def select_reports(page): """ this function created to crawl into submitted results, it shows last 10 results submitted in the database. you may change the page (default 1) to go to next/previous page. Args: page: page number Returns: list of events in array and JSON type, otherwise an error in JSON type. """ selected = [] session = create_connection() try: search_data = session.query(Report).order_by( Report.id.desc()).offset((page * 10) - 10).limit(10) for data in search_data: tmp = { "id": data.id, "date": data.date, "scan_unique_id": data.scan_unique_id, "report_path_filename": data.report_path_filename, "options": json.loads(data.options) } selected.append(tmp) except Exception: return structure(status="error", msg="database error!") return selected
def get_results_csv(): # todo: need to fix time format """ get host's logs through the API in JSON type Returns: an array with JSON events """ api_key_is_valid(app, flask_request) session = create_connection() result_id = get_value(flask_request, "id") if not result_id: return jsonify( structure(status="error", msg=messages("invalid_scan_id"))), 400 scan_details = session.query(Report).filter(Report.id == result_id).first() data = get_logs_by_scan_unique_id(scan_details.scan_unique_id) keys = data[0].keys() filename = ".".join( scan_details.report_path_filename.split('.')[:-1])[1:] + '.csv' with open(filename, "w") as report_path_filename: dict_writer = csv.DictWriter(report_path_filename, fieldnames=keys, quoting=csv.QUOTE_ALL) dict_writer.writeheader() for event in data: dict_writer.writerow( {key: value for key, value in event.items() if key in keys}) with open(filename, 'r') as report_path_filename: reader = report_path_filename.read() return Response( reader, mimetype='text/csv', headers={'Content-Disposition': 'attachment;filename=' + filename})
def get_results_json(): """ get host's logs through the API in JSON type Returns: an array with JSON events """ api_key_is_valid(app, flask_request) session = create_connection() result_id = get_value(flask_request, "id") if not result_id: return jsonify( structure( status="error", msg=messages("invalid_scan_id") ) ), 400 scan_details = session.query(Report).filter(Report.id == result_id).first() json_object = json.dumps( get_logs_by_scan_unique_id( scan_details.scan_unique_id ) ) filename = ".".join(scan_details.report_path_filename.split('.')[:-1])[1:] + '.json' return Response( json_object, mimetype='application/json', headers={ 'Content-Disposition': 'attachment;filename=' + filename } )
def session_check(): """ check the session if it's valid Returns: a JSON message if it's valid otherwise abort(401) """ api_key_is_valid(app, flask_request) return jsonify( structure(status="ok", msg=messages("browser_session_valid"))), 200
def error_404(error): """ handle the 404 HTTP error Args: error: the flask error Returns: 404 JSON error """ return jsonify(structure(status="error", msg=messages("not_found"))), 404
def error_403(error): """ handle the 403 HTTP error Args: error: the flask error Returns: 403 JSON error """ return jsonify(structure(status="error", msg=error.description)), 403
def session_kill(): """ unset session on the browser Returns: a 200 HTTP response with set-cookie to "expired" to unset the cookie on the browser """ res = make_response( jsonify(structure(status="ok", msg=messages("browser_session_killed")))) res.set_cookie("key", "", expires=0) return res
def get_scan_result(id): """ this function created to download results by the result ID. Args: id: scan id Returns: result file content (TEXT, HTML, JSON) if success otherwise and error in JSON type. """ session = create_connection() try: try: filename = session.query(Report).filter_by( id=id).first().report_path_filename[1:-1] # for some reason filename saved like "filename" with double quotes in the beginning and end return open(str(filename), 'rb').read(), 200 except Exception: return jsonify( structure(status="error", msg="cannot find the file!")), 400 except Exception: return jsonify(structure(status="error", msg="database error!")), 200
def session_set(): """ set session on the browser Returns: 200 HTTP response if session is valid and a set-cookie in the response if success otherwise abort(403) """ api_key_is_valid(app, flask_request) res = make_response( jsonify(structure(status="ok", msg=messages("browser_session_valid")))) res.set_cookie( "key", value=app.config["OWASP_NETTACKER_CONFIG"]["api_access_key"]) return res
def get_result_content(): """ get a result HTML/TEXT/JSON content Returns: content of the scan result """ api_key_is_valid(app, flask_request) scan_id = get_value(flask_request, "id") if not scan_id: return jsonify( structure( status="error", msg=messages("invalid_scan_id") ) ), 400 return get_scan_result(scan_id)
def get_result_content(): """ get a result HTML/TEXT/JSON content Returns: content of the scan result """ api_key_is_valid(app, flask_request) scan_id = get_value(flask_request, "id") if not scan_id: return jsonify( structure(status="error", msg=messages("invalid_scan_id"))), 400 filename, file_content = get_scan_result(scan_id) return Response(file_content, mimetype=mime_types().get( os.path.splitext(filename)[1], "text/plain"), headers={ 'Content-Disposition': 'attachment;filename=' + filename.split('/')[-1] })
def last_host_logs(page): """ this function created to select the last 10 events from the database. you can goto next page by changing page value. Args: page: page number Returns: an array of events in JSON type if success otherwise an error in JSON type """ session = create_connection() hosts = [ { "target": host.target, "info": { "module_name": [ _.module_name for _ in session.query(HostsLog).filter( HostsLog.target == host.target).group_by( HostsLog.module_name).all() ], "date": session.query(HostsLog).filter( HostsLog.target == host.target).order_by( HostsLog.id.desc()).first().date, # "options": [ # unnecessary data? # _.options for _ in session.query(HostsLog).filter( # HostsLog.target == host.target # ).all() # ], "events": [ _.event for _ in session.query(HostsLog).filter( HostsLog.target == host.target).all() ], } } for host in session.query(HostsLog).group_by(HostsLog.target).order_by( HostsLog.id.desc()).offset((page * 10) - 10).limit(10) ] if len(hosts) == 0: return structure(status="finished", msg="No more search results") return hosts
def search_logs(page, query): """ search in events (host, date, port, module, category, description, username, password, scan_unique_id, scan_cmd) Args: page: page number query: query to search Returns: an array with JSON structure of founded events or an empty array """ session = create_connection() selected = [] try: for host in session.query(HostsLog).filter( (HostsLog.target.like("%" + str(query) + "%")) | (HostsLog.date.like("%" + str(query) + "%")) | (HostsLog.module_name.like("%" + str(query) + "%")) | (HostsLog.options.like("%" + str(query) + "%")) | (HostsLog.event.like("%" + str(query) + "%")) | (HostsLog.scan_unique_id.like("%" + str(query) + "%"))).group_by( HostsLog.target).order_by( HostsLog.id.desc()).offset((page * 10) - 10).limit(10): for data in session.query(HostsLog).filter( HostsLog.target == str(host.target)).group_by( HostsLog.module_name, HostsLog.options, HostsLog.scan_unique_id, HostsLog.event).order_by(HostsLog.id.desc()).all(): n = 0 capture = None for selected_data in selected: if selected_data["target"] == host.target: capture = n n += 1 if capture is None: tmp = { "target": data.target, "info": { "module_name": [], "options": [], "date": [], "event": [], } } selected.append(tmp) n = 0 for selected_data in selected: if selected_data["target"] == host.target: capture = n n += 1 if data.target == selected[capture]["target"]: if data.module_name not in selected[capture]["info"][ "module_name"]: selected[capture]["info"]["module_name"].append( data.module_name) if data.date not in selected[capture]["info"]["date"]: selected[capture]["info"]["date"].append(data.date) if data.options not in selected[capture]["info"][ "options"]: selected[capture]["info"]["options"].append( json.loads(data.options)) if data.event not in selected[capture]["info"]["event"]: selected[capture]["info"]["event"].append( json.loads(data.event)) except Exception: return structure(status="error", msg="database error!") if len(selected) == 0: return structure(status="finished", msg="No more search results") return selected