Exemple #1
0
        protected override void OnInit(EventArgs e)
        {
            base.OnInit(e);

            bool isNessus     = false;
            bool isOpenvas    = false;
            bool isNexpose    = false;
            bool isMetasploit = false;

            PersistentProfile profile = this.CurrentScanSession.Get <PersistentProfile>(new Guid(this.Request["pid"]));

            if (profile.CurrentResults == null)
            {
                return;
            }

            //whee
            foreach (PersistentNMapHost host in profile.CurrentResults.PersistentHosts)
            {
                foreach (PersistentPort port in host.PersistentPorts)
                {
                }
            }

            this.CurrentProfile = profile;

            PersistentScan latestScan = this.CurrentScanSession.CreateCriteria <PersistentScan>()
                                        .Add(Restrictions.Eq("ParentProfileID", profile.ID))
                                        .Add(Restrictions.Eq("HasRun", true))
                                        .List <PersistentScan>()
                                        .LastOrDefault();

            PersistentNessusScan nssScan = this.CurrentScanSession.CreateCriteria <PersistentNessusScan>()
                                           .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                           .List <PersistentNessusScan>()
                                           .SingleOrDefault();

            if (nssScan != null)
            {
                isNessus = true;
            }

            PersistentOpenVASScan ovasScan = this.CurrentScanSession.CreateCriteria <PersistentOpenVASScan>()
                                             .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                             .List <PersistentOpenVASScan>()
                                             .SingleOrDefault();

            if (ovasScan != null)
            {
                isOpenvas = true;
            }

            PersistentNexposeScan nxScan = this.CurrentScanSession.CreateCriteria <PersistentNexposeScan>()
                                           .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                           .List <PersistentNexposeScan>()
                                           .SingleOrDefault();

            if (nxScan != null)
            {
                isNexpose = true;
            }

            PersistentMetasploitScan msfScan = this.CurrentScanSession.CreateCriteria <PersistentMetasploitScan>()
                                               .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                               .List <PersistentMetasploitScan>()
                                               .SingleOrDefault();

            if (msfScan != null)
            {
                isMetasploit = true;
            }

            List <DataTableObject> objs = new List <DataTableObject>();

            foreach (PersistentNMapHost host in profile.CurrentResults.PersistentHosts)
            {
                DataTableObject obj = new DataTableObject();

                obj.IP       = host.IPAddressv4;
                obj.HostName = host.Hostname;

                PersistentNessusReportHost nssHost = null;
                if (isNessus)
                {
                    nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).SingleOrDefault();

                    if (nssHost != null)
                    {
                        obj.ScannedByNessus = true;
                        obj.NessusGrade     = nssHost.PersistentReportItems.Where(r => int.Parse(r.Severity) > 0).Count();
                    }
                    else
                    {
                        obj.ScannedByNessus = false;
                    }
                }

                PersistentMetasploitHost msfHost = null;
                if (isMetasploit)
                {
                    msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).SingleOrDefault();

                    if (msfHost != null)
                    {
                        obj.ScannedByMetasploit = true;
                        obj.Exploits            = msfHost.PersistentSessions.Count();
                        obj.MetasploitGrade     = msfHost.PersistentVulnerabilities.Count();
                    }
                    else
                    {
                        obj.ScannedByMetasploit = false;
                    }
                }
                else
                {
                    obj.ScannedByMetasploit = false;
                }

                PersistentNexposeAsset nxHost = null;
                if (isNexpose)
                {
                    nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).SingleOrDefault();

                    if (nxHost != null)
                    {
                        obj.ScannedByNexpose = true;
                        obj.NexposeGrade     = nxHost.PersistentHostTests.Where(t => t.Status == "vulnerable-version" || t.Status == "vulnerable-exploited").Count();

                        foreach (PersistentNexposeHostService service in nxHost.PersistentServices)
                        {
                            obj.NexposeGrade += service.PersistentTests.Where(t => t.Status == "vulnerable-version" || t.Status == "vulnerable-exploited").Count();
                        }
                    }
                    else
                    {
                        obj.ScannedByNexpose = false;
                    }
                }
                else
                {
                    obj.ScannedByNexpose = false;
                }

                List <PersistentReportResult> ovasHost = null;
                if (isOpenvas)
                {
                    ovasHost = new List <PersistentReportResult>();
                    foreach (PersistentReportResult result in ovasScan.PersistentResults)
                    {
                        if (result.Host == host.IPAddressv4)
                        {
                            ovasHost.Add(result);
                        }
                    }

                    if (ovasHost.Count() > 0)
                    {
                        obj.ScannedByOpenVAS = true;
                        obj.OpenVASGrade     = ovasHost.Count();
                    }
                    else
                    {
                        obj.ScannedByOpenVAS = false;
                    }
                }
                else
                {
                    obj.ScannedByOpenVAS = false;
                }

                obj.HostID = host.ProfileHost.ID;
                objs.Add(obj);
            }

            gvHosts.DataSource = objs;
            gvHosts.DataBind();
        }
Exemple #2
0
        protected override void OnInit(EventArgs e)
        {
            base.OnInit(e);

            Guid hpid = new Guid(this.Request ["hpid"]);
            Guid hid  = new Guid(this.Request ["hid"]);

            PersistentNMapHost host = this.CurrentProfile.CurrentResults.PersistentHosts
                                      .Where(h => h.ProfileHost.ID == hid)
                                      .Single();

            PersistentPort port = host.PersistentPorts
                                  .Where(p => p.ID == hpid)
                                  .SingleOrDefault();

            if (port == null)
            {
                return;
            }

            bool isNessus             = false;
            bool isNexpose            = false;
            bool isOpenVAS            = false;
            bool isMetasploit         = false;
            PersistentProfile profile = this.CurrentProfile;

            host = profile.CurrentResults.PersistentHosts.Where(h => h.ProfileHost.ID == hid && h.IsActive).SingleOrDefault();

