Exemplo n.º 1
0
class Scan():
    """ This class will take care of the Active/Passive scanning """
    def __init__(self):
        self.nessus = Nessus()

        # colors
        self.G = '\033[92m'  # green
        self.Y = '\033[93m'  # yellow
        self.B = '\033[94m'  # blue
        self.R = '\033[91m'  # red
        self.W = '\033[0m'  # white

    def nessus_scan(self, target, filename):
        """ This function will take care of nessus scans and getting its output"""
        self.nessus.login()
        self.nessus.get_custom_uuid()
        self.nessus.get_policy_id()
        self.nessus.add_scan(list(target))
        print(self.G + "[i] Successfully added the Nessus scan")
        self.nessus.launch_scan()
        print(
            "[i] Successfully launched the Nessus scan & waiting for the scan to complete"
        )

        while True:
            time.sleep(60)
            try:
                status = self.nessus.check_status()
                if (status != "running"):
                    break
            except Exception as e:
                continue
        self.nessus.scan_results(filename)
        print(self.G + "[+] Nessus consolidated report:")
        self.nessus.slack_notify()
        return
Exemplo n.º 2
0
Arquivo: rta.py Projeto: wanted002/RTA
class Scan():
    """ This class will take care of the Active/Passive scanning """
    def __init__(self):
        # colors
        self.G = '\033[92m'  # green
        self.Y = '\033[93m'  # yellow
        self.B = '\033[94m'  # blue
        self.R = '\033[91m'  # red
        self.W = '\033[0m'  # white

        # object initialization
        self.nessus = Nessus()
        self.wpscan = WpScan()

        # MongoDB variables
        self.mongocli = MongoClient('localhost', 27017)
        self.dbname = self.mongocli['RTA']

        # Slack notification
        self.slack = Slack()

    def nessus_scan(self, target, filename):
        """ This function will take care of nessus scans and getting its output"""
        self.nessus.login()
        self.nessus.get_custom_uuid()
        self.nessus.get_policy_id()
        self.nessus.add_scan(list(target))
        print(self.G + "[i] Successfully added the Nessus scan")
        self.nessus.launch_scan()
        print(
            "[i] Successfully launched the Nessus scan & waiting for the scan to complete"
        )

        while True:
            time.sleep(60)
            try:
                status = self.nessus.check_status()
                if (status != "running"):
                    break
            except Exception as e:
                continue
        self.nessus.scan_results(filename)
        print(self.G + "[+] Nessus consolidated report:")
        self.nessus.slack_notify()
        return

    def wp_scan(self, parent):
        """
        Launch WpScan if the techstack used is wordpress.
        """
        collection = self.dbname['wpscan']
        collection_tech = self.dbname['tech_stack']
        count = self.dbname.collection.count()
        # collection.create_index('domain', unique=True)

        flag = True

        for item in collection_tech.find({'parent': parent}):
            message = ""
            if 'wordpress' in str(item['tech_stack']).lower():

                if flag:
                    message = "[+] *Wpscan report*: (" + item['domain'] + ")\n"
                    flag = False

                result = self.wpscan.scan(item['domain'], parent)
                data = {
                    'id': count + 1,
                    'domain': item['domain'],
                    'time': datetime.now()
                }
                data['version'] = result['version']['number']
                message += "Version: `" + data['version'] + "`\n"

                data['vulnerabilities'] = []
                data['plugins'] = {}

                message += "Wordpress core vulnerabilities: \n```\n"
                for value in result['version']['vulnerabilities']:
                    data['vulnerabilities'].append(value['title'])
                    message += value['title'] + "\n"
                message += "```\nPlugins: \n"

                for key, value in result['plugins'].iteritems():
                    if message[-1] != "\n":
                        message += "```"
                    message += "\n" + key + ": \n```"

                    for vuln in value['vulnerabilities']:
                        message += "\n"
                        try:
                            data['plugins'][key].append(vuln['title'])
                        except:
                            data['plugins'][key] = []
                            data['plugins'][key].append(vuln['title'])
                        message += vuln['title']

            # Push the above data to DB
            message += "\n```"
            print(self.W + message)
            self.slack.notify_slack(message)
            dataid = collection.insert(data)
            count += 1