protected override void OnInit(EventArgs e)
{
base.OnInit(e);
Guid hpid = new Guid(this.Request ["hpid"]);
Guid hid = new Guid(this.Request ["hid"]);
PersistentNMapHost host = this.CurrentProfile.CurrentResults.PersistentHosts
.Where(h => h.ProfileHost.ID == hid)
.Single();
PersistentPort port = host.PersistentPorts
.Where(p => p.ID == hpid)
.SingleOrDefault();
if (port == null)
{
return;
}
bool isNessus = false;
bool isNexpose = false;
bool isOpenVAS = false;
bool isMetasploit = false;
PersistentProfile profile = this.CurrentProfile;
host = profile.CurrentResults.PersistentHosts.Where(h => h.ProfileHost.ID == hid && h.IsActive).SingleOrDefault();
PersistentScan latestScan = this.CurrentScanSession.CreateCriteria <PersistentScan> ()
.Add(Restrictions.Eq("ParentProfileID", profile.ID))
.Add(Restrictions.Eq("HasRun", true))
.List <PersistentScan> ()
.LastOrDefault();
PersistentNessusScan nssScan = this.CurrentScanSession.CreateCriteria <PersistentNessusScan> ()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentNessusScan> ()
.SingleOrDefault();
if (nssScan != null)
{
isNessus = true;
}
PersistentOpenVASScan ovasScan = this.CurrentScanSession.CreateCriteria <PersistentOpenVASScan> ()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentOpenVASScan> ()
.SingleOrDefault();
if (ovasScan != null)
{
isOpenVAS = true;
}
PersistentNexposeScan nxScan = this.CurrentScanSession.CreateCriteria <PersistentNexposeScan> ()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentNexposeScan> ()
.SingleOrDefault();
if (nxScan != null)
{
isNexpose = true;
}
PersistentMetasploitScan msfScan = this.CurrentScanSession.CreateCriteria <PersistentMetasploitScan> ()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentMetasploitScan> ()
.SingleOrDefault();
if (msfScan != null)
{
isMetasploit = true;
}
if (isOpenVAS)
{
lblOpenVASPortResults.Text = "<h2><u>OpenVAS Results</u></h2>";
var results = ovasScan.PersistentResults.Where(r => r.Threat != "Log" && r.Host == host.IPAddressv4 && r.Port.Contains("(" + port.PortNumber + "/")).ToList();
List <DataTableObject> objs = new List <DataTableObject> ();
foreach (var result in results)
{
DataTableObject obj = new DataTableObject();
obj.Name = result.PersistentNVT.Name;
obj.Threat = result.Threat;
objs.Add(obj);
}
if (objs.Count() == 0)
{
lblOpenVASPortResults.Text = string.Empty;
lblOpenVASPortResults.Visible = false;
gvOpenVASPortResults.Visible = false;
}
else
{
gvOpenVASPortResults.DataSource = objs.Where(o => o.Threat != "Log").ToList();
gvOpenVASPortResults.DataBind();
}
}
else
{
gvOpenVASPortResults.Visible = false;
}
if (isNessus)
{
lblNessusPortResults.Text = "<h2><u>Nessus Results</u></h2>";
PersistentNessusReportHost nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).Single();
var items = nssHost.PersistentReportItems.Where(i => i.Severity != "0" && i.Port == port.PortNumber.ToString());
List <DataTableObject> objs = new List <DataTableObject> ();
foreach (var item in items)
{
DataTableObject obj = new DataTableObject();
obj.Name = item.PluginName;
obj.Threat = item.Severity;
objs.Add(obj);
}
if (objs.Count() == 0)
{
lblNessusPortResults.Text = string.Empty;
lblNessusPortResults.Visible = false;
gvNessusPortResults.Visible = false;
}
else
{
gvNessusPortResults.DataSource = objs.OrderByDescending(o => o.Threat).ToList();
gvNessusPortResults.DataBind();
}
}
else
{
gvNessusPortResults.Visible = false;
}
if (isNexpose)
{
