protected override void OnInit(EventArgs e)
{
base.OnInit(e);
Guid hpid = new Guid(this.Request ["hpid"]);
Guid hid = new Guid(this.Request ["hid"]);
PersistentNMapHost host = this.CurrentProfile.CurrentResults.PersistentHosts
.Where(h => h.ProfileHost.ID == hid)
.Single();
PersistentPort port = host.PersistentPorts
.Where(p => p.ID == hpid)
.SingleOrDefault();
if (port == null)
{
return;
}
bool isNessus = false;
bool isNexpose = false;
bool isOpenVAS = false;
bool isMetasploit = false;
PersistentProfile profile = this.CurrentProfile;
host = profile.CurrentResults.PersistentHosts.Where(h => h.ProfileHost.ID == hid && h.IsActive).SingleOrDefault();
PersistentScan latestScan = this.CurrentScanSession.CreateCriteria <PersistentScan> ()
.Add(Restrictions.Eq("ParentProfileID", profile.ID))
.Add(Restrictions.Eq("HasRun", true))
.List <PersistentScan> ()
.LastOrDefault();
PersistentNessusScan nssScan = this.CurrentScanSession.CreateCriteria <PersistentNessusScan> ()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentNessusScan> ()
.SingleOrDefault();
if (nssScan != null)
{
isNessus = true;
}
PersistentOpenVASScan ovasScan = this.CurrentScanSession.CreateCriteria <PersistentOpenVASScan> ()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentOpenVASScan> ()
.SingleOrDefault();
if (ovasScan != null)
{
isOpenVAS = true;
}
PersistentNexposeScan nxScan = this.CurrentScanSession.CreateCriteria <PersistentNexposeScan> ()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentNexposeScan> ()
.SingleOrDefault();
if (nxScan != null)
{
isNexpose = true;
}
PersistentMetasploitScan msfScan = this.CurrentScanSession.CreateCriteria <PersistentMetasploitScan> ()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentMetasploitScan> ()
.SingleOrDefault();
if (msfScan != null)
{
isMetasploit = true;
}
if (isOpenVAS)
{
lblOpenVASPortResults.Text = "<h2><u>OpenVAS Results</u></h2>";
var results = ovasScan.PersistentResults.Where(r => r.Threat != "Log" && r.Host == host.IPAddressv4 && r.Port.Contains("(" + port.PortNumber + "/")).ToList();
List <DataTableObject> objs = new List <DataTableObject> ();
foreach (var result in results)
{
DataTableObject obj = new DataTableObject();
obj.Name = result.PersistentNVT.Name;
obj.Threat = result.Threat;
objs.Add(obj);
}
if (objs.Count() == 0)
{
lblOpenVASPortResults.Text = string.Empty;
lblOpenVASPortResults.Visible = false;
gvOpenVASPortResults.Visible = false;
}
else
{
gvOpenVASPortResults.DataSource = objs.Where(o => o.Threat != "Log").ToList();
gvOpenVASPortResults.DataBind();
}
}
else
{
gvOpenVASPortResults.Visible = false;
}
if (isNessus)
{
lblNessusPortResults.Text = "<h2><u>Nessus Results</u></h2>";
PersistentNessusReportHost nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).Single();
var items = nssHost.PersistentReportItems.Where(i => i.Severity != "0" && i.Port == port.PortNumber.ToString());
List <DataTableObject> objs = new List <DataTableObject> ();
foreach (var item in items)
{
DataTableObject obj = new DataTableObject();
obj.Name = item.PluginName;
obj.Threat = item.Severity;
objs.Add(obj);
}
if (objs.Count() == 0)
{
lblNessusPortResults.Text = string.Empty;
lblNessusPortResults.Visible = false;
gvNessusPortResults.Visible = false;
}
else
{
gvNessusPortResults.DataSource = objs.OrderByDescending(o => o.Threat).ToList();
gvNessusPortResults.DataBind();
}
}
else
{
gvNessusPortResults.Visible = false;
}
if (isNexpose)
{
lblNexposePortResults.Text = "<h2><u>Nexpose Results</u></h2>";
List <DataTableObject> objs = new List <DataTableObject> ();
