Example #1
0
        private bool OpenVASScanIsRunning(string openvasTaskID)
        {
            using (OpenVASManagerSession ovasSession = new OpenVASManagerSession(this.Configuration ["openvasUser"], this.Configuration ["openvasPass"], this.Configuration["openvasHost"])) {
                using (OpenVASObjectManager openvasManager = new OpenVASObjectManager(ovasSession)) {
                    XmlDocument taskInfo = openvasManager
                                           .GetTasks(openvasTaskID, true, false, false, string.Empty, string.Empty);

                    foreach (XmlNode child in taskInfo.FirstChild.ChildNodes)
                    {
                        if (child.Name != "task")
                        {
                            continue;
                        }

                        foreach (XmlNode c in child.ChildNodes)
                        {
                            if (c.Name != "status")
                            {
                                continue;
                            }

                            if (c.InnerText == "Done")
                            {
                                return(false);
                            }
                        }
                    }

                    return(true);
                }
            }
        }
Example #2
0
        private XmlNode GetOpenVASReport(string id)
        {
            string report = string.Empty;

            using (OpenVASManagerSession session = new OpenVASManagerSession(this.Configuration ["openvasUser"], this.Configuration ["openvasPass"], this.Configuration ["openvasHost"])) {
                using (OpenVASObjectManager manager = new OpenVASObjectManager(session)) {
                    report = manager.GetReportByID(id).OuterXml;
                }
            }

            XmlDocument doc = new XmlDocument();

            doc.LoadXml(report);

            return(doc.LastChild);
        }
Example #3
0
        public virtual void Run(out NessusScan nessusScan, out NexposeScan nexposeScan, out OpenVASScan openvasScan, out MetasploitScan metasploitScan, out Dictionary <NMapHost, IList <IToolResults> > toolResults)
        {
            if (this.Configuration == null)
            {
                throw new Exception("Configuration not set");
            }

            DateTime start = DateTime.Now;

            metasploitScan = null;
            nessusScan     = null;
            nexposeScan    = null;
            openvasScan    = null;

            string openvasTaskID = string.Empty;
            string nessusScanID  = string.Empty;
            string nexposeScanID = string.Empty;

            int uniqueNo = new Random().Next();

            IList <NMapHost> hosts = this.ParentProfile.CurrentResults.Hosts;

            if (hosts.Count() == 0)
            {
                Console.WriteLine("ERROR: no hosts in the profile. Aborting.");
                toolResults = null;
                return;
            }


            csv = string.Empty;

            foreach (NMapHost host in hosts)
            {
                csv = csv + host.IPAddressv4 + ", ";                 //trailing , is OK in this case
            }
            string openvasReportID = string.Empty;

            if (this.ScanOptions.IsOpenVASAssessment)
            {
                Console.WriteLine("Creating OpenVAS Scan...");

                OpenVASTarget target = new OpenVASTarget();
                target.Hosts          = csv;
                target.Name           = this.ParentProfile.Name + uniqueNo.ToString();
                target.SMBCredentials = new OpenVASLSCCredential();
                target.SSHCredentials = new OpenVASLSCCredential();

                using (OpenVASManagerSession ovasSession = new OpenVASManagerSession(this.Configuration ["openvasUser"], this.Configuration ["openvasPass"], this.Configuration ["openvasHost"])) {
                    using (OpenVASObjectManager openvasManager = new OpenVASObjectManager(ovasSession)) {
                        target = openvasManager.CreateTarget(target);

                        OpenVASConfig config = openvasManager.GetAllConfigs()
                                               .Where(c => c.RemoteConfigID == new Guid(this.Configuration ["openvasConfig"]))
                                               .SingleOrDefault();

                        OpenVASTask task = new OpenVASTask();

                        task.Comment = string.Format("Task for scan {0}", this.Name);
                        task.Target  = target;
                        task.Config  = config;

                        task = openvasManager.CreateTask(task);

                        XmlDocument taskResponse = openvasManager.StartTask(task.RemoteTaskID.ToString());

                        if (!taskResponse.FirstChild.Attributes ["status"].Value.StartsWith("20"))
                        {
                            throw new Exception("Creating OpenVAS scan failed: " +
                                                taskResponse.FirstChild.Attributes ["status_text"].Value
                                                );
                        }

                        openvasReportID = taskResponse.FirstChild.FirstChild.InnerText;
                        openvasTaskID   = task.RemoteTaskID.ToString();
                    }

                    Console.WriteLine("Done creating and starting OpenVAS scan.");
                }
            }

            if (this.ScanOptions.IsNessusAssessment)
            {
                Console.WriteLine("Creating Nessus scan...");
                using (NessusManagerSession nessusSession = new NessusManagerSession(this.Configuration["nessusHost"])) {
                    bool loggedIn = false;
                    nessusSession.Authenticate(this.Configuration ["nessusUser"], this.Configuration ["nessusPass"], 1234, out loggedIn);

                    if (!loggedIn)
                    {
                        throw new Exception("Invalid username/password");
                    }

                    using (NessusObjectManager nessusManager = new NessusObjectManager(nessusSession)) {
                        var tmp = nessusManager.CreateAndStartScan(csv, -2, this.Name + uniqueNo.ToString());

                        string scanName = tmp.Name;
                        nessusScanID = scanName;

                        string reportID = string.Empty;
                        foreach (XmlNode node in nessusManager.ListReports().LastChild.ChildNodes)
                        {
                            if (node.Name == "contents")
                            {
                                string tmpReportID = string.Empty;
                                foreach (XmlNode child in node.FirstChild.ChildNodes)
                                {
                                    foreach (XmlNode c in child.ChildNodes)
                                    {
                                        if (c.Name == "name")
                                        {
                                            tmpReportID = c.InnerText;
                                        }
                                        else if (c.Name == "readableName" && c.InnerText == scanName)
                                        {
                                            reportID = tmpReportID;
                                        }
                                    }
                                }
                                tmpReportID = string.Empty;
                            }
                        }
                    }
                    Console.WriteLine("Done creating and starting Nessus scan.");
                }
            }
            if (this.ScanOptions.IsNexposeAssessment)
            {
                Console.WriteLine("Creating NeXpose scan...");
                int siteID = 0;
                if (this.ScanOptions.RemoteNexposeSiteID <= 0)
                {
                    XmlDocument d           = null;
                    string      id          = "-1";
                    string      template    = "full-audit";
                    string      name        = this.Name + uniqueNo.ToString();
                    string      description = "A site for the the profile " + this.ParentProfile.Name;

                    string siteXml = "<Site id=\"" + id + "\" name=\"" + name + "\" description=\"" + description + "\">";

                    siteXml = siteXml + "<Hosts>";

                    foreach (string host in csv.Split(','))
                    {
                        siteXml = siteXml + "<host>" + host + "</host>";
                    }

                    siteXml = siteXml + "</Hosts>" +
                              "<Credentials></Credentials>" +
                              "<Alerting></Alerting>" +
                              "<ScanConfig configID=\"" + id + "\" name=\"" + name + "\" templateID=\"" + template + "\"></ScanConfig>" +
                              "</Site>";

                    XmlDocument doc = new XmlDocument();
                    doc.LoadXml(siteXml);

                    using (NexposeSession session = new NexposeSession(this.Configuration["nexposeHost"])) {
                        session.Authenticate(this.Configuration ["nexposeUser"], this.Configuration ["nexposePass"]);

                        using (NexposeManager11 manager = new NexposeManager11(session)) {
                            XmlDocument response = manager.SaveOrUpdateSite(doc.FirstChild);

                            d = response;
                        }
                    }

                    siteID = int.Parse(d.FirstChild.Attributes ["site-id"].Value);

                    this.ScanOptions.RemoteNexposeSiteID = siteID;
                }
                else
                {
                    siteID = this.ScanOptions.RemoteNexposeSiteID;
                }

                using (NexposeSession session = new NexposeSession(this.Configuration["nexposeHost"])) {
                    session.Authenticate(this.Configuration ["nexposeUser"], this.Configuration ["nexposePass"]);

                    using (NexposeManager11 manager = new NexposeManager11(session)) {
                        XmlDocument response = manager.ScanSite(siteID.ToString());

                        nexposeScanID = response.FirstChild.FirstChild.Attributes ["scan-id"].Value;
                    }
                }

                Console.WriteLine("Done creating and starting NeXpose scan.");
            }

            Dictionary <NMapHost, IList <IToolResults> > results = new Dictionary <NMapHost, IList <IToolResults> > ();

            services = new List <string> ();

            foreach (var host in hosts)
            {
                foreach (Port port in (host as NMapHost).Ports)
                {
                    services.Add(port.Service);
                }

                NMapHost threadHost = host as NMapHost;

                Console.WriteLine("Starting scan for host: " + threadHost.Hostname + "(" + threadHost.IPAddressv4 + ")");

                results.Add(threadHost, ScanHost(threadHost, this.ScanOptions.SQLMapOptions, this.Configuration));
            }

            toolResults = results;
            bool done = false;

            if (this.ScanOptions.IsNessusAssessment || this.ScanOptions.IsNexposeAssessment || this.ScanOptions.IsOpenVASAssessment)
            {
                while (!done)
                {
                    if (!string.IsNullOrEmpty(openvasTaskID) && this.OpenVASScanIsRunning(openvasTaskID))
                    {
                        Console.WriteLine("Waiting on OpenVAS scan " + openvasTaskID);
                        Thread.Sleep(new TimeSpan(0, 0, 60));
                        continue;
                    }

                    if (!string.IsNullOrEmpty(nessusScanID) && this.NessusScanIsRunning(nessusScanID))
                    {
                        Console.WriteLine("Waiting on Nessus scan " + nessusScanID);
                        Thread.Sleep(new TimeSpan(0, 0, 60));
                        continue;
                    }

                    if (!string.IsNullOrEmpty(nexposeScanID) && this.NexposeScanIsRunning(nexposeScanID))
                    {
                        Console.WriteLine("Waiting on NeXpose scan " + nexposeScanID);
                        Thread.Sleep(new TimeSpan(0, 0, 60));
                        continue;
                    }

                    done = true;
                }

                Dictionary <VulnerabilityScanType, string> scans = new Dictionary <VulnerabilityScanType, string> ();

                if (!string.IsNullOrEmpty(openvasReportID))
                {
                    scans.Add(VulnerabilityScanType.OpenVAS, openvasReportID);
                }

                if (!string.IsNullOrEmpty(nexposeScanID))
                {
                    scans.Add(VulnerabilityScanType.Nexpose, this.ScanOptions.RemoteNexposeSiteID.ToString());
                }

                if (!string.IsNullOrEmpty(nessusScanID))
                {
                    scans.Add(VulnerabilityScanType.Nessus, nessusScanID);
                }

                Dictionary <VulnerabilityScanType, XmlNode> reports = this.GetReports(scans);
                foreach (var report in reports)
                {
                    if (report.Key == VulnerabilityScanType.Nessus)
                    {
                        nessusScan = new NessusScan(report.Value);
                    }
                    else if (report.Key == VulnerabilityScanType.Nexpose)
                    {
                        nexposeScan = new NexposeScan(report.Value);
                    }
                    else if (report.Key == VulnerabilityScanType.OpenVAS)
                    {
                        openvasScan = new OpenVASScan(report.Value);
                    }
                    else
                    {
                        throw new Exception("Don't know this scan type");
                    }
                }

                if (this.ScanOptions.IsMetasploitAssessment)
                {
                    string workspace = Guid.NewGuid().ToString();
                    this.CreateNewMetasploitWorkspace(workspace);
                    this.ImportScansIntoMetasploitPro(reports, workspace);

                    string proTaskID = this.BeginMetasploitProAssessment(workspace, csv, false);

                    while (this.MetasploitProAssessmentIsRunning(proTaskID))
                    {
                        Console.WriteLine("Waiting on exploit assessment from metasploit: task " + proTaskID);
                        System.Threading.Thread.Sleep(new TimeSpan(0, 0, 30));
                    }

                    metasploitScan = new MetasploitScan(this.GetMetasploitProReport(workspace));
                }
            }

            TimeSpan duration = DateTime.Now - start;

            this.Duration = duration.TotalSeconds.ToString();

            this.HasRun = true;
        }