lblNexposePortResults.Text = "<h2><u>Nexpose Results</u></h2>";
List <DataTableObject> objs = new List <DataTableObject> ();
PersistentNexposeAsset nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).Single();
if (nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Count() > 0)
{
PersistentNexposeHostService service = nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Single();
var tests = service.PersistentTests.Where(s => s.Status == "vulnerable-exploited" || s.Status == "vulnerable-version");
foreach (var test in tests)
{
DataTableObject obj = new DataTableObject();
string n = (new Regex("<.*?>", RegexOptions.Compiled)).Replace((test as NexposeTest).NexposeParagraph, string.Empty).Replace("<", "<").Replace(">", ">");
if (objs.Where(o => o.Name == n).Count() > 0)
{
continue;
}
obj.Name = n;
obj.Threat = test.IsPCICompliant ? "Pass" : "Fail";
objs.Add(obj);
}
}
if (objs.Count() == 0)
{
lblNexposePortResults.Text = string.Empty;
lblNexposePortResults.Visible = false;
gvNexposePortResults.Visible = false;
}
else
{
gvNexposePortResults.DataSource = objs.OrderByDescending(o => o.Name).ToList();
gvNexposePortResults.DataBind();
}
}
else
{
gvNexposePortResults.Visible = false;
}
if (isMetasploit)
{
PersistentMetasploitHost msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).Single();
var creds = msfHost.PersistentCredentials.Where(c => c.Port == port.PortNumber);
var sessions = msfHost.PersistentSessions.Where(s => s.Port == port.PortNumber.ToString());
}
else
{
}
if (port.Service == "ssh")
{
PersistentSSLScanResults sslResults = this.CurrentScanSession.CreateCriteria <PersistentSSLScanResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentSSLScanResults> ()
.FirstOrDefault();
if (sslResults != null)
{
//lblSSLScanHeader.Text = "<br /><br /><h3><u>SSL Scan Results</u></h3>";
//lblSSLScan.Text = sslResults.FullOutput.Replace ("\n", ",<br />");
}
}
if (port.Service == "snmp")
{
PersistentOneSixtyOneResults snmpResults = this.CurrentScanSession.CreateCriteria <PersistentOneSixtyOneResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentOneSixtyOneResults> ()
.FirstOrDefault();
if (snmpResults != null)
{
lblSNMPResultsHeader.Text = "<br /><br /><h3><u>SNMP Results</u></h3>";
lblSNMPResults.Text = snmpResults.FullOutput.Replace("\n", ",<br />");
}
}
else if (port.Service == "smb")
{
PersistentSMBClientResults smbResults = this.CurrentScanSession.CreateCriteria <PersistentSMBClientResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentSMBClientResults> ()
.FirstOrDefault();
if (smbResults != null)
{
lblSMBScanHeader.Text = "<br /><br /><h3><u>SMB Results</u></h3>";
lblSMBScan.Text = smbResults.FullOutput.Replace("\n", ",<br />");
}
}
else if (port.Service == "http" || port.Service == "https")
{
if (port.Service == "https")
{
PersistentSSLScanResults sslResults = this.CurrentScanSession.CreateCriteria <PersistentSSLScanResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentSSLScanResults> ()
.FirstOrDefault();
if (sslResults != null)
{
//lblSSLScanHeader.Text = "<br /><br /><h3><u>SSL Scan Results</u></h3>";
//lblSSLScan.Text = sslResults.FullOutput.Replace ("\n", ",<br />");
}
}
PersistentWapitiResults wapitiResults = this.CurrentScanSession.CreateCriteria <PersistentWapitiResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentWapitiResults> ()
.FirstOrDefault();
IList <PersistentSQLMapResults> results = this.CurrentScanSession.CreateCriteria <PersistentSQLMapResults> ()
