public override void ProcessRequest(HttpContext context) { ISession sess = this.CurrentSession; PersistentUser user = sess.Get<PersistentUser>(new Guid(context.Request["UserID"])); PersistentClient client = sess.Get<PersistentClient>(new Guid(context.Request["ClientID"])); if (user == null || !user.HasAPIAccess) throw new Exception("no api access"); if (client == null || !client.HasAPIAccess) throw new Exception("no api access"); using (NexposeSession nsess = new NexposeSession("" + ConfigurationManager.AppSettings["Nexpose"] + "")) { nsess.Authenticate("nexpose", "nexpose"); using (NexposeManager11 manager = new NexposeManager11(nsess)) { XmlDocument engines = manager.GetScanEngineListing(); context.Response.Write(engines.OuterXml); } } }
public override void ProcessRequest(HttpContext context) { using (NexposeSession session = new NexposeSession("192.168.56.105")) { session.Authenticate("nexpose", "nexpose"); using (NexposeManager11 manager = new NexposeManager11(session)) { string template = "audit-report"; string format = "text"; string siteID = context.Request["SiteID"]; string xml = string.Empty; xml = xml + "<AdhocReportConfig template-id=\"" + template + "\" format=\"" + format + "\">"; xml = xml + "<Filters><filter type=\"site\" id=\"" + siteID + "\"></filter></Filters>"; xml = xml + "</AdhocReportConfig>"; XmlDocument request = new XmlDocument(); request.LoadXml(xml); byte[] report = manager.GenerateAdHocReport(request); context.Response.Write(Encoding.ASCII.GetString(report)); } } }
public override void ProcessRequest(HttpContext context) { using (NexposeSession session = new NexposeSession("192.168.56.103")) { session.Authenticate("nexpose", "nexpose"); using (NexposeManager11 manager = new NexposeManager11(session)) { XmlDocument doc = manager.GetReportTemplateListing(); context.Response.Write(doc.OuterXml); } } }
public override void ProcessRequest(HttpContext context) { using (NexposeSession session = new NexposeSession("192.168.56.103")) { session.Authenticate("nexpose", "nexpose"); using (NexposeManager11 manager = new NexposeManager11(session)) { XmlDocument doc = manager.GetScanStatistics(context.Request["NexposeScanID"]); //manager.get context.Response.Write(doc.OuterXml); } } }
public static void Main(string[] args) { using (NexposeSession session = new NexposeSession("127.0.0.1")) { session.Authenticate("nexpose"/*user*/, "nexpose"/*password*/); using (NexposeManager11 manager = new NexposeManager11(session)) { XmlDocument sites = manager.GetSiteListing(); Console.WriteLine("Which site do you want a scan report for?"); foreach (XmlNode site in sites.FirstChild.ChildNodes) Console.WriteLine(String.Format("{0}. {1}", site.Attributes["id"].Value, site.Attributes["name"].Value)); string id = Console.ReadLine(); XmlDocument templates = manager.GetReportTemplateListing(); string templateID = string.Empty; Console.WriteLine("Which template do you want to use?"); foreach (XmlNode template in templates.FirstChild.ChildNodes) Console.WriteLine(template.Attributes["template-id"].Value); templateID = Console.ReadLine(); Dictionary<NexposeReportFilterType, string> filters = new Dictionary<NexposeReportFilterType, string>(); //add a filter for a specific "site" with and id of "id" filters.Add(NexposeReportFilterType.Site, id); byte[] report = manager.GenerateAdHocReport(NexposeUtil.GenerateAdHocReportConfig(templateID, NexposeReportFormat.RawXML, filters)); Console.WriteLine(report); } } }
