public PersistentMetasploitScan(MetasploitScan scan)
{
this.PersistentHosts = new List<PersistentMetasploitHost>();
this.PersistentCredentials = new List<PersistentMetasploitCredential>();
this.PersistentEvents = new List<PersistentMetasploitEvent>();
this.PersistentModuleDetails = new List<PersistentMetasploitModuleDetails>();
this.PersistentSessions = new List<PersistentMetasploitExploitSession>();
this.PersistentWebForms = new List<PersistentMetasploitWebForm>();
this.PersistentWebPages = new List<PersistentMetasploitWebPage>();
this.PersistentWebsites = new List<PersistentMetasploitWebsite>();
this.PersistentWebVulnerabilities = new List<PersistentMetasploitWebVulnerability>();
if (scan.Hosts != null)
foreach (var host in scan.Hosts)
this.PersistentHosts.Add (new PersistentMetasploitHost(host));
if (scan.Events != null)
foreach (var evnt in scan.Events)
this.PersistentEvents.Add (new PersistentMetasploitEvent(evnt));
if (scan.ModuleDetails != null)
foreach (var deets in scan.ModuleDetails)
this.PersistentModuleDetails.Add (new PersistentMetasploitModuleDetails(deets));
if (scan.Sessions != null)
foreach (var session in scan.Sessions)
this.PersistentSessions.Add(new PersistentMetasploitExploitSession(session));
if (scan.WebForms != null)
foreach (var form in scan.WebForms)
this.PersistentWebForms.Add(new PersistentMetasploitWebForm(form));
if (scan.WebPages != null)
foreach (var page in scan.WebPages)
this.PersistentWebPages.Add(new PersistentMetasploitWebPage(page));
if (scan.Websites != null)
foreach (var site in scan.Websites)
this.PersistentWebsites.Add(new PersistentMetasploitWebsite(site));
if (scan.WebVulnerabilities != null)
foreach (var vuln in scan.WebVulnerabilities)
this.PersistentWebVulnerabilities.Add(new PersistentMetasploitWebVulnerability(vuln));
if (scan.Credentials != null)
foreach (var cred in scan.Credentials)
this.PersistentCredentials.Add(new PersistentMetasploitCredential(cred));
}
public virtual void Run(out NessusScan nessusScan, out NexposeScan nexposeScan, out OpenVASScan openvasScan, out MetasploitScan metasploitScan, out Dictionary<NMapHost, IList<IToolResults>> toolResults)
{
if (this.Configuration == null)
throw new Exception ("Configuration not set");
DateTime start = DateTime.Now;
metasploitScan = null;
nessusScan = null;
nexposeScan = null;
openvasScan = null;
string openvasTaskID = string.Empty;
string nessusScanID = string.Empty;
string nexposeScanID = string.Empty;
int uniqueNo = new Random ().Next ();
IList<NMapHost > hosts = this.ParentProfile.CurrentResults.Hosts;
if (hosts.Count() == 0)
{
Console.WriteLine("ERROR: no hosts in the profile. Aborting.");
toolResults = null;
return;
}
csv = string.Empty;
foreach (NMapHost host in hosts)
csv = csv + host.IPAddressv4 + ", "; //trailing , is OK in this case
string openvasReportID = string.Empty;
if (this.ScanOptions.IsOpenVASAssessment) {
Console.WriteLine ("Creating OpenVAS Scan...");
OpenVASTarget target = new OpenVASTarget ();
target.Hosts = csv;
target.Name = this.ParentProfile.Name + uniqueNo.ToString ();
target.SMBCredentials = new OpenVASLSCCredential ();
target.SSHCredentials = new OpenVASLSCCredential ();
using (OpenVASManagerSession ovasSession = new OpenVASManagerSession(this.Configuration ["openvasUser"], this.Configuration ["openvasPass"], this.Configuration ["openvasHost"])) {
using (OpenVASObjectManager openvasManager = new OpenVASObjectManager(ovasSession)) {
target = openvasManager.CreateTarget (target);
OpenVASConfig config = openvasManager.GetAllConfigs ()
.Where (c => c.RemoteConfigID == new Guid (this.Configuration["openvasConfig"]))
.SingleOrDefault ();
OpenVASTask task = new OpenVASTask ();
task.Comment = string.Format ("Task for scan {0}", this.Name);
task.Target = target;
task.Config = config;
task = openvasManager.CreateTask (task);
XmlDocument taskResponse = openvasManager.StartTask (task.RemoteTaskID.ToString ());
if (!taskResponse.FirstChild.Attributes ["status"].Value.StartsWith ("20"))
throw new Exception ("Creating OpenVAS scan failed: " +
taskResponse.FirstChild.Attributes ["status_text"].Value);
openvasReportID = taskResponse.FirstChild.FirstChild.InnerText;
openvasTaskID = task.RemoteTaskID.ToString ();
}
Console.WriteLine ("Done creating and starting OpenVAS scan.");
}
}
if (this.ScanOptions.IsNessusAssessment) {
Console.WriteLine ("Creating Nessus scan...");
using (NessusManagerSession nessusSession = new NessusManagerSession (this.Configuration["nessusHost"])) {
bool loggedIn = false;
nessusSession.Authenticate (this.Configuration ["nessusUser"], this.Configuration ["nessusPass"], 1234, out loggedIn);
if (!loggedIn)
throw new Exception ("Invalid username/password");
using (NessusObjectManager nessusManager = new NessusObjectManager (nessusSession)) {
var tmp = nessusManager.CreateAndStartScan (csv, -2, this.Name + uniqueNo.ToString ());
string scanName = tmp.Name;
nessusScanID = scanName;
string reportID = string.Empty;
foreach (XmlNode node in nessusManager.ListReports().LastChild.ChildNodes) {
if (node.Name == "contents") {
string tmpReportID = string.Empty;
foreach (XmlNode child in node.FirstChild.ChildNodes) {
foreach (XmlNode c in child.ChildNodes) {
if (c.Name == "name")
tmpReportID = c.InnerText;
else if (c.Name == "readableName" && c.InnerText == scanName)
reportID = tmpReportID;
}
}
tmpReportID = string.Empty;
}
}
}
Console.WriteLine ("Done creating and starting Nessus scan.");
}
}
if (this.ScanOptions.IsNexposeAssessment) {
Console.WriteLine ("Creating NeXpose scan...");
int siteID = 0;
if (this.ScanOptions.RemoteNexposeSiteID <= 0) {
XmlDocument d = null;
string id = "-1";
string template = "full-audit";
string name = this.Name + uniqueNo.ToString ();
string description = "A site for the the profile " + this.ParentProfile.Name;
string siteXml = "<Site id=\"" + id + "\" name=\"" + name + "\" description=\"" + description + "\">";
siteXml = siteXml + "<Hosts>";
foreach (string host in csv.Split(','))
siteXml = siteXml + "<host>" + host + "</host>";
siteXml = siteXml + "</Hosts>" +
"<Credentials></Credentials>" +
"<Alerting></Alerting>" +
"<ScanConfig configID=\"" + id + "\" name=\"" + name + "\" templateID=\"" + template + "\"></ScanConfig>" +
"</Site>";
XmlDocument doc = new XmlDocument ();
doc.LoadXml (siteXml);
using (NexposeSession session = new NexposeSession(this.Configuration["nexposeHost"])) {
session.Authenticate (this.Configuration ["nexposeUser"], this.Configuration ["nexposePass"]);
using (NexposeManager11 manager = new NexposeManager11(session)) {
XmlDocument response = manager.SaveOrUpdateSite (doc.FirstChild);
d = response;
}
}
siteID = int.Parse (d.FirstChild.Attributes ["site-id"].Value);
this.ScanOptions.RemoteNexposeSiteID = siteID;
} else {
siteID = this.ScanOptions.RemoteNexposeSiteID;
}
using (NexposeSession session = new NexposeSession(this.Configuration["nexposeHost"])) {
session.Authenticate (this.Configuration ["nexposeUser"], this.Configuration ["nexposePass"]);
using (NexposeManager11 manager = new NexposeManager11(session)) {
XmlDocument response = manager.ScanSite (siteID.ToString ());
nexposeScanID = response.FirstChild.FirstChild.Attributes ["scan-id"].Value;
}
}
Console.WriteLine ("Done creating and starting NeXpose scan.");
}
Dictionary<NMapHost, IList<IToolResults >> results = new Dictionary<NMapHost, IList<IToolResults>> ();
services = new List<string> ();
foreach (var host in hosts) {
foreach (Port port in (host as NMapHost).Ports)
services.Add (port.Service);
NMapHost threadHost = host as NMapHost;
Console.WriteLine ("Starting scan for host: " + threadHost.Hostname + "(" + threadHost.IPAddressv4 + ")");
results.Add (threadHost, ScanHost (threadHost, this.ScanOptions.SQLMapOptions, this.Configuration));
}
toolResults = results;
bool done = false;
if (this.ScanOptions.IsNessusAssessment || this.ScanOptions.IsNexposeAssessment || this.ScanOptions.IsOpenVASAssessment) {
while (!done) {
if (!string.IsNullOrEmpty (openvasTaskID) && this.OpenVASScanIsRunning (openvasTaskID)) {
Console.WriteLine ("Waiting on OpenVAS scan " + openvasTaskID);
Thread.Sleep (new TimeSpan (0, 0, 60));
continue;
}
if (!string.IsNullOrEmpty (nessusScanID) && this.NessusScanIsRunning (nessusScanID)) {
Console.WriteLine ("Waiting on Nessus scan " + nessusScanID);
Thread.Sleep (new TimeSpan (0, 0, 60));
continue;
}
if (!string.IsNullOrEmpty (nexposeScanID) && this.NexposeScanIsRunning (nexposeScanID)) {
Console.WriteLine ("Waiting on NeXpose scan " + nexposeScanID);
Thread.Sleep (new TimeSpan (0, 0, 60));
continue;
}
done = true;
}
Dictionary<VulnerabilityScanType, string> scans = new Dictionary<VulnerabilityScanType, string> ();
if (!string.IsNullOrEmpty (openvasReportID))
scans.Add (VulnerabilityScanType.OpenVAS, openvasReportID);
if (!string.IsNullOrEmpty (nexposeScanID))
scans.Add (VulnerabilityScanType.Nexpose, this.ScanOptions.RemoteNexposeSiteID.ToString ());
if (!string.IsNullOrEmpty (nessusScanID))
scans.Add (VulnerabilityScanType.Nessus, nessusScanID);
Dictionary<VulnerabilityScanType, XmlNode> reports = this.GetReports (scans);
foreach (var report in reports) {
if (report.Key == VulnerabilityScanType.Nessus)
nessusScan = new NessusScan(report.Value);
else if (report.Key == VulnerabilityScanType.Nexpose)
nexposeScan = new NexposeScan(report.Value);
else if (report.Key == VulnerabilityScanType.OpenVAS)
openvasScan = new OpenVASScan(report.Value);
else
throw new Exception ("Don't know this scan type");
}
if (this.ScanOptions.IsMetasploitAssessment) {
string workspace = Guid.NewGuid ().ToString ();
this.CreateNewMetasploitWorkspace (workspace);
this.ImportScansIntoMetasploitPro (reports, workspace);
string proTaskID = this.BeginMetasploitProAssessment (workspace, csv, false);
while (this.MetasploitProAssessmentIsRunning(proTaskID)) {
Console.WriteLine ("Waiting on exploit assessment from metasploit: task " + proTaskID);
System.Threading.Thread.Sleep (new TimeSpan (0, 0, 30));
}
metasploitScan = new MetasploitScan(this.GetMetasploitProReport (workspace));
}
}
TimeSpan duration = DateTime.Now - start;
this.Duration = duration.TotalSeconds.ToString ();
this.HasRun = true;
}
public static void Main(string[] args)
{
string conn = "Server=192.168.1.5;";
conn += "Port=5433;";
conn += "Database=rising_sun;";
conn += "User Id=postgres;";
conn += "Password=password;";
conn += "SSL=true;";
IPersistenceConfigurer config = PostgreSQLConfiguration.PostgreSQL82
.ConnectionString (conn);
ISessionFactory factory = Fluently.Configure ()
.Database (config)
.Mappings (m =>
m.FluentMappings.AddFromAssemblyOf<PersistentMetasploitScan> ())
.Mappings (m =>
m.FluentMappings.AddFromAssemblyOf<PersistentOpenVASNVT> ())
.Mappings (m =>
m.FluentMappings.AddFromAssemblyOf<PersistentNessusScan> ())
.Mappings (m =>
m.FluentMappings.AddFromAssemblyOf<PersistentNexposeScan> ())
.BuildSessionFactory ();
string msf = "/home/bperry/tmp/metasploit.xml";
string ovas = "/home/bperry/tmp/openvas.xml";
string nx = "/home/bperry/tmp/nexpose.xml";
string nss = "/home/bperry/tmp/nessus.xml";
XmlDocument doc = new XmlDocument();
doc.LoadXml(System.IO.File.ReadAllText(ovas));
OpenVASScan ovasScan = new OpenVASScan(doc.FirstChild);
doc = new XmlDocument();
doc.LoadXml(System.IO.File.ReadAllText(nx));
NexposeScan nxScan = new NexposeScan(doc.FirstChild);
doc = new XmlDocument();
doc.LoadXml(System.IO.File.ReadAllText(nss));
NessusScan nssScan = new NessusScan(doc.LastChild);
doc = new XmlDocument();
doc.LoadXml(System.IO.File.ReadAllText(msf));
MetasploitScan msfScan = new MetasploitScan(doc.LastChild);
PersistentMetasploitScan pmsfScan = new PersistentMetasploitScan(msfScan);
pmsfScan.SetCreationInfo(Guid.Empty, true);
PersistentNessusScan pnssScan = new PersistentNessusScan(nssScan);
pnssScan.SetCreationInfo(Guid.Empty, true);
PersistentOpenVASScan povasScan = new PersistentOpenVASScan(ovasScan);
povasScan.SetCreationInfo(Guid.Empty, true);
PersistentNexposeScan pnxScan = new PersistentNexposeScan(nxScan);
pnxScan.SetCreationInfo(Guid.Empty, true);
using(ISession session = factory.OpenSession())
{
using (ITransaction x = session.BeginTransaction())
{
try
{
pmsfScan.ParentScanID = Guid.NewGuid();
Console.WriteLine("Saving metasploit");
session.Save(pmsfScan);
x.Commit();
}
catch (Exception ex)
{
Console.WriteLine("I broke, rolling back...");
x.Rollback();
throw ex;
}
}
using (ITransaction x = session.BeginTransaction())
{
try
{
pnssScan.ParentScanID = Guid.NewGuid();
Console.WriteLine("Saving nessus");
session.Save(pnssScan);
x.Commit();
}
catch (Exception ex)
{
Console.WriteLine("I broke, rolling back...");
x.Rollback();
throw ex;
}
}
using (ITransaction x = session.BeginTransaction())
{
try
{
povasScan.ParentScanID = Guid.NewGuid();
Console.WriteLine("Saving openvas");
session.Save(povasScan);
x.Commit();
}
catch (Exception ex)
{
Console.WriteLine("I broke, rolling back...");
x.Rollback();
throw ex;
}
}
using (ITransaction x = session.BeginTransaction())
{
try
{
pnxScan.ParentScanID = Guid.NewGuid();
Console.WriteLine("Saving nexpose");
session.Save(pnxScan);
x.Commit();
}
catch (Exception ex)
{
Console.WriteLine("I broke, rolling back...");
x.Rollback();
throw ex;
}
}
}
Console.WriteLine("yay?");
}