def api_edit_scan(type, id): check_admin() if type == "sqlmap": sqlmap = Sqlmap.find_by('where id = ?', content_escape(id)) return dict(type=content_escape(type), id=content_escape(id), sqlmap=content_escape(sqlmap)) else: raise notfound()
def api_list_vulns(type): check_admin() if type == "xss": total = Request.count_by('where result_xss = ?', 'vulnerable') page = Page(total, _get_page_index()) requests = Request.find_by( 'where result_xss = ? order by id desc limit ?,?', 'vulnerable', page.offset, page.limit) elif type == "sqli": total = Request.count_by('where result_sqli = ?', 'vulnerable') page = Page(total, _get_page_index()) requests = Request.find_by( 'where result_sqli = ? order by id desc limit ?,?', 'vulnerable', page.offset, page.limit) elif type == "fi": total = Request.count_by('where result_fi = ?', 'vulnerable') page = Page(total, _get_page_index()) requests = Request.find_by( 'where result_fi = ? order by id desc limit ?,?', 'vulnerable', page.offset, page.limit) else: raise notfound() return dict(type=content_escape(type), requests=content_escape(requests), page=page)
def api_view_scan(type): check_admin() if type == "sqlmap": total = Sqlmap.count_all() page = Page(total, _get_page_index()) sqlmaps = Sqlmap.find_by('order by update_time desc limit ?,?', page.offset, page.limit) return dict(type=content_escape(type), sqlmaps=content_escape(sqlmaps), page=page) else: raise notfound()
def api_view_exclusion(type): check_admin() if type == "parse": exclusion = ExclusionParse.find_all()[0] elif type == "xss": exclusion = ExclusionScan.find_by('where type=0')[0] elif type == "sqli": exclusion = ExclusionScan.find_by('where type=1')[0] elif type == "fi": exclusion = ExclusionScan.find_by('where type=2')[0] elif type == "cookie": exclusion = ExclusionCookie.find_all()[0] else: raise notfound() return dict(type=content_escape(type), exclusion=content_escape(exclusion))
def api_view_request(request_rid): check_admin() request = Request.find_by('where rid = ?', request_rid) response = Response.find_by('where rid = ?', request_rid) if request is None or response is None: raise notfound() return dict(request=content_escape(request), response=html_encode(response))
def api_list_vulns(type): check_admin() if type == "xss": total = Request.count_by('where result_xss = ?', 'vulnerable') page = Page(total, _get_page_index()) requests = Request.find_by('where result_xss = ? order by id desc limit ?,?', 'vulnerable', page.offset, page.limit) elif type == "sqli": total = Request.count_by('where result_sqli = ?', 'vulnerable') page = Page(total, _get_page_index()) requests = Request.find_by('where result_sqli = ? order by id desc limit ?,?', 'vulnerable', page.offset, page.limit) elif type == "fi": total = Request.count_by('where result_fi = ?', 'vulnerable') page = Page(total, _get_page_index()) requests = Request.find_by('where result_fi = ? order by id desc limit ?,?', 'vulnerable', page.offset, page.limit) else: raise notfound() return dict(type=content_escape(type), requests=content_escape(requests), page=page)
def api_delete_scan(type, id): check_admin() if type == "sqlmap": sqlmap = Sqlmap(id=content_escape(id)) sqlmap.delete() else: return dict(result='failed', error='unknown scan type!') return dict(result='success')
def api_add_scan(type): check_admin() now = str(time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time()))) i = ctx.request.input() if type == "sqlmap": sqlmap = Sqlmap() sqlmap.ip = content_escape(i.ip.strip().lower()) sqlmap.port = content_escape(i.port.strip().lower()) sqlmap.status = i.status.strip().lower() sqlmap.update_time = now res = sqlmap_validate(sqlmap) if res == 'success': sqlmap.insert() else: return dict(result='failed', error=res) else: return dict(result='failed', error='unknown scan type!') return dict(result='success')
def manage_exclusion_view(type): return dict(type=content_escape(type), user=ctx.request.user)
def manage_scan_view(type): return dict(page_index=_get_page_index(), type=content_escape(type), user=ctx.request.user)
