Welcome!¶
Here we present the ptp
(Pentesters’ Tools Parser) project and answer
the What is it? What does it do? Why does it do it? How does it do it?
questions.
The project has been developed during the Google Summer of Code 2014, 10th edition, in order to create an automated ranking system for the OWASP - OWTF project.
OWASP - OWTF in a word¶
The OWASP - OWTF project provides an efficient approach to combine the power of automation with the out-of-the-box thinking that only the user can provide.
It gathers a complete set of plugins and merges their results into an interactive report. The user has then the possibility to add notes, to change details and to add media like screenshots in order to have a complete report.
The goals aimed by ptp
¶
The primary goal of ptp
is to enhance OWASP - OWTF in order to provide
an automated ranking for each plugin. This will allow the user to focus
attention on the most likely weak areas of a web application or network first,
which will be valuable to efficiently use the remaining time in a penetration
assessment.
Instead of evaluating every plugins run by OWASP - OWTF and defining the
rankings for each of them, thanks to ptp
, the user will be able to focus
on the ones that have been ranked with the highest risks. The user is then able
to confirm or override the automated rankings since we estimate that she/he is
the only one that can accurately detect the false positives.
When developing the automated ranking system, ptp
’s main goal was joined
with a secondary one. Apart from its main feature which is ranking the
results from security tools reports, it also provides an unified way to
reuse these reports directly in your python code, without having to deal with
complex parsing.
Note
The long-term objective for ptp
is to support all security tools and
tests. But ptp
is in its early development phase and only supports
the main ones for now.
Warning
Since v0.4, PTP relies on the fact that the supported tools are following semantic version (except observed otherwise). In other words, as long as the tool doesn’t update its MAJOR version, PTP will assume that it can parse its report, reducing the maintenance cost on our side.
Installation¶
Using pip¶
The ptp
library is available on PyPI
at the following address: https://pypi.python.org/pypi/ptp.
The easiest way to install it is using pip.
$ pip install ptp
Note
If an error occurs during the installation process, check your permissions. It might be required to run pip as root.
From scratch¶
It is also possible to install the library from its repository. You will then be able to use the latest possible version or even try the develop branch.
The first step is to clone the repository of the project:
$ git clone https://github.com/owtf/ptp.git
Then use the Makefile command:
$ make install
Basic usage¶
Auto-detection mode¶
The ptp
module provides the ptp.PTP
class that exposes the
public API of the library.
The simplest way to use ptp.PTP
is with the auto-detection mode.
This mode tries to reduce as much as possible our work by auto-detecting which
tool has generated a given report and use the corresponding
ptp.libptp.parser.AbstractParser
.
That way, we do not need to know if the report we want to parse has been generated by W3AF, DirBuster or even Skipfish.
Example:
>>> from ptp import PTP
>>> myptp = PTP()
>>> myptp.parse(pathname='my/directory', filename='my_report')
[{'ranking': 4}, ..., {'ranking': 3}, ..., {'ranking': 1}]
Note
In the example above, the filename could have been omitted. In that case,
ptp
would have recursively walked into the directory pathname
until a file would have matched one supported tool.
For instance, we could have done:
>>> from ptp import PTP
>>> myptp = PTP()
>>> myptp.parse(pathname='my/directory')
[{'ranking': 4}, ..., {'ranking': 3}, ..., {'ranking': 1}]
Be careful though, when omitting the filename parameter, ptp
will
stop as soon as a supported report file will be found! (i.e. ptp
will not parse all the files in the pathname directory.)
In order to force ptp
to process each file that has been found, the
parameter first
must be set to False
like below:
>>> myptp = PTP()
>>> myptp.parse(pathname='my/directory', first=False)
If we are only looking for the highest risk that is listed in the report, we can use the following function:
>>> myptp.highest_ranking
4
>>> from libptp.constants import HIGH
>>> myptp.highest_ranking == HIGH
True
Note
To know the possible ranking values, please refer to the Constants section.
Explicit mode¶
If we already know which tool has generated the report, we can explicitly give
that information to ptp.PTP
. That will even speed up the whole process
since it will not have to lookup for the right parser.
