def post(self, request, format=None, **kwargs):
"""
Launch scans using this api
"""
serializer = WebScanSerializer(data=request.data)
if serializer.is_valid():
scan_id = uuid.uuid4()
scanner = request.data.get('scanner')
target_url = request.data.get('scan_url', )
project_id = request.data.get('project_id', )
rescanid = None
rescan = 'No'
user = request.user
if scanner == 'zap_scan':
# run_s = launch_zap_scan
thread = threading.Thread(target=launch_zap_scan, args=(target_url,
project_id,
rescanid,
rescan,
scan_id,
user))
thread.daemon = True
thread.start()
elif scanner == 'burp_scan':
user = request.user
date_time = datetime.datetime.now()
scan_dump = burp_scan_db(scan_id=scan_id,
project_id=project_id,
url=target_url,
date_time=date_time)
scan_dump.save()
try:
do_scan = burp_plugin.burp_scans(
project_id,
target_url,
scan_id,
user
)
thread = threading.Thread(
target=do_scan.scan_launch,
)
thread.daemon = True
thread.start()
except Exception as e:
print(e)
elif scanner == 'arachni':
thread = threading.Thread(target=launch_arachni_scan, args=(target_url,
project_id,
rescanid,
rescan,
scan_id,
user))
thread.daemon = True
thread.start()
if not target_url:
return Response({"error": "No name passed"})
return Response({"message": "Scan Launched", "scanid": scan_id})
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def post(self, request, format=None, **kwargs):
"""
Launch scans using this api
"""
serializer = WebScanSerializer(data=request.data)
if serializer.is_valid():
scan_id = uuid.uuid4()
scanner = request.data.get('scanner')
target_url = request.data.get('scan_url', )
project_id = request.data.get('project_id',)
if scanner == 'zap_scan':
run_s = web_views.launch_web_scan
thread = threading.Thread(target=run_s, args=(target_url, project_id))
thread.daemon = True
thread.start()
elif scanner == 'burp_scan':
date_time = timezone.now()
scan_dump = burp_scan_db(scan_id=scan_id,
project_id=project_id,
url=target_url,
date_time=date_time)
scan_dump.save()
do_scan = burp_plugin.burp_scans(project_id, target_url, scan_id)
o = do_scan.scan_lauch
thread = threading.Thread(target=o, args=(project_id, target_url, scan_id))
thread.daemon = True
thread.start()
if not target_url:
return Response({"error": "No name passed"})
return Response({"message": "Scan Launched", "scanid": scan_id})
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def post(self, request, format=None, **kwargs):
"""
Launch scans using this api
"""
serializer = WebScanSerializer(data=request.data)
if serializer.is_valid():
scan_id = uuid.uuid4()
scanner = request.data.get('scanner')
target_url = request.data.get('scan_url', )
project_id = request.data.get('project_id',)
if scanner == 'zap_scan':
run_s = web_views.launch_web_scan
thread = threading.Thread(target=run_s, args=(target_url, project_id))
thread.daemon = True
thread.start()
elif scanner == 'burp_scan':
date_time = datetime.datetime.now()
scan_dump = burp_scan_db(scan_id=scan_id,
project_id=project_id,
url=target_url,
date_time=date_time)
scan_dump.save()
# do_scan = burp_plugin.burp_scans(project_id, target_url, scan_id)
# # o = ()
# thread = threading.Thread(target=do_scan.scan_launch(), args=(project_id, target_url, scan_id))
# thread.daemon = True
# thread.start()
try:
do_scan = burp_plugin.burp_scans(
project_id,
target_url,
scan_id)
# do_scan.scan_lauch(project_id,
# target,
# scan_id)
thread = threading.Thread(
target=do_scan.scan_launch,
)
thread.daemon = True
thread.start()
# time.sleep(5)
except Exception as e:
print e
if not target_url:
return Response({"error": "No name passed"})
return Response({"message": "Scan Launched", "scanid": scan_id})
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def burp_scan_launch(request):
global vuln_id, burp_status
if request.POST.get("url", ):
target_url = request.POST.get('url', )
project_id = request.POST.get('project_id', )
scan_id = uuid.uuid4()
date_time = datetime.datetime.now()
scan_dump = burp_scan_db(scan_id=scan_id, project_id=project_id, url=target_url, date_time=date_time)
scan_dump.save()
try:
do_scan = burp_scans(project_id, target_url, scan_id)
do_scan.scan_lauch()
except Exception as e:
print e
return render(request, 'scan_list.html')
def burp_scan_launch(request):
"""
Burp Scan Trigger.
