def notify_stage(self, audit_name, stage): """ This method is called when an audit moves to another execution stage. :param audit_name: Name of the audit. :type audit_name: str :param stage: Name of the execution stage. Must be one of the following: - "start" - The audit has just started. - "import" - Importing external data into the database. - "recon" - Performing reconnaisance on the targets. - "scan" - Scanning the targets for vulnerabilities. - "attack" - Attacking the target using the vulnerabilities found. - "intrude" - Gathering information after a successful attack. - "cleanup" - Cleaning up after an attack. - "report" - Generating a report for the audit. - "finish" - The audit has finished. - "cancel" - The audit has been canceled by the user. :type stage: str """ # Log the event. print "[%s] Entering stage: %s" % (audit_name, get_stage_display_name(stage)) # Save the audit stage. self.audit_stage[audit_name] = stage # Clear the progress for this audit. self.plugin_state[audit_name].clear() # Increase steps if recon stage was reached. if stage == "recon": self.steps[audit_name] += 1 # Send the audit stage. packet = ("stage", audit_name, stage) self.bridge.send(packet)
def recv_msg(self, message): # Process status messages. if message.message_type == MessageType.MSG_TYPE_STATUS: # A plugin has started. if message.message_code == MessageCode.MSG_STATUS_PLUGIN_BEGIN: # Create a simple ID for the plugin execution. id_dict = self.current_plugins[Config.audit_name][ message.plugin_id] simple_id = len(id_dict) id_dict[message.ack_identity] = simple_id # Show this event in extra verbose mode. if Console.level >= Console.MORE_VERBOSE: # Show a message to the user. m_plugin_name = self.get_plugin_name( message.plugin_id, message.ack_identity) m_plugin_name = colorize("[*] " + m_plugin_name, "informational") m_text = "%s: Started." % m_plugin_name Console.display(m_text) # A plugin has ended. elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_END: # Show this event in extra verbose mode. if Console.level >= Console.MORE_VERBOSE: # Show a message to the user. m_plugin_name = self.get_plugin_name( message.plugin_id, message.ack_identity) m_plugin_name = colorize("[*] " + m_plugin_name, "informational") m_text = "%s: Finished." % m_plugin_name Console.display(m_text) # Free the simple ID for the plugin execution. try: del self.current_plugins[Config.audit_name][ message.plugin_id][message.ack_identity] except KeyError: pass # A plugin has advanced. elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_STEP: # Show this event in verbose mode. if Console.level >= Console.VERBOSE: # Get the plugin name. m_plugin_name = self.get_plugin_name( message.plugin_id, message.ack_identity) m_plugin_name = colorize("[*] " + m_plugin_name, "informational") # Get the progress percentage. m_progress = message.message_info if m_progress is not None: m_progress_h = int(m_progress) m_progress_l = int( (m_progress - float(m_progress_h)) * 100) m_progress_txt = colorize( "%i.%.2i%%" % (m_progress_h, m_progress_l), "middle") m_progress_txt = m_progress_txt + " percent done..." else: m_progress_txt = "Working..." # Show it to the user. m_text = "%s: %s" % (m_plugin_name, m_progress_txt) Console.display(m_text) # The audit has moved to another execution stage. elif message.message_code == MessageCode.MSG_STATUS_STAGE_UPDATE: # Show this event in verbose mode. if Console.level >= Console.VERBOSE: # Show the new stage name. m_stage = get_stage_display_name(message.message_info) m_stage = colorize(m_stage, "high") m_plugin_name = colorize("[*] GoLismero", "informational") m_text = "%s: Current stage: %s" m_text %= (m_plugin_name, m_stage) Console.display(m_text) # If on maximum verbosity level and entering report stage, # log the current report mode. if (Console.level >= Console.MORE_VERBOSE and message.message_info == "report"): if Config.audit_config.only_vulns: m_report_type = "Brief" else: m_report_type = "Full" m_report_type = colorize(m_report_type, "yellow") m_text = "%s: Report type: %s" m_text %= (m_plugin_name, m_report_type) Console.display(m_text) # When an audit is aborted, check