public override void ProcessRequest(HttpContext context) { string id = "-1"; string template = "full-audit"; string name = context.Request["SiteName"]; string description = context.Request["SiteDescription"]; string hosts = context.Request["Hosts"]; string siteXml = "<Site id=\"" + id + "\" name=\"" + name+ "\" description=\"" + description + "\">"; siteXml = siteXml + "<Hosts>"; foreach (string host in hosts.Split(',')) siteXml = siteXml + "<host>" + host + "</host>"; siteXml = siteXml + "</Hosts>" + "<Credentials></Credentials>" + "<Alerting></Alerting>" + "<ScanConfig configID=\"" + id + "\" name=\"" + name + "\" templateID=\"" + template + "\"></ScanConfig>" + "</Site>"; XmlDocument doc = new XmlDocument(); doc.LoadXml(siteXml); using (NexposeSession session = new NexposeSession("" + ConfigurationManager.AppSettings["Nexpose"] + "")) { session.Authenticate("nexpose", "nexpose"); using (NexposeManager11 manager = new NexposeManager11(session)) { XmlDocument response = manager.SaveOrUpdateSite(doc.FirstChild); context.Response.Write(response.OuterXml); } } }
public static void Main(string[] args) { string id = "-1"; string template = "full-audit"; string name = "blah" + Guid.NewGuid().ToString(); string description = "fdsa"; string hosts = "127.0.0.1"; string siteXml = "<Site id=\"" + id + "\" name=\"" + name+ "\" description=\"" + description + "\">"; siteXml = siteXml + "<Hosts>"; foreach (string host in hosts.Split(',')) siteXml = siteXml + "<host>" + host + "</host>"; siteXml = siteXml + "</Hosts>" + "<Credentials></Credentials>" + "<Alerting></Alerting>" + "<ScanConfig configID=\"" + id + "\" name=\"" + name + "\" templateID=\"" + template + "\"></ScanConfig>" + "</Site>"; XmlDocument doc = new XmlDocument(); doc.LoadXml(siteXml); using (NexposeSession session = new NexposeSession("127.0.0.1")) { session.Authenticate("nexpose", "nexpose"); using (NexposeManager11 manager = new NexposeManager11(session)) { XmlDocument response = manager.SaveOrUpdateSite(doc.FirstChild); Console.WriteLine(response.OuterXml); } } }
public virtual void Run(out NessusScan nessusScan, out NexposeScan nexposeScan, out OpenVASScan openvasScan, out MetasploitScan metasploitScan, out Dictionary<NMapHost, IList<IToolResults>> toolResults) { if (this.Configuration == null) throw new Exception ("Configuration not set"); DateTime start = DateTime.Now; metasploitScan = null; nessusScan = null; nexposeScan = null; openvasScan = null; string openvasTaskID = string.Empty; string nessusScanID = string.Empty; string nexposeScanID = string.Empty; int uniqueNo = new Random ().Next (); IList<NMapHost > hosts = this.ParentProfile.CurrentResults.Hosts; if (hosts.Count() == 0) { Console.WriteLine("ERROR: no hosts in the profile. Aborting."); toolResults = null; return; } csv = string.Empty; foreach (NMapHost host in hosts) csv = csv + host.IPAddressv4 + ", "; //trailing , is OK in this case string openvasReportID = string.Empty; if (this.ScanOptions.IsOpenVASAssessment) { Console.WriteLine ("Creating OpenVAS Scan..."); OpenVASTarget target = new OpenVASTarget (); target.Hosts = csv; target.Name = this.ParentProfile.Name + uniqueNo.ToString (); target.SMBCredentials = new OpenVASLSCCredential (); target.SSHCredentials = new OpenVASLSCCredential (); using (OpenVASManagerSession ovasSession = new OpenVASManagerSession(this.Configuration ["openvasUser"], this.Configuration ["openvasPass"], this.Configuration ["openvasHost"])) { using (OpenVASObjectManager openvasManager = new OpenVASObjectManager(ovasSession)) { target = openvasManager.CreateTarget (target); OpenVASConfig config = openvasManager.GetAllConfigs () .Where (c => c.RemoteConfigID == new Guid (this.Configuration["openvasConfig"])) .SingleOrDefault (); OpenVASTask task = new OpenVASTask (); task.Comment = string.Format ("Task for scan {0}", this.Name); task.Target = target; task.Config = config; task = openvasManager.CreateTask (task); XmlDocument taskResponse = openvasManager.StartTask (task.RemoteTaskID.ToString ()); if (!taskResponse.FirstChild.Attributes ["status"].Value.StartsWith ("20")) throw