PersistentNexposeAsset nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).Single();
if (nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Count() > 0)
{
PersistentNexposeHostService service = nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Single();
var tests = service.PersistentTests.Where(s => s.Status == "vulnerable-exploited" || s.Status == "vulnerable-version");
foreach (var test in tests)
{
DataTableObject obj = new DataTableObject();
string n = (new Regex("<.*?>", RegexOptions.Compiled)).Replace((test as NexposeTest).NexposeParagraph, string.Empty).Replace("<", "<").Replace(">", ">");
if (objs.Where(o => o.Name == n).Count() > 0)
{
continue;
}
obj.Name = n;
obj.Threat = test.IsPCICompliant ? "Pass" : "Fail";
objs.Add(obj);
}
}
if (objs.Count() == 0)
{
lblNexposePortResults.Text = string.Empty;
lblNexposePortResults.Visible = false;
gvNexposePortResults.Visible = false;
}
else
{
gvNexposePortResults.DataSource = objs.OrderByDescending(o => o.Name).ToList();
gvNexposePortResults.DataBind();
}
}
else
{
gvNexposePortResults.Visible = false;
}
if (isMetasploit)
{
PersistentMetasploitHost msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).Single();
var creds = msfHost.PersistentCredentials.Where(c => c.Port == port.PortNumber);
var sessions = msfHost.PersistentSessions.Where(s => s.Port == port.PortNumber.ToString());
}
else
{
}
if (port.Service == "ssh")
{
PersistentSSLScanResults sslResults = this.CurrentScanSession.CreateCriteria <PersistentSSLScanResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentSSLScanResults> ()
.FirstOrDefault();
if (sslResults != null)
{
//lblSSLScanHeader.Text = "<br /><br /><h3><u>SSL Scan Results</u></h3>";
//lblSSLScan.Text = sslResults.FullOutput.Replace ("\n", ",<br />");
}
}
if (port.Service == "snmp")
{
PersistentOneSixtyOneResults snmpResults = this.CurrentScanSession.CreateCriteria <PersistentOneSixtyOneResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentOneSixtyOneResults> ()
.FirstOrDefault();
if (snmpResults != null)
{
lblSNMPResultsHeader.Text = "<br /><br /><h3><u>SNMP Results</u></h3>";
lblSNMPResults.Text = snmpResults.FullOutput.Replace("\n", ",<br />");
}
}
else if (port.Service == "smb")
{
PersistentSMBClientResults smbResults = this.CurrentScanSession.CreateCriteria <PersistentSMBClientResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentSMBClientResults> ()
.FirstOrDefault();
if (smbResults != null)
{
lblSMBScanHeader.Text = "<br /><br /><h3><u>SMB Results</u></h3>";
lblSMBScan.Text = smbResults.FullOutput.Replace("\n", ",<br />");
}
}
else if (port.Service == "http" || port.Service == "https")
{
if (port.Service == "https")
{
PersistentSSLScanResults sslResults = this.CurrentScanSession.CreateCriteria <PersistentSSLScanResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentSSLScanResults> ()
.FirstOrDefault();
if (sslResults != null)
{
//lblSSLScanHeader.Text = "<br /><br /><h3><u>SSL Scan Results</u></h3>";
//lblSSLScan.Text = sslResults.FullOutput.Replace ("\n", ",<br />");
}
}
PersistentWapitiResults wapitiResults = this.CurrentScanSession.CreateCriteria <PersistentWapitiResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentWapitiResults> ()
.FirstOrDefault();
IList <PersistentSQLMapResults> results = this.CurrentScanSession.CreateCriteria <PersistentSQLMapResults> ()
.Add(Restrictions.Eq("ParentHostPortID", hpid))
.List <PersistentSQLMapResults> ();
List <PersistentSQLMapVulnerability> vulns = new List <PersistentSQLMapVulnerability> ();
foreach (var result in results)
