本文整理汇总了Python中skaldship.general.check_datadir函数的典型用法代码示例。如果您正苦于以下问题:Python check_datadir函数的具体用法?Python check_datadir怎么用?Python check_datadir使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了check_datadir函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: import_mass_password
def import_mass_password():
"""
Process a mass run of medusa/hydra.. result file will have IP addresses, service and info
"""
if request.extension == "load":
buttons = []
else:
buttons = ["submit"]
from skaldship.general import check_datadir
check_datadir(request.folder)
form = SQLFORM.factory(
Field(
"f_filename",
"upload",
uploadfolder=os.path.join(request.folder, settings.password_upload_dir),
label=T("Password file"),
),
Field(
"f_ftype",
"string",
label=T("File Type"),
default="Medusa",
requires=IS_IN_SET(("Medusa", "Hydra", "Metasploit Creds CSV")),
),
Field("f_proto", "string", label=T("Protocol"), default="tcp", requires=IS_IN_SET(("tcp", "udp", "info"))),
Field("f_number", "string", label=T("Port Number"), requires=IS_NOT_EMPTY()),
Field("f_message", "string", label=T("Message to add")),
Field("f_add_hosts", "boolean", label=T("Add Hosts"), comment=T("Add missing hosts to the database")),
buttons=buttons,
_action=URL("accounts", "import_mass_password"),
_id="import_mass_password",
)
if request.vars.f_filename is not None:
orig_filename = request.vars.f_filename.filename
if form.errors:
response.flash = "Error in form"
return TABLE(*[TR(k, v) for k, v in form.errors.items()])
elif form.accepts(request.vars, session):
filename = os.path.join(request.folder, settings.password_upload_dir, form.vars.f_filename)
logger.info("Processing password file: %s" % (filename))
resp_text = process_mass_password(
pw_file=filename,
pw_type=request.vars.f_ftype,
message=request.vars.f_message,
proto=request.vars.f_proto,
portnum=request.vars.f_number,
add_hosts=request.vars.f_add_hosts,
user_id=auth.user.id,
)
response.flash = resp_text
response.title = "%s :: Import Mass Password File" % (settings.title)
if request.extension == "json":
return dict()
else:
return dict(form=form)
开发者ID:nxbdi,项目名称:Kvasir,代码行数:60,代码来源:accounts.py
示例2: do_screenshot
def do_screenshot(services=None):
"""
Grab a screenshot of a URL and import it to the evidence db.
"""
try:
from pydal.objects import Row
except ImportError:
from gluon.dal import Row
from skaldship.general import check_datadir
db = current.globalenv['db']
settings = current.globalenv['settings']
if isinstance(services, int):
services = [services]
service_rows = []
if isinstance(services, list):
for svc in services:
service_rows.append(db.t_services[svc])
if isinstance(services, Row):
service_rows = [services]
phantomjs = settings.get('phantomjs', 'phantomjs')
good_count = 0
invalid_count = 0
for svc_rec in service_rows:
if not isinstance(svc_rec, Row):
invalid_count += 1
continue
ipaddr = svc_rec.f_hosts_id.f_ipaddr
port = "%s%s" % (svc_rec.f_number, svc_rec.f_proto[0])
check_datadir(current.globalenv['request'].folder)
folder = os.path.join(current.globalenv['request'].folder, "data/screenshots")
filename = "%s-%s-webshot.png" % (ipaddr.replace(':', '_'), port)
if svc_rec.f_name in ['http', 'https', 'HTTP', 'HTTPS']:
scheme = svc_rec.f_name.lower()
else:
scheme = 'http'
url = "%s://%s:%s/" % (scheme, ipaddr, svc_rec.f_number)
res = grab_screenshot(url, os.path.join(folder, filename), phantomjs)
if res[0]:
query = (db.t_evidence.f_hosts_id == svc_rec.f_hosts_id) & (db.t_evidence.f_filename == filename)
db.t_evidence.update_or_insert(
query, f_filename=filename, f_hosts_id=svc_rec.f_hosts_id, f_data=res[1],
f_evidence=filename, f_type="Screenshot", f_text="Web Screenshot - %s" % (url))
db.commit()
print(" [-] Web screenshot obtained: %s" % (url))
good_count += 1
else:
print(" [!] Web screenshot failed: %s" % (url))
invalid_count += 1
return [good_count, invalid_count]
开发者ID:KvasirSecurity,项目名称:Kvasir,代码行数:59,代码来源:webimaging.py
示例3: database_restore
def database_restore():
"""
Retore a database from CSV data
"""
response.title = "%s :: Database CSV Restore" % (settings.title)
import os
import glob
from skaldship.general import check_datadir
check_datadir(request.folder)
backup_dir = os.path.join(request.folder, "data/backups")
os.chdir(backup_dir)
csv_files = []
for ext in ["*.csv", "*.csv.gz"]:
csv_files.extend(glob.glob(ext))
form = SQLFORM.factory(
Field("file", type="string", requires=IS_EMPTY_OR(IS_IN_SET(csv_files)), label=T("Local File")),
Field("upload", type="upload", uploadfolder=backup_dir, label=T("Upload CSV File")),
Field("wipe", type="boolean", default=False, label=T("Wipe all existing data")),
)
if form.process().accepted:
if form.vars.wipe:
db.t_hosts.truncate(mode="CASCADE")
db.t_services.truncate(mode="CASCADE")
db.t_os.truncate(mode="CASCADE")
db.t_host_os_refs.truncate(mode="CASCADE")
db.t_apps.truncate(mode="CASCADE")
db.t_services_apps_refs.truncate(mode="CASCADE")
db.t_service_vulns.truncate(mode="CASCADE")
db.t_service_info.truncate(mode="CASCADE")
db.t_accounts.truncate(mode="CASCADE")
db.t_host_notes.truncate(mode="CASCADE")
db.t_evidence.truncate(mode="CASCADE")
db.t_snmp.truncate(mode="CASCADE")
db.commit()
if form.vars.file:
fname = form.vars.file
elif form.vars.upload:
fname = form.vars.upload
if fname.endswith(".gz"):
import gzip
fobj = gzip.open(fname, "rb")
else:
fobj = open(fname, "rb")
db.import_from_csv_file(fobj)
elif form.errors:
response.flash = "Error in form"
os.chdir(request.folder)
return dict(form=form, backup_dir=backup_dir)
开发者ID:001001,项目名称:Kvasir,代码行数:57,代码来源:default.py
示例4: do_screenshot
def do_screenshot(services=None):
"""
Grab a screenshot and import it to the evidence db.
"""
try:
from pydal.objects import Row
except ImportError:
from gluon.dal import Row
from gluon import current
import os
from skaldship.general import check_datadir
from multiprocessing import Process
db = current.globalenv['db']
settings = current.globalenv['settings']
if isinstance(services, int):
services = [services]
service_rows = []
if isinstance(services, list):
for svc in services:
service_rows.append(db.t_services[svc])
if isinstance(services, Row):
service_rows = [services]
good_count = 0
invalid_count = 0
for svc_rec in service_rows:
if not isinstance(svc_rec, Row):
invalid_count += 1
continue
ipaddr = svc_rec.f_hosts_id.f_ipaddr
port = svc_rec.f_number
check_datadir(current.globalenv['request'].folder)
folder = os.path.join(current.globalenv['request'].folder, "data/screenshots")
filename = "%s-%st-vnc_screenshot.png" % (ipaddr.replace(':', '_'), port)
res = grab_screenshot(ipaddr, port, os.path.join(folder, filename))
if res[0]:
query = (db.t_evidence.f_hosts_id == svc_rec.f_hosts_id) & (db.t_evidence.f_filename == filename)
db.t_evidence.update_or_insert(
query, f_filename=filename, f_hosts_id=svc_rec.f_hosts_id, f_data=res[1],
f_evidence=filename, f_type="Screenshot", f_text="VNC Screenshot - %s:%s" % (ipaddr, port))
db.commit()
print(" [-] VNC screenshot obtained: %s:%s" % (ipaddr, port))
good_count += 1
else:
print(" [!] VNC screenshot failed: %s:%s" % (ipaddr, port))
invalid_count += 1
return [good_count, invalid_count]
开发者ID:KvasirSecurity,项目名称:Kvasir,代码行数:56,代码来源:vncscreenshot.py
示例5: update_hashes_by_file
def update_hashes_by_file():
"""
Upload and parse a list of cracked hashes
Supporting password file formats:
JTR PWDUMP
JTR Shadow
Hash:Password
Password:Hash
"""
import os
from skaldship.general import check_datadir
check_datadir(request.folder)
if request.extension == "load":
buttons = []
else:
buttons = ["submit"]
pw_set = ("JTR PWDUMP", "JTR Shadow", "Hash:Password", "Password:Hash")
form = SQLFORM.factory(
Field(
"f_filename",
"upload",
uploadfolder=os.path.join(request.folder, settings.password_upload_dir),
label=T("Password file"),
),
Field("f_type", "string", label=T("File type"), default="PWDUMP", requires=IS_IN_SET(pw_set)),
Field("f_message", "string", label=T("Message to add")),
buttons=buttons,
_action=URL("accounts", "update_hashes_by_file"),
_id="accounts_update_hashes_by_file",
)
resp_text = ""
accounts_added = []
accounts_updated = []
if request.vars.f_filename is not None:
orig_filename = request.vars.f_filename.filename
if form.errors:
response.flash = "Error in form"
return TABLE(*[TR(k, v) for k, v in form.errors.items()])
