Merge pull request FeeiCN#1025 from BlBana/master

优化了report api代码，增加了phantomjs截图功能，增加了report模块文档

cobra/api.py

@@ -418,6 +418,7 @@ def report():
     total_files = 0
     total_vul_number = critical_vul_number = high_vul_number = medium_vul_number = low_vul_number = 0
     rule_num = dict()
+    target_directorys = []
     time_range = {}
     time_start = request.args.get(key='start')
     time_end = request.args.get(key='end')
@@ -459,9 +460,15 @@ def report():
                         data_content = json.load(f)
                     data_results = data_content.get('result')
                     if data_results:
+                        target_directory = data_results.get('target_directory')
+                        if target_directory in target_directorys:
+                            continue
+                        else:
+                            target_directorys.append(target_directory)
+
                         total_files += data_results.get('file')
                         total_vul_number += len(data_results.get('vulnerabilities'))
-                        time_range[data_time] += total_vul_number
+                        time_range[data_time] += len(data_results.get('vulnerabilities'))
 
                         for vul in data_results.get('vulnerabilities'):
                             if 9 <= int(vul.get('level')) <= 10:

cobra/report.py

@@ -14,15 +14,20 @@
 import os
 import subprocess
 import datetime
+import base64
 from .log import logger
 from .config import Config, project_directory
 
 import smtplib
 from email.mime.text import MIMEText
 from email.mime.multipart import MIMEMultipart
 
-
-node = '/usr/local/bin/node'
+if os.path.exists('/usr/local/bin/phantomjs'):
+    phantomjs = '/usr/local/bin/phantomjs'
+elif os.path.exists('/usr/bin/phantomjs'):
+    phantomjs = '/usr/bin/phantomjs'
+else:
+    phantomjs = 'phantomjs'
 
 
 class Report(object):
@@ -40,7 +45,7 @@ def __init__(self):
         start = datetime.datetime.today() + datetime.timedelta(days=-7)
         end = datetime.datetime.today().strftime("%Y-%m-%d")
         start = start.strftime("%Y-%m-%d")
-        self.param = [node, os.path.join(project_directory, 'reports', 'report.js'), project_directory, start, end]
+        self.param = [phantomjs, os.path.join(project_directory, 'reports', 'report.js'), project_directory, start, end]
 
     def run(self):
         capture = self.capture()
@@ -61,10 +66,13 @@ def capture(self):
         :return: boolean
         """
         capture = None
+        if os.path.exists(phantomjs) is False:
+            logger.critical('[Capture] Please install phantomJS, doc: http://cobra.feei.cn/report')
+            return False
         p = subprocess.Popen(self.param, stdout=subprocess.PIPE)
         result, err = p.communicate()
         if 'Critical' in result:
-            logger.critical(result)
+            logger.critical('[Capture] ' + result)
             logger.critical('[Capture] Capture exception')
             return False
         lines = result.split('\n')
@@ -76,6 +84,7 @@ def capture(self):
             logger.critical('[Capture] get capture image file failed')
             return False
         else:
+            logger.info('[Capture] The screenshot capture success: {}'.format(capture))
             return os.path.join(project_directory, capture)
 
     def notification(self, capture_path):
@@ -89,10 +98,18 @@ def notification(self, capture_path):
         message['To'] = self.to
         message['Subject'] = self.subject
 
-        att = MIMEText(open(capture_path, 'rb').read(), 'base64', 'utf-8')
-        att['Content-Type'] = 'application/octet-stream'
-        att["Content-Disposition"] = 'attachment; filename="W({0}).png"'.format(self.wd)
-        message.attach(att)
+        # 周报图片以附件的形式发送
+        # att = MIMEText(open(capture_path, 'rb').read(), 'base64', 'utf-8')
+        # att['Content-Type'] = 'application/octet-stream'
+        # att["Content-Disposition"] = 'attachment; filename="W({0}).png"'.format(self.wd)
+        # message.attach(att)
+
+        # 周报图片以在正文中直接显示
+        with open(capture_path, "rb") as image_file:
+            encoded_string = base64.b64encode(image_file.read())
+
+        text = MIMEText('<img src="data:image/png;base64,{0}">'.format(encoded_string), 'html')
+        message.attach(text)
 
         try:
             smtp = smtplib.SMTP_SSL(host=self.host, port=self.port)
@@ -111,6 +128,6 @@ def notification(self, capture_path):
             return False
         except smtplib.SMTPException as error:
             logger.critical(error)
-            logger.critical('[EMAIL] Please config SMTP Server, port, username, password and sender in config file')
+            logger.critical('[EMAIL] Please config SMTP Server, port, username, to, password and sender in config file')
             return False
 

cobra/send_mail.py

@@ -42,7 +42,7 @@ def send_mail(target, filename, receiver):
 
     try:
         server.login(user=username, password=password)
-        server.sendmail(from_addr=sender, to_addrs=receiver, msg=msg.as_string())
+        server.sendmail(from_addr=username, to_addrs=receiver, msg=msg.as_string())
         server.quit()
         logger.info('[EMAIL] Email delivered successfully.')
         return True

cobra/templates/report_my.html

@@ -15,7 +15,6 @@
 
     <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css">
     <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,300i,400,400i,500,500i,600,600i,700,700i&amp;subset=latin-ext">
-    <script src="{{ url_for('static', filename='js/require.min.js') }}"></script>
     <script>
       requirejs.config({
           baseUrl: '.'
@@ -138,61 +137,47 @@ <h3 style="text-align: center;font-weight: bold;color: red;">Wow, no
                                     <div class="col-md-12">
                                         <div class="row">
                                             <div class="col-12 col-sm-6 col-lg-6">
-                                                <div class="card p-3">
-                                                    <div class="card-status bg-yellow-dark"></div>
-                                                    <div class="d-flex align-items-center">
-                                                        <span class="stamp stamp-md bg-yellow mr-3">
-                                                            <i class="fe fe-folder"></i>
-                                                        </span>
-                                                        <div>
-                                                            <h4 class="m-0">{{ total_files }}</h4>
-                                                            <small class="text-muted">Files</small>
-                                                        </div>
+                                                <div class="card">
+                                                    <div class="card-status  bg-red"></div>
+                                                    <div class="card-body p-1 text-center">
+                                                        <div class="h1 m-0">{{ total_files }}</div>
+                                                        <div class="text-muted">Files</div>
                                                     </div>
                                                 </div>
                                             </div>
                                             <div class="col-12 col-sm-6 col-lg-6">
-                                                <div class="card p-3">
+                                                <div class="card">
                                                     <div class="card-status bg-blue-dark"></div>
-                                                    <div class="d-flex align-items-center">
-                                                        <span class="stamp stamp-md bg-blue mr-3">
-                                                            <i class="fe fe-check-square"></i>
-                                                        </span>
+                                                    <div class="card-body p-1 text-center">
                                                         <div>
-                                                            <h4 class="m-0">{{ total }}</h4>
-                                                            <small class="text-muted">Targets</small>
+                                                            <h4 class="h1 m-0">{{ total }}</h4>
+                                                            <div class="text-muted">Targets</div>
                                                         </div>
                                                     </div>
                                                 </div>
                                             </div>
                                             <div class="col-12 col-sm-6 col-lg-6">
-                                                <div class="card p-3">
+                                                <div class="card">
                                                     <div class="card-status bg-red-dark"></div>
-                                                    <div class="d-flex align-items-center">
-                                                        <span class="stamp stamp-md bg-red mr-3">
-                                                            <i class="fe fe-zap"></i>
-                                                        </span>
+                                                    <div class="card-body p-1 text-center">
                                                         <div>
-                                                            <h4 class="m-0">{{ total_vul_number }}</h4>
-                                                            <small class="text-muted">Vulnerabilities</small>
+                                                            <h4 class="h1 m-0">{{ total_vul_number }}</h4>
+                                                            <div class="text-muted">Vulnerabilities</div>
                                                         </div>
                                                     </div>
                                                 </div>
                                             </div>
                                             <div class="col-12 col-sm-6 col-lg-6">
                                                 <div class="card p-1 pl-3">
                                                     <div class="card-status bg-green-dark"></div>
-                                                    <div class="d-flex align-items-center">
-                                                        <span class="stamp stamp-md bg-green mr-3">
-                                                            <i class="fe fe-clock"></i>
-                                                        </span>
+                                                    <div class="card-body p-1 text-center">
                                                         <div>
                                                             {% if time_start != '' %}
-                                                            <h4 class="m-0">{{ time_start }}<br>{{ time_end }}</h4>
-                                                            <small class="text-muted">Time</small>
+                                                            <h4 class="h4 m-1">{{ time_start }}~{{ time_end }}</h4>
+                                                            <div class="text-muted">Time</div>
                                                             {% else %}
-                                                            <h4 class="m-0">None<br>None</h4>
-                                                            <small class="text-muted">Time</small>
+                                                            <h4 class="h4 m-1">None<br>None</h4>
+                                                            <div class="text-muted">Time</div>
                                                             {% endif %}
                                                         </div>
                                                     </div>

docs/config.md

@@ -8,6 +8,7 @@ cp config.template config
 - 将扫描结果发送到指定邮箱
 - 扫描私有GIT项目
 - 变更API Server端口域名
+- Report模块CLI模式
 
 ---
 下一章：[升级框架和规则源](http://cobra.feei.cn/upgrade)

docs/index.md

@@ -77,6 +77,7 @@
 - 进阶使用
     - [高级功能配置](http://cobra.feei.cn/config)
     - [升级框架和规则源](http://cobra.feei.cn/upgrade)
+    - [Report模块使用](http://cobra.feei.cn/report)
 - 规则开发规范
     - [规则模板](http://cobra.feei.cn/rule_template)
     - [规则样例](http://cobra.feei.cn/rule_demo)

docs/installation.md

@@ -23,17 +23,17 @@ Cobra可运行在以下Python版本
 
 #### macOS系统依赖
 ```
-brew install grep findutils flex
+brew install grep findutils flex phantomjs
 ```
 
 #### Ubuntu系统依赖
 ```
-apt-get install flex bison
+apt-get install flex bison phantomjs
 ```
 
 #### CentOS系统依赖
 ```
-yum install flex bison
+yum install flex bison phantomjs
 ```
 
 ## 安装方法
@@ -43,5 +43,7 @@ pip install -r requirements.txt
 python cobra.py --help
 ```
 
+
+
 ---
 下一章：[CLI模式使用方法](http://cobra.feei.cn/cli)

docs/report.md

@@ -0,0 +1,36 @@
+# Report模块使用
+> Report模块主要用来指定时间段的漏洞统计，分为CLI模式和Web两种模式 
+
+### CLI模式
+> CLI模式在执行命令，自动使用*phantomjs*请求Report模块的Web页面，统计一周内的漏洞分布情况，并截图发送至指定邮箱
+
+#### 配置内容
+配置config文件:
+1. host：SMTP服务器地址
+2. port：SMTP服务器端口
+3. username：SMTP服务器登陆用户
+4. password：SMTP服务器登陆密码
+5. sender：发送人邮箱
+6. to：收件人邮箱
+7. cobra_ip：Cobra服务器地址
+
+#### 使用方法
+> 与Crontab定时任务使用，完成自动发送周报功能
+
+`python cobra.py -rp`执行命令，完成报告截图和发送邮件操作
+
+### Web模式
+
+#### URL
+http://127.0.0.1:8080/report进入Cobra Report页面，选择start 和 end时间查看指定时间段的扫描报告
+
+#### 报告内容
+1. 各等级漏洞数量
+2. Top 10漏洞饼图展示
+3. 扫描文件总数
+4. 扫描项目总数
+5. 扫描漏洞总数
+6. start时间，end时间
+7. 每日漏洞数量折线图展示
+
+下一章：[规则模板](http://cobra.feei.cn/rule_template)

docs/upgrade.md

@@ -6,4 +6,5 @@
 git pull origin master
 ```
 ---
-下一章：[规则模板](http://cobra.feei.cn/rule_template)
+下一章：[Report模块使用](http://cobra.feei.cn/report)
+