-
Notifications
You must be signed in to change notification settings - Fork 0
/
dump_plugin_output.py
executable file
·135 lines (107 loc) · 4.79 KB
/
dump_plugin_output.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
dump_plugin_output.py
This module works with Tenable Security Center's APIs to retrieve information about system scans. User is asked
to authenticate their session, after which they are able to get the plugin output from scans performed on hosts. This
module simply retrieves the data and saves it into 'pluginText.dump', after which it is processed by the 'processDump'
module and made human-friendly.
"""
import json
import getpass
import process_dump
from securitycenter import SecurityCenter5
HOST = 'sec-center-prod-01.uit.tufts.edu'
OUTPUT_FILE = 'pluginText.dump'
# login_sc()
#
# Function to open a connection with the specified Security Center 5 host. Asks user for their login information and
# then proceeds to try to establish an authenticated connection.
# Input - none
# Output - authenticated SecurityCenter5 object
def login_sc():
user = raw_input("Username: ")
pw = getpass.getpass()
sc = SecurityCenter5(HOST)
sc.login(user, pw)
return sc
# get_repo_ids()
#
# Takes in the requested repository names and all repository data and returns the requested repositories' IDs, which is
# used by dump_plugin_data() to request scan information about specific repositories
# Input - requested_repo_names: list of strings of the repositories to query for\
# all_repo_data: dictionary object with all data pertaining to scanned repositories
# Output - String with repository IDs separated by commas
def get_repo_ids(requested_repo_names, all_repo_data):
repo_ids = []
for requested_repo_name in requested_repo_names:
for repository in all_repo_data['response']:
if requested_repo_name == repository['name']:
repo_ids.append(repository['id'])
break
if len(repo_ids) < 1:
print 'Could not find repository. Exiting program...'
exit(1)
return ",".join(repo_ids)
# is_not_latest_scan()
#
# Checks whether the current scan details are part of the latest scan against a given host
# Input - ip_address: unicode string of current IP address
# scan_date: unicode string of the date the scan took place (note: in SecurityCenter is the same as last seen)
# stored_scans: dictionary list of the already gathered scan data
# Output - Boolean value indicating whether or not this information is the most current available
def is_not_latest_scan(ip_address, scan_date, stored_scans):
for scan_info in stored_scans:
if (ip_address == scan_info['IP']):
if (int(scan_date) < int(scan_info['L_SEEN'])):
return True
return False
# dump_plugin_data()
#
# Function that defines the flow in dumpPlugin.py. It opens a connection to Security Center, retrieves the information
# about the desired plugin, and dumps it all to a .dump file.
# Input - plugin_id: a string of the plugin_id whose output is to be dumped
# Output - none, write to file
def dump_plugin_data(plugin_id, requested_repo_names, host_list, ip_range, allow_duplicates, user, pw):
# Establish connection, retrieve data
if user and pw:
sc = SecurityCenter5(HOST)
sc.login(user, pw)
else:
sc = login_sc()
arg_tuples = [('pluginID', '=', plugin_id)]
if requested_repo_names:
requested_repo_names = process_dump.read_input(requested_repo_names)
all_repo_data = sc.get('/repository')
requested_repo_ids = get_repo_ids(requested_repo_names, all_repo_data.json())
arg_tuples.append(('repositoryIDs', '=', requested_repo_ids))
if host_list:
hosts = process_dump.read_input(host_list)
arg_tuples.append(('ip', '=', ",".join(hosts)))
elif ip_range:
arg_tuples.append(('ip', '=', ip_range))
output = sc.analysis(*arg_tuples, tool='vulndetails')
if not output:
print 'No results found. Exiting program'
exit(0)
obj = []
temp_obj = {'ID': '', 'PLUGIN_ID': '', 'PLUGIN_NAME': '', 'SEVERITY': '', 'IP': '', 'DNS': '', 'REPO': '',
'CONTENT': []}
for case in output:
if (allow_duplicates is False) and is_not_latest_scan(case[u'ip'], case[u'lastSeen'], obj):
continue
temp_obj['ID'] = obj.__len__()
temp_obj['PLUGIN_ID'] = case[u'pluginID']
temp_obj['PLUGIN_NAME'] = case[u'pluginName']
temp_obj['SEVERITY'] = case[u'severity'][u'name']
temp_obj['IP'] = case[u'ip']
temp_obj['MAC'] = case[u'macAddress']
temp_obj['DNS'] = case[u'dnsName']
temp_obj['REPO'] = case[u'repository'][u'name']
temp_obj['L_SEEN'] = case[u'lastSeen']
temp_obj['CONTENT'] = case[u'pluginText'].split('\n')
obj.append(temp_obj.copy())
# Convert to JSON, open and write to file
ob = json.dumps(obj)
f = open(OUTPUT_FILE, 'w')
f.write(ob)