Codebase list faraday-plugins / c19a85b faraday_plugins / plugins / repo / ncrack / plugin.py
c19a85b

Tree @c19a85b (Download .tar.gz)

plugin.py @c19a85braw · history · blame 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
"""
Faraday Penetration Test IDE
Copyright (C) 2020  Infobyte LLC (http://www.infobytesec.com/)
See the file 'doc/LICENSE' for the license information

"""

import xml.etree.ElementTree as ET

from faraday_plugins.plugins.plugin import PluginXMLFormat

__author__ = "Blas Moyano"
__copyright__ = "Copyright (c) 2020, Infobyte LLC"
__credits__ = ["Blas Moyano"]
__license__ = ""
__version__ = "1.0"
__maintainer__ = "Blas Moyano"
__status__ = "Development"


class NcrackParser:
    def __init__(self, xml_output):
        self.tree = self.parse_xml(xml_output)
        if self.tree:
            scanner = self.tree.attrib.get('scanner', None)
            args = self.tree.attrib.get('args', None)
            start = self.tree.attrib.get('start', None)
            start_str = self.tree.attrib.get('start_str', None)
            service_data = None if self.tree.find('service') is None else \
                self.get_service(self.tree.findall('service'))
            self.ncrack_info = {
                "scanner_name": scanner,
                "args": args,
                "date": start,
                "date_str": start_str,
                "info_service": service_data
            }
        else:
            self.tree = None

    def parse_xml(self, xml_output):
        try:
            tree = ET.fromstring(xml_output)
        except SyntaxError as err:
            print(f'SyntaxError In xml: {err}. {xml_output}')
            return None
        return tree

    def get_service(self, tree):
        list_service_info = []
        for service in tree:
            address = service.find('address')
            port = service.find('port')
            credential = service.find('credentials')
            if address is not None:
                addr = address.attrib.get('addr', None)
                addr_type = address.attrib.get('addrtype', None)
            else:
                addr = None
                addr_type = None

            if port is not None:
                protocol = port.attrib.get('protocol', None)
                port_number = port.attrib.get('portid', None)
                port_name = port.attrib.get('name', None)
            else:
                protocol = None
                port_number = None
                port_name = None

            if credential is not None:
                user = credential.attrib.get('username', None)
                passw = credential.attrib.get('password', None)
            else:
                user = None
                passw = None

            service_info = {
                "addr": addr,
                "addr_type": addr_type,
                "protocol": protocol,
                "port_number": port_number,
                "port_name": port_name,
                "user": user,
                "passw": passw
            }
            list_service_info.append(service_info)
        return list_service_info


class NcrackPlugin(PluginXMLFormat):

    def __init__(self, *arg, **kwargs):
        super().__init__(*arg, **kwargs)
        self.identifier_tag = "ncrackrun"
        self.id = 'ncrack'
        self.name = 'ncrack XML Plugin'
        self.plugin_version = '0.0.1'
        self.version = '1.0.0'
        self.framework_version = '1.0.0'

    def parseOutputString(self, output):
        parser = NcrackParser(output)
        data = parser.ncrack_info

        for service_vuln in data['info_service']:
            host_id = self.createAndAddHost(service_vuln['addr'],
                                            description=f"{data['scanner_name']} - args: {data['args']}")

            service_id = self.createAndAddServiceToHost(host_id,
                                                        service_vuln['addr'],
                                                        ports=service_vuln['port_number'],
                                                        protocol=service_vuln['protocol'],
                                                        description=service_vuln['port_name'])
            if service_vuln['user'] is not None or service_vuln['passw'] is not None:
                self.createAndAddCredToService(host_id,
                                               service_id,
                                               username=service_vuln['user'],
                                               password=service_vuln['passw'])


def createPlugin(*args, **kwargs):
    return NcrackPlugin(*args, **kwargs)