//public void Run(string data, int jobID, int AccountID)
public void Run(string target, int jobID, string policy, string strategy)
{
//WARNING: OLD CODE, should be reviewed/revised - JA
Utils.Helper_Trace("XORCISM PROVIDER NESSUS SCAN", "JobID:" + jobID + "Entering Run()");
//Utils.Helper_Trace("XORCISM PROVIDER NESSUS SCAN", string.Format("Creating an instance of NessusParser for AccountID="+AccountID.ToString()));
Utils.Helper_Trace("XORCISM PROVIDER NESSUS SCAN", string.Format("Target = {0} , JobID = {1} , Policy = {2}, Strategy = {3}", target, jobID, policy, strategy));
//NessusParser NessusParser = new NessusParser(data,AccountID,jobID);
NessusParser NessusParser = new NessusParser(target, jobID, policy, strategy);
Utils.Helper_Trace("XORCISM PROVIDER NESSUS SCAN", string.Format("JobID:" + jobID + " Parsing the data"));
NessusParser.parse();
Utils.Helper_Trace("XORCISM PROVIDER NESSUS SCAN", "JobID:" + jobID + "Updating job status to FINISHED");
XORCISMEntities model = new XORCISMEntities();
var xJob = from j in model.JOB
where j.JobID == jobID
select j;
JOB xJ = xJob.FirstOrDefault();
xJ.Status = XCommon.STATUS.FINISHED.ToString();
model.SaveChanges();
Utils.Helper_Trace("XORCISM PROVIDER NESSUS SCAN", string.Format("End of data processing"));
Utils.Helper_Trace("XORCISM PROVIDER NESSUS SCAN", "Leaving Run()");
}
public void Run(string target, int jobID, string policy, string strategy)
{
Utils.Helper_Trace("XORCISM PROVIDER OPENVAS", "Entering Run()");
Utils.Helper_Trace("XORCISM PROVIDER OPENVAS", string.Format("Target = {0} , JobID = {1} , Policy = {2}, Strategy = {3}", target, jobID, policy, strategy));
OpenVasParser parser;
parser = new OpenVasParser(target, jobID, policy, strategy);
string status = XCommon.STATUS.FINISHED.ToString();
if (parser.Parse() == false)
{
status = XCommon.STATUS.ERROR.ToString();
}
// =================================================
// Change the status of the job to FINISHED or ERROR
// =================================================
Utils.Helper_Trace("XORCISM PROVIDER OPENVAS", string.Format("Updating job {0} status to FINISHED", jobID));
XORCISMEntities model = new XORCISMEntities();
var xJob = from j in model.JOB
where j.JobID == jobID
select j;
JOB xJ = xJob.FirstOrDefault();
xJ.Status = status;
xJ.DateEnd = DateTime.Now;
model.SaveChanges();
Utils.Helper_Trace("XORCISM PROVIDER OPENVAS", "Leaving Run()");
}
public XINFOParser(string target, int jobId, string policy, string strategy)
{
m_jobId = jobId;
m_target = target;
m_model = new XORCISMEntities();
m_policy = policy;
}
public SandcatParser(string target, int jobId, string policy, string strategy)
{
m_jobId = jobId;
m_target = target;
m_policy = policy;
m_strategy = strategy;
m_model = new XORCISMEntities();
}
public W3afParser(string target, int jobId, string policy, string strategy, string file)
{
m_jobId = jobId;
m_target = target;
m_model = new XORCISMEntities();
m_policy = policy;
m_file = file;
m_strategy = strategy;
}
public Engine()
{
TextWriterTraceListener tw;
tw = new TextWriterTraceListener("XProviderInfo.log"); //Hardcoded
Trace.Listeners.Add(tw);
Trace.AutoFlush = true;
Trace.IndentSize = 4;
m_model = new XORCISMEntities();
}
public void UpdateJob(int JobId)
{
XORCISMEntities model = new XORCISMEntities();
var Q = from o in model.JOB
where o.JobID == JobId
select o;
JOB myJob = Q.FirstOrDefault();
myJob.Status = XCommon.STATUS.FINISHED.ToString();
myJob.DateEnd = DateTimeOffset.Now;
model.SaveChanges();
}
public void Run(string target, int jobID)
{
Utils.Helper_Trace("XORCISM PROVIDER URLVOID", "Entering Run()");
Utils.Helper_Trace("XORCISM PROVIDER URLVOID", string.Format("Target = {0}", target));
target = target.Replace("http://", "");
target = target.Replace("https://", "");
target = target.Replace("www.", "");
Utils.Helper_Trace("XORCISM PROVIDER URLVOID", string.Format("Clean Target = {0}", target));
string MD5domain = HashMD5(target);
Utils.Helper_Trace("XORCISM PROVIDER URLVOID", string.Format("TargetMD5 = {0}", MD5domain));
string url = "http://api.urlvoid.com/api.php?key=12345&domain=" + MD5domain; //Hardcoded
string ResponseText = "";
StreamReader SR = null;
HttpWebResponse response = null;
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(url);
request.Method = "GET";
response = (HttpWebResponse)request.GetResponse();
SR = new StreamReader(response.GetResponseStream());
ResponseText = SR.ReadToEnd();
Utils.Helper_Trace("XORCISM PROVIDER URLVOID", string.Format("Response status : [{0}]", response.StatusCode + " - " + response.StatusDescription));
Utils.Helper_Trace("XORCISM PROVIDER URLVOID", string.Format("Response headers : [{0}]", response.Headers.ToString()));
Utils.Helper_Trace("XORCISM PROVIDER URLVOID", string.Format("Response received : [{0}]", ResponseText));
//[U] domain or subdomain has not yet been scanned in URLVoid
//[4]
Utils.Helper_Trace("XORCISM PROVIDER URLVOID", "Updating job status to FINISHED");
XORCISMEntities model = new XORCISMEntities();
var xJob = from j in model.JOB
where j.JobID == jobID
select j;
JOB xJ = xJob.FirstOrDefault();
xJ.Status = XCommon.STATUS.FINISHED.ToString();
xJ.DateEnd = DateTime.Now;
Utils.Helper_Trace("XORCISM PROVIDER URLVOID", "Job Finished at " + xJ.DateEnd.ToString());
model.SaveChanges();
Utils.Helper_Trace("XORCISM PROVIDER URLVOID", "Leaving Run()");
}
public VoIPScannerParser(XmlDocument rawXml, int jobId)
{
//TODO XML Validation
try
{
m_target = rawXml.SelectNodes("/scan/results/hosts/host")[0].Attributes["ipaddr"].InnerText; //Hardcoded
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("rawXml.SelectNodes error: {0} {1}", ex.Message, ex.InnerException));
//return;
}
m_rawXml = rawXml;
m_model = new XORCISMEntities();
m_JobId = jobId;
}
/// <summary>
/// Copyright (C) 2014-2015 Jerome Athias
/// Unfinished tool to retrieve OVAL Definitions corresponding to a CPE an XORCISM database
/// This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
///
/// This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
///
/// You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
/// </summary>
static void Main(string[] args)
{
//TODO FIX MODELS
//Search the CPE fo OVALDEFINITIONs using the CPE list collected from CVE NVD
XORCISMEntities model = new XORCISMEntities();
model.Configuration.AutoDetectChangesEnabled = false;
model.Configuration.ValidateOnSaveEnabled = false;
XOVALEntities oval_model = new XOVALEntities();
oval_model.Configuration.AutoDetectChangesEnabled = false;
oval_model.Configuration.ValidateOnSaveEnabled = false;
XVULNERABILITYEntities vuln_model = new XVULNERABILITYEntities();
vuln_model.Configuration.AutoDetectChangesEnabled = false;
vuln_model.Configuration.ValidateOnSaveEnabled = false;
List <OVALDEFINITIONVULNERABILITY> ListOVALDefVulns = oval_model.OVALDEFINITIONVULNERABILITY.ToList();
foreach (OVALDEFINITIONVULNERABILITY oOVALDefVuln in ListOVALDefVulns)
{
Console.WriteLine("DEBUG ************************************************************");
Console.WriteLine("DEBUG " + oOVALDefVuln.OVALDEFINITION.OVALDefinitionIDPattern);
int iVulnerabilityID = (int)oOVALDefVuln.VulnerabilityID;
string sVULReferentialID = vuln_model.VULNERABILITY.FirstOrDefault(o => o.VulnerabilityID == oOVALDefVuln.VulnerabilityID).VULReferentialID;
//Console.WriteLine("DEBUG " + oOVALDefVuln.VULNERABILITY.VULReferentialID);
Console.WriteLine("DEBUG " + sVULReferentialID);
//List<VULNERABILITYFORCPE> ListVulnCPEs = vuln_model.VULNERABILITYFORCPE.Where(o => o.VulnerabilityID == oOVALDefVuln.VULNERABILITY.VulnerabilityID).ToList();
List <VULNERABILITYFORCPE> ListVulnCPEs = vuln_model.VULNERABILITYFORCPE.Where(o => o.VulnerabilityID == iVulnerabilityID).ToList();
foreach (VULNERABILITYFORCPE oVulnCPE in ListVulnCPEs)
{
//Console.WriteLine("DEBUG " + oVulnCPE.CPE.CPEName);
string sCPEName = model.CPE.FirstOrDefault(o => o.CPEID == oVulnCPE.CPEID).CPEName;
Console.WriteLine("DEBUG " + sCPEName);
}
}
model.Dispose();
}
private void Helper_SetJobStatus(int jobID, XCommon.STATUS status)
{
XORCISMEntities model;
model = new XORCISMEntities();
JOB job;
job = model.JOB.FirstOrDefault(o => o.JobID == jobID);
job.Status = status.ToString();
job.DateEnd = DateTimeOffset.Now;
model.SaveChanges();
//FREE MEMORY
model.Dispose();
job = null;
}
//public void Run(string target, int jobID, string policy, string strategy)
public void Run(string data, int jobID, int AccountID)
{
Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "JobID:" + jobID + " Entering Run()");
Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Creating an instance of CenzicParser for AccountID=" + AccountID.ToString()));
CenzicParser CenzicParser = new CenzicParser(data, AccountID, jobID);
inerror = false;
if (!inerror)
{
Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("JobID:" + jobID + " Parsing the data"));
CenzicParser.parse();
Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("JobID:" + jobID + " End of data processing"));
Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Updating job {0} status to FINISHED", jobID));
CenzicParser.UpdateJob(jobID);
XORCISMEntities model = new XORCISMEntities();
var xJob = from j in model.JOB
where j.JobID == jobID
select j;
JOB xJ = xJob.FirstOrDefault();
xJ.Status = XCommon.STATUS.FINISHED.ToString();
Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "Changing the session to ServiceCategoryID=2");
var xSession = from s in model.SESSION
where s.SessionID == xJ.SessionID
select s;
SESSION xS = xSession.FirstOrDefault();
xS.ServiceCategoryID = 2;
model.SaveChanges();
}
else
{
Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "JobID:" + jobID + " inerror");
}
Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "JobID:" + jobID + " Leaving Run()");
}
public void Run(string data, int jobID, int AccountID)
{
//WARNING: OLD CODE, should be reviewed and revised
Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "Entering Run()");
Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("Creating an instance of NessusParser for AccountID=" + AccountID.ToString()));
NessusParser NessusParser = new NessusParser(data, AccountID, jobID);
Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("Parsing the data"));
NessusParser.parse();
Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "Updating job status to FINISHED");
XORCISMEntities model = new XORCISMEntities();
var xJob = from j in model.JOB
where j.JobID == jobID
select j;
JOB xJ = xJob.FirstOrDefault();
xJ.Status = XCommon.STATUS.FINISHED.ToString();
Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "Changing the session to ServiceCategoryID=1");
var xSession = from s in model.SESSION
where s.SessionID == xJ.SessionID
select s;
SESSION xS = xSession.FirstOrDefault();
xS.ServiceCategoryID = 1;
model.SaveChanges();
Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("End of data processing"));
Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "Leaving Run()");
}
public void Run(string data, int jobID, int AccountID)
{
Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", "Entering Run()");
Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", string.Format("Creating an instance of SkipfishImportParser for AccountID=" + AccountID.ToString()));
SkipfishImportParser SkipfishImportParser = new SkipfishImportParser(data, AccountID, jobID);
Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", string.Format("Parsing the data"));
SkipfishImportParser.parse();
Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", "Updating job status to FINISHED");
XORCISMEntities model = new XORCISMEntities();
var xJob = from j in model.JOB
where j.JobID == jobID
select j;
JOB xJ = xJob.FirstOrDefault();
xJ.Status = XCommon.STATUS.FINISHED.ToString();
Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", "Changing the session to ServiceCategoryID=2");
var xSession = from s in model.SESSION
where s.SessionID == xJ.SessionID
select s;
SESSION xS = xSession.FirstOrDefault();
xS.ServiceCategoryID = 2; //HARDCODED
model.SaveChanges();
Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", string.Format("End of data processing"));
Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", "Leaving Run()");
}
private void FuncThreadCancelSession(object context)
{
LaunchSessionThreadInfo info;
info = (LaunchSessionThreadInfo)context;
int sessionID;
sessionID = info.SessionID;
XORCISMEntities model = new XORCISMEntities();
SESSION session;
session = model.SESSION.SingleOrDefault(o => o.SessionID == sessionID);
//int accountID;
//accountID = (int)model.USERACCOUNT.FirstOrDefault(o => o.UserID == session.UserID).AccountID;
// =============================
// Cancel the jobs on the agents
// =============================
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADCANCELSESSION : Cancelling jobs on agents", sessionID));
foreach (JOB J in info.ListJob)
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADCANCELSESSION : Handling job {1}", sessionID, J.JobID));
// ====================================
// Contact the agent and cancel the job
// ====================================
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADCANCELSESSION : Trying to contact the agent", sessionID));
try
{
ServiceReferenceAgent.Service1Client service;
service = new ServiceReferenceAgent.Service1Client();
// TODO :
// service.Endpoint.Address = bestAgent.IPAddress;
service.CancelJob(J.JobID);
}
catch (Exception ex)
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADCANCELSESSION : Error contacting the agent. Exception = {1} {2}", sessionID, ex.Message, ex.InnerException));
//HARDCODED
XCommon.Utils.Helper_SendEmail("*****@*****.**", "MANAGER ENGINE ERROR", "THREADCANCELSESSION : Error contacting the agent. Exception =" + ex.Message + " " + ex.InnerException);
return;
}
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADCANCELSESSION : The agent has been successfully contacted", sessionID));
}
// =============================
// Update table SESSION (Status)
// =============================
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADCANCELSESSION : Updating status in table SESSION to CANCELED", sessionID));
var mySession = from Sess in model.SESSION
where Sess.SessionID == sessionID
select Sess;
SESSION MySession = mySession.ToList().First();
MySession.Status = XCommon.STATUS.CANCELED.ToString();
MySession.DateEnd = DateTimeOffset.Now;
model.SaveChanges();
try
{
m_ListRunningSessionThread.Remove(sessionID);
}
catch (Exception ex)
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADCANCELSESSION : Error m_ListRunningSessionThread.Remove. Exception = {1}", sessionID, ex.Message));
return;
}
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADCANCELSESSION : Finished", sessionID));
}
public void Start()
{
// ==================================================================
// Recovery mode : start again any previously running session threads
// ==================================================================
XORCISMEntities context;
context = new XORCISMEntities();
// Explicitly open the connection.
//context.Connection.Open();
#region RecoveryMode
try
{
string status;
status = XCommon.STATUS.RUNNING.ToString();
//Search in the database the Sessions with a Status of "Running"
var runningSessions = from s in context.SESSION
where s.Status == status
select s;
//If any
if (runningSessions.Count() > 0)
{
//For each of the "Running" Sessions
foreach (SESSION oneSession in runningSessions.ToList())
{
//Depending on the ServiceCategory of the Session
switch (oneSession.ServiceCategoryID)
{
case 8: //HARDCODED
{
//Monitoring
//Dealing with the previous jobs
//Searching the Jobs attached to the current Session
var query = from j in context.JOB
where j.SessionID == oneSession.SessionID
select j;
//Marks all the Session's Jobs as FINISHED
foreach (JOB oneJob in query.ToList())
{
oneJob.Status = XCommon.STATUS.FINISHED.ToString();
context.SaveChanges();
}
Utils.Helper_Trace("MANAGER ENGINE", string.Format("Session {0} will be recovered", oneSession.SessionID));
//Marks the Session's status as IDLE (so it will be (re)started)
oneSession.Status = XCommon.STATUS.IDLE.ToString();
Utils.Helper_Trace("MANAGER ENGINE", "TRACE4");
context.SaveChanges();
break;
}
default:
{
//Canceling the session (changing status)
Utils.Helper_Trace("MANAGER ENGINE", string.Format("Session {0} TOCANCEL", oneSession.SessionID));
oneSession.Status = XCommon.STATUS.TOCANCEL.ToString();
context.SaveChanges();
break;
}
}
}
}
}
catch (ThreadAbortException exThreadAbort)
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("ThreadError in recovery : Exception = {0}", exThreadAbort.Message));
return;
}
catch (Exception ex)
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("Error in recovery : Exception = {0} - {1}", ex.Message, ex.InnerException));
// return;
}
#endregion RecoveryMode
// ==============================
// Create the main polling thread
// ==============================
Utils.Helper_Trace("MANAGER ENGINE", "Launching main polling thread");
m_ListRunningSessionThread = new Dictionary <int, LaunchSessionThreadInfo>();
m_Thread = new Thread(new ThreadStart(FuncThread));
m_Thread.Start();
}
private void FuncThreadLaunchSession(object context)
{
LaunchSessionThreadInfo info;
info = (LaunchSessionThreadInfo)context;
int sessionID;
sessionID = info.SessionID;
XORCISMEntities model = new XORCISMEntities();
SESSION session;
session = model.SESSION.SingleOrDefault(o => o.SessionID == sessionID);
int accountID;
accountID = (int)model.USERACCOUNT.FirstOrDefault(o => o.UserID == session.UserID).AccountID;
// ===========================================
// Determine the providers that we have to use
// ===========================================
var category = (from sessions in model.SESSION
where sessions.SessionID == sessionID
select sessions.ServiceCategoryID).First();
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : ServiceCategoryID is {1} AccountID is {2}", sessionID, category.Value, accountID));
var ListProvider = from provider in model.PROVIDER
where provider.ServiceCategoryID == category && provider.PROVIDERSFORACCOUNT.Any(o => o.AccountID == accountID && o.ValidUntil >= DateTimeOffset.Now)
select provider.ProviderID;
List <int> listProviderID;
listProviderID = ListProvider.ToList <int>();
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : Session will use {1} providers", sessionID, listProviderID.Count));
int nbjoberror = 0;
if (listProviderID.Count > 0)
{
// ================================
// Add several entries in table JOB
// ================================
var ListAssetInSession = from AinS in model.ASSETSESSION
where AinS.SessionID == sessionID
select AinS.AssetSessionID;
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : Session involves {1} assets", sessionID, ListAssetInSession.Count()));
int count;
count = ListAssetInSession.Count() * listProviderID.Count;
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : Adding {1} entries in table JOB", sessionID, count));
var param = from o in model.SESSION
where o.SessionID == sessionID
select o.Parameters;
if (ListAssetInSession.Count() != 0)
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : Case 1", sessionID));
foreach (int AinSID in ListAssetInSession)
{
foreach (int providerID in listProviderID)
{
try
{
JOB job = new JOB();
job.AssetSessionID = AinSID;
job.ProviderID = providerID;
job.DateStart = DateTimeOffset.Now;
job.Status = XCommon.STATUS.IDLE.ToString();
job.Parameters = param.First();
job.SessionID = sessionID;
model.JOB.Add(job);
//model.AddToJOB(job);
//model.SaveChanges();
info.ListJob.Add(job);
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : Added Job {1}", sessionID, job.JobID));
}
catch (Exception e1)
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : Exception AddingJob1 " + e1.Message + " " + e1.InnerException, sessionID));
}
}
}
model.SaveChanges();
}
else
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : Case 2", sessionID));
switch ((int)category.Value)
{
case 10:
//nmap discovery
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : nmap discovery", sessionID));
break;
case 11:
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : import nessus", sessionID));
break;
case 14:
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : import netsparker", sessionID));
break;
case 15:
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : import acunetix", sessionID));
break;
default:
return;
}
foreach (int providerID in listProviderID)
{
try
{
JOB job = new JOB();
job.AssetSessionID = null;
job.ProviderID = providerID;
job.DateStart = DateTimeOffset.Now;
job.Status = XCommon.STATUS.IDLE.ToString();
job.Parameters = param.First();
job.SessionID = sessionID;
//model.JOB.AddObject(job);
model.JOB.Add(job);
model.SaveChanges();
info.ListJob.Add(job);
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : Added Job {1}", sessionID, job.JobID));
}
catch (Exception e1)
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : Exception AddingJob2 " + e1.Message + " " + e1.InnerException, sessionID));
}
}
}
//model.SaveChanges();
// =========================================
// Dispatch the jobs on the available agents
// =========================================
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : Dispatching jobs on agents", sessionID));
foreach (JOB J in info.ListJob)
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : Handling job {1}", sessionID, J.JobID));
// ======================================================
//TODO Get the agent with the lowest load (loadbalancing)
// ======================================================
//TODO
/*
* var agent = from Ag in model.AGENT
* where Ag.Status == "ENABLED"
* select Ag;
* if (agent == null)
* {
* Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : There is no agent with status ENABLED", sessionID));
* return;
* }
*/
//TODO
/*
* var bestAgent = agent.ToList().OrderBy(c => c.Load).First();
* bestAgent.Load++;
*
* Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : The best agent for this job is at {1} ({2})", sessionID, bestAgent.AgentID, bestAgent.IPAddress));
*/
// ====================================
// Contact the agent and launch the job
// ====================================
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : Trying to contact the agent", sessionID));
try
{
ServiceReferenceAgent.Service1Client service;
service = new ServiceReferenceAgent.Service1Client();
// TODO :
// service.Endpoint.Address = bestAgent.IPAddress; // TODO
service.LaunchJob((Guid)session.UserID, J.JobID);
}
catch (Exception ex)
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : Error contacting the agent. Exception = {1}", sessionID, ex.Message));
//HARDCODED
XCommon.Utils.Helper_SendEmail("*****@*****.**", "MANAGER ENGINE ERROR", "THREADLAUNCHSESSION : Error contacting the agent. Exception =" + ex.Message + " " + ex.InnerException);
return;
}
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : The agent has been successfully contacted", sessionID));
// =====================================
//TODO Update table JOB (column AgentID)
// =====================================
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : TODO Updating table JOB (AgentID column)", sessionID));
//TODO
//J.AgentID = bestAgent.AgentID;
//TODO: TryCatch
model.SaveChanges();
}
// =================================
// Wait until all jobs have finished
// =================================
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : Waiting until all jobs have finished", sessionID));
try
{
bool bFinished = false;
do
{
Thread.Sleep(10000); //HARDCODED
bFinished = true;
nbjoberror = 0;
// Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : There are {1} jobs in this session", sessionID, info.ListJob.Count.ToString()));
var myCurrentSession = from Sess in model.SESSION
where Sess.SessionID == sessionID
select Sess;
SESSION CurrentSession = myCurrentSession.ToList().First();
foreach (JOB J in info.ListJob)
{
int AllJobs = 0;
// ==========================
// Get the status of this job
// ==========================
var MyJob = from MyJobs in model.JOB
where MyJobs.JobID == J.JobID
select MyJobs.Status;
string jobStatus = (string)MyJob.ToList().First();
if (jobStatus != XCommon.STATUS.FINISHED.ToString() && jobStatus != XCommon.STATUS.ERROR.ToString())
{
bFinished = false;
break;
}
else
{
if (jobStatus == XCommon.STATUS.ERROR.ToString())
{
nbjoberror++;
}
AllJobs++;
}
int pourcent = (100 / (int)MyJob.Count()) * AllJobs;
// CurrentSession.Status = pourcent + "%";
//model.SaveChanges();
}
}while (bFinished == false);
}
catch (ThreadAbortException ex)
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : Thread has been aborted", sessionID));
Utils.Helper_Trace("MANAGER ENGINE", string.Format("ThreadAbortException : Exception = {0}", ex.Message));
return;
}
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : All jobs have finished ({1} Errors)", sessionID, nbjoberror));
}
// =============================
// Update table SESSION (Status)
// =============================
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : Updating status in table SESSION", sessionID));
var mySession = from Sess in model.SESSION
where Sess.SessionID == sessionID
select Sess;
SESSION MySession = mySession.ToList().First();
string additionalmailMessage = string.Empty;
//Dealing with jobs in error
if (info.ListJob.Count == nbjoberror)
{
//TODO xxx
MySession.Status = XCommon.STATUS.ERROR.ToString();
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : All jobs in error: xxx", sessionID));
//TODO xxx
}
else
{
MySession.Status = XCommon.STATUS.FINISHED.ToString();
}
MySession.DateEnd = DateTimeOffset.Now;
model.SaveChanges();
// ============
// Notification
// ============
//TODO
//XCommon.Utils.Helper_Notify(session.UserID.Value, "TASK_JOB", sessionID.ToString(), XCommon.RIGHT.MODIFY);
//TODO
/*
* string mailMessage = "Hello "+ session.aspnet_Membership.USERS.UserName +". Your Hackenaton session " + sessionID + " ("+ MySession.SERVICECATEGORY.ServiceCategoryName +") is completed with the status: "+ MySession.Status+". Assets scanned: "; //HARDCODED
* var myAssets = from assets in model.ASSET
* join assetinsess in model.ASSETSESSION on assets.AssetID equals assetinsess.AssetID
* where assetinsess.SessionID == sessionID
* select assets;
* foreach (ASSET ass in myAssets)
* {
* //TODO ipaddressIPv4
* mailMessage += ass.ipaddressIPv4 + " ";
* }
* mailMessage += "Completed in " + string.Format("{0:00}:{1:00}:{2:00}", (MySession.DateEnd.Value - MySession.DateStart.Value).Hours, (MySession.DateEnd.Value - MySession.DateStart.Value).Minutes, (MySession.DateEnd.Value - MySession.DateStart.Value).Seconds);
* mailMessage +=". Visit the Hackenaton website to display the Report.";
* mailMessage += additionalmailMessage;
* XCommon.Utils.Helper_SendEmail(session.aspnet_Membership.Email, "Hackenaton scan finished", mailMessage); //HARDCODED
*/
m_ListRunningSessionThread.Remove(sessionID);
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : THREADLAUNCHSESSION : Finished", sessionID));
}
private void FuncThread()
{
XORCISMEntities context;
context = new XORCISMEntities();
// Explicitly open the connection.
