Merge branch 'master' into CREATE_SCAN_COMPARE

OWASP · Sep 11, 2024 · 10fd8af · 10fd8af
2 parents 21af8cd + bd6a11a
commit 10fd8af
Show file tree

Hide file tree

Showing 24 changed files with 1,517 additions and 293 deletions.
diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml
@@ -10,6 +10,7 @@ concurrency:
  group: ${{ github.repository }}-${{ github.workflow }}-${{ github.head_ref || github.ref_name }}
 
 jobs:
+ # Code quality checks.
  pre-commit:
  name: Run pre-commit
  runs-on: ubuntu-latest
@@ -51,6 +52,7 @@ jobs:
  with:
  category: /language:${{ matrix.language }}
 
+ # Code tests.
  run-tests:
  name: Run tests
  needs:
@@ -90,8 +92,7 @@ jobs:
 
  - name: Install dependencies
  run: |
- python -m pip install --upgrade pip
- python -m pip install --upgrade poetry
+ python -m pip install --upgrade pip poetry
  poetry install
 
  - name: Build package
@@ -104,6 +105,41 @@ jobs:
  name: dist
  path: dist
 
+ test-build-package:
+ name: Test build on ${{ matrix.os }}
+ runs-on: ${{ matrix.os }}
+ needs: build-package
+ strategy:
+ matrix:
+ os:
+ - macos-latest
+ - ubuntu-latest
+ steps:
+ - name: Check out repository
+ uses: actions/checkout@v4
+
+ - name: Set up Python
+ uses: actions/setup-python@v5
+ with:
+ python-version: '3.11'
+
+ - name: Get package artifacts
+ uses: actions/download-artifact@v4
+ with:
+ name: dist
+ path: dist
+
+ - name: Run tests
+ shell: bash
+ run: |
+ rm -rf nettacker
+ python -m pip install dist/*.whl
+ nettacker --version
+ python -m pip uninstall -y nettacker
+ python -m pip install dist/*.tar.gz
+ nettacker --version
+
+ # Docker related jobs.
  test-docker-image:
  name: Test Docker image
  needs:
@@ -160,6 +196,49 @@ jobs:
  poetry run python nettacker.py -i 127.0.0.1 -L fa -u user1,user2 -p pass1,pass2 --profile all \
  -g 21,25,80,443 -t 1000 -T 3 --graph d3_tree_v2_graph -v --skip-service-discovery
 
+ test-docker-image-build:
+ name: Test Docker ${{ matrix.docker-version }} image build
+ needs:
+ - run-tests
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ docker-version:
+ - '24.0.6-1~ubuntu.22.04~jammy'
+ - '23.0.6-1~ubuntu.22.04~jammy'
+ - '20.10.13~3-0~ubuntu-jammy'
+ steps:
+ - name: Uninstall pre-installed Docker
+ run: |
+ sudo apt-get remove docker-ce docker-ce-cli
+
+ # https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository
+ - name: Install Docker ${{ matrix.docker-version }}
+ run: |
+ sudo apt-get update
+ sudo apt-get install ca-certificates curl gnupg
+ sudo install -m 0755 -d /etc/apt/keyrings
+ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+ sudo chmod a+r /etc/apt/keyrings/docker.gpg
+ echo \
+ "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+ "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
+ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+ sudo apt-get update
+ sudo apt-get install docker-ce=5:${{ matrix.docker-version }} docker-ce-cli=5:${{ matrix.docker-version }}
+
+ - name: Check out repository
+ uses: actions/checkout@v4
+
+ - name: Print Docker version
+ run: docker -v
+
+ - name: Build Nettacker image
+ run: docker build . -t nettacker
+
+ - name: Run pip install
+ run: docker run nettacker pip install .
+
  publish-nettacker-dev-to-docker-registry:
  name: Publish nettacker:dev Docker image
  if: |
@@ -168,6 +247,7 @@ jobs:
  github.ref_name == 'master'
  needs:
  - test-docker-image
+ - test-docker-image-build
  runs-on: ubuntu-latest
  steps:
  - name: Check out repository
@@ -198,6 +278,7 @@ jobs:
  startsWith(github.event.ref, 'refs/tags/v')
  needs:
  - test-docker-image
+ - test-docker-image-build
  runs-on: ubuntu-latest
  steps:
  - name: Check out repository
@@ -231,7 +312,7 @@ jobs:
  github.ref_name == 'master'
  environment: dev
  needs:
- - build-package
+ - test-build-package
  permissions:
  contents: read
  id-token: write
@@ -257,7 +338,7 @@ jobs:
  startsWith(github.event.ref, 'refs/tags/v')
  environment: release
  needs:
- - build-package
+ - test-build-package
  permissions:
  contents: read
  id-token: write

