public override void ProcessRequest(HttpContext context)
{
ISession sess = this.CurrentSession;
PersistentUser user = sess.Get <PersistentUser>(new Guid(context.Request["UserID"]));
PersistentClient client = sess.Get <PersistentClient>(new Guid(context.Request["ClientID"]));
if (user == null || !user.HasAPIAccess)
{
throw new Exception("no api access");
}
if (client == null || !client.HasAPIAccess)
{
throw new Exception("no api access");
}
bool isActive = bool.Parse(context.Request["IsActive"]);
Guid profileID = new Guid(context.Request["ProfileID"]);
PersistentProfile profile = sess.Get <PersistentProfile>(profileID);
string xml = profile.ToPersistentXml();
context.Response.Write(xml);
}
protected void btnCreateProfile_Click(object sender, EventArgs e)
{
string url = ConfigurationManager.AppSettings["API"] + "/CreateProfile.ashx" +
"?WebUserID=" + this.CurrentUser.ID.ToString() +
"&UserID=" + ConfigurationManager.AppSettings["UserID"] +
"&ClientID=" + ConfigurationManager.AppSettings["ClientID"] +
"&ProfileDomain=" + Session["CreateProfile?CurrentHost"] +
"&ProfileSchedule=" + Session["CreateProfile?ProfileSchedule"] +
"&ProfileDescription=" + Session["CreateProfile?ProfileDescription"] +
"&ProfileName=" + Session["CreateProfile?ProfileName"];
WebRequest request = WebRequest.Create(url);
string xml = string.Empty;
using (StreamReader reader = new StreamReader(request.GetResponse().GetResponseStream()))
xml = reader.ReadToEnd();
XmlDocument doc = new XmlDocument();
doc.LoadXml(xml);
PersistentProfile profile = new PersistentProfile(doc.FirstChild);
this.CurrentProfile = profile;
Response.Redirect("/ViewProfile.aspx?pid=" + profile.ID.ToString());
}
private string MakeProfile()
{
string url = ConfigurationManager.AppSettings["API"] + "/CreateProfile.ashx" +
"?WebUserID=" + ddlUser.SelectedValue +
"&UserID=" + ConfigurationManager.AppSettings["UserID"] +
"&ClientID=" + ConfigurationManager.AppSettings["ClientID"] +
"&ProfileDomain=" + txtHosts.Text +
"&ProfileSchedule=" + "30" + //30 days
"&ProfileDescription=" + "Created through the admin interface" +
"&ProfileName=" + txtProfileName.Text;
WebRequest request = WebRequest.Create(url);
string xml = string.Empty;
using (StreamReader reader = new StreamReader(request.GetResponse().GetResponseStream()))
xml = reader.ReadToEnd();
XmlDocument doc = new XmlDocument();
doc.LoadXml(xml);
PersistentProfile profile = new PersistentProfile(doc.FirstChild);
return(profile.ID.ToString());
}
public override void ProcessRequest(HttpContext context)
{
ISession s = this.CurrentSession;
using (ITransaction t = s.BeginTransaction()) {
Guid userID = new Guid(context.Request ["UserID"]);
Guid clientID = new Guid(context.Request ["ClientID"]);
PersistentUser user = s.Get <PersistentUser> (userID);
PersistentClient client = s.Get <PersistentClient> (clientID);
if (user == null || !user.HasAPIAccess)
{
throw new Exception("no api access");
}
if (client == null || !client.HasAPIAccess)
{
throw new Exception("no api access");
}
PersistentProfile p = s.Get <PersistentProfile>(new Guid(context.Request["ProfileID"]));
DateTime now = DateTime.Now;
PersistentProfileHost host = new PersistentProfileHost(new Guid(context.Request ["WebUserID"]));
host.ParentProfile = p;
host.Name = context.Request["HostSubDomain"];
host.IPv4Address = Dns.GetHostEntry(context.Request["HostSubDomain"]).AddressList [0].ToString();
host.VerifiedByFile = true;
host.VerifiedByWhois = true;
host.VerifiedOn = DateTime.Now;
host.WasManuallyVerified = false;
host.IsVerified = true;
host.CreatedBy = Guid.Empty;
host.CreatedOn = now;
host.LastModifiedBy = Guid.Empty;
host.LastModifiedOn = now;
host.IsActive = true;
p.Range += " " + host.IPv4Address;
p.SetUpdateInfo(Guid.Empty, true);
s.Save(p);
s.Save(host);
try {
t.Commit();
} catch (Exception ex) {
t.Rollback();
throw ex;
}
string xml = host.ToPersistentXML(false /*include nmap hosts? no, because none exist right now*/);
context.Response.Write(xml);
}
}
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
HttpWebRequest request = WebRequest
.Create(ConfigurationManager.AppSettings["API"] + "/GetProfile.ashx" +
"?WebUserID=" + this.CurrentUser.UserID.ToString() +
"&UserID=" + ConfigurationManager.AppSettings["UserID"] +
"&IsActive=" + true +
"&ProfileID=" + Request["pid"] +
"&ClientID=" + ConfigurationManager.AppSettings["ClientID"]) as HttpWebRequest;
WebResponse response = request.GetResponse();
XmlDocument doc = new XmlDocument();
string xml = string.Empty;
byte[] buff = new byte[2048];
int bytes = 0;
using (Stream stream = response.GetResponseStream())
{
do
{
bytes = stream.Read(buff, 0, buff.Length);
xml = xml + ASCIIEncoding.ASCII.GetString(buff);
buff = new byte[2048]; //clear cruft
} while (bytes > 0);
}
xml = xml.Replace("&", "&");
doc.LoadXml(xml);
PersistentProfile profile = new PersistentProfile(doc.DocumentElement);
this.CurrentProfile = profile;
string filename = Guid.NewGuid().ToString() + ".txt";
string filedata = System.Convert.ToBase64String(Guid.NewGuid().ToByteArray());
Session["VerifyProfile?FileName"] = filename;
Session["VerifyProfile?FileData"] = filedata;
}
public override void ProcessRequest(HttpContext context)
{
ISession s = this.CurrentSession;
PersistentProfile profile = s.CreateCriteria <PersistentProfile>()
.Add(Restrictions.Eq("ID", new Guid(context.Request["ProfileID"])))
.Add(Restrictions.Eq("IsActive", true))
.UniqueResult <PersistentProfile>();
if (profile == null)
{
return;
}
string badge = string.Empty;
switch (profile.BadgeState)
{
case "Excellent":
badge = GetExcellentBadge();
break;
case "Good":
badge = GetGetGoodBadge();
break;
case "Average":
badge = GetAverageBadge();
break;
case "Below Average":
badge = GetBelowAverageBadge();
break;
case "Poor":
badge = GetPoorBadge();
break;
default:
break;
}
context.Response.Write(badge);
}
protected void btnCreateScanFromProfile_Click(object sender, EventArgs e)
{
Button l = sender as Button;
HttpWebRequest request = WebRequest
.Create(ConfigurationManager.AppSettings["API"] + "/GetProfile.ashx" +
"?WebUserID=" + this.CurrentUser.UserID.ToString() +
"&UserID=" + ConfigurationManager.AppSettings["UserID"] +
"&IsActive=" + true +
"&ProfileID=" + l.CommandArgument +
"&ClientID=" + ConfigurationManager.AppSettings["ClientID"]) as HttpWebRequest;
WebResponse response = request.GetResponse();
XmlDocument doc = new XmlDocument();
string xml = string.Empty;
byte[] buff = new byte[2048];
int bytes = 0;
using (Stream stream = response.GetResponseStream())
{
do
{
bytes = stream.Read(buff, 0, buff.Length);
xml = xml + ASCIIEncoding.ASCII.GetString(buff);
buff = new byte[2048]; //clear cruft
} while (bytes > 0);
}
doc.LoadXml(xml);
PersistentProfile profile = new PersistentProfile(doc.DocumentElement);
this.CurrentProfile = profile;
Response.Redirect("/CreateScan.aspx");
}
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
bool isNessus = false;
bool isOpenvas = false;
bool isNexpose = false;
bool isMetasploit = false;
PersistentProfile profile = this.CurrentScanSession.Get <PersistentProfile>(new Guid(this.Request["pid"]));
if (profile.CurrentResults == null)
{
return;
}
//whee
foreach (PersistentNMapHost host in profile.CurrentResults.PersistentHosts)
{
foreach (PersistentPort port in host.PersistentPorts)
{
}
}
this.CurrentProfile = profile;
PersistentScan latestScan = this.CurrentScanSession.CreateCriteria <PersistentScan>()
.Add(Restrictions.Eq("ParentProfileID", profile.ID))
.Add(Restrictions.Eq("HasRun", true))
.List <PersistentScan>()
.LastOrDefault();
PersistentNessusScan nssScan = this.CurrentScanSession.CreateCriteria <PersistentNessusScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentNessusScan>()
.SingleOrDefault();
if (nssScan != null)
{
isNessus = true;
}
PersistentOpenVASScan ovasScan = this.CurrentScanSession.CreateCriteria <PersistentOpenVASScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentOpenVASScan>()
.SingleOrDefault();
if (ovasScan != null)
{
isOpenvas = true;
}
PersistentNexposeScan nxScan = this.CurrentScanSession.CreateCriteria <PersistentNexposeScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentNexposeScan>()
.SingleOrDefault();
if (nxScan != null)
{
isNexpose = true;
}
PersistentMetasploitScan msfScan = this.CurrentScanSession.CreateCriteria <PersistentMetasploitScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentMetasploitScan>()
.SingleOrDefault();
if (msfScan != null)
{
isMetasploit = true;
}
List <DataTableObject> objs = new List <DataTableObject>();
foreach (PersistentNMapHost host in profile.CurrentResults.PersistentHosts)
{
DataTableObject obj = new DataTableObject();
obj.IP = host.IPAddressv4;
obj.HostName = host.Hostname;
PersistentNessusReportHost nssHost = null;
if (isNessus)
{
nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).SingleOrDefault();
if (nssHost != null)
{
obj.ScannedByNessus = true;
obj.NessusGrade = nssHost.PersistentReportItems.Where(r => int.Parse(r.Severity) > 0).Count();
}
else
{
obj.ScannedByNessus = false;
}
}
PersistentMetasploitHost msfHost = null;
if (isMetasploit)
{
msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).SingleOrDefault();
if (msfHost != null)
{
obj.ScannedByMetasploit = true;
obj.Exploits = msfHost.PersistentSessions.Count();
obj.MetasploitGrade = msfHost.PersistentVulnerabilities.Count();
}
else
{
obj.ScannedByMetasploit = false;
}
}
else
{
obj.ScannedByMetasploit = false;
}
PersistentNexposeAsset nxHost = null;
if (isNexpose)
{
nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).SingleOrDefault();
if (nxHost != null)
{
obj.ScannedByNexpose = true;
obj.NexposeGrade = nxHost.PersistentHostTests.Where(t => t.Status == "vulnerable-version" || t.Status == "vulnerable-exploited").Count();
foreach (PersistentNexposeHostService service in nxHost.PersistentServices)
{
obj.NexposeGrade += service.PersistentTests.Where(t => t.Status == "vulnerable-version" || t.Status == "vulnerable-exploited").Count();
}
}
else
{
obj.ScannedByNexpose = false;
}
}
else
{
obj.ScannedByNexpose = false;
}
List <PersistentReportResult> ovasHost = null;
if (isOpenvas)
{
ovasHost = new List <PersistentReportResult>();
foreach (PersistentReportResult result in ovasScan.PersistentResults)
{
if (result.Host == host.IPAddressv4)
{
ovasHost.Add(result);
}
}
if (ovasHost.Count() > 0)
{
obj.ScannedByOpenVAS = true;
obj.OpenVASGrade = ovasHost.Count();
}
else
{
obj.ScannedByOpenVAS = false;
}
}
else
{
obj.ScannedByOpenVAS = false;
}
obj.HostID = host.ProfileHost.ID;
objs.Add(obj);
}
gvHosts.DataSource = objs;
gvHosts.DataBind();
}
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
Guid hpid = new Guid(this.Request ["hpid"]);
Guid hid = new Guid(this.Request ["hid"]);
PersistentNMapHost host = this.CurrentProfile.CurrentResults.PersistentHosts
.Where(h => h.ProfileHost.ID == hid)
.Single();
PersistentPort port = host.PersistentPorts
.Where(p => p.ID == hpid)
.SingleOrDefault();
if (port == null)
{
return;
}
bool isNessus = false;
bool isNexpose = false;
bool isOpenVAS = false;
bool isMetasploit = false;
PersistentProfile profile = this.CurrentProfile;
host = profile.CurrentResults.PersistentHosts.Where(h => h.ProfileHost.ID == hid && h.IsActive).SingleOrDefault();