:param request:
:return:
"""
user = request.user
username = request.user.username
if request.POST.get("url"):
target_url = request.POST.get('url')
project_id = request.POST.get('project_id')
target__split = target_url.split(',')
split_length = target__split.__len__()
for i in range(0, split_length):
target = target__split.__getitem__(i)
print("Targets", target)
scan_id = uuid.uuid4()
date_time = datetime.now()
scan_dump = burp_scan_db(username=username,
scan_id=scan_id,
project_id=project_id,
url=target,
date_time=date_time)
scan_dump.save()
try:
do_scan = burp_plugin.burp_scans(
project_id,
target,
scan_id, user)
# do_scan.scan_lauch(project_id,
# target,
# scan_id)
thread = threading.Thread(
target=do_scan.scan_launch,
)
thread.daemon = True
thread.start()
time.sleep(5)
except Exception as e:
print(e)
return render(request, 'burpscanner/burp_scan_list.html')
def xml_upload(request):
all_project = project_db.objects.all()
if request.method == "POST":
project_id = request.POST.get("project_id")
scanner = request.POST.get("scanner")
xml_file = request.FILES['xmlfile']
scan_url = request.POST.get("scan_url")
scan_id = uuid.uuid4()
scan_status = "100"
if scanner == "zap_scan":
date_time = datetime.datetime.now()
scan_dump = zap_scans_db(scan_url=scan_url,
scan_scanid=scan_id,
date_time=date_time,
project_id=project_id,
vul_status=scan_status)
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
zap_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
elif scanner == "burp_scan":
print scanner
print xml_file
print scan_url
date_time = datetime.datetime.now()
scan_dump = burp_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
# Burp scan XML parser
tree = ET.parse(xml_file)
root_xml = tree.getroot()
do_xml_data = burp_scans(project_id, target_url, scan_id)
do_xml_data.burp_scan_data(root_xml)
print "Save scan Data"
return HttpResponseRedirect("/webscanners/burp_scan_list")
return render(request, 'upload_xml.html', {'all_project': all_project})
def xml_upload(request):
"""
Handling XML upload files.
:param request:
:return:
"""
username = request.user.username
all_project = project_db.objects.filter(username=username)
if request.method == "POST":
project_id = request.POST.get("project_id")
scanner = request.POST.get("scanner")
xml_file = request.FILES['xmlfile']
scan_url = request.POST.get("scan_url")
scan_id = uuid.uuid4()
scan_status = "100"
if scanner == "zap_scan":
try:
tree = ET.parse(xml_file)
date_time = datetime.now()
root_xml = tree.getroot()
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
scan_dump = zap_scans_db(username=username,
scan_url=scan_url,
scan_scanid=scan_id,
date_time=date_time,
project_id=project_id,
vul_status=scan_status,
rescan='No')
scan_dump.save()
zap_xml_parser.xml_parser(username=username,
project_id=project_id,
scan_id=scan_id,
root=root_xml_en)
messages.success(request, "File Uploaded")
return HttpResponseRedirect(
reverse('zapscanner:zap_scan_list'))
except:
messages.error(request, "File Not Supported")
return render(request, 'upload_xml.html',
{'all_project': all_project})
elif scanner == "burp_scan":
try:
date_time = datetime.now()
# Burp scan XML parser
tree = ET.parse(xml_file)
root_xml = tree.getroot()
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
scan_dump = burp_scan_db(username=username,
url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
burp_xml_parser.burp_scan_data(root_xml_en,
project_id,
scan_id,
username=username)
messages.success(request, "File Uploaded")
return HttpResponseRedirect(
reverse('burpscanner:burp_scan_list'))
except:
messages.error(request, "File Not Supported")
return render(request, 'upload_xml.html',
{'all_project': all_project})
elif scanner == "arachni":
try:
date_time = datetime.now()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
scan_dump = arachni_scan_db(username=username,
url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
arachni_xml_parser.xml_parser(username=username,
project_id=project_id,
scan_id=scan_id,
root=root_xml,
target_url=scan_url)
messages.success(request, "File Uploaded")