new Exception ("Creating OpenVAS scan failed: " + taskResponse.FirstChild.Attributes ["status_text"].Value); openvasReportID = taskResponse.FirstChild.FirstChild.InnerText; openvasTaskID = task.RemoteTaskID.ToString (); } Console.WriteLine ("Done creating and starting OpenVAS scan."); } } if (this.ScanOptions.IsNessusAssessment) { Console.WriteLine ("Creating Nessus scan..."); using (NessusManagerSession nessusSession = new NessusManagerSession (this.Configuration["nessusHost"])) { bool loggedIn = false; nessusSession.Authenticate (this.Configuration ["nessusUser"], this.Configuration ["nessusPass"], 1234, out loggedIn); if (!loggedIn) throw new Exception ("Invalid username/password"); using (NessusObjectManager nessusManager = new NessusObjectManager (nessusSession)) { var tmp = nessusManager.CreateAndStartScan (csv, -2, this.Name + uniqueNo.ToString ()); string scanName = tmp.Name; nessusScanID = scanName; string reportID = string.Empty; foreach (XmlNode node in nessusManager.ListReports().LastChild.ChildNodes) { if (node.Name == "contents") { string tmpReportID = string.Empty; foreach (XmlNode child in node.FirstChild.ChildNodes) { foreach (XmlNode c in child.ChildNodes) { if (c.Name == "name") tmpReportID = c.InnerText; else if (c.Name == "readableName" && c.InnerText == scanName) reportID = tmpReportID; } } tmpReportID = string.Empty; } } } Console.WriteLine ("Done creating and starting Nessus scan."); } } if (this.ScanOptions.IsNexposeAssessment) { Console.WriteLine ("Creating NeXpose scan..."); int siteID = 0; if (this.ScanOptions.RemoteNexposeSiteID <= 0) { XmlDocument d = null; string id = "-1"; string template = "full-audit"; string name = this.Name + uniqueNo.ToString (); string description = "A site for the the profile " + this.ParentProfile.Name; string siteXml = "<Site id=\"" + id + "\" name=\"" + name + "\" description=\"" + description + "\">"; siteXml = siteXml + "<Hosts>"; foreach (string host in csv.Split(',')) siteXml = siteXml + "<host>" + host + "</host>"; siteXml = siteXml + "</Hosts>" + "<Credentials></Credentials>" + "<Alerting></Alerting>" + "<ScanConfig configID=\"" + id + "\" name=\"" + name + "\" templateID=\"" + template + "\"></ScanConfig>" + "</Site>"; XmlDocument doc = new XmlDocument (); doc.LoadXml (siteXml); using (NexposeSession session = new NexposeSession(this.Configuration["nexposeHost"])) { session.Authenticate (this.Configuration ["nexposeUser"], this.Configuration ["nexposePass"]); using (NexposeManager11 manager = new NexposeManager11(session)) { XmlDocument response = manager.SaveOrUpdateSite (doc.FirstChild); d = response; } } siteID = int.Parse (d.FirstChild.Attributes ["site-id"].Value); this.ScanOptions.RemoteNexposeSiteID = siteID; } else { siteID = this.ScanOptions.RemoteNexposeSiteID; } using (NexposeSession session = new NexposeSession(this.Configuration["nexposeHost"])) { session.Authenticate (this.Configuration ["nexposeUser"], this.Configuration ["nexposePass"]); using (NexposeManager11 manager = new NexposeManager11(session)) { XmlDocument response = manager.ScanSite (siteID.ToString ()); nexposeScanID = response.FirstChild.FirstChild.Attributes ["scan-id"].Value; } } Console.WriteLine ("Done creating and starting NeXpose scan."); } Dictionary<NMapHost, IList<IToolResults >> results = new Dictionary<NMapHost, IList<IToolResults>> (); services = new List<string> (); foreach (var host in hosts) { foreach (Port port in (host as NMapHost).Ports) services.Add (port.Service); NMapHost threadHost = host as NMapHost; Console.WriteLine ("Starting scan for host: " + threadHost.Hostname + "(" + threadHost.IPAddressv4 + ")"); results.Add (threadHost, ScanHost (threadHost, this.ScanOptions.SQLMapOptions, this.Configuration)); } toolResults = results; bool done = false; if (this.ScanOptions.IsNessusAssessment || this.ScanOptions.IsNexposeAssessment || this.ScanOptions.IsOpenVASAssessment) { while (!done) { if (!string.IsNullOrEmpty (openvasTaskID) && this.OpenVASScanIsRunning (openvasTaskID)) { Console.WriteLine ("Waiting on OpenVAS scan " + openvasTaskID); Thread.Sleep (new TimeSpan (0, 0, 60)); continue; } if (!string.IsNullOrEmpty (nessusScanID) && this.NessusScanIsRunning (nessusScanID)) { Console.WriteLine ("Waiting on Nessus scan " + nessusScanID); Thread.Sleep (new TimeSpan (0, 0, 60)); continue; } if (!string.IsNullOrEmpty (nexposeScanID) && this.NexposeScanIsRunning (nexposeScanID)) { Console.WriteLine ("Waiting on NeXpose scan " + nexposeScanID); Thread.Sleep (new TimeSpan (0, 0, 60)); continue; } done = true; } Dictionary<VulnerabilityScanType, string> scans = new Dictionary<VulnerabilityScanType, string> (); if (!string.IsNullOrEmpty (openvasReportID)) scans.Add (VulnerabilityScanType.OpenVAS, openvasReportID); if (!string.IsNullOrEmpty (nexposeScanID)) scans.Add (VulnerabilityScanType.Nexpose, this.ScanOptions.RemoteNexposeSiteID.ToString ()); if (!string.IsNullOrEmpty (nessusScanID)) scans.Add (VulnerabilityScanType.Nessus, nessusScanID); Dictionary<VulnerabilityScanType, XmlNode> reports = this.GetReports (scans); foreach (var report in reports) { if (report.Key == VulnerabilityScanType.Nessus) nessusScan = new NessusScan(report.Value); else if (report.Key == VulnerabilityScanType.Nexpose) nexposeScan = new NexposeScan(report.Value); else if (report.Key == VulnerabilityScanType.OpenVAS) openvasScan = new OpenVASScan(report.Value); else throw new Exception ("Don't know this scan type"); } if (this.ScanOptions.IsMetasploitAssessment) { string workspace = Guid.NewGuid ().ToString (); this.CreateNewMetasploitWorkspace (workspace); this.ImportScansIntoMetasploitPro (reports, workspace); string proTaskID = this.BeginMetasploitProAssessment (workspace, csv, false); while (this.MetasploitProAssessmentIsRunning(proTaskID)) { Console.WriteLine ("Waiting on exploit assessment from metasploit: task " + proTaskID); System.Threading.Thread.Sleep (new TimeSpan (0, 0, 30)); } metasploitScan = new MetasploitScan(this.GetMetasploitProReport (workspace)); } } TimeSpan duration = DateTime.Now - start; this.Duration = duration.TotalSeconds.ToString (); this.HasRun = true; }
private bool NexposeScanIsRunning(string nexposeScanID) { using (NexposeSession session = new NexposeSession(this.Configuration["nexposeHost"])) { session.Authenticate (this.Configuration ["nexposeUser"], this.Configuration ["nexposePass"]); using (NexposeManager11 manager = new NexposeManager11(session)) { XmlDocument response = manager.GetScanStatus (nexposeScanID); string status = response.FirstChild.Attributes ["status"].Value; if (status == "finished" || status == "stopped") return false; return true; } } }
private XmlNode GetNexposeReport(string id) { byte[] report; using (NexposeSession session = new NexposeSession(this.Configuration["nexposeHost"])) { session.Authenticate (this.Configuration ["nexposeUser"], this.Configuration ["nexposePass"]); using (NexposeManager11 manager = new NexposeManager11(session)) { Dictionary<NexposeReportFilterType, string> filters = new Dictionary<NexposeReportFilterType, string> (); filters.Add (NexposeReportFilterType.Site, id); report = manager.GenerateAdHocReport (NexposeUtil.GenerateAdHocReportConfig ("audit-report", NexposeReportFormat.RawXML, filters)); //stupid hack while (report.Length < 91) { Thread.Sleep (500); report = manager.GenerateAdHocReport (NexposeUtil.GenerateAdHocReportConfig ("audit-report", NexposeReportFormat.RawXML, filters)); } } } XmlDocument doc = new XmlDocument(); doc.LoadXml(Encoding.UTF8.GetString(report)); return doc.LastChild; }