public List <ScannableAsset> DiscoverHost(string target, HostStatus hostStatus, int jobid) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", "Entering DiscoverHost"); Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Target is '{0}'", target)); string outputXml = string.Empty; Assembly a; a = Assembly.GetCallingAssembly(); string program; program = Path.GetDirectoryName(a.Location) + @"\Nmap\nmap.exe"; //Hardcoded Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Using nmap at '{0}'", program)); string nmapfile; nmapfile = string.Format("nmap{0}_{1}", DateTime.Now.Ticks, this.GetHashCode()); Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Command line is [nmap {0}]", "--no-stylesheet -O -A -sC -P0 -oX " + nmapfile + ".xml " + target)); Process process; process = new Process(); process.StartInfo.UseShellExecute = true; try { process.StartInfo.FileName = program; //process.StartInfo.WorkingDirectory = Path.GetDirectoryName(a.Location) + @"\Nmap\"; process.StartInfo.Arguments = " --no-stylesheet -O -A -sC -P0 -oX " + nmapfile + ".xml " + target; //Hardcoded process.StartInfo.UseShellExecute = false; process.StartInfo.RedirectStandardOutput = true; process.StartInfo.RedirectStandardError = false; process.StartInfo.CreateNoWindow = true; // process.EnableRaisingEvents = true; // process.Exited += new EventHandler(Process_Exited); process.Start(); // Process.Start(vProgram,vIAnnotationLocal.Folder + vIAnnotationLocal.EntryPoint); } catch (Win32Exception vException) { if (vException.NativeErrorCode == ERROR_FILE_NOT_FOUND) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("ERROR_FILE_NOT_FOUND : Exception = {0}", vException.Message)); //return null; } else if (vException.NativeErrorCode == ERROR_ACCESS_DENIED) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("ERROR_ACCESS_DENIED : Exception = {0}", vException.Message)); //return null; } } Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Nmap is running")); XmlDocument doc; try { Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Waiting for Nmap to finish")); process.WaitForExit(600000); //HARDCODED 1 hour } catch (Exception vException) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Exception = {0}", vException.Message)); //return null; } Utils.Helper_Trace("XORCISM PROVIDER NMAP", "Nmap has finished"); StreamReader SR = process.StandardOutput; string strOutput = SR.ReadToEnd(); Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Output: " + strOutput)); if (strOutput.Contains("0 hosts up")) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", "0 hosts up"); process.Close(); //return null; } if (strOutput.Contains("Windows does not support scanning your own machine")) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", "Windows does not support scanning your own machine"); process.Close(); //return null; } doc = new XmlDocument(); string m_data = string.Empty; try { //TODO: Input Validation (XML) //doc.Load(process.StandardOutput); doc.Load(nmapfile + ".xml"); m_data = doc.InnerXml; } catch (Exception vException) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Exception Load = {0}", vException.Message)); process.Close(); //return null; } process.Close(); //doc.Save("C:\\NmapResults.xml"); //Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("XML results have been saved to 'C:\\NmapResults.xml'")); List <ScannableAsset> tabNmapAsset; tabNmapAsset = new List <ScannableAsset>(); try { string xpath = string.Empty; if (hostStatus == HostStatus.Both) { //xpath = string.Format("/nmaprun/host/status[@state='up']"); xpath = "/nmaprun/host/status"; //Hardcoded } else if (hostStatus == HostStatus.Alive) { xpath = "/nmaprun/host/status[@state='up']"; } else { xpath = "/nmaprun/host/status[@state='down']"; } XmlNodeList nodes; nodes = doc.SelectNodes(xpath); foreach (XmlNode node in nodes) { ScannableAsset nmapAsset; nmapAsset = new ScannableAsset(); XmlNode