return HttpResponseRedirect(
reverse('arachniscanner:arachni_scan_list'))
except:
messages.error(request, "File Not Supported")
return render(request, 'upload_xml.html',
{'all_project': all_project})
elif scanner == 'netsparker':
try:
date_time = datetime.now()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
scan_dump = netsparker_scan_db(username=username,
url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
netsparker_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml,
username=username)
messages.success(request, "File Uploaded")
return HttpResponseRedirect(
reverse('netsparkerscanner:netsparker_scan_list'))
except:
messages.error(request, "File Not Supported")
return render(request, 'upload_xml.html',
{'all_project': all_project})
elif scanner == 'webinspect':
try:
date_time = datetime.now()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
scan_dump = webinspect_scan_db(username=username,
url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
webinspect_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml,
username=username)
messages.success(request, "File Uploaded")
return HttpResponseRedirect(
reverse('webinspectscanner:webinspect_scan_list'))
except:
messages.error(request, "File Not Supported")
return render(request, 'upload_xml.html',
{'all_project': all_project})
elif scanner == 'acunetix':
try:
date_time = datetime.now()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
scan_dump = acunetix_scan_db(username=username,
url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
acunetix_xml_parser.xml_parser(username=username,
project_id=project_id,
scan_id=scan_id,
root=root_xml)
messages.success(request, "File Uploaded")
return HttpResponseRedirect(
reverse('acunetixscanner:acunetix_scan_list'))
except:
messages.error(request, "File Not Supported")
return render(request, 'upload_xml.html',
{'all_project': all_project})
elif scanner == 'dependencycheck':
try:
date_time = datetime.now()
data = etree.parse(xml_file)
root = data.getroot()
scan_dump = dependencycheck_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
dependencycheck_report_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
data=root,
username=username)
messages.success(request, "File Uploaded")
return HttpResponseRedirect(
reverse('dependencycheck:dependencycheck_list'))
except:
messages.error(request, "File Not Supported")
return render(request, 'upload_xml.html',
{'all_project': all_project})
elif scanner == 'checkmarx':
try:
date_time = datetime.now()
data = etree.parse(xml_file)
root = data.getroot()
scan_dump = checkmarx_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
checkmarx_xml_report_parser.checkmarx_report_xml(
project_id=project_id,
scan_id=scan_id,
data=root,
username=username)
messages.success(request, "File Uploaded")
return HttpResponseRedirect(
reverse('checkmarx:checkmarx_list'))
except:
messages.error(request, "File Not Supported")
return render(request, 'upload_xml.html',
{'all_project': all_project})
elif scanner == 'findbugs':
try:
date_time = datetime.now()
tree = ET.parse(xml_file)
root = tree.getroot()
scan_dump = findbugs_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
findbugs_report_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root,
username=username)
messages.success(request, "File Uploaded")
return HttpResponseRedirect(reverse('findbugs:findbugs_list'))
except:
messages.error(request, "File Not Supported")
return render(request, 'upload_xml.html',
{'all_project': all_project})
elif scanner == 'nikto':
try:
date_time = datetime.now()
scan_dump = nikto_result_db(
date_time=date_time,
scan_url=scan_url,
scan_id=scan_id,
project_id=project_id,
)
scan_dump.save()
nikto_html_parser(xml_file,
project_id,
scan_id,
username=username)
messages.success(request, "File Uploaded")
return HttpResponseRedirect(reverse('tools:nikto'))
except:
messages.error(request, "File Not Supported")
return render(request, 'upload_xml.html',
{'all_project': all_project})
return render(request, 'upload_xml.html', {'all_project': all_project})
def xml_upload(request):
"""
Handling XML upload files.
