Пример #1
0
def import_canvas_xml():
    """
    Process ImmunitySec's Exploit.xml which can be genrated from the URL
    http://exploitlist.immunityinc.com/ or by running ./canvasengine.py -e
    from your CANVAS directory

    http://exploitlist.immunityinc.com/home/serve/live
    """
    import os
    kvasir_path = os.path.join(request.folder, 'static/etc')
    form = SQLFORM.factory(
        Field('f_filename', 'upload', uploadfolder=os.path.join(request.folder, 'data/misc'), label=T('XML File')),
        Field('f_use_kvasir_local', 'boolean', label=T('Use Kvasir static path')),
        Field('f_use_local', 'boolean', label=T('Use local file path')),
        Field('f_pathname', 'string', default=kvasir_path, label=T('Local path')),
        Field('f_download', 'boolean', label=T('Download')),
        Field('f_taskit', type='boolean', default=auth.user.f_scheduler_tasks, label=T('Run in background task')),
        col3 = {
            'f_use_kvasir_local': 'static/etc/canvas_exploits.xml',
            'f_use_local': 'Directory where canvas_exploits.xml is located',
            'f_download': 'Download from ImmunitySec website',
        }
    )

    if form.errors:
        response.flash = 'Error in form'
    elif form.accepts(request.vars, session):
        if form.vars.f_use_local:
            filename = os.path.join(form.vars.f_pathname, 'canvas_exploits.xml')
        elif form.vars.f_use_kvasir_local:
            filename = os.path.join(request.folder,'static','etc','canvas_exploits.xml')
        elif form.vars.f_download:
            filename = None
        else:
            filename = os.path.join(request.folder,'data','misc',form.vars.f_filename)

        if form.vars.f_taskit:
            task = scheduler.queue_task(
                canvas_exploit_xml,
                pargs=[filename],
                group_name=settings.scheduler_group_name,
                sync_output=5,
                timeout=settings.scheduler_timeout,
            )
            if task.id:
                redirect(URL('tasks', 'status', args=task.id))
            else:
                response.flash = "Error submitting job: %s" % (task.errors)
        else:
            from skaldship.canvas import process_exploits
            from skaldship.exploits import connect_exploits
            process_exploits(filename)
            connect_exploits()
            response.flash = "Canvas Exploit data uploaded"
            redirect(URL('list'))

    response.title = "%s :: Import ImmunitySec CANVAS Exploits XML" % (settings.title)
    return dict(form=form)
Пример #2
0
def canvas_exploit_xml(filename=None):
    """
    Process ImmunitySec CANVAS Exploits.xml file into the database
    """
    from skaldship.canvas import process_exploits
    from skaldship.exploits import connect_exploits
    process_exploits(filename)
    connect_exploits()
    return True
Пример #3
0
def nexpose_exploit_xml(filename=None):
    """
    Process Nexpose exploits.xml file into the database
    """
    from skaldship.nexpose import process_exploits
    from skaldship.exploits import connect_exploits
    process_exploits(filename)
    connect_exploits()
    return True
Пример #4
0
def nexpose_exploit_xml(filename=None):
    """
    Process Nexpose exploits.xml file into the database
    """
    from skaldship.nexpose import process_exploits
    from skaldship.exploits import connect_exploits

    process_exploits(filename)
    connect_exploits()
    return True
Пример #5
0
def canvas_exploit_xml(filename=None):
    """
    Process ImmunitySec CANVAS Exploits.xml file into the database
    """
    from skaldship.canvas import process_exploits
    from skaldship.exploits import connect_exploits

    process_exploits(filename)
    connect_exploits()
    return True
Пример #6
0
def import_nexpose_xml():
    """
    Insert/Update exploit references from Nexpose exploits.xml file

    File is located in /opt/rapid7/nexpose/plugins/conf
    """
    import os
    response.title = "%s :: Import Nexpose Exploits XML" % (settings.title)
    form = SQLFORM.factory(
        Field('f_filename', 'upload', uploadfolder=os.path.join(request.folder, 'data', 'misc'), label=T('XML File')),
        Field('f_use_kvasir_local', 'boolean', label=T('Use Kvasir static path')),
        Field('f_use_local', 'boolean', label=T('Use local file path')),
        Field('f_pathname', 'string', default="/opt/rapid7/nexpose/plugins/conf", label=T('Local pathname')),
        Field('f_taskit', type='boolean', default=auth.user.f_scheduler_tasks, label=T('Run in background task')),
        col3 = {
            'f_use_kvasir_local': 'static/etc/nexpose_exploits.xml',
            'f_use_local': 'Directory where exploits.xml is located',
            'f_pathname': 'Requires Nexpose and possibly root access'
        }
    )

    if form.errors:
        response.flash = 'Error in form'
    elif form.accepts(request.vars, session):
        # process nexpose exploits.xml file

        if form.vars.f_use_local:
            filename = os.path.join(form.vars.f_pathname, 'exploits.xml')
        elif form.vars.f_use_kvasir_local:
            filename = os.path.join(request.folder,'static','etc','nexpose_exploits.xml')
        else:
            filename = os.path.join(request.folder,'data', 'misc', form.vars.f_filename)

        if form.vars.f_taskit:
            task = scheduler.queue_task(
                nexpose_exploit_xml,
                pargs=[filename],
                group_name=settings.scheduler_group_name,
                sync_output=5,
                timeout=settings.scheduler_timeout,
            )
            if task.id:
                redirect(URL('tasks', 'status', args=task.id))
            else:
                response.flash = "Error submitting job: %s" % (task.errors)
        else:
            from skaldship.nexpose import process_exploits
            from skaldship.exploits import connect_exploits
            process_exploits(filename)
            connect_exploits()
            redirect(URL('list'))

    return dict(form=form)
Пример #7
0
def import_nexpose_xml():
    """
    Insert/Update exploit references from Nexpose exploits.xml file

    File is located in /opt/rapid7/nexpose/plugins/conf
    """
    import os
    response.title = "%s :: Import Nexpose Exploits XML" % (settings.title)
    form = SQLFORM.factory(Field('f_filename',
                                 'upload',
                                 uploadfolder=os.path.join(
                                     request.folder, 'data', 'misc'),
                                 label=T('XML File')),
                           Field('f_use_kvasir_local',
                                 'boolean',
                                 label=T('Use Kvasir static path')),
                           Field('f_use_local',
                                 'boolean',
                                 label=T('Use local file path')),
                           Field('f_pathname',
                                 'string',
                                 default="/opt/rapid7/nexpose/plugins/conf",
                                 label=T('Local pathname')),
                           Field('f_taskit',
                                 type='boolean',
                                 default=auth.user.f_scheduler_tasks,
                                 label=T('Run in background task')),
                           col3={
                               'f_use_kvasir_local':
                               'static/etc/nexpose_exploits.xml',
                               'f_use_local':
                               'Directory where exploits.xml is located',
                               'f_pathname':
                               'Requires Nexpose and possibly root access'
                           })

    if form.errors:
        response.flash = 'Error in form'
    elif form.accepts(request.vars, session):
        # process nexpose exploits.xml file

        if form.vars.f_use_local:
            filename = os.path.join(form.vars.f_pathname, 'exploits.xml')
        elif form.vars.f_use_kvasir_local:
            filename = os.path.join(request.folder, 'static', 'etc',
                                    'nexpose_exploits.xml')
        else:
            filename = os.path.join(request.folder, 'data', 'misc',
                                    form.vars.f_filename)

        if form.vars.f_taskit:
            task = scheduler.queue_task(
                nexpose_exploit_xml,
                pargs=[filename],
                group_name=settings.scheduler_group_name,
                sync_output=5,
                timeout=settings.scheduler_timeout,
            )
            if task.id:
                redirect(URL('tasks', 'status', args=task.id))
            else:
                response.flash = "Error submitting job: %s" % (task.errors)
        else:
            from skaldship.nexpose import process_exploits
            from skaldship.exploits import connect_exploits
            process_exploits(filename)
            connect_exploits()
            redirect(URL('list'))

    return dict(form=form)
Пример #8
0
def import_canvas_xml():
    """
    Process ImmunitySec's Exploit.xml which can be genrated from the URL
    http://exploitlist.immunityinc.com/ or by running ./canvasengine.py -e
    from your CANVAS directory

    http://exploitlist.immunityinc.com/home/serve/live
    """
    import os
    kvasir_path = os.path.join(request.folder, 'static/etc')
    form = SQLFORM.factory(
        Field('f_filename',
              'upload',
              uploadfolder=os.path.join(request.folder, 'data/misc'),
              label=T('XML File')),
        Field('f_use_kvasir_local',
              'boolean',
              label=T('Use Kvasir static path')),
        Field('f_use_local', 'boolean', label=T('Use local file path')),
        Field('f_pathname',
              'string',
              default=kvasir_path,
              label=T('Local path')),
        Field('f_download', 'boolean', label=T('Download')),
        Field('f_taskit',
              type='boolean',
              default=auth.user.f_scheduler_tasks,
              label=T('Run in background task')),
        col3={
            'f_use_kvasir_local': 'static/etc/canvas_exploits.xml',
            'f_use_local': 'Directory where canvas_exploits.xml is located',
            'f_download': 'Download from ImmunitySec website',
        })

    if form.errors:
        response.flash = 'Error in form'
    elif form.accepts(request.vars, session):
        if form.vars.f_use_local:
            filename = os.path.join(form.vars.f_pathname,
                                    'canvas_exploits.xml')
        elif form.vars.f_use_kvasir_local:
            filename = os.path.join(request.folder, 'static', 'etc',
                                    'canvas_exploits.xml')
        elif form.vars.f_download:
            filename = None
        else:
            filename = os.path.join(request.folder, 'data', 'misc',
                                    form.vars.f_filename)

        if form.vars.f_taskit:
            task = scheduler.queue_task(
                canvas_exploit_xml,
                pargs=[filename],
                group_name=settings.scheduler_group_name,
                sync_output=5,
                timeout=settings.scheduler_timeout,
            )
            if task.id:
                redirect(URL('tasks', 'status', args=task.id))
            else:
                response.flash = "Error submitting job: %s" % (task.errors)
        else:
            from skaldship.canvas import process_exploits
            from skaldship.exploits import connect_exploits
            process_exploits(filename)
            connect_exploits()
            response.flash = "Canvas Exploit data uploaded"
            redirect(URL('list'))

    response.title = "%s :: Import ImmunitySec CANVAS Exploits XML" % (
        settings.title)
    return dict(form=form)