示例#1
0
def main(workspace='', args=None, parser=None):
    parser.add_argument('parent', help='Parent ID')
    parser.add_argument('name', help='Vulnerability Name')
    parser.add_argument('--reference',
                        help='Vulnerability reference',
                        default='')  # Fixme

    parser.add_argument(
        '--severity',
        help='Vulnerability severity',
        choices=['critical', 'high', 'med', 'low', 'info', 'unclassified'],
        default='unclassified')

    parser.add_argument('--resolution', help='Resolution', default='')
    parser.add_argument('--confirmed',
                        help='Is the vulnerability confirmed',
                        choices=['true', 'false'],
                        default='false')
    parser.add_argument('--description',
                        help='Vulnerability description',
                        default='')

    parser.add_argument(
        '--dry-run',
        action='store_true',
        help='Do not touch the database. Only print the object ID')

    parsed_args = parser.parse_args(args)

    obj = factory.createModelObject(
        models.Vuln.class_signature,
        parsed_args.name,
        workspace,
        ref=parsed_args.reference,
        severity=parsed_args.severity,
        resolution=parsed_args.resolution,
        confirmed=(parsed_args.confirmed == 'true'),
        desc=parsed_args.description,
        parent_id=parsed_args.parent)

    old = models.get_vuln(workspace, obj.getID())

    if old is None:
        if not parsed_args.dry_run:
            models.create_vuln(workspace, obj)
    else:
        print "A vulnerability with ID %s already exists!" % obj.getID()
        return 2, None

    return 0, obj.getID()
示例#2
0
def main(workspace='', args=None, parser=None):
    parser.add_argument('parent', help='Parent ID')
    parser.add_argument('name', help='Vulnerability Name')
    parser.add_argument('--reference', help='Vulnerability reference', default='')  # Fixme

    parser.add_argument('--severity',
                        help='Vulnerability severity',
                        choices=['critical', 'high', 'med', 'low', 'info', 'unclassified'],
                        default='unclassified')

    parser.add_argument('--resolution', help='Resolution', default='')
    parser.add_argument('--confirmed', help='Is the vulnerability confirmed',
                        choices=['true', 'false'],
                        default='false')
    parser.add_argument('--description', help='Vulnerability description', default='')

    parser.add_argument('--dry-run', action='store_true', help='Do not touch the database. Only print the object ID')

    parsed_args = parser.parse_args(args)

    obj = factory.createModelObject(models.Vuln.class_signature, parsed_args.name, workspace,
                                    ref=parsed_args.reference,
                                    severity=parsed_args.severity,
                                    resolution=parsed_args.resolution,
                                    confirmed=(parsed_args.confirmed == 'true'),
                                    desc=parsed_args.description,
                                    parent_id=parsed_args.parent
                                    )

    old = models.get_vuln(workspace, obj.getID())

    if old is None:
        if not parsed_args.dry_run:
            models.create_vuln(workspace, obj)
    else:
        print "A vulnerability with ID %s already exists!" % obj.getID()
        return 2, None

    return 0, obj.getID()
示例#3
0
def main(workspace="", args=None, parser=None):

    WORKSPACE = workspace

    parser.add_argument("--csv", help="Csv file to import")
    parsed_args = parser.parse_args(args)

    if not parsed_args.csv:
        print "Error: Give a CSV file to import with --csv"
        return 2, None

    try:
        file_csv = open(parsed_args.csv, "r")
    except:
        print "Error: Unreadeable CSV file, check the path"
        raise

    counter = 0
    csv_reader = csv.DictReader(file_csv, delimiter=",", quotechar='"')
    for register in csv_reader:

        host, interface, service, vulnerability, vulnerability_web = parse_register(register)

        # Set all IDs and create objects
        if host is not None:

            host.setID(None)
            if not models.get_host(WORKSPACE, host.getID()):

                counter += 1
                print "New host: " + host.getName()
                models.create_host(WORKSPACE, host)

        if interface is not None:

            interface.setID(host.getID())
            if not models.get_interface(WORKSPACE, interface.getID()):

                counter += 1
                print "New interface: " + interface.getName()
                models.create_interface(WORKSPACE, interface)

        if service is not None:

            service.setID(interface.getID())
            if not models.get_service(WORKSPACE, service.getID()):

                counter += 1
                print "New service: " + service.getName()
                models.create_service(WORKSPACE, service)

        # Check if Service exist, then create the vuln with parent Service.
        # If not exist the Service, create the vuln with parent Host.
        if vulnerability is not None:

            if service is None:
                vulnerability.setID(host.getID())
            else:
                vulnerability.setID(service.getID())
            if not models.get_vuln(WORKSPACE, vulnerability.getID()):

                counter += 1
                print "New vulnerability: " + vulnerability.getName()
                models.create_vuln(WORKSPACE, vulnerability)

        elif vulnerability_web is not None:

            vulnerability_web.setID(service.getID())
            if not models.get_web_vuln(WORKSPACE, vulnerability_web.getID()):

                counter += 1
                print "New web vulnerability: " + vulnerability_web.getName()
                models.create_vuln_web(WORKSPACE, vulnerability_web)

    print "[*]", counter, "new Faraday objects created."
    file_csv.close()
    return 0, None
示例#4
0
def main(workspace="", args=None, parser=None):

    WORKSPACE = workspace

    parser.add_argument("--csv", help="Csv file to import")
    parsed_args = parser.parse_args(args)

    if not parsed_args.csv:
        print "Error: Give a CSV file to import with --csv"
        return 2, None

    try:
        file_csv = open(parsed_args.csv, "r")
    except:
        print "Error: Unreadeable CSV file, check the path"
        raise

    counter = 0
    csv_reader = csv.DictReader(file_csv, delimiter=",", quotechar='"')
    for register in csv_reader:

        host, service, vulnerability, vulnerability_web = parse_register(register)

        # Set all IDs and create objects
        if host is not None:
            old_host = models.get_host(WORKSPACE, ip=host.getName())
            if not old_host:

                counter += 1
                print "New host: " + host.getName()
                models.create_host(WORKSPACE, host)
            host = models.get_host(WORKSPACE, ip=host.getName())

        if service is not None:
            service.setParent(host.getID())
            service_params = {
                'name': service.getName(),
                'port': service.getPorts()[0],
                'protocol': service.getProtocol(),
                'host_id': service.getParent()
            }
            old_service = models.get_service(WORKSPACE, **service_params)
            if not old_service:

                counter += 1
                print "New service: " + service.getName()
                models.create_service(WORKSPACE, service)
            service = models.get_service(WORKSPACE, **service_params)

        # Check if Service exist, then create the vuln with parent Service.
        # If not exist the Service, create the vuln with parent Host.
        if vulnerability is not None:
            if host and not service:
                parent_type = 'Host'
                parent_id = host.getID()
            if host and service:
                parent_type = 'Service'
                parent_id = service.getID()
            vulnerability.setParent(parent_id)
            vulnerability.setParentType(parent_type)

            vuln_params = {
                'name': vulnerability.getName(),
                'description': vulnerability.getDescription(),
                'parent_type': parent_type,
                'parent': parent_id,
            }
            if not models.get_vuln(WORKSPACE, **vuln_params):

                counter += 1
                print "New vulnerability: " + vulnerability.getName()
                models.create_vuln(WORKSPACE, vulnerability)

        elif vulnerability_web is not None:

            vuln_web_params = {
                'name': vulnerability_web.getName(),
                'description': vulnerability_web.getDescription(),
                'parent': service.getID(),
                'parent_type': 'Service',
                'method': vulnerability_web.getMethod(),
                'parameter_name': vulnerability_web.getParams(),
                'path': vulnerability_web.getPath(),
                'website': vulnerability_web.getWebsite(),
            }
            vulnerability_web.setParent(service.getID())
            if not models.get_web_vuln(WORKSPACE, **vuln_web_params):

                counter += 1
                print "New web vulnerability: " + vulnerability_web.getName()
                models.create_vuln_web(WORKSPACE, vulnerability_web)

    print "[*]", counter, "new Faraday objects created."
    file_csv.close()
    return 0, None
示例#5
0
def main(workspace="", args=None, parser=None):

    WORKSPACE = workspace

    parser.add_argument("--csv", help="Csv file to import")
    parsed_args = parser.parse_args(args)

    if not parsed_args.csv:
        print "Error: Give a CSV file to import with --csv"
        return 2, None

    try:
        file_csv = open(parsed_args.csv, "r")
    except:
        print "Error: Unreadeable CSV file, check the path"
        raise

    counter = 0
    csv_reader = csv.DictReader(file_csv, delimiter=",", quotechar='"')
    for register in csv_reader:

        host, interface, service, vulnerability, vulnerability_web = parse_register(
            register)

        # Set all IDs and create objects
        if host is not None:

            host.setID(None)
            if not models.get_host(WORKSPACE, host.getID()):

                counter += 1
                print "New host: " + host.getName()
                models.create_host(WORKSPACE, host)

        if interface is not None:

            interface.setID(host.getID())
            if not models.get_interface(WORKSPACE, interface.getID()):

                counter += 1
                print "New interface: " + interface.getName()
                models.create_interface(WORKSPACE, interface)

        if service is not None:

            service.setID(interface.getID())
            if not models.get_service(WORKSPACE, service.getID()):

                counter += 1
                print "New service: " + service.getName()
                models.create_service(WORKSPACE, service)

        # Check if Service exist, then create the vuln with parent Service.
        # If not exist the Service, create the vuln with parent Host.
        if vulnerability is not None:

            if service is None:
                vulnerability.setID(host.getID())
            else:
                vulnerability.setID(service.getID())
            if not models.get_vuln(WORKSPACE, vulnerability.getID()):

                counter += 1
                print "New vulnerability: " + vulnerability.getName()
                models.create_vuln(WORKSPACE, vulnerability)

        elif vulnerability_web is not None:

            vulnerability_web.setID(service.getID())
            if not models.get_web_vuln(WORKSPACE, vulnerability_web.getID()):

                counter += 1
                print "New web vulnerability: " + vulnerability_web.getName()
                models.create_vuln_web(WORKSPACE, vulnerability_web)

    print "[*]", counter, "new Faraday objects created."
    file_csv.close()
    return 0, None
示例#6
0
def main(workspace="", args=None, parser=None):

    WORKSPACE = workspace

    parser.add_argument("--csv", help="Csv file to import")
    parsed_args = parser.parse_args(args)

    if not parsed_args.csv:
        print "Error: Give a CSV file to import with --csv"
        return 2, None

    try:
        file_csv = open(parsed_args.csv, "r")
    except:
        print "Error: Unreadeable CSV file, check the path"
        raise

    counter = 0
    csv_reader = csv.DictReader(file_csv, delimiter=",", quotechar='"')
    for register in csv_reader:
        try:
            host, service, vulnerability, vulnerability_web = parse_register(register)

            # Set all IDs and create objects
            if host is not None:
                old_host = models.get_host(WORKSPACE, ip=host.getName())
                if not old_host:

                    counter += 1

                    print "New host: " + host.getName()
                    try:
                        models.create_host(WORKSPACE, host)
                    except Exception as ex:
                        import ipdb; ipdb.set_trace()
                host = models.get_host(WORKSPACE, ip=host.getName())

            if service is not None:
                service.setParent(host.getID())
                service_params = {
                    'name': service.getName(),
                    'port': service.getPorts()[0],
                    'protocol': service.getProtocol(),
                    'host_id': service.getParent()
                }
                old_service = models.get_service(WORKSPACE, **service_params)
                if not old_service:

                    counter += 1
                    print "New service: " + service.getName()
                    models.create_service(WORKSPACE, service)
                service = models.get_service(WORKSPACE, **service_params)

            # Check if Service exist, then create the vuln with parent Service.
            # If not exist the Service, create the vuln with parent Host.
            if vulnerability is not None:
                if host and not service:
                    parent_type = 'Host'
                    parent_id = host.getID()
                if host and service:
                    parent_type = 'Service'
                    parent_id = service.getID()
                vulnerability.setParent(parent_id)
                vulnerability.setParentType(parent_type)

                vuln_params = {
                    'name': vulnerability.getName(),
                    'description': vulnerability.getDescription(),
                    'parent_type': parent_type,
                    'parent': parent_id,
                }

                if not models.get_vuln(WORKSPACE, **vuln_params):
                    counter += 1
                    print "New vulnerability: " + vulnerability.getName()
                    models.create_vuln(WORKSPACE, vulnerability)

            elif vulnerability_web is not None:

                vuln_web_params = {
                    'name': vulnerability_web.getName(),
                    'description': vulnerability_web.getDescription(),
                    'parent': service.getID(),
                    'parent_type': 'Service',
                    'method': vulnerability_web.getMethod(),
                    'parameter_name': vulnerability_web.getParams(),
                    'path': vulnerability_web.getPath(),
                    'website': vulnerability_web.getWebsite(),
                }
                vulnerability_web.setParent(service.getID())
                if not models.get_web_vuln(WORKSPACE, **vuln_web_params):

                    counter += 1
                    print "New web vulnerability: " + vulnerability_web.getName()
                    models.create_vuln_web(WORKSPACE, vulnerability_web)
        except ConflictInDatabase:
            print('Conflict in Database, skiping csv row')
        except CantCommunicateWithServerError as ex:
            print(register)
            print('Error', ex)
    print "[*]", counter, "new Faraday objects created."
    file_csv.close()
    return 0, None