:param request:
:return:
"""
all_project = project_db.objects.all()
if request.method == "POST":
project_id = request.POST.get("project_id")
scanner = request.POST.get("scanner")
xml_file = request.FILES['xmlfile']
scan_url = request.POST.get("scan_url")
scan_id = uuid.uuid4()
scan_status = "100"
if scanner == "zap_scan":
date_time = datetime.now()
scan_dump = zap_scans_db(scan_url=scan_url,
scan_scanid=scan_id,
date_time=date_time,
project_id=project_id,
vul_status=scan_status,
rescan='No')
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
zap_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return HttpResponseRedirect("/zapscanner/zap_scan_list/")
elif scanner == "burp_scan":
date_time = datetime.now()
scan_dump = burp_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
# Burp scan XML parser
tree = ET.parse(xml_file)
root_xml = tree.getroot()
do_xml_data = burp_plugin.burp_scans(project_id, target_url,
scan_id)
do_xml_data.burp_scan_data(root_xml)
print("Save scan Data")
return HttpResponseRedirect("/burpscanner/burp_scan_list")
elif scanner == "arachni":
date_time = datetime.now()
scan_dump = arachni_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
arachni_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
print("Save scan Data")
return HttpResponseRedirect("/arachniscanner/arachni_scan_list")
elif scanner == 'netsparker':
date_time = datetime.now()
scan_dump = netsparker_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
netsparker_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
print("Saved scan data")
return HttpResponseRedirect(
"/netsparkerscanner/netsparker_scan_list/")
elif scanner == 'webinspect':
date_time = datetime.now()
scan_dump = webinspect_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
webinspect_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
print("Saved scan data")
return HttpResponseRedirect(
"/webinspectscanner/webinspect_scan_list/")
elif scanner == 'acunetix':
date_time = datetime.now()
scan_dump = acunetix_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
acunetix_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
print("Saved scan data")
return HttpResponseRedirect("/acunetixscanner/acunetix_scan_list/")
elif scanner == 'dependencycheck':
date_time = datetime.now()
scan_dump = dependencycheck_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
data = etree.parse(xml_file)
dependencycheck_report_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
data=data)
print("Saved scan data")
return HttpResponseRedirect(
"/dependencycheck/dependencycheck_list")
elif scanner == 'findbugs':
date_time = datetime.now()
scan_dump = findbugs_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
tree = ET.parse(xml_file)
root = tree.getroot()
findbugs_report_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root)
print("Saved scan data")
return HttpResponseRedirect("/findbugs/findbugs_list")
elif scanner == 'nikto':
date_time = datetime.now()
scan_dump = nikto_result_db(
date_time=date_time,
scan_url=scan_url,
scan_id=scan_id,
project_id=project_id,
)
scan_dump.save()
nikto_html_parser(xml_file, project_id, scan_id)
print("Saved scan data")
return HttpResponseRedirect("/tools/nikto/")
return render(request, 'upload_xml.html', {'all_project': all_project})
def scan_launch(self):
"""
The function trigger the scans.
"""
burp_host = None
burp_port = None
burp_api_key = None
global burp_status, data
# Load setting parameters from burp_setting_db models
all_burp_settings = burp_setting_db.objects.all()
for data in all_burp_settings:
burp_host = data.burp_url
burp_port = data.burp_port
burp_api_key = data.burp_api_key
date_time = datetime.now()
scan_dump = burp_scan_db(scan_id=self.scan_id,
project_id=self.project_id,
url=self.scan_url,
date_time=date_time)
scan_dump.save()
host = 'http://' + burp_host + ':' + burp_port + '/'
bi = burpscanner.BurpApi(host, burp_api_key)
data = '{"urls":["%s"]}' % self.scan_url
response = bi.scan(data)
scan_data = response.response_headers
burp_scan_id = scan_data['location']
# Email Notification
message = 'Burp Scan Launched '
subject = 'Archery Burp Scan Notification'
email_notify(user=self.user, subject=subject, message=message)
# Dashboard Notification
notify.send(self.user, recipient=self.user, verb='Burp Scan Launched')
scan_info = bi.scan_info(burp_scan_id)
json_scan_data = json.dumps(scan_info.data)
scan_info_data = json.loads(json_scan_data)
scan_status = scan_info_data['scan_metrics']['crawl_and_audit_progress']
while (int(scan_status) < 100):
scan_info = bi.scan_info(burp_scan_id)
json_scan_data = json.dumps(scan_info.data)
scan_info_data = json.loads(json_scan_data)
scan_status = scan_info_data['scan_metrics']['crawl_and_audit_progress']
print "Burp Scan Status :", scan_status
burp_scan_db.objects.filter(
scan_id=self.scan_id).update(
scan_status=scan_status)
time.sleep(5)
scan_info = bi.scan_info(burp_scan_id)
json_scan_data = json.dumps(scan_info.data)
scan_info_data = json.loads(json_scan_data)
scan_data = scan_info_data['issue_events']
do_scan_dat = burp_scans(self.project_id, self.scan_url, self.scan_id, self.user)
do_scan_dat.burp_scan_data(scan_data)
def post(self, request, format=None):
project_id = request.data.get("project_id")
scanner = request.data.get("scanner")
xml_file = request.data.get("filename")
scan_url = request.data.get("scan_url")
scan_id = uuid.uuid4()
scan_status = "100"
print xml_file
print scanner
if scanner == "zap_scan":
date_time = datetime.datetime.now()
scan_dump = zap_scans_db(scan_url=scan_url,
