def launchCallback(self, _event=None):
"""
Callback for the launch tool button. Will queue this tool to a celery worker. #TODO move to ToolController
Will try to launch respecting limits first. If it does not work, it will asks the user to force launch.
Args:
_event: Automatically generated with a button Callback, not used.
"""
res = self.safeLaunchCallback()
if not res:
dialog = ChildDialogQuestion(
self.appliViewFrame, "Safe queue failed",
"This tool cannot be launched because no worker add space for its thread.\nDo you want to launch it anyway?"
)
self.appliViewFrame.wait_window(dialog.app)
answer = dialog.rvalue
if answer == "Yes":
mongoInstance = MongoCalendar.getInstance()
res = self.mainApp.scanManager.monitor.launchTask(
mongoInstance.calendarName, self.controller.model, "",
False)
if res:
self.controller.update()
self.form.clear()
for widget in self.appliViewFrame.winfo_children():
widget.destroy()
self.openModifyWindow()
def removeItem(self, toDeleteIid):
"""
Remove defect from given iid in defect treeview
Args:
toDeleteIid: database ID of defect to delete
"""
item = self.treevw.item(toDeleteIid)
dialog = ChildDialogQuestion(
self.parent, "DELETE WARNING",
"Are you sure you want to delete defect " + str(item["text"]) +
" ?", ["Delete", "Cancel"])
self.parent.wait_window(dialog.app)
if dialog.rvalue != "Delete":
return
self.treevw.delete(toDeleteIid)
defectToDelete = Defect.fetchObject({
"title": item["text"],
"ip": "",
"port": "",
"proto": ""
})
if defectToDelete is not None:
if defectToDelete.index is not None:
index = int(defectToDelete.index)
children = self.treevw.get_children()
for i in range(index + 1, len(children), 1):
d_o = Defect({"_id": children[i]})
d_o.update({"index": str(i)})
defectToDelete.delete()
self.resizeDefectTreeview()
def prepareCalendar(self, dbName, pentest_type, start_date, end_date, scope, settings, pentesters):
"""
Initiate a pentest database with wizard info
Args:
dbName: the database name
pentest_type: a pentest type choosen from settings pentest_types. Used to select commands that will be launched by default
start_date: a begining date and time for the pentest
end_date: ending date and time for the pentest
scope: a list of scope valid string (IP, network IP or host name)
settings: a dict of settings with keys:
* "Add domains whose IP are in scope": if 1, will do a dns lookup on new domains and check if found IP is in scope
* "Add domains who have a parent domain in scope": if 1, will add a new domain if a parent domain is in scope
* "Add all domains found": Unsafe. if 1, all new domains found by tools will be considered in scope.
"""
commands = Command.getList({"$or":[{"types":{"$elemMatch":{"$eq":pentest_type}}}, {"types":{"$elemMatch":{"$eq":"Commun"}}}]})
if not commands:
commandslist = Command.getList()
if not commandslist:
dialog = ChildDialogQuestion(self.parent, "No command found", "There is no registered command in the database. Would you like to import the default set?")
self.parent.wait_window(dialog.app)
if dialog.rvalue != "Yes":
return
default = os.path.join(Utils.getMainDir(), "exports/pollenisator_commands.gzip")
res = self.importCommands(default)
if res:
default = os.path.join(Utils.getMainDir(), "exports/pollenisator_group_commands.gzip")
res = self.importCommands(default)
commands = Command.getList({"$or":[{"types":{"$elemMatch":{"$eq":pentest_type}}}, {"types":{"$elemMatch":{"$eq":"Commun"}}}]})
#Duplicate commands in local database
allcommands = Command.fetchObjects({})
for command in allcommands:
command.indb = MongoCalendar.getInstance().calendarName
command.addInDb()
Wave().initialize(dbName, commands).addInDb()
Interval().initialize(dbName, start_date, end_date).addInDb()
values = {"wave":dbName, "Scopes":scope, "Settings":False}
ScopeController(Scope()).doInsert(values)
self.settings.reloadSettings()
self.settings.db_settings["pentest_type"] = pentest_type
self.settings.db_settings["include_domains_with_ip_in_scope"] = settings['Add domains whose IP are in scope'] == 1
self.settings.db_settings["include_domains_with_topdomain_in_scope"] = settings["Add domains who have a parent domain in scope"] == 1
self.settings.db_settings["include_all_domains"] = settings["Add all domains found"] == 1
self.settings.db_settings["pentesters"] = list(map(lambda x: x.strip(), pentesters.split("\n")))
self.settings.save()
def downloadResultFile(self, _event=None):
"""Callback for tool click #TODO move to ToolController
Download the tool result file and asks the user if he or she wants to open it.
If OK, tries to open it using xdg-open or os.startsfile
Args:
_event: not used
"""
fs = FileStorage()
fs.open()
path = None
if fs.sftp_connection is not None:
dialog = ChildDialogInfo(self.appliViewFrame, "Download Started",
"Downloading...")
resultFile = self.controller.getResultFile()
dialog.show()
if resultFile != "" and resultFile is not None:
path = fs.getToolResult(resultFile)
else:
tkinter.messagebox.showerror(
"Download failed", "The result file does not exist.")
dialog.destroy()
else:
tkinter.messagebox.showerror("Download failed",
"The sftp connection failed.")
return
fs.close()
if path is not None:
if os.path.isfile(path):
if which("xdg-open") is not None:
dialog = ChildDialogQuestion(
self.appliViewFrame,
"Download completed",
"The file has been downloaded.\n Would you like to open it?",
answers=["Open", "Cancel"])
self.appliViewFrame.wait_window(dialog.app)
if dialog.rvalue == "Open":
Utils.execute("xdg-open " + path)
return
else:
return
path = None
if path is None:
tkinter.messagebox.showerror(
"Download failed", "the file does not exist on sftp server")
def deleteSelected(self, _event):
"""
Interface to delete a database object from an event.
Prompt the user a confirmation window.
Args:
_event: not used, a ttk Treeview event autofilled. Contains information on what treeview node was clicked.
"""
n = len(self.selection())
dialog = ChildDialogQuestion(
self.parentFrame, "DELETE WARNING",
"Becareful for you are about to delete " + str(n) +
" entries and there is no turning back.", ["Delete", "Cancel"])
self.wait_window(dialog.app)
if dialog.rvalue != "Delete":
return
for selected in self.selection():
view = self.getViewFromId(selected)
if view is not None:
view.delete(None, False)
def openInBrowser(self, _event=None):
"""Callback of action Open 200 in browser
Open all 200 status code in browser as tabs. If more that 10 status code 200 are to be opened, shows a warning.
Args:
_event: not used but mandatory
"""
ssl = self.port_m.infos.get("SSL", "False")
paths = self.port_m.infos.get("Dirsearch_200", [])
url_base = "https://" if ssl == "True" else "http://"
toplevel = tk.Toplevel()
if len(paths) > 10:
dialog = ChildDialogQuestion(toplevel,
"OPEN WARNING", "Becareful for you are about to open "+str(len(paths)) + "in your browser. This may a bit too much.", ["Continue", "Cancel"])
toplevel.wait_window(dialog.app)
if dialog.rvalue != "Continue":
return
toplevel.destroy()
for path in paths:
url = url_base + self.port_m.ip+":"+str(self.port_m.port)+path
webbrowser.open_new_tab(url)