Esempio n. 1
0
        public override void ProcessRequest(HttpContext context)
        {
            ISession sess = this.CurrentSession;

            PersistentUser   user   = sess.Get <PersistentUser>(new Guid(context.Request["UserID"]));
            PersistentClient client = sess.Get <PersistentClient>(new Guid(context.Request["ClientID"]));

            if (user == null || !user.HasAPIAccess)
            {
                throw new Exception("no api access");
            }

            if (client == null || !client.HasAPIAccess)
            {
                throw new Exception("no api access");
            }

            bool isActive  = bool.Parse(context.Request["IsActive"]);
            Guid profileID = new Guid(context.Request["ProfileID"]);

            PersistentProfile profile = sess.Get <PersistentProfile>(profileID);
            string            xml     = profile.ToPersistentXml();

            context.Response.Write(xml);
        }
Esempio n. 2
0
        protected void btnCreateProfile_Click(object sender, EventArgs e)
        {
            string url = ConfigurationManager.AppSettings["API"] + "/CreateProfile.ashx" +
                         "?WebUserID=" + this.CurrentUser.ID.ToString() +
                         "&UserID=" + ConfigurationManager.AppSettings["UserID"] +
                         "&ClientID=" + ConfigurationManager.AppSettings["ClientID"] +
                         "&ProfileDomain=" + Session["CreateProfile?CurrentHost"] +
                         "&ProfileSchedule=" + Session["CreateProfile?ProfileSchedule"] +
                         "&ProfileDescription=" + Session["CreateProfile?ProfileDescription"] +
                         "&ProfileName=" + Session["CreateProfile?ProfileName"];

            WebRequest request = WebRequest.Create(url);

            string xml = string.Empty;

            using (StreamReader reader = new StreamReader(request.GetResponse().GetResponseStream()))
                xml = reader.ReadToEnd();

            XmlDocument doc = new XmlDocument();

            doc.LoadXml(xml);

            PersistentProfile profile = new PersistentProfile(doc.FirstChild);

            this.CurrentProfile = profile;

            Response.Redirect("/ViewProfile.aspx?pid=" + profile.ID.ToString());
        }
Esempio n. 3
0
        private string MakeProfile()
        {
            string url = ConfigurationManager.AppSettings["API"] + "/CreateProfile.ashx" +
                         "?WebUserID=" + ddlUser.SelectedValue +
                         "&UserID=" + ConfigurationManager.AppSettings["UserID"] +
                         "&ClientID=" + ConfigurationManager.AppSettings["ClientID"] +
                         "&ProfileDomain=" + txtHosts.Text +
                         "&ProfileSchedule=" + "30" +        //30 days
                         "&ProfileDescription=" + "Created through the admin interface" +
                         "&ProfileName=" + txtProfileName.Text;

            WebRequest request = WebRequest.Create(url);

            string xml = string.Empty;

            using (StreamReader reader = new StreamReader(request.GetResponse().GetResponseStream()))
                xml = reader.ReadToEnd();

            XmlDocument doc = new XmlDocument();

            doc.LoadXml(xml);

            PersistentProfile profile = new PersistentProfile(doc.FirstChild);

            return(profile.ID.ToString());
        }
Esempio n. 4
0
        public override void ProcessRequest(HttpContext context)
        {
            ISession s = this.CurrentSession;

            using (ITransaction t = s.BeginTransaction()) {
                Guid userID   = new Guid(context.Request ["UserID"]);
                Guid clientID = new Guid(context.Request ["ClientID"]);

                PersistentUser   user   = s.Get <PersistentUser> (userID);
                PersistentClient client = s.Get <PersistentClient> (clientID);

                if (user == null || !user.HasAPIAccess)
                {
                    throw new Exception("no api access");
                }

                if (client == null || !client.HasAPIAccess)
                {
                    throw new Exception("no api access");
                }

                PersistentProfile     p    = s.Get <PersistentProfile>(new Guid(context.Request["ProfileID"]));
                DateTime              now  = DateTime.Now;
                PersistentProfileHost host = new PersistentProfileHost(new Guid(context.Request ["WebUserID"]));
                host.ParentProfile       = p;
                host.Name                = context.Request["HostSubDomain"];
                host.IPv4Address         = Dns.GetHostEntry(context.Request["HostSubDomain"]).AddressList [0].ToString();
                host.VerifiedByFile      = true;
                host.VerifiedByWhois     = true;
                host.VerifiedOn          = DateTime.Now;
                host.WasManuallyVerified = false;
                host.IsVerified          = true;
                host.CreatedBy           = Guid.Empty;
                host.CreatedOn           = now;
                host.LastModifiedBy      = Guid.Empty;
                host.LastModifiedOn      = now;
                host.IsActive            = true;

                p.Range += " " + host.IPv4Address;
                p.SetUpdateInfo(Guid.Empty, true);

                s.Save(p);
                s.Save(host);

                try {
                    t.Commit();
                } catch (Exception ex) {
                    t.Rollback();

                    throw ex;
                }

                string xml = host.ToPersistentXML(false /*include nmap hosts? no, because none exist right now*/);

                context.Response.Write(xml);
            }
        }
Esempio n. 5
0
        protected override void OnInit(EventArgs e)
        {
            base.OnInit(e);