scan_scanid=scan_id,
date_time=date_time,
project_id=project_id,
vul_status=scan_status,
rescan='No')
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
zap_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({
"message": "ZAP Scan Data Uploaded",
"scanner": scanner,
"project_id": project_id,
"scan_id": scan_id
})
elif scanner == "burp_scan":
date_time = datetime.datetime.now()
scan_dump = burp_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
# Burp scan XML parser
tree = ET.parse(xml_file)
root_xml = tree.getroot()
do_xml_data = burp_plugin.burp_scans(project_id, scan_url, scan_id)
do_xml_data.burp_scan_data(root_xml)
return Response({
"message": "Burp Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == "arachni":
date_time = datetime.datetime.now()
scan_dump = arachni_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
arachni_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'netsparker':
date_time = datetime.datetime.now()
scan_dump = netsparker_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
netsparker_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'webinspect':
date_time = datetime.datetime.now()
scan_dump = webinspect_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
webinspect_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'banditscan':
date_time = datetime.datetime.now()
scan_dump = bandit_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
data = json.loads(xml_file)
bandit_report_json(data=data,
project_id=project_id,
scan_id=scan_id)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'dependencycheck':
date_time = datetime.datetime.now()
scan_dump = dependencycheck_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
data = etree.parse(xml_file)
dependencycheck_report_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
data=data)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'findbugs':
date_time = datetime.datetime.now()
scan_dump = findbugs_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
findbugs_report_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'clair':
date_time = datetime.datetime.now()
scan_dump = clair_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
data = json.loads(xml_file)
clair_json_report_parser.clair_report_json(project_id=project_id,
scan_id=scan_id,
data=data)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'inspec':
date_time = datetime.datetime.now()
scan_dump = inspec_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
data = json.loads(xml_file)
inspec_json_parser.inspec_report_json(project_id=project_id,
scan_id=scan_id,
data=data)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'nikto':
date_time = datetime.datetime.now()
scan_dump = nikto_result_db(
date_time=date_time,
scan_url=scan_url,
scan_id=scan_id,
project_id=project_id,
)
scan_dump.save()
nikto_html_parser(xml_file, project_id, scan_id)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
return Response({"message": "Scan Data Uploaded"})
def post(self, request, format=None):
project_id = request.data.get("project_id")
scanner = request.data.get("scanner")
xml_file = request.data.get("filename")
scan_url = request.data.get("scan_url")
scan_id = uuid.uuid4()
scan_status = "100"
print xml_file
print scanner
if scanner == "zap_scan":
date_time = datetime.datetime.now()
scan_dump = zap_scans_db(scan_url=scan_url,
scan_scanid=scan_id,
date_time=date_time,
project_id=project_id,
vul_status=scan_status,
rescan='No')
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
zap_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({"message": "Scan Data Uploaded"})
elif scanner == "burp_scan":
date_time = datetime.datetime.now()
scan_dump = burp_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
# Burp scan XML parser
tree = ET.parse(xml_file)
root_xml = tree.getroot()
do_xml_data = burp_plugin.burp_scans(project_id, scan_url, scan_id)
do_xml_data.burp_scan_data(root_xml)
return Response({"message": "Scan Data Uploaded"})
elif scanner == "arachni":
date_time = datetime.datetime.now()
scan_dump = arachni_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
arachni_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({"message": "Scan Data Uploaded"})
elif scanner == 'netsparker':
date_time = datetime.datetime.now()
scan_dump = netsparker_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
netsparker_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({"message": "Scan Data Uploaded"})
elif scanner == 'webinspect':
date_time = datetime.datetime.now()
scan_dump = webinspect_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
webinspect_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({"message": "Scan Data Uploaded"})
elif scanner == 'banditscan':
date_time = datetime.datetime.now()
scan_dump = bandit_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
data = json.loads(xml_file)
bandit_report_json(data=data,
project_id=project_id,
scan_id=scan_id)
return Response({"message": "Scan Data Uploaded"})
return Response({"message": "Scan Data Uploaded"})
def post(self, request, format=None):
username = request.user.username
project_id = request.data.get("project_id")
scanner = request.data.get("scanner")
file = request.data.get("filename")
scan_url = request.data.get("scan_url")
scan_id = uuid.uuid4()
scan_status = "100"
if scanner == "zap_scan":
date_time = datetime.datetime.now()
scan_dump = zap_scans_db(scan_url=scan_url,
scan_scanid=scan_id,
date_time=date_time,
project_id=project_id,
vul_status=scan_status,
rescan='No',
