def lambda_handler(event, context): print(event) try: projects = database.getProjects() return response_formatter.formatSuccessfulResponse(projects) except Exception as e: error_handler.handleError(e)
def lambda_handler(event, context): print(event) try: projectId = event['pathParameters']['projectId'] project = database.getProject(projectId) return response_formatter.formatSuccessfulResponse(project) except Exception as e: error_handler.handleError(e)
def lambda_handler(event, context): print(event) try: projectName = json.loads(event['body'])['projectName'] result = database.createProject(projectName) return response_formatter.formatSuccessfulResponse(result) except Exception as e: error_handler.handleError(e)
def lambda_handler(event, context): print(event) try: scanId = event['pathParameters']['scanId'] targets = database.getScanTargets(scanId) return response_formatter.formatSuccessfulResponse(targets) except Exception as e: error_handler.handleError(e)
def lambda_handler(event, context): print(event) try: message = json.loads(event['Records'][0]["Sns"]["Message"]) project_id = message['project_id'] scan_id = message['scan_id'] target_records = database.getProjectScanTargets(project_id, scan_id) for record in target_records: notify_unvalidated_target(project_id, record) except Exception as e: error_handler.handleError(e)
def lambda_handler(event, context): print(event) try: cognito_params = {} cognito_params['userPoolId'] = os.environ['userPoolId'] cognito_params['region'] = os.environ['region'] cognito_params['userPoolWebClientId'] = os.environ[ 'userPoolWebClientId'] return cognito_params except Exception as e: error_handler.handleError(e)
def lambda_handler(event, context): print(event) try: message = json.loads(event['Records'][0]["Sns"]["Message"]) target_record = message['target_record'] target = get_target(target_record) project_id = message['project_id'] if is_valid_target(target): queue_target(target_record, project_id) else: database.mark_target_invalid(cur, target) except Exception as e: error_handler.handleError(e)
def lambda_handler(event, context): print(event) message = json.loads(event['Records'][0]["Sns"]["Message"]) project_id = message['project_id'] scan_id = message['scan_id'] target_id = message['target_id'] resource_id = message['resource_id'] url = message['url'] url_hash = hashlib.md5(url.encode('utf-8')).hexdigest() width = "1200" height = "1024" timeout = "5" try: cmd = [ "./phantomjs/phantomjs_linux-x86_64", "--debug=yes", "--ignore-ssl-errors=true", "./phantomjs/screenshot.js", url, "/tmp/" + url_hash + ".png", width, height, timeout ] results = subprocess.Popen(cmd, stdout=subprocess.PIPE) print(results.stdout.read()) thumbnail_path = create_thumbnail("/tmp/" + url_hash + ".png", url_hash) project_record = database.getProject(project_id) target_record = database.get_target_record(target_id) bucket = os.environ['CoreBucketRef'] file_name = '/tmp/' + url_hash + ".png" key_name = url_hash + '.png' thumbnail_key_name = url_hash + '-320.png' target = target_record["host"] if target_record[ "host"] else target_record["ip"] obj_path = "{0}/{1}/{2}/{3}".format( project_record["name"], target, urlparse(url).path.rstrip('/').strip('/'), key_name) thumbnail_obj_path = "{0}/{1}/{2}/{3}".format( project_record["name"], target, urlparse(url).path.rstrip('/').strip('/'), thumbnail_key_name) s3 = boto3.client('s3') print(os.listdir('/tmp')) print(file_name) s3.upload_file(file_name, bucket, obj_path) s3.upload_file(thumbnail_path, bucket, thumbnail_obj_path) database.create_screenshot_record(project_id, scan_id, target_id, resource_id, obj_path, thumbnail_obj_path) except Exception as e: error_handler.handleError(e)
def lambda_handler(event, context): try: print(event) key = event['path'].split('/screenshot/')[1] url = get_signed_url(key) return { 'statusCode': 200, 'headers': { 'Content-type': 'text/plain', 'Access-Control-Allow-Origin': '*' }, 'body': url } except Exception as e: error_handler.handleError(e)