            PersistentScan latestScan = this.CurrentScanSession.CreateCriteria <PersistentScan> ()
                                        .Add(Restrictions.Eq("ParentProfileID", profile.ID))
                                        .Add(Restrictions.Eq("HasRun", true))
                                        .List <PersistentScan> ()
                                        .LastOrDefault();

            PersistentNessusScan nssScan = this.CurrentScanSession.CreateCriteria <PersistentNessusScan> ()
                                           .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                           .List <PersistentNessusScan> ()
                                           .SingleOrDefault();

            if (nssScan != null)
            {
                isNessus = true;
            }

            PersistentOpenVASScan ovasScan = this.CurrentScanSession.CreateCriteria <PersistentOpenVASScan> ()
                                             .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                             .List <PersistentOpenVASScan> ()
                                             .SingleOrDefault();

            if (ovasScan != null)
            {
                isOpenVAS = true;
            }

            PersistentNexposeScan nxScan = this.CurrentScanSession.CreateCriteria <PersistentNexposeScan> ()
                                           .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                           .List <PersistentNexposeScan> ()
                                           .SingleOrDefault();

            if (nxScan != null)
            {
                isNexpose = true;
            }

            PersistentMetasploitScan msfScan = this.CurrentScanSession.CreateCriteria <PersistentMetasploitScan> ()
                                               .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                               .List <PersistentMetasploitScan> ()
                                               .SingleOrDefault();

            if (msfScan != null)
            {
                isMetasploit = true;
            }

            if (isOpenVAS)
            {
                lblOpenVASPortResults.Text = "<h2><u>OpenVAS Results</u></h2>";

                var results = ovasScan.PersistentResults.Where(r => r.Threat != "Log" && r.Host == host.IPAddressv4 && r.Port.Contains("(" + port.PortNumber + "/")).ToList();

                List <DataTableObject> objs = new List <DataTableObject> ();
                foreach (var result in results)
                {
                    DataTableObject obj = new DataTableObject();

                    obj.Name   = result.PersistentNVT.Name;
                    obj.Threat = result.Threat;

                    objs.Add(obj);
                }

                if (objs.Count() == 0)
                {
                    lblOpenVASPortResults.Text    = string.Empty;
                    lblOpenVASPortResults.Visible = false;
                    gvOpenVASPortResults.Visible  = false;
                }
                else
                {
                    gvOpenVASPortResults.DataSource = objs.Where(o => o.Threat != "Log").ToList();
                    gvOpenVASPortResults.DataBind();
                }
            }
            else
            {
                gvOpenVASPortResults.Visible = false;
            }

            if (isNessus)
            {
                lblNessusPortResults.Text = "<h2><u>Nessus Results</u></h2>";

                PersistentNessusReportHost nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).Single();

                var items = nssHost.PersistentReportItems.Where(i => i.Severity != "0" && i.Port == port.PortNumber.ToString());

                List <DataTableObject> objs = new List <DataTableObject> ();
                foreach (var item in items)
                {
                    DataTableObject obj = new DataTableObject();

                    obj.Name   = item.PluginName;
                    obj.Threat = item.Severity;

                    objs.Add(obj);
                }

                if (objs.Count() == 0)
                {
                    lblNessusPortResults.Text    = string.Empty;
                    lblNessusPortResults.Visible = false;
                    gvNessusPortResults.Visible  = false;
                }
                else
                {
                    gvNessusPortResults.DataSource = objs.OrderByDescending(o => o.Threat).ToList();
                    gvNessusPortResults.DataBind();
                }
            }
            else
            {
                gvNessusPortResults.Visible = false;
            }

            if (isNexpose)
            {
                lblNexposePortResults.Text = "<h2><u>Nexpose Results</u></h2>";

                List <DataTableObject> objs   = new List <DataTableObject> ();
                PersistentNexposeAsset nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).Single();

                if (nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Count() > 0)
                {
                    PersistentNexposeHostService service = nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Single();

                    var tests = service.PersistentTests.Where(s => s.Status == "vulnerable-exploited" || s.Status == "vulnerable-version");

                    foreach (var test in tests)
                    {
                        DataTableObject obj = new DataTableObject();

                        string n = (new Regex("<.*?>", RegexOptions.Compiled)).Replace((test as NexposeTest).NexposeParagraph, string.Empty).Replace("&lt;", "<").Replace("&gt;", ">");

                        if (objs.Where(o => o.Name == n).Count() > 0)
                        {
                            continue;
                        }

                        obj.Name   = n;
                        obj.Threat = test.IsPCICompliant ? "Pass" : "Fail";

                        objs.Add(obj);
                    }
                }

                if (objs.Count() == 0)
                {
                    lblNexposePortResults.Text    = string.Empty;
                    lblNexposePortResults.Visible = false;
                    gvNexposePortResults.Visible  = false;
                }
                else
                {
                    gvNexposePortResults.DataSource = objs.OrderByDescending(o => o.Name).ToList();
                    gvNexposePortResults.DataBind();
                }
            }
            else
            {
                gvNexposePortResults.Visible = false;
            }

            if (isMetasploit)
            {
                PersistentMetasploitHost msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).Single();

                var creds    = msfHost.PersistentCredentials.Where(c => c.Port == port.PortNumber);
                var sessions = msfHost.PersistentSessions.Where(s => s.Port == port.PortNumber.ToString());
            }
            else
            {
            }


            if (port.Service == "ssh")
            {
                PersistentSSLScanResults sslResults = this.CurrentScanSession.CreateCriteria <PersistentSSLScanResults> ()
                                                      .Add(Restrictions.Eq("HostPortID", hpid))
                                                      .List <PersistentSSLScanResults> ()
                                                      .FirstOrDefault();

                if (sslResults != null)
                {
                    //lblSSLScanHeader.Text = "<br /><br /><h3><u>SSL Scan Results</u></h3>";
                    //lblSSLScan.Text = sslResults.FullOutput.Replace ("\n", ",<br />");
                }
            }

