def _load(self):
"""
Load the treeview with database information
"""
self.commands_node = self.insert("",
"end",
"commands",
text="Commands",
image=CommandView.getClassIcon())
commands = Command.fetchObjects({})
for command in commands:
command_vw = CommandView(self, self.appli.commandsViewFrame,
self.appli, CommandController(command))
command_vw.addInTreeview()
self.group_command_node = self.insert(
"",
"end",
str("command_groups"),
text="Command Groups",
image=CommandGroupView.getClassIcon())
command_groups = CommandGroup.fetchObjects({})
for command_group in command_groups:
command_group_vw = CommandGroupView(
self, self.appli.commandsViewFrame, self.appli,
CommandGroupController(command_group))
command_group_vw.addInTreeview()
def prepareCalendar(self, dbName, pentest_type, start_date, end_date, scope, settings, pentesters):
"""
Initiate a pentest database with wizard info
Args:
dbName: the database name
pentest_type: a pentest type choosen from settings pentest_types. Used to select commands that will be launched by default
start_date: a begining date and time for the pentest
end_date: ending date and time for the pentest
scope: a list of scope valid string (IP, network IP or host name)
settings: a dict of settings with keys:
* "Add domains whose IP are in scope": if 1, will do a dns lookup on new domains and check if found IP is in scope
* "Add domains who have a parent domain in scope": if 1, will add a new domain if a parent domain is in scope
* "Add all domains found": Unsafe. if 1, all new domains found by tools will be considered in scope.
"""
commands = Command.getList({"$or":[{"types":{"$elemMatch":{"$eq":pentest_type}}}, {"types":{"$elemMatch":{"$eq":"Commun"}}}]})
if not commands:
commandslist = Command.getList()
if not commandslist:
dialog = ChildDialogQuestion(self.parent, "No command found", "There is no registered command in the database. Would you like to import the default set?")
self.parent.wait_window(dialog.app)
if dialog.rvalue != "Yes":
return
default = os.path.join(Utils.getMainDir(), "exports/pollenisator_commands.gzip")
res = self.importCommands(default)
if res:
default = os.path.join(Utils.getMainDir(), "exports/pollenisator_group_commands.gzip")
res = self.importCommands(default)
commands = Command.getList({"$or":[{"types":{"$elemMatch":{"$eq":pentest_type}}}, {"types":{"$elemMatch":{"$eq":"Commun"}}}]})
#Duplicate commands in local database
allcommands = Command.fetchObjects({})
for command in allcommands:
command.indb = MongoCalendar.getInstance().calendarName
command.addInDb()
Wave().initialize(dbName, commands).addInDb()
Interval().initialize(dbName, start_date, end_date).addInDb()
values = {"wave":dbName, "Scopes":scope, "Settings":False}
ScopeController(Scope()).doInsert(values)
self.settings.reloadSettings()
self.settings.db_settings["pentest_type"] = pentest_type
self.settings.db_settings["include_domains_with_ip_in_scope"] = settings['Add domains whose IP are in scope'] == 1
self.settings.db_settings["include_domains_with_topdomain_in_scope"] = settings["Add domains who have a parent domain in scope"] == 1
self.settings.db_settings["include_all_domains"] = settings["Add all domains found"] == 1
self.settings.db_settings["pentesters"] = list(map(lambda x: x.strip(), pentesters.split("\n")))
self.settings.save()
def openModifyWindow(self):
"""
Creates a tkinter form using Forms classes. This form aims to update or delete an existing Port
"""
modelData = self.controller.getData()
top_panel = self.form.addFormPanel(grid=True)
top_panel.addFormLabel("IP", row=0, column=0)
top_panel.addFormStr(
"IP", '', modelData["ip"], None, column=1, row=0, state="readonly")
top_panel.addFormLabel("Number", column=0, row=1)
top_panel.addFormStr(
"Number", '', modelData["port"], None, column=1, row=1, state="readonly")
top_panel.addFormLabel("Proto", row=2, column=0)
top_panel.addFormStr(
"Proto", '', modelData["proto"], None, column=1, row=2, state="readonly")
top_panel.addFormLabel("Service", row=3)
top_panel.addFormStr(
"Service", r"", modelData["service"], column=1, row=3)
if "http" in modelData["service"]:
top_panel.addFormButton(
"Open in browser", self.openInBrowser, column=2, row=3)
top_panel.addFormLabel("Product", row=4)
top_panel.addFormStr("Product", r"", modelData["product"], width=40, row=4, column=1)
top_panel = self.form.addFormPanel()
top_panel.addFormLabel("Notes", side="top")
top_panel.addFormText(
"Notes", r"", modelData["notes"], None, side="top", height=10)
top_panel.addFormLabel("Infos", side="left")
top_panel.addFormTreevw("Infos", ("Infos", "Values"),
modelData["infos"], side="left", width=300, fill="both", height=8, binds={"<Enter>": self.mainApp.unboundToMousewheelMain, "<Leave>": self.mainApp.boundToMousewheelMain})
command_list = Command.fetchObjects({"lvl": "port"})
command_names = ["None"]
for command_doc in command_list:
command_names.append(command_doc.name)
self.tool_panel = self.form.addFormPanel(grid=True)
self.tool_panel.addFormLabel("Tool to add")
self.tool_panel.addFormCombo(
"Tool to add", command_names, "None", column=1)
self.tool_panel.addFormButton("Add tool", self._addTool, column=2)
top_panel = self.form.addFormPanel(grid=True)
top_panel.addFormButton("Add a security defect",
self.addDefectCallback)
self.form.addFormHidden("ip", modelData["ip"])
self.completeModifyWindow()
def _load(self):
"""
Load the treeview with database information
"""
mongoInstance = MongoCalendar.getInstance()
dialog = ChildDialogProgress(self.appli, "Loading "+str(
mongoInstance.calendarName), "Opening "+str(mongoInstance.calendarName) + ". Please wait for a few seconds.", 200, "determinate")
step = 0
dialog.show(100)
nbObjects = mongoInstance.find("waves").count()
nbObjects += mongoInstance.find("scopes").count()
nbObjects += mongoInstance.find("intervals").count()
nbObjects += mongoInstance.find("scopes").count()
nbObjects += mongoInstance.find("ips").count()
nbObjects += mongoInstance.find("ports").count()
nbObjects += mongoInstance.find("tools").count()
nbObjects += mongoInstance.find("commands").count()
onePercentNbObject = nbObjects//100 if nbObjects > 100 else 1
nbObjectTreated = 0
for child in self.get_children():
self.delete(child)
self._hidden = []
self._detached = []
self.waves_node = self.insert("", "end", str(
"waves"), text="Waves", image=WaveView.getClassIcon())
# Loading every category separatly is faster than recursivly.
# This is due to cursor.next function calls in pymongo
# Adding wave objects
self.commands_node = self.insert(
"", "end", "commands", text="Commands", image=CommandView.getClassIcon())
commands = Command.fetchObjects({}, mongoInstance.calendarName)
for command in commands:
command_vw = CommandView(
self, self.appli.viewframe, self.appli, CommandController(command))
command_vw.addInTreeview()
waves = Wave.fetchObjects({})
for wave in waves:
wave_o = WaveController(wave)
wave_vw = WaveView(self, self.appli.viewframe, self.appli, wave_o)
wave_vw.addInTreeview(self.waves_node, False)
nbObjectTreated += 1
if nbObjectTreated % onePercentNbObject == 0:
step += 1
dialog.update(step)
scopes = Scope.fetchObjects({})
for scope in scopes:
scope_o = ScopeController(scope)
scope_vw = ScopeView(self, self.appli.viewframe, self.appli, scope_o)
scope_vw.addInTreeview(None, False)
nbObjectTreated += 1
if nbObjectTreated % onePercentNbObject == 0:
step += 1
dialog.update(step)
intervals = Interval.fetchObjects({})
for interval in intervals:
interval_o = IntervalController(interval)
interval_vw = IntervalView(self, self.appli.viewframe, self.appli, interval_o)
interval_vw.addInTreeview(None, False)
nbObjectTreated += 1
if nbObjectTreated % onePercentNbObject == 0:
step += 1
dialog.update(step)
# Adding ip objects
self.ips_node = self.insert("", "end", str(
"ips"), text="IPs", image=IpView.getClassIcon())
ips = Ip.fetchObjects({})
for ip in ips:
ip_o = IpController(ip)
ip_vw = IpView(self, self.appli.viewframe, self.appli, ip_o)
ip_vw.addInTreeview(None, False)
self.appli.statusbar.notify(ip_vw.controller.getTags())
nbObjectTreated += 1
if nbObjectTreated % onePercentNbObject == 0:
step += 1
dialog.update(step)
# Adding port objects
ports = Port.fetchObjects({})
for port in ports:
port_o = PortController(port)
port_vw = PortView(self, self.appli.viewframe, self.appli, port_o)
port_vw.addInTreeview(None, False)
self.appli.statusbar.notify(port_vw.controller.getTags())
nbObjectTreated += 1
if nbObjectTreated % onePercentNbObject == 0:
step += 1
dialog.update(step)
# Adding defect objects
defects = Defect.fetchObjects({"ip":{"$ne":""}})
for defect in defects:
defect_o = DefectController(defect)
defect_vw = DefectView(
self, self.appli.viewframe, self.appli, defect_o)
defect_vw.addInTreeview(None)
nbObjectTreated += 1
if nbObjectTreated % onePercentNbObject == 0:
step += 1
dialog.update(step)
# Adding tool objects
tools = Tool.fetchObjects({})
for tool in tools:
tool_o = ToolController(tool)
tool_vw = ToolView(self, self.appli.viewframe, self.appli, tool_o)
tool_vw.addInTreeview(None, False)
self.appli.statusbar.notify(tool_vw.controller.getTags())
nbObjectTreated += 1
if nbObjectTreated % onePercentNbObject == 0:
step += 1
dialog.update(step)
self.sort(self.ips_node)
self.appli.statusbar.update()
dialog.destroy()