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
zap_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml_en,
username=username)
return Response({
"message": "ZAP Scan Data Uploaded",
"scanner": scanner,
"project_id": project_id,
"scan_id": scan_id
})
elif scanner == "burp_scan":
date_time = datetime.datetime.now()
scan_dump = burp_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
# Burp scan XML parser
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
burp_xml_parser.burp_scan_data(root_xml_en,
project_id,
scan_id,
username=username)
return Response({
"message": "Burp Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == "arachni":
date_time = datetime.datetime.now()
scan_dump = arachni_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
arachni_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml,
username=username,
target_url=scan_url)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == "acunetix":
date_time = datetime.datetime.now()
scan_dump = acunetix_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
acunetix_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml_en,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'netsparker':
date_time = datetime.datetime.now()
scan_dump = netsparker_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
netsparker_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'webinspect':
date_time = datetime.datetime.now()
scan_dump = webinspect_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
webinspect_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'banditscan':
date_time = datetime.datetime.now()
scan_dump = bandit_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
bandit_report_json(data=data,
project_id=project_id,
scan_id=scan_id,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'dependencycheck':
date_time = datetime.datetime.now()
scan_dump = dependencycheck_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
xml_dat = bytes(bytearray(file, encoding='utf-8'))
data = etree.XML(xml_dat)
dependencycheck_report_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'findbugs':
date_time = datetime.datetime.now()
scan_dump = findbugs_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
findbugs_report_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'checkmarx':
date_time = datetime.datetime.now()
scan_dump = checkmarx_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
checkmarx_xml_report_parser.checkmarx_report_xml(
data=root_xml,
project_id=project_id,
scan_id=scan_id,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'clair':
date_time = datetime.datetime.now()
scan_dump = clair_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
clair_json_report_parser.clair_report_json(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'trivy':
date_time = datetime.datetime.now()
scan_dump = trivy_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
trivy_json_report_parser.trivy_report_json(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'npmaudit':
date_time = datetime.datetime.now()
scan_dump = npmaudit_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
npm_audit_report_json.npmaudit_report_json(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'nodejsscan':
date_time = datetime.datetime.now()
scan_dump = nodejsscan_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
nodejsscan_report_json.nodejsscan_report_json(
project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'tfsec':
date_time = datetime.datetime.now()
scan_dump = tfsec_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
tfsec_report_parser.tfsec_report_json(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'whitesource':
date_time = datetime.datetime.now()
scan_dump = whitesource_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
whitesource_json_report_parser.whitesource_report_json(
project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'inspec':
date_time = datetime.datetime.now()
scan_dump = inspec_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
inspec_json_parser.inspec_report_json(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'dockle':
date_time = datetime.datetime.now()
scan_dump = dockle_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
dockle_json_parser.dockle_report_json(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'nessus':
date_time = datetime.datetime.now()
scan_dump = nessus_scan_db(scan_ip=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
Nessus_Parser.updated_nessus_parser(root=root_xml_en,
scan_id=scan_id,
project_id=project_id,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'openvas':
date_time = datetime.datetime.now()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
hosts = OpenVas_Parser.get_hosts(root_xml_en)
for host in hosts:
scan_dump = scan_save_db(scan_ip=host,
scan_id=host,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
OpenVas_Parser.updated_xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml_en,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'nikto':
date_time = datetime.datetime.now()
scan_dump = nikto_result_db(date_time=date_time,
scan_url=scan_url,
scan_id=scan_id,
project_id=project_id,
username=username)
scan_dump.save()
nikto_html_parser(file, project_id, scan_id, username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
return Response({"message": "Scan Data Uploaded"})
def post(self, request, format=None):
project_id = request.data.get("project_id")
scanner = request.data.get("scanner")
file = request.data.get("filename")
print("Results file content: ", file)
