Codebase list faraday-plugins / c61b093
New upstream version 1.0.2 Sophie Brun 4 years ago
74 changed file(s) with 625 addition(s) and 1481 deletion(s). Raw diff Collapse all Expand all
+19
-4
.gitlab-ci.yml less more
00 stages:
11 - pre_testing
22 - testing
3 - publish
34
45 before_script:
56 - apt-get update -qy
1112 before_script:
1213 - pip install flake8
1314 # Help flake8 to find the Python files without .py extension.
14 - find * -type f -name '*.py' > files.txt
15 - find * -type f -print0 | xargs -0 file | grep 'Python script' | cut -d':' -f1 >> files.txt
15 - find . -name '*.py' >> files.txt
1616 - sort -u files.txt | tee files.processed
1717 script:
18 - python -m flake8 --statistics --count $(cat files.processed)
18 - python -m flake8 --statistics --count $(cat files.processed) --verbose
1919 after_script:
2020 - wc -l files.processed
2121
3434 - cd -
3535 - source faraday_venv/bin/activate
3636 - python3 setup.py install
37 - cd run_from && pytest ../tests --capture=sys -v --cov=faraday_plugins --color=yes --disable-warnings
37 - cd run_from && pytest ../tests --capture=sys -v --cov=faraday_plugins --color=yes --disable-warnings
38
39 publish_pipy:
40 image: python:3
41 stage: publish
42 before_script:
43 - pip3 install virtualenv
44 - virtualenv -p python3 faraday_venv twine
45 - source faraday_venv/bin/activate
46 script:
47 - python setup.py sdist bdist_wheel
48 - twine upload dist/* -u $TWINE_USERNAME -p $TWINE_PASSWORD
49
50 only:
51 variables:
52 - $CI_COMMIT_TAG =~ /^v[0-9.]+$/
+21
-2
README.md less more
00 ## Install
11
22 ```shell script
3 cd faraday-plugins
4 python setup.py install
3 pip install faraday-plugins
54 ```
65
76 ## Commands
2524 python -m faraday_plugins process appscan /path/to/report.xml
2625 ```
2726
27 > Plugin Logger
28
29 To use it you must call ```self.logger.debug("some message")```
30
31 ```shell script
32 export PLUGIN_DEBUG=1
33 python -m faraday_plugins process appscan /path/to/report.xml
34 2019-11-15 20:37:03,355 - faraday.faraday_plugins.plugins.manager - INFO [manager.py:113 - _load_plugins()] Loading Native Plugins...
35 2019-11-15 20:37:03,465 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()] Load Plugin [acunetix]
36 2019-11-15 20:37:03,495 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()] Load Plugin [amap]
37 2019-11-15 20:37:03,549 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()] Load Plugin [appscan]
38 2019-11-15 20:37:03,580 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()] Load Plugin [arachni]
39 2019-11-15 20:37:03,613 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()] Load Plugin [arp_scan]
40 2019-11-15 20:37:03,684 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()] Load Plugin [beef]
41 2019-11-15 20:37:03,714 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()] Load Plugin [brutexss]
42 2019-11-15 20:37:03,917 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()] Load Plugin [burp]
43 2019-11-15 20:37:03,940 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()] Load Plugin [dig]
44 ...
45 ```
46
+35
-0
doc/development.md less more
0 ## Write you own plugins
1
2 > XML report plugin
3
4 ```python
5 class XXXPLugin(PluginXMLFormat):
6
7 def __init__(self):
8 super().__init__()
9 # Tags to be compared with the xml mail tag, can be a list or a string
10 self.identifier_tag = ["tag1", "tag2"]
11 self.id = 'SOME_PLUGIN_ID' # Can't be repeated
12 self.name = 'Some plugin name'
13 self.plugin_version = 'X.X'
14 # The extension is optional, only if its different than xml
15 self.extension = ".xxx"
16 ```
17
18 > JSON report plugin
19
20 ```python
21 class XXXPLugin(PluginJsonFormat):
22
23 def __init__(self):
24 super().__init__()
25 # keys of the json that identify the report
26 # you don't need to put all the keys, just some of them
27 # it must be a set and will be compared as a subset of the json report keys
28 self.json_keys = {"target_url", "effective_url", "interesting_findings"}
29 self.id = 'SOME_PLUGIN_ID' # Can't be repeated
30 self.name = 'Some plugin name'
31 self.plugin_version = 'X.X'
32 # The extension is optional, only if its different than json
33 self.extension = ".xxx"
34 ```
+1
-1
faraday_plugins/__init__.py less more
0 __version__ = '1.0rc1'
0 __version__ = '1.0.2'
11
22
+14
-1
faraday_plugins/__main__.py less more
0 import logging
01 import os
2 import sys
13 import click
2 from .plugins.manager import PluginsManager, ReportAnalyzer
4
5 from faraday_plugins.plugins.manager import PluginsManager, ReportAnalyzer
6
7 root_logger = logging.getLogger("faraday")
8 if not root_logger.handlers:
9 PLUGIN_DEBUG = os.environ.get("PLUGIN_DEBUG", "0")
10 if PLUGIN_DEBUG == "1":
11 out_hdlr = logging.StreamHandler(sys.stdout)
12 out_hdlr.setFormatter(logging.Formatter('%(asctime)s - %(name)s - %(levelname)s [%(filename)s:%(lineno)s - %(funcName)s()] %(message)s'))
13 out_hdlr.setLevel(logging.DEBUG)
14 root_logger.addHandler(out_hdlr)
15 root_logger.setLevel(logging.DEBUG)
316
417
518 @click.group()
+12
-2
faraday_plugins/plugins/manager.py less more
22 import re
33 import os
44 import sys
5 import json
56 import pkgutil
67 from importlib import import_module
78 from importlib.machinery import SourceFileLoader
6364 file_name_base, file_extension = os.path.splitext(file_name)
6465 file_extension = file_extension.lower()
6566 main_tag = None
67 file_json_keys = {}
6668 logger.debug("Analyze report File")
6769 # Try to parse as xml
6870 try:
7779 logger.debug("Found XML content on file: %s - Main tag: %s", report_path, main_tag)
7880 except Exception as e:
7981 logger.debug("Non XML content [%s] - %s", report_path, e)
82 try:
83 report_file.seek(0)
84 json_data = json.load(report_file)
85 file_json_keys = set(json_data.keys())
86 logger.debug("Found JSON content on file: %s - Keys: %s", report_path, file_json_keys)
87 except Exception as e:
88 logger.debug("Non JSON content [%s] - %s", report_path, e)
8089 finally:
8190 report_file.close()
8291 for _plugin_id, _plugin in self.plugin_manager.get_plugins():
83 logger.debug("Try: %s", _plugin_id)
92 logger.debug("Try plugin: %s", _plugin_id)
8493 try:
85 if _plugin.report_belongs_to(main_tag=main_tag, report_path=report_path, extension=file_extension):
94 if _plugin.report_belongs_to(main_tag=main_tag, report_path=report_path,
95 extension=file_extension, file_json_keys=file_json_keys):
8696 plugin = _plugin
8797 logger.debug("Plugin by File Found: %s", plugin.id)
8898 break
+44
-26
faraday_plugins/plugins/plugin.py less more
185185 """
186186 raise NotImplementedError('This method must be implemented.')
187187
188
189 def createAndAddHost(self, name, os="unknown", hostnames=None, mac=None):
188 def createAndAddHost(self, name, os="unknown", hostnames=None, mac=None, scan_template="", site_name="",
189 site_importance="", risk_score="", fingerprints="", fingerprints_software=""):
190
190191 if not hostnames:
191192 hostnames = []
192193 if os is None:
193194 os = "unknown"
194195 host = {"ip": name, "os": os, "hostnames": hostnames, "description": "", "mac": mac,
195 "credentials": [], "services": [], "vulnerabilities": [],
196 "credentials": [], "services": [], "vulnerabilities": [], "scan_template": scan_template,
197 "site_name": site_name, "site_importance": site_importance, "risk_score": risk_score,
198 "fingerprints": fingerprints, "fingerprints_software": fingerprints_software
196199 }
197200 host_id = self.save_host_cache(host)
198201 return host_id
229232
230233 # @deprecation.deprecated(deprecated_in="3.0", removed_in="3.5",
231234 # current_version=VERSION,
232 # details="Interface object removed. Use host or service instead. Service will be attached to Host!")
235 # details="Interface object removed. Use host or service instead. Service will be attached
236 # to Host!")
233237 def createAndAddServiceToInterface(self, host_id, interface_id, name,
234238 protocol="tcp?", ports=None,
235239 status="open", version="unknown",
257261 return service_id
258262
259263 def createAndAddVulnToHost(self, host_id, name, desc="", ref=None,
260 severity="", resolution="", data="", external_id=None):
264 severity="", resolution="", vulnerable_since="", scan_id="", pci="", data="",
265 external_id=None):
261266 if ref is None:
262267 ref = []
263 vulnerability = {"name": name, "desc": desc, "severity": self.normalize_severity(severity), "refs": ref, "external_id": external_id,
264 "type": "Vulnerability", "resolution": resolution, "data": data}
268 vulnerability = {"name": name, " desc": desc, "severity": self.normalize_severity(severity), "refs": ref,
269 "external_id": external_id, "type": "Vulnerability", "resolution": resolution,
270 "vulnerable_since": vulnerable_since, "scan_id": scan_id, "pci": pci, "data": data}
265271 host = self.get_from_cache(host_id)
272
266273 host["vulnerabilities"].append(vulnerability)
267274 vulnerability_id = len(host["vulnerabilities"]) - 1
268275 return vulnerability_id
269276
270277 # @deprecation.deprecated(deprecated_in="3.0", removed_in="3.5",
271278 # current_version=VERSION,
272 # details="Interface object removed. Use host or service instead. Vuln will be added to Host")
279 # details="Interface object removed. Use host or service instead. Vuln will be added
280 # to Host")
273281 def createAndAddVulnToInterface(self, host_id, interface_id, name,
274282 desc="", ref=None, severity="",
275283 resolution="", data=""):
276 return self.createAndAddVulnToHost(host_id, name, desc=desc, ref=ref, severity=severity,
277 resolution=resolution, data=data)
284 return self.createAndAddVulnToHost(host_id, name, desc=desc, ref=ref, severity=severity, resolution=resolution,
285 data=data)
278286
279287 def createAndAddVulnToService(self, host_id, service_id, name, desc="",
280 ref=None, severity="", resolution="", data="", external_id=None):
288 ref=None, severity="", resolution="", risk="", data="", external_id=None):
281289 if ref is None:
282290 ref = []
283 vulnerability = {"name": name, "desc": desc, "severity": self.normalize_severity(severity), "refs": ref, "external_id": external_id,
284 "type": "Vulnerability", "resolution": resolution, "data": data}
291 vulnerability = {"name": name, "desc": desc, "severity": self.normalize_severity(severity), "refs": ref,
292 "external_id": external_id, "type": "Vulnerability", "resolution": resolution, "riskB": risk,
293 "data": data}
285294 service = self.get_from_cache(service_id)
286295 service["vulnerabilities"].append(vulnerability)
287296 vulnerability_id = self.save_cache(vulnerability)
304313 params = ""
305314 if query is None:
306315 query = ""
316 if website is None:
317 website = ""
318 if path is None:
319 path = ""
320 if request is None:
321 request = ""
322 if response is None:
323 response = ""
307324 if ref is None:
308325 ref = []
309 vulnerability = {"name": name, "desc": desc, "severity": self.normalize_severity(severity), "refs": ref, "external_id": external_id,
310 "type": "VulnerabilityWeb", "resolution": resolution, "data": data, "website": website,
311 "path": path, "request": request, "response": response, "method": method, "pname": pname,
312 "params": params, "query": query, "category": category}
326 vulnerability = {"name": name, "desc": desc, "severity": self.normalize_severity(severity), "refs": ref,
327 "external_id": external_id, "type": "VulnerabilityWeb", "resolution": resolution,
328 "data": data, "website": website, "path": path, "request": request, "response": response,
329 "method": method, "pname": pname, "params": params, "query": query, "category": category}
313330 service = self.get_from_cache(service_id)
314331 service["vulnerabilities"].append(vulnerability)
315332 vulnerability_id = self.save_cache(vulnerability)
328345 def createAndAddNoteToNote(self, host_id, service_id, note_id, name, text):
329346 return None
330347
331 def createAndAddCredToService(self, host_id, service_id, username,
332 password):
348 def createAndAddCredToService(self, host_id, service_id, username, password):
333349 credential = {"name": "credential", "username": username, "password": password}
334350 service = self.get_from_cache(service_id)
335351 service["credentials"].append(credential)
354370 self.logger.debug("Generate Json")
355371 return json.dumps(self.get_data())
356372
373 # TODO Borrar
357374 class PluginTerminalOutput(PluginBase):
358375 def __init__(self):
359376 super().__init__()
365382 self.logger.error(e)
366383
367384
385 # TODO Borrar
368386 class PluginCustomOutput(PluginBase):
369387 def __init__(self):
370388 super().__init__()
405423 match = (main_tag == self.identifier_tag)
406424 elif type(self.identifier_tag) == list:
407425 match = (main_tag in self.identifier_tag)
408 self.logger.debug("Tag Match: [%s =/in %s] -> %s", main_tag, self.identifier_tag, match)
426 self.logger.debug("Tag Match: [%s =/in %s] -> %s", main_tag, self.identifier_tag, match)
409427 return match
410428
411429
416434 self.json_keys = set()
417435 self.extension = ".json"
418436
419 def report_belongs_to(self, **kwargs):
437 def report_belongs_to(self, file_json_keys=None, **kwargs):
420438 match = False
421439 if super().report_belongs_to(**kwargs):
422 pass
440 if file_json_keys is None:
441 file_json_keys = {}
442 match = self.json_keys.issubset(file_json_keys)
443 self.logger.debug("Json Keys Match: [%s =/in %s] -> %s", file_json_keys, self.json_keys, match)
423444 return match
424
425
426
427 # I'm Py3
445 # I'm Py3
+0
-17
faraday_plugins/plugins/repo/acunetix/plugin.py less more
229229 self.options = None
230230 self._current_output = None
231231 self.target = None
232
233232
234233 def parseOutputString(self, output, debug=False):
235234 """
277276 ref=item.ref)
278277 del parser
279278
280
281279 def setHost(self):
282280 pass
283281
284282
285283 def createPlugin():
286284 return AcunetixPlugin()
287
288
289 if __name__ == "__main__":
290 import sys
291 import os
292 if len(sys.argv) == 2:
293 report_file = sys.argv[1]
294 if os.path.isfile(report_file):
295 plugin = createPlugin()
296 plugin.processReport(report_file)
297 print(plugin.get_json())
298 else:
299 print(f"Report not found: {report_file}")
300 else:
301 print(f"USAGE {sys.argv[0]} REPORT_FILE")
+0
-13
faraday_plugins/plugins/repo/amap/plugin.py less more
138138 def createPlugin():
139139 return AmapPlugin()
140140
141 if __name__ == "__main__":
142 import sys
143 import os
144 if len(sys.argv) == 2:
145 report_file = sys.argv[1]
146 if os.path.isfile(report_file):
147 plugin = createPlugin()
148 plugin.processReport(report_file)
149 print(plugin.get_json())
150 else:
151 print(f"Report not found: {report_file}")
152 else:
153 print(f"USAGE {sys.argv[0]} REPORT_FILE")
154141 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/appscan/plugin.py less more
1818 __version__ = "1.0"
1919 __maintainer__ = "Ezequiel Tavella"
2020 __status__ = "Development"
21
2221
2322
2423 def cleaner_unicode(string):
198197 def createPlugin():
199198 return AppscanPlugin()
200199
201 if __name__ == "__main__":
202 import sys
203 import os
204 if len(sys.argv) == 2:
205 report_file = sys.argv[1]
206 if os.path.isfile(report_file):
207 plugin = createPlugin()
208 plugin.processReport(report_file)
209 print(plugin.get_json())
210 else:
211 print(f"Report not found: {report_file}")
212 else:
213 print(f"USAGE {sys.argv[0]} REPORT_FILE")
214200 # I'm Py3
+57
-120
faraday_plugins/plugins/repo/arachni/plugin.py less more
99 import socket
1010 import random
1111 import re
12 from urllib.parse import urlparse
13 import os
1214
1315 try:
1416 import xml.etree.cElementTree as ET
2325 __status__ = 'Development'
2426
2527
26 class ArachniXmlParser():
27
28 class ArachniXmlParser:
2829 def __init__(self, xml_output):
2930 self.tree = self.parse_xml(xml_output)
3031 if self.tree:
3132 self.issues = self.getIssues(self.tree)
3233 self.plugins = self.getPlugins(self.tree)
3334 self.system = self.getSystem(self.tree)
35
3436 else:
3537 self.system = None
3638 self.issues = None
4244 except SyntaxError as err:
4345 print('SyntaxError In xml: %s. %s' % (err, xml_output))
4446 return None
45
4647 return tree
4748
4849 def getIssues(self, tree):
49
5050 # Get vulnerabilities.
5151 issues_tree = tree.find('issues')
5252 for self.issue_node in issues_tree:
5353 yield Issue(self.issue_node)
5454
5555 def getPlugins(self, tree):
56
5756 # Get info about plugins executed in scan.
5857 plugins_tree = tree.find('plugins')
5958 return Plugins(plugins_tree)
6059
6160 def getSystem(self, tree):
62
63 # Get options of scan.
64 return System(tree)
61 system_tree = tree.find('system')
62 return System(system_tree)
6563
6664
6765 class Issue():
6967 def __init__(self, issue_node):
7068
7169 self.node = issue_node
72
7370 self.name = self.getDesc('name')
7471 self.severity = self.getDesc('severity')
7572 self.cwe = self.getDesc('cwe')
76
7773 self.remedy_guidance = self.getDesc('remedy_guidance')
7874 self.description = self.getDesc('description')
79
8075 self.var = self.getChildTag('vector', 'affected_input_name')
8176 self.url = self.getChildTag('vector', 'url')
8277 self.method = self.getChildTag('vector', 'method')
83
8478 self.references = self.getReferences()
8579 self.parameters = self.getParameters()
86
8780 self.request = self.getRequest()
8881 self.response = self.getResponse()
8982
117110 Returns current issue references on this format
118111 {'url': 'http://www.site.com', 'name': 'WebSite'}.
119112 """
120
121113 result = []
122
123114 references = self.node.find('references')
124115
125116 if not references:
136127 # Get parameters of query
137128 result = []
138129
139 parameters = self.node.find('vector').find('inputs')
140
141 if not parameters:
142 return ''
143
144 for param in parameters.findall('input'):
145 name = param.get('name')
146 result.append(name)
130 try:
131 parameters = self.node.find('vector').find('inputs')
132 for param in parameters.findall('input'):
133 name = param.get('name')
134 result.append(name)
135 except:
136 parameters = ''
137
147138
148139 return ' - '.join(result)
149140
178169 def __init__(self, node):
179170
180171 self.node = node
181
182 self.user_agent = 'None'
183 self.url = 'None'
184 self.audited_elements = 'None'
185 self.modules = 'None'
186 self.cookies = 'None'
172 self.user_agent = None
173 self.url = None
174 self.audited_elements = None
175 self.modules = ''
176 self.cookies = None
187177
188178 self.getOptions()
189179
200190 if options:
201191 options_string = options.text
202192 else:
203 return
204
205
206 regex_modules = re.compile('checks:\n([\w\d\s\W\D\S]{0,})(platforms:)')
207 regex_user_agent = re.compile('user_agent:(.+)')
208 regex_cookies = re.compile('cookies: {()}')
209 regex_url = re.compile('url:(.+)')
210
211 regex_audited_elements = re.compile(
212 'audit:\n([\w\d\s\W\D\S]{0,})input:|session:'
213 )
214
215 result = re.search(regex_modules, options_string)
216 if result.group(1):
217 self.modules = result.group(1)
218
219 result = re.search(regex_user_agent, options_string)
220 if result.group(1):
221 self.user_agent = result.group(1)
222
223 result = re.search(regex_cookies, options_string)
224 if result.group(1):
225 self.cookies = result.group(1)
226
227 result = re.search(regex_url, options_string)
228 if result.group(1):
229 self.url = result.group(1)
230
231 result = re.search(regex_audited_elements, options_string)
232 if result.group(1):
233 self.audited_elements = result.group(1)
193 options_string = None
194
195 self.user_agent = self.node.find('user_agent').text
196 self.url = self.node.find('url').text
197 tags_audited_elements = self.node.find('audited_elements')
198 element_text = []
199 for element in tags_audited_elements:
200 element_text.append(element.text)
201 self.audited_elements = element_text
202 tag_module = self.node.find('modules')
203 module_text = []
204 for module in tag_module:
205 module_text.append(module.attrib['name'])
206 self.modules = module_text
207 self.cookies = self.node.find('cookies').text
234208
235209 def getDesc(self, tag):
236210
240214 if description and description.text:
241215 return description.text
242216 else:
243 return 'None'
217 return None
244218
245219 def getNote(self):
246
247 # Create string with scan information.
248 result = (
249 'Scan url:\n' +
250 self.url +
251 '\nUser Agent:\n' +
252 self.user_agent +
253 '\nVersion Arachni:\n' +
254 self.version +
255 '\nStart time:\n' +
256 self.start_time +
257 '\nFinish time:\n' +
258 self.finish_time +
259 '\nAudited Elements:\n' +
260 self.audited_elements +
261 '\nModules:\n' +
262 self.modules +
263 '\nCookies:\n' +
264 self.cookies)
220 result = ('Scan url:\n {} \nUser Agent:\n {} \nVersion Arachni:\n {} \nStart time:\n {} \nFinish time:\n {}'
221 '\nAudited Elements:\n {} \nModules:\n {} \nCookies:\n {}').format(self.url, self.user_agent,
222 self.version, self.start_time,
223 self.finish_time,
224 self.audited_elements,
225 self.modules, self.cookies)
265226
266227 return result
267228
277238 def __init__(self, plugins_node):
278239
279240 self.plugins_node = plugins_node
280
281241 self.healthmap = self.getHealthmap()
282242 self.waf = self.getWaf()
283
243 self.ip = plugins_node.find('resolver').find('results').find('hostname').get('ipaddress')
284244
285245 def getHealthmap(self):
286246
395355 return
396356
397357 self.hostname = self.getHostname(parser.system.url)
398 self.address = self.getAddress(self.hostname)
358 self.address = self.getAddress(parser.plugins.ip)
359
399360
400361 # Create host and interface
401362 host_id = self.createAndAddHost(self.address)
413374 self.protocol,
414375 'tcp',
415376 ports=[self.port],
416 status='Open',
377 status='open',
417378 version='',
418379 description='')
419380
420
421381 # Create issues.
422382 for issue in parser.issues:
423
424 description = issue.description.replace(' ', ' ').replace('\n', ' ').replace('. ', '.\n\n')
425 resol = issue.remedy_guidance.replace(' ', ' ').replace('\n', ' ').replace('. ', '.\n\n')
383 description = str(issue.description)
384 resol = str(issue.remedy_guidance)
426385
427386 references = issue.references
428387 if issue.cwe != 'None':
429 references.append('CWE-' + issue.cwe)
388 references.append('CWE-' + str(issue.cwe))
430389
431390 if resol == 'None':
432391 resol = ''
482441 "arachni_reporter",
483442 self._output_file_path,
484443 afr_output_file_path)
485 return "/usr/bin/env -- bash -c '%s 2>&1 && if [ -e \"%s\" ];then %s 2>&1;fi'" % (main_cmd, afr_output_file_path, reporter_cmd)
486
444 return "/usr/bin/env -- bash -c '%s 2>&1 && if [ -e \"%s\" ];then %s 2>&1;fi'" % (main_cmd,
445 afr_output_file_path,
446 reporter_cmd)
487447
488448 def getHostname(self, url):
489449
490450 # Strips protocol and gets hostname from URL.
491 reg = re.search(
492 '(http|https|ftp)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&%\$\-]+)*@)*('
493 '(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9])\.(25[0-5'
494 ']|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0'
495 '-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0'
496 '-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[0-9])|localhost|([a-zA-Z0-9\-]+'
497 '\.)*[a-zA-Z0-9\-]+\.(com|edu|gov|int|mil|net|org|biz|arpa|info|name|pr'
498 'o|aero|coop|museum|[a-zA-Z]{2}))[\:]*([0-9]+)*([/]*($|[a-zA-Z0-9\.\,\?'
499 '\'\\\+&%\$#\=~_\-]+)).*?$',
500 url
501 )
502
503 self.protocol = reg.group(1)
504 self.hostname = reg.group(4)
451 url_parse = urlparse(url)
452 self.protocol = url_parse.scheme
453 self.hostname = url_parse.netloc
505454
506455 if self.protocol == 'https':
507456 self.port = 443
508 if reg.group(11) is not None:
509 self.port = reg.group(11)
457 elif self.protocol == 'http':
458 if not self.port:
459 self.port = 80
510460
511461 return self.hostname
512462
522472 def createPlugin():
523473 return ArachniPlugin()
524474
525 if __name__ == "__main__":
526 import sys
527 import os
528 if len(sys.argv) == 2:
529 report_file = sys.argv[1]
530 if os.path.isfile(report_file):
531 plugin = createPlugin()
532 plugin.processReport(report_file)
533 print(plugin.get_json())
534 else:
535 print(f"Report not found: {report_file}")
536 else:
537 print(f"USAGE {sys.argv[0]} REPORT_FILE")
538475 # I'm Py3
+0
-13
faraday_plugins/plugins/repo/arp_scan/plugin.py less more
6666 def createPlugin():
6767 return CmdArpScanPlugin()
6868
69 if __name__ == "__main__":
70 import sys
71 import os
72 if len(sys.argv) == 2:
73 report_file = sys.argv[1]
74 if os.path.isfile(report_file):
75 plugin = createPlugin()
76 plugin.processReport(report_file)
77 print(plugin.get_json())
78 else:
79 print(f"Report not found: {report_file}")
80 else:
81 print(f"USAGE {sys.argv[0]} REPORT_FILE")
8269 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/beef/plugin.py less more
103103 def createPlugin():
104104 return BeefPlugin()
105105
106 if __name__ == "__main__":
107 import sys
108 import os
109 if len(sys.argv) == 2:
110 report_file = sys.argv[1]
111 if os.path.isfile(report_file):
112 plugin = createPlugin()
113 plugin.processReport(report_file)
114 print(plugin.get_json())
115 else:
116 print(f"Report not found: {report_file}")
117 else:
118 print(f"USAGE {sys.argv[0]} REPORT_FILE")
119 # I'm Py3
+6
-16
faraday_plugins/plugins/repo/brutexss/plugin.py less more
2222 self.plugin_version = "0.0.2"
2323 self.version = "1.0.0"
2424 self.protocol ='tcp'
25 self._command_regex = re.compile(r'^(sudo brutexss|brutexss|sudo brutexss\.py|brutexss\.py|python brutexss\.py|\.\/brutexss\.py).*?')
25 self._command_regex = re.compile(r'^(sudo brutexss|brutexss|sudo brutexss\.py|brutexss\.py|python brutexss\.py|'
26 r'\.\/brutexss\.py).*?')
2627
2728 def parseOutputString(self, output, debug=False):
2829 lineas = output.split("\n")
4546 found_vuln=len(parametro) > 0
4647 host_id = self.createAndAddHost(url)
4748 address=socket.gethostbyname(url)
48 interface_id = self.createAndAddInterface(host_id,address,ipv4_address=address,hostname_resolution=[url])
49 interface_id = self.createAndAddInterface(host_id, address, ipv4_address=address,
50 hostname_resolution=[url])
4951 service_id = self.createAndAddServiceToInterface(host_id, interface_id, self.protocol, 'tcp',
50 ports=[port], status='Open', version="", description="")
52 ports=[port], status='Open', version="",
53 description="")
5154 if found_vuln:
5255 self.createAndAddVulnWebToService(host_id,service_id, name="xss", desc="XSS", ref='', severity='med',
5356 website=url, path='', method='', pname='', params=''.join(parametro),
6063 def createPlugin():
6164 return brutexss()
6265
63 if __name__ == "__main__":
64 import sys
65 import os
66 if len(sys.argv) == 2:
67 report_file = sys.argv[1]
68 if os.path.isfile(report_file):
69 plugin = createPlugin()
70 plugin.processReport(report_file)
71 print(plugin.get_json())
72 else:
73 print(f"Report not found: {report_file}")
74 else:
75 print(f"USAGE {sys.argv[0]} REPORT_FILE")
7666 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/burp/plugin.py less more
306306 def createPlugin():
307307 return BurpPlugin()
308308
309
310 if __name__ == "__main__":
311 import sys
312 import os
313 if len(sys.argv) == 2:
314 report_file = sys.argv[1]
315 if os.path.isfile(report_file):
316 plugin = createPlugin()
317 plugin.processReport(report_file)
318 print(plugin.get_json())
319 else:
320 print(f"Report not found: {report_file}")
321 else:
322 print(f"USAGE {sys.argv[0]} REPORT_FILE")
323309 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/dig/plugin.py less more
158158 print("some part of the dig plug-in caused an error! Please check repo/dig/plugin.py")
159159 return False
160160
161
162161 return True
163162
164163
165164 def createPlugin():
166165 return DigPlugin()
167166
168 if __name__ == "__main__":
169 import sys
170 import os
171 if len(sys.argv) == 2:
172 report_file = sys.argv[1]
173 if os.path.isfile(report_file):
174 plugin = createPlugin()
175 plugin.processReport(report_file)
176 print(plugin.get_json())
177 else:
178 print(f"Report not found: {report_file}")
179 else:
180 print(f"USAGE {sys.argv[0]} REPORT_FILE")
181167 # I'm Py3
+9
-17
faraday_plugins/plugins/repo/dirb/plugin.py less more
2424 self.plugin_version = "0.0.1"
2525 self.version = "2.22"
2626 self.regexpUrl = r'((http[s]?)\:\/\/([\w\.]+)[.\S]+)'
27 self._command_regex = re.compile(r'^(?:sudo dirb|dirb|\.\/dirb|sudo \.\/dirb)\s+(?:(http[s]?)\:\/\/([\w\.]+)[.\S]+)')
27 self._command_regex = re.compile(r'^(?:sudo dirb|dirb|\.\/dirb|sudo \.\/dirb)\s+(?:(http[s]?)'
28 r'\:\/\/([\w\.]+)[.\S]+)')
2829 self.text = []
2930
3031 def getPort(self, host, proto):
8788 host_id = self.createAndAddHost(ip)
8889 iface_id = self.createAndAddInterface(host_id, ip, ipv4_address = ip)
8990
90 serv_id = self.createAndAddServiceToInterface(host_id, iface_id, proto, protocol = proto, ports =[puerto], status = status)
91 serv_id = self.createAndAddServiceToInterface(host_id, iface_id, proto, protocol=proto, ports=[puerto],
92 status=status)
9193
9294 if len(self.text) > 0:
93 self.createAndAddVulnWebToService(host_id, serv_id, 'Url Fuzzing', severity=0, desc=self.text, website=domain)
95 self.createAndAddVulnWebToService(host_id, serv_id, 'Url Fuzzing', severity=0, desc=self.text,
96 website=domain)
9497
9598 if len(paths) > 0:
96 self.createAndAddVulnWebToService(host_id, serv_id, "Directory Listing", severity = "med", website = domain, request = paths, method = "GET")
99 self.createAndAddVulnWebToService(host_id, serv_id, "Directory Listing", severity="med", website=domain,
100 request=paths, method="GET")
97101
98102 return True
99103
115119 extra_arg +=" -S"
116120 return "%s%s" % (command_string, extra_arg)
117121
122
118123 def createPlugin():
119124 return dirbPlugin()
120125
121 if __name__ == "__main__":
122 import sys
123 import os
124 if len(sys.argv) == 2:
125 report_file = sys.argv[1]
126 if os.path.isfile(report_file):
127 plugin = createPlugin()
128 plugin.processReport(report_file)
129 print(plugin.get_json())
130 else:
131 print(f"Report not found: {report_file}")
132 else:
133 print(f"USAGE {sys.argv[0]} REPORT_FILE")
134126 # I'm Py3
+1
-15
faraday_plugins/plugins/repo/dirsearch/plugin.py less more
99 import argparse
1010 import tempfile
1111 import urllib.parse as urlparse
12
13
1412 from faraday_plugins.plugins.plugin import PluginTerminalOutput
1513 from faraday_plugins.plugins.plugins_utils import get_vulnweb_url_fields
14 import os
1615
1716
1817 __author__ = "Matías Lang"
174173 def createPlugin():
175174 return DirsearchPlugin()
176175
177 if __name__ == "__main__":
178 import sys
179 import os
180 if len(sys.argv) == 2:
181 report_file = sys.argv[1]
182 if os.path.isfile(report_file):
183 plugin = createPlugin()
184 plugin.processReport(report_file)
185 print(plugin.get_json())
186 else:
187 print(f"Report not found: {report_file}")
188 else:
189 print(f"USAGE {sys.argv[0]} REPORT_FILE")
190176 # I'm Py3
+0
-13
faraday_plugins/plugins/repo/dnsenum/plugin.py less more
210210 def createPlugin():
211211 return DnsenumPlugin()
212212
213 if __name__ == "__main__":
214 import sys
215 import os
216 if len(sys.argv) == 2:
217 report_file = sys.argv[1]
218 if os.path.isfile(report_file):
219 plugin = createPlugin()
220 plugin.processReport(report_file)
221 print(plugin.get_json())
222 else:
223 print(f"Report not found: {report_file}")
224 else:
225 print(f"USAGE {sys.argv[0]} REPORT_FILE")
226213 # I'm Py3
+0
-13
faraday_plugins/plugins/repo/dnsmap/plugin.py less more
141141 def createPlugin():
142142 return DnsmapPlugin()
143143
144 if __name__ == "__main__":
145 import sys
146 import os
147 if len(sys.argv) == 2:
148 report_file = sys.argv[1]
149 if os.path.isfile(report_file):
150 plugin = createPlugin()
151 plugin.processReport(report_file)
152 print(plugin.get_json())
153 else:
154 print(f"Report not found: {report_file}")
155 else:
156 print(f"USAGE {sys.argv[0]} REPORT_FILE")
157144 # I'm Py3
+0
-15
faraday_plugins/plugins/repo/dnsrecon/plugin.py less more
172172 self._current_output = None
173173 self._command_regex = re.compile(
174174 r'^(sudo dnsrecon|dnsrecon|sudo dnsrecon\.py|dnsrecon\.py|python dnsrecon\.py|\.\/dnsrecon\.py).*?')
175
176175
177176 def validHosts(self, hosts):
178177 valid_records = ["NS", "CNAME", "A", "MX", "info"]
265264 def createPlugin():
266265 return DnsreconPlugin()
267266
268 if __name__ == "__main__":
269 import sys
270 import os
271 if len(sys.argv) == 2:
272 report_file = sys.argv[1]
273 if os.path.isfile(report_file):
274 plugin = createPlugin()
275 plugin.processReport(report_file)
276 print(plugin.get_json())
277 else:
278 print(f"Report not found: {report_file}")
279 else:
280 print(f"USAGE {sys.argv[0]} REPORT_FILE")
281
282267 # I'm Py3
+0
-13
faraday_plugins/plugins/repo/dnswalk/plugin.py less more
145145 def createPlugin():
146146 return DnswalkPlugin()
147147
148 if __name__ == "__main__":
149 import sys
150 import os
151 if len(sys.argv) == 2:
152 report_file = sys.argv[1]
153 if os.path.isfile(report_file):
154 plugin = createPlugin()
155 plugin.processReport(report_file)
156 print(plugin.get_json())
157 else:
158 print(f"Report not found: {report_file}")
159 else:
160 print(f"USAGE {sys.argv[0]} REPORT_FILE")
161148 # I'm Py3
+2
-14
faraday_plugins/plugins/repo/fierce/plugin.py less more
6565 self.isZoneVuln = False
6666 output = output.replace('\\$', '')
6767 regex = re.search(
68 "Whoah, it worked - misconfigured DNS server found:([^$]+)\nThere isn't much point continuing, you have everything.", output)
68 "Whoah, it worked - misconfigured DNS server found:([^$]+)\nThere isn't much point continuing, "
69 "you have everything.", output)
6970
7071 if regex is not None:
7172 self.isZoneVuln = True
203204 def createPlugin():
204205 return FiercePlugin()
205206
206 if __name__ == "__main__":
207 import sys
208 import os
209 if len(sys.argv) == 2:
210 report_file = sys.argv[1]
211 if os.path.isfile(report_file):
212 plugin = createPlugin()
213 plugin.processReport(report_file)
214 print(plugin.get_json())
215 else:
216 print(f"Report not found: {report_file}")
217 else:
218 print(f"USAGE {sys.argv[0]} REPORT_FILE")
219207 # I'm Py3
+27
-40
faraday_plugins/plugins/repo/fortify/plugin.py less more
199199 params = ''
200200 check_type = issue_data.CheckTypeID
201201 if check_type.text.lower() != 'vulnerability':
202 # TODO: when plugins accept tags, we shoudl this as a tag.
202 # TODO: when plugins accept tags, we should this as a tag.
203203 pass
204204 name = issue_data.Name.text
205205 external_id = issue_data.VulnerabilityID.text
232232
233233 for repro_step in issue_data.findall('./ReproSteps'):
234234 step = repro_step.ReproStep
235
235236 if step is not None:
236237 try:
237238 params = step.PostParams.text
238239 except AttributeError:
239240 pass
240241
241 if not hostname:
242 # This seems to be a mobile app
243 hostname = session.URL.text
244
245 if not port:
246 service_data['name'] = step.Url.text
247 service_data['port'] = step.sourceline
248
249 self.sast_vulns.append({
250 "host": hostname,
251 "severity": severity,
252 "service": service_data,
253 "name": name,
254 "description": description,
255 "external_id": external_id,
256 "references": references,
257 "method": method,
258 "query": query,
259 "response": response,
260 "request": request,
261 "path": path,
262 "params": params,
263 "status_code": status_code,
264 "website": session.URL.text
265 })
242 if not hostname:
243 # This seems to be a mobile app
244 hostname = session.URL.text
245
246 if not port:
247 service_data['name'] = step.Url.text
248 service_data['port'] = step.sourceline
249
250 self.sast_vulns.append({
251 "host": hostname,
252 "severity": severity,
253 "service": service_data,
254 "name": name,
255 "description": description,
256 "external_id": external_id,
257 "references": references,
258 "method": method,
259 "query": query,
260 "response": response,
261 "request": request,
262 "path": path,
263 "params": params,
264 "status_code": status_code,
265 "website": session.URL.text
266 })
266267
267268 def _extract_vulns(self):
268269 # make list of false positives
405406 def createPlugin():
406407 return FortifyPlugin()
407408
408
409 if __name__ == "__main__":
410 import sys
411 import os
412 if len(sys.argv) == 2:
413 report_file = sys.argv[1]
414 if os.path.isfile(report_file):
415 plugin = createPlugin()
416 plugin.processReport(report_file)
417 print(plugin.get_json())
418 else:
419 print(f"Report not found: {report_file}")
420 else:
421 print(f"USAGE {sys.argv[0]} REPORT_FILE")
+2
-14
faraday_plugins/plugins/repo/fruitywifi/plugin.py less more
77 import re
88 import json
99 import traceback
10 import os
1011
1112 __author__ = "xtr4nge"
1213 __copyright__ = "Copyright (c) 2016, FruityWiFi"
136137 return "python " + os.path.dirname(__file__) + "/fruitywifi.py " + params
137138 #return None
138139
140
139141 def createPlugin():
140142 return FruityWiFiPlugin()
141143
142 if __name__ == "__main__":
143 import sys
144 import os
145 if len(sys.argv) == 2:
146 report_file = sys.argv[1]
147 if os.path.isfile(report_file):
148 plugin = createPlugin()
149 plugin.processReport(report_file)
150 print(plugin.get_json())
151 else:
152 print(f"Report not found: {report_file}")
153 else:
154 print(f"USAGE {sys.argv[0]} REPORT_FILE")
155
156144 # I'm Py3
+0
-13
faraday_plugins/plugins/repo/ftp/plugin.py less more
9696 def createPlugin():
9797 return CmdFtpPlugin()
9898
99 if __name__ == "__main__":
100 import sys
101 import os
102 if len(sys.argv) == 2:
103 report_file = sys.argv[1]
104 if os.path.isfile(report_file):
105 plugin = createPlugin()
106 plugin.processReport(report_file)
107 print(plugin.get_json())
108 else:
109 print(f"Report not found: {report_file}")
110 else:
111 print(f"USAGE {sys.argv[0]} REPORT_FILE")
11299 # I'm Py3
+0
-13
faraday_plugins/plugins/repo/goohost/plugin.py less more
166166 def createPlugin():
167167 return GoohostPlugin()
168168
169 if __name__ == "__main__":
170 import sys
171 import os
172 if len(sys.argv) == 2:
173 report_file = sys.argv[1]
174 if os.path.isfile(report_file):
175 plugin = createPlugin()
176 plugin.processReport(report_file)
177 print(plugin.get_json())
178 else:
179 print(f"Report not found: {report_file}")
180 else:
181 print(f"USAGE {sys.argv[0]} REPORT_FILE")
182169 # I'm Py3
+2
-14
faraday_plugins/plugins/repo/hping3/plugin.py less more
3030
3131 def parseOutputString(self, output, debug=False):
3232
33 regex_ipv4 = re.search(r"(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\)\:", output)
33 regex_ipv4 = re.search(r"(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}"
34 r"|2[0-4][0-9]|25[0-5])\)\:", output)
3435 if regex_ipv4:
3536 ip_address = regex_ipv4.group(0).rstrip("):") # Regex pls
3637 else:
7576 def createPlugin():
7677 return hping3()
7778
78 if __name__ == "__main__":
79 import sys
80 import os
81 if len(sys.argv) == 2:
82 report_file = sys.argv[1]
83 if os.path.isfile(report_file):
84 plugin = createPlugin()
85 plugin.processReport(report_file)
86 print(plugin.get_json())
87 else:
88 print(f"Report not found: {report_file}")
89 else:
90 print(f"USAGE {sys.argv[0]} REPORT_FILE")
9179 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/hydra/plugin.py less more
164164 def createPlugin():
165165 return HydraPlugin()
166166
167 if __name__ == "__main__":
168 import sys
169 import os
170 if len(sys.argv) == 2:
171 report_file = sys.argv[1]
172 if os.path.isfile(report_file):
173 plugin = createPlugin()
174 plugin.processReport(report_file)
175 print(plugin.get_json())
176 else:
177 print(f"Report not found: {report_file}")
178 else:
179 print(f"USAGE {sys.argv[0]} REPORT_FILE")
180
181167 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/impact/plugin.py less more
307307 def createPlugin():
308308 return ImpactPlugin()
309309
310 if __name__ == "__main__":
311 import sys
312 import os
313 if len(sys.argv) == 2:
314 report_file = sys.argv[1]
315 if os.path.isfile(report_file):
316 plugin = createPlugin()
317 plugin.processReport(report_file)
318 print(plugin.get_json())
319 else:
320 print(f"Report not found: {report_file}")
321 else:
322 print(f"USAGE {sys.argv[0]} REPORT_FILE")
323
324310 # I'm Py3
+1
-13
faraday_plugins/plugins/repo/ip360/plugin.py less more
112112 severity=calculate_severity(vulnerability.get("severity")),
113113 ref=vulnerability.get("ref"))
114114
115
115116 def createPlugin():
116117 return Ip360Plugin()
117118
118 if __name__ == "__main__":
119 import sys
120 import os
121 if len(sys.argv) == 2:
122 report_file = sys.argv[1]
123 if os.path.isfile(report_file):
124 plugin = createPlugin()
125 plugin.processReport(report_file)
126 print(plugin.get_json())
127 else:
128 print(f"Report not found: {report_file}")
129 else:
130 print(f"USAGE {sys.argv[0]} REPORT_FILE")
131119 # I'm Py3
+0
-15
faraday_plugins/plugins/repo/junit/plugin.py less more
144144
145145 def createPlugin():
146146 return JunitPlugin()
147
148
149 if __name__ == "__main__":
150 import sys
151 import os
152 if len(sys.argv) == 2:
153 report_file = sys.argv[1]
154 if os.path.isfile(report_file):
155 plugin = createPlugin()
156 plugin.processReport(report_file)
157 print(plugin.get_json())
158 else:
159 print(f"Report not found: {report_file}")
160 else:
161 print(f"USAGE {sys.argv[0]} REPORT_FILE")
+1
-14
faraday_plugins/plugins/repo/lynis/plugin.py less more
353353 def createPlugin():
354354 return LynisPlugin()
355355
356 if __name__ == "__main__":
357 import sys
358 import os
359 if len(sys.argv) == 2:
360 report_file = sys.argv[1]
361 if os.path.isfile(report_file):
362 plugin = createPlugin()
363 plugin.processReport(report_file)
364 print(plugin.get_json())
365 else:
366 print(f"Report not found: {report_file}")
367 else:
368 print(f"USAGE {sys.argv[0]} REPORT_FILE")
369 # I'm Py3
356
+0
-14
faraday_plugins/plugins/repo/maltego/plugin.py less more
440440 def createPlugin():
441441 return MaltegoPlugin()
442442
443
444 if __name__ == "__main__":
445 import sys
446 import os
447 if len(sys.argv) == 2:
448 report_file = sys.argv[1]
449 if os.path.isfile(report_file):
450 plugin = createPlugin()
451 plugin.processReport(report_file)
452 print(plugin.get_json())
453 else:
454 print(f"Report not found: {report_file}")
455 else:
456 print(f"USAGE {sys.argv[0]} REPORT_FILE")
457443 # I'm Py3
+0
-15
faraday_plugins/plugins/repo/medusa/plugin.py less more
179179
180180 def createPlugin():
181181 return MedusaPlugin()
182
183
184 if __name__ == "__main__":
185 import sys
186 import os
187 if len(sys.argv) == 2:
188 report_file = sys.argv[1]
189 if os.path.isfile(report_file):
190 plugin = createPlugin()
191 plugin.processReport(report_file)
192 print(plugin.get_json())
193 else:
194 print(f"Report not found: {report_file}")
195 else:
196 print(f"USAGE {sys.argv[0]} REPORT_FILE")
+0
-15
faraday_plugins/plugins/repo/metagoofil/plugin.py less more
116116 def createPlugin():
117117 return MetagoofilPlugin()
118118
119 if __name__ == "__main__":
120 import sys
121 import os
122 if len(sys.argv) == 2:
123 report_file = sys.argv[1]
124 if os.path.isfile(report_file):
125 plugin = createPlugin()
126 plugin.processReport(report_file)
127 print(plugin.get_json())
128 else:
129 print(f"Report not found: {report_file}")
130 else:
131 print(f"USAGE {sys.argv[0]} REPORT_FILE")
132
133
134119 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/metasploit/plugin.py less more
415415 def createPlugin():
416416 return MetasploitPlugin()
417417
418
419 if __name__ == "__main__":
420 import sys
421 import os
422 if len(sys.argv) == 2:
423 report_file = sys.argv[1]
424 if os.path.isfile(report_file):
425 plugin = createPlugin()
426 plugin.processReport(report_file)
427 print(plugin.get_json())
428 else:
429 print(f"Report not found: {report_file}")
430 else:
431 print(f"USAGE {sys.argv[0]} REPORT_FILE")
432418 # I'm Py3
+0
-13
faraday_plugins/plugins/repo/ndiff/plugin.py less more
166166 def createPlugin():
167167 return CmdNdiffPlugin()
168168
169 if __name__ == "__main__":
170 import sys
171 import os
172 if len(sys.argv) == 2:
173 report_file = sys.argv[1]
174 if os.path.isfile(report_file):
175 plugin = createPlugin()
176 plugin.processReport(report_file)
177 print(plugin.get_json())
178 else:
179 print(f"Report not found: {report_file}")
180 else:
181 print(f"USAGE {sys.argv[0]} REPORT_FILE")
182169 # I'm Py3
+1
-14
faraday_plugins/plugins/repo/nessus/plugin.py less more
199199 def createPlugin():
200200 return NessusPlugin()
201201
202 if __name__ == "__main__":
203 import sys
204 import os
205 if len(sys.argv) == 2:
206 report_file = sys.argv[1]
207 if os.path.isfile(report_file):
208 plugin = createPlugin()
209 plugin.processReport(report_file)
210 print(plugin.get_json())
211 else:
212 print(f"Report not found: {report_file}")
213 else:
214 print(f"USAGE {sys.argv[0]} REPORT_FILE")
215 # I'm Py3
202 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/netdiscover/plugin.py less more
4646 def createPlugin():
4747 return NetdiscoverPlugin()
4848
49 if __name__ == "__main__":
50 import sys
51 import os
52 if len(sys.argv) == 2:
53 report_file = sys.argv[1]
54 if os.path.isfile(report_file):
55 plugin = createPlugin()
56 plugin.processReport(report_file)
57 print(plugin.get_json())
58 else:
59 print(f"Report not found: {report_file}")
60 else:
61 print(f"USAGE {sys.argv[0]} REPORT_FILE")
62
6349 # I'm Py3
+23
-24
faraday_plugins/plugins/repo/netsparker/plugin.py less more
0 """
0 """"
11 Faraday Penetration Test IDE
22 Copyright (C) 2013 Infobyte LLC (http://www.infobytesec.com/)
33 See the file 'doc/LICENSE' for the license information
66 from faraday_plugins.plugins.plugin import PluginXMLFormat
77 import re
88 import os
9 import sys
109 import socket
11 import urllib
1210 from bs4 import BeautifulSoup
1311
1412 try:
9694 self.url = self.get_text_from_subnode("url")
9795
9896 host = re.search(
99 "(http|https|ftp)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&%\$\-]+)*@)*((25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[0-9])|localhost|([a-zA-Z0-9\-]+\.)*[a-zA-Z0-9\-]+\.(com|edu|gov|int|mil|net|org|biz|arpa|info|name|pro|aero|coop|museum|[a-zA-Z]{2}))[\:]*([0-9]+)*([/]*($|[a-zA-Z0-9\.\,\?\'\\\+&%\$#\=~_\-]+)).*?$", self.url)
97 "(http|https|ftp)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&%\$\-]+)*@)*((25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]"
98 "{2}|[1-9]{1}[0-9]{1}|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2"
99 "[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]"
100 "{1}|[0-9])|localhost|([a-zA-Z0-9\-]+\.)*[a-zA-Z0-9\-]+\.(com|edu|gov|int|mil|net|org|biz|arpa|info|name|"
101 "pro|aero|coop|museum|[a-zA-Z]{2}))[\:]*([0-9]+)*([/]*($|[a-zA-Z0-9\.\,\?\'\\\+&%\$#\=~_\-]+)).*?$",
102 self.url)
100103
101104 self.protocol = host.group(1)
102105 self.hostname = host.group(4)
134137
135138 self.extra = []
136139 for v in item_node.findall("extrainformation/info"):
137 self.extra.append(v.get('name') + ":" + v.text)
140 name = v.get('name')
141 if name:
142 self.extra.append("{name}:{v.text}")
138143
139144 self.node = item_node
140145 self.node = item_node.find("classification")
180185 sub_node = self.node.find(subnode_xpath_expr)
181186 if sub_node is not None:
182187 return sub_node.text
183
184188 return None
185189
186190
224228 ports=[str(i.port)],
225229 status="open")
226230 first = False
227
231 if i.resolution is not None:
232 resolution = BeautifulSoup(i.resolution, "lxml").text
233 else:
234 resolution = ""
235
236 if i.desc is not None:
237 desc = BeautifulSoup(i.desc, "lxml").text
238 else:
239 desc = ""
240
228241 v_id = self.createAndAddVulnWebToService(h_id, s_id, i.name, ref=i.ref, website=i.hostname,
229 severity=i.severity, desc=BeautifulSoup(i.desc, "lxml").text,
230 path=i.url, method=i.method, request=i.request, response=i.response,
231 resolution=BeautifulSoup(i.resolution, "lxml").text,pname=i.param, data=i.data)
242 severity=i.severity, desc=desc, path=i.url, method=i.method,
243 request=i.request, response=i.response, resolution=resolution,
244 pname=i.param, data=i.data)
232245
233246 del parser
234247
239252 def createPlugin():
240253 return NetsparkerPlugin()
241254
242 if __name__ == "__main__":
243 import sys
244 import os
245 if len(sys.argv) == 2:
246 report_file = sys.argv[1]
247 if os.path.isfile(report_file):
248 plugin = createPlugin()
249 plugin.processReport(report_file)
250 print(plugin.get_json())
251 else:
252 print(f"Report not found: {report_file}")
253 else:
254 print(f"USAGE {sys.argv[0]} REPORT_FILE")
255
256255 # I'm Py3
+2
-16
faraday_plugins/plugins/repo/netsparkercloud/plugin.py less more
254254
255255 v_id = self.createAndAddVulnWebToService(h_id, s_id, i.name, ref=i.ref, website=i.hostname,
256256 severity=i.severity, desc=i.desc, path=i.url, method=i.method,
257 request=i.request, response=i.response, resolution=i.resolution, pname=i.param)
257 request=i.request, response=i.response, resolution=i.resolution,
258 pname=i.param)
258259
259260 del parser
260261
268269 def createPlugin():
269270 return NetsparkerCloudPlugin()
270271
271
272 if __name__ == "__main__":
273 import sys
274 import os
275 if len(sys.argv) == 2:
276 report_file = sys.argv[1]
277 if os.path.isfile(report_file):
278 plugin = createPlugin()
279 plugin.processReport(report_file)
280 print(plugin.get_json())
281 else:
282 print(f"Report not found: {report_file}")
283 else:
284 print(f"USAGE {sys.argv[0]} REPORT_FILE")
285 # I'm Py3
+102
-43
faraday_plugins/plugins/repo/nexpose_full/plugin.py less more
44
55 """
66 from faraday_plugins.plugins.plugin import PluginXMLFormat
7
87 import re
98 import os
10 import sys
119
1210 try:
1311 import xml.etree.cElementTree as ET
1412 import xml.etree.ElementTree as ET_ORIG
13
1514 ETREE_VERSION = ET_ORIG.VERSION
1615 except ImportError:
1716 import xml.etree.ElementTree as ET
17
1818 ETREE_VERSION = ET.VERSION
1919
2020 ETREE_VERSION = [int(i) for i in ETREE_VERSION.split(".")]
128128 if test.get('id').lower() in vulnsDefinitions:
129129 vuln = vulnsDefinitions[test.get('id').lower()].copy()
130130 key = test.get('key', '')
131 vuln['pci'] = test.get('pci-compliance-status')
132 vuln['vulnerable_since'] = test.get('vulnerable-since')
133 vuln['scan_id'] = test.get('scan-id')
131134 if key.startswith('/'):
132135 # It has the path where the vuln was found
133136 # Example key: "/comments.asp||content"
142145 @returns vulns A dict of Vulnerability Definitions
143146 """
144147 vulns = dict()
145 #CVSS V3
148 # CVSS V3
146149 SEVERITY_MAPPING_DICT = {'0': 'info', '1': 'low', '2': 'low', '3': 'low', '4': 'med', '5': 'med', '6': 'med',
147150 '7': 'high', '8': 'high', '9': 'critical', '10': 'critical'}
148151
150153 for vulnDef in vulnsDef.iter('vulnerability'):
151154 vid = vulnDef.get('id').lower()
152155 vector = vulnDef.get('cvssVector')
153
154156 vuln = {
155157 'desc': "",
156158 'name': vulnDef.get('title'),
158160 'resolution': "",
159161 'severity': SEVERITY_MAPPING_DICT[vulnDef.get('severity')],
160162 'tags': list(),
161 'is_web': vid.startswith('http-')
163 'is_web': vid.startswith('http-'),
164 'risk': vulnDef.get('riskScore'),
162165 }
163166
164167 for item in list(vulnDef):
167170 vuln['desc'] += self.parse_html_type(htmlType)
168171 if item.tag == 'exploits':
169172 for exploit in list(item):
170 if exploit.get('title') and exploit.get('link'):
173 if exploit.get('title') and exploit.get('link') and exploit.get('type') \
174 and exploit.get('sklLevel'):
171175 title = exploit.get('title').encode(
172176 "ascii", errors="backslashreplace").strip()
173177 link = exploit.get('link').encode(
174178 "ascii", errors="backslashreplace").strip()
175 vuln['refs'].append(title + b' ' + link)
179 type = exploit.get('type').encode(
180 "ascii", errors="backslashreplace").strip()
181 skillLevel = exploit.get('sklLevel').encode(
182 "ascii", errors="backslashreplace").strip()
183 vuln['refs'].append(title + b' ' + link + b' ' + type + b' ' + skillLevel)
184 if item.tag == 'malware':
185 for names in item.findall("name"):
186 nameMalware = names.text
187 vuln['refs'].append(nameMalware)
176188 if item.tag == 'references':
177189 for ref in list(item):
178190 if ref.text:
181193 vuln['refs'].append(rf)
182194 if item.tag == 'solution':
183195 for htmlType in list(item):
184 vuln[
185 'resolution'] += self.parse_html_type(htmlType)
196 vuln['resolution'] += self.parse_html_type(htmlType)
186197 """
187198 # there is currently no method to register tags in vulns
188199 if item.tag == 'tags':
203214 for node in nodes.iter('node'):
204215 host = dict()
205216 host['name'] = node.get('address')
217 host['mac'] = node.get('hardware-address')
206218 host['hostnames'] = list()
207 host['os'] = ""
219 host['os'] = list()
208220 host['services'] = list()
221 host['fingerprints'] = list()
222 host['fingerprints_software'] = list()
209223 host['vulns'] = self.parse_tests_type(node, vulns)
224 host['scan-template'] = node.get('scan-template')
225 host['scan-name'] = node.get('scan-name')
226 host['scan-importance'] = node.get('scan-importance')
227 host['risk-score'] = node.get('risk-score')
210228
211229 for names in node.iter('names'):
212230 for name in list(names):
213231 host['hostnames'].append(name.text)
214232
215233 for fingerprints in node.iter('fingerprints'):
216 os = fingerprints.find('os')
217 if os is not None:
218 host['os'] = os.get('product', "")
219 if os.get('version') is not None:
220 host['os'] += " " + os.get('version')
234 for os_data in fingerprints.iter('os'):
235 data = {
236 'certainty': os_data.get('certainty'),
237 'vendor': os_data.get('vendor'),
238 'family': os_data.get('family'),
239 'product': os_data.get('product'),
240 'version': os_data.get('version'),
241 'arch': os_data.get('arch'),
242 'device-class': os_data.get('device-class'),
243 }
244 host['os'].append(data)
245
246 for fingerprints_tag in fingerprints.iter('fingerprint'):
247 data_fingerprints_tag = {
248 'certainty': fingerprints_tag.get('certainty'),
249 'product': fingerprints_tag.get('product'),
250 'version': fingerprints_tag.get('version'),
251 }
252 host['fingerprints'].append(data_fingerprints_tag)
221253
222254 for endpoints in node.iter('endpoints'):
223255 for endpoint in list(endpoints):
235267 for config in list(configs):
236268 if "banner" in config.get('name'):
237269 svc['version'] = config.get('name')
238
239270 host['services'].append(svc)
240271
272 for softwaretag in node.iter('software'):
273 for soft_data in softwaretag.iter('fingerprint'):
274 data_soft = {
275 'certainty': soft_data.get('certainty'),
276 'vendor': soft_data.get('vendor'),
277 'family': soft_data.get('family'),
278 'product': soft_data.get('product'),
279 'version': soft_data.get('version'),
280 }
281 host['fingerprints_software'].append(data_soft)
241282 hosts.append(host)
242283
243284 return hosts
260301 self._current_output = None
261302 self._command_regex = re.compile(r'^(sudo nexpose|\.\/nexpose).*?')
262303
263
264304 def parseOutputString(self, output, debug=False):
265305
266306 parser = NexposeFullXmlParser(output)
267307
268308 for item in parser.items:
269
270 h_id = self.createAndAddHost(item['name'], item['os'], hostnames=item['hostnames'])
271
272 i_id = self.createAndAddInterface(
273 h_id,
274 item['name'],
275 ipv4_address=item['name'],
276 hostname_resolution=item['hostnames'])
309 h_id = self.createAndAddHost(item['name'], item['os'], hostnames=item['hostnames'],
310 scan_template=item['scan-template'], site_name=item['scan-name'],
311 site_importance=item['scan-importance'], risk_score=item['risk-score'],
312 fingerprints=item['fingerprints'],
313 fingerprints_software=item['fingerprints_software']
314 )
315 pattern = '([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$'
316 if not item['mac']:
317 item['mac'] = '0000000000000000'
318 match = re.search(pattern, item['mac'])
319 else:
320 match = re.search(pattern, item['mac'])
321 if match:
322 i_id = self.createAndAddInterface(
323 h_id,
324 item['name'],
325 mac=item['mac'],
326 ipv4_address=item['name'],
327 hostname_resolution=item['hostnames'],
328 scan_template=item['scan-template'],
329 site_name=item['scan-name'],
330 site_importance=item['scan-importance'],
331 risk_score=item['risk-score'],
332 fingerprints=item['fingerprints'],
333 fingerprints_software=item['fingerprints_software'],
334 )
335 else:
336 i_id = self.createAndAddInterface(
337 h_id,
338 item['name'],
339 mac=':'.join(item['mac'][i:i + 2] for i in range(0, 12, 2)),
340 ipv4_address=item['name'],
341 hostname_resolution=item['hostnames'])
277342
278343 for v in item['vulns']:
279
344 v['data'] = {"vulnerable_since": v['vulnerable_since'], "scan_id": v['scan_id'], "PCI": v['pci']}
280345 v_id = self.createAndAddVulnToHost(
281346 h_id,
282347 v['name'],
283348 v['desc'],
284349 v['refs'],
285350 v['severity'],
286 v['resolution'])
287
351 v['resolution'],
352 v['vulnerable_since'],
353 v['scan_id'],
354 v['pci']
355 )
288356
289357 for s in item['services']:
290358 web = False
300368 version=version)
301369
302370 for v in s['vulns']:
371
303372 if v['is_web']:
304373 v_id = self.createAndAddVulnWebToService(
305374 h_id,
309378 v['refs'],
310379 v['severity'],
311380 v['resolution'],
312 path=v.get('path',''))
381 v['risk'],
382 path=v.get('path', ''))
313383 else:
314384 v_id = self.createAndAddVulnToService(
315385 h_id,
318388 v['desc'],
319389 v['refs'],
320390 v['severity'],
321 v['resolution'])
391 v['resolution'],
392 v['risk']
393 )
322394
323395 del parser
324396
332404 def createPlugin():
333405 return NexposeFullPlugin()
334406
335 if __name__ == "__main__":
336 import sys
337 import os
338 if len(sys.argv) == 2:
339 report_file = sys.argv[1]
340 if os.path.isfile(report_file):
341 plugin = createPlugin()
342 plugin.processReport(report_file)
343 print(plugin.get_json())
344 else:
345 print(f"Report not found: {report_file}")
346 else:
347 print(f"USAGE {sys.argv[0]} REPORT_FILE")
348407 # I'm Py3
+0
-13
faraday_plugins/plugins/repo/nikto/plugin.py less more
378378 def createPlugin():
379379 return NiktoPlugin()
380380
381 if __name__ == "__main__":
382 import sys
383 import os
384 if len(sys.argv) == 2:
385 report_file = sys.argv[1]
386 if os.path.isfile(report_file):
387 plugin = createPlugin()
388 plugin.processReport(report_file)
389 print(plugin.get_json())
390 else:
391 print(f"Report not found: {report_file}")
392 else:
393 print(f"USAGE {sys.argv[0]} REPORT_FILE")
394381 # I'm Py3
+0
-13
faraday_plugins/plugins/repo/nmap/plugin.py less more
571571 def createPlugin():
572572 return NmapPlugin()
573573
574 if __name__ == "__main__":
575 import sys
576 import os
577 if len(sys.argv) == 2:
578 report_file = sys.argv[1]
579 if os.path.isfile(report_file):
580 plugin = createPlugin()
581 plugin.processReport(report_file)
582 print(plugin.get_json())
583 else:
584 print(f"Report not found: {report_file}")
585 else:
586 print(f"USAGE {sys.argv[0]} REPORT_FILE")
587574 # I'm Py3
+53
-63
faraday_plugins/plugins/repo/openvas/plugin.py less more
66 import re
77 import os
88 from collections import defaultdict
9
10 from copy import copy
911
1012 try:
1113 import xml.etree.cElementTree as ET
172174 self.subnet = self.get_text_from_subnode('subnet')
173175 if self.subnet == '':
174176 self.subnet = self.host
175 self.port = "None"
177 self.port = None
176178 self.severity = self.severity_mapper()
177179 self.service = "Unknown"
178180 self.protocol = ""
179 port = self.get_text_from_subnode('port')
180
181 if "general" not in port:
182 # service vuln
183 info = port.split("/")
184 self.port = info[0]
185 self.protocol = info[1]
181 port_string = self.get_text_from_subnode('port')
182 info = port_string.split("/")
183 self.protocol = "".join(filter(lambda x: x.isalpha() or x in ("-", "_"), info[1]))
184 self.port = "".join(filter(lambda x: x.isdigit(), info[0])) or None
185 if not self.port:
186 self.service = info[0]
187 else:
186188 host_details = hosts[self.host].get('details')
187 self.service = self.get_service(port, host_details)
188 else:
189 # general was found in port data
190 # this is a host vuln
191 # this case will have item.port = 'None'
192 info = port.split("/")
193 self.protocol = info[1]
194 self.service = info[0] # this value is general
189 self.service = self.get_service(port_string, self.port, host_details)
195190 self.nvt = self.node.findall('nvt')[0]
196191 self.node = self.nvt
197192 self.id = self.node.get('oid')
203198 self.resolution = ''
204199 self.cvss_vector = ''
205200 self.tags = self.get_text_from_subnode('tags')
201 self.data = self.get_text_from_subnode('description')
206202 if self.tags:
207203 tags_data = self.get_data_from_tags(self.tags)
208204 self.description = tags_data['description']
209205 self.resolution = tags_data['solution']
210206 self.cvss_vector = tags_data['cvss_base_vector']
211
207 if tags_data['impact']:
208 self.data += '\n\nImpact: {}'.format(tags_data['impact'])
212209
213210 def get_text_from_subnode(self, subnode_xpath_expr):
214211 """
227224 severity = 'Critical'
228225 return severity
229226
230 def get_service(self, port, details_from_host):
227 def get_service(self, port_string, port, details_from_host):
231228 # details_from_host:
232229 # name: name of detail
233230 # value: list with the values associated with the name
234 for name, value in details_from_host.items():
231 details_from_host_copy = copy(details_from_host)
232 services = details_from_host_copy.pop("Services", None)
233 if services:
234 service_detail = self.get_service_from_details("Services", services, port)
235 if service_detail:
236 return service_detail
237 for name, value in details_from_host_copy.items():
235238 service_detail = self.get_service_from_details(name, value, port)
236239 if service_detail:
237240 return service_detail
239242 # the file port_mapper.txt
240243 services_mapper = filter_services()
241244 for service in services_mapper:
242 if service[0] == port:
245 if service[0] == port_string:
243246 return service[1]
244
245247 return "Unknown"
246248
247249 def do_clean(self, value):
257259 # value_list: list with the values associated with the name
258260 res = None
259261 priority = 0
260
261 for value in value_list:
262 if name == 'Services':
263 aux_port = port.split('/')[0]
262 if name == 'Services':
263 for value in value_list:
264264 value_splited = value.split(',')
265 if value_splited[0] == aux_port:
265 if value_splited[0] == port:
266266 res = value_splited[2]
267 priority = 3
268
269 elif '/' in value and priority != 3:
270 auxiliar_value = value.split('/')[0]
271 if auxiliar_value == port.split('/')[0]:
272 res = name
273 priority = 2
274
275 elif value.isdigit() and priority == 0:
276 if value == port.split('/')[0]:
277 res = name
278 priority = 1
279
280 elif '::' in value and priority == 0:
281 aux_value = value.split('::')[0]
282 auxiliar_port = port.split('/')[0]
283 if aux_value == auxiliar_port:
284 res = name
267 break
268 else:
269 for value in value_list:
270 if '/' in value:
271 auxiliar_value = value.split('/')[0]
272 if auxiliar_value == port:
273 res = name
274 priority = 2
275
276 elif value.isdigit() and priority == 0:
277 if value == port:
278 res = name
279 priority = 1
280
281 elif '::' in value and priority == 0:
282 aux_value = value.split('::')[0]
283 if aux_value == port:
284 res = name
285285 return res
286286
287287 def get_data_from_tags(self, tags_text):
292292 data = {
293293 'solution': '',
294294 'cvss_base_vector': '',
295 'description': ''
295 'description': '',
296 'impact': ''
296297 }
297298 for tag in tags:
298299 splited_tag = tag.split('=', 1)
381382 hostnames=[item.host])
382383 ids[item.subnet] = h_id
383384
384 if item.port == "None":
385 if not item.port:
385386 if item.severity not in self.ignored_severities:
386387 v_id = self.createAndAddVulnToHost(
387388 h_id,
390391 severity=item.severity,
391392 resolution=item.resolution,
392393 ref=ref,
393 external_id=item.id)
394 external_id=item.id,
395 data=item.data)
394396 else:
395397 if item.service:
396398 web = re.search(
420422 severity=item.severity,
421423 ref=ref,
422424 resolution=item.resolution,
423 external_id=item.id)
425 external_id=item.id,
426 data=item.data)
424427 elif item.severity not in self.ignored_severities:
425428 self.createAndAddVulnToService(
426429 h_id,
430433 severity=item.severity,
431434 ref=ref,
432435 resolution=item.resolution,
433 external_id=item.id)
436 external_id=item.id,
437 data=item.data)
434438 del parser
435439
436440 def _isIPV4(self, ip):
449453 def createPlugin():
450454 return OpenvasPlugin()
451455
452 if __name__ == "__main__":
453 import sys
454 import os
455 if len(sys.argv) == 2:
456 report_file = sys.argv[1]
457 if os.path.isfile(report_file):
458 plugin = createPlugin()
459 plugin.processReport(report_file)
460 print(plugin.get_json())
461 else:
462 print(f"Report not found: {report_file}")
463 else:
464 print(f"USAGE {sys.argv[0]} REPORT_FILE")
465
466456 # I'm Py3
+0
-13
faraday_plugins/plugins/repo/pasteanalyzer/plugin.py less more
109109 def createPlugin():
110110 return pasteAnalyzerPlugin()
111111
112 if __name__ == "__main__":
113 import sys
114 import os
115 if len(sys.argv) == 2:
116 report_file = sys.argv[1]
117 if os.path.isfile(report_file):
118 plugin = createPlugin()
119 plugin.processReport(report_file)
120 print(plugin.get_json())
121 else:
122 print(f"Report not found: {report_file}")
123 else:
124 print(f"USAGE {sys.argv[0]} REPORT_FILE")
125112 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/peepingtom/plugin.py less more
7373 def createPlugin():
7474 return PeepingTomPlugin()
7575
76 if __name__ == "__main__":
77 import sys
78 import os
79 if len(sys.argv) == 2:
80 report_file = sys.argv[1]
81 if os.path.isfile(report_file):
82 plugin = createPlugin()
83 plugin.processReport(report_file)
84 print(plugin.get_json())
85 else:
86 print(f"Report not found: {report_file}")
87 else:
88 print(f"USAGE {sys.argv[0]} REPORT_FILE")
89
9076 # I'm Py3
+0
-13
faraday_plugins/plugins/repo/ping/plugin.py less more
6464 def createPlugin():
6565 return CmdPingPlugin()
6666
67 if __name__ == "__main__":
68 import sys
69 import os
70 if len(sys.argv) == 2:
71 report_file = sys.argv[1]
72 if os.path.isfile(report_file):
73 plugin = createPlugin()
74 plugin.processReport(report_file)
75 print(plugin.get_json())
76 else:
77 print(f"Report not found: {report_file}")
78 else:
79 print(f"USAGE {sys.argv[0]} REPORT_FILE")
8067
8168 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/propecia/plugin.py less more
7373 def createPlugin():
7474 return CmdPropeciaPlugin()
7575
76 if __name__ == "__main__":
77 import sys
78 import os
79 if len(sys.argv) == 2:
80 report_file = sys.argv[1]
81 if os.path.isfile(report_file):
82 plugin = createPlugin()
83 plugin.processReport(report_file)
84 print(plugin.get_json())
85 else:
86 print(f"Report not found: {report_file}")
87 else:
88 print(f"USAGE {sys.argv[0]} REPORT_FILE")
89
9076 # I'm Py3
+28
-10
faraday_plugins/plugins/repo/qualysguard/plugin.py less more
131131
132132 self.node = item_node
133133 self.ip = self.get_text_from_subnode('IP')
134
134 self.hostname = self.get_text_from_subnode('DNS') or ''
135135 self.os = self.get_text_from_subnode('OPERATING_SYSTEM')
136136 self.vulns = self.getResults(tree)
137137
167167 self.port = self.get_text_from_subnode(self.node, 'PORT')
168168 self.protocol = self.get_text_from_subnode(self.node, 'PROTOCOL')
169169 self.name = self.get_text_from_subnode(self.node, 'QID')
170 self.external_id = self.name
170171 self.result = self.get_text_from_subnode(self.node, 'RESULT')
171172
172173 self.severity_dict = {
199200
200201 # References
201202 self.ref = []
202 self.ref.append(self.get_text_from_glossary('CVE_ID_LIST/CVE_ID/ID'))
203
204 cve_id = self.get_text_from_glossary('CVE_ID_LIST/CVE_ID/ID')
205 if cve_id:
206 self.ref.append(cve_id)
203207
204208 if self.cvss:
205209 self.ref.append('CVSS SCORE: ' + self.cvss)
302306 self.protocol = parent.get('protocol')
303307 self.name = self.node.get('number')
304308 self.external_id = self.node.get('number')
305 self.severity = self.node.get('severity')
306309 self.title = self.get_text_from_subnode('TITLE')
307310 self.cvss = self.get_text_from_subnode('CVSS_BASE')
308311 self.diagnosis = self.get_text_from_subnode('DIAGNOSIS')
309312 self.solution = self.get_text_from_subnode('SOLUTION')
310313 self.result = self.get_text_from_subnode('RESULT')
311314 self.consequence = self.get_text_from_subnode('CONSEQUENCE')
315
316 self.severity_dict = {
317 '1': 'info',
318 '2': 'info',
319 '3': 'med',
320 '4': 'high',
321 '5': 'critical'}
322
323 self.severity = self.severity_dict.get(self.node.get('severity'), 'info')
312324
313325 self.desc = cleaner_results(self.diagnosis)
314326 if self.result:
380392 h_id,
381393 v.title if v.title else v.name,
382394 ref=v.ref,
383 severity=str(int(v.severity) - 1),
395 severity=v.severity,
384396 resolution=v.solution if v.solution else '',
385397 desc=v.desc,
386398 external_id=v.external_id)
387399
388400 else:
389
390401 web = False
402
403 try:
404 port = v.port.decode("utf-8")
405 name = v.name.decode("utf-8")
406 except (UnicodeDecodeError, AttributeError):
407 port = v.port
408 name = v.name
409
391410 s_id = self.createAndAddServiceToHost(
392411 h_id,
393412 v.port,
394413 v.protocol,
395 ports=[str(v.port)],
414 ports=[port],
396415 status='open')
397
398 if v.port in ['80', '443'] or re.search('ssl|http', v.name):
416 if port in ['80', '443'] or re.search('ssl|http', name):
399417 web = True
400418 else:
401419 web = False
407425 v.title if v.title else v.name,
408426 ref=v.ref,
409427 website=item.ip,
410 severity=str(int(v.severity) - 1),
428 severity=v.severity,
411429 desc=v.desc,
412430 resolution=v.solution if v.solution else '',
413431 external_id=v.external_id)
418436 s_id,
419437 v.title if v.title else v.name,
420438 ref=v.ref,
421 severity=str(int(v.severity) - 1),
439 severity=v.severity,
422440 desc=v.desc,
423441 resolution=v.solution if v.solution else '',
424442 external_id=v.external_id)
+0
-14
faraday_plugins/plugins/repo/reconng/plugin.py less more
184184 def createPlugin():
185185 return ReconngPlugin()
186186
187
188 if __name__ == "__main__":
189 import sys
190 import os
191 if len(sys.argv) == 2:
192 report_file = sys.argv[1]
193 if os.path.isfile(report_file):
194 plugin = createPlugin()
195 plugin.processReport(report_file)
196 print(plugin.get_json())
197 else:
198 print(f"Report not found: {report_file}")
199 else:
200 print(f"USAGE {sys.argv[0]} REPORT_FILE")
201187 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/retina/plugin.py less more
239239 def createPlugin():
240240 return RetinaPlugin()
241241
242 if __name__ == "__main__":
243 import sys
244 import os
245 if len(sys.argv) == 2:
246 report_file = sys.argv[1]
247 if os.path.isfile(report_file):
248 plugin = createPlugin()
249 plugin.processReport(report_file)
250 print(plugin.get_json())
251 else:
252 print(f"Report not found: {report_file}")
253 else:
254 print(f"USAGE {sys.argv[0]} REPORT_FILE")
255
256242 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/reverseraider/plugin.py less more
113113 def createPlugin():
114114 return ReverseraiderPlugin()
115115
116
117 if __name__ == "__main__":
118 import sys
119 import os
120 if len(sys.argv) == 2:
121 report_file = sys.argv[1]
122 if os.path.isfile(report_file):
123 plugin = createPlugin()
124 plugin.processReport(report_file)
125 print(plugin.get_json())
126 else:
127 print(f"Report not found: {report_file}")
128 else:
129 print(f"USAGE {sys.argv[0]} REPORT_FILE")
130116 # I'm Py3
+0
-15
faraday_plugins/plugins/repo/skipfish/plugin.py less more
238238 def createPlugin():
239239 return SkipfishPlugin()
240240
241 if __name__ == "__main__":
242 import sys
243 import os
244 if len(sys.argv) == 2:
245 report_file = sys.argv[1]
246 if os.path.isfile(report_file):
247 plugin = createPlugin()
248 plugin.processReport(report_file)
249 print(plugin.get_json())
250 else:
251 print(f"Report not found: {report_file}")
252 else:
253 print(f"USAGE {sys.argv[0]} REPORT_FILE")
254
255
256241 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/sshdefaultscan/plugin.py less more
7272 def createPlugin():
7373 return SSHDefaultScanPlugin()
7474
75 if __name__ == "__main__":
76 import sys
77 import os
78 if len(sys.argv) == 2:
79 report_file = sys.argv[1]
80 if os.path.isfile(report_file):
81 plugin = createPlugin()
82 plugin.processReport(report_file)
83 print(plugin.get_json())
84 else:
85 print(f"Report not found: {report_file}")
86 else:
87 print(f"USAGE {sys.argv[0]} REPORT_FILE")
88
8975 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/sslyze/plugin.py less more
193193 def createPlugin():
194194 return SslyzePlugin()
195195
196 if __name__ == "__main__":
197 import sys
198 import os
199 if len(sys.argv) == 2:
200 report_file = sys.argv[1]
201 if os.path.isfile(report_file):
202 plugin = createPlugin()
203 plugin.processReport(report_file)
204 print(plugin.get_json())
205 else:
206 print(f"Report not found: {report_file}")
207 else:
208 print(f"USAGE {sys.argv[0]} REPORT_FILE")
209
210196 # I'm Py3
+0
-13
faraday_plugins/plugins/repo/telnet/plugin.py less more
9595 def createPlugin():
9696 return TelnetRouterPlugin()
9797
98 if __name__ == "__main__":
99 import sys
100 import os
101 if len(sys.argv) == 2:
102 report_file = sys.argv[1]
103 if os.path.isfile(report_file):
104 plugin = createPlugin()
105 plugin.processReport(report_file)
106 print(plugin.get_json())
107 else:
108 print(f"Report not found: {report_file}")
109 else:
110 print(f"USAGE {sys.argv[0]} REPORT_FILE")
11198 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/theharvester/plugin.py less more
140140 def createPlugin():
141141 return TheharvesterPlugin()
142142
143 if __name__ == "__main__":
144 import sys
145 import os
146 if len(sys.argv) == 2:
147 report_file = sys.argv[1]
148 if os.path.isfile(report_file):
149 plugin = createPlugin()
150 plugin.processReport(report_file)
151 print(plugin.get_json())
152 else:
153 print(f"Report not found: {report_file}")
154 else:
155 print(f"USAGE {sys.argv[0]} REPORT_FILE")
156
157143
158144 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/traceroute/plugin.py less more
6060 def createPlugin():
6161 return traceroutePlugin()
6262
63
64 if __name__ == "__main__":
65 import sys
66 import os
67 if len(sys.argv) == 2:
68 report_file = sys.argv[1]
69 if os.path.isfile(report_file):
70 plugin = createPlugin()
71 plugin.processReport(report_file)
72 print(plugin.get_json())
73 else:
74 print(f"Report not found: {report_file}")
75 else:
76 print(f"USAGE {sys.argv[0]} REPORT_FILE")
7763 # I'm Py3
+5
-24
faraday_plugins/plugins/repo/w3af/plugin.py less more
226226 "-h": "Display this help message.",
227227 }
228228
229
230229 def parseOutputString(self, output, debug=False):
231230
232231 parser = W3afXmlParser(output)
233
234232 ip = self.resolve(parser.host)
235233 h_id = self.createAndAddHost(ip)
236 i_id = self.createAndAddInterface(
237 h_id, ip, ipv4_address=ip, hostname_resolution=[parser.host])
238 s_id = self.createAndAddServiceToInterface(h_id, i_id, "http",
239 "tcp",
240 ports=[parser.port],
241 status="open")
234 i_id = self.createAndAddInterface(h_id, ip, ipv4_address=ip, hostname_resolution=[parser.host])
235 s_id = self.createAndAddServiceToInterface(h_id, i_id, "http", "tcp", ports=[parser.port], status="open")
242236
243237 for item in parser.items:
244238 v_id = self.createAndAddVulnWebToService(h_id, s_id, item.name,
245 item.detail, pname=item.param, path=item.url, website=parser.host, severity=item.severity,
246 method=item.method, request=item.req, resolution=item.resolution, ref=item.ref, response=item.resp)
239 item.detail, pname=item.param, path=item.url, website=parser.host,
240 severity=item.severity, method=item.method, request=item.req,
241 resolution=item.resolution, ref=item.ref, response=item.resp)
247242 del parser
248243
249244 def resolve(self, host):
263258 def createPlugin():
264259 return W3afPlugin()
265260
266 if __name__ == "__main__":
267 import sys
268 import os
269 if len(sys.argv) == 2:
270 report_file = sys.argv[1]
271 if os.path.isfile(report_file):
272 plugin = createPlugin()
273 plugin.processReport(report_file)
274 print(plugin.get_json())
275 else:
276 print(f"Report not found: {report_file}")
277 else:
278 print(f"USAGE {sys.argv[0]} REPORT_FILE")
279
280261 # I'm Py3
+22
-20
faraday_plugins/plugins/repo/wapiti/plugin.py less more
118118 def __init__(self, item_node):
119119 self.node = item_node
120120 self.url = self.get_url(item_node)
121 self.ip = socket.gethostbyname(self.url.hostname)
121 if self.url.hostname is not None:
122 self.ip = socket.gethostbyname(self.url.hostname)
123 else:
124 self.ip = '0.0.0.0'
122125 self.hostname = self.url.hostname
123126 self.port = self.get_port(self.url)
124127 self.scheme = self.url.scheme
236239 self.port = "80"
237240 self.xml_arg_re = re.compile(r"^.*(-oX\s*[^\s]+).*$")
238241 self._command_regex = re.compile(
239 r'^(python wapiti|wapiti|sudo wapiti|sudo wapiti\.py|wapiti\.py|python wapiti\.py|\.\/wapiti\.py|wapiti|\.\/wapiti|python wapiti|python \.\/wapiti).*?')
