public override void ProcessRequest(HttpContext context)
        {
            ISession sess = this.CurrentSession;

            PersistentUser user = sess.Get<PersistentUser>(new Guid(context.Request["UserID"]));
            PersistentClient client = sess.Get<PersistentClient>(new Guid(context.Request["ClientID"]));

            if (user == null || !user.HasAPIAccess)
                throw new Exception("no api access");

            if (client == null || !client.HasAPIAccess)
                throw new Exception("no api access");

            string uuid = context.Request["ReportUUID"];
            string hostname = context.Request["Hostname"];
            int port = int.Parse(context.Request["PortNumber"]);
            string protocol = context.Request["Protocol"];

            if (string.IsNullOrEmpty(uuid))
                throw new Exception("no uuid");

            NessusManagerSession nessusSession = new NessusManagerSession (ConfigurationManager.AppSettings["nessusHost"]);

            bool loggedIn = false;
            nessusSession.Authenticate (ConfigurationManager.AppSettings["nessusUser"], ConfigurationManager.AppSettings["nessusPass"], 1234, out loggedIn);

            if (!loggedIn)
                throw new Exception ("Invalid username/password");

            NessusObjectManager nessusManager = new NessusObjectManager (nessusSession);

            XmlDocument doc = nessusManager.GetReportDetailsByPortAndHost(uuid, hostname, port, protocol);

            context.Response.Write(doc.OuterXml);
        }
Esempio n. 2
0
        public override void ProcessRequest(HttpContext context)
        {
            ISession sess = this.CurrentSession;

            PersistentUser user = sess.Get<PersistentUser>(new Guid(context.Request["UserID"]));
            PersistentClient client = sess.Get<PersistentClient>(new Guid(context.Request["ClientID"]));

            if (user == null || !user.HasAPIAccess)
                throw new Exception("no api access");

            if (client == null || !client.HasAPIAccess)
                throw new Exception("no api access");

            string readableName = context.Request["ReportReadableName"];

            if (string.IsNullOrEmpty(readableName))
                throw new Exception("no readable name");

            NessusManagerSession nessusSession = new NessusManagerSession ("192.168.56.101");

            bool loggedIn = false;
            nessusSession.Authenticate ("nessus", "nessus", 1234, out loggedIn);

            if (!loggedIn)
                throw new Exception ("Invalid username/password");

            NessusObjectManager nessusManager = new NessusObjectManager (nessusSession);

            NessusReport report = nessusManager.GetReports()
                .Where(r => r.ReadableName == readableName)
                .SingleOrDefault();

            context.Response.Write(report.ToBusinessXml());
        }
        public override void ProcessRequest(HttpContext context)
        {
            ISession sess = this.CurrentSession;

            PersistentUser user = sess.Get<PersistentUser>(new Guid(context.Request["UserID"]));
            PersistentClient client = sess.Get<PersistentClient>(new Guid(context.Request["ClientID"]));

            if (user == null || !user.HasAPIAccess)
                throw new Exception("no api access");

            if (client == null || !client.HasAPIAccess)
                throw new Exception("no api access");

            string uuid = context.Request["ReportUUID"];

            if (string.IsNullOrEmpty(uuid))
                throw new Exception("no uuid");

            NessusManagerSession nessusSession = new NessusManagerSession (ConfigurationManager.AppSettings["nessusHost"]);

            bool loggedIn = false;
            nessusSession.Authenticate (ConfigurationManager.AppSettings["nessusUser"], ConfigurationManager.AppSettings["nessusPass"], 1234, out loggedIn);

            if (!loggedIn)
                throw new Exception ("Invalid username/password");

            NessusObjectManager nessusManager = new NessusObjectManager (nessusSession);

            var hosts = nessusManager.GetReportHosts(uuid);

            context.Response.Write(hosts.OuterXml);
        }
        public override void ProcessRequest(HttpContext context)
        {
            Guid userID = new Guid(context.Request["UserID"]);
            Guid clientID = new Guid(context.Request["ClientID"]);

            ISession s = this.CurrentSession;

            PersistentUser user = s.CreateCriteria<PersistentUser>()
                .Add(Restrictions.Eq("ID", userID))
                .Add(Restrictions.Eq("IsActive", true))
                .UniqueResult<PersistentUser>();

            if (user == null || !user.HasAPIAccess)
                throw new Exception("no api access");

            if (!user.Client.HasAPIAccess)
                throw new Exception("no api access");

            using (NessusManagerSession session = new NessusManagerSession("https", "" + ConfigurationManager.AppSettings["nessusHost"] + "", 8834))
            {
                bool loggedIn = false;
                session.Authenticate("nessus", "nessus", 1234, out loggedIn);

                if (!loggedIn)
                    throw new Exception("Not authed to nessus");

                NessusObjectManager manager = new NessusObjectManager(session);

                var policies = manager.GetPolicies();

                string xml = "<nessusPolicies>";

                foreach (NessusPolicy policy in policies)
                    xml = xml + policy.ToBusinessXml();

                xml = xml + "</nessusPolicies>";

                context.Response.Write(xml);

            }
        }
Esempio n. 5
0
 public NessusObjectManager(NessusManagerSession session)
     : base(session)
 {
     if (!session.IsAuthenticated)
         throw new Exception("This session hasn't been authenticated.");
 }
Esempio n. 6
0
        public virtual void Run(out NessusScan nessusScan, out NexposeScan nexposeScan, out OpenVASScan openvasScan, out MetasploitScan metasploitScan, out Dictionary<NMapHost, IList<IToolResults>> toolResults)
        {
            if (this.Configuration == null)
                throw new Exception ("Configuration not set");

            DateTime start = DateTime.Now;
            metasploitScan = null;
            nessusScan = null;
            nexposeScan = null;
            openvasScan = null;

            string openvasTaskID = string.Empty;
            string nessusScanID = string.Empty;
            string nexposeScanID = string.Empty;

            int uniqueNo = new Random ().Next ();

            IList<NMapHost > hosts = this.ParentProfile.CurrentResults.Hosts;

            if (hosts.Count() == 0)
            {
                Console.WriteLine("ERROR: no hosts in the profile. Aborting.");
                toolResults = null;
                return;
            }

            csv = string.Empty;

            foreach (NMapHost host in hosts)
                csv = csv + host.IPAddressv4 + ", "; //trailing , is OK in this case

            string openvasReportID = string.Empty;
            if (this.ScanOptions.IsOpenVASAssessment) {
                Console.WriteLine ("Creating OpenVAS Scan...");

                OpenVASTarget target = new OpenVASTarget ();
                target.Hosts = csv;
                target.Name = this.ParentProfile.Name + uniqueNo.ToString ();
                target.SMBCredentials = new OpenVASLSCCredential ();
                target.SSHCredentials = new OpenVASLSCCredential ();

                using (OpenVASManagerSession ovasSession = new OpenVASManagerSession(this.Configuration ["openvasUser"], this.Configuration ["openvasPass"], this.Configuration ["openvasHost"])) {

                    using (OpenVASObjectManager openvasManager = new OpenVASObjectManager(ovasSession)) {

                        target = openvasManager.CreateTarget (target);

                        OpenVASConfig config = openvasManager.GetAllConfigs ()
                            .Where (c => c.RemoteConfigID == new Guid (this.Configuration["openvasConfig"]))
                            .SingleOrDefault ();

                        OpenVASTask task = new OpenVASTask ();

                        task.Comment = string.Format ("Task for scan {0}", this.Name);
                        task.Target = target;
                        task.Config = config;

                        task = openvasManager.CreateTask (task);

                        XmlDocument taskResponse = openvasManager.StartTask (task.RemoteTaskID.ToString ());

                        if (!taskResponse.FirstChild.Attributes ["status"].Value.StartsWith ("20"))
                            throw new Exception ("Creating OpenVAS scan failed: " +
                                taskResponse.FirstChild.Attributes ["status_text"].Value);

                        openvasReportID = taskResponse.FirstChild.FirstChild.InnerText;
                        openvasTaskID = task.RemoteTaskID.ToString ();
                    }

                    Console.WriteLine ("Done creating and starting OpenVAS scan.");
                }
            }

            if (this.ScanOptions.IsNessusAssessment) {
                Console.WriteLine ("Creating Nessus scan...");
                using (NessusManagerSession nessusSession = new NessusManagerSession (this.Configuration["nessusHost"])) {

                    bool loggedIn = false;
                    nessusSession.Authenticate (this.Configuration ["nessusUser"], this.Configuration ["nessusPass"], 1234, out loggedIn);

                    if (!loggedIn)
                        throw new Exception ("Invalid username/password");

                    using (NessusObjectManager nessusManager = new NessusObjectManager (nessusSession)) {

                    var tmp = nessusManager.CreateAndStartScan (csv, -2, this.Name + uniqueNo.ToString ());

                        string scanName = tmp.Name;
                        nessusScanID = scanName;