if there are more running audits. # If there aren't any, stop the Orchestrator. elif message.message_code == MessageCode.MSG_STATUS_AUDIT_ABORTED: (audit_name, description, traceback) = message.message_info try: m_plugin_name = self.get_plugin_name( message.plugin_id, message.ack_identity) m_plugin_name = colorize("[!] " + m_plugin_name, 'critical') text = "%s: Error: %s " % (m_plugin_name, str(description)) traceback = colorize(traceback, 'critical') Console.display_error(text) Console.display_error_more_verbose(traceback) finally: self.audit_is_dead(audit_name) # Process control messages. elif message.message_type == MessageType.MSG_TYPE_CONTROL: # When an audit is finished, check if there are more running audits. # If there aren't any, stop the Orchestrator. if message.message_code == MessageCode.MSG_CONTROL_STOP_AUDIT: self.audit_is_dead(message.audit_name) # Show log messages. The verbosity is sent by Logger. elif message.message_code == MessageCode.MSG_CONTROL_LOG: (text, level, is_error) = message.message_info if Console.level >= level: m_plugin_name = self.get_plugin_name( message.plugin_id, message.ack_identity) if is_error: text = colorize_traceback(text) m_plugin_name = colorize("[!] " + m_plugin_name, 'critical') text = "%s: %s" % (m_plugin_name, text) Console.display_error(text) else: m_plugin_name = colorize("[*] " + m_plugin_name, 'informational') text = "%s: %s" % (m_plugin_name, text) Console.display(text) # Show plugin errors. # Only the description in standard level, # full traceback in more verbose level. if message.message_code == MessageCode.MSG_CONTROL_ERROR: (description, traceback) = message.message_info m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity) m_plugin_name = colorize("[!] " + m_plugin_name, 'critical') text = "%s: Error: %s " % (m_plugin_name, str(description)) traceback = colorize_traceback(traceback) Console.display_error(text) Console.display_error_more_verbose(traceback) # Show plugin warnings. # Only in more verbose level. elif message.message_code == MessageCode.MSG_CONTROL_WARNING: for w in message.message_info: if Console.level >= Console.MORE_VERBOSE: formatted = warnings.formatwarning( w.message, w.category, w.filename, w.lineno, w.line) m_plugin_name = self.get_plugin_name( message.plugin_id, message.ack_identity) m_plugin_name = colorize("[!] " + m_plugin_name, 'low') text = "%s: Error: %s " % (m_plugin_name, str(formatted)) Console.display_error(text)
def recv_msg(self, message): # Process status messages. if message.message_type == MessageType.MSG_TYPE_STATUS: # A plugin has started. if message.message_code == MessageCode.MSG_STATUS_PLUGIN_BEGIN: # Create a simple ID for the plugin execution. id_dict = self.current_plugins[Config.audit_name][message.plugin_id] simple_id = len(id_dict) id_dict[message.ack_identity] = simple_id # Show this event in verbose mode. if Console.level >= Console.VERBOSE: # Show a message to the user. m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity) m_plugin_name = colorize("[*] " + m_plugin_name, "informational") m_text = "%s: Started." % m_plugin_name Console.display(m_text) # A plugin has ended. elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_END: # Show this event in verbose mode. if Console.level >= Console.VERBOSE: # Show a message to the user. m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity) m_plugin_name = colorize("[*] " + m_plugin_name, "informational") m_text = "%s: Finished." % m_plugin_name Console.display(m_text) # Free the simple ID for the plugin execution. try: del self.current_plugins[Config.audit_name][message.plugin_id][message.ack_identity] except KeyError: pass # A plugin has advanced. elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_STEP: # Show this event in verbose mode. if Console.level >= Console.VERBOSE: # Get the plugin name. m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity) m_plugin_name = colorize("[*] " + m_plugin_name, "informational") # Get the progress percentage. m_progress = message.message_info if m_progress is not None: m_progress_h = int(m_progress) m_progress_l = int((m_progress - float(m_progress_h)) * 100) m_progress_txt = colorize("%i.