            if (port.Service == "snmp")
            {
                PersistentOneSixtyOneResults snmpResults = this.CurrentScanSession.CreateCriteria <PersistentOneSixtyOneResults> ()
                                                           .Add(Restrictions.Eq("HostPortID", hpid))
                                                           .List <PersistentOneSixtyOneResults> ()
                                                           .FirstOrDefault();

                if (snmpResults != null)
                {
                    lblSNMPResultsHeader.Text = "<br /><br /><h3><u>SNMP Results</u></h3>";
                    lblSNMPResults.Text       = snmpResults.FullOutput.Replace("\n", ",<br />");
                }
            }
            else if (port.Service == "smb")
            {
                PersistentSMBClientResults smbResults = this.CurrentScanSession.CreateCriteria <PersistentSMBClientResults> ()
                                                        .Add(Restrictions.Eq("HostPortID", hpid))
                                                        .List <PersistentSMBClientResults> ()
                                                        .FirstOrDefault();
                if (smbResults != null)
                {
                    lblSMBScanHeader.Text = "<br /><br /><h3><u>SMB Results</u></h3>";
                    lblSMBScan.Text       = smbResults.FullOutput.Replace("\n", ",<br />");
                }
            }
            else if (port.Service == "http" || port.Service == "https")
            {
                if (port.Service == "https")
                {
                    PersistentSSLScanResults sslResults = this.CurrentScanSession.CreateCriteria <PersistentSSLScanResults> ()
                                                          .Add(Restrictions.Eq("HostPortID", hpid))
                                                          .List <PersistentSSLScanResults> ()
                                                          .FirstOrDefault();

                    if (sslResults != null)
                    {
                        //lblSSLScanHeader.Text = "<br /><br /><h3><u>SSL Scan Results</u></h3>";
                        //lblSSLScan.Text = sslResults.FullOutput.Replace ("\n", ",<br />");
                    }
                }
                PersistentWapitiResults wapitiResults = this.CurrentScanSession.CreateCriteria <PersistentWapitiResults> ()
                                                        .Add(Restrictions.Eq("HostPortID", hpid))
                                                        .List <PersistentWapitiResults> ()
                                                        .FirstOrDefault();

                IList <PersistentSQLMapResults> results = this.CurrentScanSession.CreateCriteria <PersistentSQLMapResults> ()
                                                          .Add(Restrictions.Eq("ParentHostPortID", hpid))
                                                          .List <PersistentSQLMapResults> ();

                List <PersistentSQLMapVulnerability> vulns = new List <PersistentSQLMapVulnerability> ();

                foreach (var result in results)
                {
                    vulns.AddRange(result.PersistentVulnerabilities.ToList());
                }


                if (wapitiResults != null && wapitiResults.Bugs != null)
                {
                    var sqlInjectionPoints = wapitiResults.Bugs.Where(b => b.Info.Contains("SQL Injection") && !b.Info.Contains("Blind")).ToList();
                    var wxss       = wapitiResults.Bugs.Where(b => b.Info.Contains("XSS")).ToList();
                    var wincludes  = wapitiResults.Bugs.Where(b => b.Info.Contains("include"));
                    var wexecution = wapitiResults.Bugs.Where(b => b.Info.Contains("execution"));


                    List <NotSQLWebVuln> xss       = new List <NotSQLWebVuln> ();
                    List <NotSQLWebVuln> includes  = new List <NotSQLWebVuln> ();
                    List <NotSQLWebVuln> execution = new List <NotSQLWebVuln> ();

                    foreach (var x in wxss)
                    {
                        NotSQLWebVuln v = new NotSQLWebVuln();

                        v.Method    = x.URL.Contains(x.Parameter) ? "GET" : "POST";
                        v.Parameter = x.Parameter;
                        v.URL       = x.URL;

                        xss.Add(v);
                    }

                    foreach (var x in wincludes)
                    {
                        NotSQLWebVuln i = new NotSQLWebVuln();

                        i.Method    = x.URL.Contains(x.Parameter) ? "GET" : "POST";
                        i.Parameter = x.Parameter;
                        i.URL       = x.URL;

                        includes.Add(i);
                    }

                    foreach (var x in wexecution)
                    {
                        NotSQLWebVuln ex = new NotSQLWebVuln();

                        ex.Method    = x.URL.Contains(x.Parameter) ? "GET" : "POST";
                        ex.Parameter = x.Parameter;
                        ex.URL       = x.URL;

                        execution.Add(ex);
                    }

                    lblXSS.Text      = "XSS Vulnerabilities";
                    gvXSS.DataSource = xss;
                    gvXSS.DataBind();

                    lblIncludes.Text      = "Remote and Local File Include Vulnerabilities";
                    gvIncludes.DataSource = includes;
                    gvIncludes.DataBind();

                    lblCommandExecution.Text      = "Remote Command Execution Vulnerabilities";
                    gvCommandExecution.DataSource = execution;
                    gvCommandExecution.DataBind();

                    if (sqlInjectionPoints.Count() > 0)
                    {
                        List <WebVuln> exploitedVulns = new List <WebVuln> ();
                        List <WebVuln> otherVulns     = new List <WebVuln> ();

                        foreach (var bug in sqlInjectionPoints)
                        {
                            WebVuln v = new WebVuln();

                            v.URL    = bug.URL;
                            v.Method = (bug.URL.Contains(bug.Parameter) ? "GET" : "POST");

                            var vul = vulns.Where(vuln => vuln.Target == bug.URL).FirstOrDefault();

                            v.IsExploitable = (vul != null) ? "Exploited with " + vul.PayloadType + " SQL injection." : string.Empty;

                            foreach (string parm in bug.Parameter.Split('&'))
                            {
                                if (parm.Contains("%BF%27%22%28"))
                                {
                                    v.Parameter = "<b>" + parm.Split('=') [0] + "</b>";
                                }
                                else if (parm.Contains("%27+or+sleep%287%29%23"))
                                {
                                    v.Parameter = parm.Split('=') [0];

                                    if (string.IsNullOrEmpty(v.IsExploitable))
                                    {
                                        v.IsExploitable = "Exploited with a blind SQL injection.";
                                    }
                                }
                            }

                            if (string.IsNullOrEmpty(v.IsExploitable))
                            {
                                otherVulns.Add(v);
                                continue;
                            }

                            exploitedVulns.Add(v);
                        }

                        lblPossibleSQLInjections.Text        = "Possible SQL Injection Vulnerabilities";
                        gvPossibleInjectionPoints.DataSource = otherVulns;
                        gvPossibleInjectionPoints.DataBind();

                        lblSQLInjections.Text      = "Exploitable SQL Injection Vulnerabilities";
                        gvSQLInjections.DataSource = exploitedVulns;
                        gvSQLInjections.DataBind();
                    }
                }

                PersistentNiktoResults niktoResults = this.CurrentScanSession.CreateCriteria <PersistentNiktoResults> ()
                                                      .Add(Restrictions.Eq("HostPortID", hpid))
                                                      .List <PersistentNiktoResults> ()
                                                      .FirstOrDefault();

                if (niktoResults != null)
                {
                    lblNiktoResultsHeader.Text = "<h3><u>General Information or Insecure Configurations</u></h3>";
                    lblNiktoResults.Text       = "<ul>";

                    foreach (var item in niktoResults.Items.Where(i => !string.IsNullOrEmpty(i.Data)))
                    {
                        lblNiktoResults.Text += "<li style=\"margin:5px;\">" + item.Data.Remove(0, 2) + "</li>";
                    }


                    lblNiktoResults.Text += "</ul>";
                }
            }

            if (string.IsNullOrEmpty(lblNiktoResults.Text) && !string.IsNullOrEmpty(port.DeepScan))
            {
                lblNiktoResultsHeader.Text = "<h2><u>Deep scan results</u></h2>";
                lblNiktoResults.Text       = port.DeepScan.Replace("\n", "<br />");
            }
        }
Exemple #3
0
        public static void Main()
        {
            string conn = "Server=" + ConfigurationManager.AppSettings ["PostgreSQL"] + ";";

            conn += "Port=" + ConfigurationManager.AppSettings ["PostgreSQLPort"] + ";";
            conn += "Database=rising_sun;";
            conn += "User Id=" + ConfigurationManager.AppSettings ["PostgreSQLUser"] + ";";
            conn += "Password="******"PostgreSQLPass"] + ";";
            conn += "SSL=true;";

            IPersistenceConfigurer config = PostgreSQLConfiguration.PostgreSQL82
                                            .ConnectionString(conn);

            ISessionFactory factory = Fluently.Configure()
                                      .Database(config)
                                      .Mappings(m =>
                                                m.FluentMappings.AddFromAssemblyOf <PersistentProfile> ())
                                      .Mappings(m =>
                                                m.FluentMappings.AddFromAssemblyOf <PersistentOpenVASNVT> ())
                                      .Mappings(m =>
                                                m.FluentMappings.AddFromAssemblyOf <PersistentNessusScan> ())
                                      .Mappings(m =>
                                                m.FluentMappings.AddFromAssemblyOf <PersistentNexposeScan> ())
                                      .Mappings(m =>
                                                m.FluentMappings.AddFromAssemblyOf <PersistentMetasploitScan> ())
                                      .BuildSessionFactory();

            Dictionary <string, string> conf = null;
            IList <PersistentProfile>   profilesToRun;

            using (ISession session = factory.OpenSession())
                using (ITransaction trans = session.BeginTransaction()) {
                    profilesToRun = session.CreateCriteria <PersistentProfile> ()
                                    .Add(Restrictions.Eq("HasRun", false))
                                    .Add(Restrictions.Eq("IsActive", true))
                                    .List <PersistentProfile> ();

                    foreach (PersistentProfile profile in profilesToRun)
                    {
                        if (profile.VirtualMachines.Count > 0)
                        {
                            using (VirtualboxManager manager = new VirtualboxManager("vboxmanage"))
                            {
                                foreach (var vm in profile.VirtualMachines)
                                {
                                    manager.StartVirtualMachine(vm);
                                }
                            }


                            Console.WriteLine("Letting vm's settle...waiting a bit");
                            for (int i = 0; i < 10; i++)
                            {
                                Console.Write(i);
                                System.Threading.Thread.Sleep(new TimeSpan(0, 0, 60));
                            }
                        }

                        List <List <IToolResults> > toolResults = null;

                        conf = new Dictionary <string, string> ();
                        conf.Add("sqlmapPath", ConfigurationManager.AppSettings ["sqlmapPath"]);
                        conf.Add("wapitiPath", ConfigurationManager.AppSettings ["wapitiPath"]);
                        conf.Add("nmapPath", ConfigurationManager.AppSettings ["nmapPath"]);
                        conf.Add("niktoPath", ConfigurationManager.AppSettings ["niktoPath"]);
                        conf.Add("onesixtyonePath", ConfigurationManager.AppSettings ["onesixtyonePath"]);
                        conf.Add("sslscanPath", ConfigurationManager.AppSettings ["sslscanPath"]);
                        conf.Add("smbclientPath", ConfigurationManager.AppSettings ["smbclientPath"]);
                        conf.Add("traceroutePath", ConfigurationManager.AppSettings ["traceroutePath"]);
                        conf.Add("whoisPath", ConfigurationManager.AppSettings ["whoisPath"]);
                        conf.Add("profileID", profile.ID.ToString());
                        conf.Add("API", ConfigurationManager.AppSettings["API"]);
                        conf.Add("UserID", ConfigurationManager.AppSettings["userID"]);

                        profile.Configuration = conf;

                        string newRange = string.Empty;

                        foreach (var host in profile.ProfileHosts)
                        {
                            newRange += host.IPv4Address + " ";
                        }

                        profile.Range = newRange;

                        profile.Run(out toolResults);

                        profile.CurrentResults.SetCreationInfo(profile.WebUserID);

                        foreach (PersistentNMapHost host in profile.CurrentResults.PersistentHosts)
                        {
                            host.CleanHost();

                            host.ProfileHost = profile.ProfileHosts.Where(ph => ph.IPv4Address == host.IPAddressv4).Single();

                            foreach (PersistentPort port in host.PersistentPorts)
                            {
                                port.CleanPort();
                                port.ParentProfile = profile;
                                port.SetCreationInfo(profile.WebUserID);
                            }

                            foreach (List <IToolResults> list in toolResults)
                            {
                                foreach (IToolResults results in list.Where(k => k.HostIPAddressV4 == host.IPAddressv4))
                                {
                                    //this isn't very refactor friendly
                                    //You can't switch on the Type supplied by GetType() since types can be ambiguous
                                    switch (results.GetType().Name)
                                    {
                                    case "SSLScanToolResults":
                                        PersistentSSLScanResults ssl = new PersistentSSLScanResults(results as SSLScanToolResults);
                                        ssl.HostPortID = host.PersistentPorts.Where(pp => pp.PortNumber == ssl.HostPort).FirstOrDefault().ID;
                                        ssl.SetCreationInfo(Guid.Empty);
                                        session.Save(ssl);
                                        break;

                                    case "NiktoToolResults":
                                        PersistentNiktoResults nikto = new PersistentNiktoResults(results as NiktoToolResults);

                                        nikto.Items = new List <PersistentNiktoItem>();

                                        string[] items = nikto.ParseOutput().ToArray();

                                        foreach (string item in items)
                                        {
                                            PersistentNiktoItem i   = new PersistentNiktoItem();
                                            DateTime            now = DateTime.Now;

                                            i.ID             = Guid.NewGuid();
                                            i.CreatedBy      = Guid.Empty;
                                            i.CreatedOn      = now;
                                            i.Data           = item;
                                            i.LastModifiedBy = Guid.Empty;
                                            i.LastModifiedOn = now;
                                            i.IsActive       = true;
                                            session.Save(i);
                                            nikto.Items.Add(i);
                                        }

                                        nikto.HostPortID = host.PersistentPorts.Where(pp => pp.PortNumber == nikto.HostPort).FirstOrDefault().ID;
                                        nikto.SetCreationInfo(Guid.Empty);
                                        session.Save(nikto);
                                        break;

                                    case "OneSixtyOneToolResults":
                                        PersistentOneSixtyOneResults onesixtyone = new PersistentOneSixtyOneResults(results as OneSixtyOneToolResults);
                                        onesixtyone.ParentPort = host.PersistentPorts.Where(pp => pp.PortNumber == onesixtyone.HostPort).FirstOrDefault();
                                        onesixtyone.HostPortID = onesixtyone.ParentPort.ID;
                                        onesixtyone.SetCreationInfo(Guid.Empty);
                                        session.Save(onesixtyone);
                                        break;

                                    case "SMBClientToolResults":
                                        PersistentSMBClientResults smb = new PersistentSMBClientResults(results as SMBClientToolResults);
                                        smb.ParentPort = host.PersistentPorts.Where(pp => pp.PortNumber == smb.HostPort).FirstOrDefault();
                                        smb.SetCreationInfo(Guid.Empty);
                                        //session.Save (smb);
                                        break;

                                    case "WhoisToolResults":
                                        PersistentWhoisResults whois = new PersistentWhoisResults(results as WhoisToolResults);
                                        whois.ParentNMapHost = host;
                                        whois.SetCreationInfo(Guid.Empty);
                                        session.Save(whois);
                                        break;

                                    case "TracerouteToolResults":
                                        PersistentTracerouteResults tracert = new PersistentTracerouteResults(results as TracerouteToolResults);
                                        tracert.ParentNMapHost = host;
                                        tracert.SetCreationInfo(Guid.Empty);
                                        session.Save(tracert);
                                        break;

                                    default:
                                        throw new Exception("Don't know type: " + results.GetType().Name);
                                    }
                                }
                            }

                            host.SetCreationInfo(profile.WebUserID);
                        }

                        profile.RunAfter = DateTime.Now.AddDays(profile.RunEvery.Days);
                        profile.HasRun   = true;
                        session.SaveOrUpdate(profile);
                    }

                    try {
                        trans.Commit();
                    } catch (Exception ex) {
                        trans.Rollback();

                        throw ex;
                    }
                }

            IList <PersistentScan> scansToRun;

            using (ISession session = factory.OpenSession()) {
                scansToRun = session.CreateCriteria <PersistentScan> ()
                             .Add(Restrictions.Eq("HasRun", false))
                             .Add(Restrictions.Eq("IsActive", true))
                             .List <PersistentScan> ();


                foreach (var scan in scansToRun)
                {
                    scan.ParentProfile.CurrentResults.PopulateNonPersistentHosts();
                    if (scan.ParentProfile.VirtualMachines.Count > 0)
                    {
                        using (VirtualboxManager manager = new VirtualboxManager("vboxmanage"))
                        {
                            foreach (var vm in scan.ParentProfile.VirtualMachines)
                            {
                                manager.StartVirtualMachine(vm);
                            }
                        }
                    }
                    NessusScan     nessusScan     = null;
                    NexposeScan    nexposeScan    = null;
                    OpenVASScan    openvasScan    = null;
                    MetasploitScan metasploitScan = null;

                    Dictionary <NMapHost, IList <IToolResults> > toolResults = new Dictionary <NMapHost, IList <IToolResults> > ();

                    conf = new Dictionary <string, string> ();

                    if (scan.ScanOptions.IsSQLMap)
                    {
                        conf.Add("wapitiPath", ConfigurationManager.AppSettings ["wapitiPath"]);
                        conf.Add("sqlmapPath", ConfigurationManager.AppSettings ["sqlmapPath"]);
                        conf.Add("isSQLMap", "true");
                    }
                    else
                    {
                        conf.Add("isSQLMap", "false");
                    }

                    if (scan.ScanOptions.IsDSXS)
                    {
                        if (!conf.ContainsKey("wapitiPath"))
                        {
                            conf.Add("wapitiPath", ConfigurationManager.AppSettings ["wapitiPath"]);
                        }

                        conf.Add("dsxsPath", ConfigurationManager.AppSettings ["dsxsPath"]);
                    }

                    if (scan.ScanOptions.IsNessusAssessment)
                    {
                        conf.Add("nessusHost", ConfigurationManager.AppSettings ["nessusHost"]);
                        conf.Add("nessusUser", ConfigurationManager.AppSettings ["nessusUser"]);
                        conf.Add("nessusPass", ConfigurationManager.AppSettings ["nessusPass"]);
                    }

                    if (scan.ScanOptions.IsNexposeAssessment)
                    {
                        conf.Add("nexposeHost", ConfigurationManager.AppSettings ["nexposeHost"]);
                        conf.Add("nexposeUser", ConfigurationManager.AppSettings ["nexposeUser"]);
                        conf.Add("nexposePass", ConfigurationManager.AppSettings ["nexposePass"]);
                    }

                    if (scan.ScanOptions.IsOpenVASAssessment)
                    {
                        conf.Add("openvasHost", ConfigurationManager.AppSettings ["openvasHost"]);
                        conf.Add("openvasUser", ConfigurationManager.AppSettings ["openvasUser"]);
                        conf.Add("openvasPass", ConfigurationManager.AppSettings ["openvasPass"]);

                        string url = ConfigurationManager.AppSettings ["API"] + "/GetOpenVASConfigs.ashx";

                        HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest;

                        string xml = string.Empty;

                        using (StreamReader reader = new StreamReader(request.GetResponse().GetResponseStream()))
                            xml = reader.ReadToEnd();

                        XmlDocument doc = new XmlDocument();
                        doc.LoadXml(xml);

                        List <OpenVASConfig> configs = new List <OpenVASConfig> ();

                        foreach (XmlNode c in doc.FirstChild.ChildNodes)
                        {
                            configs.Add(new OpenVASConfig(c));
                        }

                        conf.Add("openvasConfig", configs.Where(c => c.Name == "Full and fast").Single().RemoteConfigID.ToString());
                    }

                    if (scan.ScanOptions.IsMetasploitAssessment)
                    {
                        conf.Add("tmpSshfsDir", ConfigurationManager.AppSettings ["tmpSshfsDir"]);
                        conf.Add("metasploitHost", ConfigurationManager.AppSettings ["metasploitHost"]);
                        conf.Add("metasploitUser", ConfigurationManager.AppSettings ["metasploitUser"]);
                        conf.Add("metasploitPass", ConfigurationManager.AppSettings ["metasploitPass"]);
                    }

                    scan.Configuration = conf;

                    scan.Run(out nessusScan, out nexposeScan, out openvasScan, out metasploitScan, out toolResults);

                    if (toolResults == null)
                    {
                        if (scan.ParentProfile.VirtualMachines.Count > 0)
                        {
                            using (VirtualboxManager manager = new VirtualboxManager("vboxmanage"))
                            {
                                foreach (var vm in scan.ParentProfile.VirtualMachines)
                                {
                                    manager.StopVirtualMachine(vm);
                                }
                            }
                        }

                        continue;
                    }

                    ///this is really super dirty
                    ///coded myself into a corner, gotta unwind
                    foreach (KeyValuePair <NMapHost, IList <IToolResults> > pair in toolResults)
                    {
                        foreach (IToolResults results in pair.Value)
                        {
                            if (results is WapitiToolResults)
                            {
                                PersistentWapitiResults wapiti = new PersistentWapitiResults(results as WapitiToolResults);
                                foreach (var host in scan.ParentProfile.CurrentResults.PersistentHosts)
                                {
                                    foreach (PersistentPort pport in host.PersistentPorts)
                                    {
                                        if (pport.PortNumber == (results as WapitiToolResults).HostPort &&
                                            pport.ParentHost.IPAddressv4 == (results as WapitiToolResults).HostIPAddressV4)
                                        {
                                            wapiti.HostPortID = pport.ID;

                                            wapiti.SetCreationInfo(Guid.Empty);

                                            session.Save(wapiti);
                                        }
                                    }
                                }
                            }
                            else if (results is SQLMapResults)
                            {
                                PersistentSQLMapResults pr = new PersistentSQLMapResults(results as SQLMapResults);
                                foreach (var host in scan.ParentProfile.CurrentResults.PersistentHosts)
                                {
                                    foreach (PersistentPort pport in host.PersistentPorts)
                                    {
                                        if (pport.PortNumber == (results as SQLMapResults).ParentHostPort.PortNumber &&
                                            pport.ParentHost.IPAddressv4 == (results as SQLMapResults).ParentHostPort.ParentIPAddress)
                                        {
                                            pr.ParentHostPort = pport;

                                            pr.SetCreationInfo(Guid.Empty);

                                            session.Save(pr);
                                        }
                                    }
                                }
                            }
                        }
                    }


                    if (scan.ScanOptions.IsNessusAssessment)
                    {
                        PersistentNessusScan s = new PersistentNessusScan(nessusScan);
                        s.SetCreationInfo(Guid.Empty, true);
                        s.ParentScanID = scan.ID;
                        session.Save(s);
                    }

                    if (scan.ScanOptions.IsOpenVASAssessment)
                    {
                        PersistentOpenVASScan s = new PersistentOpenVASScan(openvasScan);
                        s.SetCreationInfo(Guid.Empty, true);
                        s.ParentScanID = scan.ID;
                        session.Save(s);
                    }

                    if (scan.ScanOptions.IsNexposeAssessment)
                    {
                        PersistentNexposeScan s = new PersistentNexposeScan(nexposeScan);
                        s.SetCreationInfo(Guid.Empty, true);
                        s.ParentScanID = scan.ID;
                        session.Save(s);
                    }

                    if (scan.ScanOptions.IsMetasploitAssessment)
                    {
                        PersistentMetasploitScan s = new PersistentMetasploitScan(metasploitScan);
                        s.SetCreationInfo(Guid.Empty, true);
                        s.ParentScanID = scan.ID;
                        session.Save(s);
                    }

                    scan.HasRun = true;



                    Console.WriteLine("Saving!");
                    using (ITransaction trans = session.BeginTransaction()) {
                        session.SaveOrUpdate(scan);

                        try {
                            trans.Commit();
                        } catch (Exception ex) {
                            trans.Rollback();
                            Console.WriteLine("Save failed!");

                            throw ex;
                        }
                    }

                    if (scan.ParentProfile.VirtualMachines.Count > 0)
                    {
                        using (VirtualboxManager manager = new VirtualboxManager("vboxmanage"))
                        {
                            foreach (var vm in scan.ParentProfile.VirtualMachines)
                            {
                                manager.StopVirtualMachine(vm);
                            }
                        }
                    }
                }
            }

//			while (true) {
//				DateTime start = new DateTime ();
//				IPAddress ipAd = IPAddress.Parse ("127.0.0.1");
//
//				TcpListener list = new TcpListener (ipAd, 8082);
//
//				list.Start ();
//
//				TcpClient c = list.AcceptTcpClient ();
//
//				ASCIIEncoding enc = new ASCIIEncoding ();
//				byte[] b = new byte[1024];
//				string xml = string.Empty;
//
//				using (NetworkStream stream = c.GetStream ()) {
//					do {
//						stream.Read (b, 0, b.Length);
//						xml += xml + enc.GetString (b);
//
//					} while (stream.DataAvailable);
//
//					start = DateTime.Now;
//
//					XmlDocument doc = new XmlDocument ();
//					doc.LoadXml (xml);
//
//					foreach (XmlNode node in doc.ChildNodes) {
//
//						if (node.Name == "create") {
//							if (node.Name == "scan") {
//
//								Scan scan = new Scan ();
//
//								if (node.HasChildNodes) {
//									foreach (XmlNode child in node.ChildNodes) {
//
//										if (child.Name == "host")
//											scan.Host = child.InnerText; else if (child.Name == "range")
//
//											scan.Range = child.InnerText; else if (child.Name == "type") {
//											if (child.InnerText == "profile")
//
//												scan.ScanType = ScanType.Profile; else if (child.InnerText == "full")
//												scan.ScanType = ScanType.Full;
//										}
//									}
//								}
//
//
//
//								scan.Run ();
//							} else if (node.Name == "get") {
//
//							} else if (node.Name == "destroy") {
//
//							}
//
//						}
//
//					}
//
//					TimeSpan tt = DateTime.Now.Subtract (start);
//
//					string complete = String.Format ("The scan has been run... Took {0} minutes, {1} seconds.\n", tt.Minutes, tt.Seconds);
//
//					stream.Write (enc.GetBytes (complete), 0, complete.Length);
//				}
//
//				list.Stop ();
//			}
        }
Exemple #4
0
        public static void Main(string[] args)
        {
            string conn = "Server=192.168.1.5;";

            conn += "Port=5433;";
            conn += "Database=rising_sun;";
            conn += "User Id=postgres;";
            conn += "Password=password;";
            conn += "SSL=true;";

            IPersistenceConfigurer config = PostgreSQLConfiguration.PostgreSQL82
                                            .ConnectionString(conn);

            ISessionFactory factory = Fluently.Configure()
                                      .Database(config)
                                      .Mappings(m =>
                                                m.FluentMappings.AddFromAssemblyOf <PersistentMetasploitScan> ())
                                      .Mappings(m =>
                                                m.FluentMappings.AddFromAssemblyOf <PersistentOpenVASNVT> ())
                                      .Mappings(m =>
                                                m.FluentMappings.AddFromAssemblyOf <PersistentNessusScan> ())
                                      .Mappings(m =>
                                                m.FluentMappings.AddFromAssemblyOf <PersistentNexposeScan> ())
                                      .BuildSessionFactory();

            string msf  = "/home/bperry/tmp/metasploit.xml";
            string ovas = "/home/bperry/tmp/openvas.xml";
            string nx   = "/home/bperry/tmp/nexpose.xml";
            string nss  = "/home/bperry/tmp/nessus.xml";

            XmlDocument doc = new XmlDocument();

            doc.LoadXml(System.IO.File.ReadAllText(ovas));

            OpenVASScan ovasScan = new OpenVASScan(doc.FirstChild);

            doc = new XmlDocument();
            doc.LoadXml(System.IO.File.ReadAllText(nx));

            NexposeScan nxScan = new NexposeScan(doc.FirstChild);

            doc = new XmlDocument();
            doc.LoadXml(System.IO.File.ReadAllText(nss));

            NessusScan nssScan = new NessusScan(doc.LastChild);

            doc = new XmlDocument();
            doc.LoadXml(System.IO.File.ReadAllText(msf));

            MetasploitScan msfScan = new MetasploitScan(doc.LastChild);

            PersistentMetasploitScan pmsfScan = new PersistentMetasploitScan(msfScan);

            pmsfScan.SetCreationInfo(Guid.Empty, true);

            PersistentNessusScan pnssScan = new PersistentNessusScan(nssScan);

            pnssScan.SetCreationInfo(Guid.Empty, true);

            PersistentOpenVASScan povasScan = new PersistentOpenVASScan(ovasScan);

            povasScan.SetCreationInfo(Guid.Empty, true);

