New upstream version 1.0.2
Sophie Brun
4 years ago
0 | 0 | stages: |
1 | 1 | - pre_testing |
2 | 2 | - testing |
3 | - publish | |
3 | 4 | |
4 | 5 | before_script: |
5 | 6 | - apt-get update -qy |
11 | 12 | before_script: |
12 | 13 | - pip install flake8 |
13 | 14 | # Help flake8 to find the Python files without .py extension. |
14 | - find * -type f -name '*.py' > files.txt | |
15 | - find * -type f -print0 | xargs -0 file | grep 'Python script' | cut -d':' -f1 >> files.txt | |
15 | - find . -name '*.py' >> files.txt | |
16 | 16 | - sort -u files.txt | tee files.processed |
17 | 17 | script: |
18 | - python -m flake8 --statistics --count $(cat files.processed) | |
18 | - python -m flake8 --statistics --count $(cat files.processed) --verbose | |
19 | 19 | after_script: |
20 | 20 | - wc -l files.processed |
21 | 21 | |
34 | 34 | - cd - |
35 | 35 | - source faraday_venv/bin/activate |
36 | 36 | - python3 setup.py install |
37 | - cd run_from && pytest ../tests --capture=sys -v --cov=faraday_plugins --color=yes --disable-warnings⏎ | |
37 | - cd run_from && pytest ../tests --capture=sys -v --cov=faraday_plugins --color=yes --disable-warnings | |
38 | ||
39 | publish_pipy: | |
40 | image: python:3 | |
41 | stage: publish | |
42 | before_script: | |
43 | - pip3 install virtualenv | |
44 | - virtualenv -p python3 faraday_venv twine | |
45 | - source faraday_venv/bin/activate | |
46 | script: | |
47 | - python setup.py sdist bdist_wheel | |
48 | - twine upload dist/* -u $TWINE_USERNAME -p $TWINE_PASSWORD | |
49 | ||
50 | only: | |
51 | variables: | |
52 | - $CI_COMMIT_TAG =~ /^v[0-9.]+$/ |
0 | 0 | ## Install |
1 | 1 | |
2 | 2 | ```shell script |
3 | cd faraday-plugins | |
4 | python setup.py install | |
3 | pip install faraday-plugins | |
5 | 4 | ``` |
6 | 5 | |
7 | 6 | ## Commands |
25 | 24 | python -m faraday_plugins process appscan /path/to/report.xml |
26 | 25 | ``` |
27 | 26 | |
27 | > Plugin Logger | |
28 | ||
29 | To use it you must call ```self.logger.debug("some message")``` | |
30 | ||
31 | ```shell script | |
32 | export PLUGIN_DEBUG=1 | |
33 | python -m faraday_plugins process appscan /path/to/report.xml | |
34 | 2019-11-15 20:37:03,355 - faraday.faraday_plugins.plugins.manager - INFO [manager.py:113 - _load_plugins()] Loading Native Plugins... | |
35 | 2019-11-15 20:37:03,465 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()] Load Plugin [acunetix] | |
36 | 2019-11-15 20:37:03,495 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()] Load Plugin [amap] | |
37 | 2019-11-15 20:37:03,549 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()] Load Plugin [appscan] | |
38 | 2019-11-15 20:37:03,580 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()] Load Plugin [arachni] | |
39 | 2019-11-15 20:37:03,613 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()] Load Plugin [arp_scan] | |
40 | 2019-11-15 20:37:03,684 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()] Load Plugin [beef] | |
41 | 2019-11-15 20:37:03,714 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()] Load Plugin [brutexss] | |
42 | 2019-11-15 20:37:03,917 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()] Load Plugin [burp] | |
43 | 2019-11-15 20:37:03,940 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()] Load Plugin [dig] | |
44 | ... | |
45 | ``` | |
46 |
0 | ## Write you own plugins | |
1 | ||
2 | > XML report plugin | |
3 | ||
4 | ```python | |
5 | class XXXPLugin(PluginXMLFormat): | |
6 | ||
7 | def __init__(self): | |
8 | super().__init__() | |
9 | # Tags to be compared with the xml mail tag, can be a list or a string | |
10 | self.identifier_tag = ["tag1", "tag2"] | |
11 | self.id = 'SOME_PLUGIN_ID' # Can't be repeated | |
12 | self.name = 'Some plugin name' | |
13 | self.plugin_version = 'X.X' | |
14 | # The extension is optional, only if its different than xml | |
15 | self.extension = ".xxx" | |
16 | ``` | |
17 | ||
18 | > JSON report plugin | |
19 | ||
20 | ```python | |
21 | class XXXPLugin(PluginJsonFormat): | |
22 | ||
23 | def __init__(self): | |
24 | super().__init__() | |
25 | # keys of the json that identify the report | |
26 | # you don't need to put all the keys, just some of them | |
27 | # it must be a set and will be compared as a subset of the json report keys | |
28 | self.json_keys = {"target_url", "effective_url", "interesting_findings"} | |
29 | self.id = 'SOME_PLUGIN_ID' # Can't be repeated | |
30 | self.name = 'Some plugin name' | |
31 | self.plugin_version = 'X.X' | |
32 | # The extension is optional, only if its different than json | |
33 | self.extension = ".xxx" | |
34 | ```⏎ |
0 | import logging | |
0 | 1 | import os |
2 | import sys | |
1 | 3 | import click |
2 | from .plugins.manager import PluginsManager, ReportAnalyzer | |
4 | ||
5 | from faraday_plugins.plugins.manager import PluginsManager, ReportAnalyzer | |
6 | ||
7 | root_logger = logging.getLogger("faraday") | |
8 | if not root_logger.handlers: | |
9 | PLUGIN_DEBUG = os.environ.get("PLUGIN_DEBUG", "0") | |
10 | if PLUGIN_DEBUG == "1": | |
11 | out_hdlr = logging.StreamHandler(sys.stdout) | |
12 | out_hdlr.setFormatter(logging.Formatter('%(asctime)s - %(name)s - %(levelname)s [%(filename)s:%(lineno)s - %(funcName)s()] %(message)s')) | |
13 | out_hdlr.setLevel(logging.DEBUG) | |
14 | root_logger.addHandler(out_hdlr) | |
15 | root_logger.setLevel(logging.DEBUG) | |
3 | 16 | |
4 | 17 | |
5 | 18 | @click.group() |
2 | 2 | import re |
3 | 3 | import os |
4 | 4 | import sys |
5 | import json | |
5 | 6 | import pkgutil |
6 | 7 | from importlib import import_module |
7 | 8 | from importlib.machinery import SourceFileLoader |
63 | 64 | file_name_base, file_extension = os.path.splitext(file_name) |
64 | 65 | file_extension = file_extension.lower() |
65 | 66 | main_tag = None |
67 | file_json_keys = {} | |
66 | 68 | logger.debug("Analyze report File") |
67 | 69 | # Try to parse as xml |
68 | 70 | try: |
77 | 79 | logger.debug("Found XML content on file: %s - Main tag: %s", report_path, main_tag) |
78 | 80 | except Exception as e: |
79 | 81 | logger.debug("Non XML content [%s] - %s", report_path, e) |
82 | try: | |
83 | report_file.seek(0) | |
84 | json_data = json.load(report_file) | |
85 | file_json_keys = set(json_data.keys()) | |
86 | logger.debug("Found JSON content on file: %s - Keys: %s", report_path, file_json_keys) | |
87 | except Exception as e: | |
88 | logger.debug("Non JSON content [%s] - %s", report_path, e) | |
80 | 89 | finally: |
81 | 90 | report_file.close() |
82 | 91 | for _plugin_id, _plugin in self.plugin_manager.get_plugins(): |
83 | logger.debug("Try: %s", _plugin_id) | |
92 | logger.debug("Try plugin: %s", _plugin_id) | |
84 | 93 | try: |
85 | if _plugin.report_belongs_to(main_tag=main_tag, report_path=report_path, extension=file_extension): | |
94 | if _plugin.report_belongs_to(main_tag=main_tag, report_path=report_path, | |
95 | extension=file_extension, file_json_keys=file_json_keys): | |
86 | 96 | plugin = _plugin |
87 | 97 | logger.debug("Plugin by File Found: %s", plugin.id) |
88 | 98 | break |
185 | 185 | """ |
186 | 186 | raise NotImplementedError('This method must be implemented.') |
187 | 187 | |
188 | ||
189 | def createAndAddHost(self, name, os="unknown", hostnames=None, mac=None): | |
188 | def createAndAddHost(self, name, os="unknown", hostnames=None, mac=None, scan_template="", site_name="", | |
189 | site_importance="", risk_score="", fingerprints="", fingerprints_software=""): | |
190 | ||
190 | 191 | if not hostnames: |
191 | 192 | hostnames = [] |
192 | 193 | if os is None: |
193 | 194 | os = "unknown" |
194 | 195 | host = {"ip": name, "os": os, "hostnames": hostnames, "description": "", "mac": mac, |
195 | "credentials": [], "services": [], "vulnerabilities": [], | |
196 | "credentials": [], "services": [], "vulnerabilities": [], "scan_template": scan_template, | |
197 | "site_name": site_name, "site_importance": site_importance, "risk_score": risk_score, | |
198 | "fingerprints": fingerprints, "fingerprints_software": fingerprints_software | |
196 | 199 | } |
197 | 200 | host_id = self.save_host_cache(host) |
198 | 201 | return host_id |
229 | 232 | |
230 | 233 | # @deprecation.deprecated(deprecated_in="3.0", removed_in="3.5", |
231 | 234 | # current_version=VERSION, |
232 | # details="Interface object removed. Use host or service instead. Service will be attached to Host!") | |
235 | # details="Interface object removed. Use host or service instead. Service will be attached | |
236 | # to Host!") | |
233 | 237 | def createAndAddServiceToInterface(self, host_id, interface_id, name, |
234 | 238 | protocol="tcp?", ports=None, |
235 | 239 | status="open", version="unknown", |
257 | 261 | return service_id |
258 | 262 | |
259 | 263 | def createAndAddVulnToHost(self, host_id, name, desc="", ref=None, |
260 | severity="", resolution="", data="", external_id=None): | |
264 | severity="", resolution="", vulnerable_since="", scan_id="", pci="", data="", | |
265 | external_id=None): | |
261 | 266 | if ref is None: |
262 | 267 | ref = [] |
263 | vulnerability = {"name": name, "desc": desc, "severity": self.normalize_severity(severity), "refs": ref, "external_id": external_id, | |
264 | "type": "Vulnerability", "resolution": resolution, "data": data} | |
268 | vulnerability = {"name": name, " desc": desc, "severity": self.normalize_severity(severity), "refs": ref, | |
269 | "external_id": external_id, "type": "Vulnerability", "resolution": resolution, | |
270 | "vulnerable_since": vulnerable_since, "scan_id": scan_id, "pci": pci, "data": data} | |
265 | 271 | host = self.get_from_cache(host_id) |
272 | ||
266 | 273 | host["vulnerabilities"].append(vulnerability) |
267 | 274 | vulnerability_id = len(host["vulnerabilities"]) - 1 |
268 | 275 | return vulnerability_id |
269 | 276 | |
270 | 277 | # @deprecation.deprecated(deprecated_in="3.0", removed_in="3.5", |
271 | 278 | # current_version=VERSION, |
272 | # details="Interface object removed. Use host or service instead. Vuln will be added to Host") | |
279 | # details="Interface object removed. Use host or service instead. Vuln will be added | |
280 | # to Host") | |
273 | 281 | def createAndAddVulnToInterface(self, host_id, interface_id, name, |
274 | 282 | desc="", ref=None, severity="", |
275 | 283 | resolution="", data=""): |
276 | return self.createAndAddVulnToHost(host_id, name, desc=desc, ref=ref, severity=severity, | |
277 | resolution=resolution, data=data) | |
284 | return self.createAndAddVulnToHost(host_id, name, desc=desc, ref=ref, severity=severity, resolution=resolution, | |
285 | data=data) | |
278 | 286 | |
279 | 287 | def createAndAddVulnToService(self, host_id, service_id, name, desc="", |
280 | ref=None, severity="", resolution="", data="", external_id=None): | |
288 | ref=None, severity="", resolution="", risk="", data="", external_id=None): | |
281 | 289 | if ref is None: |
282 | 290 | ref = [] |
283 | vulnerability = {"name": name, "desc": desc, "severity": self.normalize_severity(severity), "refs": ref, "external_id": external_id, | |
284 | "type": "Vulnerability", "resolution": resolution, "data": data} | |
291 | vulnerability = {"name": name, "desc": desc, "severity": self.normalize_severity(severity), "refs": ref, | |
292 | "external_id": external_id, "type": "Vulnerability", "resolution": resolution, "riskB": risk, | |
293 | "data": data} | |
285 | 294 | service = self.get_from_cache(service_id) |
286 | 295 | service["vulnerabilities"].append(vulnerability) |
287 | 296 | vulnerability_id = self.save_cache(vulnerability) |
304 | 313 | params = "" |
305 | 314 | if query is None: |
306 | 315 | query = "" |
316 | if website is None: | |
317 | website = "" | |
318 | if path is None: | |
319 | path = "" | |
320 | if request is None: | |
321 | request = "" | |
322 | if response is None: | |
323 | response = "" | |
307 | 324 | if ref is None: |
308 | 325 | ref = [] |
309 | vulnerability = {"name": name, "desc": desc, "severity": self.normalize_severity(severity), "refs": ref, "external_id": external_id, | |
310 | "type": "VulnerabilityWeb", "resolution": resolution, "data": data, "website": website, | |
311 | "path": path, "request": request, "response": response, "method": method, "pname": pname, | |
312 | "params": params, "query": query, "category": category} | |
326 | vulnerability = {"name": name, "desc": desc, "severity": self.normalize_severity(severity), "refs": ref, | |
327 | "external_id": external_id, "type": "VulnerabilityWeb", "resolution": resolution, | |
328 | "data": data, "website": website, "path": path, "request": request, "response": response, | |
329 | "method": method, "pname": pname, "params": params, "query": query, "category": category} | |
313 | 330 | service = self.get_from_cache(service_id) |
314 | 331 | service["vulnerabilities"].append(vulnerability) |
315 | 332 | vulnerability_id = self.save_cache(vulnerability) |
328 | 345 | def createAndAddNoteToNote(self, host_id, service_id, note_id, name, text): |
329 | 346 | return None |
330 | 347 | |
331 | def createAndAddCredToService(self, host_id, service_id, username, | |
332 | password): | |
348 | def createAndAddCredToService(self, host_id, service_id, username, password): | |
333 | 349 | credential = {"name": "credential", "username": username, "password": password} |
334 | 350 | service = self.get_from_cache(service_id) |
335 | 351 | service["credentials"].append(credential) |
354 | 370 | self.logger.debug("Generate Json") |
355 | 371 | return json.dumps(self.get_data()) |
356 | 372 | |
373 | # TODO Borrar | |
357 | 374 | class PluginTerminalOutput(PluginBase): |
358 | 375 | def __init__(self): |
359 | 376 | super().__init__() |
365 | 382 | self.logger.error(e) |
366 | 383 | |
367 | 384 | |
385 | # TODO Borrar | |
368 | 386 | class PluginCustomOutput(PluginBase): |
369 | 387 | def __init__(self): |
370 | 388 | super().__init__() |
405 | 423 | match = (main_tag == self.identifier_tag) |
406 | 424 | elif type(self.identifier_tag) == list: |
407 | 425 | match = (main_tag in self.identifier_tag) |
408 | self.logger.debug("Tag Match: [%s =/in %s] -> %s", main_tag, self.identifier_tag, match) | |
426 | self.logger.debug("Tag Match: [%s =/in %s] -> %s", main_tag, self.identifier_tag, match) | |
409 | 427 | return match |
410 | 428 | |
411 | 429 | |
416 | 434 | self.json_keys = set() |
417 | 435 | self.extension = ".json" |
418 | 436 | |
419 | def report_belongs_to(self, **kwargs): | |
437 | def report_belongs_to(self, file_json_keys=None, **kwargs): | |
420 | 438 | match = False |
421 | 439 | if super().report_belongs_to(**kwargs): |