%.2i%%" % (m_progress_h, m_progress_l), "middle") m_progress_txt = m_progress_txt + " percent done..." else: m_progress_txt = "Working..." # Show it to the user. m_text = "%s: %s" % (m_plugin_name, m_progress_txt) Console.display(m_text) # The audit has moved to another execution stage. elif message.message_code == MessageCode.MSG_STATUS_STAGE_UPDATE: # Show this event in verbose mode. if Console.level >= Console.VERBOSE: # Show the new stage name. m_stage = get_stage_display_name(message.message_info) m_stage = colorize(m_stage, "high") m_plugin_name = colorize("[*] GoLismero", "informational") m_text = "%s: Current stage: %s" m_text %= (m_plugin_name, m_stage) Console.display(m_text) # If on maximum verbosity level and entering report stage, # log the current report mode. if ( Console.level >= Console.MORE_VERBOSE and message.message_info == "report" ): if Config.audit_config.only_vulns: m_report_type = "Brief" else: m_report_type = "Full" m_report_type = colorize(m_report_type, "yellow") m_text = "%s: Report type: %s" m_text %= (m_plugin_name, m_report_type) Console.display(m_text) # When an audit is aborted, check if there are more running audits. # If there aren't any, stop the Orchestrator. elif message.message_code == MessageCode.MSG_STATUS_AUDIT_ABORTED: (audit_name, description, traceback) = message.message_info try: m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity) m_plugin_name = colorize("[!] " + m_plugin_name, 'critical') text = "%s: Error: %s " % (m_plugin_name, str(description)) traceback = colorize(traceback, 'critical') Console.display_error(text) Console.display_error_more_verbose(traceback) finally: self.audit_is_dead(audit_name) # Process control messages. elif message.message_type == MessageType.MSG_TYPE_CONTROL: # When an audit is finished, check if there are more running audits. # If there aren't any, stop the Orchestrator. if message.message_code == MessageCode.MSG_CONTROL_STOP_AUDIT: self.audit_is_dead(message.audit_name) # Show log messages. The verbosity is sent by Logger. elif message.message_code == MessageCode.MSG_CONTROL_LOG: (text, level, is_error) = message.message_info if Console.level >= level: m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity) if is_error: text = colorize_traceback(text) m_plugin_name = colorize("[!] " + m_plugin_name, 'critical') text = "%s: %s" % (m_plugin_name, text) Console.display_error(text) else: m_plugin_name = colorize("[*] " + m_plugin_name, 'informational') text = "%s: %s" % (m_plugin_name, text) Console.display(text) # Show plugin errors. # Only the description in standard level, # full traceback in more verbose level. if message.message_code == MessageCode.MSG_CONTROL_ERROR: (description, traceback) = message.message_info m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity) m_plugin_name = colorize("[!] " + m_plugin_name, 'critical') text = "%s: Error: %s " % (m_plugin_name, str(description)) traceback = colorize_traceback(traceback) Console.display_error(text) Console.display_error_more_verbose(traceback) # Show plugin warnings. # Only in more verbose level. elif message.message_code == MessageCode.MSG_CONTROL_WARNING: for w in message.message_info: if Console.level >= Console.MORE_VERBOSE: formatted = warnings.formatwarning(w.message, w.category, w.filename, w.lineno, w.line) m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity) m_plugin_name = colorize("[!] " + m_plugin_name, 'low') text = "%s: Error: %s " % (m_plugin_name, str(formatted)) Console.display_error(text)