            PersistentNexposeScan pnxScan = new PersistentNexposeScan(nxScan);

            pnxScan.SetCreationInfo(Guid.Empty, true);

            using (ISession session = factory.OpenSession())
            {
                using (ITransaction x = session.BeginTransaction())
                {
                    try
                    {
                        pmsfScan.ParentScanID = Guid.NewGuid();
                        Console.WriteLine("Saving metasploit");
                        session.Save(pmsfScan);
                        x.Commit();
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine("I broke, rolling back...");
                        x.Rollback();
                        throw ex;
                    }
                }
                using (ITransaction x = session.BeginTransaction())
                {
                    try
                    {
                        pnssScan.ParentScanID = Guid.NewGuid();
                        Console.WriteLine("Saving nessus");
                        session.Save(pnssScan);
                        x.Commit();
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine("I broke, rolling back...");
                        x.Rollback();
                        throw ex;
                    }
                }
                using (ITransaction x = session.BeginTransaction())
                {
                    try
                    {
                        povasScan.ParentScanID = Guid.NewGuid();
                        Console.WriteLine("Saving openvas");
                        session.Save(povasScan);
                        x.Commit();
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine("I broke, rolling back...");
                        x.Rollback();
                        throw ex;
                    }
                }
                using (ITransaction x = session.BeginTransaction())
                {
                    try
                    {
                        pnxScan.ParentScanID = Guid.NewGuid();
                        Console.WriteLine("Saving nexpose");
                        session.Save(pnxScan);
                        x.Commit();
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine("I broke, rolling back...");
                        x.Rollback();
                        throw ex;
                    }
                }
            }

            Console.WriteLine("yay?");
        }
        protected override void OnInit(EventArgs e)
        {
            base.OnInit(e);

            bool isNessus              = false;
            bool isNexpose             = false;
            bool isOpenVAS             = false;
            bool isMetasploit          = false;
            Guid hid                   = new Guid(Request ["hid"]);
            PersistentProfile  profile = this.CurrentProfile;
            PersistentNMapHost host;

            host = profile.CurrentResults.PersistentHosts.Where(h => h.ProfileHost.ID == hid && h.IsActive).SingleOrDefault();

            PersistentScan latestScan = this.CurrentScanSession.CreateCriteria <PersistentScan>()
                                        .Add(Restrictions.Eq("ParentProfileID", profile.ID))
                                        .Add(Restrictions.Eq("HasRun", true))
                                        .List <PersistentScan>()
                                        .LastOrDefault();

            PersistentNessusScan nssScan = this.CurrentScanSession.CreateCriteria <PersistentNessusScan>()
                                           .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                           .List <PersistentNessusScan>()
                                           .SingleOrDefault();

            if (nssScan != null)
            {
                isNessus = true;
            }

            PersistentOpenVASScan ovasScan = this.CurrentScanSession.CreateCriteria <PersistentOpenVASScan>()
                                             .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                             .List <PersistentOpenVASScan>()
                                             .SingleOrDefault();

            if (ovasScan != null)
            {
                isOpenVAS = true;
            }

            PersistentNexposeScan nxScan = this.CurrentScanSession.CreateCriteria <PersistentNexposeScan>()
                                           .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                           .List <PersistentNexposeScan>()
                                           .SingleOrDefault();

            if (nxScan != null)
            {
                isNexpose = true;
            }

            PersistentMetasploitScan msfScan = this.CurrentScanSession.CreateCriteria <PersistentMetasploitScan>()
                                               .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                               .List <PersistentMetasploitScan>()
                                               .SingleOrDefault();

            if (msfScan != null)
            {
                isMetasploit = true;
            }

            lblHostname.Text        = host.Hostname;
            lblDeviceType.Text      = host.DeviceType;
            lblIPv4.Text            = host.IPAddressv4;
            lblNetworkDistance.Text = host.NetworkDistance;
            lblOS.Text = host.OS;

            List <DataTableObject> objs = new List <DataTableObject>();

            foreach (PersistentPort port in host.PersistentPorts.Where(p => p.IsTCP))
            {
                DataTableObject obj = new DataTableObject();

                obj.PortID      = port.ID;
                obj.Port        = port.PortNumber;
                obj.ServiceName = port.Service;

                if (isMetasploit)
                {
                    PersistentMetasploitHost msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).Single();

                    obj.MetasploitCredentials = msfHost.PersistentCredentials.Where(c => c.Port == port.PortNumber).Count();
                    obj.MetasploitExploits    = msfHost.PersistentSessions.Where(s => s.Port == port.PortNumber.ToString()).Count();
                    obj.ScannedByMetasploit   = true;
                }
                else
                {
                    obj.ScannedByMetasploit = false;
                }

                if (isNessus)
                {
                    PersistentNessusReportHost nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).Single();

                    obj.NessusGrade     = nssHost.PersistentReportItems.Where(i => i.Severity != "0" && i.Port == port.PortNumber.ToString()).Count();
                    obj.ScannedByNessus = true;
                }
                else
                {
                    obj.ScannedByNessus = false;
                }

                if (isNexpose)
                {
                    PersistentNexposeAsset nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).Single();

                    if (nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Count() != 0)
                    {
                        PersistentNexposeHostService service = nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Single();

                        obj.NexposeGrade     = service.PersistentTests.Where(t => t.Status == "vulnerable-exploited" || t.Status == "vulnerable-version").Count();
                        obj.ScannedByNexpose = true;
                    }
                    else
                    {
                        obj.ScannedByNexpose = false;
                    }
                }
                else
                {
                    obj.ScannedByNexpose = false;
                }

                if (isOpenVAS)
                {
                    obj.ScannedByOpenVAS = true;
                    obj.OpenVASGrade     = ovasScan.PersistentResults.Where(r => r.Host == host.IPAddressv4 && r.Port.Contains("(" + port.PortNumber + "/")).Count();
                }
                else
                {
                    obj.ScannedByOpenVAS = false;
                }

                objs.Add(obj);
            }

            gvPorts.DataSource = objs.OrderBy(o => o.Port);
            gvPorts.DataBind();
        }