-
-
Notifications
You must be signed in to change notification settings - Fork 768
API
Ali Razmjoo edited this page Apr 20, 2018
·
19 revisions
WebUI/API Manual usage explained in the Usage page but let's get into the requests structure now.
API usage purposes depend on the users, Some of them may want to scan their local company to monitor the network, This feature let all security staff use OWASP Nettacker on a shared server safely (You may enable the HTTPS).
C:\Users\Zombie\Documents\GitHub\OWASP-Nettacker>python nettacker.py --start-api
______ __ _____ _____
/ __ \ \ / /\ / ____| __ \
| | | \ \ /\ / / \ | (___ | |__) |
| | | |\ \/ \/ / /\ \ \___ \| ___/
| |__| | \ /\ / ____ \ ____) | | Version 0.0.1
\____/ \/ \/_/ \_\_____/|_| SAME
_ _ _ _ _
| \ | | | | | | | |
github.com/viraintel | \| | ___| |_| |_ __ _ ___| | _____ _ __
owasp.org | . ` |/ _ \ __| __/ _` |/ __| |/ / _ \ '__|
viraintel.com | |\ | __/ |_| || (_| | (__| < __/ |
|_| \_|\___|\__|\__\__,_|\___|_|\_\___|_|
* API Key: 8370bd0a0b9a98ac25b341833fb0fb07
* Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
At the first, you must send API key through the request each time you send a request in GET, POST or Cookies in the value named key or you will get 401 error in the restricted area.
>>> import requests
>>> r = requests.get('http://127.0.0.1:5000/?key=8370bd0a0b9a98ac25b341833fb0fb07')
>>> r.status_code
200
>>> r = requests.post('http://127.0.0.1:5000/', data={"key": "8370bd0a0b9a98ac25b341833fb0fb07"})
>>> r.status_code
200
>>> r = requests.get('http://127.0.0.1:5000/', cookies={"key": "8370bd0a0b9a98ac25b341833fb0fb07"})
>>> r.status_code
200
>>> r = requests.get('http://127.0.0.1:5000/new/scan', cookies={"key": "wrong_key"})
>>> r.status_code
401To submit a new scan follow this step.
>>> r = requests.post('http://127.0.0.1:5000/new/scan', data={"key": "8370bd0a0b9a98ac25b341833fb0fb07", "targets": "127.0.0.1,owasp.org", "scan_method": "port_scan"})
>>> r.status_code
200
{
"api_db_name": "C:\\Users\\Zombie/.owasp-nettacker/database.sqlite3",
"backup_ports": null,
"check_ranges": false,
"check_subdomains": false,
"graph_flag": "d3_tree_v2_graph",
"home_path": "C:\\Users\\Zombie/.owasp-nettacker",
"language": "en",
"log_in_file": "C:\\Users\\Zombie/.owasp-nettacker/results/results_2018_04_20_22_59_38_rqfnmizxji.html",
"methods_args": {
"as_user_set": "set_successfully"
},
"passwds": null,
"ping_flag": false,
"ports": null,
"profile": null,
"results_path": "C:\\Users\\Zombie/.owasp-nettacker/results",
"retries": 3,
"scan_method": [
"dir_scan",
"port_scan"
],
"socks_proxy": null,
"targets": [
"127.0.0.1"
],
"thread_number": 100,
"thread_number_host": 30,
"time_sleep": 0.0,
"timeout_sec": 3,
"tmp_path": "C:\\Users\\Zombie/.owasp-nettacker/tmp",
"users": null,
"verbose_level": 0
}
>>>Plese note, targets and scan_method are necessary to submit a new scan unless you modify the config file before! The scan_method could be empty if you define the profile.
>>> r = requests.post('http://127.0.0.1:5000/new/scan', data={"key": "8370bd0a0b9a98ac25b341833fb0fb07"})
>>> print r.content
{
"msg": "Cannot specify the target(s)",
"status": "error"
}
>>> r = requests.post('http://127.0.0.1:5000/new/scan', data={"key": "8370bd0a0b9a98ac25b341833fb0fb07", "targets": "127.0.0.1"})
>>> print r.content
{
"msg": "please choose your scan method!",
"status": "error"
}
>>> r = requests.post('http://127.0.0.1:5000/new/scan', data={"key": "8370bd0a0b9a98ac25b341833fb0fb07", "targets": "127.0.0.1", "scan_method": "dir_scan,port_scan"})
>>> print r.content
{
"api_db_name": "C:\\Users\\Zombie/.owasp-nettacker/database.sqlite3",
"backup_ports": null,
"check_ranges": false,
"check_subdomains": false,
"graph_flag": "d3_tree_v2_graph",
"home_path": "C:\\Users\\Zombie/.owasp-nettacker",
"language": "en",
"log_in_file": "C:\\Users\\Zombie/.owasp-nettacker/results/results_2018_04_20_23_00_38_hnlhuvobom.html",
"methods_args": {
"as_user_set": "set_successfully"
},
"passwds": null,
"ping_flag": false,
"ports": null,
"profile": null,
"results_path": "C:\\Users\\Zombie/.owasp-nettacker/results",
"retries": 3,
"scan_method": [
"dir_scan",
"port_scan"
],
"socks_proxy": null,
"targets": [
"127.0.0.1"
],
"thread_number": 100,
"thread_number_host": 30,
"time_sleep": 0.0,
"timeout_sec": 3,
"tmp_path": "C:\\Users\\Zombie/.owasp-nettacker/tmp",
"users": null,
"verbose_level": 0
}
>>> r = requests.post('http://127.0.0.1:5000/new/scan', data={"key": "8370bd0a0b9a98ac25b341833fb0fb07", "targets": "127.0.0.1", "profile": "information_gathering"})
>>> print r.content
{
"api_db_name": "C:\\Users\\Zombie/.owasp-nettacker/database.sqlite3",
"backup_ports": null,
"check_ranges": false,
"check_subdomains": false,
"graph_flag": "d3_tree_v2_graph",
"home_path": "C:\\Users\\Zombie/.owasp-nettacker",
"language": "en",
"log_in_file": "C:\\Users\\Zombie/.owasp-nettacker/results/results_2018_04_20_23_01_01_eahnqpwosz.html",
"methods_args": {
"as_user_set": "set_successfully"
},
"passwds": null,
"ping_flag": false,
"ports": null,
"profile": "information_gathering",
"results_path": "C:\\Users\\Zombie/.owasp-nettacker/results",
"retries": 3,
"scan_method": [
"port_scan"
],
"socks_proxy": null,
"targets": [
"127.0.0.1"
],
"thread_number": 100,
"thread_number_host": 30,
"time_sleep": 0.0,
"timeout_sec": 3,
"tmp_path": "C:\\Users\\Zombie/.owasp-nettacker/tmp",
"users": null,
"verbose_level": 0
}
>>>All variables in JSON you've got in results could be changed in GET/POST/Cookies, you can fill them all just like normal CLI commands. (e.g. same scan method name (modules), you can separate with ,, you can use ports like 80,100-200,1000,2000, set users and passwds user1,user2, passwd1,passwd2). You cannot use read_from_file:/tmp/users.txt syntax in methods_args. if you want to send a big password list, just send it through the POST requests and separated with ,.
To enable session-based request, like (e.g. Python requests.session() or browsers), I developed a feature to interact with Cookie.
>>> r = s.get("http://localhost:5000/session/set?key=8370bd0a0b9a98ac25b341833fb0fb07")
>>> print r.content
{
"msg": "your browser session is valid",
"status": "ok"
}
>>> print r.cookies
<RequestsCookieJar[<Cookie key=8370bd0a0b9a98ac25b341833fb0fb07 for localhost.local/>]>
>>> r = s.get("http://localhost:5000/new/scan")
>>> print r.content
{
"msg": "Cannot specify the target(s)",
"status": "error"
}
>>>>>> r = s.get("http://localhost:5000/session/check")
>>> print r.content
{
"msg": "your browser session is valid",
"status": "ok"
}>>> r = s.get("http://localhost:5000/session/kill")
>>> print r.content
{
"msg": "your browser session killed",
"status": "ok"
}
>>> print r.cookies
<RequestsCookieJar[<Cookie key=expired for localhost.local/>]>
>>>>>> r = s.get("http://localhost:5000/results/get_list?page=1")
>>> print r.content
[
{
"api_flag": 0,
"category": "scan",
"date": "2018-04-20 23:17:06",
"events_num": 12,
"graph_flag": "d3_tree_v2_graph",
"id": 605,
"language": "en",
"ports": "default",
"profile": "None",
"report_filename": "C:\\Users\\Zombie/.owasp-nettacker/results/results_2018_04_20_23_15_17_bcizsinngr.html",
"report_type": "HTML",
"scan_cmd": "Through the OWASP Nettacker API",
"scan_id": "84ab0f768b505ee31b84f7ad51568314",
"scan_method": "port_scan",
"verbose": 0
},
{
"api_flag": 0,
"category": "scan",
"date": "2018-04-20 23:05:32",
"events_num": 12,
"graph_flag": "jit_circle_v1_graph",
"id": 604,
"language": "en",
"ports": "default",
"profile": "None",
"report_filename": "C:\\Users\\Zombie/.owasp-nettacker/results/results_2018_04_20_23_03_36_nkexybphhz.html",
"report_type": "HTML",
"scan_cmd": "Through the OWASP Nettacker API",
"scan_id": "233ed26578b90a725bd1985bda5c85c6",
"scan_method": "port_scan",
"verbose": 0
},
{
"api_flag": 0,
"category": "scan",
"date": "2018-04-20 23:01:12",
"events_num": 12,
"graph_flag": "d3_tree_v2_graph",
"id": 603,
"language": "en",
"ports": "default",
"profile": "information_gathering",
"report_filename": "C:\\Users\\Zombie/.owasp-nettacker/results/results_2018_04_20_23_01_01_eahnqpwosz.html",
"report_type": "HTML",
"scan_cmd": "Through the OWASP Nettacker API",
"scan_id": "07298e48eb11730477fdde29356e42ff",
"scan_method": "port_scan",
"verbose": 0
},
{
"api_flag": 0,
"category": "scan",
"date": "2018-04-20 23:00:49",
"events_num": 12,
"graph_flag": "d3_tree_v2_graph",
"id": 602,
"language": "en",
"ports": "default",
"profile": "None",
"report_filename": "C:\\Users\\Zombie/.owasp-nettacker/results/results_2018_04_20_23_00_38_hnlhuvobom.html",
"report_type": "HTML",
"scan_cmd": "Through the OWASP Nettacker API",
"scan_id": "e944401272e5c352f322afca85c79534",
"scan_method": "dir_scan,port_scan",
"verbose": 0
},
{
"api_flag": 0,
"category": "scan",
"date": "2018-04-20 22:59:50",
"events_num": 12,
"graph_flag": "d3_tree_v2_graph",
"id": 601,
"language": "en",
"ports": "default",
"profile": "None",
"report_filename": "C:\\Users\\Zombie/.owasp-nettacker/results/results_2018_04_20_22_59_38_rqfnmizxji.html",
"report_type": "HTML",
"scan_cmd": "Through the OWASP Nettacker API",
"scan_id": "da621b3f62e1ba31a2ca5662bdba8ae8",
"scan_method": "dir_scan,port_scan",
"verbose": 0
},
{
"api_flag": 0,
"category": "scan",
"date": "2018-04-20 22:50:14",
"events_num": 15,
"graph_flag": "d3_tree_v2_graph",
"id": 600,
"language": "en",
"ports": "default",
"profile": "None",
"report_filename": "C:\\Users\\Zombie/.owasp-nettacker/results/results_2018_04_20_22_49_38_ekxuqldgmk.html",
"report_type": "HTML",
"scan_cmd": "Through the OWASP Nettacker API",
"scan_id": "647988558dd42bdbb7a62ad4342265fe",
"scan_method": "port_scan",
"verbose": 0
},
{
"api_flag": 0,
"category": "vuln,brute,scan",
"date": "2018-04-18 20:06:39",
"events_num": 1012,
"graph_flag": "d3_tree_v2_graph",
"id": 599,
"language": "en",
"ports": "default",
"profile": "None",
"report_filename": "C:\\Users\\Zombie/.owasp-nettacker/results/results_2018_04_18_20_06_14_akvfcgqzwt.html",
"report_type": "HTML",
"scan_cmd": "nettacker.py -i 127.0.0.1 -m all -t 1000",
"scan_id": "b5fa6ed9553ab49ef7223de297644e30",
"scan_method": "self_signed_certificate_vuln,XSS_protection_vuln,pma_scan,telnet_brute,clickjacking_vuln,http_form_brute,ProFTPd_integer_overflow_vuln,wordpress_version_scan,http_basic_auth_brute,http_ntlm_brute,wp_user_enum_scan,icmp_scan,http_cors_vuln,wordpress_dos_cve_2018_6389_vuln,ssl_certificate_expired_vuln,wp_xmlrpc_bruteforce_vuln,cms_detection_scan,apache_struts_vuln,content_security_policy_vuln,x_powered_by_vuln,ftp_brute,content_type_options_vuln,wappalyzer_scan,wp_xmlrpc_brute,wp_xmlrpc_pingback_vuln,smtp_brute,port_scan,ProFTPd_memory_leak_vuln,wp_plugin_scan,ssh_brute,heartbleed_vuln,Bftpd_memory_leak_vuln,CCS_injection_vuln,dir_scan,ProFTPd_directory_traversal_vuln,viewdns_reverse_ip_lookup_scan,Bftpd_parsecmd_overflow_vuln,ProFTPd_exec_arbitary_vuln,server_version_vuln,ProFTPd_restriction_bypass_vuln,admin_scan,wp_timthumbs_scan,joomla_version_scan,ProFTPd_cpu_consumption_vuln,sender_policy_scan,Bftpd_double_free_vuln,ProFTPd_heap_overflow_vuln,weak_signature_algorithm_vuln,subdomain_scan,Bftpd_remote_dos_vuln,wp_theme_scan,joomla_template_scan,options_method_enabled_vuln,ProFTPd_bypass_sqli_protection_vuln",
"verbose": 0
},
{
"api_flag": 0,
"category": "vuln,brute,scan",
"date": "2018-04-18 20:05:14",
"events_num": 366,
"graph_flag": "d3_tree_v2_graph",
"id": 598,
"language": "en",
"ports": "default",
"profile": "None",
"report_filename": "C:\\Users\\Zombie/.owasp-nettacker/results/results_2018_04_18_20_05_00_ncxdajbgro.html",
"report_type": "HTML",
"scan_cmd": "nettacker.py -i 127.0.0.1 -m all -M 100 -t 1000",
"scan_id": "ea595f2ae0340904b97bb2a08978b119",
"scan_method": "self_signed_certificate_vuln,XSS_protection_vuln,pma_scan,telnet_brute,clickjacking_vuln,http_form_brute,ProFTPd_integer_overflow_vuln,wordpress_version_scan,http_basic_auth_brute,http_ntlm_brute,wp_user_enum_scan,icmp_scan,http_cors_vuln,wordpress_dos_cve_2018_6389_vuln,ssl_certificate_expired_vuln,wp_xmlrpc_bruteforce_vuln,cms_detection_scan,apache_struts_vuln,content_security_policy_vuln,x_powered_by_vuln,ftp_brute,content_type_options_vuln,wappalyzer_scan,wp_xmlrpc_brute,wp_xmlrpc_pingback_vuln,smtp_brute,port_scan,ProFTPd_memory_leak_vuln,wp_plugin_scan,ssh_brute,heartbleed_vuln,Bftpd_memory_leak_vuln,CCS_injection_vuln,dir_scan,ProFTPd_directory_traversal_vuln,viewdns_reverse_ip_lookup_scan,Bftpd_parsecmd_overflow_vuln,ProFTPd_exec_arbitary_vuln,server_version_vuln,ProFTPd_restriction_bypass_vuln,admin_scan,wp_timthumbs_scan,joomla_version_scan,ProFTPd_cpu_consumption_vuln,sender_policy_scan,Bftpd_double_free_vuln,ProFTPd_heap_overflow_vuln,weak_signature_algorithm_vuln,subdomain_scan,Bftpd_remote_dos_vuln,wp_theme_scan,joomla_template_scan,options_method_enabled_vuln,ProFTPd_bypass_sqli_protection_vuln",
"verbose": 0
},
{
"api_flag": 0,
"category": "vuln,brute,scan",
"date": "2018-04-18 20:04:31",
"events_num": 474,
"graph_flag": "d3_tree_v2_graph",
"id": 597,
"language": "en",
"ports": "default",
"profile": "None",
"report_filename": "C:\\Users\\Zombie/.owasp-nettacker/results/results_2018_04_18_20_04_15_aowjoqqzmc.html",
"report_type": "HTML",
"scan_cmd": "nettacker.py -i 127.0.0.1 -m all",
"scan_id": "a1f42e73a0e79682099b1616250c9e6c",
"scan_method": "self_signed_certificate_vuln,XSS_protection_vuln,pma_scan,telnet_brute,clickjacking_vuln,http_form_brute,ProFTPd_integer_overflow_vuln,wordpress_version_scan,http_basic_auth_brute,http_ntlm_brute,wp_user_enum_scan,icmp_scan,http_cors_vuln,wordpress_dos_cve_2018_6389_vuln,ssl_certificate_expired_vuln,wp_xmlrpc_bruteforce_vuln,cms_detection_scan,apache_struts_vuln,content_security_policy_vuln,x_powered_by_vuln,ftp_brute,content_type_options_vuln,wappalyzer_scan,wp_xmlrpc_brute,wp_xmlrpc_pingback_vuln,smtp_brute,port_scan,ProFTPd_memory_leak_vuln,wp_plugin_scan,ssh_brute,heartbleed_vuln,Bftpd_memory_leak_vuln,CCS_injection_vuln,dir_scan,ProFTPd_directory_traversal_vuln,viewdns_reverse_ip_lookup_scan,Bftpd_parsecmd_overflow_vuln,ProFTPd_exec_arbitary_vuln,server_version_vuln,ProFTPd_restriction_bypass_vuln,admin_scan,wp_timthumbs_scan,joomla_version_scan,ProFTPd_cpu_consumption_vuln,sender_policy_scan,Bftpd_double_free_vuln,ProFTPd_heap_overflow_vuln,weak_signature_algorithm_vuln,subdomain_scan,Bftpd_remote_dos_vuln,wp_theme_scan,joomla_template_scan,options_method_enabled_vuln,ProFTPd_bypass_sqli_protection_vuln",
"verbose": 0
},
{
"api_flag": 0,
"category": "vuln,brute,scan",
"date": "2018-04-18 17:17:00",
"events_num": 1012,
"graph_flag": "d3_tree_v2_graph",
"id": 596,
"language": "en",
"ports": "default",
"profile": "None",
"report_filename": "C:\\Users\\Zombie/.owasp-nettacker/results/results_2018_04_18_17_16_34_dttzqnnhck.html",
"report_type": "HTML",
"scan_cmd": "nettacker.py -i 127.0.0.1 -m all -M 100",
"scan_id": "cdb05de17789a4f75be36b571d4f3d43",
"scan_method": "self_signed_certificate_vuln,XSS_protection_vuln,pma_scan,telnet_brute,clickjacking_vuln,http_form_brute,ProFTPd_integer_overflow_vuln,wordpress_version_scan,http_basic_auth_brute,http_ntlm_brute,wp_user_enum_scan,icmp_scan,http_cors_vuln,wordpress_dos_cve_2018_6389_vuln,ssl_certificate_expired_vuln,wp_xmlrpc_bruteforce_vuln,cms_detection_scan,apache_struts_vuln,content_security_policy_vuln,x_powered_by_vuln,ftp_brute,content_type_options_vuln,wappalyzer_scan,wp_xmlrpc_brute,wp_xmlrpc_pingback_vuln,smtp_brute,port_scan,ProFTPd_memory_leak_vuln,wp_plugin_scan,ssh_brute,heartbleed_vuln,Bftpd_memory_leak_vuln,CCS_injection_vuln,dir_scan,ProFTPd_directory_traversal_vuln,viewdns_reverse_ip_lookup_scan,Bftpd_parsecmd_overflow_vuln,ProFTPd_exec_arbitary_vuln,server_version_vuln,ProFTPd_restriction_bypass_vuln,admin_scan,wp_timthumbs_scan,joomla_version_scan,ProFTPd_cpu_consumption_vuln,sender_policy_scan,Bftpd_double_free_vuln,ProFTPd_heap_overflow_vuln,weak_signature_algorithm_vuln,subdomain_scan,Bftpd_remote_dos_vuln,wp_theme_scan,joomla_template_scan,options_method_enabled_vuln,ProFTPd_bypass_sqli_protection_vuln",
"verbose": 0
}
]>>> r = s.get("http://localhost:5000/results/get?id=574")
>>> print r.content[:1000]
<!DOCTYPE html>
<!-- THIS PAGE COPIED AND MODIFIED FROM http://bl.ocks.org/robschmuecker/7880033-->
<title>OWASP Nettacker Report</title>
<meta charset="utf-8">
<div class="header">
<h3><a href="https://github.com/viraintel/nettacker">OWASP Nettacker</a></h3>
<h3>Penetration Testing Graphs</h3>
</div>
<style type="text/css">
.header{
margin:2%;
text-align:center;
}
.node {
cursor: pointer;
}
...>>> r = s.get("http://localhost:5000/logs/search?q=&page=1")
>>> print r.content
[
{
"host": "127.0.0.1",
"info": {
"category": [
"scan"
],
"descriptions": [
"8080/TCP_CONNECT",
"5000/TCP_CONNECT",
"2179/TCP_CONNECT",
"1688/TCP_CONNECT",
"1080/TCP_CONNECT",
"1001/TCP_CONNECT",
"912/TCP_CONNECT",
"902/TCP_CONNECT",
"443/TCP_CONNECT",
"445/TCP_CONNECT",
"135/TCP_CONNECT",
"22/TCP_CONNECT",
"059kao.com",
"0599job.com",
"0598ny.com",
"0598kx.com",
"0597zf.com",
...
],
"open_ports": [
8080,
5000,
2179,
1688,
1080,
1001,
912,
902,
443,
445,
135,
22
],
"scan_methods": [
"port_scan",
"viewdns_reverse_ip_lookup_scan",
"icmp scan"
]
}
},
{
"host": "owasp.org",
"info": {
"category": [
"scan"
],
"descriptions": [
"443/TCP_CONNECT",
"80/TCP_CONNECT",
"22/TCP_CONNECT"
],
"open_ports": [
443,
80,
22
],
"scan_methods": [
"port_scan"
]
}
},
{
"host": "192.168.1.1",
"info": {
"category": [
"vuln",
"scan"
],
"descriptions": [
"vulnerable to heartbleed",
"443/TCP_CONNECT",
"53/TCP_CONNECT",
"80/TCP_CONNECT",
"xn--fiq06la021av00cdy4b.mobi",
"xn--fiq06jptdnt5dz8mpih.mobi",
"xn--fiq02ipj86k6z7d6id.mobi",
...
],
"open_ports": [
443,
53,
80
],
"scan_methods": [
"heartbleed_vuln",
"port_scan",
"viewdns_reverse_ip_lookup_scan",
"subdomain_scan"
]
}
},
{
"host": "offsecresearch.com",
"info": {
"category": [
"scan"
],
"descriptions": [
"443/TCP_CONNECT",
"80/TCP_CONNECT"
],
"open_ports": [
443,
80
],
"scan_methods": [
"port_scan"
]
}
},
{
"host": "api.z3r0d4y.com",
"info": {
"category": [
"scan"
],
"descriptions": [
"443/TCP_CONNECT",
"80/TCP_CONNECT",
"CDN: CloudFlare"
],
"open_ports": [
443,
80
],
"scan_methods": [
"port_scan",
"wappalyzer_scan"
]
}
}
]
>>>>>> r = s.get("http://localhost:5000/logs/search?q=port_scan&page=3")
>>> print r.content
[
{
"host": "owasp4.owasp.org",
"info": {
"category": [
"scan"
],
"descriptions": [
"22/TCP_CONNECT",
"80/TCP_CONNECT"
],
"open_ports": [
22,
80
],
"scan_methods": [
"port_scan"
]
}
},
{
"host": "new-wiki.owasp.org",
"info": {
"category": [
"scan"
],
"descriptions": [
"22/TCP_CONNECT",
"80/TCP_CONNECT"
],
"open_ports": [
22,
80
],
"scan_methods": [
"port_scan"
]
}
},
{
"host": "cheesemonkey.owasp.org",
"info": {
"category": [
"scan"
],
"descriptions": [
"80/TCP_CONNECT"
],
"open_ports": [
80
],
"scan_methods": [
"port_scan"
]
}
},
{
"host": "5.79.66.240",
"info": {
"category": [
"scan"
],
"descriptions": [
"filesmog.com",
"\u062f\u0631\u06af\u0627\u0647 \u0628\u0627\u0632"
],
"open_ports": [
5901,
6001,
22
],
"scan_methods": [
"viewdns_reverse_ip_lookup_scan",
"port_scan"
]
}
},
{
"host": "5.79.66.237",
"info": {
"category": [
"scan"
],
"descriptions": [
"\u062f\u0631\u06af\u0627\u0647 \u0628\u0627\u0632",
"http://5.79.66.237/robots.txt \u067e\u06cc\u062f\u0627 \u0634\u062f!(OK:200)",
"http://5.79.66.237/.htaccess.txt \u067e\u06cc\u062f\u0627 \u0634\u062f!(Forbidden:403)",
"http://5.79.66.237/.htaccess.save \u067e\u06cc\u062f\u0627 \u0634\u062f!(Forbidden:403)",
"http://5.79.66.237/phpmyadmin \u067e\u06cc\u062f\u0627 \u0634\u062f!(OK:200)",
"http://5.79.66.237/.htaccess.old \u067e\u06cc\u062f\u0627 \u0634\u062f!(Forbidden:403)",
"http://5.79.66.237/.htaccess \u067e\u06cc\u062f\u0627 \u0634\u062f!(Forbidden:403)",
"http://5.79.66.237/server-status \u067e\u06cc\u062f\u0627 \u0634\u062f!(Forbidden:403)",
"http://5.79.66.237//phpmyadmin/ \u067e\u06cc\u062f\u0627 \u0634\u062f!(OK:200)",
"http://5.79.66.237//phpMyAdmin/ \u067e\u06cc\u062f\u0627 \u0634\u062f!(OK:200)",
"offsec.ir"
],
"open_ports": [
8083,
8000,
443,
80,
22,
21
],
