protected override void OnInit(EventArgs e) { base.OnInit(e); bool isNessus = false; bool isOpenvas = false; bool isNexpose = false; bool isMetasploit = false; PersistentProfile profile = this.CurrentScanSession.Get <PersistentProfile>(new Guid(this.Request["pid"])); if (profile.CurrentResults == null) { return; } //whee foreach (PersistentNMapHost host in profile.CurrentResults.PersistentHosts) { foreach (PersistentPort port in host.PersistentPorts) { } } this.CurrentProfile = profile; PersistentScan latestScan = this.CurrentScanSession.CreateCriteria <PersistentScan>() .Add(Restrictions.Eq("ParentProfileID", profile.ID)) .Add(Restrictions.Eq("HasRun", true)) .List <PersistentScan>() .LastOrDefault(); PersistentNessusScan nssScan = this.CurrentScanSession.CreateCriteria <PersistentNessusScan>() .Add(Restrictions.Eq("ParentScanID", latestScan.ID)) .List <PersistentNessusScan>() .SingleOrDefault(); if (nssScan != null) { isNessus = true; } PersistentOpenVASScan ovasScan = this.CurrentScanSession.CreateCriteria <PersistentOpenVASScan>() .Add(Restrictions.Eq("ParentScanID", latestScan.ID)) .List <PersistentOpenVASScan>() .SingleOrDefault(); if (ovasScan != null) { isOpenvas = true; } PersistentNexposeScan nxScan = this.CurrentScanSession.CreateCriteria <PersistentNexposeScan>() .Add(Restrictions.Eq("ParentScanID", latestScan.ID)) .List <PersistentNexposeScan>() .SingleOrDefault(); if (nxScan != null) { isNexpose = true; } PersistentMetasploitScan msfScan = this.CurrentScanSession.CreateCriteria <PersistentMetasploitScan>() .Add(Restrictions.Eq("ParentScanID", latestScan.ID)) .List <PersistentMetasploitScan>() .SingleOrDefault(); if (msfScan != null) { isMetasploit = true; } List <DataTableObject> objs = new List <DataTableObject>(); foreach (PersistentNMapHost host in profile.CurrentResults.PersistentHosts) { DataTableObject obj = new DataTableObject(); obj.IP = host.IPAddressv4; obj.HostName = host.Hostname; PersistentNessusReportHost nssHost = null; if (isNessus) { nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).SingleOrDefault(); if (nssHost != null) { obj.ScannedByNessus = true; obj.NessusGrade = nssHost.PersistentReportItems.Where(r => int.Parse(r.Severity) > 0).Count(); } else { obj.ScannedByNessus = false; } } PersistentMetasploitHost msfHost = null; if (isMetasploit) { msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).SingleOrDefault(); if (msfHost != null) { obj.ScannedByMetasploit = true; obj.Exploits = msfHost.PersistentSessions.Count(); obj.MetasploitGrade = msfHost.PersistentVulnerabilities.Count(); } else { obj.ScannedByMetasploit = false; } } else { obj.ScannedByMetasploit = false; } PersistentNexposeAsset nxHost = null; if (isNexpose) { nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).SingleOrDefault(); if (nxHost != null) { obj.ScannedByNexpose = true; obj.NexposeGrade = nxHost.PersistentHostTests.Where(t => t.Status == "vulnerable-version" || t.Status == "vulnerable-exploited").Count(); foreach (PersistentNexposeHostService service in nxHost.PersistentServices) { obj.NexposeGrade += service.PersistentTests.Where(t => t.Status == "vulnerable-version" || t.Status == "vulnerable-exploited").Count(); } } else { obj.ScannedByNexpose = false; } } else { obj.ScannedByNexpose = false; } List <PersistentReportResult> ovasHost = null; if (isOpenvas) { ovasHost = new List <PersistentReportResult>(); foreach (PersistentReportResult result in ovasScan.PersistentResults) { if (result.Host == host.IPAddressv4) { ovasHost.Add(result); } } if (ovasHost.Count() > 0) { obj.ScannedByOpenVAS = true; obj.OpenVASGrade = ovasHost.Count(); } else { obj.ScannedByOpenVAS = false; } } else { obj.ScannedByOpenVAS = false; } obj.HostID = host.ProfileHost.ID; objs.Add(obj); } gvHosts.DataSource = objs; gvHosts.DataBind(); }
protected override void OnInit(EventArgs e) { base.OnInit(e); Guid hpid = new Guid(this.Request ["hpid"]); Guid hid = new Guid(this.Request ["hid"]); PersistentNMapHost host = this.CurrentProfile.CurrentResults.PersistentHosts .Where(h => h.ProfileHost.ID == hid) .Single(); PersistentPort port = host.PersistentPorts .Where(p => p.ID == hpid) .SingleOrDefault(); if (port == null) { return; } bool isNessus = false; bool isNexpose = false; bool isOpenVAS = false; bool isMetasploit = false; PersistentProfile profile = this.CurrentProfile; host = profile.CurrentResults.PersistentHosts.Where(h => h.ProfileHost.ID == hid && h.IsActive).SingleOrDefault(); PersistentScan latestScan = this.CurrentScanSession.CreateCriteria <PersistentScan> () .Add(Restrictions.Eq("ParentProfileID", profile.ID)) .Add(Restrictions.Eq("HasRun", true)) .List <PersistentScan> () .LastOrDefault(); PersistentNessusScan nssScan = this.CurrentScanSession.CreateCriteria <PersistentNessusScan> () .Add(Restrictions.Eq("ParentScanID", latestScan.ID)) .List <PersistentNessusScan> () .SingleOrDefault(); if (nssScan != null) { isNessus = true; } PersistentOpenVASScan ovasScan = this.CurrentScanSession.CreateCriteria <PersistentOpenVASScan> () .Add(Restrictions.Eq("ParentScanID", latestScan.ID)) .List <PersistentOpenVASScan> () .SingleOrDefault(); if (ovasScan != null) { isOpenVAS = true; } PersistentNexposeScan nxScan = this.CurrentScanSession.CreateCriteria <PersistentNexposeScan> () .Add(Restrictions.Eq("ParentScanID", latestScan.ID)) .List <PersistentNexposeScan> () .SingleOrDefault(); if (nxScan != null) { isNexpose = true; } PersistentMetasploitScan msfScan = this.CurrentScanSession.CreateCriteria <PersistentMetasploitScan> () .Add(Restrictions.Eq("ParentScanID", latestScan.ID)) .List <PersistentMetasploitScan> () .SingleOrDefault(); if (msfScan != null) { isMetasploit = true; } if (isOpenVAS) { lblOpenVASPortResults.Text = "<h2><u>OpenVAS Results</u></h2>"; var results = ovasScan.PersistentResults.Where(r => r.Threat != "Log" && r.Host == host.IPAddressv4 && r.Port.Contains("(" + port.PortNumber + "/")).ToList(); List <DataTableObject> objs = new List <DataTableObject> (); foreach (var result in results) { DataTableObject obj = new DataTableObject(); obj.Name = result.PersistentNVT.Name; obj.Threat = result.Threat; objs.Add(obj); } if (objs.Count() == 0) { lblOpenVASPortResults.Text = string.Empty; lblOpenVASPortResults.Visible = false; gvOpenVASPortResults.Visible = false; } else { gvOpenVASPortResults.DataSource = objs.Where(o => o.Threat != "Log").ToList(); gvOpenVASPortResults.DataBind(); } } else { gvOpenVASPortResults.Visible = false; } if (isNessus) { lblNessusPortResults.Text = "<h2><u>Nessus Results</u></h2>"; PersistentNessusReportHost nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).Single(); var items = nssHost.PersistentReportItems.Where(i => i.Severity != "0" && i.Port == port.PortNumber.ToString()); List <DataTableObject> objs = new List <DataTableObject> (); foreach (var item in items) { DataTableObject obj = new DataTableObject(); obj.Name = item.PluginName; obj.Threat = item.Severity; objs.Add(obj); } if (objs.Count() == 0) { lblNessusPortResults.Text = string.Empty; lblNessusPortResults.Visible = false; gvNessusPortResults.Visible = false; } else { gvNessusPortResults.DataSource = objs.OrderByDescending(o => o.Threat).ToList(); gvNessusPortResults.DataBind(); } } else { gvNessusPortResults.Visible = false; } if (isNexpose) { lblNexposePortResults.Text = "<h2><u>Nexpose Results</u></h2>"; List <DataTableObject> objs = new List <DataTableObject> (); PersistentNexposeAsset nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).Single(); if (nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Count() > 0) { PersistentNexposeHostService service = nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Single(); var tests = service.PersistentTests.Where(s => s.Status == "vulnerable-exploited" || s.Status == "vulnerable-version"); foreach (var test in tests) { DataTableObject obj = new DataTableObject(); string n = (new Regex("<.*?>", RegexOptions.Compiled)).Replace((test as NexposeTest).NexposeParagraph, string.Empty).Replace("<", "<").Replace(">", ">"); if (objs.Where(o => o.Name == n).Count() > 0) { continue; } obj.Name = n; obj.Threat = test.IsPCICompliant ? "Pass" : "Fail"; objs.Add(obj); } } if (objs.Count() == 0) { lblNexposePortResults.Text = string.Empty; lblNexposePortResults.Visible = false; gvNexposePortResults.Visible = false; } else { gvNexposePortResults.DataSource = objs.OrderByDescending(o => o.Name).ToList(); gvNexposePortResults.DataBind(); } } else { gvNexposePortResults.Visible = false; } if (isMetasploit) { PersistentMetasploitHost msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).Single(); var creds = msfHost.PersistentCredentials.Where(c => c.Port == port.PortNumber); var sessions = msfHost.PersistentSessions.Where(s => s.Port == port.PortNumber.ToString()); } else { } if (port.Service == "ssh") { PersistentSSLScanResults sslResults = this.CurrentScanSession.CreateCriteria <PersistentSSLScanResults> () .Add(Restrictions.Eq("HostPortID", hpid)) .List <PersistentSSLScanResults> () .FirstOrDefault(); if (sslResults != null) { //lblSSLScanHeader.Text = "<br /><br /><h3><u>SSL Scan Results</u></h3>"; //lblSSLScan.Text = sslResults.FullOutput.Replace ("\n", ",<br />"); } } if (port.Service == "snmp") { PersistentOneSixtyOneResults snmpResults = this.CurrentScanSession.CreateCriteria <PersistentOneSixtyOneResults> () .Add(Restrictions.Eq("HostPortID", hpid)) .List <PersistentOneSixtyOneResults> () .FirstOrDefault(); if (snmpResults != null) { lblSNMPResultsHeader.Text = "<br /><br /><h3><u>SNMP Results</u></h3>"; lblSNMPResults.Text = snmpResults.FullOutput.Replace("\n", ",<br />"); } } else if (port.Service == "smb") { PersistentSMBClientResults smbResults = this.CurrentScanSession.CreateCriteria <PersistentSMBClientResults> () .Add(Restrictions.Eq("HostPortID", hpid)) .List <PersistentSMBClientResults> () .FirstOrDefault(); if (smbResults != null) { lblSMBScanHeader.Text = "<br /><br /><h3><u>SMB Results</u></h3>"; lblSMBScan.Text = smbResults.FullOutput.Replace("\n", ",<br />"); } } else if (port.Service == "http" || port.Service == "https") { if (port.Service == "https") { PersistentSSLScanResults sslResults = this.CurrentScanSession.CreateCriteria <PersistentSSLScanResults> () .Add(Restrictions.Eq("HostPortID", hpid)) .List <PersistentSSLScanResults> () .FirstOrDefault(); if (sslResults != null) { //lblSSLScanHeader.Text = "<br /><br /><h3><u>SSL Scan Results</u></h3>"; //lblSSLScan.Text = sslResults.FullOutput.Replace ("\n", ",<br />"); } } PersistentWapitiResults wapitiResults = this.CurrentScanSession.CreateCriteria <PersistentWapitiResults> () .Add(Restrictions.Eq("HostPortID", hpid)) .List <PersistentWapitiResults> () .FirstOrDefault(); IList <PersistentSQLMapResults> results = this.CurrentScanSession.CreateCriteria <PersistentSQLMapResults> () .Add(Restrictions.Eq("ParentHostPortID", hpid)) .List <PersistentSQLMapResults> (); List <PersistentSQLMapVulnerability> vulns = new List <PersistentSQLMapVulnerability> (); foreach (var result in results) { vulns.AddRange(result.PersistentVulnerabilities.ToList()); } if (wapitiResults != null && wapitiResults.Bugs != null) { var sqlInjectionPoints = wapitiResults.Bugs.Where(b => b.Info.Contains("SQL Injection") && !b.Info.Contains("Blind")).ToList(); var wxss = wapitiResults.Bugs.Where(b => b.Info.Contains("XSS")).ToList(); var wincludes = wapitiResults.Bugs.Where(b => b.Info.Contains("include")); var wexecution = wapitiResults.Bugs.Where(b => b.Info.Contains("execution")); List <NotSQLWebVuln> xss = new List <NotSQLWebVuln> (); List <NotSQLWebVuln> includes = new List <NotSQLWebVuln> (); List <NotSQLWebVuln> execution = new List <NotSQLWebVuln> (); foreach (var x in wxss) { NotSQLWebVuln v = new NotSQLWebVuln(); v.Method = x.URL.Contains(x.Parameter) ? "GET" : "POST"; v.Parameter = x.Parameter; v.URL = x.URL; xss.Add(v); } foreach (var x in wincludes) { NotSQLWebVuln i = new NotSQLWebVuln(); i.Method = x.URL.Contains(x.Parameter) ? "GET" : "POST"; i.Parameter = x.Parameter; i.URL = x.URL; includes.Add(i); } foreach (var x in wexecution) { NotSQLWebVuln ex = new NotSQLWebVuln(); ex.Method = x.URL.Contains(x.Parameter) ? "GET" : "POST"; ex.Parameter = x.Parameter; ex.URL = x.URL; execution.Add(ex); } lblXSS.Text = "XSS Vulnerabilities"; gvXSS.DataSource = xss; gvXSS.DataBind(); lblIncludes.Text = "Remote and Local File Include Vulnerabilities"; gvIncludes.DataSource = includes; gvIncludes.DataBind(); lblCommandExecution.Text = "Remote Command Execution Vulnerabilities"; gvCommandExecution.DataSource = execution; gvCommandExecution.DataBind(); if (sqlInjectionPoints.Count() > 0) { List <WebVuln> exploitedVulns = new List <WebVuln> (); List <WebVuln> otherVulns = new List <WebVuln> (); foreach (var bug in sqlInjectionPoints) { WebVuln v = new WebVuln(); v.URL = bug.URL; v.Method = (bug.URL.Contains(bug.Parameter) ? "GET" : "POST"); var vul = vulns.Where(vuln => vuln.Target == bug.URL).FirstOrDefault(); v.IsExploitable = (vul != null) ? "Exploited with " + vul.PayloadType + " SQL injection." : string.Empty; foreach (string parm in bug.Parameter.Split('&')) { if (parm.Contains("%BF%27%22%28")) { v.Parameter = "<b>" + parm.Split('=') [0] + "</b>"; } else if (parm.Contains("%27+or+sleep%287%29%23")) { v.Parameter = parm.Split('=') [0]; if (string.IsNullOrEmpty(v.IsExploitable)) { v.IsExploitable = "Exploited with a blind SQL injection."; } } } if (string.IsNullOrEmpty(v.IsExploitable)) { otherVulns.Add(v); continue; } exploitedVulns.Add(v); } lblPossibleSQLInjections.Text = "Possible SQL Injection Vulnerabilities"; gvPossibleInjectionPoints.DataSource = otherVulns; gvPossibleInjectionPoints.DataBind(); lblSQLInjections.Text = "Exploitable SQL Injection Vulnerabilities"; gvSQLInjections.DataSource = exploitedVulns; gvSQLInjections.DataBind(); } } PersistentNiktoResults niktoResults = this.CurrentScanSession.CreateCriteria <PersistentNiktoResults> () .Add(Restrictions.Eq("HostPortID", hpid)) .List <PersistentNiktoResults> () .FirstOrDefault(); if (niktoResults != null) { lblNiktoResultsHeader.Text = "<h3><u>General Information or Insecure Configurations</u></h3>"; lblNiktoResults.Text = "<ul>"; foreach (var item in niktoResults.Items.Where(i => !string.IsNullOrEmpty(i.Data))) { lblNiktoResults.Text += "<li style=\"margin:5px;\">" + item.Data.Remove(0, 2) + "</li>"; } lblNiktoResults.Text += "</ul>"; } } if (string.IsNullOrEmpty(lblNiktoResults.Text) && !string.IsNullOrEmpty(port.DeepScan)) { lblNiktoResultsHeader.Text = "<h2><u>Deep scan results</u></h2>"; lblNiktoResults.Text = port.DeepScan.Replace("\n", "<br />"); } }
public static void Main() { string conn = "Server=" + ConfigurationManager.AppSettings ["PostgreSQL"] + ";"; conn += "Port=" + ConfigurationManager.AppSettings ["PostgreSQLPort"] + ";"; conn += "Database=rising_sun;"; conn += "User Id=" + ConfigurationManager.AppSettings ["PostgreSQLUser"] + ";"; conn += "Password="******"PostgreSQLPass"] + ";"; conn += "SSL=true;"; IPersistenceConfigurer config = PostgreSQLConfiguration.PostgreSQL82 .ConnectionString(conn); ISessionFactory factory = Fluently.Configure() .Database(config) .Mappings(m => m.FluentMappings.AddFromAssemblyOf <PersistentProfile> ()) .Mappings(m => m.FluentMappings.AddFromAssemblyOf <PersistentOpenVASNVT> ()) .Mappings(m => m.FluentMappings.AddFromAssemblyOf <PersistentNessusScan> ()) .Mappings(m => m.FluentMappings.AddFromAssemblyOf <PersistentNexposeScan> ()) .Mappings(m => m.FluentMappings.AddFromAssemblyOf <PersistentMetasploitScan> ()) .BuildSessionFactory(); Dictionary <string, string> conf = null; IList <PersistentProfile> profilesToRun; using (ISession session = factory.OpenSession()) using (ITransaction trans = session.BeginTransaction()) { profilesToRun = session.CreateCriteria <PersistentProfile> () .Add(Restrictions.Eq("HasRun", false)) .Add(Restrictions.Eq("IsActive", true)) .List <PersistentProfile> (); foreach (PersistentProfile profile in profilesToRun) { if (profile.VirtualMachines.Count > 0) { using (VirtualboxManager manager = new VirtualboxManager("vboxmanage")) { foreach (var vm in profile.VirtualMachines) { manager.StartVirtualMachine(vm); } } Console.WriteLine("Letting vm's settle...waiting a bit"); for (int i = 0; i < 10; i++) { Console.Write(i); System.Threading.Thread.Sleep(new TimeSpan(0, 0, 60)); } } List <List <IToolResults> > toolResults = null; conf = new Dictionary <string, string> (); conf.Add("sqlmapPath", ConfigurationManager.AppSettings ["sqlmapPath"]); conf.Add("wapitiPath", ConfigurationManager.AppSettings ["wapitiPath"]); conf.Add("nmapPath", ConfigurationManager.AppSettings ["nmapPath"]); conf.Add("niktoPath", ConfigurationManager.AppSettings ["niktoPath"]); conf.Add("onesixtyonePath", ConfigurationManager.AppSettings ["onesixtyonePath"]); conf.Add("sslscanPath", ConfigurationManager.AppSettings ["sslscanPath"]); conf.Add("smbclientPath", ConfigurationManager.AppSettings ["smbclientPath"]); conf.Add("traceroutePath", ConfigurationManager.AppSettings ["traceroutePath"]); conf.Add("whoisPath", ConfigurationManager.AppSettings ["whoisPath"]); conf.Add("profileID", profile.ID.ToString()); conf.Add("API", ConfigurationManager.AppSettings["API"]); conf.Add("UserID", ConfigurationManager.AppSettings["userID"]); profile.Configuration = conf; string newRange = string.Empty; foreach (var host in profile.ProfileHosts) { newRange += host.IPv4Address + " "; } profile.Range = newRange; profile.Run(out toolResults); profile.CurrentResults.SetCreationInfo(profile.WebUserID); foreach (PersistentNMapHost host in profile.CurrentResults.PersistentHosts) { host.CleanHost(); host.ProfileHost = profile.ProfileHosts.Where(ph => ph.IPv4Address == host.IPAddressv4).Single(); foreach (PersistentPort port in host.PersistentPorts) { port.CleanPort(); port.ParentProfile = profile; port.SetCreationInfo(profile.WebUserID); } foreach (List <IToolResults> list in toolResults) { foreach (IToolResults results in list.Where(k => k.HostIPAddressV4 == host.IPAddressv4)) { //this isn't very refactor friendly //You can't switch on the Type supplied by GetType() since types can be ambiguous switch (results.GetType().Name) { case "SSLScanToolResults": PersistentSSLScanResults ssl = new PersistentSSLScanResults(results as SSLScanToolResults); ssl.HostPortID = host.PersistentPorts.Where(pp => pp.PortNumber == ssl.HostPort).FirstOrDefault().ID; ssl.SetCreationInfo(Guid.Empty); session.Save(ssl); break; case "NiktoToolResults": PersistentNiktoResults nikto = new PersistentNiktoResults(results as NiktoToolResults); nikto.Items = new List <PersistentNiktoItem>(); string[] items = nikto.ParseOutput().ToArray(); foreach (string item in items) { PersistentNiktoItem i = new PersistentNiktoItem(); DateTime now = DateTime.Now; i.ID = Guid.NewGuid(); i.CreatedBy = Guid.Empty; i.CreatedOn = now; i.Data = item; i.LastModifiedBy = Guid.Empty; i.LastModifiedOn = now; i.IsActive = true; session.Save(i); nikto.Items.Add(i); } nikto.HostPortID = host.PersistentPorts.Where(pp => pp.PortNumber == nikto.HostPort).FirstOrDefault().ID; nikto.SetCreationInfo(Guid.Empty); session.Save(nikto); break; case "OneSixtyOneToolResults": PersistentOneSixtyOneResults onesixtyone = new PersistentOneSixtyOneResults(results as OneSixtyOneToolResults); onesixtyone.ParentPort = host.PersistentPorts.Where(pp => pp.PortNumber == onesixtyone.HostPort).FirstOrDefault(); onesixtyone.HostPortID = onesixtyone.ParentPort.ID; onesixtyone.SetCreationInfo(Guid.Empty); session.Save(onesixtyone); break; case "SMBClientToolResults": PersistentSMBClientResults smb = new PersistentSMBClientResults(results as SMBClientToolResults); smb.ParentPort = host.PersistentPorts.Where(pp => pp.PortNumber == smb.HostPort).FirstOrDefault(); smb.SetCreationInfo(Guid.Empty); //session.Save (smb); break; case "WhoisToolResults": PersistentWhoisResults whois = new PersistentWhoisResults(results as WhoisToolResults); whois.ParentNMapHost = host; whois.SetCreationInfo(Guid.Empty); session.Save(whois); break; case "TracerouteToolResults": PersistentTracerouteResults tracert = new PersistentTracerouteResults(results as TracerouteToolResults); tracert.ParentNMapHost = host; tracert.SetCreationInfo(Guid.Empty); session.Save(tracert); break; default: throw new Exception("Don't know type: " + results.GetType().Name); } } } host.SetCreationInfo(profile.WebUserID); } profile.RunAfter = DateTime.Now.AddDays(profile.RunEvery.Days); profile.HasRun = true; session.SaveOrUpdate(profile); } try { trans.Commit(); } catch (Exception ex) { trans.Rollback(); throw ex; } } IList <PersistentScan> scansToRun; using (ISession session = factory.OpenSession()) { scansToRun = session.CreateCriteria <PersistentScan> () .Add(Restrictions.Eq("HasRun", false)) .Add(Restrictions.Eq("IsActive", true)) .List <PersistentScan> (); foreach (var scan in scansToRun) { scan.ParentProfile.CurrentResults.PopulateNonPersistentHosts(); if (scan.ParentProfile.VirtualMachines.Count > 0) { using (VirtualboxManager manager = new VirtualboxManager("vboxmanage")) { foreach (var vm in scan.ParentProfile.VirtualMachines) { manager.StartVirtualMachine(vm); } } } NessusScan nessusScan = null; NexposeScan nexposeScan = null; OpenVASScan openvasScan = null; MetasploitScan metasploitScan = null; Dictionary <NMapHost, IList <IToolResults> > toolResults = new Dictionary <NMapHost, IList <IToolResults> > (); conf = new Dictionary <string, string> (); if (scan.ScanOptions.IsSQLMap) { conf.Add("wapitiPath", ConfigurationManager.AppSettings ["wapitiPath"]); conf.Add("sqlmapPath", ConfigurationManager.AppSettings ["sqlmapPath"]); conf.Add("isSQLMap", "true"); } else { conf.Add("isSQLMap", "false"); } if (scan.ScanOptions.IsDSXS) { if (!conf.ContainsKey("wapitiPath")) { conf.Add("wapitiPath", ConfigurationManager.AppSettings ["wapitiPath"]); } conf.Add("dsxsPath", ConfigurationManager.AppSettings ["dsxsPath"]); } if (scan.ScanOptions.IsNessusAssessment) { conf.Add("nessusHost", ConfigurationManager.AppSettings ["nessusHost"]); conf.Add("nessusUser", ConfigurationManager.AppSettings ["nessusUser"]); conf.Add("nessusPass", ConfigurationManager.AppSettings ["nessusPass"]); } if (scan.ScanOptions.IsNexposeAssessment) { conf.Add("nexposeHost", ConfigurationManager.AppSettings ["nexposeHost"]); conf.Add("nexposeUser", ConfigurationManager.AppSettings ["nexposeUser"]); conf.Add("nexposePass", ConfigurationManager.AppSettings ["nexposePass"]); } if (scan.ScanOptions.IsOpenVASAssessment) { conf.Add("openvasHost", ConfigurationManager.AppSettings ["openvasHost"]); conf.Add("openvasUser", ConfigurationManager.AppSettings ["openvasUser"]); conf.Add("openvasPass", ConfigurationManager.AppSettings ["openvasPass"]); string url = ConfigurationManager.AppSettings ["API"] + "/GetOpenVASConfigs.ashx"; HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest; string xml = string.Empty; using (StreamReader reader = new StreamReader(request.GetResponse().GetResponseStream())) xml = reader.ReadToEnd(); XmlDocument doc = new XmlDocument(); doc.LoadXml(xml); List <OpenVASConfig> configs = new List <OpenVASConfig> (); foreach (XmlNode c in doc.FirstChild.ChildNodes) { configs.Add(new OpenVASConfig(c)); } conf.Add("openvasConfig", configs.Where(c => c.Name == "Full and fast").Single().RemoteConfigID.ToString()); } if (scan.ScanOptions.IsMetasploitAssessment) { conf.Add("tmpSshfsDir", ConfigurationManager.AppSettings ["tmpSshfsDir"]); conf.Add("metasploitHost", ConfigurationManager.AppSettings ["metasploitHost"]); conf.Add("metasploitUser", ConfigurationManager.AppSettings ["metasploitUser"]); conf.Add("metasploitPass", ConfigurationManager.AppSettings ["metasploitPass"]); } scan.Configuration = conf; scan.Run(out nessusScan, out nexposeScan, out openvasScan, out metasploitScan, out toolResults); if (toolResults == null) { if (scan.ParentProfile.VirtualMachines.Count > 0) { using (VirtualboxManager manager = new VirtualboxManager("vboxmanage")) { foreach (var vm in scan.ParentProfile.VirtualMachines) { manager.StopVirtualMachine(vm); } } } continue; } ///this is really super dirty ///coded myself into a corner, gotta unwind foreach (KeyValuePair <NMapHost, IList <IToolResults> > pair in toolResults) { foreach (IToolResults results in pair.Value) { if (results is WapitiToolResults) { PersistentWapitiResults wapiti = new PersistentWapitiResults(results as WapitiToolResults); foreach (var host in scan.ParentProfile.CurrentResults.PersistentHosts) { foreach (PersistentPort pport in host.PersistentPorts) { if (pport.PortNumber == (results as WapitiToolResults).HostPort && pport.ParentHost.IPAddressv4 == (results as WapitiToolResults).HostIPAddressV4) { wapiti.HostPortID = pport.ID; wapiti.SetCreationInfo(Guid.Empty); session.Save(wapiti); } } } } else if (results is SQLMapResults) { PersistentSQLMapResults pr = new PersistentSQLMapResults(results as SQLMapResults); foreach (var host in scan.ParentProfile.CurrentResults.PersistentHosts) { foreach (PersistentPort pport in host.PersistentPorts) { if (pport.PortNumber == (results as SQLMapResults).ParentHostPort.PortNumber && pport.ParentHost.IPAddressv4 == (results as SQLMapResults).ParentHostPort.ParentIPAddress) { pr.ParentHostPort = pport; pr.SetCreationInfo(Guid.Empty); session.Save(pr); } } } } } } if (scan.ScanOptions.IsNessusAssessment) { PersistentNessusScan s = new PersistentNessusScan(nessusScan); s.SetCreationInfo(Guid.Empty, true); s.ParentScanID = scan.ID; session.Save(s); } if (scan.ScanOptions.IsOpenVASAssessment) { PersistentOpenVASScan s = new PersistentOpenVASScan(openvasScan); s.SetCreationInfo(Guid.Empty, true); s.ParentScanID = scan.ID; session.Save(s); } if (scan.ScanOptions.IsNexposeAssessment) { PersistentNexposeScan s = new PersistentNexposeScan(nexposeScan); s.SetCreationInfo(Guid.Empty, true); s.ParentScanID = scan.ID; session.Save(s); } if (scan.ScanOptions.IsMetasploitAssessment) { PersistentMetasploitScan s = new PersistentMetasploitScan(metasploitScan); s.SetCreationInfo(Guid.Empty, true); s.ParentScanID = scan.ID; session.Save(s); } scan.HasRun = true; Console.WriteLine("Saving!"); using (ITransaction trans = session.BeginTransaction()) { session.SaveOrUpdate(scan); try { trans.Commit(); } catch (Exception ex) { trans.Rollback(); Console.WriteLine("Save failed!"); throw ex; } } if (scan.ParentProfile.VirtualMachines.Count > 0) { using (VirtualboxManager manager = new VirtualboxManager("vboxmanage")) { foreach (var vm in scan.ParentProfile.VirtualMachines) { manager.StopVirtualMachine(vm); } } } } } // while (true) { // DateTime start = new DateTime (); // IPAddress ipAd = IPAddress.Parse ("127.0.0.1"); // // TcpListener list = new TcpListener (ipAd, 8082); // // list.Start (); // // TcpClient c = list.AcceptTcpClient (); // // ASCIIEncoding enc = new ASCIIEncoding (); // byte[] b = new byte[1024]; // string xml = string.Empty; // // using (NetworkStream stream = c.GetStream ()) { // do { // stream.Read (b, 0, b.Length); // xml += xml + enc.GetString (b); // // } while (stream.DataAvailable); // // start = DateTime.Now; // // XmlDocument doc = new XmlDocument (); // doc.LoadXml (xml); // // foreach (XmlNode node in doc.ChildNodes) { // // if (node.Name == "create") { // if (node.Name == "scan") { // // Scan scan = new Scan (); // // if (node.HasChildNodes) { // foreach (XmlNode child in node.ChildNodes) { // // if (child.Name == "host") // scan.Host = child.InnerText; else if (child.Name == "range") // // scan.Range = child.InnerText; else if (child.Name == "type") { // if (child.InnerText == "profile") // // scan.ScanType = ScanType.Profile; else if (child.InnerText == "full") // scan.ScanType = ScanType.Full; // } // } // } // // // // scan.Run (); // } else if (node.Name == "get") { // // } else if (node.Name == "destroy") { // // } // // } // // } // // TimeSpan tt = DateTime.Now.Subtract (start); // // string complete = String.Format ("The scan has been run... Took {0} minutes, {1} seconds.\n", tt.Minutes, tt.Seconds); // // stream.Write (enc.GetBytes (complete), 0, complete.Length); // } // // list.Stop (); // } }
public static void Main(string[] args) { string conn = "Server=192.168.1.5;"; conn += "Port=5433;"; conn += "Database=rising_sun;"; conn += "User Id=postgres;"; conn += "Password=password;"; conn += "SSL=true;"; IPersistenceConfigurer config = PostgreSQLConfiguration.PostgreSQL82 .ConnectionString(conn); ISessionFactory factory = Fluently.Configure() .Database(config) .Mappings(m => m.FluentMappings.AddFromAssemblyOf <PersistentMetasploitScan> ()) .Mappings(m => m.FluentMappings.AddFromAssemblyOf <PersistentOpenVASNVT> ()) .Mappings(m => m.FluentMappings.AddFromAssemblyOf <PersistentNessusScan> ()) .Mappings(m => m.FluentMappings.AddFromAssemblyOf <PersistentNexposeScan> ()) .BuildSessionFactory(); string msf = "/home/bperry/tmp/metasploit.xml"; string ovas = "/home/bperry/tmp/openvas.xml"; string nx = "/home/bperry/tmp/nexpose.xml"; string nss = "/home/bperry/tmp/nessus.xml"; XmlDocument doc = new XmlDocument(); doc.LoadXml(System.IO.File.ReadAllText(ovas)); OpenVASScan ovasScan = new OpenVASScan(doc.FirstChild); doc = new XmlDocument(); doc.LoadXml(System.IO.File.ReadAllText(nx)); NexposeScan nxScan = new NexposeScan(doc.FirstChild); doc = new XmlDocument(); doc.LoadXml(System.IO.File.ReadAllText(nss)); NessusScan nssScan = new NessusScan(doc.LastChild); doc = new XmlDocument(); doc.LoadXml(System.IO.File.ReadAllText(msf)); MetasploitScan msfScan = new MetasploitScan(doc.LastChild); PersistentMetasploitScan pmsfScan = new PersistentMetasploitScan(msfScan); pmsfScan.SetCreationInfo(Guid.Empty, true); PersistentNessusScan pnssScan = new PersistentNessusScan(nssScan); pnssScan.SetCreationInfo(Guid.Empty, true); PersistentOpenVASScan povasScan = new PersistentOpenVASScan(ovasScan); povasScan.SetCreationInfo(Guid.Empty, true); PersistentNexposeScan pnxScan = new PersistentNexposeScan(nxScan); pnxScan.SetCreationInfo(Guid.Empty, true); using (ISession session = factory.OpenSession()) { using (ITransaction x = session.BeginTransaction()) { try { pmsfScan.ParentScanID = Guid.NewGuid(); Console.WriteLine("Saving metasploit"); session.Save(pmsfScan); x.Commit(); } catch (Exception ex) { Console.WriteLine("I broke, rolling back..."); x.Rollback(); throw ex; } } using (ITransaction x = session.BeginTransaction()) { try { pnssScan.ParentScanID = Guid.NewGuid(); Console.WriteLine("Saving nessus"); session.Save(pnssScan); x.Commit(); } catch (Exception ex) { Console.WriteLine("I broke, rolling back..."); x.Rollback(); throw ex; } } using (ITransaction x = session.BeginTransaction()) { try { povasScan.ParentScanID = Guid.NewGuid(); Console.WriteLine("Saving openvas"); session.Save(povasScan); x.Commit(); } catch (Exception ex) { Console.WriteLine("I broke, rolling back..."); x.Rollback(); throw ex; } } using (ITransaction x = session.BeginTransaction()) { try { pnxScan.ParentScanID = Guid.NewGuid(); Console.WriteLine("Saving nexpose"); session.Save(pnxScan); x.Commit(); } catch (Exception ex) { Console.WriteLine("I broke, rolling back..."); x.Rollback(); throw ex; } } } Console.WriteLine("yay?"); }
protected override void OnInit(EventArgs e) { base.OnInit(e); bool isNessus = false; bool isNexpose = false; bool isOpenVAS = false; bool isMetasploit = false; Guid hid = new Guid(Request ["hid"]); PersistentProfile profile = this.CurrentProfile; PersistentNMapHost host; host = profile.CurrentResults.PersistentHosts.Where(h => h.ProfileHost.ID == hid && h.IsActive).SingleOrDefault(); PersistentScan latestScan = this.CurrentScanSession.CreateCriteria <PersistentScan>() .Add(Restrictions.Eq("ParentProfileID", profile.ID)) .Add(Restrictions.Eq("HasRun", true)) .List <PersistentScan>() .LastOrDefault(); PersistentNessusScan nssScan = this.CurrentScanSession.CreateCriteria <PersistentNessusScan>() .Add(Restrictions.Eq("ParentScanID", latestScan.ID)) .List <PersistentNessusScan>() .SingleOrDefault(); if (nssScan != null) { isNessus = true; } PersistentOpenVASScan ovasScan = this.CurrentScanSession.CreateCriteria <PersistentOpenVASScan>() .Add(Restrictions.Eq("ParentScanID", latestScan.ID)) .List <PersistentOpenVASScan>() .SingleOrDefault(); if (ovasScan != null) { isOpenVAS = true; } PersistentNexposeScan nxScan = this.CurrentScanSession.CreateCriteria <PersistentNexposeScan>() .Add(Restrictions.Eq("ParentScanID", latestScan.ID)) .List <PersistentNexposeScan>() .SingleOrDefault(); if (nxScan != null) { isNexpose = true; } PersistentMetasploitScan msfScan = this.CurrentScanSession.CreateCriteria <PersistentMetasploitScan>() .Add(Restrictions.Eq("ParentScanID", latestScan.ID)) .List <PersistentMetasploitScan>() .SingleOrDefault(); if (msfScan != null) { isMetasploit = true; } lblHostname.Text = host.Hostname; lblDeviceType.Text = host.DeviceType; lblIPv4.Text = host.IPAddressv4; lblNetworkDistance.Text = host.NetworkDistance; lblOS.Text = host.OS; List <DataTableObject> objs = new List <DataTableObject>(); foreach (PersistentPort port in host.PersistentPorts.Where(p => p.IsTCP)) { DataTableObject obj = new DataTableObject(); obj.PortID = port.ID; obj.Port = port.PortNumber; obj.ServiceName = port.Service; if (isMetasploit) { PersistentMetasploitHost msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).Single(); obj.MetasploitCredentials = msfHost.PersistentCredentials.Where(c => c.Port == port.PortNumber).Count(); obj.MetasploitExploits = msfHost.PersistentSessions.Where(s => s.Port == port.PortNumber.ToString()).Count(); obj.ScannedByMetasploit = true; } else { obj.ScannedByMetasploit = false; } if (isNessus) { PersistentNessusReportHost nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).Single(); obj.NessusGrade = nssHost.PersistentReportItems.Where(i => i.Severity != "0" && i.Port == port.PortNumber.ToString()).Count(); obj.ScannedByNessus = true; } else { obj.ScannedByNessus = false; } if (isNexpose) { PersistentNexposeAsset nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).Single(); if (nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Count() != 0) { PersistentNexposeHostService service = nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Single(); obj.NexposeGrade = service.PersistentTests.Where(t => t.Status == "vulnerable-exploited" || t.Status == "vulnerable-version").Count(); obj.ScannedByNexpose = true; } else { obj.ScannedByNexpose = false; } } else { obj.ScannedByNexpose = false; } if (isOpenVAS) { obj.ScannedByOpenVAS = true; obj.OpenVASGrade = ovasScan.PersistentResults.Where(r => r.Host == host.IPAddressv4 && r.Port.Contains("(" + port.PortNumber + "/")).Count(); } else { obj.ScannedByOpenVAS = false; } objs.Add(obj); } gvPorts.DataSource = objs.OrderBy(o => o.Port); gvPorts.DataBind(); }