def post(self, request, format=None, **kwargs): """ Launch scans using this api """ serializer = WebScanSerializer(data=request.data) if serializer.is_valid(): scan_id = uuid.uuid4() scanner = request.data.get('scanner') target_url = request.data.get('scan_url', ) project_id = request.data.get('project_id', ) rescanid = None rescan = 'No' user = request.user if scanner == 'zap_scan': # run_s = launch_zap_scan thread = threading.Thread(target=launch_zap_scan, args=(target_url, project_id, rescanid, rescan, scan_id, user)) thread.daemon = True thread.start() elif scanner == 'burp_scan': user = request.user date_time = datetime.datetime.now() scan_dump = burp_scan_db(scan_id=scan_id, project_id=project_id, url=target_url, date_time=date_time) scan_dump.save() try: do_scan = burp_plugin.burp_scans( project_id, target_url, scan_id, user ) thread = threading.Thread( target=do_scan.scan_launch, ) thread.daemon = True thread.start() except Exception as e: print(e) elif scanner == 'arachni': thread = threading.Thread(target=launch_arachni_scan, args=(target_url, project_id, rescanid, rescan, scan_id, user)) thread.daemon = True thread.start() if not target_url: return Response({"error": "No name passed"}) return Response({"message": "Scan Launched", "scanid": scan_id}) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def post(self, request, format=None, **kwargs): """ Launch scans using this api """ serializer = WebScanSerializer(data=request.data) if serializer.is_valid(): scan_id = uuid.uuid4() scanner = request.data.get('scanner') target_url = request.data.get('scan_url', ) project_id = request.data.get('project_id',) if scanner == 'zap_scan': run_s = web_views.launch_web_scan thread = threading.Thread(target=run_s, args=(target_url, project_id)) thread.daemon = True thread.start() elif scanner == 'burp_scan': date_time = timezone.now() scan_dump = burp_scan_db(scan_id=scan_id, project_id=project_id, url=target_url, date_time=date_time) scan_dump.save() do_scan = burp_plugin.burp_scans(project_id, target_url, scan_id) o = do_scan.scan_lauch thread = threading.Thread(target=o, args=(project_id, target_url, scan_id)) thread.daemon = True thread.start() if not target_url: return Response({"error": "No name passed"}) return Response({"message": "Scan Launched", "scanid": scan_id}) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def post(self, request, format=None, **kwargs): """ Launch scans using this api """ serializer = WebScanSerializer(data=request.data) if serializer.is_valid(): scan_id = uuid.uuid4() scanner = request.data.get('scanner') target_url = request.data.get('scan_url', ) project_id = request.data.get('project_id',) if scanner == 'zap_scan': run_s = web_views.launch_web_scan thread = threading.Thread(target=run_s, args=(target_url, project_id)) thread.daemon = True thread.start() elif scanner == 'burp_scan': date_time = datetime.datetime.now() scan_dump = burp_scan_db(scan_id=scan_id, project_id=project_id, url=target_url, date_time=date_time) scan_dump.save() # do_scan = burp_plugin.burp_scans(project_id, target_url, scan_id) # # o = () # thread = threading.Thread(target=do_scan.scan_launch(), args=(project_id, target_url, scan_id)) # thread.daemon = True # thread.start() try: do_scan = burp_plugin.burp_scans( project_id, target_url, scan_id) # do_scan.scan_lauch(project_id, # target, # scan_id) thread = threading.Thread( target=do_scan.scan_launch, ) thread.daemon = True thread.start() # time.sleep(5) except Exception as e: print e if not target_url: return Response({"error": "No name passed"}) return Response({"message": "Scan Launched", "scanid": scan_id}) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def burp_scan_launch(request): global vuln_id, burp_status if request.POST.get("url", ): target_url = request.POST.get('url', ) project_id = request.POST.get('project_id', ) scan_id = uuid.uuid4() date_time = datetime.datetime.now() scan_dump = burp_scan_db(scan_id=scan_id, project_id=project_id, url=target_url, date_time=date_time) scan_dump.save() try: do_scan = burp_scans(project_id, target_url, scan_id) do_scan.scan_lauch() except Exception as e: print e return render(request, 'scan_list.html')
def burp_scan_launch(request): """ Burp Scan Trigger. :param request: :return: """ user = request.user username = request.user.username if request.POST.get("url"): target_url = request.POST.get('url') project_id = request.POST.get('project_id') target__split = target_url.split(',') split_length = target__split.__len__() for i in range(0, split_length): target = target__split.__getitem__(i) print("Targets", target) scan_id = uuid.uuid4() date_time = datetime.now() scan_dump = burp_scan_db(username=username, scan_id=scan_id, project_id=project_id, url=target, date_time=date_time) scan_dump.save() try: do_scan = burp_plugin.burp_scans( project_id, target, scan_id, user) # do_scan.scan_lauch(project_id, # target, # scan_id) thread = threading.Thread( target=do_scan.scan_launch, ) thread.daemon = True thread.start() time.sleep(5) except Exception as e: print(e) return render(request, 'burpscanner/burp_scan_list.html')