            HttpWebRequest request = WebRequest
                                     .Create(ConfigurationManager.AppSettings["API"] + "/GetProfile.ashx" +
                                             "?WebUserID=" + this.CurrentUser.UserID.ToString() +
                                             "&UserID=" + ConfigurationManager.AppSettings["UserID"] +
                                             "&IsActive=" + true +
                                             "&ProfileID=" + Request["pid"] +
                                             "&ClientID=" + ConfigurationManager.AppSettings["ClientID"]) as HttpWebRequest;

            WebResponse response = request.GetResponse();

            XmlDocument doc = new XmlDocument();
            string      xml = string.Empty;

            byte[] buff  = new byte[2048];
            int    bytes = 0;

            using (Stream stream = response.GetResponseStream())
            {
                do
                {
                    bytes = stream.Read(buff, 0, buff.Length);

                    xml = xml + ASCIIEncoding.ASCII.GetString(buff);

                    buff = new byte[2048];                     //clear cruft
                } while (bytes > 0);
            }

            xml = xml.Replace("&", "&amp;");

            doc.LoadXml(xml);

            PersistentProfile profile = new PersistentProfile(doc.DocumentElement);

            this.CurrentProfile = profile;

            string filename = Guid.NewGuid().ToString() + ".txt";
            string filedata = System.Convert.ToBase64String(Guid.NewGuid().ToByteArray());

            Session["VerifyProfile?FileName"] = filename;
            Session["VerifyProfile?FileData"] = filedata;
        }
Esempio n. 6
0
        public override void ProcessRequest(HttpContext context)
        {
            ISession s = this.CurrentSession;

            PersistentProfile profile = s.CreateCriteria <PersistentProfile>()
                                        .Add(Restrictions.Eq("ID", new Guid(context.Request["ProfileID"])))
                                        .Add(Restrictions.Eq("IsActive", true))
                                        .UniqueResult <PersistentProfile>();

            if (profile == null)
            {
                return;
            }

            string badge = string.Empty;

            switch (profile.BadgeState)
            {
            case "Excellent":
                badge = GetExcellentBadge();
                break;

            case "Good":
                badge = GetGetGoodBadge();
                break;

            case "Average":
                badge = GetAverageBadge();
                break;

            case "Below Average":
                badge = GetBelowAverageBadge();
                break;

            case "Poor":
                badge = GetPoorBadge();
                break;

            default:
                break;
            }

            context.Response.Write(badge);
        }
Esempio n. 7
0
        protected void btnCreateScanFromProfile_Click(object sender, EventArgs e)
        {
            Button l = sender as Button;

            HttpWebRequest request = WebRequest
                                     .Create(ConfigurationManager.AppSettings["API"] + "/GetProfile.ashx" +
                                             "?WebUserID=" + this.CurrentUser.UserID.ToString() +
                                             "&UserID=" + ConfigurationManager.AppSettings["UserID"] +
                                             "&IsActive=" + true +
                                             "&ProfileID=" + l.CommandArgument +
                                             "&ClientID=" + ConfigurationManager.AppSettings["ClientID"]) as HttpWebRequest;

            WebResponse response = request.GetResponse();

            XmlDocument doc = new XmlDocument();
            string      xml = string.Empty;

            byte[] buff  = new byte[2048];
            int    bytes = 0;

            using (Stream stream = response.GetResponseStream())
            {
                do
                {
                    bytes = stream.Read(buff, 0, buff.Length);

                    xml = xml + ASCIIEncoding.ASCII.GetString(buff);

                    buff = new byte[2048];                     //clear cruft
                } while (bytes > 0);
            }

            doc.LoadXml(xml);

            PersistentProfile profile = new PersistentProfile(doc.DocumentElement);

            this.CurrentProfile = profile;

            Response.Redirect("/CreateScan.aspx");
        }
Esempio n. 8
0
        protected override void OnInit(EventArgs e)
        {
            base.OnInit(e);

            bool isNessus     = false;
            bool isOpenvas    = false;
            bool isNexpose    = false;
            bool isMetasploit = false;

            PersistentProfile profile = this.CurrentScanSession.Get <PersistentProfile>(new Guid(this.Request["pid"]));

            if (profile.CurrentResults == null)
            {
                return;
            }

            //whee
            foreach (PersistentNMapHost host in profile.CurrentResults.PersistentHosts)
            {
                foreach (PersistentPort port in host.PersistentPorts)
                {
                }
            }

            this.CurrentProfile = profile;

            PersistentScan latestScan = this.CurrentScanSession.CreateCriteria <PersistentScan>()
                                        .Add(Restrictions.Eq("ParentProfileID", profile.ID))
                                        .Add(Restrictions.Eq("HasRun", true))
                                        .List <PersistentScan>()
                                        .LastOrDefault();