def recv_msg(self, message): # Process status messages. if message.message_type == MessageType.MSG_TYPE_STATUS: # A plugin has started. if message.message_code == MessageCode.MSG_STATUS_PLUGIN_BEGIN: # Create a simple ID for the plugin execution. id_dict = self.current_plugins[Config.audit_name][message.plugin_id] simple_id = len(id_dict) id_dict[message.ack_identity] = simple_id # Show a message to the user. m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity) m_plugin_name = colorize(m_plugin_name, "informational") m_text = "[*] %s: Started." % m_plugin_name Console.display(m_text) # A plugin has ended. elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_END: # Show a message to the user. m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity) m_plugin_name = colorize(m_plugin_name, "informational") m_text = "[*] %s: Finished." % m_plugin_name Console.display(m_text) # Free the simple ID for the plugin execution. del self.current_plugins[Config.audit_name][message.plugin_id][message.ack_identity] # A plugin has advanced. elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_STEP: # Show this event in verbose mode. if Console.level >= Console.VERBOSE: # Get the plugin name. m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity) m_plugin_name = colorize(m_plugin_name, "informational") # Get the progress percentage. m_progress = message.message_info if m_progress is not None: m_progress_h = int(m_progress) m_progress_l = int((m_progress - float(m_progress_h)) * 100) m_progress_txt = colorize("%i.%.2i%%" % (m_progress_h, m_progress_l), "middle") m_progress_txt = m_progress_txt + " percent done..." else: m_progress_txt = "Working..." # Show it to the user. m_text = "[*] %s: %s" % (m_plugin_name, m_progress_txt) Console.display(m_text) # The audit has moved to another execution stage. elif message.message_code == MessageCode.MSG_STATUS_STAGE_UPDATE: # Show this event in verbose mode. if Console.level >= Console.VERBOSE: # Show the new stage name. m_stage = get_stage_display_name(message.message_info) m_stage = colorize(m_stage, "high") m_plugin_name = colorize("GoLismero", "informational") m_text = "[*] %s: Current stage: %s" Console.display(m_text % (m_plugin_name, m_stage)) # Process control messages. elif message.message_type == MessageType.MSG_TYPE_CONTROL: # When an audit is finished, check if there are more running audits. # If there aren't any, stop the Orchestrator. if message.message_code == MessageCode.MSG_CONTROL_STOP_AUDIT: try: del self.already_seen_info[Config.audit_name] except KeyError: pass # may happen when only generating reports try: del self.current_plugins[Config.audit_name] except KeyError: pass if get_audit_count() == 1: # this is the last one Config._context.send_msg( # XXX FIXME hide this from plugins! message_type = MessageType.MSG_TYPE_CONTROL, message_code = MessageCode.MSG_CONTROL_STOP, message_info = True, # True for finished, False for user cancel priority = MessagePriority.MSG_PRIORITY_LOW ) # Show log messages. The verbosity is sent by Logger. elif message.message_code == MessageCode.MSG_CONTROL_LOG: (text, level, is_error) = message.message_info if Console.level >= level: try: m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity) except Exception: m_plugin_name = "GoLismero" m_plugin_name = colorize(m_plugin_name, 'informational') text = colorize(text, 'middle') if is_error: text = "[!] %s: %s" % (m_plugin_name, text) Console.display_error(text) else: text = "[*] %s: %s" % (m_plugin_name, text) Console.display(text) # Show plugin errors. # Only the description in standard level, # full traceback in more verbose level. if message.message_code == MessageCode.MSG_CONTROL_ERROR: (description, traceback) = message.message_info try: m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity) except Exception: m_plugin_name = "GoLismero" text = "[!] Plugin '%s' error: %s " % (m_plugin_name, str(description)) text = colorize(text, 'critical') traceback = colorize(traceback, 'critical') Console.display_error(text) Console.display_error_more_verbose(traceback) # Show plugin warnings. # Only the description in verbose level, # full traceback in more verbose level. elif message.message_code == MessageCode.MSG_CONTROL_WARNING: for w in message.message_info: if Console.level >= Console.MORE_VERBOSE: formatted = warnings.formatwarning(w.message, w.category, w.filename, w.lineno, w.line) elif Console.level >= Console.VERBOSE: formatted = w.message else: formatted = None if formatted: m_plugin_name = self.get_plugin_name(message.plugin_id, message.ack_identity) text = "[!] Plugin '%s' warning: %s " % (m_plugin_name, str(formatted)) text = colorize(text, 'low') Console.display_error(text)