├── ptn ├── __init__.py ├── errors.py ├── templates │ ├── 500.html │ ├── 404.html │ ├── item.html │ ├── notes.html │ ├── base.html │ ├── index.html │ ├── import.html │ ├── projects.html │ ├── host.html │ ├── project.html │ ├── hosts.html │ ├── attack.html │ └── about.html ├── static │ ├── ptnotes.js │ └── ptnotes.css ├── validate.py ├── attacks.py ├── webserver.py ├── importscan.py └── database.py ├── Dockerfile ├── .gitignore ├── LICENSE ├── server ├── config ├── cert.pem └── key.pem ├── README.md └── data └── attacks.json /ptn/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /ptn/errors.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | 4 | class ScanImportError(Exception): 5 | pass 6 | -------------------------------------------------------------------------------- /ptn/templates/500.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | {% block data %} 3 |

The server encountered an internal error.

4 | 5 |

Return to the Projects page.

6 | {% endblock %} 7 | -------------------------------------------------------------------------------- /ptn/templates/404.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | {% block data %} 3 |

The item you were looking for could not be found.

4 | 5 |

Return to the Projects page.

6 | {% endblock %} 7 | -------------------------------------------------------------------------------- /ptn/static/ptnotes.js: -------------------------------------------------------------------------------- 1 | function toggle(id) 2 | { 3 | var e = document.getElementById(id); 4 | if ( e.style.display == 'block' ) 5 | e.style.display = 'none'; 6 | else 7 | e.style.display = 'block'; 8 | } -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine 2 | MAINTAINER Jayson Grace 3 | 4 | # Install flask and various dependencies 5 | RUN apk add --no-cache py2-pip \ 6 | && pip2 install --upgrade pip \ 7 | && pip2 install flask 8 | 9 | # Setup the ptnotes user, project, and folder permissions 10 | RUN adduser -h /ptnotes -g ptnotes -D ptnotes 11 | COPY . /ptnotes 12 | RUN chown -R ptnotes:ptnotes /ptnotes 13 | RUN chmod +x /ptnotes/server 14 | USER ptnotes 15 | 16 | WORKDIR /ptnotes 17 | 18 | EXPOSE 5000 19 | 20 | CMD ["./server", "-l", "0.0.0.0"] 21 | -------------------------------------------------------------------------------- /ptn/templates/item.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | {% block data %} 3 | 4 |

{{ name }}

5 |

6 | Project Summary | 7 | Imported Hosts | 8 | Attack Notes | 9 | Host Notes | 10 | Import Data 11 |

12 | 13 | {% if item != {} %} 14 |

{{ item['ip'] }} ({{ item['port'] }}/{{ item['protocol'] }})

15 | 16 | 
{{ item['note'] }}
17 | {% endif %} 18 | {% endblock %} 19 | -------------------------------------------------------------------------------- /ptn/templates/notes.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | {% block data %} 3 | 4 |

{{ name }}

5 |

6 | Project Summary | 7 | Imported Hosts | 8 | Attack Notes | 9 | Host Notes | 10 | Import Data 11 |

12 | 13 | {% for note in notes %} 14 | {% if note[1] != "" and note[1] != None %} 15 |

{{ note[0] }}

16 | 
{{ note[1] }}
17 | {% endif %} 18 | {% endfor %} 19 | {% endblock %} 20 | -------------------------------------------------------------------------------- /ptn/templates/base.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | Pentest Notes 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 |

Pentest Notes

12 | 17 |
18 | 19 | 20 |
21 | {% block data %} 22 | {% endblock %} 23 |
24 | 25 | 26 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /ptn/templates/index.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | {% block data %} 3 | 4 |

Overview

5 |

Pentest Notes allows testers to keep track of what can be done, has been done, and still needs to be done during a network penetration test. To use Pentest Notes, create a new project using the Projects tab. Next, select the newly created project and import any Nessus or Nmap XML files into the project. The imported data will be organized by hosts and attacks. Select a host to get detailed information about it. Select an attack to get more details about the attack including the hosts that may be vulnerable to the attack. If you would like to make suggestions to improve the tool, submit code, or report issues please head over to Github and contribute.

6 | {% endblock %} -------------------------------------------------------------------------------- /ptn/templates/import.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | {% block data %} 3 | 4 |

{{ name }}

5 |

6 | Project Summary | 7 | Imported Hosts | 8 | Attack Notes | 9 | Host Notes | 10 | Import Data 11 |

12 | 13 |

Import Scan Data

14 |
15 |
16 | 17 |
18 | 19 |

Imported Files

20 | 25 | 26 | {% endblock %} 27 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .tar.gz 2 | .DS_Store 3 | *.sqlite 4 | # Byte-compiled / optimized / DLL files 5 | __pycache__/ 6 | *.py[cod] 7 | 8 | # C extensions 9 | *.so 10 | 11 | # Distribution / packaging 12 | .Python 13 | env/ 14 | build/ 15 | develop-eggs/ 16 | dist/ 17 | downloads/ 18 | eggs/ 19 | .eggs/ 20 | lib/ 21 | lib64/ 22 | parts/ 23 | sdist/ 24 | var/ 25 | *.egg-info/ 26 | .installed.cfg 27 | *.egg 28 | 29 | # PyInstaller 30 | # Usually these files are written by a python script from a template 31 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 32 | *.manifest 33 | *.spec 34 | 35 | # Installer logs 36 | pip-log.txt 37 | pip-delete-this-directory.txt 38 | 39 | # Unit test / coverage reports 40 | htmlcov/ 41 | .tox/ 42 | .coverage 43 | .coverage.* 44 | .cache 45 | nosetests.xml 46 | coverage.xml 47 | *,cover 48 | 49 | # Translations 50 | *.mo 51 | *.pot 52 | 53 | # Django stuff: 54 | *.log 55 | 56 | # Sphinx documentation 57 | docs/_build/ 58 | 59 | # PyBuilder 60 | target/ 61 | -------------------------------------------------------------------------------- /ptn/templates/projects.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | {% block data %} 3 | 4 |

Projects

5 |

Create New Project

6 |
7 | 8 | 9 |
10 | 11 |

Current Projects

12 | {% if not projects %} 13 |

No projects have been created yet.

14 | {% else %} 15 | 16 | 17 | 18 | 19 | 20 | 21 | {% for p in projects %} 22 | 23 | 24 | 25 | 28 | 29 | {% endfor %} 30 |
ProjectStatsActions
{{ p['name'] }}{{ stats[p['id']] }} 26 | Delete Project 27 |
31 | {% endif %} 32 | 33 | 34 | {% endblock %} 35 | -------------------------------------------------------------------------------- /ptn/templates/host.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | {% block data %} 3 | 4 |

{{ name }}

5 |

6 | Project Summary | 7 | Imported Hosts | 8 | Attack Notes | 9 | Host Notes | 10 | Import Data 11 |

12 | 13 |
14 |

Notes

15 |
16 |
17 | 18 |
19 |
20 | 21 | {% if details != {} %} 22 |
23 | 24 |

{{ host }}

25 |

Click on each port heading to see the associated data.

26 | 27 |
28 | {% for k in keys %} 29 |

{{ k }}

30 | 35 | {% endfor %} 36 |
37 |
38 | {% endif %} 39 | {% endblock %} 40 | -------------------------------------------------------------------------------- /ptn/templates/project.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | {% block data %} 3 | 4 |

{{ name }}

5 |

6 | Project Summary | 7 | Imported Hosts | 8 | Attack Notes | 9 | Host Notes | 10 | Import Data 11 |

12 | 13 |
14 |

Notes

15 |
16 |
17 | 18 |
19 |
20 | 21 |
22 |

Potential Attack Vectors

23 |

The following potential attack vectors were identified. Click on the name of the attack vector for additional details

24 | 25 |
26 | {% if not attacks %} 27 |

No attacks are available yet.

28 | {% else %} 29 | {% for a in attacks %} 30 | 33 | {% endfor %} 34 | 35 | 36 | {% endif %} 37 |
38 |
39 | {% endblock %} 40 | -------------------------------------------------------------------------------- /ptn/templates/hosts.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | {% block data %} 3 | 4 |

{{ name }}

5 |

6 | Project Summary | 7 | Imported Hosts | 8 | Attack Notes | 9 | Host Notes | 10 | Import Data 11 |

12 | 13 |

Imported Hosts

14 | 15 | {% if not hosts%} 16 |

No hosts have been imported yet, please import a Nessus or Nmap XML file.

17 | {% else %} 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | {% for host in hosts %} 27 | 28 | 29 | 30 | 32 | 33 | 34 | {% endfor %} 35 |
IPHostnameOSTCP PortsUDP Ports
{{ host['ip'] }}{{ host['fqdn'] }}{{ host['os'] }} 31 | {{ ', '.join(host['tcp']) }}{{ ', '.join(host['udp']) }}
36 | {% endif %} 37 | 38 |

Unique Hosts

39 | {{ ', '.join(unique['ip']) }} 40 | 41 |

Unique TCP Ports

42 | {{ ','.join(unique['tcp']) }} 43 | 44 |

Unique UDP Ports

45 | {{ ','.join(unique['udp']) }} 46 | 47 | {% endblock %} 48 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2015, LCI Technology Group, LLC 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | 7 | Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation 12 | and/or other materials provided with the distribution. 13 | 14 | Neither the name of LCI Technology Group, LLC nor the names of its 15 | contributors may be used to endorse or promote products derived from this 16 | software without specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 22 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28 | POSSIBILITY OF SUCH DAMAGE. 29 | -------------------------------------------------------------------------------- /server: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | import logging 5 | import os 6 | import argparse 7 | 8 | #Parse command line arguments using argparse 9 | parser = argparse.ArgumentParser() 10 | parser.add_argument('-l', action='store', default='127.0.0.1', metavar='LISTEN_ADDRESS', 11 | help='Address to listen on. Default is 127.0.0.1') 12 | parser.add_argument('-p', action='store', type=int, default=5000, metavar="LISTEN_PORT", 13 | help='Port to listen on. Default is 5000.') 14 | parser.add_argument('-d', action='store_true', default=False, 15 | help='Enable Flask debugging. Should not be used in production.') 16 | 17 | args = parser.parse_args() 18 | 19 | SERVER = args.l 20 | PORT = args.p 21 | DEBUG = args.d 22 | LOG_LEVEL = logging.INFO 23 | 24 | #----------------------------------------------------------------------------- 25 | # Do not edit anything below this line. 26 | #----------------------------------------------------------------------------- 27 | 28 | try: 29 | os.mkdir('log') 30 | except OSError: 31 | # Log directory already exists 32 | pass 33 | 34 | log_file = os.path.join('log', 'ptnotes.log') 35 | 36 | logging.basicConfig( 37 | level=LOG_LEVEL, 38 | filename=log_file) 39 | 40 | console = logging.StreamHandler() 41 | console.setLevel(logging.ERROR) 42 | formatter = logging.Formatter('%(name)-12s: %(levelname)-8s %(message)s') 43 | console.setFormatter(formatter) 44 | logging.getLogger('').addHandler(console) 45 | 46 | logging.info('Starting PTNotes server.') 47 | print('Starting PTNotes server on {0}:{1}'.format(SERVER, PORT)) 48 | 49 | cert_file = os.path.join('config', 'cert.pem') 50 | key_file = os.path.join('config', 'key.pem') 51 | 52 | import ptn.webserver as server 53 | server.app.run(host=SERVER, port=PORT, debug=DEBUG, ssl_context=(cert_file, key_file)) 54 | -------------------------------------------------------------------------------- /ptn/validate.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: utf-8 -*- 3 | 4 | import logging 5 | import re 6 | 7 | re_hash = re.compile('^[0-9a-f]{64}$') 8 | 9 | class Validate(): 10 | 11 | def __init__(self): 12 | self.log = logging.getLogger('VALID') 13 | self.protocols = ['tcp', 'udp', 'icmp'] 14 | self.min_port = 0 15 | self.max_port = 65535 16 | 17 | def ip(self, ip): 18 | """ 19 | Validate the IP address. 20 | """ 21 | self.log.debug('Validating IP address {0}.'.format(ip)) 22 | try: 23 | octets = ip.split('.') 24 | for octet in octets: 25 | o = int(octet) 26 | assert (o >= 0) and (o <= 255) 27 | 28 | return True 29 | 30 | except (TypeError, ValueError, AssertionError): 31 | self.log.error('The IP address must be in dotted quad notation.') 32 | raise AssertionError('Invalid IP address.') 33 | 34 | def port(self, port): 35 | self.log.debug("Validating port {0}.".format(port)) 36 | try: 37 | assert (port >= self.min_port) and (port <= self.max_port) 38 | 39 | except (TypeError, AssertionError): 40 | self.log.error('Port must be an integer from 0 to 65535') 41 | raise AssertionError('Invalid port.') 42 | 43 | def protocol(self, protocol): 44 | self.log.debug('Validating protocol {0}.'.format(protocol)) 45 | try: 46 | assert protocol in self.protocols 47 | 48 | except AssertionError: 49 | self.log.error('Protocol must be in {0}.'.format(', '.join(protocols))) 50 | raise AssertionError('Invalid protocol.') 51 | 52 | def hash(self, hash): 53 | self.log.debug('Validating hash {0}.'.format(hash)) 54 | try: 55 | m = re_hash.search(hash.lower()) 56 | assert m is not None 57 | 58 | except AssertionError: 59 | self.log.error('Hash must be a valid SHA256 hex value.') 60 | raise AssertionError('Invalid hash.') 61 | -------------------------------------------------------------------------------- /ptn/templates/attack.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | {% block data %} 3 | 4 |