            PersistentNessusScan nssScan = this.CurrentScanSession.CreateCriteria <PersistentNessusScan>()
                                           .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                           .List <PersistentNessusScan>()
                                           .SingleOrDefault();

            if (nssScan != null)
            {
                isNessus = true;
            }

            PersistentOpenVASScan ovasScan = this.CurrentScanSession.CreateCriteria <PersistentOpenVASScan>()
                                             .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                             .List <PersistentOpenVASScan>()
                                             .SingleOrDefault();

            if (ovasScan != null)
            {
                isOpenvas = true;
            }

            PersistentNexposeScan nxScan = this.CurrentScanSession.CreateCriteria <PersistentNexposeScan>()
                                           .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                           .List <PersistentNexposeScan>()
                                           .SingleOrDefault();

            if (nxScan != null)
            {
                isNexpose = true;
            }

            PersistentMetasploitScan msfScan = this.CurrentScanSession.CreateCriteria <PersistentMetasploitScan>()
                                               .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                               .List <PersistentMetasploitScan>()
                                               .SingleOrDefault();

            if (msfScan != null)
            {
                isMetasploit = true;
            }

            List <DataTableObject> objs = new List <DataTableObject>();

            foreach (PersistentNMapHost host in profile.CurrentResults.PersistentHosts)
            {
                DataTableObject obj = new DataTableObject();

                obj.IP       = host.IPAddressv4;
                obj.HostName = host.Hostname;

                PersistentNessusReportHost nssHost = null;
                if (isNessus)
                {
                    nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).SingleOrDefault();

                    if (nssHost != null)
                    {
                        obj.ScannedByNessus = true;
                        obj.NessusGrade     = nssHost.PersistentReportItems.Where(r => int.Parse(r.Severity) > 0).Count();
                    }
                    else
                    {
                        obj.ScannedByNessus = false;
                    }
                }

                PersistentMetasploitHost msfHost = null;
                if (isMetasploit)
                {
                    msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).SingleOrDefault();

                    if (msfHost != null)
                    {
                        obj.ScannedByMetasploit = true;
                        obj.Exploits            = msfHost.PersistentSessions.Count();
                        obj.MetasploitGrade     = msfHost.PersistentVulnerabilities.Count();
                    }
                    else
                    {
                        obj.ScannedByMetasploit = false;
                    }
                }
                else
                {
                    obj.ScannedByMetasploit = false;
                }

                PersistentNexposeAsset nxHost = null;
                if (isNexpose)
                {
                    nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).SingleOrDefault();

                    if (nxHost != null)
                    {
                        obj.ScannedByNexpose = true;
                        obj.NexposeGrade     = nxHost.PersistentHostTests.Where(t => t.Status == "vulnerable-version" || t.Status == "vulnerable-exploited").Count();

                        foreach (PersistentNexposeHostService service in nxHost.PersistentServices)
                        {
                            obj.NexposeGrade += service.PersistentTests.Where(t => t.Status == "vulnerable-version" || t.Status == "vulnerable-exploited").Count();
                        }
                    }
                    else
                    {
                        obj.ScannedByNexpose = false;
                    }
                }
                else
                {
                    obj.ScannedByNexpose = false;
                }

                List <PersistentReportResult> ovasHost = null;
                if (isOpenvas)
                {
                    ovasHost = new List <PersistentReportResult>();
                    foreach (PersistentReportResult result in ovasScan.PersistentResults)
                    {
                        if (result.Host == host.IPAddressv4)
                        {
                            ovasHost.Add(result);
                        }
                    }

                    if (ovasHost.Count() > 0)
                    {
                        obj.ScannedByOpenVAS = true;
                        obj.OpenVASGrade     = ovasHost.Count();
                    }
                    else
                    {
                        obj.ScannedByOpenVAS = false;
                    }
                }
                else
                {
                    obj.ScannedByOpenVAS = false;
                }

                obj.HostID = host.ProfileHost.ID;
                objs.Add(obj);
            }

            gvHosts.DataSource = objs;
            gvHosts.DataBind();
        }
Esempio n. 9
0
        protected override void OnInit(EventArgs e)
        {
            base.OnInit(e);

            Guid hpid = new Guid(this.Request ["hpid"]);
            Guid hid  = new Guid(this.Request ["hid"]);

            PersistentNMapHost host = this.CurrentProfile.CurrentResults.PersistentHosts
                                      .Where(h => h.ProfileHost.ID == hid)
                                      .Single();

            PersistentPort port = host.PersistentPorts
                                  .Where(p => p.ID == hpid)
                                  .SingleOrDefault();

            if (port == null)
            {
                return;
            }

            bool isNessus             = false;
            bool isNexpose            = false;
            bool isOpenVAS            = false;
            bool isMetasploit         = false;
            PersistentProfile profile = this.CurrentProfile;

            host = profile.CurrentResults.PersistentHosts.Where(h => h.ProfileHost.ID == hid && h.IsActive).SingleOrDefault();