def xml_upload(request): all_project = project_db.objects.all() if request.method == "POST": project_id = request.POST.get("project_id") scanner = request.POST.get("scanner") xml_file = request.FILES['xmlfile'] scan_url = request.POST.get("scan_url") scan_id = uuid.uuid4() scan_status = "100" if scanner == "zap_scan": date_time = datetime.datetime.now() scan_dump = zap_scans_db(scan_url=scan_url, scan_scanid=scan_id, date_time=date_time, project_id=project_id, vul_status=scan_status) scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() zap_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) elif scanner == "burp_scan": print scanner print xml_file print scan_url date_time = datetime.datetime.now() scan_dump = burp_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() # Burp scan XML parser tree = ET.parse(xml_file) root_xml = tree.getroot() do_xml_data = burp_scans(project_id, target_url, scan_id) do_xml_data.burp_scan_data(root_xml) print "Save scan Data" return HttpResponseRedirect("/webscanners/burp_scan_list") return render(request, 'upload_xml.html', {'all_project': all_project})
def xml_upload(request): """ Handling XML upload files. :param request: :return: """ username = request.user.username all_project = project_db.objects.filter(username=username) if request.method == "POST": project_id = request.POST.get("project_id") scanner = request.POST.get("scanner") xml_file = request.FILES['xmlfile'] scan_url = request.POST.get("scan_url") scan_id = uuid.uuid4() scan_status = "100" if scanner == "zap_scan": try: tree = ET.parse(xml_file) date_time = datetime.now() root_xml = tree.getroot() en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) scan_dump = zap_scans_db(username=username, scan_url=scan_url, scan_scanid=scan_id, date_time=date_time, project_id=project_id, vul_status=scan_status, rescan='No') scan_dump.save() zap_xml_parser.xml_parser(username=username, project_id=project_id, scan_id=scan_id, root=root_xml_en) messages.success(request, "File Uploaded") return HttpResponseRedirect( reverse('zapscanner:zap_scan_list')) except: messages.error(request, "File Not Supported") return render(request, 'upload_xml.html', {'all_project': all_project}) elif scanner == "burp_scan": try: date_time = datetime.now() # Burp scan XML parser tree = ET.parse(xml_file) root_xml = tree.getroot() en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) scan_dump = burp_scan_db(username=username, url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() burp_xml_parser.burp_scan_data(root_xml_en, project_id, scan_id, username=username) messages.success(request, "File Uploaded") return HttpResponseRedirect( reverse('burpscanner:burp_scan_list')) except: messages.error(request, "File Not Supported") return render(request, 'upload_xml.html', {'all_project': all_project}) elif scanner == "arachni": try: date_time = datetime.now() tree = ET.parse(xml_file) root_xml = tree.getroot() scan_dump = arachni_scan_db(username=username, url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() arachni_xml_parser.xml_parser(username=username, project_id=project_id, scan_id=scan_id, root=root_xml, target_url=scan_url) messages.success(request, "File Uploaded") return HttpResponseRedirect( reverse('arachniscanner:arachni_scan_list')) except: messages.error(request, "File Not Supported") return render(request, 'upload_xml.html', {'all_project': all_project}) elif scanner == 'netsparker': try: date_time = datetime.now() tree = ET.parse(xml_file) root_xml = tree.getroot() scan_dump = netsparker_scan_db(username=username, url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() netsparker_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml, username=username) messages.success(request, "File Uploaded") return HttpResponseRedirect( reverse('netsparkerscanner:netsparker_scan_list')) except: messages.error(request, "File Not Supported") return render(request, 'upload_xml.html', {'all_project': all_project}) elif scanner == 'webinspect': try: date_time = datetime.now() tree = ET.parse(xml_file) root_xml = tree.getroot() scan_dump = webinspect_scan_db(username=username, url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() webinspect_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml, username=username) messages.success(request, "File Uploaded") return HttpResponseRedirect( reverse('webinspectscanner:webinspect_scan_list')) except: messages.error(request, "File Not Supported") return render(request, 'upload_xml.html', {'all_project': all_project}) elif scanner == 'acunetix': try: date_time = datetime.now() tree = ET.parse(xml_file) root_xml = tree.getroot() scan_dump = acunetix_scan_db(username=username, url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() acunetix_xml_parser.xml_parser(username=username, project_id=project_id, scan_id=scan_id, root=root_xml) messages.success(request, "File Uploaded") return