def vuln_check(request):
username = request.user.username
"""
Get the detailed vulnerability information.
:param request:
:return:
"""
global cve_list
if request.method == 'GET':
id_vul = request.GET['vuln_id']
else:
id_vul = ''
vul_dat = ov_scan_result_db.objects.filter(
username=username, vul_id=id_vul).order_by('vul_id')
for cve_dat in vul_dat:
cve = cve_dat.cve
xref = cve_dat.xref
xref_list = xref.split(",")
cve_list = cve.split(",")
return render(
request, 'openvas_scan_data.html', {
'vul_dat': vul_dat,
'cve_list': cve_list,
'xref_list': xref_list,
'jira_url': jirasetting.get_jira_url(username),
'gitlab_url': gitlabsetting.get_gitlab_url(username)
})
def banditscan_details(request):
"""
:param request:
:return:
"""
username = request.user.username
if request.method == 'GET':
scan_id = request.GET['scan_id']
vuln_id = request.GET['vuln_id']
else:
scan_id = None
vuln_id = None
bandit_vuln_details = bandit_scan_results_db.objects.filter(username=username,
scan_id=scan_id,
vuln_id=vuln_id
)
return render(request, 'banditscanner/bandit_vuln_details.html',
{'bandit_vuln_details': bandit_vuln_details,
'jira_url': jirasetting.get_jira_url(username),
'gitlab_url': gitlabsetting.get_gitlab_url(username)
}
)
def nikto_result(request):
"""
:param request:
:return:
"""
username = request.user.username
if request.method == 'GET':
scan_id = request.GET['scan_id']
scan_result = nikto_result_db.objects.filter(username=username,
scan_id=scan_id)
return render(
request, 'nikto_scan_result.html', {
'scan_result': scan_result,
'jira_url': jirasetting.get_jira_url(username),
'gitlab_url': gitlabsetting.get_gitlab_url(username)
})
def webinspect_vuln_data(request):
"""
webinspect Vulnerability Data.
:param request:
:return:
"""
username = request.user.username
if request.method == 'GET':
vuln_id = request.GET['vuln_id']
else:
vuln_id = None
vuln_data = webinspect_scan_result_db.objects.filter(username=username, vuln_id=vuln_id)
return render(request,
'webinspectscanner/webinspect_vuln_data.html',
{'vuln_data': vuln_data,
'jira_url': jirasetting.get_jira_url(username),
'gitlab_url': gitlabsetting.get_gitlab_url(username)})
def nodejsscan_vuln_data(request):
"""
:param request:
:return:
"""
username = request.user.username
if request.method == 'GET':
scan_id = request.GET['scan_id']
test_name = request.GET['test_name']
else:
scan_id = None
test_name = None
if request.method == "POST":
false_positive = request.POST.get('false')
status = request.POST.get('status')
vuln_id = request.POST.get('vuln_id')
scan_id = request.POST.get('scan_id')
vuln_name = request.POST.get('vuln_name')
nodejsscan_scan_results_db.objects.filter(
username=username, vuln_id=vuln_id,
scan_id=scan_id).update(false_positive=false_positive,
vuln_status=status)
if false_positive == 'Yes':
vuln_info = nodejsscan_scan_results_db.objects.filter(
username=username, scan_id=scan_id, vuln_id=vuln_id)
for vi in vuln_info:
title = vi.title
severity = vi.severity
dup_data = severity + title
false_positive_hash = hashlib.sha256(
dup_data.encode('utf-8')).hexdigest()
nodejsscan_scan_results_db.objects.filter(
username=username, vuln_id=vuln_id,
scan_id=scan_id).update(
false_positive=false_positive,
vuln_status='Closed',
false_positive_hash=false_positive_hash)
all_nodejsscan_data = nodejsscan_scan_results_db.objects.filter(
username=username,
scan_id=scan_id,
false_positive='No',
vuln_status='Open')
total_vul = len(all_nodejsscan_data)
total_high = len(all_nodejsscan_data.filter(severity='High'))
total_medium = len(all_nodejsscan_data.filter(severity='Medium'))
total_low = len(all_nodejsscan_data.filter(severity='Low'))
total_duplicate = len(all_nodejsscan_data.filter(vuln_duplicate='Yes'))
nodejsscan_scan_db.objects.filter(username=username,
scan_id=scan_id).update(
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
)
return HttpResponseRedirect(
reverse('nodejsscan:nodejsscan_vuln_data') +
'?scan_id=%s&test_name=%s' % (scan_id, vuln_name))
nodejsscan_vuln_data = nodejsscan_scan_results_db.objects.filter(
username=username,
scan_id=scan_id,
title=test_name,
)
return render(
request, 'nodejsscan/nodejsscan_vuln_data.html', {
'nodejsscan_vuln_data': nodejsscan_vuln_data,
'jira_url': jirasetting.get_jira_url(username),
'gitlab_url': gitlabsetting.get_gitlab_url(username)
})
def webinspect_vuln_out(request):
"""
webinspect Vulnerability details.