{
vulns.AddRange(result.PersistentVulnerabilities.ToList());
}
if (wapitiResults != null && wapitiResults.Bugs != null)
{
var sqlInjectionPoints = wapitiResults.Bugs.Where(b => b.Info.Contains("SQL Injection") && !b.Info.Contains("Blind")).ToList();
var wxss = wapitiResults.Bugs.Where(b => b.Info.Contains("XSS")).ToList();
var wincludes = wapitiResults.Bugs.Where(b => b.Info.Contains("include"));
var wexecution = wapitiResults.Bugs.Where(b => b.Info.Contains("execution"));
List <NotSQLWebVuln> xss = new List <NotSQLWebVuln> ();
List <NotSQLWebVuln> includes = new List <NotSQLWebVuln> ();
List <NotSQLWebVuln> execution = new List <NotSQLWebVuln> ();
foreach (var x in wxss)
{
NotSQLWebVuln v = new NotSQLWebVuln();
v.Method = x.URL.Contains(x.Parameter) ? "GET" : "POST";
v.Parameter = x.Parameter;
v.URL = x.URL;
xss.Add(v);
}
foreach (var x in wincludes)
{
NotSQLWebVuln i = new NotSQLWebVuln();
i.Method = x.URL.Contains(x.Parameter) ? "GET" : "POST";
i.Parameter = x.Parameter;
i.URL = x.URL;
includes.Add(i);
}
foreach (var x in wexecution)
{
NotSQLWebVuln ex = new NotSQLWebVuln();
ex.Method = x.URL.Contains(x.Parameter) ? "GET" : "POST";
ex.Parameter = x.Parameter;
ex.URL = x.URL;
execution.Add(ex);
}
lblXSS.Text = "XSS Vulnerabilities";
gvXSS.DataSource = xss;
gvXSS.DataBind();
lblIncludes.Text = "Remote and Local File Include Vulnerabilities";
gvIncludes.DataSource = includes;
gvIncludes.DataBind();
lblCommandExecution.Text = "Remote Command Execution Vulnerabilities";
gvCommandExecution.DataSource = execution;
gvCommandExecution.DataBind();
if (sqlInjectionPoints.Count() > 0)
{
List <WebVuln> exploitedVulns = new List <WebVuln> ();
List <WebVuln> otherVulns = new List <WebVuln> ();
foreach (var bug in sqlInjectionPoints)
{
WebVuln v = new WebVuln();
v.URL = bug.URL;
v.Method = (bug.URL.Contains(bug.Parameter) ? "GET" : "POST");
var vul = vulns.Where(vuln => vuln.Target == bug.URL).FirstOrDefault();
v.IsExploitable = (vul != null) ? "Exploited with " + vul.PayloadType + " SQL injection." : string.Empty;
foreach (string parm in bug.Parameter.Split('&'))
{
if (parm.Contains("%BF%27%22%28"))
{
v.Parameter = "<b>" + parm.Split('=') [0] + "</b>";
}
else if (parm.Contains("%27+or+sleep%287%29%23"))
{
v.Parameter = parm.Split('=') [0];
if (string.IsNullOrEmpty(v.IsExploitable))
{
v.IsExploitable = "Exploited with a blind SQL injection.";
}
}
}
if (string.IsNullOrEmpty(v.IsExploitable))
{
otherVulns.Add(v);
continue;
}
exploitedVulns.Add(v);
}
lblPossibleSQLInjections.Text = "Possible SQL Injection Vulnerabilities";
gvPossibleInjectionPoints.DataSource = otherVulns;
gvPossibleInjectionPoints.DataBind();
lblSQLInjections.Text = "Exploitable SQL Injection Vulnerabilities";
gvSQLInjections.DataSource = exploitedVulns;
gvSQLInjections.DataBind();
}
}
PersistentNiktoResults niktoResults = this.CurrentScanSession.CreateCriteria <PersistentNiktoResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentNiktoResults> ()
.FirstOrDefault();
if (niktoResults != null)
{
lblNiktoResultsHeader.Text = "<h3><u>General Information or Insecure Configurations</u></h3>";
lblNiktoResults.Text = "<ul>";
foreach (var item in niktoResults.Items.Where(i => !string.IsNullOrEmpty(i.Data)))
{
lblNiktoResults.Text += "<li style=\"margin:5px;\">" + item.Data.Remove(0, 2) + "</li>";
}
lblNiktoResults.Text += "</ul>";
}
}
if (string.IsNullOrEmpty(lblNiktoResults.Text) && !string.IsNullOrEmpty(port.DeepScan))
{
lblNiktoResultsHeader.Text = "<h2><u>Deep scan results</u></h2>";
