Updated Securetea libs

OWASP · Sep 10, 2022 · d0712f4 · d0712f4
1 parent d3065a7
commit d0712f4
Show file tree

Hide file tree

Showing 28 changed files with 166 additions and 3,510 deletions.
diff --git a/securetea/lib/antivirus/antivirus_logger.py b/securetea/lib/antivirus/antivirus_logger.py
@@ -34,7 +34,13 @@ def __init__(self, modulename, debug=False):
             None
         """
         # AntiVirus Log Path
-        self._PATH = "/etc/securetea/antivirus/antivirus_log.log"
+
+
+        if debug:
+            self._PATH = "securetea/lib/antivirus/antivirus_log.log"
+        else:
+            self._PATH = "/etc/securetea/antivirus/antivirus_log.log"
+
         # Call the parent class
         logger.SecureTeaLogger.__init__(self, modulename, debug)
 

diff --git a/securetea/lib/antivirus/cleaner/cleaner.py b/securetea/lib/antivirus/cleaner/cleaner.py
@@ -52,6 +52,13 @@ def __init__(self, debug=False, config_path=None):
 
         # Load Configuration
         self.config_dict = utils.json_to_dict(self._CONFIG_PATH)
+
+        if debug:
+            self._AV_CONFIG_PATH = "securetea/lib/antivirus/config/config.json"
+            self.config_dict = utils.json_to_dict(self._AV_CONFIG_PATH)
+        else:
+            self._AV_CONFIG_PATH = "/etc/securetea/asp/config.json"
+
         # Categorize OS
         self.os_name = utils.categorize_os()
         if self.os_name:

diff --git a/securetea/lib/antivirus/core_engine.py b/securetea/lib/antivirus/core_engine.py
@@ -27,7 +27,7 @@
 # Import necessary
 import multiprocessing
 import time
-
+import sys
 
 class CoreEngine(object):
     """CoreEngine class."""
@@ -99,6 +99,7 @@ def __init__(self,
 
         self.use_clamav = use_clamav
         self.use_yara = use_yara
+
 
         # Create ScannerEngine object
         self.scanner_engine_obj = ScannerEngine(debug=debug,
@@ -107,6 +108,9 @@ def __init__(self,
                                                 vt_api_key=self.vt_api_key,
                                                 use_clamav=self.use_clamav,
                                                 use_yara=self.use_yara)
+
+        print("C1")
+
         # Create MonitorEngine object
         self.monitor_engine_obj = MonitorEngine(debug=debug,
                                                 config_path=self._CONFIG_PATH,
@@ -118,6 +122,8 @@ def __init__(self,
         # Create Cleaner object
         self.cleaner_obj = Cleaner(debug=debug, config_path=self._CONFIG_PATH)
 
+
+
     def start_update(self):
         """
         Start the update process.

diff --git a/securetea/lib/antivirus/monitor/monitor_changes.py b/securetea/lib/antivirus/monitor/monitor_changes.py
@@ -13,6 +13,7 @@
 
 import os
 import time
+import sys
 
 from securetea.lib.antivirus.tools import file_gather
 from securetea.lib.antivirus.tools import utils

diff --git a/securetea/lib/antivirus/monitor/monitor_engine.py b/securetea/lib/antivirus/monitor/monitor_engine.py
@@ -70,9 +70,18 @@ def __init__(self,
         self.config_dict = utils.json_to_dict(self._CONFIG_PATH)
         # Categorize OS
         self.os_name = utils.categorize_os()
+
+        if debug:
+            self._AV_CONFIG_PATH = "securetea/lib/antivirus/config/config.json"
+            self.config_dict = utils.json_to_dict(self._AV_CONFIG_PATH)
+        else:
+            self._AV_CONFIG_PATH = "/etc/securetea/antivirus/config/config.json"
+
+
         if self.os_name:
             # Load malicious-file log path
             self.changes_min_time = int(self.config_dict[self.os_name]["monitor"]["threshold_min"])
+
 
         self.monitor_changes = int(monitor_changes)
         self.monitor_usb = int(monitor_usb)

diff --git a/securetea/lib/antivirus/scanner/hash_scanner.py b/securetea/lib/antivirus/scanner/hash_scanner.py
@@ -38,6 +38,7 @@ def __init__(self, debug=False, config_path=None, file_list=None, vt_api_key=Non
             None
         """
         # Initialize parent class
+
         super().__init__(debug, config_path, file_list, vt_api_key)
 
         if self.os_name:

diff --git a/securetea/lib/antivirus/scanner/scanner_engine.py b/securetea/lib/antivirus/scanner/scanner_engine.py
@@ -39,6 +39,7 @@ def __init__(self, debug=False, config_path=None, file_list=None, vt_api_key=Non
         Returns:
             None
         """
+
         # Initialize logger
         self.logger = AntiVirusLogger(
                 __name__,
@@ -65,6 +66,8 @@ def __init__(self, debug=False, config_path=None, file_list=None, vt_api_key=Non
                                         config_path=self._CONFIG_PATH,
                                         file_list=self.file_list,
                                         vt_api_key=vt_api_key)
+
+
         # Create YaraScanner object
         self.yara_scanner = YaraScanner(debug=debug,
                                         config_path=self._CONFIG_PATH,

diff --git a/securetea/lib/antivirus/scanner/scanner_parent.py b/securetea/lib/antivirus/scanner/scanner_parent.py
@@ -16,7 +16,7 @@
 from securetea.lib.antivirus.scanner.virus_total import VirusTotal
 
 from concurrent.futures import ThreadPoolExecutor
-import sys
+import sys, json
 
 
 class Scanner(object):
@@ -57,6 +57,13 @@ def __init__(self, debug=False, config_path=None, file_list=None, vt_api_key=Non
         self.config_dict = utils.json_to_dict(self._CONFIG_PATH)
         # Categorize OS
         self.os_name = utils.categorize_os()
+
+        if debug:
+            self._AV_CONFIG_PATH = "securetea/lib/antivirus/config/config.json"
+            self.config_dict = utils.json_to_dict(self._AV_CONFIG_PATH)
+        else:
+            self._AV_CONFIG_PATH = "/etc/securetea/asp/config.json"
+
         if self.os_name:
             # Load malicious-file log path
             self._MAL_FILE_PATH = self.config_dict[self.os_name]["scanner"]["malicious_file_log_path"]
@@ -78,6 +85,7 @@ def __init__(self, debug=False, config_path=None, file_list=None, vt_api_key=Non
         if self.vt_api_key and self.vt_api_key != "XXXX":
             # If VirusTotal API Key is provided & valid
             self.vt_obj = VirusTotal(debug=debug, api_key=self.vt_api_key)
+
 
     def scan_file(self, file_path):
         """

diff --git a/securetea/lib/antivirus/secureTeaAntiVirus.py b/securetea/lib/antivirus/secureTeaAntiVirus.py
@@ -57,7 +57,7 @@ def __init__(self, debug=False, cred=None, use_clamav=False, use_yara=False):
             sys.exit(0)
 
         # JSON configuration file path
-        self._CONFIG_PATH = "/etc/securetea/antivirus/config.json"
+        self._CONFIG_PATH = "securetea.conf"
 
         # Initialize required parameters from the credentials passed
         self.vt_api_key = self.cred["virustotal-api-key"]
@@ -72,6 +72,9 @@ def __init__(self, debug=False, cred=None, use_clamav=False, use_yara=False):
         self.auto_delete = int(self.cred["auto-delete"])
 
         # Create CoreEngine object
+
+        print("C0")
+
         self.core_engine_obj = core_engine.CoreEngine(debug=debug,
                                                       config_path=self._CONFIG_PATH,
                                                       vt_api_key=self.vt_api_key,
@@ -82,6 +85,7 @@ def __init__(self, debug=False, cred=None, use_clamav=False, use_yara=False):
                                                       update=self.update,
                                                       custom_scan=self.custom_scan,
                                                       auto_delete=self.auto_delete)
+
 
     def start(self):
         """
@@ -102,6 +106,7 @@ def start(self):
                 "Antivirus started.",
                 logtype="info"
             )
+            print("C1")
             self.core_engine_obj.start_engine()
         except Exception as e:
             self.logger.log(

diff --git a/securetea/lib/antivirus/tools/utils.py b/securetea/lib/antivirus/tools/utils.py
@@ -58,11 +58,12 @@ def categorize_os():
         None
     """
     os_name = get_system_name()
-    if os_name in ["ubuntu", "kali", "backtrack", "debian"]:
-        return "debian"
+    for allowed_name in ["ubuntu", "kali", "backtrack", "debian"]:
+        if allowed_name in os_name:
+            return "debian"
     # elif some other OS, add their  name
-    else:  # if OS not in list
-        return None
+    # if OS not in list
+    return None
 
 
 def get_system_name():
@@ -78,7 +79,7 @@ def get_system_name():
     Returns:
         os_name (str): Name of the operating system
     """
-    os_name = platform.dist()[0]
+    os_name = platform.version()
     return os_name.lower()
 
