Configuration parsing from JSON config file. Using Ubuntu 18.04 base image.

Squashed commit of the following: commit bccedf5c278490f6befcb0f4f37db7e588f6901d Author: Anže Žitnik <anze.zitnik@xlab.si> Date: Tue Feb 18 12:42:54 2020 +0100 CI... commit 5a7f5b4e03fd857683aa110da4f4d31c2fee03a5 Author: Anže Žitnik <anze.zitnik@xlab.si> Date: Tue Feb 18 12:36:57 2020 +0100 CI... commit 39f9ec5bd410280afb2e856a44ce5ac5b390668d Author: Anže Žitnik <anze.zitnik@xlab.si> Date: Tue Feb 18 10:41:58 2020 +0100 CI... commit cf807354e8a65d7ca2c5af7c73c16ae1b04c6f0e Author: Anže Žitnik <anze.zitnik@xlab.si> Date: Tue Feb 18 10:22:59 2020 +0100 CI... commit a44ccefa3d2bb34016db540c3728375437f4f043 Author: Anže Žitnik <anze.zitnik@xlab.si> Date: Tue Feb 18 10:19:20 2020 +0100 CI... commit 7fd21692f7f3629c94b8e7c4ff495a9740984439 Author: Anže Žitnik <anze.zitnik@xlab.si> Date: Tue Feb 18 10:17:54 2020 +0100 CI... commit 8fdec3c7db52bf7b00f33de350df975a23496701 Author: Anže Žitnik <anze.zitnik@xlab.si> Date: Tue Feb 18 10:14:32 2020 +0100 CI... commit e2ed633df6ec245edd62b7c6fb049730abe25db7 Author: Anže Žitnik <anze.zitnik@xlab.si> Date: Fri Feb 14 19:00:43 2020 +0100 CI test update commit 650c02745260ed1e6f434aea8ab1d0d89cc648f7 Author: Anže Žitnik <anze.zitnik@xlab.si> Date: Fri Feb 14 18:57:47 2020 +0100 CI test update commit a3f71bb2f249479dad74b1b6596399699c09ed4f Author: Anže Žitnik <anze.zitnik@xlab.si> Date: Fri Feb 14 18:43:20 2020 +0100 CI test update commit 9a85e5b849eb99a6e8811c859bfe6458f2c1aea0 Author: Anže Žitnik <anze.zitnik@xlab.si> Date: Fri Feb 14 18:31:29 2020 +0100 Configuration parsing from JSON config file. Using Ubuntu 18.04 base image.

Configuration parsing from JSON config file. Using Ubuntu 18.04 base image.
708829a0 · Zitnik, Anze · 6fa2c721 · 708829a0 · 708829a0 · 708829a0
Commit 708829a0 authored 5 years ago by Zitnik, Anze
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -16,10 +16,15 @@ build:
 test:
    stage: test
    script:
-    - docker run -e "TARGET=http://10.10.43.182" -v /tmp/:/mnt/output registry-gitlab.xlab.si/cyberwiser/$SERVICE:$VERSION
+    - docker network create test-genscan
+    - docker run --rm -d --network=test-genscan --name dvwa vulnerables/web-dvwa
+    - cp "${CI_PROJECT_DIR}/config-example.json" /tmp
+    - docker run --rm --network=test-genscan -v /tmp/config-example.json:/root/config.json:ro -v /tmp/:/mnt/output registry-gitlab.xlab.si/cyberwiser/$SERVICE:$VERSION
    - grep -q "W3af" /tmp/genscan-out.json
    - grep -q "OWASP ZAP" /tmp/genscan-out.json
    after_script:
+    - docker kill dvwa || docker network rm test-genscan
+    - docker network rm test-genscan
    - rm /tmp/genscan-out.json

 push:

--- a/Dockerfile
+++ b/Dockerfile
-FROM ubuntu:16.04
+FROM ubuntu:18.04

-COPY install.sh zap-plugin.patch w3af-plugin.patch w3af_output_fix.patch w3af-lz4.patch cscan-config.py run-cscan.sh requirements.txt /tmp/
+COPY install.sh zap-plugin.patch w3af-plugin.patch w3af_output_fix.patch w3af-lz4.patch cscan-config.py run-cscan.sh requirements.txt configure.py /tmp/
 COPY wiser-wcs-reports /root/wiser-wcs-reports/

 RUN chmod +x /tmp/install.sh /tmp/run-cscan.sh && \

--- a/MANIFEST
+++ b/MANIFEST
-VERSION=v1.0.5
+VERSION=v1.1.0
 SERVICE=vat-genscan

--- a/Makefile
+++ b/Makefile
@@ -5,7 +5,7 @@
 SERVICE = $(shell grep SERVICE MANIFEST | cut -d '=' -f2)
 VERSION = $(shell grep VERSION MANIFEST | cut -d '=' -f2)

-TARGET ?= http://10.10.43.182
+CONFIG ?= $(shell pwd)/config-example.json

 TEST_DIR = /tmp/test-$(SERVICE)-$(VERSION)-$(shell date +%s)/

@@ -13,15 +13,19 @@ build:
 	docker build -t registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION) .

 test:
+	docker network create test-genscan
+	docker run --rm -d --network=test-genscan --name dvwa vulnerables/web-dvwa
 	mkdir $(TEST_DIR)
-	docker run -e "TARGET=$(TARGET)" -v $(TEST_DIR):/mnt/output/ registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
+	docker run --rm --network=test-genscan -v $(CONFIG):/root/config.json -v $(TEST_DIR):/mnt/output/ registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
+	docker kill dvwa
+	docker network rm test-genscan
 	grep -q "W3af" $(TEST_DIR)genscan-out.json
 	grep -q "OWASP ZAP" $(TEST_DIR)genscan-out.json

 start:
 ifdef OUTPUT_DIR
-	docker run -e "TARGET=$(TARGET)" -v $(OUTPUT_DIR):/mnt/output/ registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
+	docker run -v $(CONFIG):/root/config.json -v $(OUTPUT_DIR):/mnt/output/ registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
 else
-	docker run -e "TARGET=$(TARGET)" registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
+	docker run -v $(CONFIG):/root/config.json registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
 endif

--- a/README.md
+++ b/README.md
@@ -4,7 +4,8 @@ Currently supports only basic (fast) scans without any configuration.
 ### Usage:
 Build: `make build`

-Run `vat-genscan` Docker image and pass target URL as `TARGET` environment variable.  
+Run `vat-genscan` Docker image and pass configuration in JSON file, mounted as `/root/config.json`.
+
 If a directory is mounted to `/mnt/output`, genscan copies the JSON output file to `/mnt/output/genscan-out.json.  
 If output directory is not mounted, JSON output is sent to stdout (last line).  

@@ -13,9 +14,36 @@ Example:
 also `make TARGET="http://10.10.43.182" OUTPUT_DIR="/tmp/genscan-out/" start`  
 or `make start` (default TARGET=http://10.10.43.182, OUTPUT_DIR none).

+### Configuration:
+Supported scanners and their profiles:
+
+* `w3af`
+	* `fast_scan`: no parameters
+* `zap`
+	* `basic`: no parameters
+
+Example JSON config file:
+
+```
+{
+    "target": {
+        "url": "https://172.17.0.1/webapp/path/",
+        "ip": "172.17.0.1"
+    },
+    "config": {
+        "w3af": {
+            "profile": "fast_scan"
+        },
+        "zap": {
+            "profile": "basic"
+        }
+    }
+}
+```

 ### TODOs and FIXMEs:

+* use latest w3af and zap (now fetching static, old commits)
 * use cscan from Faraday repo (newer?)
 * include some configuration options (at least authenticated scans for w3af)


--- a/config-example.json
+++ b/config-example.json
+{
+    "target": {
+        "url": "http://dvwa/"
+    },
+    "config": {
+        "w3af": {
+            "profile": "fast_scan"
+        },
+        "zap": {
+            "profile": "basic"
+        }
+    }
+}
--- a/configure.py
+++ b/configure.py
+import os
+import json
+
+'''
+Supported scanners:
+    - w3af
+'''
+
+
+def main():
+    with open("/root/config.json", "r") as f_conf:
+        config = json.load(f_conf)
+
+    # configure cscan target
+    target = config["target"]
+    if "url" in target:
+        f_t = open("/root/cscan/websites.txt", "w")
+        f_t.write(target["url"])
+        f_t.write(os.linesep)
+        f_t.close()
+    if "ip" in target:
+        f_t = open("/root/cscan/ips.txt", "w")
+        f_t.write(target["ip"])
+        f_t.write(os.linesep)
+        f_t.close()
+
+    # configure scanners
+    cscan_config = {}
+    for scanner in config["config"]:
+        profile = config["config"][scanner]["profile"]
+        if scanner == "w3af":
+            cscan_config["CS_W3AF"] = "/root/w3af/w3af_api"
+            if profile == "fast_scan":
+                cscan_config["CS_W3AF_PROFILE"] = "/root/w3af/profiles/fast_scan.pw3af"
+            else:
+                raise UnsupportedProfileException()
+            # params = config["config"][scanner]["parameters"]
+        elif scanner == "zap":
+            cscan_config["CS_ZAP"] = "/root/ZAP_2.7.0/zap.sh"
+            if profile != "basic":
+                raise UnsupportedProfileException()
+        else:
+            raise UnsupportedScannerException()
+    
+    with open("/root/cscan/config.py", "w") as f_csconf:
+        f_csconf.write("config = %s\n" % cscan_config)
+
+class UnsupportedProfileException(Exception):
+    pass
+
+class UnsupportedScannerException(Exception):
+    pass
+
+if __name__ == "__main__":
+    main()
--- a/install.sh
+++ b/install.sh
@@ -15,7 +15,6 @@ pip install -r /tmp/requirements.txt &&
 pip install git+git://github.com/hay/xml2json.git@3a674efad91e0f1e978babc41a72f297d5e5144b &&
 #node and retire
 apt install -y npm &&
-ln -s /usr/bin/nodejs /usr/bin/node &&
 npm install -g retire &&
 #W3AF
 apt install -y libffi-dev libsqlite3-dev libyaml-dev &&
@@ -45,7 +44,9 @@ patch /root/cscan/plugin/zap.py /tmp/zap-plugin.patch &&
 patch /root/cscan/plugin/w3af.py /tmp/w3af-plugin.patch &&
 cp /tmp/cscan-config.py /root/cscan/config.py &&
 echo "" > /root/cscan/ips.txt &&
+echo "" > /root/cscan/websites.txt &&
 cp /tmp/run-cscan.sh /root/ &&
+cp /tmp/configure.py /root/ &&

 #cleanup
 rm -r /tmp/* &&

--- a/run-cscan.sh
+++ b/run-cscan.sh
 #!/bin/bash

-#TARGET=$1
-
-if [ -z "${TARGET}" ]; then
-	echo "TARGET variable not set. Exiting."
-	exit 1
-fi
-
-curl -k "${TARGET}" &> /dev/null
-if [ $? -ne 0 ]; then
-	echo "Target inaccessible. Exiting."
-	exit 2
+python configure.py
+RESULT=$?
+if [ $RESULT -ne 0 ]; then
+        exit $RESULT
 fi

 #mounting random to urandom to prevent blocking because lack of entropy (ZAP certificate creation)
@@ -19,7 +12,6 @@ ln -s /dev/urandom /dev/random

 cd /root/cscan
 rm output/*
-echo "${TARGET}" > websites.txt
 python cscan.py 2>&1 | tee /root/cscan-log.txt
 RESULT=$?
 if [ $RESULT -ne 0 ]; then