def addtoqueue(self, rule, target, remove=False):
success = False
target = target.encode('ascii')
job = rule.strip().split(' ')[0]
job_type = job.split('|')[0].lower()
job_info = job.split('|')
while (len(job) < 3):
job_info.append('')
if (not self.verifyjob(job_type, job_info)):
return success
if (util.ip.validate_ipv6(target) and (not self.ipv6)):
dsz.ui.Echo(('Target %s is an IPv6 address; redirector has no IPv6 address, not queueing' % (target, job_type)), dsz.WARNING)
return False
if (util.ip.validate_ipv6(target) and (not self.supportipv6(job_type))):
dsz.ui.Echo(('Target %s is an IPv6 address; %s does not support IPv6, not queueing' % (target, job_type)), dsz.WARNING)
return False
if (target in self.local_addresses):
dsz.ui.Echo(('Target %s is one of the IP addresses on our redirector, not queueing' % target), dsz.WARNING)
return False
elif (util.ip.validate_ipv6(target) and (util.ip.expand_ipv6(target) in self.local_addresses)):
dsz.ui.Echo(('Target %s is one of the IP addresses on our redirector, not queueing' % target), dsz.WARNING)
return False
excludes = scanbase.get_excludes(self.session)
if (target in excludes):
return False
success = scanbase.write_job(self.session, job, target)
scanbase.set_jobtype(self.session, job_type)
if (not success):
dsz.ui.Echo(('Job %s for target %s already exists' % (job, target)), dsz.WARNING)
return success
def handleupdate(self):
dsz.ui.Echo(('Updating the queue for session: %s' % self.scansweep_env))
(newrulelist, newqueuelist, removerule, removequeue) = self.checkupdate(self.scansweep_updatefile)
if (len(newrulelist) > 0):
for rule in newrulelist:
rulelist = scanbase.get_escalate_rules(self.session)
if (rule not in rulelist):
scanbase.write_escalate_rule(self.session, rule)
dsz.ui.Echo(('Escalation rule enabled: %s->%s' % (rule[0], rule[1])))
scanbase.set_jobtype(self.session, rule[1].split('|')[0])
if (len(newqueuelist) > 0):
for item in newqueuelist:
if self.addtoqueue(item[0], item[1], self.scansweep_env):
dsz.ui.Echo(('Job added: %s %s' % (item[0], item[1])))
if (len(removerule) > 0):
for rule in removerule:
rulelist = scanbase.get_escalate_rules(self.session)
if (rule in rulelist):
scanbase.delete_escalate_rule(self.session, rule)
dsz.ui.Echo(('Escalation rule removed: %s->%s' % (rule[0], rule[1])))
if (len(removequeue) > 0):
for item in removequeue:
if self.addtoqueue(item[0], item[1], self.scansweep_env, remove=True):
dsz.ui.Echo(('Job removed: %s %s' % (item[0], item[1])))
pass
def addlisttoqueue(self, target_dict):
excludes = scanbase.get_excludes(self.session)
for rule in target_dict.keys():
target_list = target_dict[rule]
job = rule.strip().split(' ')[0]
job_type = job.split('|')[0].lower()
job_info = job.split('|')
while (len(job) < 3):
job_info.append('')
if (not self.verifyjob(job_type, job_info)):
continue
job_list = []
for target in target_list:
if (util.ip.validate_ipv6(target) and (not self.ipv6)):
dsz.ui.Echo(('Target %s is an IPv6 address; redirector has no IPv6 address, not queueing' % (target, job_type)), dsz.WARNING)
return False
if (util.ip.validate_ipv6(target) and (not self.supportipv6(job_type))):
dsz.ui.Echo(('Target %s is an IPv6 address; %s does not support IPv6, not queueing' % (target, job_type)), dsz.WARNING)
return False
if (target in self.local_addresses):
dsz.ui.Echo(('Target %s is one of the IP addresses on our redirector, not queueing' % target), dsz.WARNING)
continue
elif (util.ip.validate_ipv6(target) and (util.ip.expand_ipv6(target) in self.local_addresses)):
dsz.ui.Echo(('Target %s is one of the IP addresses on our redirector, not queueing' % target), dsz.WARNING)
continue
if (target in excludes):
continue
job_list.append([job, target])
scanbase.set_jobtype(self.session, job_type)
scanbase.write_job_list(self.session, job_list)
def handleupdate(self):
dsz.ui.Echo(
('Updating the queue for session: %s' % self.scansweep_env))
(newrulelist, newqueuelist, removerule,
removequeue) = self.checkupdate(self.scansweep_updatefile)
if (len(newrulelist) > 0):
for rule in newrulelist:
rulelist = scanbase.get_escalate_rules(self.session)
if (rule not in rulelist):
scanbase.write_escalate_rule(self.session, rule)
dsz.ui.Echo(('Escalation rule enabled: %s->%s' %
(rule[0], rule[1])))
scanbase.set_jobtype(self.session, rule[1].split('|')[0])
if (len(newqueuelist) > 0):
for item in newqueuelist:
if self.addtoqueue(item[0], item[1], self.scansweep_env):
dsz.ui.Echo(('Job added: %s %s' % (item[0], item[1])))
if (len(removerule) > 0):
for rule in removerule:
rulelist = scanbase.get_escalate_rules(self.session)
if (rule in rulelist):
scanbase.delete_escalate_rule(self.session, rule)
dsz.ui.Echo(('Escalation rule removed: %s->%s' %
(rule[0], rule[1])))
if (len(removequeue) > 0):
for item in removequeue:
if self.addtoqueue(item[0],
item[1],
self.scansweep_env,
remove=True):
dsz.ui.Echo(('Job removed: %s %s' % (item[0], item[1])))
pass
def addtoqueue(self, rule, target, remove=False):
success = False
target = target.encode('ascii')
job = rule.strip().split(' ')[0]
job_type = job.split('|')[0].lower()
job_info = job.split('|')
while (len(job) < 3):
job_info.append('')
if (not self.verifyjob(job_type, job_info)):
return success
if (util.ip.validate_ipv6(target) and (not self.ipv6)):
dsz.ui.Echo(('Target %s is an IPv6 address; redirector has no IPv6 address, not queueing' % (target, job_type)), dsz.WARNING)
return False
if (util.ip.validate_ipv6(target) and (not self.supportipv6(job_type))):
dsz.ui.Echo(('Target %s is an IPv6 address; %s does not support IPv6, not queueing' % (target, job_type)), dsz.WARNING)
return False
if (target in self.local_addresses):
dsz.ui.Echo(('Target %s is one of the IP addresses on our redirector, not queueing' % target), dsz.WARNING)
return False
elif (util.ip.validate_ipv6(target) and (util.ip.expand_ipv6(target) in self.local_addresses)):
dsz.ui.Echo(('Target %s is one of the IP addresses on our redirector, not queueing' % target), dsz.WARNING)
return False
excludes = scanbase.get_excludes(self.session)
if (target in excludes):
return False
success = scanbase.write_job(self.session, job, target)
scanbase.set_jobtype(self.session, job_type)
if (not success):
dsz.ui.Echo(('Job %s for target %s already exists' % (job, target)), dsz.WARNING)
return success
def addlisttoqueue(self, target_dict):
excludes = scanbase.get_excludes(self.session)
for rule in target_dict.keys():
target_list = target_dict[rule]
job = rule.strip().split(' ')[0]
job_type = job.split('|')[0].lower()
job_info = job.split('|')
while (len(job) < 3):
job_info.append('')
if (not self.verifyjob(job_type, job_info)):
continue
job_list = []
for target in target_list:
if (util.ip.validate_ipv6(target) and (not self.ipv6)):
dsz.ui.Echo(('Target %s is an IPv6 address; redirector has no IPv6 address, not queueing' % (target, job_type)), dsz.WARNING)
return False
if (util.ip.validate_ipv6(target) and (not self.supportipv6(job_type))):
dsz.ui.Echo(('Target %s is an IPv6 address; %s does not support IPv6, not queueing' % (target, job_type)), dsz.WARNING)
return False
if (target in self.local_addresses):
dsz.ui.Echo(('Target %s is one of the IP addresses on our redirector, not queueing' % target), dsz.WARNING)
continue
elif (util.ip.validate_ipv6(target) and (util.ip.expand_ipv6(target) in self.local_addresses)):
dsz.ui.Echo(('Target %s is one of the IP addresses on our redirector, not queueing' % target), dsz.WARNING)
continue
if (target in excludes):
continue
job_list.append([job, target])
scanbase.set_jobtype(self.session, job_type)
scanbase.write_job_list(self.session, job_list)
def main(arguments):
scanbase.setup_db()
failout = False
scansweepHelper = helper.scansweepHelper([x.lower() for x in arguments])
scansweepHelper.check_env()
create_mode = False
if (scansweepHelper.options.database is not None):
database_op = scansweepHelper.options.database
if (not (database_op == 'create')):
if (scansweepHelper.options.session is not None):
scansweepHelper.database_display(database_op)
else:
scansweepHelper.database_display(database_op)
return
else:
create_mode = True
if (scansweepHelper.options.update is not None):
scansweepHelper.handleupdate()
return
scanbase.write_metadata(scansweepHelper.scansweep_env,
scansweepHelper.session,
scansweepHelper.scansweep_logfile,
scansweepHelper.scansweep_results,
scansweepHelper.verbose)
if (scansweepHelper.options.exclude is not None):
scansweepHelper.parseexcludes(scansweepHelper.options.exclude)
if (scansweepHelper.session == scansweepHelper.scansweep_env):
if ((scansweepHelper.options.monitor is None)
and (scansweepHelper.options.type is None)):
dsz.ui.Echo('You must specify a type.', dsz.ERROR)
return 0
if ((scansweepHelper.options.monitor is None)
and os.path.exists(scansweepHelper.options.type[0])):
if (scansweepHelper.options.target is not None):
dsz.ui.Echo(
'You cannot use -target when specifying a queue file.',
dsz.ERROR)
return 0
queuefile = scansweepHelper.options.type[0]
if (not scansweepHelper.verifyqueue(queuefile)):
failout = True
else:
queuelist = scansweepHelper.getqueuefromfile(queuefile)
for item in queuelist:
scansweepHelper.addtoqueue(item[0], item[1],
scansweepHelper.scansweep_env)
elif (scansweepHelper.options.type is not None):
job_type = scansweepHelper.options.type[0].lower()
job = '|'.join(scansweepHelper.options.type)
if (not scansweepHelper.verifyjob(job_type,
scansweepHelper.options.type)):
dsz.ui.Echo(
'Invalid -type options, please verify your parameters.',
dsz.ERROR)
return 0
candidate_list = []
if (scansweepHelper.options.target is not None):
if (type(scansweepHelper.options.target) == type([])):
for target_flag in scansweepHelper.options.target:
candidate_list.extend(
scansweepHelper.parsetarget(target_flag))
else:
candidate_list = scansweepHelper.parsetarget(
scansweepHelper.options.target)
else:
dsz.ui.Echo('You must provide some targets with your scan.',
dsz.ERROR)
return 0
if ((len(candidate_list) > 255)
and (not scansweepHelper.options.cidroverride)):
dsz.ui.Echo(
'You cannot specify more then 255 targets without the -cidroverride option',
dsz.ERROR)
failout = True
else:
scansweepHelper.addlisttoqueue({job: candidate_list})
if (scansweepHelper.monitor is not None):
for monitortype in scansweepHelper.monitor:
if (scansweepHelper.verifymonitor(monitortype) is False):
dsz.ui.Echo(
('%s is an invalid monitor type' % monitortype))
failout = True
if ((scanbase.num_jobs(scansweepHelper.session) > 255)
and (not scansweepHelper.options.cidroverride)):
dsz.ui.Echo(
'You cannot specify more then 255 targets without the -cidroverride option',
dsz.ERROR)
failout = True
if (scansweepHelper.options.escalate is not None):
rulelist = scansweepHelper.parseescalate(
scansweepHelper.options.escalate)
if (len(rulelist) == 0):
dsz.ui.Echo(
'You specified -escalate, but had only invalid rules. Exiting.',
dsz.ERROR)
failout = True
for rule in rulelist:
scantype = rule[1].split('|')[0]
current_rulelist = scanbase.get_escalate_rules(
scansweepHelper.session)
if (rule not in current_rulelist):
scanbase.write_escalate_rule(scansweepHelper.session, rule)
if (not (scantype == 'alert')):
scanbase.set_jobtype(scansweepHelper.session, scantype)
elif ((scansweepHelper.options.type is not None)
or (scansweepHelper.options.target is not None)):
dsz.ui.Echo('You cannot specify -target or -type when using -session.',
dsz.WARNING)
failout = True
else:
dsz.ui.Echo(
'You are joining another session, and so will use the already available job queue and escalate rules.',
dsz.WARNING)
if (not scansweepHelper.verifytime(
scanbase.get_jobtypes(scansweepHelper.session))):
failout = True
if failout:
return 0
scansweepHelper.printconfig()
if create_mode:
dsz.ui.Echo('Ran in create mode. Exiting.', dsz.WARNING)
return
dsz.lp.RecordToolUse('scansweep',
scansweepHelper.toolversion,
usage='EXERCISED',
comment=' '.join([x.lower() for x in arguments]))
try:
scan(scansweepHelper)
finally:
dsz.ui.Echo(('=' * 100))
scansweepHelper.showstats()
print '\n\n'
scansweepHelper.generateresults(quiet=False)
def main(arguments):
scanbase.setup_db()
failout = False
scansweepHelper = helper.scansweepHelper([x.lower() for x in arguments])
scansweepHelper.check_env()
create_mode = False
if (scansweepHelper.options.database is not None):
database_op = scansweepHelper.options.database
if (not (database_op == 'create')):
