Exemplo n.º 1
0
def import_scan():
    """
    Upload and import Nessus Scan file
    """
    msf_settings = msf_get_config(session)
    try:
        # check to see if we have a Metasploit RPC instance configured and talking
        from MetasploitProAPI import MetasploitProAPI
        msf_api = MetasploitProAPI(host=msf_settings['url'],
                                   apikey=msf_settings['key'])
        working_msf_api = msf_api.login()
    except:
        working_msf_api = False

    from skaldship.general import check_datadir
    import time
    import os

    filedir = os.path.join(request.folder, 'data', 'scanfiles')
    response.title = "%s :: Import Nessus Scan Results" % (settings.title)
    fields = []

    # buld the dropdown user list
    users = db(db.auth_user).select()
    userlist = []
    for user in users:
        userlist.append([user.id, user.username])

    nessus_config = nessus_get_config()
    # {'ignored_vulnids': [19506, 11219, 34277],
    #  'servers': {'server_1': {'password': '******',
    #                           'url': 'https://localhost:8834/',
    #                           'user': '******'}}}
    nessusreports = [[0, None]]
    import NessusAPI
    from skaldship.nessus.ness6api import Nessus6API

    servers = nessus_config.get('servers', {})
    for k, v in servers.items():
        if v.get('version') == 6:
            # nessus >= 6
            try:
                nessus = Nessus6API(url=v.get('url'),
                                    username=v.get('username'),
                                    password=v.get('password'),
                                    access_key=v.get('access_key'),
                                    secret_key=v.get('secret_key'),
                                    verify=v.get('verify_ssl'),
                                    proxies=v.get('proxies'))
            except Exception as e:
                logger.error("Error communicating with %s: %s" % (k, str(e)))

            try:
                for report in nessus.get_scans():
                    ts = time.ctime(
                        float(report.get('last_modification_date', 0)))
                    nessusreports.append([
                        "%s:%s" % (k, report.get('id')),
                        "%s: %s - %s (%s)" %
                        (k, report.get('name'), ts, report.get('status'))
                    ])
            except Exception as e:
                logger.error("Error making scan list: %s" % (str(e)))
        else:
            # nessus <= 5
            try:
                # check to see if NessusAPI is working
                nessus = NessusAPI.NessusConnection(v.get('user'),
                                                    v.get('password'),
                                                    url=v.get('url'))
                reports = nessus.list_reports()
                for report in reports:
                    ts = time.ctime(float(report.timestamp))
                    nessusreports.append([
                        "%s:%s" % (k, report.name),
                        "%s: %s - %s (%s)" %
                        (k, report.readablename, ts, report.status)
                    ])
            except Exception as e:
                logger.error("Error communicating with %s: %s" % (k, str(e)))

    if len(nessusreports) > 1:
        fields.append(
            Field('f_nessus_report',
                  type='integer',
                  label=T('Nessus Report'),
                  requires=IS_IN_SET(nessusreports, zero=None)))

    fields.append(
        Field('f_filename',
              'upload',
              uploadfolder=filedir,
              label=T('Nessus Scan File')))
    fields.append(
        Field('f_engineer',
              type='integer',
              label=T('Engineer'),
              default=auth.user.id,
              requires=IS_IN_SET(userlist)))
    fields.append(
        Field('f_asset_group',
              type='string',
              label=T('Asset Group'),
              requires=IS_NOT_EMPTY()))

    # check to see if we have a Metasploit Pro instance configured and talking
    # if so pull a list of the workspaces and present them
    if working_msf_api:
        msf_workspaces = ["None"]
        for w in list(msf_api.pro_workspaces().keys()):
            msf_workspaces.append(w)
        fields.append(
            Field('f_msf_workspace',
                  type='string',
                  label=T('MSF Pro Workspace'),
                  requires=IS_EMPTY_OR(IS_IN_SET(msf_workspaces, zero=None))))

    fields.append(
        Field('f_include_list', type='text', label=T('Hosts to Only Include')))
    fields.append(
        Field('f_ignore_list', type='text', label=T('Hosts to Ignore')))
    fields.append(
        Field('f_update_hosts',
              type='boolean',
              label=T('Update Host Information'),
              default=False))
    fields.append(
        Field('f_taskit',
              type='boolean',
              default=auth.user.f_scheduler_tasks,
              label=T('Run in background task')))
    form = SQLFORM.factory(*fields, table_name='nessus_scan')

    # form processing
    if form.errors:
        response.flash = 'Error in form'
    elif form.accepts(request.vars, session):
        # if no Nessus servers configured or valid, set report_name to 0
        if nessusreports == [[0, None]]:
            report_name = '0'
        else:
            if form.vars.f_nessus_report != "0":
                # If a nessus report is selected, try to parse it to set report_name
                try:
                    (server,
                     report_name) = form.vars.f_nessus_report.split(':')
                except ValueError as e:
                    msg = "Invalid report name sent: %s" % (
                        form.vars.f_nessus_report)
                    response.flash = msg
                    logging.error(msg)
                    return dict(form=form)
            else:
                # set report_name to 0 if no f_nessus_report sent
                report_name = '0'

        if report_name != '0':
            # download a report from a Nessus server
            n_server = nessus_config.get('servers').get(server)
            filename = os.path.join(
                filedir, "nessus-%s-%s.xml" %
                (form.vars.f_asset_group, int(time.time())))
            check_datadir(request.folder)

            if n_server.get('version') == 6:
                # nessus version => 6
                try:

                    nessus = Nessus6API(url=n_server.get('url'),
                                        username=n_server.get('username'),
                                        password=n_server.get('password'),
                                        access_key=n_server.get('access_key'),
                                        secret_key=n_server.get('secret_key'),
                                        verify=n_server.get('verify_ssl'),
                                        proxies=n_server.get('proxies'))
                    nessus_report = nessus.report_download(report_name)
                    fout = open(filename, "w")
                    fout.write(nessus_report)
                    fout.close()
                except Exception as e:
                    msg = ("Error download Nessus report: %s" % (e))
                    logger.error(msg)
                    response.flash = msg
                    return dict(form=form)

            else:
                # nessus version <= 5
                try:
                    # build a new nessus connection with the configured server details and download the report
                    n_server = nessus_config.get('servers').get(server)
                    nessus = NessusAPI.NessusConnection(
                        n_server.get('user'),
                        n_server.get('password'),
                        url=n_server.get('url'))
                    fout = open(filename, "w")
                    nessus.download_report(report_name, fout)
                    fout.close()
                except Exception as e:
                    msg = ("Error download Nessus report: %s" % (e))
                    logger.error(msg)
                    response.flash = msg
                    return dict(form=form)
        else:
            filename = os.path.join(filedir, form.vars.f_filename)

        # build the hosts only/exclude list
        ip_exclude = []
        data = form.vars.get('f_ignore_list')
        if data:
            ip_exclude = data.split('\r\n')
            # TODO: check for ip subnet/range and break it out to individuals
        ip_include = []
        data = form.vars.get('f_include_list')
        if data:
            ip_include = data.split('\r\n')
            # TODO: check for ip subnet/range and break it out to individuals

        if form.vars.f_msf_workspace:
            msf_workspace = form.vars.f_msf_workspace
            if msf_workspace == "None":
                msf_workspace = None
        else:
            msf_workspace = None
        msf_settings = {
            'workspace': msf_workspace,
            'url': msf_settings['url'],
            'key': msf_settings['key']
        }

