def onboard_urls(urls: List[Url]): for url in urls: logger.info("Onboarding %s" % url) if url.is_top_level(): logger.debug("Brute known subdomains: %s" % url) brute_known_subdomains(urls=[url]) logger.debug("Certificate transparency: %s" % url) certificate_transparency(urls=[url]) logger.debug("nsec: %s" % url) nsec(urls=[url]) # tasks logger.debug("Discover endpoints: %s" % url) scanner_http.discover_endpoints(urls=[url]) # requires endpoints to be discovered, how to run groups of tasks sequentially? logger.debug("Plain_http: %s" % url) scanner_plain_http.scan_urls(urls=[url]) # requires endpoints to be discovered logger.debug("Screenshots: %s" % url) screenshot_urls(urls=[url]) # security headers and new urls are handled elsewhere. url.onboarded = True url.onboarded_on = datetime.now(pytz.utc) url.save()
def handle(self, *args, **options): if not options['organization'] or options['organization'][0] == "*": scanner_http.discover_endpoints() else: organization = Organization.objects.all().filter( name=options['organization'][0]) scanner_http.discover_endpoints(organizations=[organization])
def discover_http_endpoints(self, request, queryset): scanner_http.discover_endpoints(urls=list(queryset)) self.message_user(request, "Discover http(s) endpoints: Done")