Merge pull request #155 from grutz/ny2015

Version 1.1.0 Release
KvasirSecurity · Jan 3, 2015 · 3b78b36 · 3b78b36
2 parents b21f408 + 3c98141
commit 3b78b36
Show file tree

Hide file tree

Showing 82 changed files with 401 additions and 219 deletions.
diff --git a/AUTHORS.md b/AUTHORS.md
@@ -1,20 +1,35 @@
 AUTHORS
-===================
+=======
 
 Kvasir started in 2010 by the Security Posture Assessment (SPA) team of
-Cisco Systems' Advanced Services group.
+Cisco Systems' Advanced Services group. It is currently maintained by a
+group of individuals.
 
 The PRIMARY AUTHORS are:
 
-* Kurt Grutzmacher <[email protected]> or <[email protected]>
+* Kurt Grutzmacher (@grutz)
 
 Additional contributors:
 
-* Lincoln Nguyen <[email protected]>
-* Vikas Singhal <[email protected]>
+* Lincoln Nguyen (@lincolnn)
+* Vikas Singhal (@vikasprogrammer)
+* Karn Ganeshen (@juushya)
+* Jan Rude (@whoot)
+* @andurin
+* @kimdane
+* @eddiezab
+* Samuel Bonilla (@pyner)
+* Markus Piéton (@marpie)
+* @001001
+* @hybriz
 
+The full list of code contributors and their contributions can be viewed at
+https://github.com/KvasirSecurity/Kvasir/graphs/contributors
 
 Thanks to the tireless members of the SPA team for their patience, use and
-continued support. Thanks to the manaagement team of Cisco Systems Advanced
-Services who supported the development and helped push for open sourcing this
-code.
+continued support. Thanks to the management team of Cisco Systems Advanced
+Services who supported the development and helped push for open sourcing
+this code.
+
+THANK YOU for using and contributing to the continued development of Kvasir!
+
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -1,6 +1,49 @@
 Kvasir Log of Notable Changes
 =============================
 
+01/02/15 : 1.1.0
+----------------
+
+https://github.com/KvasirSecurity/Kvasir/releases/tag/v1.1.0
+https://github.com/KvasirSecurity/Kvasir/issues?q=is%3Aissue+milestone%3A1.1.0+is%3Aclosed
+
+1.1.0 brings us a few steps further in the quest to not have more bugs.
+101 commits, 6 contributors and over 90 files modified. Whew!
+
+Sometimes I feel like Markowski in Wreck It Ralph. "Code the app, find bugs.
+Fix bugs! Make more bugs!" I'm hoping 1.2.0 will have working tests so this
+at least the old things won't break anymore. There are always old bugs to
+find so if you come across them, submit an issue!
+
+Notable enhancements and fixes:
+
+* Skaldship module refactoring for Metasploit, Nessus and Passwords
+* YAML-based configuration file, no more modifying db.py!
+* Vulnerability references can be added or removed from the UI
+* f_ipv4/f_ipv6 merged into f_ipaddr for t_hosts table
+* Added redirect page for external links, configurable in YAML file
+* Use select2 json to load large data like from t_vulndata
+* Old bugs fixed, new bugs added, hidden bugs still hidden
+
+
+04/21/14 : 1.0.1
+----------------
+
+https://github.com/KvasirSecurity/Kvasir/releases/tag/v1.0.1
+https://github.com/KvasirSecurity/Kvasir/issues?q=is%3Aissue+milestone%3A1.0.1+is%3Aclosed
+
+1.0.1 added quite a few new features and bug fixes with 156 commits, 666 file
+changes from 10 contributors! Most notable:
+
+* Nessus CSV and XML (.nessus) file parsing
+* Stronger NMAP parsing
+* Scan hosts via NMAP using web2py scheduler
+* Moved to a YAML configuration file, no more editing db.py!
+* Use CVSS or Severity for charts/stats
+* Add VNC screenshot Valkyrie
+* Exploit-db and PwnWiki support added
+
+
 09/23/13 : 1.0.0
 ----------------
 

diff --git a/LICENSE.md b/LICENSE.md
@@ -2,6 +2,7 @@ Kvasir License Agreement
 ========================
 
 Copyright (C) 2011-2014, Cisco Systems, Inc.
+Copyright (C) 2015, Kurt Grutzmacher
 
 All rights reserved.
 
@@ -35,7 +36,7 @@ POSSIBILITY OF SUCH DAMAGE.
 ================================================================================
 
 Kvasir is provided under the 3-clause BSD license above. The copyright on this
-package is held by Cisco Systems, Inc.
+package is held by Kurt Grutzmacher.
 
 This license does not apply to the following components and any component which
 may not be included in this list:

diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@ effective data management during a Penetration Test.
 
 Penetration tests can be data management nightmares because of the large
 amounts of information that is generally obtained. Vulnerability scanners
-return lots of actual and potential vulnerabilitites to review. Port
+return lots of actual and potential vulnerabilities to review. Port
 scanners can return thousands of ports for just a few hosts. How easy is
 it to share all this data with your co-workers?
 
@@ -15,17 +15,17 @@ started:
 
  * The latest version of web2py (http://www.web2py.com/)
  * A database (PostgreSQL known to work)
- * A network vulnerability scanner (Nexpose/Nmap supported)
+ * A network vulnerability scanner (Nexpose, Nessus and Nmap supported)
  * Additional python libraries
 
 Kvasir is a web2py application and can be installed for each customer or
 task. This design keeps data separated and from you accidentally attacking
 or reviewing other customers.
 
 This tool was developed primarily for the Cisco Systems Advanced Services
-Security Posture Assessment (SPA) team. While not every method used by the
-SPA team may directly relate we hope that this tool is something that can
-be molded and adapted to fit almost any working scenario.
+Security Posture Assessment (SPA) team. While not every methodology may not
+directly align, Kvasir is something that can be molded and adapted to fit
+almost any working scenario. Pull requests through Github are encouraged!
 
 
 DOCUMENTATION

diff --git a/TODO.md b/TODO.md
@@ -15,18 +15,8 @@ Urgents
 
 * Document server-side filtering for accounts and services in html
 
-* Nessus file parsing and API needs completion
-
-* Host filter should have some help attached to it
-
 * Send a host to be re-scanned and update/replace information
 
-* vulninfo-by-vulnid updates for adding exploit/references
-
-* Better Scheduler task management and integrate MSF Pro task viewing
-  Right now we just redirect to the MSF Pro workspace task detail but
-  the API code is there and functioning. Just not Kvasir UI.
-
 * Long output results should go into an alert div and not response.flash
 
 Needs
@@ -44,8 +34,6 @@ Needs
 
 * Kick off aux/exploits to Metasploit / CANVAS using their API
 
-* Kick off nmap scans and import results through scheduler
-
 * QualysGuard file parsing and API needs attention. Can use existing
   internal python library to parse XML report. API will require some
   coordination for access to dev/test.

diff --git a/controllers/accounts.py b/controllers/accounts.py
@@ -3,11 +3,12 @@
 ##--------------------------------------#
 ## Kvasir
 ##
-## (c) 2010-2013 Cisco Systems, Inc.
+## (c) 2010-2014 Cisco Systems, Inc.
+## (c) 2015 Kurt Grutzmacher
 ##
 ## Accounts controller
 ##
-## Author: Kurt Grutzmacher <[email protected]>
+## Author: Kurt Grutzmacher <[email protected]>
 ##--------------------------------------#
 
 from skaldship.hosts import get_host_record, host_title_maker, host_a_maker, create_hostfilter_query

diff --git a/controllers/api.py b/controllers/api.py
@@ -12,7 +12,7 @@
 ## function calls for three fields and you only want to pass the second
 ## field then submit (None, secondvariable, None)
 ##
-## Author: Kurt Grutzmacher <[email protected]>
+## Author: Kurt Grutzmacher <[email protected]>
 ##--------------------------------------#
 
 __version__ = "1.1.0"

diff --git a/controllers/cpe.py b/controllers/cpe.py
@@ -3,11 +3,12 @@
 ##--------------------------------------#
 ## Kvasir
 ##
-## (c) 2010-2013 Cisco Systems, Inc.
+## (c) 2010-2014 Cisco Systems, Inc.
+## (c) 2015 Kurt Grutzmacher
 ##
 ## CPE controller
 ##
-## Author: Kurt Grutzmacher <[email protected]>
+## Author: Kurt Grutzmacher <[email protected]>
 ##--------------------------------------#
 
 import logging

diff --git a/controllers/default.py b/controllers/default.py
@@ -3,11 +3,12 @@
 ##--------------------------------------#
 ## Kvasir
 ##
-## (c) 2010-2013 Cisco Systems, Inc.
+## (c) 2010-2014 Cisco Systems, Inc.
+## (c) 2015 Kurt Grutzmacher
 ##
 ## Default controller
 ##
-## Author: Kurt Grutzmacher <[email protected]>
+## Author: Kurt Grutzmacher <[email protected]>
 ##--------------------------------------#
 
 from skaldship.general import get_oreally_404

diff --git a/controllers/evidence.py b/controllers/evidence.py
@@ -3,11 +3,12 @@
 ##--------------------------------------#
 ## Kvasir
 ##
-## (c) 2010-2013 Cisco Systems, Inc.
+## (c) 2010-2014 Cisco Systems, Inc.
+## (c) 2015 Kurt Grutzmacher
 ##
 ## Evidence controller
 ##
-## Author: Kurt Grutzmacher <[email protected]>
+## Author: Kurt Grutzmacher <[email protected]>
 ##--------------------------------------#
 
 from skaldship.hosts import get_host_record, host_title_maker, host_a_maker, create_hostfilter_query

diff --git a/controllers/exploitdb.py b/controllers/exploitdb.py
@@ -10,7 +10,7 @@
 ## Download from https://github.com/offensive-security/exploit-database and place in a directory
 ## In kvasir.yaml set the directory in exploitdb_path, e.g. exploitdb_path: "/usr/share/exploitdb"
 ##
-## Author: Kurt Grutzmacher <[email protected]>
+## Author: Kurt Grutzmacher <[email protected]>
 ##--------------------------------------#
 
 try:

diff --git a/controllers/exploits.py b/controllers/exploits.py
@@ -3,11 +3,12 @@
 ##--------------------------------------#
 ## Kvasir
 ##
-## (c) 2010-2013 Cisco Systems, Inc.
+## (c) 2010-2014 Cisco Systems, Inc.
+## (c) 2015 Kurt Grutzmacher
 ##
 ## Exploits controller
 ##
-## Author: Kurt Grutzmacher <[email protected]>
+## Author: Kurt Grutzmacher <[email protected]>
 ##--------------------------------------#
 
 from skaldship.hosts import host_title_maker, get_host_record, create_hostfilter_query

diff --git a/controllers/hosts.py b/controllers/hosts.py
@@ -3,11 +3,12 @@
 ##--------------------------------------#
 ## Kvasir
 ##
-## (c) 2010-2013 Cisco Systems, Inc.
+## (c) 2010-2014 Cisco Systems, Inc.
+## (c) 2015 Kurt Grutzmacher
 ##
 ## Hosts controller
 ##
-## Author: Kurt Grutzmacher <[email protected]>
+## Author: Kurt Grutzmacher <[email protected]>
 ##--------------------------------------#
 
 from skaldship.hosts import create_hostfilter_query, get_host_record, pagination, host_title_maker

diff --git a/controllers/metasploit.py b/controllers/metasploit.py
@@ -3,11 +3,12 @@
 ##--------------------------------------#
 ## Kvasir
 ##
-## (c) 2010-2013 Cisco Systems, Inc.
+## (c) 2010-2014 Cisco Systems, Inc.
+## (c) 2015 Kurt Grutzmacher
 ##
 ## Metasploit controller
 ##
-## Author: Kurt Grutzmacher <[email protected]>
+## Author: Kurt Grutzmacher <[email protected]>
 ##--------------------------------------#
 
 from skaldship.hosts import get_host_record, host_title_maker

diff --git a/controllers/nessus.py b/controllers/nessus.py
@@ -2,11 +2,12 @@
 ##--------------------------------------#
 ## Kvasir
 ##
-## (c) 2010-2013 Cisco Systems, Inc.
+## (c) 2010-2014 Cisco Systems, Inc.
+## (c) 2015 Kurt Grutzmacher
 ##
 ## Nessus controller
 ##
-## Author: Kurt Grutzmacher <[email protected]>
+## Author: Kurt Grutzmacher <[email protected]>
 ##--------------------------------------#
 
 from skaldship.metasploit import msf_get_config

diff --git a/controllers/netbios.py b/controllers/netbios.py
@@ -3,11 +3,12 @@
 ##--------------------------------------#
 ## Kvasir
 ##
-## (c) 2010-2013 Cisco Systems, Inc.
+## (c) 2010-2014 Cisco Systems, Inc.
+## (c) 2015 Kurt Grutzmacher
 ##
 ## NetBIOS controller
 ##
-## Author: Kurt Grutzmacher <[email protected]>
+## Author: Kurt Grutzmacher <[email protected]>
 ##--------------------------------------#
 
 from skaldship.hosts import create_hostfilter_query, get_host_record, host_title_maker, host_a_maker

diff --git a/controllers/nexpose.py b/controllers/nexpose.py
@@ -2,11 +2,12 @@
 ##--------------------------------------#
 ## Kvasir
 ##
-## (c) 2010-2013 Cisco Systems, Inc.
+## (c) 2010-2014 Cisco Systems, Inc.
+## (c) 2015 Kurt Grutzmacher
 ##
 ## Nexpose controller
 ##
-## Author: Kurt Grutzmacher <[email protected]>
+## Author: Kurt Grutzmacher <[email protected]>
 ##--------------------------------------#
 
 from nxajax import NXAJAX, ScanTemplates

diff --git a/controllers/nmap.py b/controllers/nmap.py
@@ -2,11 +2,12 @@
 ##--------------------------------------#
 ## Kvasir
 ##
-## (c) 2010-2013 Cisco Systems, Inc.
+## (c) 2010-2014 Cisco Systems, Inc.
+## (c) 2015 Kurt Grutzmacher
 ##
 ## Nmap controller
 ##
-## Author: Kurt Grutzmacher <[email protected]>
+## Author: Kurt Grutzmacher <[email protected]>
 ##--------------------------------------#
 
 import logging

diff --git a/controllers/notes.py b/controllers/notes.py
@@ -3,11 +3,12 @@
 ##--------------------------------------#
 ## Kvasir
 ##
-## (c) 2010-2013 Cisco Systems, Inc.
+## (c) 2010-2014 Cisco Systems, Inc.
+## (c) 2015 Kurt Grutzmacher
 ##
 ## Evidence controller
 ##
-## Author: Kurt Grutzmacher <[email protected]>
+## Author: Kurt Grutzmacher <[email protected]>
 ##--------------------------------------#
 
 from skaldship.hosts import get_host_record, host_title_maker, host_a_maker

diff --git a/controllers/os.py b/controllers/os.py
@@ -3,11 +3,12 @@
 ##--------------------------------------#
 ## Kvasir
 ##
-## (c) 2010-2013 Cisco Systems, Inc.
+## (c) 2010-2014 Cisco Systems, Inc.
+## (c) 2015 Kurt Grutzmacher
 ##
 ## OS controller
 ##
-## Author: Kurt Grutzmacher <[email protected]>
+## Author: Kurt Grutzmacher <[email protected]>
 ##--------------------------------------#
 
 from skaldship.hosts import get_host_record, host_title_maker, host_a_maker

diff --git a/controllers/report.py b/controllers/report.py
@@ -3,11 +3,12 @@
 ##--------------------------------------#
 ## Kvasir
 ##
-## (c) 2010-2013 Cisco Systems, Inc.
+## (c) 2010-2014 Cisco Systems, Inc.
+## (c) 2015 Kurt Grutzmacher
 ##
 ## Reporting controller
 ##
-## Author: Kurt Grutzmacher <[email protected]>
+## Author: Kurt Grutzmacher <[email protected]>
 ##--------------------------------------#
 
 from skaldship.general import cvss_metrics