/// <summary>
/// Copyright (C) 2014-2015 Jerome Athias
/// Unfinished tool to retrieve OVAL Definitions corresponding to a CPE an XORCISM database
/// This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
///
/// This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
///
/// You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
/// </summary>
static void Main(string[] args)
{
//TODO FIX MODELS
//Search the CPE fo OVALDEFINITIONs using the CPE list collected from CVE NVD
XORCISMEntities model = new XORCISMEntities();
model.Configuration.AutoDetectChangesEnabled = false;
model.Configuration.ValidateOnSaveEnabled = false;
XOVALEntities oval_model = new XOVALEntities();
oval_model.Configuration.AutoDetectChangesEnabled = false;
oval_model.Configuration.ValidateOnSaveEnabled = false;
XVULNERABILITYEntities vuln_model = new XVULNERABILITYEntities();
vuln_model.Configuration.AutoDetectChangesEnabled = false;
vuln_model.Configuration.ValidateOnSaveEnabled = false;
List <OVALDEFINITIONVULNERABILITY> ListOVALDefVulns = oval_model.OVALDEFINITIONVULNERABILITY.ToList();
foreach (OVALDEFINITIONVULNERABILITY oOVALDefVuln in ListOVALDefVulns)
{
Console.WriteLine("DEBUG ************************************************************");
Console.WriteLine("DEBUG " + oOVALDefVuln.OVALDEFINITION.OVALDefinitionIDPattern);
int iVulnerabilityID = (int)oOVALDefVuln.VulnerabilityID;
string sVULReferentialID = vuln_model.VULNERABILITY.FirstOrDefault(o => o.VulnerabilityID == oOVALDefVuln.VulnerabilityID).VULReferentialID;
//Console.WriteLine("DEBUG " + oOVALDefVuln.VULNERABILITY.VULReferentialID);
Console.WriteLine("DEBUG " + sVULReferentialID);
//List<VULNERABILITYFORCPE> ListVulnCPEs = vuln_model.VULNERABILITYFORCPE.Where(o => o.VulnerabilityID == oOVALDefVuln.VULNERABILITY.VulnerabilityID).ToList();
List <VULNERABILITYFORCPE> ListVulnCPEs = vuln_model.VULNERABILITYFORCPE.Where(o => o.VulnerabilityID == iVulnerabilityID).ToList();
foreach (VULNERABILITYFORCPE oVulnCPE in ListVulnCPEs)
{
//Console.WriteLine("DEBUG " + oVulnCPE.CPE.CPEName);
string sCPEName = model.CPE.FirstOrDefault(o => o.CPEID == oVulnCPE.CPEID).CPEName;
Console.WriteLine("DEBUG " + sCPEName);
}
}
model.Dispose();
}
private void Helper_SetJobStatus(int jobID, XCommon.STATUS status)
{
XORCISMEntities model;
model = new XORCISMEntities();
JOB job;
job = model.JOB.FirstOrDefault(o => o.JobID == jobID);
job.Status = status.ToString();
job.DateEnd = DateTimeOffset.Now;
model.SaveChanges();
//FREE MEMORY
model.Dispose();
job = null;
}
/* @default : port = "80"
* @default : strategy | tunning ="x"
*/
public void Run(string target, int jobID, string policy, string strategy)
{
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", "Entering Run()");
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("Target = {0} , JobID = {1} , Policy = {2}, Strategy = {3}", target, jobID, policy, strategy));
// delete spaces for multisite
target = target.Replace(" ", "");
/* On initialise une var */
NiktoParser niktoParser = null;
try
{
niktoParser = new NiktoParser(target, jobID, policy, strategy);
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", "JobID:" + jobID + "Exception NiktoParser = " + ex.Message + " " + ex.InnerException);
}
string status = XCommon.STATUS.FINISHED.ToString();
// =================================================
// Change the status of the job to FINISHED or ERROR
// =================================================
if (niktoParser.Parse() == false)
{
status = XCommon.STATUS.ERROR.ToString();
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("Updating job {0} status to ERROR", jobID));
XCommon.Utils.Helper_SendEmail("*****@*****.**", "Nikto ERROR", "Nikto ERROR for job:" + jobID);
}
else
{
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("Updating job {0} status to FINISHED", jobID));
}
try
{
XORCISMEntities model = new XORCISMEntities();
var Q = from j in model.JOB
where j.JobID == jobID
select j;
JOB myJob = Q.FirstOrDefault();
myJob.Status = status;
myJob.DateEnd = DateTimeOffset.Now;
//image
System.Text.UTF8Encoding encoding = new System.Text.UTF8Encoding();
myJob.XmlResult = encoding.GetBytes(m_data);
model.SaveChanges();
//FREE MEMORY
model.Dispose();
niktoParser = null;
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", "JobID:" + jobID + "Exception UpdateJob = " + ex.Message + " " + ex.InnerException);
}
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", "JobID:" + jobID + "Leaving Run()");
}
static void Main()
{
//Application.EnableVisualStyles();
//Application.SetCompatibleTextRenderingDefault(false);
//Application.Run(new Form1());
//https://raw.github.com/vz-risk/veris/master/verisc-enum.json
try
{
WebClient wc = new WebClient();
Console.WriteLine("Downloading verisc-enum.json");
wc.DownloadFile("https://raw.github.com/vz-risk/veris/master/verisc-enum.json", "C:/nvdcve/verisc-enum.json"); //HARDCODED
//
wc.Dispose();
//Console.WriteLine("Download is completed", "info", MessageBoxButtons.OK, MessageBoxIcon.Question, MessageBoxDefaultButton.Button1);
}
catch (Exception ex)
{
Console.WriteLine("Error while downloading\n" + ex.Message + " " + ex.InnerException);
}
// create reader & open file
StreamReader tr = new StreamReader(@"C:\nvdcve\verisc-enum.json"); //HARDCODED
// read the file
string verisenum = tr.ReadToEnd();
//Console.WriteLine(verisenum);
// close the stream
tr.Close();
XORCISMEntities model = new XORCISMEntities();
XTHREATEntities threat_model = new XTHREATEntities();
JsonObject jobj = (JsonObject)JsonConvert.Import(verisenum);
JsonArray jarray = new JsonArray();
foreach (string loc in jobj.Names)
{
//Console.WriteLine(loc);
switch (loc)
{
case "security_compromise":
break;
case "confidence":
break;
case "victim":
//Console.WriteLine(Convert.ToString(((JsonObject)jobj[loc])["employee_count"]));
jarray = (JsonArray)((JsonObject)jobj[loc])["employee_count"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
//Console.WriteLine(Convert.ToString(jarray[cpt]));
}
break;
case "actor":
break;
case "action":
//Console.WriteLine(Convert.ToString(((JsonObject)jobj[loc])["malware"]));
//************* MALWARE **************************
JsonObject jobj2 = (JsonObject)JsonConvert.Import(Convert.ToString(((JsonObject)jobj[loc])["malware"]));
foreach (string loc2 in jobj2.Names)
{
//Console.WriteLine(loc2);
//variety
//vector
switch (loc2)
{
case "variety":
jarray = (JsonArray)(jobj2)["variety"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVarietyName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVarietyName);
//ThreatActionCategoryID=1 //malware
XTHREATModel.THREATACTIONVARIETY tactionvariety = new THREATACTIONVARIETY();
tactionvariety = threat_model.THREATACTIONVARIETY.FirstOrDefault(o => o.ThreatActionCategoryID == 1 && o.ThreatActionVarietyName == sThreatActionVarietyName);
if (tactionvariety == null)
{
tactionvariety = new THREATACTIONVARIETY();