nodeHost; nodeHost = node.ParentNode; // ==================== // Handle the addresses // ==================== Utils.Helper_Trace("XORCISM PROVIDER NMAP", "Handles the addresses"); XmlNodeList addressNodes; addressNodes = nodeHost.SelectNodes("address"); //Hardcoded foreach (XmlNode addressNode in addressNodes) { string addr = addressNode.Attributes["addr"].InnerText; ScannableAddress.ADDRESSTYPE addrtype = (ScannableAddress.ADDRESSTYPE)Enum.Parse(typeof(ScannableAddress.ADDRESSTYPE), addressNode.Attributes["addrtype"].InnerText); nmapAsset.Addresses.Add(new ScannableAddress() { Address = addr, AddressType = addrtype }); } //=== // Scripts //=== Utils.Helper_Trace("XORCISM PROVIDER NMAP", "Handles the scripts"); XmlNodeList ScriptsNodes; ScriptsNodes = nodeHost.SelectNodes("hostscript/script"); //Hardcoded string strTemp = string.Empty; string sambaversion = string.Empty; string sambaosversion = string.Empty; string macaddress = string.Empty; Regex myRegex = new Regex(""); foreach (XmlNode scriptNode in ScriptsNodes) { switch (scriptNode.Attributes["id"].InnerText) { case "nbstat": //<script id="nbstat" output="NetBIOS name: xmachine, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>"/> //<script id="nbstat" output="NetBIOS name: XORCISM-LXTE4KS, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:23:13:b9 (VMware)
"/> myRegex = new Regex("NetBIOS MAC: [^<>]*"); strTemp = myRegex.Match(scriptNode.Attributes["output"].InnerText).ToString(); if (strTemp != "") { if (strTemp.Contains("unknown")) { } else { strTemp = strTemp.Replace("NetBIOS MAC: ", ""); strTemp = strTemp.Replace("
", ""); //Console.WriteLine("strTemp=" + strTemp); macaddress = strTemp; Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("macaddress = {0}", macaddress)); } } break; case "smbv2-enabled": //<script id="smbv2-enabled" output="Server doesn't support SMBv2 protocol"/> //<script id="smbv2-enabled" output="Server doesn't support SMBv2 protocol"/> break; case "smb-os-discovery": //<script id="smb-os-discovery" output="
 OS: Unix (Samba 3.4.7)
 Name: Unknown\Unknown
 System time: 2011-04-14 15:14:49 UTC+2
"/> //<script id="smb-os-discovery" output=" 
 OS: Windows Server 2003 R2 3790 Service Pack 1 (Windows Server 2003 R2 5.2)
 Name: WORKGROUP\XORCISM-LXTE4KS
 System time: 2011-04-15 09:41:57 UTC+0
"/> myRegex = new Regex(Regex.Escape("(") + "Samba [^<>]*" + Regex.Escape(")")); strTemp = myRegex.Match(scriptNode.Attributes["output"].InnerText).ToString(); if (strTemp != "") { strTemp = strTemp.Replace("(", ""); strTemp = strTemp.Replace(")", ""); //Console.WriteLine("strTemp=" + strTemp); sambaversion = strTemp; } myRegex = new Regex("OS: Windows [^<>]*" + Regex.Escape(")")); strTemp = myRegex.Match(scriptNode.Attributes["output"].InnerText).ToString(); if (strTemp != "") { strTemp = strTemp.Replace("OS: ", ""); //Console.WriteLine("strTemp=" + strTemp); sambaosversion = strTemp; } break; default: break; } } // ================ // Handles the ports // ================ Utils.Helper_Trace("XORCISM PROVIDER NMAP", "Handle the ports"); XmlNodeList portNodes; portNodes = nodeHost.SelectNodes("ports/port"); //Hardcoded foreach (XmlNode portNode in portNodes) { XProviderCommon.PROTOCOL protocol = (XProviderCommon.PROTOCOL)Enum.Parse(typeof(XProviderCommon.PROTOCOL), portNode.Attributes["protocol"].InnerText); int portid = Convert.ToInt32(portNode.Attributes["portid"].InnerText); string service = ""; XmlNode node1; node1 = portNode.SelectSingleNode("service/@name"); if (node1 != null) { service = node1.InnerText.ToUpper(); } string version = ""; node1 = portNode.SelectSingleNode("service/@product"); if (node1 != null) { version = node1.InnerText; } node1 = portNode.SelectSingleNode("service/@version"); if (node1 != null) { version = version + " " + node1.InnerText; } version = version.Trim(); //Check if we retrieved the exact version of the service with the scripts if (sambaversion != "" && version.Contains("Samba") && version.Contains(".X")) { version = sambaversion; } ScannablePort nmapPort; try { nmapPort = new ScannablePort() { Protocol = protocol, Port = portid, Service = service, Version = version }; nmapAsset.Ports.Add(nmapPort); } catch (Exception ex) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", "Exception ScannablePort = " + ex.Message + " " + ex.InnerException); //return null; } } //==== // OS //==== Utils.Helper_Trace("XORCISM PROVIDER NMAP", "Looking at OSname"); XmlNodeList OsNodes; OsNodes = nodeHost.SelectNodes("os/osmatch"); //Hardcoded XmlNode nodeOs = OsNodes[0]; if (nodeOs != null) { string name = nodeOs.Attributes["name"].InnerText; int accuracy = Convert.ToInt32(nodeOs.Attributes["accuracy"].InnerText); nmapAsset.OS.OSName = name; if (sambaosversion != "") { nmapAsset.OS.OSName = sambaosversion; } nmapAsset.OS.Accuracy = accuracy; nmapAsset.OS.Description = ""; } tabNmapAsset.Add(nmapAsset); } } catch (Exception ex) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", "Exception while parsing XML results = " + ex.Message + " " + ex.InnerException); //return null; } Utils.Helper_Trace("XORCISM PROVIDER NMAP", "Number of assets found = " + tabNmapAsset.Count); try { Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Updating job {0} status to FINISHED", jobid)); string status = XCommon.STATUS.FINISHED.ToString(); XORCISMEntities model = new XORCISMEntities(); var Q = from j in model.JOB where j.JobID == jobid select j; JOB myJob = Q.FirstOrDefault(); myJob.Status = status; myJob.DateEnd = DateTimeOffset.Now; //image System.Text.UTF8Encoding encoding = new System.Text.UTF8Encoding(); myJob.XmlResult = encoding.GetBytes(m_data); model.SaveChanges(); } catch (Exception ex) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", "Exception = " + ex.Message); return(null); } Utils.Helper_Trace("XORCISM PROVIDER NMAP", "Leaving DiscoverHost"); return(tabNmapAsset); }
public void GetServicesVersionForSession(string target, int sessionid) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", "Entering GetServicesVersionForSession"); Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Target is '{0}'. Session is {1}", target, sessionid)); string outputXml = string.Empty; Assembly a; a = Assembly.GetCallingAssembly(); string program; program = Path.GetDirectoryName(a.Location) + @"\Nmap\nmap.exe"; //Hardcoded Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Using nmap at '{0}'", program)); string nmapfile; nmapfile = string.Format("nmap{0}_{1}", DateTime.Now.Ticks, this.GetHashCode()); //Some filters target = target.Replace("&", ""); target = target.Replace("|", ""); Regex check = new Regex("^[a-zA-Z0-9.-/]+$"); if (!check.IsMatch(target)) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", "ERROR BAD CHARACTERS/FORMAT for target"); return; } Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Command line is [nmap {0}]", "--no-stylesheet -O -A -sC -P0 -oX " + nmapfile + ".xml " + target)); //Hardcoded Process process; process = new Process(); process.StartInfo.UseShellExecute = true; try { process.StartInfo.FileName = program; process.StartInfo.Arguments = " --no-stylesheet -O -A -sC -P0 -oX " + nmapfile + ".xml " + target; //Hardcoded process.StartInfo.UseShellExecute = false; process.StartInfo.RedirectStandardOutput = true; process.StartInfo.RedirectStandardError = false; process.StartInfo.CreateNoWindow = true; // process.EnableRaisingEvents = true; // process.Exited += new EventHandler(Process_Exited); process.Start(); // Process.Start(vProgram,vIAnnotationLocal.Folder + vIAnnotationLocal.EntryPoint); } catch (Win32Exception vException) { if (vException.NativeErrorCode == ERROR_FILE_NOT_FOUND) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("ERROR_FILE_NOT_FOUND : Exception = {0}", vException.Message)); //return null; } else if (vException.NativeErrorCode == ERROR_ACCESS_DENIED) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("ERROR_ACCESS_DENIED : Exception = {0}", vException.Message)); //return null; } } Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Nmap is running")); XmlDocument doc; try { Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Waiting for Nmap to finish")); process.WaitForExit(600000); //1 hour } catch (Exception vException) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Exception = {0}", vException.Message)); //return null; } Utils.Helper_Trace("XORCISM PROVIDER NMAP", "Nmap has finished"); StreamReader SR = process.StandardOutput; string strOutput = SR.ReadToEnd(); Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Output: " + strOutput)); if (strOutput.Contains("0 hosts up")) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", "0 hosts up"); //return null; } if (strOutput.Contains("Windows does not support scanning your own machine")) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", "Windows does not support scanning your own machine"); //return null; } doc = new XmlDocument(); string m_data = string.Empty; try { //TODO: Input (XML) Validation //doc.Load(process.StandardOutput); doc.Load(nmapfile + ".xml"); m_data = doc.InnerXml; } catch (Exception vException) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Exception Load = {0}", vException.Message)); process.Close(); //return null; } process.Close(); try { string xpath = string.Empty; //if (hostStatus == HostStatus.Both) // //xpath = string.Format("/nmaprun/host/status[@state='up']"); xpath = "/nmaprun/host/status"; //Hardcoded //else if (hostStatus == HostStatus.Alive) // xpath = "/nmaprun/host/status[@state='up']"; //else // xpath = "/nmaprun/host/status[@state='down']"; XmlNodeList nodes; nodes = doc.SelectNodes(xpath); foreach (XmlNode node in nodes) { // ScannableAsset nmapAsset; // nmapAsset = new ScannableAsset(); XmlNode nodeHost; nodeHost = node.ParentNode; // ==================== // Handle the addresses // ==================== XmlNodeList addressNodes; addressNodes = nodeHost.SelectNodes("address"); //Hardcoded foreach (XmlNode addressNode in addressNodes) { string addr = addressNode.Attributes["addr"].InnerText; //Hardcoded // ScannableAddress.ADDRESSTYPE addrtype = (ScannableAddress.ADDRESSTYPE)Enum.Parse(typeof(ScannableAddress.ADDRESSTYPE), addressNode.Attributes["addrtype"].InnerText); // nmapAsset.Addresses.Add(new ScannableAddress() { Address = addr, AddressType = addrtype }); } //=== // Scripts //=== XmlNodeList ScriptsNodes; ScriptsNodes = nodeHost.SelectNodes("hostscript/script"); //Hardcoded string strTemp = string.Empty; string sambaversion = string.Empty; string sambaosversion = string.Empty; string macaddress = string.Empty; Regex myRegex = new Regex(""); foreach (XmlNode scriptNode in ScriptsNodes) { switch (scriptNode.Attributes["id"].InnerText) //Hardcoded { case "nbstat": //<script id="nbstat" output="NetBIOS name: xmachine, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>"/> //<script id="nbstat" output="NetBIOS name: XORCISM-LXTE4KS, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:23:14:b9 (VMware)
"/> myRegex = new Regex("NetBIOS MAC: [^<>]*"); //Hardcoded strTemp = myRegex.Match(scriptNode.Attributes["output"].InnerText).ToString(); if (strTemp != "") { if (strTemp.Contains("unknown")) { } else { strTemp = strTemp.Replace("NetBIOS MAC: ", ""); strTemp = strTemp.Replace("
", ""); //Console.WriteLine("strTemp=" + strTemp); macaddress = strTemp; Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("macaddress = {0}", macaddress)); } } break; case "smbv2-enabled": //<script id="smbv2-enabled" output="Server doesn't support SMBv2 protocol"/> //<script id="smbv2-enabled" output="Server doesn't support SMBv2 protocol"/> break; case "smb-os-discovery": //<script id="smb-os-discovery" output="
 OS: Unix (Samba 3.4.7)