The list of the supported tools can be found like below:
>>> PTP.supported
{
'arachni': [<class 'libptp.tools.arachni.parser.ArachniXMLParser'>],
'dirbuster': [<class 'libptp.tools.dirbuster.parser.DirbusterParser'>],
'metasploit': [<class 'libptp.tools.metasploit.parser.MetasploitParser'>],
'nmap': [<class 'libptp.tools.nmap.parser.NmapXMLParser'>],
<class 'libptp.tools.wapiti.parser.WapitiXMLParser'>,
<class 'libptp.tools.wapiti.parser.Wapiti221XMLParser'>
],
'owasp-cm-008': [<class 'libptp.tools.owasp.cm008.parser.OWASPCM008Parser'>],
'robots': [<class 'libptp.tools.robots.parser.RobotsParser'>]
'skipfish': [<class 'libptp.tools.skipfish.parser.SkipfishJSParser'>],
'wapiti': [
'w3af': [<class 'libptp.tools.w3af.parser.W3AFXMLParser'>],
}
Warning
The current support to Nmap does not provide any ranking yet. Refer to the Nmap section for more information.
Example:
>>> myptp = PTP('skipfish')
>>> myptp.parse(pathname='my/other/directory')
[{'ranking': 2}, {'ranking': 2}, {'ranking': 1}]
Attributes¶
If we are interested in the name of the tool that generated the report, it is
stored in the ptp.PTP.tool_name
attribute and can be retrieved like
below:
>>> print(myptp.tool_name)
arachni # In our case, it is Arachni that has generated our report.
We can also retrieve the list of the vulnerabilities thanks to the
ptp.PTP.vulns
attribute:
>>> myptp.vulns
[{'ranking': 4}, ..., {'ranking': 3}, ..., {'ranking': 1}]
And the metadata thanks to the ptp.PTP.metadata
attribute.
>>> myptp.metadata
{'version': 'a.b'}
Unit tests¶
The ptp
module can be tested by running following command:
$ make check
Note
Make sure that make install
has been successful before running the script. Plus, there are additional
dependencies for running the unit tests suites such as nosetest, coverage, mock and pyhamcrest
Example of running all tests:
make check
nosetests -v -d --cover-erase --with-coverage --cover-package=ptp
test_constants_high (tests.libptp.test_constants.TestLibptpConstants) ... ok
test_constants_info (tests.libptp.test_constants.TestLibptpConstants) ... ok
# [ omitted ]
test_ptp_parse_mock_parser (tests.test_ptp.TestPTP) ... ok
test_ptp_parse_no_tool (tests.test_ptp.TestPTP) ... ok
Name Stmts Miss Cover Missing
-------------------------------------------------------------------
ptp.py 1 0 100%
ptp/libptp.py 0 0 100%
ptp/libptp/constants.py 6 0 100%
ptp/libptp/exceptions.py 8 0 100%
ptp/libptp/parser.py 91 0 100%
ptp/ptp.py 64 0 100%
ptp/tools.py 0 0 100%
ptp/tools/arachni.py 0 0 100%
ptp/tools/arachni/parser.py 88 0 100%
ptp/tools/burpsuite.py 0 0 100%
ptp/tools/burpsuite/parser.py 45 3 93% 79, 88-89
ptp/tools/dirbuster.py 0 0 100%
ptp/tools/dirbuster/parser.py 57 0 100%
ptp/tools/dirbuster/signatures.py 3 0 100%
ptp/tools/hoppy.py 0 0 100%
ptp/tools/metasploit.py 0 0 100%
ptp/tools/metasploit/parser.py 22 12 45% 28-29, 46-48, 58, 67-76
ptp/tools/metasploit/signatures.py 2 0 100%
ptp/tools/nmap.py 0 0 100%
ptp/tools/nmap/parser.py 26 15 42% 38-46, 58-62, 76-77
ptp/tools/owasp.py 0 0 100%
ptp/tools/owasp/cm008.py 0 0 100%
ptp/tools/owasp/cm008/parser.py 20 0 100%
ptp/tools/owasp/cm008/signatures.py 2 0 100%
ptp/tools/robots.py 0 0 100%
ptp/tools/robots/parser.py 22 0 100%
ptp/tools/robots/signatures.py 2 0 100%
ptp/tools/skipfish.py 0 0 100%
ptp/tools/skipfish/parser.py 100 5 95% 148, 153-155, 206
ptp/tools/w3af.py 0 0 100%
ptp/tools/w3af/parser.py 68 0 100%
ptp/tools/wapiti.py 0 0 100%
ptp/tools/wapiti/parser.py 80 0 100%
ptp/tools/wapiti/signatures.py 2 0 100%
-------------------------------------------------------------------
TOTAL 709 35 95%
----------------------------------------------------------------------
Ran 137 tests in 3.562s
OK (SKIP=7)