.Add(Restrictions.Eq("ParentHostPortID", hpid))
.List <PersistentSQLMapResults> ();
List <PersistentSQLMapVulnerability> vulns = new List <PersistentSQLMapVulnerability> ();
foreach (var result in results)
{
vulns.AddRange(result.PersistentVulnerabilities.ToList());
}
if (wapitiResults != null && wapitiResults.Bugs != null)
{
var sqlInjectionPoints = wapitiResults.Bugs.Where(b => b.Info.Contains("SQL Injection") && !b.Info.Contains("Blind")).ToList();
var wxss = wapitiResults.Bugs.Where(b => b.Info.Contains("XSS")).ToList();
var wincludes = wapitiResults.Bugs.Where(b => b.Info.Contains("include"));
var wexecution = wapitiResults.Bugs.Where(b => b.Info.Contains("execution"));
List <NotSQLWebVuln> xss = new List <NotSQLWebVuln> ();
List <NotSQLWebVuln> includes = new List <NotSQLWebVuln> ();
List <NotSQLWebVuln> execution = new List <NotSQLWebVuln> ();
foreach (var x in wxss)
{
NotSQLWebVuln v = new NotSQLWebVuln();
v.Method = x.URL.Contains(x.Parameter) ? "GET" : "POST";
v.Parameter = x.Parameter;
v.URL = x.URL;
xss.Add(v);
}
foreach (var x in wincludes)
{
NotSQLWebVuln i = new NotSQLWebVuln();
i.Method = x.URL.Contains(x.Parameter) ? "GET" : "POST";
i.Parameter = x.Parameter;
i.URL = x.URL;
includes.Add(i);
}
foreach (var x in wexecution)
{
NotSQLWebVuln ex = new NotSQLWebVuln();
ex.Method = x.URL.Contains(x.Parameter) ? "GET" : "POST";
ex.Parameter = x.Parameter;
ex.URL = x.URL;
execution.Add(ex);
}
lblXSS.Text = "XSS Vulnerabilities";
gvXSS.DataSource = xss;
gvXSS.DataBind();
lblIncludes.Text = "Remote and Local File Include Vulnerabilities";
gvIncludes.DataSource = includes;
gvIncludes.DataBind();
lblCommandExecution.Text = "Remote Command Execution Vulnerabilities";
gvCommandExecution.DataSource = execution;
gvCommandExecution.DataBind();
if (sqlInjectionPoints.Count() > 0)
{
List <WebVuln> exploitedVulns = new List <WebVuln> ();
List <WebVuln> otherVulns = new List <WebVuln> ();
foreach (var bug in sqlInjectionPoints)
{
WebVuln v = new WebVuln();
v.URL = bug.URL;
v.Method = (bug.URL.Contains(bug.Parameter) ? "GET" : "POST");
var vul = vulns.Where(vuln => vuln.Target == bug.URL).FirstOrDefault();
v.IsExploitable = (vul != null) ? "Exploited with " + vul.PayloadType + " SQL injection." : string.Empty;
foreach (string parm in bug.Parameter.Split('&'))
{
if (parm.Contains("%BF%27%22%28"))
{
v.Parameter = "<b>" + parm.Split('=') [0] + "</b>";
}
else if (parm.Contains("%27+or+sleep%287%29%23"))
{
v.Parameter = parm.Split('=') [0];
if (string.IsNullOrEmpty(v.IsExploitable))
{
v.IsExploitable = "Exploited with a blind SQL injection.";
}
}
}
if (string.IsNullOrEmpty(v.IsExploitable))
{
otherVulns.Add(v);
continue;
}
exploitedVulns.Add(v);
}
lblPossibleSQLInjections.Text = "Possible SQL Injection Vulnerabilities";
gvPossibleInjectionPoints.DataSource = otherVulns;
gvPossibleInjectionPoints.DataBind();
lblSQLInjections.Text = "Exploitable SQL Injection Vulnerabilities";
gvSQLInjections.DataSource = exploitedVulns;
gvSQLInjections.DataBind();
}
}
PersistentNiktoResults niktoResults = this.CurrentScanSession.CreateCriteria <PersistentNiktoResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentNiktoResults> ()
.FirstOrDefault();
if (niktoResults != null)
{
lblNiktoResultsHeader.Text = "<h3><u>General Information or Insecure Configurations</u></h3>";
lblNiktoResults.Text = "<ul>";
foreach (var item in niktoResults.Items.Where(i => !string.IsNullOrEmpty(i.Data)))
{