HttpResponseRedirect( reverse('acunetixscanner:acunetix_scan_list')) except: messages.error(request, "File Not Supported") return render(request, 'upload_xml.html', {'all_project': all_project}) elif scanner == 'dependencycheck': try: date_time = datetime.now() data = etree.parse(xml_file) root = data.getroot() scan_dump = dependencycheck_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() dependencycheck_report_parser.xml_parser(project_id=project_id, scan_id=scan_id, data=root, username=username) messages.success(request, "File Uploaded") return HttpResponseRedirect( reverse('dependencycheck:dependencycheck_list')) except: messages.error(request, "File Not Supported") return render(request, 'upload_xml.html', {'all_project': all_project}) elif scanner == 'checkmarx': try: date_time = datetime.now() data = etree.parse(xml_file) root = data.getroot() scan_dump = checkmarx_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() checkmarx_xml_report_parser.checkmarx_report_xml( project_id=project_id, scan_id=scan_id, data=root, username=username) messages.success(request, "File Uploaded") return HttpResponseRedirect( reverse('checkmarx:checkmarx_list')) except: messages.error(request, "File Not Supported") return render(request, 'upload_xml.html', {'all_project': all_project}) elif scanner == 'findbugs': try: date_time = datetime.now() tree = ET.parse(xml_file) root = tree.getroot() scan_dump = findbugs_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() findbugs_report_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root, username=username) messages.success(request, "File Uploaded") return HttpResponseRedirect(reverse('findbugs:findbugs_list')) except: messages.error(request, "File Not Supported") return render(request, 'upload_xml.html', {'all_project': all_project}) elif scanner == 'nikto': try: date_time = datetime.now() scan_dump = nikto_result_db( date_time=date_time, scan_url=scan_url, scan_id=scan_id, project_id=project_id, ) scan_dump.save() nikto_html_parser(xml_file, project_id, scan_id, username=username) messages.success(request, "File Uploaded") return HttpResponseRedirect(reverse('tools:nikto')) except: messages.error(request, "File Not Supported") return render(request, 'upload_xml.html', {'all_project': all_project}) return render(request, 'upload_xml.html', {'all_project': all_project})
def xml_upload(request): """ Handling XML upload files. :param request: :return: """ all_project = project_db.objects.all() if request.method == "POST": project_id = request.POST.get("project_id") scanner = request.POST.get("scanner") xml_file = request.FILES['xmlfile'] scan_url = request.POST.get("scan_url") scan_id = uuid.uuid4() scan_status = "100" if scanner == "zap_scan": date_time = datetime.now() scan_dump = zap_scans_db(scan_url=scan_url, scan_scanid=scan_id, date_time=date_time, project_id=project_id, vul_status=scan_status, rescan='No') scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() zap_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return HttpResponseRedirect("/zapscanner/zap_scan_list/") elif scanner == "burp_scan": date_time = datetime.now() scan_dump = burp_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() # Burp scan XML parser tree = ET.parse(xml_file) root_xml = tree.getroot() do_xml_data = burp_plugin.burp_scans(project_id, target_url, scan_id) do_xml_data.burp_scan_data(root_xml) print("Save scan Data") return HttpResponseRedirect("/burpscanner/burp_scan_list") elif scanner == "arachni": date_time = datetime.now() scan_dump = arachni_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() arachni_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) print("Save scan Data") return HttpResponseRedirect("/arachniscanner/arachni_scan_list") elif scanner == 'netsparker': date_time = datetime.now() scan_dump = netsparker_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() netsparker_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) print("Saved scan data") return HttpResponseRedirect( "/netsparkerscanner/netsparker_scan_list/") elif scanner == 'webinspect': date_time = datetime.now() scan_dump = webinspect_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() webinspect_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) print("Saved scan data") return HttpResponseRedirect( "/webinspectscanner/webinspect_scan_list/") elif scanner == 'acunetix': date_time = datetime.now() scan_dump = acunetix_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() acunetix_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) print("Saved scan data") return HttpResponseRedirect("/acunetixscanner/acunetix_scan_list/") elif scanner == 'dependencycheck': date_time = datetime.now() scan_dump = dependencycheck_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() data = etree.parse(xml_file) dependencycheck_report_parser.xml_parser(project_id=project_id, scan_id=scan_id, data=data) print("Saved scan data") return HttpResponseRedirect( "/dependencycheck/dependencycheck_list") elif scanner == 'findbugs': date_time = datetime.now() scan_dump = findbugs_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() tree = ET.parse(xml_file) root = tree.getroot() findbugs_report_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root) print("Saved scan data") return HttpResponseRedirect("/findbugs/findbugs_list") elif scanner == 'nikto': date_time = datetime.now() scan_dump = nikto_result_db( date_time=date_time, scan_url=scan_url, scan_id=scan_id, project_id=project_id, ) scan_dump.save() nikto_html_parser(xml_file, project_id, scan_id) print("Saved scan data") return HttpResponseRedirect("/tools/nikto/") return render(request, 'upload_xml.html', {'all_project': all_project})