elif form.accepts(request.vars, session):
filename = os.path.join(request.folder, settings.password_upload_dir, form.vars.f_filename)
logger.info("Processing password file: %s" % (filename))
resp_text = process_cracked_file(
pw_file=filename, file_type=request.vars.f_type, message=request.vars.f_message
)
response.title = "%s :: Update Password Hashes by File" % (settings.title)
if request.extension == "json":
return dict()
else:
return dict(form=form, resp_text=resp_text)
开发者ID:kimdane,项目名称:Kvasir,代码行数:55,代码来源:accounts.py
示例6: database_backup
def database_backup():
"""
Export/backup database in CSV format
"""
response.title = "%s :: Database CSV Backup" % (settings.title)
import os
import gzip
from datetime import datetime
backup_dir = os.path.join(request.folder, "data/backups")
form = SQLFORM.factory(
Field("download", type="boolean", default=True, label=T("Download")),
Field("gzip", type="boolean", default=True, label=T("GZip Compress")),
)
if form.process().accepted:
fname = "kvasir-%s-%s-%s" % (
settings.customer,
settings.assesment_type,
datetime.now().strftime("%m%d%y-%H%M%S"),
)
fname = "".join([x if x.isalnum() else "_" for x in fname])
if form.vars.download:
# generate csv and download
s = StringIO.StringIO()
db.export_to_csv_file(s)
response.headers["Content-Type"] = "text/csv"
if form.vars.gzip:
gz_s = StringIO.StringIO()
response.headers["Content-Disposition"] = 'attachment; filename="%s.gz"' % fname
gz = gzip.GzipFile(filename="temp.gz", mode="wb", fileobj=gz_s)
gz.write(s.getvalue())
gz.close()
return gz_s.getvalue()
else:
response.headers["Content-Disposition"] = 'attachment; filename="%s"' % fname
return s.getvalue()
else:
# generate csv and store locally
from skaldship.general import check_datadir
check_datadir(request.folder)
tmpfile = os.path.join(request.folder, "data/backups", fname)
if form.vars.gzip:
fobj = gzip.open(tmpfile + ".gz", "wb")
else:
fobj = open(tmpfile, "wb")
db.export_to_csv_file(fobj)
return redirect(URL("default", "data_dir/backups"))
elif form.errors:
response.flash = "Error in form"
return dict(form=form, backup_dir=backup_dir)
开发者ID:001001,项目名称:Kvasir,代码行数:53,代码来源:default.py
示例7: import_mass_password
def import_mass_password():
"""
Process a mass run of medusa/hydra.. result file will have IP addresses, service and info
"""
if request.extension == "load":
buttons=[]
else:
buttons=['submit']
from skaldship.general import check_datadir
check_datadir(request.folder)
form=SQLFORM.factory(
Field('f_filename', 'upload', uploadfolder=os.path.join(request.folder, settings.password_upload_dir),
label=T('Password file'), requires=IS_NOT_EMPTY(error_message=T('Filename required'))),
Field('f_ftype', 'string', label=T('File Type'), default="Medusa",
requires=IS_IN_SET(('Medusa', 'Hydra', 'Metasploit Creds CSV'))),
Field('f_proto', 'string', label=T('Protocol'), default='tcp', requires=IS_IN_SET(('tcp', 'udp', 'info'))),
Field('f_number', 'integer', label=T('Port Number'), requires=IS_INT_IN_RANGE(0, 65536)),
Field('f_message', 'string', label=T('Message to add')),
Field('f_add_hosts', 'boolean', label=T('Add Hosts'), comment=T('Add missing hosts to the database')),
buttons=buttons, _action=URL('accounts', 'import_mass_password'), _id='import_mass_password',
)
if form.errors:
response.flash = 'Error in form'
return TABLE(*[TR(k, v) for k, v in form.errors.items()])
elif form.accepts(request.vars, session):
if request.vars.f_filename is not None:
orig_filename = request.vars.f_filename.filename
filename = os.path.join(request.folder, settings.password_upload_dir, form.vars.f_filename)
logger.info("Processing password file: %s" % (filename))
resp_text = process_mass_password(
pw_file=filename,
pw_type=request.vars.f_ftype,
message=request.vars.f_message,
proto=request.vars.f_proto,
portnum=request.vars.f_number,
add_hosts=request.vars.f_add_hosts,
user_id=auth.user.id,
)
response.flash = resp_text
response.title = "%s :: Import Mass Password File" % (settings.title)
if request.extension == "json":
return dict()
else:
return dict(form=form)
开发者ID:KvasirSecurity,项目名称:Kvasir,代码行数:48,代码来源:accounts.py
示例8: import_scan