            PersistentScan latestScan = this.CurrentScanSession.CreateCriteria <PersistentScan> ()
                                        .Add(Restrictions.Eq("ParentProfileID", profile.ID))
                                        .Add(Restrictions.Eq("HasRun", true))
                                        .List <PersistentScan> ()
                                        .LastOrDefault();

            PersistentNessusScan nssScan = this.CurrentScanSession.CreateCriteria <PersistentNessusScan> ()
                                           .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                           .List <PersistentNessusScan> ()
                                           .SingleOrDefault();

            if (nssScan != null)
            {
                isNessus = true;
            }

            PersistentOpenVASScan ovasScan = this.CurrentScanSession.CreateCriteria <PersistentOpenVASScan> ()
                                             .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                             .List <PersistentOpenVASScan> ()
                                             .SingleOrDefault();

            if (ovasScan != null)
            {
                isOpenVAS = true;
            }

            PersistentNexposeScan nxScan = this.CurrentScanSession.CreateCriteria <PersistentNexposeScan> ()
                                           .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                           .List <PersistentNexposeScan> ()
                                           .SingleOrDefault();

            if (nxScan != null)
            {
                isNexpose = true;
            }

            PersistentMetasploitScan msfScan = this.CurrentScanSession.CreateCriteria <PersistentMetasploitScan> ()
                                               .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                               .List <PersistentMetasploitScan> ()
                                               .SingleOrDefault();

            if (msfScan != null)
            {
                isMetasploit = true;
            }

            if (isOpenVAS)
            {
                lblOpenVASPortResults.Text = "<h2><u>OpenVAS Results</u></h2>";

                var results = ovasScan.PersistentResults.Where(r => r.Threat != "Log" && r.Host == host.IPAddressv4 && r.Port.Contains("(" + port.PortNumber + "/")).ToList();

                List <DataTableObject> objs = new List <DataTableObject> ();
                foreach (var result in results)
                {
                    DataTableObject obj = new DataTableObject();

                    obj.Name   = result.PersistentNVT.Name;
                    obj.Threat = result.Threat;

                    objs.Add(obj);
                }

                if (objs.Count() == 0)
                {
                    lblOpenVASPortResults.Text    = string.Empty;
                    lblOpenVASPortResults.Visible = false;
                    gvOpenVASPortResults.Visible  = false;
                }
                else
                {
                    gvOpenVASPortResults.DataSource = objs.Where(o => o.Threat != "Log").ToList();
                    gvOpenVASPortResults.DataBind();
                }
            }
            else
            {
                gvOpenVASPortResults.Visible = false;
            }

            if (isNessus)
            {
                lblNessusPortResults.Text = "<h2><u>Nessus Results</u></h2>";

                PersistentNessusReportHost nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).Single();

                var items = nssHost.PersistentReportItems.Where(i => i.Severity != "0" && i.Port == port.PortNumber.ToString());

                List <DataTableObject> objs = new List <DataTableObject> ();
                foreach (var item in items)
                {
                    DataTableObject obj = new DataTableObject();

                    obj.Name   = item.PluginName;
                    obj.Threat = item.Severity;

                    objs.Add(obj);
                }

                if (objs.Count() == 0)
                {
                    lblNessusPortResults.Text    = string.Empty;
                    lblNessusPortResults.Visible = false;
                    gvNessusPortResults.Visible  = false;
                }
                else
                {
                    gvNessusPortResults.DataSource = objs.OrderByDescending(o => o.Threat).ToList();
                    gvNessusPortResults.DataBind();
                }
            }
            else
            {
                gvNessusPortResults.Visible = false;
            }

            if (isNexpose)
            {
                lblNexposePortResults.Text = "<h2><u>Nexpose Results</u></h2>";

                List <DataTableObject> objs   = new List <DataTableObject> ();
                PersistentNexposeAsset nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).Single();

                if (nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Count() > 0)
                {
                    PersistentNexposeHostService service = nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Single();

                    var tests = service.PersistentTests.Where(s => s.Status == "vulnerable-exploited" || s.Status == "vulnerable-version");

                    foreach (var test in tests)
                    {
                        DataTableObject obj = new DataTableObject();

                        string n = (new Regex("<.*?>", RegexOptions.Compiled)).Replace((test as NexposeTest).NexposeParagraph, string.Empty).Replace("&lt;", "<").Replace("&gt;", ">");

                        if (objs.Where(o => o.Name == n).Count() > 0)
                        {
                            continue;
                        }

                        obj.Name   = n;
                        obj.Threat = test.IsPCICompliant ? "Pass" : "Fail";