lblNiktoResults.Text += "<li style=\"margin:5px;\">" + item.Data.Remove(0, 2) + "</li>";
}
lblNiktoResults.Text += "</ul>";
}
}
if (string.IsNullOrEmpty(lblNiktoResults.Text) && !string.IsNullOrEmpty(port.DeepScan))
{
lblNiktoResultsHeader.Text = "<h2><u>Deep scan results</u></h2>";
lblNiktoResults.Text = port.DeepScan.Replace("\n", "<br />");
}
}
public static void Main()
{
string conn = "Server=" + ConfigurationManager.AppSettings ["PostgreSQL"] + ";";
conn += "Port=" + ConfigurationManager.AppSettings ["PostgreSQLPort"] + ";";
conn += "Database=rising_sun;";
conn += "User Id=" + ConfigurationManager.AppSettings ["PostgreSQLUser"] + ";";
conn += "Password="******"PostgreSQLPass"] + ";";
conn += "SSL=true;";
IPersistenceConfigurer config = PostgreSQLConfiguration.PostgreSQL82
.ConnectionString(conn);
ISessionFactory factory = Fluently.Configure()
.Database(config)
.Mappings(m =>
m.FluentMappings.AddFromAssemblyOf <PersistentProfile> ())
.Mappings(m =>
m.FluentMappings.AddFromAssemblyOf <PersistentOpenVASNVT> ())
.Mappings(m =>
m.FluentMappings.AddFromAssemblyOf <PersistentNessusScan> ())
.Mappings(m =>
m.FluentMappings.AddFromAssemblyOf <PersistentNexposeScan> ())
.Mappings(m =>
m.FluentMappings.AddFromAssemblyOf <PersistentMetasploitScan> ())
.BuildSessionFactory();
Dictionary <string, string> conf = null;
IList <PersistentProfile> profilesToRun;
using (ISession session = factory.OpenSession())
using (ITransaction trans = session.BeginTransaction()) {
profilesToRun = session.CreateCriteria <PersistentProfile> ()
.Add(Restrictions.Eq("HasRun", false))
.Add(Restrictions.Eq("IsActive", true))
.List <PersistentProfile> ();
foreach (PersistentProfile profile in profilesToRun)
{
if (profile.VirtualMachines.Count > 0)
{
using (VirtualboxManager manager = new VirtualboxManager("vboxmanage"))
{
foreach (var vm in profile.VirtualMachines)
{
manager.StartVirtualMachine(vm);
}
}
Console.WriteLine("Letting vm's settle...waiting a bit");
for (int i = 0; i < 10; i++)
{
Console.Write(i);
System.Threading.Thread.Sleep(new TimeSpan(0, 0, 60));
}
}
List <List <IToolResults> > toolResults = null;
conf = new Dictionary <string, string> ();
conf.Add("sqlmapPath", ConfigurationManager.AppSettings ["sqlmapPath"]);
conf.Add("wapitiPath", ConfigurationManager.AppSettings ["wapitiPath"]);
conf.Add("nmapPath", ConfigurationManager.AppSettings ["nmapPath"]);
conf.Add("niktoPath", ConfigurationManager.AppSettings ["niktoPath"]);
conf.Add("onesixtyonePath", ConfigurationManager.AppSettings ["onesixtyonePath"]);
conf.Add("sslscanPath", ConfigurationManager.AppSettings ["sslscanPath"]);
conf.Add("smbclientPath", ConfigurationManager.AppSettings ["smbclientPath"]);
conf.Add("traceroutePath", ConfigurationManager.AppSettings ["traceroutePath"]);
conf.Add("whoisPath", ConfigurationManager.AppSettings ["whoisPath"]);
conf.Add("profileID", profile.ID.ToString());
conf.Add("API", ConfigurationManager.AppSettings["API"]);
conf.Add("UserID", ConfigurationManager.AppSettings["userID"]);
profile.Configuration = conf;
string newRange = string.Empty;
foreach (var host in profile.ProfileHosts)
{
newRange += host.IPv4Address + " ";
}
profile.Range = newRange;
profile.Run(out toolResults);
profile.CurrentResults.SetCreationInfo(profile.WebUserID);
foreach (PersistentNMapHost host in profile.CurrentResults.PersistentHosts)
{
host.CleanHost();
host.ProfileHost = profile.ProfileHosts.Where(ph => ph.IPv4Address == host.IPAddressv4).Single();
foreach (PersistentPort port in host.PersistentPorts)
{
port.CleanPort();
port.ParentProfile = profile;
port.SetCreationInfo(profile.WebUserID);
}
foreach (List <IToolResults> list in toolResults)
{
foreach (IToolResults results in list.Where(k => k.HostIPAddressV4 == host.IPAddressv4))
{
//this isn't very refactor friendly
//You can't switch on the Type supplied by GetType() since types can be ambiguous
switch (results.GetType().Name)
{
case "SSLScanToolResults":
PersistentSSLScanResults ssl = new PersistentSSLScanResults(results as SSLScanToolResults);
ssl.HostPortID = host.PersistentPorts.Where(pp => pp.PortNumber == ssl.HostPort).FirstOrDefault().ID;
ssl.SetCreationInfo(Guid.Empty);
session.Save(ssl);
break;
case "NiktoToolResults":
PersistentNiktoResults nikto = new PersistentNiktoResults(results as NiktoToolResults);
nikto.Items = new List <PersistentNiktoItem>();
string[] items = nikto.ParseOutput().ToArray();
foreach (string item in items)
{
PersistentNiktoItem i = new PersistentNiktoItem();
DateTime now = DateTime.Now;
i.ID = Guid.NewGuid();
i.CreatedBy = Guid.Empty;
i.CreatedOn = now;
i.Data = item;
i.LastModifiedBy = Guid.Empty;
i.LastModifiedOn = now;
i.IsActive = true;
session.Save(i);
nikto.Items.Add(i);
}
nikto.HostPortID = host.PersistentPorts.Where(pp => pp.PortNumber == nikto.HostPort).FirstOrDefault().ID;
nikto.SetCreationInfo(Guid.Empty);
session.Save(nikto);
break;
case "OneSixtyOneToolResults":
PersistentOneSixtyOneResults onesixtyone = new PersistentOneSixtyOneResults(results as OneSixtyOneToolResults);
onesixtyone.ParentPort = host.PersistentPorts.Where(pp => pp.PortNumber == onesixtyone.HostPort).FirstOrDefault();
onesixtyone.HostPortID = onesixtyone.ParentPort.ID;
onesixtyone.SetCreationInfo(Guid.Empty);
session.Save(onesixtyone);
break;
case "SMBClientToolResults":
PersistentSMBClientResults smb = new PersistentSMBClientResults(results as SMBClientToolResults);
smb.ParentPort = host.PersistentPorts.Where(pp => pp.PortNumber == smb.HostPort).FirstOrDefault();
smb.SetCreationInfo(Guid.Empty);
//session.Save (smb);
break;
case "WhoisToolResults":
PersistentWhoisResults whois = new PersistentWhoisResults(results as WhoisToolResults);
whois.ParentNMapHost = host;
whois.SetCreationInfo(Guid.Empty);
session.Save(whois);
break;
case "TracerouteToolResults":
PersistentTracerouteResults tracert = new PersistentTracerouteResults(results as TracerouteToolResults);
tracert.ParentNMapHost = host;
tracert.SetCreationInfo(Guid.Empty);
session.Save(tracert);
break;
default:
throw new Exception("Don't know type: " + results.GetType().Name);
}
}
}
host.SetCreationInfo(profile.WebUserID);
}
profile.RunAfter = DateTime.Now.AddDays(profile.RunEvery.Days);
profile.HasRun = true;
session.SaveOrUpdate(profile);
}
try {
trans.Commit();
} catch (Exception ex) {
trans.Rollback();
throw ex;
}
}
IList <PersistentScan> scansToRun;
using (ISession session = factory.OpenSession()) {
scansToRun = session.CreateCriteria <PersistentScan> ()
.Add(Restrictions.Eq("HasRun", false))
.Add(Restrictions.Eq("IsActive", true))
.List <PersistentScan> ();
foreach (var scan in scansToRun)
{
scan.ParentProfile.CurrentResults.PopulateNonPersistentHosts();
if (scan.ParentProfile.VirtualMachines.Count > 0)
{
using (VirtualboxManager manager = new VirtualboxManager("vboxmanage"))
{
foreach (var vm in scan.ParentProfile.VirtualMachines)
{
manager.StartVirtualMachine(vm);
}
}
}
NessusScan nessusScan = null;