        if form.vars.f_taskit:
            task = scheduler.queue_task(
                scanner_import,
                pvars=dict(
                    scanner='nessus',
                    filename=filename,
                    asset_group=form.vars.f_asset_group,
                    engineer=form.vars.f_engineer,
                    msf_settings=msf_settings,
                    ip_ignore_list=ip_exclude,
                    ip_include_list=ip_include,
                    update_hosts=form.vars.f_update_hosts,
                ),
                group_name=settings.scheduler_group_name,
                sync_output=5,
                timeout=settings.scheduler_timeout)
            if task.id:
                redirect(URL('tasks', 'status', args=task.id))
            else:
                response.flash = "Error submitting job: %s" % (task.errors)
        else:
            from skaldship.nessus.processor import process_scanfile
            logger.info("Starting Nessus Report Import")
            response.flash = process_scanfile(
                filename=filename,
                asset_group=form.vars.f_asset_group,
                engineer=form.vars.f_engineer,
                msf_settings=msf_settings,
                ip_ignore_list=ip_exclude,
                ip_include_list=ip_include,
                update_hosts=form.vars.f_update_hosts,
            )
            redirect(URL('default', 'index'))

    return dict(form=form)
Exemplo n.º 2
0
def scanner_import(scanner=None,
                   filename=None,
                   addnoports=False,
                   asset_group=None,
                   engineer=None,
                   msf_settings={},
                   ip_ignore_list=None,
                   ip_include_list=None,
                   update_hosts=False,
                   **kwargs):
    """
    Imports a Scanner XML file to Kvasir
    """
    if not isinstance(scanner, str):
        return False

    scanner = scanner.upper()
    if scanner == 'NMAP':
        from skaldship.nmap import process_xml

        logger.info("Processing nmap file: %s" % (filename))
        process_xml(
            filename=filename,
            addnoports=addnoports,
            asset_group=asset_group,
            engineer=engineer,
            msf_settings=msf_settings,
            ip_ignore_list=ip_ignore_list,
            ip_include_list=ip_include_list,
            update_hosts=update_hosts,
        )
    elif scanner == 'NEXPOSE':
        from skaldship.nexpose import process_xml

        logger.info("Processing Nexpose file: %s" % (filename))
        process_xml(
            filename=filename,
            asset_group=asset_group,
            engineer=engineer,
            msf_settings=msf_settings,
            ip_ignore_list=ip_ignore_list,
            ip_include_list=ip_include_list,
            update_hosts=update_hosts,
        )
    elif scanner == 'NESSUS':
        from skaldship.nessus.processor import process_scanfile

        logger.info("Processing Nessus file: %s" % (filename))
        process_scanfile(
            filename=filename,
            asset_group=asset_group,
            engineer=engineer,
            msf_settings=msf_settings,
            ip_ignore_list=ip_ignore_list,
            ip_include_list=ip_include_list,
            update_hosts=update_hosts,
        )
    elif scanner == 'METASPLOIT':
        from skaldship.metasploit.pro import process_report_xml

        logger.info("Processing Metasploit Pro file: %s" % filename)
        process_report_xml(
            filename=filename,
            asset_group=asset_group,
            engineer=engineer,
            ip_ignore_list=ip_ignore_list,
            ip_include_list=ip_include_list,
            update_hosts=update_hosts,
        )
    elif scanner == 'SHODANHQ':
        from skaldship.shodanhq import process_report

        logger.info("Processing ShodanHQ file: %s" % (filename))
        process_report(
            filename=filename,
            host_list=kwargs.get('hosts') or [],
            query=kwargs.get('query') or None,
            asset_group=asset_group,
            engineer=engineer,
            ip_ignore_list=ip_ignore_list,
            ip_include_list=ip_include_list,
            #update_hosts=update_hosts,
        )
    return True
Exemplo n.º 3
0
                    asset_group=form.vars.f_asset_group,
                    engineer=form.vars.f_engineer,
                    msf_settings=msf_settings,
                    ip_ignore_list=ip_exclude,
                    ip_include_list=ip_include,
                    update_hosts=form.vars.f_update_hosts,
                ),
                group_name=settings.scheduler_group_name,
                sync_output=5,
                timeout=settings.scheduler_timeout
            )
            if task.id:
                redirect(URL('tasks', 'status', args=task.id))
            else:
                response.flash = "Error submitting job: %s" % (task.errors)
        else:
            from skaldship.nessus.processor import process_scanfile
            logger.info("Starting Nessus Report Import")
            response.flash = process_scanfile(
                filename=filename,
                asset_group=form.vars.f_asset_group,
                engineer=form.vars.f_engineer,
                msf_settings=msf_settings,
                ip_ignore_list=ip_exclude,
                ip_include_list=ip_include,
                update_hosts=form.vars.f_update_hosts,
            )
            redirect(URL('default', 'index'))

    return dict(form=form)
Exemplo n.º 4
0
def scanner_import(
        scanner=None,
        filename=None,
        addnoports=False,
        asset_group=None,
        engineer=None,
        msf_settings={},
        ip_ignore_list=None,
        ip_include_list=None,
        update_hosts=False,
        **kwargs
):
    """
    Imports a Scanner XML file to Kvasir
    """
    if not isinstance(scanner, str):
        return False

    scanner = scanner.upper()
    if scanner == 'NMAP':
        from skaldship.nmap import process_xml

        logger.info("Processing nmap file: %s" % (filename))
        process_xml(
            filename=filename,
            addnoports=addnoports,
            asset_group=asset_group,
            engineer=engineer,
            msf_settings=msf_settings,
            ip_ignore_list=ip_ignore_list,
            ip_include_list=ip_include_list,
            update_hosts=update_hosts,
        )
    elif scanner == 'NEXPOSE':
        from skaldship.nexpose import process_xml

        logger.info("Processing Nexpose file: %s" % (filename))
        process_xml(
            filename=filename,
            asset_group=asset_group,
            engineer=engineer,
            msf_settings=msf_settings,
            ip_ignore_list=ip_ignore_list,
            ip_include_list=ip_include_list,
            update_hosts=update_hosts,
        )
    elif scanner == 'NESSUS':
        from skaldship.nessus.processor import process_scanfile

        logger.info("Processing Nessus file: %s" % (filename))
        process_scanfile(
            filename=filename,
            asset_group=asset_group,
            engineer=engineer,
            msf_settings=msf_settings,
            ip_ignore_list=ip_ignore_list,
            ip_include_list=ip_include_list,
            update_hosts=update_hosts,
        )
    elif scanner == 'METASPLOIT':
        from skaldship.metasploit.pro import process_report_xml

        logger.info("Processing Metasploit Pro file: %s" % filename)
        process_report_xml(
            filename=filename,
            asset_group=asset_group,
            engineer=engineer,
            ip_ignore_list=ip_ignore_list,
            ip_include_list=ip_include_list,
            update_hosts=update_hosts,
        )
    elif scanner == 'SHODANHQ':
        from skaldship.shodanhq import process_report

        logger.info("Processing ShodanHQ file: %s" % (filename))
        process_report(
            filename=filename,
            host_list=kwargs.get('hosts') or [],
            query=kwargs.get('query') or None,
            asset_group=asset_group,
            engineer=engineer,
            ip_ignore_list=ip_ignore_list,
            ip_include_list=ip_include_list,
            #update_hosts=update_hosts,
        )
    return True
Exemplo n.º 5
0
                    filename=filename,
                    asset_group=form.vars.f_asset_group,
                    engineer=form.vars.f_engineer,
                    msf_settings=msf_settings,
                    ip_ignore_list=ip_exclude,
                    ip_include_list=ip_include,
                    update_hosts=form.vars.f_update_hosts,
                ),
                group_name=settings.scheduler_group_name,
                sync_output=5,
                timeout=settings.scheduler_timeout)
            if task.id:
                redirect(URL('tasks', 'status', args=task.id))
            else:
                response.flash = "Error submitting job: %s" % (task.errors)
        else:
            from skaldship.nessus.processor import process_scanfile
            logger.info("Starting Nessus Report Import")
            response.flash = process_scanfile(
                filename=filename,
                asset_group=form.vars.f_asset_group,
                engineer=form.vars.f_engineer,
                msf_settings=msf_settings,
                ip_ignore_list=ip_exclude,
                ip_include_list=ip_include,
                update_hosts=form.vars.f_update_hosts,
            )
            redirect(URL('default', 'index'))

    return dict(form=form)