def openvas_setting(request):
"""
Calling OpenVAS setting page.
:param request:
:return:
"""
print load_settings
load_openvas_setting = load_settings.ArcherySettings(api_data)
openvas_host = load_openvas_setting.openvas_host()
openvas_port = load_openvas_setting.openvas_port()
openvas_enabled = load_openvas_setting.openvas_enabled()
if openvas_enabled:
openvas_enabled = 'True'
else:
openvas_enabled = 'False'
openvas_user = load_openvas_setting.openvas_username()
openvas_password = load_openvas_setting.openvas_pass()
return render(
request, 'setting_form.html', {
'openvas_host': openvas_host,
'openvas_port': openvas_port,
'openvas_enabled': openvas_enabled,
'openvas_user': openvas_user,
'openvas_password': openvas_password
})
def scan_launch(self):
"""
The function trigger the scans.
"""
settings = load_settings.ArcherySettings()
burp_host = settings.burp_host()
burp_port = settings.burp_port()
print burp_host
global vuln_id, burp_status
# try:
# with open(setting_file, 'r+') as f:
# data = json.load(f)
# burp_path = data['burp_path']
# burp_port = data['burp_port']
# except Exception as e:
# print e
print self.project_id
print self.scan_url
time.sleep(15)
host = 'http://' + burp_host + ':' + burp_port
bi = burpscanner.BurpApi(host)
bi.burp_scope_add(self.scan_url)
bi.burp_spider(self.scan_url)
time.sleep(15)
bi.burp_active_scan(self.scan_url)
print "Project_id", self.project_id
while (int(burp_status) < 100):
scan_status = bi.burp_scan_status()
dat_status = scan_status.data
for key, item in dat_status.iteritems():
burp_status = item
print "Burp Scan Status :", burp_status
burp_scan_db.objects.filter(scan_id=self.scan_id).update(
scan_status=burp_status)
time.sleep(5)
burp_status = "100"
# if burp_status == '100':
# burp_status = "0"
# else:
# print "Scan Continue..."
print "Result Extracting........"
time.sleep(10)
print "Result Extracted........"
scan_result = bi.scan_report(self.scan_url, 'XML')
result_xml = scan_result.data
xml_data = ET.fromstring(result_xml)
do_scan_dat = burp_scans(self.project_id, self.scan_url, self.scan_id)
do_scan_dat.burp_scan_data(xml_data)
def get(self, request):
load_nv_setting = load_settings.ArcherySettings(api_data, )
nv_enabled = str(load_nv_setting.nv_enabled())
nv_online = str(load_nv_setting.nv_enabled())
nv_version = str(load_nv_setting.nv_enabled())
nv_timing = load_nv_setting.nv_timing()
return render(
request,
"networkscanners/nv_settings.html",
{
"nv_enabled": nv_enabled,
"nv_online": nv_online,
"nv_version": nv_version,
"nv_timing": nv_timing,
},
)
def nv_setting(request):
"""
Calling NMAP Vulners setting page.
:param request:
:return:
"""
load_nv_setting = load_settings.ArcherySettings(api_data)
nv_enabled = str(load_nv_setting.nv_enabled())
nv_online = str(load_nv_setting.nv_enabled())
nv_version = str(load_nv_setting.nv_enabled())
nv_timing = load_nv_setting.nv_timing()
return render(
request, 'nv_settings.html', {
'nv_enabled': nv_enabled,
'nv_online': nv_online,
'nv_version': nv_version,
'nv_timing': nv_timing,
})
def setting(request):
"""
The function calling setting page.
:param request:
:return:
"""
# Loading settings
settings = load_settings.ArcherySettings(setting_file)
# Loading OpenVAS Settings
ov_user = settings.openvas_username()
ov_pass = settings.openvas_pass()
ov_ip = settings.openvas_host()
lod_ov_user = signing.loads(ov_user)
lod_ov_pass = signing.loads(ov_pass)
lod_ov_ip = signing.loads(ov_ip)
# Loading ZAP Settings
lod_apikey = settings.zap_api_key()
zap_host = settings.zap_host()
zap_port = settings.zap_port()
# Loading Burp Settings
burp_host = settings.burp_host()
burp_port = settings.burp_port()
# Loading Email Settings
email_subject = settings.email_subject()
email_from = settings.email_from()
to_email = settings.email_to()
return render(request, 'setting.html',
{'apikey': lod_apikey,
'zapath': zap_host,
'zap_port': zap_port,
'lod_ov_user': lod_ov_user,
'lod_ov_pass': lod_ov_pass,
'lod_ov_ip': lod_ov_ip,
'burp_path': burp_host,
'burp_port': burp_port,
'email_subject': email_subject,
'email_from': email_from,
'to_email': to_email})
def get(self, request):
load_openvas_setting = load_settings.ArcherySettings(api_data, )
openvas_host = load_openvas_setting.openvas_host()
openvas_port = load_openvas_setting.openvas_port()
openvas_enabled = load_openvas_setting.openvas_enabled()
if openvas_enabled:
openvas_enabled = "True"
else:
openvas_enabled = "False"
openvas_user = load_openvas_setting.openvas_username()
openvas_password = load_openvas_setting.openvas_pass()
return render(
request,
"networkscanners/setting_form.html",
{
"openvas_host": openvas_host,
"openvas_port": openvas_port,
"openvas_enabled": openvas_enabled,
"openvas_user": openvas_user,
"openvas_password": openvas_password,
},
)
def setting(request):
"""
The function calling setting page.
