Codebase list faraday-plugins / c19a85b faraday_plugins / plugins / repo / sourceclear / plugin.py
c19a85b

Tree @c19a85b (Download .tar.gz)

plugin.py @c19a85braw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
"""
Faraday Penetration Test IDE
Copyright (C) 2019  Infobyte LLC (http://www.infobytesec.com/)
See the file 'doc/LICENSE' for the license information

"""
import json
from faraday_plugins.plugins.plugin import PluginJsonFormat
from urllib.parse import urlparse
import os


__author__ = "Blas Moyano"
__copyright__ = "Copyright (c) 2019, Infobyte LLC"
__credits__ = ["Blas Moyano"]
__license__ = ""
__version__ = "0.0.1"
__maintainer__ = "Blas Moyano"
__email__ = "[email protected]"
__status__ = "Development"


class SourceclearJsonParser:
    def __init__(self, json_output):
        self.json_data = json.loads(json_output)

    def parse_url(self, url):
        url_parse = urlparse(url)
        protocol = url_parse.scheme
        hostname = url_parse.netloc
        port = url_parse.port

        if port is None:
            if protocol == 'https':
                port = 443
            elif protocol == 'http':
                if not port:
                    port = 80

        return {'protocol': protocol, 'hostname': hostname, 'port': port}


class SourceclearPlugin(PluginJsonFormat):
    """ Handle the Sourceclear tool. Detects the output of the tool
    and adds the information to Faraday.
    """

    def __init__(self, *arg, **kwargs):
        super().__init__(*arg, **kwargs)
        self.id = "sourceclear"
        self.name = "Sourceclear"
        self.plugin_version = "0.1"
        self.version = "0.0.1"
        self.json_keys = {"metadata", "records"}

    def parseOutputString(self, output, debug=False):
        parser = SourceclearJsonParser(output)

        for records in parser.json_data['records']:
            vulns = records['vulnerabilities']
            libraries = records['libraries']

            for vuln in vulns:
                v_name = vuln['title']
                v_desc = vuln['overview']
                v_data = vuln['libraries']
                v_website = vuln['_links']['html']
                url_data = parser.parse_url(v_website)
                for refs in vuln['libraries']:
                    ref = refs['_links']['ref']
                    num_versions = ref.find("/versions")
                    _, num_libraries = os.path.split(ref[:num_versions])
                    name_librarie = libraries[int(num_libraries)]['name']
                    version_librarie = libraries[int(num_libraries)]['versions'][0]['version']
                    host_name = f'{name_librarie}{version_librarie}'

                h_id = self.createAndAddHost(name=host_name, scan_template=records['metadata']['recordType'])
                s_id = self.createAndAddServiceToHost(h_id, "Sourceclear", protocol=url_data['protocol'],
                                                      ports=url_data['port'], status='open')
                self.createAndAddVulnWebToService(h_id, s_id, name=v_name, desc=v_desc, data=v_data,
                                                  website=v_website)


def createPlugin(*args, **kwargs):
    return SourceclearPlugin(*args, **kwargs)