def prepareCalendar(self, dbName, pentest_type, start_date, end_date, scope, settings, pentesters):
"""
Initiate a pentest database with wizard info
Args:
dbName: the database name
pentest_type: a pentest type choosen from settings pentest_types. Used to select commands that will be launched by default
start_date: a begining date and time for the pentest
end_date: ending date and time for the pentest
scope: a list of scope valid string (IP, network IP or host name)
settings: a dict of settings with keys:
* "Add domains whose IP are in scope": if 1, will do a dns lookup on new domains and check if found IP is in scope
* "Add domains who have a parent domain in scope": if 1, will add a new domain if a parent domain is in scope
* "Add all domains found": Unsafe. if 1, all new domains found by tools will be considered in scope.
"""
commands = Command.getList({"$or":[{"types":{"$elemMatch":{"$eq":pentest_type}}}, {"types":{"$elemMatch":{"$eq":"Commun"}}}]})
if not commands:
commandslist = Command.getList()
if not commandslist:
dialog = ChildDialogQuestion(self.parent, "No command found", "There is no registered command in the database. Would you like to import the default set?")
self.parent.wait_window(dialog.app)
if dialog.rvalue != "Yes":
return
default = os.path.join(Utils.getMainDir(), "exports/pollenisator_commands.gzip")
res = self.importCommands(default)
if res:
default = os.path.join(Utils.getMainDir(), "exports/pollenisator_group_commands.gzip")
res = self.importCommands(default)
commands = Command.getList({"$or":[{"types":{"$elemMatch":{"$eq":pentest_type}}}, {"types":{"$elemMatch":{"$eq":"Commun"}}}]})
#Duplicate commands in local database
allcommands = Command.fetchObjects({})
for command in allcommands:
command.indb = MongoCalendar.getInstance().calendarName
command.addInDb()
Wave().initialize(dbName, commands).addInDb()
Interval().initialize(dbName, start_date, end_date).addInDb()
values = {"wave":dbName, "Scopes":scope, "Settings":False}
ScopeController(Scope()).doInsert(values)
self.settings.reloadSettings()
self.settings.db_settings["pentest_type"] = pentest_type
self.settings.db_settings["include_domains_with_ip_in_scope"] = settings['Add domains whose IP are in scope'] == 1
self.settings.db_settings["include_domains_with_topdomain_in_scope"] = settings["Add domains who have a parent domain in scope"] == 1
self.settings.db_settings["include_all_domains"] = settings["Add all domains found"] == 1
self.settings.db_settings["pentesters"] = list(map(lambda x: x.strip(), pentesters.split("\n")))
self.settings.save()
def openInsertWindow(self):
"""
Creates a tkinter form using Forms classes. This form aims to insert a new Wave
"""
top_panel = self.form.addFormPanel(grid=True)
top_panel.addFormLabel("Wave")
top_panel.addFormStr("Wave", r".+", "", column=1)
self.form.addFormHelper("Only selected commands will be launchable.")
self.form.addFormChecklist("Commands", Command.getList(), [])
self.completeInsertWindow()
def openModifyWindow(self):
"""
Creates a tkinter form using Forms classes. This form aims to update or delete an existing Wave
"""
modelData = self.controller.getData()
top_panel = self.form.addFormPanel(grid=True)
top_panel.addFormLabel("Wave", modelData["wave"])
self.form.addFormHelper(
"If you select a previously unselected command,\n it will be added to every object of its level.\nIf you unselect a previously selected command,\n it will remove only tools that are not already done."
)
self.form.addFormChecklist("Commands", Command.getList(),
modelData["wave_commands"])
self.completeModifyWindow()
def refreshUI(self):
"""Reload informations and renew widgets"""
mongoInstance = MongoCalendar.getInstance()
workernames = self.monitor.getWorkerList()
running_scans = Tool.fetchObjects({"status":"running"})
for children in self.scanTv.get_children():
self.scanTv.delete(children)
for running_scan in running_scans:
self.scanTv.insert('','end', running_scan.getId(), text=running_scan.name, values=(running_scan.dated), image=self.running_icon)
for children in self.workerTv.get_children():
self.workerTv.delete(children)
registeredCommands = set()
for workername in workernames:
try:
worker_node = self.workerTv.insert(
'', 'end', workername, text=workername, image=self.ok_icon)
except tk.TclError:
worker_node = self.workerTv.item(workername)
worker_registered = mongoInstance.findInDb("pollenisator", "workers", {"name":workername}, False)
commands_registered = worker_registered["registeredCommands"]
for command in commands_registered:
try:
self.workerTv.insert(
worker_node, 'end', command, text=command, image=self.ok_icon)
except tk.TclError:
pass
registeredCommands.add(str(command))
allCommands = Command.getList(None, mongoInstance.calendarName)
for command in allCommands:
if command not in registeredCommands:
try:
self.workerTv.insert(
worker_node, '0', 'notRegistered|'+command, text=command, image=self.nok_icon)
except tk.TclError:
pass
else:
try:
self.workerTv.delete('notRegistered|'+command)
except tk.TclError:
pass
if len(registeredCommands) > 0 and self.btn_autoscan is None:
if self.running_auto_scans:
self.btn_autoscan = ttk.Button(
self.parent, text="Stop Scanning", command=self.stopAutoscan)
self.btn_autoscan.pack()
else:
self.btn_autoscan = ttk.Button(
self.parent, text="Start Scanning", command=self.startAutoscan)
self.btn_autoscan.pack()
def initUI(self, parent):
"""Create widgets and initialize them
Args:
parent: the parent tkinter widget container."""
if self.workerTv is not None:
self.refreshUI()
return
mongoInstance = MongoCalendar.getInstance()
self.parent = parent
### WORKER TREEVIEW : Which worker knows which commands
lblworker = ttk.Label(self.parent, text="Workers:")
lblworker.pack(side=tk.TOP, padx=10, pady=5, fill=tk.X)
self.workerTv = ttk.Treeview(self.parent)
self.workerTv['columns'] = ('workers')
self.workerTv.heading("#0", text='Workers', anchor=tk.W)
self.workerTv.column("#0", anchor=tk.W)
self.workerTv.pack(side=tk.TOP, padx=10, pady=10, fill=tk.X)
registeredCommands = set()
workernames = self.monitor.getWorkerList()
for workername in workernames:
worker_node = self.workerTv.insert('',
'end',
workername,
text=workername,
image=self.ok_icon)
commands_registered = mongoInstance.getRegisteredCommands(
workername)
for command in commands_registered:
self.workerTv.insert(worker_node,
'end',
None,
text=command,
image=self.ok_icon)
registeredCommands.add(str(command))
allCommands = Command.getList()
for command in allCommands:
if command not in registeredCommands:
try:
self.workerTv.insert('',
'end',
'notRegistered',
text='Laking commands',
image=self.nok_icon)
except tk.TclError:
self.workerTv.item('notRegistered')
try:
self.workerTv.insert('notRegistered',
'end',
'notRegistered|' + str(command),
text=str(command),
image=self.nok_icon)
except tk.TclError:
pass
#### TREEVIEW SCANS : overview of ongoing auto scan####
lblscan = ttk.Label(self.parent, text="Scan overview:")
lblscan.pack(side=tk.TOP, padx=10, pady=5, fill=tk.X)
self.scanTv = ttk.Treeview(self.parent)
self.scanTv['columns'] = ('Started at')
self.scanTv.heading("#0", text='Scans', anchor=tk.W)
self.scanTv.column("#0", anchor=tk.W)
self.scanTv.pack(side=tk.TOP, padx=10, pady=10, fill=tk.X)
self.scanTv.bind("<Double-Button-1>", self.OnDoubleClick)
running_scans = Tool.fetchObjects({"status": "running"})
for running_scan in running_scans:
self.scanTv.insert('',
'end',
running_scan.getId(),
text=running_scan.name,
values=(running_scan.dated),
image=self.running_icon)
#### BUTTONS FOR AUTO SCANNING ####
if len(registeredCommands) > 0:
if self.running_auto_scans:
self.btn_autoscan = ttk.Button(self.parent,
text="Stop Scanning",
command=self.stopAutoscan)
self.btn_autoscan.pack()
else:
self.btn_autoscan = ttk.Button(self.parent,
text="Start Scanning",
command=self.startAutoscan)
self.btn_autoscan.pack()
btn_parse_scans = ttk.Button(self.parent,
text="Parse existing files",
command=self.parseFiles)
btn_parse_scans.pack()