-
Notifications
You must be signed in to change notification settings - Fork 5
/
peeper.py
executable file
·85 lines (69 loc) · 2.11 KB
/
peeper.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#!/usr/bin/python
import sys
import os
import re
import subprocess
import xml.etree.ElementTree as ET
def guess_proto(output):
"""This attempts to guess the HTTP prefix output based on the
message that the service detection plugin returns. It's very simple,
but works for the time being.
"""
regex = re.compile("TLS|OpenSSL")
secure = regex.search(output)
if secure:
return "https"
else:
return "http"
if len(sys.argv) != 2:
print "Usage: ./peeper <Nessus filename>"
print
sys.exit()
file = sys.argv[1]
urls = []
tree = ET.parse(file)
root = tree.getroot()
for host in root.getiterator("ReportHost"):
name = host.get("name")
for item in host.getiterator("ReportItem"):
svc = item.attrib['svc_name']
detect = item.attrib['pluginName']
if (svc == "www") and (detect == "Service Detection"):
port = item.attrib['port']
output = item.find("plugin_output")
proto = guess_proto(output.text)
url = proto + "://" + name + ":" + port
match = False
#Check for duplicate entries
for existing in urls:
if (url == existing):
match = True
#Add proto://host:port if it doesn't exist
if not (match):
urls.append(url)
# make a directory and stash the results there
dir = re.sub(".nessus", "", file)
if os.path.exists(dir):
print "The directory exists, aborting"
print
sys.exit()
else:
os.makedirs(dir)
num_in_row = 0
index = open(dir + "/index.html", "w")
index.write("<html><table><tr>\n")
urls.sort()
for url in urls:
name = re.sub("http(s)?://", "", url)
name = re.sub(":", "-", name)
capture = "./phantomjs --ignore-ssl-errors=yes ./capture.js %s %s/%s.png" % (url, dir, name)
#process = subprocess.Popen([capture], shell=True)
run = os.system
#os.system is blocking, creating serial execution
process = run(capture)
index.write("\t<td><a href=\"%s.png\"><img width=328 height=246 src=\"%s.png\"><br><center></a><a href=\"%s\">%s</a></center></td>\n" % (name, name, url, url))
num_in_row += 1
if (num_in_row % 3 == 0 ):
index.write("</tr><tr>\n")
index.write("</tr></table></html>")
index.close()