diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b7ad45249e3efcfd418dda1232e1049fc0cf66ce..d5fd0a0406e96939c91b96bfab11a619adef2cf2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -19,7 +19,8 @@ test:
- docker network create test-genscan
- docker run --rm -d --network=test-genscan --name dvwa vulnerables/web-dvwa
- cp "${CI_PROJECT_DIR}/config-example.json" /tmp
- - docker run --rm --network=test-genscan -v /tmp/config-example.json:/root/config.json:ro -v /tmp/:/mnt/output registry-gitlab.xlab.si/cyberwiser/$SERVICE:$VERSION
+ # - docker run --rm --network=test-genscan -v /tmp/config-example.json:/root/config.json:ro -v /tmp/:/root/out registry-gitlab.xlab.si/cyberwiser/$SERVICE:$VERSION
+ - docker run --rm --network=test-genscan -e TARGET="http://dvwa/" -v /tmp/:/root/out registry-gitlab.xlab.si/cyberwiser/$SERVICE:$VERSION
- grep -q "W3af" /tmp/genscan-out.json
- grep -q "OWASP ZAP" /tmp/genscan-out.json
after_script:
@@ -37,4 +38,3 @@ push:
- docker logout registry.gitlab.xlab.si
only:
- master
-
diff --git a/Dockerfile b/Dockerfile
index 0286dbfab7938812bbbcca4ff9d310e957ac4f8f..1f80eab536d9f4d165b16738b0391883b19cd960 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,10 +1,11 @@
FROM ubuntu:18.04
COPY install.sh zap-plugin.patch w3af-plugin.patch w3af_output_fix.patch w3af-lz4.patch cscan-config.py run-cscan.sh requirements.txt configure.py /tmp/
-COPY wiser-wcs-reports /root/wiser-wcs-reports/
+COPY wiser-wcs-reports /service/wiser-wcs-reports/
+COPY config-example.json /service/
RUN chmod +x /tmp/install.sh /tmp/run-cscan.sh && \
/tmp/install.sh
-WORKDIR /root
+WORKDIR /service
CMD ./run-cscan.sh
diff --git a/configure.py b/configure.py
index 0ea290b2d2fb7789573ef6fe1bb19102d28327dc..ed3909358e668916c11de7b6a02f7d264205ab56 100644
--- a/configure.py
+++ b/configure.py
@@ -7,19 +7,22 @@ Supported scanners:
'''
-def main():
- with open("/root/config.json", "r") as f_conf:
- config = json.load(f_conf)
+def load_config(path):
+ with open(path, "r") as f_conf:
+ return json.load(f_conf)
+
+def parse_config():
+ config = load_config("/root/config.json")
# configure cscan target
target = config["target"]
if "url" in target:
- f_t = open("/root/cscan/websites.txt", "w")
+ f_t = open("/service/cscan/websites.txt", "w")
f_t.write(target["url"])
f_t.write(os.linesep)
f_t.close()
if "ip" in target:
- f_t = open("/root/cscan/ips.txt", "w")
+ f_t = open("/service/cscan/ips.txt", "w")
f_t.write(target["ip"])
f_t.write(os.linesep)
f_t.close()
@@ -29,27 +32,44 @@ def main():
for scanner in config["config"]:
profile = config["config"][scanner]["profile"]
if scanner == "w3af":
- cscan_config["CS_W3AF"] = "/root/w3af/w3af_api"
+ cscan_config["CS_W3AF"] = "/service/w3af/w3af_api"
if profile == "fast_scan":
- cscan_config["CS_W3AF_PROFILE"] = "/root/w3af/profiles/fast_scan.pw3af"
+ cscan_config["CS_W3AF_PROFILE"] = "/service/w3af/profiles/fast_scan.pw3af"
else:
raise UnsupportedProfileException()
# params = config["config"][scanner]["parameters"]
elif scanner == "zap":
- cscan_config["CS_ZAP"] = "/root/ZAP_2.7.0/zap.sh"
+ cscan_config["CS_ZAP"] = "/service/ZAP_2.7.0/zap.sh"
if profile != "basic":
raise UnsupportedProfileException()
else:
raise UnsupportedScannerException()
- with open("/root/cscan/config.py", "w") as f_csconf:
+ with open("/service/cscan/config.py", "w") as f_csconf:
f_csconf.write("config = %s\n" % cscan_config)
+
+def main():
+ if not os.path.exists("/root/config.json"):
+ target = os.environ.get('TARGET')
+ if target is None:
+ raise UndefinedTargetException()
+ config = load_config("/service/config-example.json")
+ config["target"]["url"] = target
+ with open("/root/config.json", "w") as outfile:
+ json.dump(config, outfile)
+ parse_config()
+
+
+
class UnsupportedProfileException(Exception):
pass
class UnsupportedScannerException(Exception):
pass
+class UndefinedTargetException(Exception):
+ pass
+
if __name__ == "__main__":
main()
diff --git a/cscan-config.py b/cscan-config.py
index a34bedbc182311ba5dcef475aa5d95b7fe73ab85..78385691a101c9d4dced1847b1671e862075d4e1 100644
--- a/cscan-config.py
+++ b/cscan-config.py
@@ -19,11 +19,11 @@ config = {
#NIKTO
# 'CS_NIKTO' : "nikto",
#W3AF
- 'CS_W3AF' : "/root/w3af/w3af_api",
- 'CS_W3AF_PROFILE' : "/root/w3af/profiles/fast_scan.pw3af",
+ 'CS_W3AF' : "/service/w3af/w3af_api",
+ 'CS_W3AF_PROFILE' : "/service/w3af/profiles/fast_scan.pw3af",
# 'CS_W3AF_PROFILE' : "/root/cscan/w3af/profiles/cscan-worker.pw3af",
#ZAP
- 'CS_ZAP' : "/root/ZAP_2.7.0/zap.sh",
+ 'CS_ZAP' : "/service/ZAP_2.7.0/zap.sh",
#NESSUS
# 'CS_NESSUS_URL' : "https://127.0.0.1:8834",
# 'CS_NESSUS_USER' : "nessus",
diff --git a/install.sh b/install.sh
index 78772700d49c1da7708fc672f557e7ab0c63c66b..d2ce80961ee9cd3e7cdbe384f23a232d577e4db8 100644
--- a/install.sh
+++ b/install.sh
@@ -3,6 +3,7 @@
apt update &&
apt install -y python2.7 wget unzip git &&
cd /tmp &&
+mkdir -p /service &&
#newer version of pip than through apt
wget -nv https://bootstrap.pypa.io/get-pip.py &&
python2.7 get-pip.py &&
@@ -21,35 +22,34 @@ apt install -y libffi-dev libsqlite3-dev libyaml-dev &&
cd /tmp &&
wget -nv https://github.com/andresriancho/w3af/archive/0e6dc291a45dd4d5dae94bde301a10c7cb560578.zip &&
unzip -q 0e6dc291a45dd4d5dae94bde301a10c7cb560578.zip &&
-mv w3af-0e6dc291a45dd4d5dae94bde301a10c7cb560578 /root/w3af &&
+mv w3af-0e6dc291a45dd4d5dae94bde301a10c7cb560578 /service/w3af &&
## for authenticated scans
#cp ~/extended_generic.py w3af/plugins/auth/ &&
#enable other output plugins for w3af API
-patch /root/w3af/w3af/core/ui/api/utils/scans.py /tmp/w3af_output_fix.patch &&
-patch /root/w3af/w3af/core/controllers/dependency_check/requirements.py /tmp/w3af-lz4.patch &&
+patch /service/w3af/w3af/core/ui/api/utils/scans.py /tmp/w3af_output_fix.patch &&
+patch /service/w3af/w3af/core/controllers/dependency_check/requirements.py /tmp/w3af-lz4.patch &&
#ZAP
apt install -y openjdk-8-jre &&
cd /tmp &&
wget -nv https://github.com/zaproxy/zaproxy/releases/download/2.7.0/ZAP_2.7.0_Linux.tar.gz &&
-tar xzf ZAP_2.7.0_Linux.tar.gz -C /root/ &&
+tar xzf ZAP_2.7.0_Linux.tar.gz -C /service/ &&
#CSCAN
apt install -y curl &&
cd /tmp &&
wget -nv https://github.com/infobyte/cscan/archive/0d0ebbea852d7a1bcdeef1651d0974180ef50608.zip &&
unzip -q 0d0ebbea852d7a1bcdeef1651d0974180ef50608.zip &&
-mv cscan-0d0ebbea852d7a1bcdeef1651d0974180ef50608 /root/cscan &&
-patch /root/cscan/plugin/zap.py /tmp/zap-plugin.patch &&
-patch /root/cscan/plugin/w3af.py /tmp/w3af-plugin.patch &&
-cp /tmp/cscan-config.py /root/cscan/config.py &&
-echo "" > /root/cscan/ips.txt &&
-echo "" > /root/cscan/websites.txt &&
-cp /tmp/run-cscan.sh /root/ &&
-cp /tmp/configure.py /root/ &&
+mv cscan-0d0ebbea852d7a1bcdeef1651d0974180ef50608 /service/cscan &&
+patch /service/cscan/plugin/zap.py /tmp/zap-plugin.patch &&
+patch /service/cscan/plugin/w3af.py /tmp/w3af-plugin.patch &&
+cp /tmp/cscan-config.py /service/cscan/config.py &&
+echo "" > /service/cscan/ips.txt &&
+echo "" > /service/cscan/websites.txt &&
+cp /tmp/run-cscan.sh /service/ &&
+cp /tmp/configure.py /service/ &&
#cleanup
rm -r /tmp/* &&
exit 0
-
diff --git a/run-cscan.sh b/run-cscan.sh
index d444f25979ead90834efd81cd90fc9eb3db42ab4..4f767fb6a17c2221ec586d8fa7ce144663679d1e 100644
--- a/run-cscan.sh
+++ b/run-cscan.sh
@@ -10,22 +10,20 @@ fi
rm /dev/random
ln -s /dev/urandom /dev/random
-cd /root/cscan
+cd /service/cscan
rm output/*
-python cscan.py 2>&1 | tee /root/cscan-log.txt
+# creating output dir for automatic Swift upload
+mkdir -p /root/out
+python cscan.py &> /root/out/cscan-log.txt
RESULT=$?
if [ $RESULT -ne 0 ]; then
exit $RESULT
fi
-cd /root/wiser-wcs-reports
-python wiser-wcs.py | tail -n 1 > /root/genscan-out.json
+cd /service/wiser-wcs-reports
+python wiser-wcs.py | tail -n 1 > /root/out/genscan-out.json
-if [ -d /mnt/output ]; then
- cp /root/genscan-out.json /mnt/output/
-else
- echo "Output directory not mounted, sending scan results to stdout..."
- cat /root/genscan-out.json
-fi
+# outputting the scan result
+cat /root/out/genscan-out.json
exit $?
diff --git a/wiser-wcs-reports/wiser-wcs.cfg b/wiser-wcs-reports/wiser-wcs.cfg
index d6158fbe7fe67f8611f40e790f18f350dba8fdb8..3ca62f0c05ebc9b3161568cf94171cb3ed8349f6 100644
--- a/wiser-wcs-reports/wiser-wcs.cfg
+++ b/wiser-wcs-reports/wiser-wcs.cfg
@@ -1,4 +1,4 @@
[cscan_config]
-cscan_output=/root/cscan/output
+cscan_output=/service/cscan/output
zap=True
w3af=True