:param request:
:return:
"""
all_notify = Notification.objects.unread()
jira_url = None
j_username = None
password = None
# Loading settings
username = request.user.username
settings = load_settings.ArcherySettings(setting_file, username=username)
lod_ov_user = settings.openvas_username()
lod_ov_pass = settings.openvas_pass()
lod_ov_host = settings.openvas_host()
lod_ov_port = settings.openvas_port()
lod_ov_enabled = settings.openvas_enabled()
# Loading ZAP Settings
zap_api_key = ''
zap_hosts = ''
zap_ports = ''
zap_enable = False
all_zap = zap_settings_db.objects.filter(username=username)
for zap in all_zap:
zap_api_key = zap.zap_api
zap_hosts = zap.zap_url
zap_ports = zap.zap_port
zap_enable = zap.enabled
lod_apikey = zap_api_key
zap_host = zap_hosts
zap_port = zap_ports
# Loading Arachni Settings
arachni_hosts = ''
arachni_ports = ''
all_arachni = arachni_settings_db.objects.filter(username=username)
for arachni in all_arachni:
arachni_hosts = arachni.arachni_url
arachni_ports = arachni.arachni_port
arachni_hosts = arachni_hosts
arachni_ports = arachni_ports
# Loading NMAP Vulners Settings
nv_enabled = False
nv_online = False
nv_version = False
nv_timing = 0
all_nv = nmap_vulners_setting_db.objects.filter(username=username)
for nv in all_nv:
nv_enabled = bool(nv.enabled)
nv_online = bool(nv.online)
nv_version = bool(nv.version)
nv_timing = int(nv.timing)
# Loading Burp Settings
burp_host = settings.burp_host()
burp_port = settings.burp_port()
burp_api_key = settings.burp_api_key()
# Loading Email Settings
all_email = email_db.objects.filter(username=username)
# Load JIRA Setting
jira_setting = jirasetting.objects.filter(username=username)
for jira in jira_setting:
jira_url = jira.jira_server
j_username = jira.jira_username
password = jira.jira_password
jira_server = jira_url
if j_username is None:
jira_username = None
else:
jira_username = signing.loads(j_username)
if password is None:
jira_password = None
else:
jira_password = signing.loads(password)
username = request.user.username
zap_enabled = False
random_port = '8091'
target_url = 'https://archerysec.com'
zap_info = ''
burp_info = ''
openvas_info = ''
arachni_info = ''
jira_info = ''
if request.method == 'POST':
setting_of = request.POST.get('setting_of')
if setting_of == 'zap':
all_zap = zap_settings_db.objects.filter(username=username)
for zap in all_zap:
zap_enabled = zap.enabled
if zap_enabled is False:
zap_info = 'Disabled'
try:
random_port = zap_plugin.zap_local()
except:
return render(request, 'setting.html',
{'zap_info': zap_info})
for i in range(0, 100):
while True:
try:
# Connection Test
zap_connect = zap_plugin.zap_connect(
random_port, username=username)
zap_connect.spider.scan(url=target_url)
except Exception as e:
print(
"ZAP Connection Not Found, re-try after 5 sec")
time.sleep(5)
continue
break
else:
try:
zap_connect = zap_plugin.zap_connect(random_port,
username=username)
zap_connect.spider.scan(url=target_url)
zap_info = True
except:
zap_info = False
if setting_of == 'burp':
host = 'http://' + burp_host + ':' + burp_port + '/'
bi = burpscanner.BurpApi(host, burp_api_key)
issue_list = bi.issue_definitions()
if issue_list.data is None:
burp_info = False
else:
burp_info = True
if setting_of == 'openvas':
sel_profile = ''
openvas = OpenVAS_Plugin(scan_ip,
project_id,
sel_profile,
username=username)
try:
openvas.connect()
openvas_info = True
except:
openvas_info = False
if setting_of == 'arachni':
global scan_run_id, scan_status
arachni_hosts = None
arachni_ports = None
all_arachni = arachni_settings_db.objects.filter(username=username)
for arachni in all_arachni:
arachni_hosts = arachni.arachni_url
arachni_ports = arachni.arachni_port
arachni = PyArachniapi.arachniAPI(arachni_hosts, arachni_ports)
check = []
data = {
"url": 'https://archerysec.com',
"checks": check,
"audit": {}
}
d = json.dumps(data)
scan_launch = arachni.scan_launch(d)
time.sleep(3)
try:
scan_data = scan_launch.data
for key, value in scan_data.items():
if key == 'id':
scan_run_id = value
arachni_info = True
except Exception:
arachni_info = False
if setting_of == 'jira':
global jira_projects, jira_ser
jira_setting = jirasetting.objects.filter(username=username)
for jira in jira_setting:
jira_url = jira.jira_server
username = jira.jira_username
password = jira.jira_password
jira_server = jira_url
jira_username = signing.loads(username)
jira_password = signing.loads(password)
options = {'server': jira_server}
try:
jira_ser = JIRA(options,
basic_auth=(jira_username, jira_password),
timeout=5)
jira_projects = jira_ser.projects()
print(len(jira_projects))
jira_info = True
except Exception as e:
print(e)
jira_info = False
return render(
request, 'setting.html', {
'apikey': lod_apikey,
'zapath': zap_host,
'zap_port': zap_port,
'zap_enable': zap_enable,
'arachni_hosts': arachni_hosts,
'arachni_ports': arachni_ports,
'lod_ov_user': lod_ov_user,
'lod_ov_pass': lod_ov_pass,
'lod_ov_host': lod_ov_host,
'lod_ov_enabled': lod_ov_enabled,
'lod_ov_port': lod_ov_port,
'burp_path': burp_host,
'burp_port': burp_port,
'burp_api_key': burp_api_key,
'all_email': all_email,
'jira_server': jira_server,
'jira_username': jira_username,
'jira_password': jira_password,
'nv_enabled': nv_enabled,
'nv_version': nv_version,
'nv_online': nv_online,
'nv_timing': nv_timing,
'message': all_notify,
'zap_info': zap_info,
'burp_info': burp_info,
'openvas_info': openvas_info,
'arachni_info': arachni_info,
'jira_info': jira_info
})
def setting(request):
"""
The function calling setting page.
:param request:
:return:
"""
all_notify = Notification.objects.unread()
jira_url = None
j_username = None
password = None
# Loading settings
username = request.user.username
settings = load_settings.ArcherySettings(setting_file, username=username)
lod_ov_user = settings.openvas_username()
lod_ov_pass = settings.openvas_pass()
lod_ov_host = settings.openvas_host()
lod_ov_port = settings.openvas_port()
lod_ov_enabled = settings.openvas_enabled()
# Loading ZAP Settings
zap_api_key = ''
zap_hosts = ''
zap_ports = ''
zap_enable = False
all_zap = zap_settings_db.objects.filter(username=username)
for zap in all_zap:
zap_api_key = zap.zap_api
zap_hosts = zap.zap_url
zap_ports = zap.zap_port
zap_enable = zap.enabled
lod_apikey = zap_api_key
zap_host = zap_hosts
zap_port = zap_ports
# Loading Arachni Settings
arachni_hosts = ''
arachni_ports = ''
all_arachni = arachni_settings_db.objects.filter(username=username)
for arachni in all_arachni:
arachni_hosts = arachni.arachni_url
arachni_ports = arachni.arachni_port
arachni_hosts = arachni_hosts
arachni_ports = arachni_ports
# Loading NMAP Vulners Settings
nv_enabled = False
nv_online = False
nv_version = False
nv_timing = 0
all_nv = nmap_vulners_setting_db.objects.filter(username=username)
for nv in all_nv:
nv_enabled = bool(nv.enabled)
nv_online = bool(nv.online)
nv_version = bool(nv.version)
nv_timing = int(nv.timing)
# Loading Burp Settings
burp_host = settings.burp_host()
burp_port = settings.burp_port()
burp_api_key = settings.burp_api_key()
# Loading Email Settings
all_email = email_db.objects.filter(username=username)
# Load JIRA Setting
jira_setting = jirasetting.objects.filter(username=username)
for jira in jira_setting:
jira_url = jira.jira_server
j_username = jira.jira_username
password = jira.jira_password
jira_server = jira_url
if j_username is None:
jira_username = None
else:
jira_username = signing.loads(j_username)
if password is None:
jira_password = None
else:
jira_password = signing.loads(password)
return render(
request, 'setting.html', {
'apikey': lod_apikey,
'zapath': zap_host,
'zap_port': zap_port,
'zap_enable': zap_enable,
'arachni_hosts': arachni_hosts,
'arachni_ports': arachni_ports,
'lod_ov_user': lod_ov_user,
'lod_ov_pass': lod_ov_pass,
'lod_ov_host': lod_ov_host,
'lod_ov_enabled': lod_ov_enabled,
'lod_ov_port': lod_ov_port,
'burp_path': burp_host,
'burp_port': burp_port,
'burp_api_key': burp_api_key,
'all_email': all_email,
'jira_server': jira_server,
'jira_username': jira_username,
'jira_password': jira_password,
'nv_enabled': nv_enabled,
'nv_version': nv_version,
'nv_online': nv_online,
'nv_timing': nv_timing,
'message': all_notify,
})
import uuid
import json
import ast
# ZAP Database import
from webscanners.models import zap_scan_results_db,\
zap_scans_db,\
zap_spider_db,\
cookie_db,\
excluded_db
from archerysettings import load_settings
# Global Variables
setting_file = os.getcwd() + '/apidata.json'
zap_setting = load_settings.ArcherySettings(setting_file)
zap_api_key = zap_setting.zap_api_key()
zap_hosts = zap_setting.zap_host()
zap_ports = zap_setting.zap_port()
def zap_connect():
zap = ZAPv2(apikey=zap_api_key,
proxies={
'http': zap_hosts + ':' + zap_ports,
'https': zap_hosts + ':' + zap_ports})
return zap
class ZAPScanner:
"""
def setting(request):
"""
The function calling setting page.