422 | pass | |
440 | if file_json_keys is None: | |
441 | file_json_keys = {} | |
442 | match = self.json_keys.issubset(file_json_keys) | |
443 | self.logger.debug("Json Keys Match: [%s =/in %s] -> %s", file_json_keys, self.json_keys, match) | |
423 | 444 | return match |
424 | ||
425 | ||
426 | ||
427 | # I'm Py3 | |
445 | # I'm Py3⏎ |
229 | 229 | self.options = None |
230 | 230 | self._current_output = None |
231 | 231 | self.target = None |
232 | ||
233 | 232 | |
234 | 233 | def parseOutputString(self, output, debug=False): |
235 | 234 | """ |
277 | 276 | ref=item.ref) |
278 | 277 | del parser |
279 | 278 | |
280 | ||
281 | 279 | def setHost(self): |
282 | 280 | pass |
283 | 281 | |
284 | 282 | |
285 | 283 | def createPlugin(): |
286 | 284 | return AcunetixPlugin() |
287 | ||
288 | ||
289 | if __name__ == "__main__": | |
290 | import sys | |
291 | import os | |
292 | if len(sys.argv) == 2: | |
293 | report_file = sys.argv[1] | |
294 | if os.path.isfile(report_file): | |
295 | plugin = createPlugin() | |
296 | plugin.processReport(report_file) | |
297 | print(plugin.get_json()) | |
298 | else: | |
299 | print(f"Report not found: {report_file}") | |
300 | else: | |
301 | print(f"USAGE {sys.argv[0]} REPORT_FILE") |
138 | 138 | def createPlugin(): |
139 | 139 | return AmapPlugin() |
140 | 140 | |
141 | if __name__ == "__main__": | |
142 | import sys | |
143 | import os | |
144 | if len(sys.argv) == 2: | |
145 | report_file = sys.argv[1] | |
146 | if os.path.isfile(report_file): | |
147 | plugin = createPlugin() | |
148 | plugin.processReport(report_file) | |
149 | print(plugin.get_json()) | |
150 | else: | |
151 | print(f"Report not found: {report_file}") | |
152 | else: | |
153 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
154 | 141 | # I'm Py3 |
18 | 18 | __version__ = "1.0" |
19 | 19 | __maintainer__ = "Ezequiel Tavella" |
20 | 20 | __status__ = "Development" |
21 | ||
22 | 21 | |
23 | 22 | |
24 | 23 | def cleaner_unicode(string): |
198 | 197 | def createPlugin(): |
199 | 198 | return AppscanPlugin() |
200 | 199 | |
201 | if __name__ == "__main__": | |
202 | import sys | |
203 | import os | |
204 | if len(sys.argv) == 2: | |
205 | report_file = sys.argv[1] | |
206 | if os.path.isfile(report_file): | |
207 | plugin = createPlugin() | |
208 | plugin.processReport(report_file) | |
209 | print(plugin.get_json()) | |
210 | else: | |
211 | print(f"Report not found: {report_file}") | |
212 | else: | |
213 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
214 | 200 | # I'm Py3 |
9 | 9 | import socket |
10 | 10 | import random |
11 | 11 | import re |
12 | from urllib.parse import urlparse | |
13 | import os | |
12 | 14 | |
13 | 15 | try: |
14 | 16 | import xml.etree.cElementTree as ET |
23 | 25 | __status__ = 'Development' |
24 | 26 | |
25 | 27 | |
26 | class ArachniXmlParser(): | |
27 | ||
28 | class ArachniXmlParser: | |
28 | 29 | def __init__(self, xml_output): |
29 | 30 | self.tree = self.parse_xml(xml_output) |
30 | 31 | if self.tree: |
31 | 32 | self.issues = self.getIssues(self.tree) |
32 | 33 | self.plugins = self.getPlugins(self.tree) |
33 | 34 | self.system = self.getSystem(self.tree) |
35 | ||
34 | 36 | else: |
35 | 37 | self.system = None |
36 | 38 | self.issues = None |
42 | 44 | except SyntaxError as err: |
43 | 45 | print('SyntaxError In xml: %s. %s' % (err, xml_output)) |
44 | 46 | return None |
45 | ||
46 | 47 | return tree |
47 | 48 | |
48 | 49 | def getIssues(self, tree): |
49 | ||
50 | 50 | # Get vulnerabilities. |
51 | 51 | issues_tree = tree.find('issues') |
52 | 52 | for self.issue_node in issues_tree: |
53 | 53 | yield Issue(self.issue_node) |
54 | 54 | |
55 | 55 | def getPlugins(self, tree): |
56 | ||
57 | 56 | # Get info about plugins executed in scan. |
58 | 57 | plugins_tree = tree.find('plugins') |
59 | 58 | return Plugins(plugins_tree) |
60 | 59 | |
61 | 60 | def getSystem(self, tree): |
62 | ||
63 | # Get options of scan. | |
64 | return System(tree) | |
61 | system_tree = tree.find('system') | |
62 | return System(system_tree) | |
65 | 63 | |
66 | 64 | |
67 | 65 | class Issue(): |
69 | 67 | def __init__(self, issue_node): |
70 | 68 | |
71 | 69 | self.node = issue_node |
72 | ||
73 | 70 | self.name = self.getDesc('name') |
74 | 71 | self.severity = self.getDesc('severity') |
75 | 72 | self.cwe = self.getDesc('cwe') |
76 | ||
77 | 73 | self.remedy_guidance = self.getDesc('remedy_guidance') |
78 | 74 | self.description = self.getDesc('description') |
79 | ||
80 | 75 | self.var = self.getChildTag('vector', 'affected_input_name') |
81 | 76 | self.url = self.getChildTag('vector', 'url') |
82 | 77 | self.method = self.getChildTag('vector', 'method') |
83 | ||
84 | 78 | self.references = self.getReferences() |
85 | 79 | self.parameters = self.getParameters() |
86 | ||
87 | 80 | self.request = self.getRequest() |
88 | 81 | self.response = self.getResponse() |
89 | 82 | |
117 | 110 | Returns current issue references on this format |
118 | 111 | {'url': 'http://www.site.com', 'name': 'WebSite'}. |
119 | 112 | """ |
120 | ||
121 | 113 | result = [] |
122 | ||
123 | 114 | references = self.node.find('references') |
124 | 115 | |
125 | 116 | if not references: |
136 | 127 | # Get parameters of query |
137 | 128 | result = [] |
138 | 129 | |
139 | parameters = self.node.find('vector').find('inputs') | |
140 | ||
141 | if not parameters: | |
142 | return '' | |
143 | ||
144 | for param in parameters.findall('input'): | |
145 | name = param.get('name') | |
146 | result.append(name) | |
130 | try: | |
131 | parameters = self.node.find('vector').find('inputs') | |
132 | for param in parameters.findall('input'): | |
133 | name = param.get('name') | |
134 | result.append(name) | |
135 | except: | |
136 | parameters = '' | |
137 | ||
147 | 138 | |
148 | 139 | return ' - '.join(result) |
149 | 140 | |
178 | 169 | def __init__(self, node): |
179 | 170 | |
180 | 171 | self.node = node |
181 | ||
182 | self.user_agent = 'None' | |
183 | self.url = 'None' | |
184 | self.audited_elements = 'None' | |
185 | self.modules = 'None' | |
186 | self.cookies = 'None' | |
172 | self.user_agent = None | |
173 | self.url = None | |
174 | self.audited_elements = None | |
175 | self.modules = '' | |
176 | self.cookies = None | |
187 | 177 | |
188 | 178 | self.getOptions() |
189 | 179 | |
200 | 190 | if options: |
201 | 191 | options_string = options.text |
202 | 192 | else: |
203 | return | |
204 | ||
205 | ||
206 | regex_modules = re.compile('checks:\n([\w\d\s\W\D\S]{0,})(platforms:)') | |
207 | regex_user_agent = re.compile('user_agent:(.+)') | |
208 | regex_cookies = re.compile('cookies: {()}') | |
209 | regex_url = re.compile('url:(.+)') | |
210 | ||
211 | regex_audited_elements = re.compile( | |
212 | 'audit:\n([\w\d\s\W\D\S]{0,})input:|session:' | |
213 | ) | |
214 | ||
215 | result = re.search(regex_modules, options_string) | |
216 | if result.group(1): | |
217 | self.modules = result.group(1) | |
218 | ||
219 | result = re.search(regex_user_agent, options_string) | |
220 | if result.group(1): | |
221 | self.user_agent = result.group(1) | |
222 | ||
223 | result = re.search(regex_cookies, options_string) | |
224 | if result.group(1): | |
225 | self.cookies = result.group(1) | |
226 | ||
227 | result = re.search(regex_url, options_string) | |
228 | if result.group(1): | |
229 | self.url = result.group(1) | |
230 | ||
231 | result = re.search(regex_audited_elements, options_string) | |
232 | if result.group(1): | |
233 | self.audited_elements = result.group(1) | |
193 | options_string = None | |
194 | ||
195 | self.user_agent = self.node.find('user_agent').text | |
196 | self.url = self.node.find('url').text | |
197 | tags_audited_elements = self.node.find('audited_elements') | |
198 | element_text = [] | |
199 | for element in tags_audited_elements: | |
200 | element_text.append(element.text) | |
201 | self.audited_elements = element_text | |
202 | tag_module = self.node.find('modules') | |
203 | module_text = [] | |
204 | for module in tag_module: | |
205 | module_text.append(module.attrib['name']) | |
206 | self.modules = module_text | |
207 | self.cookies = self.node.find('cookies').text | |
234 | 208 | |
235 | 209 | def getDesc(self, tag): |
236 | 210 | |
240 | 214 | if description and description.text: |
241 | 215 | return description.text |
242 | 216 | else: |
243 | return 'None' | |
217 | return None | |
244 | 218 | |
245 | 219 | def getNote(self): |
246 | ||
247 | # Create string with scan information. | |
248 | result = ( | |
249 | 'Scan url:\n' + | |
250 | self.url + | |
251 | '\nUser Agent:\n' + | |
252 | self.user_agent + | |
253 | '\nVersion Arachni:\n' + | |
254 | self.version + | |
255 | '\nStart time:\n' + | |
256 | self.start_time + | |
257 | '\nFinish time:\n' + | |
258 | self.finish_time + | |
259 | '\nAudited Elements:\n' + | |
260 | self.audited_elements + | |
261 | '\nModules:\n' + | |
262 | self.modules + | |
263 | '\nCookies:\n' + | |
264 | self.cookies) | |
220 | result = ('Scan url:\n {} \nUser Agent:\n {} \nVersion Arachni:\n {} \nStart time:\n {} \nFinish time:\n {}' | |
221 | '\nAudited Elements:\n {} \nModules:\n {} \nCookies:\n {}').format(self.url, self.user_agent, | |
222 | self.version, self.start_time, | |
223 | self.finish_time, | |
224 | self.audited_elements, | |
225 | self.modules, self.cookies) | |
265 | 226 | |
266 | 227 | return result |
267 | 228 | |
277 | 238 | def __init__(self, plugins_node): |
278 | 239 | |
279 | 240 | self.plugins_node = plugins_node |
280 | ||
281 | 241 | self.healthmap = self.getHealthmap() |
282 | 242 | self.waf = self.getWaf() |
283 | ||
243 | self.ip = plugins_node.find('resolver').find('results').find('hostname').get('ipaddress') | |
284 | 244 | |
285 | 245 | def getHealthmap(self): |
286 | 246 | |
395 | 355 | return |
396 | 356 | |
397 | 357 | self.hostname = self.getHostname(parser.system.url) |
398 | self.address = self.getAddress(self.hostname) | |
358 | self.address = self.getAddress(parser.plugins.ip) | |
359 | ||
399 | 360 | |
400 | 361 | # Create host and interface |
401 | 362 | host_id = self.createAndAddHost(self.address) |
413 | 374 | self.protocol, |
414 | 375 | 'tcp', |
415 | 376 | ports=[self.port], |
416 | status='Open', | |
377 | status='open', | |
417 | 378 | version='', |
418 | 379 | description='') |
419 | 380 | |
420 | ||
421 | 381 | # Create issues. |
422 | 382 | for issue in parser.issues: |
423 | ||
424 | description = issue.description.replace(' ', ' ').replace('\n', ' ').replace('. ', '.\n\n') | |
425 | resol = issue.remedy_guidance.replace(' ', ' ').replace('\n', ' ').replace('. ', '.\n\n') | |
383 | description = str(issue.description) | |
384 | resol = str(issue.remedy_guidance) | |
426 | 385 | |
427 | 386 | references = issue.references |
428 | 387 | if issue.cwe != 'None': |
429 | references.append('CWE-' + issue.cwe) | |
388 | references.append('CWE-' + str(issue.cwe)) | |
430 | 389 | |
431 | 390 | if resol == 'None': |
432 | 391 | resol = '' |
482 | 441 | "arachni_reporter", |
483 | 442 | self._output_file_path, |
484 | 443 | afr_output_file_path) |
485 | return "/usr/bin/env -- bash -c '%s 2>&1 && if [ -e \"%s\" ];then %s 2>&1;fi'" % (main_cmd, afr_output_file_path, reporter_cmd) | |
486 | ||
444 | return "/usr/bin/env -- bash -c '%s 2>&1 && if [ -e \"%s\" ];then %s 2>&1;fi'" % (main_cmd, | |
445 | afr_output_file_path, | |
446 | reporter_cmd) | |
487 | 447 | |
488 | 448 | def getHostname(self, url): |
489 | 449 | |
490 | 450 | # Strips protocol and gets hostname from URL. |
491 | reg = re.search( | |
492 | '(http|https|ftp)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&%\$\-]+)*@)*(' | |
493 | '(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9])\.(25[0-5' | |
494 | ']|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0' | |
495 | '-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0' | |
496 | '-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[0-9])|localhost|([a-zA-Z0-9\-]+' | |
497 | '\.)*[a-zA-Z0-9\-]+\.(com|edu|gov|int|mil|net|org|biz|arpa|info|name|pr' | |
498 | 'o|aero|coop|museum|[a-zA-Z]{2}))[\:]*([0-9]+)*([/]*($|[a-zA-Z0-9\.\,\?' | |
499 | '\'\\\+&%\$#\=~_\-]+)).*?$', | |
500 | url | |
501 | ) | |
502 | ||
503 | self.protocol = reg.group(1) | |
504 | self.hostname = reg.group(4) | |
451 | url_parse = urlparse(url) | |
452 | self.protocol = url_parse.scheme | |
453 | self.hostname = url_parse.netloc | |
505 | 454 | |
506 | 455 | if self.protocol == 'https': |
507 | 456 | self.port = 443 |
508 | if reg.group(11) is not None: | |
509 | self.port = reg.group(11) | |
457 | elif self.protocol == 'http': | |
458 | if not self.port: | |
459 | self.port = 80 | |
510 | 460 | |
511 | 461 | return self.hostname |
512 | 462 | |
522 | 472 | def createPlugin(): |
523 | 473 | return ArachniPlugin() |
524 | 474 | |
525 | if __name__ == "__main__": | |
526 | import sys | |
527 | import os | |
528 | if len(sys.argv) == 2: | |
529 | report_file = sys.argv[1] | |
530 | if os.path.isfile(report_file): | |
531 | plugin = createPlugin() | |
532 | plugin.processReport(report_file) | |
533 | print(plugin.get_json()) | |
534 | else: | |
535 | print(f"Report not found: {report_file}") | |
536 | else: | |
537 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
538 | 475 | # I'm Py3 |
66 | 66 | def createPlugin(): |
67 | 67 | return CmdArpScanPlugin() |
68 | 68 | |
69 | if __name__ == "__main__": | |
70 | import sys | |
71 | import os | |
72 | if len(sys.argv) == 2: | |
73 | report_file = sys.argv[1] | |
74 | if os.path.isfile(report_file): | |
75 | plugin = createPlugin() | |
76 | plugin.processReport(report_file) | |
77 | print(plugin.get_json()) | |
78 | else: | |
79 | print(f"Report not found: {report_file}") | |
80 | else: | |
81 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
82 | 69 | # I'm Py3⏎ |
103 | 103 | def createPlugin(): |
104 | 104 | return BeefPlugin() |
105 | 105 | |
106 | if __name__ == "__main__": | |
107 | import sys | |
108 | import os | |
109 | if len(sys.argv) == 2: | |
110 | report_file = sys.argv[1] | |
111 | if os.path.isfile(report_file): | |
112 | plugin = createPlugin() | |
113 | plugin.processReport(report_file) | |
114 | print(plugin.get_json()) | |
115 | else: | |
116 | print(f"Report not found: {report_file}") | |
117 | else: | |
118 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
119 | # I'm Py3 |
22 | 22 | self.plugin_version = "0.0.2" |
23 | 23 | self.version = "1.0.0" |
24 | 24 | self.protocol ='tcp' |
25 | self._command_regex = re.compile(r'^(sudo brutexss|brutexss|sudo brutexss\.py|brutexss\.py|python brutexss\.py|\.\/brutexss\.py).*?') | |
