Hi
I have a error when i first entre the site: localhost:8083, it's monitor the page and show 'user has no profile' after i enter the compte defaut(Admin/Bonjour1!)

Bien Cordialement
Merci

The view for adding a finding manually seems broken.

It would be great, if it would be possible to import a nessus report.
Therefor a nessus file parser is required.

It looks very cool and promising. Do you have already evaluated an integration with MISP? We would be eager to do some test during our next hackathon.

Hi,

When I create new Scan (Sometimes) not always before run scan, raise Kombu Exceptions...

But New Scan have been create, but no started

Thanks

When you import findings (with new assets) the asset value can only be an ip address. This causes issues with multiple systems/domains behind a one ip address. Then only one asset will be created and the findings (for multiple systems/domains) will be added to this one asset.

Proposed solution: Change the format for the _import_findings and the _create_asset_on_import method, so that assets are not only a list but a dict with the asset parameters.

{
    "targets": [
        {
            "name": "System name",
            "type": "fqdn/ip/rdns/...",
            "value": "system.example.com/1.2.3.4/...",
            "description": "infos",
            "categroies": ["OS", "Windows Server"]
        }
    ],
    "metadata": {
        "risk": {
            "cvss_base_score": "0.0"
        },
        "vuln_refs": {},
        "links": [],
        "tags": []
    },
    "title": "title",
    "type": "Vuln",
    "confidence": "3",
    "severity": "info",
    "description": "n/a",
    "solution": "n/a",
    "raw": ""
}

When the asset was modify, the value change with adding b'...'

version: 1.1.1-RC4 // Community Edition

Importing nessus scan results via UI is ok, but I need to automate this - there is any way to import the file via API?

Hello,

A scan definition cannot be update.
After a clic on the "Update the scan definition" orange button, the UI stay in the edit scan definition view and the modification is ignore (lost).

Hi,

I've deployed a PatrowlEngine-VirusTotal running on port 5007 on the same machine as PatrowlManager which is running on port 8000. But I don't understand how am I supposed to connect the two.
From the "+ Add scan engine instance" view, it almost seems that it would create a new instance of the VirusTotal Engine instead of using the one already created. Does PatrowlManager recognizes the engine automatically?

Many thanks

Hello,

I do not understand the impact to change the prebuilt allowed asset for each engine.
Do the code need a modification ?

By default :

• nmap is limited to only IP ? Adding fqdn and domain would be great.
• Why Nessus and nmap do not have ip-subnet vs openvas ?
• Why Organization is never used. Could it be used for owl_leaks ?

Hello,
Thanks for your tool.
When trying to create finding manually I got the error below

'dict' object has no attribute 'risk_info'
Request Method:	POST
Request URL:	http://web:8003/findings/add
Django Version:	1.11.20
Exception Type:	AttributeError
Exception Value:	
'dict' object has no attribute 'risk_info'
Exception Location:	/opt/patrowl-manager/findings/views.py in add_finding_view, line 208
Python Executable:	/opt/patrowl-manager/env/bin/python
Python Version:	2.7.16
Python Path:	
['/opt/patrowl-manager',
 '/opt/patrowl-manager/env/bin',
 '/opt/patrowl-manager/env/lib/python27.zip',
 '/opt/patrowl-manager/env/lib/python2.7',
 '/opt/patrowl-manager/env/lib/python2.7/plat-linux2',
 '/opt/patrowl-manager/env/lib/python2.7/lib-tk',
 '/opt/patrowl-manager/env/lib/python2.7/lib-old',
 '/opt/patrowl-manager/env/lib/python2.7/lib-dynload',
 '/usr/local/lib/python2.7',
 '/usr/local/lib/python2.7/plat-linux2',
 '/usr/local/lib/python2.7/lib-tk',
 '/opt/patrowl-manager/env/lib/python2.7/site-packages',
 '/opt/patrowl-manager']
Server time:	Wed, 24 Apr 2019 15:54:44 +0200

Hi,
I'm trying to launch a scan with openvas, but currently no policy is available.

I have tried to add a policy manually (but I don't known what I need to fill in the options form),
and I'm getting an error

https://gist.github.com/aderumier/db85a0fea2e1ea1e3089fd068613e992.

Can somebody have some infos or tuto about openvas integration ?

In my opinion it would be better, if the assets are ranked in four criticality levels instead of three. If there are three criticality levels, many people will choose the one in the middle. With four, they are forced to give it at least a tendency.

