diff --git a/routes/ui/tools.py b/routes/ui/tools.py index 4e42ab2..aff827c 100644 --- a/routes/ui/tools.py +++ b/routes/ui/tools.py @@ -4612,12 +4612,12 @@ def dnsrecon_page_form(project_id, current_project, current_user): for hostname_row in scan_result: - hostname = hostname_row.get('target') if hostname_row.get('target') else '' - hostname_name = hostname_row.get('name') if hostname_row.get('name') else '' - host_ip = hostname_row.get('address') if hostname_row.get('address') else '' - host_port = hostname_row.get('port') if hostname_row.get('port') else '' - hostname_info = hostname_row.get('strings') if hostname_row.get('strings') else '' - hostname_type = hostname_row.get('type') if hostname_row.get('type') else '' + hostname = hostname_row.get('target') if hostname_row.get('target') else '' + hostname_name = hostname_row.get('name') if hostname_row.get('name') else '' + host_ip = hostname_row.get('address') if hostname_row.get('address') else '' + host_port = hostname_row.get('port') if hostname_row.get('port') else '' + hostname_info = hostname_row.get('strings') if hostname_row.get('strings') else '' + hostname_type = hostname_row.get('type') if hostname_row.get('type') else '' ''' 1. Name <--> Address @@ -4715,3 +4715,61 @@ def dnsrecon_page_form(project_id, current_project, current_user): current_project=current_project, tab_name='DNSrecon', errors=errors) + + +@routes.route('/project//tools/theharvester/', methods=['GET']) +@requires_authorization +@check_session +@check_project_access +@send_log_data +def theharvester_page(project_id, current_project, current_user): + return render_template('project/tools/import/theharvester.html', + current_project=current_project, + tab_name='theHarvester') + + +@routes.route('/project//tools/theharvester/', methods=['POST']) +@requires_authorization +@check_session +@check_project_access +@send_log_data +def theharvester_page_form(project_id, current_project, current_user): + form = theHarvesterForm() + form.validate() + errors = [] + if form.errors: + for field in form.errors: + for error in form.errors[field]: + errors.append(error) + + if not errors: + for file in form.xml_files.data: + if file.filename: + soup = BeautifulSoup(file.read(), "html.parser") + + scan_result = soup.findAll('host') + + for hostname_row in scan_result: + ips_str = hostname_row.find('ip').text + hostname = hostname_row.find('hostname').text + + ip_array = ips_str.split(', ') + for ip_address in ip_array: + # check valid ip + ipaddress.ip_address(ip_address) + + current_host = db.select_project_host_by_ip(current_project['id'], ip_address) + if current_host: + host_id = current_host[0]['id'] + else: + host_id = db.insert_host(current_project['id'], ip_address, current_user['id'], + form.hosts_description.data) + + current_hostname = db.select_ip_hostname(host_id, hostname) + if not current_hostname: + hostname_id = db.insert_hostname(host_id, hostname, form.hostnames_description.data, current_user['id']) + + return render_template('project/tools/import/theharvester.html', + current_project=current_project, + tab_name='theHarvester', + errors=errors) diff --git a/static/images/theHarvester-logo.png b/static/images/theHarvester-logo.png new file mode 100644 index 0000000..176dce3 Binary files /dev/null and b/static/images/theHarvester-logo.png differ diff --git a/system/forms.py b/system/forms.py index 8d94705..0143db1 100644 --- a/system/forms.py +++ b/system/forms.py @@ -1155,6 +1155,11 @@ class DNSreconForm(FlaskForm): csv_files = MultipleFileField('csv_files') json_files = MultipleFileField('json_files') hosts_description = StringField('hosts_description', default='Added from DNSrecon scan') - hostnames_description = StringField('hostnames_description', default='Added from DNSrecon scan') ports_description = StringField('ports_description', default='Added from DNSrecon scan') ignore_ipv6 = IntegerField('ignore_ipv6', default=0) + + +class theHarvesterForm(FlaskForm): + xml_files = MultipleFileField('xml_files') + hosts_description = StringField('hosts_description', default='Added from theHarvester scan') + hostnames_description = StringField('hostnames_description', default='Added from theHarvester scan') diff --git a/templates/project/tools/import/theharvester.html b/templates/project/tools/import/theharvester.html new file mode 100644 index 0000000..228d3a7 --- /dev/null +++ b/templates/project/tools/import/theharvester.html @@ -0,0 +1,104 @@ + + +{% include 'header.html' %} + +
+ {% include 'menu.html' %} +
+
+ {% include 'project/sidebar.html' %} +
+ +
+

DNSrecon

+
+
+
+
+ {% if external_img %} + + {% else %} + + {% endif %} +
+
+ theHarvester +
+ DNS subdomain finder +
+
+ theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a penetration test or red team engagement. Use it for open source intelligence (OSINT) gathering to help determine a company's external threat landscape on + the internet. +
+
+ + Official site + + +
+
+
+
+
+

Upload reports

+
+ +
+
+ + +
+
+ + +
+
+
+
+ +
+
+ + +
+
+ + +
+ {% if errors is defined and errors %} +
+ +
+ There were some errors with host +
+
    + {% for error in errors %} +
  • {{ error }}
    • + {% endfor %} +
+
+ {% elif errors is defined and not errors %} +
+ +
+ Successfully uploaded! +
+
+ {% endif %} +
+
+ {% include 'footer.html' %} +
+
+ + \ No newline at end of file diff --git a/templates/project/tools/list.html b/templates/project/tools/list.html index 4fc8183..7a2248b 100644 --- a/templates/project/tools/list.html +++ b/templates/project/tools/list.html @@ -219,6 +219,11 @@

Tools

DNSRecon is a simple python script that enables to gather DNS-oriented information on a given target.

Open + +

theHarvester

+

theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a penetration test or red team engagement. Use it for open source intelligence (OSINT) gathering to help determine a company's external threat landscape on the internet.

+ Open +