{{ name }}

5 |

6 | Project Summary | 7 | Imported Hosts | 8 | Attack Notes | 9 | Host Notes | 10 | Import Data 11 |

12 | 13 |
14 |

Notes

15 |
16 |
17 | 18 |
19 |
20 | 21 |
22 |

{{ attack['name'] }}

23 |

{{ attack['description'] }}

24 | 25 |
26 |

Affected Hosts

27 | 49 | 50 |

Raw Host List

51 | 59 |
60 |
61 | {% endblock %} 62 | -------------------------------------------------------------------------------- /ptn/templates/about.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | {% block data %} 3 |

About Pentest Notes

4 | 5 |

Contact

6 |

Pentest Notes was originally developed by Stephen Haywood (AverageSecurityGuy). If you have questions or comments about the software feel free to get in touch with him via Twitter or email. If you have issues with the software please go to the project page on Github and open a new issue.

7 | 8 |

License

9 | 
10 | Copyright (c) 2015, LCI Technology Group, LLC
11 | All rights reserved.
12 | 
13 | Redistribution and use in source and binary forms, with or without
14 | modification, are permitted provided that the following conditions are met:
15 | 
16 |  Redistributions of source code must retain the above copyright notice, this
17 |  list of conditions and the following disclaimer.
18 | 
19 |  Redistributions in binary form must reproduce the above copyright notice,
20 |  this list of conditions and the following disclaimer in the documentation
21 |  and/or other materials provided with the distribution.
22 | 
23 |  Neither the name of LCI Technology Group, LLC nor the names of its
24 |  contributors may be used to endorse or promote products derived from this
25 |  software without specific prior written permission.
26 | 
27 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
28 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
31 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
32 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
33 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
34 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
35 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
36 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
37 | POSSIBILITY OF SUCH DAMAGE.
38 |
39 | 40 | {% endblock %} -------------------------------------------------------------------------------- /config/cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIF+jCCA+KgAwIBAgIJALyKJpu5KdAVMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNV 3 | BAYTAlVTMQswCQYDVQQIEwJUTjEWMBQGA1UEChMNUGVudGVzdCBOb3RlczEnMCUG 4 | A1UEAxMeUGVudGVzdCBOb3RlcyBTZWxmLVNpZ25lZCBDZXJ0MB4XDTE3MTAwOTA0 5 | MDk1NFoXDTI3MTAwNzA0MDk1NFowWzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlRO 6 | MRYwFAYDVQQKEw1QZW50ZXN0IE5vdGVzMScwJQYDVQQDEx5QZW50ZXN0IE5vdGVz 7 | IFNlbGYtU2lnbmVkIENlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC 8 | AQC9eBr5uJHuPGyTeaaWF2GT7/zsPs03hPM0L7sJdPClCffKgwy4r7hzaIxqFtRu 9 | vIa04+kdnNSy05zWddQ0rj0Y4d6VVr/zV3u2MYQv4awXJ6yDTK8Z41I7Qne7H9i4 10 | 8evknb8lS0XZdYfriJEgq9xBrfolSa4nibJ50LW3tCI3yVJXLv+Mr39RznUjbJYp 11 | c71QWMFuMVoU08pnHvuGnitFqsjWJx9Viw3Hm6DNUiq13R2WD0jRCshNGRUsUxu/ 12 | pRkyG05V2bJHSgi+IGsNAZZEvxep3Z7W+nQblHAWv2M6u/UJtJChRJjkNOqq3r/G 13 | Z8hyoebPnLzJP75rdcjiwECMCgKWHKtFU0UTnDU5FPg3oso9Y9bEvgN7ScNQ/Rzj 14 | 0DcCrw5tNksNUb2m/nb2F9FItlh7Me6pYGOFdMmY4gFFrY7ro3cH7GDADw+P9SUZ 15 | gEbxxYsftw5I8ss2AmxBNLkH4Rq+6LmDNgy2fMCIIgpRnkdoSbeOiwsRuOWp5M9U 16 | NVvD/94FvtteQlooOtUSbAeW3HKEFLUOvCarGYNiEq+uCaaI5odyyYj4Oj2QVubW 17 | brzZpPOyrG7OeyHwluh4nhikTmtKE9R5oSXUsRFpsWPZhSLU2cLRE/EnNBDlPKvX 18 | E6APH1HoFy1RmN1pS6dHE2lDnHJxjvHF/bSCoja4z8HapQIDAQABo4HAMIG9MB0G 19 | A1UdDgQWBBSm7R/Ot8+c92igN9mI+u40H6TpxDCBjQYDVR0jBIGFMIGCgBSm7R/O 20 | t8+c92igN9mI+u40H6TpxKFfpF0wWzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlRO 21 | MRYwFAYDVQQKEw1QZW50ZXN0IE5vdGVzMScwJQYDVQQDEx5QZW50ZXN0IE5vdGVz 22 | IFNlbGYtU2lnbmVkIENlcnSCCQC8iiabuSnQFTAMBgNVHRMEBTADAQH/MA0GCSqG 23 | SIb3DQEBBQUAA4ICAQCad2AqAFkDjyi5Rg6ivx6sTnrCGGjgJFHXFmrAoQ37o/An 24 | /2CswhsMFUjkBUEeNBiZc+84eA12rXKxhZsgdDVrYJBjsLkr1fQHuAuelik4e60I 25 | QljihUwEmEdYPnlFAliN/kGPYD2BkcHHQ1ujMoYF76I4gyUwKyLnhxhGICPokNM1 26 | Rjyg4LcGCzqQc5EJysyShsHxpRxzUsQ0YHTp4gGZuBefpL1pEqUiQVAvzTEXk/on 27 | J01TdIzXVGLlDQ2IOkc+3yuik/nWKSR5Y1kGDzph0g7ReKdlwgtsN43jYBBEP8c+ 28 | IG1U1BmK9Lu3yPj0DM09RRX4GJJ66Jrx1j9wofBetisvIqqY5WpjFnbwufO8Zue6 29 | CZAAShSdmB9ZNk6puJzDu3RodKDkrb/mCzCk6tQA425JVB3w7rtRZx/AUQGFYGfi 30 | HNBIcMEjINPjEvWSb+ZjH6MK8yzHZG2ikCCcszpsk76HLLwZ214Pq1Nxz+FhY9Ab 31 | z94tRUBc2f1U10KvYxjf9aFQoBj4bPktezQ/UUUcZN778Y93orlztpvpHXIYFtCQ 32 | uq9gHGk16n6bJ4PwttmDMh4sQt/jJ8EcrzOmXyTpnxXdd+miyKqUka2NROSlKkuE 33 | 9Bk0O2xmTJmznJUS3bIfy4fi6YMVLcw7IHVL+r8HhWIIURcA5jW5Zv40bXhtFA== 34 | -----END CERTIFICATE----- 35 | -------------------------------------------------------------------------------- /ptn/attacks.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: utf-8 -*- 3 | 4 | import logging 5 | import sys 6 | import os.path 7 | import json 8 | import random 9 | 10 | import validate 11 | import database 12 | 13 | ## 14 | # Process all of the attacks in the JSON file and add new attacks to the 15 | # specified project file. 16 | # 17 | 18 | ATK_FILE = os.path.join('data', 'attacks.json') 19 | 20 | class Attack(): 21 | def __init__(self, project_file): 22 | self.db = database.ScanDatabase(project_file) 23 | self.log = logging.getLogger('ATTACK') 24 | self.attacks = self.load_attacks(ATK_FILE) 25 | 26 | def load_attacks(self, filename): 27 | """ 28 | Load attacks from JSON file. 29 | """ 30 | attacks = [] 31 | 32 | self.log.info('Loading attack file.') 33 | try: 34 | with open(filename) as f: 35 | attacks = json.loads(f.read()) 36 | 37 | except (IOError, ValueError) as e: 38 | self.log.critical('Could not load attack file: {0}'.format(e)) 39 | 40 | return attacks 41 | 42 | def find_attacks(self): 43 | """ 44 | Find all of the potential attacks in the project based on the attacks 45 | described in the attack file. 46 | """ 47 | for a in self.attacks: 48 | self.log.info('Finding attacks for {0}.'.format(a['name'])) 49 | items = self.get_items(a) 50 | 51 | if items != []: 52 | # If the attack does not exist, create it. If it does exist then 53 | # add hosts to it. 54 | attack = self.db.attackdb.get_attack_by_name(a['name']) 55 | if attack is None: 56 | self.db.attackdb.create_attack(a['name'], a['description'], items) 57 | else: 58 | self.db.attackdb.update_attack_hosts(attack['id'], items) 59 | 60 | def get_items(self, attack): 61 | """ 62 | Get all items matching the attack data. 63 | """ 64 | self.log.debug('Getting items for {0}.'.format(attack['name'])) 65 | items = [] 66 | 67 | items.extend(self.db.itemdb.get_items_by_keywords(attack.get('keywords'))) 68 | 69 | self.log.debug('Found {0} total items.'.format(len(items))) 70 | 71 | items = ["{0}:{1}:{2}".format(i[0], i[1], i[2]) for i in items] 72 | 73 | return items 74 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # PTNotes 2 | Simple tool for taking notes in a pentest. PTNotes uses data from imported Nessus and Nmap files along with the built-in attack data to build a list of hosts, open ports, and potential attack vectors. It then allows you to add notes to each host and each attack vector. You can then view all attack notes or all host notes at one time. PTNotes allows you to create a separate project for each penetration test. 3 | 4 | ## Prerequisites 5 | You will need to install the flask framework: `pip install flask` 6 | 7 | ## Installation 8 | `git clone https://github.com/averagesecurityguy/ptnotes` 9 | 10 | or 11 | 12 | ``` 13 | wget https://github.com/averagesecurityguy/ptnotes/archive/.zip 14 | gunzip .zip 15 | ``` 16 | 17 | ## Supported Versions 18 | The only supported versions of PTNotes is the latest release and the dev branch. All other releases are obsolete and will be routinely removed from Github. 19 | 20 | 21 | ## Usage 22 | From the ptnotes folder run `./server` then connect to the server on https://127.0.0.1:5000. PTNotes ships with a default TLS certificate. For security purposes, this certificate should be replaced when running the server in production. To install your certificate, replace the `config/cert.pem` and `config/key.pem` files with the appropriate files. PTNotes also supports the following command line options. 23 | 24 | ``` 25 | usage: server [-h] [-l LISTEN_ADDRESS] [-p LISTEN_PORT] [-d] 26 | 27 | optional arguments: 28 | -h, --help show this help message and exit 29 | -l LISTEN_ADDRESS Address to listen on. Default is 127.0.0.1 30 | -p LISTEN_PORT Port to listen on. Default is 5000. 31 | -d Enable Flask debugging. Should not be used in production. 32 | ``` 33 | 34 | ## Creating New Attacks 35 | To add new attacks to PTNotes edit the `data/attacks.json` file. Each attack uses the following structure: 36 | 37 | ``` 38 | { 39 | "name": "SMB Brute-force.", 40 | "description": "Attempt to brute-force the local administrator account on these SMB servers.", 41 | "keywords": ["--smb-os-discovery--", "--11011--"] 42 | } 43 | ``` 44 | 45 | An attack needs a name and description along with a list of keywords that signify a machine may vulnerable to the attack. When data is imported to PTNotes the Nessus plugin id or the Nmap script name are extracted along with the plugin/script output. You can search for vulnerabilities using the plugin id or script name surrounded by -- as seen in the example above. You can also use any text from the plugin or script output. Multiple keywords are joined with OR to create the final query. 46 | 47 | ## To use the Docker container 48 | Start by building it: 49 | ``` 50 | docker build . -t /ptnotes 51 | ``` 52 | Next, run it: 53 | ``` 54 | docker run -d -p 5000:5000 --name=ptnotes -v /data:/ptnotes/data /ptnotes 55 | ``` 56 | Destroy it when you're done (your data will persist since you used the volume mount parameter): 57 | ``` 58 | docker stop ptnotes && docker rm ptnotes 59 | ``` 60 | -------------------------------------------------------------------------------- /config/key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIJJwIBAAKCAgEAvXga+biR7jxsk3mmlhdhk+/87D7NN4TzNC+7CXTwpQn3yoMM 3 | uK+4c2iMahbUbryGtOPpHZzUstOc1nXUNK49GOHelVa/81d7tjGEL+GsFyesg0yv 4 | GeNSO0J3ux/YuPHr5J2/JUtF2XWH64iRIKvcQa36JUmuJ4myedC1t7QiN8lSVy7/ 5 | jK9/Uc51I2yWKXO9UFjBbjFaFNPKZx77hp4rRarI1icfVYsNx5ugzVIqtd0dlg9I 6 | 0QrITRkVLFMbv6UZMhtOVdmyR0oIviBrDQGWRL8Xqd2e1vp0G5RwFr9jOrv1CbSQ 7 | oUSY5DTqqt6/xmfIcqHmz5y8yT++a3XI4sBAjAoClhyrRVNFE5w1ORT4N6LKPWPW 8 | xL4De0nDUP0c49A3Aq8ObTZLDVG9pv529hfRSLZYezHuqWBjhXTJmOIBRa2O66N3 9 | B+xgwA8Pj/UlGYBG8cWLH7cOSPLLNgJsQTS5B+Eavui5gzYMtnzAiCIKUZ5HaEm3 10 | josLEbjlqeTPVDVbw//eBb7bXkJaKDrVEmwHltxyhBS1DrwmqxmDYhKvrgmmiOaH 11 | csmI+Do9kFbm1m682aTzsqxuznsh8JboeJ4YpE5rShPUeaEl1LERabFj2YUi1NnC 12 | 0RPxJzQQ5Tyr1xOgDx9R6BctUZjdaUunRxNpQ5xycY7xxf20gqI2uM/B2qUCAwEA 13 | AQKCAgBZ1TVtC27ddva/4aDzbviL7PCNjqU8WqP5LVxP+osSpSxAb2w7sM0SoxJY 14 | RqTIMEjqQVlI+g/7DcxB/rHznF1Ji+Y+BliSZvs4Ajg7f5NZkyz/P/+Rla9qe3RL 15 | W6kk30dKKOT1KMBgf5JHQYQV6oZO+c8tmMai5m2hxiwygozqyGBrB9SQfrEuN2Zg 16 | ul5kHwU2sC5eMbYVQ+mmhREa3amEqZn5t6jqpTiOWKKgVwH7InChsnOC8crQi0D3 17 | uBvi/MN6d2nn2ITnuhl1E+fNzd/SjowItRRXt34PiYyvrGS+91kSFfOxEtYu9UwC 18 | YgSpbJGkkFDgRN9ZyAhf6QOrRx4StqLvs+UB/DVfg9AgkJDcFDEVROTf8kQFBJmF 19 | lzjWZGDKu/i7J4T/oExagJZ/IWvrdWdT3YLkHivQ1fGmXKLapdVMmudavz3lEIlX 20 | bHUDxN47W2PpkNpnwYQHKFU+9Gds/IzGTDseNrLEEGkt+E0ahci0UzETZH3ShMEG 21 | 2gT+eZUvVyXYP8rttoZqqpQwIKtiBMhXAcLbO0IY+m84AUk2JkLGPTfNPeJaKUvx 22 | ZLiiz4RBNsV5kaBMVwOs9TB2zZYE1VVfQ5aWM2fIIk4p60LdAymsdLKDULSqqRoB 23 | tzaCsUQubUgSYh9kTdTMTlXATkxT54TVuKwIOWvJHkaL5Nr2wQKCAQEA5whzsPvQ 24 | l4Kk1TCRYH0moVLlbTmXRyh75vIS+IsnXGct79y4BocbER7liMAzE47JNvtuBEe0 25 | nTnp9Kcwb8UW15/STsEPxvVd5vfm9XuT/850EhNy2yrySzNCy0xE43cKcWAqvtc0 26 | 1NolXmQ/t8O5+PF9xT5MwXV4oRbfz2qqC/8ZH22aqtVVAykfMFvXsc1k8+esxi0k 27 | 0vgmM7WPAkAKFUMqUvdcIfths7eQq4RGUqxEsBhPE+ImOESETRDzf9bY3lL56wIH 28 | gDQM6sHeNO5rXTPKLm2kJX9Oii5TOn9z5x/wGOh4HCzLOBAssdRf6t2fB3KBv87P 29 | ptwkz6zhYfOrcQKCAQEA0fHJMGb/eIM4QJ2WF+BwGJDpoZ9reb1A8bZoSMgp95iS 30 | ykE+rfjlHheRsUmmt65Tn7wl7bjeuTG9KmpUOefTLuEILSQOpjeqs+YyDwpIYVH9 31 | aWQ1JzCN8eqUDCxoOvX391bVot+kNA7cyg1erAtdtmVhEIC/1ZYZugwa0nSRyW8M 32 | b6zN7b7Kz32cs9hfNZ0T9Z9VE86NVQGy5/5t0KrECDgg+dqP7iMWHt0b0MWWWFR+ 33 | 0afesF5W+/RiZzWQfLTebu5/Oi6hRTgs4PoRHz1yQjWeAahek2haNdRo2sQYTX03 34 | KRewG89tXRwlQFwWgW1dOFEiklQ69qzYbgE6AmyAdQKCAQB2v1Rfkn67cU3xuf3u 35 | /0ScxLPhuSk1TOyqXqA7maKIjwwAbo0z5buWyC+oY0mdctWfago5LvX5nivPMSPn 36 | PwEnoSECk57dX359WcwfPv5qDB6Cr/ZoCiHxXw6k2bXKyIPYlFpELu8bvGhapOJP 37 | PM3Y058Wg5gGE7AF9HDi9msisWKjUb2esvn4HunF/F7YJ78M0nZuggOcYCmaiGZR 38 | /MJx/UzCyhtT6BZmviIg1mMi2SKQ9F2o1aNZZnYt+ll9yts7IqEMFsXuMlK1UyI4 39 | SJdsl1MDHB2znEStJ3Rl696R3EuXMd2Sdb+aOE4QtRz75h94P3XLNaxrklllWPGb 40 | XBgxAoIBAEy+uxHzhM30Ads1AAoIZFHGn3ESisI82YHCcUqxyQ2We4pt4VDNXEvs 41 | x7hsOQKKOk15BNBqtRgzw3e+2L02Lm/DmS6PML+4N7F9o6z10FGrHByrofaKfEkD 42 | vEza6tsq0RNcbcoVQLw69qDx1DrGCOLFGn9i4T1dmlf1VtS6AhUFgCFOpRSUmyTQ 43 | QTlJDjzWB9bRANO1vNpnPZQq4M/XrMNoaT2MlPKzZsGviByALh5p/NX9LJ2CTv/Z 44 | bSNXZFMB9xHMIzwMka1xBI7VOu8Vki/705+9gZ0XF2r4E8Bs0Il7DW/7FciEwfC4 45 | ejGVuDBl3x7YIfAl1EwaER/dWOxL54UCggEAGaj3nLKry/MYNwb0f47Ic5fetf7o 46 | hbkVuhD3RuxP+yk77imrGh8/QX8OTVrAIK4F/ujJIyN93wcMK0OyHwz/csDOAnnb 47 | q208EN9OgyKK5PWI4s6MJ+ZZyGBZDOCnl5mbC5Aa4Lp9pl1KFR2qGpHUVQvl3UGV 48 | ydwhrBdneOyMuT3sCdF6QMmwwe3H02ywrDqCXQbc+mFCSJyaguThb766dmeAbJzq 49 | ztZnwy/fkzuNfmaG9v9+TvQbUp3ngs2IjWtz6j1ylAYP2Vr7ySQP8SzrEeivR4sH 50 | hWbfOhqwxznA9WobKRVd5s10dTfuZK9pFrf2O8hx/ARSdhHyaPDOWeulDA== 51 | -----END RSA PRIVATE KEY----- 52 | -------------------------------------------------------------------------------- /data/attacks.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "name": "SSH Brute-force", 4 | "description": "Many devices have common SSH username and password combinations.", 5 | "keywords": ["--ssh-hostkey--", "--10881--", "Service: ssh"] 6 | }, 7 | { 8 | "name": "SMB Brute-force", 9 | "description": "Attempt to brute-force the local administrator account on these SMB servers.", 10 | "keywords": ["--smb-os-discovery--", "--11011--", "Service: microsoft-ds"] 11 | }, 12 | { 13 | "name": "Telnet Servers", 14 | "description": "Many devices have common telnet username and password combinations.", 15 | "keywords": ["--42263--"] 16 | }, 17 | { 18 | "name": "User Accounts", 19 | "description": "Local and Domain user accounts identified on the machine.", 20 | "keywords": ["--56211--", "--10860--", "--10399--"] 21 | }, 22 | { 23 | "name": "Open Windows Shares", 24 | "description": "Windows shared folders that allow anonymous access.", 25 | "keywords": ["--42411--"] 26 | }, 27 | { 28 | "name": "Open NFS Shares", 29 | "description": "NFS shared folders that do not require authentication.", 30 | "keywords": ["--11356--", "--42256--"] 31 | }, 32 | { 33 | "name": "Open AFP Shares", 34 | "description": "AFP shared folders that do not require authentication.", 35 | "keywords": ["--43580--"] 36 | }, 37 | { 38 | "name": "Apache Tomcat Credentials", 39 | "description": "Weak or Default Apache Tomcat Credentials", 40 | "keywords": ["--34970--"] 41 | }, 42 | { 43 | "name": "SNMP Default Community Strings", 44 | "description": "SNMP Servers that allow read and/or write access with default community strings.", 45 | "keywords": ["--10264--", "--41028--"] 46 | }, 47 | { 48 | "name": "Unauthenticated VNC Access", 49 | "description": "VNC servers that do not require authentication.", 50 | "keywords": ["--26925--"] 51 | }, 52 | { 53 | "name": "IPMI Authentication Bypass", 54 | "description": "IPMI authentication bypass using cipher suite zero.", 55 | "keywords": ["--68931--"] 56 | }, 57 | { 58 | "name": "Web Server Detection", 59 | "description": "Many web servers have easily exploited vulnerabilities.", 60 | "keywords": ["--10107--", "--http-server-header--"] 61 | }, 62 | { 63 | "name": "Default Credentials", 64 | "description": "These services allow access using default credentials.", 65 | "keywords": ["default credentials"] 66 | }, 67 | { 68 | "name": "Directory Traversal", 69 | "description": "These web servers are vulnerable to directory traversal flaws.", 70 | "keywords": ["directory traversal"] 71 | }, 72 | { 73 | "name": "Metasploit", 74 | "description": "These devices have vulnerabilities with associated Metasploit modules.", 75 | "keywords": ["Metasploit:"] 76 | }, 77 | { 78 | "name": "IKE Aggressive Mode", 79 | "description": "These servers allow IKE connections, they should be checked for aggressive mode support.", 80 | "keywords": ["--62694--"] 81 | }, 82 | { 83 | "name": "FTP Brute Force", 84 | "description": "Attempt to brute-force accounts on these FTP servers.", 85 | "keywords": ["--10092--"] 86 | }, 87 | { 88 | "name": "Anonymous FTP", 89 | "description": "These FTP servers allow anonymous access.", 90 | "keywords": ["--ftp-anon--"] 91 | } 92 | ] 93 | -------------------------------------------------------------------------------- /ptn/static/ptnotes.css: -------------------------------------------------------------------------------- 1 | /* apply a natural box layout model to all elements */ 2 | /*http://www.paulirish.com/2012/box-sizing-border-box-ftw/*/ 3 | 4 | *, *:before, *:after { 5 | -moz-box-sizing: border-box; -webkit-box-sizing: border-box; box-sizing: border-box; 6 | } 7 | 8 | html { 9 | margin: 0; 10 | padding: 0; 11 | } 12 | 13 | body { 14 | margin: 0 auto; 15 | padding: 0; 16 | width: 100%; 17 | min-width: 1080px; 18 | background-color: #fff; 19 | font-family: "Century Gothic", Calibri, Tahoma, sans-serif; 20 | font-size: 16px; 21 | color: #000; 22 | } 23 | 24 | h1, h2, h3, h4 { 25 | margin: 1em 0 0 0; 26 | padding: 0; 27 | font-family: Copperplate, Cambria, Georgia, serif; 28 | color: #000; 29 | font-weight: normal; 30 | } 31 | 32 | h3 { 33 | margin: 1.5em 0 0 0; 34 | } 35 | 36 | p { 37 | font-size: 1em; 38 | line-height: 1.65em; 39 | color: #000; 40 | margin: 0 0 1.65em 0; 41 | padding: 0; 42 | } 43 | 44 | a { 45 | color: #000; 46 | -webkit-transition: opacity 0.2s linear; 47 | -moz-transition: opacity 0.2s linear; 48 | -o-transition: opacity 0.2s linear; 49 | transition: opacity 0.2s linear; 50 | } 51 | 52 | a:hover { 53 | opacity: .5; 54 | } 55 | 56 | .extlink:visited { 57 | color: #f00; 58 | } 59 | 60 | td a { 61 | padding: 0 1em; 62 | } 63 | 64 | ul { 65 | list-style-type: none; 66 | } 67 | 68 | header { 69 | margin: 0 5%; 70 | padding: 0; 71 | } 72 | 73 | header h1 { 74 | margin: 2% 0 0 0; 75 | padding: 0; 76 | font-family: Copperplate, Cambria, Georgia, serif; 77 | font-size: 3.25em; 78 | color: #ffcc33; 79 | display: inline; 80 | float: left; 81 | } 82 | 83 | nav { 84 | margin: 2% 0 0 0; 85 | padding: 0; 86 | display: inline; 87 | float: right; 88 | } 89 | 90 | nav a { 91 | display: inline-block; 92 | text-decoration: none; 93 | margin: 0 1em .5em 0; 94 | padding: 0; 95 | color: #000; 96 | font-size: 1.4em; 97 | border-bottom: none; 98 | } 99 | 100 | nav a:hover { 101 | padding: 0; 102 | border-bottom: 2px #000 solid; 103 | } 104 | 105 | .content { 106 | margin: 0 5%; 107 | padding: 0; 108 | content: ""; 109 | clear: both; 110 | height: 90%; 111 | } 112 | 113 | .note { 114 | min-height: 0px; 115 | } 116 | 117 | table { 118 | border-collapse: collapse; 119 | border-spacing: .25em; 120 | } 121 | 122 | td { 123 | vertical-align: top; 124 | } 125 | 126 | table, tr, td, th { 127 | padding: .5em; 128 | border: 1px solid #eee; 129 | } 130 | 131 | .column2 { 132 | -ms-column-count: 2; 133 | -moz-column-count: 2; 134 | -webkit-column-count: 2; 135 | column-count: 2; 136 | } 137 | 138 | pre { 139 | font-size: .9em; 140 | border: 1px solid #000000; 141 | background-color: #eeeeee; 142 | white-space: pre-wrap; 143 | padding: 1em; 144 | } 145 | 146 | textarea { 147 | margin: 0; 148 | padding: 0 1em; 149 | width: 100%; 150 | height: 73vh; 151 | font-size: 1.1em; 152 | font-family: "Courier New", Courier, monospace; 153 | } 154 | 155 | .scroll { 156 | height: 68vh; 157 | overflow: scroll; 158 | } 159 | 160 | .notes { 161 | width: 50%; 162 | float: right; 163 | } 164 | 165 | .details { 166 | float: left; 167 | width: 45%; 168 | height: 75vh; 169 | } 170 | 171 | img { 172 | max-width: 100px; 173 | } 174 | 175 | footer { 176 | content: ""; 177 | clear: both; 178 | display: table; 179 | margin: 1em 5% 1.25em 5%; 180 | padding: 0; 181 | background-color: #fff; 182 | } 183 | 184 | footer p { 185 | margin: 0; 186 | padding: 0; 187 | font-size: .8em; 188 | } 189 | 190 | /* ========================================================================== 191 | Mobile(ish) Styles 192 | ========================================================================== */ 193 | 194 | @media only screen and (max-width: 600px) { 195 | 196 | body { 197 | font-size: 14px; 198 | } 199 | 200 | header h1 { 201 | font-size: 2.25em; 202 | } 203 | 204 | header h1 { 205 | margin-top: 5%; 206 | } 207 | 208 | nav a { 209 | font-size: 1.25em; 210 | } 211 | 212 | } 213 | 214 | -------------------------------------------------------------------------------- /ptn/webserver.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | import flask 4 | from functools import wraps 5 | import logging 6 | 7 | import database 8 | import importscan 9 | import attacks 10 | 11 | 12 | #----------------------------------------------------------------------------- 13 | # WEB SERVER 14 | #----------------------------------------------------------------------------- 15 | app = flask.Flask(__name__) 16 | 17 | def get_project_db(pid): 18 | """ 19 | Get our project database. 20 | """ 21 | pdb = database.ProjectDatabase() 22 | project = pdb.get_project(pid) 23 | 24 | if project is None: 25 | flask.abort(404) 26 | 27 | return project 28 | 29 | 30 | @app.route("/") 31 | def index(): 32 | return flask.render_template('index.html') 33 | 34 | 35 | @app.route("/about") 36 | def about(): 37 | return flask.render_template('about.html') 38 | 39 | 40 | @app.route("/project//hosts") 41 | def hosts(pid): 42 | """ 43 | Get summary inforation about all imported hosts. 44 | """ 45 | project = get_project_db(pid) 46 | db = database.ScanDatabase(project['dbfile']) 47 | 48 | hosts = db.get_summary() 49 | unique = db.get_unique() 50 | 51 | return flask.render_template('hosts.html', pid=pid, name=project['name'], 52 | hosts=hosts, unique=unique) 53 | 54 | 55 | @app.route('/project//host/', methods=['GET', 'POST']) 56 | def host(pid, ip): 57 | """ 58 | Get all the information about a host. 59 | """ 60 | project = get_project_db(pid) 61 | db = database.ScanDatabase(project['dbfile']) 62 | 63 | if flask.request.method == 'POST': 64 | note = flask.request.form['note'] 65 | db.hostdb.update_host_note(ip, note) 66 | 67 | data = db.get_host_details(ip) 68 | 69 | if data is None: 70 | flask.abort(404) 71 | 72 | details = {} 73 | for item in data['items']: 74 | key = "{0}/{1}".format(item['port'], item['protocol']) 75 | if details.get(key) is None: 76 | details[key] = [] 77 | details[key].append(item['note']) 78 | else: 79 | details[key].append(item['note']) 80 | 81 | keys = sorted(details.keys(), key=lambda x: int(x.split('/')[0])) 82 | note = data['note'] 83 | 84 | return flask.render_template('host.html', pid=pid, host=ip, 85 | details=details, keys=keys, note=note, 86 | name=project['name']) 87 | 88 | 89 | @app.route('/project//host/notes') 90 | def host_notes(pid): 91 | """ 92 | Display all host notes. 93 | """ 94 | project = get_project_db(pid) 95 | db = database.ScanDatabase(project['dbfile']) 96 | notes = db.hostdb.get_host_notes() 97 | 98 | return flask.render_template('notes.html', pid=pid, notes=notes, 99 | name=project['name']) 100 | 101 | 102 | @app.route('/project//item/') 103 | def item(pid, item_id): 104 | """ 105 | Get all the information about an item. 106 | """ 107 | project = get_project_db(pid) 108 | db = database.ScanDatabase(project['dbfile']) 109 | item = db.itemdb.get_item(item_id) 110 | 111 | if item is None: 112 | flask.abort(404) 113 | 114 | return flask.render_template('item.html', pid=pid, item=item, 115 | name=project['name']) 116 | 117 | 118 | @app.route('/project//attack/', methods=['GET', 'POST']) 119 | def get_attack(pid, aid): 120 | """ 121 | Get list of all the hosts possibly vulnerable to the attack. 122 | """ 123 | project = get_project_db(pid) 124 | db = database.ScanDatabase(project['dbfile']) 125 | 126 | if flask.request.method == 'POST': 127 | note = flask.request.form['note'] 128 | db.attackdb.update_attack_note(aid, note) 129 | 130 | attack = db.attackdb.get_attack(aid) 131 | 132 | if attack is None: 133 | flask.abort(404) 134 | 135 | items = [i.split(':') for i in attack['items'].split(',')] 136 | 137 | return flask.render_template('attack.html', pid=pid, attack=attack, 138 | items=items, name=project['name']) 139 | 140 | 141 | @app.route('/project//import', methods=['GET', 'POST']) 142 | def import_scan(pid): 143 | """ 144 | Import scan data into the database associated with the pid. 145 | """ 146 | project = get_project_db(pid) 147 | db = database.ScanDatabase(project['dbfile']) 148 | 149 | if flask.request.method == 'GET': 150 | files = db.importdb.get_imported_files() 151 | 152 | return flask.render_template('import.html', pid=pid, files=files, 153 | name=project['name']) 154 | 155 | else: 156 | i = importscan.Import(project['dbfile']) 157 | scans = flask.request.files.getlist("scans[]") 158 | 159 | for scan in scans: 160 | res = i.import_scan(scan.read()) 161 | if res is True: 162 | db.importdb.add_import_file(scan.filename) 163 | 164 | a = attacks.Attack(project['dbfile']) 165 | a.find_attacks() 166 | 167 | return flask.redirect(flask.url_for('get_project', pid=pid)) 168 | 169 | 170 | @app.route('/project//attack/notes') 171 | def attack_notes(pid): 172 | """ 173 | Display all attack notes. 174 | """ 175 | project = get_project_db(pid) 176 | db = database.ScanDatabase(project['dbfile']) 177 | notes = db.attackdb.get_attack_notes() 178 | 179 | return flask.render_template('notes.html', pid=pid, notes=notes, 180 | name=project['name']) 181 | 182 | 183 | @app.route('/projects', methods=['GET', 'POST']) 184 | def projects(): 185 | """ 186 | Get a list of all projects. 187 | """ 188 | pdb = database.ProjectDatabase() 189 | stats = {} 190 | 191 | if flask.request.method == 'POST': 192 | name = flask.request.form['project_name'] 193 | pdb.create_project(name) 194 | 195 | project_list = pdb.get_projects() 196 | for project in project_list: 197 | db = database.ScanDatabase(project['dbfile']) 198 | stats[project['id']] = db.get_stats() 199 | 200 | return flask.render_template('projects.html', projects=project_list, stats=stats) 201 | 202 | 203 | @app.route('/project/') 204 | def get_project(pid): 205 | """ 206 | Get a project, including the list of hosts attacks. 207 | """ 208 | project = get_project_db(pid) 209 | 210 | db = database.ScanDatabase(project['dbfile']) 211 | attacks = db.attackdb.get_attacks() 212 | 213 | return flask.render_template('project.html', pid=pid, note=project['note'], 214 | name=project['name'], attacks=attacks) 215 | 216 | 217 | @app.route('/project//notes', methods=['GET', 'POST']) 218 | def project_notes(pid): 219 | """ 220 | Display all project notes. 221 | """ 222 | pdb = database.ProjectDatabase() 223 | project = get_project_db(pid) 224 | 225 | if flask.request.method == 'POST': 226 | note = flask.request.form['note'] 227 | pdb.update_project_note(pid, note) 228 | 229 | return flask.redirect(flask.url_for('get_project', pid=pid)) 230 | else: 231 | return flask.render_template('project_notes.html', pid=pid, 232 | name=project['name'], note=project['note']) 233 | 234 | @app.route('/project//delete') 235 | def delete_project(pid): 236 | """ 237 | Delete the specified project. 238 | """ 239 | pdb = database.ProjectDatabase() 240 | project = pdb.delete_project(pid) 241 | 242 | return flask.redirect(flask.url_for('projects')) 243 | 244 | 245 | @app.errorhandler(404) 246 | def page_not_found(e): 247 | return flask.render_template('404.html'), 404 248 | 249 | 250 | @app.errorhandler(500) 251 | def inernal_error(e): 252 | return flask.render_template('500.html'), 500 253 | -------------------------------------------------------------------------------- /ptn/importscan.py: -------------------------------------------------------------------------------- 1 | import xml.etree.ElementTree 2 | import logging 3 | import hashlib 4 | 5 | import database 6 | import errors 7 | 8 | 9 | class Import(): 10 | 11 | def __init__(self, db_file): 12 | self.log = logging.getLogger('IMPORT') 13 | self.db = database.ScanDatabase(db_file) 14 | 15 | def import_scan(self, scan_data): 16 | file_type = self.get_file_type(scan_data[:300]) 17 | 18 | try: 19 | if file_type == 'Nessus': 20 | self.import_nessus(scan_data) 21 | elif file_type == 'Nmap': 22 | self.import_nmap(scan_data) 23 | else: 24 | self.log.error('Unknown file type, skipping import.') 25 | return 'Failed' 26 | 27 | except (errors.ScanImportError): 28 | self.log.error('Failed to parse scan file.') 29 | return False 30 | 31 | return True 32 | 33 | def get_file_type(self, header): 34 | """ 35 | Determine the source of the scan data. 36 | """ 37 | self.log.debug('Checking file type with header {0}.'.format(header)) 38 | if '' in header: 39 | return 'Nessus' 40 | elif '' in header: 41 | return 'Nmap' 42 | elif '