Skip to content
Snippets Groups Projects
Commit 92a85bf4 authored by Zitnik, Anze's avatar Zitnik, Anze
Browse files

Using newest version of cscan (faraday repo). Configure script updated...

Using newest version of cscan (faraday repo). Configure script updated accordingly. Using python3 where possible. Dockerfile updated, install script broken down. v1.3.0
parent 7cfc4510
No related branches found
No related tags found
No related merge requests found
FROM ubuntu:18.04
COPY install.sh zap-plugin.patch w3af-plugin.patch w3af_output_fix.patch w3af-lz4.patch cscan-config.py run-cscan.sh requirements.txt configure.py /tmp/
COPY wiser-wcs-reports /service/wiser-wcs-reports/
COPY config-example.json /service/
COPY install/base.sh /tmp/install/
RUN chmod +x /tmp/install/base.sh && /tmp/install/base.sh
COPY install/requirements.txt install/w3af_output_fix.patch install/w3af-lz4.patch /tmp/
COPY install/w3af.sh /tmp/install/
RUN chmod +x /tmp/install/w3af.sh && /tmp/install/w3af.sh
COPY install/zap.sh /tmp/install/
RUN chmod +x /tmp/install/zap.sh && /tmp/install/zap.sh
RUN chmod +x /tmp/install.sh /tmp/run-cscan.sh && \
/tmp/install.sh
COPY install/zap-plugin.patch install/w3af-plugin.patch install/cscan.patch /tmp/
COPY install/cscan.sh /tmp/install/
RUN chmod +x /tmp/install/cscan.sh && /tmp/install/cscan.sh
COPY install/cleanup.sh /tmp/install/
RUN chmod +x /tmp/install/cleanup.sh && /tmp/install/cleanup.sh
COPY wiser-wcs-reports /service/wiser-wcs-reports/
COPY run-cscan.sh configure.py config-example.json /service/
RUN chmod +x /service/run-cscan.sh
WORKDIR /service
CMD ./run-cscan.sh
VERSION=v1.2.0
VERSION=v1.3.0
SERVICE=vat-genscan
import os
import json
import configparser
'''
Supported scanners:
- w3af
- zap
'''
......@@ -11,43 +13,52 @@ def load_config(path):
with open(path, "r") as f_conf:
return json.load(f_conf)
def parse_config():
def configure():
config = load_config("/root/config.json")
cs_categories = []
cs_scripts = []
# configure cscan target
target = config["target"]
if "url" in target:
f_t = open("/service/cscan/websites.txt", "w")
with open("/service/cscan/websites.txt", "w") as f_t:
f_t.write(target["url"])
f_t.write(os.linesep)
f_t.close()
cs_categories.append('web')
if "ip" in target:
f_t = open("/service/cscan/ips.txt", "w")
with open("/service/cscan/ips.txt", "w") as f_t:
f_t.write(target["ip"])
f_t.write(os.linesep)
f_t.close()
cs_categories.append('network')
# configure scanners
cscan_config = {}
cscan_config = configparser.ConfigParser()
for scanner in config["config"]:
profile = config["config"][scanner]["profile"]
if scanner == "w3af":
cscan_config["CS_W3AF"] = "/service/w3af/w3af_api"
cscan_config["W3AF"] = {"CS_W3AF": "/service/w3af/w3af_api"}
if profile == "fast_scan":
cscan_config["CS_W3AF_PROFILE"] = "/service/w3af/profiles/fast_scan.pw3af"
cscan_config["W3AF"]["CS_W3AF_PROFILE"] = "/service/w3af/profiles/fast_scan.pw3af"
else:
raise UnsupportedProfileException()
# params = config["config"][scanner]["parameters"]
cs_scripts.append("w3af.sh")
elif scanner == "zap":
cscan_config["CS_ZAP"] = "/service/ZAP_2.7.0/zap.sh"
cscan_config["ZAP"] = {"CS_ZAP": "/service/ZAP_2.7.0/zap.sh"}
if profile != "basic":
raise UnsupportedProfileException()
cs_scripts.append("zap.sh")
else:
raise UnsupportedScannerException()
with open("/service/cscan/config.py", "w") as f_csconf:
f_csconf.write("config = %s\n" % cscan_config)
cscan_config["Default setup"] = {
"CS_CATEGORIES": ",".join(cs_categories),
"CS_SCRIPTS": ",".join(cs_scripts)
}
with open("/service/cscan/cscan_conf.ini", "w") as f_csconf:
cscan_config.write(f_csconf)
def main():
if not os.path.exists("/root/config.json"):
......@@ -58,7 +69,7 @@ def main():
config["target"]["url"] = target
with open("/root/config.json", "w") as outfile:
json.dump(config, outfile)
parse_config()
configure()
......
#!/bin/bash
apt update &&
apt install -y python2.7 wget unzip git &&
cd /tmp &&
mkdir -p /service &&
#newer version of pip than through apt
wget -nv https://bootstrap.pypa.io/get-pip.py &&
python2.7 get-pip.py &&
#requirements for w3af
apt install -y python2.7-dev build-essential libxml2-dev libxslt1-dev zlib1g-dev libssl-dev &&
#pip (again) only because strict w3af dependency checks
apt install -y python-pip &&
pip install -r /tmp/requirements.txt &&
pip install git+git://github.com/hay/xml2json.git@3a674efad91e0f1e978babc41a72f297d5e5144b &&
#node and retire
apt install -y npm &&
npm install -g retire &&
#W3AF
apt install -y libffi-dev libsqlite3-dev libyaml-dev &&
cd /tmp &&
wget -nv https://github.com/andresriancho/w3af/archive/0e6dc291a45dd4d5dae94bde301a10c7cb560578.zip &&
unzip -q 0e6dc291a45dd4d5dae94bde301a10c7cb560578.zip &&
mv w3af-0e6dc291a45dd4d5dae94bde301a10c7cb560578 /service/w3af &&
## for authenticated scans
#cp ~/extended_generic.py w3af/plugins/auth/ &&
#enable other output plugins for w3af API
patch /service/w3af/w3af/core/ui/api/utils/scans.py /tmp/w3af_output_fix.patch &&
patch /service/w3af/w3af/core/controllers/dependency_check/requirements.py /tmp/w3af-lz4.patch &&
#ZAP
apt install -y openjdk-8-jre &&
cd /tmp &&
wget -nv https://github.com/zaproxy/zaproxy/releases/download/2.7.0/ZAP_2.7.0_Linux.tar.gz &&
tar xzf ZAP_2.7.0_Linux.tar.gz -C /service/ &&
#CSCAN
apt install -y curl &&
cd /tmp &&
wget -nv https://github.com/infobyte/cscan/archive/0d0ebbea852d7a1bcdeef1651d0974180ef50608.zip &&
unzip -q 0d0ebbea852d7a1bcdeef1651d0974180ef50608.zip &&
mv cscan-0d0ebbea852d7a1bcdeef1651d0974180ef50608 /service/cscan &&
patch /service/cscan/plugin/zap.py /tmp/zap-plugin.patch &&
patch /service/cscan/plugin/w3af.py /tmp/w3af-plugin.patch &&
cp /tmp/cscan-config.py /service/cscan/config.py &&
echo "" > /service/cscan/ips.txt &&
echo "" > /service/cscan/websites.txt &&
cp /tmp/run-cscan.sh /service/ &&
cp /tmp/configure.py /service/ &&
#cleanup
rm -r /tmp/* &&
exit 0
#!/bin/bash
set -e
apt update
apt install -y wget unzip git python3-dev python3-pip python2.7-dev curl vim
cd /tmp
mkdir -p /service
#newer version of pip2 than through apt
wget -nv https://bootstrap.pypa.io/get-pip.py
python2.7 get-pip.py
#!/bin/bash
set -e
rm -r /tmp/*
21c21
< file_path = os.path.expanduser("~/.faraday/config/cscan_conf.ini")
---
> file_path = os.path.expanduser("/service/cscan/cscan_conf.ini")
#!/bin/bash
set -e
cd /tmp
apt install -y libpq-dev
pip3 install faradaysec psutil python-owasp-zap-v2.4
wget -nv https://github.com/infobyte/faraday/archive/464bb0c979ea6821085a4390446bd038a62ac500.zip
unzip -q 464bb0c979ea6821085a4390446bd038a62ac500.zip
mv faraday-464bb0c979ea6821085a4390446bd038a62ac500/scripts/cscan /service/cscan
patch /service/cscan/plugin/zap.py /tmp/zap-plugin.patch
patch /service/cscan/plugin/w3af.py /tmp/w3af-plugin.patch
patch /service/cscan/cscan.py /tmp/cscan.patch
echo "" > /service/cscan/ips.txt
echo "" > /service/cscan/websites.txt
File moved
File moved
15a16
17a18
> import psutil
44c45
48c49
< proc = subprocess.Popen([cmd])
---
> proc = subprocess.Popen([cmd, "--no-ssl"])
48a50,57
52a54,62
> max_wait=60
> time1=time.time()
> while True:
......@@ -13,12 +13,13 @@
> break
> if time.time()-time1 > max_wait:
> raise Exception("w3af wait timeout")
51c60
>
55c65
< conn = Connection('http://127.0.0.1:5000/')
---
> conn = Connection('http://127.0.0.1:5000/', timeout=20)
76c85
< main()
81c91
< # I'm Py3
\ No newline at end of file
---
> main()
> # I'm Py3
#!/bin/bash
set -e
#requirements for w3af
apt install -y build-essential libxml2-dev libxslt1-dev zlib1g-dev libssl-dev
#w3af_api_client for python3
wget -nv https://github.com/andresriancho/w3af-api-client/archive/master.zip
unzip master.zip
cd w3af-api-client-master
pip3 install -r requirements.txt
python3 setup.py build
python3 setup.py install
cp -r w3af_api_client /usr/local/lib/python3.6/dist-packages/
cd /tmp
#pip (again) only because strict w3af dependency checks
apt install -y python-pip
pip2 install -r /tmp/requirements.txt
pip2 install git+git://github.com/hay/xml2json.git@3a674efad91e0f1e978babc41a72f297d5e5144b
#node and retire
apt install -y npm
npm install -g retire
#W3AF
apt install -y libffi-dev libsqlite3-dev libyaml-dev
cd /tmp
wget -nv https://github.com/andresriancho/w3af/archive/0e6dc291a45dd4d5dae94bde301a10c7cb560578.zip
unzip -q 0e6dc291a45dd4d5dae94bde301a10c7cb560578.zip
mv w3af-0e6dc291a45dd4d5dae94bde301a10c7cb560578 /service/w3af
## for authenticated scans
#cp ~/extended_generic.py w3af/plugins/auth/
#enable other output plugins for w3af API
patch /service/w3af/w3af/core/ui/api/utils/scans.py /tmp/w3af_output_fix.patch
patch /service/w3af/w3af/core/controllers/dependency_check/requirements.py /tmp/w3af-lz4.patch
File moved
19a20
24a25
> import psutil
81c82
53c54
< filex.write(zap.core.xmlreport)
---
> filex.write(zap.core.xmlreport())
91c92
< proc = subprocess.Popen([cmd, '-daemon'])
---
> proc = subprocess.Popen([cmd, '-daemon', '-config', 'api.disablekey=true'])
84,85c85,93
< print 'Waiting for ZAP to load, 10 seconds ...'
94,95c95,103
< print('Waiting for ZAP to load, 10 seconds ...')
< time.sleep(10)
---
> print 'Waiting for ZAP to load...'
> print('Waiting for ZAP to load...')
> max_wait=600
> time1=time.time()
> while True:
......@@ -17,8 +21,20 @@
> break
> if time.time()-time1 > max_wait:
> raise Exception("ZAP wait timeout")
132c140
< main()
113,114c121,122
< while(int(zap.spider.status) < 100):
< print('Spider progress %: ' + zap.spider.status)
---
> while(int(zap.spider.status()) < 100):
> print('Spider progress %: ' + zap.spider.status())
123,124c131,132
< while(int(zap.ascan.status) < 100):
< print('Scan progress %: ' + zap.ascan.status)
---
> while(int(zap.ascan.status()) < 100):
> print('Scan progress %: ' + zap.ascan.status())
143c151
< # I'm Py3
\ No newline at end of file
---
> main()
> # I'm Py3
#!/bin/bash
set -e
apt install -y openjdk-8-jre
cd /tmp
wget -nv https://github.com/zaproxy/zaproxy/releases/download/2.7.0/ZAP_2.7.0_Linux.tar.gz
tar xzf ZAP_2.7.0_Linux.tar.gz -C /service/
#!/bin/bash
python configure.py
python3 configure.py
RESULT=$?
if [ $RESULT -ne 0 ]; then
exit $RESULT
......@@ -11,10 +11,9 @@ rm /dev/random
ln -s /dev/urandom /dev/random
cd /service/cscan
rm output/*
# creating output dir for automatic Swift upload
mkdir -p /root/out
python cscan.py &> /root/out/cscan-log.txt
python3 cscan.py &> /root/out/cscan-log.txt
RESULT=$?
if [ $RESULT -ne 0 ]; then
exit $RESULT
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment