示例#1
0
def add_vuln_to_mongo(scan_info, scan_type, description, img_str=None):
    vuln_name = ""
    if scan_type == 'outdated_software':
        vuln_name = constants.OUTDATED_SOFTWARE_NMAP
    elif scan_type == 'http_passwd':
        vuln_name = constants.HTTP_PASSWD_NMAP
    elif scan_type == 'web_versions':
        vuln_name = constants.WEB_VERSIONS_NMAP
    elif scan_type == 'ftp_anonymous':
        vuln_name = constants.ANON_ACCESS_FTP
    elif scan_type == 'ssh_credentials':
        vuln_name = constants.DEFAULT_CREDS
    elif scan_type == "ftp_credentials":
        vuln_name = constants.CRED_ACCESS_FTP
    elif scan_type == "default_creds":
        vuln_name = constants.DEFAULT_CREDS

    vulnerability = Vulnerability(vuln_name, scan_info, description)

    if img_str:
        ROOT_DIR = os.path.dirname(os.path.abspath(__file__))
        random_filename = uuid.uuid4().hex
        output_dir = ROOT_DIR + '/tools_output/' + random_filename + '.png'
        im = Image.open(BytesIO(base64.b64decode(img_str)))
        im.save(output_dir, 'PNG')
        vulnerability.add_attachment(output_dir, 'nmap-result.png')
        os.remove(output_dir)

    slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL)
    vulnerability.id = mongo.add_vulnerability(vulnerability)
    redmine.create_new_issue(vulnerability)
    return
示例#2
0
def scan_target(scan_info, url_to_scan):
    resp = get_response(url_to_scan)
    if resp is None:
        return
    try:
        if 'IIS' in resp.headers['Server']:
            ROOT_DIR = os.path.dirname(os.path.abspath(__file__))
            TOOL_DIR = ROOT_DIR + '/tools/IIS-ShortName-Scanner/iis_shortname_scanner.jar'
            CONFIG_DIR = ROOT_DIR + '/tools/IIS-ShortName-Scanner/config.xml'
            iis_process = subprocess.run(
                ['java', '-jar', TOOL_DIR, '0', '10', url_to_scan, CONFIG_DIR],
                capture_output=True)
            message = iis_process.stdout.decode()
            if "NOT VULNERABLE" not in message:
                img_str = image_creator.create_image_from_string(message)
                random_filename = uuid.uuid4().hex
                output_dir = ROOT_DIR + '/tools_output/' + random_filename + '.png'
                im = Image.open(BytesIO(base64.b64decode(img_str)))
                im.save(output_dir, 'PNG')

                vulnerability = Vulnerability(
                    constants.IIS_SHORTNAME_MICROSOFT, scan_info,
                    "IIS Microsoft files and directories enumeration found")

                vulnerability.add_attachment(output_dir, 'IIS-Result.png')
                slack.send_vuln_to_channel(vulnerability,
                                           SLACK_NOTIFICATION_CHANNEL)
                vulnerability.id = mongo.add_vulnerability(vulnerability)
                redmine.create_new_issue(vulnerability)
                os.remove(output_dir)
    except KeyError:
        pass
    except Exception:
        pass
    return
示例#3
0
def add_vulnerability(scan_info,json_data,header):
    #Save the list of urls scanned  
    l = scan_info['target']
    scan_id = str(json_data['info']['object_id'])
    for nessus_hosts in json_data['hosts']:
        #Get the vulnerabilities for the scanned host
        r = requests.get(scan_url+scan_id+'/hosts/'+str(nessus_hosts['host_id']),verify=verify,headers=header) 
        for host_vuln in json.loads(r.text)['vulnerabilities']:
            #Only update the vulnerabilities with severity medium or more
            if host_vuln['severity'] >= nessus_info['WHITE_LIST_SEVERITY'] and host_vuln['plugin_name'] not in nessus_info['BLACK_LIST']:
                name = copy.deepcopy(constants.NESSUS_SCAN)
                name['english_name'] = name['english_name'] + host_vuln['plugin_name']
                plug_id = str(host_vuln['plugin_id'])
                #Get full detail of the vulnerability
                r = requests.get(scan_url+scan_id+'/plugins/'+plug_id,verify=verify,headers=header)
                out_list = json.loads(r.text)['outputs']
                extra = ''
                for out in out_list:
                    extra = (out['plugin_output'] if out['plugin_output'] != None else '')+'\n'
                    extra +=str(out['ports'])
                for url in l:
                    if host_vuln['hostname'] in url:
                        scan_info['target'] = url
                description = 'Nessus scan completed against %s' % scan_info['target'] +'\n'
                vulnerability = Vulnerability(name, scan_info, description+extra)
                slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL)
                redmine.create_new_issue(vulnerability)
                mongo.add_vulnerability(vulnerability)
示例#4
0
def add_vulnerability(scan_info, scan_id, vulns):
    info = copy.deepcopy(scan_info)
    info['target'] = scan_id[1]
    default_dict = defaultdict(list)
    default_dict_extra = defaultdict(list)
    for vul in vulns:
        default_dict[vul['vt_name']].append(vul['affects_url'])
        default_dict_extra[vul['vt_name']].append(vul['request'])
    result = [{"title": k, "resourceAf": v} for k, v in default_dict.items()]
    result_extra = [{
        "title": k,
        "request_info": v
    } for k, v in default_dict_extra.items()]
    for r, re in zip(result, result_extra):
        r['request_info'] = re['request_info'][0]
    for res in result:
        #Checking if is not a vulnerability already reported by other tool
        if res['title'] not in acunetix_info['BLACK_LIST']:
            affected_urls = ('\n'.join(res['resourceAf']) + '\n' +
                             ''.join(res['request_info']))
            name = copy.deepcopy(constants.ACUNETIX_SCAN)
            name['english_name'] = name['english_name'] + res['title']
            description = 'Acunetix scan completed against %s' % info[
                'target'] + '\n Affecteds URLS>'
            vulnerability = Vulnerability(name, info,
                                          description + affected_urls)
            slack.send_vuln_to_channel(vulnerability,
                                       SLACK_NOTIFICATION_CHANNEL)
            redmine.create_new_issue(vulnerability)
            mongo.add_vulnerability(vulnerability)
    return
示例#5
0
def add_vulnerability(scan_info, file_string, file_dir, file_name):
    my_dict = xmltodict.parse(file_string)
    json_data = json.dumps(my_dict)
    json_data = json.loads(json_data)
    description = 'Burp scan completed against %s' % scan_info['target'] +'\n'
    if isinstance(json_data['issues']['issue'], list):
        try:
            for issue in json_data['issues']['issue']:
                if issue['name'] not in BURP_BLACKLIST:
                    name = copy.deepcopy(constants.BURP_SCAN)
                    name['english_name'] = name['english_name'] + issue['name']
                    extra='Burp Request: \n'+base64.b64decode(issue['requestresponse']['request']['#text']).decode("utf-8")
                    extra+='Burp Response: \n'+base64.b64decode(issue['requestresponse']['response']['#text']).decode("utf-8")
                    vulnerability = Vulnerability(name, scan_info, description+extra)
                    vulnerability.add_file_string(file_string)
                    vulnerability.add_attachment(file_dir, file_name)
                    slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL)
                    vulnerability.id = mongo.add_vulnerability(vulnerability)
                    redmine.create_new_issue(vulnerability)
        except KeyError:
            print('Key error at burp add vulnerability')
            return
    else:
        issue = json_data['issues']
        if issue['name'] not in BURP_BLACKLIST:
                name = copy.deepcopy(constants.BURP_SCAN)
                name['english_name'] = name['english_name'] + issue['name']
                extra='Burp Request: \n'+base64.b64decode(issue['requestresponse']['request']['#text']).decode("utf-8")
                extra+='Burp Response: \n'+base64.b64decode(issue['requestresponse']['response']['#text']).decode("utf-8")
                vulnerability = Vulnerability(name, scan_info, description+extra)
                vulnerability.add_file_string(file_string)
                vulnerability.add_attachment(file_dir, file_name)
                slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL)
                vulnerability.id = mongo.add_vulnerability(vulnerability)
                redmine.create_new_issue(vulnerability)
示例#6
0
def add_vulnerability(scan_info, message):
    vulnerability = Vulnerability(constants.UNSECURE_METHOD, scan_info,
                                  message)

    slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL)
    redmine.create_new_issue(vulnerability)
    mongo.add_vulnerability(vulnerability)
示例#7
0
def add_vulnerability(scan_info, firebase_name):
    vulnerability = Vulnerability(constants.OPEN_FIREBASE, scan_info,
                                  'Found open firebase %s' % (firebase_name))

    slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL)
    redmine.create_new_issue(vulnerability)
    mongo.add_vulnerability(vulnerability)
示例#8
0
def add_vulnerability_to_mongo(scan_info):
    vulnerability = Vulnerability(constants.HOST_HEADER_ATTACK, scan_info,
                                  "Host header attack possible")

    slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL)
    vulnerability.id = mongo.add_vulnerability(vulnerability)
    redmine.create_new_issue(vulnerability)
    return
示例#9
0
def add_vulnerability_to_mongo(scanned_url, finding_name, bucket_name,
                               description, scan_info):
    vuln_name = constants.BUCKET
    vulnerability = Vulnerability(vuln_name, scan_info, description)
    slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL)
    redmine.create_new_issue(vulnerability)
    mongo.add_vulnerability(vulnerability)
    return
示例#10
0
def add_vulnerability(scan_info, vuln):
    specific_info = copy.deepcopy(scan_info)
    vulnerability = Vulnerability(
        constants.CORS, specific_info,
        'Found CORS %s with origin %s' % (vuln['type'], vuln['origin']))
    slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL)
    vulnerability.id = mongo.add_vulnerability(vulnerability)
    redmine.create_new_issue(vulnerability)
示例#11
0
def add_vulnerability_to_mongo(scan_info, css_url, vuln_type):
    if vuln_type == 'Access':
        description = "Possible css injection found at %s. File could not be accessed" \
                      % (css_url)
    elif vuln_type == 'Status':
        description = "Possible css injection found at %s. File did not return 200" \
                      % (css_url)

    vulnerability = Vulnerability(constants.CSS_INJECTION, scan_info,
                                  description)
    slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL)
    vulnerability.id = mongo.add_vulnerability(vulnerability)
    redmine.create_new_issue(vulnerability)
示例#12
0
def add_header_missing_vulnerability(scan_info, img_string, description):
    vulnerability = Vulnerability(constants.HEADER_NOT_FOUND, scan_info,
                                  description)

    ROOT_DIR = os.path.dirname(os.path.abspath(__file__))
    random_filename = uuid.uuid4().hex
    output_dir = ROOT_DIR + '/tools_output/' + random_filename + '.png'
    im = Image.open(BytesIO(base64.b64decode(img_string)))
    im.save(output_dir, 'PNG')

    vulnerability.add_attachment(output_dir, 'headers-result.png')

    slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL)
    vulnerability.id = mongo.add_vulnerability(vulnerability)
    redmine.create_new_issue(vulnerability)
    os.remove(output_dir)
示例#13
0
def add_vulnerability(scan_info, data, message, cvssScore):
    vulnerability = Vulnerability(constants.UNSECURE_METHOD, scan_info,
                                  message)

    img_str = image_creator.create_image_from_string(data)
    vulnerability.add_image_string(img_str)
    ROOT_DIR = os.path.dirname(os.path.abspath(__file__))
    output_dir = ROOT_DIR + '/tools_output/' + str(uuid.uuid4().hex) + '.png'
    im = Image.open(BytesIO(base64.b64decode(img_str)))
    im.save(output_dir, 'PNG')
    vulnerability.add_attachment(output_dir, 'NMAP-result.png')

    vulnerability.cvss = cvssScore

    slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL)
    vulnerability.id = mongo.add_vulnerability(vulnerability)
    redmine.create_new_issue(vulnerability)
    with suppress(Exception):
        os.remove(output_dir)
示例#14
0
def add_vuln_to_mongo(scan_info, scan_type, description, img_str):
    vuln_name = ""
    if scan_type == 'plaintext_services':
        vuln_name = constants.PLAINTEXT_COMUNICATION
    else:
        vuln_name = constants.UNNECESSARY_SERVICES

    vulnerability = Vulnerability(vuln_name, scan_info, description)
    vulnerability.add_image_string(img_str)

    ROOT_DIR = os.path.dirname(os.path.abspath(__file__))
    random_filename = uuid.uuid4().hex
    output_dir = ROOT_DIR+'/tools_output/' + random_filename + '.png'
    im = Image.open(BytesIO(base64.b64decode(img_str)))
    im.save(output_dir, 'PNG')
    vulnerability.add_attachment(output_dir, 'nmap-result.png')
    slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL)
    redmine.create_new_issue(vulnerability)
    mongo.add_vulnerability(vulnerability)
    os.remove(output_dir)
    return
示例#15
0
def http_errors(target_name, url_to_scan, language):
    ROOT_DIR = os.path.dirname(os.path.abspath(__file__))
    end_name = '.htttp.errors'
    random_filename = uuid.uuid4().hex
    output_dir = ROOT_DIR + '/tools_output/' + random_filename + end_name
    port_list = '-p 80,81,443,591,2082,2087,2095,2096,3000,8000,8001,8008,8080,8083,8443,8834,8888 '
    cleanup(output_dir)
    http_subprocess = subprocess.run([
        'nmap', '-Pn', '-sV', port_list, '-vvv', '--script', ' http-errors ',
        '-oA', output_dir, url_to_scan
    ],
                                     capture_output=True)
    with open(output_dir + '.xml') as xml_file:
        my_dict = xmltodict.parse(xml_file.read())
    xml_file.close()
    json_data = json.dumps(my_dict)
    json_data = json.loads(json_data)
    ports = json_data['nmaprun']['host']['ports']['port']
    message = ""
    for p in ports:
        pid = p['@portid']
        if p['state']['@state'] == 'open':
            if type(p['script']) == 'dict':
                o = p['script']['@output']
                if "Error Code:" in o:
                    message += o
            else:
                for o in p['script']:
                    try:
                        if "Error Code:" in o['@output']:
                            message += o['@output']
                    except TypeError:
                        pass
    cleanup(output_dir)
    if message:
        vuln_name = constants.POSSIBLE_ERROR_PAGES_ENGLISH if language == "eng" else constants.POSSIBLE_ERROR_PAGES_SPANISH
        redmine.create_new_issue(vuln_name, message)
    return
示例#16
0
def add_vulnerability(scan_info, affected_resource, description):
    vulnerability = Vulnerability(constants.ENDPOINT, scan_info, description)

    slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL)
    redmine.create_new_issue(vulnerability)
    mongo.add_vulnerability(vulnerability)
示例#17
0
def add_libraries_vulnerability(scan_info, message):
    vulnerability = Vulnerability(constants.OUTDATED_3RD_LIBRARIES, scan_info,
                                  message)
    slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL)
    vulnerability.id = mongo.add_vulnerability(vulnerability)
    redmine.create_new_issue(vulnerability)
示例#18
0
def add_token_found_vuln(scan_info, message):
    vulnerability = Vulnerability(constants.TOKEN_SENSITIVE_INFO, scan_info, message)

    slack.send_vuln_to_channel(vulnerability, SLACK_NOTIFICATION_CHANNEL)
    vulnerability.id = mongo.add_vulnerability(vulnerability)
    redmine.create_new_issue(vulnerability)