public PersistentNMapHost(NMapHost host) { this.DeviceType = host.DeviceType; this.Hostname = host.Hostname; this.IPAddressv4 = host.IPAddressv4; this.IPAddressV6 = host.IPAddressV6; this.MAC = host.MAC; this.NetworkDistance = host.NetworkDistance; this.OS = host.OS; this.OS_Details = host.OS_Details; this.PersistentPorts = new List<PersistentPort>(); foreach (Port port in host.Ports) { PersistentPort pport = new PersistentPort(port); this.PersistentPorts.Add(pport); } }
private List<IToolResults> ScanHost(NMapHost host, SQLMapOptions sqlmapOptions, Dictionary<string, string> config) { List<IToolResults > _results = new List<IToolResults> (); Console.WriteLine ("Scanning host: " + host.Hostname); foreach (var port in host.Ports) { port.ParentIPAddress = host.IPAddressv4; if ((port.Service == "http" || port.Service == "https") && bool.Parse(config["isSQLMap"])) { IToolOptions _options = new WapitiToolOptions(); (_options as WapitiToolOptions).Host = host.IPAddressv4; (_options as WapitiToolOptions).Port = port.PortNumber; (_options as WapitiToolOptions).Path = config["wapitiPath"]; Wapiti wapiti = new Wapiti(_options); Console.WriteLine("Running wapiti (http/" + port.PortNumber + ") on host: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname)); WapitiToolResults wapitiResults = null; try { wapitiResults = wapiti.Run(new TimeSpan(0,10,0)) as WapitiToolResults; wapitiResults.HostIPAddressV4 = host.IPAddressv4; wapitiResults.HostPort = port.PortNumber; wapitiResults.IsTCP = true; _results.Add(wapitiResults); } catch(Exception ex) { Console.WriteLine(ex.Message); } if (sqlmapOptions != null && wapitiResults != null) { if (wapitiResults.Bugs == null) { // we get bugs from the findings of wapiti, if wapiti didn't run, no bugs. sqlmapOptions.URL = port.Service + "://" + host.IPAddressv4; sqlmapOptions.Port = port.PortNumber; sqlmapOptions.Path = config ["sqlmapPath"]; SQLMap mapper = new SQLMap (sqlmapOptions); SQLMapResults sqlmapResults = mapper.Run () as SQLMapResults; sqlmapResults.ParentHostPort = port; _results.Add (sqlmapResults); } else { foreach (WapitiBug bug in wapitiResults.Bugs) { if (bug.Type.StartsWith ("SQL Injection")) { Console.WriteLine("Starting SQLMap on host/port: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname) + "/" + port.PortNumber); sqlmapOptions.Path = config ["sqlmapPath"]; SQLMap mapper = new SQLMap (sqlmapOptions); SQLMapResults results = mapper.Run (bug) as SQLMapResults; if (results == null ) continue; if (results.Vulnerabilities != null) foreach (var vuln in results.Vulnerabilities) vuln.Target = bug.URL; results.ParentHostPort = port; _results.Add (results); } else if (bug.Type.Contains ("Cross Site Scripting)")) { //dsxs } } } } } } Console.WriteLine ("Done with host: " + host.Hostname); return _results; }
private List<IToolResults> ScanHost(NMapHost host, SQLMapOptions sqlmapOptions, Dictionary<string, string> config) { List<IToolResults > _results = new List<IToolResults> (); Console.WriteLine ("Scanning host: " + host.Hostname); foreach (var port in host.Ports) { port.ParentIPAddress = host.IPAddressv4; if ((port.Service == "http" || port.Service == "https") && bool.Parse (config ["isSQLMap"])) { IToolOptions _options = new WapitiToolOptions (); (_options as WapitiToolOptions).Host = host.IPAddressv4; (_options as WapitiToolOptions).Port = port.PortNumber; (_options as WapitiToolOptions).Path = config ["wapitiPath"]; Wapiti wapiti = new Wapiti (_options); Console.WriteLine ("Running wapiti (http/" + port.PortNumber + ") on host: " + (string.IsNullOrEmpty (host.Hostname) ? host.IPAddressv4 : host.Hostname)); WapitiToolResults wapitiResults = null; try { wapitiResults = wapiti.Run (new TimeSpan (0, 10, 0)) as WapitiToolResults; wapitiResults.HostIPAddressV4 = host.IPAddressv4; wapitiResults.HostPort = port.PortNumber; wapitiResults.IsTCP = true; _results.Add (wapitiResults); } catch (Exception ex) { Console.WriteLine (ex.Message); } if (sqlmapOptions != null && wapitiResults != null) { if (wapitiResults.Bugs == null) { // we get bugs from the findings of wapiti, if wapiti didn't run, no bugs. sqlmapOptions.URL = port.Service + "://" + host.IPAddressv4; sqlmapOptions.Port = port.PortNumber; sqlmapOptions.Path = config ["sqlmapPath"]; SQLMap mapper = new SQLMap (sqlmapOptions); SQLMapResults sqlmapResults = mapper.Run () as SQLMapResults; sqlmapResults.ParentHostPort = port; _results.Add (sqlmapResults); } else { using (SqlmapSession sess = new SqlmapSession("127.0.0.1", 8775)) { using (SqlmapManager manager = new SqlmapManager(sess)) { foreach (WapitiBug bug in wapitiResults.Bugs) { if (bug.Type.StartsWith ("SQL Injection")) { Console.WriteLine ("Starting SQLMap on host/port: " + (string.IsNullOrEmpty (host.Hostname) ? host.IPAddressv4 : host.Hostname) + "/" + port.PortNumber); sqlmapOptions.Path = config ["sqlmapPath"]; //SQLMap mapper = new SQLMap (sqlmapOptions); //SQLMapResults results = mapper.Run (bug) as SQLMapResults; // if (results == null ) // continue; // // if (results.Vulnerabilities != null) // foreach (var vuln in results.Vulnerabilities) // vuln.Target = bug.URL; // // results.ParentHostPort = port; // // _results.Add (results); string taskid = manager.NewTask (); Dictionary<string, object> opts = manager.GetOptions (taskid); if (bug.URL.Contains (bug.Parameter)) { opts ["url"] = bug.URL.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd"); manager.StartTask(taskid, opts); } else { opts ["url"] = bug.URL; opts["data"] = bug.Parameter.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd"); manager.StartTask(taskid, opts); } SqlmapStatus status = manager.GetScanStatus(taskid); while (status.Status != "terminated") { System.Threading.Thread.Sleep(new TimeSpan(0,0,10)); status = manager.GetScanStatus(taskid); } List<SqlmapLogItem> logItems = manager.GetLog(taskid); SQLMapResults results = new SQLMapResults(); results.Vulnerabilities = new List<SQLMapVulnerability>(); foreach (SqlmapLogItem item in logItems.Where(l => l.Level == "INFO" && l.Message.EndsWith("injectable"))) { SQLMapVulnerability vuln = new SQLMapVulnerability(); Console.WriteLine(item.Message); } manager.DeleteTask(taskid); } else if (bug.Type.Contains ("Cross Site Scripting)")) { //dsxs } } } } } } } } Console.WriteLine ("Done with host: " + host.Hostname); return _results; }
private void ScanHost(NMapHost host, out List <IToolResults> toolResults) { IToolOptions _options; string eventDescription; toolResults = new List <IToolResults> (); bool routed = false; int tries = 0; foreach (Port port in host.Ports) { if (port.Service == "http") { _options = new NiktoToolOptions(); (_options as NiktoToolOptions).Host = host.IPAddressv4; (_options as NiktoToolOptions).Port = port.PortNumber; (_options as NiktoToolOptions).Path = this.Configuration ["niktoPath"]; Nikto nikto = new Nikto(_options); eventDescription = "Running nikto (http) on host: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname); CreateEvent(DateTime.Now, eventDescription, 1); Console.WriteLine(eventDescription); NiktoToolResults niktoResults = (nikto.Run() as NiktoToolResults); niktoResults.HostIPAddressV4 = host.IPAddressv4; niktoResults.HostPort = port.PortNumber; niktoResults.IsTCP = true; toolResults.Add(niktoResults); } else if (port.Service == "https") { _options = new SSLScanToolOptions(); (_options as SSLScanToolOptions).Host = host.IPAddressv4; (_options as SSLScanToolOptions).Port = port.PortNumber; (_options as SSLScanToolOptions).Path = this.Configuration ["sslscanPath"]; SSLScan sslscan = new SSLScan(_options); eventDescription = "Running sslscan (https) on host: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname); CreateEvent(DateTime.Now, eventDescription, 1); Console.WriteLine(eventDescription); SSLScanToolResults sslResults = (sslscan.Run() as SSLScanToolResults); sslResults.HostIPAddressV4 = host.IPAddressv4; sslResults.HostPort = port.PortNumber; sslResults.IsTCP = true; toolResults.Add(sslResults); _options = new NiktoToolOptions(); (_options as NiktoToolOptions).Host = host.IPAddressv4; (_options as NiktoToolOptions).Port = port.PortNumber; (_options as NiktoToolOptions).IsSSL = true; (_options as NiktoToolOptions).Path = this.Configuration ["niktoPath"]; Nikto nikto = new Nikto(_options); eventDescription = "Running nikto (https) on host: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname); CreateEvent(DateTime.Now, eventDescription, 1); Console.WriteLine(eventDescription); NiktoToolResults niktoResults = (nikto.Run() as NiktoToolResults); niktoResults.HostIPAddressV4 = host.IPAddressv4; niktoResults.HostPort = port.PortNumber; niktoResults.IsTCP = true; toolResults.Add(niktoResults); } else if (port.Service == "ssh") { _options = new SSLScanToolOptions(); (_options as SSLScanToolOptions).Host = host.IPAddressv4; (_options as SSLScanToolOptions).Port = port.PortNumber; (_options as SSLScanToolOptions).Path = this.Configuration ["sslscanPath"]; SSLScan sslscan = new SSLScan(_options); eventDescription = "Running sslscan (ssh) on host: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname); CreateEvent(DateTime.Now, eventDescription, 1); Console.WriteLine(eventDescription); SSLScanToolResults sslResults = (sslscan.Run() as SSLScanToolResults); sslResults.HostIPAddressV4 = host.IPAddressv4; sslResults.HostPort = port.PortNumber; sslResults.IsTCP = true; toolResults.Add(sslResults); } else if (port.PortNumber == 445) //smb { _options = new SMBClientToolOptions(); (_options as SMBClientToolOptions).Host = host.IPAddressv4; (_options as SMBClientToolOptions).RecurseShares = true; (_options as SMBClientToolOptions).Path = this.Configuration ["smbclientPath"]; SMBClient smb = new SMBClient(_options); eventDescription = "Running smbclient (cifs) on host: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname); CreateEvent(DateTime.Now, eventDescription, 1); Console.WriteLine(eventDescription); SMBClientToolResults smbResults = smb.Run() as SMBClientToolResults; smbResults.ParentPort = port; smbResults.HostIPAddressV4 = host.IPAddressv4; smbResults.HostPort = port.PortNumber; smbResults.IsTCP = true; toolResults.Add(smbResults); eventDescription = string.Format("Found {0} shares on host {1}", smbResults.ShareDetails.Count, host.Hostname); CreateEvent(DateTime.Now, eventDescription, 1); Console.WriteLine(eventDescription); } else if (port.Service == "snmp") { _options = new OneSixtyOneToolOptions(); (_options as OneSixtyOneToolOptions).Host = host.IPAddressv4; (_options as OneSixtyOneToolOptions).Path = this.Configuration ["onesixtyonePath"]; OneSixtyOne onesixone = new OneSixtyOne(_options); eventDescription = "Running onesixtyone (snmp) on host: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname); CreateEvent(DateTime.Now, eventDescription, 1); Console.WriteLine(eventDescription); OneSixtyOneToolResults osoResults = onesixone.Run() as OneSixtyOneToolResults; osoResults.HostIPAddressV4 = host.IPAddressv4; osoResults.HostPort = port.PortNumber; osoResults.IsTCP = true; toolResults.Add(osoResults); } } eventDescription = "Finished host " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname); CreateEvent(DateTime.Now, eventDescription, 1); Console.WriteLine(eventDescription); }
public virtual void Run(out NessusScan nessusScan, out NexposeScan nexposeScan, out OpenVASScan openvasScan, out MetasploitScan metasploitScan, out Dictionary <NMapHost, IList <IToolResults> > toolResults) { if (this.Configuration == null) { throw new Exception("Configuration not set"); } DateTime start = DateTime.Now; metasploitScan = null; nessusScan = null; nexposeScan = null; openvasScan = null; string openvasTaskID = string.Empty; string nessusScanID = string.Empty; string nexposeScanID = string.Empty; int uniqueNo = new Random().Next(); IList <NMapHost> hosts = this.ParentProfile.CurrentResults.Hosts; if (hosts.Count() == 0) { Console.WriteLine("ERROR: no hosts in the profile. Aborting."); toolResults = null; return; } csv = string.Empty; foreach (NMapHost host in hosts) { csv = csv + host.IPAddressv4 + ", "; //trailing , is OK in this case } string openvasReportID = string.Empty; if (this.ScanOptions.IsOpenVASAssessment) { Console.WriteLine("Creating OpenVAS Scan..."); OpenVASTarget target = new OpenVASTarget(); target.Hosts = csv; target.Name = this.ParentProfile.Name + uniqueNo.ToString(); target.SMBCredentials = new OpenVASLSCCredential(); target.SSHCredentials = new OpenVASLSCCredential(); using (OpenVASManagerSession ovasSession = new OpenVASManagerSession(this.Configuration ["openvasUser"], this.Configuration ["openvasPass"], this.Configuration ["openvasHost"])) { using (OpenVASObjectManager openvasManager = new OpenVASObjectManager(ovasSession)) { target = openvasManager.CreateTarget(target); OpenVASConfig config = openvasManager.GetAllConfigs() .Where(c => c.RemoteConfigID == new Guid(this.Configuration ["openvasConfig"])) .SingleOrDefault(); OpenVASTask task = new OpenVASTask(); task.Comment = string.Format("Task for scan {0}", this.Name); task.Target = target; task.Config = config; task = openvasManager.CreateTask(task); XmlDocument taskResponse = openvasManager.StartTask(task.RemoteTaskID.ToString()); if (!taskResponse.FirstChild.Attributes ["status"].Value.StartsWith("20")) { throw new Exception("Creating OpenVAS scan failed: " + taskResponse.FirstChild.Attributes ["status_text"].Value ); } openvasReportID = taskResponse.FirstChild.FirstChild.InnerText; openvasTaskID = task.RemoteTaskID.ToString(); } Console.WriteLine("Done creating and starting OpenVAS scan."); } } if (this.ScanOptions.IsNessusAssessment) { Console.WriteLine("Creating Nessus scan..."); using (NessusManagerSession nessusSession = new NessusManagerSession(this.Configuration["nessusHost"])) { bool loggedIn = false; nessusSession.Authenticate(this.Configuration ["nessusUser"], this.Configuration ["nessusPass"], 1234, out loggedIn); if (!loggedIn) { throw new Exception("Invalid username/password"); } using (NessusObjectManager nessusManager = new NessusObjectManager(nessusSession)) { var tmp = nessusManager.CreateAndStartScan(csv, -2, this.Name + uniqueNo.ToString()); string scanName = tmp.Name; nessusScanID = scanName; string reportID = string.Empty; foreach (XmlNode node in nessusManager.ListReports().LastChild.ChildNodes) { if (node.Name == "contents") { string tmpReportID = string.Empty; foreach (XmlNode child in node.FirstChild.ChildNodes) { foreach (XmlNode c in child.ChildNodes) { if (c.Name == "name") { tmpReportID = c.InnerText; } else if (c.Name == "readableName" && c.InnerText == scanName) { reportID = tmpReportID; } } } tmpReportID = string.Empty; } } } Console.WriteLine("Done creating and starting Nessus scan."); } } if (this.ScanOptions.IsNexposeAssessment) { Console.WriteLine("Creating NeXpose scan..."); int siteID = 0; if (this.ScanOptions.RemoteNexposeSiteID <= 0) { XmlDocument d = null; string id = "-1"; string template = "full-audit"; string name = this.Name + uniqueNo.ToString(); string description = "A site for the the profile " + this.ParentProfile.Name; string siteXml = "<Site id=\"" + id + "\" name=\"" + name + "\" description=\"" + description + "\">"; siteXml = siteXml + "<Hosts>"; foreach (string host in csv.Split(',')) { siteXml = siteXml + "<host>" + host + "</host>"; } siteXml = siteXml + "</Hosts>" + "<Credentials></Credentials>" + "<Alerting></Alerting>" + "<ScanConfig configID=\"" + id + "\" name=\"" + name + "\" templateID=\"" + template + "\"></ScanConfig>" + "</Site>"; XmlDocument doc = new XmlDocument(); doc.LoadXml(siteXml); using (NexposeSession session = new NexposeSession(this.Configuration["nexposeHost"])) { session.Authenticate(this.Configuration ["nexposeUser"], this.Configuration ["nexposePass"]); using (NexposeManager11 manager = new NexposeManager11(session)) { XmlDocument response = manager.SaveOrUpdateSite(doc.FirstChild); d = response; } } siteID = int.Parse(d.FirstChild.Attributes ["site-id"].Value); this.ScanOptions.RemoteNexposeSiteID = siteID; } else { siteID = this.ScanOptions.RemoteNexposeSiteID; } using (NexposeSession session = new NexposeSession(this.Configuration["nexposeHost"])) { session.Authenticate(this.Configuration ["nexposeUser"], this.Configuration ["nexposePass"]); using (NexposeManager11 manager = new NexposeManager11(session)) { XmlDocument response = manager.ScanSite(siteID.ToString()); nexposeScanID = response.FirstChild.FirstChild.Attributes ["scan-id"].Value; } } Console.WriteLine("Done creating and starting NeXpose scan."); } Dictionary <NMapHost, IList <IToolResults> > results = new Dictionary <NMapHost, IList <IToolResults> > (); services = new List <string> (); foreach (var host in hosts) { foreach (Port port in (host as NMapHost).Ports) { services.Add(port.Service); } NMapHost threadHost = host as NMapHost; Console.WriteLine("Starting scan for host: " + threadHost.Hostname + "(" + threadHost.IPAddressv4 + ")"); results.Add(threadHost, ScanHost(threadHost, this.ScanOptions.SQLMapOptions, this.Configuration)); } toolResults = results; bool done = false; if (this.ScanOptions.IsNessusAssessment || this.ScanOptions.IsNexposeAssessment || this.ScanOptions.IsOpenVASAssessment) { while (!done) { if (!string.IsNullOrEmpty(openvasTaskID) && this.OpenVASScanIsRunning(openvasTaskID)) { Console.WriteLine("Waiting on OpenVAS scan " + openvasTaskID); Thread.Sleep(new TimeSpan(0, 0, 60)); continue; } if (!string.IsNullOrEmpty(nessusScanID) && this.NessusScanIsRunning(nessusScanID)) { Console.WriteLine("Waiting on Nessus scan " + nessusScanID); Thread.Sleep(new TimeSpan(0, 0, 60)); continue; } if (!string.IsNullOrEmpty(nexposeScanID) && this.NexposeScanIsRunning(nexposeScanID)) { Console.WriteLine("Waiting on NeXpose scan " + nexposeScanID); Thread.Sleep(new TimeSpan(0, 0, 60)); continue; } done = true; } Dictionary <VulnerabilityScanType, string> scans = new Dictionary <VulnerabilityScanType, string> (); if (!string.IsNullOrEmpty(openvasReportID)) { scans.Add(VulnerabilityScanType.OpenVAS, openvasReportID); } if (!string.IsNullOrEmpty(nexposeScanID)) { scans.Add(VulnerabilityScanType.Nexpose, this.ScanOptions.RemoteNexposeSiteID.ToString()); } if (!string.IsNullOrEmpty(nessusScanID)) { scans.Add(VulnerabilityScanType.Nessus, nessusScanID); } Dictionary <VulnerabilityScanType, XmlNode> reports = this.GetReports(scans); foreach (var report in reports) { if (report.Key == VulnerabilityScanType.Nessus) { nessusScan = new NessusScan(report.Value); } else if (report.Key == VulnerabilityScanType.Nexpose) { nexposeScan = new NexposeScan(report.Value); } else if (report.Key == VulnerabilityScanType.OpenVAS) { openvasScan = new OpenVASScan(report.Value); } else { throw new Exception("Don't know this scan type"); } } if (this.ScanOptions.IsMetasploitAssessment) { string workspace = Guid.NewGuid().ToString(); this.CreateNewMetasploitWorkspace(workspace); this.ImportScansIntoMetasploitPro(reports, workspace); string proTaskID = this.BeginMetasploitProAssessment(workspace, csv, false); while (this.MetasploitProAssessmentIsRunning(proTaskID)) { Console.WriteLine("Waiting on exploit assessment from metasploit: task " + proTaskID); System.Threading.Thread.Sleep(new TimeSpan(0, 0, 30)); } metasploitScan = new MetasploitScan(this.GetMetasploitProReport(workspace)); } } TimeSpan duration = DateTime.Now - start; this.Duration = duration.TotalSeconds.ToString(); this.HasRun = true; }
private List <IToolResults> ScanHost(NMapHost host, SQLMapOptions sqlmapOptions, Dictionary <string, string> config) { List <IToolResults> _results = new List <IToolResults> (); Console.WriteLine("Scanning host: " + host.Hostname); foreach (var port in host.Ports) { port.ParentIPAddress = host.IPAddressv4; if ((port.Service == "http" || port.Service == "https") && bool.Parse(config ["isSQLMap"])) { IToolOptions _options = new WapitiToolOptions(); (_options as WapitiToolOptions).Host = host.IPAddressv4; (_options as WapitiToolOptions).Port = port.PortNumber; (_options as WapitiToolOptions).Path = config ["wapitiPath"]; Wapiti wapiti = new Wapiti(_options); Console.WriteLine("Running wapiti (http/" + port.PortNumber + ") on host: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname)); WapitiToolResults wapitiResults = null; try { wapitiResults = wapiti.Run(new TimeSpan(0, 10, 0)) as WapitiToolResults; wapitiResults.HostIPAddressV4 = host.IPAddressv4; wapitiResults.HostPort = port.PortNumber; wapitiResults.IsTCP = true; _results.Add(wapitiResults); } catch (Exception ex) { Console.WriteLine(ex.Message); } if (sqlmapOptions != null && wapitiResults != null) { if (wapitiResults.Bugs == null) // we get bugs from the findings of wapiti, if wapiti didn't run, no bugs. { sqlmapOptions.URL = port.Service + "://" + host.IPAddressv4; sqlmapOptions.Port = port.PortNumber; sqlmapOptions.Path = config ["sqlmapPath"]; SQLMap mapper = new SQLMap(sqlmapOptions); SQLMapResults sqlmapResults = mapper.Run() as SQLMapResults; sqlmapResults.ParentHostPort = port; _results.Add(sqlmapResults); } else { using (SqlmapSession sess = new SqlmapSession("127.0.0.1", 8775)) { using (SqlmapManager manager = new SqlmapManager(sess)) { foreach (WapitiBug bug in wapitiResults.Bugs) { if (bug.Type.StartsWith("SQL Injection")) { Console.WriteLine("Starting SQLMap on host/port: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname) + "/" + port.PortNumber); sqlmapOptions.Path = config ["sqlmapPath"]; //SQLMap mapper = new SQLMap (sqlmapOptions); //SQLMapResults results = mapper.Run (bug) as SQLMapResults; // if (results == null ) // continue; // // if (results.Vulnerabilities != null) // foreach (var vuln in results.Vulnerabilities) // vuln.Target = bug.URL; // // results.ParentHostPort = port; // // _results.Add (results); string taskid = manager.NewTask(); Dictionary <string, object> opts = manager.GetOptions(taskid); if (bug.URL.Contains(bug.Parameter)) { opts ["url"] = bug.URL.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd"); manager.StartTask(taskid, opts); } else { opts ["url"] = bug.URL; opts["data"] = bug.Parameter.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd"); manager.StartTask(taskid, opts); } SqlmapStatus status = manager.GetScanStatus(taskid); while (status.Status != "terminated") { System.Threading.Thread.Sleep(new TimeSpan(0, 0, 10)); status = manager.GetScanStatus(taskid); } List <SqlmapLogItem> logItems = manager.GetLog(taskid); SQLMapResults results = new SQLMapResults(); results.Vulnerabilities = new List <SQLMapVulnerability>(); foreach (SqlmapLogItem item in logItems.Where(l => l.Level == "INFO" && l.Message.EndsWith("injectable"))) { SQLMapVulnerability vuln = new SQLMapVulnerability(); Console.WriteLine(item.Message); } manager.DeleteTask(taskid); } else if (bug.Type.Contains("Cross Site Scripting)")) { //dsxs } } } } } } } } Console.WriteLine("Done with host: " + host.Hostname); return(_results); }
private void ParseOutput(string output) { List<NMapHost> hosts = new List<NMapHost>(); Regex portRegex = new Regex(@"^[0-9]{1,5}/[tcp|udp]"); NMapHost host = null; foreach(string line in output.Split('\n')) { if (string.IsNullOrEmpty(line)) { if (host != null && !string.IsNullOrEmpty(host.IPAddressv4)) hosts.Add(host); host = new NMapHost(); host.Ports = new List<Port>(); continue; } if (line.StartsWith("Device type: ")) { host.DeviceType = line.Replace("Device type: ", string.Empty); } else if (line.StartsWith("Running: ")) { host.OS = line.Replace("Running: ", string.Empty); } else if (line.StartsWith("OS details: ")) { host.OS_Details = line.Replace("OS details: ", string.Empty); } else if (line.StartsWith("Network Distance: ")) { host.NetworkDistance = line.Replace("Network Distance: ", string.Empty); } else if (line.StartsWith("MAC Address: ")) { host.MAC = line.Replace("MAC Address: ", string.Empty); } else if (portRegex.IsMatch(line)) { Port port = new Port(); string l2 = Regex.Replace(line, @"\s{2,}", " "); string[] t = l2.Split(' '); string p = t[0]; //port in [0-9]{1,5}/[udp|tcp] form string st = t[1]; //state of port (open) string ser = t[2]; //service on port (http(s), ssh) //this also sets IsTCP since it returns !IsUDP port.IsUDP = (p.Split('/')[1] == "udp"); port.Service = ser; port.State = st; port.PortNumber = int.Parse(p.Split('/')[0]); host.Ports.Add(port); } else if (line.StartsWith("Nmap scan report for ")) { string l2 = line.Replace("Nmap scan report for ", string.Empty); string[] t = l2.Split(' '); if (t.Length == 1) host.IPAddressv4 = t[0]; else { host.Hostname = t[0]; string ip = t[1].Substring(1); ip = ip.Substring(0, ip.Length - 1); host.IPAddressv4 = ip; } } } this.Hosts = hosts; }
private void ParseOutput(string output) { List <NMapHost> hosts = new List <NMapHost>(); Regex portRegex = new Regex(@"^[0-9]{1,5}/[tcp|udp]"); NMapHost host = null; foreach (string line in output.Split('\n')) { if (string.IsNullOrEmpty(line)) { if (host != null && !string.IsNullOrEmpty(host.IPAddressv4)) { hosts.Add(host); } host = new NMapHost(); host.Ports = new List <Port>(); continue; } if (line.StartsWith("Device type: ")) { host.DeviceType = line.Replace("Device type: ", string.Empty); } else if (line.StartsWith("Running: ")) { host.OS = line.Replace("Running: ", string.Empty); } else if (line.StartsWith("OS details: ")) { host.OS_Details = line.Replace("OS details: ", string.Empty); } else if (line.StartsWith("Network Distance: ")) { host.NetworkDistance = line.Replace("Network Distance: ", string.Empty); } else if (line.StartsWith("MAC Address: ")) { host.MAC = line.Replace("MAC Address: ", string.Empty); } else if (portRegex.IsMatch(line)) { Port port = new Port(); string l2 = Regex.Replace(line, @"\s{2,}", " "); string[] t = l2.Split(' '); string p = t[0]; //port in [0-9]{1,5}/[udp|tcp] form string st = t[1]; //state of port (open) string ser = t[2]; //service on port (http(s), ssh) //this also sets IsTCP since it returns !IsUDP port.IsUDP = (p.Split('/')[1] == "udp"); port.Service = ser; port.State = st; port.PortNumber = int.Parse(p.Split('/')[0]); host.Ports.Add(port); } else if (line.StartsWith("Nmap scan report for ")) { string l2 = line.Replace("Nmap scan report for ", string.Empty); string[] t = l2.Split(' '); if (t.Length == 1) { host.IPAddressv4 = t[0]; } else { host.Hostname = t[0]; string ip = t[1].Substring(1); ip = ip.Substring(0, ip.Length - 1); host.IPAddressv4 = ip; } } } this.Hosts = hosts; }
private void ScanHost(NMapHost host, out List<IToolResults> toolResults) { IToolOptions _options; string eventDescription; toolResults = new List<IToolResults> (); bool routed = false; int tries = 0; foreach (Port port in host.Ports) { if (port.Service == "http") { _options = new NiktoToolOptions (); (_options as NiktoToolOptions).Host = host.IPAddressv4; (_options as NiktoToolOptions).Port = port.PortNumber; (_options as NiktoToolOptions).Path = this.Configuration ["niktoPath"]; Nikto nikto = new Nikto (_options); eventDescription = "Running nikto (http) on host: " + (string.IsNullOrEmpty (host.Hostname) ? host.IPAddressv4 : host.Hostname); CreateEvent(DateTime.Now, eventDescription, 1); Console.WriteLine(eventDescription); NiktoToolResults niktoResults = (nikto.Run () as NiktoToolResults); niktoResults.HostIPAddressV4 = host.IPAddressv4; niktoResults.HostPort = port.PortNumber; niktoResults.IsTCP = true; toolResults.Add (niktoResults); } else if (port.Service == "https") { _options = new SSLScanToolOptions (); (_options as SSLScanToolOptions).Host = host.IPAddressv4; (_options as SSLScanToolOptions).Port = port.PortNumber; (_options as SSLScanToolOptions).Path = this.Configuration ["sslscanPath"]; SSLScan sslscan = new SSLScan (_options); eventDescription = "Running sslscan (https) on host: " + (string.IsNullOrEmpty (host.Hostname) ? host.IPAddressv4 : host.Hostname); CreateEvent(DateTime.Now, eventDescription, 1); Console.WriteLine(eventDescription); SSLScanToolResults sslResults = (sslscan.Run () as SSLScanToolResults); sslResults.HostIPAddressV4 = host.IPAddressv4; sslResults.HostPort = port.PortNumber; sslResults.IsTCP = true; toolResults.Add (sslResults); _options = new NiktoToolOptions (); (_options as NiktoToolOptions).Host = host.IPAddressv4; (_options as NiktoToolOptions).Port = port.PortNumber; (_options as NiktoToolOptions).IsSSL = true; (_options as NiktoToolOptions).Path = this.Configuration ["niktoPath"]; Nikto nikto = new Nikto (_options); eventDescription = "Running nikto (https) on host: " + (string.IsNullOrEmpty (host.Hostname) ? host.IPAddressv4 : host.Hostname); CreateEvent(DateTime.Now, eventDescription, 1); Console.WriteLine(eventDescription); NiktoToolResults niktoResults = (nikto.Run () as NiktoToolResults); niktoResults.HostIPAddressV4 = host.IPAddressv4; niktoResults.HostPort = port.PortNumber; niktoResults.IsTCP = true; toolResults.Add (niktoResults); } else if (port.Service == "ssh") { _options = new SSLScanToolOptions (); (_options as SSLScanToolOptions).Host = host.IPAddressv4; (_options as SSLScanToolOptions).Port = port.PortNumber; (_options as SSLScanToolOptions).Path = this.Configuration ["sslscanPath"]; SSLScan sslscan = new SSLScan (_options); eventDescription = "Running sslscan (ssh) on host: " + (string.IsNullOrEmpty (host.Hostname) ? host.IPAddressv4 : host.Hostname); CreateEvent(DateTime.Now, eventDescription, 1); Console.WriteLine(eventDescription); SSLScanToolResults sslResults = (sslscan.Run () as SSLScanToolResults); sslResults.HostIPAddressV4 = host.IPAddressv4; sslResults.HostPort = port.PortNumber; sslResults.IsTCP = true; toolResults.Add (sslResults); } else if (port.PortNumber == 445) { //smb _options = new SMBClientToolOptions (); (_options as SMBClientToolOptions).Host = host.IPAddressv4; (_options as SMBClientToolOptions).RecurseShares = true; (_options as SMBClientToolOptions).Path = this.Configuration ["smbclientPath"]; SMBClient smb = new SMBClient (_options); eventDescription = "Running smbclient (cifs) on host: " + (string.IsNullOrEmpty (host.Hostname) ? host.IPAddressv4 : host.Hostname); CreateEvent(DateTime.Now, eventDescription, 1); Console.WriteLine(eventDescription); SMBClientToolResults smbResults = smb.Run () as SMBClientToolResults; smbResults.ParentPort = port; smbResults.HostIPAddressV4 = host.IPAddressv4; smbResults.HostPort = port.PortNumber; smbResults.IsTCP = true; toolResults.Add (smbResults); eventDescription = string.Format("Found {0} shares on host {1}", smbResults.ShareDetails.Count, host.Hostname); CreateEvent(DateTime.Now, eventDescription, 1); Console.WriteLine(eventDescription); } else if (port.Service == "snmp") { _options = new OneSixtyOneToolOptions (); (_options as OneSixtyOneToolOptions).Host = host.IPAddressv4; (_options as OneSixtyOneToolOptions).Path = this.Configuration ["onesixtyonePath"]; OneSixtyOne onesixone = new OneSixtyOne (_options); eventDescription = "Running onesixtyone (snmp) on host: " + (string.IsNullOrEmpty (host.Hostname) ? host.IPAddressv4 : host.Hostname); CreateEvent(DateTime.Now, eventDescription, 1); Console.WriteLine(eventDescription); OneSixtyOneToolResults osoResults = onesixone.Run () as OneSixtyOneToolResults; osoResults.HostIPAddressV4 = host.IPAddressv4; osoResults.HostPort = port.PortNumber; osoResults.IsTCP = true; toolResults.Add (osoResults); } } eventDescription = "Finished host " + (string.IsNullOrEmpty (host.Hostname) ? host.IPAddressv4 : host.Hostname); CreateEvent(DateTime.Now, eventDescription, 1); Console.WriteLine(eventDescription); }