joseb0rges/Scanner_Full_Owasp.py

## Scanner_Full_Owasp.py
#!/usr/bin/env python
import time
import urllib.parse
from zapv2 import ZAPv2
from pprint import pprint
apikey = ''
context_name = 'Scan_Full'
target_url = 'http://demo.testfire.net'
include_url = ['http://demo.testfire.net.*']
login_url = 'http://demo.testfire.net/login.jsp'
zap = ZAPv2(proxies={'http': 'http://localhost:8080'}, apikey=apikey)
useScanPolicy = True
useContextForScan = True
shutdownOnceFinished = False
isWhiteListPolicy = True
useScanPolicy = True
forcedUser = zap.forcedUser
spider = zap.spider
scanId = 0
ascan = zap.ascan
alertThreshold = 'Medium'
attackStrength = 'Low'
scanPolicyName = 'EXPLORATION OWASP'

ascanIds = [7, 40009, 40012, 40014, 40018, 90019, 90020, 30001, 40003, 40016, 40017, 40026, 40019, 40020, 40021, 40022, 40024, 90018]

def cleanup():

        zap.context.remove_context(contextname = context_name, apikey = apikey)
        print('Delete Context',context_name)


def set_include_in_context():

    zap.context.include_in_context(context_name, include_url)
    print('Configured include in context',include_url)


def set_logged_in_indicator():
    logged_in_regex = '\Q<a id="AccountLink" href="/login.jsp" class="focus" >ONLINE BANKING LOGIN</a></div></td>\E'
    zap.authentication.set_logged_in_indicator(context_id, logged_in_regex)
    print('Configured logged in indicator regex: ')


def set_form_based_auth():
    login_request_data = 'uid={%username%}&passw={%password%}&btnSubmit=Login'
    form_based_config = 'loginUrl=' + urllib.parse.quote(login_url) + '&loginRequestData=' + urllib.parse.quote(login_request_data)
    zap.authentication.set_authentication_method(context_id, 'formBasedAuthentication', form_based_config)
    print('Configured form based authentication')


def set_user_auth_config():
    user = 'Teste_user'
    username = 'admin'
    password = 'admin'

    user_id = zap.users.new_user(context_id, user)
    user_auth_config = 'username=' + urllib.parse.quote(username) + '&password=' + urllib.parse.quote(password)
    zap.users.set_authentication_credentials(context_id, user_id, user_auth_config)
    zap.users.set_user_enabled(context_id, user_id, 'true')
    zap.forcedUser.set_forced_user(context_id, user_id)
    zap.forcedUser.set_forced_user_mode_enabled('true')
    print('User Auth Configured')
    return user_id

def set_polices_scan(scanPolicyName):

        if useScanPolicy:
            ascan.remove_scan_policy(scanpolicyname=scanPolicyName)
            pprint('Add scan policy ' + scanPolicyName + ' -> ' +
                ascan.add_scan_policy(scanpolicyname=scanPolicyName))
            for policyId in range(0, 5):
                # Set alert Threshold for all scans
                ascan.set_policy_alert_threshold(id=policyId,
                                            alertthreshold=alertThreshold,
                                            scanpolicyname=scanPolicyName)
            # Set attack strength for all scans
                ascan.set_policy_attack_strength(id=policyId,
                                            attackstrength=attackStrength,
                                            scanpolicyname=scanPolicyName)
            if isWhiteListPolicy:
            # Disable all active scanners
                pprint('Disable all scanners -> ' +
                    ascan.disable_all_scanners(scanpolicyname=scanPolicyName))
            # Enable some active scanners
                for idscans in ascanIds:

                        ascan.enable_scanners(ids=idscans,
                                            scanpolicyname=scanPolicyName)
                pprint('Enable Scan IDs -> OK')
            else:
            # Enable all active scanners
                pprint('Enable all scanners -> ' +
                    ascan.enable_all_scanners(scanpolicyname=scanPolicyName))
            # Disable some active scanners
                for idscans in ascanIds:

                          ascan.disable_scanners(ids=idscans,
                                        scanpolicyname=scanPolicyName)
                pprint('Disable scan IDs -> OK')


def start_spider(userId):
    if useContextForScan:
        print('Starting scans with User ID: ' + userId)
        scanId = spider.scan_as_user(contextid=context_id, userid=userId,
                url=target_url, maxchildren=None, recurse=True, subtreeonly=None)
        print('Start Spider scan with user ID: ' + userId +
                '. Scan ID equals: ' + scanId)
        time.sleep(2)
        while (int(spider.status(scanId)) < 100):
            print('Spider progress: ' + spider.status(scanId) + '%')
            time.sleep(2)
        print('Spider scan for user ID ' + userId + ' completed')
    else:

        scanId = spider.scan(url=target_url, maxchildren=None, recurse=True,
            contextname=None, subtreeonly=None)
    print('Scan ID equals ' + scanId)
    time.sleep(2)
    while (int(spider.status(scanId)) < 100):
        print('Spider progress ' + spider.status(scanId) + '%')
        time.sleep(2)
    print('Spider scan completed')


def start_active_scan(userId,scanPolicyName):
    if useContextForScan:

        scanId = ascan.scan_as_user(url=target_url, contextid=context_id,
                userid=userId, recurse=True, scanpolicyname=scanPolicyName,
                method=None, postdata=True)
        print('Start Active Scan with user ID: ' + userId +
                '. Scan ID equals: ' + scanId)
        time.sleep(2)
        while (int(ascan.status(scanId)) < 100):
            print('Active Scan progress: ' + ascan.status(scanId) + '%')
            time.sleep(2)
        print('Active Scan for user ID ' + userId + ' completed')

    else:

        scanId = zap.ascan.scan(url=target_url, recurse=True, inscopeonly=None,
        scanpolicyname=scanPolicyName, method=None, postdata=True)
    print('Start Active scan. Scan ID equals ' + scanId)
    while (int(ascan.status(scanId)) < 100):
        print('Active Scan progress: ' + ascan.status(scanId) + '%')
        time.sleep(5)
    print('Active Scan completed')


def generationReport():

    time.sleep(5)
    # Report the results
    print('Hosts: ' + ', '.join(zap.core.hosts))
    print('Alerts: ')
    print(zap.core.alerts_summary())

    print('HTML report:')
    fHTML=open('zapreport.html', 'w')
    fHTML.write(zap.core.htmlreport())
    fHTML.close()

    if shutdownOnceFinished:
        pprint('Finish ZAP -> ' + zap.core.shutdown())

# Running ---->
cleanup()
context_id = zap.context.new_context(context_name)
set_include_in_context()
set_form_based_auth()
set_logged_in_indicator()
userId = set_user_auth_config()
start_spider(userId)
set_polices_scan(scanPolicyName)
start_active_scan(userId,scanPolicyName)
generationReport()
	#!/usr/bin/env python
	import time
	import urllib.parse
	from zapv2 import ZAPv2
	from pprint import pprint
	apikey = ''
	context_name = 'Scan_Full'
	target_url = 'http://demo.testfire.net'
	include_url = ['http://demo.testfire.net.*']
	login_url = 'http://demo.testfire.net/login.jsp'
	zap = ZAPv2(proxies={'http': 'http://localhost:8080'}, apikey=apikey)
	useScanPolicy = True
	useContextForScan = True
	shutdownOnceFinished = False
	isWhiteListPolicy = True
	useScanPolicy = True
	forcedUser = zap.forcedUser
	spider = zap.spider
	scanId = 0
	ascan = zap.ascan
	alertThreshold = 'Medium'
	attackStrength = 'Low'
	scanPolicyName = 'EXPLORATION OWASP'

	ascanIds = [7, 40009, 40012, 40014, 40018, 90019, 90020, 30001, 40003, 40016, 40017, 40026, 40019, 40020, 40021, 40022, 40024, 90018]

	def cleanup():

	zap.context.remove_context(contextname = context_name, apikey = apikey)
	print('Delete Context',context_name)


	def set_include_in_context():

	zap.context.include_in_context(context_name, include_url)
	print('Configured include in context',include_url)


	def set_logged_in_indicator():
	logged_in_regex = '\Q<a id="AccountLink" href="/login.jsp" class="focus" >ONLINE BANKING LOGIN</a></div></td>\E'
	zap.authentication.set_logged_in_indicator(context_id, logged_in_regex)
	print('Configured logged in indicator regex: ')


	def set_form_based_auth():
	login_request_data = 'uid={%username%}&passw={%password%}&btnSubmit=Login'
	form_based_config = 'loginUrl=' + urllib.parse.quote(login_url) + '&loginRequestData=' + urllib.parse.quote(login_request_data)
	zap.authentication.set_authentication_method(context_id, 'formBasedAuthentication', form_based_config)
	print('Configured form based authentication')


	def set_user_auth_config():
	user = 'Teste_user'
	username = 'admin'
	password = 'admin'

	user_id = zap.users.new_user(context_id, user)
	user_auth_config = 'username=' + urllib.parse.quote(username) + '&password=' + urllib.parse.quote(password)
	zap.users.set_authentication_credentials(context_id, user_id, user_auth_config)
	zap.users.set_user_enabled(context_id, user_id, 'true')
	zap.forcedUser.set_forced_user(context_id, user_id)
	zap.forcedUser.set_forced_user_mode_enabled('true')
	print('User Auth Configured')
	return user_id

	def set_polices_scan(scanPolicyName):

	if useScanPolicy:
	ascan.remove_scan_policy(scanpolicyname=scanPolicyName)
	pprint('Add scan policy ' + scanPolicyName + ' -> ' +
	ascan.add_scan_policy(scanpolicyname=scanPolicyName))
	for policyId in range(0, 5):
	# Set alert Threshold for all scans
	ascan.set_policy_alert_threshold(id=policyId,
	alertthreshold=alertThreshold,
	scanpolicyname=scanPolicyName)
	# Set attack strength for all scans
	ascan.set_policy_attack_strength(id=policyId,
	attackstrength=attackStrength,
	scanpolicyname=scanPolicyName)
	if isWhiteListPolicy:
	# Disable all active scanners
	pprint('Disable all scanners -> ' +
	ascan.disable_all_scanners(scanpolicyname=scanPolicyName))
	# Enable some active scanners
	for idscans in ascanIds:

	ascan.enable_scanners(ids=idscans,
	scanpolicyname=scanPolicyName)
	pprint('Enable Scan IDs -> OK')
	else:
	# Enable all active scanners
	pprint('Enable all scanners -> ' +
	ascan.enable_all_scanners(scanpolicyname=scanPolicyName))
	# Disable some active scanners
	for idscans in ascanIds:

	ascan.disable_scanners(ids=idscans,
	scanpolicyname=scanPolicyName)
	pprint('Disable scan IDs -> OK')


	def start_spider(userId):
	if useContextForScan:
	print('Starting scans with User ID: ' + userId)
	scanId = spider.scan_as_user(contextid=context_id, userid=userId,
	url=target_url, maxchildren=None, recurse=True, subtreeonly=None)
	print('Start Spider scan with user ID: ' + userId +
	'. Scan ID equals: ' + scanId)
	time.sleep(2)
	while (int(spider.status(scanId)) < 100):
	print('Spider progress: ' + spider.status(scanId) + '%')
	time.sleep(2)
	print('Spider scan for user ID ' + userId + ' completed')
	else:

	scanId = spider.scan(url=target_url, maxchildren=None, recurse=True,
	contextname=None, subtreeonly=None)
	print('Scan ID equals ' + scanId)
	time.sleep(2)
	while (int(spider.status(scanId)) < 100):
	print('Spider progress ' + spider.status(scanId) + '%')
	time.sleep(2)
	print('Spider scan completed')



	def start_active_scan(userId,scanPolicyName):
	if useContextForScan:

	scanId = ascan.scan_as_user(url=target_url, contextid=context_id,
	userid=userId, recurse=True, scanpolicyname=scanPolicyName,
	method=None, postdata=True)
	print('Start Active Scan with user ID: ' + userId +
	'. Scan ID equals: ' + scanId)
	time.sleep(2)
	while (int(ascan.status(scanId)) < 100):
	print('Active Scan progress: ' + ascan.status(scanId) + '%')
	time.sleep(2)
	print('Active Scan for user ID ' + userId + ' completed')

	else:

	scanId = zap.ascan.scan(url=target_url, recurse=True, inscopeonly=None,
	scanpolicyname=scanPolicyName, method=None, postdata=True)
	print('Start Active scan. Scan ID equals ' + scanId)
	while (int(ascan.status(scanId)) < 100):
	print('Active Scan progress: ' + ascan.status(scanId) + '%')
	time.sleep(5)
	print('Active Scan completed')


	def generationReport():

	time.sleep(5)
	# Report the results
	print('Hosts: ' + ', '.join(zap.core.hosts))
	print('Alerts: ')
	print(zap.core.alerts_summary())

	print('HTML report:')
	fHTML=open('zapreport.html', 'w')
	fHTML.write(zap.core.htmlreport())
	fHTML.close()

	if shutdownOnceFinished:
	pprint('Finish ZAP -> ' + zap.core.shutdown())

	# Running ---->
	cleanup()
	context_id = zap.context.new_context(context_name)
	set_include_in_context()
	set_form_based_auth()
	set_logged_in_indicator()
	userId = set_user_auth_config()
	start_spider(userId)
	set_polices_scan(scanPolicyName)
	start_active_scan(userId,scanPolicyName)
	generationReport()