-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapp.py
185 lines (149 loc) · 6.52 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
from flask import Flask, render_template, request, redirect, url_for, send_file, jsonify, flash, session, render_template
from werkzeug.utils import secure_filename
import os
import main
import datetime
import werkzeug
UPLOAD_FOLDER = 'uploads'
ALLOWED_EXTENSIONS = {'nessus'}
app = Flask(__name__)
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
# default value during development
app.secret_key = 'dev'
def allowed_file(filename):
return '.' in filename and filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS
def search_data(data, search_dict):
if not search_dict:
return data
filtered_data = []
for row in data:
match = True
for key, value in search_dict.items():
if value:
# Split the search query by commas and remove whitespace
search_terms = [term.strip() for term in value.split(',')]
# Check if any search term matches the field
if not any(term.lower() in str(row[key]).lower() for term in search_terms):
match = False
break
if match:
filtered_data.append(row)
return filtered_data
@app.route('/', methods=['GET', 'POST'])
def home():
return render_template('home.html', current_url=request.url)
@app.route('/control_panel', methods=['GET'])
def control_panel():
files = []
for filename in os.listdir(UPLOAD_FOLDER):
if filename.endswith('.nessus'):
timestamp_file = os.path.join(UPLOAD_FOLDER, filename + '.timestamp')
if os.path.exists(timestamp_file):
with open(timestamp_file, 'r') as f:
uploaded = f.read()
else:
uploaded = 'Unknown'
files.append({'filename': filename, 'uploaded': uploaded})
return render_template('control_panel.html', files=files)
@app.route('/upload', methods=['POST'])
def upload():
if 'file' not in request.files:
flash('No file part')
return jsonify({"error": "No file part"}), 400
files = request.files.getlist('file')
filepaths = []
for nessus_file in files:
if nessus_file.filename == '':
flash('No selected file')
return jsonify({"error": "No selected file"}), 400
if nessus_file:
filename = secure_filename(nessus_file.filename)
filepath = os.path.join(app.config['UPLOAD_FOLDER'], filename)
nessus_file.save(filepath)
filepaths.append(filepath)
# Save the upload timestamp
with open(filepath + '.timestamp', 'w') as f:
f.write(datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'))
else:
flash('File is not supported or corrupted', 'error')
return jsonify({"error": "File is not supported or corrupted"}), 400
session['nessus_files'] = filepaths
return jsonify({"url": url_for('control_panel')})
@app.route('/delete_file/<filename>', methods=['GET'])
def delete_file(filename):
secure_filename = werkzeug.utils.secure_filename(filename)
if allowed_file(secure_filename):
filepath = os.path.join(app.config['UPLOAD_FOLDER'], secure_filename)
timestamp_filepath = filepath + '.timestamp'
if os.path.exists(filepath):
os.remove(filepath)
if os.path.exists(timestamp_filepath):
os.remove(timestamp_filepath)
flash('File deleted successfully', 'success')
else:
flash('File not found', 'error')
else:
flash('Invalid file', 'error')
return redirect(url_for('control_panel'))
@app.route('/parser', methods=['GET'])
def parser():
filename = request.args.get('filename')
if filename and allowed_file(filename):
filepath = os.path.join(app.config['UPLOAD_FOLDER'], filename)
session['nessus_file'] = filepath
elif 'nessus_file' in session:
filepath = session['nessus_file']
else:
filepath = None
return render_template('parser.html', nessus_file=filepath)
@app.route('/process-parsing', methods=['POST'])
def process_parsing():
# Retrieve form data
nessus_file = session.get('nessus_file', None)
microsoft_patches = request.form.get('microsoft_patches') is not None
third_party = request.form.get('third_party') is not None
linux_patches = request.form.get('linux_patches') is not None
unquoted_service_path = request.form.get('unquoted_service_path') is not None
cis_compliance = request.form.get('cis_compliance') is not None
output_format = request.form['output_format']
if nessus_file:
output_file = os.path.join(app.config['UPLOAD_FOLDER'], 'output.' + output_format)
if cis_compliance == True:
data = main.cis(nessus_file)
main.print_output(data, output_format, output_file)
return send_file(output_file, as_attachment=True, attachment_filename='output.' + output_format)
else:
vulnerabilities = main.parse_and_extract_data_from_nessus_file(nessus_file, microsoft_patches, third_party, linux_patches, unquoted_service_path)
main.print_output(vulnerabilities, output_format, output_file)
return send_file(output_file, as_attachment=True, attachment_filename='output.' + output_format)
else:
return jsonify({"error": "File is not supported or corrupted"}), 400
@app.route('/explorer', methods=['GET'])
def explorer():
nessus_file = session.get('nessus_file', None)
findings = main.explore_nessus_file(nessus_file)
return render_template('explorer.html', findings=findings)
@app.route('/search', methods=['POST'])
def search():
nessus_file = session.get('nessus_file', None)
findings = main.explore_nessus_file(nessus_file)
search_dict = {
'host_ip': request.form.get('host-ip'),
'plugin_name': request.form.get('plugin-name'),
'hostname': request.form.get('host-name'),
'plugin_id': request.form.get('plugin-id'),
'risk_rating': request.form.get('risk'),
'port': request.form.get('port'),
'service': request.form.get('service'),
'description_synopsis': request.form.get('description-synopsis')
}
filtered_findings = search_data(findings, search_dict)
return jsonify(filtered_findings)
@app.errorhandler(404)
def page_not_found(e):
return render_template('404.html'), 404
@app.errorhandler(500)
def internal_server_error(error):
return render_template('500.html'), 500
if __name__ == '__main__':
app.run(host='0.0.0.0', port=8000, debug=True)