From 858e57707457e855dc8902c42551a02b4e6c3084 Mon Sep 17 00:00:00 2001 From: devplayer55221 Date: Wed, 16 Oct 2024 00:04:41 +0530 Subject: [PATCH 1/4] Adding downloading script for Misconfig Mapper --- Dockerfile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Dockerfile b/Dockerfile index bec0c46..8c06642 100644 --- a/Dockerfile +++ b/Dockerfile @@ -74,6 +74,14 @@ RUN mv Corsy-1.0-rc Corsy RUN mv Corsy /usr/bin RUN rm -rf * +# Installing Misconfig Mapper +RUN echo "Installing Misconfig Mapper" +RUN wget https://github.com/intigriti/misconfig-mapper/archive/refs/tags/v1.10.0.zip +RUN unzip v1.10.0.zip +RUN mv misconfig-mapper-1.10.0 misconfig-mapper +RUN mv misconfig-mapper /usr/bin +RUN rm -rf * + # Install Poetry RUN pip install poetry==1.4.2 From 13b12ee1daf73449ef2a8bcd65e1ecc7a6b59366 Mon Sep 17 00:00:00 2001 From: devplayer55221 Date: Wed, 16 Oct 2024 00:19:30 +0530 Subject: [PATCH 2/4] Adding installing script for Misconfig Mapper --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 8c06642..8e26e3b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -79,6 +79,9 @@ RUN echo "Installing Misconfig Mapper" RUN wget https://github.com/intigriti/misconfig-mapper/archive/refs/tags/v1.10.0.zip RUN unzip v1.10.0.zip RUN mv misconfig-mapper-1.10.0 misconfig-mapper +RUN cd misconfig-mapper +RUN go build -o misconfig-mapper +RUN cd .. RUN mv misconfig-mapper /usr/bin RUN rm -rf * From 35f609da412d082f1427179c9c94f76dc2c65549 Mon Sep 17 00:00:00 2001 From: devplayer55221 Date: Wed, 16 Oct 2024 01:16:42 +0530 Subject: [PATCH 3/4] Adding script for installing Go --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 8e26e3b..288a141 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,6 +6,9 @@ RUN apt-get update && apt-get install -y wget unzip tar gcc libpcap-dev dnsutils # Install git RUN apt-get update --fix-missing && apt install git -y +# Install golang +RUN apt-get install golang-go + # Setup work directory WORKDIR /home/mantis From 88dab46556ad6cc2b80ea7e59feeb36236f2ce80 Mon Sep 17 00:00:00 2001 From: devplayer55221 Date: Fri, 18 Oct 2024 03:41:02 +0530 Subject: [PATCH 4/4] Extract Report yaml block in python dictionary format --- Dockerfile | 14 -------------- configs/local.yml | 8 ++++++++ mantis/config_parsers/config_client.py | 22 ++++++++++++++++++++++ mantis/models/args_model.py | 1 + mantis/utils/args_parse.py | 19 ++++++++++++++++++- mantis/utils/config_utils.py | 5 +++++ mantis/workflows/mantis_workflow.py | 3 +++ mantis/workflows/report_workflow.py | 12 ++++++++++++ setup/docker/docker-compose.yml | 5 ++++- 9 files changed, 73 insertions(+), 16 deletions(-) create mode 100644 mantis/workflows/report_workflow.py diff --git a/Dockerfile b/Dockerfile index 288a141..bec0c46 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,9 +6,6 @@ RUN apt-get update && apt-get install -y wget unzip tar gcc libpcap-dev dnsutils # Install git RUN apt-get update --fix-missing && apt install git -y -# Install golang -RUN apt-get install golang-go - # Setup work directory WORKDIR /home/mantis @@ -77,17 +74,6 @@ RUN mv Corsy-1.0-rc Corsy RUN mv Corsy /usr/bin RUN rm -rf * -# Installing Misconfig Mapper -RUN echo "Installing Misconfig Mapper" -RUN wget https://github.com/intigriti/misconfig-mapper/archive/refs/tags/v1.10.0.zip -RUN unzip v1.10.0.zip -RUN mv misconfig-mapper-1.10.0 misconfig-mapper -RUN cd misconfig-mapper -RUN go build -o misconfig-mapper -RUN cd .. -RUN mv misconfig-mapper /usr/bin -RUN rm -rf * - # Install Poetry RUN pip install poetry==1.4.2 diff --git a/configs/local.yml b/configs/local.yml index 4bb05be..9209778 100644 --- a/configs/local.yml +++ b/configs/local.yml @@ -1,5 +1,13 @@ # Do not store sensitive information and check-in code to gitlab +report: + title: "Attack Surface Management Report" + author: "John Doe" + date: "2024-09-30" + header: "Confidential - For Internal Use Only" + footer: "Company XYZ - All Rights Reserved" + format: "pdf" + workflow: - workflowName: 'default' schedule: 'daily between 00:00 and 04:00' diff --git a/mantis/config_parsers/config_client.py b/mantis/config_parsers/config_client.py index ef0880d..b40e5a0 100644 --- a/mantis/config_parsers/config_client.py +++ b/mantis/config_parsers/config_client.py @@ -26,6 +26,22 @@ def convert_yml_to_obj(yml_file_path): logging.error('(convert_yml_to_obj) Error in reading yml file: {}, Reason: {}'.format(yml_file_path, e)) sys.exit(0) + + @staticmethod + def convert_yml_to_dict(yml_file_path): + config = dict() + try: + with open(yml_file_path, 'r') as yml_file: + yml_to_dict = yaml.load(yml_file, Loader=yaml.SafeLoader) + config.update(yml_to_dict) + ConfigProvider.yml_config = config + except yaml.YAMLError as e: + logging.error('(convert_yml_to_obj) Error in reading yml file: {}, Reason: {}'.format(yml_file_path, e)) + sys.exit(0) + except OSError as e: + logging.error('(convert_yml_to_obj) Error in reading yml file: {}, Reason: {}'.format(yml_file_path, e)) + sys.exit(0) + @staticmethod def get_local_config(): @@ -40,3 +56,9 @@ def get_config(): else: ConfigProvider.get_local_config() return ConfigProvider.yml_config + + @staticmethod + def get_report(): + config_path = os.path.join('configs', 'local.yml') + ConfigProvider.convert_yml_to_dict(config_path) + return ConfigProvider.yml_config.get("report") \ No newline at end of file diff --git a/mantis/models/args_model.py b/mantis/models/args_model.py index ceb59bc..7c4574a 100644 --- a/mantis/models/args_model.py +++ b/mantis/models/args_model.py @@ -21,5 +21,6 @@ class ArgsModel(BaseModel): subdomain: str = Field(None) list_: bool = False list_orgs: bool = False + report_: bool = False in_scope: bool = False \ No newline at end of file diff --git a/mantis/utils/args_parse.py b/mantis/utils/args_parse.py index 061cb32..f3d6ebd 100644 --- a/mantis/utils/args_parse.py +++ b/mantis/utils/args_parse.py @@ -51,6 +51,14 @@ def list_msg(name=None): \033[0;32mmantis list {subcommand}\033[0m ''' + + @staticmethod + def report_msg(name=None): + return ''' + \033[1;34mREPORT:\033[0m + + \033[0;32mmantis report -o example_org\033[0m + ''' @staticmethod def args_parse() -> ArgsModel: @@ -235,7 +243,13 @@ def args_parse() -> ArgsModel: help = 'List only the records from nameserver that are in scope', action = 'store_true' ) + + report_parser = subparser.add_parser("report", help="Generate report", usage=ArgsParse.report_msg()) + report_parser.add_argument('-o', '--org', + dest = 'org', + required = True, + help = "name of the organisation") list_parser = subparser.add_parser("list", help="List entities present in db", usage=ArgsParse.list_msg()) @@ -259,7 +273,7 @@ def args_parse() -> ArgsModel: parsed_args['input_type'] = "file" parsed_args['input'] = str(args.file_name) - if args.subcommand != "list": + if args.subcommand != "list" and args.subcommand != "report": if args.aws_profiles: parsed_args["aws_profiles"] = args.aws_profiles.split(',') @@ -314,6 +328,9 @@ def args_parse() -> ArgsModel: if args.list_sub_command == "orgs": parsed_args["list_orgs"] = True + if args.subcommand == "report": + parsed_args["report_"] = True + args_pydantic_obj = ArgsModel.parse_obj(parsed_args) logging.info(f'parsed args - {args_pydantic_obj}') logging.info(f"Parsing Arguements - Completed") diff --git a/mantis/utils/config_utils.py b/mantis/utils/config_utils.py index 432decd..35959e3 100644 --- a/mantis/utils/config_utils.py +++ b/mantis/utils/config_utils.py @@ -34,3 +34,8 @@ def is_scanNewOnly_tool(tool_name, args): return False else: return True + + @staticmethod + def get_report_dict(): + report = ConfigProvider.get_report() + return report diff --git a/mantis/workflows/mantis_workflow.py b/mantis/workflows/mantis_workflow.py index 5befd7c..45a6fab 100644 --- a/mantis/workflows/mantis_workflow.py +++ b/mantis/workflows/mantis_workflow.py @@ -1,6 +1,7 @@ from mantis.models.args_model import ArgsModel from mantis.modules.workflow import Workflow from mantis.workflows.list_workflow import ListWorkflow +from mantis.workflows.report_workflow import ReportWorkflow import asyncio class MantisWorkflow: @@ -9,6 +10,8 @@ def select_workflow(args: ArgsModel) -> None: if args.list_: asyncio.run(ListWorkflow.executor(args)) + elif args.report_: + asyncio.run(ReportWorkflow.executor()) else: asyncio.run(Workflow.workflow_executor(args)) \ No newline at end of file diff --git a/mantis/workflows/report_workflow.py b/mantis/workflows/report_workflow.py new file mode 100644 index 0000000..f07e967 --- /dev/null +++ b/mantis/workflows/report_workflow.py @@ -0,0 +1,12 @@ +import logging +from mantis.utils.config_utils import ConfigUtils + +class ReportWorkflow: + + @staticmethod + async def executor(): + + report = ConfigUtils.get_report_dict() + + logging.info("Generating report yaml block as dictionary") + print(f"Report: {report}") diff --git a/setup/docker/docker-compose.yml b/setup/docker/docker-compose.yml index 25a95d1..9e47a22 100644 --- a/setup/docker/docker-compose.yml +++ b/setup/docker/docker-compose.yml @@ -1,6 +1,9 @@ services: mantis: - image: ghcr.io/phonepe/mantis:latest + #image: ghcr.io/phonepe/mantis:latest + build: + dockerfile: Dockerfile + context: ../../ container_name: mantis restart: on-failure command: sleep infinity