def import_canvas_xml():
"""
Process ImmunitySec's Exploit.xml which can be genrated from the URL
http://exploitlist.immunityinc.com/ or by running ./canvasengine.py -e
from your CANVAS directory
http://exploitlist.immunityinc.com/home/serve/live
"""
import os
kvasir_path = os.path.join(request.folder, 'static/etc')
form = SQLFORM.factory(
Field('f_filename', 'upload', uploadfolder=os.path.join(request.folder, 'data/misc'), label=T('XML File')),
Field('f_use_kvasir_local', 'boolean', label=T('Use Kvasir static path')),
Field('f_use_local', 'boolean', label=T('Use local file path')),
Field('f_pathname', 'string', default=kvasir_path, label=T('Local path')),
Field('f_download', 'boolean', label=T('Download')),
Field('f_taskit', type='boolean', default=auth.user.f_scheduler_tasks, label=T('Run in background task')),
col3 = {
'f_use_kvasir_local': 'static/etc/canvas_exploits.xml',
'f_use_local': 'Directory where canvas_exploits.xml is located',
'f_download': 'Download from ImmunitySec website',
}
)
if form.errors:
response.flash = 'Error in form'
elif form.accepts(request.vars, session):
if form.vars.f_use_local:
filename = os.path.join(form.vars.f_pathname, 'canvas_exploits.xml')
elif form.vars.f_use_kvasir_local:
filename = os.path.join(request.folder,'static','etc','canvas_exploits.xml')
elif form.vars.f_download:
filename = None
else:
filename = os.path.join(request.folder,'data','misc',form.vars.f_filename)
if form.vars.f_taskit:
task = scheduler.queue_task(
canvas_exploit_xml,
pargs=[filename],
group_name=settings.scheduler_group_name,
sync_output=5,
timeout=settings.scheduler_timeout,
)
if task.id:
redirect(URL('tasks', 'status', args=task.id))
else:
response.flash = "Error submitting job: %s" % (task.errors)
else:
from skaldship.canvas import process_exploits
from skaldship.exploits import connect_exploits
process_exploits(filename)
connect_exploits()
response.flash = "Canvas Exploit data uploaded"
redirect(URL('list'))
response.title = "%s :: Import ImmunitySec CANVAS Exploits XML" % (settings.title)
return dict(form=form)
def canvas_exploit_xml(filename=None):
"""
Process ImmunitySec CANVAS Exploits.xml file into the database
"""
from skaldship.canvas import process_exploits
from skaldship.exploits import connect_exploits
process_exploits(filename)
connect_exploits()
return True
def nexpose_exploit_xml(filename=None):
"""
Process Nexpose exploits.xml file into the database
"""
from skaldship.nexpose import process_exploits
from skaldship.exploits import connect_exploits
process_exploits(filename)
connect_exploits()
return True
def nexpose_exploit_xml(filename=None):
"""
Process Nexpose exploits.xml file into the database
"""
from skaldship.nexpose import process_exploits
from skaldship.exploits import connect_exploits
process_exploits(filename)
connect_exploits()
return True
def canvas_exploit_xml(filename=None):
"""
Process ImmunitySec CANVAS Exploits.xml file into the database
"""
from skaldship.canvas import process_exploits
from skaldship.exploits import connect_exploits
process_exploits(filename)
connect_exploits()
return True
def import_nexpose_xml():
"""
Insert/Update exploit references from Nexpose exploits.xml file
File is located in /opt/rapid7/nexpose/plugins/conf
"""
import os
response.title = "%s :: Import Nexpose Exploits XML" % (settings.title)
form = SQLFORM.factory(
Field('f_filename', 'upload', uploadfolder=os.path.join(request.folder, 'data', 'misc'), label=T('XML File')),
Field('f_use_kvasir_local', 'boolean', label=T('Use Kvasir static path')),
Field('f_use_local', 'boolean', label=T('Use local file path')),
Field('f_pathname', 'string', default="/opt/rapid7/nexpose/plugins/conf", label=T('Local pathname')),
Field('f_taskit', type='boolean', default=auth.user.f_scheduler_tasks, label=T('Run in background task')),
col3 = {
'f_use_kvasir_local': 'static/etc/nexpose_exploits.xml',
'f_use_local': 'Directory where exploits.xml is located',
'f_pathname': 'Requires Nexpose and possibly root access'
}
)
if form.errors:
response.flash = 'Error in form'
elif form.accepts(request.vars, session):
# process nexpose exploits.xml file
if form.vars.f_use_local:
filename = os.path.join(form.vars.f_pathname, 'exploits.xml')
elif form.vars.f_use_kvasir_local:
filename = os.path.join(request.folder,'static','etc','nexpose_exploits.xml')
else:
filename = os.path.join(request.folder,'data', 'misc', form.vars.f_filename)
