Merge pull request #27 from Logisek/develop

Merge to main

Author: maldevel

README.md

@@ -1,11 +1,13 @@
-     _____        _
-    (____ \      | |_                             
-     _   \ \ ____| | |_  ____  ___  ____ ____ ____  
-    | |   | / _  ) |  _)/ _  |/___)/ ___) _  |  _ \ 
-    | |__/ ( (/ /| | |_( ( | |___ ( (__( ( | | | | |
-    |_____/ \____)_|\___)_||_(___/ \____)_||_|_| |_|    
-
-DeltaScan is an advanced port scanning tool designed to detect and report changes in open ports and services over time. It offers scan results manipulation functionalities like export, import, differential check between scans and an interactive shell. 
+## Deltascan  
+
+DeltaScan is an advanced port scanning tool designed to detect and report changes in open ports and services over time. It offers scan results manipulation functionalities like export, import, differential check between scans and an interactive shell.
+
+##### View scan results
+![Use screenshot](images/example_scr1.png?raw=true "Title")
+
+##### View diff results
+![Use screenshot](images/example_scr2.png?raw=true "Title")
+
 ### Installation
 Install `pipenv`:
 ```bash
@@ -76,7 +78,7 @@ options:
                         select scanning profile that exists in config file or already in database
   -c CONF_FILE, --conf-file CONF_FILE
                         path to configuration file
-  -s, --suppress        suppress output
+  -v, --verbose         verbose output
   --n-scans N_SCANS     limit of scans databse queries. It is applied in scans view as well as scans diff
   --n-diffs N_DIFFS     limit of the diff results
   --from-date FROM_DATE
@@ -150,6 +152,10 @@ sudo -E env PATH=${PATH} deltascan diff -c config.yaml -p MY_PROFILE --from-date
 # The below command uses a custom template file (it has to be an .html file)
 sudo -E env PATH=${PATH} deltascan diff -c config.yaml -p MY_PROFILE --from-date "2024-01-01 10:00:00" --to-date "2024-01-02 10:00:00" --n-scans 20 --n-diffs -2 -t 192.168.0.100 --template your_template.html
 ```
+Diff raw, nmap, comma separated files and dump them in json file:
+```bash
+sudo -E env PATH=${PATH} deltascan  diff --diff-files tcp_services_10.10.10.1.xml,tcp_services_10.10.10.2.xml -o dump.json
+```
 
 ##### View:
 Listing scan results is a simple query to the deltascan database. The query takes into account the given parameters (`host`, `profile`, `--from-date`, `--to-date`, `--port-type`)
@@ -200,13 +206,13 @@ deltascan>: conf                             # Display current configuration
     n_diffs:             1
     From date [fdate]:   None
     To date [tdate]:     None
-    suppress:            False
+    verbose:             True
     host:                0.0.0.0
     profile:             None
-deltascan>: conf suppress=true              # Modify configuration value
+deltascan>: conf verbose=true               # Modify configuration value
 deltascan>: view                            # View result based on current configuration parameters
     # ... Results ...
-deltascan>: diff 1,2                        # Difference between previous view results (always use suppress=True to find diff indexes)
+deltascan>: diff 1,2                        # Difference between previous view results (always use verbose=False to find diff indexes)
 deltascan>: imp nmap_dump_file.0.0.0.0.xml  # Import nmap dump file
 deltascan>: imp nmap_dump_file.0.0.0.0.csv  # Import deltascan csv exported file
 deltascan>: report                          # Report last results (must set an output_file before with: conf output_file=filename.(html|pdf|csv))