                        string reportID = string.Empty;
                        foreach (XmlNode node in nessusManager.ListReports().LastChild.ChildNodes) {
                            if (node.Name == "contents") {
                                string tmpReportID = string.Empty;
                                foreach (XmlNode child in node.FirstChild.ChildNodes) {
                                    foreach (XmlNode c in child.ChildNodes) {
                                        if (c.Name == "name")
                                            tmpReportID = c.InnerText;
                                        else if (c.Name == "readableName" && c.InnerText == scanName)
                                            reportID = tmpReportID;

                                    }
                                }
                                tmpReportID = string.Empty;
                            }
                        }

                    }
                    Console.WriteLine ("Done creating and starting Nessus scan.");
                }
            }
            if (this.ScanOptions.IsNexposeAssessment) {
                Console.WriteLine ("Creating NeXpose scan...");
                int siteID = 0;
                if (this.ScanOptions.RemoteNexposeSiteID <= 0) {
                    XmlDocument d = null;
                    string id = "-1";
                    string template = "full-audit";
                    string name = this.Name + uniqueNo.ToString ();
                    string description = "A site for the the profile " + this.ParentProfile.Name;

                    string siteXml = "<Site id=\"" + id + "\" name=\"" + name + "\" description=\"" + description + "\">";

                    siteXml = siteXml + "<Hosts>";

                    foreach (string host in csv.Split(','))
                        siteXml = siteXml + "<host>" + host + "</host>";

                    siteXml = siteXml + "</Hosts>" +
                                        "<Credentials></Credentials>" +
                                        "<Alerting></Alerting>" +
                                        "<ScanConfig configID=\"" + id + "\" name=\"" + name + "\" templateID=\"" + template + "\"></ScanConfig>" +
                                        "</Site>";

                    XmlDocument doc = new XmlDocument ();
                    doc.LoadXml (siteXml);

                    using (NexposeSession session = new NexposeSession(this.Configuration["nexposeHost"])) {
                        session.Authenticate (this.Configuration ["nexposeUser"], this.Configuration ["nexposePass"]);

                        using (NexposeManager11 manager = new NexposeManager11(session)) {
                            XmlDocument response = manager.SaveOrUpdateSite (doc.FirstChild);

                            d = response;
                        }
                    }

                    siteID = int.Parse (d.FirstChild.Attributes ["site-id"].Value);

                    this.ScanOptions.RemoteNexposeSiteID = siteID;
                } else {
                    siteID = this.ScanOptions.RemoteNexposeSiteID;
                }

                using (NexposeSession session = new NexposeSession(this.Configuration["nexposeHost"])) {
                    session.Authenticate (this.Configuration ["nexposeUser"], this.Configuration ["nexposePass"]);

                    using (NexposeManager11 manager = new NexposeManager11(session)) {
                        XmlDocument response = manager.ScanSite (siteID.ToString ());

                        nexposeScanID = response.FirstChild.FirstChild.Attributes ["scan-id"].Value;
                    }
                }

                Console.WriteLine ("Done creating and starting NeXpose scan.");
            }

            Dictionary<NMapHost, IList<IToolResults >> results = new Dictionary<NMapHost, IList<IToolResults>> ();
            services = new List<string> ();

            foreach (var host in hosts) {

                foreach (Port port in (host as NMapHost).Ports)
                    services.Add (port.Service);

                NMapHost threadHost = host as NMapHost;

                Console.WriteLine ("Starting scan for host: " + threadHost.Hostname + "(" + threadHost.IPAddressv4 + ")");

                results.Add (threadHost, ScanHost (threadHost, this.ScanOptions.SQLMapOptions, this.Configuration));

            }

            toolResults = results;
            bool done = false;

            if (this.ScanOptions.IsNessusAssessment || this.ScanOptions.IsNexposeAssessment || this.ScanOptions.IsOpenVASAssessment) {
                while (!done) {
                    if (!string.IsNullOrEmpty (openvasTaskID) && this.OpenVASScanIsRunning (openvasTaskID)) {
                        Console.WriteLine ("Waiting on OpenVAS scan " + openvasTaskID);
                        Thread.Sleep (new TimeSpan (0, 0, 60));
                        continue;
                    }

                    if (!string.IsNullOrEmpty (nessusScanID) && this.NessusScanIsRunning (nessusScanID)) {
                        Console.WriteLine ("Waiting on Nessus scan " + nessusScanID);
                        Thread.Sleep (new TimeSpan (0, 0, 60));
                        continue;
                    }

                    if (!string.IsNullOrEmpty (nexposeScanID) && this.NexposeScanIsRunning (nexposeScanID)) {
                        Console.WriteLine ("Waiting on NeXpose scan " + nexposeScanID);
                        Thread.Sleep (new TimeSpan (0, 0, 60));
                        continue;
                    }

                    done = true;
                }

                Dictionary<VulnerabilityScanType, string> scans = new Dictionary<VulnerabilityScanType, string> ();

                if (!string.IsNullOrEmpty (openvasReportID))
                    scans.Add (VulnerabilityScanType.OpenVAS, openvasReportID);

                if (!string.IsNullOrEmpty (nexposeScanID))
                    scans.Add (VulnerabilityScanType.Nexpose, this.ScanOptions.RemoteNexposeSiteID.ToString ());

                if (!string.IsNullOrEmpty (nessusScanID))
                    scans.Add (VulnerabilityScanType.Nessus, nessusScanID);

                Dictionary<VulnerabilityScanType, XmlNode> reports = this.GetReports (scans);
                foreach (var report in reports) {
                    if (report.Key == VulnerabilityScanType.Nessus)
                        nessusScan = new NessusScan(report.Value);
                    else if (report.Key == VulnerabilityScanType.Nexpose)
                        nexposeScan = new NexposeScan(report.Value);
                    else if (report.Key == VulnerabilityScanType.OpenVAS)
                        openvasScan = new OpenVASScan(report.Value);
                    else
                        throw new Exception ("Don't know this scan type");
                }

                if (this.ScanOptions.IsMetasploitAssessment) {
                    string workspace = Guid.NewGuid ().ToString ();
                    this.CreateNewMetasploitWorkspace (workspace);
                    this.ImportScansIntoMetasploitPro (reports, workspace);

                    string proTaskID = this.BeginMetasploitProAssessment (workspace, csv, false);

                    while (this.MetasploitProAssessmentIsRunning(proTaskID)) {
                        Console.WriteLine ("Waiting on exploit assessment from metasploit: task " + proTaskID);
                        System.Threading.Thread.Sleep (new TimeSpan (0, 0, 30));
                    }

                    metasploitScan = new MetasploitScan(this.GetMetasploitProReport (workspace));
                }
            }

            TimeSpan duration = DateTime.Now - start;

            this.Duration = duration.TotalSeconds.ToString ();

            this.HasRun = true;
        }
Esempio n. 7
0
        private bool NessusScanIsRunning(string nessusScanID)
        {
            using (NessusManagerSession nessusSession = new NessusManagerSession (this.Configuration["nessusHost"])) {
                bool loggedIn = false;
                nessusSession.Authenticate (this.Configuration ["nessusUser"], this.Configuration ["nessusPass"], 1234, out loggedIn);

                if (!loggedIn)
                    throw new Exception ("Invalid username/password");

                using (NessusObjectManager nessusManager = new NessusObjectManager (nessusSession)) {
                    var report = nessusManager.GetReports ()
                                .Where (r => r.ReadableName == nessusScanID)
                                .SingleOrDefault ();

                    if (report.Status == "completed")
                        return false;

                    return true;
                }
            }
        }
Esempio n. 8
0
        private XmlNode GetNessusReport(string id)
        {
            string report = string.Empty;
            using (NessusManagerSession session = new NessusManagerSession(this.Configuration["nessusHost"])) {
                bool loggedIn = false;
                session.Authenticate (this.Configuration ["nessusUser"], this.Configuration ["nessusPass"], 1234, out loggedIn);

                if (!loggedIn)
                    throw new Exception ("Bad username/password combo");

                using (NessusManager manager = new NessusManager(session)) {

                    XmlDocument reportList = manager.ListReports ();
                    string reportID = string.Empty;
                    foreach (XmlNode node in reportList.LastChild.ChildNodes) {
                        if (node.Name == "contents") {
                            string tmpReportID = string.Empty;
                            foreach (XmlNode child in node.FirstChild.ChildNodes) {
                                foreach (XmlNode c in child.ChildNodes) {
                                    if (c.Name == "name")
                                        tmpReportID = c.InnerText;
                                    else if (c.Name == "readableName" && c.InnerText == id)
                                        reportID = tmpReportID;

                                }
                            }
                            tmpReportID = string.Empty;
                        }
                    }
                    report = manager.GetNessusV2Report (reportID).OuterXml;
                }
            }

            XmlDocument doc = new XmlDocument();
            doc.LoadXml(report);
            return doc.LastChild;
        }
Esempio n. 9
0
 /// <summary>
 /// Initializes a new instance of the <see cref="AutoAssess.Data.Nessus.NessusManager"/> class.
 /// </summary>
 /// <param name='sess'>
 /// NessesManagerSession configured to connect to the nessus host.
 /// </param>
 public NessusManager(NessusManagerSession sess)
 {
     _session = sess;
 }