def scan_launch(self): """ The function trigger the scans. """ burp_host = None burp_port = None burp_api_key = None global burp_status, data # Load setting parameters from burp_setting_db models all_burp_settings = burp_setting_db.objects.all() for data in all_burp_settings: burp_host = data.burp_url burp_port = data.burp_port burp_api_key = data.burp_api_key date_time = datetime.now() scan_dump = burp_scan_db(scan_id=self.scan_id, project_id=self.project_id, url=self.scan_url, date_time=date_time) scan_dump.save() host = 'http://' + burp_host + ':' + burp_port + '/' bi = burpscanner.BurpApi(host, burp_api_key) data = '{"urls":["%s"]}' % self.scan_url response = bi.scan(data) scan_data = response.response_headers burp_scan_id = scan_data['location'] # Email Notification message = 'Burp Scan Launched ' subject = 'Archery Burp Scan Notification' email_notify(user=self.user, subject=subject, message=message) # Dashboard Notification notify.send(self.user, recipient=self.user, verb='Burp Scan Launched') scan_info = bi.scan_info(burp_scan_id) json_scan_data = json.dumps(scan_info.data) scan_info_data = json.loads(json_scan_data) scan_status = scan_info_data['scan_metrics']['crawl_and_audit_progress'] while (int(scan_status) < 100): scan_info = bi.scan_info(burp_scan_id) json_scan_data = json.dumps(scan_info.data) scan_info_data = json.loads(json_scan_data) scan_status = scan_info_data['scan_metrics']['crawl_and_audit_progress'] print "Burp Scan Status :", scan_status burp_scan_db.objects.filter( scan_id=self.scan_id).update( scan_status=scan_status) time.sleep(5) scan_info = bi.scan_info(burp_scan_id) json_scan_data = json.dumps(scan_info.data) scan_info_data = json.loads(json_scan_data) scan_data = scan_info_data['issue_events'] do_scan_dat = burp_scans(self.project_id, self.scan_url, self.scan_id, self.user) do_scan_dat.burp_scan_data(scan_data)
def post(self, request, format=None): project_id = request.data.get("project_id") scanner = request.data.get("scanner") xml_file = request.data.get("filename") scan_url = request.data.get("scan_url") scan_id = uuid.uuid4() scan_status = "100" print xml_file print scanner if scanner == "zap_scan": date_time = datetime.datetime.now() scan_dump = zap_scans_db(scan_url=scan_url, scan_scanid=scan_id, date_time=date_time, project_id=project_id, vul_status=scan_status, rescan='No') scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() zap_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({ "message": "ZAP Scan Data Uploaded", "scanner": scanner, "project_id": project_id, "scan_id": scan_id }) elif scanner == "burp_scan": date_time = datetime.datetime.now() scan_dump = burp_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() # Burp scan XML parser tree = ET.parse(xml_file) root_xml = tree.getroot() do_xml_data = burp_plugin.burp_scans(project_id, scan_url, scan_id) do_xml_data.burp_scan_data(root_xml) return Response({ "message": "Burp Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == "arachni": date_time = datetime.datetime.now() scan_dump = arachni_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() arachni_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'netsparker': date_time = datetime.datetime.now() scan_dump = netsparker_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() netsparker_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'webinspect': date_time = datetime.datetime.now() scan_dump = webinspect_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() webinspect_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'banditscan': date_time = datetime.datetime.now() scan_dump = bandit_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() data = json.loads(xml_file) bandit_report_json(data=data, project_id=project_id, scan_id=scan_id) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'dependencycheck': date_time = datetime.datetime.now() scan_dump = dependencycheck_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() data = etree.parse(xml_file) dependencycheck_report_parser.xml_parser(project_id=project_id, scan_id=scan_id, data=data) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'findbugs': date_time = datetime.datetime.now() scan_dump = findbugs_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() findbugs_report_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'clair': date_time = datetime.datetime.now() scan_dump = clair_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() data = json.loads(xml_file) clair_json_report_parser.clair_report_json(project_id=project_id, scan_id=scan_id, data=data) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'inspec': date_time = datetime.datetime.now() scan_dump = inspec_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() data = json.loads(xml_file) inspec_json_parser.inspec_report_json(project_id=project_id, scan_id=scan_id, data=data) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'nikto': date_time = datetime.datetime.now() scan_dump = nikto_result_db( date_time=date_time, scan_url=scan_url, scan_id=scan_id, project_id=project_id, ) scan_dump.save() nikto_html_parser(xml_file, project_id, scan_id) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) return Response({"message": "Scan Data Uploaded"})
def post(self, request, format=None): project_id = request.data.get("project_id") scanner = request.data.get("scanner") xml_file = request.data.get("filename") scan_url = request.data.get("scan_url") scan_id = uuid.uuid4() scan_status = "100" print xml_file print scanner if scanner == "zap_scan": date_time = datetime.datetime.now() scan_dump = zap_scans_db(scan_url=scan_url, scan_scanid=scan_id, date_time=date_time, project_id=project_id, vul_status=scan_status, rescan='No') scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() zap_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({"message": "Scan Data Uploaded"}) elif scanner == "burp_scan": date_time = datetime.datetime.now() scan_dump = burp_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() # Burp scan XML parser tree = ET.parse(xml_file) root_xml = tree.getroot() do_xml_data = burp_plugin.burp_scans(project_id, scan_url, scan_id) do_xml_data.burp_scan_data(root_xml) return Response({"message": "Scan Data Uploaded"}) elif scanner == "arachni": date_time = datetime.datetime.now() scan_dump = arachni_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() arachni_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({"message": "Scan Data Uploaded"}) elif scanner == 'netsparker': date_time = datetime.datetime.now() scan_dump = netsparker_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() netsparker_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({"message": "Scan Data Uploaded"}) elif scanner == 'webinspect': date_time = datetime.datetime.now() scan_dump = webinspect_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() tree = ET.parse(xml_file) root_xml = tree.getroot() webinspect_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({"message": "Scan Data Uploaded"}) elif scanner == 'banditscan': date_time = datetime.datetime.now() scan_dump = bandit_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() data = json.loads(xml_file) bandit_report_json(data=data, project_id=project_id, scan_id=scan_id) return Response({"message": "Scan Data Uploaded"}) return Response({"message": "Scan Data Uploaded"})
def post(self, request, format=None): username = request.user.username project_id = request.data.get("project_id") scanner = request.data.get("scanner") file = request.data.get("filename") scan_url = request.data.get("scan_url") scan_id = uuid.uuid4() scan_status = "100" if scanner == "zap_scan": date_time = datetime.datetime.now() scan_dump = zap_scans_db(scan_url=scan_url, scan_scanid=scan_id, date_time=date_time, project_id=project_id, vul_status=scan_status, rescan='No', username=username) scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) zap_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml_en, username=username) return Response({ "message": "ZAP Scan Data Uploaded", "scanner": scanner, "project_id": project_id, "scan_id": scan_id }) elif scanner == "burp_scan": date_time = datetime.datetime.now() scan_dump = burp_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() # Burp scan XML parser root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) burp_xml_parser.burp_scan_data(root_xml_en, project_id, scan_id, username=username) return Response({ "message": "Burp Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == "arachni": date_time = datetime.datetime.now() scan_dump = arachni_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) arachni_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml, username=username, target_url=scan_url) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == "acunetix": date_time = datetime.datetime.now() scan_dump = acunetix_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) acunetix_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml_en, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'netsparker': date_time = datetime.datetime.now() scan_dump = netsparker_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) netsparker_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'webinspect': date_time = datetime.datetime.now() scan_dump = webinspect_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) webinspect_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'banditscan': date_time = datetime.datetime.now() scan_dump = bandit_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) bandit_report_json(data=data, project_id=project_id, scan_id=scan_id, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'dependencycheck': date_time = datetime.datetime.now() scan_dump = dependencycheck_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() xml_dat = bytes(bytearray(file, encoding='utf-8')) data = etree.XML(xml_dat) dependencycheck_report_parser.xml_parser(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'findbugs': date_time = datetime.datetime.now() scan_dump = findbugs_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) findbugs_report_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'checkmarx': date_time = datetime.datetime.now() scan_dump = checkmarx_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) checkmarx_xml_report_parser.checkmarx_report_xml( data=root_xml, project_id=project_id, scan_id=scan_id, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'clair': date_time = datetime.datetime.now() scan_dump = clair_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) clair_json_report_parser.clair_report_json(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'trivy': date_time = datetime.datetime.now() scan_dump = trivy_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) trivy_json_report_parser.trivy_report_json(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'npmaudit': date_time = datetime.datetime.now() scan_dump = npmaudit_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) npm_audit_report_json.npmaudit_report_json(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'nodejsscan': date_time = datetime.datetime.now() scan_dump = nodejsscan_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) nodejsscan_report_json.nodejsscan_report_json( project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'tfsec': date_time = datetime.datetime.now() scan_dump = tfsec_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) tfsec_report_parser.tfsec_report_json(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'whitesource': date_time = datetime.datetime.now() scan_dump = whitesource_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) whitesource_json_report_parser.whitesource_report_json( project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'inspec': date_time = datetime.datetime.now() scan_dump = inspec_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) inspec_json_parser.inspec_report_json(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'dockle': date_time = datetime.datetime.now() scan_dump = dockle_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() data = json.loads(file) dockle_json_parser.dockle_report_json(project_id=project_id, scan_id=scan_id, data=data, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'nessus': date_time = datetime.datetime.now() scan_dump = nessus_scan_db(scan_ip=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) Nessus_Parser.updated_nessus_parser(root=root_xml_en, scan_id=scan_id, project_id=project_id, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'openvas': date_time = datetime.datetime.now() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) hosts = OpenVas_Parser.get_hosts(root_xml_en) for host in hosts: scan_dump = scan_save_db(scan_ip=host, scan_id=host, date_time=date_time, project_id=project_id, scan_status=scan_status, username=username) scan_dump.save() OpenVas_Parser.updated_xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml_en, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'nikto': date_time = datetime.datetime.now() scan_dump = nikto_result_db(date_time=date_time, scan_url=scan_url, scan_id=scan_id, project_id=project_id, username=username) scan_dump.save() nikto_html_parser(file, project_id, scan_id, username=username) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) return Response({"message": "Scan Data Uploaded"})
def post(self, request, format=None): project_id = request.data.get("project_id") scanner = request.data.get("scanner") file = request.data.get("filename") print("Results file content: ", file) scan_url = request.data.get("scan_url") scan_id = uuid.uuid4() scan_status = "100" if scanner == "zap_scan": print("Inside zap_scan") date_time = datetime.datetime.now() scan_dump = zap_scans_db(scan_url=scan_url, scan_scanid=scan_id, date_time=date_time, project_id=project_id, vul_status=scan_status, rescan='No') scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) zap_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml_en) return Response({ "message": "ZAP Scan Data Uploaded", "scanner": scanner, "project_id": project_id, "scan_id": scan_id }) elif scanner == "burp_scan": date_time = datetime.datetime.now() scan_dump = burp_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() # Burp scan XML parser root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) burp_xml_parser.burp_scan_data(root_xml_en, project_id, scan_id) return