def launch_schudle_zap_scan(target_url, project_id, rescan_id, rescan, scan_id): """ The function Launch ZAP Scans. :param target_url: Target URL :param project_id: Project ID :return: """ random_port = '8090' # Connection Test zap_connect = zap_plugin.zap_connect(random_port, username='') try: zap_connect.spider.scan(url=target_url) except Exception: subject = 'ZAP Connection Not Found' message = 'ZAP Scanner failed due to setting not found ' email_sch_notify(subject=subject, message=message) print("ZAP Connection Not Found") return HttpResponseRedirect(reverse('webscanners:index')) # Load ZAP Plugin zap = zap_plugin.ZAPScanner(target_url, project_id, rescan_id, rescan, random_port=random_port) zap.exclude_url() time.sleep(3) zap.cookies() time.sleep(3) date_time = datetime.now() try: save_all_scan = zap_scans_db( project_id=project_id, scan_url=target_url, scan_scanid=scan_id, date_time=date_time, rescan_id=rescan_id, rescan=rescan, vul_status='0' ) save_all_scan.save() except Exception as e: print(e) zap.zap_spider_thread(thread_value=30) spider_id = zap.zap_spider() zap.spider_status(spider_id=spider_id) zap.spider_result(spider_id=spider_id) time.sleep(5) """ ZAP Scan trigger on target_url """ zap_scan_id = zap.zap_scan() zap.zap_scan_status( scan_id=zap_scan_id, un_scanid=scan_id ) """ Save Vulnerability in database """ time.sleep(5) all_vuln = zap.zap_scan_result(target_url=target_url) time.sleep(5) zap.zap_result_save( all_vuln=all_vuln, project_id=project_id, un_scanid=scan_id, username='' ) all_zap_scan = zap_scans_db.objects.all() total_vuln = '' total_high = '' total_medium = '' total_low = '' for data in all_zap_scan: total_vuln = data.total_vul total_high = data.high_vul total_medium = data.medium_vul total_low = data.low_vul subject = 'Archery Tool Scan Status - ZAP Scan Completed' message = 'ZAP Scanner has completed the scan ' \ ' %s <br> Total: %s <br>High: %s <br>' \ 'Medium: %s <br>Low %s' % (target_url, total_vuln, total_high, total_medium, total_low) email_sch_notify(subject=subject, message=message)
def launch_zap_scan(target_url, project_id, rescan_id, rescan, scan_id, user): """ The function Launch ZAP Scans. :param target_url: Target URL :param project_id: Project ID :return: """ username = user.username zap_enabled = False random_port = '8091' all_zap = zap_settings_db.objects.filter(username=username) for zap in all_zap: zap_enabled = zap.enabled if zap_enabled is False: print("started local instence") random_port = zap_plugin.zap_local() for i in range(0, 100): while True: try: # Connection Test zap_connect = zap_plugin.zap_connect(random_port, username=username) zap_connect.spider.scan(url=target_url) except Exception as e: print("ZAP Connection Not Found, re-try after 5 sec") time.sleep(5) continue break zap_plugin.zap_spider_thread(count=20, random_port=random_port, username=username) zap_plugin.zap_spider_setOptionMaxDepth(count=5, random_port=random_port, username=username) zap_plugin.zap_scan_thread(count=30, random_port=random_port, username=username) zap_plugin.zap_scan_setOptionHostPerScan(count=3, random_port=random_port, username=username) # Load ZAP Plugin zap = zap_plugin.ZAPScanner(target_url, project_id, rescan_id, rescan, random_port=random_port, username=username) zap.exclude_url() time.sleep(3) zap.cookies() time.sleep(3) date_time = datetime.now() try: save_all_scan = zap_scans_db( username=username, project_id=project_id, scan_url=target_url, scan_scanid=scan_id, date_time=date_time, rescan_id=rescan_id, rescan=rescan, vul_status='0' ) save_all_scan.save() notify.send(user, recipient=user, verb='ZAP Scan URL %s Added' % target_url) except Exception as e: print(e) notify.send(user, recipient=user, verb='ZAP Scan