├── CHANGES.txt
├── README.md
├── config.py
├── cscan.py
├── ips.txt
├── output
└── nmap_1442987141.xml
├── plugin
├── carbonator
│ └── carbonator.py
├── nessus.py
├── w3af.py
└── zap.py
├── scripts
├── network
│ ├── nessus.sh
│ ├── nmap.sh
│ └── openvas.sh
└── web
│ ├── burp.sh
│ ├── nikto.sh
│ ├── w3af.sh
│ └── zap.sh
└── websites.txt
/CHANGES.txt:
--------------------------------------------------------------------------------
1 | * v1.0.0 (09/23/15):
2 | * First release cscan tool
3 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # cscan
2 | Faraday Continuous Scanning
3 |
4 | More information:
5 | [http://blog.infobytesec.com/2015/09/faraday-continuous-scanning.html] (http://blog.infobytesec.com/2015/09/faraday-continuous-scanning.html)
6 |
--------------------------------------------------------------------------------
/config.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | ###
3 | ## Faraday Penetration Test IDE
4 | ## Copyright (C) 2015 Infobyte LLC (http://www.infobytesec.com/)
5 | ## See the file 'doc/LICENSE' for the license information
6 | ###
7 |
8 | config = {
9 | #NMAP
10 | 'CS_NMAP' : "nmap",
11 | #OPENVAS
12 | 'CS_OPENVAS_USER' : 'admin',
13 | 'CS_OPENVAS_PASSWORD' : 'openvas',
14 | 'CS_OPENVAS_SCAN_CONFIG' : "Full and fast",
15 | 'CS_OPENVAS_ALIVE_TEST' : "ICMP, TCP-ACK Service & ARP Ping",
16 | 'CS_OPENVAS' : 'omp',
17 | #BURP
18 | 'CS_BURP' : '/root/tools/burpsuite_pro_v1.6.26.jar',
19 | #NIKTO
20 | 'CS_NIKTO' : "nikto",
21 | #W3AF
22 | 'CS_W3AF' : "/root/tools/w3af/w3af_api",
23 | 'CS_W3AF_PROFILE' : "/root/tools/w3af/profiles/fast_scan.pw3af",
24 | #ZAP
25 | 'CS_ZAP' : "/root/tools/zap/ZAP_D-2015-08-24/zap.sh",
26 | #NESSUS
27 | 'CS_NESSUS_URL' : "https://127.0.0.1:8834",
28 | 'CS_NESSUS_USER' : "nessus",
29 | 'CS_NESSUS_PASS' : "nessus",
30 | 'CS_NESSUS_PROFILE' : "Basic Network Scan",
31 | }
32 |
33 |
--------------------------------------------------------------------------------
/cscan.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | ###
3 | ## Faraday Penetration Test IDE
4 | ## Copyright (C) 2015 Infobyte LLC (http://www.infobytesec.com/)
5 | ## See the file 'doc/LICENSE' for the license information
6 | ###
7 |
8 | import subprocess
9 | import os
10 | import argparse
11 | import time
12 | from pprint import pprint
13 | from config import config
14 |
15 | def lockFile(lockfile):
16 |
17 | if os.path.isfile(lockfile):
18 | return False
19 | else:
20 | f = open(lockfile, 'w')
21 | f.close()
22 | return True
23 |
24 | def main():
25 |
26 | lockf = ".lock.pod"
27 | if not lockFile(lockf):
28 | print "You can run only one instance of cscan (%s)" % lockf
29 | exit(0)
30 |
31 | my_env = os.environ
32 | env = config.copy()
33 | env.update(my_env)
34 | #Parser argument in command line
35 | parser = argparse.ArgumentParser(description='continues scanning on Faraday')
36 | parser.add_argument('-p','--plugin', help='Scan only the following plugin ej: ./cscan.py -p nmap.sh', required=False)
37 | args = parser.parse_args()
38 |
39 | for dirpath, dnames, fnames in os.walk("./scripts/web/"):
40 | for f in fnames:
41 | if args.plugin and args.plugin != f:
42 | continue
43 | script = os.path.join(dirpath, f)
44 | cmd = "%s websites.txt output/" % (script)
45 | print "Running: %s" % cmd
46 | proc = subprocess.call(cmd, shell=True, stdin=None, stderr=subprocess.PIPE, env=dict(env))
47 |
48 | for dirpath, dnames, fnames in os.walk("./scripts/network/"):
49 | for f in fnames:
50 | if args.plugin and args.plugin != f:
51 | continue
52 | script = os.path.join(dirpath, f)
53 | cmd = "%s ips.txt output/" % (script)
54 | print "Running: %s" % cmd
55 | proc = subprocess.call(cmd, shell=True, stdin=None, stderr=subprocess.PIPE, env=dict(env))
56 |
57 | #Remove lockfile
58 | os.remove(lockf)
59 |
60 | if __name__ == "__main__":
61 | main()
--------------------------------------------------------------------------------
/ips.txt:
--------------------------------------------------------------------------------
1 | 127.0.0.1
2 |
--------------------------------------------------------------------------------
/output/nmap_1442987141.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
--------------------------------------------------------------------------------
/plugin/carbonator/carbonator.py:
--------------------------------------------------------------------------------
1 | # Created by Blake Cornell, CTO, Integris Security LLC
2 | # Integris Security Carbonator - Beta Version - v1.2
3 | # Released under GPL Version 2 license.
4 | #
5 | # See the INSTALL file for installation instructions.
6 | #
7 | # For more information contact us at carbonator at integrissecurity dot com
8 | # Or visit us at https://www.integrissecurity.com/
9 | from burp import IBurpExtender
10 | from burp import IHttpListener
11 | from burp import IScannerListener
12 | from java.net import URL
13 | from java.io import File
14 |
15 | import time
16 |
17 | class BurpExtender(IBurpExtender, IHttpListener, IScannerListener):
18 | def registerExtenderCallbacks(self, callbacks):
19 | self._callbacks = callbacks
20 | self._callbacks.setExtensionName("Carbonator")
21 | self._helpers = self._callbacks.getHelpers()
22 | self.clivars = None
23 |
24 | self.spider_results=[]
25 | self.scanner_results=[]
26 | self.packet_timeout=5
27 |
28 | self.last_packet_seen= int(time.time()) #initialize the start of the spider/scan
29 |
30 | if not self.processCLI():
31 | return None
32 | else:
33 | self.clivars = True
34 |
35 | print "Initiating Carbonator Against: ", str(self.url)
36 | #add to scope if not already in there.
37 | if self._callbacks.isInScope(self.url) == 0:
38 | self._callbacks.includeInScope(self.url)
39 |
40 | #added to ensure that the root directory is scanned
41 | base_request = str.encode(str("GET "+self.path+" HTTP/1.1\nHost: "+self.fqdn+"\n\n"))
42 | if(self.scheme == 'HTTPS'):
43 | print self._callbacks.doActiveScan(self.fqdn,self.port,1,base_request)
44 | else:
45 | print self._callbacks.doActiveScan(self.fqdn,self.port,0,base_request)
46 |
47 | self._callbacks.sendToSpider(self.url)
48 | self._callbacks.registerHttpListener(self)
49 | self._callbacks.registerScannerListener(self)
50 |
51 | while int(time.time())-self.last_packet_seen <= self.packet_timeout:
52 | time.sleep(1)
53 | print "No packets seen in the last", self.packet_timeout, "seconds."
54 | print "Removing Listeners"
55 | self._callbacks.removeHttpListener(self)
56 | self._callbacks.removeScannerListener(self)
57 | self._callbacks.excludeFromScope(self.url)
58 |
59 | print "Generating Report"
60 | self.generateReport(self.rtype)
61 | print "Report Generated"
62 | print "Closing Burp in", self.packet_timeout, "seconds."
63 | time.sleep(self.packet_timeout)
64 |
65 | if self.clivars:
66 | self._callbacks.exitSuite(False)
67 |
68 | return
69 |
70 | def processHttpMessage(self, tool_flag, isRequest, current):
71 | self.last_packet_seen = int(time.time())
72 | if tool_flag == self._callbacks.TOOL_SPIDER and isRequest: #if is a spider request then send to scanner
73 | self.spider_results.append(current)
74 | print "Sending new URL to Vulnerability Scanner: URL #",len(self.spider_results)
75 | if self.scheme == 'https':
76 | self._callbacks.doActiveScan(self.fqdn,self.port,1,current.getRequest()) #returns scan queue, push to array
77 | else:
78 | self._callbacks.doActiveScan(self.fqdn,self.port,0,current.getRequest()) #returns scan queue, push to array
79 | return
80 |
81 | def newScanIssue(self, issue):
82 | self.scanner_results.append(issue)
83 | print "New issue identified: Issue #",len(self.scanner_results);
84 | return
85 |
86 | def generateReport(self, format):
87 | if format != 'XML':
88 | format = 'HTML'
89 |
90 | file_name = self.output
91 | self._callbacks.generateScanReport(format,self.scanner_results,File(file_name))
92 |
93 | time.sleep(5)
94 | return
95 |
96 | def processCLI(self):
97 | cli = self._callbacks.getCommandLineArguments()
98 | if len(cli) < 0:
99 | print "Incomplete target information provided."
100 | return False
101 | elif not cli:
102 | print "Integris Security Carbonator is now loaded."
103 | print "If Carbonator was loaded through the BApp store then you can run in headless mode simply adding the `-Djava.awt.headless=true` flag from within your shell. Note: If burp doesn't close at the conclusion of a scan then disable Automatic Backup on Exit."
104 | print "For questions or feature requests contact us at carbonator at integris security dot com."
105 | print "Visit carbonator at https://www.integrissecurity.com/Carbonator"
106 | return False
107 | else:
108 | self.url = URL(cli[0])
109 | self.rtype = cli[1]
110 | self.output = cli[2]
111 |
112 | self.scheme = self.url.getProtocol()
113 | self.fqdn = self.url.getHost()
114 | self.port1 = self.url.getPort()
115 | if self.port1 == -1 and self.scheme == 'http':
116 | self.port = 80
117 | elif self.port1 == -1 and self.scheme == 'https':
118 | self.port = 443
119 | else:
120 | self.port = self.port1
121 | self.path = self.url.getFile()
122 | print "self.url: " + str(self.url) + "\n"
123 | print "Scheme: " + self.scheme + "\n"
124 | print "FQDN: " + self.fqdn + "\n"
125 | print "Port: " + str(self.port1) + "\n"
126 | print "Path: " + self.path + "\n"
127 | return True
128 |
--------------------------------------------------------------------------------
/plugin/nessus.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | ###
3 | ## Faraday Penetration Test IDE
4 | ## Copyright (C) 2015 Infobyte LLC (http://www.infobytesec.com/)
5 | ## See the file 'doc/LICENSE' for the license information
6 | ###
7 | import requests
8 | import json
9 | import time
10 | import sys
11 | import argparse
12 | import os
13 |
14 | my_env = os.environ
15 |
16 | url = my_env["CS_NESSUS_URL"] if 'CS_NESSUS_URL' in my_env else "https://127.0.0.1:8834"
17 | username = my_env["CS_NESSUS_USER"] if 'CS_NESSUS_USER' in my_env else "nessus"
18 | password = my_env["CS_NESSUS_PASS"] if 'CS_NESSUS_PASS' in my_env else "nessus"
19 | profile = my_env["CS_NESSUS_PROFILE"] if 'CS_NESSUS_PROFILE' in my_env else "'Basic Network Scan'"
20 |
21 | verify = False
22 | token = ''
23 |
24 | def build_url(resource):
25 | return '{0}{1}'.format(url, resource)
26 |
27 |
28 | def connect(method, resource, data=None):
29 | """
30 | Send a request
31 |
32 | Send a request to Nessus based on the specified data. If the session token
33 | is available add it to the request. Specify the content type as JSON and
34 | convert the data to JSON format.
35 | """
36 | headers = {'X-Cookie': 'token={0}'.format(token),
37 | 'content-type': 'application/json'}
38 |
39 | data = json.dumps(data)
40 |
41 | if method == 'POST':
42 | r = requests.post(build_url(resource), data=data, headers=headers, verify=verify)
43 | elif method == 'PUT':
44 | r = requests.put(build_url(resource), data=data, headers=headers, verify=verify)
45 | elif method == 'DELETE':
46 | r = requests.delete(build_url(resource), data=data, headers=headers, verify=verify)
47 | else:
48 | r = requests.get(build_url(resource), params=data, headers=headers, verify=verify)
49 |
50 | # Exit if there is an error.
51 | if r.status_code != 200:
52 | e = r.json()
53 | print e['error']
54 | sys.exit()
55 |
56 | # When downloading a scan we need the raw contents not the JSON data.
57 | if 'download' in resource:
58 | return r.content
59 | else:
60 | try:
61 | return r.json()
62 | except:
63 | pass
64 |
65 |
66 | def login(usr, pwd):
67 | """
68 | Login to nessus.
69 | """
70 |
71 | login = {'username': usr, 'password': pwd}
72 | data = connect('POST', '/session', data=login)
73 |
74 | return data['token']
75 |
76 |
77 | def logout():
78 | """
79 | Logout of nessus.
80 | """
81 |
82 | connect('DELETE', '/session')
83 |
84 |
85 | def get_policies():
86 | """
87 | Get scan policies
88 |
89 | Get all of the scan policies but return only the title and the uuid of
90 | each policy.
91 | """
92 |
93 | data = connect('GET', '/editor/policy/templates')
94 |
95 | return dict((p['title'], p['uuid']) for p in data['templates'])
96 |
97 |
98 | def get_history_ids(sid):
99 | """
100 | Get history ids
101 |
102 | Create a dictionary of scan uuids and history ids so we can lookup the
103 | history id by uuid.
104 | """
105 | data = connect('GET', '/scans/{0}'.format(sid))
106 |
107 | return dict((h['uuid'], h['history_id']) for h in data['history'])
108 |
109 |
110 | def get_scan_history(sid, hid):
111 | """
112 | Scan history details
113 |
114 | Get the details of a particular run of a scan.
115 | """
116 | params = {'history_id': hid}
117 | data = connect('GET', '/scans/{0}'.format(sid), params)
118 |
119 | return data['info']
120 |
121 |
122 | def add(name, desc, targets, pid):
123 | """
124 | Add a new scan
125 |
126 | Create a new scan using the policy_id, name, description and targets. The
127 | scan will be created in the default folder for the user. Return the id of
128 | the newly created scan.
129 | """
130 |
131 | scan = {'uuid': pid,
132 | 'settings': {
133 | 'name': name,
134 | 'description': desc,
135 | 'text_targets': targets}
136 | }
137 |
138 | data = connect('POST', '/scans', data=scan)
139 |
140 | return data['scan']
141 |
142 |
143 | def update(scan_id, name, desc, targets, pid=None):
144 | """
145 | Update a scan
146 |
147 | Update the name, description, targets, or policy of the specified scan. If
148 | the name and description are not set, then the policy name and description
149 | will be set to None after the update. In addition the targets value must
150 | be set or you will get an "Invalid 'targets' field" error.
151 | """
152 |
153 | scan = {}
154 | scan['settings'] = {}
155 | scan['settings']['name'] = name
156 | scan['settings']['desc'] = desc
157 | scan['settings']['text_targets'] = targets
158 |
159 | if pid is not None:
160 | scan['uuid'] = pid
161 |
162 | data = connect('PUT', '/scans/{0}'.format(scan_id), data=scan)
163 |
164 | return data
165 |
166 |
167 | def launch(sid):
168 | """
169 | Launch a scan
170 |
171 | Launch the scan specified by the sid.
172 | """
173 |
174 | data = connect('POST', '/scans/{0}/launch'.format(sid))
175 |
176 | return data['scan_uuid']
177 |
178 |
179 | def status(sid, hid):
180 | """
181 | Check the status of a scan run
182 |
183 | Get the historical information for the particular scan and hid. Return
184 | the status if available. If not return unknown.
185 | """
186 |
187 | d = get_scan_history(sid, hid)
188 | return d['status']
189 |
190 |
191 | def export_status(sid, fid):
192 | """
193 | Check export status
194 |
195 | Check to see if the export is ready for download.
196 | """
197 |
198 | data = connect('GET', '/scans/{0}/export/{1}/status'.format(sid, fid))
199 |
200 | return data['status'] == 'ready'
201 |
202 |
203 | def export(sid, hid):
204 | """
205 | Make an export request
206 |
207 | Request an export of the scan results for the specified scan and
208 | historical run. In this case the format is hard coded as nessus but the
209 | format can be any one of nessus, html, pdf, csv, or db. Once the request
210 | is made, we have to wait for the export to be ready.
211 | """
212 |
213 | data = {'history_id': hid,
214 | 'format': 'nessus'}
215 |
216 | data = connect('POST', '/scans/{0}/export'.format(sid), data=data)
217 |
218 | fid = data['file']
219 |
220 | while export_status(sid, fid) is False:
221 | time.sleep(5)
222 |
223 | return fid
224 |
225 |
226 | def download(sid, fid, output):
227 | """
228 | Download the scan results
229 |
230 | Download the scan results stored in the export file specified by fid for
231 | the scan specified by sid.
232 | """
233 |
234 | data = connect('GET', '/scans/{0}/export/{1}/download'.format(sid, fid))
235 |
236 | print('Saving scan results to {0}.'.format(output))
237 | with open(output, 'w') as f:
238 | f.write(data)
239 |
240 |
241 | def delete(sid):
242 | """
243 | Delete a scan
244 |
245 | This deletes a scan and all of its associated history. The scan is not
246 | moved to the trash folder, it is deleted.
247 | """
248 |
249 | connect('DELETE', '/scans/{0}'.format(scan_id))
250 |
251 |
252 | def history_delete(sid, hid):
253 | """
254 | Delete a historical scan.
255 |
256 | This deletes a particular run of the scan and not the scan itself. the
257 | scan run is defined by the history id.
258 | """
259 |
260 | connect('DELETE', '/scans/{0}/history/{1}'.format(sid, hid))
261 |
262 | if __name__ == "__main__":
263 | parser = argparse.ArgumentParser(description='nessus_client is develop for automating security testing')
264 | parser.add_argument('-t','--target', help='Network or Host for scan', required=False)
265 | parser.add_argument('-o','--output', help='Output file', required=False)
266 | args = parser.parse_args()
267 |
268 | # Review de Command input
269 | if args.target == None or args.output == None:
270 | print "Argument errors check -h"
271 | exit(0)
272 |
273 | print('Login')
274 | try:
275 | token = login(username, password)
276 | except:
277 | print "Unexpected error:", sys.exc_info()[0]
278 | raise
279 |
280 |
281 | print('Adding new scan.' + token)
282 | print args.target
283 |
284 | policies = get_policies()
285 | policy_id = policies[profile]
286 | scan_data = add('CScan nessus', 'Create a new scan with API', args.target, policy_id)
287 | scan_id = scan_data['id']
288 |
289 | print('Launching new scan.')
290 | scan_uuid = launch(scan_id)
291 | history_ids = get_history_ids(scan_id)
292 | history_id = history_ids[scan_uuid]
293 | while status(scan_id, history_id) not in ('completed','canceled'):
294 | time.sleep(5)
295 |
296 |
297 | print('Exporting the completed scan.')
298 | file_id = export(scan_id, history_id)
299 | download(scan_id, file_id, args.output)
300 |
301 | print('Deleting the scan.')
302 | history_delete(scan_id, history_id)
303 | delete(scan_id)
304 |
305 | print('Logout')
306 | logout()
307 |
--------------------------------------------------------------------------------
/plugin/w3af.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | ###
3 | ## Faraday Penetration Test IDE
4 | ## Copyright (C) 2015 Infobyte LLC (http://www.infobytesec.com/)
5 | ## See the file 'doc/LICENSE' for the license information
6 | ###
7 |
8 | from w3af_api_client import Connection, Scan
9 | import subprocess
10 | import os
11 | import argparse
12 | import time
13 | import signal
14 | from pprint import pprint
15 | import atexit
16 | child_pid = None
17 |
18 | def kill_child():
19 | global child_pid
20 | if child_pid is None:
21 | pass
22 | else:
23 | os.kill(child_pid, signal.SIGTERM)
24 |
25 | def main():
26 | atexit.register(kill_child)
27 |
28 | my_env = os.environ
29 | cmd = my_env["CS_W3AF"] if 'CS_W3AF' in my_env else "/root/tools/w3af/w3af_api"
30 | profile = my_env["CS_W3AF_PROFILE"] if 'CS_W3AF_PROFILE' in my_env else "/root/tools/w3af/profiles/fast_scan.pw3af"
31 |
32 | #Parser argument in command line
33 | parser = argparse.ArgumentParser(description='w3af_client is develop for automating security testing')
34 | parser.add_argument('-t','--target', help='Network or Host for scan', required=False)
35 | parser.add_argument('-o','--output', help='Output file', required=False)
36 | args = parser.parse_args()
37 |
38 | if args.target == None or args.output == None:
39 | print "Argument errors check -h"
40 | exit(0)
41 |
42 | print 'Starting w3af api ...'
43 | global child_pid
44 | proc = subprocess.Popen([cmd])
45 | child_pid = proc.pid
46 |
47 | print 'Waiting for W3af to load, 5 seconds ...'
48 | time.sleep(5)
49 |
50 | # Connect to the REST API and get it's version
51 | conn = Connection('http://127.0.0.1:5000/')
52 | print conn.get_version()
53 |
54 | # Define the target and configuration
55 | #scan_profile = file('/root/tools/w3af/profiles/fast_scan_xml.pw3af').read()
56 | scan_profile = file(profile).read()
57 | scan_profile = "[output.xml_file]\noutput_file = %s\n%s\n" % (args.output, scan_profile )
58 | # scan_profile = file('/root/tools/w3af/profiles/fast_scan.pw3af').read()
59 |
60 | target_urls = [args.target]
61 |
62 | scan = Scan(conn)
63 | s = scan.start(scan_profile, target_urls)
64 | time.sleep(2)
65 |
66 | # Wait some time for the scan to start and then
67 | scan.get_urls()
68 | scan.get_log()
69 | scan.get_findings()
70 |
71 | while(scan.get_status()['status'] == "Running"):
72 | print 'Scan progress: %s' + str(scan.get_status()['rpm'])
73 | time.sleep(2)
74 |
75 | if __name__ == "__main__":
76 | main()
--------------------------------------------------------------------------------
/plugin/zap.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | ###
3 | ## Faraday Penetration Test IDE
4 | ## Copyright (C) 2015 Infobyte LLC (http://www.infobytesec.com/)
5 | ## See the file 'doc/LICENSE' for the license information
6 | ###
7 |
8 | '''
9 | By tartamar
10 | '''
11 | import argparse
12 | import time
13 | import re
14 | from pprint import pprint
15 | from zapv2 import ZAPv2
16 | import subprocess
17 | import os
18 | import signal
19 | import atexit
20 | child_pid = None
21 |
22 | def kill_child():
23 | global child_pid
24 | if child_pid is None:
25 | pass
26 | else:
27 | os.kill(child_pid, signal.SIGTERM)
28 |
29 | def is_http_url(page):
30 | """
31 | Returns true if s is valid http url, else false
32 | Arguments:
33 | - `page`:
34 | """
35 | if re.findall('http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+', page):
36 | return True
37 | else:
38 | return False
39 |
40 | def exportfile(filename,zap):
41 | #Output for XML Report
42 | print 'Generating XML Report...'
43 | filex=open(filename, 'w')
44 | filex.write(zap.core.xmlreport)
45 | filex.close()
46 |
47 | def main():
48 |
49 | atexit.register(kill_child)
50 |
51 | my_env = os.environ
52 | cmd = my_env["CS_ZAP"] if 'CS_ZAP' in my_env else "/usr/share/zaproxy/zap.sh"
53 |
54 | #Parser argument in command line
55 | parser = argparse.ArgumentParser(description='PyZap is develop for automating security testing')
56 | parser.add_argument('-t','--target', help='Network or Host for scan', required=False)
57 | parser.add_argument('-o','--output', help='Output file', required=False)
58 | args = parser.parse_args()
59 |
60 | # Review de Command input
61 | if args.target == None:
62 | # Do nothing
63 | # Input data for test
64 | target = raw_input('[+] Enter your target: ')
65 | if is_http_url(target) == True:
66 | print '[-] Target selected: ', target
67 | else:
68 | print '[w] Please type a correct URL address'
69 | quit()
70 | else:
71 | # Check for valid URL addres
72 | if is_http_url(args.target) == True:
73 | target = args.target
74 | print '[-] Target selected: ', target
75 | else:
76 | print '[w] Please type a correct URL Address'
77 | quit()
78 | print 'Starting ZAP ...'
79 |
80 | global child_pid
81 | proc = subprocess.Popen([cmd,'-daemon'])
82 | child_pid = proc.pid
83 |
84 | print 'Waiting for ZAP to load, 10 seconds ...'
85 | time.sleep(10)
86 | zap = ZAPv2()
87 | # Use the line below if ZAP is not listening on 8090
88 | zap = ZAPv2(proxies={'http': 'http://127.0.0.1:8080', 'https': 'http://127.0.0.1:8080'})
89 |
90 | # do stuff
91 | print 'Accessing target %s' % target
92 | # try have a unique enough session...
93 | zap.urlopen(target)
94 | # Give the sites tree a chance to get updated
95 | time.sleep(2)
96 |
97 | print 'Spidering target %s' % target
98 | print target
99 | zap.spider.scan(target)
100 | # Give the Spider a chance to start
101 | time.sleep(2)
102 | #print 'Status %s' % zap.spider.status
103 | while(int(zap.spider.status) < 100):
104 | print 'Spider progress %: ' + zap.spider.status
105 | time.sleep(2)
106 |
107 | print 'Spider completed'
108 | # Give the passive scanner a chance to finish
109 | time.sleep(5)
110 |
111 | print 'Scanning target %s' % target
112 | zap.ascan.scan(target)
113 | while(int(zap.ascan.status) < 100):
114 | print 'Scan progress %: ' + zap.ascan.status
115 | time.sleep(5)
116 |
117 | print 'Scan completed'
118 |
119 | # Report the results
120 |
121 | print 'Hosts: ' + ', '.join(zap.core.hosts)
122 | # print 'Alerts: '
123 | # pprint (zap.core.alerts())
124 | #pprint (zap.core.xmlreport())
125 | exportfile(args.output,zap)
126 |
127 | print 'Shutting down ZAP ...'
128 | zap.core.shutdown
129 | #EOF
130 |
131 | if __name__ == "__main__":
132 | main()
--------------------------------------------------------------------------------
/scripts/network/nessus.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | ###
3 | ## Faraday Penetration Test IDE
4 | ## Copyright (C) 2015 Infobyte LLC (http://www.infobytesec.com/)
5 | ## See the file 'doc/LICENSE' for the license information
6 | ###
7 |
8 | while read h; do
9 | NAME="nessus_$(date +%s).xml"
10 | echo plugin/nessus.py --target $h --output $2$NAME
11 | ./plugin/nessus.py --target $h --output $2$NAME
12 | done <$1
13 |
--------------------------------------------------------------------------------
/scripts/network/nmap.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | ###
3 | ## Faraday Penetration Test IDE
4 | ## Copyright (C) 2015 Infobyte LLC (http://www.infobytesec.com/)
5 | ## See the file 'doc/LICENSE' for the license information
6 | ###
7 |
8 | NAME="nmap_$(date +%s).xml"
9 | ${CS_NMAP:=nmap} -iL $1 -oX $2$NAME
10 |
--------------------------------------------------------------------------------
/scripts/network/openvas.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | ###
3 | ## Faraday Penetration Test IDE
4 | ## Copyright (C) 2015 Infobyte LLC (http://www.infobytesec.com/)
5 | ## See the file 'doc/LICENSE' for the license information
6 | ###
7 |
8 | # -------------
9 | # CONFIG PARAMS
10 | # -------------
11 | # Your Dashboard login data
12 | USER_NAME=${CS_OPENVAS_USER:=admin}
13 | # If you set this to None, you will be asked on startup
14 | USER_PASSWORD=${CS_OPENVAS_PASSWORD:=openvas}
15 |
16 | # Your targets, seperated by space
17 | #TARGET_SRVS="localhost"
18 | # The name of the OpenVAS preset for the scan
19 | # The following configs are available by default:
20 | # Discovery
21 | # empty
22 | # Full and fast
23 | # Full and fast ultimate
24 | # Full and very deep
25 | # Full and very deep ultimate
26 | # Host Discovery
27 | # System Discovery
28 | SCAN_CONFIG=${CS_OPENVAS_SCAN_CONFIG:='Full and fast'}
29 | # A valid "alive_test" parameter
30 | # Defines how it is determined if the targets are alive
31 | # Currently, valid values are the following:
32 | # Scan Config Default
33 | # ICMP, TCP-ACK Service & ARP Ping
34 | # TCP-ACK Service & ARP Ping
35 | # ICMP & ARP Ping
36 | # ICMP & TCP-ACK Service Ping
37 | # ARP Ping
38 | # TCP-ACK Service Ping
39 | # TCP-SYN Service Ping
40 | # ICMP Ping
41 | # Consider Alive
42 | ALIVE_TEST=${CS_OPENVAS_ALIVE_TEST:='ICMP, TCP-ACK Service & ARP Ping'}
43 |
44 | CS_OMP=${CS_OPENVAS:=omp}
45 |
46 |
47 | function fail {
48 | echo "There was an error during execution! Current action: $1"
49 | exit 1
50 | }
51 |
52 | function sindex {
53 | x="${1%%$2*}"
54 | [[ $x = $1 ]] && echo -1 || echo ${#x}
55 | }
56 |
57 |
58 | THREAT=0
59 | ADDRS=""
60 | SRV=$1
61 |
62 | while read h; do
63 |
64 | echo "Processing target $h..."
65 |
66 | #echo $CS_OMP -u $USER_NAME -w $USER_PASSWORD --xml=\
67 | "\
68 | TARG$(date +%s)$h\
69 | $ALIVE_TEST\
70 | "
71 |
72 | TARGET_RETURN=$($CS_OMP -u $USER_NAME -w $USER_PASSWORD --xml=\
73 | "\
74 | TARG$(date +%s)$h\
75 | $ALIVE_TEST\
76 | ")
77 | echo "$TARGET_RETURN" | grep -m1 'resource created' || fail 'creating target'
78 |
79 | T_ID_INDEX=$(sindex "$TARGET_RETURN" "id=")
80 | T_ID_INDEX=$((T_ID_INDEX + 4))
81 | T_ID=${TARGET_RETURN:T_ID_INDEX:36}
82 | echo "> Target has ID $T_ID"
83 |
84 | C_ID=$($CS_OMP -u $USER_NAME -w $USER_PASSWORD -g | grep -i "$TEST_CONFIG")
85 | if [ $? -ne 0 ]; then fail 'getting configs'; fi
86 |
87 | C_ID=${C_ID:0:36}
88 | echo "> Config $TEST_CONFIG has ID $C_ID"
89 |
90 | J_ID=$($CS_OMP -u $USER_NAME -w $USER_PASSWORD -C -n "CScan openvas" \
91 | --target="$T_ID" --config="$C_ID")
92 | if [ $? -ne 0 ]; then fail 'creating job'; fi
93 | echo "> Created job with ID $J_ID"
94 |
95 | R_ID=$($CS_OMP -u $USER_NAME -w $USER_PASSWORD -S "$J_ID")
96 | if [ $? -ne 0 ]; then fail 'starting job'; fi
97 | echo "> Started job, report gets ID $R_ID"
98 |
99 | while true; do
100 | RET=$($CS_OMP -u $USER_NAME -w $USER_PASSWORD -G)
101 | if [ $? -ne 0 ]; then fail 'querying jobs'; fi
102 | RET=$(echo "$RET" | grep -m1 "$J_ID")
103 | echo $RET
104 | echo "$RET" | grep -m1 -i "fail" && fail 'running job'
105 | echo "$RET" | grep -m1 -i -E "done|Stopped" && break
106 | sleep 1
107 | done
108 |
109 | echo "> Job done, generating report..."
110 |
111 | FILENAME=${h// /_}
112 | FILENAME="openvas_${FILENAME//[^a-zA-Z0-9_\.\-]/}_$(date +%s)"
113 | $CS_OMP -u $USER_NAME -w $USER_PASSWORD -R "$R_ID" > $2$FILENAME.xml
114 | if [ $? -ne 0 ]; then fail 'getting report'; fi
115 |
116 | echo "Scan done"
117 |
118 | echo "Remove task"
119 | $CS_OMP -u $USER_NAME -w $USER_PASSWORD -D "$J_ID"
120 |
121 |
122 | done <$1
123 |
--------------------------------------------------------------------------------
/scripts/web/burp.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | ###
3 | ## Faraday Penetration Test IDE
4 | ## Copyright (C) 2015 Infobyte LLC (http://www.infobytesec.com/)
5 | ## See the file 'doc/LICENSE' for the license information
6 | ###
7 | CMD=${CS_BURP:=/root/tools/burpsuite_pro_v1.6.26.jar}
8 | while read h; do
9 | NAME="burp_$(date +%s).xml"
10 | echo java -jar -Xmx1g -Djava.awt.headless=true $CMD $h XML $2$NAME
11 | java -jar -Xmx1g -Djava.awt.headless=true $CMD $h XML $2$NAME
12 | done <$1
13 |
--------------------------------------------------------------------------------
/scripts/web/nikto.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | ###
3 | ## Faraday Penetration Test IDE
4 | ## Copyright (C) 2015 Infobyte LLC (http://www.infobytesec.com/)
5 | ## See the file 'doc/LICENSE' for the license information
6 | ###
7 | while read h; do
8 | NAME="nikto_$(date +%s).xml"
9 | ${CS_NIKTO:=nikto} -host $h -output $2$NAME -Format XML
10 | done <$1
--------------------------------------------------------------------------------
/scripts/web/w3af.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | ###
3 | ## Faraday Penetration Test IDE
4 | ## Copyright (C) 2015 Infobyte LLC (http://www.infobytesec.com/)
5 | ## See the file 'doc/LICENSE' for the license information
6 | ###
7 |
8 |
9 | while read h; do
10 | NAME="w3af_$(date +%s).xml"
11 | echo plugin/w3af.py --target $h --output $2$NAME
12 | ./plugin/w3af.py --target $h --output $2$NAME
13 | done <$1
14 | #fix zombie w3af
15 | kill -9 $(ps aux | grep w3af_api | awk -F" " {'print $2'}) 2> /dev/null
16 |
--------------------------------------------------------------------------------
/scripts/web/zap.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | ###
3 | ## Faraday Penetration Test IDE
4 | ## Copyright (C) 2015 Infobyte LLC (http://www.infobytesec.com/)
5 | ## See the file 'doc/LICENSE' for the license information
6 | ###
7 |
8 | while read h; do
9 | NAME="zap_$(date +%s).xml"
10 | echo ./plugin/zap.py --target $h --output $2$NAME
11 | ./plugin/zap.py --target $h --output $2$NAME
12 | done <$1
--------------------------------------------------------------------------------
/websites.txt:
--------------------------------------------------------------------------------
1 | http://localhost:80
2 |
--------------------------------------------------------------------------------