if form.vars.f_taskit:
task = scheduler.queue_task(
nexpose_exploit_xml,
pargs=[filename],
group_name=settings.scheduler_group_name,
sync_output=5,
timeout=settings.scheduler_timeout,
)
if task.id:
redirect(URL('tasks', 'status', args=task.id))
else:
response.flash = "Error submitting job: %s" % (task.errors)
else:
from skaldship.nexpose import process_exploits
from skaldship.exploits import connect_exploits
process_exploits(filename)
connect_exploits()
redirect(URL('list'))
return dict(form=form)
def import_nexpose_xml():
"""
Insert/Update exploit references from Nexpose exploits.xml file
File is located in /opt/rapid7/nexpose/plugins/conf
"""
import os
response.title = "%s :: Import Nexpose Exploits XML" % (settings.title)
form = SQLFORM.factory(Field('f_filename',
'upload',
uploadfolder=os.path.join(
request.folder, 'data', 'misc'),
label=T('XML File')),
Field('f_use_kvasir_local',
'boolean',
label=T('Use Kvasir static path')),
Field('f_use_local',
'boolean',
label=T('Use local file path')),
Field('f_pathname',
'string',
default="/opt/rapid7/nexpose/plugins/conf",
label=T('Local pathname')),
Field('f_taskit',
type='boolean',
default=auth.user.f_scheduler_tasks,
label=T('Run in background task')),
col3={
'f_use_kvasir_local':
'static/etc/nexpose_exploits.xml',
'f_use_local':
'Directory where exploits.xml is located',
'f_pathname':
'Requires Nexpose and possibly root access'
})
if form.errors:
response.flash = 'Error in form'
elif form.accepts(request.vars, session):
# process nexpose exploits.xml file
if form.vars.f_use_local:
filename = os.path.join(form.vars.f_pathname, 'exploits.xml')
elif form.vars.f_use_kvasir_local:
filename = os.path.join(request.folder, 'static', 'etc',
'nexpose_exploits.xml')
else:
filename = os.path.join(request.folder, 'data', 'misc',
form.vars.f_filename)
if form.vars.f_taskit:
task = scheduler.queue_task(
nexpose_exploit_xml,
pargs=[filename],
group_name=settings.scheduler_group_name,
sync_output=5,
timeout=settings.scheduler_timeout,
)
if task.id:
redirect(URL('tasks', 'status', args=task.id))
else:
response.flash = "Error submitting job: %s" % (task.errors)
else:
from skaldship.nexpose import process_exploits
from skaldship.exploits import connect_exploits
process_exploits(filename)
connect_exploits()
redirect(URL('list'))
return dict(form=form)
def import_canvas_xml():
"""
Process ImmunitySec's Exploit.xml which can be genrated from the URL
http://exploitlist.immunityinc.com/ or by running ./canvasengine.py -e
from your CANVAS directory
http://exploitlist.immunityinc.com/home/serve/live
"""
import os
kvasir_path = os.path.join(request.folder, 'static/etc')
form = SQLFORM.factory(
Field('f_filename',
'upload',
uploadfolder=os.path.join(request.folder, 'data/misc'),
label=T('XML File')),
Field('f_use_kvasir_local',
'boolean',
label=T('Use Kvasir static path')),
Field('f_use_local', 'boolean', label=T('Use local file path')),
Field('f_pathname',
'string',
default=kvasir_path,
label=T('Local path')),
Field('f_download', 'boolean', label=T('Download')),
Field('f_taskit',
type='boolean',
default=auth.user.f_scheduler_tasks,
label=T('Run in background task')),
col3={
'f_use_kvasir_local': 'static/etc/canvas_exploits.xml',
'f_use_local': 'Directory where canvas_exploits.xml is located',
'f_download': 'Download from ImmunitySec website',
})
if form.errors:
response.flash = 'Error in form'
elif form.accepts(request.vars, session):
if form.vars.f_use_local:
filename = os.path.join(form.vars.f_pathname,
'canvas_exploits.xml')
elif form.vars.f_use_kvasir_local:
filename = os.path.join(request.folder, 'static', 'etc',
'canvas_exploits.xml')
elif form.vars.f_download:
filename = None
else:
filename = os.path.join(request.folder, 'data', 'misc',
form.vars.f_filename)
if form.vars.f_taskit:
task = scheduler.queue_task(
canvas_exploit_xml,
pargs=[filename],
group_name=settings.scheduler_group_name,
sync_output=5,
timeout=settings.scheduler_timeout,
)
if task.id:
redirect(URL('tasks', 'status', args=task.id))
else:
response.flash = "Error submitting job: %s" % (task.errors)
else:
from skaldship.canvas import process_exploits
from skaldship.exploits import connect_exploits
process_exploits(filename)
connect_exploits()
response.flash = "Canvas Exploit data uploaded"
redirect(URL('list'))
response.title = "%s :: Import ImmunitySec CANVAS Exploits XML" % (
settings.title)
return dict(form=form)