:param request:
:return:
"""
username = request.user.username
if request.method == 'GET':
scan_id = request.GET['scan_id']
name = request.GET['scan_name']
if request.method == "POST":
false_positive = request.POST.get('false')
status = request.POST.get('status')
vuln_id = request.POST.get('vuln_id')
scan_id = request.POST.get('scan_id')
vuln_name = request.POST.get('vuln_name')
webinspect_scan_result_db.objects.filter(username=username, vuln_id=vuln_id,
scan_id=scan_id).update(false_positive=false_positive,
vuln_status=status)
if false_positive == 'Yes':
vuln_info = webinspect_scan_result_db.objects.filter(username=username, scan_id=scan_id, vuln_id=vuln_id)
for vi in vuln_info:
name = vi.name
url = vi.vuln_url
Severity = vi.severity
dup_data = name + url + Severity
false_positive_hash = hashlib.sha256(dup_data.encode('utf-8')).hexdigest()
webinspect_scan_result_db.objects.filter(username=username, vuln_id=vuln_id,
scan_id=scan_id).update(false_positive=false_positive,
vuln_status='Closed',
false_positive_hash=false_positive_hash
)
webinspect_all_vul = webinspect_scan_result_db.objects.filter(username=username, scan_id=scan_id, false_positive='No',
vuln_status='Open')
total_critical = len(webinspect_all_vul.filter(severity='Critical'))
total_high = len(webinspect_all_vul.filter(severity="High"))
total_medium = len(webinspect_all_vul.filter(severity="Medium"))
total_low = len(webinspect_all_vul.filter(severity="Low"))
total_info = len(webinspect_all_vul.filter(severity="Information"))
total_duplicate = len(webinspect_all_vul.filter(severity='Yes'))
total_vul = total_critical + total_high + total_medium + total_low + total_info
webinspect_scan_db.objects.filter(username=username, scan_id=scan_id).update(total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
critical_vul=total_critical,
info_vul=total_info,
)
return HttpResponseRedirect(
reverse('webinspectscanner:webinspect_vuln_out') + '?scan_id=%s&scan_name=%s' % (scan_id, vuln_name))
vuln_data = webinspect_scan_result_db.objects.filter(username=username, scan_id=scan_id,
name=name,
)
return render(request,
'webinspectscanner/webinspect_vuln_out.html',
{'vuln_data': vuln_data,
'jira_url': jirasetting.get_jira_url(username),
'gitlab_url': gitlabsetting.get_gitlab_url(username),
})
def banditscan_vuln_data(request):
"""
:param request:
:return:
"""
username = request.user.username
jira_url = ''
jira = jirasetting.objects.filter(username=username)
for d in jira:
jira_url = d.jira_server
if request.method == 'GET':
scan_id = request.GET['scan_id']
test_name = request.GET['test_name']
else:
scan_id = None
test_name = None
if request.method == "POST":
false_positive = request.POST.get('false')
status = request.POST.get('status')
vuln_id = request.POST.get('vuln_id')
scan_id = request.POST.get('scan_id')
vuln_name = request.POST.get('vuln_name')
bandit_scan_results_db.objects.filter(username=username, vuln_id=vuln_id,
scan_id=scan_id).update(false_positive=false_positive,
vuln_status=status)
if false_positive == 'Yes':
vuln_info = bandit_scan_results_db.objects.filter(username=username, scan_id=scan_id, vuln_id=vuln_id)
for vi in vuln_info:
name = vi.test_name
filename = vi.filename
Severity = vi.issue_severity
dup_data = name + filename + Severity
false_positive_hash = hashlib.sha256(dup_data.encode('utf-8')).hexdigest()
bandit_scan_results_db.objects.filter(username=username, vuln_id=vuln_id,
scan_id=scan_id).update(false_positive=false_positive,
vuln_status='Closed',
false_positive_hash=false_positive_hash
)
all_bandit_data = bandit_scan_results_db.objects.filter(username=username, scan_id=scan_id, false_positive='No',
vuln_status='Open')
total_vul = len(all_bandit_data)
total_high = len(all_bandit_data.filter(issue_severity="HIGH"))
total_medium = len(all_bandit_data.filter(issue_severity="MEDIUM"))
total_low = len(all_bandit_data.filter(issue_severity="LOW"))
total_duplicate = len(all_bandit_data.filter(vuln_duplicate='Yes'))
bandit_scan_db.objects.filter(username=username, scan_id=scan_id).update(
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low
)
return HttpResponseRedirect(
reverse('banditscanner:banditscan_vuln_data') + '?scan_id=%s&test_name=%s' % (scan_id, vuln_name))
bandit_vuln_data = bandit_scan_results_db.objects.filter(username=username, scan_id=scan_id,
test_name=test_name,
)
return render(request, 'banditscanner/banditscan_vuln_data.html',
{'bandit_vuln_data': bandit_vuln_data,
'jira_url': jirasetting.get_jira_url(username),
'gitlab_url': gitlabsetting.get_gitlab_url(username)
})
def checkmarx_vuln_data(request):
"""
:param request:
:return:
"""
username = request.user.username
if request.method == 'GET':
scan_id = request.GET['scan_id']
name = request.GET['name']
else:
scan_id = None
name = None
if request.method == "POST":
false_positive = request.POST.get('false')
status = request.POST.get('status')
vuln_id = request.POST.get('vuln_id')
scan_id = request.POST.get('scan_id')
vuln_name = request.POST.get('vuln_name')
checkmarx_scan_results_db.objects.filter(username=username, vuln_id=vuln_id,
scan_id=scan_id).update(false_positive=false_positive,
vuln_status=status)
if false_positive == 'Yes':
vuln_info = checkmarx_scan_results_db.objects.filter(username=username, scan_id=scan_id, vuln_id=vuln_id)
for vi in vuln_info:
name = vi.name
severity = vi.severity
file_name = vi.file_name
dup_data = str(name) + str(severity) + str(file_name)
false_positive_hash = hashlib.sha256(dup_data.encode('utf-8')).hexdigest()
checkmarx_scan_results_db.objects.filter(username=username, vuln_id=vuln_id,
scan_id=scan_id).update(false_positive=false_positive,
vuln_status='Closed',
false_positive_hash=false_positive_hash)
all_checkmarx_data = checkmarx_scan_results_db.objects.filter(username=username, scan_id=scan_id,
false_positive='No', vuln_status='Open')
total_vul = len(all_checkmarx_data)
total_high = len(all_checkmarx_data.filter(severity='High'))
total_medium = len(all_checkmarx_data.filter(severity='Medium'))
total_low = len(all_checkmarx_data.filter(severity='Low'))
total_duplicate = len(all_checkmarx_data.filter(vuln_duplicate='Yes'))
checkmarx_scan_db.objects.filter(username=username, scan_id=scan_id).update(
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low
)
return HttpResponseRedirect(
reverse('checkmarx:checkmarx_vuln_data') + '?scan_id=%s&name=%s' % (scan_id, vuln_name))
checkmarx_vuln_data = checkmarx_scan_results_db.objects.filter(username=username, scan_id=scan_id,
name=name)
return render(request, 'checkmarx/checkmarx_vuln_data.html',
{'checkmarx_vuln_data': checkmarx_vuln_data,
'jira_url': jirasetting.get_jira_url(username),
'gitlab_url': gitlabsetting.get_gitlab_url(username)
})
def findbugs_vuln_data(request):
"""
:param request:
:return:
"""
username = request.user.username
if request.method == 'GET':
scan_id = request.GET['scan_id']
test_name = request.GET['test_name']
else:
scan_id = None
test_name = None
if request.method == "POST":
false_positive = request.POST.get('false')
status = request.POST.get('status')
vuln_id = request.POST.get('vuln_id')
scan_id = request.POST.get('scan_id')
vuln_name = request.POST.get('vuln_name')
findbugs_scan_results_db.objects.filter(
username=username, vuln_id=vuln_id,
scan_id=scan_id).update(false_positive=false_positive,
vuln_status=status)
if false_positive == 'Yes':
vuln_info = findbugs_scan_results_db.objects.filter(
username=username, scan_id=scan_id, vuln_id=vuln_id)
for vi in vuln_info:
name = vi.name
classname = vi.classname
risk = vi.risk
dup_data = name + classname + risk
false_positive_hash = hashlib.sha256(
dup_data.encode('utf-8')).hexdigest()
findbugs_scan_results_db.objects.filter(
username=username, vuln_id=vuln_id,
scan_id=scan_id).update(
false_positive=false_positive,
vuln_status='Closed',
false_positive_hash=false_positive_hash)
all_findbugs_data = findbugs_scan_results_db.objects.filter(
username=username,
scan_id=scan_id,
false_positive='No',
vuln_status='Open')
total_vul = len(all_findbugs_data)
total_high = len(all_findbugs_data.filter(priority="1"))
total_medium = len(all_findbugs_data.filter(priority="2"))
total_low = len(all_findbugs_data.filter(priority="3"))
total_duplicate = len(all_findbugs_data.filter(vuln_duplicate='Yes'))
findbugs_scan_db.objects.filter(
username=username, scan_id=scan_id).update(total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low)
return HttpResponseRedirect(
reverse('findbugs:findbugs_vuln_data') +
'?scan_id=%s&test_name=%s' % (scan_id, vuln_name))
findbugs_vuln_data = findbugs_scan_results_db.objects.filter(
username=username, scan_id=scan_id, name=test_name)
return render(
request, 'findbugs/findbugsscan_vuln_data.html', {
'findbugs_vuln_data': findbugs_vuln_data,
'jira_url': jirasetting.get_jira_url(username),
'gitlab_url': gitlabsetting.get_gitlab_url(username)
})
def dependencycheck_vuln_data(request):
"""
:param request:
:return:
"""
username = request.user.username
if request.method == 'GET':
scan_id = request.GET['scan_id']
test_name = request.GET['test_name']
else:
scan_id = None
test_name = None
if request.method == "POST":
false_positive = request.POST.get('false')
status = request.POST.get('status')
vuln_id = request.POST.get('vuln_id')
scan_id = request.POST.get('scan_id')
vuln_name = request.POST.get('vuln_name')
dependencycheck_scan_results_db.objects.filter(
username=username, vuln_id=vuln_id,
scan_id=scan_id).update(false_positive=false_positive,
vuln_status=status)
if false_positive == 'Yes':
vuln_info = dependencycheck_scan_results_db.objects.filter(
username=username, scan_id=scan_id, vuln_id=vuln_id)
for vi in vuln_info:
name = vi.name
filename = vi.fileName
Severity = vi.severity
dup_data = name + filename + Severity
false_positive_hash = hashlib.sha256(
dup_data.encode('utf-8')).hexdigest()
dependencycheck_scan_results_db.objects.filter(
username=username, vuln_id=vuln_id,
scan_id=scan_id).update(
false_positive=false_positive,
vuln_status='Closed',
