def scan_target(scan_info, url_to_scan): resp = get_response(url_to_scan) if resp is None: return try: if 'IIS' in resp.headers['Server']: ROOT_DIR = os.path.dirname(os.path.abspath(__file__)) TOOL_DIR = ROOT_DIR + '/tools/IIS-ShortName-Scanner/iis_shortname_scanner.jar' CONFIG_DIR = ROOT_DIR + '/tools/IIS-ShortName-Scanner/config.xml' iis_process = subprocess.run( ['java', '-jar', TOOL_DIR, '0', '10', url_to_scan, CONFIG_DIR], capture_output=True) message = iis_process.stdout.decode() if "NOT VULNERABLE" not in message: img_str = image_creator.create_image_from_string(message) random_filename = uuid.uuid4().hex output_dir = ROOT_DIR + '/tools_output/' + random_filename + '.png' im = Image.open(BytesIO(base64.b64decode(img_str))) im.save(output_dir, 'PNG') vulnerability = Vulnerability( constants.IIS_SHORTNAME_MICROSOFT, scan_info, "IIS Microsoft files and directories enumeration found") vulnerability.add_attachment(output_dir, 'IIS-Result.png') slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL) vulnerability.id = mongo.add_vulnerability(vulnerability) redmine.create_new_issue(vulnerability) os.remove(output_dir) except KeyError: pass except Exception: pass return
def add_vulnerability(scan_info, firebase_name): vulnerability = Vulnerability(constants.OPEN_FIREBASE, scan_info, 'Found open firebase %s' % (firebase_name)) slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL) vulnerability.id = mongo.add_vulnerability(vulnerability) redmine.create_new_issue(vulnerability)
def add_vuln_to_mongo(scan_info, scan_type, description, img_str=None): vuln_name = "" if scan_type == 'outdated_software': vuln_name = constants.OUTDATED_SOFTWARE_NMAP elif scan_type == 'http_passwd': vuln_name = constants.HTTP_PASSWD_NMAP elif scan_type == 'web_versions': vuln_name = constants.WEB_VERSIONS_NMAP elif scan_type == 'ftp_anonymous': vuln_name = constants.ANON_ACCESS_FTP elif scan_type == 'ssh_credentials': vuln_name = constants.DEFAULT_CREDS elif scan_type == "ftp_credentials": vuln_name = constants.CRED_ACCESS_FTP elif scan_type == "default_creds": vuln_name = constants.DEFAULT_CREDS vulnerability = Vulnerability(vuln_name, scan_info, description) if img_str: ROOT_DIR = os.path.dirname(os.path.abspath(__file__)) random_filename = uuid.uuid4().hex output_dir = ROOT_DIR + '/tools_output/' + random_filename + '.png' im = Image.open(BytesIO(base64.b64decode(img_str))) im.save(output_dir, 'PNG') vulnerability.add_attachment(output_dir, 'nmap-result.png') os.remove(output_dir) slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL) vulnerability.id = mongo.add_vulnerability(vulnerability) redmine.create_new_issue(vulnerability) return
def add_vulnerability_to_mongo(scan_info): vulnerability = Vulnerability(constants.HOST_HEADER_ATTACK, scan_info, "Host header attack possible") slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL) vulnerability.id = mongo.add_vulnerability(vulnerability) redmine.create_new_issue(vulnerability) return
def add_vulnerability(scan_info, vuln): specific_info = copy.deepcopy(scan_info) vulnerability = Vulnerability( constants.CORS, specific_info, 'Found CORS %s with origin %s' % (vuln['type'], vuln['origin'])) slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL) vulnerability.id = mongo.add_vulnerability(vulnerability) redmine.create_new_issue(vulnerability)
def add_vulnerability_to_mongo(scanned_url, finding_name, bucket_name, description, scan_info): vuln_name = constants.BUCKET vulnerability = Vulnerability(vuln_name, scan_info, description) slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL) vulnerability.id = mongo.add_vulnerability(vulnerability) redmine.create_new_issue(vulnerability) return
def add_vulnerability_to_mongo(scan_info, css_url, vuln_type): if vuln_type == 'Access': description = "Possible css injection found at %s. File could not be accessed" \ % (css_url) elif vuln_type == 'Status': description = "Possible css injection found at %s. File did not return 200" \ % (css_url) vulnerability = Vulnerability(constants.CSS_INJECTION, scan_info, description) slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL) vulnerability.id = mongo.add_vulnerability(vulnerability) redmine.create_new_issue(vulnerability)
def add_vulnerability(scan_info, message): vulnerability = Vulnerability(constants.UNSECURE_METHOD, scan_info, message) slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL) redmine.create_new_issue(vulnerability) mongo.add_vulnerability(vulnerability)
def add_header_missing_vulnerability(scan_info, img_string, description): vulnerability = Vulnerability(constants.HEADER_NOT_FOUND, scan_info, description) ROOT_DIR = os.path.dirname(os.path.abspath(__file__)) random_filename = uuid.uuid4().hex output_dir = ROOT_DIR + '/tools_output/' + random_filename + '.png' im = Image.open(BytesIO(base64.b64decode(img_string))) im.save(output_dir, 'PNG') vulnerability.add_attachment(output_dir, 'headers-result.png') slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL) vulnerability.id = mongo.add_vulnerability(vulnerability) redmine.create_new_issue(vulnerability) os.remove(output_dir)
def add_vulnerability(scan_info,json_data,header): #Save the list of urls scanned l = scan_info['target'] scan_id = str(json_data['info']['object_id']) for nessus_hosts in json_data['hosts']: #Get the vulnerabilities for the scanned host r = requests.get(scan_url+scan_id+'/hosts/'+str(nessus_hosts['host_id']),verify=verify,headers=header) for host_vuln in json.loads(r.text)['vulnerabilities']: #Only update the vulnerabilities with severity medium or more if host_vuln['severity'] >= nessus_info['WHITE_LIST_SEVERITY'] and host_vuln['plugin_name'] not in nessus_info['BLACK_LIST']: name = copy.deepcopy(constants.NESSUS_SCAN) name['english_name'] = name['english_name'] + host_vuln['plugin_name'] plug_id = str(host_vuln['plugin_id']) #Get full detail of the vulnerability r = requests.get(scan_url+scan_id+'/plugins/'+plug_id,verify=verify,headers=header) out_list = json.loads(r.text)['outputs'] extra = '' for out in out_list: extra = (out['plugin_output'] if out['plugin_output'] != None else '')+'\n' extra +=str(out['ports']) for url in l: if host_vuln['hostname'] in url: scan_info['target'] = url description = 'Nessus scan completed against %s' % scan_info['target'] +'\n' vulnerability = Vulnerability(name, scan_info, description+extra) slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL) redmine.create_new_issue(vulnerability) mongo.add_vulnerability(vulnerability)
def add_vulnerability(scan_info, scan_id, vulns): info = copy.deepcopy(scan_info) info['target'] = scan_id[1] default_dict = defaultdict(list) default_dict_extra = defaultdict(list) for vul in vulns: default_dict[vul['vt_name']].append(vul['affects_url']) default_dict_extra[vul['vt_name']].append(vul['request']) result = [{"title": k, "resourceAf": v} for k, v in default_dict.items()] result_extra = [{ "title": k, "request_info": v } for k, v in default_dict_extra.items()] for r, re in zip(result, result_extra): r['request_info'] = re['request_info'][0] for res in result: #Checking if is not a vulnerability already reported by other tool if res['title'] not in acunetix_info['BLACK_LIST']: affected_urls = ('\n'.join(res['resourceAf']) + '\n' + ''.join(res['request_info'])) name = copy.deepcopy(constants.ACUNETIX_SCAN) name['english_name'] = name['english_name'] + res['title'] description = 'Acunetix scan completed against %s' % info[ 'target'] + '\n Affecteds URLS>' vulnerability = Vulnerability(name, info, description + affected_urls) slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL) redmine.create_new_issue(vulnerability) mongo.add_vulnerability(vulnerability) return
def add_vulnerability(scan_info, data, message, cvssScore): vulnerability = Vulnerability(constants.UNSECURE_METHOD, scan_info, message) img_str = image_creator.create_image_from_string(data) vulnerability.add_image_string(img_str) ROOT_DIR = os.path.dirname(os.path.abspath(__file__)) output_dir = ROOT_DIR + '/tools_output/' + str(uuid.uuid4().hex) + '.png' im = Image.open(BytesIO(base64.b64decode(img_str))) im.save(output_dir, 'PNG') vulnerability.add_attachment(output_dir, 'NMAP-result.png') vulnerability.cvss = cvssScore slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL) vulnerability.id = mongo.add_vulnerability(vulnerability) redmine.create_new_issue(vulnerability) with suppress(Exception): os.remove(output_dir)
def add_vuln_to_mongo(scan_info, scan_type, description, img_str): vuln_name = "" if scan_type == 'plaintext_services': vuln_name = constants.PLAINTEXT_COMUNICATION else: vuln_name = constants.UNNECESSARY_SERVICES vulnerability = Vulnerability(vuln_name, scan_info, description) vulnerability.add_image_string(img_str) ROOT_DIR = os.path.dirname(os.path.abspath(__file__)) random_filename = uuid.uuid4().hex output_dir = ROOT_DIR+'/tools_output/' + random_filename + '.png' im = Image.open(BytesIO(base64.b64decode(img_str))) im.save(output_dir, 'PNG') vulnerability.add_attachment(output_dir, 'nmap-result.png') slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL) redmine.create_new_issue(vulnerability) mongo.add_vulnerability(vulnerability) os.remove(output_dir) return
def add_libraries_vulnerability(scan_info, message): vulnerability = Vulnerability(constants.OUTDATED_3RD_LIBRARIES, scan_info, message) slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL) vulnerability.id = mongo.add_vulnerability(vulnerability) redmine.create_new_issue(vulnerability)
def add_vulnerability(scan_info, file_string, file_dir, file_name): my_dict = xmltodict.parse(file_string) json_data = json.dumps(my_dict) json_data = json.loads(json_data) description = 'Burp scan completed against %s' % scan_info['target'] +'\n' if isinstance(json_data['issues']['issue'], list): try: for issue in json_data['issues']['issue']: if issue['name'] not in BURP_BLACKLIST: name = copy.deepcopy(constants.BURP_SCAN) name['english_name'] = name['english_name'] + issue['name'] extra='Burp Request: \n'+base64.b64decode(issue['requestresponse']['request']['#text']).decode("utf-8") extra+='Burp Response: \n'+base64.b64decode(issue['requestresponse']['response']['#text']).decode("utf-8") vulnerability = Vulnerability(name, scan_info, description+extra) vulnerability.add_file_string(file_string) vulnerability.add_attachment(file_dir, file_name) slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL) vulnerability.id = mongo.add_vulnerability(vulnerability) redmine.create_new_issue(vulnerability) except KeyError: print('Key error at burp add vulnerability') return else: issue = json_data['issues'] if issue['name'] not in BURP_BLACKLIST: name = copy.deepcopy(constants.BURP_SCAN) name['english_name'] = name['english_name'] + issue['name'] extra='Burp Request: \n'+base64.b64decode(issue['requestresponse']['request']['#text']).decode("utf-8") extra+='Burp Response: \n'+base64.b64decode(issue['requestresponse']['response']['#text']).decode("utf-8") vulnerability = Vulnerability(name, scan_info, description+extra) vulnerability.add_file_string(file_string) vulnerability.add_attachment(file_dir, file_name) slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL) vulnerability.id = mongo.add_vulnerability(vulnerability) redmine.create_new_issue(vulnerability)
def add_vulnerability(scan_info, affected_resource, description): vulnerability = Vulnerability(constants.ENDPOINT, scan_info, description) slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL) redmine.create_new_issue(vulnerability) mongo.add_vulnerability(vulnerability)
def add_token_found_vuln(scan_info, message): vulnerability = Vulnerability(constants.TOKEN_SENSITIVE_INFO, scan_info, message) slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL) vulnerability.id = mongo.add_vulnerability(vulnerability) redmine.create_new_issue(vulnerability)