def scan_ip_address_for_service_from_domain(
self,
org_uuid=None,
ip_address_uuid=None,
port=None,
protocol=None,
domain_uuid=None,
domain_scan_uuid=None,
):
"""
Check to see if the given network service port is currently open and listening at the given IP
address as a result of resolving IP addresses for the given domain.
:param org_uuid: The organization to scan the endpoint on behalf of.
:param ip_address_uuid: The UUID of the IP address to scan.
:param port: The port number to check.
:param protocol: The networking protocol to use to connect to the endpoint.
:param domain_uuid: The UUID of the domain name that resulted in this scan.
:param domain_scan_uuid: The UUID of the domain name scan that this task is a part of.
:return: None
"""
ip_address = get_address_from_ip_address(ip_address_uuid=ip_address_uuid,
db_session=self.db_session)
logger.info(
"Now checking to see if service at %s:%s (%s) is alive for domain %s, scan %s, organization %s."
%
(ip_address, port, protocol, domain_uuid, domain_scan_uuid, org_uuid))
inspector = PortInspector(address=ip_address, port=port, protocol=protocol)
is_open = inspector.check_if_open()
logger.info("Service at %s:%s (%s) %s open!" %
(ip_address, port, protocol, "is" if is_open else "is not"))
liveness_model = DomainServiceLivenessModel.from_database_model_uuid(
uuid=domain_scan_uuid,
db_session=self.db_session,
is_alive=is_open,
checked_at=DatetimeHelper.now(),
)
liveness_model.save(org_uuid)
if not is_open:
logger.info(
"Service at %s:%s (%s) was not open, therefore not continuing with inspection."
% (ip_address, port, protocol))
return
logger.info(
"Service at %s:%s (%s) was open! Setting up a single pass of network service monitoring."
% (ip_address, port, protocol))
network_service_model = get_or_create_network_service_from_org_ip(
ip_uuid=ip_address_uuid,
port=port,
protocol=protocol,
db_session=self.db_session,
discovered_by="domain scan",
)
network_service_inspection_pass.si(
service_uuid=network_service_model.uuid,
org_uuid=org_uuid,
schedule_again=False,
).apply_async()
def check_tcp_service_for_ssl_protocol_support(
self,
org_uuid=None,
service_uuid=None,
ssl_protocol=None,
scan_uuid=None,
):
"""
Check to see if the given TCP service supports the given SSL protocol.
:param org_uuid: The UUID of the organization to collect information on behalf of.
:param service_uuid: The UUID of the network service to check for SSL support.
:param ssl_protocol: The SSL protocol to check support for.
:param scan_uuid: The UUID of the network service scan that this SSL version check is associated
with.
:return: None
"""
ip_address, port, protocol = self.get_endpoint_information(service_uuid)
logger.info(
"Now checking TCP service at %s:%s for support of SSL protocol %s. Organization is %s. Scan is %s."
% (ip_address, port, ssl_protocol, org_uuid, scan_uuid)
)
inspector = PortInspector(address=ip_address, port=port, protocol="tcp")
version_supported = inspector.check_ssl_support(ssl_version_name=ssl_protocol)
logger.info(
"TCP endpoint at %s:%s %s support SSL version %s. Elasticsearch updated successfully."
% (ip_address, port, "does" if version_supported else "does not", ssl_protocol)
)
if version_supported:
#Spin off a thread, and check ciphers since we support this version of SSL
cipher_signature = check_tcp_service_for_ssl_protocol_cipher_support.si(
org_uuid=org_uuid,
service_uuid=service_uuid,
ssl_protocol=ssl_protocol,
scan_uuid=scan_uuid)
self.finish_after(signature=cipher_signature)
else:
ssl_support_record = SslSupportModel.from_database_model_uuid(
uuid=scan_uuid,
db_session=self.db_session,
ssl_version=ssl_protocol,
supported=version_supported,
)
ssl_support_record.save(org_uuid)
def inspect_tcp_service_for_ssl_support(self, org_uuid=None, network_service_uuid=None, network_service_scan_uuid=None):
"""
Collect all possible information about SSL support found on the referenced network service.
