def AddGithubIssue(self, title='Bug report from OWTF', info=None, user=None): # TODO: Has to be ported to use db and infact add to interface. # Once db is implemented, better verbosity will be easy. error_data = self.db.ErrorData() for item in error_data: if item.startswith('Message'): title = item[len('Message:'):] break data = {'title':'[Auto-Generated] ' + title, 'body':''} # For github markdown. data['body'] = '#### OWTF Bug Report\n\n```' + \ '\n'.join(error_data) + '```\n' if info: data['body'] += "\n#### User Report\n\n" data['body'] += info if user: data['body'] += "\n\n#### %s" % user data = json.dumps(data) # Converted to string. headers = { "Content-Type": "application/json", "Authorization": "token " + self.config.Get("GITHUB_BUG_REPORTER_TOKEN") } request = urllib2.Request( self.config.Get("GITHUB_API_ISSUES_URL"), headers=headers, data=data) response = urllib2.urlopen(request) decoded_resp = json.loads(response.read()) if response.code == 201: cprint("Issue URL: " + decoded_resp["url"]) return True else: return False
def get(self, plugin_group=None, plugin_type=None, plugin_code=None): try: filter_data = dict(self.request.arguments) if not plugin_group: # Check if plugin_group is present in url self.write(self.get_component("db_plugin").GetAll(filter_data)) if plugin_group and (not plugin_type) and (not plugin_code): filter_data.update({"group": plugin_group}) self.write(self.get_component("db_plugin").GetAll(filter_data)) if plugin_group and plugin_type and (not plugin_code): if plugin_type not in self.get_component("db_plugin").GetTypesForGroup(plugin_group): raise tornado.web.HTTPError(400) filter_data.update({"type": plugin_type, "group": plugin_group}) self.write(self.get_component("db_plugin").GetAll(filter_data)) if plugin_group and plugin_type and plugin_code: if plugin_type not in self.get_component("db_plugin").GetTypesForGroup(plugin_group): raise tornado.web.HTTPError(400) filter_data.update({"type": plugin_type, "group": plugin_group, "code": plugin_code}) results = self.get_component("db_plugin").GetAll(filter_data) # This combination will be unique, so have to return a dict if results: self.write(results[0]) else: raise tornado.web.HTTPError(400) except exceptions.InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def Authenticate(self): self.TOR_Connection.send('AUTHENTICATE "{0}"\r\n'.format(self.password)) responce = self.TOR_Connection.recv(1024) if responce.startswith('250'): #250 is the success responce cprint("Successfully Authenticated to TOR control") else: self.core.Error.FrameworkAbort("Authentication Error : " + responce)
def Add(self, message, bugType='owtf'): if bugType == 'owtf': return self.AddOWTFBug(message) else: output = self.Padding + message + self.SubPadding cprint(output) self.LogError(message)
def GetTargetURLForID(self, ID): target_obj = self.Core.DB.session.query(models.Target).get(ID) if not target_obj: cprint("Failing with ID:" + str(ID)) raise InvalidTargetReference( "Target doesn't exist with ID: " + str(ID)) return(target_obj.target_url)
def post(self, target_id=None, transaction_id=None): # handles actual zest script creation if not target_id: # does not make sense if no target id provided raise tornado.web.HTTPError(400) try: if transaction_id: Scr_Name = self.get_argument('name', '') if not self.application.Core.zest.TargetScriptFromSingleTransaction( transaction_id, Scr_Name, target_id ): #zest script creation from single transaction self.write({"exists": "true"}) else: # multiple transactions trans_list = self.get_argument('trans', '') # get transaction ids Scr_Name = self.get_argument('name', '') # get script name transactions = json.loads( trans_list) # convert to string from json if not self.application.Core.zest.TargetScriptFromMultipleTransactions( target_id, Scr_Name, transactions ): #zest script creation from multiple transactions self.write({"exists": "true"}) except exceptions.InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def Finish(self, status='Complete', report=True): if getattr(self, "TOR_process", None) is not None: self.TOR_process.terminate() # TODO: Fix this for lions_2014 # if self.DB.Config.Get('SIMULATION'): # exit() try: self.KillChildProcesses(multiprocessing.current_process().pid) except: pass try: self.PluginHandler.CleanUp() except AttributeError: # DB not instantiated yet! pass finally: if getattr(self, "ProxyMode", None) is not None: try: cprint("Stopping inbound proxy processes and " "cleaning up, Please wait!") self.KillChildProcesses(self.ProxyProcess.pid) self.ProxyProcess.terminate() # No signal is generated during closing process by # terminate() self.TransactionLogger.poison_q.put('done') self.TransactionLogger.join() except: # It means the proxy was not started. pass exit()
def GetTargetURLForID(self, ID): target_obj = self.db.session.query(models.Target).get(ID) if not target_obj: cprint("Failing with ID: %s" % str(ID)) raise InvalidTargetReference("Target doesn't exist with ID: %s" % str(ID)) return target_obj.target_url
def GetIPFromHostname(self, hostname): ip = '' # IP validation based on @marcwickenden's pull request, thanks! for sck in [socket.AF_INET, socket.AF_INET6]: try: socket.inet_pton(sck, hostname) ip = hostname break except socket.error: continue if not ip: try: ip = socket.gethostbyname(hostname) except socket.gaierror: raise UnresolvableTargetException( "Unable to resolve : " + hostname); ipchunks = ip.strip().split("\n") alternative_IPs = [] if len(ipchunks) > 1: ip = ipchunks[0] cprint( hostname + " has several IP addresses: (" + ", ".join(ipchunks)[0:-3] + "). Choosing first: " + ip + "") alternative_IPs = ipchunks[1:] self.Set('alternative_ips', alternative_IPs) ip = ip.strip() self.Set('INTERNAL_IP', self.Core.IsIPInternal(ip)) cprint("The IP address for " + hostname + " is: '" + ip + "'") return ip
def Finish(self, status='Complete', report=True): if getattr(self, "TOR_process", None) is not None: self.TOR_process.terminate() # TODO: Fix this for lions_2014 # if self.DB.Config.Get('SIMULATION'): # exit() try: self.KillChildProcesses(multiprocessing.current_process().pid) except: pass try: self.PluginHandler.CleanUp() except AttributeError: # DB not instantiated yet! pass finally: if getattr(self, "ProxyMode", None) is not None: try: cprint( "Stopping inbound proxy processes and " "cleaning up, Please wait!") self.KillChildProcesses(self.ProxyProcess.pid) self.ProxyProcess.terminate() # No signal is generated during closing process by # terminate() self.TransactionLogger.poison_q.put('done') self.TransactionLogger.join() except: # It means the proxy was not started. pass exit()
def AddGithubIssue(self, title='Bug report from OWTF', info=None, user=None): # TODO: Has to be ported to use db and infact add to interface. # Once db is implemented, better verbosity will be easy. error_data = self.db.ErrorData() for item in error_data: if item.startswith('Message'): title = item[len('Message:'):] break data = {'title': '[Auto-Generated] %s' % title, 'body': ''} # For github markdown. data['body'] = '#### OWTF Bug Report\n\n```\n%s```\n' % error_data if info: data['body'] += "\n#### User Report\n\n" data['body'] += info if user: data['body'] += "\n\n#### %s" % user data = json.dumps(data) # Converted to string. headers = { "Content-Type": "application/json", "Authorization": "token " + self.config.Get("GITHUB_BUG_REPORTER_TOKEN") } request = urllib2.Request(self.config.Get("GITHUB_API_ISSUES_URL"), headers=headers, data=data) response = urllib2.urlopen(request) decoded_resp = json.loads(response.read()) if response.code == 201: cprint("Issue URL: %s" % decoded_resp["url"]) return True else: return False
def get(self, target_id=None, transaction_id=None): # get handles zest consoles functions if not target_id: # does not make sense if no target id provided raise tornado.web.HTTPError(400) try: args = self.request.arguments if(not any(args)): # check if arguments is empty then load zest console target_scripts, record_scripts = self.get_component("zest").GetAllScripts(target_id) tdict = {} tdict["target_scripts"] = target_scripts tdict["recorded_scripts"] = record_scripts self.write(tdict) elif 'script' in args and 'record' in args and 'run' not in args: # get zest script content if args['record'][0] == "true": # record script content = self.get_component("zest").GetRecordScriptContent(args['script'][0]) else: # target script content = self.get_component("zest").GetTargetScriptContent(target_id, args['script'][0]) self.write({"content": content}) elif 'script' in args and 'record'in args and 'run' in args: # runner handling if args['run'][0] == "true": if args['record'][0] == "true": # run record script result = self.get_component("zest").RunRecordScript(args['script'][0]) else: # run target script result = self.get_component("zest").RunTargetScript(target_id, args['script'][0]) self.write({"result": result}) else: if ('script' not in args) and ('record' in args): # Recorder handling if (args['record'][0] == "true") and ('file' in args): if not self.get_component("zest").StartRecorder(args['file'][0]): self.write({"exists": "true"}) else: self.get_component("zest").StopRecorder() except exceptions.InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def get(self, target_id=None, plugin_group=None, plugin_type=None, plugin_code=None): try: filter_data = dict(self.request.arguments) if not plugin_group: # First check if plugin_group is present in url self.write(self.get_component("plugin_output").GetAll(filter_data, target_id=int(target_id))) if plugin_group and (not plugin_type): filter_data.update({"plugin_group": plugin_group}) self.write(self.get_component("plugin_output").GetAll(filter_data, target_id=int(target_id))) if plugin_type and plugin_group and (not plugin_code): if plugin_type not in self.get_component("db_plugin").GetTypesForGroup(plugin_group): raise tornado.web.HTTPError(400) filter_data.update({"plugin_type": plugin_type, "plugin_group": plugin_group}) self.write(self.get_component("plugin_output").GetAll(filter_data, target_id=int(target_id))) if plugin_type and plugin_group and plugin_code: if plugin_type not in self.get_component("db_plugin").GetTypesForGroup(plugin_group): raise tornado.web.HTTPError(400) filter_data.update({"plugin_type": plugin_type, "plugin_group": plugin_group, "plugin_code": plugin_code}) results = self.get_component("plugin_output").GetAll(filter_data, target_id=int(target_id)) if results: self.write(results[0]) else: raise tornado.web.HTTPError(400) except exceptions.InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400) except exceptions.InvalidParameterType as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def delete(self, target_id=None, plugin_group=None, plugin_type=None, plugin_code=None): try: filter_data = dict(self.request.arguments) if not plugin_group: # First check if plugin_group is present in url self.get_component("plugin_output").DeleteAll(filter_data, target_id=int(target_id)) if plugin_group and (not plugin_type): filter_data.update({"plugin_group": plugin_group}) self.get_component("plugin_output").DeleteAll(filter_data, target_id=int(target_id)) if plugin_type and plugin_group and (not plugin_code): if plugin_type not in self.get_component("db_plugin").GetTypesForGroup(plugin_group): raise tornado.web.HTTPError(400) filter_data.update({"plugin_type": plugin_type, "plugin_group": plugin_group}) self.get_component("plugin_output").DeleteAll(filter_data, target_id=int(target_id)) if plugin_type and plugin_group and plugin_code: if plugin_type not in self.get_component("db_plugin").GetTypesForGroup(plugin_group): raise tornado.web.HTTPError(400) filter_data.update({ "plugin_type": plugin_type, "plugin_group": plugin_group, "plugin_code": plugin_code }) self.get_component("plugin_output").DeleteAll(filter_data, target_id=int(target_id)) except exceptions.InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400) except exceptions.InvalidParameterType as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def GetIPFromHostname(self, hostname): ip = '' # IP validation based on @marcwickenden's pull request, thanks! for sck in [socket.AF_INET, socket.AF_INET6]: try: socket.inet_pton(sck, hostname) ip = hostname break except socket.error: continue if not ip: try: ip = socket.gethostbyname(hostname) except socket.gaierror: raise UnresolvableTargetException("Unable to resolve: '%s'" % hostname) ipchunks = ip.strip().split("\n") alternative_IPs = [] if len(ipchunks) > 1: ip = ipchunks[0] cprint(hostname + " has several IP addresses: (" + ", ".join(ipchunks)[0:-3] + "). Choosing first: " + ip + "") alternative_IPs = ipchunks[1:] self.Set('alternative_ips', alternative_IPs) ip = ip.strip() self.Set('INTERNAL_IP', is_internal_ip(ip)) logging.info("The IP address for %s is: '%s'" % (hostname, ip)) return ip
def get(self, target_id=None, transaction_id=None): # get handles zest consoles functions if not target_id: # does not make sense if no target id provided raise tornado.web.HTTPError(400) try: args = self.request.arguments if(not any(args)): # check if arguments is empty then load zest console target_scripts, record_scripts = self.get_component("zest").GetAllScripts(target_id) tdict = {} tdict["target_scripts"] = target_scripts tdict["recorded_scripts"] = record_scripts self.write(tdict) elif 'script' in args and 'record' in args and 'run' not in args: # get zest script content if args['record'][0] == "true": # record script content = self.get_component("zest").GetRecordScriptContent(args['script'][0]) else: # target script content = self.get_component("zest").GetTargetScriptContent(target_id, args['script'][0]) self.write({"content": content}) elif 'script' in args and 'record'in args and 'run' in args: # runner handling if args['run'][0] == "true": if args['record'][0] == "true": # run record script result = self.get_component("zest").RunRecordScript(args['script'][0]) else: # run target script result = self.get_component("zest").RunTargetScript(target_id, args['script'][0]) self.write({"result": result}) else: if 'script' not in args and 'record' in args: # Recorder handling if args['record'][0] == "true" and 'file' in args: if not self.get_component("zest").StartRecorder(args['file'][0]): self.write({"exists": "true"}) else: self.get_component("zest").StopRecorder() except exceptions.InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def get(self, plugin_group=None, plugin_type=None, plugin_code=None): try: filter_data = dict(self.request.arguments) if not plugin_group: # Check if plugin_group is present in url self.write(self.get_component("db_plugin").GetAll(filter_data)) if plugin_group and (not plugin_type) and (not plugin_code): filter_data.update({"group": plugin_group}) self.write(self.get_component("db_plugin").GetAll(filter_data)) if plugin_group and plugin_type and (not plugin_code): if plugin_type not in self.get_component("db_plugin").GetTypesForGroup(plugin_group): raise tornado.web.HTTPError(400) filter_data.update({"type": plugin_type, "group": plugin_group}) self.write(self.get_component("db_plugin").GetAll(filter_data)) if plugin_group and plugin_type and plugin_code: if plugin_type not in self.get_component("db_plugin").GetTypesForGroup(plugin_group): raise tornado.web.HTTPError(400) filter_data.update({"type": plugin_type, "group": plugin_group, "code": plugin_code}) # This combination will be unique, so have to return a dict results = self.get_component("db_plugin").GetAll(filter_data) if results: self.write(results[0]) else: raise tornado.web.HTTPError(400) except exceptions.InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def intialise_proxy_manager(options): """ Proxy Manager initialization. :param dict options: Proxy manager configuration parameters. """ proxy_manager = None if options['Botnet_mode'] is not None: proxy_manager = Proxy_manager() answer = "Yes" proxies = [] if options['Botnet_mode'][0] == "miner": miner = Proxy_Miner() proxies = miner.start_miner() if options['Botnet_mode'][0] == "list": # load proxies from list proxies = proxy_manager.load_proxy_list( options['Botnet_mode'][1] ) answer = raw_input( "[#] Do you want to check the proxy list? [Yes/no] : " ) if answer.upper() in ["", "YES", "Y"]: proxy_q = multiprocessing.Queue() proxy_checker = multiprocessing.Process( target=Proxy_Checker.check_proxies, args=(proxy_q, proxies,) ) logging.info("Checking Proxies...") start_time = time.time() proxy_checker.start() proxies = proxy_q.get() proxy_checker.join() proxy_manager.proxies = proxies proxy_manager.number_of_proxies = len(proxies) if options['Botnet_mode'][0] == "miner": logging.info("Writing proxies to disk(~/.owtf/proxy_miner/proxies.txt)") miner.export_proxies_to_file("proxies.txt", proxies) if answer.upper() in ["", "YES", "Y"]: logging.info( "Proxy Check Time: %s", time.strftime( '%H:%M:%S', time.localtime(time.time() - start_time - 3600) ) ) cprint("Done") if proxy_manager.number_of_proxies is 0: ServiceLocator.get_component("error_handler").FrameworkAbort("No Alive proxies.") proxy = proxy_manager.get_next_available_proxy() # check proxy var... http:// sock:// options['OutboundProxy'] = [] options['OutboundProxy'].append(proxy["proxy"][0]) options['OutboundProxy'].append(proxy["proxy"][1])
def intialise_proxy_manager(options): """ Proxy Manager initialization. :param dict options: Proxy manager configuration parameters. """ proxy_manager = None if options['Botnet_mode'] is not None: proxy_manager = Proxy_manager() answer = "Yes" proxies = [] if options['Botnet_mode'][0] == "miner": miner = Proxy_Miner() proxies = miner.start_miner() if options['Botnet_mode'][0] == "list": # load proxies from list proxies = proxy_manager.load_proxy_list( options['Botnet_mode'][1]) answer = raw_input( "[#] Do you want to check the proxy list? [Yes/no] : ") if answer.upper() in ["", "YES", "Y"]: proxy_q = multiprocessing.Queue() proxy_checker = multiprocessing.Process( target=Proxy_Checker.check_proxies, args=( proxy_q, proxies, )) logging.info("Checking Proxies...") start_time = time.time() proxy_checker.start() proxies = proxy_q.get() proxy_checker.join() proxy_manager.proxies = proxies proxy_manager.number_of_proxies = len(proxies) if options['Botnet_mode'][0] == "miner": logging.info( "Writing proxies to disk(~/.owtf/proxy_miner/proxies.txt)") miner.export_proxies_to_file("proxies.txt", proxies) if answer.upper() in ["", "YES", "Y"]: logging.info( "Proxy Check Time: %s", time.strftime( '%H:%M:%S', time.localtime(time.time() - start_time - 3600))) cprint("Done") if proxy_manager.number_of_proxies is 0: ServiceLocator.get_component("error_handler").FrameworkAbort( "No Alive proxies.") proxy = proxy_manager.get_next_available_proxy() # check proxy var... http:// sock:// options['OutboundProxy'] = [] options['OutboundProxy'].append(proxy["proxy"][0]) options['OutboundProxy'].append(proxy["proxy"][1])
def delete(self, target_id=None): if not target_id: raise tornado.web.HTTPError(400) try: self.application.Core.DB.Target.DeleteTarget(ID=target_id) except exceptions.InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def delete(self, worker_id=None, action=None): if (not worker_id) or action: raise tornado.web.HTTPError(400) try: self.application.Core.WorkerManager.delete_worker(int(worker_id)) except exceptions.InvalidWorkerReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def check(self): # Check whether the repository is a git repo, because update process is using git if not os.path.exists(os.path.join(self.root_dir, '.git')): cprint("Not a git repository. Please checkout OWTF repo from GitHub (eg:- git clone https://github.com/7a/owtf owtf)") return False else: self.prepare() return True
def get(self, target_id=None): try: # Empty criteria ensure all transactions filter_data = dict(self.request.arguments) self.write(self.application.Core.DB.URL.GetAll(filter_data, target_id=target_id)) except exceptions.InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def Authenticate(self): self.TOR_Connection.send('AUTHENTICATE "%s"\r\n' % self.password) response = self.TOR_Connection.recv(1024) if response.startswith('250'): # 250 is the success response cprint("Successfully Authenticated to TOR control") else: self.error_handler.FrameworkAbort("Authentication Error : %s" % response)
def delete(self, worker_id=None, action=None): if (not worker_id) or action: raise tornado.web.HTTPError(400) try: self.get_component("worker_manager").delete_worker(int(worker_id)) except exceptions.InvalidWorkerReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def delete(self, target_id=None): if not target_id: raise tornado.web.HTTPError(400) try: self.get_component("target").DeleteTarget(ID=target_id) except InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def get(self, target_id=None): try: # Empty criteria ensure all transactions filter_data = dict(self.request.arguments) self.write(self.get_component("url_manager").GetAll(filter_data, target_id=int(target_id))) except exceptions.InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def Open_connection(self): try: s = socket.socket() s.connect((self.ip, self.TOR_control_port)) cprint("Connected to TOR control") return s except Exception as error: self.core.Error.FrameworkAbort("Can't connect to the TOR Control port daemon : " + error.strerror)
def patch(self, target_id=None): if not target_id or not self.request.arguments: raise tornado.web.HTTPError(400) try: patch_data = dict(self.request.arguments) self.get_component("target").UpdateTarget(patch_data, ID=target_id) except InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def delete(self, target_id=None, transaction_id=None): try: if transaction_id: self.get_component("transaction").DeleteTransaction(int(transaction_id), int(target_id)) else: raise tornado.web.HTTPError(400) except exceptions.InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def get(self, target_id=None, transaction_id=None): try: if not transaction_id or not target_id: raise tornado.web.HTTPError(400) else: self.get_component("zap_api").ForwardRequest(target_id, transaction_id) except exceptions.InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def get(self, target_id=None, transaction_id=None): try: if not transaction_id or not target_id: raise tornado.web.HTTPError(400) else: self.application.Core.zap_api_handler.ForwardRequest(target_id, transaction_id) except exceptions.InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def count_not_installed_tools(self): """Count the number of missing tools by checking their paths.""" count = 0 for key, value in self.core.Config.GetConfig()['string'].items(): setting = self.core.Config.StripKey(key) if self.is_tool(setting) and not self.is_installed(value): cprint("WARNING: Tool path not found for: " + str(value)) count += 1 return count