                        objs.Add(obj);
                    }
                }

                if (objs.Count() == 0)
                {
                    lblNexposePortResults.Text    = string.Empty;
                    lblNexposePortResults.Visible = false;
                    gvNexposePortResults.Visible  = false;
                }
                else
                {
                    gvNexposePortResults.DataSource = objs.OrderByDescending(o => o.Name).ToList();
                    gvNexposePortResults.DataBind();
                }
            }
            else
            {
                gvNexposePortResults.Visible = false;
            }

            if (isMetasploit)
            {
                PersistentMetasploitHost msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).Single();

                var creds    = msfHost.PersistentCredentials.Where(c => c.Port == port.PortNumber);
                var sessions = msfHost.PersistentSessions.Where(s => s.Port == port.PortNumber.ToString());
            }
            else
            {
            }


            if (port.Service == "ssh")
            {
                PersistentSSLScanResults sslResults = this.CurrentScanSession.CreateCriteria <PersistentSSLScanResults> ()
                                                      .Add(Restrictions.Eq("HostPortID", hpid))
                                                      .List <PersistentSSLScanResults> ()
                                                      .FirstOrDefault();

                if (sslResults != null)
                {
                    //lblSSLScanHeader.Text = "<br /><br /><h3><u>SSL Scan Results</u></h3>";
                    //lblSSLScan.Text = sslResults.FullOutput.Replace ("\n", ",<br />");
                }
            }

            if (port.Service == "snmp")
            {
                PersistentOneSixtyOneResults snmpResults = this.CurrentScanSession.CreateCriteria <PersistentOneSixtyOneResults> ()
                                                           .Add(Restrictions.Eq("HostPortID", hpid))
                                                           .List <PersistentOneSixtyOneResults> ()
                                                           .FirstOrDefault();

                if (snmpResults != null)
                {
                    lblSNMPResultsHeader.Text = "<br /><br /><h3><u>SNMP Results</u></h3>";
                    lblSNMPResults.Text       = snmpResults.FullOutput.Replace("\n", ",<br />");
                }
            }
            else if (port.Service == "smb")
            {
                PersistentSMBClientResults smbResults = this.CurrentScanSession.CreateCriteria <PersistentSMBClientResults> ()
                                                        .Add(Restrictions.Eq("HostPortID", hpid))
                                                        .List <PersistentSMBClientResults> ()
                                                        .FirstOrDefault();
                if (smbResults != null)
                {
                    lblSMBScanHeader.Text = "<br /><br /><h3><u>SMB Results</u></h3>";
                    lblSMBScan.Text       = smbResults.FullOutput.Replace("\n", ",<br />");
                }
            }
            else if (port.Service == "http" || port.Service == "https")
            {
                if (port.Service == "https")
                {
                    PersistentSSLScanResults sslResults = this.CurrentScanSession.CreateCriteria <PersistentSSLScanResults> ()
                                                          .Add(Restrictions.Eq("HostPortID", hpid))
                                                          .List <PersistentSSLScanResults> ()
                                                          .FirstOrDefault();

                    if (sslResults != null)
                    {
                        //lblSSLScanHeader.Text = "<br /><br /><h3><u>SSL Scan Results</u></h3>";
                        //lblSSLScan.Text = sslResults.FullOutput.Replace ("\n", ",<br />");
                    }
                }
                PersistentWapitiResults wapitiResults = this.CurrentScanSession.CreateCriteria <PersistentWapitiResults> ()
                                                        .Add(Restrictions.Eq("HostPortID", hpid))
                                                        .List <PersistentWapitiResults> ()
                                                        .FirstOrDefault();

                IList <PersistentSQLMapResults> results = this.CurrentScanSession.CreateCriteria <PersistentSQLMapResults> ()
                                                          .Add(Restrictions.Eq("ParentHostPortID", hpid))
                                                          .List <PersistentSQLMapResults> ();

                List <PersistentSQLMapVulnerability> vulns = new List <PersistentSQLMapVulnerability> ();

                foreach (var result in results)
                {
                    vulns.AddRange(result.PersistentVulnerabilities.ToList());
                }


                if (wapitiResults != null && wapitiResults.Bugs != null)
                {
                    var sqlInjectionPoints = wapitiResults.Bugs.Where(b => b.Info.Contains("SQL Injection") && !b.Info.Contains("Blind")).ToList();
                    var wxss       = wapitiResults.Bugs.Where(b => b.Info.Contains("XSS")).ToList();
                    var wincludes  = wapitiResults.Bugs.Where(b => b.Info.Contains("include"));
                    var wexecution = wapitiResults.Bugs.Where(b => b.Info.Contains("execution"));


                    List <NotSQLWebVuln> xss       = new List <NotSQLWebVuln> ();
                    List <NotSQLWebVuln> includes  = new List <NotSQLWebVuln> ();
                    List <NotSQLWebVuln> execution = new List <NotSQLWebVuln> ();

                    foreach (var x in wxss)
                    {
                        NotSQLWebVuln v = new NotSQLWebVuln();

                        v.Method    = x.URL.Contains(x.Parameter) ? "GET" : "POST";
                        v.Parameter = x.Parameter;
                        v.URL       = x.URL;

                        xss.Add(v);
                    }

                    foreach (var x in wincludes)
                    {
                        NotSQLWebVuln i = new NotSQLWebVuln();

                        i.Method    = x.URL.Contains(x.Parameter) ? "GET" : "POST";
                        i.Parameter = x.Parameter;
                        i.URL       = x.URL;

                        includes.Add(i);
                    }

                    foreach (var x in wexecution)
                    {
                        NotSQLWebVuln ex = new NotSQLWebVuln();

                        ex.Method    = x.URL.Contains(x.Parameter) ? "GET" : "POST";
                        ex.Parameter = x.Parameter;
                        ex.URL       = x.URL;

                        execution.Add(ex);
                    }

                    lblXSS.Text      = "XSS Vulnerabilities";
                    gvXSS.DataSource = xss;
                    gvXSS.DataBind();

                    lblIncludes.Text      = "Remote and Local File Include Vulnerabilities";
                    gvIncludes.DataSource = includes;
                    gvIncludes.DataBind();

                    lblCommandExecution.Text      = "Remote Command Execution Vulnerabilities";
                    gvCommandExecution.DataSource = execution;
                    gvCommandExecution.DataBind();

                    if (sqlInjectionPoints.Count() > 0)
                    {
                        List <WebVuln> exploitedVulns = new List <WebVuln> ();
                        List <WebVuln> otherVulns     = new List <WebVuln> ();

                        foreach (var bug in sqlInjectionPoints)
                        {
                            WebVuln v = new WebVuln();

                            v.URL    = bug.URL;
                            v.Method = (bug.URL.Contains(bug.Parameter) ? "GET" : "POST");

                            var vul = vulns.Where(vuln => vuln.Target == bug.URL).FirstOrDefault();

                            v.IsExploitable = (vul != null) ? "Exploited with " + vul.PayloadType + " SQL injection." : string.Empty;

                            foreach (string parm in bug.Parameter.Split('&'))
                            {
                                if (parm.Contains("%BF%27%22%28"))
                                {
                                    v.Parameter = "<b>" + parm.Split('=') [0] + "</b>";
                                }
                                else if (parm.Contains("%27+or+sleep%287%29%23"))
                                {
                                    v.Parameter = parm.Split('=') [0];

                                    if (string.IsNullOrEmpty(v.IsExploitable))
                                    {
                                        v.IsExploitable = "Exploited with a blind SQL injection.";
                                    }
                                }
                            }

                            if (string.IsNullOrEmpty(v.IsExploitable))
                            {
                                otherVulns.Add(v);
                                continue;
                            }

                            exploitedVulns.Add(v);
                        }

                        lblPossibleSQLInjections.Text        = "Possible SQL Injection Vulnerabilities";
                        gvPossibleInjectionPoints.DataSource = otherVulns;
                        gvPossibleInjectionPoints.DataBind();

                        lblSQLInjections.Text      = "Exploitable SQL Injection Vulnerabilities";
                        gvSQLInjections.DataSource = exploitedVulns;
                        gvSQLInjections.DataBind();
                    }
                }

                PersistentNiktoResults niktoResults = this.CurrentScanSession.CreateCriteria <PersistentNiktoResults> ()
                                                      .Add(Restrictions.Eq("HostPortID", hpid))
                                                      .List <PersistentNiktoResults> ()
                                                      .FirstOrDefault();

                if (niktoResults != null)
                {
                    lblNiktoResultsHeader.Text = "<h3><u>General Information or Insecure Configurations</u></h3>";
                    lblNiktoResults.Text       = "<ul>";

                    foreach (var item in niktoResults.Items.Where(i => !string.IsNullOrEmpty(i.Data)))
                    {
                        lblNiktoResults.Text += "<li style=\"margin:5px;\">" + item.Data.Remove(0, 2) + "</li>";
                    }


                    lblNiktoResults.Text += "</ul>";
                }
            }

            if (string.IsNullOrEmpty(lblNiktoResults.Text) && !string.IsNullOrEmpty(port.DeepScan))
            {
                lblNiktoResultsHeader.Text = "<h2><u>Deep scan results</u></h2>";
                lblNiktoResults.Text       = port.DeepScan.Replace("\n", "<br />");
            }
        }
Esempio n. 10
0
        public override void ProcessRequest(HttpContext context)
        {
            Guid userID   = new Guid(context.Request["UserID"]);
            Guid clientID = new Guid(context.Request["ClientID"]);

            ISession s = this.CurrentSession;

            PersistentUser user = s.CreateCriteria <PersistentUser>()
                                  .Add(Restrictions.Eq("ID", userID))
                                  .Add(Restrictions.Eq("IsActive", true))
                                  .UniqueResult <PersistentUser>();

            if (user == null || !user.HasAPIAccess)
            {
                throw new Exception("no api access");
            }

            if (!user.Client.HasAPIAccess)
            {
                throw new Exception("no api access");
            }

            using (ITransaction trans = s.BeginTransaction())
            {
                PersistentProfile parentProfile = s.CreateCriteria <PersistentProfile>()
                                                  .Add(Restrictions.Eq("ID", new Guid(context.Request["ParentProfileID"])))
                                                  .Add(Restrictions.Eq("IsActive", true))
                                                  .UniqueResult <PersistentProfile>();

                PersistentScan scan = new PersistentScan();
                scan.SetCreationInfo(userID);

                scan.Name          = context.Request["Name"];
                scan.ParentProfile = parentProfile;

                scan.ScanOptions = new PersistentScanOptions();
                scan.ScanOptions.SetCreationInfo(userID);
                scan.ParentProfile.VirtualMachines = new List <PersistentVirtualMachine>();

                if (context.Request["ScanVirtualMachines"] != null)
                {
                    string[] machines = context.Request["ScanVirtualMachines"].Split(',');

                    foreach (string machine in machines)
                    {
                        if (string.IsNullOrEmpty(machine))
                        {
                            continue;
                        }

                        PersistentVirtualMachine m = new PersistentVirtualMachine();
                        m.SetCreationInfo(userID);
                        m.Guid          = Guid.Parse(machine);
                        m.ParentProfile = scan.ParentProfile;
                        scan.ParentProfile.VirtualMachines.Add(m);

                        s.Update(scan.ParentProfile);
                    }
                }

                scan.ScanOptions.ParentScan = scan;

                if (context.Request["ScanIsDSXS"] != null && context.Request["ScanIsDSXS"].ToLower() == "true")
                {
                    scan.ScanOptions.IsDSXS = true;
                }
                if (context.Request["ScanIsSQLMap"] != null && context.Request["ScanIsSQLMap"].ToLower() == "true")
                {
                    scan.ScanOptions.IsSQLMap            = true;
                    scan.ScanOptions.SQLMapOptions       = new PersistentSQLMapOptions();
                    scan.ScanOptions.SQLMapOptions.Level = 2;
                    scan.ScanOptions.SQLMapOptions.SetCreationInfo(Guid.Empty);

                    s.Save(scan.ScanOptions.SQLMapOptions);
                }
                if (context.Request["ScanIsOpenVAS"] != null && context.Request["ScanIsOpenVAS"].ToLower() == "true")
                {
                    scan.ScanOptions.IsOpenVASAssessment = true;
                }
                if (context.Request["ScanIsNessus"] != null && context.Request["ScanIsNessus"].ToLower() == "true")
                {
                    scan.ScanOptions.IsNessusAssessment = true;
                }
                if (context.Request["ScanIsNexpose"] != null && context.Request["ScanIsNexpose"].ToLower() == "true")
                {
                    scan.ScanOptions.IsNexposeAssessment = true;
                }
                if (context.Request["ScanIsMetasploit"] != null && context.Request["ScanIsMetasploit"].ToLower() == "true")
                {
                    scan.ScanOptions.IsMetasploitAssessment = true;
                    scan.ScanOptions.MetasploitDiscovers    = bool.Parse(context.Request["MetasploitDiscovers"]);
                    scan.ScanOptions.MetasploitBruteforces  = bool.Parse(context.Request["MetasploitBruteforces"]);
                }
                if (context.Request["ScanIsBasicBruteforce"] != null && context.Request["ScanIsBasicBruteforce"].ToLower() == "true")
                {
                    scan.ScanOptions.IsBruteForce = true;
                }

                try
                {
                    s.Save(scan);

                    trans.Commit();
                }
                catch (Exception ex)
                {
                    trans.Rollback();
                    throw ex;
                }

                context.Response.Write(scan.ToPersistentXml());
            }
        }
Esempio n. 11
0
        public override void ProcessRequest(HttpContext context)
        {
            ISession s = this.CurrentSession;

            using (ITransaction t = s.BeginTransaction())
            {
                Console.WriteLine("fdsa");
                Guid userID   = new Guid(context.Request["UserID"]);
                Guid clientID = new Guid(context.Request["ClientID"]);

                PersistentUser   user   = s.Get <PersistentUser>(userID);
                PersistentClient client = s.Get <PersistentClient>(clientID);

                if (user == null || !user.HasAPIAccess)
                {
                    throw new Exception("no api access");
                }

                if (client == null || !client.HasAPIAccess)
                {
                    throw new Exception("no api access");
                }

                PersistentProfile profile = new PersistentProfile();

                string webUserID = context.Request["WebUserID"];

                profile.WebUserID   = new Guid(context.Request["WebUserID"]);
                profile.Description = context.Request["ProfileDescription"];
                profile.Name        = context.Request["ProfileName"];
                profile.Range       = context.Request["ProfileDomain"];
                profile.Domain      = context.Request["ProfileDomain"];
                profile.RunEvery    = new TimeSpan(24 * (int.Parse(context.Request["ProfileSchedule"])), 0, 0);            //30 days
                profile.RunAfter    = DateTime.Now;
                profile.HasRun      = false;

                profile.SetCreationInfo(userID);

                s.Save(profile);

                foreach (string h in profile.Range.Split(','))
                {
                    PersistentProfileHost host = new PersistentProfileHost(new Guid(context.Request["WebUserID"]));
                    host.ParentProfile       = profile;
                    host.IPv4Address         = Dns.GetHostEntry(h).AddressList[0].ToString();
                    host.VerifiedByFile      = true;
                    host.VerifiedByWhois     = true;
                    host.VerifiedOn          = DateTime.Now;
                    host.WasManuallyVerified = false;
                    host.IsVerified          = true;

                    s.Save(host);
                }

                try
                {
                    t.Commit();
                }
                catch (Exception ex)
                {
                    t.Rollback();

                    throw ex;
                }

                string xml = profile.ToPersistentXml();

                context.Response.Write(xml);
            }
        }
Esempio n. 12
0
        protected override void OnInit(EventArgs e)
        {
            base.OnInit(e);

            bool isNessus              = false;
            bool isNexpose             = false;
            bool isOpenVAS             = false;
            bool isMetasploit          = false;
            Guid hid                   = new Guid(Request ["hid"]);
            PersistentProfile  profile = this.CurrentProfile;
            PersistentNMapHost host;

            host = profile.CurrentResults.PersistentHosts.Where(h => h.ProfileHost.ID == hid && h.IsActive).SingleOrDefault();

            PersistentScan latestScan = this.CurrentScanSession.CreateCriteria <PersistentScan>()
                                        .Add(Restrictions.Eq("ParentProfileID", profile.ID))
                                        .Add(Restrictions.Eq("HasRun", true))
                                        .List <PersistentScan>()
                                        .LastOrDefault();

            PersistentNessusScan nssScan = this.CurrentScanSession.CreateCriteria <PersistentNessusScan>()
                                           .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                           .List <PersistentNessusScan>()
                                           .SingleOrDefault();

            if (nssScan != null)
            {
                isNessus = true;
            }

            PersistentOpenVASScan ovasScan = this.CurrentScanSession.CreateCriteria <PersistentOpenVASScan>()
                                             .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                             .List <PersistentOpenVASScan>()
                                             .SingleOrDefault();

            if (ovasScan != null)
            {
                isOpenVAS = true;
            }

            PersistentNexposeScan nxScan = this.CurrentScanSession.CreateCriteria <PersistentNexposeScan>()
                                           .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                           .List <PersistentNexposeScan>()
                                           .SingleOrDefault();

            if (nxScan != null)
            {
                isNexpose = true;
            }

            PersistentMetasploitScan msfScan = this.CurrentScanSession.CreateCriteria <PersistentMetasploitScan>()
                                               .Add(Restrictions.Eq("ParentScanID", latestScan.ID))
                                               .List <PersistentMetasploitScan>()
                                               .SingleOrDefault();

            if (msfScan != null)
            {
                isMetasploit = true;
            }

            lblHostname.Text        = host.Hostname;
            lblDeviceType.Text      = host.DeviceType;
            lblIPv4.Text            = host.IPAddressv4;
            lblNetworkDistance.Text = host.NetworkDistance;
            lblOS.Text = host.OS;

            List <DataTableObject> objs = new List <DataTableObject>();

            foreach (PersistentPort port in host.PersistentPorts.Where(p => p.IsTCP))
            {
                DataTableObject obj = new DataTableObject();

                obj.PortID      = port.ID;
                obj.Port        = port.PortNumber;
                obj.ServiceName = port.Service;

                if (isMetasploit)
                {
                    PersistentMetasploitHost msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).Single();

                    obj.MetasploitCredentials = msfHost.PersistentCredentials.Where(c => c.Port == port.PortNumber).Count();
                    obj.MetasploitExploits    = msfHost.PersistentSessions.Where(s => s.Port == port.PortNumber.ToString()).Count();
                    obj.ScannedByMetasploit   = true;
                }
                else
                {
                    obj.ScannedByMetasploit = false;
                }

                if (isNessus)
                {
                    PersistentNessusReportHost nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).Single();

                    obj.NessusGrade     = nssHost.PersistentReportItems.Where(i => i.Severity != "0" && i.Port == port.PortNumber.ToString()).Count();
                    obj.ScannedByNessus = true;
                }
                else
                {
                    obj.ScannedByNessus = false;
                }

                if (isNexpose)
                {
                    PersistentNexposeAsset nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).Single();

                    if (nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Count() != 0)
                    {
                        PersistentNexposeHostService service = nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Single();

                        obj.NexposeGrade     = service.PersistentTests.Where(t => t.Status == "vulnerable-exploited" || t.Status == "vulnerable-version").Count();
                        obj.ScannedByNexpose = true;
                    }
                    else
                    {
                        obj.ScannedByNexpose = false;
                    }
                }
                else
                {
                    obj.ScannedByNexpose = false;
                }

                if (isOpenVAS)
                {
                    obj.ScannedByOpenVAS = true;
                    obj.OpenVASGrade     = ovasScan.PersistentResults.Where(r => r.Host == host.IPAddressv4 && r.Port.Contains("(" + port.PortNumber + "/")).Count();
                }
                else
                {
                    obj.ScannedByOpenVAS = false;
                }

                objs.Add(obj);
            }

            gvPorts.DataSource = objs.OrderBy(o => o.Port);
            gvPorts.DataBind();
        }