tactionvariety.ThreatActionCategoryID = 1; //malware
tactionvariety.ThreatActionVarietyName = sThreatActionVarietyName;
threat_model.THREATACTIONVARIETY.Add(tactionvariety);
threat_model.SaveChanges();
}
}
break;
case "vector":
jarray = (JsonArray)(jobj2)["vector"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVectorName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVectorName);
//ThreatActionCategoryID=1 //malware
XTHREATModel.THREATACTIONVECTOR tactionvector = new THREATACTIONVECTOR();
tactionvector = threat_model.THREATACTIONVECTOR.FirstOrDefault(o => o.ThreatActionCategoryID == 1 && o.ThreatActionVectorName == sThreatActionVectorName);
if (tactionvector == null)
{
tactionvector = new THREATACTIONVECTOR();
tactionvector.ThreatActionCategoryID = 1; //malware
tactionvector.ThreatActionVectorName = sThreatActionVectorName;
threat_model.THREATACTIONVECTOR.Add(tactionvector);
threat_model.SaveChanges();
}
}
break;
default:
Console.WriteLine("ERROR " + loc2 + " is unknown for action.malware");
break;
}
}
//************* HACKING **************************
jobj2 = (JsonObject)JsonConvert.Import(Convert.ToString(((JsonObject)jobj[loc])["hacking"]));
foreach (string loc2 in jobj2.Names)
{
//Console.WriteLine(loc2);
//variety
//vector
switch (loc2)
{
case "variety":
jarray = (JsonArray)(jobj2)["variety"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVarietyName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVarietyName);
//ThreatActionCategoryID=2 //hacking
XTHREATModel.THREATACTIONVARIETY tactionvariety = new THREATACTIONVARIETY();
tactionvariety = threat_model.THREATACTIONVARIETY.FirstOrDefault(o => o.ThreatActionCategoryID == 2 && o.ThreatActionVarietyName == sThreatActionVarietyName);
if (tactionvariety == null)
{
tactionvariety = new THREATACTIONVARIETY();
tactionvariety.ThreatActionCategoryID = 2; //hacking
tactionvariety.ThreatActionVarietyName = sThreatActionVarietyName;
threat_model.THREATACTIONVARIETY.Add(tactionvariety);
threat_model.SaveChanges();
}
}
break;
case "vector":
jarray = (JsonArray)(jobj2)["vector"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVectorName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVectorName);
//ThreatActionCategoryID=2 //hacking
XTHREATModel.THREATACTIONVECTOR tactionvector = new THREATACTIONVECTOR();
tactionvector = threat_model.THREATACTIONVECTOR.FirstOrDefault(o => o.ThreatActionCategoryID == 2 && o.ThreatActionVectorName == sThreatActionVectorName);
if (tactionvector == null)
{
tactionvector = new THREATACTIONVECTOR();
tactionvector.ThreatActionCategoryID = 2; //hacking
tactionvector.ThreatActionVectorName = sThreatActionVectorName;
threat_model.THREATACTIONVECTOR.Add(tactionvector);
threat_model.SaveChanges();
}
}
break;
default:
Console.WriteLine(loc2 + " is unknown for action.hacking");
break;
}
}
//************* SOCIAL **************************
jobj2 = (JsonObject)JsonConvert.Import(Convert.ToString(((JsonObject)jobj[loc])["social"]));
foreach (string loc2 in jobj2.Names)
{
//Console.WriteLine(loc2);
//variety
//vector
switch (loc2)
{
case "variety":
jarray = (JsonArray)(jobj2)["variety"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVarietyName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVarietyName);
//ThreatActionCategoryID=3 //social
XTHREATModel.THREATACTIONVARIETY tactionvariety = new THREATACTIONVARIETY();
tactionvariety = threat_model.THREATACTIONVARIETY.FirstOrDefault(o => o.ThreatActionCategoryID == 3 && o.ThreatActionVarietyName == sThreatActionVarietyName);
if (tactionvariety == null)
{
tactionvariety = new THREATACTIONVARIETY();
tactionvariety.ThreatActionCategoryID = 3; //social
tactionvariety.ThreatActionVarietyName = sThreatActionVarietyName;
threat_model.THREATACTIONVARIETY.Add(tactionvariety);
threat_model.SaveChanges();
}
}
break;
case "vector":
jarray = (JsonArray)(jobj2)["vector"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVectorName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVectorName);
//ThreatActionCategoryID=3 //social
XTHREATModel.THREATACTIONVECTOR tactionvector = new THREATACTIONVECTOR();
tactionvector = threat_model.THREATACTIONVECTOR.FirstOrDefault(o => o.ThreatActionCategoryID == 3 && o.ThreatActionVectorName == sThreatActionVectorName);
if (tactionvector == null)
{
tactionvector = new THREATACTIONVECTOR();
tactionvector.ThreatActionCategoryID = 3; //social
tactionvector.ThreatActionVectorName = sThreatActionVectorName;
threat_model.THREATACTIONVECTOR.Add(tactionvector);
threat_model.SaveChanges();
}
}
break;
case "target":
jarray = (JsonArray)(jobj2)["target"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionTargetName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionTargetName);
//ThreatActionCategoryID=3 //social
XTHREATModel.THREATACTIONTARGET tactiontarget = new THREATACTIONTARGET();
tactiontarget = threat_model.THREATACTIONTARGET.FirstOrDefault(o => o.ThreatActionCategoryID == 3 && o.ThreatActionTargetName == sThreatActionTargetName);
if (tactiontarget == null)
{
tactiontarget = new THREATACTIONTARGET();
tactiontarget.ThreatActionCategoryID = 3; //social
tactiontarget.ThreatActionTargetName = sThreatActionTargetName;
threat_model.THREATACTIONTARGET.Add(tactiontarget);
threat_model.SaveChanges();
}
}
break;
default:
Console.WriteLine(loc2 + " is unknown for action.social");
break;
}
}
//************* SOCIAL **************************
jobj2 = (JsonObject)JsonConvert.Import(Convert.ToString(((JsonObject)jobj[loc])["social"]));
foreach (string loc2 in jobj2.Names)
{
//Console.WriteLine(loc2);
//variety
//vector
switch (loc2)
{
case "variety":
jarray = (JsonArray)(jobj2)["variety"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVarietyName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVarietyName);
//ThreatActionCategoryID=3 //social
XTHREATModel.THREATACTIONVARIETY tactionvariety = new THREATACTIONVARIETY();
tactionvariety = threat_model.THREATACTIONVARIETY.FirstOrDefault(o => o.ThreatActionCategoryID == 3 && o.ThreatActionVarietyName == sThreatActionVarietyName);
if (tactionvariety == null)
{
tactionvariety = new THREATACTIONVARIETY();
tactionvariety.ThreatActionCategoryID = 3; //social
tactionvariety.ThreatActionVarietyName = sThreatActionVarietyName;
threat_model.THREATACTIONVARIETY.Add(tactionvariety);
threat_model.SaveChanges();
}
}
break;
case "vector":
jarray = (JsonArray)(jobj2)["vector"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVectorName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVectorName);
//ThreatActionCategoryID=3 //social
XTHREATModel.THREATACTIONVECTOR tactionvector = new THREATACTIONVECTOR();
tactionvector = threat_model.THREATACTIONVECTOR.FirstOrDefault(o => o.ThreatActionCategoryID == 3 && o.ThreatActionVectorName == sThreatActionVectorName);
if (tactionvector == null)
{
tactionvector = new THREATACTIONVECTOR();
tactionvector.ThreatActionCategoryID = 3; //social
tactionvector.ThreatActionVectorName = sThreatActionVectorName;
threat_model.THREATACTIONVECTOR.Add(tactionvector);
threat_model.SaveChanges();
}
}
break;
default:
Console.WriteLine(loc2 + " is unknown for action.social");
break;
}
}
//************* MISUSE **************************
jobj2 = (JsonObject)JsonConvert.Import(Convert.ToString(((JsonObject)jobj[loc])["misuse"]));
foreach (string loc2 in jobj2.Names)
{
//Console.WriteLine(loc2);
//variety
//vector
switch (loc2)
{
case "variety":
jarray = (JsonArray)(jobj2)["variety"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVarietyName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVarietyName);
//ThreatActionCategoryID=4 //misuse
XTHREATModel.THREATACTIONVARIETY tactionvariety = new THREATACTIONVARIETY();
tactionvariety = threat_model.THREATACTIONVARIETY.FirstOrDefault(o => o.ThreatActionCategoryID == 4 && o.ThreatActionVarietyName == sThreatActionVarietyName);
if (tactionvariety == null)
{
tactionvariety = new THREATACTIONVARIETY();
tactionvariety.ThreatActionCategoryID = 4; //misuse
tactionvariety.ThreatActionVarietyName = sThreatActionVarietyName;
threat_model.THREATACTIONVARIETY.Add(tactionvariety);
threat_model.SaveChanges();
}
}
break;
case "vector":
jarray = (JsonArray)(jobj2)["vector"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVectorName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVectorName);
//ThreatActionCategoryID=4 //misuse
XTHREATModel.THREATACTIONVECTOR tactionvector = new THREATACTIONVECTOR();
tactionvector = threat_model.THREATACTIONVECTOR.FirstOrDefault(o => o.ThreatActionCategoryID == 4 && o.ThreatActionVectorName == sThreatActionVectorName);
if (tactionvector == null)
{
tactionvector = new THREATACTIONVECTOR();
tactionvector.ThreatActionCategoryID = 4; //misuse
tactionvector.ThreatActionVectorName = sThreatActionVectorName;
threat_model.THREATACTIONVECTOR.Add(tactionvector);
threat_model.SaveChanges();
}
}
break;
default:
Console.WriteLine(loc2 + " is unknown for action.misuse");
break;
}
}
//************* PHYSICAL **************************
jobj2 = (JsonObject)JsonConvert.Import(Convert.ToString(((JsonObject)jobj[loc])["physical"]));
foreach (string loc2 in jobj2.Names)
{
//Console.WriteLine(loc2);
//variety
//vector
switch (loc2)
{
case "variety":
jarray = (JsonArray)(jobj2)["variety"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVarietyName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVarietyName);
//ThreatActionCategoryID=5 //physical
XTHREATModel.THREATACTIONVARIETY tactionvariety = new THREATACTIONVARIETY();
tactionvariety = threat_model.THREATACTIONVARIETY.FirstOrDefault(o => o.ThreatActionCategoryID == 5 && o.ThreatActionVarietyName == sThreatActionVarietyName);
if (tactionvariety == null)
{
tactionvariety = new THREATACTIONVARIETY();
tactionvariety.ThreatActionCategoryID = 5; //physical
tactionvariety.ThreatActionVarietyName = sThreatActionVarietyName;
threat_model.THREATACTIONVARIETY.Add(tactionvariety);
threat_model.SaveChanges();
}
}
break;
case "location":
jarray = (JsonArray)(jobj2)["location"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionLocationName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionLocationName);
//ThreatActionCategoryID=5 //physical
XTHREATModel.THREATACTIONLOCATION tactionlocation = new THREATACTIONLOCATION();
tactionlocation = threat_model.THREATACTIONLOCATION.FirstOrDefault(o => o.ThreatActionLocationName == sThreatActionLocationName);
if (tactionlocation == null)
{
tactionlocation = new THREATACTIONLOCATION();
//tactionlocation.ThreatActionCategoryID = 5; //physical
tactionlocation.ThreatActionLocationName = sThreatActionLocationName;
threat_model.THREATACTIONLOCATION.Add(tactionlocation);
threat_model.SaveChanges();
}
}
break;
case "vector":
jarray = (JsonArray)(jobj2)["vector"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVectorName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVectorName);
//ThreatActionCategoryID=5 //physical
XTHREATModel.THREATACTIONVECTOR tactionvector = new THREATACTIONVECTOR();
tactionvector = threat_model.THREATACTIONVECTOR.FirstOrDefault(o => o.ThreatActionCategoryID == 5 && o.ThreatActionVectorName == sThreatActionVectorName);
if (tactionvector == null)
{
tactionvector = new THREATACTIONVECTOR();
tactionvector.ThreatActionCategoryID = 5; //physical
tactionvector.ThreatActionVectorName = sThreatActionVectorName;
threat_model.THREATACTIONVECTOR.Add(tactionvector);
threat_model.SaveChanges();
}
}
break;
default:
Console.WriteLine(loc2 + " is unknown for action.physical");
break;
}
}
//************* ERROR **************************
jobj2 = (JsonObject)JsonConvert.Import(Convert.ToString(((JsonObject)jobj[loc])["error"]));
foreach (string loc2 in jobj2.Names)
{
//Console.WriteLine(loc2);
//variety
//vector
switch (loc2)
{
case "variety":
jarray = (JsonArray)(jobj2)["variety"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVarietyName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVarietyName);
//ThreatActionCategoryID=6 //error
XTHREATModel.THREATACTIONVARIETY tactionvariety = new THREATACTIONVARIETY();
tactionvariety = threat_model.THREATACTIONVARIETY.FirstOrDefault(o => o.ThreatActionCategoryID == 6 && o.ThreatActionVarietyName == sThreatActionVarietyName);
if (tactionvariety == null)
{
tactionvariety = new THREATACTIONVARIETY();
tactionvariety.ThreatActionCategoryID = 6; //error
tactionvariety.ThreatActionVarietyName = sThreatActionVarietyName;
threat_model.THREATACTIONVARIETY.Add(tactionvariety);
threat_model.SaveChanges();
}
}
break;
case "vector":
jarray = (JsonArray)(jobj2)["vector"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVectorName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVectorName);
//ThreatActionCategoryID=6 //error
XTHREATModel.THREATACTIONVECTOR tactionvector = new THREATACTIONVECTOR();
tactionvector = threat_model.THREATACTIONVECTOR.FirstOrDefault(o => o.ThreatActionCategoryID == 6 && o.ThreatActionVectorName == sThreatActionVectorName);
if (tactionvector == null)
{
tactionvector = new THREATACTIONVECTOR();
tactionvector.ThreatActionCategoryID = 6; //error
tactionvector.ThreatActionVectorName = sThreatActionVectorName;
threat_model.THREATACTIONVECTOR.Add(tactionvector);
threat_model.SaveChanges();
}
}
break;
default:
Console.WriteLine(loc2 + " is unknown for action.error");
break;
}
}
//************* ENVIRONMENTAL **************************
jobj2 = (JsonObject)JsonConvert.Import(Convert.ToString(((JsonObject)jobj[loc])["environmental"]));
foreach (string loc2 in jobj2.Names)
{
//Console.WriteLine(loc2);
//variety
switch (loc2)
{
case "variety":
jarray = (JsonArray)(jobj2)["variety"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVarietyName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVarietyName);
//ThreatActionCategoryID=7 //environmental
XTHREATModel.THREATACTIONVARIETY tactionvariety = new THREATACTIONVARIETY();
tactionvariety = threat_model.THREATACTIONVARIETY.FirstOrDefault(o => o.ThreatActionCategoryID == 7 && o.ThreatActionVarietyName == sThreatActionVarietyName);
if (tactionvariety == null)
{
tactionvariety = new THREATACTIONVARIETY();
tactionvariety.ThreatActionCategoryID = 7; //environmental
tactionvariety.ThreatActionVarietyName = sThreatActionVarietyName;
threat_model.THREATACTIONVARIETY.Add(tactionvariety);
threat_model.SaveChanges();
}
}
break;
default:
Console.WriteLine(loc2 + " is unknown for action.environmental");
break;
}
}
break;
case "asset":
jarray = (JsonArray)((JsonObject)jobj[loc])["variety"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sAssetVarietyName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sAssetVarietyName);
XORCISMModel.ASSETVARIETY assetvariety = new ASSETVARIETY();
assetvariety = model.ASSETVARIETY.FirstOrDefault(o => o.AssetVarietyName == sAssetVarietyName);
if (assetvariety == null)
{
assetvariety = new ASSETVARIETY();
assetvariety.AssetVarietyName = sAssetVarietyName;
model.ASSETVARIETY.Add(assetvariety);
model.SaveChanges();
}
}
//cloud
break;
case "attribute":
break;
case "timeline":
break;
case "discovery_method":
break;
case "cost_corrective_action":
break;
case "impact":
break;
case "country":
//ISOCOUNTRY COUNTRYISO
//http://www.iso.org/iso/home/standards/country_codes/country_names_and_code_elements.htm
// create reader & open file
tr = new StreamReader(@"country_names_and_code_element.txt"); //HARDCODED
// read the file
string scountryline = tr.ReadLine();
//Console.WriteLine(verisenum);
//Country Name;ISO 3166-1-alpha-2 code
//Ignore the first line (headers)
scountryline = tr.ReadLine();
string[] row;
while (scountryline != null && scountryline != "")
{
row = scountryline.Split(';');
string sCountryName = row[0];
string sCountryCode = row[1];
XORCISMModel.COUNTRY country = new COUNTRY();
country = model.COUNTRY.FirstOrDefault(o => o.CountryName == sCountryName && o.CountryCode == sCountryCode);
if (country == null)
{
country = new COUNTRY();
country.CountryCode = sCountryCode;
country.CountryName = sCountryName;
model.COUNTRY.Add(country);
model.SaveChanges();
}
scountryline = tr.ReadLine();
}
// close the stream
tr.Close();
jarray = (JsonArray)jobj[loc];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string scountry = Convert.ToString(jarray[cpt]).ToUpper();
//Console.WriteLine(scountry);
XORCISMModel.COUNTRY country = new COUNTRY();
country = model.COUNTRY.FirstOrDefault(o => o.CountryName == scountry);
if (country == null)
{
country = new COUNTRY();
//country.CountryCode = "";
country.CountryName = scountry;
Console.WriteLine("Country: " + scountry + " not found in the database.");
//model.AddToCOUNTRY(country);
//model.SaveChanges();
}
}
break;
case "iso_currency_code":
//jarray = (JsonArray)((JsonObject)jobj[loc])[0];
//jarray = new JsonArray(loc);
jarray = (JsonArray)jobj[loc];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string scurrency = Convert.ToString(jarray[cpt]);
//Console.WriteLine(scurrency);
XORCISMModel.ISOCURRENCY currency = new ISOCURRENCY();
currency = model.ISOCURRENCY.FirstOrDefault(o => o.iso_currency_code == scurrency);
if (currency == null)
{
currency = new ISOCURRENCY();
currency.iso_currency_code = scurrency;
model.ISOCURRENCY.Add(currency);
model.SaveChanges();
}
}
break;
default:
break;
}
//wid.value = Convert.ToString(((JsonObject)jobj[loc])["name"]);
//JsonArray coords = (JsonArray)((JsonObject)jobj[loc])["coords"];
//wid.style.left = Convert.ToString(coords[0]);
//wid.style.top = Convert.ToString(coords[1]);
}
//FREE
model.Dispose();
model = null;
}
static void Main(string[] args)
{
//https://stackoverflow.com/questions/5940225/fastest-way-of-inserting-in-entity-framework
model.Configuration.AutoDetectChangesEnabled = false;
model.Configuration.ValidateOnSaveEnabled = false;
int iCptYear = DateTime.Now.Year;
//XORCISMEntities model = new XORCISMEntities();
//int iVocabularySCIPID = 0;// 1044; //SCIP
#region vocabularyscip
try
{
iVocabularySCIPID = model.VOCABULARY.Where(o => o.VocabularyName == "SCIP").Select(o => o.VocabularyID).FirstOrDefault();
}
catch (Exception ex)
{
}
if (iVocabularySCIPID <= 0)
{
VOCABULARY oVocabulary = new VOCABULARY();
oVocabulary.CreatedDate = DateTimeOffset.Now;
oVocabulary.VocabularyName = "SCIP";
model.VOCABULARY.Add(oVocabulary);
model.SaveChanges();
iVocabularySCIPID = oVocabulary.VocabularyID;
Console.WriteLine("DEBUG iVocabularySCIPID=" + iVocabularySCIPID);
}
#endregion vocabularyscip
while (iCptYear > 2003)
{
string sURI = "refmap" + iCptYear;
Console.WriteLine("DEBUG *************************************************************");
Console.WriteLine("DEBUG " + DateTimeOffset.Now.ToString());
Console.WriteLine("DEBUG Working on " + sURI);
string sDownloadFileURL = "http://www.scip.ch/en/?vuldb." + sURI;
iCptYear--;
HttpWebRequest webRequest = null;
HttpWebResponse webResponse = null;
webRequest = (HttpWebRequest)WebRequest.Create(new Uri(sDownloadFileURL));
webRequest.Method = "GET";
//webRequest.Credentials = CredentialCache.DefaultCredentials;
//webRequest.Timeout = 20 * 60 * 1000; //20 minutes
webResponse = (HttpWebResponse)webRequest.GetResponse();
StreamReader SR = new StreamReader(webResponse.GetResponseStream());
string sResponseText = SR.ReadToEnd();
//Console.WriteLine(sResponseText);
SR.Close();
webResponse.Close();
StreamWriter swStreamWriter = new StreamWriter(sURI + ".txt");
swStreamWriter.Write(sResponseText);
swStreamWriter.Close();
StreamReader srStreamReader = new StreamReader(sURI + ".txt");
string sLine = srStreamReader.ReadLine();
string sTemp = string.Empty;
string sCurrentVULDB = string.Empty;
string sCurrentCVE = string.Empty;
int iVulnerabilityID = 0;
Regex myRegexVULDB = new Regex(@"<a href=\""\?vuldb\.[0-9](.*?)\"""); //TODO Review
//Regex myRegexCVE = new Regex("CVE-[0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9]");
Regex myRegexCVE = new Regex(@"CVE-(19|20)\d\d-(0\d{3}|[1-9]\d{3,})");
//https://cve.mitre.org/cve/identifiers/tech-guidance.html
Regex myRegexSECTRACK = new Regex(@"securitytracker.com/id/(.*?)\"" "); //TODO Review
Regex myRegexSECUNIA = new Regex(@"secunia.com/advisories/(.*?)\"" "); //TODO Review
Regex myRegexBID = new Regex(@"securityfocus.com/bid/(.*?)\"" "); //TODO Review
Regex myRegexXFORCE = new Regex(@"xforce.iss.net/xforce/xfdb/(.*?)\"" "); //TODO Review
Regex myRegexOSVDB = new Regex(@"osvdb.org/[0-9](.*?)\"" "); //TODO Review
while (sLine != null)
{
sLine = sLine.Replace("securitytracker.com/id?", "securitytracker.com/id/");
//sLine = sLine.Replace("https://www.", "http://");
//sLine = sLine.Replace("http://www.", "http://");
sLine = sLine.Replace("osvdb.org/displayvuln.php?osvdbid=", "osvdb.org/");
sLine = sLine.Replace("osvdb.org/show/osvdb/", "osvdb.org/");
//TODO? microsoft.com MS
sTemp = myRegexVULDB.Match(sLine).ToString();
if (sTemp != "")
{
sTemp = sTemp.Replace("<a href=", "");
sTemp = sTemp.Replace("\"", "");
sTemp = sTemp.Replace("?vuldb.", "");
//TODO check if ok
sCurrentVULDB = sTemp;
Console.WriteLine("*************************************************************");
Console.WriteLine("DEBUG " + DateTimeOffset.Now.ToString());
Console.WriteLine("DEBUG SCIP VULDB:" + sCurrentVULDB);
}
else
{
sTemp = myRegexCVE.Match(sLine).ToString();
if (sTemp != "")
{
#region cve
sCurrentCVE = sTemp;
Console.WriteLine("DEBUG " + DateTimeOffset.Now.ToString());
Console.WriteLine("DEBUG CVE:" + sCurrentCVE);
//TODO double-check if it is real CVE-ID
try
{
iVulnerabilityID = vuln_nodel.VULNERABILITY.Where(o => o.VULReferential == "cve" && o.VULReferentialID == sCurrentCVE).Select(o => o.VulnerabilityID).FirstOrDefault();
}
catch (Exception exCVE)
{
//Console.WriteLine("Exception exCVE " + exCVE.Message + " " + exCVE.InnerException);
}
if (iVulnerabilityID <= 0)
{
try
{
VULNERABILITY oVulnerability = new VULNERABILITY();
oVulnerability.CreatedDate = DateTimeOffset.Now;
oVulnerability.VocabularyID = iVocabularySCIPID;
oVulnerability.VULReferential = "cve";
oVulnerability.VULReferentialID = sCurrentCVE;
oVulnerability.timestamp = DateTimeOffset.Now;
vuln_nodel.VULNERABILITY.Add(oVulnerability);
vuln_nodel.SaveChanges();
iVulnerabilityID = oVulnerability.VulnerabilityID;
}
catch (System.Data.Entity.Validation.DbEntityValidationException e)
{
System.Text.StringBuilder sb = new System.Text.StringBuilder();
foreach (var eve in e.EntityValidationErrors)
{
sb.AppendLine(string.Format("Entity of type \"{0}\" in state \"{1}\" has the following validation errors:",
eve.Entry.Entity.GetType().Name,
eve.Entry.State));
foreach (var ve in eve.ValidationErrors)
{
sb.AppendLine(string.Format("- Property: \"{0}\", Error: \"{1}\"",
ve.PropertyName,
ve.ErrorMessage));
}
}
//throw new DbEntityValidationException(sb.ToString(), e);
Console.WriteLine("Exception DbEntityValidationExceptionUPDATECAPEC " + sb.ToString());
}
catch (Exception exSCIPCVE)
{
Console.WriteLine("Exception exSCIPCVE " + exSCIPCVE.Message + " " + exSCIPCVE.InnerException);
}
}
else
{
//Update VULNERABILITY
}
Console.WriteLine("DEBUG " + DateTimeOffset.Now.ToString());
Console.WriteLine("DEBUG iVulnerabilityID=" + iVulnerabilityID);
sSource = "SCIP";
sSourceID = sCurrentVULDB;
sReferenceURL = "http://scip.ch/?vuldb." + sCurrentVULDB;
fAddReference(iVulnerabilityID); //, sSource, sSourceID, sReferenceURL);
#endregion cve
}
else
{
//<td><a href="http://osvdb.org/3314" title="osvdb.org/3314">3314</a></td>
sTemp = myRegexOSVDB.Match(sLine).ToString();
if (sTemp != "")
{
#region osvdb
//Console.WriteLine(sTemp);
sSource = "OSVDB";
sSourceID = sTemp.Replace("osvdb.org/", "");
sSourceID = sSourceID.Replace("/", "");
sSourceID = sSourceID.Replace("\"", "").Trim();
//Console.WriteLine(sSourceID);
try
{
int iTest = int.Parse(sSourceID);
sReferenceURL = "http://osvdb.org/" + sSourceID;
Console.WriteLine("DEBUG " + sReferenceURL);
fAddReference(iVulnerabilityID); //, sSource, sSourceID, sReferenceURL);
}
catch (Exception exSCIPOSVDBID)
{
Console.WriteLine("Exception exSCIPOSVDBID " + sSourceID + " " + exSCIPOSVDBID.Message + " " + exSCIPOSVDBID.InnerException);
}
//TODO see Import_all
//fRequestOSVDB();
#endregion osvdb
}
else
{
#region securitytracker
////http://securitytracker.com/id?1028074
//http://securitytracker.com/id/1029599
sTemp = myRegexSECTRACK.Match(sLine).ToString();
if (sTemp != "")
{
//Console.WriteLine(sTemp);
sSource = "SECTRACK";
sSourceID = sTemp.Replace("securitytracker.com/id/", "");
sSourceID = sSourceID.Replace("/", "");
sSourceID = sSourceID.Replace("\"", "").Trim();
//Console.WriteLine(sSourceID);
sReferenceURL = "http://securitytracker.com/id/" + sSourceID;
Console.WriteLine("DEBUG " + sReferenceURL);
fAddReference(iVulnerabilityID); //, sSource, sSourceID, sReferenceURL);
}
#endregion securitytracker
else
{
#region secunia
//http://secunia.com/advisories/58347
sTemp = myRegexSECUNIA.Match(sLine).ToString();
if (sTemp != "")
{
//Console.WriteLine(sTemp);
sSource = "SECUNIA";
sSourceID = sTemp.Replace("secunia.com/advisories/", "");
sSourceID = sSourceID.Replace("/", "");
sSourceID = sSourceID.Replace("\"", "").Trim();
//Console.WriteLine(sSourceID);
sReferenceURL = "http://secunia.com/advisories/" + sSourceID;
Console.WriteLine("DEBUG " + sReferenceURL);
fAddReference(iVulnerabilityID); //, sSource, sSourceID, sReferenceURL);
}
#endregion secunia
else
{
#region securityfocus
//http://securityfocus.com/bid/123
sTemp = myRegexBID.Match(sLine).ToString();
if (sTemp != "")
{
//Console.WriteLine(sTemp);
sSource = "BID";
sSourceID = sTemp.Replace("securityfocus.com/bid/", "");
sSourceID = sSourceID.Replace("/", "");
sSourceID = sSourceID.Replace("\"", "").Trim();
//Console.WriteLine(sSourceID);
sReferenceURL = "http://securityfocus.com/bid/" + sSourceID;
Console.WriteLine("DEBUG " + sReferenceURL);
fAddReference(iVulnerabilityID); //, sSource, sSourceID, sReferenceURL);
}
#endregion securityfocus
else
{
#region xforce
//http://xforce.iss.net/xforce/xfdb/123
sTemp = myRegexXFORCE.Match(sLine).ToString();
if (sTemp != "")
{
//Console.WriteLine(sTemp);
sSource = "XF";
sSourceID = sTemp.Replace("xforce.iss.net/xforce/xfdb/", "");
sSourceID = sSourceID.Replace("/", "");
sSourceID = sSourceID.Replace("\"", "").Trim();
//Console.WriteLine(sSourceID);
sReferenceURL = "http://xforce.iss.net/xforce/xfdb/" + sSourceID;
Console.WriteLine("DEBUG " + sReferenceURL);
fAddReference(iVulnerabilityID); //, sSource, sSourceID, sReferenceURL);
}
#endregion xforce
else
{
//TODO
}
}
}
}
}
}
}
sLine = srStreamReader.ReadLine();
}
srStreamReader.Close();
}
//FREE
try
{
model.SaveChanges();
}
catch (System.Data.Entity.Validation.DbEntityValidationException e)
{
System.Text.StringBuilder sb = new System.Text.StringBuilder();
foreach (var eve in e.EntityValidationErrors)
{
sb.AppendLine(string.Format("Entity of type \"{0}\" in state \"{1}\" has the following validation errors:",
eve.Entry.Entity.GetType().Name,
eve.Entry.State));
foreach (var ve in eve.ValidationErrors)
{
sb.AppendLine(string.Format("- Property: \"{0}\", Error: \"{1}\"",
ve.PropertyName,
ve.ErrorMessage));
}
}
//throw new DbEntityValidationException(sb.ToString(), e);
Console.WriteLine("Exception DbEntityValidationExceptionFINALSAVE " + sb.ToString());
}
catch (Exception exFINALSAVE)
{
Console.WriteLine("Exception exFINALSAVE " + exFINALSAVE.Message + " " + exFINALSAVE.InnerException);
}
model.Dispose();
}
public void Run(string target, int jobID, string policy, string strategy)
{
m_jobId = jobID;
m_target = target;
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "Entering Run()");
Utils.Helper_Trace("XORCISM PROVIDER XINFO", string.Format("Target = {0} , JobID = {1} , Policy = {2}", target, jobID, policy));
//Check if we have an IP address
//string pattern = @"^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.
