def __init__(self): ''' Set the proxy ip, port and Apitoken of OWASP ZAP ''' self.api_logger = Logger() self.dbupdate = DatabaseUpdate() self.ip = get_value('config.property', 'Configuration', 'ZAP_ip') self.port = get_value('config.property', 'Configuration', 'ZAP_port') self.proxy = { "http": "http://" + self.ip + ":" + self.port, "https": "http://" + self.ip + ":" + self.port } self.apitoken = get_value('config.property', 'Configuration', 'ZAP_apikey') self.zap_url = 'http://' + self.ip + ':' + str(self.port)
import sendrequest as req import utils.logs as logs import os import urlparse from itertools import islice from utils.logger import Logger from utils.db import DatabaseUpdate from utils.config import get_value dbupdate = DatabaseUpdate() api_logger = Logger() redirection_url = "www.google.com" def fetch_open_redirect_payload(): # Returns open redirect payloads in list type payload_list = [] if os.getcwd().split('/')[-1] == 'API': path = '../Payloads/redirect.txt' else: path = 'Payloads/redirect.txt' with open(path) as f: for line in islice(f, 1, None): if line: payload_list.append(line.rstrip()) return payload_list
class zap_scan: def __init__(self): ''' Set the proxy ip, port and Apitoken of OWASP ZAP ''' self.api_logger = Logger() self.dbupdate = DatabaseUpdate() self.ip = get_value('config.property', 'Configuration', 'ZAP_ip') self.port = get_value('config.property', 'Configuration', 'ZAP_port') self.proxy = { "http": "http://" + self.ip + ":" + self.port, "https": "http://" + self.ip + ":" + self.port } self.apitoken = get_value('config.property', 'Configuration', 'ZAP_apikey') self.zap_url = 'http://' + self.ip + ':' + str(self.port) def generate_report(self): zap_report = '{0}/OTHER/core/other/htmlreport/' \ '?apikey={1}&formMethod=GET'\ .format(self.zap_url, self.apitoken) generate_report = requests.get(zap_report) try: write_report = open('report.html', 'w') write_report.write(generate_report.text) write_report.close() return True except e: return False def check_scanstatus(self, scan_id): scan_status = '{0}/JSON/ascan/view/status/' \ '?zapapiformat=JSON&apikey={1}' \ '&formMethod=GET&scanId={2}'\ .format(self.zap_url, self.apitoken, scan_id) status = requests.get(scan_status) try: status = json.loads(status.text)['status'] return status except Exception as e: raise e def update_db(self, scanid, url, alert, impact, description, solution, messageId): """ This function gathers all the info of alert and updates the DB """ message_url = '{0}/JSON/core/view/message/?zapapiformat=JSON' \ '&apikey={1}&formMethod=GET&id={2}'\ .format(self.zap_url, self.apitoken, messageId) message_req = requests.get(message_url) message_data = json.loads(message_req.text) req_headers, req_body, res_headers, res_body = ( message_data['message']['requestHeader'], message_data['message']['requestBody'], message_data['message']['responseHeader'], message_data['message']['responseBody']) attack_result = { "id": "NA", "scanid": scanid, "url": url, "name": alert, "impact": impact, "req_headers": req_headers, "req_body": req_body, "res_headers": res_headers, "res_body": res_body, "Description": description, "remediation": solution } self.dbupdate.insert_record(attack_result) def check_scanalerts(self, url, scan_id, scanid): scan_alerts = '{0}/JSON/core/view/alerts/?zapapiformat=JSON' \ '&apikey={1}&formMethod=GET&baseurl={2}&start=' \ '&count='.format(self.zap_url, self.apitoken, url) alert_id = 0 while True: time.sleep(10) scan_status = self.check_scanstatus(scan_id) if int(scan_status) == 100: break else: alerts = requests.get(scan_alerts) zap_alerts = json.loads(alerts.text) try: url = zap_alerts['alerts'][alert_id]['url'] alert = zap_alerts['alerts'][alert_id]['alert'] messageId = zap_alerts['alerts'][alert_id]['messageId'] impact = zap_alerts['alerts'][alert_id]['risk'] description = zap_alerts['alerts'][alert_id]['description'] solution = zap_alerts['alerts'][alert_id]['solution'] print "%s[+]{0} is vulnerable to {1}%s".format( url, alert) % (self.api_logger.G, self.api_logger.W) try: self.update_db(scanid, url, alert, impact, description, solution, messageId) except Exception as e: logs.logging.info("Failed to update in db : %s", e) alert_id = alert_id + 1 except: pass def start_scan(self, url, method, Headers=None, data=None, scanid=None): try: data = json.dumps(data) data = data.replace('\\"', "'") except: pass try: cookies = get_value('config.property', 'login', 'auth') cookies = ast.literal_eval(cookies) if cookies is None or '': cookies = '' except: cookies = '' if method.upper() == 'GET': try: access_url = requests.get(url, headers=Headers, proxies=self.proxy, cookies=cookies) except requests.exceptions.RequestException as e: print e elif method.upper() == 'POST': try: access_url = requests.post(url, headers=Headers, data=data, proxies=self.proxy, cookies=cookies, verify=False) except requests.exceptions.RequestException as e: return elif method.upper() == 'PUT': try: access_url = requests.put(url, headers=Headers, data=data, proxies=self.proxy) except requests.exceptions.RequestException as e: return ''' Check if URL is now present at scanning tree of ZAP. If it's not present then something is wrong with access_url ''' view_urls = '{0}/JSON/core/view/urls/?zapapiformat=JSON' \ '&formMethod=GET&apikey={1}'.format(self.zap_url, self.apitoken) view_urls = requests.get(view_urls) scantree_urls = json.loads(view_urls.text) if url or url + '/' in scantree_urls['urls']: data = "'" + data + "'" if method.upper() == 'GET': if '&' in url: url = url.replace('&', '%26') active_scan = '{0}/JSON/ascan/action/scan/?zapapiformat=JSON' \ '&url={1}&recurse=False&inScopeOnly=False' \ '&scanPolicyName=&method={2}&postData=' \ '&apikey={3}'.format(self.zap_url, url, method, self.apitoken) else: active_scan = '{0}/JSON/ascan/action/scan/' \ '?zapapiformat=JSON&url={1}&recurse=False' \ '&inScopeOnly=False&scanPolicyName=' \ '&method={2}&postData={3}' \ '&apikey={4}'.format(self.zap_url, url, method, urllib.quote(data), self.apitoken) start_ascan = requests.get(active_scan) try: scan_id = json.loads(start_ascan.text)['scan'] if int(scan_id) >= 0: print "[+]Active Scan Started Successfully" self.check_scanalerts(url, scan_id, scanid) except: pass