Cag 2019-04-05 15:04:56 +11:00
Родитель 84e3cb6967 b96c59ed26
Коммит d2fabed02d
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 130B2DC4484808D2
6 изменённых файлов: 52 добавлений и 11 удалений

Просмотреть файл

@ -131,6 +131,12 @@ class Target:
logger.info("[+] HTTP Observatory scan successfully ran.")
self.resultsdict.update({"httpobs": True})
elif isinstance(one_task, task.WebSearchTask):
websearch_results = one_task.runWebSearchScan()
if websearch_results:
logger.info("[+] WebSearch scan successfully ran.")
self.resultsdict.update({"websearch": True})
elif isinstance(one_task, task.SSHScanTask):
sshscan_results = one_task.runSSHScan()
if sshscan_results and sshscan_results.returncode == 0:
@ -146,7 +152,7 @@ class Target:
self.resultsdict.update({"dirbrute": "TIMEOUT"})
else:
logger.error("[-] No or unidentified task specified!")
logger.error("[-] No or unidentified task specified! Task was: {}".format(one_task))
return False
# Need to check if the current Nessus scan is complete

Просмотреть файл

@ -1,6 +1,7 @@
import os
import logging
import coloredlogs
import googlesearch
import json
import nmap
import subprocess
@ -45,6 +46,34 @@ class Task:
time.sleep(interval)
class WebSearchTask(Task):
def __init__(self, target_obj):
super().__init__(target_obj)
def runWebSearchScan(self):
# Limit max amount of results
result_nr_max = 15
# Search for security hits but without the host domain (ie "not their pages")
search_results = []
logger.info("[+] Running WebSearch scan...")
for m in googlesearch.search(query="{} security -site:{}".format(self.tasktarget.targetdomain), num=15):
search_results.append(m)
if len(search_results) >= result_nr_max:
break
if len(search_results) > 0:
try:
with open("/app/results/" + self.tasktarget.targetdomain + "/" + "websearch.txt", "w+") as fd:
for i in search_results:
fd.write(i + "\n")
return True
except Exception:
logger.error("[-] Could not open file for websearch output!")
return False
else:
logger.error("[-] No results from websearch!")
class NmapTask(Task):
def __init__(self, target_obj, scan_type="full"):
super().__init__(target_obj)
@ -189,8 +218,8 @@ class NmapTask(Task):
if results:
try:
nmap_output = open("/app/results/" + self.tasktarget.targetdomain + "/" + "nmap.json", "w+")
nmap_output.write(json.dumps(results))
nmap_output = open("/app/results/" + self.tasktarget.targetdomain + "/" + "nmap_tcp.json", "w+")
nmap_output.write(json.dumps(results, indent=4, sort_keys=True))
return True
except Exception:
logger.error("[-] Could not open file for nmap output!")

Просмотреть файл

@ -3,3 +3,4 @@ python_nmap==0.6.1
netaddr==0.7.19
coloredlogs==10.0
pytest==4.1.1
google==2.0.2

15
run.py
Просмотреть файл

@ -11,9 +11,13 @@ from lib import target, task, utils
# Logging in UTC
logger = logging.getLogger(__name__)
coloredlogs.install(level='INFO', logger=logger, reconfigure=True,
fmt='[%(hostname)s] %(asctime)s %(levelname)-8s %(message)s',
datefmt="%Y-%m-%d %I:%M:%S %p %Z")
coloredlogs.install(
level="INFO",
logger=logger,
reconfigure=True,
fmt="[%(hostname)s] %(asctime)s %(levelname)-8s %(message)s",
datefmt="%Y-%m-%d %I:%M:%S %p %Z",
)
def parseCmdArgs():
@ -126,6 +130,8 @@ def setupVA(va_target, arguments):
va_target.addTask(task.DirectoryBruteTask(va_target, tool="dirb"))
va_target.resultsdict.update({'dirbrute': False})
# HTTP Observatory does not like IPs as a target, skipping
va_target.resultsdict.update({"httpobs": "PASS"})
va_target.resultsdict.update({"websearch": "PASS"})
elif va_target.getType() == "IPv4":
if arguments.tlsobs_scan:
va_target.addTask(task.MozillaTLSObservatoryTask(va_target))
@ -151,8 +157,7 @@ def setupVA(va_target, arguments):
def showScanSummary(result_dictionary):
coloredlogs.install(level='INFO', logger=logger, reconfigure=True,
fmt='%(levelname)-10s %(message)s')
coloredlogs.install(level="INFO", logger=logger, reconfigure=True, fmt="%(levelname)-10s %(message)s")
print("\n====== SCAN SUMMARY ======")
for one_task, status in result_dictionary.items():

Просмотреть файл

@ -6,7 +6,7 @@ from setuptools import setup, find_packages
with open("Readme.md", "r") as fh:
long_description = fh.read()
requirements = ["coloredlogs", "netaddr", "nmap", "tenable_io"]
requirements = ["google", "coloredlogs", "netaddr", "nmap", "tenable_io"]
test_requirements = ["pytest", "pytest-watch", "pytest-cov", "flake8"]
setup_requirements = ["pytest-runner", "setuptools>=40.5.0"]

Просмотреть файл

@ -8,4 +8,4 @@ skipsdist=True
deps=
.[test]
./
commands=pytest tests/ --cov=lib
commands=pytest tests/ --cov=lib {posargs}