:param request:
:return:
"""
jira_url = None
username = None
password = None
# Loading settings
settings = load_settings.ArcherySettings(setting_file)
lod_ov_user = settings.openvas_username()
lod_ov_pass = settings.openvas_pass()
lod_ov_host = settings.openvas_host()
lod_ov_port = settings.openvas_port()
lod_ov_enabled = settings.openvas_enabled()
# Loading ZAP Settings
zap_api_key = ''
zap_hosts = ''
zap_ports = ''
all_zap = zap_settings_db.objects.all()
for zap in all_zap:
zap_api_key = zap.zap_api
zap_hosts = zap.zap_url
zap_ports = zap.zap_port
lod_apikey = zap_api_key
zap_host = zap_hosts
zap_port = zap_ports
# Loading Arachni Settings
arachni_hosts = ''
arachni_ports = ''
all_arachni = arachni_settings_db.objects.all()
for arachni in all_arachni:
arachni_hosts = arachni.arachni_url
arachni_ports = arachni.arachni_port
arachni_hosts = arachni_hosts
arachni_ports = arachni_ports
# Loading NMAP Vulners Settings
nv_enabled = False
nv_online = False
nv_version = False
nv_timing = 0
all_nv = nmap_vulners_setting_db.objects.all()
for nv in all_nv:
nv_enabled = bool(nv.enabled)
nv_online = bool(nv.online)
nv_version = bool(nv.version)
nv_timing = int(nv.timing)
# Loading Burp Settings
burp_host = settings.burp_host()
burp_port = settings.burp_port()
# Loading Email Settings
email_subject = settings.email_subject()
email_from = settings.email_from()
to_email = settings.email_to()
# Load JIRA Setting
jira_setting = jirasetting.objects.all()
for jira in jira_setting:
jira_url = jira.jira_server
username = jira.jira_username
password = jira.jira_password
jira_server = jira_url
if username is None:
jira_username = None
else:
jira_username = signing.loads(username)
if password is None:
jira_password = None
else:
jira_password = signing.loads(password)
return render(
request, 'setting.html', {
'apikey': lod_apikey,
'zapath': zap_host,
'zap_port': zap_port,
'arachni_hosts': arachni_hosts,
'arachni_ports': arachni_ports,
'lod_ov_user': lod_ov_user,
'lod_ov_pass': lod_ov_pass,
'lod_ov_host': lod_ov_host,
'lod_ov_enabled': lod_ov_enabled,
'lod_ov_port': lod_ov_port,
'burp_path': burp_host,
'burp_port': burp_port,
'email_subject': email_subject,
'email_from': email_from,
'to_email': to_email,
'jira_server': jira_server,
'jira_username': jira_username,
'jira_password': jira_password,
'nv_enabled': nv_enabled,
'nv_version': nv_version,
'nv_online': nv_online,
'nv_timing': nv_timing,
})
from openvas_lib import VulnscanManager, VulnscanException
from networkscanners.models import scan_save_db, ov_scan_result_db
from django.utils import timezone
from archerysettings import load_settings
from django.core import signing
import time
import os
import uuid
openvas_data = os.getcwd() + '/' + 'apidata.json'
openvas_setting = load_settings.ArcherySettings(openvas_data)
class OpenVAS_Plugin:
"""
OpenVAS plugin Class
"""
def __init__(self, scan_ip, project_id, sel_profile):
"""
:param scan_ip:
:param project_id:
:param sel_profile:
"""
self.scan_ip = scan_ip
self.project_id = project_id
self.sel_profile = sel_profile
def connect(self):
"""
