123 lines
3.8 KiB
Python
123 lines
3.8 KiB
Python
#!/usr/bin/env python3
|
|
|
|
import re
|
|
from os import listdir
|
|
from os.path import isdir
|
|
from audit.system.plugins.apache import apache_protocols, apache_signature, apache_indexes
|
|
|
|
|
|
class Apache:
|
|
def __init__(self, arguments):
|
|
self._ssl_versions = apache_protocols()
|
|
self._signature = apache_signature()
|
|
self._indexes = apache_indexes()
|
|
self._reports = dict()
|
|
self._apache_directory = arguments["apache_directory"]
|
|
|
|
# Create the report
|
|
self._constructReports()
|
|
|
|
# Report
|
|
self._reports["directory"] = self._apache_directory
|
|
|
|
def runAudit(self):
|
|
print("Running test for Apache")
|
|
|
|
# Check if the directory exist
|
|
path = f"{self._apache_directory}"
|
|
if isdir(path):
|
|
self._analyzingSslVersion()
|
|
else:
|
|
self._reports['audit'] = False
|
|
self._reports["msg"] = "No directory found"
|
|
|
|
print(self._reports)
|
|
|
|
def getReports(self) -> dict:
|
|
return self._reports
|
|
|
|
def _analyzingSslVersion(self):
|
|
# Check if the file exist
|
|
path = f"{self._apache_directory}/sites-available"
|
|
if isdir(path):
|
|
self._reports['audit'] = True
|
|
count = 0
|
|
for site in listdir(path):
|
|
with open(f"{path}/{site}", 'rb') as f:
|
|
self._parseFile(f)
|
|
count += 1
|
|
|
|
if count == 0:
|
|
self._reports['audit'] = False
|
|
self._reports['msg'] = \
|
|
f'No virtual host found in the directory {path}'
|
|
else:
|
|
self._reports['audit'] = False
|
|
self._reports["msg"] = f"No directory {path} found"
|
|
|
|
def _parseFile(self, fdata):
|
|
data = fdata.read()
|
|
lines = data.splitlines()
|
|
|
|
for line in lines:
|
|
line = line.decode('utf-8')
|
|
|
|
# check if SSL is enable for the VirtualHost
|
|
grSSLEngine = re.search("SSLEngine on", line)
|
|
if grSSLEngine:
|
|
self._check_ssl_version(lines)
|
|
|
|
def _check_ssl_version(self, lines):
|
|
findProtocol = False
|
|
protocolsFound = list()
|
|
for line in lines:
|
|
line = line.decode("utf-8")
|
|
|
|
grSSLProtocol = re.search("SSLProtocol", line)
|
|
if grSSLProtocol:
|
|
for protocol in self._ssl_versions["protocols"]:
|
|
if protocol in line:
|
|
print(line)
|
|
protocolsFound.append(protocol)
|
|
findProtocol = True
|
|
|
|
print(protocolsFound)
|
|
|
|
if len(self._ssl_versions) == len(protocolsFound):
|
|
print("Success")
|
|
else:
|
|
print("Failed")
|
|
|
|
if findProtocol:
|
|
self._reports["ssl"]["result"] = "success"
|
|
else:
|
|
self._reports["ssl"]["result"] = "failed"
|
|
|
|
|
|
self._reports["ssl"]["description"] = \
|
|
self._ssl_versions["description"]
|
|
self._reports["ssl"]["level"] = self._ssl_versions["level"]
|
|
self._reports["ssl"]["recommand_value"] = \
|
|
self._ssl_versions["recommand_value"]
|
|
|
|
def _check_value_exist(self, line, value) -> bool:
|
|
grValue = re.search(value, line)
|
|
if grValue:
|
|
return True
|
|
return False
|
|
|
|
def _constructReports(self):
|
|
"""
|
|
Construct dictionary for result of the tests
|
|
Each entry contains:
|
|
Key:
|
|
- filename: filename of the test
|
|
- line: line of the test
|
|
- parse: Display the line where the vulnerabilites has been found
|
|
- description: description of the vulnerability
|
|
- level: high, medium or low
|
|
"""
|
|
self._reports['ssl'] = dict()
|
|
self._reports['signature'] = dict()
|
|
self._reports['indexes'] = dict()
|