os.chdir(self.basedir + "/scripts/util/http_observatory/")
from httpobs.scanner.local import scan
while not self.SHARE_Q.empty():
item = self.SHARE_Q.get()
self.scan_result = scan(item)
print("task done for domain: " + item)
self.LEFT_Q = self.LEFT_Q - 1
print("queue size: %d, %d left" %
(self.SHARE_Q.qsize(), self.LEFT_Q))
self.SHARE_Q.task_done()
__dirname = os.path.abspath(os.path.dirname(__file__))
all_hosts = []
with open('complete-site-list.txt', 'r') as f:
for line in f:
all_hosts.append(line.strip())
# Then go retrieve the results
for host in all_hosts:
if '*' in host:
print(','.join((host, 'N/A')))
continue
try:
results = {
'httpobs': scan(host)
}
results = deviate(host, results)
if 'error' in results['httpobs']:
print(','.join((host, 'error')))
else:
grade = results['httpobs']['scan']['grade']
if grade is None:
grade = 'requested exemption'
print(','.join((host, grade)))
except (KeyboardInterrupt, SystemExit):
from httpobs.scanner.local import scan
import sys
import json
if len(sys.argv) < 2:
print("You must supply an endpoint argument")
sys.exit(1)
if len(sys.argv) == 2:
print("Scanning: '" + sys.argv[1] + "'")
print(json.dumps(scan(sys.argv[1]), sort_keys=True, indent=2))
elif len(sys.argv) == 3:
print("Scanning: '" + sys.argv[1] + "' http_port: '" + sys.argv[2] + "'")
print(
json.dumps(scan(sys.argv[1], http_port=sys.argv[2]),
sort_keys=True,
indent=2))
elif len(sys.argv) == 4:
print("Scanning: '" + sys.argv[1] + "' http_port: '" + sys.argv[2] +
"' https_port: '" + sys.argv[3] + "'")
print(
json.dumps(scan(sys.argv[1],
http_port=sys.argv[2],
https_port=sys.argv[3]),
sort_keys=True,
indent=2))
elif len(sys.argv) == 5:
print("Scanning: '" + sys.argv[1] + "' http_port: '" + sys.argv[2] +
"' https_port: '" + sys.argv[3] + "'" + "' path: '" + sys.argv[4] +
"'")
print(