Exemple #1
0
        public static void Main(string[] args)
        {
            string conn = "Server=192.168.1.5;";
            conn += "Port=5433;";
            conn += "Database=rising_sun;";
            conn += "User Id=postgres;";
            conn += "Password=password;";
            conn += "SSL=true;";

            IPersistenceConfigurer config = PostgreSQLConfiguration.PostgreSQL82
                .ConnectionString (conn);

            ISessionFactory factory = Fluently.Configure ()
                .Database (config)
                .Mappings (m =>
                        m.FluentMappings.AddFromAssemblyOf<PersistentMetasploitScan> ())
                .Mappings (m =>
                        m.FluentMappings.AddFromAssemblyOf<PersistentOpenVASNVT> ())
                .Mappings (m =>
                        m.FluentMappings.AddFromAssemblyOf<PersistentNessusScan> ())
                .Mappings (m =>
                        m.FluentMappings.AddFromAssemblyOf<PersistentNexposeScan> ())
                .BuildSessionFactory ();

            string msf = "/home/bperry/tmp/metasploit.xml";
            string ovas = "/home/bperry/tmp/openvas.xml";
            string nx = "/home/bperry/tmp/nexpose.xml";
            string nss = "/home/bperry/tmp/nessus.xml";

            XmlDocument doc = new XmlDocument();
            doc.LoadXml(System.IO.File.ReadAllText(ovas));

            OpenVASScan ovasScan = new OpenVASScan(doc.FirstChild);

            doc = new XmlDocument();
            doc.LoadXml(System.IO.File.ReadAllText(nx));

            NexposeScan nxScan = new NexposeScan(doc.FirstChild);

            doc = new XmlDocument();
            doc.LoadXml(System.IO.File.ReadAllText(nss));

            NessusScan nssScan = new NessusScan(doc.LastChild);

            doc = new XmlDocument();
            doc.LoadXml(System.IO.File.ReadAllText(msf));

            MetasploitScan msfScan = new MetasploitScan(doc.LastChild);

            PersistentMetasploitScan pmsfScan = new PersistentMetasploitScan(msfScan);
            pmsfScan.SetCreationInfo(Guid.Empty, true);

            PersistentNessusScan pnssScan = new PersistentNessusScan(nssScan);
            pnssScan.SetCreationInfo(Guid.Empty, true);

            PersistentOpenVASScan povasScan = new PersistentOpenVASScan(ovasScan);
            povasScan.SetCreationInfo(Guid.Empty, true);

            PersistentNexposeScan pnxScan = new PersistentNexposeScan(nxScan);
            pnxScan.SetCreationInfo(Guid.Empty, true);

            using(ISession session = factory.OpenSession())
            {
                using (ITransaction x = session.BeginTransaction())
                {
                    try
                    {
                        pmsfScan.ParentScanID = Guid.NewGuid();
                        Console.WriteLine("Saving metasploit");
                        session.Save(pmsfScan);
                        x.Commit();
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine("I broke, rolling back...");
                        x.Rollback();
                        throw ex;
                    }
                }
                using (ITransaction x = session.BeginTransaction())
                {
                    try
                    {
                        pnssScan.ParentScanID = Guid.NewGuid();
                        Console.WriteLine("Saving nessus");
                        session.Save(pnssScan);
                        x.Commit();
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine("I broke, rolling back...");
                        x.Rollback();
                        throw ex;
                    }
                }
                using (ITransaction x = session.BeginTransaction())
                {
                    try
                    {
                        povasScan.ParentScanID = Guid.NewGuid();
                        Console.WriteLine("Saving openvas");
                        session.Save(povasScan);
                        x.Commit();
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine("I broke, rolling back...");
                        x.Rollback();
                        throw ex;
                    }
                }
                using (ITransaction x = session.BeginTransaction())
                {
                    try
                    {
                        pnxScan.ParentScanID = Guid.NewGuid();
                        Console.WriteLine("Saving nexpose");
                        session.Save(pnxScan);
                        x.Commit();
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine("I broke, rolling back...");
                        x.Rollback();
                        throw ex;
                    }
                }
            }

            Console.WriteLine("yay?");
        }
Exemple #2
0
        public static void Main()
        {
            string conn = "Server=" + ConfigurationManager.AppSettings ["PostgreSQL"] + ";";
            conn += "Port=" + ConfigurationManager.AppSettings ["PostgreSQLPort"] + ";";
            conn += "Database=rising_sun;";
            conn += "User Id=" + ConfigurationManager.AppSettings ["PostgreSQLUser"] + ";";
            conn += "Password="******"PostgreSQLPass"] + ";";
            conn += "SSL=true;";

            IPersistenceConfigurer config = PostgreSQLConfiguration.PostgreSQL82
                .ConnectionString (conn);

            ISessionFactory factory = Fluently.Configure ()
                .Database (config)
                .Mappings (m =>
                        m.FluentMappings.AddFromAssemblyOf<PersistentProfile> ())
                .Mappings (m =>
                        m.FluentMappings.AddFromAssemblyOf<PersistentOpenVASNVT> ())
                .Mappings (m =>
                        m.FluentMappings.AddFromAssemblyOf<PersistentNessusScan> ())
                .Mappings (m =>
                        m.FluentMappings.AddFromAssemblyOf<PersistentNexposeScan> ())
                .Mappings (m =>
                        m.FluentMappings.AddFromAssemblyOf<PersistentMetasploitScan> ())
                .BuildSessionFactory ();

            Dictionary<string, string> conf = null;
            IList<PersistentProfile > profilesToRun;

            using (ISession session = factory.OpenSession())
            using (ITransaction trans = session.BeginTransaction()) {
                profilesToRun = session.CreateCriteria<PersistentProfile> ()
                        .Add (Restrictions.Eq ("HasRun", false))
                        .Add (Restrictions.Eq ("IsActive", true))
                        .List<PersistentProfile> ();

                foreach (PersistentProfile profile in profilesToRun) {

                    if (profile.VirtualMachines.Count > 0)
                    {
                        using (VirtualboxManager manager = new VirtualboxManager("vboxmanage"))
                        {
                            foreach (var vm in profile.VirtualMachines)
                                manager.StartVirtualMachine(vm);
                        }

                        Console.WriteLine("Letting vm's settle...waiting a bit");
                        for (int i = 0;i< 10;i++)
                        {
                            Console.Write(i);
                            System.Threading.Thread.Sleep(new TimeSpan(0,0,60));
                        }

                    }

                    List<List<IToolResults>> toolResults = null;

                    conf = new Dictionary<string, string> ();
                    conf.Add ("sqlmapPath", ConfigurationManager.AppSettings ["sqlmapPath"]);
                    conf.Add ("wapitiPath", ConfigurationManager.AppSettings ["wapitiPath"]);
                    conf.Add ("nmapPath", ConfigurationManager.AppSettings ["nmapPath"]);
                    conf.Add ("niktoPath", ConfigurationManager.AppSettings ["niktoPath"]);
                    conf.Add ("onesixtyonePath", ConfigurationManager.AppSettings ["onesixtyonePath"]);
                    conf.Add ("sslscanPath", ConfigurationManager.AppSettings ["sslscanPath"]);
                    conf.Add ("smbclientPath", ConfigurationManager.AppSettings ["smbclientPath"]);
                    conf.Add ("traceroutePath", ConfigurationManager.AppSettings ["traceroutePath"]);
                    conf.Add ("whoisPath", ConfigurationManager.AppSettings ["whoisPath"]);
                    conf.Add ("profileID", profile.ID.ToString());
                    conf.Add ("API", ConfigurationManager.AppSettings["API"]);
                    conf.Add ("UserID", ConfigurationManager.AppSettings["userID"]);

                    profile.Configuration = conf;

                    string newRange = string.Empty;

                    foreach (var host in profile.ProfileHosts)
                        newRange += host.IPv4Address + " ";

                    profile.Range = newRange;

                    profile.Run (out toolResults);

                    profile.CurrentResults.SetCreationInfo (profile.WebUserID);

                    foreach (PersistentNMapHost host in profile.CurrentResults.PersistentHosts) {
                        host.CleanHost ();

                        host.ProfileHost = profile.ProfileHosts.Where (ph => ph.IPv4Address == host.IPAddressv4).Single ();

                        foreach (PersistentPort port in host.PersistentPorts) {
                            port.CleanPort ();
                            port.ParentProfile = profile;
                            port.SetCreationInfo (profile.WebUserID);
                        }

                        foreach (List<IToolResults> list in toolResults) {
                            foreach (IToolResults results in list.Where(k => k.HostIPAddressV4 == host.IPAddressv4)) {

                                //this isn't very refactor friendly
                                //You can't switch on the Type supplied by GetType() since types can be ambiguous
                                switch (results.GetType ().Name) {
                                case "SSLScanToolResults":
                                    PersistentSSLScanResults ssl = new PersistentSSLScanResults (results as SSLScanToolResults);
                                    ssl.HostPortID = host.PersistentPorts.Where (pp => pp.PortNumber == ssl.HostPort).FirstOrDefault ().ID;
                                    ssl.SetCreationInfo (Guid.Empty);
                                    session.Save (ssl);
                                    break;
                                case "NiktoToolResults":
                                    PersistentNiktoResults nikto = new PersistentNiktoResults (results as NiktoToolResults);

                                    nikto.Items = new List<PersistentNiktoItem>();

                                    string[] items = nikto.ParseOutput().ToArray();

                                    foreach (string item in items)
                                    {
                                        PersistentNiktoItem i = new PersistentNiktoItem();
                                        DateTime now = DateTime.Now;

                                        i.ID = Guid.NewGuid();
                                        i.CreatedBy = Guid.Empty;
                                        i.CreatedOn = now;
                                        i.Data = item;
                                        i.LastModifiedBy = Guid.Empty;
                                        i.LastModifiedOn = now;
                                        i.IsActive = true;
                                        session.Save(i);
                                        nikto.Items.Add(i);
                                    }

                                    nikto.HostPortID = host.PersistentPorts.Where (pp => pp.PortNumber == nikto.HostPort).FirstOrDefault ().ID;
                                    nikto.SetCreationInfo (Guid.Empty);
                                    session.Save (nikto);
                                    break;
                                case "OneSixtyOneToolResults":
                                    PersistentOneSixtyOneResults onesixtyone = new PersistentOneSixtyOneResults (results as OneSixtyOneToolResults);
                                    onesixtyone.ParentPort = host.PersistentPorts.Where (pp => pp.PortNumber == onesixtyone.HostPort).FirstOrDefault ();
                                    onesixtyone.HostPortID = onesixtyone.ParentPort.ID;
                                    onesixtyone.SetCreationInfo (Guid.Empty);
                                    session.Save (onesixtyone);
                                    break;
                                case "SMBClientToolResults":
                                    PersistentSMBClientResults smb = new PersistentSMBClientResults (results as SMBClientToolResults);
                                    smb.ParentPort = host.PersistentPorts.Where (pp => pp.PortNumber == smb.HostPort).FirstOrDefault ();
                                    smb.SetCreationInfo (Guid.Empty);
                                        //session.Save (smb);
                                    break;
                                case "WhoisToolResults":
                                    PersistentWhoisResults whois = new PersistentWhoisResults (results as WhoisToolResults);
                                    whois.ParentNMapHost = host;
                                    whois.SetCreationInfo (Guid.Empty);
                                    session.Save (whois);
                                    break;
                                case "TracerouteToolResults":
                                    PersistentTracerouteResults tracert = new PersistentTracerouteResults (results as TracerouteToolResults);
                                    tracert.ParentNMapHost = host;
                                    tracert.SetCreationInfo (Guid.Empty);
                                    session.Save (tracert);
                                    break;
                                default:
                                    throw new Exception ("Don't know type: " + results.GetType ().Name);
                                }
                            }
                        }

                        host.SetCreationInfo (profile.WebUserID);
                    }

                    profile.RunAfter = DateTime.Now.AddDays (profile.RunEvery.Days);
                    profile.HasRun = true;
                    session.SaveOrUpdate (profile);
                }

                try {
                    trans.Commit ();
                } catch (Exception ex) {
                    trans.Rollback ();

                    throw ex;
                }
            }

            IList<PersistentScan > scansToRun;

            using (ISession session = factory.OpenSession()) {
                scansToRun = session.CreateCriteria<PersistentScan> ()
                        .Add (Restrictions.Eq ("HasRun", false))
                        .Add (Restrictions.Eq ("IsActive", true))
                        .List<PersistentScan> ();

                foreach (var scan in scansToRun) {

                    scan.ParentProfile.CurrentResults.PopulateNonPersistentHosts ();
                    if (scan.ParentProfile.VirtualMachines.Count > 0)
                    {
                        using (VirtualboxManager manager = new VirtualboxManager("vboxmanage"))
                        {
                            foreach (var vm in scan.ParentProfile.VirtualMachines)
                                manager.StartVirtualMachine(vm);
                        }
                    }
                    NessusScan nessusScan = null;
                    NexposeScan nexposeScan = null;
                    OpenVASScan openvasScan = null;
                    MetasploitScan metasploitScan = null;

                    Dictionary<NMapHost, IList<IToolResults >> toolResults = new Dictionary<NMapHost, IList<IToolResults>> ();

                    conf = new Dictionary<string, string> ();

                    if (scan.ScanOptions.IsSQLMap)
                    {
                        conf.Add ("wapitiPath", ConfigurationManager.AppSettings ["wapitiPath"]);
                        conf.Add ("sqlmapPath", ConfigurationManager.AppSettings ["sqlmapPath"]);
                        conf.Add("isSQLMap", "true");
                    }
                    else
                        conf.Add("isSQLMap", "false");

                    if (scan.ScanOptions.IsDSXS)
                    {
                        if (!conf.ContainsKey("wapitiPath"))
                            conf.Add ("wapitiPath", ConfigurationManager.AppSettings ["wapitiPath"]);

