def __init__(self, url, user, token):
self.url = utils.verify_url(url)
self.user = user
self.token = token
self.headers = {'Authorization': '{}'.format(self.token),
'Content-type': 'application/json',
'Accept': 'text/plain'}
self.shock = None
def __init__(self, url, user, token):
self.url = utils.verify_url(url)
self.user = user
self.token = token
self.headers = {'Authorization': '{}'.format(self.token),
'Content-type': 'application/json',
'Accept': 'text/plain'}
self.shock = None
def verify_shock_url(url):
return utils.verify_url(url, 7445)
if option == "18":
f = open('logCheckFTPvulnerable.txt', 'a')
sys.stdout = Log(sys.stdout, f)
checkFtpVulnerable.startCheckVulnerability(ip, hostname)
if option == "19":
f = open('logCheckvuln_SQL_XSS_LFI.txt', 'a')
sys.stdout = Log(sys.stdout, f)
checkVuln_SQL_XSS_LFI.startCheckVulnerability(ip, hostname)
if option == "21":
f = open('logCheckOpenPortsScapy.txt', 'a')
sys.stdout = Log(sys.stdout, f)
scannerScapy.scan_ports_multithread(hostname, parsed_args.ports)
if option == "22":
f = open('logCheckLibrariesWebsite.txt', 'a')
sys.stdout = Log(sys.stdout, f)
url = utils.verify_url(hostname)
print 'Obtaining libraries from website ' + url
print builtwith.parse(str(url))
if option == "23":
f = open('logIdentifyWebServer.txt', 'a')
sys.stdout = Log(sys.stdout, f)
url = utils.verify_url(hostname)
print 'Identify Server from ' + url
identifyServer = IdentifyServer()
identifyServer.test(url)
identifyServer.test(hostname)
identifyServer.test(ip)
if option == "24":
f = open('logCheckHeadersXSS.txt', 'a')
sys.stdout = Log(sys.stdout, f)
url = utils.verify_url(hostname)
def verify_shock_url(url):
return utils.verify_url(url, 7445)
def start(arasturl, config, num_threads, queue, datapath, binpath):
#### Get default configuration from ar_compute.conf
print " [.] Starting Assembly Service Compute Node"
cparser = SafeConfigParser()
cparser.read(config)
logging.getLogger('yapsy').setLevel(logging.WARNING)
logging.getLogger('yapsy').propagate = True
logging.getLogger('pika').propagate = True
logging.getLogger('pika').setLevel(logging.WARNING)
arastport = cparser.get('assembly','arast_port')
full_arasturl = utils.verify_url(arasturl, arastport)
if not num_threads:
num_threads = cparser.get('compute','threads')
#### Retrieve system configuration from AssemblyRAST server
print " [.] AssemblyRAST host: %s" % arasturl
try:
ctrl_conf = json.loads(requests.get('{}/admin/system/config'.format(full_arasturl)).content)
print " [.] Retrieved system config from host"
except:
raise Exception('Could not communicate with server for system config')
shockurl = ctrl_conf['shock']['host']
mongo_port = int(ctrl_conf['assembly']['mongo_port'])
mongo_host = ctrl_conf['assembly']['mongo_host']
rmq_port = int(ctrl_conf['assembly']['rabbitmq_port'])
rmq_host = ctrl_conf['assembly']['rabbitmq_host']
if not queue:
queue = ctrl_conf['rabbitmq']['default_routing_key']
if mongo_host == 'localhost':
mongo_host = arasturl
if rmq_host == 'localhost':
rmq_host = arasturl
print ' [.] Shock URL: %s' % shockurl
print " [.] MongoDB host: %s" % mongo_host
print " [.] MongoDB port: %s" % mongo_port
print " [.] RabbitMQ host: %s" % rmq_host
print " [.] RabbitMQ port: %s" % rmq_port
# Check shock status
print " [.] Connecting to Shock server..."
shockurl = utils.verify_url(shockurl, 7445)
try:
res = requests.get(shockurl)
except Exception as e:
logging.error("Shock connection error: {}".format(e))
sys.exit(1)
print " [.] Shock connection successful"
# Check MongoDB status
print " [.] Connecting to MongoDB server..."
try:
connection = pymongo.Connection(mongo_host, mongo_port)
connection.close()
logging.info("MongoDB Info: %s" % connection.server_info())
except pymongo.errors.PyMongoError as e:
logging.error("MongoDB connection error: {}".format(e))
sys.exit(1)
print " [.] MongoDB connection successful."