lblNiktoResults.Text = port.DeepScan.Replace("\n", "<br />");
}
}
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
bool isNessus = false;
bool isNexpose = false;
bool isOpenVAS = false;
bool isMetasploit = false;
Guid hid = new Guid(Request ["hid"]);
PersistentProfile profile = this.CurrentProfile;
PersistentNMapHost host;
host = profile.CurrentResults.PersistentHosts.Where(h => h.ProfileHost.ID == hid && h.IsActive).SingleOrDefault();
PersistentScan latestScan = this.CurrentScanSession.CreateCriteria <PersistentScan>()
.Add(Restrictions.Eq("ParentProfileID", profile.ID))
.Add(Restrictions.Eq("HasRun", true))
.List <PersistentScan>()
.LastOrDefault();
PersistentNessusScan nssScan = this.CurrentScanSession.CreateCriteria <PersistentNessusScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentNessusScan>()
.SingleOrDefault();
if (nssScan != null)
{
isNessus = true;
}
PersistentOpenVASScan ovasScan = this.CurrentScanSession.CreateCriteria <PersistentOpenVASScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentOpenVASScan>()
.SingleOrDefault();
if (ovasScan != null)
{
isOpenVAS = true;
}
PersistentNexposeScan nxScan = this.CurrentScanSession.CreateCriteria <PersistentNexposeScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentNexposeScan>()
.SingleOrDefault();
if (nxScan != null)
{
isNexpose = true;
}
PersistentMetasploitScan msfScan = this.CurrentScanSession.CreateCriteria <PersistentMetasploitScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentMetasploitScan>()
.SingleOrDefault();
if (msfScan != null)
{
isMetasploit = true;
}
lblHostname.Text = host.Hostname;
lblDeviceType.Text = host.DeviceType;
lblIPv4.Text = host.IPAddressv4;
lblNetworkDistance.Text = host.NetworkDistance;
lblOS.Text = host.OS;
List <DataTableObject> objs = new List <DataTableObject>();
foreach (PersistentPort port in host.PersistentPorts.Where(p => p.IsTCP))
{
DataTableObject obj = new DataTableObject();
obj.PortID = port.ID;
obj.Port = port.PortNumber;
obj.ServiceName = port.Service;
if (isMetasploit)
{
PersistentMetasploitHost msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).Single();
obj.MetasploitCredentials = msfHost.PersistentCredentials.Where(c => c.Port == port.PortNumber).Count();
obj.MetasploitExploits = msfHost.PersistentSessions.Where(s => s.Port == port.PortNumber.ToString()).Count();
obj.ScannedByMetasploit = true;
}
else
{
obj.ScannedByMetasploit = false;
}
if (isNessus)
{
PersistentNessusReportHost nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).Single();
obj.NessusGrade = nssHost.PersistentReportItems.Where(i => i.Severity != "0" && i.Port == port.PortNumber.ToString()).Count();
obj.ScannedByNessus = true;
}
else
{
obj.ScannedByNessus = false;
}
if (isNexpose)
{
PersistentNexposeAsset nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).Single();
if (nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Count() != 0)
{
PersistentNexposeHostService service = nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Single();
obj.NexposeGrade = service.PersistentTests.Where(t => t.Status == "vulnerable-exploited" || t.Status == "vulnerable-version").Count();
obj.ScannedByNexpose = true;
}
else
{
obj.ScannedByNexpose = false;
}
}
else
{
obj.ScannedByNexpose = false;
}
if (isOpenVAS)
{
obj.ScannedByOpenVAS = true;
obj.OpenVASGrade = ovasScan.PersistentResults.Where(r => r.Host == host.IPAddressv4 && r.Port.Contains("(" + port.PortNumber + "/")).Count();
}
else
{
obj.ScannedByOpenVAS = false;
}
objs.Add(obj);
}
gvPorts.DataSource = objs.OrderBy(o => o.Port);
gvPorts.DataBind();
}