:param org_uuid: The UUID of the organization to collect information on behalf of.
:param network_service_uuid: The UUID of the network service to check for SSL support.
:param network_service_scan_uuid: The UUID of the network service scan that this SSL support check is associated
with.
:return: None
"""
ip_address, port, protocol = self.get_endpoint_information(network_service_uuid)
logger.info(
"Now inspecting TCP service at %s:%s for SSL data for organization %s. Scan is %s."
% (ip_address, port, org_uuid, network_service_scan_uuid)
)
inspector = PortInspector(address=ip_address, port=port, protocol="tcp")
initial_check = inspector.check_ssl_support()
if not initial_check:
logger.info(
"Service at %s:%s does not support any version of SSL."
% (ip_address, port)
)
return
logger.info(
"Service at %s:%s supports SSL. Now kicking off subtasks to check for various version support."
% (ip_address, port)
)
task_sigs = []
task_kwargs = {
"org_uuid": org_uuid,
"network_service_uuid": network_service_uuid,
"network_service_scan_uuid": network_service_scan_uuid,
}
collection_sigs = []
collection_sigs.append(enumerate_vulnerabilities_for_ssl_service.si(**task_kwargs))
collection_sigs.append(enumerate_cipher_suites_for_ssl_service.si(**task_kwargs))
collection_sigs.append(retrieve_ssl_certificate_for_tcp_service.si(**task_kwargs))
task_sigs.append(group(collection_sigs))
task_sigs.append(create_ssl_support_report_for_network_service_scan.si(**task_kwargs))
task_sigs.append(apply_flags_to_ssl_support_scan.si(**task_kwargs))
canvas_sig = chain(task_sigs)
logger.info(
"Now kicking off %s tasks to inspect SSL support for network service %s."
% (len(collection_sigs) + 1, network_service_uuid)
)
self.finish_after(signature=canvas_sig)
def inspector(self):
"""
Get the port inspector that this task should use to investigate the referenced network service.
:return: The port inspector that this task should use to investigate the referenced network service.
"""
from lib.inspection import PortInspector
return PortInspector(
address=self.network_service.ip_address.address,
port=self.network_service.port,
protocol=self.network_service.protocol,
)
def retrieve_ssl_certificate_for_tcp_service(
self,
org_uuid=None,
network_service_uuid=None,
network_service_scan_uuid=None,
):
"""
Retrieve the SSL certificate associated with the given TCP service.
:param org_uuid: The UUID of the organization to collect information on behalf of.
:param network_service_uuid: The UUID of the network service to retrieve the SSL certificate for.
:param network_service_scan_uuid: The UUID of the network service scan that this SSL certificate retrieval is associated
with.
:return: None
"""
ip_address, port, protocol = self.get_endpoint_information(network_service_uuid)
logger.info(
"Now retrieving SSL certificate for TCP service %s:%s. Organization is %s. Scan is %s."
% (ip_address, port, org_uuid, network_service_scan_uuid)
)
inspector = PortInspector(address=ip_address, port=port, protocol="tcp")
cert_string, pem_cert = inspector.get_ssl_certificate()
cert_model = SslCertificateModel.from_database_model_uuid(
uuid=network_service_scan_uuid,
db_session=self.db_session,
)
cert_model = SslCertificateModel.populate_from_x509_certificate(certificate=pem_cert, to_populate=cert_model)
bucket, key = upload_certificate_to_s3(
org_uuid=org_uuid,
local_file_path=self.get_temporary_file_path(),
cert_string=cert_string,
)
cert_model.set_s3_attributes(bucket=bucket, key=key, file_type="ssl certificate")
cert_model.save(org_uuid)
logger.info(
"Successfully retrieved and saved SSL certificate for TCP service %s:%s. Organization was %s, scan was %s."