if (scansweepHelper.options.session is not None):
scansweepHelper.database_display(database_op)
else:
scansweepHelper.database_display(database_op)
return
else:
create_mode = True
if (scansweepHelper.options.update is not None):
scansweepHelper.handleupdate()
return
scanbase.write_metadata(scansweepHelper.scansweep_env, scansweepHelper.session, scansweepHelper.scansweep_logfile, scansweepHelper.scansweep_results, scansweepHelper.verbose)
if (scansweepHelper.options.exclude is not None):
scansweepHelper.parseexcludes(scansweepHelper.options.exclude)
if (scansweepHelper.session == scansweepHelper.scansweep_env):
if ((scansweepHelper.options.monitor is None) and (scansweepHelper.options.type is None)):
dsz.ui.Echo('You must specify a type.', dsz.ERROR)
return 0
if ((scansweepHelper.options.monitor is None) and os.path.exists(scansweepHelper.options.type[0])):
if (scansweepHelper.options.target is not None):
dsz.ui.Echo('You cannot use -target when specifying a queue file.', dsz.ERROR)
return 0
queuefile = scansweepHelper.options.type[0]
if (not scansweepHelper.verifyqueue(queuefile)):
failout = True
else:
queuelist = scansweepHelper.getqueuefromfile(queuefile)
for item in queuelist:
scansweepHelper.addtoqueue(item[0], item[1], scansweepHelper.scansweep_env)
elif (scansweepHelper.options.type is not None):
job_type = scansweepHelper.options.type[0].lower()
job = '|'.join(scansweepHelper.options.type)
if (not scansweepHelper.verifyjob(job_type, scansweepHelper.options.type)):
dsz.ui.Echo('Invalid -type options, please verify your parameters.', dsz.ERROR)
return 0
candidate_list = []
if (scansweepHelper.options.target is not None):
if (type(scansweepHelper.options.target) == type([])):
for target_flag in scansweepHelper.options.target:
candidate_list.extend(scansweepHelper.parsetarget(target_flag))
else:
candidate_list = scansweepHelper.parsetarget(scansweepHelper.options.target)
else:
dsz.ui.Echo('You must provide some targets with your scan.', dsz.ERROR)
return 0
if ((len(candidate_list) > 255) and (not scansweepHelper.options.cidroverride)):
dsz.ui.Echo('You cannot specify more then 255 targets without the -cidroverride option', dsz.ERROR)
failout = True
else:
scansweepHelper.addlisttoqueue({job: candidate_list})
if (scansweepHelper.monitor is not None):
for monitortype in scansweepHelper.monitor:
if (scansweepHelper.verifymonitor(monitortype) is False):
dsz.ui.Echo(('%s is an invalid monitor type' % monitortype))
failout = True
if ((scanbase.num_jobs(scansweepHelper.session) > 255) and (not scansweepHelper.options.cidroverride)):
dsz.ui.Echo('You cannot specify more then 255 targets without the -cidroverride option', dsz.ERROR)
failout = True
if (scansweepHelper.options.escalate is not None):
rulelist = scansweepHelper.parseescalate(scansweepHelper.options.escalate)
if (len(rulelist) == 0):
dsz.ui.Echo('You specified -escalate, but had only invalid rules. Exiting.', dsz.ERROR)
failout = True
for rule in rulelist:
scantype = rule[1].split('|')[0]
current_rulelist = scanbase.get_escalate_rules(scansweepHelper.session)
if (rule not in current_rulelist):
scanbase.write_escalate_rule(scansweepHelper.session, rule)
if (not (scantype == 'alert')):
scanbase.set_jobtype(scansweepHelper.session, scantype)
elif ((scansweepHelper.options.type is not None) or (scansweepHelper.options.target is not None)):
dsz.ui.Echo('You cannot specify -target or -type when using -session.', dsz.WARNING)
failout = True
else:
dsz.ui.Echo('You are joining another session, and so will use the already available job queue and escalate rules.', dsz.WARNING)
if (not scansweepHelper.verifytime(scanbase.get_jobtypes(scansweepHelper.session))):
failout = True
if failout:
return 0
scansweepHelper.printconfig()
if create_mode:
dsz.ui.Echo('Ran in create mode. Exiting.', dsz.WARNING)
return
dsz.lp.RecordToolUse('scansweep', scansweepHelper.toolversion, usage='EXERCISED', comment=' '.join([x.lower() for x in arguments]))
try:
scan(scansweepHelper)
finally:
dsz.ui.Echo(('=' * 100))
scansweepHelper.showstats()
print '\n\n'
scansweepHelper.generateresults(quiet=False)