├── .github └── dependabot.yml ├── .gitignore ├── .output └── README.md ├── Gemfile ├── Gemfile.lock ├── Procfile ├── README.md ├── README.rdoc ├── Rakefile ├── app ├── assets │ ├── config │ │ └── manifest.js │ ├── images │ │ ├── .keep │ │ ├── ADJACENT_NETWORK.png │ │ ├── LOCAL.png │ │ ├── NETWORK.png │ │ ├── edb.png │ │ └── msf.png │ ├── javascripts │ │ ├── application.coffee │ │ ├── cable.coffee │ │ ├── channels │ │ │ └── scans.coffee │ │ └── scans.coffee │ └── stylesheets │ │ ├── application.scss │ │ └── scans.scss ├── channels │ ├── application_cable │ │ ├── channel.rb │ │ └── connection.rb │ └── scans_channel.rb ├── controllers │ ├── application_controller.rb │ ├── concerns │ │ └── .keep │ └── scans_controller.rb ├── datatables │ ├── application_datatable.rb │ └── scans_datatable.rb ├── decorators │ └── scan_decorator.rb ├── helpers │ ├── application_helper.rb │ └── scans_helper.rb ├── mailers │ └── .keep ├── models │ ├── .keep │ ├── application_record.rb │ ├── concerns │ │ └── .keep │ └── scan.rb ├── views │ ├── application │ │ └── _banner.html.erb │ ├── layouts │ │ └── application.html.erb │ └── scans │ │ ├── _form.html.erb │ │ ├── create.js.erb │ │ ├── destroy.js.erb │ │ ├── index.html.erb │ │ ├── new.js.erb │ │ ├── show.html.erb │ │ └── update.js.erb └── workers │ └── hellraiser_worker.rb ├── bin ├── bundle ├── rails ├── rake ├── setup └── spring ├── cable └── config.ru ├── config.ru ├── config ├── application.rb ├── boot.rb ├── cable.yml ├── config.yml ├── database.yml ├── environment.rb ├── environments │ ├── development.rb │ ├── production.rb │ └── test.rb ├── initializer │ └── redis.rb ├── initializers │ ├── assets.rb │ ├── backtrace_silencers.rb │ ├── cookies_serializer.rb │ ├── filter_parameter_logging.rb │ ├── hellraiser.rb │ ├── inflections.rb │ ├── mime_types.rb │ ├── new_framework_defaults.rb │ ├── session_store.rb │ └── wrap_parameters.rb ├── locales │ └── en.yml ├── puma.rb ├── redis │ └── cable.yml ├── routes.rb └── secrets.yml ├── db ├── migrate │ └── 20160304134102_create_scans.rb ├── schema.rb └── seeds.rb ├── development.env ├── doc └── result00.png ├── lib ├── assets │ └── .keep ├── hellraiser.rb └── tasks │ └── .keep ├── log └── .keep ├── public ├── 404.html ├── 422.html ├── 500.html ├── favicon.ico └── robots.txt ├── test ├── controllers │ ├── .keep │ ├── scans_controller_test.rb │ └── welcome_controller_test.rb ├── decorators │ └── scan_decorator_test.rb ├── fixtures │ ├── .keep │ └── scans.yml ├── helpers │ └── .keep ├── integration │ └── .keep ├── mailers │ └── .keep ├── models │ ├── .keep │ └── scan_test.rb └── test_helper.rb └── vendor └── assets ├── javascripts └── .keep └── stylesheets └── .keep /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: bundler 4 | directory: "/" 5 | schedule: 6 | interval: daily 7 | time: "09:00" 8 | open-pull-requests-limit: 10 9 | ignore: 10 | - dependency-name: rails 11 | versions: 12 | - 6.1.2 13 | - 6.1.3.1 14 | - dependency-name: ajax-datatables-rails 15 | versions: 16 | - 1.3.0 17 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # See https://help.github.com/articles/ignoring-files for more about ignoring files. 2 | # 3 | # If you find yourself ignoring temporary files generated by your text editor 4 | # or operating system, you probably want to add a global ignore instead: 5 | # git config --global core.excludesfile '~/.gitignore_global' 6 | 7 | # Ignore bundler config. 8 | /.bundle 9 | 10 | # Ignore the default SQLite database. 11 | /db/*.sqlite3 12 | /db/*.sqlite3-journal 13 | 14 | # Ignore all logfiles and tempfiles. 15 | /log/* 16 | !/log/.keep 17 | /tmp 18 | .byebug_history 19 | .output/** 20 | !.output/**.md 21 | dump.rdb 22 | -------------------------------------------------------------------------------- /.output/README.md: -------------------------------------------------------------------------------- 1 | # Output directory 2 | Output directory is defined in config/config.yml 3 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | ruby '2.7.2' 4 | 5 | gem 'rails', '~> 6.1.4' 6 | # Use sqlite3 as the database for Active Record 7 | gem 'sqlite3' 8 | # Use SCSS for stylesheets 9 | gem 'sass-rails' 10 | # Use Uglifier as compressor for JavaScript assets 11 | gem 'uglifier', '>= 1.3.0' 12 | # Use CoffeeScript for .coffee assets and views 13 | gem 'coffee-rails' 14 | # See https://github.com/rails/execjs#readme for more supported runtimes 15 | gem 'therubyracer', platforms: :ruby 16 | 17 | # Use jquery as the JavaScript library 18 | gem 'jquery-rails' 19 | # Turbolinks makes following links in your web application faster. Read more: https://github.com/rails/turbolinks 20 | gem 'turbolinks' 21 | # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder 22 | gem 'jbuilder', '~> 2.11' 23 | # bundle exec rake doc:rails generates the API under doc/api. 24 | gem 'sdoc', '~> 2.3.1', group: :doc 25 | 26 | # Use sidekiq gem for background jobs 27 | gem 'sidekiq' 28 | 29 | # Use ruby-nmap gem for nmap scan 30 | gem 'ruby-nmap' 31 | 32 | # Use ActiveModel has_secure_password 33 | # gem 'bcrypt', '~> 3.1.7' 34 | 35 | # Use Unicorn as the app server 36 | # gem 'unicorn' 37 | 38 | # Use Capistrano for deployment 39 | # gem 'capistrano-rails', group: :development 40 | 41 | group :development, :test do 42 | # Call 'byebug' anywhere in the code to stop execution and get a debugger console 43 | gem 'byebug' 44 | end 45 | 46 | group :development do 47 | # Access an IRB console on exception pages or by using <%= console %> in views 48 | gem 'web-console' 49 | 50 | # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring 51 | gem 'spring' 52 | end 53 | 54 | gem 'puma' 55 | 56 | gem 'bootstrap-sass' 57 | gem 'font-awesome-sass' 58 | 59 | gem 'sweetalert-rails' 60 | gem 'sweet-alert-confirm' 61 | 62 | gem 'jquery-datatables-rails' 63 | gem 'ajax-datatables-rails' 64 | gem 'draper', '4.0.2' 65 | -------------------------------------------------------------------------------- /Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | actioncable (6.1.4.1) 5 | actionpack (= 6.1.4.1) 6 | activesupport (= 6.1.4.1) 7 | nio4r (~> 2.0) 8 | websocket-driver (>= 0.6.1) 9 | actionmailbox (6.1.4.1) 10 | actionpack (= 6.1.4.1) 11 | activejob (= 6.1.4.1) 12 | activerecord (= 6.1.4.1) 13 | activestorage (= 6.1.4.1) 14 | activesupport (= 6.1.4.1) 15 | mail (>= 2.7.1) 16 | actionmailer (6.1.4.1) 17 | actionpack (= 6.1.4.1) 18 | actionview (= 6.1.4.1) 19 | activejob (= 6.1.4.1) 20 | activesupport (= 6.1.4.1) 21 | mail (~> 2.5, >= 2.5.4) 22 | rails-dom-testing (~> 2.0) 23 | actionpack (6.1.4.1) 24 | actionview (= 6.1.4.1) 25 | activesupport (= 6.1.4.1) 26 | rack (~> 2.0, >= 2.0.9) 27 | rack-test (>= 0.6.3) 28 | rails-dom-testing (~> 2.0) 29 | rails-html-sanitizer (~> 1.0, >= 1.2.0) 30 | actiontext (6.1.4.1) 31 | actionpack (= 6.1.4.1) 32 | activerecord (= 6.1.4.1) 33 | activestorage (= 6.1.4.1) 34 | activesupport (= 6.1.4.1) 35 | nokogiri (>= 1.8.5) 36 | actionview (6.1.4.1) 37 | activesupport (= 6.1.4.1) 38 | builder (~> 3.1) 39 | erubi (~> 1.4) 40 | rails-dom-testing (~> 2.0) 41 | rails-html-sanitizer (~> 1.1, >= 1.2.0) 42 | activejob (6.1.4.1) 43 | activesupport (= 6.1.4.1) 44 | globalid (>= 0.3.6) 45 | activemodel (6.1.4.1) 46 | activesupport (= 6.1.4.1) 47 | activemodel-serializers-xml (1.0.2) 48 | activemodel (> 5.x) 49 | activesupport (> 5.x) 50 | builder (~> 3.1) 51 | activerecord (6.1.4.1) 52 | activemodel (= 6.1.4.1) 53 | activesupport (= 6.1.4.1) 54 | activestorage (6.1.4.1) 55 | actionpack (= 6.1.4.1) 56 | activejob (= 6.1.4.1) 57 | activerecord (= 6.1.4.1) 58 | activesupport (= 6.1.4.1) 59 | marcel (~> 1.0.0) 60 | mini_mime (>= 1.1.0) 61 | activesupport (6.1.4.1) 62 | concurrent-ruby (~> 1.0, >= 1.0.2) 63 | i18n (>= 1.6, < 2) 64 | minitest (>= 5.1) 65 | tzinfo (~> 2.0) 66 | zeitwerk (~> 2.3) 67 | ajax-datatables-rails (0.3.1) 68 | railties (>= 3.1) 69 | autoprefixer-rails (9.6.1.1) 70 | execjs 71 | bindex (0.8.1) 72 | bootstrap-sass (3.4.1) 73 | autoprefixer-rails (>= 5.2.1) 74 | sassc (>= 2.0.0) 75 | builder (3.2.4) 76 | byebug (11.1.3) 77 | coffee-rails (5.0.0) 78 | coffee-script (>= 2.2.0) 79 | railties (>= 5.2.0) 80 | coffee-script (2.4.1) 81 | coffee-script-source 82 | execjs 83 | coffee-script-source (1.12.2) 84 | concurrent-ruby (1.1.9) 85 | connection_pool (2.2.5) 86 | crass (1.0.6) 87 | draper (4.0.2) 88 | actionpack (>= 5.0) 89 | activemodel (>= 5.0) 90 | activemodel-serializers-xml (>= 1.0) 91 | activesupport (>= 5.0) 92 | request_store (>= 1.0) 93 | ruby2_keywords 94 | erubi (1.10.0) 95 | execjs (2.7.0) 96 | ffi (1.11.3) 97 | font-awesome-sass (4.7.0) 98 | sass (>= 3.2) 99 | globalid (0.5.2) 100 | activesupport (>= 5.0) 101 | i18n (1.8.11) 102 | concurrent-ruby (~> 1.0) 103 | jbuilder (2.11.5) 104 | actionview (>= 5.0.0) 105 | activesupport (>= 5.0.0) 106 | jquery-datatables-rails (3.4.0) 107 | actionpack (>= 3.1) 108 | jquery-rails 109 | railties (>= 3.1) 110 | sass-rails 111 | jquery-rails (4.4.0) 112 | rails-dom-testing (>= 1, < 3) 113 | railties (>= 4.2.0) 114 | thor (>= 0.14, < 2.0) 115 | libv8 (3.16.14.19) 116 | loofah (2.12.0) 117 | crass (~> 1.0.2) 118 | nokogiri (>= 1.5.9) 119 | mail (2.7.1) 120 | mini_mime (>= 0.1.1) 121 | marcel (1.0.1) 122 | method_source (1.0.0) 123 | mini_mime (1.1.0) 124 | mini_portile2 (2.8.0) 125 | minitest (5.15.0) 126 | nio4r (2.5.8) 127 | nokogiri (1.13.3) 128 | mini_portile2 (~> 2.8.0) 129 | racc (~> 1.4) 130 | puma (5.6.2) 131 | nio4r (~> 2.0) 132 | racc (1.6.0) 133 | rack (2.2.3) 134 | rack-test (1.1.0) 135 | rack (>= 1.0, < 3) 136 | rails (6.1.4.1) 137 | actioncable (= 6.1.4.1) 138 | actionmailbox (= 6.1.4.1) 139 | actionmailer (= 6.1.4.1) 140 | actionpack (= 6.1.4.1) 141 | actiontext (= 6.1.4.1) 142 | actionview (= 6.1.4.1) 143 | activejob (= 6.1.4.1) 144 | activemodel (= 6.1.4.1) 145 | activerecord (= 6.1.4.1) 146 | activestorage (= 6.1.4.1) 147 | activesupport (= 6.1.4.1) 148 | bundler (>= 1.15.0) 149 | railties (= 6.1.4.1) 150 | sprockets-rails (>= 2.0.0) 151 | rails-dom-testing (2.0.3) 152 | activesupport (>= 4.2.0) 153 | nokogiri (>= 1.6) 154 | rails-html-sanitizer (1.4.2) 155 | loofah (~> 2.3) 156 | railties (6.1.4.1) 157 | actionpack (= 6.1.4.1) 158 | activesupport (= 6.1.4.1) 159 | method_source 160 | rake (>= 0.13) 161 | thor (~> 1.0) 162 | rake (13.0.6) 163 | rb-fsevent (0.10.3) 164 | rb-inotify (0.10.1) 165 | ffi (~> 1.0) 166 | rdoc (6.3.3) 167 | redis (4.6.0) 168 | ref (2.0.0) 169 | request_store (1.5.0) 170 | rack (>= 1.4) 171 | rprogram (0.3.2) 172 | ruby-nmap (0.10.0) 173 | nokogiri (~> 1.3) 174 | rprogram (~> 0.3) 175 | ruby2_keywords (0.0.4) 176 | sass (3.7.4) 177 | sass-listen (~> 4.0.0) 178 | sass-listen (4.0.0) 179 | rb-fsevent (~> 0.9, >= 0.9.4) 180 | rb-inotify (~> 0.9, >= 0.9.7) 181 | sass-rails (6.0.0) 182 | sassc-rails (~> 2.1, >= 2.1.1) 183 | sassc (2.2.0) 184 | ffi (~> 1.9) 185 | sassc-rails (2.1.2) 186 | railties (>= 4.0.0) 187 | sassc (>= 2.0) 188 | sprockets (> 3.0) 189 | sprockets-rails 190 | tilt 191 | sdoc (2.3.1) 192 | rdoc (>= 5.0, < 6.4.0) 193 | sidekiq (6.4.1) 194 | connection_pool (>= 2.2.2) 195 | rack (~> 2.0) 196 | redis (>= 4.2.0) 197 | spring (4.0.0) 198 | sprockets (4.0.2) 199 | concurrent-ruby (~> 1.0) 200 | rack (> 1, < 3) 201 | sprockets-rails (3.2.2) 202 | actionpack (>= 4.0) 203 | activesupport (>= 4.0) 204 | sprockets (>= 3.0.0) 205 | sqlite3 (1.4.2) 206 | sweet-alert-confirm (0.4.1) 207 | sweetalert-rails (1.1.3) 208 | railties (>= 3.1.0) 209 | therubyracer (0.12.3) 210 | libv8 (~> 3.16.14.15) 211 | ref 212 | thor (1.1.0) 213 | tilt (2.0.10) 214 | turbolinks (5.2.1) 215 | turbolinks-source (~> 5.2) 216 | turbolinks-source (5.2.0) 217 | tzinfo (2.0.4) 218 | concurrent-ruby (~> 1.0) 219 | uglifier (4.2.0) 220 | execjs (>= 0.3.0, < 3) 221 | web-console (4.2.0) 222 | actionview (>= 6.0.0) 223 | activemodel (>= 6.0.0) 224 | bindex (>= 0.4.0) 225 | railties (>= 6.0.0) 226 | websocket-driver (0.7.5) 227 | websocket-extensions (>= 0.1.0) 228 | websocket-extensions (0.1.5) 229 | zeitwerk (2.5.1) 230 | 231 | PLATFORMS 232 | ruby 233 | 234 | DEPENDENCIES 235 | ajax-datatables-rails 236 | bootstrap-sass 237 | byebug 238 | coffee-rails 239 | draper (= 4.0.2) 240 | font-awesome-sass 241 | jbuilder (~> 2.11) 242 | jquery-datatables-rails 243 | jquery-rails 244 | puma 245 | rails (~> 6.1.4) 246 | ruby-nmap 247 | sass-rails 248 | sdoc (~> 2.3.1) 249 | sidekiq 250 | spring 251 | sqlite3 252 | sweet-alert-confirm 253 | sweetalert-rails 254 | therubyracer 255 | turbolinks 256 | uglifier (>= 1.3.0) 257 | web-console 258 | 259 | RUBY VERSION 260 | ruby 2.7.2p137 261 | 262 | BUNDLED WITH 263 | 1.17.3 264 | -------------------------------------------------------------------------------- /Procfile: -------------------------------------------------------------------------------- 1 | web: bundle exec puma config.ru -p ${APP_PORT:-3000} -e ${RACK_ENV:-development} 2 | actioncable: bundle exec puma cable/config.ru -p ${WS_PORT:-28080} -e ${RACK_ENV:-development} 3 | log: touch log/${RACK_ENV:-development}.log && tail -f log/${RACK_ENV:-development}.log 4 | worker: bundle exec sidekiq 5 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # HellRaiser 2 | 3 | Vulnerability Scanner 4 | 5 | ![Alt text](https://github.com/m0nad/HellRaiser/blob/master/doc/result00.png) 6 | 7 | # Install 8 | 9 | HellRaiser depends on [cve-search](https://github.com/cve-search/cve-search) API. Have a cve-search API running and add the address in `config/config.yml` on `cvesearch_api_domain` field. 10 | 11 | Install ruby 2.7.2, bundler 1.17.3 and rails. 12 | https://gorails.com/setup/ubuntu/20.04 13 | 14 | Install redis-server and nmap. 15 | ``` 16 | sudo apt-get update 17 | sudo apt-get install redis-server nmap 18 | ``` 19 | Install the foreman gem. 20 | ``` 21 | gem install foreman 22 | ``` 23 | Clone HellRaiser repository, change to hellraiser web app directory and run bundle install and bundle exec rake db:migrate. 24 | ``` 25 | git clone https://github.com/m0nad/HellRaiser/ 26 | bundle install 27 | bundle exec rake db:migrate 28 | ``` 29 | 30 | # Start 31 | 32 | Start the Procfile using foreman. 33 | ``` 34 | foreman s 35 | ``` 36 | 37 | # Usage 38 | 39 | Access http://127.0.0.1:3000 40 | 41 | # How it works? 42 | 43 | HellRaiser scan with nmap then correlates cpe's found with cve-search to enumerate vulnerabilities. 44 | 45 | # Donate 46 | 47 | Support HellRaiser by [donating](https://m0nad.github.io/donate.html). 48 | -------------------------------------------------------------------------------- /README.rdoc: -------------------------------------------------------------------------------- 1 | == README 2 | 3 | This README would normally document whatever steps are necessary to get the 4 | application up and running. 5 | 6 | Things you may want to cover: 7 | 8 | * Ruby version 9 | 10 | * System dependencies 11 | 12 | * Configuration 13 | 14 | * Database creation 15 | 16 | * Database initialization 17 | 18 | * How to run the test suite 19 | 20 | * Services (job queues, cache servers, search engines, etc.) 21 | 22 | * Deployment instructions 23 | 24 | * ... 25 | 26 | 27 | Please feel free to use a different markup language if you do not plan to run 28 | rake doc:app. 29 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | # Add your own tasks in files placed in lib/tasks ending in .rake, 2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 3 | 4 | require File.expand_path('../config/application', __FILE__) 5 | 6 | Rails.application.load_tasks 7 | -------------------------------------------------------------------------------- /app/assets/config/manifest.js: -------------------------------------------------------------------------------- 1 | //= link_tree ../images 2 | //= link_directory ../javascripts .js 3 | //= link_directory ../stylesheets .css 4 | -------------------------------------------------------------------------------- /app/assets/images/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/app/assets/images/.keep -------------------------------------------------------------------------------- /app/assets/images/ADJACENT_NETWORK.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/app/assets/images/ADJACENT_NETWORK.png -------------------------------------------------------------------------------- /app/assets/images/LOCAL.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/app/assets/images/LOCAL.png -------------------------------------------------------------------------------- /app/assets/images/NETWORK.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/app/assets/images/NETWORK.png -------------------------------------------------------------------------------- /app/assets/images/edb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/app/assets/images/edb.png -------------------------------------------------------------------------------- /app/assets/images/msf.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/app/assets/images/msf.png -------------------------------------------------------------------------------- /app/assets/javascripts/application.coffee: -------------------------------------------------------------------------------- 1 | # This is a manifest file that'll be compiled into application.js, which will include all the files 2 | # listed below. 3 | # 4 | # Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts, 5 | # or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path. 6 | # 7 | # It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the 8 | # compiled file. 9 | # 10 | # Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details 11 | # about supported directives. 12 | # 13 | #= require jquery 14 | #= require bootstrap-sprockets 15 | #= require jquery_ujs 16 | #= require turbolinks 17 | #= require dataTables/jquery.dataTables 18 | #= require dataTables/bootstrap/3/jquery.dataTables.bootstrap 19 | #= require sweetalert 20 | #= require sweet-alert-confirm 21 | #= require_tree . 22 | -------------------------------------------------------------------------------- /app/assets/javascripts/cable.coffee: -------------------------------------------------------------------------------- 1 | # Action Cable provides the framework to deal with WebSockets in Rails. 2 | # You can generate new channels where WebSocket features live using the rails generate channel command. 3 | # 4 | #= require action_cable 5 | #= require_self 6 | #= require_tree ./channels 7 | (-> 8 | @App or (@App = {}) 9 | App.cable = ActionCable.createConsumer('ws://127.0.0.1:28080') 10 | return 11 | ).call this 12 | -------------------------------------------------------------------------------- /app/assets/javascripts/channels/scans.coffee: -------------------------------------------------------------------------------- 1 | @App.scans = 2 | @App.cable.subscriptions.create( 3 | 'ScansChannel', 4 | received: (data) -> 5 | $('.datatable').DataTable().draw() 6 | ) 7 | -------------------------------------------------------------------------------- /app/assets/javascripts/scans.coffee: -------------------------------------------------------------------------------- 1 | # Place all the behaviors and hooks related to the matching controller here. 2 | # All this logic will automatically be available in application.js. 3 | # You can use CoffeeScript in this file: http://coffeescript.org/ 4 | $(document).on 'turbolinks:load', -> 5 | $('.datatable').DataTable({ 6 | processing: true, 7 | serverSide: true, 8 | ajax: $('.datatable').data('api'), 9 | columnDefs: [{ width: '25%', className: "text-right", orderable: false, targets: -1 }], 10 | dom: "<'row-fluid'<'span6'l><'span6'f>r>t<'row-fluid'<'span6'i><'span6'p>>", 11 | pagingType: "full_numbers" 12 | }); 13 | -------------------------------------------------------------------------------- /app/assets/stylesheets/application.scss: -------------------------------------------------------------------------------- 1 | /* 2 | * This is a manifest file that'll be compiled into application.css, which will include all the files 3 | * listed below. 4 | * 5 | * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets, 6 | * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path. 7 | * 8 | * You're free to add application-wide styles to this file and they'll appear at the bottom of the 9 | * compiled file so the styles you add here take precedence over styles defined in any styles 10 | * defined in the other CSS/SCSS files in this directory. It is generally better to create a new 11 | * file per style scope. 12 | * 13 | *= require dataTables/bootstrap/3/jquery.dataTables.bootstrap 14 | *= require sweetalert 15 | *= require_tree . 16 | *= require_self 17 | */ 18 | 19 | @import "bootstrap-sprockets"; 20 | @import "bootstrap"; 21 | 22 | @import "font-awesome-sprockets"; 23 | @import "font-awesome"; 24 | 25 | #banner { 26 | display: block; 27 | font-family: monospace; 28 | white-space: pre; 29 | margin: 1em 0px 1em; 30 | padding:0; 31 | color: #333333; 32 | background: none; 33 | border: none; 34 | border-radius: none; 35 | } 36 | 37 | .table > thead > tr > th, 38 | .table > thead > tr > td, 39 | .table > tbody > tr > th, 40 | .table > tbody > tr > td, 41 | .table > tfoot > tr > th, 42 | .table > tfoot > tr > td { 43 | padding: 8px 18px; 44 | } 45 | 46 | .field_with_errors input { 47 | border-color: rgba(255, 0, 0, 0.5); 48 | box-shadow: inset 0 1px 1px rgba(255, 0, 0, 0.07); 49 | } 50 | .field_with_errors input::-webkit-input-placeholder { /* Chrome/Opera/Safari */ 51 | color: rgba(255, 0, 0, 0.8); 52 | } 53 | .field_with_errors input::-moz-placeholder { /* Firefox 19+ */ 54 | color: rgba(255, 0, 0, 0.75); 55 | } 56 | .field_with_errors input:-ms-input-placeholder { /* IE 10+ */ 57 | color: rgba(255, 0, 0, 0.75); 58 | } 59 | .field_with_errors input:-moz-placeholder { /* Firefox 18- */ 60 | color: rgba(255, 0, 0, 0.75); 61 | } 62 | 63 | .page-header [class*="col-"] { 64 | padding-left: 0; 65 | padding-right: 0; 66 | } 67 | 68 | .header-container { 69 | position: relative; 70 | } 71 | 72 | .header-buttons { 73 | position: absolute; 74 | bottom:0; 75 | right:0; 76 | } 77 | 78 | @media (max-width: 767px) { 79 | .header-buttons { 80 | position: relative; 81 | top: inherit; 82 | bottom: inherit; 83 | } 84 | } 85 | -------------------------------------------------------------------------------- /app/assets/stylesheets/scans.scss: -------------------------------------------------------------------------------- 1 | // Place all the styles related to the scans controller here. 2 | // They will automatically be included in application.css. 3 | // You can use Sass (SCSS) here: http://sass-lang.com/ 4 | -------------------------------------------------------------------------------- /app/channels/application_cable/channel.rb: -------------------------------------------------------------------------------- 1 | module ApplicationCable 2 | class Channel < ActionCable::Channel::Base 3 | end 4 | end 5 | -------------------------------------------------------------------------------- /app/channels/application_cable/connection.rb: -------------------------------------------------------------------------------- 1 | module ApplicationCable 2 | class Connection < ActionCable::Connection::Base 3 | end 4 | end 5 | -------------------------------------------------------------------------------- /app/channels/scans_channel.rb: -------------------------------------------------------------------------------- 1 | class ScansChannel < ApplicationCable::Channel 2 | def subscribed 3 | stream_from 'scans' 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /app/controllers/application_controller.rb: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::Base 2 | # Prevent CSRF attacks by raising an exception. 3 | # For APIs, you may want to use :null_session instead. 4 | protect_from_forgery with: :exception 5 | end 6 | -------------------------------------------------------------------------------- /app/controllers/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/app/controllers/concerns/.keep -------------------------------------------------------------------------------- /app/controllers/scans_controller.rb: -------------------------------------------------------------------------------- 1 | class ScansController < ApplicationController 2 | 3 | def index 4 | @scan ||= Scan.new 5 | 6 | respond_to do |format| 7 | format.json { render json: ScansDatatable.new(view_context) } 8 | format.html 9 | end 10 | end 11 | 12 | def show 13 | @scan = Scan.find(params[:id]) 14 | @result = redis.get(@scan.id) 15 | end 16 | 17 | def new 18 | @scan ||= Scan.new 19 | end 20 | 21 | def create 22 | @scan = Scan.new(scan_params) 23 | 24 | if @scan.save 25 | @scan.update(jid: HellraiserWorker.perform_async(@scan.id)) 26 | else 27 | render 'new' 28 | end 29 | 30 | respond_to :js 31 | end 32 | 33 | def update 34 | @scan = Scan.find(params[:id]) 35 | @scan.queued! 36 | @scan.update(jid: HellraiserWorker.perform_async(@scan.id)) 37 | respond_to :js 38 | end 39 | 40 | def destroy 41 | @scan = Scan.find(params[:id]) 42 | 43 | if @scan.finished? 44 | FileUtils.rm Dir.glob(HellRaiser.configuration.output_dir + @scan.id.to_s + '.*') 45 | redis.del @scan.id 46 | @scan.destroy 47 | else 48 | HellraiserWorker.cancel!(@scan.jid) 49 | @scan.finished! 50 | end 51 | 52 | respond_to :js 53 | end 54 | 55 | private 56 | 57 | def scan_params 58 | params.require(:scan).permit(:title, :target) 59 | end 60 | 61 | def redis 62 | @redis ||= Redis.new 63 | end 64 | 65 | end 66 | -------------------------------------------------------------------------------- /app/datatables/application_datatable.rb: -------------------------------------------------------------------------------- 1 | class ApplicationDatatable < AjaxDatatablesRails::Base 2 | def sort_records(records) 3 | sort_by = [] 4 | params[:order].each do |key, item| 5 | sort_by << "#{sort_column(item)} #{sort_direction(item)}" 6 | end 7 | records.order(sort_by.join(", ")) 8 | end 9 | 10 | def generate_sortable_displayed_columns 11 | @sortable_displayed_columns = [] 12 | params[:columns].each do |key, column| 13 | @sortable_displayed_columns << column[:data] if column[:orderable] == 'true' 14 | end 15 | @sortable_displayed_columns 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /app/datatables/scans_datatable.rb: -------------------------------------------------------------------------------- 1 | class ScansDatatable < ApplicationDatatable 2 | 3 | def sortable_columns 4 | @sortable_columns ||= %w(Scan.title Scan.target Scan.status) 5 | end 6 | 7 | def searchable_columns 8 | @searchable_columns ||= %w(Scan.title Scan.target Scan.status) 9 | end 10 | 11 | private 12 | 13 | def data 14 | records.map do |record| 15 | [ 16 | record.title, 17 | record.target, 18 | record.decorate.status, 19 | record.decorate.actions 20 | ] 21 | end 22 | end 23 | 24 | def get_raw_records 25 | options[:records] || Scan.all 26 | end 27 | end 28 | -------------------------------------------------------------------------------- /app/decorators/scan_decorator.rb: -------------------------------------------------------------------------------- 1 | class ScanDecorator < Draper::Decorator 2 | delegate_all 3 | 4 | def status 5 | case scan.status 6 | when 'queued' 7 | h.icon('link', scan.status.titleize) 8 | when 'running' 9 | h.icon('refresh', scan.status.titleize, class: 'fa-spin') 10 | when 'finished' 11 | h.icon('check', scan.status.titleize) 12 | end 13 | end 14 | 15 | def actions 16 | "#{run_link} #{show_link} #{object.finished? ? destroy_link : cancel_link}" 17 | end 18 | 19 | def run_link 20 | h.link_to h.icon('flag', 'Run'), scan, method: :put, remote: true, class: 'btn btn-xs btn-success' 21 | end 22 | 23 | def show_link 24 | h.link_to h.icon('file', 'Show'), scan, class: 'btn btn-xs btn-primary' 25 | end 26 | 27 | def destroy_link 28 | h.link_to h.icon('trash', 'Delete'), scan, method: :delete, remote: true, class: 'btn btn-xs btn-danger', data: { confirm: 'Are you sure?' } 29 | end 30 | 31 | def cancel_link 32 | h.link_to h.icon('trash', 'Cancel'), scan, method: :delete, remote: true, class: 'btn btn-xs btn-danger', data: { confirm: 'Are you sure?' } 33 | end 34 | 35 | end 36 | -------------------------------------------------------------------------------- /app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | module ApplicationHelper 2 | end 3 | -------------------------------------------------------------------------------- /app/helpers/scans_helper.rb: -------------------------------------------------------------------------------- 1 | module ScansHelper 2 | end 3 | -------------------------------------------------------------------------------- /app/mailers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/app/mailers/.keep -------------------------------------------------------------------------------- /app/models/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/app/models/.keep -------------------------------------------------------------------------------- /app/models/application_record.rb: -------------------------------------------------------------------------------- 1 | class ApplicationRecord < ActiveRecord::Base 2 | self.abstract_class = true 3 | end 4 | -------------------------------------------------------------------------------- /app/models/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/app/models/concerns/.keep -------------------------------------------------------------------------------- /app/models/scan.rb: -------------------------------------------------------------------------------- 1 | class Scan < ApplicationRecord 2 | enum status: [:queued, :running, :finished] 3 | validates :title, presence: true 4 | validates :target, presence: true 5 | end 6 | -------------------------------------------------------------------------------- /app/views/application/_banner.html.erb: -------------------------------------------------------------------------------- 1 | 9 | -------------------------------------------------------------------------------- /app/views/layouts/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | HellRaiser 5 | <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => "reload" %> 6 | <%= javascript_include_tag 'application', 'data-turbolinks-track' => "reload" %> 7 | <%= tag :meta, name: 'turbolinks-cache-control', content: 'no-cache' %> 8 | <%= csrf_meta_tags %> 9 | 10 | 11 |
12 | <%= yield %> 13 |
14 | 15 | 16 | -------------------------------------------------------------------------------- /app/views/scans/_form.html.erb: -------------------------------------------------------------------------------- 1 | <%= form_for @scan, remote: true, html: {class: 'form-inline', style: 'display:inline'} do |f| %> 2 | 3 |
4 | <%= f.text_field :title, placeholder: 'Scan Title', class: 'form-control' %> 5 |
6 | 7 |
8 | <%= f.text_field :target, placeholder: 'Target IP Address', class: 'form-control' %> 9 |
10 | 11 |
12 | <%= f.button icon('flag-checkered', 'Start'), class: 'btn btn-md btn-default' %> 13 |
14 | <% end %> 15 | -------------------------------------------------------------------------------- /app/views/scans/create.js.erb: -------------------------------------------------------------------------------- 1 | $('#header a').show() 2 | $('#header form').remove() 3 | $('.datatable').DataTable().draw() 4 | -------------------------------------------------------------------------------- /app/views/scans/destroy.js.erb: -------------------------------------------------------------------------------- 1 | $('.datatable').DataTable().draw() 2 | -------------------------------------------------------------------------------- /app/views/scans/index.html.erb: -------------------------------------------------------------------------------- 1 |

2 |
3 |
4 |
5 | <%= render 'banner' %> 6 |
7 |
8 | <%= render 'scans/form' %> 9 |
10 |
11 |
12 |

13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 |
TitleTargetStatus
26 | -------------------------------------------------------------------------------- /app/views/scans/new.js.erb: -------------------------------------------------------------------------------- 1 | $('#form a').hide() 2 | $('#form form').remove() 3 | $('#form').append('<%= j render 'form' %>') 4 | $('.field_with_errors').change(function() { 5 | $(this).removeClass('field_with_errors') 6 | }) 7 | -------------------------------------------------------------------------------- /app/views/scans/show.html.erb: -------------------------------------------------------------------------------- 1 |

2 |
3 |
4 |
5 | <%= render 'banner' %> 6 |
7 |
8 | <%= link_to 'Back', root_path, class: 'btn btn-lg btn-default' %> 9 |
10 |
11 |
12 |

13 | 14 |

15 | Title: 16 | <%= @scan.title %> 17 |

18 | 19 |

20 | Target: 21 | <%= @scan.target %> 22 |

23 | 24 |

25 | Status: 26 | <%= @scan.status.titleize %> 27 |

28 | 29 | <% if @result and File.exist? @result %> 30 |

31 | <% file = File.read(@result) %> 32 | <% scans = JSON.parse(file) %> 33 | <% id = 0 %> 34 | <% scans.each do |scan| %> 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 59 | 60 |
IP Address: <%= scan['ip'] %>
Status: <%= scan['status']['state'] %>
MAC: <%= scan['mac'] %>
Vendor: <%= scan['vendor'] %>
Hostnames: 55 | <% scan['hostnames'].each do |h| %> 56 | <%= h['name'] %> 57 | <% end %> 58 |
61 | Operation System: 62 | <% if scan['cpes'] %> 63 | <% scan['cpes'].each do |(cpe,cves)| %> 64 | <% if cves.count > 0 %> 65 | <% cpe_id = cpe.gsub(/\.|\/|:/, '_') + id.to_s %> 66 | <%= cpe %> 67 | <% else %> 68 | <%= cpe %> 69 | <% end %> 70 | <% end %> 71 | <% scan['cpes'].each do |(cpe,cves)| %> 72 | <% if cves.count > 0 %> 73 | <% cpe_id = cpe.gsub(/\.|\/|:/, '_') + id.to_s %> 74 |

75 | <%= cpe %> 76 | <% cves.each do |cve| %> 77 |
78 | <%= link_to cve['id'], cve['idurl'] %> 79 | <% if cve['impact'] %> 80 | <% if cve['impact']['confidentiality'] == "COMPLETE" %> 81 | 82 | <% elsif cve['impact']['confidentiality'] == "PARTIAL" %> 83 | 84 | <% elsif cve['impact']['confidentiality'] == "NONE" %> 85 | 86 | <% else %> 87 | 88 | <% end %> 89 | C 90 | 91 | <% if cve['impact']['integrity'] == "COMPLETE" %> 92 | 93 | <% elsif cve['impact']['integrity'] == "PARTIAL" %> 94 | 95 | <% elsif cve['impact']['integrity'] == "NONE" %> 96 | 97 | <% else %> 98 | 99 | <% end %> 100 | I 101 | 102 | <% if cve['impact']['availability'] == "COMPLETE" %> 103 | 104 | <% elsif cve['impact']['availability'] == "PARTIAL" %> 105 | 106 | <% elsif cve['impact']['availability'] == "NONE" %> 107 | 108 | <% else %> 109 | 110 | <% end %> 111 | A 112 | 113 | <% end %> 114 | <% if cve['access'] %> 115 | <%= image_tag(cve['access']['vector'] + ".png", width: "20", height: "20", title: "ACCESS: " + cve['access']['vector']) %> 116 | <% end %> 117 | <% if cve['edb'] %> 118 | <%= link_to image_tag("edb.png", width: "20", height:"20", title: "Exploit-DB"), cve['edb'] %> 119 | <% end %> 120 | <% if cve['msf'] %> 121 | <%= link_to image_tag("msf.png", width: "20", height:"20", title: "Metasploit"), cve['msf'] %> 122 | <% end %> 123 |
124 | <% end %> 125 | <% end %> 126 |
127 | <% end %> 128 | <% else %> 129 | System not reconized 130 | <% end %> 131 | <% id = id+1 %> 132 | <% if scan['ports'] %> 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | <% scan['ports'].each do |port| %> 144 | 145 | 146 | 147 | 148 | 149 | 159 | 160 | 161 | 220 | 221 | <% id = id+1 %> 222 | <% end %> 223 |
ServiceBannerPort/ProtocolStatusCPEs
<%= port['name'] %><%= port['product'] %> <%= port['version'] %> <%= port['extra_info'] %><%= port['port'] %>/<%= port['protocol'] %><%= port['state'] %> 150 | <% port['cpes'].each do |(cpe,cves)| %> 151 | <% if cves.count > 0 %> 152 | <% cpe_id = cpe.gsub(/\.|\/|:/, '_') + id.to_s %> 153 | <%= cpe %> 154 | <% else %> 155 | <%= cpe %> 156 | <% end %> 157 | <% end %> 158 |
162 | <% port['cpes'].each do |(cpe,cves)| %> 163 | <% if cves.count > 0 %> 164 | <% cpe_id = cpe.gsub(/\.|\/|:/, '_') + id.to_s %> 165 |
166 | <%= cpe %> 167 | <% cves.each do |cve| %> 168 |
169 | <%= link_to cve['id'], cve['idurl'] %> 170 | <% if cve['impact'] %> 171 | <% if cve['impact']['confidentiality'] == "COMPLETE" %> 172 | 173 | <% elsif cve['impact']['confidentiality'] == "PARTIAL" %> 174 | 175 | <% elsif cve['impact']['confidentiality'] == "NONE" %> 176 | 177 | <% else %> 178 | 179 | <% end %> 180 | C 181 | 182 | <% if cve['impact']['integrity'] == "COMPLETE" %> 183 | 184 | <% elsif cve['impact']['integrity'] == "PARTIAL" %> 185 | 186 | <% elsif cve['impact']['integrity'] == "NONE" %> 187 | 188 | <% else %> 189 | 190 | <% end %> 191 | I 192 | 193 | <% if cve['impact']['availability'] == "COMPLETE" %> 194 | 195 | <% elsif cve['impact']['availability'] == "PARTIAL" %> 196 | 197 | <% elsif cve['impact']['availability'] == "NONE" %> 198 | 199 | <% else %> 200 | 201 | <% end %> 202 | A 203 | 204 | <% end %> 205 | <% if cve['access'] %> 206 | <%= image_tag(cve['access']['vector'] + ".png", width: "20", height: "20", title: "ACCESS: " + cve['access']['vector']) %> 207 | <% end %> 208 | <% if cve['edb'] %> 209 | <%= link_to image_tag("edb.png", width: "20", height:"20", title: "Exploit-DB"), cve['edb'] %> 210 | <% end %> 211 | <% if cve['msf'] %> 212 | <%= link_to image_tag("msf.png", width: "20", height:"20", title: "Metasploit"), cve['msf'] %> 213 | <% end %> 214 |
215 | <% end %> 216 | <% end %> 217 |
218 | <% end %> 219 |
224 | <% end %> 225 | <% end %> 226 | <% end %> 227 | -------------------------------------------------------------------------------- /app/views/scans/update.js.erb: -------------------------------------------------------------------------------- 1 | $('.datatable').DataTable().draw() 2 | -------------------------------------------------------------------------------- /app/workers/hellraiser_worker.rb: -------------------------------------------------------------------------------- 1 | require 'hellraiser' 2 | 3 | class HellraiserWorker 4 | include Sidekiq::Worker 5 | 6 | def perform(id) 7 | return if cancelled? 8 | scan = Scan.find(id) 9 | scan.running! 10 | ActionCable.server.broadcast 'scans', {status: scan.status} 11 | 12 | filename = HellRaiser.configuration.output_dir + scan.id.to_s 13 | nmap_opts = HellRaiser.configuration.nmap_default_opts 14 | nmap_opts['output_all'] = filename 15 | nmap_opts['targets'] = scan.target 16 | # portscan 17 | portscan = HellRaiser::PortScan.new 18 | if nmap_opts['sudo'] 19 | portscan.sudo_scan(nmap_opts) 20 | else 21 | portscan.scan(nmap_opts) 22 | end 23 | return if cancelled? 24 | # cve scan 25 | hellraiser = HellRaiser::CveSearch.new 26 | result = hellraiser.scan(filename + '.xml') 27 | save_to_json(result, filename + '.json') 28 | # change status to fished 29 | scan.finished! 30 | ActionCable.server.broadcast 'scans', {status: scan.status} 31 | redis.set id, filename + '.json' # id from database and filename 32 | end 33 | 34 | def cancelled? 35 | Sidekiq.redis {|c| c.exists?("cancelled-#{jid}") } 36 | end 37 | 38 | def self.cancel!(jid) 39 | Sidekiq.redis {|c| c.setex("cancelled-#{jid}", 86400, 1) } 40 | end 41 | 42 | def save_to_json(hosts, filename) 43 | File.open(filename, "w") do |f| 44 | f.write(hosts.to_json) 45 | end 46 | end 47 | 48 | def redis 49 | @redis ||= Redis.new 50 | end 51 | end 52 | -------------------------------------------------------------------------------- /bin/bundle: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 3 | load Gem.bin_path('bundler', 'bundle') 4 | -------------------------------------------------------------------------------- /bin/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | APP_PATH = File.expand_path('../../config/application', __FILE__) 3 | require_relative '../config/boot' 4 | require 'rails/commands' 5 | -------------------------------------------------------------------------------- /bin/rake: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require_relative '../config/boot' 3 | require 'rake' 4 | Rake.application.run 5 | -------------------------------------------------------------------------------- /bin/setup: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'pathname' 3 | 4 | # path to your application root. 5 | APP_ROOT = Pathname.new File.expand_path('../../', __FILE__) 6 | 7 | Dir.chdir APP_ROOT do 8 | # This script is a starting point to setup your application. 9 | # Add necessary setup steps to this file: 10 | 11 | puts "== Installing dependencies ==" 12 | system "gem install bundler --conservative" 13 | system "bundle check || bundle install" 14 | 15 | # puts "\n== Copying sample files ==" 16 | # unless File.exist?("config/database.yml") 17 | # system "cp config/database.yml.sample config/database.yml" 18 | # end 19 | 20 | puts "\n== Preparing database ==" 21 | system "bin/rake db:setup" 22 | 23 | puts "\n== Removing old logs and tempfiles ==" 24 | system "rm -f log/*" 25 | system "rm -rf tmp/cache" 26 | 27 | puts "\n== Restarting application server ==" 28 | system "touch tmp/restart.txt" 29 | end 30 | -------------------------------------------------------------------------------- /bin/spring: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | # This file loads spring without using Bundler, in order to be fast. 4 | # It gets overwritten when you run the `spring binstub` command. 5 | 6 | unless defined?(Spring) 7 | require 'rubygems' 8 | require 'bundler' 9 | 10 | if (match = Bundler.default_lockfile.read.match(/^GEM$.*?^ (?: )*spring \((.*?)\)$.*?^$/m)) 11 | Gem.paths = { 'GEM_PATH' => [Bundler.bundle_path.to_s, *Gem.path].uniq.join(Gem.path_separator) } 12 | gem 'spring', match[1] 13 | require 'spring/binstub' 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /cable/config.ru: -------------------------------------------------------------------------------- 1 | require_relative '../config/environment' 2 | Rails.application.eager_load! 3 | 4 | run ActionCable.server 5 | -------------------------------------------------------------------------------- /config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require ::File.expand_path('../config/environment', __FILE__) 4 | run Rails.application 5 | -------------------------------------------------------------------------------- /config/application.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path('../boot', __FILE__) 2 | 3 | require 'rails/all' 4 | 5 | # Require the gems listed in Gemfile, including any gems 6 | # you've limited to :test, :development, or :production. 7 | Bundler.require(*Rails.groups) 8 | 9 | module Scanner 10 | class Application < Rails::Application 11 | # Settings in config/environments/* take precedence over those specified here. 12 | # Application configuration should go into files in config/initializers 13 | # -- all .rb files in that directory are automatically loaded. 14 | 15 | # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. 16 | # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC. 17 | # config.time_zone = 'Central Time (US & Canada)' 18 | 19 | # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded. 20 | # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s] 21 | # config.i18n.default_locale = :de 22 | end 23 | end 24 | -------------------------------------------------------------------------------- /config/boot.rb: -------------------------------------------------------------------------------- 1 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 2 | 3 | require 'bundler/setup' # Set up gems listed in the Gemfile. 4 | -------------------------------------------------------------------------------- /config/cable.yml: -------------------------------------------------------------------------------- 1 | edis: &redis 2 | adapter: redis 3 | url: redis://localhost:6379/1 4 | 5 | 6 | development: *redis 7 | test: *redis 8 | production: *redis 9 | -------------------------------------------------------------------------------- /config/config.yml: -------------------------------------------------------------------------------- 1 | cve_id_url: https://cve.mitre.org/cgi-bin/cvename.cgi?name= 2 | cvesearch_api_domain: http://127.0.0.1:5000 3 | gitedb_url: https://github.com/offensive-security/exploit-database/blob/master/ 4 | gitmsf_url: https://github.com/rapid7/metasploit-framework/blob/master/ 5 | edb_url: https://www.exploit-db.com/download/ 6 | output_dir: .output/ 7 | nmap_default_opts: 8 | service_scan: true 9 | all_ports: true 10 | syn_discovery: true 11 | sudo: false 12 | os_fingerprint: true 13 | -------------------------------------------------------------------------------- /config/database.yml: -------------------------------------------------------------------------------- 1 | # SQLite version 3.x 2 | # gem install sqlite3 3 | # 4 | # Ensure the SQLite 3 gem is defined in your Gemfile 5 | # gem 'sqlite3' 6 | # 7 | default: &default 8 | adapter: sqlite3 9 | pool: 25 10 | timeout: 10000 11 | 12 | development: 13 | <<: *default 14 | database: db/development.sqlite3 15 | 16 | # Warning: The database defined as "test" will be erased and 17 | # re-generated from your development database when you run "rake". 18 | # Do not set this db to the same as development or production. 19 | test: 20 | <<: *default 21 | database: db/test.sqlite3 22 | 23 | production: 24 | <<: *default 25 | database: db/production.sqlite3 26 | -------------------------------------------------------------------------------- /config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the Rails application. 2 | require File.expand_path('../application', __FILE__) 3 | 4 | # Initialize the Rails application. 5 | Rails.application.initialize! 6 | -------------------------------------------------------------------------------- /config/environments/development.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # In the development environment your application's code is reloaded on 5 | # every request. This slows down response time but is perfect for development 6 | # since you don't have to restart the web server when you make code changes. 7 | config.cache_classes = false 8 | 9 | # Do not eager load code on boot. 10 | config.eager_load = false 11 | 12 | # Show full error reports and disable caching. 13 | config.consider_all_requests_local = true 14 | config.action_controller.perform_caching = false 15 | 16 | # Don't care if the mailer can't send. 17 | config.action_mailer.raise_delivery_errors = false 18 | 19 | # Print deprecation notices to the Rails logger. 20 | config.active_support.deprecation = :log 21 | 22 | # Raise an error on page load if there are pending migrations. 23 | config.active_record.migration_error = :page_load 24 | 25 | # Debug mode disables concatenation and preprocessing of assets. 26 | # This option may cause significant delays in view rendering with a large 27 | # number of complex assets. 28 | config.assets.debug = true 29 | 30 | # Asset digests allow you to set far-future HTTP expiration dates on all assets, 31 | # yet still be able to expire them through the digest params. 32 | config.assets.digest = true 33 | 34 | # Adds additional error checking when serving assets at runtime. 35 | # Checks for improperly declared sprockets dependencies. 36 | # Raises helpful error messages. 37 | config.assets.raise_runtime_errors = true 38 | 39 | # Raises error for missing translations 40 | # config.action_view.raise_on_missing_translations = true 41 | 42 | config.action_cable.url = 'wss://localhost:28080' 43 | config.action_cable.allowed_request_origins = [ 'http://127.0.0.1:3000', '127.0.0.1', 'localhost', /localhost/ ] 44 | end 45 | -------------------------------------------------------------------------------- /config/environments/production.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # Code is not reloaded between requests. 5 | config.cache_classes = true 6 | 7 | # Eager load code on boot. This eager loads most of Rails and 8 | # your application in memory, allowing both threaded web servers 9 | # and those relying on copy on write to perform better. 10 | # Rake tasks automatically ignore this option for performance. 11 | config.eager_load = true 12 | 13 | # Full error reports are disabled and caching is turned on. 14 | config.consider_all_requests_local = false 15 | config.action_controller.perform_caching = true 16 | 17 | # Enable Rack::Cache to put a simple HTTP cache in front of your application 18 | # Add `rack-cache` to your Gemfile before enabling this. 19 | # For large-scale production use, consider using a caching reverse proxy like 20 | # NGINX, varnish or squid. 21 | # config.action_dispatch.rack_cache = true 22 | 23 | # Disable serving static files from the `/public` folder by default since 24 | # Apache or NGINX already handles this. 25 | config.serve_static_files = ENV['RAILS_SERVE_STATIC_FILES'].present? 26 | 27 | # Compress JavaScripts and CSS. 28 | config.assets.js_compressor = :uglifier 29 | # config.assets.css_compressor = :sass 30 | 31 | # Do not fallback to assets pipeline if a precompiled asset is missed. 32 | config.assets.compile = false 33 | 34 | # Asset digests allow you to set far-future HTTP expiration dates on all assets, 35 | # yet still be able to expire them through the digest params. 36 | config.assets.digest = true 37 | 38 | # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb 39 | 40 | # Specifies the header that your server uses for sending files. 41 | # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache 42 | # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX 43 | 44 | # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. 45 | # config.force_ssl = true 46 | 47 | # Use the lowest log level to ensure availability of diagnostic information 48 | # when problems arise. 49 | config.log_level = :debug 50 | 51 | # Prepend all log lines with the following tags. 52 | # config.log_tags = [ :subdomain, :uuid ] 53 | 54 | # Use a different logger for distributed setups. 55 | # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) 56 | 57 | # Use a different cache store in production. 58 | # config.cache_store = :mem_cache_store 59 | 60 | # Enable serving of images, stylesheets, and JavaScripts from an asset server. 61 | # config.action_controller.asset_host = 'http://assets.example.com' 62 | 63 | # Ignore bad email addresses and do not raise email delivery errors. 64 | # Set this to true and configure the email server for immediate delivery to raise delivery errors. 65 | # config.action_mailer.raise_delivery_errors = false 66 | 67 | # Enable locale fallbacks for I18n (makes lookups for any locale fall back to 68 | # the I18n.default_locale when a translation cannot be found). 69 | config.i18n.fallbacks = true 70 | 71 | # Send deprecation notices to registered listeners. 72 | config.active_support.deprecation = :notify 73 | 74 | # Use default logging formatter so that PID and timestamp are not suppressed. 75 | config.log_formatter = ::Logger::Formatter.new 76 | 77 | # Do not dump schema after migrations. 78 | config.active_record.dump_schema_after_migration = false 79 | end 80 | -------------------------------------------------------------------------------- /config/environments/test.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # The test environment is used exclusively to run your application's 5 | # test suite. You never need to work with it otherwise. Remember that 6 | # your test database is "scratch space" for the test suite and is wiped 7 | # and recreated between test runs. Don't rely on the data there! 8 | config.cache_classes = true 9 | 10 | # Do not eager load code on boot. This avoids loading your whole application 11 | # just for the purpose of running a single test. If you are using a tool that 12 | # preloads Rails for running tests, you may have to set it to true. 13 | config.eager_load = false 14 | 15 | # Configure static file server for tests with Cache-Control for performance. 16 | config.serve_static_files = true 17 | config.static_cache_control = 'public, max-age=3600' 18 | 19 | # Show full error reports and disable caching. 20 | config.consider_all_requests_local = true 21 | config.action_controller.perform_caching = false 22 | 23 | # Raise exceptions instead of rendering exception templates. 24 | config.action_dispatch.show_exceptions = false 25 | 26 | # Disable request forgery protection in test environment. 27 | config.action_controller.allow_forgery_protection = false 28 | 29 | # Tell Action Mailer not to deliver emails to the real world. 30 | # The :test delivery method accumulates sent emails in the 31 | # ActionMailer::Base.deliveries array. 32 | config.action_mailer.delivery_method = :test 33 | 34 | # Randomize the order test cases are executed. 35 | config.active_support.test_order = :random 36 | 37 | # Print deprecation notices to the stderr. 38 | config.active_support.deprecation = :stderr 39 | 40 | # Raises error for missing translations 41 | # config.action_view.raise_on_missing_translations = true 42 | end 43 | -------------------------------------------------------------------------------- /config/initializer/redis.rb: -------------------------------------------------------------------------------- 1 | $redis = Redis.new(:host => 'localhost', :port => 6379) 2 | -------------------------------------------------------------------------------- /config/initializers/assets.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Version of your assets, change this if you want to expire all your assets. 4 | Rails.application.config.assets.version = '1.0' 5 | 6 | # Add additional assets to the asset load path 7 | # Rails.application.config.assets.paths << Emoji.images_path 8 | 9 | # Precompile additional assets. 10 | # application.js, application.css, and all non-JS/CSS in app/assets folder are already added. 11 | # Rails.application.config.assets.precompile += %w( search.js ) 12 | -------------------------------------------------------------------------------- /config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! 8 | -------------------------------------------------------------------------------- /config/initializers/cookies_serializer.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | Rails.application.config.action_dispatch.cookies_serializer = :json 4 | -------------------------------------------------------------------------------- /config/initializers/filter_parameter_logging.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Configure sensitive parameters which will be filtered from the log file. 4 | Rails.application.config.filter_parameters += [:password] 5 | -------------------------------------------------------------------------------- /config/initializers/hellraiser.rb: -------------------------------------------------------------------------------- 1 | require 'yaml' 2 | 3 | module HellRaiser 4 | class << self 5 | attr_accessor :configuration 6 | end 7 | 8 | def self.configure 9 | self.configuration ||= Configuration.new 10 | yield(configuration) 11 | end 12 | 13 | class Configuration 14 | attr_accessor :cve_id_url, :cvesearch_api_domain, :gitedb_url, :gitmsf_url, :edb_url, :output_dir, :nmap_default_opts 15 | end 16 | end 17 | 18 | config_yml = YAML.load_file(File.expand_path('../config.yml', File.dirname(__FILE__))) 19 | 20 | HellRaiser.configure do |config| 21 | config.cve_id_url = config_yml['cve_id_url'] 22 | config.cvesearch_api_domain = config_yml['cvesearch_api_domain'] 23 | config.gitedb_url = config_yml['gitedb_url'] 24 | config.gitmsf_url = config_yml['gitmsf_url'] 25 | config.edb_url = config_yml['edb_url'] 26 | config.output_dir = config_yml['output_dir'] 27 | config.nmap_default_opts = config_yml['nmap_default_opts'] 28 | end 29 | -------------------------------------------------------------------------------- /config/initializers/inflections.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new inflection rules using the following format. Inflections 4 | # are locale specific, and you may define rules for as many different 5 | # locales as you wish. All of these examples are active by default: 6 | # ActiveSupport::Inflector.inflections(:en) do |inflect| 7 | # inflect.plural /^(ox)$/i, '\1en' 8 | # inflect.singular /^(ox)en/i, '\1' 9 | # inflect.irregular 'person', 'people' 10 | # inflect.uncountable %w( fish sheep ) 11 | # end 12 | 13 | # These inflection rules are supported but not enabled by default: 14 | # ActiveSupport::Inflector.inflections(:en) do |inflect| 15 | # inflect.acronym 'RESTful' 16 | # end 17 | -------------------------------------------------------------------------------- /config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | -------------------------------------------------------------------------------- /config/initializers/new_framework_defaults.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | # 3 | # This file contains migration options to ease your Rails 5.0 upgrade. 4 | # 5 | # Read the Rails 5.0 release notes for more info on each option. 6 | 7 | # Enable per-form CSRF tokens. Previous versions had false. 8 | Rails.application.config.action_controller.per_form_csrf_tokens = true 9 | 10 | # Enable origin-checking CSRF mitigation. Previous versions had false. 11 | Rails.application.config.action_controller.forgery_protection_origin_check = true 12 | 13 | # Make Ruby 2.4 preserve the timezone of the receiver when calling `to_time`. 14 | # Previous versions had false. 15 | ActiveSupport.to_time_preserves_timezone = true 16 | 17 | # Require `belongs_to` associations by default. Previous versions had false. 18 | Rails.application.config.active_record.belongs_to_required_by_default = true 19 | 20 | # Do not halt callback chains when a callback returns false. Previous versions had true. 21 | # ActiveSupport.halt_callback_chains_on_return_false = false 22 | 23 | # Configure SSL options to enable HSTS with subdomains. Previous versions had false. 24 | Rails.application.config.ssl_options = { hsts: { subdomains: true } } 25 | -------------------------------------------------------------------------------- /config/initializers/session_store.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | Rails.application.config.session_store :cookie_store, key: '_scanner_session' 4 | -------------------------------------------------------------------------------- /config/initializers/wrap_parameters.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # This file contains settings for ActionController::ParamsWrapper which 4 | # is enabled by default. 5 | 6 | # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array. 7 | ActiveSupport.on_load(:action_controller) do 8 | wrap_parameters format: [:json] if respond_to?(:wrap_parameters) 9 | end 10 | 11 | # To enable root element in JSON for ActiveRecord objects. 12 | # ActiveSupport.on_load(:active_record) do 13 | # self.include_root_in_json = true 14 | # end 15 | -------------------------------------------------------------------------------- /config/locales/en.yml: -------------------------------------------------------------------------------- 1 | # Files in the config/locales directory are used for internationalization 2 | # and are automatically loaded by Rails. If you want to use locales other 3 | # than English, add the necessary files in this directory. 4 | # 5 | # To use the locales, use `I18n.t`: 6 | # 7 | # I18n.t 'hello' 8 | # 9 | # In views, this is aliased to just `t`: 10 | # 11 | # <%= t('hello') %> 12 | # 13 | # To use a different locale, set it with `I18n.locale`: 14 | # 15 | # I18n.locale = :es 16 | # 17 | # This would use the information in config/locales/es.yml. 18 | # 19 | # To learn more, please read the Rails Internationalization guide 20 | # available at http://guides.rubyonrails.org/i18n.html. 21 | 22 | en: 23 | hello: "Hello world" 24 | -------------------------------------------------------------------------------- /config/puma.rb: -------------------------------------------------------------------------------- 1 | # Puma can serve each request in a thread from an internal thread pool. 2 | # The `threads` method setting takes two numbers a minimum and maximum. 3 | # Any libraries that use thread pools should be configured to match 4 | # the maximum value specified for Puma. Default is set to 5 threads for minimum 5 | # and maximum, this matches the default thread size of Active Record. 6 | # 7 | threads_count = ENV.fetch("RAILS_MAX_THREADS") { 5 }.to_i 8 | threads threads_count, threads_count 9 | 10 | # Specifies the `port` that Puma will listen on to receive requests, default is 3000. 11 | # 12 | port ENV.fetch("PORT") { 3000 } 13 | 14 | # Specifies the `environment` that Puma will run in. 15 | # 16 | environment ENV.fetch("RAILS_ENV") { "development" } 17 | 18 | # Specifies the number of `workers` to boot in clustered mode. 19 | # Workers are forked webserver processes. If using threads and workers together 20 | # the concurrency of the application would be max `threads` * `workers`. 21 | # Workers do not work on JRuby or Windows (both of which do not support 22 | # processes). 23 | # 24 | # workers ENV.fetch("WEB_CONCURRENCY") { 2 } 25 | 26 | # Use the `preload_app!` method when specifying a `workers` number. 27 | # This directive tells Puma to first boot the application and load code 28 | # before forking the application. This takes advantage of Copy On Write 29 | # process behavior so workers use less memory. If you use this option 30 | # you need to make sure to reconnect any threads in the `on_worker_boot` 31 | # block. 32 | # 33 | # preload_app! 34 | 35 | # The code in the `on_worker_boot` will be called if you are using 36 | # clustered mode by specifying a number of `workers`. After each worker 37 | # process is booted this block will be run, if you are using `preload_app!` 38 | # option you will want to use this block to reconnect to any threads 39 | # or connections that may have been created at application boot, Ruby 40 | # cannot share connections between processes. 41 | # 42 | # on_worker_boot do 43 | # ActiveRecord::Base.establish_connection if defined?(ActiveRecord) 44 | # end 45 | 46 | # Allow puma to be restarted by `rails restart` command. 47 | plugin :tmp_restart 48 | -------------------------------------------------------------------------------- /config/redis/cable.yml: -------------------------------------------------------------------------------- 1 | edis: &redis 2 | adapter: redis 3 | url: redis://localhost:6379/1 4 | 5 | 6 | development: *redis 7 | test: *redis 8 | production: *redis 9 | -------------------------------------------------------------------------------- /config/routes.rb: -------------------------------------------------------------------------------- 1 | Rails.application.routes.draw do 2 | root 'scans#index' 3 | resources :scans 4 | end 5 | -------------------------------------------------------------------------------- /config/secrets.yml: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Your secret key is used for verifying the integrity of signed cookies. 4 | # If you change this key, all old signed cookies will become invalid! 5 | 6 | # Make sure the secret is at least 30 characters and all random, 7 | # no regular words or you'll be exposed to dictionary attacks. 8 | # You can use `rake secret` to generate a secure secret key. 9 | 10 | # Make sure the secrets in this file are kept private 11 | # if you're sharing your code publicly. 12 | 13 | development: 14 | secret_key_base: ad84b33847b0ad98920f1e068a758f13a8af4b67651cabd2214faa3bb2d7b99e4ecd6703f53d92d8e4c8a5f19fbf574c6400d4a878ed7cc12ce92d0f585ee6ad 15 | 16 | test: 17 | secret_key_base: fb9d3f0477013c15bd4b5bcec4a987e35fca203e18836e445c1869801e6e7e8cb1adcb6df61ef6633771f3b974375d886c8b839129ce6f48b9ee5b4c21b99585 18 | 19 | # Do not keep production secrets in the repository, 20 | # instead read values from the environment. 21 | production: 22 | secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> 23 | -------------------------------------------------------------------------------- /db/migrate/20160304134102_create_scans.rb: -------------------------------------------------------------------------------- 1 | class CreateScans < ActiveRecord::Migration[5.0] 2 | def change 3 | create_table :scans do |t| 4 | t.string :title, null: false 5 | t.string :target, null: false 6 | t.integer :status, null: false, default: 0 7 | t.string :jid, null: true 8 | 9 | t.timestamps null: false 10 | end 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /db/schema.rb: -------------------------------------------------------------------------------- 1 | # This file is auto-generated from the current state of the database. Instead 2 | # of editing this file, please use the migrations feature of Active Record to 3 | # incrementally modify your database, and then regenerate this schema definition. 4 | # 5 | # This file is the source Rails uses to define your schema when running `bin/rails 6 | # db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to 7 | # be faster and is potentially less error prone than running all of your 8 | # migrations from scratch. Old migrations may fail to apply correctly if those 9 | # migrations use external dependencies or application code. 10 | # 11 | # It's strongly recommended that you check this file into your version control system. 12 | 13 | ActiveRecord::Schema.define(version: 2016_03_04_134102) do 14 | 15 | create_table "scans", force: :cascade do |t| 16 | t.string "title", null: false 17 | t.string "target", null: false 18 | t.integer "status", default: 0, null: false 19 | t.string "jid" 20 | t.datetime "created_at", null: false 21 | t.datetime "updated_at", null: false 22 | end 23 | 24 | end 25 | -------------------------------------------------------------------------------- /db/seeds.rb: -------------------------------------------------------------------------------- 1 | # This file should contain all the record creation needed to seed the database with its default values. 2 | # The data can then be loaded with the rake db:seed (or created alongside the db with db:setup). 3 | # 4 | # Examples: 5 | # 6 | # cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }]) 7 | # Mayor.create(name: 'Emanuel', city: cities.first) 8 | -------------------------------------------------------------------------------- /development.env: -------------------------------------------------------------------------------- 1 | PORT=3000 2 | WS_PORT=28080 3 | RACK_ENV=development 4 | -------------------------------------------------------------------------------- /doc/result00.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/doc/result00.png -------------------------------------------------------------------------------- /lib/assets/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/lib/assets/.keep -------------------------------------------------------------------------------- /lib/hellraiser.rb: -------------------------------------------------------------------------------- 1 | require 'nmap' 2 | require 'net/http' 3 | require 'json' 4 | 5 | module Nmap 6 | # monkey patch equals to the commit: 7 | # https://github.com/sophsec/ruby-nmap/commit/1404475c7fb879a71f661a3acdad77b453152a0e 8 | module CPE 9 | def each_cpe 10 | return enum_for(__method__) unless block_given? 11 | 12 | @node.xpath('cpe').each do |cpe| 13 | yield URL.parse(cpe.inner_text) 14 | end 15 | 16 | return self 17 | end 18 | end 19 | end 20 | 21 | module HellRaiser 22 | class CveSearch 23 | def http_get_cve_for_cpe(cpe) 24 | # cve.circl.lu 25 | cvesearch_api_domain = HellRaiser.configuration.cvesearch_api_domain 26 | url = URI(cvesearch_api_domain + '/api/cvefor/' + cpe.to_s) 27 | return Net::HTTP.get(url) 28 | end 29 | 30 | def get_cve_edb_url(cve) 31 | return unless cve['map_cve_exploitdb'] 32 | edb_script = cve['map_cve_exploitdb']['exploitdbscript'] 33 | if edb_script.include? "http" 34 | edb_script.sub!('http:', 'https:') 35 | return edb_script 36 | elsif edb_script.include? "/" 37 | #"https://github.com/offensive-security/exploit-database/blob/master/" 38 | gitedb_url = HellRaiser.configuration.gitedb_url 39 | return gitedb_url + edb_script 40 | else 41 | #"https://www.exploit-db.com/download/" 42 | edb_url = HellRaiser.configuration.edb_url 43 | edb_id = cve['map_cve_exploitdb']['exploitdbid'] 44 | return edb_url + edb_id 45 | end 46 | end 47 | 48 | def get_cve_msf_url(cve) 49 | return unless cve['map_cve_msf'] 50 | #"https://github.com/rapid7/metasploit-framework/blob/master" 51 | gitmsf_url = HellRaiser.configuration.gitmsf_url 52 | msf_script_file = cve['map_cve_msf']['msf_script_file'] 53 | msf_script_file.sub!('metasploit-framework/', '') 54 | return gitmsf_url + msf_script_file 55 | end 56 | 57 | def get_cves_from_cpe(c) 58 | res = JSON.parse(http_get_cve_for_cpe(c)) 59 | cves = [] 60 | if res and res.first and res.first[1] == "No cves found" 61 | return [] 62 | end 63 | res.each_with_index do |cve, i| 64 | 65 | cves[i] = { 66 | id: cve['id'], 67 | access: cve['access'], 68 | impact: cve['impact'], 69 | edb: get_cve_edb_url(cve), 70 | msf: get_cve_msf_url(cve), 71 | # https://cve.mitre.org/cgi-bin/cvename.cgi?name= 72 | idurl: HellRaiser.configuration.cve_id_url + cve['id'], 73 | } 74 | end 75 | 76 | return cves 77 | end 78 | 79 | def get_cpes_with_cves_from_port(port) 80 | cpes = {} 81 | port.service.cpe.each do |c| 82 | cpe = c.to_s.to_sym 83 | cpes[cpe] = get_cves_from_cpe(c) 84 | end 85 | 86 | return cpes 87 | end 88 | 89 | def get_cpes_with_cves_from_host(host) 90 | return unless host.os 91 | cpes = {} 92 | 93 | host.os.classes.each do |o| 94 | o.cpe.each do |c| 95 | cpe = c.to_s.to_sym 96 | cpes[cpe] = get_cves_from_cpe(c) 97 | end 98 | end 99 | 100 | return cpes 101 | end 102 | 103 | def scan(filename) 104 | hosts = [] 105 | Nmap::XML.new(filename) do |x| 106 | x.each_host do |h| 107 | host_hash = { 108 | mac: h.mac, 109 | ip: h.address, 110 | status: h.status, 111 | vendor: h.vendor, 112 | hostnames: h.hostnames, 113 | cpes: get_cpes_with_cves_from_host(h), 114 | ports: [], 115 | } 116 | 117 | h.ports.each do |port| 118 | port_hash = { 119 | protocol: port.protocol, 120 | state: port.state, 121 | product: port.service.product, 122 | version: port.service.version, 123 | extra_info: port.service.extra_info, 124 | reason: port.reason, 125 | name: port.service.name, 126 | port: port.number, 127 | cpes: get_cpes_with_cves_from_port(port), 128 | } 129 | 130 | host_hash[:ports].push(port_hash) 131 | end 132 | 133 | hosts.push(host_hash) 134 | end 135 | end 136 | 137 | return hosts 138 | end 139 | end 140 | 141 | class PortScan 142 | def sudo_scan(opts) 143 | Nmap::Program.sudo_scan do |s| 144 | s.service_scan = opts['service_scan'] 145 | s.all_ports = opts['all_ports'] 146 | s.syn_discovery = opts['syn_discovery'] 147 | s.output_all = opts['output_all'] 148 | s.targets = opts['targets'] 149 | s.os_fingerprint = opts['os_fingerprint'] 150 | end 151 | end 152 | 153 | def scan(opts) 154 | Nmap::Program.scan do |s| 155 | s.service_scan = opts['service_scan'] 156 | s.all_ports = opts['all_ports'] 157 | s.syn_discovery = opts['syn_discovery'] 158 | s.output_all = opts['output_all'] 159 | s.targets = opts['targets'] 160 | end 161 | 162 | end 163 | end 164 | end 165 | -------------------------------------------------------------------------------- /lib/tasks/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/lib/tasks/.keep -------------------------------------------------------------------------------- /log/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/log/.keep -------------------------------------------------------------------------------- /public/404.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The page you were looking for doesn't exist (404) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

The page you were looking for doesn't exist.

62 |

You may have mistyped the address or the page may have moved.

63 |
64 |

If you are the application owner check the logs for more information.

65 |
66 | 67 | 68 | -------------------------------------------------------------------------------- /public/422.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The change you wanted was rejected (422) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

The change you wanted was rejected.

62 |

Maybe you tried to change something you didn't have access to.

63 |
64 |

If you are the application owner check the logs for more information.

65 |
66 | 67 | 68 | -------------------------------------------------------------------------------- /public/500.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | We're sorry, but something went wrong (500) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

We're sorry, but something went wrong.

62 |
63 |

If you are the application owner check the logs for more information.

64 |
65 | 66 | 67 | -------------------------------------------------------------------------------- /public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/public/favicon.ico -------------------------------------------------------------------------------- /public/robots.txt: -------------------------------------------------------------------------------- 1 | # See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file 2 | # 3 | # To ban all spiders from the entire site uncomment the next two lines: 4 | # User-agent: * 5 | # Disallow: / 6 | -------------------------------------------------------------------------------- /test/controllers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/test/controllers/.keep -------------------------------------------------------------------------------- /test/controllers/scans_controller_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class ScansControllerTest < ActionController::TestCase 4 | # test "the truth" do 5 | # assert true 6 | # end 7 | end 8 | -------------------------------------------------------------------------------- /test/controllers/welcome_controller_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class WelcomeControllerTest < ActionController::TestCase 4 | test "should get index" do 5 | get :index 6 | assert_response :success 7 | end 8 | 9 | end 10 | -------------------------------------------------------------------------------- /test/decorators/scan_decorator_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class ScanDecoratorTest < Draper::TestCase 4 | end 5 | -------------------------------------------------------------------------------- /test/fixtures/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/test/fixtures/.keep -------------------------------------------------------------------------------- /test/fixtures/scans.yml: -------------------------------------------------------------------------------- 1 | # Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html 2 | 3 | one: 4 | title: MyString 5 | target: MyString 6 | status: 1 7 | 8 | two: 9 | title: MyString 10 | target: MyString 11 | status: 1 12 | -------------------------------------------------------------------------------- /test/helpers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/test/helpers/.keep -------------------------------------------------------------------------------- /test/integration/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/test/integration/.keep -------------------------------------------------------------------------------- /test/mailers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/test/mailers/.keep -------------------------------------------------------------------------------- /test/models/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/test/models/.keep -------------------------------------------------------------------------------- /test/models/scan_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class ScanTest < ActiveSupport::TestCase 4 | # test "the truth" do 5 | # assert true 6 | # end 7 | end 8 | -------------------------------------------------------------------------------- /test/test_helper.rb: -------------------------------------------------------------------------------- 1 | ENV['RAILS_ENV'] ||= 'test' 2 | require File.expand_path('../../config/environment', __FILE__) 3 | require 'rails/test_help' 4 | 5 | class ActiveSupport::TestCase 6 | # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order. 7 | fixtures :all 8 | 9 | # Add more helper methods to be used by all tests here... 10 | end 11 | -------------------------------------------------------------------------------- /vendor/assets/javascripts/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/vendor/assets/javascripts/.keep -------------------------------------------------------------------------------- /vendor/assets/stylesheets/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/m0nad/HellRaiser/bea43e221c33c976d3d5c4b5b6a4ecd3fb3ca9aa/vendor/assets/stylesheets/.keep --------------------------------------------------------------------------------