 Name: Unknown\Unknown
 System time: 2011-04-14 15:14:49 UTC+2
"/> //<script id="smb-os-discovery" output=" 
 OS: Windows Server 2003 R2 3790 Service Pack 1 (Windows Server 2003 R2 5.2)
 Name: WORKGROUP\XORCISM-LXTE4KS
 System time: 2011-04-15 09:41:57 UTC+0
"/> myRegex = new Regex(Regex.Escape("(") + "Samba [^<>]*" + Regex.Escape(")")); //Hardcoded strTemp = myRegex.Match(scriptNode.Attributes["output"].InnerText).ToString(); if (strTemp != "") { strTemp = strTemp.Replace("(", ""); strTemp = strTemp.Replace(")", ""); //Console.WriteLine("strTemp=" + strTemp); sambaversion = strTemp; } myRegex = new Regex("OS: Windows [^<>]*" + Regex.Escape(")")); //Hardcoded strTemp = myRegex.Match(scriptNode.Attributes["output"].InnerText).ToString(); if (strTemp != "") { strTemp = strTemp.Replace("OS: ", ""); //Console.WriteLine("strTemp=" + strTemp); sambaosversion = strTemp; } break; default: break; } } // ================ // Handle the ports // ================ Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Handle the ports")); XmlNodeList portNodes; portNodes = nodeHost.SelectNodes("ports/port"); //Hardcoded foreach (XmlNode portNode in portNodes) { XProviderCommon.PROTOCOL protocol = (XProviderCommon.PROTOCOL)Enum.Parse(typeof(XProviderCommon.PROTOCOL), portNode.Attributes["protocol"].InnerText); int portid = Convert.ToInt32(portNode.Attributes["portid"].InnerText); string service = ""; XmlNode node1; node1 = portNode.SelectSingleNode("service/@name"); if (node1 != null) { service = node1.InnerText.ToUpper(); } string version = ""; node1 = portNode.SelectSingleNode("service/@product"); if (node1 != null) { version = node1.InnerText; } node1 = portNode.SelectSingleNode("service/@version"); if (node1 != null) { version = version + " " + node1.InnerText; } version = version.Trim(); //Check if we retrieved the exact version of the service with the scripts if (sambaversion != "" && version.Contains("Samba") && version.Contains(".X")) { version = sambaversion; } // ScannablePort nmapPort; // nmapPort = new ScannablePort() { Protocol = protocol, Port = portid, Service = service, Version = version }; // nmapAsset.Ports.Add(nmapPort); #region updateendpoint //Searches the endpoint for this session and updates it Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Updating endpoints")); XORCISMEntities model = new XORCISMEntities(); var endpoints = from e in model.ENDPOINT where e.SessionID == sessionid && e.PortNumber == portid select e; foreach (ENDPOINT myendpoint in endpoints.ToList()) { try { Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Updating endpoint = {0} {1}/{2} ({3}) {4}", myendpoint.EndPointID, myendpoint.ProtocolName, myendpoint.PortNumber, myendpoint.Service, myendpoint.Version)); Utils.Helper_Trace("XORCISM PROVIDER NMAP", "New version=" + version); myendpoint.Version = version; model.SaveChanges(); } catch (Exception ex) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", "Exception in update endpoint = " + ex.Message); //return null; } } #endregion updateendpoint } //==== // OS //==== Utils.Helper_Trace("XORCISM PROVIDER NMAP", string.Format("Dealing with OSname")); XmlNodeList OsNodes; OsNodes = nodeHost.SelectNodes("os/osmatch"); //Hardcoded XmlNode nodeOs = OsNodes[0]; if (nodeOs != null) { string name = nodeOs.Attributes["name"].InnerText; int accuracy = Convert.ToInt32(nodeOs.Attributes["accuracy"].InnerText); Utils.Helper_Trace("XORCISM PROVIDER NMAP", "OSName=" + name); //nmapAsset.OS.OSName = name; if (sambaosversion != "") { // nmapAsset.OS.OSName = sambaosversion; Utils.Helper_Trace("XORCISM PROVIDER NMAP", "sambaosversion=" + sambaosversion); } //nmapAsset.OS.Accuracy = accuracy; //nmapAsset.OS.Description = ""; } //tabNmapAsset.Add(nmapAsset); } } catch (Exception ex) { Utils.Helper_Trace("XORCISM PROVIDER NMAP", "Exception while parsing XML results = " + ex.Message); //return null; } }