config.yaml

@@ -5,10 +5,14 @@ profiles:
     arguments: "-vv -n -sn -PA21,22,23,25,53,80,88,110,111,135,139,143,199,443,445,465,587,993,995,1025,1433,1723,3306,3389,5900,8080,8443"
   TCP_PORTS_TOP_1000_NO_PING_NO_DNS:
     arguments: "-sS -n -Pn -vv --top-ports 1000 --reason --open"
+  TCP_PORT_80:
+    arguments: "-sS -n -Pn -vv -p 80"
+  TCP_PORT_80_SCRIPTS:
+    arguments: "-sS -vv -n -A --osscan-guess --version-all -Pn -p 80 --script=default,safe,discovery,external,vuln"
+  TCP_PORT_80_OS_SERVICE_DETECTION:
+    arguments: "-sS -n -Pn -vv -p 80 -O -sV"
   TCP_PORTS_FULL_NO_PING_NO_DNS: 
     arguments: "-sS -n -Pn -vv -p- --reason --open"
-  tcp-services-scan-noping:
-    arguments: "-sS -vv -A --osscan-guess --version-all --top-ports 1000"
   UDP_PORTS_TOP_1000_NO_PING_NO_DNS:
     arguments: "-sU -n -Pn -vv --top-ports 1000 --reason --open"
   UDP_PORTS_FULL_NO_PING_NO_DNS: 

deltascan/cli/cli_output.py

@@ -212,59 +212,38 @@ def _display_scan_diffs(self):
                 "for the given arguments[/]")
             return [table]
 
-        if self.verbose is False:
-            _sup_table = Table(show_header=True)
-            _sup_table.add_column("Host", style=colors[0], no_wrap=True)
-            _sup_table.add_column("Dates", style=colors[1], no_wrap=True)
-            _sup_table.add_column("Scan uuids", style=colors[0], no_wrap=True)
-            _sup_table.add_column("Profile", style=colors[1], no_wrap=True)
-            _sup_table.add_column("Arguments", style=colors[0], no_wrap=True)
-
         for row in self.data:
-            if self.verbose is True:
-                table = Table()
-                table.title = f"[dim]Host:       [/][rosy_brown]" \
-                              f"{self._print_generic_information_if_different(row['generic'][1]['host'], row['generic'][0]['host'])}[/]\n" \
-                              f"[dim]Dates:      [/][rosy_brown]{self._print_is_today(row['date_from'])} " \
-                              f"[red]->[/] {self._print_is_today(row['date_to'])}[/]\n" \
-                              f"[dim]Scan uuids: [/][rosy_brown]{self._print_generic_information_if_different(row['uuids'][1], row['uuids'][0])}[/]\n" \
-                              f"[dim]Profile:    [/][rosy_brown]" \
-                              f"{self._print_generic_information_if_different(row['generic'][1]['profile_name'], row['generic'][0]['profile_name'])}[/]\n" \
-                              f"[dim]Arguments:  [/][rosy_brown]" \
-                              f"{self._print_generic_information_if_different(row['generic'][1]['arguments'], row['generic'][0]['arguments'])}[/]"
-                c = 0
-                _w = 20
-                for _, f in enumerate(field_names):
-                    if "field" in f:
-                        _w = 35
-                    else:
-                        _w = 53
-
-                    table.add_column(format_string(f), style=colors[c], no_wrap=True, width=_w)
-                    c = 0 if c >= len(colors)-1 else c+1
-                lines = self._construct_exported_diff_data(row, field_names)
-
-                for r in lines:
-                    fields = self._dict_diff_fields_to_list(r)
-                    table.add_row(*fields)
-                table.border_style = "dim"
-                table.title_justify = "left"
-                table.caption_justify = "left"
-                table.leading = False
-                table.title_style = "frame"
-                tables.append(table)
-            else:
-                _sup_table.add_row(
-                    row['generic']['host'],
-                    self._print_is_today(row['date_from']),
-                    f"{row['uuids'][1]} -> {row['uuids'][0]}",
-                    row['generic']['profile_name'],
-                    row['generic']['arguments']
-                )
-
-        if self.verbose is False:
-            tables.append(_sup_table)
-
+            table = Table()
+            table.title = f"[dim]Host:       [/][rosy_brown]" \
+                          f"{self._print_generic_information_if_different(row['generic'][1]['host'], row['generic'][0]['host'])}[/]\n" \
+                          f"[dim]Dates:      [/][rosy_brown]{self._print_is_today(row['date_from'])} " \
+                          f"[red]->[/] {self._print_is_today(row['date_to'])}[/]\n" \
+                          f"[dim]Scan uuids: [/][rosy_brown]{self._print_generic_information_if_different(row['uuids'][1], row['uuids'][0])}[/]\n" \
+                          f"[dim]Profile:    [/][rosy_brown]" \
+                          f"{self._print_generic_information_if_different(row['generic'][1]['profile_name'], row['generic'][0]['profile_name'])}[/]\n" \
+                          f"[dim]Arguments:  [/][rosy_brown]" \
+                          f"{self._print_generic_information_if_different(row['generic'][1]['arguments'], row['generic'][0]['arguments'])}[/]"
+            c = 0
+            _w = 20
+            for _, f in enumerate(field_names):
+                if "field" in f:
+                    _w = 35
+                else:
+                    _w = 53
+
+                table.add_column(format_string(f), style=colors[c], no_wrap=True, width=_w)
+                c = 0 if c >= len(colors)-1 else c+1
+            lines = self._construct_exported_diff_data(row, field_names)
+
+            for r in lines:
+                fields = self._dict_diff_fields_to_list(r)
+                table.add_row(*fields)
+            table.border_style = "dim"
+            table.title_justify = "left"
+            table.caption_justify = "left"
+            table.leading = False
+            table.title_style = "frame"
+            tables.append(table)
         return tables
 
     def _dict_diff_fields_to_list(self, diff_dict):

deltascan/cli/cmd.py

@@ -119,8 +119,8 @@ def do_conf(self, v):
                     print(f"{'From date [fdate]: ' + '':<20} {self._app.fdate}")
                 if conf_key == "tdate" or conf_key == "":
                     print(f"{'To date [tdate]: ' + '':<20} {self._app.tdate}")
-                if conf_key == "suppress" or conf_key == "":
-                    print(f"{'suppress: ' + '':<20} {self._app.suppress}")
+                if conf_key == "verbose" or conf_key == "":
+                    print(f"{'verbose: ' + '':<20} {self._app.verbose}")
                 if conf_key == "host" or conf_key == "":
                     print(f"{'host: ' + '':<20} {self._app.host}")
                 if conf_key == "profile" or conf_key == "":
@@ -147,8 +147,8 @@ def __norm_value(v):
                 self._app.fdate = __norm_value(conf_value)
             elif conf_key == "tdate":
                 self._app.tdate = __norm_value(conf_value)
-            elif conf_key == "suppress":
-                self._app.suppress = False if __norm_value(conf_value).lower() == "false" else True
+            elif conf_key == "verbose":
+                self._app.verbose = False if __norm_value(conf_value).lower() == "false" else True
             elif conf_key == "host":
                 self._app.host = __norm_value(conf_value)
             elif conf_key == "profile":

deltascan/core/deltascan.py

@@ -416,7 +416,6 @@ def diffs(self, uuids=None):
             diffs = self._list_scans_with_diffs([_s for _scans in _split_scans_in_hosts.values() for _s in _scans])
             if self._config.output_file is not None and self._config.is_interactive is False:
                 self._report_diffs(diffs, output_file=f"diffs_{self._config.output_file}")
-
             # getting the current date and time in order not to override existing files
             _now = datetime.now().strftime(FILE_DATE_FORMAT)
             self._result.append({
@@ -563,8 +562,7 @@ def _list_scans_with_diffs(self, scans):
         for i, _ in enumerate(scans, 1):
             if i == len(scans) or len(scan_list_diffs) == self._config.n_diffs:
                 break
-            if (scans[i-1]["result_hash"] != scans[i]["result_hash"] or scans[i-1]["results"] !=
-                    scans[i]["results"]) and scans[i-1]["results"]["host"] == scans[i]["results"]["host"]:
+            if scans[i-1]["result_hash"] != scans[i]["result_hash"] and scans[i-1]["results"]["host"] == scans[i]["results"]["host"]:
                 try:
                     scan_list_diffs.append(
                         {
@@ -700,12 +698,14 @@ def __find_changed(self, changed_scan, old_scan):
             if key in self._ignore_fields_for_diffs:
                 continue
             if key in old_scan:
-                if json.dumps(changed_scan[key]) != json.dumps(old_scan[key]) and \
-                        isinstance(changed_scan[key], dict) and isinstance(old_scan[key], dict):
-                    diffs[key] = self.__find_changed(changed_scan[key], old_scan[key])
-                else:
-                    if changed_scan[key] != old_scan[key]:
-                        diffs[key] = {"from": old_scan[key], "to": changed_scan[key]}
+                if json.dumps(changed_scan[key]) != json.dumps(old_scan[key]):
+                    if isinstance(changed_scan[key], dict) and isinstance(old_scan[key], dict):
+                        diffs[key] = self.__find_changed(changed_scan[key], old_scan[key])
+                    elif isinstance(changed_scan[key], list) and isinstance(old_scan[key], list):
+                        diffs[key] = {"from": list(set([json.dumps(_el) for _el in old_scan[key]]) - set([json.dumps(_el) for _el in changed_scan[key]])),
+                                      "to": list(set([json.dumps(_el) for _el in changed_scan[key]]) - set([json.dumps(_el) for _el in old_scan[key]]))}
+                    else:
+                        diffs[key] = {"from": json.dumps(old_scan[key], sort_keys=True), "to": json.dumps(changed_scan[key], sort_keys=True)}
         return diffs
 
     def __find_removed(self, changed_scan, old_scan):
@@ -762,6 +762,7 @@ def view(self):
                     to_date=self._config.tdate,
                     from_date=self._config.fdate,
                     pstate=self._config.port_type)
+
             if self._config.output_file is not None:
                 self._report_scans(scans, output_file=f"scans_{self._config.output_file}")
 

deltascan/core/export.py

@@ -231,6 +231,7 @@ def _diffs_report_to_html_string(self):
             for diffs_on_date in self.data:
                 # These are the fields for the HTML template
                 # TODO: create a specific function to handle these comparisons
+
                 _augmented_diff = {
                     "date_from": diffs_on_date["date_from"],
                     "date_to": diffs_on_date["date_to"],
@@ -266,8 +267,8 @@ def _diffs_report_to_html_string(self):
             report = template.render(data)
             return report
         except Exception as e:  # TODO: remove generic exception
-            self.logger.error("Error generating PDF report: " + str(e))
-            raise ExporterExceptions.DScanExporterErrorProcessingData("Error generating PDF report: " + str(e))
+            self.logger.error("Error generating report: " + str(e))
+            raise ExporterExceptions.DScanExporterErrorProcessingData("Error generating report: " + str(e))
 
     def _scans_report_to_html_string(self):
         """
@@ -282,6 +283,7 @@ def _scans_report_to_html_string(self):
         try:
             with open(self.template_file, 'r') as file:
                 html_string = file.read()
+
             data = {
                 'field_names': ["Port", "State", "Service", "Service FP", "Service Product"],
                 'scans': self.data,
@@ -294,8 +296,8 @@ def _scans_report_to_html_string(self):
 
             return report
         except Exception as e:
-            self.logger.error("Error generating HTML report: " + str(e))
-            raise ExporterExceptions.DScanExporterErrorProcessingData("Error generating HTML report: " + str(e))
+            self.logger.error("Error generating report: " + str(e))
+            raise ExporterExceptions.DScanExporterErrorProcessingData("Error generating report: " + str(e))
 
     def _diffs_to_html(self):
         """

deltascan/core/output.py

@@ -30,6 +30,14 @@ def _construct_exported_diff_data(row, field_names):
             list: A list of exported diff data.
 
         """
+
+        # This method does all the preparation for the final output format of the diff results
+        # Diff results: The method basically calculates the depth of the changed fields and depending on the largest depth,
+        #               it adds the keywords "field_n" where "n" is the depth in the diffs dict.
+        #               It also adds the keywords "from" and "to"
+        #               This is why they are refered as articulated results inside the repo. They are constructed in a way that
+        #               is human readable. So the final fomat is e.g. ["changed", "ports", "80", "state", "from", "open", "to", "closed"]
+
         exported_diffs = []
         for _k in row["diffs"]["changed"]:
             _start_index = 0