Skip to content
Snippets Groups Projects
Commit b9e3e2ea authored by Jan Antić's avatar Jan Antić
Browse files

Merging attack-simulator-integration branch to master

parent 708829a0
No related branches found
No related tags found
No related merge requests found
......@@ -19,7 +19,8 @@ test:
- docker network create test-genscan
- docker run --rm -d --network=test-genscan --name dvwa vulnerables/web-dvwa
- cp "${CI_PROJECT_DIR}/config-example.json" /tmp
- docker run --rm --network=test-genscan -v /tmp/config-example.json:/root/config.json:ro -v /tmp/:/mnt/output registry-gitlab.xlab.si/cyberwiser/$SERVICE:$VERSION
# - docker run --rm --network=test-genscan -v /tmp/config-example.json:/root/config.json:ro -v /tmp/:/root/out registry-gitlab.xlab.si/cyberwiser/$SERVICE:$VERSION
- docker run --rm --network=test-genscan -e TARGET="http://dvwa/" -v /tmp/:/root/out registry-gitlab.xlab.si/cyberwiser/$SERVICE:$VERSION
- grep -q "W3af" /tmp/genscan-out.json
- grep -q "OWASP ZAP" /tmp/genscan-out.json
after_script:
......@@ -37,4 +38,3 @@ push:
- docker logout registry.gitlab.xlab.si
only:
- master
FROM ubuntu:18.04
COPY install.sh zap-plugin.patch w3af-plugin.patch w3af_output_fix.patch w3af-lz4.patch cscan-config.py run-cscan.sh requirements.txt configure.py /tmp/
COPY wiser-wcs-reports /root/wiser-wcs-reports/
COPY wiser-wcs-reports /service/wiser-wcs-reports/
COPY config-example.json /service/
RUN chmod +x /tmp/install.sh /tmp/run-cscan.sh && \
/tmp/install.sh
WORKDIR /root
WORKDIR /service
CMD ./run-cscan.sh
......@@ -7,19 +7,22 @@ Supported scanners:
'''
def main():
with open("/root/config.json", "r") as f_conf:
config = json.load(f_conf)
def load_config(path):
with open(path, "r") as f_conf:
return json.load(f_conf)
def parse_config():
config = load_config("/root/config.json")
# configure cscan target
target = config["target"]
if "url" in target:
f_t = open("/root/cscan/websites.txt", "w")
f_t = open("/service/cscan/websites.txt", "w")
f_t.write(target["url"])
f_t.write(os.linesep)
f_t.close()
if "ip" in target:
f_t = open("/root/cscan/ips.txt", "w")
f_t = open("/service/cscan/ips.txt", "w")
f_t.write(target["ip"])
f_t.write(os.linesep)
f_t.close()
......@@ -29,27 +32,44 @@ def main():
for scanner in config["config"]:
profile = config["config"][scanner]["profile"]
if scanner == "w3af":
cscan_config["CS_W3AF"] = "/root/w3af/w3af_api"
cscan_config["CS_W3AF"] = "/service/w3af/w3af_api"
if profile == "fast_scan":
cscan_config["CS_W3AF_PROFILE"] = "/root/w3af/profiles/fast_scan.pw3af"
cscan_config["CS_W3AF_PROFILE"] = "/service/w3af/profiles/fast_scan.pw3af"
else:
raise UnsupportedProfileException()
# params = config["config"][scanner]["parameters"]
elif scanner == "zap":
cscan_config["CS_ZAP"] = "/root/ZAP_2.7.0/zap.sh"
cscan_config["CS_ZAP"] = "/service/ZAP_2.7.0/zap.sh"
if profile != "basic":
raise UnsupportedProfileException()
else:
raise UnsupportedScannerException()
with open("/root/cscan/config.py", "w") as f_csconf:
with open("/service/cscan/config.py", "w") as f_csconf:
f_csconf.write("config = %s\n" % cscan_config)
def main():
if not os.path.exists("/root/config.json"):
target = os.environ.get('TARGET')
if target is None:
raise UndefinedTargetException()
config = load_config("/service/config-example.json")
config["target"]["url"] = target
with open("/root/config.json", "w") as outfile:
json.dump(config, outfile)
parse_config()
class UnsupportedProfileException(Exception):
pass
class UnsupportedScannerException(Exception):
pass
class UndefinedTargetException(Exception):
pass
if __name__ == "__main__":
main()
......@@ -19,11 +19,11 @@ config = {
#NIKTO
# 'CS_NIKTO' : "nikto",
#W3AF
'CS_W3AF' : "/root/w3af/w3af_api",
'CS_W3AF_PROFILE' : "/root/w3af/profiles/fast_scan.pw3af",
'CS_W3AF' : "/service/w3af/w3af_api",
'CS_W3AF_PROFILE' : "/service/w3af/profiles/fast_scan.pw3af",
# 'CS_W3AF_PROFILE' : "/root/cscan/w3af/profiles/cscan-worker.pw3af",
#ZAP
'CS_ZAP' : "/root/ZAP_2.7.0/zap.sh",
'CS_ZAP' : "/service/ZAP_2.7.0/zap.sh",
#NESSUS
# 'CS_NESSUS_URL' : "https://127.0.0.1:8834",
# 'CS_NESSUS_USER' : "nessus",
......
......@@ -3,6 +3,7 @@
apt update &&
apt install -y python2.7 wget unzip git &&
cd /tmp &&
mkdir -p /service &&
#newer version of pip than through apt
wget -nv https://bootstrap.pypa.io/get-pip.py &&
python2.7 get-pip.py &&
......@@ -21,35 +22,34 @@ apt install -y libffi-dev libsqlite3-dev libyaml-dev &&
cd /tmp &&
wget -nv https://github.com/andresriancho/w3af/archive/0e6dc291a45dd4d5dae94bde301a10c7cb560578.zip &&
unzip -q 0e6dc291a45dd4d5dae94bde301a10c7cb560578.zip &&
mv w3af-0e6dc291a45dd4d5dae94bde301a10c7cb560578 /root/w3af &&
mv w3af-0e6dc291a45dd4d5dae94bde301a10c7cb560578 /service/w3af &&
## for authenticated scans
#cp ~/extended_generic.py w3af/plugins/auth/ &&
#enable other output plugins for w3af API
patch /root/w3af/w3af/core/ui/api/utils/scans.py /tmp/w3af_output_fix.patch &&
patch /root/w3af/w3af/core/controllers/dependency_check/requirements.py /tmp/w3af-lz4.patch &&
patch /service/w3af/w3af/core/ui/api/utils/scans.py /tmp/w3af_output_fix.patch &&
patch /service/w3af/w3af/core/controllers/dependency_check/requirements.py /tmp/w3af-lz4.patch &&
#ZAP
apt install -y openjdk-8-jre &&
cd /tmp &&
wget -nv https://github.com/zaproxy/zaproxy/releases/download/2.7.0/ZAP_2.7.0_Linux.tar.gz &&
tar xzf ZAP_2.7.0_Linux.tar.gz -C /root/ &&
tar xzf ZAP_2.7.0_Linux.tar.gz -C /service/ &&
#CSCAN
apt install -y curl &&
cd /tmp &&
wget -nv https://github.com/infobyte/cscan/archive/0d0ebbea852d7a1bcdeef1651d0974180ef50608.zip &&
unzip -q 0d0ebbea852d7a1bcdeef1651d0974180ef50608.zip &&
mv cscan-0d0ebbea852d7a1bcdeef1651d0974180ef50608 /root/cscan &&
patch /root/cscan/plugin/zap.py /tmp/zap-plugin.patch &&
patch /root/cscan/plugin/w3af.py /tmp/w3af-plugin.patch &&
cp /tmp/cscan-config.py /root/cscan/config.py &&
echo "" > /root/cscan/ips.txt &&
echo "" > /root/cscan/websites.txt &&
cp /tmp/run-cscan.sh /root/ &&
cp /tmp/configure.py /root/ &&
mv cscan-0d0ebbea852d7a1bcdeef1651d0974180ef50608 /service/cscan &&
patch /service/cscan/plugin/zap.py /tmp/zap-plugin.patch &&
patch /service/cscan/plugin/w3af.py /tmp/w3af-plugin.patch &&
cp /tmp/cscan-config.py /service/cscan/config.py &&
echo "" > /service/cscan/ips.txt &&
echo "" > /service/cscan/websites.txt &&
cp /tmp/run-cscan.sh /service/ &&
cp /tmp/configure.py /service/ &&
#cleanup
rm -r /tmp/* &&
exit 0
......@@ -10,22 +10,20 @@ fi
rm /dev/random
ln -s /dev/urandom /dev/random
cd /root/cscan
cd /service/cscan
rm output/*
python cscan.py 2>&1 | tee /root/cscan-log.txt
# creating output dir for automatic Swift upload
mkdir -p /root/out
python cscan.py &> /root/out/cscan-log.txt
RESULT=$?
if [ $RESULT -ne 0 ]; then
exit $RESULT
fi
cd /root/wiser-wcs-reports
python wiser-wcs.py | tail -n 1 > /root/genscan-out.json
cd /service/wiser-wcs-reports
python wiser-wcs.py | tail -n 1 > /root/out/genscan-out.json
if [ -d /mnt/output ]; then
cp /root/genscan-out.json /mnt/output/
else
echo "Output directory not mounted, sending scan results to stdout..."
cat /root/genscan-out.json
fi
# outputting the scan result
cat /root/out/genscan-out.json
exit $?
[cscan_config]
cscan_output=/root/cscan/output
cscan_output=/service/cscan/output
zap=True
w3af=True
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment