protected void gvHosts_OnRowDataBound(object sender, GridViewRowEventArgs e)
{
if (e.Row.DataItem != null)
{
Button btnHost = (e.Row.FindControl("btnGoToHost") as Button);
Label lblHostname = (e.Row.FindControl("lblHostname") as Label);
Label lblOverallRisk = (e.Row.FindControl("lblOverallRisk") as Label);
Label lblNessusGrade = (e.Row.FindControl("lblNessusGrade") as Label);
Label lblNexposeGrade = (e.Row.FindControl("lblNexposeGrade") as Label);
Label lblOpenVASGrade = (e.Row.FindControl("lblOpenVASGrade") as Label);
Label lblMetasploitGrade = (e.Row.FindControl("lblMetasploitGrade") as Label);
Label lblExploitable = (e.Row.FindControl("lblExploitable") as Label);
DataTableObject obj = e.Row.DataItem as DataTableObject;
lblHostname.Text = obj.HostName;
btnHost.Text = obj.IP;
btnHost.CommandArgument = obj.HostID.ToString();
lblOverallRisk.Text = (((double)(obj.NexposeGrade + obj.NessusGrade + obj.OpenVASGrade + obj.MetasploitGrade)) / 4d).ToString();
lblMetasploitGrade.Text = obj.MetasploitGrade.ToString();
lblNessusGrade.Text = obj.NessusGrade.ToString();
lblNexposeGrade.Text = obj.NexposeGrade.ToString();
lblOpenVASGrade.Text = obj.OpenVASGrade.ToString();
lblExploitable.Text = obj.Exploits.ToString();
}
}
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
bool isNessus = false;
bool isOpenvas = false;
bool isNexpose = false;
bool isMetasploit = false;
PersistentProfile profile = this.CurrentScanSession.Get <PersistentProfile>(new Guid(this.Request["pid"]));
if (profile.CurrentResults == null)
{
return;
}
//whee
foreach (PersistentNMapHost host in profile.CurrentResults.PersistentHosts)
{
foreach (PersistentPort port in host.PersistentPorts)
{
}
}
this.CurrentProfile = profile;
PersistentScan latestScan = this.CurrentScanSession.CreateCriteria <PersistentScan>()
.Add(Restrictions.Eq("ParentProfileID", profile.ID))
.Add(Restrictions.Eq("HasRun", true))
.List <PersistentScan>()
.LastOrDefault();
PersistentNessusScan nssScan = this.CurrentScanSession.CreateCriteria <PersistentNessusScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentNessusScan>()
.SingleOrDefault();
if (nssScan != null)
{
isNessus = true;
}
PersistentOpenVASScan ovasScan = this.CurrentScanSession.CreateCriteria <PersistentOpenVASScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentOpenVASScan>()
.SingleOrDefault();
if (ovasScan != null)
{
isOpenvas = true;
}
PersistentNexposeScan nxScan = this.CurrentScanSession.CreateCriteria <PersistentNexposeScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentNexposeScan>()
.SingleOrDefault();
if (nxScan != null)
{
isNexpose = true;
}
PersistentMetasploitScan msfScan = this.CurrentScanSession.CreateCriteria <PersistentMetasploitScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentMetasploitScan>()
.SingleOrDefault();
if (msfScan != null)
{
isMetasploit = true;
}
List <DataTableObject> objs = new List <DataTableObject>();
foreach (PersistentNMapHost host in profile.CurrentResults.PersistentHosts)
{
DataTableObject obj = new DataTableObject();
obj.IP = host.IPAddressv4;
obj.HostName = host.Hostname;
PersistentNessusReportHost nssHost = null;
if (isNessus)
{
nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).SingleOrDefault();
if (nssHost != null)
{
obj.ScannedByNessus = true;
obj.NessusGrade = nssHost.PersistentReportItems.Where(r => int.Parse(r.Severity) > 0).Count();
}
else
{
obj.ScannedByNessus = false;
}
}
PersistentMetasploitHost msfHost = null;
if (isMetasploit)
{
msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).SingleOrDefault();
if (msfHost != null)
{
obj.ScannedByMetasploit = true;
obj.Exploits = msfHost.PersistentSessions.Count();
obj.MetasploitGrade = msfHost.PersistentVulnerabilities.Count();
}
else
{
obj.ScannedByMetasploit = false;
}
}
else
{
obj.ScannedByMetasploit = false;
}
PersistentNexposeAsset nxHost = null;
if (isNexpose)
{
nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).SingleOrDefault();
if (nxHost != null)
{
obj.ScannedByNexpose = true;
obj.NexposeGrade = nxHost.PersistentHostTests.Where(t => t.Status == "vulnerable-version" || t.Status == "vulnerable-exploited").Count();
foreach (PersistentNexposeHostService service in nxHost.PersistentServices)
{
obj.NexposeGrade += service.PersistentTests.Where(t => t.Status == "vulnerable-version" || t.Status == "vulnerable-exploited").Count();
}
}
else
{
obj.ScannedByNexpose = false;
}
}
else
{
obj.ScannedByNexpose = false;
}
List <PersistentReportResult> ovasHost = null;
if (isOpenvas)
{
ovasHost = new List <PersistentReportResult>();
foreach (PersistentReportResult result in ovasScan.PersistentResults)
{
if (result.Host == host.IPAddressv4)
{
ovasHost.Add(result);
}
}
if (ovasHost.Count() > 0)
{
obj.ScannedByOpenVAS = true;
obj.OpenVASGrade = ovasHost.Count();
}
else
{
obj.ScannedByOpenVAS = false;
}
}
else
{
obj.ScannedByOpenVAS = false;
}
obj.HostID = host.ProfileHost.ID;
objs.Add(obj);
}
gvHosts.DataSource = objs;
gvHosts.DataBind();
}
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
Guid hpid = new Guid(this.Request ["hpid"]);
Guid hid = new Guid(this.Request ["hid"]);
PersistentNMapHost host = this.CurrentProfile.CurrentResults.PersistentHosts
.Where(h => h.ProfileHost.ID == hid)
.Single();
PersistentPort port = host.PersistentPorts
.Where(p => p.ID == hpid)
.SingleOrDefault();
if (port == null)
{
return;
}
bool isNessus = false;
bool isNexpose = false;
bool isOpenVAS = false;
bool isMetasploit = false;
PersistentProfile profile = this.CurrentProfile;
host = profile.CurrentResults.PersistentHosts.Where(h => h.ProfileHost.ID == hid && h.IsActive).SingleOrDefault();
PersistentScan latestScan = this.CurrentScanSession.CreateCriteria <PersistentScan> ()
.Add(Restrictions.Eq("ParentProfileID", profile.ID))
.Add(Restrictions.Eq("HasRun", true))
.List <PersistentScan> ()
.LastOrDefault();
PersistentNessusScan nssScan = this.CurrentScanSession.CreateCriteria <PersistentNessusScan> ()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentNessusScan> ()
.SingleOrDefault();
if (nssScan != null)
{
isNessus = true;
}
PersistentOpenVASScan ovasScan = this.CurrentScanSession.CreateCriteria <PersistentOpenVASScan> ()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentOpenVASScan> ()
.SingleOrDefault();
if (ovasScan != null)
{
isOpenVAS = true;
}
PersistentNexposeScan nxScan = this.CurrentScanSession.CreateCriteria <PersistentNexposeScan> ()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentNexposeScan> ()
.SingleOrDefault();
if (nxScan != null)
{
isNexpose = true;
}
PersistentMetasploitScan msfScan = this.CurrentScanSession.CreateCriteria <PersistentMetasploitScan> ()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentMetasploitScan> ()
.SingleOrDefault();
if (msfScan != null)
{
isMetasploit = true;
}
if (isOpenVAS)
{
lblOpenVASPortResults.Text = "<h2><u>OpenVAS Results</u></h2>";
var results = ovasScan.PersistentResults.Where(r => r.Threat != "Log" && r.Host == host.IPAddressv4 && r.Port.Contains("(" + port.PortNumber + "/")).ToList();
List <DataTableObject> objs = new List <DataTableObject> ();
foreach (var result in results)
{
DataTableObject obj = new DataTableObject();
obj.Name = result.PersistentNVT.Name;
obj.Threat = result.Threat;
objs.Add(obj);
}
if (objs.Count() == 0)
{
lblOpenVASPortResults.Text = string.Empty;
lblOpenVASPortResults.Visible = false;
gvOpenVASPortResults.Visible = false;
}
else
{
gvOpenVASPortResults.DataSource = objs.Where(o => o.Threat != "Log").ToList();
gvOpenVASPortResults.DataBind();
}
}
else
{
gvOpenVASPortResults.Visible = false;
}
if (isNessus)
{
lblNessusPortResults.Text = "<h2><u>Nessus Results</u></h2>";
PersistentNessusReportHost nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).Single();
var items = nssHost.PersistentReportItems.Where(i => i.Severity != "0" && i.Port == port.PortNumber.ToString());
List <DataTableObject> objs = new List <DataTableObject> ();
foreach (var item in items)
{
DataTableObject obj = new DataTableObject();
obj.Name = item.PluginName;
obj.Threat = item.Severity;
objs.Add(obj);
}
if (objs.Count() == 0)
{
lblNessusPortResults.Text = string.Empty;
lblNessusPortResults.Visible = false;
gvNessusPortResults.Visible = false;
}
else
{
gvNessusPortResults.DataSource = objs.OrderByDescending(o => o.Threat).ToList();
gvNessusPortResults.DataBind();
}
}
else
{
gvNessusPortResults.Visible = false;
}
if (isNexpose)
{
lblNexposePortResults.Text = "<h2><u>Nexpose Results</u></h2>";
List <DataTableObject> objs = new List <DataTableObject> ();
PersistentNexposeAsset nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).Single();
if (nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Count() > 0)
{
PersistentNexposeHostService service = nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Single();
var tests = service.PersistentTests.Where(s => s.Status == "vulnerable-exploited" || s.Status == "vulnerable-version");
foreach (var test in tests)
{
DataTableObject obj = new DataTableObject();
string n = (new Regex("<.*?>", RegexOptions.Compiled)).Replace((test as NexposeTest).NexposeParagraph, string.Empty).Replace("<", "<").Replace(">", ">");
if (objs.Where(o => o.Name == n).Count() > 0)
{
continue;
}
obj.Name = n;
obj.Threat = test.IsPCICompliant ? "Pass" : "Fail";
objs.Add(obj);
}
}
if (objs.Count() == 0)
{
lblNexposePortResults.Text = string.Empty;
lblNexposePortResults.Visible = false;
gvNexposePortResults.Visible = false;
}
else
{
gvNexposePortResults.DataSource = objs.OrderByDescending(o => o.Name).ToList();
gvNexposePortResults.DataBind();
}
}
else
{
gvNexposePortResults.Visible = false;
}
if (isMetasploit)
{
PersistentMetasploitHost msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).Single();
var creds = msfHost.PersistentCredentials.Where(c => c.Port == port.PortNumber);
var sessions = msfHost.PersistentSessions.Where(s => s.Port == port.PortNumber.ToString());
}
else
{
}
if (port.Service == "ssh")
{
PersistentSSLScanResults sslResults = this.CurrentScanSession.CreateCriteria <PersistentSSLScanResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentSSLScanResults> ()
.FirstOrDefault();
if (sslResults != null)
{
//lblSSLScanHeader.Text = "<br /><br /><h3><u>SSL Scan Results</u></h3>";
//lblSSLScan.Text = sslResults.FullOutput.Replace ("\n", ",<br />");
}
}
if (port.Service == "snmp")
{
PersistentOneSixtyOneResults snmpResults = this.CurrentScanSession.CreateCriteria <PersistentOneSixtyOneResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentOneSixtyOneResults> ()
.FirstOrDefault();
if (snmpResults != null)
{
lblSNMPResultsHeader.Text = "<br /><br /><h3><u>SNMP Results</u></h3>";
lblSNMPResults.Text = snmpResults.FullOutput.Replace("\n", ",<br />");
}
}
else if (port.Service == "smb")
{
PersistentSMBClientResults smbResults = this.CurrentScanSession.CreateCriteria <PersistentSMBClientResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentSMBClientResults> ()
.FirstOrDefault();
if (smbResults != null)
{
lblSMBScanHeader.Text = "<br /><br /><h3><u>SMB Results</u></h3>";
lblSMBScan.Text = smbResults.FullOutput.Replace("\n", ",<br />");
}
}
else if (port.Service == "http" || port.Service == "https")
{
if (port.Service == "https")
{
PersistentSSLScanResults sslResults = this.CurrentScanSession.CreateCriteria <PersistentSSLScanResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentSSLScanResults> ()
.FirstOrDefault();
if (sslResults != null)
{
//lblSSLScanHeader.Text = "<br /><br /><h3><u>SSL Scan Results</u></h3>";
//lblSSLScan.Text = sslResults.FullOutput.Replace ("\n", ",<br />");
}
}
PersistentWapitiResults wapitiResults = this.CurrentScanSession.CreateCriteria <PersistentWapitiResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentWapitiResults> ()
.FirstOrDefault();
IList <PersistentSQLMapResults> results = this.CurrentScanSession.CreateCriteria <PersistentSQLMapResults> ()
.Add(Restrictions.Eq("ParentHostPortID", hpid))
.List <PersistentSQLMapResults> ();
List <PersistentSQLMapVulnerability> vulns = new List <PersistentSQLMapVulnerability> ();
foreach (var result in results)
{
vulns.AddRange(result.PersistentVulnerabilities.ToList());
}
if (wapitiResults != null && wapitiResults.Bugs != null)
{
var sqlInjectionPoints = wapitiResults.Bugs.Where(b => b.Info.Contains("SQL Injection") && !b.Info.Contains("Blind")).ToList();
var wxss = wapitiResults.Bugs.Where(b => b.Info.Contains("XSS")).ToList();
var wincludes = wapitiResults.Bugs.Where(b => b.Info.Contains("include"));
var wexecution = wapitiResults.Bugs.Where(b => b.Info.Contains("execution"));
List <NotSQLWebVuln> xss = new List <NotSQLWebVuln> ();
List <NotSQLWebVuln> includes = new List <NotSQLWebVuln> ();
List <NotSQLWebVuln> execution = new List <NotSQLWebVuln> ();
foreach (var x in wxss)
{
NotSQLWebVuln v = new NotSQLWebVuln();
v.Method = x.URL.Contains(x.Parameter) ? "GET" : "POST";
v.Parameter = x.Parameter;
v.URL = x.URL;
xss.Add(v);
}
foreach (var x in wincludes)
{
NotSQLWebVuln i = new NotSQLWebVuln();
i.Method = x.URL.Contains(x.Parameter) ? "GET" : "POST";
i.Parameter = x.Parameter;
i.URL = x.URL;
includes.Add(i);
}
foreach (var x in wexecution)
{
NotSQLWebVuln ex = new NotSQLWebVuln();
ex.Method = x.URL.Contains(x.Parameter) ? "GET" : "POST";
ex.Parameter = x.Parameter;
ex.URL = x.URL;
execution.Add(ex);
}
lblXSS.Text = "XSS Vulnerabilities";
gvXSS.DataSource = xss;
gvXSS.DataBind();
lblIncludes.Text = "Remote and Local File Include Vulnerabilities";
gvIncludes.DataSource = includes;
gvIncludes.DataBind();
lblCommandExecution.Text = "Remote Command Execution Vulnerabilities";
gvCommandExecution.DataSource = execution;
gvCommandExecution.DataBind();
if (sqlInjectionPoints.Count() > 0)
{
List <WebVuln> exploitedVulns = new List <WebVuln> ();
List <WebVuln> otherVulns = new List <WebVuln> ();
foreach (var bug in sqlInjectionPoints)
{
WebVuln v = new WebVuln();
v.URL = bug.URL;
v.Method = (bug.URL.Contains(bug.Parameter) ? "GET" : "POST");
var vul = vulns.Where(vuln => vuln.Target == bug.URL).FirstOrDefault();
v.IsExploitable = (vul != null) ? "Exploited with " + vul.PayloadType + " SQL injection." : string.Empty;
foreach (string parm in bug.Parameter.Split('&'))
{
if (parm.Contains("%BF%27%22%28"))
{
v.Parameter = "<b>" + parm.Split('=') [0] + "</b>";
}
else if (parm.Contains("%27+or+sleep%287%29%23"))
{
v.Parameter = parm.Split('=') [0];
if (string.IsNullOrEmpty(v.IsExploitable))
{
v.IsExploitable = "Exploited with a blind SQL injection.";
}
}
}
if (string.IsNullOrEmpty(v.IsExploitable))
{
otherVulns.Add(v);
continue;
}
exploitedVulns.Add(v);
}
lblPossibleSQLInjections.Text = "Possible SQL Injection Vulnerabilities";
gvPossibleInjectionPoints.DataSource = otherVulns;
gvPossibleInjectionPoints.DataBind();
lblSQLInjections.Text = "Exploitable SQL Injection Vulnerabilities";