Started') zap.zap_spider_thread(thread_value=30) spider_id = zap.zap_spider() zap.spider_status(spider_id=spider_id) zap.spider_result(spider_id=spider_id) notify.send(user, recipient=user, verb='ZAP Scan Spider Completed') time.sleep(5) """ ZAP Scan trigger on target_url """ zap_scan_id = zap.zap_scan() zap.zap_scan_status( scan_id=zap_scan_id, un_scanid=scan_id ) """ Save Vulnerability in database """ time.sleep(5) all_vuln = zap.zap_scan_result(target_url=target_url) time.sleep(5) save_all_vuln = zap.zap_result_save( all_vuln=all_vuln, project_id=project_id, un_scanid=scan_id, username=username, ) print(save_all_vuln) all_zap_scan = zap_scans_db.objects.filter(username=username) total_vuln = '' total_high = '' total_medium = '' total_low = '' for data in all_zap_scan: total_vuln = data.total_vul total_high = data.high_vul total_medium = data.medium_vul total_low = data.low_vul if zap_enabled is False: zap.zap_shutdown() notify.send(user, recipient=user, verb='ZAP Scan URL %s Completed' % target_url) subject = 'Archery Tool Scan Status - ZAP Scan Completed' message = 'ZAP Scanner has completed the scan ' \ ' %s <br> Total: %s <br>High: %s <br>' \ 'Medium: %s <br>Low %s' % (target_url, total_vuln, total_high, total_medium, total_low) email_notify(user=user, subject=subject, message=message)
def launch_zap_scan(target_url, project_id, rescan_id, rescan, scan_id, user): """ The function Launch ZAP Scans. :param target_url: Target URL :param project_id: Project ID :return: """ # Connection Test zap_connect = zap_plugin.zap_connect() try: zap_connect.spider.scan(url=target_url) notify.send(user, recipient=user, verb='ZAP Scan Started') except Exception: notify.send(user, recipient=user, verb='ZAP Conection Not Found') subject = 'ZAP Conection Not Found' message = 'ZAP Scanner failed due to setting not found ' email_notify(user=user, subject=subject, message=message) print "ZAP Conection Not Found" return HttpResponseRedirect('/webscanners/') # Load ZAP Plugin zap = zap_plugin.ZAPScanner(target_url, project_id, rescan_id, rescan) zap.exclude_url() time.sleep(3) zap.cookies() time.sleep(3) date_time = datetime.now() try: save_all_scan = zap_scans_db(project_id=project_id, scan_url=target_url, scan_scanid=scan_id, date_time=date_time, rescan_id=rescan_id, rescan=rescan, vul_status='0') save_all_scan.save() notify.send(user, recipient=user, verb='ZAP Scan URL %s Added' % target_url) except Exception as e: print e zap.zap_spider_thread(thread_value=30) spider_id = zap.zap_spider() zap.spider_status(spider_id=spider_id) zap.spider_result(spider_id=spider_id) notify.send(user, recipient=user, verb='ZAP Scan Spider Completed') time.sleep(5) print 'Scanning Target %s' % target_url """ ZAP Scan trigger on target_url """ zap_scan_id = zap.zap_scan() # un_scanid = uuid.uuid4() zap.zap_scan_status(scan_id=zap_scan_id, un_scanid=scan_id) """ Save Vulnerability in database """ time.sleep(5) all_vuln = zap.zap_scan_result() time.sleep(5) save_all_vuln = zap.zap_result_save( all_vuln=all_vuln, project_id=project_id, un_scanid=scan_id, ) print save_all_vuln all_zap_scan = zap_scans_db.objects.all() total_vuln = '' total_high = '' total_medium = '' total_low = '' for data in all_zap_scan: total_vuln = data.total_vul total_high = data.high_vul total_medium = data.medium_vul total_low = data.low_vul notify.send(user, recipient=user, verb='ZAP Scan URL %s Completed' % target_url) subject = 'Archery Tool Scan Status - ZAP Scan Completed' message = 'ZAP Scanner has completed the scan ' \ ' %s <br> Total: %s <br>High: %s <br>' \ 'Medium: %s <br>Low %s' % (target_url, total_vuln, total_high, total_medium, total_low) email_notify(user=user, subject=subject, message=message)