//([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}$";
string pattern = @"^\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?$"; //TODO IPv6...
//create our Regular Expression object
Regex check = new Regex(pattern);
if (check.IsMatch(target.Trim(), 0))
{
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + jobID + " target is an IP address");
}
else
{
try
{
//It should be a domain name
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + jobID + " target: " + target + " is not an IP address");
// = target.Replace("http://", "");
//target = target.Replace("https://", "");
//target = target.Replace("/", "");
if (!target.Contains("://"))
{
target = "http://" + target;
}
//TODO? HTTPS
target = new Uri(target).Host;
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + jobID + " targetmodified: " + target);
if (check.IsMatch(target.Trim(), 0))
{
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + jobID + " targetmodified is an IP address");
}
else
{
//crackme.cenzic.com
string[] sectons = target.Split(new char[] { '.' });
if (sectons.Length == 3)
{
//target = string.Join(".", sectons, 1, 2);
whois_info(string.Join(".", sectons, 1, 2));
Thread.Sleep(30000); //Hardcoded
search_email_collector(string.Join(".", sectons, 1, 2));
}
else
{
whois_info(target);
Thread.Sleep(30000); //Hardcoded
search_email_collector(target);
}
IPHostEntry ipEntry = Dns.GetHostEntry(target);
IPAddress[] addr = ipEntry.AddressList;
target = addr[0].ToString();
}
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER XINFO", string.Format("JobID:" + jobID + " Dns.GetHostEntry Exception = {0} / {1}", ex.Message, ex.InnerException == null ? "" : ex.InnerException.Message));
}
}
XINFOParser infoParser = null;
try
{
infoParser = new XINFOParser(target, jobID, policy, strategy);
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + jobID + "Exception Parser = " + ex.Message + " " + ex.InnerException);
}
string status = XCommon.STATUS.FINISHED.ToString();
// =================================================
// Change the status of the job to FINISHED or ERROR
// =================================================
if (infoParser.Parse() == false)
{
status = XCommon.STATUS.ERROR.ToString();
Utils.Helper_Trace("XORCISM PROVIDER XINFO", string.Format("Updating job {0} status to ERROR", jobID));
XCommon.Utils.Helper_SendEmail("*****@*****.**", "XINFO ERROR", "XINFO ERROR for job:" + jobID);
}
else
{
Utils.Helper_Trace("XORCISM PROVIDER XINFO", string.Format("Updating job {0} status to FINISHED", jobID));
}
try
{
XORCISMEntities model = new XORCISMEntities();
var Q = from j in model.JOB
where j.JobID == jobID
select j;
JOB myJob = Q.FirstOrDefault();
myJob.Status = status;
myJob.DateEnd = DateTimeOffset.Now;
//image
System.Text.UTF8Encoding encoding = new System.Text.UTF8Encoding();
myJob.XmlResult = encoding.GetBytes(m_data);
model.SaveChanges();
//FREE MEMORY
model.Dispose();
infoParser = null;
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + jobID + "Exception UpdateJob = " + ex.Message + " " + ex.InnerException);
}
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + jobID + "Leaving Run()");
}
public void Run(string target, int jobID, string policy, string Strategy)
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Entering Run()");
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Target = {0} , JobID = {1} , Policy = {2}", target, jobID, policy));
Assembly a;
a = Assembly.GetExecutingAssembly();
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Assembly location = " + a.Location);
// ==============
// Launch the job
// ==============
#region With VoIPScanner
const string username = "******"; //TODO Hardcoded
//string username = ConfigurationManager.AppSettings["VOIPSCANNER_USERNAME"];
const string key = "1943e197-0zae-4bxc-xd18-12345";
//string key = ConfigurationManager.AppSettings["VOIPSCANNER_KEY"];
// const string baseurl = "https://voipscanner.com/voipscanner/voipscannerxmlrpc/handle";
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("UserName = {0} , Key = {1}", username, key));
XmlRpcStruct Xtarget = new XmlRpcStruct();
XORCISMEntities model;
model = new XORCISMEntities();
Dictionary <string, object> parameters;
var q = from x in model.JOB
where x.JobID == jobID
select x.Parameters;
try
{
byte[] buffer;
buffer = q.First();
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Size of parameters = {0} bytes", buffer.Length));
MemoryStream ms;
ms = new MemoryStream(buffer);
BinaryFormatter bf;
bf = new BinaryFormatter();
parameters = (Dictionary <string, object>)bf.Deserialize(ms);
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Error while deserializing parameters : Exception = {0}", ex.Message));
return;
}
string Sip;
Sip = (string)parameters["SIP"];
string Extrange;
Extrange = (string)parameters["EXTRANGE"];
try
{
Xtarget.Add("hostname", target);
if (string.IsNullOrEmpty(Sip) == false)
{
Xtarget.Add("sipport", Sip);
}
if (string.IsNullOrEmpty(Extrange) == false)
{
Xtarget.Add("extrange", Extrange);
}
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Exception = {0}", ex.Message));
// Que faire ?
}
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Target = {0}", target));
IToto proxy = XmlRpcProxyGen.Create <IToto>();
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Proxy = {0}", proxy));
Tracer tracer = new Tracer();
tracer.Attach(proxy);
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Param Okay");
string[] res = null;
try
{
res = proxy.scan(username, key, Xtarget);
}
catch (XmlRpcFaultException fex)
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Fault Response: {0} {1}", fex.FaultCode, fex.FaultString));
}
string scanuid = string.Empty;
if (res[0] == "Success")
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Success 1");
scanuid = res[1];
}
else
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Fail 1: {0}", res[0]));
}
// ===================
// Wait for completion
// ===================
XmlRpcStruct scanparams = new XmlRpcStruct();
scanparams.Add("scanuid", scanuid);
scanparams.Add("pretty", true);
scanparams.Add("documented", true);
// target.Add("upperBound", 139);
bool finished = false;
string xml = string.Empty;
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Waiting 45 seconds...");
Thread.Sleep(45000); //Hardcoded
while (finished == false)
{
try
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Trying to get results");
res = proxy.getresultsxml(username, key, scanparams);
}
catch (XmlRpcFaultException fex)
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Fault Response: {0} {1}", fex.FaultCode, fex.FaultString));
}
if (res[0] == "Success")
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Success 2");
xml = res[1];
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "res=" + xml);
finished = true;
}
else
{
//Wait
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Fail 2: {0}", res[0]));
// return null;
Thread.Sleep(30000);
}
}
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Results successfully downloaded");
XmlDocument doc;
doc = new XmlDocument();
try
{
//TODO XML Validation
doc.LoadXml(xml);
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("LoadXmlException = {0}", ex.Message));
// Que faire ?
