def add_vuln(request): if request.method == 'GET': scan_id = request.GET['scan_id'] else: scan_id = '' if request.method == 'POST': vuln_id = uuid.uuid4() scan_id = request.POST.get("scan_id", ) vuln_name = request.POST.get("vuln_name", ) risk = request.POST.get("risk", ) url = request.POST.get("url", ) param = request.POST.get("param", ) sourceid = request.POST.get("sourceid", ) attack = request.POST.get("attack", ) ref = request.POST.get("ref", ) description = request.POST.get("description", ) solution = request.POST.get("solution", ) req_header = request.POST.get("req_header", ) res_header = request.POST.get("res_header", ) vuln_col = request.POST.get("vuln_color", ) save_vuln = zap_scan_results_db(scan_id=scan_id, vuln_color=vuln_col, risk=risk, url=url, param=param, sourceid=sourceid, attack=attack, vuln_id=vuln_id, name=vuln_name, description=description, reference=ref, solution=solution, requestHeader=req_header, responseHeader=res_header) save_vuln.save() messages.success(request, "Vulnerability Added") zap_all_vul = zap_scan_results_db.objects.filter( scan_id=scan_id).values('name', 'risk', 'vuln_color').distinct() total_vul = len(zap_all_vul) total_high = len(zap_all_vul.filter(risk="High")) total_medium = len(zap_all_vul.filter(risk="Medium")) total_low = len(zap_all_vul.filter(risk="Low")) zap_scans_db.objects.filter(scan_scanid=scan_id).update( total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low) return HttpResponseRedirect("/webscanners/web_vuln_list/?scan_id=%s" % scan_id) return render(request, 'add_vuln.html', {'scan_id': scan_id})
def launch_web_scan(target_url, project_id): try: with open(api_key_path, 'r+') as f: data = json.load(f) lod_apikey = data['zap_api_key'] apikey = signing.loads(lod_apikey) zapath = data['zap_path'] zap_port = data['zap_port'] except Exception as e: print e # Define settings to ZAP Proxy zap = ZAPv2(apikey=apikey, proxies={'http': zapath + ':' + zap_port, 'https': zapath + ':' + zap_port}) """ Zap scan start """ # try: # # ZAP launch function # zapscanner.start_zap() # # except Exception as e: # print e # print "ZAP Failed.............." # print "ZAP Restarting" # # time.sleep(15) # Get Excluded URL from excluded_db models try: all_excluded = excluded_db.objects.filter(Q(exclude_url__icontains=target_url)) for data in all_excluded: global excluded_url excluded_url = data.exclude_url print "excluded url ", excluded_url print "Excluded url ", excluded_url # Excluding URL from scans in zap API url_exclude = zap.spider.exclude_from_scan(regex=excluded_url) print "URL Excluded:", url_exclude except Exception as e: print "ZAP Failed.............." print "ZAP Restarting" all_cookie = cookie_db.objects.filter(Q(url__icontains=target_url)) for da in all_cookie: global cookies cookies = da.cookie print da.url print "Cookies from database:", cookies try: remove_cookie = zap.replacer.remove_rule(target_url) except Exception as e: print e print "Remove Cookie :", remove_cookie # Adding cookies value try: cookie_add = zap.replacer.add_rule(apikey=apikey, description=target_url, enabled="true", matchtype='REQ_HEADER', matchregex="false", replacement=cookies, matchstring="Cookie", initiators="") print "Cookies Added :", cookie_add except Exception as e: print e zap.ajaxSpider.scan(target_url) try: scanid = zap.spider.scan(target_url) save_all = zap_spider_db(spider_url=target_url, spider_scanid=scanid) save_all.save() except Exception as e: print e try: zap.spider.set_option_thread_count(apikey=apikey, integer='30') except Exception as e: print e try: while (int(zap.spider.status(scanid)) < 100): global spider_status spider_status = zap.spider.status(scanid) print "Spider progress", spider_status time.sleep(5) except Exception as e: print e spider_status = "100" spider_res_out = zap.spider.results(scanid) data_out = ("\n".join(map(str, spider_res_out))) print data_out print 'Spider Completed------' print 'Target :', target_url global spider_alert spider_alert = "Spider Completed" time.sleep(5) print 'Scanning Target %s' % target_url """ ZAP Scan trigger on target_url """ try: scan_scanid = zap.ascan.scan(target_url) except Exception as e: print e un_scanid = uuid.uuid4() date_time = datetime.datetime.now() try: save_all_scan = zap_scans_db(project_id=project_id, scan_url=target_url, scan_scanid=un_scanid, date_time=date_time) save_all_scan.save() except Exception as e: print e try: while (int(zap.ascan.status(scan_scanid)) < 100): print 'ZAP Scan Status %: ' + zap.ascan.status(scan_scanid) global scans_status scans_status = zap.ascan.status(scan_scanid) zap_scans_db.objects.filter(scan_scanid=un_scanid).update(vul_status=scans_status) time.sleep(5) except Exception as e: print e # Save Vulnerability in database scans_status = "100" zap_scans_db.objects.filter(scan_scanid=un_scanid).update(vul_status=scans_status) print target_url time.sleep(5) all_vuln = zap.core.alerts(target_url) for vuln in all_vuln: vuln_id = uuid.uuid4() confidence = vuln['confidence'] wascid = vuln['wascid'] cweid = vuln['cweid'] risk = vuln['risk'] reference = vuln['reference'] url = vuln['url'] name = vuln['name'] solution = vuln['solution'] param = vuln['param'] evidence = vuln['evidence'] sourceid = vuln['sourceid'] pluginId = vuln['pluginId'] other = vuln['other'] attack = vuln['attack'] messageId = vuln['messageId'] method = vuln['method'] alert = vuln['alert'] ids = vuln['id'] description = vuln['description'] false_positive = 'No' global vul_col if risk == 'High': vul_col = "important" elif risk == 'Medium': vul_col = "warning" elif risk == 'Low': vul_col = "info" else: vul_col = "info" # date_time = datetime.datetime.now() dump_all = zap_scan_results_db(vuln_id=vuln_id, vuln_color=vul_col, scan_id=un_scanid, project_id=project_id, confidence=confidence, wascid=wascid, cweid=cweid, risk=risk, reference=reference, url=url, name=name, solution=solution, param=param, evidence=evidence, sourceid=sourceid, pluginId=pluginId, other=other, attack=attack, messageId=messageId, method=method, alert=alert, ids=ids, description=description, false_positive=false_positive) dump_all.save() time.sleep(5) zap_all_vul = zap_scan_results_db.objects.filter(scan_id=un_scanid).values('name', 'risk', 'vuln_color').distinct() total_vul = len(zap_all_vul) total_high = len(zap_all_vul.filter(risk="High")) total_medium = len(zap_all_vul.filter(risk="Medium")) total_low = len(zap_all_vul.filter(risk="Low")) zap_scans_db.objects.filter(scan_scanid=un_scanid).update(total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low) spider_alert = "Scan Completed" time.sleep(10) print un_scanid zap_web_all = zap_scan_results_db.objects.filter(scan_id=un_scanid) for m in zap_web_all: msg_id = m.messageId request_response = zap.core.message(id=msg_id) ja_son = json.dumps(request_response) ss = ast.literal_eval(ja_son) for key, value in ss.viewitems(): global note if key == "note": note = value global rtt if key == "rtt": rtt = value global tags if key == "tags": tags = value global timestamp if key == "timestamp": timestamp = value global responseHeader if key == "responseHeader": responseHeader = value global requestBody if key == "requestBody": requestBody = value global responseBody if key == "responseBody": responseBody = value global requestHeader if key == "requestHeader": requestHeader = value global cookieParams if key == "cookieParams": cookieParams = value global res_type if key == "type": res_type = value global res_id if key == "id": res_id = value zap_scan_results_db.objects.filter(messageId=msg_id).update(note=note, rtt=rtt, tags=tags, timestamp=timestamp, responseHeader=responseHeader, requestBody=requestBody, responseBody=responseBody, requestHeader=requestHeader, cookieParams=cookieParams, res_type=res_type, res_id=res_id) #zapscanner.stop_zap() try: email_notification.email_notify() except Exception as e: print e return HttpResponse(status=201)
def add_zap_vuln(request): """ Adding vulnerability in Databse. :param request: :return: """ if request.method == 'GET': scan_id = request.GET['scan_id'] scanners = request.GET['scanner'] else: scan_id = '' scanners = '' if request.method == 'POST': vuln_id = uuid.uuid4() scan_id = request.POST.get("scan_id") scanners = request.POST.get("scanners") vuln_name = request.POST.get("vuln_name") risk = request.POST.get("risk") url = request.POST.get("url") param = request.POST.get("param") sourceid = request.POST.get("sourceid") attack = request.POST.get("attack") ref = request.POST.get("ref") description = request.POST.get("description") solution = request.POST.get("solution") req_header = request.POST.get("req_header") res_header = request.POST.get("res_header") vuln_col = request.POST.get("vuln_color") if scanners == 'zap': save_vuln = zap_scan_results_db(scan_id=scan_id, vuln_color=vuln_col, risk=risk, url=url, param=param, sourceid=sourceid, attack=attack, vuln_id=vuln_id, name=vuln_name, description=description, reference=ref, solution=solution, requestHeader=req_header, responseHeader=res_header, vuln_status='Open') save_vuln.save() messages.success(request, "Vulnerability Added") zap_all_vul = zap_scan_results_db.objects.filter( scan_id=scan_id).values('name', 'risk', 'vuln_color').distinct() total_vul = len(zap_all_vul) total_high = len(zap_all_vul.filter(risk="High")) total_medium = len(zap_all_vul.filter(risk="Medium")) total_low = len(zap_all_vul.filter(risk="Low")) zap_scans_db.objects.filter(scan_scanid=scan_id).update( total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low) return HttpResponseRedirect( "/zapscanner/zap_list_vuln/?scan_id=%s" % scan_id) elif scanners == 'burp': save_burp_vuln = burp_scan_result_db( scan_id=scan_id, severity_color=vuln_col, severity=risk, host=url, location=param, vuln_id=vuln_id, name=vuln_name, issueBackground=description, references=ref, remediationBackground=solution, scan_request=req_header, scan_response=res_header) save_burp_vuln.save() burp_all_vul = burp_scan_result_db.objects.filter(scan_id=scan_id) total_vul = len(burp_all_vul) total_high = len(burp_all_vul.filter(severity="High")) total_medium = len(burp_all_vul.filter(severity="Medium")) total_low = len(burp_all_vul.filter(severity="Low")) burp_scan_db.objects.filter(scan_id=scan_id).update( total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low) return HttpResponseRedirect( "/zapscanner/burp_vuln_list?scan_id=%s" % scan_id) return render(request, 'zapscanner/add_zap_vuln.html', { 'scan_id': scan_id, 'scanners': scanners })
def xml_parser(root, project_id, scan_id): """ ZAP Proxy scanner xml report parser. :param root: :param project_id: :param scan_id: :return: """ global vul_col,\ confidence,\ wascid, risk,\ reference,\ url,\ name,\ solution,\ instance,\ sourceid,\ pluginid,\ alert,\ desc,\ riskcode for zap in root: host = zap.attrib for key, items in host.iteritems(): if key == "host": url = items for site in zap: for alerts in site: for alertsitem in alerts: vuln_id = uuid.uuid4() if alertsitem.tag == "pluginid": pluginid = alertsitem.text if alertsitem.tag == "alert": alert = alertsitem.text if alertsitem.tag == "name": name = alertsitem.text if alertsitem.tag == "riskcode": riskcode = alertsitem.text if alertsitem.tag == "confidence": confidence = alertsitem.text if alertsitem.tag == "desc": desc = alertsitem.text if alertsitem.tag == "solution": solution = alertsitem.text if alertsitem.tag == "reference": reference = alertsitem.text if alertsitem.tag == "wascid": wascid = alertsitem.text if alertsitem.tag == "sourceid": sourceid = alertsitem.text for instances in alertsitem: for instance in instances: instance = instance.text #global riskcode if riskcode == "3": vul_col = "important" risk = "High" elif riskcode == '2': vul_col = "warning" risk = "Medium" elif riskcode == '1': vul_col = "info" risk = "Low" elif riskcode == '0': vul_col = "info" risk = "Informational" dump_data = zap_scan_results_db(vuln_id=vuln_id, vuln_color=vul_col, scan_id=scan_id, project_id=project_id, confidence=confidence, wascid=wascid, risk=risk, reference=reference, url=url, name=name, solution=solution, param=instance, sourceid=sourceid, pluginId=pluginid, alert=alert, description=desc, false_positive='No', rescan='No', vuln_status='Open') dump_data.save() zap_all_vul = zap_scan_results_db.objects.filter(scan_id=scan_id)\ .values('name', 'risk', 'vuln_color').distinct() total_vul = len(zap_all_vul) total_high = len(zap_all_vul.filter(risk="High")) total_medium = len(zap_all_vul.filter(risk="Medium")) total_low = len(zap_all_vul.filter(risk="Low")) zap_scans_db.objects.filter(scan_scanid=scan_id)\ .update(total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low)
def zap_result_save(self, all_vuln, project_id, un_scanid): """ The function save all data in Archery Database :param all_vuln: :param project_id: :param un_scanid: :return: """ for vuln in all_vuln: vuln_id = uuid.uuid4() confidence = vuln['confidence'] wascid = vuln['wascid'] cweid = vuln['cweid'] risk = vuln['risk'] reference = vuln['reference'] url = vuln['url'] name = vuln['name'] solution = vuln['solution'] param = vuln['param'] evidence = vuln['evidence'] sourceid = vuln['sourceid'] pluginId = vuln['pluginId'] other = vuln['other'] attack = vuln['attack'] messageId = vuln['messageId'] method = vuln['method'] alert = vuln['alert'] ids = vuln['id'] description = vuln['description'] false_positive = 'No' global vul_col if risk == 'High': vul_col = "important" elif risk == 'Medium': vul_col = "warning" elif risk == 'Low': vul_col = "info" else: vul_col = "info" # date_time = datetime.datetime.now() dump_all = zap_scan_results_db( vuln_id=vuln_id, vuln_color=vul_col, scan_id=un_scanid, project_id=project_id, confidence=confidence, wascid=wascid, cweid=cweid, risk=risk, reference=reference, url=url, name=name, solution=solution, param=param, evidence=evidence, sourceid=sourceid, pluginId=pluginId, other=other, attack=attack, messageId=messageId, method=method, alert=alert, ids=ids, description=description, false_positive=false_positive) dump_all.save() time.sleep(5) zap_all_vul = zap_scan_results_db.objects.filter( scan_id=un_scanid).values( 'name', 'risk', 'vuln_color').distinct() total_vul = len(zap_all_vul) total_high = len(zap_all_vul.filter(risk="High")) total_medium = len(zap_all_vul.filter(risk="Medium")) total_low = len(zap_all_vul.filter(risk="Low")) zap_scans_db.objects.filter( scan_scanid=un_scanid ).update( total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low ) time.sleep(10) zap_web_all = zap_scan_results_db.objects.filter(scan_id=un_scanid) for m in zap_web_all: msg_id = m.messageId request_response = ZAPScanner.zap.core.message(id=msg_id) ja_son = json.dumps(request_response) ss = ast.literal_eval(ja_son) for key, value in ss.viewitems(): global note if key == "note": note = value global rtt if key == "rtt": rtt = value global tags if key == "tags": tags = value global timestamp if key == "timestamp": timestamp = value global responseHeader if key == "responseHeader": responseHeader = value global requestBody if key == "requestBody": requestBody = value global responseBody if key == "responseBody": responseBody = value global requestHeader if key == "requestHeader": requestHeader = value global cookieParams if key == "cookieParams": cookieParams = value global res_type if key == "type": res_type = value global res_id if key == "id": res_id = value zap_scan_results_db.objects.filter( messageId=msg_id ).update( note=note, rtt=rtt, tags=tags, timestamp=timestamp, responseHeader=responseHeader, requestBody=requestBody, responseBody=responseBody, requestHeader=requestHeader, cookieParams=cookieParams, res_type=res_type, res_id=res_id ) status = "Scan Completed" return status
def xml_parser(username, root, project_id, scan_id): """ ZAP Proxy scanner xml report parser. :param root: :param project_id: :param scan_id: :return: """ global vul_col, \ confidence, \ wascid, risk, \ reference, \ url, \ name, \ solution, \ instance, \ sourceid, \ pluginid, \ alert, \ desc, \ riskcode, vuln_id, false_positive, duplicate_hash, duplicate_vuln, scan_url for child in root: d = child.attrib scan_url = d['name'] for alert in root.iter('alertitem'): inst = [] for vuln in alert: vuln_id = uuid.uuid4() if vuln.tag == "pluginid": pluginid = vuln.text if vuln.tag == "alert": alert = vuln.text if vuln.tag == "name": name = vuln.text if vuln.tag == "riskcode": riskcode = vuln.text if vuln.tag == "confidence": confidence = vuln.text if vuln.tag == "desc": desc = vuln.text if vuln.tag == "solution": solution = vuln.text if vuln.tag == "reference": reference = vuln.text if vuln.tag == "wascid": wascid = vuln.text if vuln.tag == "sourceid": sourceid = vuln.text for instances in vuln: for ii in instances: instance = {} instance[ii.tag] = ii.text inst.append(instance) if riskcode == "3": vul_col = "danger" risk = "High" elif riskcode == '2': vul_col = "warning" risk = "Medium" elif riskcode == '1': vul_col = "info" risk = "Low" else: vul_col = "info" risk = "Low" if name == "None": print(name) else: dup_data = name + risk + scan_url print(dup_data) duplicate_hash = hashlib.sha256( dup_data.encode('utf-8')).hexdigest() match_dup = zap_scan_results_db.objects.filter( dup_hash=duplicate_hash).values('dup_hash').distinct() lenth_match = len(match_dup) if lenth_match == 0: duplicate_vuln = 'No' dump_data = zap_scan_results_db(vuln_id=vuln_id, vuln_color=vul_col, scan_id=scan_id, project_id=project_id, confidence=confidence, wascid=wascid, risk=risk, reference=reference, url=url, name=name, solution=solution, param=instance, sourceid=sourceid, pluginId=pluginid, alert=alert, description=desc, false_positive=false_positive, rescan='No', vuln_status='Open', dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, evidence=inst, username=username) dump_data.save() else: duplicate_vuln = 'Yes' dump_data = zap_scan_results_db(vuln_id=vuln_id, vuln_color=vul_col, scan_id=scan_id, project_id=project_id, confidence=confidence, wascid=wascid, risk=risk, reference=reference, url=url, name=name, solution=solution, param=instance, sourceid=sourceid, pluginId=pluginid, alert=alert, description=desc, false_positive='Duplicate', rescan='No', vuln_status='Duplicate', dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, evidence=inst, username=username) dump_data.save() false_p = zap_scan_results_db.objects.filter( false_positive_hash=duplicate_hash) fp_lenth_match = len(false_p) if fp_lenth_match == 1: false_positive = 'Yes' else: false_positive = 'No' vul_dat = zap_scan_results_db.objects.filter(username=username, vuln_id=vuln_id) full_data = [] for data in vul_dat: evi = data.evidence evi_data = ast.literal_eval(evi) for evidence in evi_data: for key, value in evidence.items(): if key == 'evidence': key = 'Evidence' if key == 'attack': key = 'Attack' if key == 'uri': key = 'URI' if key == 'method': key = 'Method' if key == 'param': key = 'Parameter' instance = key + ': ' + value full_data.append(instance) removed_list_data = ','.join(full_data) zap_scan_results_db.objects.filter( username=username, vuln_id=vuln_id).update(param=removed_list_data) zap_all_vul = zap_scan_results_db.objects.filter(username=username, scan_id=scan_id, false_positive='No') duplicate_count = zap_scan_results_db.objects.filter(username=username, scan_id=scan_id, vuln_duplicate='Yes') total_high = len(zap_all_vul.filter(risk="High")) total_medium = len(zap_all_vul.filter(risk="Medium")) total_low = len(zap_all_vul.filter(risk="Low")) total_info = len(zap_all_vul.filter(risk="Informational")) total_duplicate = len(duplicate_count.filter(vuln_duplicate='Yes')) total_vul = total_high + total_medium + total_low + total_info zap_scans_db.objects.filter(username=username, scan_scanid=scan_id) \ .update(total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, info_vul=total_info, total_dup=total_duplicate, scan_url=scan_url ) if total_vul == total_duplicate: zap_scans_db.objects.filter(username=username, scan_scanid=scan_id) \ .update(total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, total_dup=total_duplicate ) subject = 'Archery Tool Scan Status - ZAP Report Uploaded' message = 'ZAP Scanner has completed the scan ' \ ' %s <br> Total: %s <br>High: %s <br>' \ 'Medium: %s <br>Low %s' % (target_url, total_vul, total_high, total_medium, total_low) email_sch_notify(subject=subject, message=message)
def url_api_scan(request): if request.POST.get("auth_val"): auth_val = request.POST.get("auth_val") print auth_val if auth_val == 'No': target_url = request.POST.get("scan_url") req_header = ast.literal_eval(request.POST.get("req_header")) req_body = request.POST.get("req_body") method = request.POST.get("method") project_id = request.POST.get("project_id") scan_id = request.POST.get("scan_id") auth_token_key = request.POST.get("auth_token_key") try: with open(api_key_path, 'r+') as f: data = json.load(f) lod_apikey = data['zap_api_key'] apikey = signing.loads(lod_apikey) zapath = data['zap_path'] zap_port = data['zap_port'] except Exception as e: print e zap = ZAPv2(apikey=apikey, proxies={ 'http': 'http://127.0.0.1' + ':' + zap_port, 'https': 'http://127.0.0.1' + ':' + zap_port }) print target_url """ ***Starting ZAP Scanner*** """ try: zap_scanner = zapscanner.start_zap() print "Status of zap scanner:", zap_scanner except Exception as e: print e return HttpResponseRedirect("/webscanners/scans_list/") """ *****End zap scanner**** """ time.sleep(10) """ Excluding URL from scanner """ scanid = zap.spider.scan(target_url) save_all = zap_spider_db(spider_url=target_url, spider_scanid=scanid) save_all.save() try: while (int(zap.spider.status(scanid)) < 100): # print 'Spider progress %:' + zap.spider.status(scanid) global spider_status spider_status = zap.spider.status(scanid) print "Spider progress", spider_status time.sleep(5) except Exception as e: print e spider_status = "100" spider_res_out = zap.spider.results(scanid) data_out = ("\n".join(map(str, spider_res_out))) print data_out total_spider = len(spider_res_out) print 'Spider Completed------' print 'Target :', target_url global spider_alert spider_alert = "Spider Completed" time.sleep(5) print 'Scanning Target %s' % target_url scan_scanid = zap.ascan.scan(target_url) un_scanid = uuid.uuid4() print "updated scanid :", un_scanid try: save_all_scan = zap_scans_db(project_id=project_id, scan_url=target_url, scan_scanid=un_scanid) save_all_scan.save() except Exception as e: print e # zap_scans_db.objects.filter(pk=some_value).update(field1='some value') try: while (int(zap.ascan.status(scan_scanid)) < 100): print 'Scan progress from zap_scan_lauch function %: ' + zap.ascan.status( scan_scanid) global scans_status scans_status = zap.ascan.status(scan_scanid) zap_scans_db.objects.filter(scan_scanid=un_scanid).update( vul_status=scans_status) time.sleep(5) except Exception as e: print e # Save Vulnerability in database scans_status = "100" zap_scans_db.objects.filter(scan_scanid=un_scanid).update( vul_status=scans_status) print target_url time.sleep(5) all_vuln = zap.core.alerts(target_url) # print all_vuln for vuln in all_vuln: vuln_id = uuid.uuid4() confidence = vuln['confidence'] wascid = vuln['wascid'] cweid = vuln['cweid'] risk = vuln['risk'] reference = vuln['reference'] url = vuln['url'] name = vuln['name'] solution = vuln['solution'] param = vuln['param'] evidence = vuln['evidence'] sourceid = vuln['sourceid'] pluginId = vuln['pluginId'] other = vuln['other'] attack = vuln['attack'] messageId = vuln['messageId'] method = vuln['method'] alert = vuln['alert'] ids = vuln['id'] description = vuln['description'] global vul_col if risk == 'High': vul_col = "important" elif risk == 'Medium': vul_col = "warning" elif risk == 'Low': vul_col = "info" dump_all = zap_scan_results_db(vuln_id=vuln_id, vuln_color=vul_col, scan_id=un_scanid, project_id=project_id, confidence=confidence, wascid=wascid, cweid=cweid, risk=risk, reference=reference, url=url, name=name, solution=solution, param=param, evidence=evidence, sourceid=sourceid, pluginId=pluginId, other=other, attack=attack, messageId=messageId, method=method, alert=alert, id=ids, description=description) dump_all.save() time.sleep(5) zap_all_vul = zap_scan_results_db.objects.filter( scan_id=un_scanid).order_by('scan_id') total_vul = len(zap_all_vul) total_high = len(zap_all_vul.filter(risk="High")) total_medium = len(zap_all_vul.filter(risk="Medium")) total_low = len(zap_all_vul.filter(risk="Low")) zap_scans_db.objects.filter(scan_scanid=un_scanid).update( total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low) spider_alert = "Scan Completed" time.sleep(5) for msg in zap_all_vul: msg_id = msg.messageId request_response = zap.core.message(id=msg_id) ja_son = json.dumps(request_response) ss = ast.literal_eval(ja_son) for key, value in ss.viewitems(): global note if key == "note": note = value global rtt if key == "rtt": rtt = value global tags if key == "tags": tags = value global timestamp if key == "timestamp": timestamp = value global responseHeader if key == "responseHeader": responseHeader = value global requestBody if key == "requestBody": requestBody = value global responseBody if key == "responseBody": responseBody = value global requestHeader if key == "requestHeader": requestHeader = value global cookieParams if key == "cookieParams": cookieParams = value global res_type if key == "type": res_type = value global res_id if key == "id": res_id = value zap_scan_results_db.objects.filter(messageId=msg_id).update( note=note, rtt=rtt, tags=tags, timestamp=timestamp, responseHeader=responseHeader, requestBody=requestBody, responseBody=responseBody, requestHeader=requestHeader, cookieParams=cookieParams, res_type=res_type, res_id=res_id) print msg_id print res_id # zap_scanner = zapscanner.stop_zap() print "Status of zap scanner:", zap_scanner return HttpResponseRedirect('/scanapi/') return render(request, 'api_scan_list.html')
def zap_result_save(self, all_vuln, project_id, un_scanid): """ The function save all data in Archery Database :param all_vuln: :param project_id: :param un_scanid: :return: """ for vuln in all_vuln: vuln_id = uuid.uuid4() confidence = vuln['confidence'] wascid = vuln['wascid'] cweid = vuln['cweid'] risk = vuln['risk'] reference = vuln['reference'] url = vuln['url'] name = vuln['name'] solution = vuln['solution'] param = vuln['param'] evidence = vuln['evidence'] sourceid = vuln['sourceid'] pluginId = vuln['pluginId'] other = vuln['other'] attack = vuln['attack'] messageId = vuln['messageId'] method = vuln['method'] alert = vuln['alert'] ids = vuln['id'] description = vuln['description'] false_positive = 'No' global vul_col if risk == 'High': vul_col = "important" elif risk == 'Medium': vul_col = "warning" elif risk == 'Low': vul_col = "info" else: vul_col = "info" # date_time = datetime.datetime.now() dump_all = zap_scan_results_db( vuln_id=vuln_id, vuln_color=vul_col, scan_id=un_scanid, rescan_id=self.rescan_id, rescan=self.rescan, project_id=project_id, confidence=confidence, wascid=wascid, cweid=cweid, risk=risk, reference=reference, url=url, name=name, solution=solution, param=param, evidence=evidence, sourceid=sourceid, pluginId=pluginId, other=other, attack=attack, messageId=messageId, method=method, alert=alert, ids=ids, description=description, false_positive=false_positive) dump_all.save() time.sleep(5) zap_all_vul = zap_scan_results_db.objects.filter( scan_id=un_scanid).values( 'name', 'risk', 'vuln_color').distinct() total_vul = len(zap_all_vul) total_high = len(zap_all_vul.filter(risk="High")) total_medium = len(zap_all_vul.filter(risk="Medium")) total_low = len(zap_all_vul.filter(risk="Low")) zap_scans_db.objects.filter( scan_scanid=un_scanid ).update( total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low ) time.sleep(10) zap_web_all = zap_scan_results_db.objects.filter(scan_id=un_scanid) for m in zap_web_all: msg_id = m.messageId request_response = ZAPScanner.zap.core.message(id=msg_id) ja_son = json.dumps(request_response) ss = ast.literal_eval(ja_son) for key, value in ss.viewitems(): global note if key == "note": note = value global rtt if key == "rtt": rtt = value global tags if key == "tags": tags = value global timestamp if key == "timestamp": timestamp = value global responseHeader if key == "responseHeader": responseHeader = value global requestBody if key == "requestBody": requestBody = value global responseBody if key == "responseBody": responseBody = value global requestHeader if key == "requestHeader": requestHeader = value global cookieParams if key == "cookieParams": cookieParams = value global res_type if key == "type": res_type = value global res_id if key == "id": res_id = value zap_scan_results_db.objects.filter( messageId=msg_id ).update( note=note, rtt=rtt, tags=tags, timestamp=timestamp, responseHeader=responseHeader, requestBody=requestBody, responseBody=responseBody, requestHeader=requestHeader, cookieParams=cookieParams, res_type=res_type, res_id=res_id ) status = "Scan Completed" return status
def xml_parser(root, project_id, scan_id): global vul_col, confidence, wascid, risk, reference, url, name, solution, instance, sourceid, pluginid \ , alert, desc, riskcode for zap in root: host = zap.attrib for key, items in host.iteritems(): if key == "host": url = items for site in zap: for alerts in site: for alertsitem in alerts: vuln_id = uuid.uuid4() if alertsitem.tag == "pluginid": pluginid = alertsitem.text if alertsitem.tag == "alert": alert = alertsitem.text if alertsitem.tag == "name": name = alertsitem.text if alertsitem.tag == "riskcode": riskcode = alertsitem.text if alertsitem.tag == "confidence": confidence = alertsitem.text if alertsitem.tag == "desc": desc = alertsitem.text if alertsitem.tag == "solution": solution = alertsitem.text if alertsitem.tag == "reference": reference = alertsitem.text if alertsitem.tag == "wascid": wascid = alertsitem.text if alertsitem.tag == "sourceid": sourceid = alertsitem.text for instances in alertsitem: for instance in instances: instance = instance.text #global riskcode if riskcode == "3": vul_col = "important" risk = "High" elif riskcode == '2': vul_col = "warning" risk = "Medium" elif riskcode == '1': vul_col = "info" risk = "Low" elif riskcode == '0': vul_col = "info" risk = "Informational" dump_data = zap_scan_results_db(vuln_id=vuln_id, vuln_color=vul_col, scan_id=scan_id, project_id=project_id, confidence=confidence, wascid=wascid, risk=risk, reference=reference, url=url, name=name, solution=solution, param=instance, sourceid=sourceid, pluginId=pluginid, alert=alert, description=desc, false_positive='No') dump_data.save() zap_all_vul = zap_scan_results_db.objects.filter(scan_id=scan_id).values('name', 'risk', 'vuln_color').distinct() total_vul = len(zap_all_vul) total_high = len(zap_all_vul.filter(risk="High")) total_medium = len(zap_all_vul.filter(risk="Medium")) total_low = len(zap_all_vul.filter(risk="Low")) zap_scans_db.objects.filter(scan_scanid=scan_id).update(total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low)
def zap_result_save(self, all_vuln, project_id, un_scanid, username, target_url): """ The function save all data in Archery Database :param all_vuln: :param project_id: :param un_scanid: :return: """ date_time = datetime.now() zap_enabled = False all_zap = zap_settings_db.objects.filter(username=username) for zap in all_zap: zap_enabled = zap.enabled if zap_enabled is False: root_xml = ET.fromstring(all_vuln) en_root_xml = ET.tostring(root_xml, encoding='utf8').decode('ascii', 'ignore') root_xml_en = ET.fromstring(en_root_xml) try: zap_xml_parser.xml_parser(username=username, project_id=project_id, scan_id=un_scanid, root=root_xml_en) self.zap.core.delete_all_alerts() except Exception as e: print(e) else: global name, attack, wascid, description, reference, \ reference, sourceid, \ solution, \ param, \ method, url, messageId, alert, pluginId, other, evidence, cweid, risk, vul_col, false_positive for data in all_vuln: for key, value in data.items(): if key == 'name': name = value if key == 'attack': attack = value if key == 'wascid': wascid = value if key == 'description': description = value if key == 'reference': reference = value if key == 'sourceid': sourceid = value if key == 'solution': solution = value if key == 'param': param = value if key == 'method': method = value if key == 'url': url = value if key == 'pluginId': pluginId = value if key == 'other': other = value if key == 'alert': alert = value if key == 'attack': attack = value if key == 'messageId': messageId = value if key == 'evidence': evidence = value if key == 'cweid': cweid = value if key == 'risk': risk = value if risk == "High": vul_col = "danger" risk = "High" elif risk == 'Medium': vul_col = "warning" risk = "Medium" elif risk == 'info': vul_col = "info" risk = "Low" else: vul_col = "info" risk = "Low" dup_data = name + risk + target_url duplicate_hash = hashlib.sha256(dup_data.encode('utf-8')).hexdigest() match_dup = zap_scan_results_db.objects.filter( dup_hash=duplicate_hash).values('dup_hash').distinct() lenth_match = len(match_dup) vuln_id = uuid.uuid4() if lenth_match == 0: duplicate_vuln = 'No' dump_data = zap_scan_results_db(vuln_id=vuln_id, vuln_color=vul_col, scan_id=un_scanid, project_id=project_id, confidence=confidence, wascid=wascid, risk=risk, reference=reference, url=url, name=name, solution=solution, param=url, sourceid=sourceid, pluginId=pluginId, alert=alert, description=description, false_positive='No', rescan='No', vuln_status='Open', dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, evidence=evidence, username=username ) dump_data.save() else: duplicate_vuln = 'Yes' dump_data = zap_scan_results_db(vuln_id=vuln_id, vuln_color=vul_col, scan_id=un_scanid, project_id=project_id, confidence=confidence, wascid=wascid, risk=risk, reference=reference, url=url, name=name, solution=solution, param=url, sourceid=sourceid, pluginId=pluginId, alert=alert, description=description, false_positive='Duplicate', rescan='No', vuln_status='Duplicate', dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, evidence=evidence, username=username ) dump_data.save() false_p = zap_scan_results_db.objects.filter( false_positive_hash=duplicate_hash) fp_lenth_match = len(false_p) if fp_lenth_match == 1: false_positive = 'Yes' else: false_positive = 'No' vul_dat = zap_scan_results_db.objects.filter(username=username, vuln_id=vuln_id) full_data = [] for data in vul_dat: key = 'Evidence' value = data.evidence instance = key + ': ' + value full_data.append(instance) removed_list_data = ','.join(full_data) zap_scan_results_db.objects.filter(username=username, vuln_id=vuln_id).update(param=full_data) zap_all_vul = zap_scan_results_db.objects.filter(username=username, scan_id=un_scanid, false_positive='No') duplicate_count = zap_scan_results_db.objects.filter(username=username, scan_id=un_scanid, vuln_duplicate='Yes') total_high = len(zap_all_vul.filter(risk="High")) total_medium = len(zap_all_vul.filter(risk="Medium")) total_low = len(zap_all_vul.filter(risk="Low")) total_info = len(zap_all_vul.filter(risk="Informational")) total_duplicate = len(duplicate_count.filter(vuln_duplicate='Yes')) total_vul = total_high + total_medium + total_low + total_info zap_scans_db.objects.filter(username=username, scan_scanid=un_scanid) \ .update(total_vul=total_vul, date_time=date_time, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, info_vul=total_info, total_dup=total_duplicate, scan_url=target_url ) if total_vul == total_duplicate: zap_scans_db.objects.filter(username=username, scan_scanid=un_scanid) \ .update(total_vul=total_vul, date_time=date_time, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, total_dup=total_duplicate )
def url_api_scan(request): if request.POST.get("auth_val"): auth_val = request.POST.get("auth_val") print auth_val if auth_val == 'No': target_url = request.POST.get("scan_url") req_header = ast.literal_eval(request.POST.get("req_header")) req_body = request.POST.get("req_body") method = request.POST.get("method") project_id = request.POST.get("project_id") scan_id = request.POST.get("scan_id") auth_token_key = request.POST.get("auth_token_key") try: with open(api_key_path, 'r+') as f: data = json.load(f) lod_apikey = data['zap_api_key'] apikey = signing.loads(lod_apikey) zapath = data['zap_path'] zap_port = data['zap_port'] except Exception as e: print e zap = ZAPv2(apikey=apikey, proxies={'http': 'http://127.0.0.1' + ':' + zap_port, 'https': 'http://127.0.0.1' + ':' + zap_port}) print target_url """ ***Starting ZAP Scanner*** """ try: zap_scanner = zapscanner.start_zap() print "Status of zap scanner:", zap_scanner except Exception as e: print e return HttpResponseRedirect("/webscanners/scans_list/") """ *****End zap scanner**** """ time.sleep(10) """ Excluding URL from scanner """ scanid = zap.spider.scan(target_url) save_all = zap_spider_db(spider_url=target_url, spider_scanid=scanid) save_all.save() try: while (int(zap.spider.status(scanid)) < 100): # print 'Spider progress %:' + zap.spider.status(scanid) global spider_status spider_status = zap.spider.status(scanid) print "Spider progress", spider_status time.sleep(5) except Exception as e: print e spider_status = "100" spider_res_out = zap.spider.results(scanid) data_out = ("\n".join(map(str, spider_res_out))) print data_out total_spider = len(spider_res_out) print 'Spider Completed------' print 'Target :', target_url global spider_alert spider_alert = "Spider Completed" time.sleep(5) print 'Scanning Target %s' % target_url scan_scanid = zap.ascan.scan(target_url) un_scanid = uuid.uuid4() print "updated scanid :", un_scanid try: save_all_scan = zap_scans_db(project_id=project_id, scan_url=target_url, scan_scanid=un_scanid) save_all_scan.save() except Exception as e: print e # zap_scans_db.objects.filter(pk=some_value).update(field1='some value') try: while (int(zap.ascan.status(scan_scanid)) < 100): print 'Scan progress from zap_scan_lauch function %: ' + zap.ascan.status(scan_scanid) global scans_status scans_status = zap.ascan.status(scan_scanid) zap_scans_db.objects.filter(scan_scanid=un_scanid).update(vul_status=scans_status) time.sleep(5) except Exception as e: print e # Save Vulnerability in database scans_status = "100" zap_scans_db.objects.filter(scan_scanid=un_scanid).update(vul_status=scans_status) print target_url time.sleep(5) all_vuln = zap.core.alerts(target_url) # print all_vuln for vuln in all_vuln: vuln_id = uuid.uuid4() confidence = vuln['confidence'] wascid = vuln['wascid'] cweid = vuln['cweid'] risk = vuln['risk'] reference = vuln['reference'] url = vuln['url'] name = vuln['name'] solution = vuln['solution'] param = vuln['param'] evidence = vuln['evidence'] sourceid = vuln['sourceid'] pluginId = vuln['pluginId'] other = vuln['other'] attack = vuln['attack'] messageId = vuln['messageId'] method = vuln['method'] alert = vuln['alert'] ids = vuln['id'] description = vuln['description'] global vul_col if risk == 'High': vul_col = "important" elif risk == 'Medium': vul_col = "warning" elif risk == 'Low': vul_col = "info" dump_all = zap_scan_results_db(vuln_id=vuln_id, vuln_color=vul_col, scan_id=un_scanid, project_id=project_id, confidence=confidence, wascid=wascid, cweid=cweid, risk=risk, reference=reference, url=url, name=name, solution=solution, param=param, evidence=evidence, sourceid=sourceid, pluginId=pluginId, other=other, attack=attack, messageId=messageId, method=method, alert=alert, id=ids, description=description) dump_all.save() time.sleep(5) zap_all_vul = zap_scan_results_db.objects.filter(scan_id=un_scanid).order_by('scan_id') total_vul = len(zap_all_vul) total_high = len(zap_all_vul.filter(risk="High")) total_medium = len(zap_all_vul.filter(risk="Medium")) total_low = len(zap_all_vul.filter(risk="Low")) zap_scans_db.objects.filter(scan_scanid=un_scanid).update(total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low) spider_alert = "Scan Completed" time.sleep(5) for msg in zap_all_vul: msg_id = msg.messageId request_response = zap.core.message(id=msg_id) ja_son = json.dumps(request_response) ss = ast.literal_eval(ja_son) for key, value in ss.viewitems(): global note if key == "note": note = value global rtt if key == "rtt": rtt = value global tags if key == "tags": tags = value global timestamp if key == "timestamp": timestamp = value global responseHeader if key == "responseHeader": responseHeader = value global requestBody if key == "requestBody": requestBody = value global responseBody if key == "responseBody": responseBody = value global requestHeader if key == "requestHeader": requestHeader = value global cookieParams if key == "cookieParams": cookieParams = value global res_type if key == "type": res_type = value global res_id if key == "id": res_id = value zap_scan_results_db.objects.filter(messageId=msg_id).update(note=note, rtt=rtt, tags=tags, timestamp=timestamp, responseHeader=responseHeader, requestBody=requestBody, responseBody=responseBody, requestHeader=requestHeader, cookieParams=cookieParams, res_type=res_type, res_id=res_id) print msg_id print res_id zap_scanner = zapscanner.stop_zap() print "Status of zap scanner:", zap_scanner return HttpResponseRedirect('/scanapi/') return render(request, 'api_scan_list.html')
def xml_parser(root, project_id, scan_id): """ ZAP Proxy scanner xml report parser. :param root: :param project_id: :param scan_id: :return: """ global vul_col, \ confidence, \ wascid, risk, \ reference, \ url, \ name, \ solution, \ instance, \ sourceid, \ pluginid, \ alert, \ desc, \ riskcode, vuln_id, false_positive, duplicate_hash, duplicate_vuln for child in root: d = child.attrib scan_url = d['name'] inst = [] for alert in root.iter('alertitem'): for vuln in alert: vuln_id = uuid.uuid4() if vuln.tag == "pluginid": pluginid = vuln.text if vuln.tag == "alert": alert = vuln.text if vuln.tag == "name": name = vuln.text if vuln.tag == "riskcode": riskcode = vuln.text if vuln.tag == "confidence": confidence = vuln.text if vuln.tag == "desc": desc = vuln.text if vuln.tag == "solution": solution = vuln.text if vuln.tag == "reference": reference = vuln.text if vuln.tag == "wascid": wascid = vuln.text if vuln.tag == "sourceid": sourceid = vuln.text for instances in vuln: for ii in instances: instance = {} instance[ii.tag] = ii.text inst.append(instance) if riskcode == "3": vul_col = "important" risk = "High" elif riskcode == '2': vul_col = "warning" risk = "Medium" elif riskcode == '1': vul_col = "info" risk = "Low" elif riskcode == '0': vul_col = "info" risk = "Informational" dup_data = name + url + risk duplicate_hash = hashlib.sha256(dup_data).hexdigest() match_dup = zap_scan_results_db.objects.filter( dup_hash=duplicate_hash).values('dup_hash').distinct() lenth_match = len(match_dup) if lenth_match == 1: duplicate_vuln = 'Yes' elif lenth_match == 0: duplicate_vuln = 'No' else: duplicate_vuln = 'None' false_p = zap_scan_results_db.objects.filter( false_positive_hash=duplicate_hash) fp_lenth_match = len(false_p) if fp_lenth_match == 1: false_positive = 'Yes' else: false_positive = 'No' if name == "None": print name else: dump_data = zap_scan_results_db( vuln_id=vuln_id, vuln_color=vul_col, scan_id=scan_id, project_id=project_id, confidence=confidence, wascid=wascid, risk=risk, reference=reference, url=url, name=name, solution=solution, param=instance, sourceid=sourceid, pluginId=pluginid, alert=alert, description=desc, false_positive=false_positive, rescan='No', vuln_status='Open', dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, evidence=inst, ) dump_data.save() zap_all_vul = zap_scan_results_db.objects.filter(scan_id=scan_id) \ .values('name', 'risk').distinct() total_high = len(zap_all_vul.filter(risk="High")) total_medium = len(zap_all_vul.filter(risk="Medium")) total_low = len(zap_all_vul.filter(risk="Low")) total_info = len(zap_all_vul.filter(risk="Informational")) total_duplicate = len(zap_all_vul.filter(vuln_duplicate='Yes')) total_vul = total_high + total_medium + total_low + total_info zap_scans_db.objects.filter(scan_scanid=scan_id) \ .update(total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, info_vul=total_info, total_dup=total_duplicate, scan_url=scan_url ) if total_vul == total_duplicate: zap_scans_db.objects.filter(scan_scanid=scan_id) \ .update(total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, total_dup=total_duplicate )