forked from flipkart-incubator/watchdog
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfindTechnology.py
268 lines (239 loc) · 6.92 KB
/
findTechnology.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
from wappalyzer import Wappalyzer
from builtwith import builtwith
from run_tools import run_tool
import json
import sys
import subprocess
import commands
from mongo_connection import mongo_client
import time
import signal
import logging
def technologyScan(ip,domain,type):
# config database
client = mongo_client()
db = client.config
cursor = db.external.find()
#type = sys.argv[3]
# checking for selfServe of org scan and setting the paramter
if(type == "selfServe"):
logFile = cursor[0]['SELF_SERVE_PATH_LOGFILE']
database = cursor[0]['SELF_SERVE_DATABASE']
else:
logFile = cursor[0]['PATH_LOGFILE']
database = cursor[0]['DATABASE']
TIMEOUT = int(cursor[0]['TIMEOUT_TECH'])
db = client[database]
# log file
logging.basicConfig(filename = logFile,format='%(levelname)s:%(message)s',level=logging.DEBUG)
# timeout
def signal_handler(signum,frame):
raise Exception("Timed Out!")
signal.signal(signal.SIGALRM, signal_handler)
#ip = sys.argv[1]
#domain = sys.argv[2]
w = Wappalyzer()
serv = db.services
if domain != "null":
host = domain # host is the parameter to be passed
else:
host = ip
if domain == "null":
domain = ""
# checking whether to scan through 80 or 443
if serv.find({"ip":ip,"443":{"$exists":True}}).count() > 0:
prefix = "https://"
elif serv.find({"ip":ip,"80":{"$exists":True}}).count() > 0:
prefix = "http://"
component = {}
# every 3rd party tools is scanning 6 times, if it finds the technology than it stops
# wappalyzer
count = 6
while (count):
if count <= 3:
host = ip # host is changed to ip after 3 scan
count -= 1
logging.info("Wappalyzer working on "+host)
signal.alarm(TIMEOUT)
try: # calling wappalyzer
wapp = w.analyze(prefix+host)
except Exception as e:
logging.error("Issues with wappalyzer: "+str(e))
signal.alarm(0)
continue
signal.alarm(0)
logging.info(wapp)
if len(wapp) == 0: # checking for output
logging.info("No output.")
if count != 0:
logging.info("Sleeping for 10 seconds.")
time.sleep(10)
continue
for key in wapp:
component[key.lower()] = wapp[key][unicode('version')]
break
# builtwith
if domain != "":
host = domain
else:
host = ip
count = 6
while(count):
if count <= 3:
host = ip
count -= 1
logging.info("Builtwith working on "+host)
signal.alarm(TIMEOUT)
try: # builtwith working
bw = builtwith(prefix+host)
except Exception as e:
logging.error("Issues with builtwith: "+str(e))
signal.alarm(0)
continue
signal.alarm(0)
logging.info(bw)
if len(bw) == 0:
logging.info("No output.")
if count != 0:
logging.info("Sleeping for 10 seconds.")
time.sleep(10)
continue
for keys in bw: # checking for output
for key in bw[keys]:
if key not in component.keys():
component[key.lower()] = ""
break
# phantalyzer
if domain != "":
host = domain
else:
host = ip
count = 6
while (count):
if count <= 3:
host = ip
count -= 1
logging.info("Phantalyzer working on "+host)
signal.alarm(TIMEOUT)
try:
phanta = run_tool(name="phantomjs",prefix=prefix,domain=host)
except Exception as e:
logging.error("Issue with phantalyzer: "+str(e))
signal.alarm(0)
try:
phanta = phanta[1]
phanta = phanta.strip()
logging.info(phanta)
if phanta == "":
logging.info("No output.")
if count != 0:
logging.info("Sleeping for 10 seconds.")
time.sleep(10)
continue
phanta = phanta.split("\n")
phanta[0] = phanta[0].strip()
phanta = phanta[0].split(":")[1]
if phanta == "" or phanta.strip() == '160':
logging.info("No output.")
if count != 0:
logging.info("Sleeping for 10 seconds.")
time.sleep(10)
continue
phanta = phanta.split("|")
for te in phanta:
te = te.strip()
if te not in component.keys() and te != "":
component[te.lower()] = ""
break
except Exception as e:
logging.error("Issue with phantalyzer: "+str(e))
# wappalyzer extension
if domain != "":
host = domain
else:
host = ip
count = 6
while(count):
if count <= 3:
host = ip
count -= 1
logging.info("Wappalyzer extension working on "+host)
signal.alarm(TIMEOUT)
try:
cmd = "phantomjs src/drivers/phantomjs/driver.js "+prefix+host
phantjs = run_tool(cmd=cmd)
except Exception as e:
logging.error("Issue with phantomjs code: "+str(e))
signal.alarm(0)
try:
logging.info(phantjs[1].strip())
if phantjs[1].strip() == "":
logging.info("No output.")
if count != 0:
logging.info("Sleeping for 20 seconds.")
time.sleep(2)
continue
phantjs = json.loads(phantjs[1])
phantjs = phantjs['applications']
if len(phantjs) == 0:
logging.info("No output.")
if count != 0:
logging.info("Sleeping for 20 seconds.")
time.sleep(20)
continue
for i in range(len(phantjs)):
if (phantjs[i][unicode('name')]).lower() not in component.keys():
component[(phantjs[i][unicode('name')]).lower()] = phantjs[i][unicode('version')]
elif component[(phantjs[i][unicode('name')]).lower()] == "":
component[(phantjs[i][unicode('name')]).lower()] = phantjs[i][unicode('version')]
break
except Exception as e:
logging.error("Phantomjs code not working. Issues: "+str(e))
# finding cves
try:
for key in component:
temp = {}
temp['version'] = component[key]
allCve = []
if component[key] == "":
temp['cves'] = allCve
temp['false_positive'] = "0"
component[key] = temp
continue
cmd = "python3 Tools/cve-search-master/bin/search.py -p "+str(key).lower().replace(" js",".js").replace(" ","_").replace("apache","apache:http_server")+":"+str(component[key])+" -o json"
cves = run_tool(cmd=cmd)
cves = cves[1]
size = len(cves.split("\n"))
if size == 1 and cves == "":
temp['cves'] = allCve
temp['false_positive'] = "0"
component[key] = temp
continue
for j in range(size):
cve = {}
tt = json.loads(cves.split("\n")[j])
cve['id'] = tt['id']
cve['cvss'] = tt['cvss']
allCve.append(cve)
temp['cves'] = allCve
temp['false_positive'] = "0"
component[key] = temp
except Exception as e:
logging.error("Issues with finding cves. Issues: "+str(e))
technologies = db.technologies
checking = technologies.find_one({"ip":ip})
if technologies.find({"ip":ip}).count() > 0:
technologies.remove({"ip":ip})
technology = {"ip":ip,"domain":domain}
technologies.insert_one(technology)
for key in component:
try:
for ch in checking:
if key.replace("."," ") == ch.encode('ascii','ignore') and component[key]['version'] == checking[ch]['version'].encode('ascii','ignore'):
component[key]['false_positive'] = checking[ch]['false_positive']
except Exception as e:
print "Issues with updating false positive: "+str(e)
technologies.update({"ip":ip},{"$set":{str(key.replace("."," ")):component[key]}})
print key+" with version "+str(component[key])
if __name__== "__main__":
technologyScan(sys.argv[1],sys.argv[2],sys.argv[3])