gvSQLInjections.DataSource = exploitedVulns;
gvSQLInjections.DataBind();
}
}
PersistentNiktoResults niktoResults = this.CurrentScanSession.CreateCriteria <PersistentNiktoResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentNiktoResults> ()
.FirstOrDefault();
if (niktoResults != null)
{
lblNiktoResultsHeader.Text = "<h3><u>General Information or Insecure Configurations</u></h3>";
lblNiktoResults.Text = "<ul>";
foreach (var item in niktoResults.Items.Where(i => !string.IsNullOrEmpty(i.Data)))
{
lblNiktoResults.Text += "<li style=\"margin:5px;\">" + item.Data.Remove(0, 2) + "</li>";
}
lblNiktoResults.Text += "</ul>";
}
}
if (string.IsNullOrEmpty(lblNiktoResults.Text) && !string.IsNullOrEmpty(port.DeepScan))
{
lblNiktoResultsHeader.Text = "<h2><u>Deep scan results</u></h2>";
lblNiktoResults.Text = port.DeepScan.Replace("\n", "<br />");
}
}
protected override void OnInit(EventArgs e)
{
base.OnInit (e);
bool isNessus = false;
bool isNexpose = false;
bool isOpenVAS = false;
bool isMetasploit = false;
Guid hid = new Guid (Request ["hid"]);
PersistentProfile profile = this.CurrentProfile;
PersistentNMapHost host;
host = profile.CurrentResults.PersistentHosts.Where (h => h.ProfileHost.ID == hid && h.IsActive).SingleOrDefault ();
PersistentScan latestScan = this.CurrentScanSession.CreateCriteria<PersistentScan>()
.Add(Restrictions.Eq ("ParentProfileID", profile.ID))
.Add(Restrictions.Eq("HasRun", true))
.List<PersistentScan>()
.LastOrDefault();
PersistentNessusScan nssScan = null;
if (latestScan != null)
nssScan = this.CurrentScanSession.CreateCriteria<PersistentNessusScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List<PersistentNessusScan>()
.SingleOrDefault();
if (nssScan != null)
isNessus = true;
PersistentOpenVASScan ovasScan = null;
if (latestScan != null)
ovasScan = this.CurrentScanSession.CreateCriteria<PersistentOpenVASScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List<PersistentOpenVASScan>()
.SingleOrDefault();
if (ovasScan != null)
isOpenVAS = true;
PersistentNexposeScan nxScan = null;
if (latestScan != null)
nxScan = this.CurrentScanSession.CreateCriteria<PersistentNexposeScan>()
.Add(Restrictions.Eq ("ParentScanID", latestScan.ID))
.List<PersistentNexposeScan>()
.SingleOrDefault();
if (nxScan != null)
isNexpose = true;
PersistentMetasploitScan msfScan = null;
if (latestScan != null)
msfScan = this.CurrentScanSession.CreateCriteria<PersistentMetasploitScan>()
.Add(Restrictions.Eq ("ParentScanID", latestScan.ID))
.List<PersistentMetasploitScan>()
.SingleOrDefault();
if (msfScan != null)
isMetasploit = true;
lblHostname.Text = host.Hostname;
lblDeviceType.Text = host.DeviceType;
lblIPv4.Text = host.IPAddressv4;
lblNetworkDistance.Text = host.NetworkDistance;
lblOS.Text = host.OS;
List<DataTableObject> objs = new List<DataTableObject>();
foreach (PersistentPort port in host.PersistentPorts.Where(p => p.IsTCP))
{
DataTableObject obj = new DataTableObject();
obj.PortID = port.ID;
obj.Port = port.PortNumber;
obj.ServiceName = port.Service;
if (isMetasploit)
{
PersistentMetasploitHost msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).Single();
obj.MetasploitCredentials = msfHost.PersistentCredentials.Where(c => c.Port == port.PortNumber).Count();
obj.MetasploitExploits = msfHost.PersistentSessions.Where(s => s.Port == port.PortNumber.ToString()).Count();
obj.ScannedByMetasploit = true;
}
else
obj.ScannedByMetasploit = false;
if (isNessus)
{
PersistentNessusReportHost nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).Single();
obj.NessusGrade = nssHost.PersistentReportItems.Where(i => i.Severity != "0" && i.Port == port.PortNumber.ToString()).Count();
obj.ScannedByNessus = true;
}
else
obj.ScannedByNessus = false;
if (isNexpose)
{
PersistentNexposeAsset nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).Single();
if (nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Count() != 0)
{
PersistentNexposeHostService service = nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp") ).Single();
obj.NexposeGrade = service.PersistentTests.Where(t => t.Status == "vulnerable-exploited" || t.Status == "vulnerable-version").Count();
obj.ScannedByNexpose = true;
}
else
obj.ScannedByNexpose = false;
}
else
obj.ScannedByNexpose = false;
if (isOpenVAS)
{
obj.ScannedByOpenVAS = true;
obj.OpenVASGrade = ovasScan.PersistentResults.Where(r => r.Host == host.IPAddressv4 && r.Port.Contains("(" + port.PortNumber + "/")).Count();
}
else
obj.ScannedByOpenVAS = false;
objs.Add(obj);
}
gvPorts.DataSource = objs.OrderBy(o => o.Port);
gvPorts.DataBind();
}
protected override void OnInit(EventArgs e)
{
base.OnInit (e);
bool isNessus = false;
bool isOpenvas = false;
bool isNexpose = false;
bool isMetasploit = false;
PersistentProfile profile = this.CurrentScanSession.Get<PersistentProfile>(new Guid(this.Request["pid"]));
if (profile.CurrentResults == null)
{
return;
}
//whee
//should be eager loading these.
foreach (PersistentNMapHost host in profile.CurrentResults.PersistentHosts)
{
foreach (PersistentPort port in host.PersistentPorts)
{
}
}
this.CurrentProfile = profile;
PersistentScan latestScan = this.CurrentScanSession.CreateCriteria<PersistentScan>()
.Add(Restrictions.Eq ("ParentProfileID", profile.ID))
.Add(Restrictions.Eq("HasRun", true))
.List<PersistentScan>()
.LastOrDefault();
PersistentNessusScan nssScan = null;
if (latestScan != null)
nssScan = this.CurrentScanSession.CreateCriteria<PersistentNessusScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List<PersistentNessusScan>()
.SingleOrDefault();
if (nssScan != null)
isNessus = true;
PersistentOpenVASScan ovasScan = null;
if (latestScan != null)
ovasScan = this.CurrentScanSession.CreateCriteria<PersistentOpenVASScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List<PersistentOpenVASScan>()
.SingleOrDefault();
if (ovasScan != null)
isOpenvas = true;
PersistentNexposeScan nxScan = null;
if (latestScan != null)
nxScan = this.CurrentScanSession.CreateCriteria<PersistentNexposeScan>()
.Add(Restrictions.Eq ("ParentScanID", latestScan.ID))
.List<PersistentNexposeScan>()
.SingleOrDefault();
if (nxScan != null)
isNexpose = true;
PersistentMetasploitScan msfScan = null;
if (latestScan != null)
msfScan = this.CurrentScanSession.CreateCriteria<PersistentMetasploitScan>()
.Add(Restrictions.Eq ("ParentScanID", latestScan.ID))
.List<PersistentMetasploitScan>()
.SingleOrDefault();
if (msfScan != null)
isMetasploit = true;
List<DataTableObject> objs = new List<DataTableObject>();
foreach (PersistentNMapHost host in profile.CurrentResults.PersistentHosts)
{
DataTableObject obj = new DataTableObject();
obj.IP = host.IPAddressv4;
obj.HostName = host.Hostname;
PersistentNessusReportHost nssHost = null;
if (isNessus)
{
nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).SingleOrDefault();
if (nssHost != null)
{
obj.ScannedByNessus = true;
obj.NessusGrade = nssHost.PersistentReportItems.Where(r => int.Parse(r.Severity) > 0).Count();
}
else
obj.ScannedByNessus = false;
}
PersistentMetasploitHost msfHost = null;
if (isMetasploit)
{
msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).SingleOrDefault();
if (msfHost != null)
{
obj.ScannedByMetasploit = true;
obj.Exploits = msfHost.PersistentSessions.Count();
obj.MetasploitGrade = msfHost.PersistentVulnerabilities.Count();
}
else
obj.ScannedByMetasploit = false;
}
else
obj.ScannedByMetasploit = false;
PersistentNexposeAsset nxHost = null;
if (isNexpose)
{
nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).SingleOrDefault();
if (nxHost != null)
{
obj.ScannedByNexpose = true;
obj.NexposeGrade = nxHost.PersistentHostTests.Where(t => t.Status == "vulnerable-version" || t.Status == "vulnerable-exploited").Count();
foreach (PersistentNexposeHostService service in nxHost.PersistentServices)
obj.NexposeGrade += service.PersistentTests.Where(t => t.Status == "vulnerable-version" || t.Status == "vulnerable-exploited").Count();
}
else
obj.ScannedByNexpose = false;
}
else
obj.ScannedByNexpose = false;
List<PersistentReportResult> ovasHost = null;
if (isOpenvas)
{
ovasHost = new List<PersistentReportResult>();
foreach (PersistentReportResult result in ovasScan.PersistentResults)
{
if (result.Host == host.IPAddressv4)
ovasHost.Add(result);
}
if (ovasHost.Count() > 0)
{
obj.ScannedByOpenVAS = true;
obj.OpenVASGrade = ovasHost.Count();
}
else
obj.ScannedByOpenVAS = false;
}
else
obj.ScannedByOpenVAS = false;
obj.HostID = host.ProfileHost.ID;
objs.Add(obj);
}
gvHosts.DataSource = objs;
gvHosts.DataBind();
}
protected override void OnInit(EventArgs e)
{
base.OnInit (e);
Guid hpid = new Guid (this.Request ["hpid"]);
Guid hid = new Guid (this.Request ["hid"]);
PersistentNMapHost host = this.CurrentProfile.CurrentResults.PersistentHosts
.Where (h => h.ProfileHost.ID == hid)
.Single ();
PersistentPort port = host.PersistentPorts
.Where (p => p.ID == hpid)
.SingleOrDefault ();
if (port == null)
return;
bool isNessus = false;
bool isNexpose = false;
bool isOpenVAS = false;
bool isMetasploit = false;
PersistentProfile profile = this.CurrentProfile;
host = profile.CurrentResults.PersistentHosts.Where (h => h.ProfileHost.ID == hid && h.IsActive).SingleOrDefault ();
PersistentScan latestScan = this.CurrentScanSession.CreateCriteria<PersistentScan> ()
.Add (Restrictions.Eq ("ParentProfileID", profile.ID))
.Add (Restrictions.Eq ("HasRun", true))
.List<PersistentScan> ()
.LastOrDefault ();
PersistentNessusScan nssScan = this.CurrentScanSession.CreateCriteria<PersistentNessusScan> ()
.Add (Restrictions.Eq ("ParentScanID", latestScan.ID))
.List<PersistentNessusScan> ()
.SingleOrDefault ();
if (nssScan != null)
isNessus = true;
PersistentOpenVASScan ovasScan = this.CurrentScanSession.CreateCriteria<PersistentOpenVASScan> ()
.Add (Restrictions.Eq ("ParentScanID", latestScan.ID))
.List<PersistentOpenVASScan> ()
.SingleOrDefault ();
if (ovasScan != null)
isOpenVAS = true;
PersistentNexposeScan nxScan = this.CurrentScanSession.CreateCriteria<PersistentNexposeScan> ()
.Add (Restrictions.Eq ("ParentScanID", latestScan.ID))
.List<PersistentNexposeScan> ()
.SingleOrDefault ();
if (nxScan != null)
isNexpose = true;
PersistentMetasploitScan msfScan = this.CurrentScanSession.CreateCriteria<PersistentMetasploitScan> ()
.Add (Restrictions.Eq ("ParentScanID", latestScan.ID))
.List<PersistentMetasploitScan> ()
.SingleOrDefault ();
if (msfScan != null)
isMetasploit = true;
if (isOpenVAS) {
lblOpenVASPortResults.Text = "<h2><u>OpenVAS Results</u></h2>";
var results = ovasScan.PersistentResults.Where (r => r.Threat != "Log" && r.Host == host.IPAddressv4 && r.Port.Contains ("(" + port.PortNumber + "/")).ToList ();
List<DataTableObject> objs = new List<DataTableObject> ();
foreach (var result in results) {
DataTableObject obj = new DataTableObject ();
obj.Name = result.PersistentNVT.Name;
obj.Threat = result.Threat;
objs.Add (obj);
}
if (objs.Count () == 0) {
lblOpenVASPortResults.Text = string.Empty;
lblOpenVASPortResults.Visible = false;
gvOpenVASPortResults.Visible = false;
} else {
gvOpenVASPortResults.DataSource = objs.Where(o => o.Threat != "Log").ToList();
gvOpenVASPortResults.DataBind ();
}
} else {
gvOpenVASPortResults.Visible = false;
}
if (isNessus) {
lblNessusPortResults.Text = "<h2><u>Nessus Results</u></h2>";
PersistentNessusReportHost nssHost = nssScan.PersistentHosts.Where (h => h.PersistentHostProperties.HostIP == host.IPAddressv4).Single ();
var items = nssHost.PersistentReportItems.Where (i => i.Severity != "0" && i.Port == port.PortNumber.ToString ());
List<DataTableObject> objs = new List<DataTableObject> ();
foreach (var item in items) {
DataTableObject obj = new DataTableObject ();
obj.Name = item.PluginName;
obj.Threat = item.Severity;
objs.Add (obj);
}
if (objs.Count () == 0) {
lblNessusPortResults.Text = string.Empty;
lblNessusPortResults.Visible = false;
gvNessusPortResults.Visible = false;
} else {
gvNessusPortResults.DataSource = objs.OrderByDescending(o => o.Threat).ToList();
gvNessusPortResults.DataBind ();
}
} else {
gvNessusPortResults.Visible = false;
}
if (isNexpose) {
lblNexposePortResults.Text = "<h2><u>Nexpose Results</u></h2>";
List<DataTableObject> objs = new List<DataTableObject> ();
PersistentNexposeAsset nxHost = nxScan.PersistentAssets.Where (a => a.IPAddressV4 == host.IPAddressv4).Single ();
if (nxHost.PersistentServices.Where (s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Count () > 0) {
PersistentNexposeHostService service = nxHost.PersistentServices.Where (s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Single ();
var tests = service.PersistentTests.Where (s => s.Status == "vulnerable-exploited" || s.Status == "vulnerable-version");
foreach (var test in tests) {
DataTableObject obj = new DataTableObject ();
string n = (new Regex ("<.*?>", RegexOptions.Compiled)).Replace ((test as NexposeTest).NexposeParagraph, string.Empty).Replace ("<", "<").Replace (">", ">");
if (objs.Where (o => o.Name == n).Count () > 0)
continue;
obj.Name = n;
obj.Threat = test.IsPCICompliant ? "Pass" : "Fail";
objs.Add (obj);
}
}
if (objs.Count () == 0) {
lblNexposePortResults.Text = string.Empty;
lblNexposePortResults.Visible = false;
gvNexposePortResults.Visible = false;
} else {
gvNexposePortResults.DataSource = objs.OrderByDescending (o => o.Name).ToList ();
gvNexposePortResults.DataBind ();
}
} else {
gvNexposePortResults.Visible = false;
}
if (isMetasploit) {
PersistentMetasploitHost msfHost = msfScan.PersistentHosts.Where (h => h.Address == host.IPAddressv4).Single ();
var creds = msfHost.PersistentCredentials.Where (c => c.Port == port.PortNumber);
var sessions = msfHost.PersistentSessions.Where (s => s.Port == port.PortNumber.ToString ());
} else {
}
if (port.Service == "ssh") {
PersistentSSLScanResults sslResults = this.CurrentScanSession.CreateCriteria<PersistentSSLScanResults> ()
.Add (Restrictions.Eq ("HostPortID", hpid))
.List<PersistentSSLScanResults> ()
.FirstOrDefault ();
if (sslResults != null) {
//lblSSLScanHeader.Text = "<br /><br /><h3><u>SSL Scan Results</u></h3>";
//lblSSLScan.Text = sslResults.FullOutput.Replace ("\n", ",<br />");
}
}
if (port.Service == "snmp") {
PersistentOneSixtyOneResults snmpResults = this.CurrentScanSession.CreateCriteria<PersistentOneSixtyOneResults> ()
.Add (Restrictions.Eq ("HostPortID", hpid))
.List<PersistentOneSixtyOneResults> ()
.FirstOrDefault ();
if (snmpResults != null) {
lblSNMPResultsHeader.Text = "<br /><br /><h3><u>SNMP Results</u></h3>";
lblSNMPResults.Text = snmpResults.FullOutput.Replace ("\n", ",<br />");
}
} else if (port.Service == "smb") {
PersistentSMBClientResults smbResults = this.CurrentScanSession.CreateCriteria<PersistentSMBClientResults> ()
.Add (Restrictions.Eq ("HostPortID", hpid))
.List<PersistentSMBClientResults> ()
.FirstOrDefault ();
if (smbResults != null) {
lblSMBScanHeader.Text = "<br /><br /><h3><u>SMB Results</u></h3>";
lblSMBScan.Text = smbResults.FullOutput.Replace ("\n", ",<br />");
}
} else if (port.Service == "http" || port.Service == "https") {
if (port.Service == "https") {
PersistentSSLScanResults sslResults = this.CurrentScanSession.CreateCriteria<PersistentSSLScanResults> ()
.Add (Restrictions.Eq ("HostPortID", hpid))
.List<PersistentSSLScanResults> ()
.FirstOrDefault ();
if (sslResults != null) {
//lblSSLScanHeader.Text = "<br /><br /><h3><u>SSL Scan Results</u></h3>";
//lblSSLScan.Text = sslResults.FullOutput.Replace ("\n", ",<br />");
}
}
PersistentWapitiResults wapitiResults = this.CurrentScanSession.CreateCriteria<PersistentWapitiResults> ()
.Add (Restrictions.Eq ("HostPortID", hpid))
.List<PersistentWapitiResults> ()
.FirstOrDefault ();
IList<PersistentSQLMapResults> results = this.CurrentScanSession.CreateCriteria<PersistentSQLMapResults> ()
.Add (Restrictions.Eq ("ParentHostPortID", hpid))
.List<PersistentSQLMapResults> ();
List<PersistentSQLMapVulnerability> vulns = new List<PersistentSQLMapVulnerability> ();
foreach (var result in results)
vulns.AddRange (result.PersistentVulnerabilities.ToList ());
var sqlInjectionPoints = wapitiResults.Bugs.Where (b => b.Info.Contains ("SQL Injection") && !b.Info.Contains ("Blind")).ToList ();
var wxss = wapitiResults.Bugs.Where (b => b.Info.Contains ("XSS")).ToList ();
var wincludes = wapitiResults.Bugs.Where (b => b.Info.Contains ("include"));
var wexecution = wapitiResults.Bugs.Where (b => b.Info.Contains ("execution"));
List<NotSQLWebVuln> xss = new List<NotSQLWebVuln> ();
List<NotSQLWebVuln> includes = new List<NotSQLWebVuln> ();
List<NotSQLWebVuln> execution = new List<NotSQLWebVuln> ();
foreach (var x in wxss) {
NotSQLWebVuln v = new NotSQLWebVuln ();
v.Method = x.URL.Contains (x.Parameter) ? "GET" : "POST";
v.Parameter = x.Parameter;
v.URL = x.URL;
xss.Add (v);
}
foreach (var x in wincludes) {
NotSQLWebVuln i = new NotSQLWebVuln ();
i.Method = x.URL.Contains (x.Parameter) ? "GET" : "POST";
i.Parameter = x.Parameter;
i.URL = x.URL;
includes.Add (i);
}
foreach (var x in wexecution) {
NotSQLWebVuln ex = new NotSQLWebVuln ();
ex.Method = x.URL.Contains (x.Parameter) ? "GET" : "POST";
ex.Parameter = x.Parameter;
ex.URL = x.URL;
execution.Add (ex);
}
lblXSS.Text = "XSS Vulnerabilities";
gvXSS.DataSource = xss;
gvXSS.DataBind ();
lblIncludes.Text = "Remote and Local File Include Vulnerabilities";
gvIncludes.DataSource = includes;
gvIncludes.DataBind ();
lblCommandExecution.Text = "Remote Command Execution Vulnerabilities";
gvCommandExecution.DataSource = execution;
gvCommandExecution.DataBind ();
if (sqlInjectionPoints.Count () > 0) {
List<WebVuln> exploitedVulns = new List<WebVuln> ();
List<WebVuln> otherVulns = new List<WebVuln> ();
foreach (var bug in sqlInjectionPoints) {
WebVuln v = new WebVuln ();
v.URL = bug.URL;
v.Method = (bug.URL.Contains (bug.Parameter) ? "GET" : "POST");
var vul = vulns.Where (vuln => vuln.Target == bug.URL).FirstOrDefault ();
v.IsExploitable = (vul != null) ? "Exploited with " + vul.PayloadType + " SQL injection." : string.Empty;
foreach (string parm in bug.Parameter.Split('&')) {
if (parm.Contains ("%BF%27%22%28"))
v.Parameter = "<b>" + parm.Split ('=') [0] + "</b>";
else if (parm.Contains ("%27+or+sleep%287%29%23")) {
v.Parameter = parm.Split ('=') [0];
if (string.IsNullOrEmpty (v.IsExploitable))
v.IsExploitable = "Exploited with a blind SQL injection.";
}
}
if (string.IsNullOrEmpty (v.IsExploitable)) {
otherVulns.Add (v);
continue;
}
exploitedVulns.Add (v);
}
lblPossibleSQLInjections.Text = "Possible SQL Injection Vulnerabilities";
gvPossibleInjectionPoints.DataSource = otherVulns;
gvPossibleInjectionPoints.DataBind ();
lblSQLInjections.Text = "Exploitable SQL Injection Vulnerabilities";
gvSQLInjections.DataSource = exploitedVulns;
gvSQLInjections.DataBind ();
}
PersistentNiktoResults niktoResults = this.CurrentScanSession.CreateCriteria<PersistentNiktoResults> ()
.Add (Restrictions.Eq ("HostPortID", hpid))
.List<PersistentNiktoResults> ()
.FirstOrDefault ();
if (niktoResults != null) {
lblNiktoResultsHeader.Text = "<h3><u>General Information or Insecure Configurations</u></h3>";
lblNiktoResults.Text = "<ul>";
foreach (var item in niktoResults.Items.Where(i=>!string.IsNullOrEmpty(i.Data)))
lblNiktoResults.Text += "<li style=\"margin:5px;\">" + item.Data.Remove (0, 2) + "</li>";
lblNiktoResults.Text += "</ul>";
}
}
if (string.IsNullOrEmpty (lblNiktoResults.Text) && !string.IsNullOrEmpty (port.DeepScan)) {
lblNiktoResultsHeader.Text = "<h2><u>Deep scan results</u></h2>";
lblNiktoResults.Text = port.DeepScan.Replace ("\n", "<br />");
}
}
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
bool isNessus = false;
bool isNexpose = false;
bool isOpenVAS = false;
bool isMetasploit = false;
Guid hid = new Guid(Request ["hid"]);
PersistentProfile profile = this.CurrentProfile;
PersistentNMapHost host;
host = profile.CurrentResults.PersistentHosts.Where(h => h.ProfileHost.ID == hid && h.IsActive).SingleOrDefault();
PersistentScan latestScan = this.CurrentScanSession.CreateCriteria <PersistentScan>()
.Add(Restrictions.Eq("ParentProfileID", profile.ID))
.Add(Restrictions.Eq("HasRun", true))
.List <PersistentScan>()
.LastOrDefault();
PersistentNessusScan nssScan = this.CurrentScanSession.CreateCriteria <PersistentNessusScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentNessusScan>()
.SingleOrDefault();
if (nssScan != null)
{
isNessus = true;
}
PersistentOpenVASScan ovasScan = this.CurrentScanSession.CreateCriteria <PersistentOpenVASScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentOpenVASScan>()
.SingleOrDefault();
if (ovasScan != null)
{
isOpenVAS = true;
}
PersistentNexposeScan nxScan = this.CurrentScanSession.CreateCriteria <PersistentNexposeScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentNexposeScan>()
.SingleOrDefault();
if (nxScan != null)
{
isNexpose = true;
}
PersistentMetasploitScan msfScan = this.CurrentScanSession.CreateCriteria <PersistentMetasploitScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentMetasploitScan>()
.SingleOrDefault();
if (msfScan != null)
{
isMetasploit = true;
}
lblHostname.Text = host.Hostname;
lblDeviceType.Text = host.DeviceType;
lblIPv4.Text = host.IPAddressv4;
lblNetworkDistance.Text = host.NetworkDistance;
lblOS.Text = host.OS;
List <DataTableObject> objs = new List <DataTableObject>();
foreach (PersistentPort port in host.PersistentPorts.Where(p => p.IsTCP))
{
DataTableObject obj = new DataTableObject();
obj.PortID = port.ID;
obj.Port = port.PortNumber;
obj.ServiceName = port.Service;
if (isMetasploit)
{
PersistentMetasploitHost msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).Single();
obj.MetasploitCredentials = msfHost.PersistentCredentials.Where(c => c.Port == port.PortNumber).Count();
obj.MetasploitExploits = msfHost.PersistentSessions.Where(s => s.Port == port.PortNumber.ToString()).Count();
obj.ScannedByMetasploit = true;
}
else
{
obj.ScannedByMetasploit = false;
}
if (isNessus)
{
PersistentNessusReportHost nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).Single();
obj.NessusGrade = nssHost.PersistentReportItems.Where(i => i.Severity != "0" && i.Port == port.PortNumber.ToString()).Count();
obj.ScannedByNessus = true;
}
else
{
obj.ScannedByNessus = false;
}
if (isNexpose)
{
PersistentNexposeAsset nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).Single();
if (nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Count() != 0)
{
PersistentNexposeHostService service = nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Single();
obj.NexposeGrade = service.PersistentTests.Where(t => t.Status == "vulnerable-exploited" || t.Status == "vulnerable-version").Count();
obj.ScannedByNexpose = true;
}
else
{
obj.ScannedByNexpose = false;
}
}
else
{
obj.ScannedByNexpose = false;
}
if (isOpenVAS)
{
obj.ScannedByOpenVAS = true;
obj.OpenVASGrade = ovasScan.PersistentResults.Where(r => r.Host == host.IPAddressv4 && r.Port.Contains("(" + port.PortNumber + "/")).Count();
}
else
{
obj.ScannedByOpenVAS = false;
}
objs.Add(obj);
}
gvPorts.DataSource = objs.OrderBy(o => o.Port);
gvPorts.DataBind();
}