PersistentScan latestScan = this.CurrentScanSession.CreateCriteria <PersistentScan> ()
.Add(Restrictions.Eq("ParentProfileID", profile.ID))
.Add(Restrictions.Eq("HasRun", true))
.List <PersistentScan> ()
.LastOrDefault();
PersistentNessusScan nssScan = this.CurrentScanSession.CreateCriteria <PersistentNessusScan> ()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentNessusScan> ()
.SingleOrDefault();
if (nssScan != null)
{
isNessus = true;
}
PersistentOpenVASScan ovasScan = this.CurrentScanSession.CreateCriteria <PersistentOpenVASScan> ()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentOpenVASScan> ()
.SingleOrDefault();
if (ovasScan != null)
{
isOpenVAS = true;
}
PersistentNexposeScan nxScan = this.CurrentScanSession.CreateCriteria <PersistentNexposeScan> ()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentNexposeScan> ()
.SingleOrDefault();
if (nxScan != null)
{
isNexpose = true;
}
PersistentMetasploitScan msfScan = this.CurrentScanSession.CreateCriteria <PersistentMetasploitScan> ()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentMetasploitScan> ()
.SingleOrDefault();
if (msfScan != null)
{
isMetasploit = true;
}
if (isOpenVAS)
{
lblOpenVASPortResults.Text = "<h2><u>OpenVAS Results</u></h2>";
var results = ovasScan.PersistentResults.Where(r => r.Threat != "Log" && r.Host == host.IPAddressv4 && r.Port.Contains("(" + port.PortNumber + "/")).ToList();
List <DataTableObject> objs = new List <DataTableObject> ();
foreach (var result in results)
{
DataTableObject obj = new DataTableObject();
obj.Name = result.PersistentNVT.Name;
obj.Threat = result.Threat;
objs.Add(obj);
}
if (objs.Count() == 0)
{
lblOpenVASPortResults.Text = string.Empty;
lblOpenVASPortResults.Visible = false;
gvOpenVASPortResults.Visible = false;
}
else
{
gvOpenVASPortResults.DataSource = objs.Where(o => o.Threat != "Log").ToList();
gvOpenVASPortResults.DataBind();
}
}
else
{
gvOpenVASPortResults.Visible = false;
}
if (isNessus)
{
lblNessusPortResults.Text = "<h2><u>Nessus Results</u></h2>";
PersistentNessusReportHost nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).Single();
var items = nssHost.PersistentReportItems.Where(i => i.Severity != "0" && i.Port == port.PortNumber.ToString());
List <DataTableObject> objs = new List <DataTableObject> ();
foreach (var item in items)
{
DataTableObject obj = new DataTableObject();
obj.Name = item.PluginName;
obj.Threat = item.Severity;
objs.Add(obj);
}
if (objs.Count() == 0)
{
lblNessusPortResults.Text = string.Empty;
lblNessusPortResults.Visible = false;
gvNessusPortResults.Visible = false;
}
else
{
gvNessusPortResults.DataSource = objs.OrderByDescending(o => o.Threat).ToList();
gvNessusPortResults.DataBind();
}
}
else
{
gvNessusPortResults.Visible = false;
}
if (isNexpose)
{
lblNexposePortResults.Text = "<h2><u>Nexpose Results</u></h2>";
List <DataTableObject> objs = new List <DataTableObject> ();
PersistentNexposeAsset nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).Single();
if (nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Count() > 0)
{
PersistentNexposeHostService service = nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Single();
var tests = service.PersistentTests.Where(s => s.Status == "vulnerable-exploited" || s.Status == "vulnerable-version");
foreach (var test in tests)
{
DataTableObject obj = new DataTableObject();
string n = (new Regex("<.*?>", RegexOptions.Compiled)).Replace((test as NexposeTest).NexposeParagraph, string.Empty).Replace("<", "<").Replace(">", ">");
if (objs.Where(o => o.Name == n).Count() > 0)
{
continue;
}
obj.Name = n;
obj.Threat = test.IsPCICompliant ? "Pass" : "Fail";
objs.Add(obj);
}
}
if (objs.Count() == 0)
{
lblNexposePortResults.Text = string.Empty;
lblNexposePortResults.Visible = false;
gvNexposePortResults.Visible = false;
}
else
{
gvNexposePortResults.DataSource = objs.OrderByDescending(o => o.Name).ToList();
gvNexposePortResults.DataBind();
}
}
else
{
gvNexposePortResults.Visible = false;
}
if (isMetasploit)
{
PersistentMetasploitHost msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).Single();
var creds = msfHost.PersistentCredentials.Where(c => c.Port == port.PortNumber);
var sessions = msfHost.PersistentSessions.Where(s => s.Port == port.PortNumber.ToString());
}
else
{
}
if (port.Service == "ssh")
{
PersistentSSLScanResults sslResults = this.CurrentScanSession.CreateCriteria <PersistentSSLScanResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentSSLScanResults> ()
.FirstOrDefault();
if (sslResults != null)
{
//lblSSLScanHeader.Text = "<br /><br /><h3><u>SSL Scan Results</u></h3>";
//lblSSLScan.Text = sslResults.FullOutput.Replace ("\n", ",<br />");
}
}
if (port.Service == "snmp")
{
PersistentOneSixtyOneResults snmpResults = this.CurrentScanSession.CreateCriteria <PersistentOneSixtyOneResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentOneSixtyOneResults> ()
.FirstOrDefault();
if (snmpResults != null)
{
lblSNMPResultsHeader.Text = "<br /><br /><h3><u>SNMP Results</u></h3>";
lblSNMPResults.Text = snmpResults.FullOutput.Replace("\n", ",<br />");
}
}
else if (port.Service == "smb")
{
PersistentSMBClientResults smbResults = this.CurrentScanSession.CreateCriteria <PersistentSMBClientResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentSMBClientResults> ()
.FirstOrDefault();
if (smbResults != null)
{
lblSMBScanHeader.Text = "<br /><br /><h3><u>SMB Results</u></h3>";
lblSMBScan.Text = smbResults.FullOutput.Replace("\n", ",<br />");
}
}
else if (port.Service == "http" || port.Service == "https")
{
if (port.Service == "https")
{
PersistentSSLScanResults sslResults = this.CurrentScanSession.CreateCriteria <PersistentSSLScanResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentSSLScanResults> ()
.FirstOrDefault();
if (sslResults != null)
{
//lblSSLScanHeader.Text = "<br /><br /><h3><u>SSL Scan Results</u></h3>";
//lblSSLScan.Text = sslResults.FullOutput.Replace ("\n", ",<br />");
}
}
PersistentWapitiResults wapitiResults = this.CurrentScanSession.CreateCriteria <PersistentWapitiResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentWapitiResults> ()
.FirstOrDefault();
IList <PersistentSQLMapResults> results = this.CurrentScanSession.CreateCriteria <PersistentSQLMapResults> ()
.Add(Restrictions.Eq("ParentHostPortID", hpid))
.List <PersistentSQLMapResults> ();
List <PersistentSQLMapVulnerability> vulns = new List <PersistentSQLMapVulnerability> ();
foreach (var result in results)
{
vulns.AddRange(result.PersistentVulnerabilities.ToList());
}
if (wapitiResults != null && wapitiResults.Bugs != null)
{
var sqlInjectionPoints = wapitiResults.Bugs.Where(b => b.Info.Contains("SQL Injection") && !b.Info.Contains("Blind")).ToList();
var wxss = wapitiResults.Bugs.Where(b => b.Info.Contains("XSS")).ToList();
var wincludes = wapitiResults.Bugs.Where(b => b.Info.Contains("include"));
var wexecution = wapitiResults.Bugs.Where(b => b.Info.Contains("execution"));
List <NotSQLWebVuln> xss = new List <NotSQLWebVuln> ();
List <NotSQLWebVuln> includes = new List <NotSQLWebVuln> ();
List <NotSQLWebVuln> execution = new List <NotSQLWebVuln> ();
foreach (var x in wxss)
{
NotSQLWebVuln v = new NotSQLWebVuln();
v.Method = x.URL.Contains(x.Parameter) ? "GET" : "POST";
v.Parameter = x.Parameter;
v.URL = x.URL;
xss.Add(v);
}
foreach (var x in wincludes)
{
NotSQLWebVuln i = new NotSQLWebVuln();
i.Method = x.URL.Contains(x.Parameter) ? "GET" : "POST";
i.Parameter = x.Parameter;
i.URL = x.URL;
includes.Add(i);
}
foreach (var x in wexecution)
{
NotSQLWebVuln ex = new NotSQLWebVuln();
ex.Method = x.URL.Contains(x.Parameter) ? "GET" : "POST";
ex.Parameter = x.Parameter;
ex.URL = x.URL;
execution.Add(ex);
}
lblXSS.Text = "XSS Vulnerabilities";
gvXSS.DataSource = xss;
gvXSS.DataBind();
lblIncludes.Text = "Remote and Local File Include Vulnerabilities";
gvIncludes.DataSource = includes;
gvIncludes.DataBind();
lblCommandExecution.Text = "Remote Command Execution Vulnerabilities";
gvCommandExecution.DataSource = execution;
gvCommandExecution.DataBind();
if (sqlInjectionPoints.Count() > 0)
{
List <WebVuln> exploitedVulns = new List <WebVuln> ();
List <WebVuln> otherVulns = new List <WebVuln> ();
foreach (var bug in sqlInjectionPoints)
{
WebVuln v = new WebVuln();
v.URL = bug.URL;
v.Method = (bug.URL.Contains(bug.Parameter) ? "GET" : "POST");
var vul = vulns.Where(vuln => vuln.Target == bug.URL).FirstOrDefault();
v.IsExploitable = (vul != null) ? "Exploited with " + vul.PayloadType + " SQL injection." : string.Empty;
foreach (string parm in bug.Parameter.Split('&'))
{
if (parm.Contains("%BF%27%22%28"))
{
v.Parameter = "<b>" + parm.Split('=') [0] + "</b>";
}
else if (parm.Contains("%27+or+sleep%287%29%23"))
{
v.Parameter = parm.Split('=') [0];
if (string.IsNullOrEmpty(v.IsExploitable))
{
v.IsExploitable = "Exploited with a blind SQL injection.";
}
}
}
if (string.IsNullOrEmpty(v.IsExploitable))
{
otherVulns.Add(v);
continue;
}
exploitedVulns.Add(v);
}
lblPossibleSQLInjections.Text = "Possible SQL Injection Vulnerabilities";
gvPossibleInjectionPoints.DataSource = otherVulns;
gvPossibleInjectionPoints.DataBind();
lblSQLInjections.Text = "Exploitable SQL Injection Vulnerabilities";
gvSQLInjections.DataSource = exploitedVulns;
gvSQLInjections.DataBind();
}
}
PersistentNiktoResults niktoResults = this.CurrentScanSession.CreateCriteria <PersistentNiktoResults> ()
.Add(Restrictions.Eq("HostPortID", hpid))
.List <PersistentNiktoResults> ()
.FirstOrDefault();
if (niktoResults != null)
{
lblNiktoResultsHeader.Text = "<h3><u>General Information or Insecure Configurations</u></h3>";
lblNiktoResults.Text = "<ul>";
foreach (var item in niktoResults.Items.Where(i => !string.IsNullOrEmpty(i.Data)))
{
lblNiktoResults.Text += "<li style=\"margin:5px;\">" + item.Data.Remove(0, 2) + "</li>";
}
lblNiktoResults.Text += "</ul>";
}
}
if (string.IsNullOrEmpty(lblNiktoResults.Text) && !string.IsNullOrEmpty(port.DeepScan))
{
lblNiktoResultsHeader.Text = "<h2><u>Deep scan results</u></h2>";
lblNiktoResults.Text = port.DeepScan.Replace("\n", "<br />");
}
}
public override void ProcessRequest(HttpContext context)
{
Guid userID = new Guid(context.Request["UserID"]);
Guid clientID = new Guid(context.Request["ClientID"]);
ISession s = this.CurrentSession;
PersistentUser user = s.CreateCriteria <PersistentUser>()
.Add(Restrictions.Eq("ID", userID))
.Add(Restrictions.Eq("IsActive", true))
.UniqueResult <PersistentUser>();
if (user == null || !user.HasAPIAccess)
{
throw new Exception("no api access");
}
if (!user.Client.HasAPIAccess)
{
throw new Exception("no api access");
}
using (ITransaction trans = s.BeginTransaction())
{
PersistentProfile parentProfile = s.CreateCriteria <PersistentProfile>()
.Add(Restrictions.Eq("ID", new Guid(context.Request["ParentProfileID"])))
.Add(Restrictions.Eq("IsActive", true))
.UniqueResult <PersistentProfile>();
PersistentScan scan = new PersistentScan();
scan.SetCreationInfo(userID);
scan.Name = context.Request["Name"];
scan.ParentProfile = parentProfile;
scan.ScanOptions = new PersistentScanOptions();
scan.ScanOptions.SetCreationInfo(userID);
scan.ParentProfile.VirtualMachines = new List <PersistentVirtualMachine>();
if (context.Request["ScanVirtualMachines"] != null)
{
string[] machines = context.Request["ScanVirtualMachines"].Split(',');
foreach (string machine in machines)
{
if (string.IsNullOrEmpty(machine))
{
continue;
}
PersistentVirtualMachine m = new PersistentVirtualMachine();
m.SetCreationInfo(userID);
m.Guid = Guid.Parse(machine);
m.ParentProfile = scan.ParentProfile;
scan.ParentProfile.VirtualMachines.Add(m);
s.Update(scan.ParentProfile);
}
}
scan.ScanOptions.ParentScan = scan;
if (context.Request["ScanIsDSXS"] != null && context.Request["ScanIsDSXS"].ToLower() == "true")
{
scan.ScanOptions.IsDSXS = true;
}
if (context.Request["ScanIsSQLMap"] != null && context.Request["ScanIsSQLMap"].ToLower() == "true")
{
scan.ScanOptions.IsSQLMap = true;
scan.ScanOptions.SQLMapOptions = new PersistentSQLMapOptions();
scan.ScanOptions.SQLMapOptions.Level = 2;
scan.ScanOptions.SQLMapOptions.SetCreationInfo(Guid.Empty);
s.Save(scan.ScanOptions.SQLMapOptions);
}
if (context.Request["ScanIsOpenVAS"] != null && context.Request["ScanIsOpenVAS"].ToLower() == "true")
{
scan.ScanOptions.IsOpenVASAssessment = true;
}
if (context.Request["ScanIsNessus"] != null && context.Request["ScanIsNessus"].ToLower() == "true")
{
scan.ScanOptions.IsNessusAssessment = true;
}
if (context.Request["ScanIsNexpose"] != null && context.Request["ScanIsNexpose"].ToLower() == "true")
{
scan.ScanOptions.IsNexposeAssessment = true;
}
if (context.Request["ScanIsMetasploit"] != null && context.Request["ScanIsMetasploit"].ToLower() == "true")
{
scan.ScanOptions.IsMetasploitAssessment = true;
scan.ScanOptions.MetasploitDiscovers = bool.Parse(context.Request["MetasploitDiscovers"]);
scan.ScanOptions.MetasploitBruteforces = bool.Parse(context.Request["MetasploitBruteforces"]);
}
if (context.Request["ScanIsBasicBruteforce"] != null && context.Request["ScanIsBasicBruteforce"].ToLower() == "true")
{
scan.ScanOptions.IsBruteForce = true;
}
try
{
s.Save(scan);
trans.Commit();
}
catch (Exception ex)
{
trans.Rollback();
throw ex;
}
context.Response.Write(scan.ToPersistentXml());
}
}
public override void ProcessRequest(HttpContext context)
{
ISession s = this.CurrentSession;
using (ITransaction t = s.BeginTransaction())
{
Console.WriteLine("fdsa");
Guid userID = new Guid(context.Request["UserID"]);
Guid clientID = new Guid(context.Request["ClientID"]);
PersistentUser user = s.Get <PersistentUser>(userID);
PersistentClient client = s.Get <PersistentClient>(clientID);
if (user == null || !user.HasAPIAccess)
{
throw new Exception("no api access");
}
if (client == null || !client.HasAPIAccess)
{
throw new Exception("no api access");
}
PersistentProfile profile = new PersistentProfile();
string webUserID = context.Request["WebUserID"];
profile.WebUserID = new Guid(context.Request["WebUserID"]);
profile.Description = context.Request["ProfileDescription"];
profile.Name = context.Request["ProfileName"];
profile.Range = context.Request["ProfileDomain"];
profile.Domain = context.Request["ProfileDomain"];
profile.RunEvery = new TimeSpan(24 * (int.Parse(context.Request["ProfileSchedule"])), 0, 0); //30 days
profile.RunAfter = DateTime.Now;
profile.HasRun = false;
profile.SetCreationInfo(userID);
s.Save(profile);
foreach (string h in profile.Range.Split(','))
{
PersistentProfileHost host = new PersistentProfileHost(new Guid(context.Request["WebUserID"]));
host.ParentProfile = profile;
host.IPv4Address = Dns.GetHostEntry(h).AddressList[0].ToString();
host.VerifiedByFile = true;
host.VerifiedByWhois = true;
host.VerifiedOn = DateTime.Now;
host.WasManuallyVerified = false;
host.IsVerified = true;
s.Save(host);
}
try
{
t.Commit();
}
catch (Exception ex)
{
t.Rollback();
throw ex;
}
string xml = profile.ToPersistentXml();
context.Response.Write(xml);
}
}
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
bool isNessus = false;
bool isNexpose = false;
bool isOpenVAS = false;
bool isMetasploit = false;
Guid hid = new Guid(Request ["hid"]);
PersistentProfile profile = this.CurrentProfile;
PersistentNMapHost host;
host = profile.CurrentResults.PersistentHosts.Where(h => h.ProfileHost.ID == hid && h.IsActive).SingleOrDefault();
PersistentScan latestScan = this.CurrentScanSession.CreateCriteria <PersistentScan>()
.Add(Restrictions.Eq("ParentProfileID", profile.ID))
.Add(Restrictions.Eq("HasRun", true))
.List <PersistentScan>()
.LastOrDefault();
PersistentNessusScan nssScan = this.CurrentScanSession.CreateCriteria <PersistentNessusScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentNessusScan>()
.SingleOrDefault();
if (nssScan != null)
{
isNessus = true;
}
PersistentOpenVASScan ovasScan = this.CurrentScanSession.CreateCriteria <PersistentOpenVASScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentOpenVASScan>()
.SingleOrDefault();
if (ovasScan != null)
{
isOpenVAS = true;
}
PersistentNexposeScan nxScan = this.CurrentScanSession.CreateCriteria <PersistentNexposeScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentNexposeScan>()
.SingleOrDefault();
if (nxScan != null)
{
isNexpose = true;
}
PersistentMetasploitScan msfScan = this.CurrentScanSession.CreateCriteria <PersistentMetasploitScan>()
.Add(Restrictions.Eq("ParentScanID", latestScan.ID))
.List <PersistentMetasploitScan>()
.SingleOrDefault();
if (msfScan != null)
{
isMetasploit = true;
}
lblHostname.Text = host.Hostname;
lblDeviceType.Text = host.DeviceType;
lblIPv4.Text = host.IPAddressv4;
lblNetworkDistance.Text = host.NetworkDistance;
lblOS.Text = host.OS;
List <DataTableObject> objs = new List <DataTableObject>();
foreach (PersistentPort port in host.PersistentPorts.Where(p => p.IsTCP))
{
DataTableObject obj = new DataTableObject();
obj.PortID = port.ID;
obj.Port = port.PortNumber;
obj.ServiceName = port.Service;
if (isMetasploit)
{
PersistentMetasploitHost msfHost = msfScan.PersistentHosts.Where(h => h.Address == host.IPAddressv4).Single();
obj.MetasploitCredentials = msfHost.PersistentCredentials.Where(c => c.Port == port.PortNumber).Count();
obj.MetasploitExploits = msfHost.PersistentSessions.Where(s => s.Port == port.PortNumber.ToString()).Count();
obj.ScannedByMetasploit = true;
}
else
{
obj.ScannedByMetasploit = false;
}
if (isNessus)
{
PersistentNessusReportHost nssHost = nssScan.PersistentHosts.Where(h => h.PersistentHostProperties.HostIP == host.IPAddressv4).Single();
obj.NessusGrade = nssHost.PersistentReportItems.Where(i => i.Severity != "0" && i.Port == port.PortNumber.ToString()).Count();
obj.ScannedByNessus = true;
}
else
{
obj.ScannedByNessus = false;
}
if (isNexpose)
{
PersistentNexposeAsset nxHost = nxScan.PersistentAssets.Where(a => a.IPAddressV4 == host.IPAddressv4).Single();
if (nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Count() != 0)
{
PersistentNexposeHostService service = nxHost.PersistentServices.Where(s => s.Port == port.PortNumber && s.Protocol == (port.IsTCP ? "tcp" : "udp")).Single();
obj.NexposeGrade = service.PersistentTests.Where(t => t.Status == "vulnerable-exploited" || t.Status == "vulnerable-version").Count();
obj.ScannedByNexpose = true;
}
else
{
obj.ScannedByNexpose = false;
}
}
else
{
obj.ScannedByNexpose = false;
}
if (isOpenVAS)
{
obj.ScannedByOpenVAS = true;
obj.OpenVASGrade = ovasScan.PersistentResults.Where(r => r.Host == host.IPAddressv4 && r.Port.Contains("(" + port.PortNumber + "/")).Count();
}
else
{
obj.ScannedByOpenVAS = false;
}
objs.Add(obj);
}
gvPorts.DataSource = objs.OrderBy(o => o.Port);
gvPorts.DataBind();
}