def import_scan():
"""
Upload/import hping Scan file via scheduler task
"""
import time
from skaldship.general import check_datadir
filedir = os.path.join(request.folder,'data','scanfiles')
check_datadir(request.folder)
response.title = "%s :: Import hping Scan Results" % (settings.title)
fields = []
# buld the dropdown user list
users = db(db.auth_user).select()
userlist = []
for user in users:
userlist.append( [ user.id, user.username ] )
fields.append(Field('f_filename', 'upload', uploadfolder=filedir, label=T('hping File')))
fields.append(Field('f_engineer', type='integer', label=T('Engineer'), default=auth.user.id, requires=IS_IN_SET(userlist)))
fields.append(Field('f_asset_group', type='string', label=T('Asset Group'), requires=IS_NOT_EMPTY()))
form = SQLFORM.factory(*fields, table_name='hping')
if form.errors:
response.flash = 'Error in form'
elif form.accepts(request.vars, session):
# process a hping file
filename = form.vars.f_filename
filename = os.path.join(filedir, form.vars.f_filename)
from skaldship.hping import process_file
print("Starting hping Import")
process_file(
filename=filename,
asset_group=form.vars.f_asset_group,
engineer=form.vars.f_engineer,
)
response.flash = "hping upload complete"
redirect(URL('default', 'index'))
return dict(form=form)
开发者ID:KvasirSecurity,项目名称:Kvasir,代码行数:42,代码来源:hping.py
示例9: update_hashes_by_file
def update_hashes_by_file():
"""
Upload and parse a list of cracked hashes
Supporting password file formats:
JTR PWDUMP
JTR Shadow
Hash:Password
Password:Hash
"""
import os
from skaldship.general import check_datadir
check_datadir(request.folder)
if request.extension == "load":
buttons=[]
else:
buttons=['submit']
pw_set = ('JTR PWDUMP', 'JTR Shadow', 'Hash:Password', 'Password:Hash')
form = SQLFORM.factory(
Field('f_filename', 'upload', uploadfolder=os.path.join(request.folder, settings.password_upload_dir), label=T('Password file')),
Field('f_type', 'string', label=T('File type'), default='PWDUMP', requires=IS_IN_SET(pw_set)),
Field('f_message', 'string', label=T('Message to add')),
buttons=buttons, _action=URL('accounts', 'update_hashes_by_file'), _id='accounts_update_hashes_by_file',
)
if form.errors:
response.flash = 'Error in form'
return TABLE(*[TR(k, v) for k, v in form.errors.items()])
elif form.accepts(request.vars, session):
filename = os.path.join(request.folder, settings.password_upload_dir, form.vars.f_filename)
logger.info("Processing password file: %s" % (filename))
response.flash = process_cracked_file(
pw_file=filename, file_type=request.vars.f_type, message=request.vars.f_message
)
response.title = "%s :: Update Password Hashes by File" % (settings.title)
return dict(form=form)
开发者ID:KvasirSecurity,项目名称:Kvasir,代码行数:39,代码来源:accounts.py
示例10: paste
def paste():
"""
Import and parse password pasted to a textbox into t_accounts
"""
from skaldship.general import check_datadir
check_datadir(request.folder)
# Service_id is primary, host_id is secondary, if none then list
# all the services
svc_set = []
url=URL('accounts', 'paste')
if request.vars.has_key('service_id'):
try:
record = db.t_services[request.vars.service_id]
svc_set.append((record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number)))
url = URL('accounts', 'paste', vars={'service_id':request.vars.service_id})
except:
pass
elif request.vars.has_key('host_id'):
try:
host_record = get_host_record(request.vars.host_id)
svc_records = db(db.t_services.f_hosts_id == host_record.id).select(cache=(cache.ram, 30))
url = URL('accounts', 'paste', vars={'host_id':request.vars.host_id})
for record in svc_records:
svc_set.append((record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number)))
except:
pass
if len(svc_set) == 0:
# all services
svc_records = db(db.t_services).select(cache=(cache.ram,30))
svc_set = []
for record in svc_records:
svc_set.append((record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number)))
if request.extension == "load":
buttons=[]
else:
buttons=['submit']
form = SQLFORM.factory(
Field('f_service', 'string', label=T('Host / Service'), requires=IS_IN_SET(svc_set), default=svc_set[0][0]),
Field('f_pwtext', 'text', label=T('Password text')),
Field('f_type', 'string', label=T('File type'), default='PWDUMP', requires=IS_IN_SET(settings.password_file_types)),
Field('f_source', 'string', label=T('Source (if necessary)')),
Field('f_add_to_evidence', 'boolean', label=T('Add file to Evidence')),
buttons=buttons, _action=url, _id='accounts_paste_form'
#_action=url, _id='accounts_paste_form', formstyle='bootstrap_modal'
)
resp_text = ""
accounts_added = []
accounts_updated = []
if form.errors:
response.flash = 'Error in form'
return TABLE(*[TR(k, v) for k, v in form.errors.items()])
elif form.accepts(request.vars, session):
from gluon.utils import web2py_uuid
host_id = db.t_services[form.vars.f_service].f_hosts_id
pwd_file_dir = os.path.join(request.folder, 'data', 'passwords', 'other')
if not os.path.exists(pwd_file_dir):
from gluon.fileutils import mktree
mktree(pwd_file_dir)
filename = "%s-pwfile-%s" % (host_id, web2py_uuid())
full_file_path = os.path.join(request.folder, 'data/passwords/other', filename)
of = open(full_file_path, "w")
of.write(form.vars.f_pwtext)
of.close()
logger.debug("Processing password file: %s" % (full_file_path))
account_data = process_password_file(pw_file=full_file_path, file_type=request.vars.f_type, source=request.vars.f_source)
response.headers['web2py-component-command'] = 'accounttable.fnReloadAjax();'
resp_text = insert_or_update_acct(form.vars.f_service, account_data)
if form.vars.f_add_to_evidence is True:
# add the password file to evidence
try:
pwdata = open(full_file_path, "r").readlines()
except Exception, e:
logger.error("Error opening %s: %s" % (full_file_path, e))
resp_text += "Error opening %s: %s\n" % (full_file_path, e)
db.t_evidence.insert( f_hosts_id = host_id,
f_type = 'Password File',
f_text = form.vars.f_type,
f_filename = filename,
f_evidence = filename,
f_data = pwdata)
resp_text += "\n%s added to evidence\n" % (filename)
db.commit()
开发者ID:KvasirSecurity,项目名称:Kvasir,代码行数:90,代码来源:accounts.py
示例11: import_file
def import_file():
"""
Import and parse password file into t_accounts
"""
import os
from skaldship.general import check_datadir
check_datadir(request.folder)
# Service_id is primary, host_id is secondary, if none then list
# all the services
svc_set = []
url=URL('accounts', 'import_file')
if request.vars.has_key('service_id'):
try:
record = db.t_services[request.vars.service_id]
svc_set.append((record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number)))
url = URL('accounts', 'import_file', vars={'service_id':request.vars.service_id})
except:
pass
elif request.vars.has_key('host_id'):
try:
host_record = get_host_record(request.vars.host_id)
svc_records = db(db.t_services.f_hosts_id == host_record.id).select(cache=(cache.ram, 30))
url = URL('accounts', 'import_file', vars={'host_id':request.vars.host_id})
for record in svc_records:
svc_set.append((record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number)))
except:
pass
if len(svc_set) == 0:
# all services
svc_records = db(db.t_services).select(cache=(cache.ram,30))
svc_set = []
for record in svc_records:
svc_set.append((record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number)))
if request.extension == "load":
buttons=[]
else:
buttons=['submit']
form = SQLFORM.factory(
Field('f_service', 'string', label=T('Host / Service'), requires=IS_IN_SET(svc_set), default=svc_set[0][0]),
Field('f_filename', 'upload', uploadfolder=os.path.join(request.folder, settings.password_upload_dir), label=T('Password file')),
Field('f_type', 'string', label=T('File type'), default='PWDUMP', requires=IS_IN_SET(settings.password_file_types)),
Field('f_source', 'string', label=T('Source (if necessary)')),
Field('f_add_to_evidence', 'boolean', label=T('Add Evidence')),
Field('f_taskit', type='boolean', default=True, label=T('Run in background task')),
buttons=buttons, _action=url, _id='accounts_import_form'
)
resp_text = ""
accounts_added = []
accounts_updated = []
if form.errors:
response.flash = 'Error in form'
return TABLE(*[TR(k, v) for k, v in form.errors.items()])
elif form.accepts(request.vars, session):
if form.vars.f_filename is not None:
orig_filename = request.vars.f_filename.filename
filename = os.path.join(request.folder, settings.password_upload_dir, form.vars.f_filename)
if form.vars.f_taskit:
task = scheduler.queue_task(
accounts_import_file,
pvars=dict(
filename=filename,
service=form.vars.f_service,
f_type=form.vars.f_type,
f_source=form.vars.f_source
),
group_name=settings.scheduler_group_name,
sync_output=5,
timeout=settings.scheduler_timeout
)
if task.id:
resp_text = "Submitted file for processing: %s" % (A("task " + str(task.id), _href=URL(c='tasks', f='status', args=task.id)).xml())
else:
resp_text = "Error submitting job: %s" % (task.errors)
else:
logger.info("Processing password file: %s" % (filename))
account_data = process_password_file(
pw_file=filename,
file_type=request.vars.f_type,
source=request.vars.f_source
)
resp_text = insert_or_update_acct(form.vars.f_service, account_data)
logger.info(resp_text)
if form.vars.f_add_to_evidence is True:
# add the password file to evidence
try:
pwdata = open(filename, "r").readlines()
except Exception, e:
logger.error("Error opening %s: %s" % (filename, e))
db.t_evidence.insert( f_hosts_id = db.t_services[form.vars.f_service].f_hosts_id,
f_type = 'Password File',
f_text = form.vars.f_type,
f_filename = orig_filename,
f_evidence = form.vars.f_filename,
#.........这里部分代码省略.........
开发者ID:KvasirSecurity,项目名称:Kvasir,代码行数:101,代码来源:accounts.py
示例12: Report
response.flash = "Error in form"
elif form.accepts(request.vars, session):
# process a nexpose file
if not nxsitelist:
nexpose_site = "0"
else:
nexpose_site = form.vars.f_nexpose_site
if nexpose_site != "0":
report = Report()
report.host = nexpose_config["host"]
report.port = nexpose_config["port"]
nx_loggedin = report.login(user_id=nexpose_config["user"], password=nexpose_config["password"])
if nx_loggedin:
# have nexpose generate the adhoc report
check_datadir(request.folder)
filename = os.path.join(filedir, "%s-%s.xml" % (form.vars.f_asset_group, int(time.time())))
fout = open(filename, "w")
fout.write(report.adhoc_generate(filterid=nexpose_site))
fout.close()
else:
response.flash = "Unable to login to Nexpose"
return dict(form=form)
else:
filename = form.vars.f_filename
filename = os.path.join(filedir, form.vars.f_filename)
# build the hosts only/exclude list
ip_exclude = []
data = form.vars.get("f_ignore_list")
if data:
开发者ID:nullbind,项目名称:Kvasir,代码行数:31,代码来源:nexpose.py
示例13: launch_terminal
def launch_terminal(record=None, launch_cmd=None):
"""
Opens a terminal on the Web Server. This only works if the
web2py server is running on the user's workstation.
The command to execute is stored in the user's settings db
under auth_user.f_launch_cmd. Variables translated:
_IP_ -- The current IP Address (v4 by default, v6 if exists)
_LOGFILE_ -- Session logfile name (we prepend the path)
If an IPv6 address is used then ':' is changed to '_'
Example:
xterm -sb -sl 1500 -vb -T 'manual hacking: _IP_' -n 'manual hacking: _IP_' -e script _LOGFILE_
"""
record = get_host_record(record)
# only execute launch on requests from localhost!
if request.env['remote_addr'] != '127.0.0.1':
logger.error("Can only launch from localhost! remote_addr = %s" % (request.env['remote_addr']))
return "Can only launch from localhost"
if record is None:
return "No record found"
import string, os, subprocess
import time
from gluon.validators import IS_IPADDRESS
# if no launch command use the default
if not launch_cmd:
launch_cmd = "xterm -sb -sl 1500 -vb -T 'manual hacking: _IP_' -n 'manual hacking: _IP_' -e 'script _LOGFILE_'"
# check ip address
ip = record.f_ipaddr
logip = ip
if IS_IPADDRESS(is_ipv6=True)(ip)[0] == None:
logip = ip.replace(":", "_")
logdir = "session-logs"
logfilename = "%s-%s.log" % (logip, time.strftime("%Y%m%d%H%M%S", time.localtime(time.time())))
logfile = os.path.join(logdir, logfilename)
launch_cmd = launch_cmd.replace("_IP_", ip)
launch_cmd = launch_cmd.replace("_LOGFILE_", logfile)
from skaldship.general import check_datadir
# Check to see if data directories exist, create otherwise
check_datadir(request.folder)
datadir = os.path.join(os.getcwd(), request.folder, "data")
# chdir to datadir!
launch_cmd = launch_cmd.replace("_DATADIR_", datadir)
os.chdir(datadir)
# set environment variables
os.environ['IP'] = ip
os.environ['HOSTNAME'] = record.f_hostname or ""
os.environ['DATADIR'] = datadir
try:
logger.info("Spawning: %s\n" % (launch_cmd))
print("Spawning: %s" % (launch_cmd))
subprocess.Popen(launch_cmd, shell=True)#, stdout=None, stdin=None, stderr=None)
except Exception, e:
logger.error("Error spawning launch cmd (%s): %s\n" % (launch_cmd, e))
print("Error spawning launch cmd (%s): %s\n" % (launch_cmd, e))
开发者ID:KvasirSecurity,项目名称:Kvasir,代码行数:69,代码来源:scheduler.py
示例14: import_xml_scan
def import_xml_scan():
"""
Upload/import Nmap XML Scan file via scheduler task
"""
import time
from skaldship.general import check_datadir
from skaldship.metasploit import msf_get_config
msf_settings = msf_get_config(session)
try:
# check to see if we have a Metasploit RPC instance configured and talking
from MetasploitProAPI import MetasploitProAPI
msf_api = MetasploitProAPI(host=msf_settings['url'], apikey=msf_settings['key'])
working_msf_api = msf_api.login()
except:
working_msf_api = False
filedir = os.path.join(request.folder,'data','scanfiles')
check_datadir(request.folder)
response.title = "%s :: Import Nmap XML Scan Results" % (settings.title)
fields = []
# buld the dropdown user list
users = db(db.auth_user).select()
userlist = []
for user in users:
userlist.append( [ user.id, user.username ] )
fields.append(Field('f_filename', 'upload', uploadfolder=filedir, label=T('Nmap XML File')))
fields.append(Field('f_engineer', type='integer', label=T('Engineer'), default=auth.user.id, requires=IS_IN_SET(userlist)))
fields.append(Field('f_asset_group', type='string', label=T('Asset Group'), requires=IS_NOT_EMPTY()))
# If Metasploit available, pull a list of the workspaces and present them
if working_msf_api:
msf_workspaces = []
msf_workspaces.append( "None" )
for w in msf_api.pro_workspaces().keys():
msf_workspaces.append(w)
fields.append(Field('f_msf_workspace', type='string', label=T('MSF Pro Workspace'), requires=IS_EMPTY_OR(IS_IN_SET(msf_workspaces, zero=None))))
fields.append(Field('f_addnoports', type='boolean', label=T('Add Hosts w/o Ports'), default=False))
fields.append(Field('f_include_list', type='text', label=T('Hosts to Only Include')))
fields.append(Field('f_ignore_list', type='text', label=T('Hosts to Ignore')))
fields.append(Field('f_update_hosts', type='boolean', label=T('Update Host Information'), default=False))
fields.append(Field('f_taskit', type='boolean', default=auth.user.f_scheduler_tasks, label=T('Run in background task')))
form = SQLFORM.factory(*fields, table_name='nmap_xml')
if form.errors:
response.flash = 'Error in form'
elif form.accepts(request.vars, session):
# process a nmap file
filename = os.path.join(filedir, form.vars.f_filename)
# build the hosts only/exclude list
ip_exclude = []
data = form.vars.get('f_ignore_list')
if data:
ip_exclude = data.split('\r\n')
# TODO: check for ip subnet/range and break it out to individuals
ip_include = []
data = form.vars.get('f_include_list')
if data:
ip_include = data.split('\r\n')
# TODO: check for ip subnet/range and break it out to individuals
if form.vars.f_msf_workspace:
msf_workspace = form.vars.f_msf_workspace
if msf_workspace == "None":
msf_workspace = None
else:
msf_workspace = None
msf_settings = {'workspace': msf_workspace, 'url': msf_settings['url'], 'key': msf_settings['key']}
if form.vars.f_taskit:
task = scheduler.queue_task(
scanner_import,
pvars=dict(
scanner='nmap',
filename=filename,
addnoports=form.vars.f_addnoports,
asset_group=form.vars.f_asset_group,
engineer=form.vars.f_engineer,
msf_settings=msf_settings,
ip_ignore_list=ip_exclude,
ip_include_list=ip_include,
update_hosts=form.vars.f_update_hosts,
),
group_name=settings.scheduler_group_name,
sync_output=5,
timeout=settings.scheduler_timeout
)
if task.id:
redirect(URL('tasks', 'status', args=task.id))
else:
response.flash = "Error submitting job: %s" % (task.errors)
else:
from skaldship.nmap import process_xml
print("Starting Nmap XML Import")
process_xml(
#.........这里部分代码省略.........
开发者ID:caoimhinp,项目名称:Kvasir,代码行数:101,代码来源:nmap.py
示例15: nmap_scan
def nmap_scan():
"""
Run nmap scan and hand file over to parser
"""
from skaldship.general import check_datadir
import time
import os
response.title = "%s :: Run Nmap Scan" % (settings.title)
scan_profiles = {
'Ping Scan': ["-sn"],
'Intense Scan': ["-T4", "-A", "-v"],
'Intense Scan (All TCP Ports)': ["-p", "1-65535", "-T4", "-A", "-v"],
'Intense Scan (No Ping)': ["-T4", "-A", "-v", "-Pn"],
'Quick Scan': ["-T4", "-F"],
'Quick Scan Plus': ["-sV", "-T4", "-O", "-F", "--version-light"],
'Slow Comprehensive Scan': ["-sS", "-sU", "-T4", "-A", "-v", "-PE", "-PP", "-PS80,443", "-PA3389", "-PU40125", "-PY", "-g 53", "--script", "default"]
}
fields = []
# buld the dropdown user list
users = db(db.auth_user).select()
userlist = []
for user in users:
userlist.append( [ user.id, user.username ] )
fields.append(Field('f_engineer', type='integer', label=T('Engineer'), default=auth.user.id, requires=IS_IN_SET(userlist)))
fields.append(Field('f_asset_group', type='string', label=T('Asset Group'), requires=IS_NOT_EMPTY()))
fields.append(Field('f_scan_profile', label=T('Scan Profile'),
requires=IS_EMPTY_OR(IS_IN_SET(sorted(scan_profiles.keys()), zero=None))))
fields.append(Field('f_scan_options', type='string', label=T('Scan Options')))
fields.append(Field('f_target_list', type='text', label=T('Scan Targets')))
fields.append(Field('f_blacklist', type='text', label=T('Blacklist')))
fields.append(Field('f_addnoports', type='boolean', label=T('Add Hosts w/o Ports'), default=False))
fields.append(Field('f_update_hosts', type='boolean', label=T('Update Host Information'), default=False))
form = SQLFORM.factory(*fields, table_name='nmap_scan')
if form.errors:
response.flash = 'Error in form'
elif form.accepts(request.vars, session):
# process a nmap scan
# build the hosts only/exclude list
ip_blacklist = []
data = form.vars.get('f_blacklist')
if data:
ip_blacklist = data.split('\r\n')
# TODO: check for ip subnet/range and break it out to individuals
ip_targets = []
data = form.vars.get('f_target_list')
if data:
ip_targets = data.split('\r\n')
# TODO: check for ip subnet/range and break it out to individuals
if form.vars.f_scan_options:
scan_options = form.vars.f_scan_options.split(' ')
else:
scan_options = scan_profiles[form.vars.f_scan_profile]
check_datadir(request.folder)
filename = "nmap-%s-%s.xml" % (form.vars.f_asset_group, int(time.time()))
filedir = os.path.join(request.folder, 'data', 'scanfiles', filename)
scan_options.extend(['--stats-every', '5s', '-oX', filedir])
task = scheduler.queue_task(
run_scanner,
pvars=dict(
scanner='nmap',
asset_group=form.vars.f_asset_group,
engineer=form.vars.f_engineer,
target_list=ip_targets,
blacklist=ip_blacklist,
scan_options=scan_options,
addnoports=form.vars.f_addnoports,
update_hosts=form.vars.f_update_hosts,
),
group_name=settings.scheduler_group_name,
sync_output=5,
timeout=settings.scheduler_timeout
)
if task.id:
redirect(URL('tasks', 'status', args=task.id))
else:
response.flash = "Error submitting job: %s" % (task.errors)
return dict(form=form)
开发者ID:caoimhinp,项目名称:Kvasir,代码行数:88,代码来源:nmap.py
注:本文中的skaldship.general.check_datadir函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论