def api_update_exclusion(type): check_admin() now = str(time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time()))) i = ctx.request.input() if type == "parse": exclusion_parse = ExclusionParse.find_all()[0] exclusion_parse.exclusion = content_escape(i.exclusion.strip().lower()) exclusion_parse.update_time = now res = exclusion_validate(exclusion_parse) if res == 'success': exclusion_parse.update() else: return dict(result='failed', error=res) elif type == "cookie": exclusion_cookie = ExclusionCookie.find_all()[0] exclusion_cookie.exclusion = content_escape(i.exclusion.strip().lower()) exclusion_cookie.update_time = now res = exclusion_validate(exclusion_cookie) if res == 'success': exclusion_cookie.update() else: return dict(result='failed', error=res) elif type == "xss": exclusion_scan = ExclusionScan.find_by('where type=0')[0] exclusion_scan.method = content_escape(i.method.strip().lower()) exclusion_scan.protocol = content_escape(i.protocol.strip().lower()) exclusion_scan.host = content_escape(i.host.strip().lower()) exclusion_scan.ip = content_escape(i.ip.strip().lower()) exclusion_scan.port = content_escape(i.port.strip().lower()) exclusion_scan.path = content_escape(i.path.strip().lower()) exclusion_scan.accept = content_escape(i.accept.strip().lower()) exclusion_scan.accept_language = content_escape(i.accept_language.strip().lower()) exclusion_scan.accept_encoding = content_escape(i.accept_encoding.strip().lower()) exclusion_scan.referer = content_escape(i.referer.strip().lower()) exclusion_scan.user_agent = content_escape(i.user_agent.strip().lower()) exclusion_scan.cookie = content_escape(i.cookie.strip().lower()) exclusion_scan.content_type = content_escape(i.content_type.strip().lower()) exclusion_scan.post_data = content_escape(i.post_data.strip().lower()) exclusion_scan.update_time = now res = exclusion_validate(exclusion_scan) if res == 'success': exclusion_scan.update() else: return dict(result='failed', error=res) elif type == "sqli": exclusion_scan = ExclusionScan.find_by('where type=1')[0] exclusion_scan.method = content_escape(i.method.strip().lower()) exclusion_scan.protocol = content_escape(i.protocol.strip().lower()) exclusion_scan.host = content_escape(i.host.strip().lower()) exclusion_scan.ip = content_escape(i.ip.strip().lower()) exclusion_scan.port = content_escape(i.port.strip().lower()) exclusion_scan.path = content_escape(i.path.strip().lower()) exclusion_scan.accept = content_escape(i.accept.strip().lower()) exclusion_scan.accept_language = content_escape(i.accept_language.strip().lower()) exclusion_scan.accept_encoding = content_escape(i.accept_encoding.strip().lower()) exclusion_scan.referer = content_escape(i.referer.strip().lower()) exclusion_scan.user_agent = content_escape(i.user_agent.strip().lower()) exclusion_scan.cookie = content_escape(i.cookie.strip().lower()) exclusion_scan.content_type = content_escape(i.content_type.strip().lower()) exclusion_scan.post_data = content_escape(i.post_data.strip().lower()) exclusion_scan.update_time = now res = exclusion_validate(exclusion_scan) if res == 'success': exclusion_scan.update() else: return dict(result='failed', error=res) elif type == "fi": exclusion_scan = ExclusionScan.find_by('where type=2')[0] exclusion_scan.method = content_escape(i.method.strip().lower()) exclusion_scan.protocol = content_escape(i.protocol.strip().lower()) exclusion_scan.host = content_escape(i.host.strip().lower()) exclusion_scan.ip = content_escape(i.ip.strip().lower()) exclusion_scan.port = content_escape(i.port.strip().lower()) exclusion_scan.path = content_escape(i.path.strip().lower()) exclusion_scan.accept = content_escape(i.accept.strip().lower()) exclusion_scan.accept_language = content_escape(i.accept_language.strip().lower()) exclusion_scan.accept_encoding = content_escape(i.accept_encoding.strip().lower()) exclusion_scan.referer = content_escape(i.referer.strip().lower()) exclusion_scan.user_agent = content_escape(i.user_agent.strip().lower()) exclusion_scan.cookie = content_escape(i.cookie.strip().lower()) exclusion_scan.content_type = content_escape(i.content_type.strip().lower()) exclusion_scan.post_data = content_escape(i.post_data.strip().lower()) exclusion_scan.update_time = now res = exclusion_validate(exclusion_scan) if res == 'success': exclusion_scan.update() else: return dict(result='failed', error=res) else: return dict(result='failed', error='unknown scan type!') return dict(result='success')
def manage_scan_edit(type, id): return dict(url='/api/scan/%s/%s/edit' % (content_escape(type), content_escape(id)), user=ctx.request.user)
def manage_scan_add(type): return dict(url='/api/scan/%s/add' % content_escape(type), type=content_escape(type), user=ctx.request.user)
def api_get_requests(): total = Request.count_all() page = Page(total, _get_page_index()) requests = Request.find_by('order by id desc limit ?,?', page.offset, page.limit) return dict(requests=content_escape(requests), page=page)
def manage_vulns_list(type): return dict(type=content_escape(type), page_index=_get_page_index(), user=ctx.request.user)