false_positive_hash=false_positive_hash)
all_dependency_data = dependencycheck_scan_results_db.objects.filter(
username=username,
scan_id=scan_id,
false_positive='No',
vuln_status='Open')
total_vul = len(all_dependency_data)
total_high = len(all_dependency_data.filter(severity="High"))
total_medium = len(all_dependency_data.filter(severity="Medium"))
total_low = len(all_dependency_data.filter(severity="Low"))
total_duplicate = len(all_dependency_data.filter(vuln_duplicate='Yes'))
dependencycheck_scan_db.objects.filter(username=username,
scan_id=scan_id).update(
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low)
return HttpResponseRedirect(
reverse('dependencycheck:dependencycheck_vuln_data') +
'?scan_id=%s&test_name=%s' % (scan_id, vuln_name))
dependencycheck_vuln_data = dependencycheck_scan_results_db.objects.filter(
username=username, scan_id=scan_id, name=test_name)
return render(
request, 'dependencycheck/dependencycheckscan_vuln_data.html', {
'dependencycheck_vuln_data': dependencycheck_vuln_data,
'jira_url': jirasetting.get_jira_url(username),
'gitlab_url': gitlabsetting.get_gitlab_url(username)
})
def scan_vul_details(request):
username = request.user.username
"""
Get the Network scan vulnerability details.
:param request:
:return:
"""
scanid = ""
if request.method == 'GET':
scanid = request.GET['scan_id']
if request.method == 'POST':
vuln_id = request.POST.get('vuln_id')
scan_id = request.POST.get('scan_id')
false_positive = request.POST.get('false')
status = request.POST.get('status')
ov_scan_result_db.objects.filter(username=username,
scan_id=scan_id,
vul_id=vuln_id).update(
false_positive=false_positive,
vuln_status=status)
if false_positive == 'Yes':
vuln_info = ov_scan_result_db.objects.filter(username=username,
scan_id=scan_id,
vul_id=vuln_id)
for vi in vuln_info:
name = vi.name
host = vi.host
severity = vi.severity
port = vi.port
dup_data = name + host + severity + port
false_positive_hash = hashlib.sha256(
dup_data.encode('utf-8')).hexdigest()
ov_scan_result_db.objects.filter(
username=username, scan_id=scan_id, vul_id=vuln_id).update(
false_positive=false_positive,
vuln_status='Closed',
false_positive_hash=false_positive_hash)
openvas_vul = ov_scan_result_db.objects.filter(username=username,
scan_id=scan_id,
false_positive='No',
vuln_status='Open')
total_high = len(openvas_vul.filter(threat="High"))
total_medium = len(openvas_vul.filter(threat="Medium"))
total_low = len(openvas_vul.filter(threat="Low"))
total_duplicate = len(openvas_vul.filter(vuln_duplicate='Yes'))
total_vul = total_high + total_medium + total_low
openvas_scan_db.objects.filter(username=username, scan_id=scan_id). \
update(total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
total_dup=total_duplicate,
)
return HttpResponseRedirect(
reverse('networkscanners:vul_details') + '?scan_id=%s' % scan_id)
all_vuln = ov_scan_result_db.objects.filter(
username=username,
scan_id=scanid,
).values('name', 'severity', 'vuln_color', 'threat', 'host', 'port',
'vul_id', 'jira_ticket', 'false_positive',
'vuln_status').distinct()
return render(
request, 'openvas_vuln_list.html', {
'all_vuln': all_vuln,
'scan_id': scanid,
'jira_url': jirasetting.get_jira_url(username),
'gitlab_url': gitlabsetting.get_gitlab_url(username)
})
def arachni_vuln_out(request):
"""
Arachni Vulnerability details.
:param request:
:return:
"""
username = request.user.username
if request.method == 'GET':
scan_id = request.GET['scan_id']
name = request.GET['scan_name']
if request.method == "POST":
false_positive = request.POST.get('false')
status = request.POST.get('status')
vuln_id = request.POST.get('vuln_id')
scan_id = request.POST.get('scan_id')
vuln_name = request.POST.get('vuln_name')
arachni_scan_result_db.objects.filter(username=username, vuln_id=vuln_id,
scan_id=scan_id).update(false_positive=false_positive, vuln_status=status)
if false_positive == 'Yes':
vuln_info = arachni_scan_result_db.objects.filter(username=username, scan_id=scan_id, vuln_id=vuln_id)
for vi in vuln_info:
name = vi.name
url = vi.url
severity = vi.severity
dup_data = name + url + severity
print(dup_data)
false_positive_hash = hashlib.sha256(dup_data.encode('utf-8')).hexdigest()
arachni_scan_result_db.objects.filter(username=username, vuln_id=vuln_id,
scan_id=scan_id).update(false_positive=false_positive,
vuln_status='Closed',
false_positive_hash=false_positive_hash
)
arachni_all_vul = arachni_scan_result_db.objects.filter(username=username, scan_id=scan_id, false_positive='No',
vuln_status='Open')
total_high = len(arachni_all_vul.filter(severity="High"))
total_medium = len(arachni_all_vul.filter(severity="Medium"))
total_low = len(arachni_all_vul.filter(severity="Low"))
total_info = len(arachni_all_vul.filter(severity="Informational"))
total_duplicate = len(arachni_all_vul.filter(vuln_duplicate='Yes'))
total_vul = total_high + total_medium + total_low + total_info
arachni_scan_db.objects.filter(scan_id=scan_id, username=username).update(
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
info_vul=total_info,
total_dup=total_duplicate,
)
return HttpResponseRedirect(
reverse('arachniscanner:arachni_vuln_out') + '?scan_id=%(scan_id)s&scan_name=%(vuln_name)s' % {
'scan_id': scan_id,
'vuln_name': vuln_name})
vuln_data = arachni_scan_result_db.objects.filter(username=username,
scan_id=scan_id,
name=name,
)
return render(request,
'arachniscanner/arachni_vuln_out.html',
{'vuln_data': vuln_data,
'jira_url': jirasetting.get_jira_url(username),
'gitlab_url': gitlabsetting.get_gitlab_url(username),
})
def nessus_vuln_data(request):
"""
:param request:
:return:
"""
global Target
username = request.user.username
if request.method == 'GET':
scan_id = request.GET['scan_id']
target = request.GET['target']
else:
scan_id = None
target = None
if request.method == "POST":
false_positive = request.POST.get('false')
status = request.POST.get('status')
vuln_id = request.POST.get('vuln_id')
scan_id = request.POST.get('scan_id')
nessus_scan_results_db.objects.filter(username=username, vuln_id=vuln_id,
scan_id=scan_id).update(false_positive=false_positive,
vuln_status=status)
if false_positive == 'Yes':
vuln_info = nessus_scan_results_db.objects.filter(username=username, scan_id=scan_id, vuln_id=vuln_id)
for vi in vuln_info:
Name = vi.plugin_name
Severity = vi.risk_factor
Target = vi.target
dup_data = Name + Severity + Target
false_positive_hash = hashlib.sha256(dup_data.encode('utf-8')).hexdigest()
nessus_scan_results_db.objects.filter(username=username, vuln_id=vuln_id,
scan_id=scan_id).update(false_positive=false_positive,
vuln_status='Closed',
false_positive_hash=false_positive_hash
)
target_filter = nessus_scan_results_db.objects.filter(username=username,
scan_id=scan_id,
false_positive='No',
vuln_status='Open',
target=Target)
target_total_vuln = len(target_filter)
target_total_high = len(target_filter.filter(risk_factor="High"))
target_total_medium = len(target_filter.filter(risk_factor="Medium"))
