Skip to content
This repository was archived by the owner on Feb 26, 2021. It is now read-only.

GUI option for nmap http header scan #63

Merged
bitofant merged 1 commit into from
Jan 28, 2019
Merged

GUI option for nmap http header scan #63

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 56 additions & 0 deletions ...ss/src/main/java/io/securecodebox/scanprocess/nmap/delegate/ConfigureHttpHeaderCheck.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
package io.securecodebox.scanprocess.nmap.delegate;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.securecodebox.constants.DefaultFields;
import io.securecodebox.model.execution.ScanProcessExecutionFactory;
import io.securecodebox.model.execution.Target;
import org.camunda.bpm.engine.delegate.DelegateExecution;
import org.camunda.bpm.engine.delegate.JavaDelegate;
import org.camunda.bpm.engine.variable.Variables;
import org.camunda.bpm.engine.variable.value.ObjectValue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import java.util.List;

@Component
public class ConfigureHttpHeaderCheck implements JavaDelegate {
private static final Logger LOG = LoggerFactory.getLogger(ConfigureHttpHeaderCheck.class);

@Autowired
ScanProcessExecutionFactory processExecutionFactory;

@Autowired
ObjectMapper objectMapper;

@Override
public void execute(DelegateExecution execution) throws Exception {

LOG.info("Configuring execution profile for http header check...");

try {

String targetsAsString = objectMapper.writeValueAsString(execution.getVariable(DefaultFields.PROCESS_TARGETS.name()));
List<Target> targets = objectMapper.readValue(objectMapper.readValue(targetsAsString, String.class),
objectMapper.getTypeFactory().constructCollectionType(List.class, Target.class));

for (Target target : targets) {
target.appendOrUpdateAttribute("NMAP_PARAMETER", "-Pn -p 80,8080,443,8443 --script=http-headers");
}

ObjectValue objectValue = Variables.objectValue(objectMapper.writeValueAsString(targets))
.serializationDataFormat(Variables.SerializationDataFormats.JSON)
.create();
execution.setVariable(DefaultFields.PROCESS_TARGETS.name(), objectValue);

LOG.info("Finished configuring execution profile");

} catch (JsonProcessingException e) {
throw new IllegalStateException("Can't write field to process!", e);
}

}

}
15 changes: 15 additions & 0 deletions scb-scanprocesses/nmap-process/src/main/resources/bpmn/nmap_process.bpmn
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
<bpmn:incoming>SequenceFlow_ManualStart</bpmn:incoming>
<bpmn:outgoing>SequenceFlow_DefaultConfig</bpmn:outgoing>
<bpmn:outgoing>SequenceFlow_AdvancedConfig</bpmn:outgoing>
<bpmn:outgoing>SequenceFlow_0whyqlc</bpmn:outgoing>
</bpmn:exclusiveGateway>
<bpmn:sequenceFlow id="SequenceFlow_TargetConfigured" sourceRef="StartEvent_ConfigurePortscan" targetRef="ExclusiveGateway_AutomatedStart" />
<bpmn:sequenceFlow id="SequenceFlow_DefaultConfig" name="default configuration" sourceRef="ExclusiveGateway_AdvancedConfiguration" targetRef="ServiceTask_DoPortscan">
Expand Down Expand Up @@ -84,6 +85,7 @@
<bpmn:incoming>SequenceFlow_PortscanConfigured</bpmn:incoming>
<bpmn:incoming>SequenceFlow_DefaultConfig</bpmn:incoming>
<bpmn:incoming>SequenceFlow_AutomatedStart</bpmn:incoming>
<bpmn:incoming>SequenceFlow_0whyqlc</bpmn:incoming>
<bpmn:outgoing>SequenceFlow_PortscanFinished</bpmn:outgoing>
</bpmn:serviceTask>
<bpmn:sequenceFlow id="SequenceFlow_SummaryCreated" name="summary created" sourceRef="ServiceTask_CreateSummary" targetRef="ExclusiveGateway_AutomatedFinish" />
Expand All @@ -94,6 +96,12 @@
</bpmn:serviceTask>
<bpmn:dataObjectReference id="DataObjectReference_0vhjx0n" name="PROCESS_FINDINGS" dataObjectRef="DataObject_0lpf2y8" />
<bpmn:dataObject id="DataObject_0lpf2y8" />
<bpmn:sequenceFlow id="SequenceFlow_0whyqlc" name="check http-headers" sourceRef="ExclusiveGateway_AdvancedConfiguration" targetRef="ServiceTask_DoPortscan">
<bpmn:extensionElements>
<camunda:executionListener delegateExpression="${configureHttpHeaderCheck}" event="take" />
</bpmn:extensionElements>
<bpmn:conditionExpression xsi:type="bpmn:tFormalExpression"><![CDATA[${NMAP_CONFIGURATION_TYPE == 'http-headers'}]]></bpmn:conditionExpression>
</bpmn:sequenceFlow>
<bpmn:textAnnotation id="TextAnnotation_0lm3esn">
<bpmn:text>results in a generic format</bpmn:text>
</bpmn:textAnnotation>
Expand Down Expand Up @@ -259,6 +267,13 @@
<di:waypoint xsi:type="dc:Point" x="677" y="420" />
<di:waypoint xsi:type="dc:Point" x="680" y="447" />
</bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="SequenceFlow_0whyqlc_di" bpmnElement="SequenceFlow_0whyqlc">
<di:waypoint xsi:type="dc:Point" x="314" y="133" />
<di:waypoint xsi:type="dc:Point" x="467" y="289" />
<bpmndi:BPMNLabel>
<dc:Bounds x="357.69709969796145" y="155.02857400651177" width="54" height="25" />
</bpmndi:BPMNLabel>
</bpmndi:BPMNEdge>
</bpmndi:BPMNPlane>
</bpmndi:BPMNDiagram>
</bpmn:definitions>
1 change: 1 addition & 0 deletions ...anprocesses/nmap-process/src/main/resources/forms/nmap/configure-port-scanner-target.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,7 @@ <h3>Portscan Target</h3>
cam-variable-name="NMAP_CONFIGURATION_TYPE"
cam-variable-type="String">
<option value="default" checked>Default</option>
<option value="http-headers">Check HTTP-headers</option>
<option value="advanced">Advanced</option>
</select>
</div>
Expand Down