//context.Connection.Open();
// =================
// Main polling loop
// =================
try
{
while (true) //Infinite loop
{
// =============================================================================
// PHASE 0 : Look in table SESSION and let's see if there is something to cancel
// =============================================================================
#region Phase0
//Utils.Helper_Trace("MANAGER ENGINE", "Looking for new session to cancel (those with status = 'ToCancel')");
string status;
status = XCommon.STATUS.TOCANCEL.ToString();
XORCISMModel.SESSION cancelSession;
cancelSession = context.SESSION.FirstOrDefault(s => s.Status == status);
if (cancelSession != null)
{
// ===============================
// Abort the Launch Session thread
// ===============================
if (m_ListRunningSessionThread.ContainsKey(cancelSession.SessionID) == true)
{
LaunchSessionThreadInfo info;
info = m_ListRunningSessionThread[cancelSession.SessionID];
Thread musCanceledThread;
musCanceledThread = info.Thread;
musCanceledThread.Abort(cancelSession.SessionID.ToString());
// ==============================
// Launch a Cancel Session thread
// ==============================
Utils.Helper_Trace("MANAGER ENGINE", string.Format("Launching cancel session thread (sessionID={0})", cancelSession.SessionID));
cancelSession.Status = XCommon.STATUS.CANCELLING.ToString();
context.SaveChanges();
ParameterizedThreadStart ts;
ts = new ParameterizedThreadStart(FuncThreadCancelSession);
Thread thread;
thread = new Thread(ts);
thread.Start(info);
}
else
{
//Canceling after Manager crash/reboot
//Session is not in m_ListRunningSessionThread
Utils.Helper_Trace("MANAGER ENGINE", string.Format("Session {0} must be canceled", cancelSession.SessionID));
//int accountID;
//accountID = (int)model.USERACCOUNT.FirstOrDefault(o => o.UserID == session.UserID).AccountID;
// =============================
// Cancel the jobs on the agents
// =============================
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : CANCELSESSION : Cancelling jobs on agents", cancelSession.SessionID));
var jobs = from jc in context.JOB
where jc.SessionID == cancelSession.SessionID
select jc;
foreach (JOB J in jobs.ToList())
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : CANCELSESSION : Handling job {1}", cancelSession.SessionID, J.JobID));
// ====================================
// Contact the agent and cancel the job
// ====================================
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : CANCELSESSION : Trying to contact the agent", cancelSession.SessionID));
try
{
ServiceReferenceAgent.Service1Client service;
service = new ServiceReferenceAgent.Service1Client();
// TODO :
// service.Endpoint.Address = bestAgent.IPAddress;
service.CancelJob(J.JobID);
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : CANCELSESSION : The agent has been successfully contacted", cancelSession.SessionID));
}
catch (Exception ex)
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : CANCELSESSION : Error contacting the agent. Exception = {1} {2}", cancelSession.SessionID, ex.Message, ex.InnerException));
XCommon.Utils.Helper_SendEmail("*****@*****.**", "MANAGER ENGINE ERROR", "CANCELSESSION : Error contacting the agent. Exception =" + ex.Message + " " + ex.InnerException);
//return;
}
}
// =============================
// Update table SESSION (Status)
// =============================
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : CANCELSESSION : Updating status in table SESSION to CANCELED", cancelSession.SessionID));
try
{
cancelSession.Status = XCommon.STATUS.CANCELED.ToString();
cancelSession.DateEnd = DateTimeOffset.Now;
context.SaveChanges();
}
catch (Exception ex)
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : CANCELSESSION : Error CANCELED. Exception = {1}", cancelSession.SessionID, ex.Message));
//return;
}
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : CANCELSESSION : Finished", cancelSession.SessionID));
}
}
#endregion Phase0
// =============================================================================
// PHASE 1 : Look in table SESSION and let's see if there is something to launch
// =============================================================================
Utils.Helper_Trace("MANAGER ENGINE", "Looking for new session to start (status IDLE)"); //DO NOT COMMENT THIS LINE
string Statut = XCommon.STATUS.IDLE.ToString();
var session = context.SESSION.FirstOrDefault(s => s.Status == Statut);
if (session != null)
{
int sessionID;
sessionID = session.SessionID;
//Check if the Account and User are still valid
USERACCOUNT user = null;
user = context.USERACCOUNT.SingleOrDefault(o => o.UserID == session.UserID);
if (user.ACCOUNT.ValidUntilDate != null && user.ACCOUNT.ValidUntilDate < DateTimeOffset.Now)
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("Account not valid for session {0}", sessionID));
Utils.Helper_Trace("MANAGER ENGINE", string.Format("Changing session (sessionID={0}) to CANCELED", sessionID));
session.Status = XCommon.STATUS.CANCELED.ToString();
context.SaveChanges();
}
else
{
if (m_ListRunningSessionThread.ContainsKey(sessionID) == true)
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("Session {0} is supposed to be launched but a thread is already running for this session !", sessionID));
}
else
{
// =======================
// Launch a session thread
// =======================
Utils.Helper_Trace("MANAGER ENGINE", string.Format("Launching session (sessionID={0})", sessionID));
session.Status = XCommon.STATUS.RUNNING.ToString();
context.SaveChanges();
ParameterizedThreadStart managerThreadStart;
managerThreadStart = new ParameterizedThreadStart(FuncThreadLaunchSession);
Thread thread;
thread = new Thread(managerThreadStart);
LaunchSessionThreadInfo info;
info = new LaunchSessionThreadInfo(sessionID, thread);
thread.Start(info);
// ========================
// Put it in the dictionary
// ========================
m_ListRunningSessionThread.Add(sessionID, info);
}
}
}
// ===================================================================================
// PHASE 2 : Look in table SESSIONCRON and let's see if we have to create new sessions
// ===================================================================================
Statut = XCommon.STATUS.IDLE.ToString();
var q = context.SESSIONCRON.Where(o => o.Status == Statut);
foreach (SESSIONCRON sessionCron in q.ToList())
{
if (sessionCron.DateEnd == null || sessionCron.DateEnd > DateTime.Now)
{
//Check if the Account and User are still valid
USERACCOUNT user = null;
user = context.USERACCOUNT.SingleOrDefault(o => o.UserID == sessionCron.UserID);
if (user.ACCOUNT.ValidUntilDate != null && user.ACCOUNT.ValidUntilDate < DateTimeOffset.Now)
{
//Utils.Helper_Trace("MANAGER ENGINE", string.Format("Account not valid for entry {0} in table SESSIONCRON", sessionCron.SessionCronID));
}
else
{
CrontabSchedule schedule;
schedule = CrontabSchedule.Parse(sessionCron.CronExpression);
DateTimeOffset start = DateTimeOffset.Now;
DateTimeOffset end = start + TimeSpan.FromDays(2 * 360);
var occurrence = schedule.GetNextOccurrences(start, end).GetEnumerator();
occurrence.MoveNext();
// Utils.Helper_Trace("MANAGER ENGINE", "SessionCron "+sessionCron.SessionCronID+" Next occurrence=" + occurrence.Current.DayOfWeek.ToString() + " " + occurrence.Current.Day.ToString() + "/" + occurrence.Current.Month.ToString() + "/" + occurrence.Current.Year.ToString() + " " + occurrence.Current.Hour.ToString() + "H" + occurrence.Current.Minute.ToString() + ":" + occurrence.Current.Second.ToString());
TimeSpan ts;
ts = occurrence.Current - start;
if (ts.TotalSeconds <= 5.0)
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("Cron expression for entry {0} in table SESSIONCRON has triggered an execution", sessionCron.SessionCronID));
// ================================
// Extract and parse the parameters
// ================================
Dictionary <string, object> dicoParameters;
try
{
MemoryStream ms;
ms = new MemoryStream(sessionCron.Parameters);
BinaryFormatter bf;
bf = new BinaryFormatter();
dicoParameters = (Dictionary <string, object>)bf.Deserialize(ms);
}
catch (Exception e)
{
Utils.Helper_Trace("MANAGER SERVICE", string.Format("Exception while deserializing parameters : {0}", e.Message));
return;
}
int[] tabAssetID = null;
if (dicoParameters["ASSETS"] != null)
{
tabAssetID = (int[])dicoParameters["ASSETS"];
}
// ================================
// Add a new entry in table SESSION
// ================================
Utils.Helper_Trace("MANAGER ENGINE", string.Format("Adding an entry in table SESSION"));
SESSION tmpSession = new SESSION();
//xxx
try
{
tmpSession.UserID = sessionCron.UserID;
tmpSession.Status = XCommon.STATUS.IDLE.ToString();
tmpSession.ServiceCategoryID = sessionCron.ServiceCategoryID;
tmpSession.DateStart = DateTimeOffset.Now;
tmpSession.DateEnd = null;
tmpSession.Parameters = sessionCron.Parameters;
tmpSession.SessionCronID = sessionCron.SessionCronID;
context.SESSION.Add(tmpSession);
context.SaveChanges();
//xxx
}
catch (Exception ex)
{
//xxx
Utils.Helper_Trace("MANAGER ENGINE", string.Format("Error adding entry in table SESSION : Exception = {0} - {1}", ex.Message, ex.InnerException.Message));
throw ex;
}
Utils.Helper_Trace("MANAGER ENGINE", string.Format("SessionID = {0}", tmpSession.SessionID));
// ============================================
// Add several entries in table ASSETSESSION
// ============================================
if (tabAssetID != null)
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("Adding {0} entries in table ASSETSESSION", tabAssetID.Count()));
try
{
foreach (int assetID in tabAssetID)
{
ASSETSESSION tmpAinS = new ASSETSESSION();
tmpAinS.SESSION = tmpSession;
tmpAinS.AssetID = assetID;
context.ASSETSESSION.Add(tmpAinS);
}
context.SaveChanges();
}
catch (Exception ex)
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("Error adding entries in table ASSETSESSION : Exception = {0}", ex.Message));
throw ex;
}
}
}
}
}
}
// =====
// Sleep
// =====
Thread.Sleep(5000); //Hardcoded
}
}
catch (ThreadAbortException exThreadAbort)
{
//int SessionId;
//SessionId=Convert.ToInt32((string)exThreadAbort.ExceptionState);
//XORCISMModel.SESSION musBeCanceledSession;
//musBeCanceledSession=context.SESSION.SingleOrDefault(s => s.SessionID == SessionId);
//if (musBeCanceledSession != null)
//{
// musBeCanceledSession.Status = XCommon.STATUS.TOCANCEL.ToString();
// context.SaveChanges();
//}
Utils.Helper_Trace("MANAGER ENGINE", string.Format("ThreadError in main polling loop : Exception = {0}", exThreadAbort.Message));
//HARDCODED
XCommon.Utils.Helper_SendEmail("*****@*****.**", "ThreadError in XManager", "MyException = " + exThreadAbort.Message + " " + exThreadAbort.InnerException);
return;
}
catch (Exception ex)
{
Utils.Helper_Trace("MANAGER ENGINE", string.Format("Error in main polling loop : Exception = {0} {1}", ex.Message, ex.InnerException));
//HARDCODED
XCommon.Utils.Helper_SendEmail("*****@*****.**", "Error in XManager", "MyException = " + ex.Message + " " + ex.InnerException);
return;
}
}
static void Main(string[] args)
{
//https://www.owasp.org/index.php/OWASP_Dependency_Check
Excel.Application xlApp;
Excel.Workbook xlWorkBook;
object misValue = System.Reflection.Missing.Value;
xlApp = new Excel.Application();
xlWorkBook = xlApp.Workbooks.Add(misValue);
xlWorkSheet = (Excel.Worksheet)xlWorkBook.Worksheets.get_Item(1);
int iColumnIndex = 1;
XORCISMEntities model = new XORCISMEntities();
//https://stackoverflow.com/questions/5940225/fastest-way-of-inserting-in-entity-framework
model.Configuration.AutoDetectChangesEnabled = false;
model.Configuration.ValidateOnSaveEnabled = false;
int iVocabularyOWASPdepcheckID = 0; // 11;
string sOWASPdepcheckVersion = "1.3.1"; //HARDCODED TODO
#region vocabularyowaspdepcheck
try
{
iVocabularyOWASPdepcheckID = model.VOCABULARY.Where(o => o.VocabularyName == "OWASP dependency-check" && o.VocabularyVersion == sOWASPdepcheckVersion).Select(o => o.VocabularyID).FirstOrDefault();
}
catch (Exception ex)
{
}
if (iVocabularyOWASPdepcheckID <= 0)
{
try
{
VOCABULARY oVocabulary = new VOCABULARY();
oVocabulary.CreatedDate = DateTimeOffset.Now;
oVocabulary.VocabularyName = "OWASP dependency-check"; //HARDCODED
oVocabulary.VocabularyVersion = sOWASPdepcheckVersion;
model.VOCABULARY.Add(oVocabulary);
model.SaveChanges();
iVocabularyOWASPdepcheckID = oVocabulary.VocabularyID;
Console.WriteLine("DEBUG iVocabularyOWASPdepcheckID=" + iVocabularyOWASPdepcheckID);
}
catch (Exception ex)
{
}
}
#endregion vocabularyowaspdepcheck
XmlDocument doc;
doc = new XmlDocument();
doc.Load(@"dependency-check-report.xml"); //HARDCODED
//TODO security: Validate XSD
//xmlvalidator xsd=new xmlvalidator()
//Global variables
string sTemp = "";
string sProjectName = "";
string sReportDate = "";
string sDependencyFileName = "";
string sDependencyFilePath = "";
string sDependencyMD5 = "";
string sDependencySHA1 = "";
XmlNodeList nodes1;
nodes1 = doc.DocumentElement.SelectNodes("/");
Console.WriteLine(nodes1.Count);
#region parsexml
foreach (XmlNode node in nodes1)
{
foreach (XmlNode node2 in node)
{
//Console.WriteLine(node2.Name);
if (node2.Name == "analysis")
{
foreach (XmlNode node3 in node2)
{
try
{
sTemp = node3.Name.Trim();
Console.WriteLine("DEBUG " + sTemp);
//scanInfo
//projectInfo
//dependencies
switch (sTemp)
{
case "scanInfo":
//TODO
//engineVersion
//dataSource
//name
//timestamp
break;
case "projectInfo":
//TODO
//name
//reportDate
//credits
try
{
//sProjectName = node3.SelectSingleNode("name").InnerText;
foreach (XmlNode nodeprojectInfo in node3)
{
if (nodeprojectInfo.Name.Trim() == "name")
{
sProjectName = nodeprojectInfo.InnerText;
}
else
{
if (nodeprojectInfo.Name.Trim() == "reportDate")
{
sReportDate = nodeprojectInfo.InnerText;
}
}
}
Console.WriteLine("DEBUG sProjectName=" + sProjectName);
Console.WriteLine("DEBUG sReportDate=" + sReportDate);
}
catch (Exception exprojectInfo)
{
Console.WriteLine("Exception exprojectInfo: " + exprojectInfo.Message + " " + exprojectInfo.InnerException);
}
break;
case "dependencies":
foreach (XmlNode nodeDependency in node3) //dependency
{
sDependencyFileName = "";
sDependencyFilePath = "";
sDependencyMD5 = "";
sDependencySHA1 = "";
//sDependencyFileName = nodeDependency.SelectSingleNode("fileName").InnerText;
foreach (XmlNode nodeDependencyInfo in nodeDependency)
{
sTemp = nodeDependencyInfo.Name.Trim();
switch (sTemp)
{
case "fileName":
sDependencyFileName = nodeDependencyInfo.InnerText;
break;
case "filePath":
sDependencyFilePath = nodeDependencyInfo.InnerText;
break;
case "md5":
sDependencyMD5 = nodeDependencyInfo.InnerText;
break;
case "sha1":
sDependencySHA1 = nodeDependencyInfo.InnerText;
break;
default:
//TODO
Console.WriteLine("ERROR1 " + sTemp + " not managed.");
//relatedDependencies
break;
}
/*
* Console.WriteLine("DEBUG sDependencyFileName=" + sDependencyFileName);
* Console.WriteLine("DEBUG sDependencyFilePath=" + sDependencyFilePath);
* Console.WriteLine("DEBUG sDependencyMD5=" + sDependencyMD5);
* Console.WriteLine("DEBUG sDependencySHA1=" + sDependencySHA1);
*/
}
xlWorkSheet.Cells[iRowIndex, 1] = sDependencyFileName;
xlWorkSheet.Cells[iRowIndex, 2] = sDependencyFilePath;
xlWorkSheet.Cells[iRowIndex, 3] = sDependencyMD5;
xlWorkSheet.Cells[iRowIndex, 4] = sDependencySHA1;
iRowIndex++;
}
break;
default:
Console.WriteLine("ERROR2 " + node3.Name + " not managed.");
//TODO
//evidenceCollected
//identifiers
//vulnerabilities
break;
}
}
catch (Exception exnode3Name)
{
Console.WriteLine("Exception exnode3Name: " + exnode3Name.Message + " " + exnode3Name.InnerException);
}
}
}
}
}
#endregion parsexml
//*********************************************************
string sCurrentPath = Directory.GetCurrentDirectory();
//HARDCODED
xlWorkBook.SaveAs(sCurrentPath + @"\" + sProjectName + "-dependencies.xls", Excel.XlFileFormat.xlWorkbookNormal, misValue, misValue, misValue, misValue, Excel.XlSaveAsAccessMode.xlExclusive, misValue, misValue, misValue, misValue, misValue);
xlWorkBook.Close(true, misValue, misValue);
xlApp.Quit();
releaseObject(xlWorkSheet);
releaseObject(xlWorkBook);
releaseObject(xlApp);
Console.WriteLine(sProjectName + "-dependencies.xls created.");
}
public void Run(string target, int jobID, string policy, string strategy)
{
m_jobId = jobID;
m_target = target;
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "Entering Run()");
Utils.Helper_Trace("XORCISM PROVIDER XINFO", string.Format("Target = {0} , JobID = {1} , Policy = {2}", target, jobID, policy));
//Check if we have an IP address
//string pattern = @"^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.
//([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}$";
string pattern = @"^\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?$"; //TODO IPv6...
//create our Regular Expression object
Regex check = new Regex(pattern);
if (check.IsMatch(target.Trim(), 0))
{
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + jobID + " target is an IP address");
}
else
{
try
{
//It should be a domain name
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + jobID + " target: " + target + " is not an IP address");
// = target.Replace("http://", "");
//target = target.Replace("https://", "");
//target = target.Replace("/", "");
if (!target.Contains("://"))
{
target = "http://" + target;
}
//TODO? HTTPS
target = new Uri(target).Host;
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + jobID + " targetmodified: " + target);
if (check.IsMatch(target.Trim(), 0))
{
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + jobID + " targetmodified is an IP address");
}
else
{
//crackme.cenzic.com
string[] sectons = target.Split(new char[] { '.' });
if (sectons.Length == 3)
{
//target = string.Join(".", sectons, 1, 2);
whois_info(string.Join(".", sectons, 1, 2));
Thread.Sleep(30000); //Hardcoded
search_email_collector(string.Join(".", sectons, 1, 2));
}
else
{
whois_info(target);
Thread.Sleep(30000); //Hardcoded
search_email_collector(target);
}
IPHostEntry ipEntry = Dns.GetHostEntry(target);
IPAddress[] addr = ipEntry.AddressList;
target = addr[0].ToString();
}
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER XINFO", string.Format("JobID:" + jobID + " Dns.GetHostEntry Exception = {0} / {1}", ex.Message, ex.InnerException == null ? "" : ex.InnerException.Message));
}
}
XINFOParser infoParser = null;
try
{
infoParser = new XINFOParser(target, jobID, policy, strategy);
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + jobID + "Exception Parser = " + ex.Message + " " + ex.InnerException);
}
string status = XCommon.STATUS.FINISHED.ToString();
// =================================================
// Change the status of the job to FINISHED or ERROR
// =================================================
if (infoParser.Parse() == false)
{
status = XCommon.STATUS.ERROR.ToString();
Utils.Helper_Trace("XORCISM PROVIDER XINFO", string.Format("Updating job {0} status to ERROR", jobID));
XCommon.Utils.Helper_SendEmail("*****@*****.**", "XINFO ERROR", "XINFO ERROR for job:" + jobID);
}
else
{
Utils.Helper_Trace("XORCISM PROVIDER XINFO", string.Format("Updating job {0} status to FINISHED", jobID));
}
try
{
XORCISMEntities model = new XORCISMEntities();
var Q = from j in model.JOB
where j.JobID == jobID
select j;
JOB myJob = Q.FirstOrDefault();
myJob.Status = status;
myJob.DateEnd = DateTimeOffset.Now;
//image
System.Text.UTF8Encoding encoding = new System.Text.UTF8Encoding();
myJob.XmlResult = encoding.GetBytes(m_data);
model.SaveChanges();
//FREE MEMORY
model.Dispose();
infoParser = null;
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + jobID + "Exception UpdateJob = " + ex.Message + " " + ex.InnerException);
}
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + jobID + "Leaving Run()");
}
static void Main()
{
XORCISMEntities model = new XORCISMEntities();
//https://stackoverflow.com/questions/5940225/fastest-way-of-inserting-in-entity-framework
model.Configuration.AutoDetectChangesEnabled = false;
model.Configuration.ValidateOnSaveEnabled = false;
int iVocabularyCYBOXID = 0; // 11;
string sCYBOXVersion = "2.1"; //HARDCODED TODO
#region vocabularycybox
try
{
iVocabularyCYBOXID = model.VOCABULARY.Where(o => o.VocabularyName == "CYBOX" && o.VocabularyVersion == sCYBOXVersion).Select(o => o.VocabularyID).FirstOrDefault();
}
catch (Exception ex)
{
}
if (iVocabularyCYBOXID <= 0)
{
try
{
VOCABULARY oVocabulary = new VOCABULARY();
oVocabulary.CreatedDate = DateTimeOffset.Now;
oVocabulary.VocabularyName = "CYBOX"; //HARDCODED
oVocabulary.VocabularyVersion = sCYBOXVersion;
model.VOCABULARY.Add(oVocabulary);
model.SaveChanges();
iVocabularyCYBOXID = oVocabulary.VocabularyID;
Console.WriteLine("DEBUG iVocabularyCYBOXID=" + iVocabularyCYBOXID);
}
catch (Exception ex)
{
}
}
#endregion vocabularycybox
XmlDocument doc;
doc = new XmlDocument();
//TODO: download the file
doc.Load(@"C:\nvdcve\cybox_default_vocabularies.xsd"); //HARDCODED
//TODO: Validate XSD
XmlNamespaceManager mgr = new XmlNamespaceManager(doc.NameTable);
mgr.AddNamespace("xs", "http://www.w3.org/2001/XMLSchema");
XmlNodeList nodes1;
nodes1 = doc.SelectNodes("/xs:schema/xs:simpleType", mgr);
Console.WriteLine(nodes1.Count);
foreach (XmlNode node in nodes1) //enumeration
{
//Console.WriteLine("DEBUG node.Name="+node.Name);
string sNodeName = node.Attributes["name"].InnerText;
Console.WriteLine(sNodeName);
if (sNodeName.Contains("Enum-")) //HARDCODED
{
bool bEnumerationProcessed = false;
//Get the EnumerationName and Version
//ActionNameEnum-1.1
string[] words = sNodeName.Split('-');
string sEnumerationName = words[0];
string sEnumerationVersion = words[1];
//Check if we have this EnumerationVersion in the database
//First check the Version
#region version
XORCISMModel.VERSION oVersion;
int iVersionID = 0;
try
{
iVersionID = model.VERSION.FirstOrDefault(o => o.VersionValue == sEnumerationVersion).VersionID;
}
catch (Exception ex)
{
}
if (iVersionID <= 0)
{
oVersion = new VERSION();
oVersion.VersionValue = sEnumerationVersion;
oVersion.VocabularyID = iVocabularyCYBOXID;
model.VERSION.Add(oVersion);
model.SaveChanges();
iVersionID = oVersion.VersionID;
}
else
{
//Update VERSION
}
#endregion version
#region enumerationversion
XORCISMModel.ENUMERATIONVERSION oEnumerationVersion;
int iEnumerationVersionID = 0;
try
{
iEnumerationVersionID = model.ENUMERATIONVERSION.FirstOrDefault(o => o.EnumerationName == sEnumerationName && o.VersionID == iVersionID).EnumerationVersionID;
}
catch (Exception ex)
{
}
if (iEnumerationVersionID <= 0)
{
oEnumerationVersion = new ENUMERATIONVERSION();
oEnumerationVersion.EnumerationName = sEnumerationName;
oEnumerationVersion.VersionID = iVersionID;
oEnumerationVersion.VocabularyID = iVocabularyCYBOXID;
model.ENUMERATIONVERSION.Add(oEnumerationVersion);
model.SaveChanges();
iEnumerationVersionID = oEnumerationVersion.EnumerationVersionID;
}
else
{
//Update ENUMERATIONVERSION
}
#endregion enumerationversion
//***********************************************************************************************************************************
if (sNodeName.Contains("ActionTypeEnum")) //HARDCODED
{
#region actiontype
foreach (XmlNode node2 in node)
{
//Console.WriteLine(node2.Name);
if (node2.Name == "xs:restriction") //HARDCODED
{
foreach (XmlNode nodeEnumeration in node2) //xs:enumeration
{
string sEnumerationValue = nodeEnumeration.Attributes["value"].InnerText;
XORCISMModel.ACTIONTYPE myActionType;
myActionType = model.ACTIONTYPE.FirstOrDefault(o => o.ActionTypeName == sEnumerationValue && o.EnumerationVersionID == iEnumerationVersionID);// && o.VocabularyID == iVocabularyCYBOXID);
if (myActionType == null)
{
Console.WriteLine("DEBUG Adding new ACTIONTYPE " + sEnumerationValue);
myActionType = new ACTIONTYPE();
myActionType.ActionTypeName = sEnumerationValue;
myActionType.VocabularyID = iVocabularyCYBOXID;
myActionType.EnumerationVersionID = iEnumerationVersionID;
model.ACTIONTYPE.Add(myActionType);
model.SaveChanges();
}
else
{
//Update ACTIONTYPE
}
foreach (XmlNode node3 in nodeEnumeration) //xs:annotation
{
foreach (XmlNode node4 in node3) //xs:documentation
{
if (node4.Name == "xs:documentation") //HARDCODED
{
Console.WriteLine("DEBUG documentation=" + node4.InnerText);
myActionType.ActionTypeDescription = node4.InnerText;
model.SaveChanges();
}
}
}
}
}
}
#endregion actiontype
bEnumerationProcessed = true;
}
//***********************************************************************************************************************************
if (sNodeName.Contains("ActionNameEnum"))
{
#region actionname
foreach (XmlNode node2 in node)
{
//Console.WriteLine(node2.Name);
if (node2.Name == "xs:restriction")
{
foreach (XmlNode nodeEnumeration in node2) //xs:enumeration
{
string sEnumerationValue = nodeEnumeration.Attributes["value"].InnerText;
XORCISMModel.ACTIONNAME myActionName;
myActionName = model.ACTIONNAME.FirstOrDefault(o => o.ActionNameName == sEnumerationValue && o.EnumerationVersionID == iEnumerationVersionID);// && o.VocabularyID == iVocabularyCYBOXID);
if (myActionName == null)
{
Console.WriteLine("DEBUG Adding new ACTIONNAME " + sEnumerationValue);
myActionName = new ACTIONNAME();
myActionName.ActionNameName = sEnumerationValue;
myActionName.VocabularyID = iVocabularyCYBOXID;
myActionName.EnumerationVersionID = iEnumerationVersionID;
model.ACTIONNAME.Add(myActionName);
model.SaveChanges();
}
else
{
//Update ACTIONNAME
}
foreach (XmlNode node3 in nodeEnumeration) //xs:annotation
{
foreach (XmlNode node4 in node3) //xs:documentation
{
if (node4.Name == "xs:documentation")
{
Console.WriteLine("DEBUG documentation=" + node4.InnerText);
myActionName.ActionNameDescription = node4.InnerText;
model.SaveChanges();
}
}
}
}
}
}
#endregion actionname
bEnumerationProcessed = true;
}
//***
//***********************************************************************************************************************************
if (sNodeName.Contains("ActionArgumentNameEnum"))
{
#region actionargument
foreach (XmlNode node2 in node)
{
//Console.WriteLine(node2.Name);
if (node2.Name == "xs:restriction")
{
foreach (XmlNode nodeEnumeration in node2) //xs:enumeration
{
string sEnumerationValue = nodeEnumeration.Attributes["value"].InnerText;
XORCISMModel.ACTIONARGUMENTNAME myActionArgumentName;
myActionArgumentName = model.ACTIONARGUMENTNAME.FirstOrDefault(o => o.ActionArgumentNameName == sEnumerationValue);// && o.VocabularyID == iVocabularyCYBOXID);
if (myActionArgumentName == null)
{
Console.WriteLine("DEBUG Adding new ACTIONARGUMENTNAME " + sEnumerationValue);
myActionArgumentName = new ACTIONARGUMENTNAME();
myActionArgumentName.ActionArgumentNameName = sEnumerationValue;
myActionArgumentName.VocabularyID = iVocabularyCYBOXID;
model.ACTIONARGUMENTNAME.Add(myActionArgumentName);
model.SaveChanges();
}
foreach (XmlNode node3 in nodeEnumeration) //xs:annotation
{
foreach (XmlNode node4 in node3) //xs:documentation
{
if (node4.Name == "xs:documentation")
{
myActionArgumentName.ActionArgumentNameDescription = node4.InnerText;
model.SaveChanges();
}
}
}
}
}
}
#endregion actionargument
bEnumerationProcessed = true;
}
//***
//***********************************************************************************************************************************
if (sNodeName.Contains("ActionObjectAssociationTypeEnum"))
{
#region actionobjectassociation
foreach (XmlNode node2 in node)
{
//Console.WriteLine(node2.Name);
if (node2.Name == "xs:restriction")
{
foreach (XmlNode nodeEnumeration in node2) //xs:enumeration
{
string sEnumerationValue = nodeEnumeration.Attributes["value"].InnerText;
XORCISMModel.ACTIONOBJECTASSOCIATIONTYPE myActionObjectAssociationType;
myActionObjectAssociationType = model.ACTIONOBJECTASSOCIATIONTYPE.FirstOrDefault(o => o.ActionObjectAssociationTypeName == sEnumerationValue);// && o.VocabularyID == iVocabularyCYBOXID);
if (myActionObjectAssociationType == null)
{
Console.WriteLine("DEBUG Adding new ACTIONOBJECTASSOCIATIONTYPE " + sEnumerationValue);
myActionObjectAssociationType = new ACTIONOBJECTASSOCIATIONTYPE();
myActionObjectAssociationType.ActionObjectAssociationTypeName = sEnumerationValue;
myActionObjectAssociationType.VocabularyID = iVocabularyCYBOXID;
model.ACTIONOBJECTASSOCIATIONTYPE.Add(myActionObjectAssociationType);
model.SaveChanges();
}
foreach (XmlNode node3 in nodeEnumeration) //xs:annotation