target_total_low = len(target_filter.filter(risk_factor="Low"))
target_total_duplicate = len(target_filter.filter(vuln_duplicate='Yes'))
nessus_targets_db.objects.filter(username=username, scan_id=scan_id, target=Target).update(
total_vuln=target_total_vuln,
total_high=target_total_high,
total_medium=target_total_medium,
total_low=target_total_low,
total_dup=target_total_duplicate,
)
ov_all_vul = nessus_scan_results_db.objects.filter(username=username, scan_id=scan_id, false_positive='No',
vuln_status='Open')
total_vuln = len(ov_all_vul)
total_high = len(ov_all_vul.filter(risk_factor="High"))
total_medium = len(ov_all_vul.filter(risk_factor="Medium"))
total_low = len(ov_all_vul.filter(risk_factor="Low"))
total_duplicate = len(ov_all_vul.filter(vuln_duplicate='Yes'))
nessus_scan_db.objects.filter(username=username, scan_id=scan_id) \
.update(total_vuln=total_vuln,
total_high=total_high,
total_medium=total_medium,
total_low=total_low,
total_dup=total_duplicate,
)
return HttpResponseRedirect(
reverse('nessus:nessus_vuln_data') + '?scan_id=%s&target=%s' % (scan_id, Target))
nessus_vuln_data = nessus_scan_results_db.objects.filter(username=username, scan_id=scan_id,
target=target)
return render(request, 'nessus/nessusscan_vuln_data.html',
{'nessus_vuln_data': nessus_vuln_data,
'jira_url': jirasetting.get_jira_url(username),
'gitlab_url': gitlabsetting.get_gitlab_url(username)
})
def burp_vuln_out(request):
"""
The function calling burp vulnerability details.
:param request:
:return:
"""
username = request.user.username
if request.method == 'GET':
scan_id = request.GET['scan_id']
name = request.GET['scan_name']
if request.method == "POST":
false_positive = request.POST.get('false')
vuln_status = request.POST.get('status')
vuln_id = request.POST.get('vuln_id')
scan_id = request.POST.get('scan_id')
vuln_name = request.POST.get('vuln_name')
burp_scan_result_db.objects.filter(username=username, vuln_id=vuln_id,
scan_id=scan_id).update(false_positive=false_positive,
vuln_status=vuln_status)
if false_positive == 'Yes':
vuln_info = burp_scan_result_db.objects.filter(username=username, scan_id=scan_id, vuln_id=vuln_id)
for vi in vuln_info:
name = vi.name
location = vi.path
severity = vi.severity
dup_data = name + location + severity
false_positive_hash = hashlib.sha256(dup_data.encode('utf-8')).hexdigest()
burp_scan_result_db.objects.filter(username=username, vuln_id=vuln_id,
scan_id=scan_id).update(false_positive=false_positive,
vuln_status='Closed',
false_positive_hash=false_positive_hash
)
burp_all_vul = burp_scan_result_db.objects.filter(username=username, scan_id=scan_id, false_positive='No',
vuln_status='Open')
total_vul = len(burp_all_vul)
total_high = len(burp_all_vul.filter(severity="High"))
total_medium = len(burp_all_vul.filter(severity="Medium"))
total_low = len(burp_all_vul.filter(severity="Low"))
total_info = len(burp_all_vul.filter(severity="Information"))
total_duplicate = len(burp_all_vul.filter(vuln_duplicate='Yes'))
burp_scan_db.objects.filter(username=username, scan_id=scan_id).update(
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
info_vul=total_info,
total_dup=total_duplicate
)
return HttpResponseRedirect(
reverse('burpscanner:burp_vuln_out') + '?scan_id=%s&scan_name=%s' % (scan_id,
vuln_name))
vuln_data = burp_scan_result_db.objects.filter(username=username,
scan_id=scan_id,
name=name,
)
return render(request, 'burpscanner/burp_vuln_out.html', {'vuln_data': vuln_data,
'jira_url': jirasetting.get_jira_url(username),
'gitlab_url': gitlabsetting.get_gitlab_url(username),
})
