default=auth.user.f_scheduler_tasks,
label=T('Run in background task')))
form = SQLFORM.factory(*fields, table_name='nexpose_xml')
# form processing
if form.errors:
response.flash = 'Error in form'
elif form.accepts(request.vars, session):
# process a nexpose file
if not nxsitelist:
nexpose_site = '0'
else:
nexpose_site = form.vars.f_nexpose_site
if nexpose_site != '0':
report = Report()
report.host = nexpose_config['host']
report.port = nexpose_config['port']
nx_loggedin = report.login(user_id=nexpose_config['user'],
password=nexpose_config['password'])
if nx_loggedin:
# have nexpose generate the adhoc report
check_datadir(request.folder)
filename = os.path.join(
filedir,
"%s-%s.xml" % (form.vars.f_asset_group, int(time.time())))
fout = open(filename, "w")
fout.write(report.adhoc_generate(filterid=nexpose_site))
fout.close()
else:
response.flash = "Unable to login to Nexpose"
Field("f_taskit", type="boolean", default=auth.user.f_scheduler_tasks, label=T("Run in background task"))
)
form = SQLFORM.factory(*fields, table_name="nexpose_xml")
# form processing
if form.errors:
response.flash = "Error in form"
elif form.accepts(request.vars, session):
# process a nexpose file
if not nxsitelist:
nexpose_site = "0"
else:
nexpose_site = form.vars.f_nexpose_site
if nexpose_site != "0":
report = Report()
report.host = nexpose_config["host"]
report.port = nexpose_config["port"]
nx_loggedin = report.login(user_id=nexpose_config["user"], password=nexpose_config["password"])
if nx_loggedin:
# have nexpose generate the adhoc report
check_datadir(request.folder)
filename = os.path.join(filedir, "%s-%s.xml" % (form.vars.f_asset_group, int(time.time())))
fout = open(filename, "w")
fout.write(report.adhoc_generate(filterid=nexpose_site))
fout.close()
else:
response.flash = "Unable to login to Nexpose"
return dict(form=form)
else:
filename = form.vars.f_filename
def import_xml_scan():
"""
Upload/import Nexpose XML Scan file via scheduler task
"""
from NexposeAPI import NexposeAPI, Sites, Report
from skaldship.general import check_datadir
from skaldship.metasploit import msf_get_config
import time
import os
msf_settings = msf_get_config(session)
try:
# check to see if we have a Metasploit RPC instance configured and talking
from MetasploitProAPI import MetasploitProAPI
msf_api = MetasploitProAPI(host=msf_settings['url'],
apikey=msf_settings['key'])
working_msf_api = msf_api.login()
except:
working_msf_api = False
filedir = os.path.join(request.folder, 'data', 'scanfiles')
response.title = "%s :: Import Nexpose XML Scan Results" % (settings.title)
fields = []
# buld the dropdown user list
users = db(db.auth_user).select()
userlist = []
for user in users:
userlist.append([user.id, user.username])
# check to see if nexpose is configured/active and get site listing
nexpose_config = nexpose_get_config()
nxsitelist = []
if nexpose_config['host'] is not None and nexpose_config[
'user'] is not None:
# see if the host is open/active first
if nexpose_config['host'] is not None:
sites = Sites()
sites.host = nexpose_config['host']
sites.port = nexpose_config['port']
try:
if sites.login(user_id=nexpose_config['user'],
password=nexpose_config['password']):
sites = sites.listings()
nxsitelist.append([0, None])
for k, v in sites.items():
nxsitelist.append([int(k), sites[k]['name']])
except Exception as e:
pass
if nxsitelist:
fields.append(
Field('f_nexpose_site',
type='integer',
label=T('Nexpose Site'),
requires=IS_IN_SET(nxsitelist, zero=None)))
fields.append(
Field('f_filename',
'upload',
uploadfolder=filedir,
label=T('Nexpose XML File')))
fields.append(
Field('f_engineer',
type='integer',
label=T('Engineer'),
default=auth.user.id,
requires=IS_IN_SET(userlist)))
fields.append(
Field('f_asset_group',
type='string',
label=T('Asset Group'),
requires=IS_NOT_EMPTY()))
# If Metasploit available, pull a list of the workspaces and present them
if working_msf_api:
msf_workspaces = []
msf_workspaces.append("None")
for w in list(msf_api.pro_workspaces().keys()):
msf_workspaces.append(w)
fields.append(
Field('f_msf_workspace',
type='string',
label=T('MSF Pro Workspace'),
requires=IS_EMPTY_OR(IS_IN_SET(msf_workspaces, zero=None))))
fields.append(
Field('f_include_list', type='text', label=T('Hosts to Only Include')))
fields.append(
Field('f_ignore_list', type='text', label=T('Hosts to Ignore')))
fields.append(
Field('f_update_hosts',
type='boolean',
label=T('Update Host Information'),
default=False))
fields.append(
Field('f_taskit',
type='boolean',
default=auth.user.f_scheduler_tasks,
label=T('Run in background task')))
form = SQLFORM.factory(*fields, table_name='nexpose_xml')
# form processing
if form.errors:
response.flash = 'Error in form'
elif form.accepts(request.vars, session):
# process a nexpose file
if not nxsitelist:
nexpose_site = '0'
else:
nexpose_site = form.vars.f_nexpose_site
if nexpose_site != '0':
report = Report()
report.host = nexpose_config['host']
report.port = nexpose_config['port']
nx_loggedin = report.login(user_id=nexpose_config['user'],
password=nexpose_config['password'])
if nx_loggedin:
# have nexpose generate the adhoc report
check_datadir(request.folder)
filename = os.path.join(
filedir,
"%s-%s.xml" % (form.vars.f_asset_group, int(time.time())))
fout = open(filename, "w")
fout.write(report.adhoc_generate(filterid=nexpose_site))
fout.close()
else:
response.flash = "Unable to login to Nexpose"
return dict(form=form)
else:
filename = form.vars.f_filename
filename = os.path.join(filedir, form.vars.f_filename)
# build the hosts only/exclude list
ip_exclude = []
data = form.vars.get('f_ignore_list')
if data:
ip_exclude = data.split('\r\n')
# TODO: check for ip subnet/range and break it out to individuals
ip_include = []
data = form.vars.get('f_include_list')
if data:
ip_include = data.split('\r\n')
# TODO: check for ip subnet/range and break it out to individuals
if form.vars.f_msf_workspace:
msf_workspace = form.vars.f_msf_workspace
if msf_workspace == "None":
msf_workspace = None
else:
msf_workspace = None
msf_settings = {
'workspace': msf_workspace,
'url': msf_settings['url'],
'key': msf_settings['key']
}
if form.vars.f_taskit:
task = scheduler.queue_task(
scanner_import,
pvars=dict(
scanner='nexpose',
filename=filename,
asset_group=form.vars.f_asset_group,
engineer=form.vars.f_engineer,
msf_settings=msf_settings,
ip_ignore_list=ip_exclude,
ip_include_list=ip_include,
update_hosts=form.vars.f_update_hosts,
),
group_name=settings.scheduler_group_name,
sync_output=5,
timeout=settings.scheduler_timeout)
if task.id:
redirect(URL('tasks', 'status', args=task.id))
else:
response.flash = "Error submitting job: %s" % (task.errors)
else:
from skaldship.nexpose import process_xml
log("Starting Nexpose XML Import")
process_xml(
filename=filename,
asset_group=form.vars.f_asset_group,
engineer=form.vars.f_engineer,
msf_settings=msf_settings,
ip_ignore_list=ip_exclude,
ip_include_list=ip_include,
update_hosts=form.vars.f_update_hosts,
)
response.flash = "Nexpose XML upload complete"
redirect(URL('default', 'index'))
return dict(form=form)
fields.append(Field('f_update_hosts', type='boolean', label=T('Update Host Information'), default=False))
fields.append(Field('f_taskit', type='boolean', default=auth.user.f_scheduler_tasks, label=T('Run in background task')))
form = SQLFORM.factory(*fields, table_name='nexpose_xml')
# form processing
if form.errors:
response.flash = 'Error in form'
elif form.accepts(request.vars, session):
# process a nexpose file
if not nxsitelist:
nexpose_site = '0'
else:
nexpose_site = form.vars.f_nexpose_site
if nexpose_site != '0':
report = Report()
report.host = auth.user.f_nexpose_host
report.port = auth.user.f_nexpose_port
nx_loggedin = report.login(user_id=auth.user.f_nexpose_user, password=auth.user.f_nexpose_pw)
if nx_loggedin:
# have nexpose generate the adhoc report
check_datadir(request.folder)
filename = os.path.join(filedir, "%s-%s.xml" % (form.vars.f_asset_group, int(time.time())))
fout = open(filename, "w")
fout.write(report.adhoc_generate(filterid=nexpose_site))
fout.close()
else:
response.flash = "Unable to login to Nexpose"
return dict(form=form)
else:
filename = form.vars.f_filename
fields.append(Field('f_update_hosts', type='boolean', label=T('Update Host Information'), default=False))
fields.append(Field('f_taskit', type='boolean', default=auth.user.f_scheduler_tasks, label=T('Run in background task')))
form = SQLFORM.factory(*fields, table_name='nexpose_xml')
# form processing
if form.errors:
response.flash = 'Error in form'
elif form.accepts(request.vars, session):
# process a nexpose file
if not nxsitelist:
nexpose_site = '0'
else:
nexpose_site = form.vars.f_nexpose_site
if nexpose_site != '0':
report = Report()
report.host = nexpose_config['host']
report.port = nexpose_config['port']
nx_loggedin = report.login(user_id=nexpose_config['user'], password=nexpose_config['password'])
if nx_loggedin:
# have nexpose generate the adhoc report
check_datadir(request.folder)
filename = os.path.join(filedir, "%s-%s.xml" % (form.vars.f_asset_group, int(time.time())))
fout = open(filename, "w")
fout.write(report.adhoc_generate(filterid=nexpose_site))
fout.close()
else:
response.flash = "Unable to login to Nexpose"
return dict(form=form)
else:
filename = form.vars.f_filename