242 r'^(python wapiti|wapiti|sudo wapiti|sudo wapiti\.py|wapiti\.py|python wapiti\.py|\.\/wapiti\.py|wapiti|\.'
243 r'\/wapiti|python wapiti|python \.\/wapiti).*?')
240244 self._completition = {
241245 "": "python wapiti.py http://server.com/base/url/ [options]",
242246 "-s": "<url> ",
255259 "--remove": "<parameter_name> ",
256260 "-n": "<limit> ",
257261 "--nice": "<limit> ",
258 "-m": "<module_options> Set the modules and HTTP methods to use for attacks. Example: -m \"-all,xss:get,exec:post\"",
259 "--module": "<module_options> Set the modules and HTTP methods to use for attacks. Example: -m \"-all,xss:get,exec:post\"",
262 "-m": "<module_options> Set the modules and HTTP methods to use for attacks. Example: -m \"-all,"
263 "xss:get,exec:post\"",
264 "--module": "<module_options> Set the modules and HTTP methods to use for attacks. Example: -m \"-"
265 "all,xss:get,exec:post\"",
260266 "-u": "Use color to highlight vulnerables parameters in output",
261267 "--underline": "Use color to highlight vulnerables parameters in output",
262268 "-v": "<level> ",
293299 parser = WapitiXmlParser(output)
294300 for item in parser.items:
295301 host_id = self.createAndAddHost(item.ip, hostnames=[item.hostname])
296 service_id = self.createAndAddServiceToHost(host_id, item.scheme, protocol='tcp', ports=[item.port])
302 if item.port is None:
303 port = 0
304 else:
305 port = item.port
306 service_id = self.createAndAddServiceToHost(host_id, item.scheme, protocol='tcp', ports=[port])
297307 for vuln in item.vulns:
298308 for entry in vuln['entries']:
299309 vuln_id = self.createAndAddVulnWebToService(host_id,
315325 user has set.
316326 """
317327 host = re.search(
318 "(http|https|ftp)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&%\$\-]+)*@)*((25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[0-9])|localhost|([a-zA-Z0-9\-]+\.)*[a-zA-Z0-9\-]+\.(com|edu|gov|int|mil|net|org|biz|arpa|info|name|pro|aero|coop|museum|[a-zA-Z]{2}))[\:]*([0-9]+)*([/]*($|[a-zA-Z0-9\.\,\?\'\\\+&%\$#\=~_\-]+)).*?$", command_string)
328 "(http|https|ftp)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&%\$\-]+)*@)*((25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]"
329 "{2}|[1-9]{1}[0-9]{1}|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2"
330 "[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]"
331 "{1}|[0-9])|localhost|([a-zA-Z0-9\-]+\.)*[a-zA-Z0-9\-]+\.(com|edu|gov|int|mil|net|org|biz|arpa|info|name|"
332 "pro|aero|coop|museum|[a-zA-Z]{2}))[\:]*([0-9]+)*([/]*($|[a-zA-Z0-9\.\,\?\'\\\+&%\$#\=~_\-]+)).*?$",
333 command_string)
334
319335 self.protocol = host.group(1)
320336 self.host = host.group(4)
321337 if host.group(11) is not None:
333349 def createPlugin():
334350 return WapitiPlugin()
335351
336
337 if __name__ == "__main__":
338 import sys
339 import os
340 if len(sys.argv) == 2:
341 report_file = sys.argv[1]
342 if os.path.isfile(report_file):
343 plugin = createPlugin()
344 plugin.processReport(report_file)
345 print(plugin.get_json())
346 else:
347 print(f"Report not found: {report_file}")
348 else:
349 print(f"USAGE {sys.argv[0]} REPORT_FILE")
350352 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/wcscan/plugin.py less more
176176 def createPlugin():
177177 return WcscanPlugin()
178178
179 if __name__ == "__main__":
180 import sys
181 import os
182 if len(sys.argv) == 2:
183 report_file = sys.argv[1]
184 if os.path.isfile(report_file):
185 plugin = createPlugin()
186 plugin.processReport(report_file)
187 print(plugin.get_json())
188 else:
189 print(f"Report not found: {report_file}")
190 else:
191 print(f"USAGE {sys.argv[0]} REPORT_FILE")
192
193179 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/webfuzzer/plugin.py less more
151151 def createPlugin():
152152 return WebfuzzerPlugin()
153153
154 if __name__ == "__main__":
155 import sys
156 import os
157 if len(sys.argv) == 2:
158 report_file = sys.argv[1]
159 if os.path.isfile(report_file):
160 plugin = createPlugin()
161 plugin.processReport(report_file)
162 print(plugin.get_json())
163 else:
164 print(f"Report not found: {report_file}")
165 else:
166 print(f"USAGE {sys.argv[0]} REPORT_FILE")
167
168154 # I'm Py3
+0
-15
faraday_plugins/plugins/repo/webinspect/plugin.py less more
2424 def __init__(self, output):
2525 self.xml = ET.fromstring(output)
2626 self.issues = self.xml.findall("Issues/Issue")
27
2827
2928 def parse_severity(self, severity):
3029
167166 def createPlugin():
168167 return WebInspectPlugin()
169168
170
171 if __name__ == "__main__":
172 import sys
173 import os
174 if len(sys.argv) == 2:
175 report_file = sys.argv[1]
176 if os.path.isfile(report_file):
177 plugin = createPlugin()
178 plugin.processReport(report_file)
179 print(plugin.get_json())
180 else:
181 print(f"Report not found: {report_file}")
182 else:
183 print(f"USAGE {sys.argv[0]} REPORT_FILE")
+4
-31
faraday_plugins/plugins/repo/wfuzz/plugin.py less more
7878 chars = item['chars']
7979 words = item['words']
8080 name = "Wfuzz found: {path} with status {status} on url {url}".format(path=path, status=status, url=url)
81 desc = 'Wfuzz found a response with status {status}. Response contains: \n* {words} words \n* {lines} lines \n* {chars} chars'.format(
82 words=words,
83 url=url,
84 lines=lines,
85 chars=chars,
86 status=status
87 )
88 self.createAndAddVulnWebToService(host_id,
89 service_id,
90 name,
91 desc,
92 severity="info",
93 website=target,
94 path=path
95 )
81 desc = 'Wfuzz found a response with status {status}. Response contains: \n* {words} words \n* {lines} ' \
82 'lines \n* {chars} chars'.format(words=words, url=url, lines=lines, chars=chars, status=status)
83 self.createAndAddVulnWebToService(host_id, service_id, name, desc, severity="info", website=target,
84 path=path)
9685
9786
9887 def createPlugin():
9988 return WfuzzPlugin()
10089
101
102 if __name__ == "__main__":
103 import sys
104 import os
105 if len(sys.argv) == 2:
106 report_file = sys.argv[1]
107 if os.path.isfile(report_file):
108 plugin = createPlugin()
109 plugin.processReport(report_file)
110 print(plugin.get_json())
111 else:
112 print(f"Report not found: {report_file}")
113 else:
114 print(f"USAGE {sys.argv[0]} REPORT_FILE")
115
116
11790 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/whois/plugin.py less more
9494 def createPlugin():
9595 return CmdWhoisPlugin()
9696
97 if __name__ == "__main__":
98 import sys
99 import os
100 if len(sys.argv) == 2:
101 report_file = sys.argv[1]
102 if os.path.isfile(report_file):
103 plugin = createPlugin()
104 plugin.processReport(report_file)
105 print(plugin.get_json())
106 else:
107 print(f"Report not found: {report_file}")
108 else:
109 print(f"USAGE {sys.argv[0]} REPORT_FILE")
110
11197 # I'm Py3
+70
-251
faraday_plugins/plugins/repo/wpscan/plugin.py less more
00 """
11 Faraday Penetration Test IDE
2 Copyright (C) 2016 Infobyte LLC (http://www.infobytesec.com/)
2 Copyright (C) 2019 Infobyte LLC (http://www.infobytesec.com/)
33 See the file 'doc/LICENSE' for the license information
44
55 """
66 import re
77 import socket
88 import json
9 from faraday_plugins.plugins.plugin import PluginBase
9 from faraday_plugins.plugins.plugin import PluginJsonFormat
10 from urllib.parse import urlparse
1011
1112
12 __author__ = "Joaquin L. Pereyra | Federico Fernandez"
13 __copyright__ = "Copyright (c) 2016, Infobyte LLC"
14 __credits__ = ["Joaquin L. Pereyra"]
13 __author__ = "Nicolas Rebagliati"
14 __copyright__ = "Copyright (c) 2019, Infobyte LLC"
15 __credits__ = ["Nicolas Rebagliati"]
1516 __license__ = ""
1617 __version__ = "0.0.1"
17 __maintainer__ = "Joaquin L. Pereyra"
18 __email__ = "[email protected]"
18 __maintainer__ = "Nicolas Rebagliati"
19 __email__ = "[email protected]"
1920 __status__ = "Development"
2021
2122
22 class WPScanPlugin(PluginBase):
23 class WPScanJsonParser:
24
25 def __init__(self, json_output):
26 self.json_data = json.loads(json_output)
27
28 def parse_url(self, url):
29 # Strips protocol and gets hostname from URL.
30
31 url_parse = urlparse(url)
32 protocol = url_parse.scheme
33 hostname = url_parse.netloc
34 port = url_parse.port
35
36 if protocol == 'https':
37 port = 443
38 elif protocol == 'http':
39 if not port:
40 port = 80
41 address = self.get_address(hostname)
42 return {'protocol': protocol, 'hostname': hostname, 'port': port, 'address': address}
43
44 def get_address(self, hostname):
45 # Returns remote IP address from hostname.
46 try:
47 return socket.gethostbyname(hostname)
48 except socket.error as msg:
49 return None
50
51
52 class WPScanPlugin(PluginJsonFormat):
2353 """ Handle the WPScan tool. Detects the output of the tool
2454 and adds the information to Faraday.
2555 """
2656
2757 def __init__(self):
28 """Initalizes the plugin with some basic params.
29 Right now the plugin doesnt support being executed from another folder,
30 like /dir/wpscan.rb
31 """
3258 super().__init__()
3359 self.id = "wpscan"
3460 self.name = "WPscan"
3561 self.plugin_version = "0.2"
3662 self.version = "3.4.5"
37 self._command_regex = re.compile(
38 r"^((sudo )?(ruby )?(\.\/)?(wpscan)(.rb)?)")
39 self.wpPath = self.get_wpscan_filepath()
40 self.addSetting("WPscan path", str, self.wpPath)
41 self.themes = {}
42 self.plugins = {}
43 self.wpversion = ''
44 self.risks = {'AUTHBYPASS': 'high',
45 'BYPASS': 'med',
46 'CSRF': 'med',
47 'DOS': 'med',
48 'FPD': 'info',
49 'LFI': 'high',
50 'MULTI': 'unclassified',
51 'OBJECTINJECTION': 'med',
52 'PRIVESC': 'high',
53 'RCE': 'critical',
54 'REDIRECT': 'low',
55 'RFI': 'critical',
56 'SQLI': 'high',
57 'SSRF': 'med',
58 'UNKNOWN': 'unclassified',
59 'UPLOAD': 'critical',
60 'XSS': 'high',
61 'XXE': 'high'}
62
63 def get_wpscan_filepath(self):
64 home = os.path.expanduser("~")
65
66 wpscan_path = os.path.join(home, '.wpscan')
67 if os.path.exists(wpscan_path):
68 return wpscan_path
69 else:
70 return None
71
72 def search_file_in_wpscan_folder(self, wp_file):
73 db_path = os.path.join(self.wpPath, 'db', wp_file)
74 data_path = os.path.join(self.wpPath, 'data', wp_file)
75 if os.path.exists(db_path):
76 return db_path
77 elif os.path.exists(data_path):
78 return data_path
79
80 def getPort(self, host, proto):
81 p = re.search(r"\:([0-9]+)\/", host)
82 if p is not None:
83 return p.group(1)
84 elif proto == 'https':
85 return 443
86 else:
87 return 80
88
89 def parseOutputWpscan(self, output):
90 sp = output.split('0m Name:') # cut by name
91 for e in sp:
92 if 'Title:' in e:
93 if 'WordPress version' in e:
94 r = re.search(r'WordPress version (\d.\w)', e) # get wordpress version
95 self.wpversion = r.group(1)
96
97 elif 'wp-content/themes/' in e:
98 name = re.findall(r"Location: .+themes\/(.+)\/", e) # get theme name
99 title = re.findall(r"Title: (.+)", e) # get vulnerabilities title
100 self.themes[name[0]] = title # insert theme in dicc {'themeName' : ['titles', 'titles']}
101
102 else:
103 name = re.findall(r"Location: .+plugins\/(.+)\/", e) # get plugin name
104 title = re.findall(r"Title: (.+)", e) # get vulnerabilities title
105 self.plugins[name[0]] = title # insert plugin in dicc {'plugin' : ['titles', 'titles']}
106
107 def addThemesOrPluginsVulns(self, wpscan_db_filename, dic, host_id, serv_id, domain, wp_url, name):
108 db_file_path = self.search_file_in_wpscan_folder(wpscan_db_filename)
109 with open(db_file_path, "r") as data:
110 j = json.load(data)
111 for p in dic:
112 for title in dic[p]:
113 for vuln in j[p]['vulnerabilities']: # iter vulnerabilities
114 if vuln['title'] == title: # if output title is equal
115 title = vuln['title'] # title
116 risk = self.risks[vuln['vuln_type']] # vuln type (xss,rce,lfi,etc) - risk
117 location = wp_url+'wp-content/'+name+'/'+p+'/'
118 if 'url' in vuln['references']: # if references
119 refs = vuln['references']['url'] #references[]
120 else:
121 refs = [] # references null
122 self.createAndAddVulnWebToService(
123 host_id,
124 serv_id,
125 title,
126 severity=risk,
127 website=domain,
128 ref=refs,
129 path=location)
130
131 def addWPVulns(self, wpscan_db_filename, version, host_id, serv_id, domain):
132 db_file_path = self.search_file_in_wpscan_folder(wpscan_db_filename)
133 with open(db_file_path, "r") as data:
134 j = json.load(data)
135 for vuln in j[version]['vulnerabilities']: # iter vulnerabilities
136 title = vuln['title'] # title
137 risk = self.risks[vuln['vuln_type']] # vuln type (xss,rce,lfi,etc) - risk
138 if 'url' in vuln['references']: # if references
139 refs = vuln['references']['url'] # references[]
140 else:
141 refs = [] # references null
142 self.createAndAddVulnWebToService(
143 host_id,
144 serv_id,
145 title,
146 severity=risk,
147 website=domain,
148 ref=refs)
63 self.json_keys = {"target_url", "effective_url", "interesting_findings"}
14964
15065 def parseOutputString(self, output, debug=False):
151 """Parses the output given as a string by the wpscan tool and creates
152 the appropiate hosts, service and vulnerabilites. Return
153 nothing.
154 """
155 self.parseOutputWpscan(output)
156 wp_url = re.search(r"URL: ((http[s]?)\:\/\/([\w\.]+)[.\S]+)", output)
157 service, base_url = self.__get_service_and_url_from_output(output)
158 if service and base_url:
159 port = self.getPort(wp_url.group(1), service)
160 host_ip = socket.gethostbyname_ex(base_url)[2][0]
161 host_id = self.createAndAddHost(
162 host_ip,
163 hostnames=[base_url])
164
165 service_id = self.createAndAddServiceToHost(
166 host_id,
167 service,
168 "tcp",
169 ports=[port])
170
171 potential_vulns = re.findall(r"(\[\!\].*)", output)
172 for potential_vuln in potential_vulns:
173 vuln_name, severity = self.__get_name_and_severity(potential_vuln)
174 if vuln_name is not None:
175 vuln = potential_vuln # they grow up so fast
176 path = self.__get_path_from_vuln(vuln)
177 self.createAndAddVulnWebToService(
178 host_id,
179 service_id,
180 name=vuln_name,
181 website=base_url,
182 path=path,
183 severity=severity)
184
185 if len(self.plugins) > 0:
186 self.addThemesOrPluginsVulns(
187 'plugins.json',
188 self.plugins,
189 host_id,
190 service_id,
191 base_url,
192 wp_url.group(1),
193 'plugins')
194
195 if len(self.wpversion) > 0:
196 self.addWPVulns(
197 'wordpresses.json',
198 self.wpversion,
199 host_id,
200 service_id,
201 base_url)
202
203 if len(self.themes) > 0:
204 self.addThemesOrPluginsVulns(
205 'themes.json',
206 self.themes,
207 host_id,
208 service_id,
209 base_url,
210 wp_url.group(1),
211 'themes')
212
213 def __get_service_and_url_from_output(self, output):
214 """ Return the service (http or https) and the base URL (URL without
215 protocol) from a given string. In case more than one URL is found,
216 return the service and base_url of the first one, ignore others.
217 """
218 search_url = re.search(r"URL: ((http[s]?)\:\/\/([\w\.]+)[.\S]+)", output)
219 if not search_url:
220 return None, None
221 else:
222 service, base_url = search_url.group(2), search_url.group(3)
223 return service, base_url
224
225 def __get_name_and_severity(self, potential_vuln):
226 """Regex the potential_vuln string against a regex with all
227 the vulnerabilities given by WPscan. Returns a regex match object with
228 the vulnerability's name and severity if the regex found something
229 and (None, None) if the regex found nothing.
230 """
231 critical_search = re.search(r"Website is not fully configured|"
232 "Debug log file found|"
233 "wp-config\.php backup file has been found|"
234 "searchreplacedb2.php has been found",
235 potential_vuln)
236 if critical_search:
237 return critical_search.group(0), "critical"
238
239 info_search = re.search(r"Directory listing is enabled|"
240 "An error_log file has been found|"
241 "file exists exposing a version number|"
242 "Full Path Disclosure|"
243 "Registration is enabled|"
244 "(Upload|Includes) directory has directory listing enabled|"
245 "Default first Wordpress username 'admin' is still used",
246 potential_vuln)
247 if info_search:
248 return info_search.group(0), "info"
249
250 return None, None
251
252 def __get_path_from_vuln(self, vuln):
253 """Given a vuln as string, return the path as a string (empty string
254 for path not found).
255 """
256 path_search = re.search("(?P<url>https?://[^\s]+)", vuln)
257 path = path_search.group('url') if path_search else ""
258 return path
259
260 def processCommandString(self, username, current_path, command_string):
261 return None
66 parser = WPScanJsonParser(output)
67 url_data = parser.parse_url(parser.json_data['target_url'])
68 host_id = self.createAndAddHost(url_data['address'], hostnames=[url_data['hostname']])
69 service_id = self.createAndAddServiceToHost(
70 host_id,
71 "WordPress",
72 url_data['protocol'],
73 ports=[url_data['port']],
74 status='open',
75 version='',
76 description='')
77 for user, data in parser.json_data.get('users', {}).items():
78 self.createAndAddCredToService(host_id, service_id, user, "")
79 main_theme = parser.json_data.get("main_theme", {})
80 for vuln in main_theme.get("vulnerabilities", []):
81 wpvulndb = ",".join(vuln['references'].get('wpvulndb', []))
82 self.createAndAddVulnWebToService(host_id, service_id, vuln['title'], ref=vuln['references'].get('url', []),
83 severity='unclassified', external_id=wpvulndb)
84 for plugin, plugin_data in parser.json_data.get("plugins", {}).items():
85 for vuln in plugin_data['vulnerabilities']:
86 wpvulndb = ",".join(vuln['references'].get('wpvulndb', []))
87 self.createAndAddVulnWebToService(host_id, service_id, f"{plugin}: {vuln['title']}",
88 ref=vuln['references'].get('url', []),
89 severity='unclassified', external_id=wpvulndb)
90 for vuln in parser.json_data.get("interesting_findings", []):
91 if vuln['to_s'].startswith('http'):
92 vuln_name = f"{vuln['type']}: {vuln['to_s']}"
93 else:
94 vuln_name = vuln['to_s']
95 self.createAndAddVulnWebToService(host_id, service_id, vuln_name, ref=vuln['references'].get('url', []),
96 severity='unclassified')
26297
26398
26499 def createPlugin():
265100 return WPScanPlugin()
266
267 if __name__ == "__main__":
268 import sys
269 import os
270 if len(sys.argv) == 2:
271 report_file = sys.argv[1]
272 if os.path.isfile(report_file):
273 plugin = createPlugin()
274 plugin.processReport(report_file)
275 print(plugin.get_json())
276 else:
277 print(f"Report not found: {report_file}")
278 else:
279 print(f"USAGE {sys.argv[0]} REPORT_FILE")
280
281 # I'm Py3
+0
-14
faraday_plugins/plugins/repo/x1/plugin.py less more
201201 def createPlugin():
202202 return X1Plugin()
203203
204 if __name__ == "__main__":
205 import sys
206 import os
207 if len(sys.argv) == 2:
208 report_file = sys.argv[1]
209 if os.path.isfile(report_file):
210 plugin = createPlugin()
211 plugin.processReport(report_file)
212 print(plugin.get_json())
213 else:
214 print(f"Report not found: {report_file}")
215 else:
216 print(f"USAGE {sys.argv[0]} REPORT_FILE")
217
218204 # I'm Py3
+2
-15
faraday_plugins/plugins/repo/xsssniper/plugin.py less more
2121 self.plugin_version = "0.0.1"
2222 self.version = "1.0.0"
2323 self.protocol="tcp"
24 self._command_regex = re.compile(r'^(sudo xsssniper|xsssniper|sudo xsssniper\.py|xsssniper\.py|sudo python xsssniper\.py|.\/xsssniper\.py|python xsssniper\.py)')
24 self._command_regex = re.compile(r'^(sudo xsssniper|xsssniper|sudo xsssniper\.py|xsssniper\.py|sudo python '
25 r'xsssniper\.py|.\/xsssniper\.py|python xsssniper\.py)')
2526
2627 def parseOutputString(self, output, debug=False):
2728 parametro = []
5960 def createPlugin():
6061 return xsssniper()
6162
62 if __name__ == "__main__":
63 import sys
64 import os
65 if len(sys.argv) == 2:
66 report_file = sys.argv[1]
67 if os.path.isfile(report_file):
68 plugin = createPlugin()
69 plugin.processReport(report_file)
70 print(plugin.get_json())
71 else:
72 print(f"Report not found: {report_file}")
73 else:
74 print(f"USAGE {sys.argv[0]} REPORT_FILE")
75
7663 # I'm Py3
+6
-34
faraday_plugins/plugins/repo/zap/plugin.py less more
66 import os
77 import socket
88 from faraday_plugins.plugins.plugin import PluginXMLFormat
9
9 from urllib.parse import urlparse
1010
1111 try:
1212 import xml.etree.cElementTree as ET
205205 self.requests = "\n".join([i['uri'] for i in self.items])
206206
207207 def parse_uri(self, uri):
208 mregex = re.search(
209 "(http|https|ftp)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&amp"
210 ";%\$\-]+)*@)*((25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]"
211 "{1}|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}"
212 "|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}"
213 "|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|"
214 "[0-9])|localhost|([a-zA-Z0-9\-]+\.)*[a-zA-Z0-9\-]+\.(com|edu|gov|"
215 "int|mil|net|org|biz|arpa|info|name|pro|aero|coop|museum|[a-zA-Z]{2"
216 "}))[\:]*([0-9]+)*([/]*($|[a-zA-Z0-9\.\,\?\'\\\+&amp;%\$#\=~_\-]+))"
217 ".*?$",
218 uri)
219
220 protocol = mregex.group(1)
221 host = mregex.group(4)
222 port = 80
223 if protocol == 'https':
224 port = 443
225 if mregex.group(11) is not None:
226 port = mregex.group(11)
208
209 url_parse = urlparse(uri)
210 protocol = url_parse.scheme
211 host = url_parse.netloc
212 port = url_parse.port
227213
228214 try:
229215 params = [i.split('=')[0]
332318
333319 def createPlugin():
334320 return ZapPlugin()
335
336
337 if __name__ == "__main__":
338 import sys
339 if len(sys.argv) == 2:
340 report_file = sys.argv[1]
341 if os.path.isfile(report_file):
342 plugin = createPlugin()
343 plugin.processReport(report_file)
344 print(plugin.get_json())
345 else:
346 print(f"Report not found: {report_file}")
347 else:
348 print(f"USAGE {sys.argv[0]} REPORT_FILE")
+3
-0
setup.py less more
88 'Click',
99 'simplejson',
1010 'requests',
11 'lxml',
12 'html2text',
13 'beautifulsoup4',
1114 ]
1215
1316
+0
-39
tests/test_autodetection.py less more
0 import os
1
2 import json
3 import pytest
4 from faraday_plugins.plugins.manager import PluginsManager, ReportAnalyzer
5 from faraday_plugins.plugins.plugin import PluginBase
6
7 BLACK_LIST = [
8 'LICENSE',
9 'README.md',
10 '.gitignore',
11 '.gitkeep',
12 ]
13
14 def list_report_files():
15 report_filenames = os.walk('./report-collection')
16
17 for root, directory, filenames in report_filenames:
18 if '.git' in directory:
19 continue
20 for filename in filenames:
21 if filename in BLACK_LIST:
22 continue
23 if '.git' in root:
24 continue
25 yield os.path.join(root, filename)
26
27
28 @pytest.mark.parametrize("report_filename", list_report_files())
29 def test_autodetection_on_all_report_collection(report_filename):
30 plugins_manager = PluginsManager()
31 analyzer = ReportAnalyzer(plugins_manager)
32 plugin: PluginBase = analyzer.get_plugin(report_filename)
33 assert plugin, report_filename
34 plugin.processReport(report_filename)
35 plugin_json = json.loads(plugin.get_json())
36 assert "hosts" in plugin_json
37 assert "command" in plugin_json
38 assert len(plugin_json) == 2
+50
-0
tests/test_report_collection.py less more
0 import os
1
2 import json
3 import pytest
4 from faraday_plugins.plugins.manager import PluginsManager, ReportAnalyzer
5 from faraday_plugins.plugins.plugin import PluginBase
6
7 BLACK_LIST = [
8 'LICENSE',
9 'README.md',
10 '.gitignore',
11 '.gitkeep',
12 ]
13
14 def list_report_files():
15 report_filenames = os.walk('./report-collection')
16
17 for root, directory, filenames in report_filenames:
18 if '.git' in directory:
19 continue
20 for filename in filenames:
21 if filename in BLACK_LIST:
22 continue
23 if '.git' in root:
24 continue
25 yield os.path.join(root, filename)
26
27
28 @pytest.mark.skip(reason="Skip auto detection test until we review all the report files")
29 @pytest.mark.parametrize("report_filename", list_report_files())
30 def test_autodetected_on_all_report_collection(report_filename):
31 plugins_manager = PluginsManager()
32 analyzer = ReportAnalyzer(plugins_manager)
33 plugin: PluginBase = analyzer.get_plugin(report_filename)
34 assert plugin, report_filename
35
36
37 @pytest.mark.parametrize("report_filename", list_report_files())
38 def test_detected_tools_on_all_report_collection(report_filename):
39 plugins_manager = PluginsManager()
40 analyzer = ReportAnalyzer(plugins_manager)
41 plugin: PluginBase = analyzer.get_plugin(report_filename)
42 if not plugin:
43 return
44 assert plugin, report_filename
45 plugin.processReport(report_filename)
46 plugin_json = json.loads(plugin.get_json())
47 assert "hosts" in plugin_json
48 assert "command" in plugin_json
49 assert len(plugin_json) == 2