def get_scan_results(self):
scan_file = None
for i in range(self.scan_notebook.get_n_pages()):
sbook_page = self.scan_notebook.get_nth_page(i)
if not sbook_page.status.get_empty():
scan_file = sbook_page.parsed.nmap_xml_file
if hasattr(scan_file, "name"):
# this scan was loaded from a file so nmap_xml_file is
# actually a file object, but we are interested only in
# the file name.
scan_file = scan_file.name
if scan_file and os.access(scan_file, os.R_OK) and\
os.path.isfile(scan_file):
log.debug(">>> Retrieving unsaved scan result: %s" % scan_file)
try:
parsed = NmapParser()
parsed.set_xml_file(scan_file)
parsed.parse()
parsed.set_scan_name("Unsaved " + \
sbook_page.get_tab_label())
parsed.set_unsaved()
except:
pass
else:
yield parsed
def get_scan_results(self):
scan_file = None
for i in range(self.scan_notebook.get_n_pages()):
sbook_page = self.scan_notebook.get_nth_page(i)
if not sbook_page.status.get_empty():
scan_file = sbook_page.parsed.nmap_xml_file
if hasattr(scan_file, "name"):
# this scan was loaded from a file so nmap_xml_file is
# actually a file object, but we are interested only in
# the file name.
scan_file = scan_file.name
if scan_file and os.access(scan_file, os.R_OK) and os.path.isfile(scan_file):
log.debug(">>> Retrieving unsaved scan result: %s" % scan_file)
try:
parsed = NmapParser()
parsed.set_xml_file(scan_file)
parsed.parse()
parsed.set_scan_name("Unsaved " + sbook_page.get_tab_label())
parsed.set_unsaved()
except:
pass
else:
yield parsed
def save_result(req, scan_id):
if req.POST:
scan = req.session.get("scan_result_" + scan_id, None)
parser = NmapParser()
fname = mktemp()
ftemp = open(fname, "a", 0)
ftemp.write(scan)
ftemp.close()
parser.set_xml_file(fname)
parser.parse()
parser.scan_name = req.POST['filename']
parser.write_xml(open(fname, "w", 0))
ftemp = open(fname, "r")
scan = ftemp.read()
if not scan:
raise Http404
if req.POST['destination'] == "database":
Scans(scan_name=parser.scan_name,
nmap_xml_output=scan,
date=time())
return HttpResponse("{'result': 'OK'}", "text/plain")
else:
response = HttpResponse(scan, "text/xml")
response['Content-disposition'] = "attachment; filename=" + quote(
req.POST['filename'].replace(" ", "_")) + ".usr"
return response
else:
raise HttpError(400, "Invalid GET request.")
def save_result(req, scan_id):
if req.POST:
scan = req.session.get("scan_result_" + scan_id, None)
parser = NmapParser()
fname = mktemp()
ftemp = open(fname, "a", 0)
ftemp.write(scan)
ftemp.close()
parser.set_xml_file(fname)
parser.parse()
parser.scan_name = req.POST["filename"]
parser.write_xml(open(fname, "w", 0))
ftemp = open(fname, "r")
scan = ftemp.read()
if not scan:
raise Http404
if req.POST["destination"] == "database":
Scans(scan_name=parser.scan_name, nmap_xml_output=scan, date=time())
return HttpResponse("{'result': 'OK'}", "text/plain")
else:
response = HttpResponse(scan, "text/xml")
response["Content-disposition"] = (
"attachment; filename=" + quote(req.POST["filename"].replace(" ", "_")) + ".usr"
)
return response
else:
raise HttpError(400, "Invalid GET request.")