                        conf.Add ("dsxsPath", ConfigurationManager.AppSettings ["dsxsPath"]);
                    }

                    if (scan.ScanOptions.IsNessusAssessment) {
                        conf.Add ("nessusHost", ConfigurationManager.AppSettings ["nessusHost"]);
                        conf.Add ("nessusUser", ConfigurationManager.AppSettings ["nessusUser"]);
                        conf.Add ("nessusPass", ConfigurationManager.AppSettings ["nessusPass"]);
                    }

                    if (scan.ScanOptions.IsNexposeAssessment) {
                        conf.Add ("nexposeHost", ConfigurationManager.AppSettings ["nexposeHost"]);
                        conf.Add ("nexposeUser", ConfigurationManager.AppSettings ["nexposeUser"]);
                        conf.Add ("nexposePass", ConfigurationManager.AppSettings ["nexposePass"]);
                    }

                    if (scan.ScanOptions.IsOpenVASAssessment) {
                        conf.Add ("openvasHost", ConfigurationManager.AppSettings ["openvasHost"]);
                        conf.Add ("openvasUser", ConfigurationManager.AppSettings ["openvasUser"]);
                        conf.Add ("openvasPass", ConfigurationManager.AppSettings ["openvasPass"]);

                        string url = ConfigurationManager.AppSettings ["API"] + "/GetOpenVASConfigs.ashx";

                        HttpWebRequest request = WebRequest.Create (url) as HttpWebRequest;

                        string xml = string.Empty;

                        using (StreamReader reader = new StreamReader(request.GetResponse().GetResponseStream()))
                            xml = reader.ReadToEnd ();

                        XmlDocument doc = new XmlDocument ();
                        doc.LoadXml (xml);

                        List<OpenVASConfig> configs = new List<OpenVASConfig> ();

                        foreach (XmlNode c in doc.FirstChild.ChildNodes)
                            configs.Add (new OpenVASConfig (c));

                        conf.Add ("openvasConfig", configs.Where (c => c.Name == "Full and fast").Single ().RemoteConfigID.ToString ());
                    }

                    if (scan.ScanOptions.IsMetasploitAssessment) {
                        conf.Add ("tmpSshfsDir", ConfigurationManager.AppSettings ["tmpSshfsDir"]);
                        conf.Add ("metasploitHost", ConfigurationManager.AppSettings ["metasploitHost"]);
                        conf.Add ("metasploitUser", ConfigurationManager.AppSettings ["metasploitUser"]);
                        conf.Add ("metasploitPass", ConfigurationManager.AppSettings ["metasploitPass"]);
                    }

                    scan.Configuration = conf;

                    scan.Run (out nessusScan, out nexposeScan, out openvasScan, out metasploitScan, out toolResults);

                    if (toolResults == null)
                    {
                        if (scan.ParentProfile.VirtualMachines.Count > 0)
                        {
                            using (VirtualboxManager manager = new VirtualboxManager("vboxmanage"))
                            {
                                foreach (var vm in scan.ParentProfile.VirtualMachines)
                                    manager.StopVirtualMachine(vm);
                            }
                        }

                        continue;
                    }

                    ///this is really super dirty
                    ///coded myself into a corner, gotta unwind
                    foreach (KeyValuePair<NMapHost, IList<IToolResults>> pair in toolResults) {
                        foreach (IToolResults results in pair.Value) {
                            if (results is WapitiToolResults) {
                                PersistentWapitiResults wapiti = new PersistentWapitiResults (results as WapitiToolResults);
                                foreach (var host in scan.ParentProfile.CurrentResults.PersistentHosts) {
                                    foreach (PersistentPort pport in host.PersistentPorts) {
                                        if (pport.PortNumber == (results as WapitiToolResults).HostPort &&
                                            pport.ParentHost.IPAddressv4 == (results as WapitiToolResults).HostIPAddressV4) {

                                            wapiti.HostPortID = pport.ID;

                                            wapiti.SetCreationInfo (Guid.Empty);

                                            session.Save (wapiti);
                                        }
                                    }
                                }
                            } else if (results is SQLMapResults) {
                                PersistentSQLMapResults pr = new PersistentSQLMapResults (results as SQLMapResults);
                                foreach (var host in scan.ParentProfile.CurrentResults.PersistentHosts) {
                                    foreach (PersistentPort pport in host.PersistentPorts) {
                                        if (pport.PortNumber == (results as SQLMapResults).ParentHostPort.PortNumber &&
                                            pport.ParentHost.IPAddressv4 == (results as SQLMapResults).ParentHostPort.ParentIPAddress) {

                                            pr.ParentHostPort = pport;

                                            pr.SetCreationInfo (Guid.Empty);

                                            session.Save (pr);
                                        }
                                    }
                                }
                            }
                        }
                    }

                    if (scan.ScanOptions.IsNessusAssessment) {
                        PersistentNessusScan s = new PersistentNessusScan(nessusScan);
                        s.SetCreationInfo(Guid.Empty, true);
                        s.ParentScanID = scan.ID;
                        session.Save (s);
                    }

                    if (scan.ScanOptions.IsOpenVASAssessment) {
                        PersistentOpenVASScan s = new PersistentOpenVASScan(openvasScan);
                        s.SetCreationInfo(Guid.Empty, true);
                        s.ParentScanID = scan.ID;
                        session.Save (s);
                    }

                    if (scan.ScanOptions.IsNexposeAssessment) {
                        PersistentNexposeScan s = new PersistentNexposeScan(nexposeScan);
                        s.SetCreationInfo(Guid.Empty, true);
                        s.ParentScanID = scan.ID;
                        session.Save (s);
                    }

                    if (scan.ScanOptions.IsMetasploitAssessment) {
                        PersistentMetasploitScan s = new PersistentMetasploitScan(metasploitScan);
                        s.SetCreationInfo(Guid.Empty, true);
                        s.ParentScanID = scan.ID;
                        session.Save (s);
                    }

                    scan.HasRun = true;

                    Console.WriteLine("Saving!");
                    using (ITransaction trans = session.BeginTransaction()) {
                        session.SaveOrUpdate (scan);

                        try {
                            trans.Commit ();
                        } catch (Exception ex) {
                            trans.Rollback ();
                            Console.WriteLine("Save failed!");

                            throw ex;
                        }
                    }

                    if (scan.ParentProfile.VirtualMachines.Count > 0)
                    {
                        using (VirtualboxManager manager = new VirtualboxManager("vboxmanage"))
                        {
                            foreach (var vm in scan.ParentProfile.VirtualMachines)
                                manager.StopVirtualMachine(vm);
                        }
                    }
                }
            }

            //			while (true) {
            //				DateTime start = new DateTime ();
            //				IPAddress ipAd = IPAddress.Parse ("127.0.0.1");
            //
            //				TcpListener list = new TcpListener (ipAd, 8082);
            //
            //				list.Start ();
            //
            //				TcpClient c = list.AcceptTcpClient ();
            //
            //				ASCIIEncoding enc = new ASCIIEncoding ();
            //				byte[] b = new byte[1024];
            //				string xml = string.Empty;
            //
            //				using (NetworkStream stream = c.GetStream ()) {
            //					do {
            //						stream.Read (b, 0, b.Length);
            //						xml += xml + enc.GetString (b);
            //
            //					} while (stream.DataAvailable);
            //
            //					start = DateTime.Now;
            //
            //					XmlDocument doc = new XmlDocument ();
            //					doc.LoadXml (xml);
            //
            //					foreach (XmlNode node in doc.ChildNodes) {
            //
            //						if (node.Name == "create") {
            //							if (node.Name == "scan") {
            //
            //								Scan scan = new Scan ();
            //
            //								if (node.HasChildNodes) {
            //									foreach (XmlNode child in node.ChildNodes) {
            //
            //										if (child.Name == "host")
            //											scan.Host = child.InnerText; else if (child.Name == "range")
            //
            //											scan.Range = child.InnerText; else if (child.Name == "type") {
            //											if (child.InnerText == "profile")
            //
            //												scan.ScanType = ScanType.Profile; else if (child.InnerText == "full")
            //												scan.ScanType = ScanType.Full;
            //										}
            //									}
            //								}
            //
            //
            //
            //								scan.Run ();
            //							} else if (node.Name == "get") {
            //
            //							} else if (node.Name == "destroy") {
            //
            //							}
            //
            //						}
            //
            //					}
            //
            //					TimeSpan tt = DateTime.Now.Subtract (start);
            //
            //					string complete = String.Format ("The scan has been run... Took {0} minutes, {1} seconds.\n", tt.Minutes, tt.Seconds);
            //
            //					stream.Write (enc.GetBytes (complete), 0, complete.Length);
            //				}
            //
            //				list.Stop ();
            //			}
        }