 

diff --git a/securetea/lib/antivirus/update/update_hash.py b/securetea/lib/antivirus/update/update_hash.py
@@ -54,6 +54,13 @@ def __init__(self, debug=False, config_path=None):
 
         # Load Configuration
         self.config_dict = utils.json_to_dict(self._CONFIG_PATH)
+
+        if debug:
+            self._AV_CONFIG_PATH = "securetea/lib/antivirus/config/config.json"
+            self.config_dict = utils.json_to_dict(self._AV_CONFIG_PATH)
+        else:
+            self._AV_CONFIG_PATH = "/etc/securetea/asp/config.json"
+
         # Categorize OS
         self.os_name = utils.categorize_os()
         if self.os_name:

diff --git a/securetea/lib/antivirus/update/update_yara.py b/securetea/lib/antivirus/update/update_yara.py
@@ -60,6 +60,13 @@ def __init__(self, debug=False, config_path=None):
         self._YARA_MATCH = "/Yara-Rules/rules/blob/master/malware/"
         # Load Configuration
         self.config_dict = utils.json_to_dict(self._CONFIG_PATH)
+
+        if debug:
+            self._AV_CONFIG_PATH = "securetea/lib/antivirus/config/config.json"
+            self.config_dict = utils.json_to_dict(self._AV_CONFIG_PATH)
+        else:
+            self._AV_CONFIG_PATH = "/etc/securetea/asp/config.json"
+
         # Categorize OS
         self.os_name = utils.categorize_os()
         if self.os_name:

diff --git a/securetea/lib/auto_server_patcher/installer.py b/securetea/lib/auto_server_patcher/installer.py
@@ -40,7 +40,10 @@ def __init__(self, debug=False):
         )
 
         # Command configuraton path
-        self._COMMAND_PATH = "/etc/securetea/asp/commands.json"
+        if debug:
+            self._COMMAND_PATH = "securetea/lib/auto_server_patcher/configs/commands.json"
+        else:
+            self._COMMAND_PATH = "/etc/securetea/asp/commands.json"
         # Load configuraton data
         self.config_data = self.open_json(self._COMMAND_PATH)
 

diff --git a/securetea/lib/auto_server_patcher/patcher.py b/securetea/lib/auto_server_patcher/patcher.py
@@ -11,7 +11,7 @@
 
 """
 
-import json
+import json, sys
 from securetea.lib.auto_server_patcher.patch_logger import PatchLogger
 from securetea.lib.auto_server_patcher import utils
 
@@ -39,7 +39,10 @@ def __init__(self, debug=False, to_patch=None):
         )
 
         # Configuration file path
-        self._CONFIG_PATH = "/etc/securetea/asp/config.json"
+        if debug:
+            self._CONFIG_PATH = "securetea/lib/auto_server_patcher/configs/config.json"
+        else:
+            self._CONFIG_PATH = "/etc/securetea/asp/config.json"
         # Load configuration
         self.config_data = self.open_json(self._CONFIG_PATH)
         # Categorize OS

diff --git a/securetea/lib/auto_server_patcher/utils.py b/securetea/lib/auto_server_patcher/utils.py
@@ -50,11 +50,12 @@ def categorize_os():
         None
     """
     os_name = get_system_name()
-    if os_name in ["ubuntu", "kali", "backtrack", "debian"]:
-        return "debian"
+    for allowed_name in ["ubuntu", "kali", "backtrack", "debian"]:
+        if allowed_name in os_name:
+            return "debian"
     # elif some other OS, add their  name
-    else:  # if OS not in list
-        return None
+    # if OS not in list
+    return None
 
 
 def get_system_name():
@@ -70,5 +71,5 @@ def get_system_name():
     Returns:
         os_name (str): Name of the operating system
     """
-    os_name = platform.dist()[0]
+    os_name = platform.version()
     return os_name.lower()
diff --git a/securetea/lib/log_monitor/server_log/detect/attacks/lfi.py b/securetea/lib/log_monitor/server_log/detect/attacks/lfi.py
@@ -39,7 +39,7 @@ def __init__(self, debug=False, test=False):
             debug=debug
         )
 
-        if test:
+        if debug:
             # Path of file containing lfi payloads
             self.PAYLOAD_FILE = "securetea/lib/log_monitor/server_log/rules/payloads/lfi.txt"
         else:

diff --git a/securetea/lib/log_monitor/server_log/detect/attacks/sqli.py b/securetea/lib/log_monitor/server_log/detect/attacks/sqli.py
@@ -41,7 +41,7 @@ def __init__(self, debug=False, test=False):
             debug=debug
         )
 