def renew_ip(self): self.TOR_Connection.send("signal NEWNYM\r\n") responce = self.TOR_Connection.recv(1024) if responce.startswith('250'): cprint("TOR : IP renewed") return True else: cprint("[TOR]Warning: IP can't renewed") return False
def patch(self, target_id=None): if not target_id or not self.request.arguments: raise tornado.web.HTTPError(400) try: patch_data = dict(self.request.arguments) self.application.Core.DB.Target.UpdateTarget(patch_data, ID=target_id) except exceptions.InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def get(self, target_id=None): try: # Empty criteria ensure all transactions filter_data = dict(self.request.arguments) self.write( self.application.Core.DB.URL.GetAll(filter_data, target_id=target_id)) except exceptions.InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def delete(self, target_id=None, transaction_id=None): try: if transaction_id: self.application.Core.DB.Transaction.DeleteTransaction( int(transaction_id), target_id=int(target_id)) else: raise tornado.web.HTTPError(400) except exceptions.InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def get(self, target_id=None, transaction_id=None): try: if not transaction_id or not target_id: raise tornado.web.HTTPError(400) else: self.application.Core.zap_api_handler.ForwardRequest( target_id, transaction_id) except exceptions.InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def check(self): # Check whether the repository is a git repo, because update process is using git if not os.path.exists(os.path.join(self.root_dir, '.git')): cprint( "Not a git repository. Please checkout OWTF repo from GitHub (eg:- git clone https://github.com/owtf/owtf owtf)" ) return False else: self.prepare() return True
def get(self, worker_id=None, action=None): if not worker_id: self.write(self.application.Core.WorkerManager.get_worker_details()) try: if worker_id and (not action): self.write(self.application.Core.WorkerManager.get_worker_details(int(worker_id))) if worker_id and action: getattr(self.application.Core.WorkerManager, action + '_worker')(int(worker_id)) except exceptions.InvalidWorkerReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def LoadTargets(self, options): scope = self.PrepareURLScope(options['Scope'], options['PluginGroup']) added_targets = [] for target in scope: try: self.Core.DB.Target.AddTarget(target) added_targets.append(target) except DBIntegrityException: cprint(target + " already exists in DB") except UnresolvableTargetException as e: cprint(e.parameter) return(added_targets)
def get(self, target_id=None): try: # If no target_id, means /target is accessed with or without filters if not target_id: # Get all filter data here, so that it can be passed filter_data = dict(self.request.arguments) self.write(self.get_component("target").GetTargetConfigs(filter_data)) else: self.write(self.get_component("target").GetTargetConfigForID(target_id)) except InvalidTargetReference as e: cprint(e.parameter) raise tornado.web.HTTPError(400)
def KillChildProcesses(self, parent_pid, sig=signal.SIGINT): ps_command = subprocess.Popen( "ps -o pid --ppid %d --noheaders" % parent_pid, shell=True, stdout=subprocess.PIPE) ps_output = ps_command.stdout.read() for pid_str in ps_output.split("\n")[:-1]: self.KillChildProcesses(int(pid_str), sig) try: os.kill(int(pid_str), sig) except: cprint("unable to kill it")
def post(self, target_id=None): if (target_id) or (not self.get_argument("target_url", default=None)): # How can one post using an id xD raise tornado.web.HTTPError(400) try: self.get_component("target").AddTargets(dict(self.request.arguments)["target_url"]) self.set_status(201) # Stands for "201 Created" except exceptions.DBIntegrityException as e: cprint(e.parameter) raise tornado.web.HTTPError(409) except exceptions.UnresolvableTargetException as e: cprint(e.parameter) raise tornado.web.HTTPError(409)