25 | self._command_regex = re.compile(r'^(sudo brutexss|brutexss|sudo brutexss\.py|brutexss\.py|python brutexss\.py|' | |
26 | r'\.\/brutexss\.py).*?') | |
26 | 27 | |
27 | 28 | def parseOutputString(self, output, debug=False): |
28 | 29 | lineas = output.split("\n") |
45 | 46 | found_vuln=len(parametro) > 0 |
46 | 47 | host_id = self.createAndAddHost(url) |
47 | 48 | address=socket.gethostbyname(url) |
48 | interface_id = self.createAndAddInterface(host_id,address,ipv4_address=address,hostname_resolution=[url]) | |
49 | interface_id = self.createAndAddInterface(host_id, address, ipv4_address=address, | |
50 | hostname_resolution=[url]) | |
49 | 51 | service_id = self.createAndAddServiceToInterface(host_id, interface_id, self.protocol, 'tcp', |
50 | ports=[port], status='Open', version="", description="") | |
52 | ports=[port], status='Open', version="", | |
53 | description="") | |
51 | 54 | if found_vuln: |
52 | 55 | self.createAndAddVulnWebToService(host_id,service_id, name="xss", desc="XSS", ref='', severity='med', |
53 | 56 | website=url, path='', method='', pname='', params=''.join(parametro), |
60 | 63 | def createPlugin(): |
61 | 64 | return brutexss() |
62 | 65 | |
63 | if __name__ == "__main__": | |
64 | import sys | |
65 | import os | |
66 | if len(sys.argv) == 2: | |
67 | report_file = sys.argv[1] | |
68 | if os.path.isfile(report_file): | |
69 | plugin = createPlugin() | |
70 | plugin.processReport(report_file) | |
71 | print(plugin.get_json()) | |
72 | else: | |
73 | print(f"Report not found: {report_file}") | |
74 | else: | |
75 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
76 | 66 | # I'm Py3 |
306 | 306 | def createPlugin(): |
307 | 307 | return BurpPlugin() |
308 | 308 | |
309 | ||
310 | if __name__ == "__main__": | |
311 | import sys | |
312 | import os | |
313 | if len(sys.argv) == 2: | |
314 | report_file = sys.argv[1] | |
315 | if os.path.isfile(report_file): | |
316 | plugin = createPlugin() | |
317 | plugin.processReport(report_file) | |
318 | print(plugin.get_json()) | |
319 | else: | |
320 | print(f"Report not found: {report_file}") | |
321 | else: | |
322 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
323 | 309 | # I'm Py3 |
158 | 158 | print("some part of the dig plug-in caused an error! Please check repo/dig/plugin.py") |
159 | 159 | return False |
160 | 160 | |
161 | ||
162 | 161 | return True |
163 | 162 | |
164 | 163 | |
165 | 164 | def createPlugin(): |
166 | 165 | return DigPlugin() |
167 | 166 | |
168 | if __name__ == "__main__": | |
169 | import sys | |
170 | import os | |
171 | if len(sys.argv) == 2: | |
172 | report_file = sys.argv[1] | |
173 | if os.path.isfile(report_file): | |
174 | plugin = createPlugin() | |
175 | plugin.processReport(report_file) | |
176 | print(plugin.get_json()) | |
177 | else: | |
178 | print(f"Report not found: {report_file}") | |
179 | else: | |
180 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
181 | 167 | # I'm Py3 |
24 | 24 | self.plugin_version = "0.0.1" |
25 | 25 | self.version = "2.22" |
26 | 26 | self.regexpUrl = r'((http[s]?)\:\/\/([\w\.]+)[.\S]+)' |
27 | self._command_regex = re.compile(r'^(?:sudo dirb|dirb|\.\/dirb|sudo \.\/dirb)\s+(?:(http[s]?)\:\/\/([\w\.]+)[.\S]+)') | |
27 | self._command_regex = re.compile(r'^(?:sudo dirb|dirb|\.\/dirb|sudo \.\/dirb)\s+(?:(http[s]?)' | |
28 | r'\:\/\/([\w\.]+)[.\S]+)') | |
28 | 29 | self.text = [] |
29 | 30 | |
30 | 31 | def getPort(self, host, proto): |
87 | 88 | host_id = self.createAndAddHost(ip) |
88 | 89 | iface_id = self.createAndAddInterface(host_id, ip, ipv4_address = ip) |
89 | 90 | |
90 | serv_id = self.createAndAddServiceToInterface(host_id, iface_id, proto, protocol = proto, ports =[puerto], status = status) | |
91 | serv_id = self.createAndAddServiceToInterface(host_id, iface_id, proto, protocol=proto, ports=[puerto], | |
92 | status=status) | |
91 | 93 | |
92 | 94 | if len(self.text) > 0: |
93 | self.createAndAddVulnWebToService(host_id, serv_id, 'Url Fuzzing', severity=0, desc=self.text, website=domain) | |
95 | self.createAndAddVulnWebToService(host_id, serv_id, 'Url Fuzzing', severity=0, desc=self.text, | |
96 | website=domain) | |
94 | 97 | |
95 | 98 | if len(paths) > 0: |
96 | self.createAndAddVulnWebToService(host_id, serv_id, "Directory Listing", severity = "med", website = domain, request = paths, method = "GET") | |
99 | self.createAndAddVulnWebToService(host_id, serv_id, "Directory Listing", severity="med", website=domain, | |
100 | request=paths, method="GET") | |
97 | 101 | |
98 | 102 | return True |
99 | 103 | |
115 | 119 | extra_arg +=" -S" |
116 | 120 | return "%s%s" % (command_string, extra_arg) |
117 | 121 | |
122 | ||
118 | 123 | def createPlugin(): |
119 | 124 | return dirbPlugin() |
120 | 125 | |
121 | if __name__ == "__main__": | |
122 | import sys | |
123 | import os | |
124 | if len(sys.argv) == 2: | |
125 | report_file = sys.argv[1] | |
126 | if os.path.isfile(report_file): | |
127 | plugin = createPlugin() | |
128 | plugin.processReport(report_file) | |
129 | print(plugin.get_json()) | |
130 | else: | |
131 | print(f"Report not found: {report_file}") | |
132 | else: | |
133 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
134 | 126 | # I'm Py3 |
9 | 9 | import argparse |
10 | 10 | import tempfile |
11 | 11 | import urllib.parse as urlparse |
12 | ||
13 | ||
14 | 12 | from faraday_plugins.plugins.plugin import PluginTerminalOutput |
15 | 13 | from faraday_plugins.plugins.plugins_utils import get_vulnweb_url_fields |
14 | import os | |
16 | 15 | |
17 | 16 | |
18 | 17 | __author__ = "Matías Lang" |
174 | 173 | def createPlugin(): |
175 | 174 | return DirsearchPlugin() |
176 | 175 | |
177 | if __name__ == "__main__": | |
178 | import sys | |
179 | import os | |
180 | if len(sys.argv) == 2: | |
181 | report_file = sys.argv[1] | |
182 | if os.path.isfile(report_file): | |
183 | plugin = createPlugin() | |
184 | plugin.processReport(report_file) | |
185 | print(plugin.get_json()) | |
186 | else: | |
187 | print(f"Report not found: {report_file}") | |
188 | else: | |
189 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
190 | 176 | # I'm Py3 |
210 | 210 | def createPlugin(): |
211 | 211 | return DnsenumPlugin() |
212 | 212 | |
213 | if __name__ == "__main__": | |
214 | import sys | |
215 | import os | |
216 | if len(sys.argv) == 2: | |
217 | report_file = sys.argv[1] | |
218 | if os.path.isfile(report_file): | |
219 | plugin = createPlugin() | |
220 | plugin.processReport(report_file) | |
221 | print(plugin.get_json()) | |
222 | else: | |
223 | print(f"Report not found: {report_file}") | |
224 | else: | |
225 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
226 | 213 | # I'm Py3⏎ |
141 | 141 | def createPlugin(): |
142 | 142 | return DnsmapPlugin() |
143 | 143 | |
144 | if __name__ == "__main__": | |
145 | import sys | |
146 | import os | |
147 | if len(sys.argv) == 2: | |
148 | report_file = sys.argv[1] | |
149 | if os.path.isfile(report_file): | |
150 | plugin = createPlugin() | |
151 | plugin.processReport(report_file) | |
152 | print(plugin.get_json()) | |
153 | else: | |
154 | print(f"Report not found: {report_file}") | |
155 | else: | |
156 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
157 | 144 | # I'm Py3 |
172 | 172 | self._current_output = None |
173 | 173 | self._command_regex = re.compile( |
174 | 174 | r'^(sudo dnsrecon|dnsrecon|sudo dnsrecon\.py|dnsrecon\.py|python dnsrecon\.py|\.\/dnsrecon\.py).*?') |
175 | ||
176 | 175 | |
177 | 176 | def validHosts(self, hosts): |
178 | 177 | valid_records = ["NS", "CNAME", "A", "MX", "info"] |
265 | 264 | def createPlugin(): |
266 | 265 | return DnsreconPlugin() |
267 | 266 | |
268 | if __name__ == "__main__": | |
269 | import sys | |
270 | import os | |
271 | if len(sys.argv) == 2: | |
272 | report_file = sys.argv[1] | |
273 | if os.path.isfile(report_file): | |
274 | plugin = createPlugin() | |
275 | plugin.processReport(report_file) | |
276 | print(plugin.get_json()) | |
277 | else: | |
278 | print(f"Report not found: {report_file}") | |
279 | else: | |
280 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
281 | ||
282 | 267 | # I'm Py3 |
145 | 145 | def createPlugin(): |
146 | 146 | return DnswalkPlugin() |
147 | 147 | |
148 | if __name__ == "__main__": | |
149 | import sys | |
150 | import os | |
151 | if len(sys.argv) == 2: | |
152 | report_file = sys.argv[1] | |
153 | if os.path.isfile(report_file): | |
154 | plugin = createPlugin() | |
155 | plugin.processReport(report_file) | |
156 | print(plugin.get_json()) | |
157 | else: | |
158 | print(f"Report not found: {report_file}") | |
159 | else: | |
160 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
161 | 148 | # I'm Py3 |
65 | 65 | self.isZoneVuln = False |
66 | 66 | output = output.replace('\\$', '') |
67 | 67 | regex = re.search( |
68 | "Whoah, it worked - misconfigured DNS server found:([^$]+)\nThere isn't much point continuing, you have everything.", output) | |
68 | "Whoah, it worked - misconfigured DNS server found:([^$]+)\nThere isn't much point continuing, " | |
69 | "you have everything.", output) | |
69 | 70 | |
70 | 71 | if regex is not None: |
71 | 72 | self.isZoneVuln = True |
203 | 204 | def createPlugin(): |
204 | 205 | return FiercePlugin() |
205 | 206 | |
206 | if __name__ == "__main__": | |
207 | import sys | |
208 | import os | |
209 | if len(sys.argv) == 2: | |
210 | report_file = sys.argv[1] | |
211 | if os.path.isfile(report_file): | |
212 | plugin = createPlugin() | |
213 | plugin.processReport(report_file) | |
214 | print(plugin.get_json()) | |
215 | else: | |
216 | print(f"Report not found: {report_file}") | |
217 | else: | |
218 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
219 | 207 | # I'm Py3 |
199 | 199 | params = '' |
200 | 200 | check_type = issue_data.CheckTypeID |
201 | 201 | if check_type.text.lower() != 'vulnerability': |
202 | # TODO: when plugins accept tags, we shoudl this as a tag. | |
202 | # TODO: when plugins accept tags, we should this as a tag. | |
203 | 203 | pass |
204 | 204 | name = issue_data.Name.text |
205 | 205 | external_id = issue_data.VulnerabilityID.text |
232 | 232 | |
233 | 233 | for repro_step in issue_data.findall('./ReproSteps'): |
234 | 234 | step = repro_step.ReproStep |
235 | ||
235 | 236 | if step is not None: |
236 | 237 | try: |
237 | 238 | params = step.PostParams.text |
238 | 239 | except AttributeError: |
239 | 240 | pass |
240 | 241 | |
241 | if not hostname: | |
242 | # This seems to be a mobile app | |
243 | hostname = session.URL.text | |
244 | ||
245 | if not port: | |
246 | service_data['name'] = step.Url.text | |
247 | service_data['port'] = step.sourceline | |
248 | ||
249 | self.sast_vulns.append({ | |
250 | "host": hostname, | |
251 | "severity": severity, | |
252 | "service": service_data, | |
253 | "name": name, | |
254 | "description": description, | |
255 | "external_id": external_id, | |
256 | "references": references, | |
257 | "method": method, | |
258 | "query": query, | |
259 | "response": response, | |
260 | "request": request, | |
261 | "path": path, | |
262 | "params": params, | |
263 | "status_code": status_code, | |
264 | "website": session.URL.text | |
265 | }) | |
242 | if not hostname: | |
243 | # This seems to be a mobile app | |
244 | hostname = session.URL.text | |
245 | ||
246 | if not port: | |
247 | service_data['name'] = step.Url.text | |
248 | service_data['port'] = step.sourceline | |
249 | ||
250 | self.sast_vulns.append({ | |
251 | "host": hostname, | |
252 | "severity": severity, | |
253 | "service": service_data, | |
254 | "name": name, | |
255 | "description": description, | |
256 | "external_id": external_id, | |
257 | "references": references, | |
258 | "method": method, | |
259 | "query": query, | |
260 | "response": response, | |
261 | "request": request, | |
262 | "path": path, | |
263 | "params": params, | |
264 | "status_code": status_code, | |
265 | "website": session.URL.text | |
266 | }) | |
266 | 267 | |
267 | 268 | def _extract_vulns(self): |
268 | 269 | # make list of false positives |
405 | 406 | def createPlugin(): |
406 | 407 | return FortifyPlugin() |
407 | 408 | |
408 | ||
409 | if __name__ == "__main__": | |
410 | import sys | |
411 | import os | |
412 | if len(sys.argv) == 2: | |
413 | report_file = sys.argv[1] | |
414 | if os.path.isfile(report_file): | |
415 | plugin = createPlugin() | |
416 | plugin.processReport(report_file) | |
417 | print(plugin.get_json()) | |
418 | else: | |
419 | print(f"Report not found: {report_file}") | |
420 | else: | |
421 | print(f"USAGE {sys.argv[0]} REPORT_FILE") |
7 | 7 | import re |
8 | 8 | import json |
9 | 9 | import traceback |
10 | import os | |
10 | 11 | |
11 | 12 | __author__ = "xtr4nge" |
12 | 13 | __copyright__ = "Copyright (c) 2016, FruityWiFi" |
136 | 137 | return "python " + os.path.dirname(__file__) + "/fruitywifi.py " + params |
137 | 138 | #return None |
138 | 139 | |
140 | ||
139 | 141 | def createPlugin(): |
140 | 142 | return FruityWiFiPlugin() |
141 | 143 | |
142 | if __name__ == "__main__": | |
143 | import sys | |
144 | import os | |
145 | if len(sys.argv) == 2: | |
146 | report_file = sys.argv[1] | |
147 | if os.path.isfile(report_file): | |
148 | plugin = createPlugin() | |
149 | plugin.processReport(report_file) | |
150 | print(plugin.get_json()) | |
151 | else: | |
152 | print(f"Report not found: {report_file}") | |
153 | else: | |
154 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
155 | ||
156 | 144 | # I'm Py3 |
96 | 96 | def createPlugin(): |
97 | 97 | return CmdFtpPlugin() |
98 | 98 | |
99 | if __name__ == "__main__": | |
100 | import sys | |
101 | import os | |
102 | if len(sys.argv) == 2: | |
103 | report_file = sys.argv[1] | |
104 | if os.path.isfile(report_file): | |
105 | plugin = createPlugin() | |
106 | plugin.processReport(report_file) | |
107 | print(plugin.get_json()) | |
108 | else: | |
109 | print(f"Report not found: {report_file}") | |
110 | else: | |
111 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
112 | 99 | # I'm Py3 |
166 | 166 | def createPlugin(): |
167 | 167 | return GoohostPlugin() |
168 | 168 | |
169 | if __name__ == "__main__": | |
170 | import sys | |
171 | import os | |
172 | if len(sys.argv) == 2: | |
173 | report_file = sys.argv[1] | |
174 | if os.path.isfile(report_file): | |
175 | plugin = createPlugin() | |
176 | plugin.processReport(report_file) | |
177 | print(plugin.get_json()) | |
178 | else: | |
179 | print(f"Report not found: {report_file}") | |
180 | else: | |
181 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
182 | 169 | # I'm Py3 |
30 | 30 | |
31 | 31 | def parseOutputString(self, output, debug=False): |
32 | 32 | |
33 | regex_ipv4 = re.search(r"(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\)\:", output) | |
33 | regex_ipv4 = re.search(r"(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}" | |
34 | r"|2[0-4][0-9]|25[0-5])\)\:", output) | |
34 | 35 | if regex_ipv4: |
35 | 36 | ip_address = regex_ipv4.group(0).rstrip("):") # Regex pls |
36 | 37 | else: |
75 | 76 | def createPlugin(): |
76 | 77 | return hping3() |
77 | 78 | |
78 | if __name__ == "__main__": | |
79 | import sys | |
80 | import os | |
81 | if len(sys.argv) == 2: | |
82 | report_file = sys.argv[1] | |
83 | if os.path.isfile(report_file): | |
84 | plugin = createPlugin() | |
85 | plugin.processReport(report_file) | |
86 | print(plugin.get_json()) | |
87 | else: | |
88 | print(f"Report not found: {report_file}") | |
89 | else: | |
90 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
91 | 79 | # I'm Py3 |
164 | 164 | def createPlugin(): |
165 | 165 | return HydraPlugin() |
166 | 166 | |
167 | if __name__ == "__main__": | |
168 | import sys | |
169 | import os | |
170 | if len(sys.argv) == 2: | |
171 | report_file = sys.argv[1] | |
172 | if os.path.isfile(report_file): | |
173 | plugin = createPlugin() | |
174 | plugin.processReport(report_file) | |
175 | print(plugin.get_json()) | |
176 | else: | |
177 | print(f"Report not found: {report_file}") | |
178 | else: | |
179 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
180 | ||
181 | 167 | # I'm Py3 |
307 | 307 | def createPlugin(): |
308 | 308 | return ImpactPlugin() |
309 | 309 | |
310 | if __name__ == "__main__": | |
311 | import sys | |
312 | import os | |
313 | if len(sys.argv) == 2: | |
314 | report_file = sys.argv[1] | |
315 | if os.path.isfile(report_file): | |
316 | plugin = createPlugin() | |
317 | plugin.processReport(report_file) | |
318 | print(plugin.get_json()) | |
319 | else: | |
320 | print(f"Report not found: {report_file}") | |
321 | else: | |
322 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
323 | ||
324 | 310 | # I'm Py3 |
112 | 112 | severity=calculate_severity(vulnerability.get("severity")), |
113 | 113 | ref=vulnerability.get("ref")) |
114 | 114 | |
115 | ||
115 | 116 | def createPlugin(): |
116 | 117 | return Ip360Plugin() |
117 | 118 | |
118 | if __name__ == "__main__": | |
119 | import sys | |
120 | import os | |
121 | if len(sys.argv) == 2: | |
122 | report_file = sys.argv[1] | |
123 | if os.path.isfile(report_file): | |
124 | plugin = createPlugin() | |
125 | plugin.processReport(report_file) | |
126 | print(plugin.get_json()) | |
127 | else: | |
128 | print(f"Report not found: {report_file}") | |
129 | else: | |
130 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
131 | 119 | # I'm Py3 |
144 | 144 | |
145 | 145 | def createPlugin(): |
146 | 146 | return JunitPlugin() |
147 | ||
148 | ||
149 | if __name__ == "__main__": | |
150 | import sys | |
151 | import os | |
152 | if len(sys.argv) == 2: | |
153 | report_file = sys.argv[1] | |
154 | if os.path.isfile(report_file): | |
155 | plugin = createPlugin() | |
156 | plugin.processReport(report_file) | |
157 | print(plugin.get_json()) | |
158 | else: | |
159 | print(f"Report not found: {report_file}") | |
160 | else: | |
161 | print(f"USAGE {sys.argv[0]} REPORT_FILE") |
353 | 353 | def createPlugin(): |
354 | 354 | return LynisPlugin() |
355 | 355 | |
356 | if __name__ == "__main__": | |
357 | import sys | |
358 | import os | |
359 | if len(sys.argv) == 2: | |
360 | report_file = sys.argv[1] | |
361 | if os.path.isfile(report_file): | |
362 | plugin = createPlugin() | |
363 | plugin.processReport(report_file) | |
364 | print(plugin.get_json()) | |
365 | else: | |
366 | print(f"Report not found: {report_file}") | |
367 | else: | |
368 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
369 | # I'm Py3 | |
356 |
440 | 440 | def createPlugin(): |
441 | 441 | return MaltegoPlugin() |
442 | 442 | |
443 | ||
444 | if __name__ == "__main__": | |
445 | import sys | |
446 | import os | |
447 | if len(sys.argv) == 2: | |
448 | report_file = sys.argv[1] | |
449 | if os.path.isfile(report_file): | |
450 | plugin = createPlugin() | |
451 | plugin.processReport(report_file) | |
452 | print(plugin.get_json()) | |
453 | else: | |
454 | print(f"Report not found: {report_file}") | |
455 | else: | |
456 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
457 | 443 | # I'm Py3 |
179 | 179 | |
180 | 180 | def createPlugin(): |
181 | 181 | return MedusaPlugin() |
182 | ||
183 | ||
184 | if __name__ == "__main__": | |
185 | import sys | |
186 | import os | |
187 | if len(sys.argv) == 2: | |
188 | report_file = sys.argv[1] | |
189 | if os.path.isfile(report_file): | |
190 | plugin = createPlugin() | |
191 | plugin.processReport(report_file) | |
192 | print(plugin.get_json()) | |
193 | else: | |
194 | print(f"Report not found: {report_file}") | |
195 | else: | |
196 | print(f"USAGE {sys.argv[0]} REPORT_FILE") |
116 | 116 | def createPlugin(): |
117 | 117 | return MetagoofilPlugin() |
118 | 118 | |
119 | if __name__ == "__main__": | |
120 | import sys | |
121 | import os | |
122 | if len(sys.argv) == 2: | |
123 | report_file = sys.argv[1] | |
124 | if os.path.isfile(report_file): | |
125 | plugin = createPlugin() | |
126 | plugin.processReport(report_file) | |
127 | print(plugin.get_json()) | |
128 | else: | |
129 | print(f"Report not found: {report_file}") | |
130 | else: | |
131 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
132 | ||
133 | ||
134 | 119 | # I'm Py3 |
415 | 415 | def createPlugin(): |
416 | 416 | return MetasploitPlugin() |
417 | 417 | |
418 | ||
419 | if __name__ == "__main__": | |
420 | import sys | |
421 | import os | |
422 | if len(sys.argv) == 2: | |
423 | report_file = sys.argv[1] | |
424 | if os.path.isfile(report_file): | |
425 | plugin = createPlugin() | |
426 | plugin.processReport(report_file) | |
427 | print(plugin.get_json()) | |
428 | else: | |
429 | print(f"Report not found: {report_file}") | |
430 | else: | |
431 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
432 | 418 | # I'm Py3 |
166 | 166 | def createPlugin(): |
167 | 167 | return CmdNdiffPlugin() |
168 | 168 | |
169 | if __name__ == "__main__": | |
170 | import sys | |
171 | import os | |
172 | if len(sys.argv) == 2: | |
173 | report_file = sys.argv[1] | |
174 | if os.path.isfile(report_file): | |
175 | plugin = createPlugin() | |
176 | plugin.processReport(report_file) | |
177 | print(plugin.get_json()) | |
178 | else: | |
179 | print(f"Report not found: {report_file}") | |
180 | else: | |
181 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
182 | 169 | # I'm Py3 |
199 | 199 | def createPlugin(): |
200 | 200 | return NessusPlugin() |
201 | 201 | |
202 | if __name__ == "__main__": | |
203 | import sys | |
204 | import os | |
205 | if len(sys.argv) == 2: | |
206 | report_file = sys.argv[1] | |
207 | if os.path.isfile(report_file): | |
208 | plugin = createPlugin() | |
209 | plugin.processReport(report_file) | |
210 | print(plugin.get_json()) | |
211 | else: | |
212 | print(f"Report not found: {report_file}") | |
213 | else: | |
214 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
215 | # I'm Py3⏎ | |
202 | # I'm Py3 |
46 | 46 | def createPlugin(): |
47 | 47 | return NetdiscoverPlugin() |
48 | 48 | |
49 | if __name__ == "__main__": | |
50 | import sys | |
51 | import os | |
52 | if len(sys.argv) == 2: | |
53 | report_file = sys.argv[1] | |
54 | if os.path.isfile(report_file): | |
55 | plugin = createPlugin() | |
56 | plugin.processReport(report_file) | |
57 | print(plugin.get_json()) | |
58 | else: | |
59 | print(f"Report not found: {report_file}") | |
60 | else: | |
61 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
62 | ||
63 | 49 | # I'm Py3 |
0 | """ | |
0 | """" | |
1 | 1 | Faraday Penetration Test IDE |
2 | 2 | Copyright (C) 2013 Infobyte LLC (http://www.infobytesec.com/) |
3 | 3 | See the file 'doc/LICENSE' for the license information |
6 | 6 | from faraday_plugins.plugins.plugin import PluginXMLFormat |
7 | 7 | import re |
8 | 8 | import os |
9 | import sys | |
10 | 9 | import socket |
11 | import urllib | |
12 | 10 | from bs4 import BeautifulSoup |
13 | 11 | |
14 | 12 | try: |
96 | 94 | self.url = self.get_text_from_subnode("url") |
97 | 95 | |
98 | 96 | host = re.search( |
99 | "(http|https|ftp)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&%\$\-]+)*@)*((25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[0-9])|localhost|([a-zA-Z0-9\-]+\.)*[a-zA-Z0-9\-]+\.(com|edu|gov|int|mil|net|org|biz|arpa|info|name|pro|aero|coop|museum|[a-zA-Z]{2}))[\:]*([0-9]+)*([/]*($|[a-zA-Z0-9\.\,\?\'\\\+&%\$#\=~_\-]+)).*?$", self.url) | |
97 | "(http|https|ftp)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&%\$\-]+)*@)*((25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]" | |
98 | "{2}|[1-9]{1}[0-9]{1}|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2" | |
99 | "[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]" | |
100 | "{1}|[0-9])|localhost|([a-zA-Z0-9\-]+\.)*[a-zA-Z0-9\-]+\.(com|edu|gov|int|mil|net|org|biz|arpa|info|name|" | |
101 | "pro|aero|coop|museum|[a-zA-Z]{2}))[\:]*([0-9]+)*([/]*($|[a-zA-Z0-9\.\,\?\'\\\+&%\$#\=~_\-]+)).*?$", | |
102 | self.url) | |
100 | 103 | |
101 | 104 | self.protocol = host.group(1) |
102 | 105 | self.hostname = host.group(4) |
134 | 137 | |
135 | 138 | self.extra = [] |
136 | 139 | for v in item_node.findall("extrainformation/info"): |
137 | self.extra.append(v.get('name') + ":" + v.text) | |
140 | name = v.get('name') | |
141 | if name: | |
142 | self.extra.append("{name}:{v.text}") | |
138 | 143 | |
139 | 144 | self.node = item_node |
140 | 145 | self.node = item_node.find("classification") |
180 | 185 | sub_node = self.node.find(subnode_xpath_expr) |
181 | 186 | if sub_node is not None: |
182 | 187 | return sub_node.text |
183 | ||
184 | 188 | return None |
185 | 189 | |
186 | 190 | |
224 | 228 | ports=[str(i.port)], |
225 | 229 | status="open") |
226 | 230 | first = False |
227 | ||
231 | if i.resolution is not None: | |
232 | resolution = BeautifulSoup(i.resolution, "lxml").text | |
233 | else: | |
234 | resolution = "" | |
235 | ||
236 | if i.desc is not None: | |
237 | desc = BeautifulSoup(i.desc, "lxml").text | |
238 | else: | |
239 | desc = "" | |
240 | ||
228 | 241 | v_id = self.createAndAddVulnWebToService(h_id, s_id, i.name, ref=i.ref, website=i.hostname, |
229 | severity=i.severity, desc=BeautifulSoup(i.desc, "lxml").text, | |
230 | path=i.url, method=i.method, request=i.request, response=i.response, | |
231 | resolution=BeautifulSoup(i.resolution, "lxml").text,pname=i.param, data=i.data) | |
242 | severity=i.severity, desc=desc, path=i.url, method=i.method, | |
243 | request=i.request, response=i.response, resolution=resolution, | |
244 | pname=i.param, data=i.data) | |
232 | 245 | |
233 | 246 | del parser |
234 | 247 | |
239 | 252 | def createPlugin(): |
240 | 253 | return NetsparkerPlugin() |
241 | 254 | |
242 | if __name__ == "__main__": | |
243 | import sys | |
244 | import os | |
245 | if len(sys.argv) == 2: | |
246 | report_file = sys.argv[1] | |
247 | if os.path.isfile(report_file): | |
248 | plugin = createPlugin() | |
249 | plugin.processReport(report_file) | |
250 | print(plugin.get_json()) | |
251 | else: | |
252 | print(f"Report not found: {report_file}") | |
253 | else: | |
254 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
255 | ||
256 | 255 | # I'm Py3 |
254 | 254 | |
255 | 255 | v_id = self.createAndAddVulnWebToService(h_id, s_id, i.name, ref=i.ref, website=i.hostname, |
256 | 256 | severity=i.severity, desc=i.desc, path=i.url, method=i.method, |
257 | request=i.request, response=i.response, resolution=i.resolution, pname=i.param) | |
257 | request=i.request, response=i.response, resolution=i.resolution, | |
258 | pname=i.param) | |
258 | 259 | |
259 | 260 | del parser |
260 | 261 | |
268 | 269 | def createPlugin(): |
269 | 270 | return NetsparkerCloudPlugin() |
270 | 271 | |
271 | ||
272 | if __name__ == "__main__": | |
273 | import sys | |
274 | import os | |
275 | if len(sys.argv) == 2: | |
276 | report_file = sys.argv[1] | |
277 | if os.path.isfile(report_file): | |
278 | plugin = createPlugin() | |
279 | plugin.processReport(report_file) | |
280 | print(plugin.get_json()) | |
281 | else: | |
282 | print(f"Report not found: {report_file}") | |
283 | else: | |
284 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
285 | # I'm Py3 |
4 | 4 | |
5 | 5 | """ |
6 | 6 | from faraday_plugins.plugins.plugin import PluginXMLFormat |
7 | ||
8 | 7 | import re |
9 | 8 | import os |
10 | import sys | |
11 | 9 | |
12 | 10 | try: |
13 | 11 | import xml.etree.cElementTree as ET |
14 | 12 | import xml.etree.ElementTree as ET_ORIG |
13 | ||
15 | 14 | ETREE_VERSION = ET_ORIG.VERSION |
16 | 15 | except ImportError: |
17 | 16 | import xml.etree.ElementTree as ET |
17 | ||
18 | 18 | ETREE_VERSION = ET.VERSION |
19 | 19 | |
20 | 20 | ETREE_VERSION = [int(i) for i in ETREE_VERSION.split(".")] |
128 | 128 | if test.get('id').lower() in vulnsDefinitions: |
129 | 129 | vuln = vulnsDefinitions[test.get('id').lower()].copy() |
130 | 130 | key = test.get('key', '') |
131 | vuln['pci'] = test.get('pci-compliance-status') | |
132 | vuln['vulnerable_since'] = test.get('vulnerable-since') | |
133 | vuln['scan_id'] = test.get('scan-id') | |
131 | 134 | if key.startswith('/'): |
132 | 135 | # It has the path where the vuln was found |
133 | 136 | # Example key: "/comments.asp||content" |
142 | 145 | @returns vulns A dict of Vulnerability Definitions |
143 | 146 | """ |
144 | 147 | vulns = dict() |
145 | #CVSS V3 | |
148 | # CVSS V3 | |
146 | 149 | SEVERITY_MAPPING_DICT = {'0': 'info', '1': 'low', '2': 'low', '3': 'low', '4': 'med', '5': 'med', '6': 'med', |
147 | 150 | '7': 'high', '8': 'high', '9': 'critical', '10': 'critical'} |
148 | 151 | |
150 | 153 | for vulnDef in vulnsDef.iter('vulnerability'): |
151 | 154 | vid = vulnDef.get('id').lower() |
152 | 155 | vector = vulnDef.get('cvssVector') |
153 | ||
154 | 156 | vuln = { |
155 | 157 | 'desc': "", |
156 | 158 | 'name': vulnDef.get('title'), |
158 | 160 | 'resolution': "", |
159 | 161 | 'severity': SEVERITY_MAPPING_DICT[vulnDef.get('severity')], |
160 | 162 | 'tags': list(), |
161 | 'is_web': vid.startswith('http-') | |
163 | 'is_web': vid.startswith('http-'), | |
164 | 'risk': vulnDef.get('riskScore'), | |
162 | 165 | } |
163 | 166 | |
164 | 167 | for item in list(vulnDef): |
167 | 170 | vuln['desc'] += self.parse_html_type(htmlType) |
168 | 171 | if item.tag == 'exploits': |
169 | 172 | for exploit in list(item): |
170 | if exploit.get('title') and exploit.get('link'): | |
173 | if exploit.get('title') and exploit.get('link') and exploit.get('type') \ | |
174 | and exploit.get('sklLevel'): | |
171 | 175 | title = exploit.get('title').encode( |
172 | 176 | "ascii", errors="backslashreplace").strip() |
173 | 177 | link = exploit.get('link').encode( |
174 | 178 | "ascii", errors="backslashreplace").strip() |
175 | vuln['refs'].append(title + b' ' + link) | |
179 | type = exploit.get('type').encode( | |
180 | "ascii", errors="backslashreplace").strip() | |
181 | skillLevel = exploit.get('sklLevel').encode( | |
182 | "ascii", errors="backslashreplace").strip() | |
183 | vuln['refs'].append(title + b' ' + link + b' ' + type + b' ' + skillLevel) | |
184 | if item.tag == 'malware': | |
185 | for names in item.findall("name"): | |
186 | nameMalware = names.text | |
187 | vuln['refs'].append(nameMalware) | |
176 | 188 | if item.tag == 'references': |
177 | 189 | for ref in list(item): |
178 | 190 | if ref.text: |
181 | 193 | vuln['refs'].append(rf) |
182 | 194 | if item.tag == 'solution': |
183 | 195 | for htmlType in list(item): |
184 | vuln[ | |
185 | 'resolution'] += self.parse_html_type(htmlType) | |
196 | vuln['resolution'] += self.parse_html_type(htmlType) | |
186 | 197 | """ |
187 | 198 | # there is currently no method to register tags in vulns |
188 | 199 | if item.tag == 'tags': |
203 | 214 | for node in nodes.iter('node'): |
204 | 215 | host = dict() |
205 | 216 | host['name'] = node.get('address') |
217 | host['mac'] = node.get('hardware-address') | |
206 | 218 | host['hostnames'] = list() |
207 | host['os'] = "" | |
219 | host['os'] = list() | |
208 | 220 | host['services'] = list() |
221 | host['fingerprints'] = list() | |
222 | host['fingerprints_software'] = list() | |
209 | 223 | host['vulns'] = self.parse_tests_type(node, vulns) |
224 | host['scan-template'] = node.get('scan-template') | |
225 | host['scan-name'] = node.get('scan-name') | |
226 | host['scan-importance'] = node.get('scan-importance') | |
227 | host['risk-score'] = node.get('risk-score') | |
210 | 228 | |
211 | 229 | for names in node.iter('names'): |
212 | 230 | for name in list(names): |
213 | 231 | host['hostnames'].append(name.text) |
214 | 232 | |
215 | 233 | for fingerprints in node.iter('fingerprints'): |
216 | os = fingerprints.find('os') | |
217 | if os is not None: | |
218 | host['os'] = os.get('product', "") | |
219 | if os.get('version') is not None: | |
220 | host['os'] += " " + os.get('version') | |
234 | for os_data in fingerprints.iter('os'): | |
235 | data = { | |
236 | 'certainty': os_data.get('certainty'), | |
237 | 'vendor': os_data.get('vendor'), | |
238 | 'family': os_data.get('family'), | |
239 | 'product': os_data.get('product'), | |
240 | 'version': os_data.get('version'), | |
241 | 'arch': os_data.get('arch'), | |
242 | 'device-class': os_data.get('device-class'), | |
243 | } | |
244 | host['os'].append(data) | |
245 | ||
246 | for fingerprints_tag in fingerprints.iter('fingerprint'): | |
247 | data_fingerprints_tag = { | |
248 | 'certainty': fingerprints_tag.get('certainty'), | |
249 | 'product': fingerprints_tag.get('product'), | |
250 | 'version': fingerprints_tag.get('version'), | |
251 | } | |
252 | host['fingerprints'].append(data_fingerprints_tag) | |
221 | 253 | |
222 | 254 | for endpoints in node.iter('endpoints'): |
223 | 255 | for endpoint in list(endpoints): |
235 | 267 | for config in list(configs): |
236 | 268 | if "banner" in config.get('name'): |
237 | 269 | svc['version'] = config.get('name') |
238 | ||
239 | 270 | host['services'].append(svc) |
240 | 271 | |
272 | for softwaretag in node.iter('software'): | |
273 | for soft_data in softwaretag.iter('fingerprint'): | |
274 | data_soft = { | |
275 | 'certainty': soft_data.get('certainty'), | |
276 | 'vendor': soft_data.get('vendor'), | |
277 | 'family': soft_data.get('family'), | |
278 | 'product': soft_data.get('product'), | |
279 | 'version': soft_data.get('version'), | |
280 | } | |
281 | host['fingerprints_software'].append(data_soft) | |
241 | 282 | hosts.append(host) |
242 | 283 | |
243 | 284 | return hosts |
260 | 301 | self._current_output = None |
261 | 302 | self._command_regex = re.compile(r'^(sudo nexpose|\.\/nexpose).*?') |
262 | 303 | |
263 | ||
264 | 304 | def parseOutputString(self, output, debug=False): |
265 | 305 | |
266 | 306 | parser = NexposeFullXmlParser(output) |
267 | 307 | |
268 | 308 | for item in parser.items: |
269 | ||
270 | h_id = self.createAndAddHost(item['name'], item['os'], hostnames=item['hostnames']) | |
271 | ||
272 | i_id = self.createAndAddInterface( | |
273 | h_id, | |
274 | item['name'], | |
275 | ipv4_address=item['name'], | |
276 | hostname_resolution=item['hostnames']) | |
309 | h_id = self.createAndAddHost(item['name'], item['os'], hostnames=item['hostnames'], | |
310 | scan_template=item['scan-template'], site_name=item['scan-name'], | |
311 | site_importance=item['scan-importance'], risk_score=item['risk-score'], | |
312 | fingerprints=item['fingerprints'], | |
313 | fingerprints_software=item['fingerprints_software'] | |
314 | ) | |
315 | pattern = '([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$' | |
316 | if not item['mac']: | |
317 | item['mac'] = '0000000000000000' | |
318 | match = re.search(pattern, item['mac']) | |
319 | else: | |
320 | match = re.search(pattern, item['mac']) | |
321 | if match: | |
322 | i_id = self.createAndAddInterface( | |
323 | h_id, | |
324 | item['name'], | |
325 | mac=item['mac'], | |
326 | ipv4_address=item['name'], | |
327 | hostname_resolution=item['hostnames'], | |
328 | scan_template=item['scan-template'], | |
329 | site_name=item['scan-name'], | |
330 | site_importance=item['scan-importance'], | |
331 | risk_score=item['risk-score'], | |
332 | fingerprints=item['fingerprints'], | |
333 | fingerprints_software=item['fingerprints_software'], | |
334 | ) | |
335 | else: | |
336 | i_id = self.createAndAddInterface( | |
337 | h_id, | |
338 | item['name'], | |
339 | mac=':'.join(item['mac'][i:i + 2] for i in range(0, 12, 2)), | |
340 | ipv4_address=item['name'], | |
341 | hostname_resolution=item['hostnames']) | |
277 | 342 | |
278 | 343 | for v in item['vulns']: |
279 | ||
344 | v['data'] = {"vulnerable_since": v['vulnerable_since'], "scan_id": v['scan_id'], "PCI": v['pci']} | |
280 | 345 | v_id = self.createAndAddVulnToHost( |
281 | 346 | h_id, |
282 | 347 | v['name'], |
283 | 348 | v['desc'], |
284 | 349 | v['refs'], |
285 | 350 | v['severity'], |
286 | v['resolution']) | |
287 | ||
351 | v['resolution'], | |
352 | v['vulnerable_since'], | |
353 | v['scan_id'], | |
354 | v['pci'] | |
355 | ) | |
288 | 356 | |
289 | 357 | for s in item['services']: |
290 | 358 | web = False |
300 | 368 | version=version) |
301 | 369 | |
302 | 370 | for v in s['vulns']: |
371 | ||
303 | 372 | if v['is_web']: |
304 | 373 | v_id = self.createAndAddVulnWebToService( |
305 | 374 | h_id, |
309 | 378 | v['refs'], |
310 | 379 | v['severity'], |
311 | 380 | v['resolution'], |
312 | path=v.get('path','')) | |
381 | v['risk'], | |
382 | path=v.get('path', '')) | |
313 | 383 | else: |
314 | 384 | v_id = self.createAndAddVulnToService( |
315 | 385 | h_id, |
318 | 388 | v['desc'], |
319 | 389 | v['refs'], |
320 | 390 | v['severity'], |
321 | v['resolution']) | |
391 | v['resolution'], | |
392 | v['risk'] | |
393 | ) | |
322 | 394 | |
323 | 395 | del parser |
324 | 396 | |
332 | 404 | def createPlugin(): |
333 | 405 | return NexposeFullPlugin() |
334 | 406 | |
335 | if __name__ == "__main__": | |
336 | import sys | |
337 | import os | |
338 | if len(sys.argv) == 2: | |
339 | report_file = sys.argv[1] | |
340 | if os.path.isfile(report_file): | |
341 | plugin = createPlugin() | |
342 | plugin.processReport(report_file) | |
343 | print(plugin.get_json()) | |
344 | else: | |
345 | print(f"Report not found: {report_file}") | |
346 | else: | |
347 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
348 | 407 | # I'm Py3 |
378 | 378 | def createPlugin(): |
379 | 379 | return NiktoPlugin() |
380 | 380 | |
381 | if __name__ == "__main__": | |
382 | import sys | |
383 | import os | |
384 | if len(sys.argv) == 2: | |
385 | report_file = sys.argv[1] | |
386 | if os.path.isfile(report_file): | |
387 | plugin = createPlugin() | |
388 | plugin.processReport(report_file) | |
389 | print(plugin.get_json()) | |
390 | else: | |
391 | print(f"Report not found: {report_file}") | |
392 | else: | |
393 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
394 | 381 | # I'm Py3 |
571 | 571 | def createPlugin(): |
572 | 572 | return NmapPlugin() |
573 | 573 | |
574 | if __name__ == "__main__": | |
575 | import sys | |
576 | import os | |
577 | if len(sys.argv) == 2: | |
578 | report_file = sys.argv[1] | |
579 | if os.path.isfile(report_file): | |
580 | plugin = createPlugin() | |
581 | plugin.processReport(report_file) | |
582 | print(plugin.get_json()) | |
583 | else: | |
584 | print(f"Report not found: {report_file}") | |
585 | else: | |
586 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
587 | 574 | # I'm Py3 |
6 | 6 | import re |
7 | 7 | import os |
8 | 8 | from collections import defaultdict |
9 | ||
10 | from copy import copy | |
9 | 11 | |
10 | 12 | try: |
11 | 13 | import xml.etree.cElementTree as ET |
172 | 174 | self.subnet = self.get_text_from_subnode('subnet') |
173 | 175 | if self.subnet == '': |
174 | 176 | self.subnet = self.host |
175 | self.port = "None" | |
177 | self.port = None | |
176 | 178 | self.severity = self.severity_mapper() |
177 | 179 | self.service = "Unknown" |
178 | 180 | self.protocol = "" |
179 | port = self.get_text_from_subnode('port') | |
180 | ||
181 | if "general" not in port: | |
182 | # service vuln | |
183 | info = port.split("/") | |
184 | self.port = info[0] | |
185 | self.protocol = info[1] | |
181 | port_string = self.get_text_from_subnode('port') | |
182 | info = port_string.split("/") | |
183 | self.protocol = "".join(filter(lambda x: x.isalpha() or x in ("-", "_"), info[1])) | |
184 | self.port = "".join(filter(lambda x: x.isdigit(), info[0])) or None | |
185 | if not self.port: | |
186 | self.service = info[0] | |
187 | else: | |
186 | 188 | host_details = hosts[self.host].get('details') |
187 | self.service = self.get_service(port, host_details) | |
188 | else: | |
189 | # general was found in port data | |
190 | # this is a host vuln | |
191 | # this case will have item.port = 'None' | |
192 | info = port.split("/") | |
193 | self.protocol = info[1] | |
194 | self.service = info[0] # this value is general | |
189 | self.service = self.get_service(port_string, self.port, host_details) | |
195 | 190 | self.nvt = self.node.findall('nvt')[0] |
196 | 191 | self.node = self.nvt |
197 | 192 | self.id = self.node.get('oid') |
203 | 198 | self.resolution = '' |
204 | 199 | self.cvss_vector = '' |
205 | 200 | self.tags = self.get_text_from_subnode('tags') |
201 | self.data = self.get_text_from_subnode('description') | |
206 | 202 | if self.tags: |
207 | 203 | tags_data = self.get_data_from_tags(self.tags) |
208 | 204 | self.description = tags_data['description'] |
209 | 205 | self.resolution = tags_data['solution'] |
210 | 206 | self.cvss_vector = tags_data['cvss_base_vector'] |
211 | ||
207 | if tags_data['impact']: | |
208 | self.data += '\n\nImpact: {}'.format(tags_data['impact']) | |
212 | 209 | |
213 | 210 | def get_text_from_subnode(self, subnode_xpath_expr): |
214 | 211 | """ |
227 | 224 | severity = 'Critical' |
228 | 225 | return severity |
229 | 226 | |
230 | def get_service(self, port, details_from_host): | |
227 | def get_service(self, port_string, port, details_from_host): | |
231 | 228 | # details_from_host: |
232 | 229 | # name: name of detail |
233 | 230 | # value: list with the values associated with the name |
234 | for name, value in details_from_host.items(): | |
231 | details_from_host_copy = copy(details_from_host) | |
232 | services = details_from_host_copy.pop("Services", None) | |
233 | if services: | |
234 | service_detail = self.get_service_from_details("Services", services, port) | |
235 | if service_detail: | |
236 | return service_detail | |
237 | for name, value in details_from_host_copy.items(): | |
235 | 238 | service_detail = self.get_service_from_details(name, value, port) |
236 | 239 | if service_detail: |
237 | 240 | return service_detail |
239 | 242 | # the file port_mapper.txt |
240 | 243 | services_mapper = filter_services() |
241 | 244 | for service in services_mapper: |
242 | if service[0] == port: | |
245 | if service[0] == port_string: | |
243 | 246 | return service[1] |
244 | ||
245 | 247 | return "Unknown" |
246 | 248 | |
247 | 249 | def do_clean(self, value): |
257 | 259 | # value_list: list with the values associated with the name |
258 | 260 | res = None |
259 | 261 | priority = 0 |
260 | ||
261 | for value in value_list: | |
262 | if name == 'Services': | |
263 | aux_port = port.split('/')[0] | |
262 | if name == 'Services': | |
263 | for value in value_list: | |
264 | 264 | value_splited = value.split(',') |
265 | if value_splited[0] == aux_port: | |
265 | if value_splited[0] == port: | |
266 | 266 | res = value_splited[2] |
267 | priority = 3 | |
268 | ||
269 | elif '/' in value and priority != 3: | |
270 | auxiliar_value = value.split('/')[0] | |
271 | if auxiliar_value == port.split('/')[0]: | |
272 | res = name | |
273 | priority = 2 | |
274 | ||
275 | elif value.isdigit() and priority == 0: | |
276 | if value == port.split('/')[0]: | |
277 | res = name | |
278 | priority = 1 | |
279 | ||
280 | elif '::' in value and priority == 0: | |
281 | aux_value = value.split('::')[0] | |
282 | auxiliar_port = port.split('/')[0] | |
283 | if aux_value == auxiliar_port: | |
284 | res = name | |
267 | break | |
268 | else: | |
269 | for value in value_list: | |
270 | if '/' in value: | |
271 | auxiliar_value = value.split('/')[0] | |
272 | if auxiliar_value == port: | |
273 | res = name | |
274 | priority = 2 | |
275 | ||
276 | elif value.isdigit() and priority == 0: | |
277 | if value == port: | |
278 | res = name | |
279 | priority = 1 | |
280 | ||
281 | elif '::' in value and priority == 0: | |
282 | aux_value = value.split('::')[0] | |
283 | if aux_value == port: | |
284 | res = name | |
285 | 285 | return res |
286 | 286 | |
287 | 287 | def get_data_from_tags(self, tags_text): |
292 | 292 | data = { |
293 | 293 | 'solution': '', |
294 | 294 | 'cvss_base_vector': '', |
295 | 'description': '' | |
295 | 'description': '', | |
296 | 'impact': '' | |
296 | 297 | } |
297 | 298 | for tag in tags: |
298 | 299 | splited_tag = tag.split('=', 1) |
381 | 382 | hostnames=[item.host]) |
382 | 383 | ids[item.subnet] = h_id |
383 | 384 | |
384 | if item.port == "None": | |
385 | if not item.port: | |
385 | 386 | if item.severity not in self.ignored_severities: |
386 | 387 | v_id = self.createAndAddVulnToHost( |
387 | 388 | h_id, |
390 | 391 | severity=item.severity, |
391 | 392 | resolution=item.resolution, |
392 | 393 | ref=ref, |
393 | external_id=item.id) | |
394 | external_id=item.id, | |
395 | data=item.data) | |
394 | 396 | else: |
395 | 397 | if item.service: |
396 | 398 | web = re.search( |
420 | 422 | severity=item.severity, |
421 | 423 | ref=ref, |
422 | 424 | resolution=item.resolution, |
423 | external_id=item.id) | |
425 | external_id=item.id, | |
426 | data=item.data) | |
424 | 427 | elif item.severity not in self.ignored_severities: |
425 | 428 | self.createAndAddVulnToService( |
426 | 429 | h_id, |
430 | 433 | severity=item.severity, |
431 | 434 | ref=ref, |
432 | 435 | resolution=item.resolution, |
433 | external_id=item.id) | |
436 | external_id=item.id, | |
437 | data=item.data) | |
434 | 438 | del parser |
435 | 439 | |
436 | 440 | def _isIPV4(self, ip): |
449 | 453 | def createPlugin(): |
450 | 454 | return OpenvasPlugin() |
451 | 455 | |
452 | if __name__ == "__main__": | |
453 | import sys | |
454 | import os | |
455 | if len(sys.argv) == 2: | |
456 | report_file = sys.argv[1] | |
457 | if os.path.isfile(report_file): | |
458 | plugin = createPlugin() | |
459 | plugin.processReport(report_file) | |
460 | print(plugin.get_json()) | |
461 | else: | |
462 | print(f"Report not found: {report_file}") | |
463 | else: | |
464 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
465 | ||
466 | 456 | # I'm Py3 |
109 | 109 | def createPlugin(): |
110 | 110 | return pasteAnalyzerPlugin() |
111 | 111 | |
112 | if __name__ == "__main__": | |
113 | import sys | |
114 | import os | |
115 | if len(sys.argv) == 2: | |
116 | report_file = sys.argv[1] | |
117 | if os.path.isfile(report_file): | |
118 | plugin = createPlugin() | |
119 | plugin.processReport(report_file) | |
120 | print(plugin.get_json()) | |
121 | else: | |
122 | print(f"Report not found: {report_file}") | |
123 | else: | |
124 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
125 | 112 | # I'm Py3 |
73 | 73 | def createPlugin(): |
74 | 74 | return PeepingTomPlugin() |
75 | 75 | |
76 | if __name__ == "__main__": | |
77 | import sys | |
78 | import os | |
79 | if len(sys.argv) == 2: | |
80 | report_file = sys.argv[1] | |
81 | if os.path.isfile(report_file): | |
82 | plugin = createPlugin() | |
83 | plugin.processReport(report_file) | |
84 | print(plugin.get_json()) | |
85 | else: | |
86 | print(f"Report not found: {report_file}") | |
87 | else: | |
88 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
89 | ||
90 | 76 | # I'm Py3 |
64 | 64 | def createPlugin(): |
65 | 65 | return CmdPingPlugin() |
66 | 66 | |
67 | if __name__ == "__main__": | |
68 | import sys | |
69 | import os | |
70 | if len(sys.argv) == 2: | |
71 | report_file = sys.argv[1] | |
72 | if os.path.isfile(report_file): | |
73 | plugin = createPlugin() | |
74 | plugin.processReport(report_file) | |
75 | print(plugin.get_json()) | |
76 | else: | |
77 | print(f"Report not found: {report_file}") | |
78 | else: | |
79 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
80 | 67 | |
81 | 68 | # I'm Py3 |
73 | 73 | def createPlugin(): |
74 | 74 | return CmdPropeciaPlugin() |
75 | 75 | |
76 | if __name__ == "__main__": | |
77 | import sys | |
78 | import os | |
79 | if len(sys.argv) == 2: | |
80 | report_file = sys.argv[1] | |
81 | if os.path.isfile(report_file): | |
82 | plugin = createPlugin() | |
83 | plugin.processReport(report_file) | |
84 | print(plugin.get_json()) | |
85 | else: | |
86 | print(f"Report not found: {report_file}") | |
87 | else: | |
88 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
89 | ||
90 | 76 | # I'm Py3 |
131 | 131 | |
132 | 132 | self.node = item_node |
133 | 133 | self.ip = self.get_text_from_subnode('IP') |
134 | ||
134 | self.hostname = self.get_text_from_subnode('DNS') or '' | |
135 | 135 | self.os = self.get_text_from_subnode('OPERATING_SYSTEM') |
136 | 136 | self.vulns = self.getResults(tree) |
137 | 137 | |
167 | 167 | self.port = self.get_text_from_subnode(self.node, 'PORT') |
168 | 168 | self.protocol = self.get_text_from_subnode(self.node, 'PROTOCOL') |
169 | 169 | self.name = self.get_text_from_subnode(self.node, 'QID') |
170 | self.external_id = self.name | |
170 | 171 | self.result = self.get_text_from_subnode(self.node, 'RESULT') |
171 | 172 | |
172 | 173 | self.severity_dict = { |
199 | 200 | |
200 | 201 | # References |
201 | 202 | self.ref = [] |
202 | self.ref.append(self.get_text_from_glossary('CVE_ID_LIST/CVE_ID/ID')) | |
203 | ||
204 | cve_id = self.get_text_from_glossary('CVE_ID_LIST/CVE_ID/ID') | |
205 | if cve_id: | |
206 | self.ref.append(cve_id) | |
203 | 207 | |
204 | 208 | if self.cvss: |
205 | 209 | self.ref.append('CVSS SCORE: ' + self.cvss) |
302 | 306 | self.protocol = parent.get('protocol') |
303 | 307 | self.name = self.node.get('number') |
304 | 308 | self.external_id = self.node.get('number') |
305 | self.severity = self.node.get('severity') | |
306 | 309 | self.title = self.get_text_from_subnode('TITLE') |
307 | 310 | self.cvss = self.get_text_from_subnode('CVSS_BASE') |
308 | 311 | self.diagnosis = self.get_text_from_subnode('DIAGNOSIS') |
309 | 312 | self.solution = self.get_text_from_subnode('SOLUTION') |
310 | 313 | self.result = self.get_text_from_subnode('RESULT') |
311 | 314 | self.consequence = self.get_text_from_subnode('CONSEQUENCE') |
315 | ||
316 | self.severity_dict = { | |
317 | '1': 'info', | |
318 | '2': 'info', | |
319 | '3': 'med', | |
320 | '4': 'high', | |
321 | '5': 'critical'} | |
322 | ||
323 | self.severity = self.severity_dict.get(self.node.get('severity'), 'info') | |
312 | 324 | |
313 | 325 | self.desc = cleaner_results(self.diagnosis) |
314 | 326 | if self.result: |
380 | 392 | h_id, |
381 | 393 | v.title if v.title else v.name, |
382 | 394 | ref=v.ref, |
383 | severity=str(int(v.severity) - 1), | |
395 | severity=v.severity, | |
384 | 396 | resolution=v.solution if v.solution else '', |
385 | 397 | desc=v.desc, |
386 | 398 | external_id=v.external_id) |
387 | 399 | |
388 | 400 | else: |
389 | ||
390 | 401 | web = False |
402 | ||
403 | try: | |
404 | port = v.port.decode("utf-8") | |
405 | name = v.name.decode("utf-8") | |
406 | except (UnicodeDecodeError, AttributeError): | |
407 | port = v.port | |
408 | name = v.name | |
409 | ||
391 | 410 | s_id = self.createAndAddServiceToHost( |
392 | 411 | h_id, |
393 | 412 | v.port, |
394 | 413 | v.protocol, |
395 | ports=[str(v.port)], | |
414 | ports=[port], | |
396 | 415 | status='open') |
397 | ||
398 | if v.port in ['80', '443'] or re.search('ssl|http', v.name): | |
416 | if port in ['80', '443'] or re.search('ssl|http', name): | |
399 | 417 | web = True |
400 | 418 | else: |
401 | 419 | web = False |
407 | 425 | v.title if v.title else v.name, |
408 | 426 | ref=v.ref, |
409 | 427 | website=item.ip, |
410 | severity=str(int(v.severity) - 1), | |
428 | severity=v.severity, | |
411 | 429 | desc=v.desc, |
412 | 430 | resolution=v.solution if v.solution else '', |
413 | 431 | external_id=v.external_id) |
418 | 436 | s_id, |
419 | 437 | v.title if v.title else v.name, |
420 | 438 | ref=v.ref, |
421 | severity=str(int(v.severity) - 1), | |
439 | severity=v.severity, | |
422 | 440 | desc=v.desc, |
423 | 441 | resolution=v.solution if v.solution else '', |
424 | 442 | external_id=v.external_id) |
184 | 184 | def createPlugin(): |
185 | 185 | return ReconngPlugin() |
186 | 186 | |
187 | ||
188 | if __name__ == "__main__": | |
189 | import sys | |
190 | import os | |
191 | if len(sys.argv) == 2: | |
192 | report_file = sys.argv[1] | |
193 | if os.path.isfile(report_file): | |
194 | plugin = createPlugin() | |
195 | plugin.processReport(report_file) | |
196 | print(plugin.get_json()) | |
197 | else: | |
198 | print(f"Report not found: {report_file}") | |
199 | else: | |
200 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
201 | 187 | # I'm Py3 |
239 | 239 | def createPlugin(): |
240 | 240 | return RetinaPlugin() |
241 | 241 | |
242 | if __name__ == "__main__": | |
243 | import sys | |
244 | import os | |
245 | if len(sys.argv) == 2: | |
246 | report_file = sys.argv[1] | |
247 | if os.path.isfile(report_file): | |
248 | plugin = createPlugin() | |
249 | plugin.processReport(report_file) | |
250 | print(plugin.get_json()) | |
251 | else: | |
252 | print(f"Report not found: {report_file}") | |
253 | else: | |
254 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
255 | ||
256 | 242 | # I'm Py3 |
113 | 113 | def createPlugin(): |
114 | 114 | return ReverseraiderPlugin() |
115 | 115 | |
116 | ||
117 | if __name__ == "__main__": | |
118 | import sys | |
119 | import os | |
120 | if len(sys.argv) == 2: | |
121 | report_file = sys.argv[1] | |
122 | if os.path.isfile(report_file): | |
123 | plugin = createPlugin() | |
124 | plugin.processReport(report_file) | |
125 | print(plugin.get_json()) | |
126 | else: | |
127 | print(f"Report not found: {report_file}") | |
128 | else: | |
129 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
130 | 116 | # I'm Py3 |
238 | 238 | def createPlugin(): |
239 | 239 | return SkipfishPlugin() |
240 | 240 | |
241 | if __name__ == "__main__": | |
242 | import sys | |
243 | import os | |
244 | if len(sys.argv) == 2: | |
245 | report_file = sys.argv[1] | |
246 | if os.path.isfile(report_file): | |
247 | plugin = createPlugin() | |
248 | plugin.processReport(report_file) | |
249 | print(plugin.get_json()) | |
250 | else: | |
251 | print(f"Report not found: {report_file}") | |
252 | else: | |
253 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
254 | ||
255 | ||
256 | 241 | # I'm Py3 |
72 | 72 | def createPlugin(): |
73 | 73 | return SSHDefaultScanPlugin() |
74 | 74 | |
75 | if __name__ == "__main__": | |
76 | import sys | |
77 | import os | |
78 | if len(sys.argv) == 2: | |
79 | report_file = sys.argv[1] | |
80 | if os.path.isfile(report_file): | |
81 | plugin = createPlugin() | |
82 | plugin.processReport(report_file) | |
83 | print(plugin.get_json()) | |
84 | else: | |
85 | print(f"Report not found: {report_file}") | |
86 | else: | |
87 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
88 | ||
89 | 75 | # I'm Py3 |
193 | 193 | def createPlugin(): |
194 | 194 | return SslyzePlugin() |
195 | 195 | |
196 | if __name__ == "__main__": | |
197 | import sys | |
198 | import os | |
199 | if len(sys.argv) == 2: | |
200 | report_file = sys.argv[1] | |
201 | if os.path.isfile(report_file): | |
202 | plugin = createPlugin() | |
203 | plugin.processReport(report_file) | |
204 | print(plugin.get_json()) | |
205 | else: | |
206 | print(f"Report not found: {report_file}") | |
207 | else: | |
208 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
209 | ||
210 | 196 | # I'm Py3 |
95 | 95 | def createPlugin(): |
96 | 96 | return TelnetRouterPlugin() |
97 | 97 | |
98 | if __name__ == "__main__": | |
99 | import sys | |
100 | import os | |
101 | if len(sys.argv) == 2: | |
102 | report_file = sys.argv[1] | |
103 | if os.path.isfile(report_file): | |
104 | plugin = createPlugin() | |
105 | plugin.processReport(report_file) | |
106 | print(plugin.get_json()) | |
107 | else: | |
108 | print(f"Report not found: {report_file}") | |
109 | else: | |
110 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
111 | 98 | # I'm Py3 |
140 | 140 | def createPlugin(): |
141 | 141 | return TheharvesterPlugin() |
142 | 142 | |
143 | if __name__ == "__main__": | |
144 | import sys | |
145 | import os | |
146 | if len(sys.argv) == 2: | |
147 | report_file = sys.argv[1] | |
148 | if os.path.isfile(report_file): | |
149 | plugin = createPlugin() | |
150 | plugin.processReport(report_file) | |
151 | print(plugin.get_json()) | |
152 | else: | |
153 | print(f"Report not found: {report_file}") | |
154 | else: | |
155 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
156 | ||
157 | 143 | |
158 | 144 | # I'm Py3 |
60 | 60 | def createPlugin(): |
61 | 61 | return traceroutePlugin() |
62 | 62 | |
63 | ||
64 | if __name__ == "__main__": | |
65 | import sys | |
66 | import os | |
67 | if len(sys.argv) == 2: | |
68 | report_file = sys.argv[1] | |
69 | if os.path.isfile(report_file): | |
70 | plugin = createPlugin() | |
71 | plugin.processReport(report_file) | |
72 | print(plugin.get_json()) | |
73 | else: | |
74 | print(f"Report not found: {report_file}") | |
75 | else: | |
76 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
77 | 63 | # I'm Py3 |
226 | 226 | "-h": "Display this help message.", |
227 | 227 | } |
228 | 228 | |
229 | ||
230 | 229 | def parseOutputString(self, output, debug=False): |
231 | 230 | |
232 | 231 | parser = W3afXmlParser(output) |
233 | ||
234 | 232 | ip = self.resolve(parser.host) |
235 | 233 | h_id = self.createAndAddHost(ip) |
236 | i_id = self.createAndAddInterface( | |
237 | h_id, ip, ipv4_address=ip, hostname_resolution=[parser.host]) | |
238 | s_id = self.createAndAddServiceToInterface(h_id, i_id, "http", | |
239 | "tcp", | |
240 | ports=[parser.port], | |
241 | status="open") | |
234 | i_id = self.createAndAddInterface(h_id, ip, ipv4_address=ip, hostname_resolution=[parser.host]) | |
235 | s_id = self.createAndAddServiceToInterface(h_id, i_id, "http", "tcp", ports=[parser.port], status="open") | |
242 | 236 | |
243 | 237 | for item in parser.items: |
244 | 238 | v_id = self.createAndAddVulnWebToService(h_id, s_id, item.name, |
245 | item.detail, pname=item.param, path=item.url, website=parser.host, severity=item.severity, | |
246 | method=item.method, request=item.req, resolution=item.resolution, ref=item.ref, response=item.resp) | |
239 | item.detail, pname=item.param, path=item.url, website=parser.host, | |
240 | severity=item.severity, method=item.method, request=item.req, | |
241 | resolution=item.resolution, ref=item.ref, response=item.resp) | |
247 | 242 | del parser |
248 | 243 | |
249 | 244 | def resolve(self, host): |
263 | 258 | def createPlugin(): |
264 | 259 | return W3afPlugin() |
265 | 260 | |
266 | if __name__ == "__main__": | |
267 | import sys | |
268 | import os | |
269 | if len(sys.argv) == 2: | |
270 | report_file = sys.argv[1] | |
271 | if os.path.isfile(report_file): | |
272 | plugin = createPlugin() | |
273 | plugin.processReport(report_file) | |
274 | print(plugin.get_json()) | |
275 | else: | |
276 | print(f"Report not found: {report_file}") | |
277 | else: | |
278 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
279 | ||
280 | 261 | # I'm Py3 |
118 | 118 | def __init__(self, item_node): |
119 | 119 | self.node = item_node |
120 | 120 | self.url = self.get_url(item_node) |
121 | self.ip = socket.gethostbyname(self.url.hostname) | |
121 | if self.url.hostname is not None: | |
122 | self.ip = socket.gethostbyname(self.url.hostname) | |
123 | else: | |
124 | self.ip = '0.0.0.0' | |
122 | 125 | self.hostname = self.url.hostname |
123 | 126 | self.port = self.get_port(self.url) |
124 | 127 | self.scheme = self.url.scheme |
236 | 239 | self.port = "80" |
237 | 240 | self.xml_arg_re = re.compile(r"^.*(-oX\s*[^\s]+).*$") |
238 | 241 | self._command_regex = re.compile( |
239 | r'^(python wapiti|wapiti|sudo wapiti|sudo wapiti\.py|wapiti\.py|python wapiti\.py|\.\/wapiti\.py|wapiti|\.\/wapiti|python wapiti|python \.\/wapiti).*?') | |
242 | r'^(python wapiti|wapiti|sudo wapiti|sudo wapiti\.py|wapiti\.py|python wapiti\.py|\.\/wapiti\.py|wapiti|\.' | |
243 | r'\/wapiti|python wapiti|python \.\/wapiti).*?') | |
240 | 244 | self._completition = { |
241 | 245 | "": "python wapiti.py http://server.com/base/url/ [options]", |
242 | 246 | "-s": "<url> ", |
255 | 259 | "--remove": "<parameter_name> ", |
256 | 260 | "-n": "<limit> ", |
257 | 261 | "--nice": "<limit> ", |
258 | "-m": "<module_options> Set the modules and HTTP methods to use for attacks. Example: -m \"-all,xss:get,exec:post\"", | |
259 | "--module": "<module_options> Set the modules and HTTP methods to use for attacks. Example: -m \"-all,xss:get,exec:post\"", | |
262 | "-m": "<module_options> Set the modules and HTTP methods to use for attacks. Example: -m \"-all," | |
263 | "xss:get,exec:post\"", | |
264 | "--module": "<module_options> Set the modules and HTTP methods to use for attacks. Example: -m \"-" | |
265 | "all,xss:get,exec:post\"", | |
260 | 266 | "-u": "Use color to highlight vulnerables parameters in output", |
261 | 267 | "--underline": "Use color to highlight vulnerables parameters in output", |
262 | 268 | "-v": "<level> ", |
293 | 299 | parser = WapitiXmlParser(output) |
294 | 300 | for item in parser.items: |
295 | 301 | host_id = self.createAndAddHost(item.ip, hostnames=[item.hostname]) |
296 | service_id = self.createAndAddServiceToHost(host_id, item.scheme, protocol='tcp', ports=[item.port]) | |
302 | if item.port is None: | |
303 | port = 0 | |
304 | else: | |
305 | port = item.port | |
306 | service_id = self.createAndAddServiceToHost(host_id, item.scheme, protocol='tcp', ports=[port]) | |
297 | 307 | for vuln in item.vulns: |
298 | 308 | for entry in vuln['entries']: |
299 | 309 | vuln_id = self.createAndAddVulnWebToService(host_id, |
315 | 325 | user has set. |
316 | 326 | """ |
317 | 327 | host = re.search( |
318 | "(http|https|ftp)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&%\$\-]+)*@)*((25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[0-9])|localhost|([a-zA-Z0-9\-]+\.)*[a-zA-Z0-9\-]+\.(com|edu|gov|int|mil|net|org|biz|arpa|info|name|pro|aero|coop|museum|[a-zA-Z]{2}))[\:]*([0-9]+)*([/]*($|[a-zA-Z0-9\.\,\?\'\\\+&%\$#\=~_\-]+)).*?$", command_string) | |
328 | "(http|https|ftp)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&%\$\-]+)*@)*((25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]" | |
329 | "{2}|[1-9]{1}[0-9]{1}|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2" | |
330 | "[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]" | |
331 | "{1}|[0-9])|localhost|([a-zA-Z0-9\-]+\.)*[a-zA-Z0-9\-]+\.(com|edu|gov|int|mil|net|org|biz|arpa|info|name|" | |
332 | "pro|aero|coop|museum|[a-zA-Z]{2}))[\:]*([0-9]+)*([/]*($|[a-zA-Z0-9\.\,\?\'\\\+&%\$#\=~_\-]+)).*?$", | |
333 | command_string) | |
334 | ||
319 | 335 | self.protocol = host.group(1) |
320 | 336 | self.host = host.group(4) |
321 | 337 | if host.group(11) is not None: |
333 | 349 | def createPlugin(): |
334 | 350 | return WapitiPlugin() |
335 | 351 | |
336 | ||
337 | if __name__ == "__main__": | |
338 | import sys | |
339 | import os | |
340 | if len(sys.argv) == 2: | |
341 | report_file = sys.argv[1] | |
342 | if os.path.isfile(report_file): | |
343 | plugin = createPlugin() | |
344 | plugin.processReport(report_file) | |
345 | print(plugin.get_json()) | |
346 | else: | |
347 | print(f"Report not found: {report_file}") | |
348 | else: | |
349 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
350 | 352 | # I'm Py3 |
176 | 176 | def createPlugin(): |
177 | 177 | return WcscanPlugin() |
178 | 178 | |
179 | if __name__ == "__main__": | |
180 | import sys | |
181 | import os | |
182 | if len(sys.argv) == 2: | |
183 | report_file = sys.argv[1] | |
184 | if os.path.isfile(report_file): | |
185 | plugin = createPlugin() | |
186 | plugin.processReport(report_file) | |
187 | print(plugin.get_json()) | |
188 | else: | |
189 | print(f"Report not found: {report_file}") | |
190 | else: | |
191 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
192 | ||
193 | 179 | # I'm Py3 |
151 | 151 | def createPlugin(): |
152 | 152 | return WebfuzzerPlugin() |
153 | 153 | |
154 | if __name__ == "__main__": | |
155 | import sys | |
156 | import os | |
157 | if len(sys.argv) == 2: | |
158 | report_file = sys.argv[1] | |
159 | if os.path.isfile(report_file): | |
160 | plugin = createPlugin() | |
161 | plugin.processReport(report_file) | |
162 | print(plugin.get_json()) | |
163 | else: | |
164 | print(f"Report not found: {report_file}") | |
165 | else: | |
166 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
167 | ||
168 | 154 | # I'm Py3 |
24 | 24 | def __init__(self, output): |
25 | 25 | self.xml = ET.fromstring(output) |
26 | 26 | self.issues = self.xml.findall("Issues/Issue") |
27 | ||
28 | 27 | |
29 | 28 | def parse_severity(self, severity): |
30 | 29 | |
167 | 166 | def createPlugin(): |
168 | 167 | return WebInspectPlugin() |
169 | 168 | |
170 | ||
171 | if __name__ == "__main__": | |
172 | import sys | |
173 | import os | |
174 | if len(sys.argv) == 2: | |
175 | report_file = sys.argv[1] | |
176 | if os.path.isfile(report_file): | |
177 | plugin = createPlugin() | |
178 | plugin.processReport(report_file) | |
179 | print(plugin.get_json()) | |
180 | else: | |
181 | print(f"Report not found: {report_file}") | |
182 | else: | |
183 | print(f"USAGE {sys.argv[0]} REPORT_FILE") |
78 | 78 | chars = item['chars'] |
79 | 79 | words = item['words'] |
80 | 80 | name = "Wfuzz found: {path} with status {status} on url {url}".format(path=path, status=status, url=url) |
81 | desc = 'Wfuzz found a response with status {status}. Response contains: \n* {words} words \n* {lines} lines \n* {chars} chars'.format( | |
82 | words=words, | |
83 | url=url, | |
84 | lines=lines, | |
85 | chars=chars, | |
86 | status=status | |
87 | ) | |
88 | self.createAndAddVulnWebToService(host_id, | |
89 | service_id, | |
90 | name, | |
91 | desc, | |
92 | severity="info", | |
93 | website=target, | |
94 | path=path | |
95 | ) | |
81 | desc = 'Wfuzz found a response with status {status}. Response contains: \n* {words} words \n* {lines} ' \ | |
82 | 'lines \n* {chars} chars'.format(words=words, url=url, lines=lines, chars=chars, status=status) | |
83 | self.createAndAddVulnWebToService(host_id, service_id, name, desc, severity="info", website=target, | |
84 | path=path) | |
96 | 85 | |
97 | 86 | |
98 | 87 | def createPlugin(): |
99 | 88 | return WfuzzPlugin() |
100 | 89 | |
101 | ||
102 | if __name__ == "__main__": | |
103 | import sys | |
104 | import os | |
105 | if len(sys.argv) == 2: | |
106 | report_file = sys.argv[1] | |
107 | if os.path.isfile(report_file): | |
108 | plugin = createPlugin() | |
109 | plugin.processReport(report_file) | |
110 | print(plugin.get_json()) | |
111 | else: | |
112 | print(f"Report not found: {report_file}") | |
113 | else: | |
114 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
115 | ||
116 | ||
117 | 90 | # I'm Py3 |
94 | 94 | def createPlugin(): |
95 | 95 | return CmdWhoisPlugin() |
96 | 96 | |
97 | if __name__ == "__main__": | |
98 | import sys | |
99 | import os | |
100 | if len(sys.argv) == 2: | |
101 | report_file = sys.argv[1] | |
102 | if os.path.isfile(report_file): | |
103 | plugin = createPlugin() | |
104 | plugin.processReport(report_file) | |
105 | print(plugin.get_json()) | |
106 | else: | |
107 | print(f"Report not found: {report_file}") | |
108 | else: | |
109 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
110 | ||
111 | 97 | # I'm Py3 |
0 | 0 | """ |
1 | 1 | Faraday Penetration Test IDE |
2 | Copyright (C) 2016 Infobyte LLC (http://www.infobytesec.com/) | |
2 | Copyright (C) 2019 Infobyte LLC (http://www.infobytesec.com/) | |
3 | 3 | See the file 'doc/LICENSE' for the license information |
4 | 4 | |
5 | 5 | """ |
6 | 6 | import re |
7 | 7 | import socket |
8 | 8 | import json |
9 | from faraday_plugins.plugins.plugin import PluginBase | |
9 | from faraday_plugins.plugins.plugin import PluginJsonFormat | |
10 | from urllib.parse import urlparse | |
10 | 11 | |
11 | 12 | |
12 | __author__ = "Joaquin L. Pereyra | Federico Fernandez" | |
13 | __copyright__ = "Copyright (c) 2016, Infobyte LLC" | |
14 | __credits__ = ["Joaquin L. Pereyra"] | |
13 | __author__ = "Nicolas Rebagliati" | |
14 | __copyright__ = "Copyright (c) 2019, Infobyte LLC" | |
15 | __credits__ = ["Nicolas Rebagliati"] | |
15 | 16 | __license__ = "" |
16 | 17 | __version__ = "0.0.1" |
17 | __maintainer__ = "Joaquin L. Pereyra" | |
18 | __email__ = "[email protected]" | |
18 | __maintainer__ = "Nicolas Rebagliati" | |
19 | __email__ = "[email protected]" | |
19 | 20 | __status__ = "Development" |
20 | 21 | |
21 | 22 | |
22 | class WPScanPlugin(PluginBase): | |
23 | class WPScanJsonParser: | |
24 | ||
25 | def __init__(self, json_output): | |
26 | self.json_data = json.loads(json_output) | |
27 | ||
28 | def parse_url(self, url): | |
29 | # Strips protocol and gets hostname from URL. | |
30 | ||
31 | url_parse = urlparse(url) | |
32 | protocol = url_parse.scheme | |
33 | hostname = url_parse.netloc | |
34 | port = url_parse.port | |
35 | ||
36 | if protocol == 'https': | |
37 | port = 443 | |
38 | elif protocol == 'http': | |
39 | if not port: | |
40 | port = 80 | |
41 | address = self.get_address(hostname) | |
42 | return {'protocol': protocol, 'hostname': hostname, 'port': port, 'address': address} | |
43 | ||
44 | def get_address(self, hostname): | |
45 | # Returns remote IP address from hostname. | |
46 | try: | |
47 | return socket.gethostbyname(hostname) | |
48 | except socket.error as msg: | |
49 | return None | |
50 | ||
51 | ||
52 | class WPScanPlugin(PluginJsonFormat): | |
23 | 53 | """ Handle the WPScan tool. Detects the output of the tool |
24 | 54 | and adds the information to Faraday. |
25 | 55 | """ |
26 | 56 | |
27 | 57 | def __init__(self): |
28 | """Initalizes the plugin with some basic params. | |
29 | Right now the plugin doesnt support being executed from another folder, | |
30 | like /dir/wpscan.rb | |
31 | """ | |
32 | 58 | super().__init__() |
33 | 59 | self.id = "wpscan" |
34 | 60 | self.name = "WPscan" |
35 | 61 | self.plugin_version = "0.2" |
36 | 62 | self.version = "3.4.5" |
37 | self._command_regex = re.compile( | |
38 | r"^((sudo )?(ruby )?(\.\/)?(wpscan)(.rb)?)") | |
39 | self.wpPath = self.get_wpscan_filepath() | |
40 | self.addSetting("WPscan path", str, self.wpPath) | |
41 | self.themes = {} | |
42 | self.plugins = {} | |
43 | self.wpversion = '' | |
44 | self.risks = {'AUTHBYPASS': 'high', | |
45 | 'BYPASS': 'med', | |
46 | 'CSRF': 'med', | |
47 | 'DOS': 'med', | |
48 | 'FPD': 'info', | |
49 | 'LFI': 'high', | |
50 | 'MULTI': 'unclassified', | |
51 | 'OBJECTINJECTION': 'med', | |
52 | 'PRIVESC': 'high', | |
53 | 'RCE': 'critical', | |
54 | 'REDIRECT': 'low', | |
55 | 'RFI': 'critical', | |
56 | 'SQLI': 'high', | |
57 | 'SSRF': 'med', | |
58 | 'UNKNOWN': 'unclassified', | |
59 | 'UPLOAD': 'critical', | |
60 | 'XSS': 'high', | |
61 | 'XXE': 'high'} | |
62 | ||
63 | def get_wpscan_filepath(self): | |
64 | home = os.path.expanduser("~") | |
65 | ||
66 | wpscan_path = os.path.join(home, '.wpscan') | |
67 | if os.path.exists(wpscan_path): | |
68 | return wpscan_path | |
69 | else: | |
70 | return None | |
71 | ||
72 | def search_file_in_wpscan_folder(self, wp_file): | |
73 | db_path = os.path.join(self.wpPath, 'db', wp_file) | |
74 | data_path = os.path.join(self.wpPath, 'data', wp_file) | |
75 | if os.path.exists(db_path): | |
76 | return db_path | |
77 | elif os.path.exists(data_path): | |
78 | return data_path | |
79 | ||
80 | def getPort(self, host, proto): | |
81 | p = re.search(r"\:([0-9]+)\/", host) | |
82 | if p is not None: | |
83 | return p.group(1) | |
84 | elif proto == 'https': | |
85 | return 443 | |
86 | else: | |
87 | return 80 | |
88 | ||
89 | def parseOutputWpscan(self, output): | |
90 | sp = output.split('0m Name:') # cut by name | |
91 | for e in sp: | |
92 | if 'Title:' in e: | |
93 | if 'WordPress version' in e: | |
94 | r = re.search(r'WordPress version (\d.\w)', e) # get wordpress version | |
95 | self.wpversion = r.group(1) | |
96 | ||
97 | elif 'wp-content/themes/' in e: | |
98 | name = re.findall(r"Location: .+themes\/(.+)\/", e) # get theme name | |
99 | title = re.findall(r"Title: (.+)", e) # get vulnerabilities title | |
100 | self.themes[name[0]] = title # insert theme in dicc {'themeName' : ['titles', 'titles']} | |
101 | ||
102 | else: | |
103 | name = re.findall(r"Location: .+plugins\/(.+)\/", e) # get plugin name | |
104 | title = re.findall(r"Title: (.+)", e) # get vulnerabilities title | |
105 | self.plugins[name[0]] = title # insert plugin in dicc {'plugin' : ['titles', 'titles']} | |
106 | ||
107 | def addThemesOrPluginsVulns(self, wpscan_db_filename, dic, host_id, serv_id, domain, wp_url, name): | |
108 | db_file_path = self.search_file_in_wpscan_folder(wpscan_db_filename) | |
109 | with open(db_file_path, "r") as data: | |
110 | j = json.load(data) | |
111 | for p in dic: | |
112 | for title in dic[p]: | |
113 | for vuln in j[p]['vulnerabilities']: # iter vulnerabilities | |
114 | if vuln['title'] == title: # if output title is equal | |
115 | title = vuln['title'] # title | |
116 | risk = self.risks[vuln['vuln_type']] # vuln type (xss,rce,lfi,etc) - risk | |
117 | location = wp_url+'wp-content/'+name+'/'+p+'/' | |
118 | if 'url' in vuln['references']: # if references | |
119 | refs = vuln['references']['url'] #references[] | |
120 | else: | |
121 | refs = [] # references null | |
122 | self.createAndAddVulnWebToService( | |
123 | host_id, | |