def lambda_handler(event, context): # print(event) message = json.loads(event['Records'][0]["Sns"]["Message"]) project_id = message['project_id'] target_record = message['target_record'] scan_id = target_record['scan_id'] target_id = target_record['id'] paths = message['scan_list'] task_number = message['task_number'] protocol = message['additional_params']['protocol'] starting_path = message['additional_params']['starting_path'] port = message['additional_params']['port'] target = target_record['host'] if target_record[ 'host'] is not "" else target_record['ip'] try: task_queue_id = database.getTaskLock(project_id, target_id, task_number) if not task_queue_id: print("Task already processed") # this task is being processed by another function or has been before return loop = 0 while database.at_max_concurrent_connections( project_id, target_id, task_number) and loop < 10: loop += 1 sleep(5) if loop == 10: return session = requests.session() base_url = "{0}://{1}:{2}{3}".format(protocol, target, port, starting_path) results = scan_target(session, base_url, paths) results = save_target_record(scan_id, target_id, results) queue_recursive_scans(project_id, target_record, protocol, port, results) queue_content_screenshot(project_id, target_record, results) database.unlock_task_record(task_queue_id) except Exception as e: error_handler.handleError(e)
def lambda_handler(event, context): print(event) try: message = json.loads(event['Records'][0]["Sns"]["Message"]) print(message) target_record = message['target_record'] project_id = message["project_id"] scan_type = message['scan_type'] additional_params = message['additional_params'] scan_list = get_scan_list(scan_type) chunks = get_chunks(scan_list) task_num = 1 for chunk in chunks: message = format_message(project_id, target_record, chunk, task_num, additional_params) queue_message(scan_type, message) task_num += 1 except Exception as e: error_handler.handleError(e)
def lambda_handler(event, context): print(event) message = json.loads(event['Records'][0]["Sns"]["Message"]) project_id = message['project_id'] target_record = message['target_record'] scan_id = target_record['scan_id'] target_id = target_record['id'] ports = message['scan_list'] task_number = message['task_number'] target = target_record['host'] if target_record[ 'host'] is not "" else target_record['ip'] try: task_queue_id = database.getTaskLock(project_id, target_id, task_number) if not task_queue_id: print("Task already processed") # this task is being processed by another function or has been before return loop = 0 while database.at_max_concurrent_connections( project_id, target_id, task_number) and loop < 10: loop += 1 sleep(5) if loop == 10: return results = scan_target(target, ports) for result in results: if result['status'] == 'open': if result['protocol'] in ['http', 'https']: pass # queue_http_content_scan(project_id, target_record, result['protocol'], result['port']) record_results(scan_id, target_record['id'], results) database.unlock_task_record(task_queue_id) except Exception as e: error_handler.handleError(e)
def lambda_handler(event, context): print(event) bodyData = json.loads(event['body']) project_id = bodyData['projectId'] scan_types = bodyData['scanTypes'] targets = bodyData['targets'] print(targets) validated_targets = [] error = False error_data = {} try: database.assert_valid_project_id(project_id) assert_valid_scan_types(scan_types) status = "initializing" scan_id = database.write_scan(project_id, scan_types, status)["id"] for target in targets: ip = get_host_ip(target) if is_valid_ip_address(target): validated_targets.append({ "host": "", "ip": target, "is_valid": True }) elif is_valid_cidr(target): for ip in ipaddress.ip_network(target): ip = str(ip) if not ip.endswith(".0"): validated_targets.append({ "host": "", "ip": ip, "is_valid": True }) elif ip != target and is_valid_hostname(target): validated_targets.append({ "host": target, "ip": ip, "is_valid": True }) else: validated_targets.append({ "host": target, "ip": "", "is_valid": False, "error_message": "If an IP address was provided, it is either invalid or private." }) database.write_project_targets(project_id, scan_id, validated_targets) execute_scan(project_id, scan_id) except Exception as e: error_handler.handleError(e) return { "validated_targets": validated_targets, "error": error, "error_data": error_data }