}
#endregion
#region Without VoIPScanner
/*
* XmlDocument doc = new XmlDocument();
* doc.Load(@"c:\VoIPScanner.xml");
*/
#endregion
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Parsing the results");
VoIPScannerParser parser = new VoIPScannerParser(doc, jobID);
parser.parse();
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Using svmap.py from sipvicious");
string address = "111.222.333.444"; //TODO Hardcoded
//string username = "******";
string password = "******";
string prompt = "root";
SshShell sshShell;
sshShell = new SshShell(address, "root", password);
sshShell.RemoveTerminalEmulationCharacters = true;
Utils.Helper_Trace("XORCISM PROVIDER SIPVICIOUS", string.Format("JobID: {0} Connecting to SIPVICIOUS server at {1}", jobID, address));
try
{
sshShell.Connect(22);
//sshShell.Expect(prompt+"~#");
sshShell.Expect(prompt);// + "~$");
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER SIPVICIOUS", string.Format("JobID: {0} ConnectingERROR to SIPVICIOUS server at {1} : " + ex.Message + " " + ex.InnerException, jobID, address));
}
string cmd1 = "cd /home/root/tools/sipvicious/"; //Hardcoded
sshShell.WriteLine(cmd1);
Thread.Sleep(1000); //Hardcoded
string stdout = sshShell.Expect(prompt);
Utils.Helper_Trace("XORCISM PROVIDER SIPVICIOUS", string.Format("JobID: {0} START DUMP STDOUT01", jobID));
Utils.Helper_Trace("XORCISM PROVIDER SIPVICIOUS", stdout);
Thread.Sleep(1000);
sshShell.WriteLine("./svmap.py " + target); //Hardcoded
Thread.Sleep(30000); //Hardcoded
stdout = sshShell.Expect(prompt);
Utils.Helper_Trace("XORCISM PROVIDER SIPVICIOUS", string.Format("JobID: {0} START DUMP STDOUT02", jobID));
Utils.Helper_Trace("XORCISM PROVIDER SIPVICIOUS", stdout);
//TODO
/*
* INFORMATION myInformation = new INFORMATION();
* //VulnerabilityFound vulnerabilityFound = new VulnerabilityFound();
* myInformation.EndPointID = theEndPointID;
* myInformation.JobID = m_jobId;
* //vulnerabilityFound.ListItem = Helper_GetCVE(n);
* //vulnerabilityFound.ListReference = Helper_GetREFERENCE(n); //TODO: Helper_GetCVE and Helper_GetREFERENCE could be mixed for only 1 parsing
* //vulnerabilityFound.InnerXml = n.OuterXml;
*
* myInformation.Description = HelperGetChildInnerText(n, "DIAGNOSIS");
* myInformation.Solution = HelperGetChildInnerText(n, "SOLUTION");
* myInformation.Severity = n.Attributes["severity"].Value;
* myInformation.Consequence = HelperGetChildInnerText(n, "CONSEQUENCE");
* myInformation.Result = HelperGetChildInnerText(n, "RESULT");
* myInformation.ModifiedDate = DateTime.Parse(HelperGetChildInnerText(n, "LAST_UPDATE"));
* if (HelperGetChildInnerText(n, "PCI_FLAG") == "1")
* {
* myInformation.PCI_FLAG = true;
* }
* myInformation.Title = "";
*
* model.AddToINFORMATION(myInformation);
* model.SaveChanges();
*/
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Update job status to FINISHED");
var j = from xJob in model.JOB
where xJob.JobID == jobID
select xJob;
JOB J = j.FirstOrDefault();
J.Status = XCommon.STATUS.FINISHED.ToString();
model.SaveChanges();
//FREE MEMORY
parser = null;
J = null;
model.Dispose();
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Leaving Run()"));
}
/* @default : port = "80"
* @default : strategy | tunning ="x"
*/
public void Run(string target, int jobID, string policy, string strategy)
{
Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", "Entering Run()");
Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("Target = {0} , JobID = {1} , Policy = {2}, Strategy = {3}", target, jobID, policy, strategy));
string targetmodified = target.ToLower().Replace("https://", "").Replace("http://", "");
XORCISMEntities model = new XORCISMEntities();
/* On initialise une var */
//SandcatParser sandcatParser = null;
string file = "";
Assembly a;
a = Assembly.GetExecutingAssembly();
file = string.Format("sandcat_{0}_{1}", DateTime.Now.Ticks, this.GetHashCode());
Process process = new Process();
try
{
//sandcatParser = new SandcatParser(target, jobID, policy, strategy);
Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", "SANDCAT Assembly location = " + a.Location);
Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("JobID: {0} Results will be stored in directory [{1}]", jobID, file));
string program;
program = Path.GetDirectoryName(a.Location) + "\\sandcatmini-4.2.5.0\\SandcatCS.exe"; //HARDCODED
Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("Using sandcat at '{0}'", program));
process.StartInfo.UseShellExecute = true;
try
{
process.StartInfo.FileName = program;
process.StartInfo.Arguments = " " + targetmodified + " -sn " + file; //HARDCODED
process.StartInfo.UseShellExecute = false;
process.StartInfo.RedirectStandardOutput = true;
process.StartInfo.RedirectStandardError = false;
process.StartInfo.CreateNoWindow = true;
// process.EnableRaisingEvents = true;
// process.Exited += new EventHandler(Process_Exited);
process.Start();
// Process.Start(vProgram,vIAnnotationLocal.Folder + vIAnnotationLocal.EntryPoint);
}
catch (Win32Exception vException)
{
if (vException.NativeErrorCode == ERROR_FILE_NOT_FOUND)
{
Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("ERROR_FILE_NOT_FOUND : Exception = {0}", vException.Message));
//return null;
}
else if (vException.NativeErrorCode == ERROR_ACCESS_DENIED)
{
Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("ERROR_ACCESS_DENIED : Exception = {0}", vException.Message));
//return null;
}
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", "JobID:" + jobID + "Exception RunningSandcat = " + ex.Message + " " + ex.InnerException);
}
Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("sandcat is running"));
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", "JobID:" + jobID + "Exception SandcatParser = " + ex.Message + " " + ex.InnerException);
}
try
{
Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("Waiting for sandcat to finish"));
process.WaitForExit(1800000); //3 hours
}
catch (Exception vException)
{
Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("TimeException = {0}", vException.Message));
//return null;
}
Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", "sandcat has finished");
StreamReader SR = process.StandardOutput;
string strOutput = SR.ReadToEnd();
Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("Output: " + strOutput));
//demo.testfire.net [80]_Vulns.log
string resultfile;
resultfile = Path.Combine(Path.GetDirectoryName(a.Location), "\\sandcatmini-4.2.5.0\\Rep\\" + file + "\\" + targetmodified + " [80]_Vulns.log"); //HARDCODED
/*
* "vname=search.aspx XSS",vpars=txtSearch,vlns=,vrisk=Medium,vpath=http://demo.testfire.net/search.aspx?txtSearch=[script]alert('Vulnerable')[/script],vstat=200,"f=Application Vuln.xrm"
* "vname=comment.aspx XSS",vpars=name,vlns=,vrisk=Medium,"vpath=http://demo.testfire.net/comment.aspx?cfile=comments.txt&name=[script]alert('Vulnerable')[/script]&email_addr=&subject=Sandcat&comments=&submit= Submit&reset= Clear Form",vstat=200,"f=Application Vuln (2).xrm"