124 | serv_id, | |
125 | title, | |
126 | severity=risk, | |
127 | website=domain, | |
128 | ref=refs, | |
129 | path=location) | |
130 | ||
131 | def addWPVulns(self, wpscan_db_filename, version, host_id, serv_id, domain): | |
132 | db_file_path = self.search_file_in_wpscan_folder(wpscan_db_filename) | |
133 | with open(db_file_path, "r") as data: | |
134 | j = json.load(data) | |
135 | for vuln in j[version]['vulnerabilities']: # iter vulnerabilities | |
136 | title = vuln['title'] # title | |
137 | risk = self.risks[vuln['vuln_type']] # vuln type (xss,rce,lfi,etc) - risk | |
138 | if 'url' in vuln['references']: # if references | |
139 | refs = vuln['references']['url'] # references[] | |
140 | else: | |
141 | refs = [] # references null | |
142 | self.createAndAddVulnWebToService( | |
143 | host_id, | |
144 | serv_id, | |
145 | title, | |
146 | severity=risk, | |
147 | website=domain, | |
148 | ref=refs) | |
63 | self.json_keys = {"target_url", "effective_url", "interesting_findings"} | |
149 | 64 | |
150 | 65 | def parseOutputString(self, output, debug=False): |
151 | """Parses the output given as a string by the wpscan tool and creates | |
152 | the appropiate hosts, service and vulnerabilites. Return | |
153 | nothing. | |
154 | """ | |
155 | self.parseOutputWpscan(output) | |
156 | wp_url = re.search(r"URL: ((http[s]?)\:\/\/([\w\.]+)[.\S]+)", output) | |
157 | service, base_url = self.__get_service_and_url_from_output(output) | |
158 | if service and base_url: | |
159 | port = self.getPort(wp_url.group(1), service) | |
160 | host_ip = socket.gethostbyname_ex(base_url)[2][0] | |
161 | host_id = self.createAndAddHost( | |
162 | host_ip, | |
163 | hostnames=[base_url]) | |
164 | ||
165 | service_id = self.createAndAddServiceToHost( | |
166 | host_id, | |
167 | service, | |
168 | "tcp", | |
169 | ports=[port]) | |
170 | ||
171 | potential_vulns = re.findall(r"(\[\!\].*)", output) | |
172 | for potential_vuln in potential_vulns: | |
173 | vuln_name, severity = self.__get_name_and_severity(potential_vuln) | |
174 | if vuln_name is not None: | |
175 | vuln = potential_vuln # they grow up so fast | |
176 | path = self.__get_path_from_vuln(vuln) | |
177 | self.createAndAddVulnWebToService( | |
178 | host_id, | |
179 | service_id, | |
180 | name=vuln_name, | |
181 | website=base_url, | |
182 | path=path, | |
183 | severity=severity) | |
184 | ||
185 | if len(self.plugins) > 0: | |
186 | self.addThemesOrPluginsVulns( | |
187 | 'plugins.json', | |
188 | self.plugins, | |
189 | host_id, | |
190 | service_id, | |
191 | base_url, | |
192 | wp_url.group(1), | |
193 | 'plugins') | |
194 | ||
195 | if len(self.wpversion) > 0: | |
196 | self.addWPVulns( | |
197 | 'wordpresses.json', | |
198 | self.wpversion, | |
199 | host_id, | |
200 | service_id, | |
201 | base_url) | |
202 | ||
203 | if len(self.themes) > 0: | |
204 | self.addThemesOrPluginsVulns( | |
205 | 'themes.json', | |
206 | self.themes, | |
207 | host_id, | |
208 | service_id, | |
209 | base_url, | |
210 | wp_url.group(1), | |
211 | 'themes') | |
212 | ||
213 | def __get_service_and_url_from_output(self, output): | |
214 | """ Return the service (http or https) and the base URL (URL without | |
215 | protocol) from a given string. In case more than one URL is found, | |
216 | return the service and base_url of the first one, ignore others. | |
217 | """ | |
218 | search_url = re.search(r"URL: ((http[s]?)\:\/\/([\w\.]+)[.\S]+)", output) | |
219 | if not search_url: | |
220 | return None, None | |
221 | else: | |
222 | service, base_url = search_url.group(2), search_url.group(3) | |
223 | return service, base_url | |
224 | ||
225 | def __get_name_and_severity(self, potential_vuln): | |
226 | """Regex the potential_vuln string against a regex with all | |
227 | the vulnerabilities given by WPscan. Returns a regex match object with | |
228 | the vulnerability's name and severity if the regex found something | |
229 | and (None, None) if the regex found nothing. | |
230 | """ | |
231 | critical_search = re.search(r"Website is not fully configured|" | |
232 | "Debug log file found|" | |
233 | "wp-config\.php backup file has been found|" | |
234 | "searchreplacedb2.php has been found", | |
235 | potential_vuln) | |
236 | if critical_search: | |
237 | return critical_search.group(0), "critical" | |
238 | ||
239 | info_search = re.search(r"Directory listing is enabled|" | |
240 | "An error_log file has been found|" | |
241 | "file exists exposing a version number|" | |
242 | "Full Path Disclosure|" | |
243 | "Registration is enabled|" | |
244 | "(Upload|Includes) directory has directory listing enabled|" | |
245 | "Default first Wordpress username 'admin' is still used", | |
246 | potential_vuln) | |
247 | if info_search: | |
248 | return info_search.group(0), "info" | |
249 | ||
250 | return None, None | |
251 | ||
252 | def __get_path_from_vuln(self, vuln): | |
253 | """Given a vuln as string, return the path as a string (empty string | |
254 | for path not found). | |
255 | """ | |
256 | path_search = re.search("(?P<url>https?://[^\s]+)", vuln) | |
257 | path = path_search.group('url') if path_search else "" | |
258 | return path | |
259 | ||
260 | def processCommandString(self, username, current_path, command_string): | |
261 | return None | |
66 | parser = WPScanJsonParser(output) | |
67 | url_data = parser.parse_url(parser.json_data['target_url']) | |
68 | host_id = self.createAndAddHost(url_data['address'], hostnames=[url_data['hostname']]) | |
69 | service_id = self.createAndAddServiceToHost( | |
70 | host_id, | |
71 | "WordPress", | |
72 | url_data['protocol'], | |
73 | ports=[url_data['port']], | |
74 | status='open', | |
75 | version='', | |
76 | description='') | |
77 | for user, data in parser.json_data.get('users', {}).items(): | |
78 | self.createAndAddCredToService(host_id, service_id, user, "") | |
79 | main_theme = parser.json_data.get("main_theme", {}) | |
80 | for vuln in main_theme.get("vulnerabilities", []): | |
81 | wpvulndb = ",".join(vuln['references'].get('wpvulndb', [])) | |
82 | self.createAndAddVulnWebToService(host_id, service_id, vuln['title'], ref=vuln['references'].get('url', []), | |
83 | severity='unclassified', external_id=wpvulndb) | |
84 | for plugin, plugin_data in parser.json_data.get("plugins", {}).items(): | |
85 | for vuln in plugin_data['vulnerabilities']: | |
86 | wpvulndb = ",".join(vuln['references'].get('wpvulndb', [])) | |
87 | self.createAndAddVulnWebToService(host_id, service_id, f"{plugin}: {vuln['title']}", | |
88 | ref=vuln['references'].get('url', []), | |
89 | severity='unclassified', external_id=wpvulndb) | |
90 | for vuln in parser.json_data.get("interesting_findings", []): | |
91 | if vuln['to_s'].startswith('http'): | |
92 | vuln_name = f"{vuln['type']}: {vuln['to_s']}" | |
93 | else: | |
94 | vuln_name = vuln['to_s'] | |
95 | self.createAndAddVulnWebToService(host_id, service_id, vuln_name, ref=vuln['references'].get('url', []), | |
96 | severity='unclassified') | |
262 | 97 | |
263 | 98 | |
264 | 99 | def createPlugin(): |
265 | 100 | return WPScanPlugin() |
266 | ||
267 | if __name__ == "__main__": | |
268 | import sys | |
269 | import os | |
270 | if len(sys.argv) == 2: | |
271 | report_file = sys.argv[1] | |
272 | if os.path.isfile(report_file): | |
273 | plugin = createPlugin() | |
274 | plugin.processReport(report_file) | |
275 | print(plugin.get_json()) | |
276 | else: | |
277 | print(f"Report not found: {report_file}") | |
278 | else: | |
279 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
280 | ||
281 | # I'm Py3 |
201 | 201 | def createPlugin(): |
202 | 202 | return X1Plugin() |
203 | 203 | |
204 | if __name__ == "__main__": | |
205 | import sys | |
206 | import os | |
207 | if len(sys.argv) == 2: | |
208 | report_file = sys.argv[1] | |
209 | if os.path.isfile(report_file): | |
210 | plugin = createPlugin() | |
211 | plugin.processReport(report_file) | |
212 | print(plugin.get_json()) | |
213 | else: | |
214 | print(f"Report not found: {report_file}") | |
215 | else: | |
216 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
217 | ||
218 | 204 | # I'm Py3 |
21 | 21 | self.plugin_version = "0.0.1" |
22 | 22 | self.version = "1.0.0" |
23 | 23 | self.protocol="tcp" |
24 | self._command_regex = re.compile(r'^(sudo xsssniper|xsssniper|sudo xsssniper\.py|xsssniper\.py|sudo python xsssniper\.py|.\/xsssniper\.py|python xsssniper\.py)') | |
24 | self._command_regex = re.compile(r'^(sudo xsssniper|xsssniper|sudo xsssniper\.py|xsssniper\.py|sudo python ' | |
25 | r'xsssniper\.py|.\/xsssniper\.py|python xsssniper\.py)') | |
25 | 26 | |
26 | 27 | def parseOutputString(self, output, debug=False): |
27 | 28 | parametro = [] |
59 | 60 | def createPlugin(): |
60 | 61 | return xsssniper() |
61 | 62 | |
62 | if __name__ == "__main__": | |
63 | import sys | |
64 | import os | |
65 | if len(sys.argv) == 2: | |
66 | report_file = sys.argv[1] | |
67 | if os.path.isfile(report_file): | |
68 | plugin = createPlugin() | |
69 | plugin.processReport(report_file) | |
70 | print(plugin.get_json()) | |
71 | else: | |
72 | print(f"Report not found: {report_file}") | |
73 | else: | |
74 | print(f"USAGE {sys.argv[0]} REPORT_FILE") | |
75 | ||
76 | 63 | # I'm Py3 |
6 | 6 | import os |
7 | 7 | import socket |
8 | 8 | from faraday_plugins.plugins.plugin import PluginXMLFormat |
9 | ||
9 | from urllib.parse import urlparse | |
10 | 10 | |
11 | 11 | try: |
12 | 12 | import xml.etree.cElementTree as ET |
205 | 205 | self.requests = "\n".join([i['uri'] for i in self.items]) |
206 | 206 | |
207 | 207 | def parse_uri(self, uri): |
208 | mregex = re.search( | |
209 | "(http|https|ftp)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&" | |
210 | ";%\$\-]+)*@)*((25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]" | |
211 | "{1}|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}" | |
212 | "|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}" | |
213 | "|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|" | |
214 | "[0-9])|localhost|([a-zA-Z0-9\-]+\.)*[a-zA-Z0-9\-]+\.(com|edu|gov|" | |
215 | "int|mil|net|org|biz|arpa|info|name|pro|aero|coop|museum|[a-zA-Z]{2" | |
216 | "}))[\:]*([0-9]+)*([/]*($|[a-zA-Z0-9\.\,\?\'\\\+&%\$#\=~_\-]+))" | |
217 | ".*?$", | |
218 | uri) | |
219 | ||
220 | protocol = mregex.group(1) | |
221 | host = mregex.group(4) | |
222 | port = 80 | |
223 | if protocol == 'https': | |
224 | port = 443 | |
225 | if mregex.group(11) is not None: | |
226 | port = mregex.group(11) | |
208 | ||
209 | url_parse = urlparse(uri) | |
210 | protocol = url_parse.scheme | |
211 | host = url_parse.netloc | |
212 | port = url_parse.port | |
227 | 213 | |
228 | 214 | try: |
229 | 215 | params = [i.split('=')[0] |
332 | 318 | |
333 | 319 | def createPlugin(): |
334 | 320 | return ZapPlugin() |
335 | ||
336 | ||
337 | if __name__ == "__main__": | |
338 | import sys | |
339 | if len(sys.argv) == 2: | |
340 | report_file = sys.argv[1] | |
341 | if os.path.isfile(report_file): | |
342 | plugin = createPlugin() | |
343 | plugin.processReport(report_file) | |
344 | print(plugin.get_json()) | |
345 | else: | |
346 | print(f"Report not found: {report_file}") | |
347 | else: | |
348 | print(f"USAGE {sys.argv[0]} REPORT_FILE") |
8 | 8 | 'Click', |
9 | 9 | 'simplejson', |
10 | 10 | 'requests', |
11 | 'lxml', | |
12 | 'html2text', | |
13 | 'beautifulsoup4', | |
11 | 14 | ] |
12 | 15 | |
13 | 16 |
0 | import os | |
1 | ||
2 | import json | |
3 | import pytest | |
4 | from faraday_plugins.plugins.manager import PluginsManager, ReportAnalyzer | |
5 | from faraday_plugins.plugins.plugin import PluginBase | |
6 | ||
7 | BLACK_LIST = [ | |
8 | 'LICENSE', | |
9 | 'README.md', | |
10 | '.gitignore', | |
11 | '.gitkeep', | |
12 | ] | |
13 | ||
14 | def list_report_files(): | |
15 | report_filenames = os.walk('./report-collection') | |
16 | ||
17 | for root, directory, filenames in report_filenames: | |
18 | if '.git' in directory: | |
19 | continue | |
20 | for filename in filenames: | |
21 | if filename in BLACK_LIST: | |
22 | continue | |
23 | if '.git' in root: | |
24 | continue | |
25 | yield os.path.join(root, filename) | |
26 | ||
27 | ||
28 | @pytest.mark.parametrize("report_filename", list_report_files()) | |
29 | def test_autodetection_on_all_report_collection(report_filename): | |
30 | plugins_manager = PluginsManager() | |
31 | analyzer = ReportAnalyzer(plugins_manager) | |
32 | plugin: PluginBase = analyzer.get_plugin(report_filename) | |
33 | assert plugin, report_filename | |
34 | plugin.processReport(report_filename) | |
35 | plugin_json = json.loads(plugin.get_json()) | |
36 | assert "hosts" in plugin_json | |
37 | assert "command" in plugin_json | |
38 | assert len(plugin_json) == 2 |
0 | import os | |
1 | ||
2 | import json | |
3 | import pytest | |
4 | from faraday_plugins.plugins.manager import PluginsManager, ReportAnalyzer | |
5 | from faraday_plugins.plugins.plugin import PluginBase | |
6 | ||
7 | BLACK_LIST = [ | |
8 | 'LICENSE', | |
9 | 'README.md', | |
10 | '.gitignore', | |
11 | '.gitkeep', | |
12 | ] | |
13 | ||
14 | def list_report_files(): | |
15 | report_filenames = os.walk('./report-collection') | |
16 | ||
17 | for root, directory, filenames in report_filenames: | |
18 | if '.git' in directory: | |
19 | continue | |
20 | for filename in filenames: | |
21 | if filename in BLACK_LIST: | |
22 | continue | |
23 | if '.git' in root: | |
24 | continue | |
25 | yield os.path.join(root, filename) | |
26 | ||
27 | ||
28 | @pytest.mark.skip(reason="Skip auto detection test until we review all the report files") | |
29 | @pytest.mark.parametrize("report_filename", list_report_files()) | |
30 | def test_autodetected_on_all_report_collection(report_filename): | |
31 | plugins_manager = PluginsManager() | |
32 | analyzer = ReportAnalyzer(plugins_manager) | |
33 | plugin: PluginBase = analyzer.get_plugin(report_filename) | |
34 | assert plugin, report_filename | |
35 | ||
36 | ||
37 | @pytest.mark.parametrize("report_filename", list_report_files()) | |
38 | def test_detected_tools_on_all_report_collection(report_filename): | |
39 | plugins_manager = PluginsManager() | |
40 | analyzer = ReportAnalyzer(plugins_manager) | |
41 | plugin: PluginBase = analyzer.get_plugin(report_filename) | |
42 | if not plugin: | |
43 | return | |
44 | assert plugin, report_filename | |
45 | plugin.processReport(report_filename) | |
46 | plugin_json = json.loads(plugin.get_json()) | |
47 | assert "hosts" in plugin_json | |
48 | assert "command" in plugin_json | |
49 | assert len(plugin_json) == 2 |