scan_url = request.data.get("scan_url")
scan_id = uuid.uuid4()
scan_status = "100"
if scanner == "zap_scan":
print("Inside zap_scan")
date_time = datetime.datetime.now()
scan_dump = zap_scans_db(scan_url=scan_url,
scan_scanid=scan_id,
date_time=date_time,
project_id=project_id,
vul_status=scan_status,
rescan='No')
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
zap_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml_en)
return Response({
"message": "ZAP Scan Data Uploaded",
"scanner": scanner,
"project_id": project_id,
"scan_id": scan_id
})
elif scanner == "burp_scan":
date_time = datetime.datetime.now()
scan_dump = burp_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
# Burp scan XML parser
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
burp_xml_parser.burp_scan_data(root_xml_en, project_id, scan_id)
return Response({
"message": "Burp Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == "arachni":
date_time = datetime.datetime.now()
scan_dump = arachni_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
arachni_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == "acunetix":
date_time = datetime.datetime.now()
scan_dump = acunetix_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
acunetix_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml_en)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'netsparker':
date_time = datetime.datetime.now()
scan_dump = netsparker_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
netsparker_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'webinspect':
date_time = datetime.datetime.now()
scan_dump = webinspect_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
webinspect_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'banditscan':
date_time = datetime.datetime.now()
scan_dump = bandit_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
data = json.loads(file)
bandit_report_json(data=data,
project_id=project_id,
scan_id=scan_id)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'dependencycheck':
date_time = datetime.datetime.now()
scan_dump = dependencycheck_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
xml_dat = bytes(bytearray(file, encoding='utf-8'))
data = etree.XML(xml_dat)
dependencycheck_report_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
data=data)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'findbugs':
date_time = datetime.datetime.now()
scan_dump = findbugs_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
findbugs_report_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'clair':
date_time = datetime.datetime.now()
scan_dump = clair_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
data = json.loads(file)
clair_json_report_parser.clair_report_json(project_id=project_id,
scan_id=scan_id,
data=data)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'inspec':
date_time = datetime.datetime.now()
scan_dump = inspec_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
data = json.loads(file)
inspec_json_parser.inspec_report_json(project_id=project_id,
scan_id=scan_id,
data=data)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'nessus':
date_time = datetime.datetime.now()
scan_dump = nessus_scan_db(scan_ip=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
Nessus_Parser.nessus_parser(
root=root_xml_en,
scan_id=scan_id,
project_id=project_id,
)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'openvas':
date_time = datetime.datetime.now()
scan_dump = scan_save_db(scan_ip=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
OpenVas_Parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml_en)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'nikto':
date_time = datetime.datetime.now()
scan_dump = nikto_result_db(
date_time=date_time,
scan_url=scan_url,
scan_id=scan_id,
project_id=project_id,
)
scan_dump.save()
nikto_html_parser(file, project_id, scan_id)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
return Response({"message": "Scan Data Not Uploaded"})
def scan_launch(self):
"""
The function trigger the scans.
"""
all_burp_settings = burp_setting_db.objects.all()
for data in all_burp_settings:
# settings = load_settings.ArcherySettings()
burp_host = data.burp_url
burp_port = data.burp_port
print burp_host
global vuln_id, burp_status
time.sleep(15)
host = 'http://' + burp_host + ':' + burp_port
print host
bi = burpscanner.BurpApi(host)
try:
print bi.burp_scope_add(self.scan_url)
except Exception:
print "Scanner not found"
return
date_time = datetime.now()
scan_dump = burp_scan_db(scan_id=self.scan_id,
project_id=self.project_id,
url=self.scan_url,
date_time=date_time)
scan_dump.save()
bi = burpscanner.BurpApi(host)
bi.burp_scope_add(self.scan_url)
bi.burp_spider(self.scan_url)
time.sleep(15)
bi.burp_active_scan(self.scan_url)
print "Project_id", self.project_id
while (int(burp_status) < 100):
scan_status = bi.burp_scan_status()
dat_status = scan_status.data
for key, item in dat_status.iteritems():
burp_status = item
print "Burp Scan Status :", burp_status
burp_scan_db.objects.filter(scan_id=self.scan_id).update(
scan_status=burp_status)
time.sleep(5)
burp_status = "100"
# if burp_status == '100':
# burp_status = "0"
# else:
# print "Scan Continue..."
print "Result Extracting........"
time.sleep(10)
print "Result Extracted........"
scan_result = bi.scan_report(self.scan_url, 'XML')
result_xml = scan_result.data
xml_data = ET.fromstring(result_xml)
do_scan_dat = burp_scans(self.project_id, self.scan_url, self.scan_id)
do_scan_dat.burp_scan_data(xml_data)