diff --git a/Dockerfile b/Dockerfile
@@ -1,11 +1,18 @@
-FROM python:3.11.9-slim
-RUN apt update
+FROM python:3.11.10-slim
+
+RUN apt-get update && \
+ apt-get install -y gcc libssl-dev && \
+ apt-get clean && \
+ rm -rf /var/lib/apt/lists/* && \
+ pip install --upgrade pip poetry
+
 WORKDIR /usr/src/owaspnettacker
-COPY . .
-RUN mkdir -p .data/results
-RUN apt-get update
-RUN apt-get install -y gcc libssl-dev
-RUN pip3 install --upgrade poetry
-RUN python -m poetry install
+
+COPY nettacker nettacker
+COPY nettacker.py poetry.lock pyproject.toml README.md ./
+
+RUN poetry install --no-cache --no-root --without dev --without test
+
 ENV docker_env=true
+
 CMD [ "poetry", "run", "python", "./nettacker.py" ]
diff --git a/README.md b/README.md
@@ -6,6 +6,7 @@ OWASP Nettacker
 ![GitHub contributors](https://img.shields.io/github/contributors/OWASP/Nettacker)
 [![Documentation Status](https://readthedocs.org/projects/nettacker/badge/?version=latest)](https://nettacker.readthedocs.io/en/latest/?badge=latest)
 [![repo size ](https://img.shields.io/github/repo-size/OWASP/Nettacker)](https://github.com/OWASP/Nettacker)
+[![Docker Pulls](https://img.shields.io/docker/pulls/owasp/nettacker)](https://hub.docker.com/r/owasp/nettacker)
 
 
 <img src="https://raw.githubusercontent.com/OWASP/Nettacker/master/nettacker/web/static/img/owasp-nettacker.png" width="200"><img src="https://raw.githubusercontent.com/OWASP/Nettacker/master/nettacker/web/static/img/owasp.png" width="500">

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,14 +1,13 @@
-version: "3"
-
 services:
  nettacker:
  build:
  context: .
- dockerfile: "Dockerfile"
- command: poetry run python nettacker.py --start-api --api-host 0.0.0.0
+ dockerfile: Dockerfile
+ command: poetry run python ./nettacker.py --start-api --api-host 0.0.0.0
+ container_name: nettacker
+ environment:
+ - docker_env=true
  ports:
  - 5000:5000
  volumes:
- - ./:/usr/src/owaspnettacker
- environment:
- - docker_env=true
+ - ./nettacker:/usr/src/owaspnettacker/nettacker
diff --git a/docs/Events.md b/docs/Events.md
@@ -24,5 +24,5 @@ The OWASP Nettacker Events page lists various conferences and meetups where the
 * OWASP Nettacker was presented at **OWASP Kyiv** Chapter by **Sam Stepanyan** [[1](https://www.youtube.com/watch?v=KrwQlgeZn7I)]
 * OWASP Nettacker was presented at the **AppSec Engineer** session by **Sam Stepanyan** [[1](https://www.youtube.com/watch?v=eXzIPuTtqAQ)]
 * OWASP Nettacker was presented at **Security BSides Dublin 2022** conference by **Sam Stepanyan** [[1](https://www.youtube.com/watch?v=GcRFkZEaWqI)]
-* OWASP Netacker was presented et the **Appplication Security Podcast** by **Sam Stepanyan** [[1](https://www.youtube.com/watch?v=tqZ8Lmucujw)]
+* OWASP Nettacker was presented at the **Application Security Podcast** by **Sam Stepanyan** [[1](https://www.youtube.com/watch?v=tqZ8Lmucujw)]
 * OWASP Nettacker was presented at the **OWASP Global AppSec DC 2023 Conference** by **Sam Stepanyan** [[1](https://www.youtube.com/watch?v=yZxjBme029A)] 
diff --git a/docs/Modules.md b/docs/Modules.md
@@ -148,10 +148,11 @@ If you want to scan all ports please define -g 1-65535 range. Otherwise Nettacke
 * '**ProFTPd_integer_overflow_vuln**' - check ProFTPd for CVE-2011-1137
 * '**ProFTPd_memory_leak_vuln**' - check ProFTPd for CVE-2001-0136
 * '**ProFTPd_restriction_bypass_vuln**' - check ProFTPd for CVE-2009-3639
-* '**self_signed_certificate_vuln**' - check for self-signed SSL certificate
 * '**server_version_vuln**' - check if the web server is leaking server banner in 'Server' response header
-* '**ssl_certificate_expired_vuln**' - check if SSL certificate has expired 
-* '**weak_signature_algorithm_vuln**'- check if SSL certificate is signed using SHA-1
+* '**ssl_signed_certificate_vuln**' - check for self-signed & other signing issues(weak signing algorithm) in SSL certificate
+* '**ssl_expired_certificate_vuln**' - check if SSL certificate has expired or is close to expiring
+* '**ssl_version_vuln**' - check if the server's SSL configuration supports old and insecure SSL versions
+* '**ssl_weak_cipher_vuln**' - check if server's SSL configuration supports weak cipher suites
 * '**wordpress_dos_cve_2018_6389_vuln**' - check if Wordpress is vulnerable to CVE-2018-6389 Denial Of Service (DOS) 
 * '**wp_xmlrpc_bruteforce_vuln**' - check if Wordpress is vulnerable to credential Brute Force via XMLRPC wp.getUsersBlogs
 * '**wp_xmlrpc_pingback_vuln**' - check if Wordpress is vulnerable to XMLRPC pingback 

diff --git a/nettacker.py b/nettacker.py
@@ -1,7 +1,6 @@
 """OWASP Nettacker application entry point."""
 
-from nettacker.core.app import Nettacker
+from nettacker.main import run
 
 if __name__ == "__main__":
- app = Nettacker()
- app.run()
+ run()
diff --git a/nettacker/config.py b/nettacker/config.py
@@ -2,8 +2,7 @@
 from functools import lru_cache
 from pathlib import Path
 
-import tomli
-
+from nettacker import version
 from nettacker.core.utils.common import now, generate_random_token
 
 CWD = Path.cwd()
@@ -18,10 +17,8 @@ def version_info():
  Returns:
  an array of version and code name
  """
- with open("pyproject.toml", "rb") as toml_file:
- tools = tomli.load(toml_file)["tool"]
 
- return tools["poetry"]["version"], tools["nettacker"]["release_name"]
+ return version.__version__, version.__release_name__
 
 
 class ConfigBase:

diff --git a/nettacker/core/app.py b/nettacker/core/app.py
@@ -69,29 +69,17 @@ def check_dependencies(self):
  if sys.platform not in {"darwin", "linux"}:
  die_failure(_("error_platform"))
 
- if not os.path.exists(Config.path.home_dir):
- try:
- os.mkdir(Config.path.home_dir)
- os.mkdir(Config.path.tmp_dir)
- os.mkdir(Config.path.results_dir)
- except Exception:
- die_failure("cannot access the directory {0}".format(Config.path.home_dir))
- if not os.path.exists(Config.path.tmp_dir):
- try:
- os.mkdir(Config.path.tmp_dir)
- except Exception:
- die_failure("cannot access the directory {0}".format(Config.path.tmp_dir))
- if not os.path.exists(Config.path.results_dir):
- try:
- os.mkdir(Config.path.results_dir)
- except Exception:
- die_failure("cannot access the directory {0}".format(Config.path.results_dir))
+ try:
+ Config.path.tmp_dir.mkdir(exist_ok=True, parents=True)
+ Config.path.results_dir.mkdir(exist_ok=True, parents=True)
+ except PermissionError:
+ die_failure("Cannot access the directory {0}".format(Config.path.tmp_dir))
 
  if Config.db.engine == "sqlite":
  try:
- if not os.path.isfile(Config.path.database_file):
+ if not Config.path.database_file.exists():
  sqlite_create_tables()
- except Exception:
+ except PermissionError:
  die_failure("cannot access the directory {0}".format(Config.path.home_dir))
  elif Config.db.engine == "mysql":
  try: