def main(): # If the script is run outside the dispatcher the environment variables # are checked. # ['EXECUTOR_CONFIG_API_KEY', 'EXECUTOR_CONFIG_TARGET_URL'] try: target = os.environ["EXECUTOR_CONFIG_TARGET_URL"] api_key = os.environ["EXECUTOR_CONFIG_API_KEY"] except KeyError: print("environment variable not found", file=sys.stderr) sys.exit() # zap is required to be started zap_run = subprocess.check_output("pgrep -f zap", shell=True) if len(zap_run.decode("utf-8").split("\n")) > 3: # the apikey from ZAP->Tools->Options-API zap = ZAPv2(apikey=api_key) # it passes the url to scan and starts scanID = zap.spider.scan(target) # Wait for the scan to finish while int(zap.spider.status(scanID)) < 100: time.sleep(1) # If finish the scan and the xml is generated zap_result = zap.core.xmlreport() plugin = PluginsManager().get_plugin("zap") plugin.parseOutputString(zap_result) print(plugin.get_json()) else: print("ZAP not running", file=sys.stderr) sys.exit()
def main(): # If the script is run outside the dispatcher the environment variables # are checked. # ['EXECUTOR_CONFIG_TOKEN', 'EXECUTOR_CONFIG_URL', 'EXECUTOR_CONFIG_PROJECT'] try: sonar_qube_url = os.environ["EXECUTOR_CONFIG_URL"] token = os.environ["EXECUTOR_CONFIG_TOKEN"] component_key = os.environ['EXECUTOR_CONFIG_COMPONENT_KEY'] except KeyError: print("Environment variable not found", file=sys.stderr) sys.exit() session = requests.Session() # ATTENTION: SonarQube API requires an empty password when auth method is via token session.auth = (token, '') # Issues api config page = 0 has_more_vulns = True vulnerabilities = [] while has_more_vulns: page += 1 params = { 'componentKeys': component_key, 'types': TYPE_VULNS, 'p': page, 'ps': PAGE_SIZE } response = session.get( url=f'{sonar_qube_url}/api/issues/search', params=params, ) if not response.ok: print( f"There was an error finding issues. Component Key {component_key}; Status Code {response.status_code} - {response.content}", file=sys.stderr) sys.exit() response_json = response.json() issues = response_json.get('issues') vulnerabilities.extend(issues) total_items = response_json.get('paging').get('total') has_more_vulns = page * PAGE_SIZE < total_items plugin = PluginsManager().get_plugin("sonarqubeapi") vulns_json = json.dumps({'issues': vulnerabilities}) plugin.parseOutputString(vulns_json) print(plugin.get_json())
def main(): NESSUS_SCAN_NAME = os.getenv("EXECUTOR_CONFIG_NESSUS_SCAN_NAME", get_report_name()) NESSUS_URL = os.getenv("EXECUTOR_CONFIG_NESSUS_URL") # https://nessus:port NESSUS_USERNAME = os.getenv("NESSUS_USERNAME") NESSUS_PASSWORD = os.getenv("NESSUS_PASSWORD") NESSUS_SCAN_TARGET = os.getenv( # ip, domain, range "EXECUTOR_CONFIG_NESSUS_SCAN_TARGET") NESSUS_SCAN_TEMPLATE = os.getenv( # name field "EXECUTOR_CONFIG_NESSUS_SCAN_TEMPLATE", "basic", ) if not NESSUS_URL: NESSUS_URL = os.getenv("NESSUS_URL") if not NESSUS_URL: print("URL not provided", file=sys.stderr) sys.exit(1) scan_file = None token = nessus_login(NESSUS_URL, NESSUS_USERNAME, NESSUS_PASSWORD) if not token: sys.exit(1) x_token = get_x_api_token(NESSUS_URL, token) if not x_token: sys.exit(1) scan_id = nessus_add_target( NESSUS_URL, token, x_token, NESSUS_SCAN_TARGET, NESSUS_SCAN_TEMPLATE, NESSUS_SCAN_NAME, ) if not scan_id: sys.exit(1) status = nessus_scan_run(NESSUS_URL, scan_id, token, x_token) if status != "error": scan_file = nessus_scan_export(NESSUS_URL, scan_id, token, x_token) if scan_file: plugin = PluginsManager().get_plugin("nessus") plugin.parseOutputString(scan_file) print(plugin.get_json()) else: print("Scan file was empty", file=sys.stderr)
def main(): my_envs = os.environ # If the script is run outside the dispatcher # the environment variables # are checked. # ['EXECUTOR_CONFIG_NAME_URL', 'ARACHNI_PATH'] if "EXECUTOR_CONFIG_NAME_URL" in my_envs: url_analyze = os.environ.get("EXECUTOR_CONFIG_NAME_URL") url = urlparse(url_analyze) if url.scheme != "http" and url.scheme != "https": url_analyze = f"http://{url_analyze}" else: print("Param NAME_URL no passed", file=sys.stderr) sys.exit() if "ARACHNI_PATH" in my_envs: path_arachni = os.environ.get("ARACHNI_PATH") else: print("Environment variable ARACHNI_PATH no set", file=sys.stderr) sys.exit() os.chdir(path_arachni) file_afr = tempfile.NamedTemporaryFile(mode="w", suffix=".afr") cmd = ["./arachni", url_analyze, "--report-save-path", file_afr.name] arachni_command = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) flush_messages(arachni_command) name_xml = tempfile.NamedTemporaryFile(mode="w", suffix=".xml") cmd = [ "./arachni_reporter", file_afr.name, "--reporter", f"xml:outfile={name_xml.name}", ] arachni_reporter_process = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) flush_messages(arachni_reporter_process) plugin = PluginsManager().get_plugin("arachni") with open(name_xml.name, "r") as f: plugin.parseOutputString(f.read()) print(plugin.get_json()) name_xml.close() file_afr.close()
def main(): """ main function """ with RedirectOutput(): scanner = ness6rest.Scanner(url=NESSUS_URL, login=NESSUS_USERNAME, password=NESSUS_PASSWORD, insecure=True) scantemplate = os.getenv("NESSUS_SCANTEMPLATE", "basic") scanner.scan_add(targets=NESSUS_SCANTARGET, template=scantemplate, name="Faraday Agent Scan") print("Starting scan") scanner.scan_run() #This blocks execution until the scan stops running scanner._scan_status() plugin = PluginsManager().get_plugin("nessus") plugin.parseOutputString(scanner.download_scan(export_format="nessus")) print(plugin.get_json())
def main(): # separate the target list with comma NUCLEI_TARGET = os.getenv("EXECUTOR_CONFIG_NUCLEI_TARGET") # separate the exclude list with comma NUCLEI_EXCLUDE = os.getenv("EXECUTOR_CONFIG_NUCLEI_EXCLUDE", None) NUCLEI_TEMPLATES = os.getenv("NUCLEI_TEMPLATES") target_list = NUCLEI_TARGET.split(",") with tempfile.TemporaryDirectory() as tempdirname: name_urls = Path(tempdirname) / "urls.txt" name_output = Path(tempdirname) / "output.json" if len(target_list) > 1: with open(name_urls, "w") as f: for url in target_list: url_parse = urlparse(url) if is_ip(url_parse.netloc) or is_ip(url_parse.path): print(f"Is {url} not valid.", file=sys.stderr) else: if not url_parse.scheme: f.write(f"http://{url}\n") else: f.write(f"{url}\n") cmd = [ "nuclei", "-l", name_urls, "-t", NUCLEI_TEMPLATES, ] else: url_parse = urlparse(NUCLEI_TARGET) if is_ip(url_parse.hostname) or is_ip(url_parse.path): print(f"Is {NUCLEI_TARGET} not valid.", file=sys.stderr) sys.exit() else: if not url_parse.scheme: url = f"http://{NUCLEI_TARGET}" else: url = f"{NUCLEI_TARGET}" cmd = [ "nuclei", "-target", url, "-t", NUCLEI_TEMPLATES, ] if NUCLEI_EXCLUDE is not None: exclude_list = NUCLEI_EXCLUDE.split(",") for exclude in exclude_list: cmd += ["-exclude", str(Path(NUCLEI_TEMPLATES) / exclude)] cmd += ["-json", "-o", name_output] nuclei_process = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) if len(nuclei_process.stdout) > 0: print(f"Nuclei stdout: {nuclei_process.stdout.decode('utf-8')}", file=sys.stderr) if len(nuclei_process.stderr) > 0: print(f"Nuclei stderr: {nuclei_process.stderr.decode('utf-8')}", file=sys.stderr) plugin = PluginsManager().get_plugin("nuclei") plugin.parseOutputString(nuclei_process.stdout.decode("utf-8")) print(plugin.get_json())
def main(): url_target = os.environ.get("EXECUTOR_CONFIG_W3AF_TARGET_URL") if not url_target: print("URL not provided", file=sys.stderr) sys.exit() # If the script is run outside the dispatcher the environment variables # are checked. # ['W3AF_PATH'] if "W3AF_PATH" in os.environ: with tempfile.TemporaryDirectory() as tempdirname: name_result = Path(tempdirname) / "config_report_file.w3af" with open(name_result, "w") as f: command_text = ("plugins\n output console,xml_file\n" " output\n output config xml_file\n " "set output_file " f"{tempdirname}/output-w3af.xml\n set verbose" " True\n back\n output config console\n set " "verbose False\n back\n crawl all, " "!bing_spider, !google_spider, !spider_man\n " "crawl\n grep all\n grep\n audit all\n " "audit\n bruteforce all\n bruteforce\n " f"back\n target\n set target {url_target}\n " f"back\n start\n exit") f.write(command_text) try: os.chdir(path=os.environ.get("W3AF_PATH")) except FileNotFoundError: print( "The directory where w3af is located could not be found. " "Check environment variable W3AF_PATH = " f'{os.environ.get("W3AF_PATH")}', file=sys.stderr, ) sys.exit() if os.path.isfile("w3af_console"): cmd = [ "./w3af_console", "-s", name_result, ] w3af_process = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) if len(w3af_process.stdout) > 0: print( f"W3AF stdout: {w3af_process.stdout.decode('utf-8')}", file=sys.stderr, ) if len(w3af_process.stderr) > 0: print( f"W3AF stderr: {w3af_process.stderr.decode('utf-8')}", file=sys.stderr, ) plugin = PluginsManager().get_plugin("w3af") plugin.parseOutputString(f"{tempdirname}/output-w3af.xml") print(plugin.get_json()) else: print( "w3af_console file could not be found. For this reason the" " command cannot be run. Actual value = " f'{os.environ.get("W3AF_PATH")}/w3af_console ', file=sys.stderr, ) sys.exit() else: print("W3AF_PATH not set", file=sys.stderr) sys.exit()