Fix Tenable stack tracing, no cmd line arguments
This commit is contained in:
Родитель
d3af479a49
Коммит
3d38973214
32
Makefile
32
Makefile
|
@ -13,38 +13,6 @@ build: Dockerfile docker-compose.yml
|
|||
force-build: Dockerfile docker-compose.yml
|
||||
docker-compose build --no-cache vautomator
|
||||
|
||||
.PHONY: fullscan
|
||||
fullscan:
|
||||
docker run -v ${PWD}/results:/app/results -it vautomator:latest ./run.py -a $(TARGET)
|
||||
|
||||
.PHONY: portscan
|
||||
portscan:
|
||||
docker run -v ${PWD}/results:/app/results -it vautomator:latest ./run.py -p $(TARGET)
|
||||
|
||||
.PHONY: nessusscan
|
||||
nessusscan:
|
||||
docker run -v ${PWD}/results:/app/results -it vautomator:latest ./run.py -n $(TARGET)
|
||||
|
||||
.PHONY: observatory
|
||||
observatory:
|
||||
docker run -v ${PWD}/results:/app/results -it vautomator:latest ./run.py -o $(TARGET)
|
||||
|
||||
.PHONY: tlsobs
|
||||
tlsobs:
|
||||
docker run -v ${PWD}/results:/app/results -it vautomator:latest ./run.py -t $(TARGET)
|
||||
|
||||
.PHONY: sshscan
|
||||
sshscan:
|
||||
docker run -v ${PWD}/results:/app/results -it vautomator:latest ./run.py -s $(TARGET)
|
||||
|
||||
.PHONY: direnum
|
||||
direnum:
|
||||
docker run -v ${PWD}/results:/app/results -it vautomator:latest ./run.py -d $(TARGET)
|
||||
|
||||
.PHONY: websearch
|
||||
websearch:
|
||||
docker run -v ${PWD}/results:/app/results -it vautomator:latest ./run.py -w $(TARGET)
|
||||
|
||||
.PHONY: test
|
||||
test:
|
||||
python -m pytest tests/
|
||||
|
|
|
@ -220,7 +220,7 @@ class NmapTask(Task):
|
|||
|
||||
if results:
|
||||
try:
|
||||
nmap_output = open("/app/results/" + self.tasktarget.targetdomain + "/" + "nmap_tcp.json", "w+")
|
||||
nmap_output = open("/app/results/" + self.tasktarget.targetdomain + "/" + "nmap.json", "w+")
|
||||
nmap_output.write(json.dumps(results, indent=4, sort_keys=True))
|
||||
return True
|
||||
except Exception:
|
||||
|
|
185
run.py
185
run.py
|
@ -20,153 +20,43 @@ coloredlogs.install(
|
|||
)
|
||||
|
||||
|
||||
def parseCmdArgs():
|
||||
|
||||
parser = argparse.ArgumentParser(usage='run.py [options] target',
|
||||
description="Sequentially run a number of\
|
||||
tasks to perform a vulnerability assessment on a target.")
|
||||
# Note: These two are not implemented yet
|
||||
argument_group = parser.add_mutually_exclusive_group()
|
||||
argument_group.add_argument('-v', '--verbose',
|
||||
action='store_true',
|
||||
help="increase tool verbosity",
|
||||
default=False)
|
||||
argument_group.add_argument('-q', '--quiet',
|
||||
action='store_true',
|
||||
help="quiet run, show almost no output",
|
||||
default=False)
|
||||
|
||||
# target is a positional argument, must be specified
|
||||
parser.add_argument('target',
|
||||
help="host to scan - this could be an IP address, FQDN or a hostname")
|
||||
parser.add_argument('-a',
|
||||
dest='all',
|
||||
action='store_true',
|
||||
help="Run ALL tasks on the target",
|
||||
default=False)
|
||||
parser.add_argument('-p',
|
||||
dest='port_scan',
|
||||
action='store_true',
|
||||
help="Run a port scan (nmap) on the target",
|
||||
default=False)
|
||||
parser.add_argument('-o',
|
||||
dest='httpobs_scan',
|
||||
action='store_true',
|
||||
help="Run HTTP Observatory scan on the target",
|
||||
default=False)
|
||||
parser.add_argument('-t',
|
||||
dest='tlsobs_scan',
|
||||
action='store_true',
|
||||
help="Run TLS Observatory scan on the target",
|
||||
default=False)
|
||||
parser.add_argument('-s',
|
||||
dest='ssh_scan',
|
||||
action='store_true',
|
||||
help="Run ssh_scan on the target",
|
||||
default=False)
|
||||
parser.add_argument('-d',
|
||||
dest='direnum_scan',
|
||||
action='store_true',
|
||||
help="Run directory enumeration scan on the target",
|
||||
default=False)
|
||||
parser.add_argument('-n',
|
||||
dest='nessus_scan',
|
||||
action='store_true',
|
||||
help="Run Tenable.io (Nessus) scan on the target",
|
||||
default=False)
|
||||
parser.add_argument('-w',
|
||||
dest='web_search',
|
||||
action='store_true',
|
||||
help="Search for this target on the web for interesting content",
|
||||
default=False)
|
||||
|
||||
args = parser.parse_args()
|
||||
return args
|
||||
|
||||
|
||||
def setupVA(va_target, arguments):
|
||||
|
||||
if arguments.all:
|
||||
# No smart logic, just add & run all tasks
|
||||
va_target.addTask(task.NessusTask(va_target))
|
||||
va_target.addTask(task.NmapTask(va_target))
|
||||
va_target.addTask(task.SSHScanTask(va_target))
|
||||
va_target.addTask(task.MozillaHTTPObservatoryTask(va_target))
|
||||
va_target.addTask(task.MozillaTLSObservatoryTask(va_target))
|
||||
va_target.addTask(task.WebSearchTask(va_target))
|
||||
va_target.addTask(task.DirectoryBruteTask(va_target, tool="dirb"))
|
||||
|
||||
return va_target
|
||||
|
||||
# Regardless of the type of target, we will run:
|
||||
# 1. Nessus scan
|
||||
# 2. Nmap scan
|
||||
# Also kicking of Nessus scan as the first task as it takes time
|
||||
# Note: Passed flags can override these
|
||||
if arguments.port_scan:
|
||||
va_target.addTask(task.NmapTask(va_target))
|
||||
va_target.resultsdict.update({'nmap': False})
|
||||
if arguments.nessus_scan:
|
||||
va_target.addTask(task.NessusTask(va_target))
|
||||
va_target.resultsdict.update({'nessus': False})
|
||||
if arguments.ssh_scan:
|
||||
va_target.addTask(task.SSHScanTask(va_target))
|
||||
va_target.resultsdict.update({'sshscan': False})
|
||||
if arguments.web_search:
|
||||
va_target.addTask(task.WebSearchTask(va_target))
|
||||
va_target.resultsdict.update({'websearch': False})
|
||||
va_target.addTask(task.NessusTask(va_target))
|
||||
va_target.addTask(task.NmapTask(va_target))
|
||||
|
||||
if "URL" in va_target.getType():
|
||||
# We have a URL, means HTTP Obs, TLS Obs,
|
||||
# and directory brute scans are a go
|
||||
# Note: Passed flags can override these
|
||||
if va_target.getType() == "FQDN|URL":
|
||||
# We can run all tools/tasks
|
||||
if arguments.httpobs_scan:
|
||||
va_target.addTask(task.MozillaHTTPObservatoryTask(va_target))
|
||||
va_target.resultsdict.update({'httpobs': False})
|
||||
if arguments.tlsobs_scan:
|
||||
va_target.addTask(task.MozillaTLSObservatoryTask(va_target))
|
||||
va_target.resultsdict.update({'tlsobs': False})
|
||||
if arguments.direnum_scan:
|
||||
va_target.addTask(task.DirectoryBruteTask(va_target, tool="dirb"))
|
||||
va_target.resultsdict.update({'dirbrute': False})
|
||||
if arguments.web_search:
|
||||
va_target.addTask(task.WebSearchTask(va_target))
|
||||
va_target.resultsdict.update({'websearch': False})
|
||||
va_target.addTask(task.MozillaHTTPObservatoryTask(va_target))
|
||||
va_target.addTask(task.MozillaTLSObservatoryTask(va_target))
|
||||
va_target.addTask(task.DirectoryBruteTask(va_target, tool="dirb"))
|
||||
va_target.addTask(task.WebSearchTask(va_target))
|
||||
else:
|
||||
if arguments.tlsobs_scan:
|
||||
va_target.addTask(task.MozillaTLSObservatoryTask(va_target))
|
||||
va_target.resultsdict.update({'tlsobs': False})
|
||||
if arguments.direnum_scan:
|
||||
va_target.addTask(task.DirectoryBruteTask(va_target, tool="dirb"))
|
||||
va_target.resultsdict.update({'dirbrute': False})
|
||||
va_target.addTask(task.MozillaTLSObservatoryTask(va_target))
|
||||
va_target.addTask(task.DirectoryBruteTask(va_target, tool="dirb"))
|
||||
# HTTP Observatory does not like IPs as a target, skipping
|
||||
va_target.resultsdict.update({"httpobs": "PASS"})
|
||||
# Also skipping web search for the IP address targets
|
||||
va_target.resultsdict.update({"websearch": "PASS"})
|
||||
elif va_target.getType() == "IPv4":
|
||||
if arguments.tlsobs_scan:
|
||||
va_target.addTask(task.MozillaTLSObservatoryTask(va_target))
|
||||
va_target.resultsdict.update({'tlsobs': False})
|
||||
if arguments.direnum_scan:
|
||||
va_target.addTask(task.DirectoryBruteTask(va_target, tool="dirb"))
|
||||
va_target.resultsdict.update({'dirbrute': False})
|
||||
va_target.addTask(task.MozillaTLSObservatoryTask(va_target))
|
||||
va_target.addTask(task.DirectoryBruteTask(va_target, tool="dirb"))
|
||||
# Again, HTTP Observatory does not like IPs as a target, skipping
|
||||
va_target.resultsdict.update({"httpobs": "PASS"})
|
||||
va_target.resultsdict.update({"websearch": "PASS"})
|
||||
else:
|
||||
# FQDN, we can run all tools/tasks
|
||||
if arguments.httpobs_scan:
|
||||
va_target.addTask(task.MozillaHTTPObservatoryTask(va_target))
|
||||
va_target.resultsdict.update({'httpobs': False})
|
||||
if arguments.tlsobs_scan:
|
||||
va_target.addTask(task.MozillaTLSObservatoryTask(va_target))
|
||||
va_target.resultsdict.update({'tlsobs': False})
|
||||
if arguments.direnum_scan:
|
||||
va_target.addTask(task.DirectoryBruteTask(va_target, tool="dirb"))
|
||||
va_target.resultsdict.update({'dirbrute': False})
|
||||
if arguments.web_search:
|
||||
va_target.addTask(task.WebSearchTask(va_target))
|
||||
va_target.resultsdict.update({'websearch': False})
|
||||
va_target.addTask(task.MozillaHTTPObservatoryTask(va_target))
|
||||
va_target.addTask(task.MozillaTLSObservatoryTask(va_target))
|
||||
va_target.addTask(task.DirectoryBruteTask(va_target, tool="dirb"))
|
||||
va_target.addTask(task.WebSearchTask(va_target))
|
||||
|
||||
return va_target
|
||||
|
||||
|
@ -178,8 +68,8 @@ def showScanSummary(result_dictionary):
|
|||
print("\n====== SCAN SUMMARY ======")
|
||||
for one_task, status in result_dictionary.items():
|
||||
if status:
|
||||
if status == "NA":
|
||||
logger.warning("[!] [ :| ] " + one_task + " scan skipped as not specified.")
|
||||
if status == "PASS":
|
||||
logger.warning("[!] [ :| ] " + one_task + " scan skipped as not applicable to the target.")
|
||||
elif status == "TIMEOUT":
|
||||
logger.warning("[!] [ :| ] " + one_task + " timed out and was killed! Run manually if you like.")
|
||||
else:
|
||||
|
@ -190,19 +80,18 @@ def showScanSummary(result_dictionary):
|
|||
print("====== END OF SCAN =======\n")
|
||||
|
||||
|
||||
def runVA(scan_with_tasks, outpath, compress_results):
|
||||
logger.info("[+] Running the scans now. This may take a while...")
|
||||
def runVA(scan_with_tasks, outpath):
|
||||
logger.info("[+] Running all the scans now. This may take a while...")
|
||||
results = scan_with_tasks.runTasks()
|
||||
# results here is a dict
|
||||
time.sleep(1)
|
||||
# Return code check is a bit hacky,
|
||||
# basically we are ignoring warnings from tar
|
||||
|
||||
if compress_results:
|
||||
if utils.package_results(outpath).returncode is not 127:
|
||||
logger.info("[+] All done. Tool output from the scan can be found at " + outpath)
|
||||
else:
|
||||
logger.warning("[!] There was a problem compressing tool output. Check " + outpath + " manually.")
|
||||
if utils.package_results(outpath).returncode is not 127:
|
||||
logger.info("[+] All done. Tool output from the scan can be found at " + outpath)
|
||||
else:
|
||||
logger.warning("[!] There was a problem compressing tool output. Check " + outpath + " manually.")
|
||||
time.sleep(1)
|
||||
showScanSummary(results)
|
||||
|
||||
|
@ -210,17 +99,15 @@ def runVA(scan_with_tasks, outpath, compress_results):
|
|||
def main():
|
||||
|
||||
scan_success = {
|
||||
'nmap': "NA",
|
||||
'nessus': "NA",
|
||||
'tlsobs': "NA",
|
||||
'httpobs': "NA",
|
||||
'sshscan': "NA",
|
||||
'websearch': 'NA',
|
||||
'dirbrute': "NA"
|
||||
'nmap': False,
|
||||
'nessus': False,
|
||||
'tlsobs': False,
|
||||
'httpobs': False,
|
||||
'sshscan': False,
|
||||
'websearch': False,
|
||||
'dirbrute': False
|
||||
}
|
||||
compress_results = True
|
||||
tool_arguments = parseCmdArgs()
|
||||
destination = tool_arguments.target
|
||||
destination = sys.argv[1]
|
||||
output_path = "/app/results/" + destination + "/"
|
||||
va_target = target.Target(destination, scan_success)
|
||||
|
||||
|
@ -238,12 +125,10 @@ def main():
|
|||
os.stat(output_path)
|
||||
except Exception:
|
||||
os.mkdir(output_path)
|
||||
|
||||
va_scan = setupVA(va_target, tool_arguments)
|
||||
if not tool_arguments.all:
|
||||
compress_results = False
|
||||
runVA(va_scan, output_path, compress_results)
|
||||
|
||||
va_scan = setupVA(va_target)
|
||||
runVA(va_scan, output_path)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
|
|
Загрузка…
Ссылка в новой задаче