def get_scan_results(self):
log.debug(">>> Getting scan results stored in data base")
u = UmitDB()
for scan in u.get_scans():
log.debug(">>> Retrieving result of scans_id %s" % scan.scans_id)
log.debug(">>> Nmap xml output: %s" % scan.nmap_xml_output)
temp_file = mktemp(".usr", "umit_")
tmp = open(temp_file, "w")
tmp.write(scan.nmap_xml_output)
tmp.close()
try:
parsed = NmapParser()
parsed.set_xml_file(temp_file)
parsed.parse()
# Remove temporary file reference
parsed.nmap_xml_file = ""
except:
pass
else:
yield parsed
def get_scan(req, scan_id):
db = UmitDB()
if scan_id not in [str(sid) for sid in db.get_scans_ids()]:
raise Http404
scan = Scans(scans_id=scan_id)
ftemp = open(mktemp(), "w", 0)
ftemp.write(scan.nmap_xml_output)
ftemp.flush()
parser = NmapParser(ftemp.name)
parser.parse()
return HttpResponse("{'result': 'OK', 'output': '%s', 'xml': '%s'}" % \
(parser.get_nmap_output().replace("'", "\\'").\
replace("\r", "").replace("\n", "\\n' + \n'"),
open(ftemp.name).read().replace('"', "'").\
replace("'", "\\'").\
replace("\n", "\\n' + \n'")),
"text/plain")
def get_scan_results(self):
log.debug(">>> Getting directory's scan results")
files = []
for ext in self.file_extensions:
files += glob(os.path.join(self.search_directory, "*.%s" % ext))
log.debug(">>> Scan results at selected directory: %s" % files)
for scan_file in files:
log.debug(">>> Retrieving scan result %s" % scan_file)
if os.access(scan_file, os.R_OK) and os.path.isfile(scan_file):
try:
parsed = NmapParser()
parsed.set_xml_file(scan_file)
parsed.parse()
except:
pass
else:
yield parsed
def get_scan(req, scan_id):
db = UmitDB()
if scan_id not in [str(sid) for sid in db.get_scans_ids()]:
raise Http404
scan = Scans(scans_id=scan_id)
ftemp = open(mktemp(), "w", 0)
ftemp.write(scan.nmap_xml_output)
ftemp.flush()
parser = NmapParser(ftemp.name)
parser.parse()
return HttpResponse(
"{'result': 'OK', 'output': '%s', 'xml': '%s'}"
% (
parser.get_nmap_output().replace("'", "\\'").replace("\r", "").replace("\n", "\\n' + \n'"),
open(ftemp.name).read().replace('"', "'").replace("'", "\\'").replace("\n", "\\n' + \n'"),
),
"text/plain",
)
def get_scan_results(self):
log.debug(">>> Getting scan results stored in data base")
u = UmitDB()
for scan in u.get_scans():
log.debug(">>> Retrieving result of scans_id %s" % scan.scans_id)
log.debug(">>> Nmap xml output: %s" % scan.nmap_xml_output)
temp_file = mktemp(".usr", "umit_")
tmp = open(temp_file, "w")
tmp.write(scan.nmap_xml_output)
tmp.close()
try:
parsed = NmapParser()
parsed.set_xml_file(temp_file)
parsed.parse()
# Remove temporary file reference
parsed.nmap_xml_file = ""
except:
pass
else:
yield parsed
def upload(req):
logger.debug("FILES: %s" % str(req.FILES))
if req.FILES.has_key('u1-result'):
up_file = req.FILES['u1-result'];
else:
up_file = req.FILES['u2-result'];
if "win" in sys.platform:
fname = mktemp()
ftemp = open(fname, "w")
ftemp.write(up_file['temp_file'].read())
ftemp.close()
else:
fname = up_file['temp_name']
parser = NmapParser(fname)
try:
parser.parse()
except Exception, ex:
logger.debug(str(ex))
logger.debug(fname)
return HttpResponse("{'result': 'FAIL'}")
def upload(req):
logger.debug("FILES: %s" % str(req.FILES))
if req.FILES.has_key('u1-result'):
up_file = req.FILES['u1-result']
else:
up_file = req.FILES['u2-result']
if "win" in sys.platform:
fname = mktemp()
ftemp = open(fname, "w")
ftemp.write(up_file['temp_file'].read())
ftemp.close()
else:
fname = up_file['temp_name']
parser = NmapParser(fname)
try:
parser.parse()
except Exception, ex:
logger.debug(str(ex))
logger.debug(fname)
return HttpResponse("{'result': 'FAIL'}")
def upload_result(req):
if req.POST:
if req.POST["type"] == "file":
try:
parser = NmapParser()
parser.set_xml_file(req.FILES["scan_result"]["temp_file"])
parser.parse()
parsed_scan = ScanJsonParser(parser).parse()
junk = r"odpojfsdkjfpisudŕij208u-0w9rsdnfkdfçwrtwqr/fsasd~/???çds"
key = md5.new(
str(random.randint(0, sys.maxint - 1)) + str(random.randint(1, sys.maxint - 1) // 2) + junk
).hexdigest()
req.session["scan_result_" + key] = open(req.FILES["scan_result"]["temp_name"], "r").read()
text_out = parser.nmap_output.replace("'", "\\'").replace("\r", "").replace("\n", "\\n' + \n'")
parsed_scan = parsed_scan.replace("\n", "\\n' + \n'")
return HttpResponse(
("{'result': 'OK', 'id': '%s', 'output': " + "{'plain': '%s', 'full': %s}}")
% (key, text_out, parsed_scan),
"text/plain",
)
except Exception, ex:
logger.error("ERROR PARSING SCAN: %s" % str(ex))
return HttpResponse("{'result': 'FAIL', 'output': '%s'}" % str(ex).replace("'", "\\'"), "text/plain")
else:
scan_id = req.POST["scanId"]
db = UmitDB()
if scan_id not in [str(sid) for sid in db.get_scans_ids()]:
return HttpResponse("{'result': 'FAIL', 'output': 'Scan not found!'}")
scan = Scans(scans_id=scan_id)
ftemp = open(mktemp(), "w", 0)
ftemp.write(scan.nmap_xml_output)
ftemp.flush()
parser = NmapParser(ftemp.name)
parser.parse()
return HttpResponse(
"{'result': 'OK', 'output': {'plain': '%s', 'full': %s}}"
% (
parser.get_nmap_output().replace("'", "\\'").replace("\r", "").replace("\n", "\\n' + \n'"),
ScanJsonParser(parser).parse(),
),
"text/plain",
)
def make_diff(req):
scan1 = req.POST['scan1']
scan2 = req.POST['scan2']
xml1 = mktemp()
xml2 = mktemp()
open(xml1, "w").write(req.POST['scan1-xml'])
open(xml2, "w").write(req.POST['scan2-xml'])
parsed1 = NmapParser(xml1)
parsed1.parse()
parsed2 = NmapParser(xml2)
parsed2.parse()
diff_tree = ParserDiff(parsed1, parsed2)
diff_text = Diff(scan1.split("\n"), scan2.split("\n"))
lines = diff_text.generate_without_banner()
diff = {
"text": lines,
"compare": [d.to_dict() for d in diff_tree.make_diff()]
}
response = HttpResponse(str(diff), "text/plain")
return response
def get_scan_results(self):
log.debug(">>> Getting directory's scan results")
files = []
for ext in self.file_extensions:
files += glob(os.path.join(self.search_directory, "*.%s" % ext))
log.debug(">>> Scan results at selected directory: %s" % files)
for scan_file in files:
log.debug(">>> Retrieving scan result %s" % scan_file)
if os.access(scan_file, os.R_OK) and os.path.isfile(scan_file):
try:
parsed = NmapParser()
parsed.set_xml_file(scan_file)
parsed.parse()
except:
pass
else:
yield parsed
def make_diff(req):
scan1 = req.POST['scan1']
scan2 = req.POST['scan2']
xml1 = mktemp()
xml2 = mktemp()
open(xml1, "w").write(req.POST['scan1-xml'])
open(xml2, "w").write(req.POST['scan2-xml'])
parsed1 = NmapParser(xml1)
parsed1.parse()
parsed2 = NmapParser(xml2)
parsed2.parse()
diff_tree = ParserDiff(parsed1, parsed2)
diff_text = Diff(scan1.split("\n"), scan2.split("\n"))
lines = diff_text.generate_without_banner()
diff = {"text": lines, "compare": [d.to_dict() for d in diff_tree.make_diff()]}
response = HttpResponse(str(diff), "text/plain")
return response
def check(req, resource_id):
response = HttpResponse()
response['Content-type'] = "text/javascript"
nmapCommand = server.currentInstance.getResource(resource_id)
server_thread = None
if isinstance(nmapCommand, list):
nmapCommand, server_thread = nmapCommand
assert isinstance(server_thread, ServerThread)
assert isinstance(nmapCommand, NmapCommand)
if nmapCommand is None:
raise Http404
if server_thread and len(server_thread.exceptions) > 0:
server.currentInstance.removeResource(resource_id)
raise Http500("Nmap command raised an exception!\n%s" % \
"\n".join(str(e) for e in server_thread.exceptions))
output = nmapCommand.get_output()
error = nmapCommand.get_error()
if nmapCommand.scan_state():
response.write("{'result': 'OK', 'status': 'RUNNING', " + \
"'output': {'text': '%s', 'error': '%s'}}" % \
(output.replace("'", "\\'").replace("\n", "\\n' + \n'"),
error.replace("'", "\\'").replace("\n", "\\n' + \n'")))
else:
profile = CommandProfile()
parser = NmapParser()
parser.set_xml_file(nmapCommand.get_xml_output_file())
parser.parse()
parser.profile_name = req.session['profile_' + resource_id]
parser.target = req.session['target_' + resource_id]
parser.nmap_command = req.session['command_' + resource_id]
parser.profile = profile.get_command(parser.profile_name)
parser.profile_hint = profile.get_hint(parser.profile_name)
parser.profile_description = profile.get_description(
parser.profile_name)
parser.profile_annotation = profile.get_annotation(parser.profile_name)
parser.profile_options = profile.get_options(parser.profile_name)
try:
parser.nmap_output = nmapCommand.get_raw_output()
except:
parser.nmap_output = "\\n".join(
self.scan_result.get_nmap_output().split("\n"))
#del parser['nmap']
#parsed_scan = #str(__scan_to_json(parser))
parsed_scan = ScanJsonParser(parser).parse()
text_out = nmapCommand.get_output().replace("'", "\\'").replace(
"\n", "\\n' + \n'")
response.write("{'result': 'OK', 'status': 'FINISHED', 'output':" + \
" {'full': %s, 'plain': '%s'}}" % (parsed_scan, text_out))
server.currentInstance.removeResource(resource_id)
fname = mktemp()
fresult = open(fname, "w", 0)
parser.write_xml(fresult)
req.session['scan_result_' + resource_id] = open(fname, 'r').read()
return response
def upload_result(req):
if req.POST:
if req.POST['type'] == "file":
try:
parser = NmapParser()
parser.set_xml_file(req.FILES['scan_result']['temp_file'])
parser.parse()
parsed_scan = ScanJsonParser(parser).parse()
junk = r"odpojfsdkjfpisudŕij208u-0w9rsdnfkdfçwrtwqr/fsasd~/???çds"
key = md5.new(str(random.randint(0, sys.maxint-1)) \
+ str(random.randint(1, sys.maxint-1)//2) \
+ junk).hexdigest()
req.session['scan_result_' + key] = open(
req.FILES['scan_result']['temp_name'], 'r').read()
text_out = parser.nmap_output.replace("'", "\\'").replace(
"\r", "").replace("\n", "\\n' + \n'")
parsed_scan = parsed_scan.replace("\n", "\\n' + \n'")
return HttpResponse(("{'result': 'OK', 'id': '%s', 'output': " + \
"{'plain': '%s', 'full': %s}}") % \
(key, text_out, parsed_scan), "text/plain")
except Exception, ex:
logger.error("ERROR PARSING SCAN: %s" % str(ex))
return HttpResponse(
"{'result': 'FAIL', 'output': '%s'}" %
str(ex).replace("'", "\\'"), "text/plain")
else:
scan_id = req.POST['scanId']
db = UmitDB()
if scan_id not in [str(sid) for sid in db.get_scans_ids()]:
return HttpResponse(
"{'result': 'FAIL', 'output': 'Scan not found!'}")
scan = Scans(scans_id=scan_id)
ftemp = open(mktemp(), "w", 0)
ftemp.write(scan.nmap_xml_output)
ftemp.flush()
parser = NmapParser(ftemp.name)
parser.parse()
return HttpResponse("{'result': 'OK', 'output': {'plain': '%s', 'full': %s}}" % \
(parser.get_nmap_output().replace("'", "\\'").\
replace("\r", "").replace("\n", "\\n' + \n'"),
ScanJsonParser(parser).parse()),
"text/plain")
def check(req, resource_id):
response = HttpResponse()
response["Content-type"] = "text/javascript"
nmapCommand = server.currentInstance.getResource(resource_id)
server_thread = None
if isinstance(nmapCommand, list):
nmapCommand, server_thread = nmapCommand
assert isinstance(server_thread, ServerThread)
assert isinstance(nmapCommand, NmapCommand)
if nmapCommand is None:
raise Http404
if server_thread and len(server_thread.exceptions) > 0:
server.currentInstance.removeResource(resource_id)
raise Http500("Nmap command raised an exception!\n%s" % "\n".join(str(e) for e in server_thread.exceptions))
output = nmapCommand.get_output()
error = nmapCommand.get_error()
if nmapCommand.scan_state():
response.write(
"{'result': 'OK', 'status': 'RUNNING', "
+ "'output': {'text': '%s', 'error': '%s'}}"
% (
output.replace("'", "\\'").replace("\n", "\\n' + \n'"),
error.replace("'", "\\'").replace("\n", "\\n' + \n'"),
)
)
else:
profile = CommandProfile()
parser = NmapParser()
parser.set_xml_file(nmapCommand.get_xml_output_file())
parser.parse()
parser.profile_name = req.session["profile_" + resource_id]
parser.target = req.session["target_" + resource_id]
parser.nmap_command = req.session["command_" + resource_id]
parser.profile = profile.get_command(parser.profile_name)
parser.profile_hint = profile.get_hint(parser.profile_name)
parser.profile_description = profile.get_description(parser.profile_name)
parser.profile_annotation = profile.get_annotation(parser.profile_name)
parser.profile_options = profile.get_options(parser.profile_name)
try:
parser.nmap_output = nmapCommand.get_raw_output()
except:
parser.nmap_output = "\\n".join(self.scan_result.get_nmap_output().split("\n"))
# del parser['nmap']
# parsed_scan = #str(__scan_to_json(parser))
parsed_scan = ScanJsonParser(parser).parse()
text_out = nmapCommand.get_output().replace("'", "\\'").replace("\n", "\\n' + \n'")
response.write(
"{'result': 'OK', 'status': 'FINISHED', 'output':"
+ " {'full': %s, 'plain': '%s'}}" % (parsed_scan, text_out)
)
server.currentInstance.removeResource(resource_id)
fname = mktemp()
fresult = open(fname, "w", 0)
parser.write_xml(fresult)
req.session["scan_result_" + resource_id] = open(fname, "r").read()
return response