% (ip_address, port, org_uuid, network_service_scan_uuid)
)
def scan_endpoint_from_bitsquat_file(self,
org_uuid=None,
domain=None,
ip_address=None):
"""
Perform a custom scan for the web application on the given IP address and with the given
domain name.
:param org_uuid: The UUID of the organization to associate scan results with.
:param domain: The domain name of the web application.
:param ip_address: The IP address of the web application.
:return: None
"""
inspector = PortInspector(address=ip_address, port=80, protocol="tcp")
http_is_open = inspector.check_if_open()
inspector = PortInspector(address=ip_address, port=443, protocol="tcp")
https_is_open = inspector.check_if_open()
https_uses_ssl = inspector.check_ssl_support()
if not http_is_open and not https_is_open:
return
task_sigs = []
if http_is_open:
task_sigs.append(
gather_data_on_bitsquat_web_app.si(
org_uuid=org_uuid,
ip_address=ip_address,
domain=domain,
port=80,
use_ssl=False,
))
if https_is_open and https_uses_ssl:
ssl_sigs = []
ssl_sigs.append(
gather_data_on_bitsquat_ssl_cert.si(org_uuid=org_uuid,
ip_address=ip_address,
port=443))
ssl_sigs.append(
gather_data_on_bitsquat_web_app.si(
org_uuid=org_uuid,
ip_address=ip_address,
port=443,
domain=domain,
use_ssl=True,
))
task_sigs.append(chain(ssl_sigs))
group(task_sigs).apply_async()
def check_tcp_service_for_liveness(
self,
org_uuid=None,
do_fingerprinting=True,
do_ssl_inspection=True,
scan_uuid=None,
service_uuid=None,
):
"""
Check to see if the given TCP network service is alive.
:param org_uuid: The UUID of the organization to check the service on behalf of.
:param do_fingerprinting: Whether or not to continue with service fingerprinting.
:param do_ssl_inspection: Whether or not to gather information about SSL if the service
is alive and supports SSL.
:param scan_uuid: The UUID of the network service scan that this liveness check is associated
with.
:param service_uuid: The UUID of the network service to check for liveness.
:return: None
"""
ip_address, port, protocol = self.get_endpoint_information(service_uuid)
logger.info(
"Checking to see if TCP service at %s:%s is alive for organization %s. Scan is %s."
% (ip_address, port, org_uuid, scan_uuid)
)
inspector = PortInspector(address=ip_address, port=port, protocol="tcp")
service_alive = inspector.check_if_open()
liveness_check = NetworkServiceLivenessModel.from_database_model_uuid(
uuid=scan_uuid,
db_session=self.db_session,
is_alive=service_alive,
checked_at=DatetimeHelper.now(),
)
liveness_check.save(org_uuid)
logger.info(
"TCP service at %s:%s %s alive. Updated Elasticsearch successfully."
% (ip_address, port, "is" if service_alive else "is not")
)
next_tasks = []
if not service_alive:
logger.info(
"TCP service at %s:%s was not alive. Not performing any additional inspection."
% (ip_address, port)
)
return
if do_ssl_inspection:
next_tasks.append(inspect_tcp_service_for_ssl_support.si(
org_uuid=org_uuid,
network_service_uuid=service_uuid,
network_service_scan_uuid=scan_uuid,
))
if do_fingerprinting:
next_tasks.append(fingerprint_tcp_service.si(
org_uuid=org_uuid,
service_uuid=service_uuid,
scan_uuid=scan_uuid,
))
if len(next_tasks) > 0:
logger.info(
"Kicking off %s tasks to continue investigation of TCP service at %s:%s for organization %s."
% (len(next_tasks), ip_address, port, org_uuid)
)
canvas_sig = chain(next_tasks)
self.finish_after(signature=canvas_sig)
else:
logger.info(
"No further tasks to be performed after TCP liveness check at %s:%s for organization %s."
% (ip_address, port, org_uuid)
)