Exemplo n.º 1
0
def main(args):
    utils.dir_exists(args.output, True)

    zap = ZAPv2(apikey=config.ZAP_API, proxies=config.ZAP_PROXIES)  # pylint: disable=unexpected-keyword-arg
    # Create new session
    zap.core.new_session(args.output)

    urls = utils.parse_webserver_urls(args.input)
    for url in urls:
        if not utils.check_url(url)[0]:
            continue
        run_zap_attack(url, zap)
Exemplo n.º 2
0
def process_queue(webserver_queue, nikto_folder, args):
    while True:
        webserver = webserver_queue.get()
        url = "{}://{}:{}".format(webserver['service_name'], webserver['ipv4'],
                                  webserver['port'])
        if not utils.check_url(url)[0]:
            continue
        LOG.debug("Working on url: {}:{}".format(webserver['ipv4'],
                                                 webserver['port']))
        command, html_path = create_command(webserver, nikto_folder,
                                            args.proxy)
        text_output = run_commands.bash_command(command)
        run_commands.create_html_file(text_output, command, html_path)
        webserver_queue.task_done()
        continue
Exemplo n.º 3
0
def process_queue(args, url_queue, imaged_urls, urls):
    while True:
        url = url_queue.get()
        if not args.force:
            file_name = get_filename(args.output_dir, url)
            if os.path.isfile(file_name):
                with LOG_LOCK:
                    LOG.info(
                        "Skipping {url} as it has already been done (use -f to force)."
                        .format(url=url))
                url_queue.task_done()
                continue

        # Use requests to check that the URL is valid (requests is much faster).
        valid, end_url = utils.check_url(url)
        with LOG_LOCK:
            LOG.debug("check_url results: {}, {}".format(valid, end_url))
        if end_url in imaged_urls:
            with LOG_LOCK:
                LOG.info("Skipping, already took an image of this end_url {}".
                         format(end_url))
            url_queue.task_done()
            continue

        # Check if redirected and then if the end_url is in urls
        parsed_url = urlparse(end_url)
        if parsed_url.scheme == 'https' and parsed_url.port == 443:
            # remove port
            end_url = 'https://' + parsed_url.netloc.split(
                ":")[0] + parsed_url.path
        elif parsed_url.scheme == 'http' and parsed_url.port == 80:
            # remove port
            end_url = 'http://' + parsed_url.netloc.split(
                ":")[0] + parsed_url.path
        if not end_url == url:
            if end_url in urls:
                with LOG_LOCK:
                    LOG.info(
                        "Skipping, redirected to a url later in the list: {}".
                        format(end_url))
                url_queue.task_done()
                continue

        # If url is valid, take the screenshot and then add end_url to imaged_urls list
        if valid:
            take_screenshot(url, urls, args)
            imaged_urls.append(end_url)
        url_queue.task_done()
Exemplo n.º 4
0
def main(args):
    utils.dir_exists(args.output, True)

    zap = ZAPv2(apikey=config.ZAP_API, proxies=config.ZAP_PROXIES)  # pylint: disable=unexpected-keyword-arg
    # Create new session
    try:
        zap.core.new_session(args.output)
    except requests.exceptions.ProxyError:
        LOG.error("Couldn't attach to ZAP. Is it running?")
        return

    urls = utils.parse_webserver_urls(args.input)
    for url in urls:
        if not utils.check_url(url)[0]:
            continue
        run_zap_attack(url, zap)
Exemplo n.º 5
0
def main(args):
    testssl_folder = os.path.join(args.output, "testssl")
    utils.dir_exists(testssl_folder, True)
    for url in utils.parse_webserver_urls(args.input):
        if not utils.uses_encryption(url):
            LOG.debug("Skipping, no encryption: {}".format(url))
            continue
        if not utils.check_url(url)[0]:
            continue
        LOG.info("Testing url: {}".format(url))
        testssl_command, html_output = create_command(url, testssl_folder)
        text_output = run_commands.bash_command(testssl_command)
        html_output = run_commands.create_html_file(text_output,
                                                    testssl_command,
                                                    html_output)
        LOG.debug("Saving output to {}".format(html_output))
Exemplo n.º 6
0
def main(args):  # noqa
    utils.dir_exists(args.output_dir, True)
    run_update()
    tested = 0
    down = 0
    timeout = 0
    received_403 = 0
    not_wordpress = 0
    wordpress = 0
    stackerror = 0
    for url in utils.parse_webserver_urls(args.input):
        if utils.check_url(url)[0]:
            tested += 1
            command, html_output = create_command(url, args.output_dir)
            results = run_command_tee_aha(command, html_output)
            if results == "down":
                down += 1
            elif results == "403":
                received_403 += 1
            elif results == "timeout":
                timeout += 1
            elif results == "not wordpress":
                not_wordpress += 1
            elif results == "wordpress":
                wordpress += 1
            elif results == "stackerror":
                stackerror += 1
    LOG.info("Finished testing:")
    LOG.info("Total sites tested {} - (some sites skipped based on response)".format(tested))
    if down != 0:
        LOG.info("Websites that appeared to be down: {}".format(down))
    if timeout != 0:
        LOG.info("Websites that timedout: {}".format(timeout))
    if received_403 != 0:
        LOG.info("Websites that responded with a 403: {}".format(received_403))
    if stackerror != 0:
        LOG.info("Stack error received: {}".format(stackerror))
    if not_wordpress != 0:
        LOG.info("Websites that do not appear to be running WordPress: {}".format(not_wordpress))
    LOG.info("Total running WordPress: {}".format(wordpress))
Exemplo n.º 7
0
def main(args):
    utils.dir_exists(args.output, True)
    for url in utils.parse_webserver_urls(args.input):
        if utils.check_url(url)[0]:
            command, html_output = create_command(url, args.output)
            run_whatweb(command, html_output)