NexposeScan nexposeScan = null;
OpenVASScan openvasScan = null;
MetasploitScan metasploitScan = null;
Dictionary <NMapHost, IList <IToolResults> > toolResults = new Dictionary <NMapHost, IList <IToolResults> > ();
conf = new Dictionary <string, string> ();
if (scan.ScanOptions.IsSQLMap)
{
conf.Add("wapitiPath", ConfigurationManager.AppSettings ["wapitiPath"]);
conf.Add("sqlmapPath", ConfigurationManager.AppSettings ["sqlmapPath"]);
conf.Add("isSQLMap", "true");
}
else
{
conf.Add("isSQLMap", "false");
}
if (scan.ScanOptions.IsDSXS)
{
if (!conf.ContainsKey("wapitiPath"))
{
conf.Add("wapitiPath", ConfigurationManager.AppSettings ["wapitiPath"]);
}
conf.Add("dsxsPath", ConfigurationManager.AppSettings ["dsxsPath"]);
}
if (scan.ScanOptions.IsNessusAssessment)
{
conf.Add("nessusHost", ConfigurationManager.AppSettings ["nessusHost"]);
conf.Add("nessusUser", ConfigurationManager.AppSettings ["nessusUser"]);
conf.Add("nessusPass", ConfigurationManager.AppSettings ["nessusPass"]);
}
if (scan.ScanOptions.IsNexposeAssessment)
{
conf.Add("nexposeHost", ConfigurationManager.AppSettings ["nexposeHost"]);
conf.Add("nexposeUser", ConfigurationManager.AppSettings ["nexposeUser"]);
conf.Add("nexposePass", ConfigurationManager.AppSettings ["nexposePass"]);
}
if (scan.ScanOptions.IsOpenVASAssessment)
{
conf.Add("openvasHost", ConfigurationManager.AppSettings ["openvasHost"]);
conf.Add("openvasUser", ConfigurationManager.AppSettings ["openvasUser"]);
conf.Add("openvasPass", ConfigurationManager.AppSettings ["openvasPass"]);
string url = ConfigurationManager.AppSettings ["API"] + "/GetOpenVASConfigs.ashx";
HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest;
string xml = string.Empty;
using (StreamReader reader = new StreamReader(request.GetResponse().GetResponseStream()))
xml = reader.ReadToEnd();
XmlDocument doc = new XmlDocument();
doc.LoadXml(xml);
List <OpenVASConfig> configs = new List <OpenVASConfig> ();
foreach (XmlNode c in doc.FirstChild.ChildNodes)
{
configs.Add(new OpenVASConfig(c));
}
conf.Add("openvasConfig", configs.Where(c => c.Name == "Full and fast").Single().RemoteConfigID.ToString());
}
if (scan.ScanOptions.IsMetasploitAssessment)
{
conf.Add("tmpSshfsDir", ConfigurationManager.AppSettings ["tmpSshfsDir"]);
conf.Add("metasploitHost", ConfigurationManager.AppSettings ["metasploitHost"]);
conf.Add("metasploitUser", ConfigurationManager.AppSettings ["metasploitUser"]);
conf.Add("metasploitPass", ConfigurationManager.AppSettings ["metasploitPass"]);
}
scan.Configuration = conf;
scan.Run(out nessusScan, out nexposeScan, out openvasScan, out metasploitScan, out toolResults);
if (toolResults == null)
{
if (scan.ParentProfile.VirtualMachines.Count > 0)
{
using (VirtualboxManager manager = new VirtualboxManager("vboxmanage"))
{
foreach (var vm in scan.ParentProfile.VirtualMachines)
{
manager.StopVirtualMachine(vm);
}
}
}
continue;
}
///this is really super dirty
///coded myself into a corner, gotta unwind
foreach (KeyValuePair <NMapHost, IList <IToolResults> > pair in toolResults)
{
foreach (IToolResults results in pair.Value)
{
if (results is WapitiToolResults)
{
PersistentWapitiResults wapiti = new PersistentWapitiResults(results as WapitiToolResults);
foreach (var host in scan.ParentProfile.CurrentResults.PersistentHosts)
{
foreach (PersistentPort pport in host.PersistentPorts)
{
if (pport.PortNumber == (results as WapitiToolResults).HostPort &&
pport.ParentHost.IPAddressv4 == (results as WapitiToolResults).HostIPAddressV4)
{
wapiti.HostPortID = pport.ID;
wapiti.SetCreationInfo(Guid.Empty);
session.Save(wapiti);
}
}
}
}
else if (results is SQLMapResults)
{
PersistentSQLMapResults pr = new PersistentSQLMapResults(results as SQLMapResults);
foreach (var host in scan.ParentProfile.CurrentResults.PersistentHosts)
{
foreach (PersistentPort pport in host.PersistentPorts)
{
if (pport.PortNumber == (results as SQLMapResults).ParentHostPort.PortNumber &&
pport.ParentHost.IPAddressv4 == (results as SQLMapResults).ParentHostPort.ParentIPAddress)
{
pr.ParentHostPort = pport;
pr.SetCreationInfo(Guid.Empty);
session.Save(pr);
}
}
}
}
}
}
if (scan.ScanOptions.IsNessusAssessment)
{
PersistentNessusScan s = new PersistentNessusScan(nessusScan);
s.SetCreationInfo(Guid.Empty, true);
s.ParentScanID = scan.ID;
session.Save(s);
}
if (scan.ScanOptions.IsOpenVASAssessment)
{
PersistentOpenVASScan s = new PersistentOpenVASScan(openvasScan);
s.SetCreationInfo(Guid.Empty, true);
s.ParentScanID = scan.ID;
session.Save(s);
}
if (scan.ScanOptions.IsNexposeAssessment)
{
PersistentNexposeScan s = new PersistentNexposeScan(nexposeScan);
s.SetCreationInfo(Guid.Empty, true);
s.ParentScanID = scan.ID;
session.Save(s);
}
if (scan.ScanOptions.IsMetasploitAssessment)
{
PersistentMetasploitScan s = new PersistentMetasploitScan(metasploitScan);
s.SetCreationInfo(Guid.Empty, true);
s.ParentScanID = scan.ID;
session.Save(s);
}
scan.HasRun = true;
Console.WriteLine("Saving!");
using (ITransaction trans = session.BeginTransaction()) {
session.SaveOrUpdate(scan);
try {
trans.Commit();
} catch (Exception ex) {
trans.Rollback();
Console.WriteLine("Save failed!");
throw ex;
}
}
if (scan.ParentProfile.VirtualMachines.Count > 0)
{
using (VirtualboxManager manager = new VirtualboxManager("vboxmanage"))
{
foreach (var vm in scan.ParentProfile.VirtualMachines)
{
manager.StopVirtualMachine(vm);
}
}
}
}
}
// while (true) {
// DateTime start = new DateTime ();
// IPAddress ipAd = IPAddress.Parse ("127.0.0.1");
//
// TcpListener list = new TcpListener (ipAd, 8082);
//
// list.Start ();
//
// TcpClient c = list.AcceptTcpClient ();
//
// ASCIIEncoding enc = new ASCIIEncoding ();
// byte[] b = new byte[1024];
// string xml = string.Empty;
//
// using (NetworkStream stream = c.GetStream ()) {
// do {
// stream.Read (b, 0, b.Length);
// xml += xml + enc.GetString (b);
//
// } while (stream.DataAvailable);
//
// start = DateTime.Now;
//
// XmlDocument doc = new XmlDocument ();
// doc.LoadXml (xml);
//
// foreach (XmlNode node in doc.ChildNodes) {
//
// if (node.Name == "create") {
// if (node.Name == "scan") {
//
// Scan scan = new Scan ();
//
// if (node.HasChildNodes) {
// foreach (XmlNode child in node.ChildNodes) {
//
// if (child.Name == "host")
// scan.Host = child.InnerText; else if (child.Name == "range")
//
// scan.Range = child.InnerText; else if (child.Name == "type") {
// if (child.InnerText == "profile")
//
// scan.ScanType = ScanType.Profile; else if (child.InnerText == "full")
// scan.ScanType = ScanType.Full;
// }
// }
// }
//
//
//
// scan.Run ();
// } else if (node.Name == "get") {
//
// } else if (node.Name == "destroy") {
//
// }
//
// }
//
// }
//
// TimeSpan tt = DateTime.Now.Subtract (start);
//
// string complete = String.Format ("The scan has been run... Took {0} minutes, {1} seconds.\n", tt.Minutes, tt.Seconds);
//
// stream.Write (enc.GetBytes (complete), 0, complete.Length);
// }
//
// list.Stop ();
// }
}