"scan_methods": [
"port_scan",
"dir_scan",
"pma_scan",
"viewdns_reverse_ip_lookup_scan"
]
}
},
{
"host": "192.168.1.124",
"info": {
"category": [
"scan"
],
"descriptions": [
"2179/TCP_CONNECT",
"445/TCP_CONNECT",
"135/TCP_CONNECT",
"22/TCP_CONNECT",
"139/TCP_CONNECT",
"zhanpang.cn",
"yowyeh.cn",
"treelights.website",
"sxyhed.com",
"redlxin.com",
"ppoo6.com",
"miancan.cn",
"maynard.top",
"liyedai.site",
"linterfund.com",
"li5xs.com",
"hxinglan.win",
"heresylly.top",
"gzptjwangye.bid",
"eatpeanutfree.com",
"comgmultiservices.com",
"biyao123.com"
],
"open_ports": [
2179,
445,
135,
22,
139
],
"scan_methods": [
"port_scan",
"viewdns_reverse_ip_lookup_scan"
]
}
},
{
"host": "192.168.1.127",
"info": {
"category": [
"scan"
],
"descriptions": [
"49152/TCP_CONNECT",
"49154/TCP_CONNECT",
"49155/TCP_CONNECT",
"49153/TCP_CONNECT"
],
"open_ports": [
49152,
49154,
49155,
49153
],
"scan_methods": [
"port_scan"
]
}
}
]
>>>>>> r = s.get("http://localhost:5000/logs/get_html?host=127.0.0.1")
>>> print r.content[:1000]
<!DOCTYPE html>
<!-- THIS PAGE COPIED AND MODIFIED FROM http://bl.ocks.org/robschmuecker/7880033-->
<title>OWASP Nettacker Report</title>
<meta charset="utf-8">
<div class="header">
<h3><a href="https://github.com/viraintel/nettacker">OWASP Nettacker</a></h3>
<h3>Penetration Testing Graphs</h3>
</div>
<style type="text/css">
.header{
margin:2%;
text-align:center;
}
.node {
cursor: pointer;
}
.overlay{
background-color:#EEE;
}
...
>>>>>> r = s.get("http://localhost:5000/logs/get_json?host=127.0.0.1")
>>> print r.content[:1000]
[
{
"DESCRIPTION": "127.0.0.1 is up! Time taken to ping back is 1.0ms",
"HOST": "127.0.0.1",
"PASSWORD": "",
"PORT": "",
"SCAN_ID": "f31fa0d65e3d2bacdae382584fef68e2",
"TIME": "2018-03-03 17:39:59",
"TYPE": "icmp scan",
"USERNAME": ""
},
{
"DESCRIPTION": "127.0.0.1 is up! Time taken to ping back is 1.0ms",
"HOST": "127.0.0.1",
"PASSWORD": "",
"PORT": "",
"SCAN_ID": "97fbe7a2f50a8d5354b1b345f450d180",
"TIME": "2018-03-03 17:46:37",
"TYPE": "icmp scan",
"USERNAME": ""
},
{
"DESCRIPTION": "127.0.0.1 is up! Time taken to ping back is 0.0ms",
"HOST": "127.0.0.1",
"PASSWORD": "",
"PORT": "",
"SCAN_ID": "bfea32060c4936f38dd37b602ab10ad7",
"TIME": "2018-03-03 17:48:05",
"TYPE": "icmp scan",
"USERNAME": ""
},
{
"DESCRIPTION": "127.0.0.1 is up! Time taken to ping back is 0.0ms",
"HOST": "127.0.0.1",
"PASSWORD": "",
"PORT": "",
"SCAN_ID": "0
...
}
]
>>>