def setting(request): """ The function calling setting page. :param request: :return: """ all_notify = Notification.objects.unread() jira_url = None j_username = None password = None # Loading settings username = request.user.username settings = load_settings.ArcherySettings(setting_file, username=username) lod_ov_user = settings.openvas_username() lod_ov_pass = settings.openvas_pass() lod_ov_host = settings.openvas_host() lod_ov_port = settings.openvas_port() lod_ov_enabled = settings.openvas_enabled() # Loading ZAP Settings zap_api_key = '' zap_hosts = '' zap_ports = '' zap_enable = False all_zap = zap_settings_db.objects.filter(username=username) for zap in all_zap: zap_api_key = zap.zap_api zap_hosts = zap.zap_url zap_ports = zap.zap_port zap_enable = zap.enabled lod_apikey = zap_api_key zap_host = zap_hosts zap_port = zap_ports # Loading Arachni Settings arachni_hosts = '' arachni_ports = '' all_arachni = arachni_settings_db.objects.filter(username=username) for arachni in all_arachni: arachni_hosts = arachni.arachni_url arachni_ports = arachni.arachni_port arachni_hosts = arachni_hosts arachni_ports = arachni_ports # Loading NMAP Vulners Settings nv_enabled = False nv_online = False nv_version = False nv_timing = 0 all_nv = nmap_vulners_setting_db.objects.filter(username=username) for nv in all_nv: nv_enabled = bool(nv.enabled) nv_online = bool(nv.online) nv_version = bool(nv.version) nv_timing = int(nv.timing) # Loading Burp Settings burp_host = settings.burp_host() burp_port = settings.burp_port() burp_api_key = settings.burp_api_key() # Loading Email Settings all_email = email_db.objects.filter(username=username) # Load JIRA Setting jira_setting = jirasetting.objects.filter(username=username) for jira in jira_setting: jira_url = jira.jira_server j_username = jira.jira_username password = jira.jira_password jira_server = jira_url if j_username is None: jira_username = None else: jira_username = signing.loads(j_username) if password is None: jira_password = None else: jira_password = signing.loads(password) username = request.user.username zap_enabled = False random_port = '8091' target_url = 'https://archerysec.com' zap_info = '' burp_info = '' openvas_info = '' arachni_info = '' jira_info = '' if request.method == 'POST': setting_of = request.POST.get('setting_of') if setting_of == 'zap': all_zap = zap_settings_db.objects.filter(username=username) for zap in all_zap: zap_enabled = zap.enabled if zap_enabled is False: zap_info = 'Disabled' try: random_port = zap_plugin.zap_local() except: return render(request, 'setting.html', {'zap_info': zap_info}) for i in range(0, 100): while True: try: # Connection Test zap_connect = zap_plugin.zap_connect( random_port, username=username) zap_connect.spider.scan(url=target_url) except Exception as e: print( "ZAP Connection Not Found, re-try after 5 sec") time.sleep(5) continue break else: try: zap_connect = zap_plugin.zap_connect(random_port, username=username) zap_connect.spider.scan(url=target_url) zap_info = True except: zap_info = False if setting_of == 'burp': host = 'http://' + burp_host + ':' + burp_port + '/' bi = burpscanner.BurpApi(host, burp_api_key) issue_list = bi.issue_definitions() if issue_list.data is None: burp_info = False else: burp_info = True if setting_of == 'openvas': sel_profile = '' openvas = OpenVAS_Plugin(scan_ip, project_id, sel_profile, username=username) try: openvas.connect() openvas_info = True except: openvas_info = False if setting_of == 'arachni': global scan_run_id, scan_status arachni_hosts = None arachni_ports = None all_arachni = arachni_settings_db.objects.filter(username=username) for arachni in all_arachni: arachni_hosts = arachni.arachni_url arachni_ports = arachni.arachni_port arachni = PyArachniapi.arachniAPI(arachni_hosts, arachni_ports) check = [] data = { "url": 'https://archerysec.com', "checks": check, "audit": {} } d = json.dumps(data) scan_launch = arachni.scan_launch(d) time.sleep(3) try: scan_data = scan_launch.data for key, value in scan_data.items(): if key == 'id': scan_run_id = value arachni_info = True except Exception: arachni_info = False if setting_of == 'jira': global jira_projects, jira_ser jira_setting = jirasetting.objects.filter(username=username) for jira in jira_setting: jira_url = jira.jira_server username = jira.jira_username password = jira.jira_password jira_server = jira_url jira_username = signing.loads(username) jira_password = signing.loads(password) options = {'server': jira_server} try: jira_ser = JIRA(options, basic_auth=(jira_username, jira_password), timeout=5) jira_projects = jira_ser.projects() print(len(jira_projects)) jira_info = True except Exception as e: print(e) jira_info = False return render( request, 'setting.html', { 'apikey': lod_apikey, 'zapath': zap_host, 'zap_port': zap_port, 'zap_enable': zap_enable, 'arachni_hosts': arachni_hosts, 'arachni_ports': arachni_ports, 'lod_ov_user': lod_ov_user, 'lod_ov_pass': lod_ov_pass, 'lod_ov_host': lod_ov_host, 'lod_ov_enabled': lod_ov_enabled, 'lod_ov_port': lod_ov_port, 'burp_path': burp_host, 'burp_port': burp_port, 'burp_api_key': burp_api_key, 'all_email': all_email, 'jira_server': jira_server, 'jira_username': jira_username, 'jira_password': jira_password, 'nv_enabled': nv_enabled, 'nv_version': nv_version, 'nv_online': nv_online, 'nv_timing': nv_timing, 'message': all_notify, 'zap_info': zap_info, 'burp_info': burp_info, 'openvas_info': openvas_info, 'arachni_info': arachni_info, 'jira_info': jira_info })
def launch_zap_scan(target_url, project_id, rescan_id, rescan, scan_id, user): """ The function Launch ZAP Scans. :param target_url: Target URL :param project_id: Project ID :return: """ zap_enabled = False all_zap = zap_settings_db.objects.all() for zap in all_zap: zap_enabled = zap.enabled if zap_enabled is False: print("started local instence") zap_plugin.zap_local() time.sleep(20) # Connection Test zap_connect = zap_plugin.zap_connect() try: zap_connect.spider.scan(url=target_url) notify.send(user, recipient=user, verb='ZAP Scan Started') except Exception: notify.send(user, recipient=user, verb='ZAP Connection Not Found') subject = 'ZAP Connection Not Found' message = 'ZAP Scanner failed due to setting not found ' email_notify(user=user, subject=subject, message=message) print("ZAP Connection Not Found") return HttpResponseRedirect(reverse('zapscanner:zap_scan_list')) zap_plugin.zap_spider_thread(count=20) zap_plugin.zap_spider_setOptionMaxDepth(count=5) zap_plugin.zap_scan_thread(count=30) zap_plugin.zap_scan_setOptionHostPerScan(count=3) # Load ZAP Plugin zap = zap_plugin.ZAPScanner(target_url, project_id, rescan_id, rescan) zap.exclude_url() time.sleep(3) zap.cookies() time.sleep(3) date_time = datetime.now() try: save_all_scan = zap_scans_db(project_id=project_id, scan_url=target_url, scan_scanid=scan_id, date_time=date_time, rescan_id=rescan_id, rescan=rescan, vul_status='0') save_all_scan.save() notify.send(user, recipient=user, verb='ZAP Scan URL %s Added' % target_url) except Exception as e: print(e) zap.zap_spider_thread(thread_value=30) spider_id = zap.zap_spider() zap.spider_status(spider_id=spider_id) zap.spider_result(spider_id=spider_id) notify.send(user, recipient=user, verb='ZAP Scan Spider Completed') time.sleep(5) """ ZAP Scan trigger on target_url """ zap_scan_id = zap.zap_scan() zap.zap_scan_status(scan_id=zap_scan_id, un_scanid=scan_id) """ Save Vulnerability in database """ time.sleep(5) all_vuln = zap.zap_scan_result() time.sleep(5) save_all_vuln = zap.zap_result_save( all_vuln=all_vuln, project_id=project_id, un_scanid=scan_id, ) print(save_all_vuln) all_zap_scan = zap_scans_db.objects.all() total_vuln = '' total_high = '' total_medium = '' total_low = '' for data in all_zap_scan: total_vuln = data.total_vul total_high = data.high_vul total_medium = data.medium_vul total_low = data.low_vul if zap_enabled is False: zap.zap_shutdown() notify.send(user, recipient=user, verb='ZAP Scan URL %s Completed' % target_url) subject = 'Archery Tool Scan Status - ZAP Scan Completed' message = 'ZAP Scanner has completed the scan ' \ ' %s <br> Total: %s <br>High: %s <br>' \ 'Medium: %s <br>Low %s' % (target_url, total_vuln, total_high, total_medium, total_low) email_notify(user=user, subject=subject, message=message)
def post(self, request): all_zap = ZapSettingsDb.objects.filter() all_zap.delete() all_zap_data = SettingsDb.objects.filter(setting_scanner="Zap") all_zap_data.delete() if request.POST.get("zap_enabled") == "on": zap_enabled = True else: zap_enabled = False apikey = request.POST.get("apikey", ) zaphost = request.POST.get("zappath", ) port = request.POST.get("port", ) setting_id = uuid.uuid4() save_zap_data = SettingsDb( setting_id=setting_id, setting_scanner="Zap", ) save_zap_data.save() save_data = ZapSettingsDb( setting_id=setting_id, zap_url=zaphost, zap_port=port, zap_api=apikey, enabled=zap_enabled, ) save_data.save() zap_enabled = False random_port = "8091" target_url = "https://archerysec.com" zap_info = "" all_zap = ZapSettingsDb.objects.filter() for zap in all_zap: zap_enabled = zap.enabled if zap_enabled is False: zap_info = "Disabled" try: random_port = zap_plugin.zap_local() except: return render(request, "setting/settings_page.html", {"zap_info": zap_info}) for i in range(0, 100): while True: try: # Connection Test zap_connect = zap_plugin.zap_connect(random_port) zap_connect.spider.scan(url=target_url) except Exception as e: print("ZAP Connection Not Found, re-try after 5 sec") time.sleep(5) continue break else: try: zap_connect = zap_plugin.zap_connect(random_port, ) zap_connect.spider.scan(url=target_url) zap_info = True SettingsDb.objects.filter(setting_id=setting_id).update( setting_status=zap_info) except: zap_info = False SettingsDb.objects.filter(setting_id=setting_id).update( setting_status=zap_info) return HttpResponseRedirect(reverse("archerysettings:settings"))
def post(self, request): all_notify = Notification.objects.unread() jira_url = None j_username = None password = None # Loading settings all_settings_data = SettingsDb.objects.filter() # Loading ZAP Settings zap_api_key = "" zap_hosts = "" zap_ports = "" zap_enable = False all_zap = ZapSettingsDb.objects.filter() for zap in all_zap: zap_api_key = zap.zap_api zap_hosts = zap.zap_url zap_ports = zap.zap_port zap_enable = zap.enabled lod_apikey = zap_api_key zap_host = zap_hosts zap_port = zap_ports # Loading Arachni Settings arachni_hosts = "" arachni_ports = "" arachni_user = "" arachni_pass = "" all_arachni = ArachniSettingsDb.objects.filter() for arachni in all_arachni: arachni_hosts = arachni.arachni_url arachni_ports = arachni.arachni_port arachni_user = arachni.arachni_user arachni_pass = arachni.arachni_pass burp_host = "" burp_port = "" burp_api_key = "" all_burp_setting = BurpSettingDb.objects.all() for data in all_burp_setting: burp_host = data.burp_url burp_port = data.burp_port burp_api_key = data.burp_api_key jira_setting = jirasetting.objects.all() for jira in jira_setting: jira_url = jira.jira_server j_username = jira.jira_username password = jira.jira_password jira_server = jira_url if j_username is None: jira_username = None else: jira_username = signing.loads(j_username) if password is None: jira_password = None else: jira_password = signing.loads(password) zap_enabled = False random_port = "8091" target_url = "https://archerysec.com" setting_of = request.POST.get("setting_of") setting_id = request.POST.get("setting_id") if setting_of == "zap": all_zap = ZapSettingsDb.objects.filter() for zap in all_zap: zap_enabled = zap.enabled if zap_enabled is False: zap_info = "Disabled" try: random_port = zap_plugin.zap_local() except: return render( request, "setting/settings_page.html", {"zap_info": zap_info} ) for i in range(0, 100): while True: try: # Connection Test zap_connect = zap_plugin.zap_connect(random_port) zap_connect.spider.scan(url=target_url) except Exception as e: print("ZAP Connection Not Found, re-try after 5 sec") time.sleep(5) continue break else: try: zap_connect = zap_plugin.zap_connect(random_port) zap_connect.spider.scan(url=target_url) zap_info = True SettingsDb.objects.filter(setting_id=setting_id).update( setting_status=zap_info ) except: zap_info = False SettingsDb.objects.filter(setting_id=setting_id).update( setting_status=zap_info ) if setting_of == "burp": host = "http://" + burp_host + ":" + burp_port + "/" try: bi = burpscanner.BurpApi(host, burp_api_key) except: burp_info = False return burp_info issue_list = bi.issue_definitions() if issue_list.data is None: burp_info = False SettingsDb.objects.filter(setting_id=setting_id).update( setting_status=burp_info ) else: burp_info = True SettingsDb.objects.filter(setting_id=setting_id).update( setting_status=burp_info ) if setting_of == "openvas": sel_profile = "" scan_ip = "" project_id = "" openvas = OpenVAS_Plugin(scan_ip, project_id, sel_profile) try: openvas.connect() openvas_info = True SettingsDb.objects.filter(setting_id=setting_id).update( setting_status=openvas_info ) except: openvas_info = False SettingsDb.objects.filter(setting_id=setting_id).update( setting_status=openvas_info ) if setting_of == "arachni": global scan_run_id, scan_status arachni_hosts = None arachni_ports = None arachni_user = None arachni_pass = None all_arachni = ArachniSettingsDb.objects.filter() for arachni in all_arachni: arachni_hosts = arachni.arachni_url arachni_ports = arachni.arachni_port arachni_user = arachni.arachni_user arachni_pass = arachni.arachni_pass arachni = PyArachniapi.arachniAPI( arachni_hosts, arachni_ports, arachni_user, arachni_pass ) check = [] data = {"url": "https://archerysec.com", "checks": check, "audit": {}} d = json.dumps(data) scan_launch = arachni.scan_launch(d) time.sleep(3) try: scan_data = scan_launch.data for key, value in scan_data.items(): if key == "id": scan_run_id = value arachni_info = True SettingsDb.objects.filter(setting_id=setting_id).update( setting_status=arachni_info ) except Exception: arachni_info = False SettingsDb.objects.filter(setting_id=setting_id).update( setting_status=arachni_info ) if setting_of == "jira": global jira_projects, jira_ser jira_setting = jirasetting.objects.filter() for jira in jira_setting: jira_url = jira.jira_server username = jira.jira_username password = jira.jira_password if jira_url is None: print("No jira url found") try: jira_server = jira_url jira_username = signing.loads(username) jira_password = signing.loads(password) except: jira_info = False options = {"server": jira_server} try: jira_ser = JIRA( options, basic_auth=(jira_username, jira_password), timeout=5 ) jira_projects = jira_ser.projects() print(len(jira_projects)) jira_info = True SettingsDb.objects.filter(setting_id=setting_id).update( setting_status=jira_info ) except Exception as e: print(e) jira_info = False SettingsDb.objects.filter(setting_id=setting_id).update( setting_status=jira_info ) return render( request, "setting/settings_page.html", {"all_settings_data": all_settings_data, "all_notify": all_notify}, )