Response({ "message": "Burp Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == "arachni": date_time = datetime.datetime.now() scan_dump = arachni_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) arachni_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == "acunetix": date_time = datetime.datetime.now() scan_dump = acunetix_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) acunetix_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml_en) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'netsparker': date_time = datetime.datetime.now() scan_dump = netsparker_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) netsparker_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'webinspect': date_time = datetime.datetime.now() scan_dump = webinspect_scan_db(url=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) webinspect_xml_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'banditscan': date_time = datetime.datetime.now() scan_dump = bandit_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() data = json.loads(file) bandit_report_json(data=data, project_id=project_id, scan_id=scan_id) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'dependencycheck': date_time = datetime.datetime.now() scan_dump = dependencycheck_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() xml_dat = bytes(bytearray(file, encoding='utf-8')) data = etree.XML(xml_dat) dependencycheck_report_parser.xml_parser(project_id=project_id, scan_id=scan_id, data=data) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'findbugs': date_time = datetime.datetime.now() scan_dump = findbugs_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) findbugs_report_parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'clair': date_time = datetime.datetime.now() scan_dump = clair_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() data = json.loads(file) clair_json_report_parser.clair_report_json(project_id=project_id, scan_id=scan_id, data=data) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'inspec': date_time = datetime.datetime.now() scan_dump = inspec_scan_db(project_name=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() data = json.loads(file) inspec_json_parser.inspec_report_json(project_id=project_id, scan_id=scan_id, data=data) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'nessus': date_time = datetime.datetime.now() scan_dump = nessus_scan_db(scan_ip=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) Nessus_Parser.nessus_parser( root=root_xml_en, scan_id=scan_id, project_id=project_id, ) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'openvas': date_time = datetime.datetime.now() scan_dump = scan_save_db(scan_ip=scan_url, scan_id=scan_id, date_time=date_time, project_id=project_id, scan_status=scan_status) scan_dump.save() root_xml = ET.fromstring(file) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode( 'ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) OpenVas_Parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml_en) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) elif scanner == 'nikto': date_time = datetime.datetime.now() scan_dump = nikto_result_db( date_time=date_time, scan_url=scan_url, scan_id=scan_id, project_id=project_id, ) scan_dump.save() nikto_html_parser(file, project_id, scan_id) return Response({ "message": "Scan Data Uploaded", "project_id": project_id, "scan_id": scan_id, "scanner": scanner }) return Response({"message": "Scan Data Not Uploaded"})
def scan_launch(self): """ The function trigger the scans. """ all_burp_settings = burp_setting_db.objects.all() for data in all_burp_settings: # settings = load_settings.ArcherySettings() burp_host = data.burp_url burp_port = data.burp_port print burp_host global vuln_id, burp_status time.sleep(15) host = 'http://' + burp_host + ':' + burp_port print host bi = burpscanner.BurpApi(host) try: print bi.burp_scope_add(self.scan_url) except Exception: print "Scanner not found" return date_time = datetime.now() scan_dump = burp_scan_db(scan_id=self.scan_id, project_id=self.project_id, url=self.scan_url, date_time=date_time) scan_dump.save() bi = burpscanner.BurpApi(host) bi.burp_scope_add(self.scan_url) bi.burp_spider(self.scan_url) time.sleep(15) bi.burp_active_scan(self.scan_url) print "Project_id", self.project_id while (int(burp_status) < 100): scan_status = bi.burp_scan_status() dat_status = scan_status.data for key, item in dat_status.iteritems(): burp_status = item print "Burp Scan Status :", burp_status burp_scan_db.objects.filter(scan_id=self.scan_id).update( scan_status=burp_status) time.sleep(5) burp_status = "100" # if burp_status == '100': # burp_status = "0" # else: # print "Scan Continue..." print "Result Extracting........" time.sleep(10) print "Result Extracted........" scan_result = bi.scan_report(self.scan_url, 'XML') result_xml = scan_result.data xml_data = ET.fromstring(result_xml) do_scan_dat = burp_scans(self.project_id, self.scan_url, self.scan_id) do_scan_dat.burp_scan_data(xml_data)