Hi,

On Monday, August 19th, I've set up the environment through docker_compose file - all went good.
The problem appeared when I attempted to manual import a Nessus xml report file - the app showed no error, but no findings were uploaded to the DB. Listing the events table revealed that only the first event were logged:
[EngineTasks/importfindings_task/5d3554af-1041-45f4-aa04-683603b2a3aa] Task started with engine nessus.
after that - nothing, even exception. The docker also shows no exception.

I've added additional event recording to be sure that no exception occurs - below the if engine == 'nessus': and below the else - no event is recorded. I've wrapped the whole importfindings_task method content in a try/catch - again nothing!

Any suggestion?

P/S: Tested against latest version (at 2019.08.22) - same issue. Tested with latest version for Python 2 - seems fine

Hi,

When try to add new Rules from "Nav-Menu" get a erros, because the "route" in urls.py it's not correct.

[Screenshots]

Need to change /rules/add to /rules/api/vi/add

Thanks!

I think that you are doing a very necessary system and your idea is cool, but at the moment it has a lot of bugs. From what I noticed, the assets do not understand the ascii characters and the system crashes. In addition, I did not find a description of the API, I would like to integrate your system into TheHive, or rather make it possible to view information about an asset in TheHive. I believe that you will succeed, do not leave
this project

Since Django 2.1, contrib.auth.views.logout() is deprecated and django.contrib.auth.views.auth_logout() isn't working with a next_page argument : https://docs.djangoproject.com/en/2.1/internals/deprecation/

logout() got an unexpected keyword argument 'next_page'

The idea is to migrate the authentication following this documentation : https://wsvincent.com/django-user-authentication-tutorial-login-and-logout/

    path('accounts/', include('django.contrib.auth.urls')), # new

Something like this... but it's way more complicated 😄

Hi,

I intend to create a scheduled scan to be launched each day at 8am:

But the scan didn't launch, moreover, on an attempt to edit it to be launched next day - the app fails:

Also I've noticed that Scan Type is not saved:

Any suggestion?

Hi I am create a sslscan scan, I fill out the info search for my asset click update scan and the asset disappears.

here I add the asset
https://pasteboard.co/In5fWqk.png

and update and it is gone
https://pasteboard.co/In5fi2P.png

Version 1.1.1-RC3

Bit of a strange one. I must be doing something wrong.

In my app/settings.py file if I have "DEBUG = True" everything works as it should.
However, when I set it to "False", all the static content breaks with a 404 error.

Not sure what's wrong, but I suspect it's something simple I've overlooked. I've reviewed the documentation but can't find anything.

Export findings and scan results in CSV format. Thx @Ibrahimous

When I'm in http://patrowl.domain.net/assets/list, I try to delete an asset an I got this error :

192.168.0.1 - - [27/Mar/2019 16:52:33] "POST /assets/api/v1/delete HTTP/1.1" 500 -
[...]
  File "/opt/PatrowlManager/assets/apis.py", line 237, in delete_assets_api
    assets = json.loads(request.body)
  File "/usr/local/lib/python2.7/dist-packages/rest_framework/request.py", line 410, in __getattr__
    return getattr(self._request, attr)
  File "/usr/local/lib/python2.7/dist-packages/django/http/request.py", line 264, in body
    raise RawPostDataException("You cannot access body after reading from request's data stream")
RawPostDataException: You cannot access body after reading from request's data stream

I'm investigating !

Hello!
rabbitmq-server managed over systemctl (if install over apt) and owner of the (pid/log) files is a root.

supervisor not have permissions to access the files:

tail -f var/log/rabbitmq.*
==> var/log/rabbitmq.err.log <==
/usr/lib/rabbitmq/bin/rabbitmq-server: 51: /usr/lib/rabbitmq/bin/rabbitmq-server: cannot create /var/lib/rabbitmq/mnesia/[email protected]: Permission denied
/usr/lib/rabbitmq/bin/rabbitmq-server: 51: /usr/lib/rabbitmq/bin/rabbitmq-server: cannot create /var/lib/rabbitmq/mnesia/[email protected]: Permission denied
/usr/lib/rabbitmq/bin/rabbitmq-server: 51: /usr/lib/rabbitmq/bin/rabbitmq-server: cannot create /var/lib/rabbitmq/mnesia/[email protected]: Permission denied
/usr/lib/rabbitmq/bin/rabbitmq-server: 51: /usr/lib/rabbitmq/bin/rabbitmq-server: cannot create /var/lib/rabbitmq/mnesia/[email protected]: Permission denied

==> var/log/rabbitmq.log <==
Only root or rabbitmq should run rabbitmq-server
Failed to write pid file: /var/lib/rabbitmq/mnesia/[email protected]
Only root or rabbitmq should run rabbitmq-server
Failed to write pid file: /var/lib/rabbitmq/mnesia/[email protected]
Only root or rabbitmq should run rabbitmq-server

Maybe need remove rabbitMQ from var/etc/supervisord.conf?

I just clone the project from PatrowlManager.git, set my http_proxy and https_proxy environments variables and launch docker-compose

/usr/local/bin/docker-compose build --force-rm --no-cache
 rabbitmq uses an image, skipping
db uses an image, skipping
nginx uses an image, skipping
Building web
Step 1/17 : FROM python:3
 ---> 42d620af35be
Step 2/17 : MAINTAINER Patrowl.io "[email protected]"
 ---> Running in 9309faf47d78
Removing intermediate container 9309faf47d78
 ---> e61b60f85f7f
Step 3/17 : LABEL Name="Patrowl Manager" Version="1.1.0"
 ---> Running in ed2cccfbe5ca
Removing intermediate container ed2cccfbe5ca
 ---> c4fd0675e2a6
Step 4/17 : ENV PYTHONUNBUFFERED 1
 ---> Running in 87c448255532
Removing intermediate container 87c448255532
 ---> b0bc077aa28b
Step 5/17 : RUN mkdir -p /opt/patrowl-manager/
 ---> Running in 55e0a52d15f4
Removing intermediate container 55e0a52d15f4
 ---> 80854842471c
Step 6/17 : WORKDIR /opt/patrowl-manager/
 ---> Running in 6254d7a09dbb
Removing intermediate container 6254d7a09dbb
 ---> 74127ae76e73
Step 7/17 : COPY . /opt/patrowl-manager/
 ---> 888dee83fd2e
Step 8/17 : COPY app/settings.py.sample /opt/patrowl-manager/app/settings.py
 ---> 23acbb2d4371
Step 9/17 : RUN apt-get update -yq
 ---> Running in ad560e1a9c84
Err:1 http://security.debian.org/debian-security buster/updates InRelease
  Could not connect to prod.debian.map.fastly.net:80 (151.101.120.204), connection timed out Could not connect to security.debian.org:80 (217.196.149.233), connection timed out Could not connect to security.debian.org:80 (212.211.132.250), connection timed out
Err:2 http://deb.debian.org/debian buster InRelease
  Could not connect to prod.debian.map.fastly.net:80 (151.101.120.204), connection timed out Could not connect to deb.debian.org:80 (128.31.0.62), connection timed out Could not connect to deb.debian.org:80 (130.89.148.14), connection timed out Could not connect to deb.debian.org:80 (149.20.4.15), connection timed out Could not connect to deb.debian.org:80 (5.153.231.4), connection timed out
Err:3 http://deb.debian.org/debian buster-updates InRelease
  Unable to connect to deb.debian.org:http:
Reading package lists...
W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease  Could not connect to prod.debian.map.fastly.net:80 (151.101.120.204), connection timed out Could not connect to deb.debian.org:80 (128.31.0.62), connection timed out Could not connect to deb.debian.org:80 (130.89.148.14), connection timed out Could not connect to deb.debian.org:80 (149.20.4.15), connection timed out Could not connect to deb.debian.org:80 (5.153.231.4), connection timed out
W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease  Could not connect to prod.debian.map.fastly.net:80 (151.101.120.204), connection timed out Could not connect to security.debian.org:80 (217.196.149.233), connection timed out Could not connect to security.debian.org:80 (212.211.132.250), connection timed out
W: Failed to fetch http://deb.debian.org/debian/dists/buster-updates/InRelease  Unable to connect to deb.debian.org:http:
W: Some index files failed to download. They have been ignored, or old ones used instead.
Removing intermediate container ad560e1a9c84
 ---> 4d21467fd3a5
Step 10/17 : RUN apt-get install -yq --no-install-recommends apt-utils python3 python3-pip python3-virtualenv libmagic-dev
 ---> Running in 5936b1bb6f74
Reading package lists...
Building dependency tree...E: Package 'apt-utils' has no installation candidate
E: Unable to locate package python3-pip
E: Unable to locate package python3-virtualenv
E: Unable to locate package libmagic-dev

Reading state information...
Package apt-utils is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
  apt

Removing intermediate container 5936b1bb6f74
ERROR: Service 'web' failed to build: The command '/bin/sh -c apt-get install -yq --no-install-recommends apt-utils python3 python3-pip python3-virtualenv libmagic-dev' returned a non-zero code: 100

Do you have any idea?