{
foreach (XmlNode node4 in node3) //xs:documentation
{
if (node4.Name == "xs:documentation")
{
myActionObjectAssociationType.ActionObjectAssociationTypeDescription = node4.InnerText;
model.SaveChanges();
}
}
}
}
}
}
#endregion actionobjectassociation
bEnumerationProcessed = true;
}
//***
//***********************************************************************************************************************************
if (sNodeName.Contains("ActionRelationshipTypeEnum"))
{
#region actionrelationtype
foreach (XmlNode node2 in node)
{
//Console.WriteLine(node2.Name);
if (node2.Name == "xs:restriction")
{
foreach (XmlNode nodeEnumeration in node2) //xs:enumeration
{
string sEnumerationValue = nodeEnumeration.Attributes["value"].InnerText;
XORCISMModel.ACTIONRELATIONSHIPTYPE myActionRelationshipType;
myActionRelationshipType = model.ACTIONRELATIONSHIPTYPE.FirstOrDefault(o => o.ActionRelationshipTypeName == sEnumerationValue);// && o.VocabularyID == iVocabularyCYBOXID);
if (myActionRelationshipType == null)
{
Console.WriteLine("DEBUG Adding new ACTIONRELATIONSHIPTYPE " + sEnumerationValue);
myActionRelationshipType = new ACTIONRELATIONSHIPTYPE();
myActionRelationshipType.ActionRelationshipTypeName = sEnumerationValue;
myActionRelationshipType.VocabularyID = iVocabularyCYBOXID;
model.ACTIONRELATIONSHIPTYPE.Add(myActionRelationshipType);
model.SaveChanges();
}
foreach (XmlNode node3 in nodeEnumeration) //xs:annotation
{
foreach (XmlNode node4 in node3) //xs:documentation
{
if (node4.Name == "xs:documentation")
{
myActionRelationshipType.ActionRelationshipTypeDescription = node4.InnerText;
model.SaveChanges();
}
}
}
}
}
}
#endregion actionrelationtype
bEnumerationProcessed = true;
}
//***
//***********************************************************************************************************************************
if (sNodeName.Contains("EventTypeEnum"))
{
#region eventtype
foreach (XmlNode node2 in node)
{
//Console.WriteLine(node2.Name);
if (node2.Name == "xs:restriction")
{
foreach (XmlNode nodeEnumeration in node2) //xs:enumeration
{
string sEnumerationValue = nodeEnumeration.Attributes["value"].InnerText;
XORCISMModel.EVENTTYPE myEventType;
myEventType = model.EVENTTYPE.FirstOrDefault(o => o.EventTypeName == sEnumerationValue);// && o.VocabularyID == iVocabularyCYBOXID);
if (myEventType == null)
{
Console.WriteLine("DEBUG Adding new EVENTTYPE " + sEnumerationValue);
myEventType = new EVENTTYPE();
myEventType.EventTypeName = sEnumerationValue;
myEventType.VocabularyID = iVocabularyCYBOXID;
model.EVENTTYPE.Add(myEventType);
model.SaveChanges();
}
foreach (XmlNode node3 in nodeEnumeration) //xs:annotation
{
foreach (XmlNode node4 in node3) //xs:documentation
{
if (node4.Name == "xs:documentation")
{
myEventType.EventTypeDescription = node4.InnerText;
model.SaveChanges();
}
}
}
}
}
}
#endregion eventtype
bEnumerationProcessed = true;
}
//***
//***********************************************************************************************************************************
if (sNodeName.Contains("ObjectRelationshipEnum"))
{
#region objectrelation
foreach (XmlNode node2 in node)
{
//Console.WriteLine(node2.Name);
if (node2.Name == "xs:restriction")
{
foreach (XmlNode nodeEnumeration in node2) //xs:enumeration
{
string sEnumerationValue = nodeEnumeration.Attributes["value"].InnerText;
XORCISMModel.OBJECTRELATIONSHIP myObjectRelationship;
myObjectRelationship = model.OBJECTRELATIONSHIP.FirstOrDefault(o => o.ObjectRelationshipName == sEnumerationValue);// && o.VocabularyID == iVocabularyCYBOXID);
if (myObjectRelationship == null)
{
Console.WriteLine("DEBUG Adding new OBJECTRELATIONSHIP " + sEnumerationValue);
myObjectRelationship = new OBJECTRELATIONSHIP();
myObjectRelationship.ObjectRelationshipName = sEnumerationValue;
myObjectRelationship.VocabularyID = iVocabularyCYBOXID;
model.OBJECTRELATIONSHIP.Add(myObjectRelationship);
model.SaveChanges();
}
foreach (XmlNode node3 in nodeEnumeration) //xs:annotation
{
foreach (XmlNode node4 in node3) //xs:documentation
{
if (node4.Name == "xs:documentation")
{
myObjectRelationship.ObjectRelationshipDescription = node4.InnerText;
model.SaveChanges();
}
}
}
}
}
}
#endregion objectrelation
bEnumerationProcessed = true;
}
//***
//***********************************************************************************************************************************
if (sNodeName.Contains("ObjectStateEnum"))
{
#region objectstate
foreach (XmlNode node2 in node)
{
//Console.WriteLine(node2.Name);
if (node2.Name == "xs:restriction")
{
foreach (XmlNode nodeEnumeration in node2) //xs:enumeration
{
string sEnumerationValue = nodeEnumeration.Attributes["value"].InnerText;
XORCISMModel.OBJECTSTATE myObjectState;
myObjectState = model.OBJECTSTATE.FirstOrDefault(o => o.ObjectStateName == sEnumerationValue);// && o.VocabularyID == iVocabularyCYBOXID);
if (myObjectState == null)
{
Console.WriteLine("DEBUG Adding new OBJECTSTATE " + sEnumerationValue);
myObjectState = new OBJECTSTATE();
myObjectState.ObjectStateName = sEnumerationValue;
myObjectState.VocabularyID = iVocabularyCYBOXID;
model.OBJECTSTATE.Add(myObjectState);
model.SaveChanges();
}
foreach (XmlNode node3 in nodeEnumeration) //xs:annotation
{
foreach (XmlNode node4 in node3) //xs:documentation
{
if (node4.Name == "xs:documentation")
{
myObjectState.ObjectStateDescription = node4.InnerText;
model.SaveChanges();
}
}
}
}
}
}
#endregion objectstate
bEnumerationProcessed = true;
}
//***
//***********************************************************************************************************************************
if (sNodeName.Contains("CharacterEncodingEnum"))
{
#region characterencoding
foreach (XmlNode node2 in node)
{
//Console.WriteLine(node2.Name);
if (node2.Name == "xs:restriction")
{
foreach (XmlNode nodeEnumeration in node2) //xs:enumeration
{
string sEnumerationValue = nodeEnumeration.Attributes["value"].InnerText;
XORCISMModel.CHARACTERENCODING myCharacterEncoding;
myCharacterEncoding = model.CHARACTERENCODING.FirstOrDefault(o => o.CharacterEncodingName == sEnumerationValue);// && o.VocabularyID == iVocabularyCYBOXID);
if (myCharacterEncoding == null)
{
Console.WriteLine("DEBUG Adding new CHARACTERENCODING " + sEnumerationValue);
myCharacterEncoding = new CHARACTERENCODING();
myCharacterEncoding.CharacterEncodingName = sEnumerationValue;
myCharacterEncoding.VocabularyID = iVocabularyCYBOXID;
model.CHARACTERENCODING.Add(myCharacterEncoding);
model.SaveChanges();
}
foreach (XmlNode node3 in nodeEnumeration) //xs:annotation
{
foreach (XmlNode node4 in node3) //xs:documentation
{
if (node4.Name == "xs:documentation")
{
myCharacterEncoding.CharacterEncodingDescription = node4.InnerText;
model.SaveChanges();
}
}
}
}
}
}
#endregion characterencoding
bEnumerationProcessed = true;
}
//***
//***********************************************************************************************************************************
if (sNodeName.Contains("InformationSourceTypeEnum"))
{
#region infosourcetype
foreach (XmlNode node2 in node)
{
//Console.WriteLine(node2.Name);
if (node2.Name == "xs:restriction")
{
foreach (XmlNode nodeEnumeration in node2) //xs:enumeration
{
string sEnumerationValue = nodeEnumeration.Attributes["value"].InnerText;
XORCISMModel.INFORMATIONSOURCETYPE myInformationSourceType;
myInformationSourceType = model.INFORMATIONSOURCETYPE.FirstOrDefault(o => o.InformationSourceTypeName == sEnumerationValue);// && o.VocabularyID == iVocabularyCYBOXID);
if (myInformationSourceType == null)
{
Console.WriteLine("DEBUG Adding new INFORMATIONSOURCETYPE " + sEnumerationValue);
myInformationSourceType = new INFORMATIONSOURCETYPE();
myInformationSourceType.InformationSourceTypeName = sEnumerationValue;
myInformationSourceType.VocabularyID = iVocabularyCYBOXID;
model.INFORMATIONSOURCETYPE.Add(myInformationSourceType);
model.SaveChanges();
}
foreach (XmlNode node3 in nodeEnumeration) //xs:annotation
{
foreach (XmlNode node4 in node3) //xs:documentation
{
if (node4.Name == "xs:documentation")
{
myInformationSourceType.InformationSourceTypeDescription = node4.InnerText;
model.SaveChanges();
}
}
}
}
}
}
#endregion infosourcetype
bEnumerationProcessed = true;
}
//***
//***********************************************************************************************************************************
if (sNodeName.Contains("HashNameEnum"))
{
#region hashname
foreach (XmlNode node2 in node)
{
//Console.WriteLine(node2.Name);
if (node2.Name == "xs:restriction")
{
foreach (XmlNode nodeEnumeration in node2) //xs:enumeration
{
string sEnumerationValue = nodeEnumeration.Attributes["value"].InnerText;
XORCISMModel.HASHNAME myHashName;
myHashName = model.HASHNAME.FirstOrDefault(o => o.HashingAlgorithmName == sEnumerationValue);// && o.VocabularyID == iVocabularyCYBOXID);
if (myHashName == null)
{
Console.WriteLine("DEBUG Adding new HASHNAME " + sEnumerationValue);
myHashName = new HASHNAME();
myHashName.HashingAlgorithmName = sEnumerationValue;
myHashName.VocabularyID = iVocabularyCYBOXID;
model.HASHNAME.Add(myHashName);
model.SaveChanges();
}
foreach (XmlNode node3 in nodeEnumeration) //xs:annotation
{
foreach (XmlNode node4 in node3) //xs:documentation
{
if (node4.Name == "xs:documentation")
{
myHashName.HashingAlgorithmDescription = node4.InnerText;
model.SaveChanges();
}
}
}
}
}
}
#endregion hashname
bEnumerationProcessed = true;
}
//***
//***********************************************************************************************************************************
if (sNodeName.Contains("ToolTypeEnum"))
{
#region tooltype
foreach (XmlNode node2 in node)
{
//Console.WriteLine(node2.Name);
if (node2.Name == "xs:restriction")
{
foreach (XmlNode nodeEnumeration in node2) //xs:enumeration
{
string sEnumerationValue = nodeEnumeration.Attributes["value"].InnerText;
XORCISMModel.TOOLTYPE myToolType;
myToolType = model.TOOLTYPE.FirstOrDefault(o => o.ToolTypeName == sEnumerationValue);// && o.VocabularyID == iVocabularyCYBOXID);
if (myToolType == null)
{
Console.WriteLine("DEBUG Adding new TOOLTYPE " + sEnumerationValue);
myToolType = new TOOLTYPE();
myToolType.ToolTypeName = sEnumerationValue;
myToolType.VocabularyID = iVocabularyCYBOXID;
model.TOOLTYPE.Add(myToolType);
model.SaveChanges();
}
foreach (XmlNode node3 in nodeEnumeration) //xs:annotation
{
foreach (XmlNode node4 in node3) //xs:documentation
{
if (node4.Name == "xs:documentation")
{
myToolType.ToolTypeDescription = node4.InnerText;
model.SaveChanges();
}
}
}
}
}
}
#endregion tooltype
bEnumerationProcessed = true;
}
//***
if (!bEnumerationProcessed)
{
Console.WriteLine("ERROR Missing Code for " + sNodeName);
//sCurrentEnum = "";
}
}
}
//Application.EnableVisualStyles();
//Application.SetCompatibleTextRenderingDefault(false);
//Application.Run(new Form1());
}
private void button1_Click_1(object sender, EventArgs e)
{
//NOTE: OUTDATED Project. See Import_all
string filename;
//http://www.saintcorporation.com/xml/exploits.xml
try
{
WebClient wc = new WebClient();
wc.DownloadFile("http://www.saintcorporation.com/xml/exploits.xml", "C:/nvdcve/exploits.xml"); //HARDCODED
//
wc.Dispose();
//MessageBox.Show("Download is completed", "info", MessageBoxButtons.OK, MessageBoxIcon.Question, MessageBoxDefaultButton.Button1);
}
catch (Exception ex)
{
MessageBox.Show("Error while downloading exploits.xml\n" + ex.Message, "Erreur", MessageBoxButtons.OK, MessageBoxIcon.Hand, MessageBoxDefaultButton.Button1);
}
filename = @"C:\nvdcve\exploits.xml"; //HARDCODED