* "vname=login.aspx XSS",vpars=uid,vlns=,vrisk=Medium,vpath=http://demo.testfire.net/bank/login.aspx?uid=[script]alert(document.cookie)[/script]&passw=&btnSubmit=Login,vstat=200,"f=Application Vuln (3).xrm"
* "vname=default.aspx Directory Traversal",vpars=content,vlns=,vrisk=High,vpath=http://demo.testfire.net/default.aspx?content=../../../../../../../../boot.ini%00inside_contact.htm,vstat=200,"f=Application Vuln (4).xrm"
*/
try
{
StreamReader myfilereader = new StreamReader(resultfile);
string ligne = myfilereader.ReadLine();
while (ligne != null)
{
Console.WriteLine(ligne);
VulnerabilityFound vulnerabilityFound = new VulnerabilityFound();
VulnerabilityEndPoint vulnerabilityEndPoint = new VulnerabilityEndPoint();
vulnerabilityFound.InnerXml = ligne;
vulnerabilityEndPoint.IpAdress = target;
vulnerabilityEndPoint.Port = 80; //TODO: à voir
vulnerabilityEndPoint.Protocol = "TCP"; //HARDCODED
vulnerabilityEndPoint.Service = "WWW";
string[] arInfo = new string[7];
char[] splitter = { ',' };
arInfo = ligne.Split(splitter);
for (int x = 0; x < arInfo.Length; x++)
{
if (arInfo[x].Contains("vname"))
{
vulnerabilityFound.Title = arInfo[x].Replace("vname=", "").Replace("\"", "");
}
else
{
if (arInfo[x].Contains("vpars"))
{
vulnerabilityFound.VulnerableParameter = arInfo[x].Replace("vpars=", "").Replace("\"", "");
}
else
{
if (arInfo[x].Contains("vrisk"))
{
vulnerabilityFound.Severity = arInfo[x].Replace("vrisk=", "").Replace("\"", "");
}
else
{
if (arInfo[x].Contains("vpath"))
{
vulnerabilityFound.Url = arInfo[x].Replace("vpath=", "").Replace("\"", "");
}
}
}
}
}
VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, jobID, "sandcat", model);
ligne = myfilereader.ReadLine();
}
myfilereader.Close();
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", "JobID:" + jobID + "Exception SandcatReader = " + ex.Message + " " + ex.InnerException + " " + resultfile);
}
string status = XCommon.STATUS.FINISHED.ToString();
// =================================================
// Change the status of the job to FINISHED or ERROR
// =================================================
/*
* if (sandcatParser.Parse() == false)
* {
* status = XCommon.STATUS.ERROR.ToString();
* Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("Updating job {0} status to ERROR", jobID));
* XCommon.Utils.Helper_SendEmail("*****@*****.**", "Sandcat ERROR", "Sandcat ERROR for job:" + jobID);
* }
* else
* {
* Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("Updating job {0} status to FINISHED", jobID));
* }
*/
try
{
var Q = from j in model.JOB
where j.JobID == jobID
select j;
JOB myJob = Q.FirstOrDefault();
myJob.Status = status;
myJob.DateEnd = DateTimeOffset.Now;
//image
System.Text.UTF8Encoding encoding = new System.Text.UTF8Encoding();
myJob.XmlResult = encoding.GetBytes(m_data);
model.SaveChanges();
//FREE MEMORY
model.Dispose();
// sandcatParser = null;
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", "JobID:" + jobID + "Exception UpdateJob = " + ex.Message + " " + ex.InnerException);
}
Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", "JobID:" + jobID + "Leaving Run()");
}
/* Choix de typage pour la var. policy
* en string plutot que int car en fait il y a la possibilité de passer aussi des chaines de char : "aggressive"...
*/
public void Run(string target, int jobID, string policy, string strategy)
{
//TODO: Input Validation
Utils.Helper_Trace("XORCISM PROVIDER W3AF", "Entering Run()");
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("Target = {0} , JobID = {1} , Policy = {2}", target, jobID, policy));
/* On initialise une var */
W3afParser w3afParser = null;
/* Name of XML result */
string xml_file;
xml_file = string.Format("result_{0}_{1}.xml", DateTime.Now.Ticks, this.GetHashCode());
try
{
w3afParser = new W3afParser(target, jobID, policy, strategy, xml_file);
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER W3AF", "JobID:" + jobID + "Exception w3afParser = " + ex.Message + " " + ex.InnerException);
}
string status = XCommon.STATUS.FINISHED.ToString();
// ==============================
// Have an instance of W3afScript
// ==============================
// Create the script w3af
w3afParser.create_Script();
// =================================================
// Change the status of the job to FINISHED or ERROR
// =================================================
if (w3afParser.Parse(xml_file) == false)
{
status = XCommon.STATUS.ERROR.ToString();
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("Updating job {0} status to ERROR", jobID));
XCommon.Utils.Helper_SendEmail("*****@*****.**", "W3af ERROR", "W3af ERROR for job:" + jobID);
}
else
{
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("Updating job {0} status to FINISHED", jobID));
}
try
{
XORCISMEntities model = new XORCISMEntities();
var Q = from j in model.JOB
where j.JobID == jobID
select j;
JOB myJob = Q.FirstOrDefault();
myJob.Status = status;
myJob.DateEnd = DateTimeOffset.Now;
//image
System.Text.UTF8Encoding encoding = new System.Text.UTF8Encoding();
myJob.XmlResult = encoding.GetBytes(m_data);
model.SaveChanges();
//FREE MEMORY
model.Dispose();
w3afParser = null;
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER W3AF", "JobID:" + jobID + "Exception UpdateJob = " + ex.Message + " " + ex.InnerException);
}
Utils.Helper_Trace("XORCISM PROVIDER W3AF", "JobID:" + jobID + "Leaving Run()");
}
public bool CancelJob(int jobID)
{
Utils.Helper_Trace("AGENT SERVICE", "Entering CancelJob()");
if (g_MapThread.ContainsKey(jobID) == false)
{
Utils.Helper_Trace("AGENT SERVICE", string.Format("Job {0} has not been found in map", jobID));
try
{
//Updating the status of the Running Jobs
Utils.Helper_Trace("AGENT SERVICE", "Updating the status of the Running Jobs...");
XORCISMEntities model;
model = new XORCISMEntities();
string Status = XCommon.STATUS.RUNNING.ToString();
var myRunningJobs = from rj in model.JOB
where rj.JobID == jobID && rj.Status == Status
select rj;
foreach (JOB J in myRunningJobs.ToList())
{
J.Status = XCommon.STATUS.CANCELED.ToString();
J.DateEnd = DateTimeOffset.Now;
model.SaveChanges();
Utils.Helper_Trace("AGENT SERVICE", string.Format("Job {0} canceled", J.JobID));
}
model.Dispose();
Utils.Helper_Trace("AGENT SERVICE", "Status updated");
}
catch (Exception ex)
{
Utils.Helper_Trace("AGENT SERVICE", string.Format("Error in CancelJob. Exception = {0} {1}", ex.Message, ex.InnerException));
return(false);
}
Utils.Helper_Trace("AGENT SERVICE", "Leaving CancelJob()");
return(true);
}
else
{
try
{
ThreadContext threadContext;
threadContext = g_MapThread[jobID];
threadContext.Thread.Abort();
g_MapThread.Remove(jobID);
}
catch (Exception ex)
{
Utils.Helper_Trace("AGENT SERVICE", string.Format("Error in CancelJob threadContext. Exception = {0} {1}", ex.Message, ex.InnerException));
return(false);
}
}
Utils.Helper_Trace("AGENT SERVICE", "Leaving CancelJob()");
// Finished
return(true);
}