Ubuntu 16.04.2 LTS
docker-compose version 1.24.1
Docker version 18.09.7

Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory.

PatrOwl: https://inventory.rawsec.ml/tools.html#PatrOwl

What is Rawsec's CyberSecurity Inventory?

An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.

More details about features here.

Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.

Why should you care about being inventoried?

Mainly because this is giving visibility to your tool and improve its referencing.

Badges

The badge shows to your community that your are inventoried. It looks good but also shows you care about your project, that your tool is referenced.

Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.

Want to thank us?

If you want to thank us, you can help make our open project better known by tweeting about it! For example:

So what?

That's all, this message is just to notify you if you care. Else you can close this issue.

Hi,

Here a good and fast opensource cve remote scanner:

https://vuls.io

It's full golang code and dockerfiles are available.
I think it shouldn't be to difficult to implement. (I don't have yet looked how patrowlengines are done, but I'll try to implement it this summer if possible)

Hi
i am using docker-compose in windows 7
postgres,rabbitmq and django application services build,but nginx service has an error!

nginx:
volumes:
- ./nginx_docker.conf:/etc/nginx/conf.d/default.conf

in this part "nginx_docker.conf" is not a directory and i have error "not a directory" in running "docker-compose up" command.
what is your solution for my problem?

i have this error (ssllab test)

engine :

Hello,

Could it be possible to add a column in the Engine model in order to store a initial value for the API url (with the right syntaxe and the default port number) ?

http://localhost:50xx/engines/nnnnnn/

It will be more easy to start with PatrOwl...

Errors

I have "delete" all definitions SCAN, and Scan scans performed show "lastest scan done". When I want to obtain details, getting the following errors:

Maybe delete SCAN Definitions should delete "Scan results / in performed List" ??

Thanks in advance

Hi,

I am trying to configure a new scan. However, the search for an asset doesn't seem to be working, because when I insert some text, nothing occurs.
Example

I have an asset named google, and the I try to configure a scan this is what I am seeing:

Regards

Please, check new full installation!
After run scan over nmap engines - task not executed.
Test in localhost, API URL: http://localhost:5001/engines/nmap/ state:Ready
RabbitMQ and Celery (flower) see task, but, to http://localhost:5001/engines/nmap/ does not request!

Hi there.

I'm trying to create a new finding manually and leaving all optional fields as is, I receive the following error:

AttributeError at /findings/add
'NoneType' object has no attribute 'split'
'tags': str(json.dumps(form.cleaned_data['tags'].split(','))), ...

When I fill in the tags fields with some comma separated values I then receive the user interface error:

'xpto,teste' value must be valid JSON.

What exactly am I doing wrong?

I'm using Patrowl Manager 1.0.1-BETA

Thank you.

I got long borring waiting time for logging, accessing the manager.
Until I figured it was a timeout ont css font file with Devtools in Firefox.

So I propose (as it a been done with glyphicons (but may be relative path would be better, I just see that)

1. Correct local bootstramin.css
   in static/css/bootstrap.min.css first line should be changed
   from url("https://fonts.googleapis.com/css?family=Lato:400,700,400italic")
   to url("/static/css/family-Lato.css");

2. Get family-Lato font css and correct

• wget -vv https://fonts.googleapis.com/css?family=Lato:400,700,400italic -O - |sed 's_https://fonts.gstatic.com/s/lato/v16/_/static/fonts/_' > static/css/family-Lato.css

3. get ttf files from

• https://fonts.gstatic.com/s/lato/v16/S6u8w4BMUTPHjxsAXC-v.ttf https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wWw.ttf https://fonts.gstatic.com/s/lato/v16/S6u9w4BMUTPHh6UVSwiPHA.ttf
• to :
• static/fonts/S6u8w4BMUTPHjxsAXC-v.ttf , static/fonts/S6u9w4BMUTPHh6UVSwiPHA.ttf , static/fonts/S6uyw4BMUTPHjx4wWw.ttf

regards
MH

Hi,

the dockerfile have a wrong

RUN /bin/bash/ -c "python3 -m virtualenv env3"

with an extra / at the end of /bin/bash/.

The docker compose build is failing because of this

Removing intermediate container 88c0c2196c54
 ---> 461aa1e5df6c
Step 14/18 : RUN /bin/bash/ -c "python3 -m virtualenv env3"
 ---> Running in 21c5e0c0dcb4
/bin/sh: 1: /bin/bash/: not found
Removing intermediate container 21c5e0c0dcb4

Hi,

I would like to see dynamic inventory, from my point of view would be nice to have integration with asset mgm tool like GLPI?
So administrator can user asset db located in glpi, build queries (scanning criteria), so administrator can later addressed vulnerabilities can bi assigned to asset and using ticketing system user must perform action of mitigation and document it in glpi.

There is plugin for glpi but I believe Patrowl can be much focused and better integrated with vulnerability scanners.

I'm free for discuss.

Tnx

Each time I run a new Nmap script 'vulners' I get a different hash. It's interpreted like a new issue and it shouldn't.
The fix should probably be on the nmap engine.

Hi,

For purpose of PoC when building from Dockerfile it gives me strange look, like it is some kind of debug mode or what.

Thanks
Dubravko

The Finding Status is currently only a text field. Furthermore, there is no workflow followed by findings (new, confirmed, patched, mitigated, closed, false positive). Currently, the only option is to delete vulnerabilities that have been closed.
It would be great if a status concept would be developed and implemented, followed by the status of the findings. Closed findings should be kept, but should no longer be displayed in the finding listing and the dashboard, nor should they be included in the asset grade calculation.

VERSION is still "1.0.3-BETA" in the 1.0.4 branch

Hello,

I have noticed that the new periodical task doesn't send the options field. It causes a crash and obviously not options :)

Generally, in the engines, it's loaded here :

data = loads(request.data.decode("utf-8"))

On the contrary, On-demand task sends it well and my former periodical task works well too.

When my ip_range with Low criticity import new "domain" assets, they have Medium criticity.
There is also no multiple assets update possible...

It would be great to set the correct criticity during auto import.

I will take a look.

Hi,

Strange situation - seems that Patrowl.Manager can't stop scans on assets set with ip range/list - engine api doesn't even receive the /stop command.
Is this a known issue or it's need to record as new one?

Hi,

Each time I'm trying to import findings from a nessus scan, I have the following error:

413 Request Entity Too Large

Please note that I'm using the dev branch as I was not able to make it work yet with the master one.

Any idea why ? or guidance for the troubleshooting ?

Thank you

Advanced filtering options when comparing findings from 2 scans

Hi !

I'm trying to run PatrowlManager behind nginx in a subfolder (www.mydomain.test/patrowl instead of patrowl.mydomain.test), but I can't seem to get it working. If I've not missed something, all in-app links seem to be hardcoded to /

Here's my nginx configuration so far :

  location /patrowl {                                                                                                                                                                                                                                                                                                                       
    proxy_pass http://10.0.3.54:8000;                                                                                                                                                                                                                                                                                                   
    proxy_set_header X-Script-Name /patrowl;                                                                                                                                         
                                                                                                                                                                                     
    location /patrowl/static {                                                                                                                                                       
      alias /opt/PatrowlManager/staticfiles;                                                                                                                                         
    }

    location /patrowl/media {
      alias /opt/PatrowlManager/media;
    }

  }

I've also tried to align the configuration in setting.py, to no avail :

grep "/patrowl" settings.py -B1 -A1                                                                                    
LOGIN_REQUIRED_URLS = (
    r'/patrowl/(.*)$',
)
LOGIN_REQUIRED_URLS_EXCEPTIONS = (
    r'/patrowl/login(.*)$',
    r'/patrowl/logout(.*)$',
    r'/patrowl/home$',
    r'/patrowl/signup$',
    r'/patrowl/static/(.*)$',
)

LOGIN_URL = '/patrowl/login'
LOGOUT_URL = '/patrowl/logout'
LOGIN_REDIRECT_URL = '/patrowl/dashboard'
APPEND_SLASH = False
--
# Static files (CSS, JavaScript, Images)
STATIC_URL = '/patrowl/static/'
STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')
--

MEDIA_URL = '/patrowl/media/'
MEDIA_ROOT = os.path.join(BASE_DIR, 'media')

Is setting up PatrowlManager in a subfolder possible at this time ?

Thanks !

Hello,

When you add a user, the breadcrumb looks like : "settings" / "users" / add new user

The "users" link works (urls.py), but the "setting" level is missing in the breadcrumb : "users" / list
Here, the "users" link in the breadcrumb does not work : http://x.y.z/settings/users/list

I was just wondering if there are any plans for moving the project to Python3 with the Python2 EOL coming up.

Thank you!