def OpenVas_xml_upload(request):
"""
OpenVAS XML file upload.
:param request:
:return:
"""
all_project = project_db.objects.all()
if request.method == "POST":
project_id = request.POST.get("project_id")
scanner = request.POST.get("scanner")
xml_file = request.FILES['xmlfile']
scan_ip = request.POST.get("scan_url")
scan_id = uuid.uuid4()
scan_status = "100"
if scanner == "openvas":
date_time = datetime.datetime.now()
scan_dump = scan_save_db(scan_ip=scan_ip,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
OpenVas_Parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return HttpResponseRedirect("/networkscanners/")
return render(request,
'net_upload_xml.html',
{'all_project': all_project})
def openvas_scanner(scan_ip, project_id, sel_profile, user):
"""
The function is launch the OpenVAS scans.
:param scan_ip:
:param project_id:
:param sel_profile:
:return:
"""
openvas = OpenVAS_Plugin(scan_ip, project_id, sel_profile)
try:
scanner = openvas.connect()
except Exception as e:
notify.send(user, recipient=user, verb='OpenVAS Setting not configured')
subject = 'Archery Tool Notification'
message = 'OpenVAS Scanner failed due to setting not found '
email_notify(user=user, subject=subject, message=message)
return
notify.send(user, recipient=user, verb='OpenVAS Scan Started')
subject = 'Archery Tool Notification'
message = 'OpenVAS Scan Started'
email_notify(user=user, subject=subject, message=message)
scan_id, target_id = openvas.scan_launch(scanner)
date_time = datetime.now()
save_all = scan_save_db(scan_id=str(scan_id),
project_id=str(project_id),
scan_ip=scan_ip,
target_id=str(target_id),
date_time=date_time,
scan_status=0.0)
save_all.save()
openvas.scan_status(scanner=scanner, scan_id=scan_id)
time.sleep(5)
vuln_an_id(scan_id=scan_id, project_id=project_id)
notify.send(user, recipient=user, verb='OpenVAS Scan Completed')
all_openvas = scan_save_db.objects.all()
all_vuln = ''
total_high = ''
total_medium = ''
total_low = ''
for openvas in all_openvas:
all_vuln = openvas.total_vul
total_high = openvas.high_total
total_medium = openvas.medium_total
total_low = openvas.low_total
subject = 'Archery Tool Notification'
message = 'OpenVAS Scan Completed <br>' \
'Total: %s <br>Total High: %s <br>' \
'Total Medium: %s <br>Total Low %s' % (all_vuln, total_high, total_medium, total_low)
email_notify(user=user, subject=subject, message=message)
return HttpResponse(status=201)
def OpenVAS_xml_upload(request):
username = request.user.username
"""
OpenVAS XML file upload.
:param request:
:return:
"""
all_project = project_db.objects.filter(username=username)
if request.method == "POST":
project_id = request.POST.get("project_id")
scanner = request.POST.get("scanner")
xml_file = request.FILES['xmlfile']
scan_ip = request.POST.get("scan_url")
scan_id = uuid.uuid4()
scan_status = "100"
if scanner == "openvas":
date_time = datetime.now()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
hosts = OpenVas_Parser.get_hosts(root_xml)
for host in hosts:
scan_dump = scan_save_db(scan_ip=host,
scan_id=host,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username
)
scan_dump.save()
OpenVas_Parser.updated_xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml,
username=username
)
return HttpResponseRedirect(reverse('networkscanners:index'))
elif scanner == "nessus":
date_time = datetime.now()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
Nessus_Parser.updated_nessus_parser(root=root_xml,
scan_id=scan_id,
project_id=project_id,
username=username,
)
return HttpResponseRedirect(reverse('networkscanners:nessus_scan'))
elif scanner == "nmap":
tree = ET.parse(xml_file)
root_xml = tree.getroot()
nmap_parser.xml_parser(root=root_xml,
scan_id=scan_id,
project_id=project_id,
username=username,
)
return HttpResponseRedirect(reverse('tools:nmap_scan'))
return render(request,
'net_upload_xml.html',
{'all_project': all_project})
def OpenVas_xml_upload(request):
all_project = project_db.objects.all()
if request.method == "POST":
project_id = request.POST.get("project_id")
scanner = request.POST.get("scanner")
xml_file = request.FILES['xmlfile']
scan_ip = request.POST.get("scan_url")
scan_id = uuid.uuid4()
scan_status = "100"
if scanner == "openvas":
date_time = datetime.datetime.now()
scan_dump = scan_save_db(scan_ip=scan_ip, scan_id=scan_id, date_time=date_time,
project_id=project_id, scan_status=scan_status)
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
OpenVas_Parser.xml_parser(project_id=project_id, scan_id=scan_id, root=root_xml)
return HttpResponseRedirect("/networkscanners/")
return render(request, 'net_upload_xml.html', {'all_project': all_project})
def openvas_scanner(scan_ip, project_id, sel_profile):
"""
The function is launch the OpenVAS scans.
:param scan_ip:
:param project_id:
:param sel_profile:
:return:
"""
openvas = OpenVAS_Plugin(scan_ip, project_id, sel_profile)
scanner = openvas.connect()
scan_id, target_id = openvas.scan_launch(scanner)
date_time = datetime.now()
save_all = scan_save_db(scan_id=str(scan_id),
project_id=str(project_id),
scan_ip=scan_ip,
target_id=str(target_id),
date_time=date_time)
save_all.save()
openvas.scan_status(scanner=scanner, scan_id=scan_id)
time.sleep(5)
vuln_an_id(scan_id=scan_id)
return HttpResponse(status=201)
def openvas_scanner(scan_ip, project_id, sel_profile):
"""
The function is launch the OpenVAS scans.
:param scan_ip:
:param project_id:
:param sel_profile:
:return:
"""
openvas = OpenVAS_Plugin(scan_ip, project_id, sel_profile)
scanner = openvas.connect()
scan_id, target_id = openvas.scan_launch(scanner)
date_time = datetime.now()
save_all = scan_save_db(scan_id=str(scan_id),
project_id=str(project_id),
scan_ip=scan_ip,
target_id=str(target_id),
date_time=date_time)
save_all.save()
openvas.scan_status(scanner=scanner, scan_id=scan_id)
time.sleep(5)
vuln_an_id(scan_id=scan_id)
return HttpResponse(status=201)
def Scan_Launch(scan_ip, project_id, sel_profile):
with open(openvas_data, 'r+') as f:
data = json.load(f)
ov_user = data['open_vas_user']
ov_pass = data['open_vas_pass']
ov_ip = data['open_vas_ip']
lod_ov_user = signing.loads(ov_user)
lod_ov_pass = signing.loads(ov_pass)
lod_ov_ip = signing.loads(ov_ip)
scanner = VulnscanManager(str(lod_ov_ip), str(lod_ov_user), str(lod_ov_pass))
time.sleep(5)
profile = None
if profile is None:
profile = "Full and fast"
else:
profile = sel_profile
scan_id, target_id = scanner.launch_scan(target=str(scan_ip), profile=str(profile))
save_all = scan_save_db(scan_id=str(scan_id), project_id=str(project_id), scan_ip=str(scan_ip),
target_id=str(target_id))
save_all.save()
while int(scanner.get_progress(str(scan_id))) < 100.0:
print 'Scan progress %: ' + str(scanner.get_progress(str(scan_id)))
status = str(scanner.get_progress(str(scan_id)))
scan_save_db.objects.filter(scan_id=scan_id).update(scan_status=status)
time.sleep(5)
global status
status = "100"
scan_save_db.objects.filter(scan_id=scan_id).update(scan_status=status)
if profile == "Discovery":
print "returning....."
else:
time.sleep(10)
try:
openvas_results = scanner.get_raw_xml(str(scan_id))
vul_an_id(scan_id, openvas_results)
except Exception as e:
print e
try:
openvas_vul = ov_scan_result_db.objects.filter(scan_id=scan_id).order_by('scan_id')
total_vul = len(openvas_vul)
total_high = len(openvas_vul.filter(threat="High"))
total_medium = len(openvas_vul.filter(threat="Medium"))
total_low = len(openvas_vul.filter(threat="Low"))
scan_save_db.objects.filter(scan_id=scan_id).update(total_vul=total_vul, high_total=total_high,
medium_total=total_medium, low_total=total_low)
except Exception as e:
print e
try:
for vul_id in ov_scan_result_db.objects.values_list('vul_id', flat=True).distinct():
ov_scan_result_db.objects.filter(
pk=ov_scan_result_db.objects.filter(vul_id=vul_id).values_list('id', flat=True)[1:]).delete()
except Exception as e:
print e
def Scan_Launch(scan_ip, project_id, sel_profile):
with open(openvas_data, 'r+') as f:
data = json.load(f)
ov_user = data['open_vas_user']
ov_pass = data['open_vas_pass']
ov_ip = data['open_vas_ip']
lod_ov_user = signing.loads(ov_user)
lod_ov_pass = signing.loads(ov_pass)
lod_ov_ip = signing.loads(ov_ip)
scanner = VulnscanManager(str(lod_ov_ip), str(lod_ov_user), str(lod_ov_pass))
time.sleep(5)
profile = None
if profile is None:
profile = "Full and fast"
else:
profile = sel_profile
scan_id, target_id = scanner.launch_scan(target=str(scan_ip), profile=str(profile))
date_time = datetime.datetime.now()
save_all = scan_save_db(scan_id=str(scan_id), project_id=str(project_id), scan_ip=str(scan_ip),
target_id=str(target_id), date_time=date_time)
save_all.save()
while int(scanner.get_progress(str(scan_id))) < 100.0:
print 'Scan progress %: ' + str(scanner.get_progress(str(scan_id)))
status = str(scanner.get_progress(str(scan_id)))
scan_save_db.objects.filter(scan_id=scan_id).update(scan_status=status)
time.sleep(5)
global status
status = "100"
scan_save_db.objects.filter(scan_id=scan_id).update(scan_status=status)
if profile == "Discovery":
print "returning....."
else:
time.sleep(10)
try:
openvas_results = scanner.get_raw_xml(str(scan_id))
vul_an_id(scan_id, openvas_results)
except Exception as e:
print e
try:
openvas_vul = ov_scan_result_db.objects.filter(scan_id=scan_id).values('name', 'severity', 'vuln_color', 'threat', 'host', 'port').distinct()
total_vul = len(openvas_vul)
total_high = len(openvas_vul.filter(threat="High"))
total_medium = len(openvas_vul.filter(threat="Medium"))
total_low = len(openvas_vul.filter(threat="Low"))
scan_save_db.objects.filter(scan_id=scan_id).update(total_vul=total_vul, high_total=total_high,
medium_total=total_medium, low_total=total_low)
except Exception as e:
print e
try:
for vul_id in ov_scan_result_db.objects.values_list('vul_id', flat=True).distinct():
ov_scan_result_db.objects.filter(
pk=ov_scan_result_db.objects.filter(vul_id=vul_id).values_list('id', flat=True)[1:]).delete()
except Exception as e:
print e
def post(self, request, format=None):
username = request.user.username
project_id = request.data.get("project_id")
scanner = request.data.get("scanner")
file = request.data.get("filename")
scan_url = request.data.get("scan_url")
scan_id = uuid.uuid4()
scan_status = "100"
if scanner == "zap_scan":
date_time = datetime.datetime.now()
scan_dump = zap_scans_db(scan_url=scan_url,
scan_scanid=scan_id,
date_time=date_time,
project_id=project_id,
vul_status=scan_status,
rescan='No',
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
zap_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml_en,
username=username)
return Response({
"message": "ZAP Scan Data Uploaded",
"scanner": scanner,
"project_id": project_id,
"scan_id": scan_id
})
elif scanner == "burp_scan":
date_time = datetime.datetime.now()
scan_dump = burp_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
# Burp scan XML parser
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
burp_xml_parser.burp_scan_data(root_xml_en,
project_id,
scan_id,
username=username)
return Response({
"message": "Burp Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == "arachni":
date_time = datetime.datetime.now()
scan_dump = arachni_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
arachni_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml,
username=username,
target_url=scan_url)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == "acunetix":
date_time = datetime.datetime.now()
scan_dump = acunetix_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
acunetix_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml_en,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'netsparker':
date_time = datetime.datetime.now()
scan_dump = netsparker_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
netsparker_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'webinspect':
date_time = datetime.datetime.now()
scan_dump = webinspect_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
webinspect_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'banditscan':
date_time = datetime.datetime.now()
scan_dump = bandit_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
bandit_report_json(data=data,
project_id=project_id,
scan_id=scan_id,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'dependencycheck':
date_time = datetime.datetime.now()
scan_dump = dependencycheck_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
xml_dat = bytes(bytearray(file, encoding='utf-8'))
data = etree.XML(xml_dat)
dependencycheck_report_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'findbugs':
date_time = datetime.datetime.now()
scan_dump = findbugs_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
findbugs_report_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'checkmarx':
date_time = datetime.datetime.now()
scan_dump = checkmarx_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
checkmarx_xml_report_parser.checkmarx_report_xml(
data=root_xml,
project_id=project_id,
scan_id=scan_id,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'clair':
date_time = datetime.datetime.now()
scan_dump = clair_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
clair_json_report_parser.clair_report_json(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'trivy':
date_time = datetime.datetime.now()
scan_dump = trivy_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
trivy_json_report_parser.trivy_report_json(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'npmaudit':
date_time = datetime.datetime.now()
scan_dump = npmaudit_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
npm_audit_report_json.npmaudit_report_json(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'nodejsscan':
date_time = datetime.datetime.now()
scan_dump = nodejsscan_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
nodejsscan_report_json.nodejsscan_report_json(
project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'tfsec':
date_time = datetime.datetime.now()
scan_dump = tfsec_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
tfsec_report_parser.tfsec_report_json(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'whitesource':
date_time = datetime.datetime.now()
scan_dump = whitesource_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
whitesource_json_report_parser.whitesource_report_json(
project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'inspec':
date_time = datetime.datetime.now()
scan_dump = inspec_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
inspec_json_parser.inspec_report_json(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'dockle':
date_time = datetime.datetime.now()
scan_dump = dockle_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
data = json.loads(file)
dockle_json_parser.dockle_report_json(project_id=project_id,
scan_id=scan_id,
data=data,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'nessus':
date_time = datetime.datetime.now()
scan_dump = nessus_scan_db(scan_ip=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
Nessus_Parser.updated_nessus_parser(root=root_xml_en,
scan_id=scan_id,
project_id=project_id,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'openvas':
date_time = datetime.datetime.now()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
hosts = OpenVas_Parser.get_hosts(root_xml_en)
for host in hosts:
scan_dump = scan_save_db(scan_ip=host,
scan_id=host,
date_time=date_time,
project_id=project_id,
scan_status=scan_status,
username=username)
scan_dump.save()
OpenVas_Parser.updated_xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml_en,
username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'nikto':
date_time = datetime.datetime.now()
scan_dump = nikto_result_db(date_time=date_time,
scan_url=scan_url,
scan_id=scan_id,
project_id=project_id,
username=username)
scan_dump.save()
nikto_html_parser(file, project_id, scan_id, username=username)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
return Response({"message": "Scan Data Uploaded"})
def post(self, request, format=None):
project_id = request.data.get("project_id")
scanner = request.data.get("scanner")
file = request.data.get("filename")
print("Results file content: ", file)
scan_url = request.data.get("scan_url")
scan_id = uuid.uuid4()
scan_status = "100"
if scanner == "zap_scan":
print("Inside zap_scan")
date_time = datetime.datetime.now()
scan_dump = zap_scans_db(scan_url=scan_url,
scan_scanid=scan_id,
date_time=date_time,
project_id=project_id,
vul_status=scan_status,
rescan='No')
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
zap_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml_en)
return Response({
"message": "ZAP Scan Data Uploaded",
"scanner": scanner,
"project_id": project_id,
"scan_id": scan_id
})
elif scanner == "burp_scan":
date_time = datetime.datetime.now()
scan_dump = burp_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
# Burp scan XML parser
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
burp_xml_parser.burp_scan_data(root_xml_en, project_id, scan_id)
return Response({
"message": "Burp Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == "arachni":
date_time = datetime.datetime.now()
scan_dump = arachni_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
arachni_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == "acunetix":
date_time = datetime.datetime.now()
scan_dump = acunetix_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
acunetix_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml_en)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'netsparker':
date_time = datetime.datetime.now()
scan_dump = netsparker_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
netsparker_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'webinspect':
date_time = datetime.datetime.now()
scan_dump = webinspect_scan_db(url=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
webinspect_xml_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'banditscan':
date_time = datetime.datetime.now()
scan_dump = bandit_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
data = json.loads(file)
bandit_report_json(data=data,
project_id=project_id,
scan_id=scan_id)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'dependencycheck':
date_time = datetime.datetime.now()
scan_dump = dependencycheck_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
xml_dat = bytes(bytearray(file, encoding='utf-8'))
data = etree.XML(xml_dat)
dependencycheck_report_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
data=data)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'findbugs':
date_time = datetime.datetime.now()
scan_dump = findbugs_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
findbugs_report_parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'clair':
date_time = datetime.datetime.now()
scan_dump = clair_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
data = json.loads(file)
clair_json_report_parser.clair_report_json(project_id=project_id,
scan_id=scan_id,
data=data)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'inspec':
date_time = datetime.datetime.now()
scan_dump = inspec_scan_db(project_name=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
data = json.loads(file)
inspec_json_parser.inspec_report_json(project_id=project_id,
scan_id=scan_id,
data=data)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'nessus':
date_time = datetime.datetime.now()
scan_dump = nessus_scan_db(scan_ip=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
Nessus_Parser.nessus_parser(
root=root_xml_en,
scan_id=scan_id,
project_id=project_id,
)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'openvas':
date_time = datetime.datetime.now()
scan_dump = scan_save_db(scan_ip=scan_url,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
root_xml = ET.fromstring(file)
en_root_xml = ET.tostring(root_xml, encoding='utf8').decode(
'ascii', 'ignore')
root_xml_en = ET.fromstring(en_root_xml)
OpenVas_Parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml_en)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
elif scanner == 'nikto':
date_time = datetime.datetime.now()
scan_dump = nikto_result_db(
date_time=date_time,
scan_url=scan_url,
scan_id=scan_id,
project_id=project_id,
)
scan_dump.save()
nikto_html_parser(file, project_id, scan_id)
return Response({
"message": "Scan Data Uploaded",
"project_id": project_id,
"scan_id": scan_id,
"scanner": scanner
})
return Response({"message": "Scan Data Not Uploaded"})
def OpenVas_xml_upload(request):
"""
OpenVAS XML file upload.
:param request:
:return:
"""
all_project = project_db.objects.all()
if request.method == "POST":
project_id = request.POST.get("project_id")
scanner = request.POST.get("scanner")
xml_file = request.FILES['xmlfile']
scan_ip = request.POST.get("scan_url")
scan_id = uuid.uuid4()
scan_status = "100"
if scanner == "openvas":
date_time = datetime.now()
scan_dump = scan_save_db(scan_ip=scan_ip,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status)
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
OpenVas_Parser.xml_parser(project_id=project_id,
scan_id=scan_id,
root=root_xml)
return HttpResponseRedirect("/networkscanners/")
elif scanner == "nessus":
date_time = datetime.now()
scan_dump = nessus_scan_db(
scan_ip=scan_ip,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
scan_status=scan_status
)
scan_dump.save()
scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
Nessus_Parser.nessus_parser(root=root_xml,
scan_id=scan_id,
project_id=project_id,
)
return HttpResponseRedirect("/networkscanners/nessus_scan")
elif scanner == "nmap":
# date_time = datetime.now()
# scan_dump = nessus_scan_db(
# scan_ip=scan_ip,
# scan_id=scan_id,
# date_time=date_time,
# project_id=project_id,
# scan_status=scan_status
# )
# scan_dump.save()
tree = ET.parse(xml_file)
root_xml = tree.getroot()
nmap_parser.xml_parser(root=root_xml,
scan_id=scan_id,
project_id=project_id,
)
return HttpResponseRedirect("/tools/nmap_scan/")
return render(request,
'net_upload_xml.html',
{'all_project': all_project})
def launch_scan(request):
all_ip = scan_save_db.objects.all()
scanner = VulnscanManager(scan_host, user, password)
time.sleep(5)
if request.method == 'POST':
all_ip = scan_save_db.objects.all()
scan_ip = request.POST.get('ip')
profile = None
if profile is None:
profile = "Full and fast"
else:
profile = request.POST.get('scan_profile')
scan_id, target_id = scanner.launch_scan(target=str(scan_ip),
profile=str(profile))
save_all = scan_save_db(scan_id=str(scan_id),
scan_ip=str(scan_ip),
target_id=str(target_id))
save_all.save()
while int(scanner.get_progress(str(scan_id))) < 100.0:
print 'Scan progress %: ' + str(scanner.get_progress(str(scan_id)))
status = str(scanner.get_progress(str(scan_id)))
scan_save_db.objects.filter(scan_id=scan_id).update(
scan_status=status)
time.sleep(5)
global status
status = "100"
scan_save_db.objects.filter(scan_id=scan_id).update(scan_status=status)
if profile == "Discovery":
print "returning....."
else:
time.sleep(10)
try:
openvas_results = scanner.get_raw_xml(str(scan_id))
vul_an_id(scan_id, openvas_results)
except Exception as e:
print e
try:
openvas_vul = ov_scan_result_db.objects.filter(
Q(scan_id=scan_id)).order_by('scan_id')
total_vul = len(openvas_vul)
total_high = len(openvas_vul.filter(threat="High"))
total_medium = len(openvas_vul.filter(threat="Medium"))
total_low = len(openvas_vul.filter(threat="Low"))
scan_save_db.objects.filter(scan_id=scan_id).update(
total_vul=total_vul,
high_total=total_high,
medium_total=total_medium,
low_total=total_low)
except Exception as e:
print e
try:
for vul_id in ov_scan_result_db.objects.values_list(
'vul_id', flat=True).distinct():
ov_scan_result_db.objects.filter(
pk=ov_scan_result_db.objects.filter(vul_id=vul_id).
values_list('id', flat=True)[1:]).delete()
except Exception as e:
print e
return render_to_response('vul_details.html', {'all_ip': all_ip})