-        if test:
+        if debug:
             # Path of file containing sqli regex rules
             self.REGEX_FILE = "securetea/lib/log_monitor/server_log/rules/regex/sqli.txt"
             # Path of file containing sqli payloads

diff --git a/securetea/lib/log_monitor/server_log/detect/attacks/ssrf.py b/securetea/lib/log_monitor/server_log/detect/attacks/ssrf.py
@@ -39,7 +39,7 @@ def __init__(self,test=False,debug=False):
             debug=debug
         )
 
-        if test:
+        if debug:
             # Path of file containing SSRF payloads
             self.PAYLOAD_FILE = "securetea/lib/log_monitor/server_log/rules/payloads/ssrf.txt"
             # Path of file containing SSRF regex rules

diff --git a/securetea/lib/log_monitor/server_log/detect/attacks/web_shell.py b/securetea/lib/log_monitor/server_log/detect/attacks/web_shell.py
@@ -39,7 +39,7 @@ def __init__(self, debug=False, test=False):
             debug=debug
         )
 
-        if test:
+        if debug:
             # Path of file containing web_shell payloads
             self.PAYLOAD_FILE = "securetea/lib/log_monitor/server_log/rules/payloads/web_shell.txt"
         else:

diff --git a/securetea/lib/log_monitor/server_log/detect/attacks/xss.py b/securetea/lib/log_monitor/server_log/detect/attacks/xss.py
@@ -41,7 +41,7 @@ def __init__(self, debug=False, test=False):
             debug=debug
         )
 
-        if test:
+        if debug:
             # Path of file containing XSS payloads
             self.PAYLOAD_FILE = "securetea/lib/log_monitor/server_log/rules/payloads/xss.txt"
             # Path of file containing XSS regex rules

diff --git a/securetea/lib/log_monitor/server_log/detect/recon/port_scan.py b/securetea/lib/log_monitor/server_log/detect/recon/port_scan.py
@@ -39,7 +39,7 @@ def __init__(self, debug=False, test=False):
             debug=debug
         )
 
-        if test:
+        if debug:
             # Path of file containing port_scan payloads
             self.PAYLOAD_FILE = "securetea/lib/log_monitor/server_log/rules/payloads/port_scan_ua.txt"
         else:

diff --git a/securetea/lib/log_monitor/server_log/detect/recon/spider.py b/securetea/lib/log_monitor/server_log/detect/recon/spider.py
@@ -39,7 +39,7 @@ def __init__(self, debug=False, test=False):
             debug=debug
         )
 
-        if test:
+        if debug:
             # Path of file containing spider user agents payloads
             self._PAYLOAD_FILE = "securetea/lib/log_monitor/server_log/rules/payloads/bad_ua.txt"
         else:

diff --git a/securetea/lib/log_monitor/server_log/engine.py b/securetea/lib/log_monitor/server_log/engine.py
@@ -13,6 +13,7 @@
 
 import sys
 import threading
+from securetea.lib.log_monitor.server_log import parser
 # Import logger
 from securetea.lib.log_monitor.server_log.server_logger import ServerLogger
 # Import utilities
@@ -114,6 +115,7 @@ def __init__(self,
                 self.parser_obj = apache.ApacheParser(debug=debug,
                                                       window=window,
                                                       path=self.log_file_path)
+
             elif log_type == "nginx":  # if Nginx log file
                 self.parser_obj = nginx.NginxParser(debug=debug,
                                                     window=window,

diff --git a/securetea/lib/waf/Server/requester.py b/securetea/lib/waf/Server/requester.py
@@ -47,14 +47,16 @@ def __init__(self,transport,timeout=5):
 
     def connect(self,host,redirect_table):
 
-        """
+        """{"localhost":"localhost:80"}
         Extracts the host name and connects the socket to the host on port 80
         """
 
         self.host=host
 
 
         # Check whether the incoming Host is part of the backend server config
+        print(self.host)
+        print(redirect_table)
 
         if self.host in redirect_table.keys():
             host,port=redirect_table[host].split(":")

diff --git a/securetea/lib/waf/data/model-4 → securetea/lib/waf/data/modeltestgram.sav b/securetea/lib/waf/data/model-4 → securetea/lib/waf/data/modeltestgram.sav
-Original file line number
+Diff line change
@@ Expand Up @@
                 None
             """
             # Initialize parent class
             super().__init__(debug, config_path, file_list, vt_api_key)
             if self.os_name:
@@ Expand Down @@