From ecebf3b6ff71d5df401bae88498c448af630ffe8 Mon Sep 17 00:00:00 2001 From: Phil Behnke Date: Thu, 22 Feb 2024 12:03:38 -0500 Subject: [PATCH 1/4] Fix importing of CIDR blocks as targets: https://github.com/yogeshojha/rengine/issues/1163 --- web/targetApp/views.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/targetApp/views.py b/web/targetApp/views.py index c67cbee41..e6d1d912e 100644 --- a/web/targetApp/views.py +++ b/web/targetApp/views.py @@ -92,8 +92,8 @@ def add_target(request, slug): domains.append(target) elif is_range: - ips = get_ips_from_cidr_range(target) - for ip_address in ips: + _ips = get_ips_from_cidr_range(target) + for ip_address in _ips: ips.append(ip_address) domains.append(ip_address) else: From 3b50bffbf81c0b8b43ea61d53958390762d2306b Mon Sep 17 00:00:00 2001 From: Phil Behnke Date: Thu, 22 Feb 2024 16:38:16 -0500 Subject: [PATCH 2/4] Fix resolving CIDR blocks on "Resolve and add IP Address" tab: https://github.com/yogeshojha/rengine/issues/1163 --- web/api/views.py | 27 +++++++++++++----------- web/targetApp/templates/target/add.html | 28 ++++++++++++++----------- 2 files changed, 31 insertions(+), 24 deletions(-) diff --git a/web/api/views.py b/web/api/views.py index 8bcf46a84..7f8cb121a 100644 --- a/web/api/views.py +++ b/web/api/views.py @@ -2,6 +2,7 @@ import re import socket import subprocess +from ipaddress import IPv4Network import requests import validators @@ -1084,20 +1085,22 @@ def get(self, request): }) try: logger.info(f'Resolving IP address {ip_address} ...') - domain, domains, ips = socket.gethostbyaddr(ip_address) - response = { - 'status': True, - 'ip_address': ip_address, - 'domains': domains or [domain], - 'resolves_to': domain - } - except socket.herror: # ip does not have a PTR record - logger.info(f'No PTR record for {ip_address}') + resolved_ips = [] + for ip in IPv4Network(ip_address): + domains = [] + ips = [] + try: + (domain, domains, ips) = socket.gethostbyaddr(str(ip)) + except socket.herror: + logger.info(f'No PTR record for {ip_address}') + domain = str(ip) + if domain not in domains: + domains.append(domain) + resolved_ips.append({'ip': str(ip),'domain': domain, 'domains': domains, 'ips': ips}) response = { 'status': True, - 'ip_address': ip_address, - 'domains': [ip_address], - 'resolves_to': ip_address + 'orig': ip_address, + 'ip_address': resolved_ips, } except Exception as e: logger.exception(e) diff --git a/web/targetApp/templates/target/add.html b/web/targetApp/templates/target/add.html index b7c5562f4..a16be5d8b 100644 --- a/web/targetApp/templates/target/add.html +++ b/web/targetApp/templates/target/add.html @@ -257,18 +257,22 @@
if (json_data['status']) { // #resolved_domains_div $("#all_domains_checkbox").show(); - $('#resolved_domains_div').append(`${json_data['domains'].length} domains associated with IP Address ${ip_address.value}
`); - $('#resolved_domains_div').append(`Please select the domains to import.`); - $('#resolved_domains_div').append(`
`); - for (var domain in json_data['domains']) { - $('#domains_checkbox').append(` -
-
- - -
-
` - ); + if(Array.isArray(json_data['ip_address'])) { + $('#resolved_domains_div').append(`${json_data['ip_address'].length} domains associated with IP Address ${json_data['orig']}
`); + $('#resolved_domains_div').append(`Please select the domains to import.`); + $('#resolved_domains_div').append(`
`); + json_data['ip_address'].forEach((ip_info, index, array) => { + for (var domain in ip_info['domains']) { + $('#domains_checkbox').append(` +
+
+ + +
+
` + ); + } + }) } swal.close(); // resolved_ip_domains if any is checked, then only enable add button From d15417edbbf1cb10ad6efa125f649abf1536e5f2 Mon Sep 17 00:00:00 2001 From: Phil Behnke Date: Mon, 26 Feb 2024 16:41:21 -0500 Subject: [PATCH 3/4] Create entries in database for domains added via resolving an IP --- web/targetApp/views.py | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/web/targetApp/views.py b/web/targetApp/views.py index e6d1d912e..488cd33a9 100644 --- a/web/targetApp/views.py +++ b/web/targetApp/views.py @@ -203,6 +203,35 @@ def add_target(request, slug): description=description, insert_date=timezone.now()) added_target_count += 1 + elif ip_target: + # add ip's from "resolve and add ip address" tab + resolved_ips = [ip.rstrip() for ip in request.POST.getlist('resolved_ip_domains') if ip] + for ip in resolved_ips: + is_domain = bool(validators.domain(ip)) + is_ip = bool(validators.ipv4(ip)) or bool(validators.ipv6(ip)) + description = request.POST.get('targetDescription', '') + h1_team_handle = request.POST.get('targetH1TeamHandle') + if not Domain.objects.filter(name=ip).exists(): + domain, created = Domain.objects.get_or_create( + name=ip, + description=description, + h1_team_handle=h1_team_handle, + project=project, + ip_address_cidr=ip if is_ip else None) + domain.insert_date = timezone.now() + domain.save() + added_target_count += 1 + if created: + logger.info(f'Added new domain {domain.name}') + if is_ip: + ip_data = get_ip_info(ip) + ip, created = IpAddress.objects.get_or_create(address=ip) + ip.reverse_pointer = ip_data.reverse_pointer + ip.is_private = ip_data.is_private + ip.version = ip_data.version + ip.save() + if created: + logger.info(f'Added new IP {ip}') except Exception as e: logger.exception(e) From a10b5b195d7558caf322348d6259bcb9e8ad0423 Mon Sep 17 00:00:00 2001 From: Phil Behnke Date: Tue, 27 Feb 2024 11:45:01 -0500 Subject: [PATCH 4/4] Disable strict checking of host bits in cidr notation. See https://docs.python.org/3/library/ipaddress.html\#ipaddress.IPv4Network --- web/api/views.py | 2 +- web/targetApp/views.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/web/api/views.py b/web/api/views.py index 7f8cb121a..375d03ea6 100644 --- a/web/api/views.py +++ b/web/api/views.py @@ -1086,7 +1086,7 @@ def get(self, request): try: logger.info(f'Resolving IP address {ip_address} ...') resolved_ips = [] - for ip in IPv4Network(ip_address): + for ip in IPv4Network(ip_address, False): domains = [] ips = [] try: diff --git a/web/targetApp/views.py b/web/targetApp/views.py index 488cd33a9..07db78d42 100644 --- a/web/targetApp/views.py +++ b/web/targetApp/views.py @@ -583,6 +583,6 @@ def get_ip_info(ip_address): def get_ips_from_cidr_range(target): try: - return [str(ip) for ip in ipaddress.IPv4Network(target)] + return [str(ip) for ip in ipaddress.IPv4Network(target, False)] except Exception as e: logger.error(f'{target} is not a valid CIDR range. Skipping.')