# Check RabbitMQ status
print " [.] Connecting to RabbitMQ server..."
try:
connection = pika.BlockingConnection(pika.ConnectionParameters(
host=rmq_host, port=rmq_port))
connection.close()
except Exception as e:
logging.error("RabbitMQ connection error: {}".format(e))
sys.exit(1)
print " [.] RabbitMQ connection successful"
#### Check data write permissions
rootpath = os.path.abspath(os.path.join(os.path.dirname( __file__ ), '..', '..'))
datapath = datapath or cparser.get('compute', 'datapath')
binpath = binpath or cparser.get('compute','binpath')
if not os.path.isabs(datapath): datapath = os.path.join(rootpath, datapath)
if not os.path.isabs(binpath): binpath = os.path.join(rootpath, binpath)
if os.path.isdir(datapath) and os.access(datapath, os.W_OK):
print ' [.] Storage path -- {} : OKAY'.format(datapath)
else:
raise Exception(' [.] Storage path -- {} : ERROR'.format(datapath))
if os.path.isdir(binpath) and os.access(datapath, os.R_OK):
print " [.] Binary path -- {} : OKAY".format(binpath)
else:
raise Exception(' [.] Binary directory does not exist -- {} : ERROR'.format(binpath))
## Start Monitor Thread
kill_process = multiprocessing.Process(name='killd', target=start_kill_monitor,
args=(rmq_host, rmq_port))
kill_process.start()
workers = []
for i in range(int(num_threads)):
worker_name = "[Worker %s]:" % i
compute = consume.ArastConsumer(shockurl, rmq_host, rmq_port, mongo_host, mongo_port, config, num_threads,
queue, kill_list, kill_list_lock, job_list, job_list_lock, ctrl_conf, datapath, binpath)
logging.info("[Master]: Starting %s" % worker_name)
p = multiprocessing.Process(name=worker_name, target=compute.start)
workers.append(p)
p.start()
workers[0].join()
def init_shock(self):
if self.shock is None:
shockres = self.req_get('{}/shock'.format(self.url))
self.shockurl = utils.verify_url(json.loads(shockres)['shockurl'])
self.shock = Shock(self.shockurl, self.user, self.token)
def init_shock(self):
if self.shock is None:
shockres = self.req_get('{}/shock'.format(self.url))
self.shockurl = utils.verify_url(json.loads(shockres)['shockurl'])
self.shock = Shock(self.shockurl, self.user, self.token)
def start(arasturl, config, num_threads, queue, datapath, binpath, modulebin):
logger.info("==========================================")
logger.info(" Starting Assembly Service Compute Node")
logger.info("==========================================")
#### Get default configuration from ar_compute.conf
cparser = SafeConfigParser()
cparser.read(config)
logging.getLogger('yapsy').setLevel(logging.WARNING)
logging.getLogger('yapsy').propagate = True
logging.getLogger('pika').propagate = True
logging.getLogger('pika').setLevel(logging.WARNING)
arastport = cparser.get('assembly','arast_port')
full_arasturl = utils.verify_url(arasturl, arastport)
if not num_threads:
num_threads = cparser.get('compute','threads')
#### Retrieve system configuration from AssemblyRAST server
logger.info("[.] AssemblyRAST host: {}".format(arasturl))
try:
ctrl_conf = json.loads(requests.get('{}/admin/system/config'.format(full_arasturl)).content)
logger.info("[.] Retrieved system config from host")
except:
raise Exception('Could not communicate with server for system config')
shockurl = ctrl_conf['shock']['host']
mongo_port = int(ctrl_conf['assembly']['mongo_port'])
mongo_host = ctrl_conf['assembly']['mongo_host']
rmq_port = int(ctrl_conf['assembly']['rabbitmq_port'])
rmq_host = ctrl_conf['assembly']['rabbitmq_host']
if not queue:
queue = [ctrl_conf['rabbitmq']['default_routing_key']]
if mongo_host == 'localhost':
mongo_host = arasturl
if rmq_host == 'localhost':
rmq_host = arasturl
logger.info('[.] Shock URL: {}'.format(shockurl))
logger.info("[.] MongoDB host: {}".format(mongo_host))
logger.info("[.] MongoDB port: {}".format(mongo_port))
logger.info("[.] RabbitMQ host: {}".format(rmq_host))
logger.info("[.] RabbitMQ port: {}".format(rmq_port))
# Check shock status
logger.info("[.] Connecting to Shock server...")
shockurl = utils.verify_url(shockurl, 7445)
try:
res = requests.get(shockurl)
except Exception as e:
logger.error("Shock connection error: {}".format(e))
sys.exit(1)
logger.info("[.] Shock connection successful")
# Check MongoDB status
logger.info("[.] Connecting to MongoDB server...")
try:
connection = pymongo.mongo_client.MongoClient(mongo_host, mongo_port)
connection.close()
logger.debug("MongoDB Info: %s" % connection.server_info())
except pymongo.errors.PyMongoError as e:
logger.error("MongoDB connection error: {}".format(e))
sys.exit(1)
logger.info("[.] MongoDB connection successful.")
# Check RabbitMQ status
logger.info("[.] Connecting to RabbitMQ server...")
try:
connection = pika.BlockingConnection(pika.ConnectionParameters(
host=rmq_host, port=rmq_port))
connection.close()
except Exception as e:
logger.error("RabbitMQ connection error: {}".format(e))
sys.exit(1)
logger.info("[.] RabbitMQ connection successful")
#### Check data write permissions
rootpath = os.path.abspath(os.path.join(os.path.dirname( __file__ ), '..', '..'))
datapath = datapath or cparser.get('compute', 'datapath')
binpath = binpath or cparser.get('compute', 'binpath')
modulebin = modulebin or cparser.get('compute', 'modulebin')
if not os.path.isabs(datapath): datapath = os.path.join(rootpath, datapath)
if not os.path.isabs(binpath): binpath = os.path.join(rootpath, binpath)
if not os.path.isabs(modulebin): modulebin = os.path.join(rootpath, modulebin)
if os.path.isdir(datapath) and os.access(datapath, os.W_OK):
logger.info('[.] Storage path writeable: {}'.format(datapath))
else:
raise Exception('ERROR: Storage path not writeable: {}'.format(datapath))
if os.path.isdir(binpath) and os.access(binpath, os.R_OK):
logger.info("[.] Third-party binary path readable: {}".format(binpath))
else:
raise Exception('ERROR: Third-party binary path not readable: {}'.format(binpath))
if os.path.isdir(modulebin) and os.access(modulebin, os.R_OK):
logger.info("[.] Module binary path readable: {}".format(modulebin))
else:
raise Exception('ERROR: Module binary path not readable: {}'.format(modulebin))
## Start Monitor Thread
kill_process = multiprocessing.Process(name='killd', target=start_kill_monitor,
args=(rmq_host, rmq_port))
kill_process.start()
workers = []
for i in range(int(num_threads)):
worker_name = "worker #%s" % i
compute = consume.ArastConsumer(shockurl, rmq_host, rmq_port, mongo_host, mongo_port, config, num_threads,
queue, kill_list, kill_list_lock, job_list, job_list_lock, ctrl_conf,
datapath, binpath, modulebin)
logger.info("Master: starting %s" % worker_name)
p = multiprocessing.Process(name=worker_name, target=compute.start)
workers.append(p)
p.start()
workers[0].join()
if option == "18":
f = open('logCheckFTPvulnerable.txt', 'a')
sys.stdout = Log(sys.stdout, f)
checkFtpVulnerable.startCheckVulnerability(ip,hostname)
if option == "19":
f = open('logCheckvuln_SQL_XSS_LFI.txt', 'a')
sys.stdout = Log(sys.stdout, f)
checkVuln_SQL_XSS_LFI.startCheckVulnerability(ip,hostname)
if option == "21":
f = open('logCheckOpenPortsScapy.txt', 'a')
sys.stdout = Log(sys.stdout, f)
#scannerScapy.scan_ports_multithread(hostname,parsed_args.ports)
if option == "22":
f = open('logCheckLibrariesWebsite.txt', 'a')
sys.stdout = Log(sys.stdout, f)
url = utils.verify_url(hostname)
print 'Obtaining libraries from website ' + url
print builtwith.parse(str(url))
if option == "23":
f = open('logIdentifyWebServer.txt', 'a')
sys.stdout = Log(sys.stdout, f)
url = utils.verify_url(hostname)
print 'Identify Server from ' + url
identifyServer = IdentifyServer()
identifyServer.test(url)
identifyServer.test(hostname)
identifyServer.test(ip)
if option == "24":
f = open('logCheckHeadersXSS.txt', 'a')
sys.stdout = Log(sys.stdout, f)
url = utils.verify_url(hostname)