XmlDocument doc = new XmlDocument();
doc.Load(filename);
string query = "/xml/body/exploits";
XmlNode report;
report = doc.SelectSingleNode(query);
XORCISMEntities model = new XORCISMEntities();
XVULNERABILITYEntities vuln_model = new XVULNERABILITYEntities();
foreach (XmlNode n in report.ChildNodes)
{
//if (n.Name.ToUpper() == "exploit".ToUpper() && n.ChildNodes != null && n.ChildNodes.Count > 0)
//{
EXPLOIT sploit = new EXPLOIT();
string myRefID = n.Attributes["id"].InnerText;
sploit.ExploitRefID = myRefID;
sploit.ExploitName = n.Attributes["id"].InnerText;
sploit.ExploitReferential = "saint";
sploit.ExploitDescription = HelperGetChildInnerText(n, "description");
//TODO
//sploit.saint_id = HelperGetChildInnerText(n, "saint_id");
sploit.ExploitType = HelperGetChildInnerText(n, "type");
//Search the VulnerabilityID
string myCVE = HelperGetChildInnerText(n, "cve");
int vulnID = 0;
if (myCVE != "")
{
var syn = from S in vuln_model.VULNERABILITY
where S.VULReferential.Equals("cve") &&
S.VULReferentialID.Equals(myCVE)
select S;
if (syn.Count() != 0)
{
vulnID = syn.ToList().First().VulnerabilityID;
// MessageBox.Show("VulnerabilityID of " + myCVE + " is:" + vulnID);
}
else
{
//MessageBox.Show("Import_saint_exploits CVE not found! " + myCVE);
//CANDIDATE
VULNERABILITY canCVE = new VULNERABILITY();
canCVE.VULReferential = "cve";
canCVE.VULReferentialID = myCVE;
canCVE.VULDescription = "CANDIDATE";
vuln_model.VULNERABILITY.Add(canCVE);
vuln_model.SaveChanges();
vulnID = canCVE.VulnerabilityID;
// return;
}
}
//Check if the exploit already exists in the database
var syna = from S in model.EXPLOIT
where S.ExploitReferential.Equals("saint") &&
S.ExploitRefID.Equals(myRefID)
select S;
if (syna.Count() == 0)
{
model.EXPLOIT.Add(sploit);
}
else
{
sploit.ExploitID = syna.ToList().First().ExploitID;
}
try
{
model.SaveChanges();
}
catch (FormatException ex)
{
MessageBox.Show("FormatException AddToEXPLOIT : " + ex);
return;
}
if (vulnID != 0)
{
//Check if EXPLOITFORVULNERABILITY already exists in the database
var synj = from S in model.EXPLOITFORVULNERABILITY
where S.VulnerabilityID.Equals(vulnID) &&
S.ExploitID.Equals(sploit.ExploitID)
select S;
if (synj.Count() == 0)
{
EXPLOITFORVULNERABILITY sploitvuln = new EXPLOITFORVULNERABILITY();
sploitvuln.VulnerabilityID = vulnID;
sploitvuln.ExploitID = sploit.ExploitID;
try
{
model.EXPLOITFORVULNERABILITY.Add(sploitvuln);
model.SaveChanges();
}
catch (FormatException ex)
{
MessageBox.Show("AddToEXPLOITFORVULNERABILITY : " + ex);
}
}
}
//****************************************************************
// OSVDB
string myOSVDB = HelperGetChildInnerText(n, "osvdb");
if (myOSVDB != "")
{
//Check if the OSVDB reference already exists in the database
int osvdbID = 0;
var syn2 = from S in model.REFERENCE
where S.Source.Equals("OSVDB") &&
S.ReferenceTitle.Equals(myOSVDB)
select S;
REFERENCE RefJA = new REFERENCE();
if (syn2.Count() != 0)
{
//UPDATE
osvdbID = syn2.ToList().First().ReferenceID;
RefJA.ReferenceID = osvdbID;
RefJA.ReferenceURL = "http://osvdb.org/" + myOSVDB;
model.SaveChanges();
}
else
{
//Add the OSVDB Reference
RefJA.Source = "OSVDB";
RefJA.ReferenceTitle = myOSVDB;
RefJA.ReferenceURL = "http://osvdb.org/" + myOSVDB;
model.REFERENCE.Add(RefJA);
model.SaveChanges();
osvdbID = RefJA.ReferenceID;
}
//Check if the EXPLOITFORREFERENCE already exists in the database
var syn3 = from S in model.EXPLOITFORREFERENCE
where S.ExploitID.Equals(sploit.ExploitID) &&
S.ReferenceID.Equals(osvdbID)
select S;
if (syn3.Count() == 0)
{
EXPLOITFORREFERENCE sploitref = new EXPLOITFORREFERENCE();
sploitref.ExploitID = sploit.ExploitID;
sploitref.ReferenceID = osvdbID;
model.EXPLOITFORREFERENCE.Add(sploitref);
model.SaveChanges();
}
}
//****************************************************************
// BID
string myBID = HelperGetChildInnerText(n, "bid");
if (myBID != "")
{
//Check if the BID reference already exists in the database
int bidID = 0;
var syn2 = from S in model.REFERENCE
where S.Source.Equals("BID") &&
S.ReferenceTitle.Equals(myBID)
select S;
if (syn2.Count() != 0)
{
bidID = syn2.ToList().First().ReferenceID;
}
else
{
//Add the OSVDB Reference
REFERENCE RefJA = new REFERENCE();
RefJA.Source = "BID";
RefJA.ReferenceTitle = myBID;
RefJA.ReferenceURL = "http://securityfocus.com/bid/" + myBID;
model.REFERENCE.Add(RefJA);
model.SaveChanges();
bidID = RefJA.ReferenceID;
}
//Check if the EXPLOITFORREFERENCE already exists in the database
var syn3 = from S in model.EXPLOITFORREFERENCE
where S.ExploitID.Equals(sploit.ExploitID) &&
S.ReferenceID.Equals(bidID)
select S;
if (syn3.Count() == 0)
{
EXPLOITFORREFERENCE sploitref = new EXPLOITFORREFERENCE();
sploitref.ExploitID = sploit.ExploitID;
sploitref.ReferenceID = bidID;
model.EXPLOITFORREFERENCE.Add(sploitref);
model.SaveChanges();
}
}
//}
}
MessageBox.Show("FINISHED MISTER_X");
}
public void parse()
{
Assembly a;
a = Assembly.GetExecutingAssembly();
Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "Assembly location = " + a.Location);
// ===================================================
// Parses the XML Document and populates the database
// ===================================================
// Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "data = " + m_data);
XmlDocument doc = new XmlDocument();
//TODO: Input Validation (XML)
doc.LoadXml(m_data);
XORCISMEntities model;
model = new XORCISMEntities();
string query = "/netsparker/target"; //Hardcoded
XmlNode report;
report = doc.SelectSingleNode(query);
string ipAddress = string.Empty;
ipAddress = HelperGetChildInnerText(report, "url"); //Hardcoded
if (ipAddress.Substring(ipAddress.Length - 1, 1) == "/")
{
ipAddress = ipAddress.Substring(0, ipAddress.Length - 1);
}
Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", string.Format("Handling host with IP {0}", ipAddress));
// ===============================================
// If necessary, creates an asset in the database
// ===============================================
//TODO ipaddressIPv4
var myass = from ass in model.ASSET
where ass.ipaddressIPv4 == ipAddress //&& ass.AccountID == m_AccountID
select ass;
ASSET asset = myass.FirstOrDefault();
if (asset == null)
{
Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "Creates a new entry in table ASSET for this IP");
asset = new ASSET();
//asset.AccountID = m_AccountID;
asset.AssetName = ipAddress;
asset.AssetDescription = ipAddress;
//TODO ipaddressIPv4
asset.ipaddressIPv4 = ipAddress;
asset.Enabled = true;
//asset.JobID = m_JobId;
model.ASSET.Add(asset);
model.SaveChanges();
}
else
{
Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "This IP already corresponds to an existing asset");
}
Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "Creating ASSETINSESSION reference");
ASSETSESSION assinsess = new ASSETSESSION();
assinsess.AssetID = asset.AssetID;
assinsess.SessionID = model.JOB.Single(x => x.JobID == m_JobId).SessionID;
model.ASSETSESSION.Add(assinsess);
model.SaveChanges();
Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "Update JOB with ASSETINSESSIONID");
JOB daJob = model.JOB.Single(x => x.JobID == m_JobId);
daJob.AssetSessionID = assinsess.AssetSessionID;
model.SaveChanges();
Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "VULNERABILITIES FOUND");
query = "/netsparker"; //Hardcoded
report = doc.SelectSingleNode(query);
foreach (XmlNode n in report.ChildNodes)
{
//Hardcoded
if (n.Name.ToUpper() == "vulnerability".ToUpper() && n.ChildNodes != null && n.ChildNodes.Count > 0)
{
if (n.Attributes["confirmed"].InnerText == "True")
{
VulnerabilityEndPoint vulnerabilityEndPoint = new VulnerabilityEndPoint();
vulnerabilityEndPoint.IpAdress = ipAddress;
vulnerabilityEndPoint.Protocol = "TCP"; // "http"; //https ... A VOIR
vulnerabilityEndPoint.Port = 80; //443 ... A VOIR
VulnerabilityFound vulnerabilityFound = new VulnerabilityFound();
//vulnerabilityFound.ListItem = Helper_GetCVE(n);
vulnerabilityFound.InnerXml = n.OuterXml;
string url = HelperGetChildInnerText(n, "url");
vulnerabilityFound.Url = url;
if (url.ToLower().Contains("https://"))
{
vulnerabilityEndPoint.Port = 443;
}
Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", string.Format("Url: {0}", url));
//vulnerabilityFound.Type = HelperGetChildInnerText(n, "type");
vulnerabilityFound.Title = HelperGetChildInnerText(n, "type");
vulnerabilityFound.Description = HelperGetChildInnerText(n, "type");
vulnerabilityFound.Severity = HelperGetChildInnerText(n, "severity");
Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", string.Format("Severity: {0}", HelperGetChildInnerText(n, "severity")));
vulnerabilityFound.VulnerableParameterType = HelperGetChildInnerText(n, "vulnerableparametertype");
vulnerabilityFound.VulnerableParameter = HelperGetChildInnerText(n, "vulnerableparameter");
vulnerabilityFound.VulnerableParameterValue = HelperGetChildInnerText(n, "vulnerableparametervalue");
//rawrequest
//rawresponse
//extrainformation
// <info name="Found E-mails">[email protected]</info>
// <info name="Identified Internal Path(s)">/var/www/webscantest/vulnsite/picshare/upload.pl</info>
vulnerabilityFound.Consequence = HelperGetChildInnerText(n, "extrainformation");
bool PatchUpgrade = false;
string MSPatch = "";
/*
* <classification>
* <OWASP>A1</OWASP>
* <WASC>19</WASC>
* <CWE>89</CWE>
* <CAPEC>66</CAPEC>
* </classification>
*/
foreach (XmlNode classif in n.ChildNodes)
{
//Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "classif n.ChildNodes: " + classif.Name);
if (classif.Name.ToUpper() == "classification".ToUpper() && classif.ChildNodes != null && classif.ChildNodes.Count > 0)
{
Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "OWASP: " + HelperGetChildInnerText(classif, "OWASP"));
Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "WASC: " + HelperGetChildInnerText(classif, "WASC"));
Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "CWE: " + HelperGetChildInnerText(classif, "CWE"));
Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "CAPEC: " + HelperGetChildInnerText(classif, "CAPEC"));
}
}
int etat = VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, m_JobId, "netsparker", model);
if (etat == -1)
{
Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", string.Format("CANNOT IMPORT THIS ASSET !!!! "));
}
}
}
}
}
public void parse()
{
Assembly a;
a = Assembly.GetExecutingAssembly();
Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", "Assembly location = " + a.Location);
// ============================================
// Parse the Document and populate the database
// ============================================
XORCISMEntities model;
model = new XORCISMEntities();
string ipAddress;
ipAddress = "";
string protocol = "WWW"; //Hardcoded
int port = 80;
Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", string.Format("Handling host with IP {0}", ipAddress));
// =============================================
// If necessary, create an asset in the database
// =============================================
//TODO
var myass = from ass in model.ASSET
where ass.ipaddressIPv4 == ipAddress //&& ass.AccountID == m_AccountID
select ass;
ASSET asset = myass.FirstOrDefault();
if (asset == null)
{
Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", "Creates a new entry in table ASSET for this IP");
asset = new ASSET();
//asset.AccountID = m_AccountID;
asset.AssetName = ipAddress;
asset.AssetDescription = ipAddress;
asset.ipaddressIPv4 = ipAddress;
asset.Enabled = true;
//asset.JobID = m_JobId;
model.ASSET.Add(asset);
model.SaveChanges();
}
else
{
Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", "This IP already corresponds to an existing asset");
}
Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", "Creating ASSETINSESSION reference");
ASSETSESSION assinsess = new ASSETSESSION();
assinsess.AssetID = asset.AssetID;
assinsess.SessionID = model.JOB.Single(x => x.JobID == m_JobId).SessionID;
model.ASSETSESSION.Add(assinsess);
model.SaveChanges();
Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", "Update JOB with ASSETINSESSIONID");
JOB daJob = model.JOB.Single(x => x.JobID == m_JobId);
daJob.AssetSessionID = assinsess.AssetSessionID;
model.SaveChanges();
//**************************
StreamReader monStreamReader = new StreamReader("samples.js"); //Hardcoded
string curline = monStreamReader.ReadLine();
bool issue_samples = false;
int currentseverity = 0;
string curvulntype = "";
while (curline != null)
{
if (issue_samples)
{
if (curline.Contains("'url':"))
{
Console.WriteLine(curvulntype);
Console.WriteLine(vulntypeSkipfish(curvulntype));
curline = curline.Trim();
char[] splitter1 = { ',' };
string[] words1 = curline.Split(splitter1);
string vulnurl = words1[0].Replace("{ 'url': '", "");
vulnurl = vulnurl.Substring(0, vulnurl.Length - 1);
Console.WriteLine(vulnurl);
string vulnparam = words1[1].Replace("'extra': '", "");
vulnparam = vulnparam.Substring(0, vulnparam.Length - 1).Trim();
Console.WriteLine(vulnparam);
string vulninfodir = words1[2].Replace("'dir': '", "");
vulninfodir = vulninfodir.Replace("' } ]", "");
vulninfodir = vulninfodir.Replace("' }", "").Trim();
Console.WriteLine(vulninfodir);
if (currentseverity > 0)
{
VulnerabilityEndPoint vulnerabilityEndPoint = new VulnerabilityEndPoint();
vulnerabilityEndPoint.IpAdress = ipAddress;
vulnerabilityEndPoint.Protocol = protocol;
vulnerabilityEndPoint.Port = port;
VulnerabilityFound vulnerabilityFound = new VulnerabilityFound();
//vulnerabilityFound.PatchUpgrade = PatchUpgrade;
//vulnerabilityFound.MSPatch = MSPatch;
vulnerabilityFound.Title = vulntypeSkipfish(curvulntype);
vulnerabilityFound.Severity = currentseverity.ToString();
vulnerabilityFound.Url = vulnurl;
//vulnerabilityFound.rawrequest= vulninfodir+"/request.dat";
//vulnerabilityFound.rawresponse= vulninfodir+"/response.dat";
vulnerabilityFound.Result = vulnparam;
// ===========
// Persistance
// ===========
Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", string.Format("Persistance [{0}] [{1}] [{2}]", protocol, port, Helper_ListCVEToString(vulnerabilityFound.ListItem)));
int etat = VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, m_JobId, "skipfish", model);
if (etat == -1)
{
Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", string.Format("CANNOT IMPORT THIS ASSET !!!! "));
}
}
else
{
//TODO
/*
* //severity=0
* INFORMATION myinfo = new INFORMATION();
* myinfo.Title = vulntypeSkipfish(curvulntype);
* myinfo.Severity = currentseverity.ToString();
* myinfo.Url = vulnurl;
* //myinfo.rawrequest= vulninfodir+"/request.dat";
* //myinfo.rawresponse= vulninfodir+"/response.dat";
* myinfo.Result = vulnparam;
* myinfo.JobID = m_JobId;
*
* model.AddToINFORMATION(myinfo);
* model.SaveChanges();
*/
}
}
}
if (curline.Contains("'severity': 4"))
{
currentseverity = 4;
char[] splitter1 = { ',' };
string[] words1 = curline.Split(splitter1);
curvulntype = words1[1].Replace(" 'type': ", "");
}
if (curline.Contains("'severity': 3"))
{
currentseverity = 3;
char[] splitter1 = { ',' };
string[] words1 = curline.Split(splitter1);
curvulntype = words1[1].Replace(" 'type': ", "");
}
if (curline.Contains("'severity': 2"))
{
currentseverity = 2;
char[] splitter1 = { ',' };
string[] words1 = curline.Split(splitter1);
curvulntype = words1[1].Replace(" 'type': ", "");
}
if (curline.Contains("'severity': 1"))
{
currentseverity = 1;
char[] splitter1 = { ',' };
string[] words1 = curline.Split(splitter1);
curvulntype = words1[1].Replace(" 'type': ", "");
}
if (curline.Contains("'severity': 0"))
{
currentseverity = 0;
char[] splitter1 = { ',' };
string[] words1 = curline.Split(splitter1);
curvulntype = words1[1].Replace(" 'type': ", "");
}
//Where am I?
if (curline.Contains("var issue_samples"))
{
issue_samples = true;
/*
* ligne = ligne.Trim();
* char[] splitter1 = { ' ' };
* string[] words1 = ligne.Split(splitter1);
*
* cmd1 = "./msfcli " + words1[0].Trim() + " T";
*/
}
curline = monStreamReader.ReadLine();
}
monStreamReader.Close();
// A VOIR
// VulnerabilityPersistor.UpdateVulnerabilityJob(list_vulnerabilyFound,m_JobId,m_model);
}
public void Run(string target, int jobID, string policy, string Strategy)
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Entering Run()");
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Target = {0} , JobID = {1} , Policy = {2}", target, jobID, policy));
Assembly a;
a = Assembly.GetExecutingAssembly();
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Assembly location = " + a.Location);
// ==============
// Launch the job
// ==============
#region With VoIPScanner
const string username = "******"; //TODO Hardcoded
//string username = ConfigurationManager.AppSettings["VOIPSCANNER_USERNAME"];
const string key = "1943e197-0zae-4bxc-xd18-12345";
//string key = ConfigurationManager.AppSettings["VOIPSCANNER_KEY"];
// const string baseurl = "https://voipscanner.com/voipscanner/voipscannerxmlrpc/handle";
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("UserName = {0} , Key = {1}", username, key));
XmlRpcStruct Xtarget = new XmlRpcStruct();
XORCISMEntities model;
model = new XORCISMEntities();
Dictionary <string, object> parameters;
var q = from x in model.JOB
where x.JobID == jobID
select x.Parameters;
try
{
byte[] buffer;
buffer = q.First();
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Size of parameters = {0} bytes", buffer.Length));
MemoryStream ms;
ms = new MemoryStream(buffer);
BinaryFormatter bf;
bf = new BinaryFormatter();
parameters = (Dictionary <string, object>)bf.Deserialize(ms);
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Error while deserializing parameters : Exception = {0}", ex.Message));
return;
}
string Sip;
Sip = (string)parameters["SIP"];
string Extrange;
Extrange = (string)parameters["EXTRANGE"];
try
{
Xtarget.Add("hostname", target);
if (string.IsNullOrEmpty(Sip) == false)
{
Xtarget.Add("sipport", Sip);
}
if (string.IsNullOrEmpty(Extrange) == false)
{
Xtarget.Add("extrange", Extrange);
}
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Exception = {0}", ex.Message));
// Que faire ?
}
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Target = {0}", target));
IToto proxy = XmlRpcProxyGen.Create <IToto>();
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Proxy = {0}", proxy));
Tracer tracer = new Tracer();
tracer.Attach(proxy);
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Param Okay");
string[] res = null;
try
{
res = proxy.scan(username, key, Xtarget);
}
catch (XmlRpcFaultException fex)
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Fault Response: {0} {1}", fex.FaultCode, fex.FaultString));
}
string scanuid = string.Empty;
if (res[0] == "Success")
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Success 1");
scanuid = res[1];
}
else
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Fail 1: {0}", res[0]));
}
// ===================
// Wait for completion
// ===================
XmlRpcStruct scanparams = new XmlRpcStruct();
scanparams.Add("scanuid", scanuid);
scanparams.Add("pretty", true);
scanparams.Add("documented", true);
// target.Add("upperBound", 139);
bool finished = false;
string xml = string.Empty;
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Waiting 45 seconds...");
Thread.Sleep(45000); //Hardcoded
while (finished == false)
{
try
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Trying to get results");
res = proxy.getresultsxml(username, key, scanparams);
}
catch (XmlRpcFaultException fex)
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Fault Response: {0} {1}", fex.FaultCode, fex.FaultString));
}
if (res[0] == "Success")
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Success 2");
xml = res[1];
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "res=" + xml);
finished = true;
}
else
{
//Wait
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Fail 2: {0}", res[0]));
// return null;
Thread.Sleep(30000);
}
}
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Results successfully downloaded");
XmlDocument doc;
doc = new XmlDocument();
try
{
//TODO XML Validation
doc.LoadXml(xml);
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("LoadXmlException = {0}", ex.Message));
// Que faire ?
}
#endregion
#region Without VoIPScanner
/*
* XmlDocument doc = new XmlDocument();
* doc.Load(@"c:\VoIPScanner.xml");
*/
#endregion
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Parsing the results");
VoIPScannerParser parser = new VoIPScannerParser(doc, jobID);
parser.parse();
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Using svmap.py from sipvicious");
string address = "111.222.333.444"; //TODO Hardcoded
//string username = "******";
string password = "******";
string prompt = "root";
SshShell sshShell;
sshShell = new SshShell(address, "root", password);
sshShell.RemoveTerminalEmulationCharacters = true;
Utils.Helper_Trace("XORCISM PROVIDER SIPVICIOUS", string.Format("JobID: {0} Connecting to SIPVICIOUS server at {1}", jobID, address));
try
{
sshShell.Connect(22);
//sshShell.Expect(prompt+"~#");
sshShell.Expect(prompt);// + "~$");
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER SIPVICIOUS", string.Format("JobID: {0} ConnectingERROR to SIPVICIOUS server at {1} : " + ex.Message + " " + ex.InnerException, jobID, address));
}
string cmd1 = "cd /home/root/tools/sipvicious/"; //Hardcoded
sshShell.WriteLine(cmd1);
Thread.Sleep(1000); //Hardcoded
string stdout = sshShell.Expect(prompt);
Utils.Helper_Trace("XORCISM PROVIDER SIPVICIOUS", string.Format("JobID: {0} START DUMP STDOUT01", jobID));
Utils.Helper_Trace("XORCISM PROVIDER SIPVICIOUS", stdout);
Thread.Sleep(1000);
sshShell.WriteLine("./svmap.py " + target); //Hardcoded
Thread.Sleep(30000); //Hardcoded
stdout = sshShell.Expect(prompt);
Utils.Helper_Trace("XORCISM PROVIDER SIPVICIOUS", string.Format("JobID: {0} START DUMP STDOUT02", jobID));
Utils.Helper_Trace("XORCISM PROVIDER SIPVICIOUS", stdout);
//TODO
/*
* INFORMATION myInformation = new INFORMATION();
* //VulnerabilityFound vulnerabilityFound = new VulnerabilityFound();
* myInformation.EndPointID = theEndPointID;
* myInformation.JobID = m_jobId;
* //vulnerabilityFound.ListItem = Helper_GetCVE(n);
* //vulnerabilityFound.ListReference = Helper_GetREFERENCE(n); //TODO: Helper_GetCVE and Helper_GetREFERENCE could be mixed for only 1 parsing
* //vulnerabilityFound.InnerXml = n.OuterXml;
*
* myInformation.Description = HelperGetChildInnerText(n, "DIAGNOSIS");
* myInformation.Solution = HelperGetChildInnerText(n, "SOLUTION");
* myInformation.Severity = n.Attributes["severity"].Value;
* myInformation.Consequence = HelperGetChildInnerText(n, "CONSEQUENCE");
* myInformation.Result = HelperGetChildInnerText(n, "RESULT");
* myInformation.ModifiedDate = DateTime.Parse(HelperGetChildInnerText(n, "LAST_UPDATE"));
* if (HelperGetChildInnerText(n, "PCI_FLAG") == "1")
* {
* myInformation.PCI_FLAG = true;
* }
* myInformation.Title = "";
*
* model.AddToINFORMATION(myInformation);
* model.SaveChanges();
*/
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", "Update job status to FINISHED");
var j = from xJob in model.JOB
where xJob.JobID == jobID
select xJob;
JOB J = j.FirstOrDefault();
J.Status = XCommon.STATUS.FINISHED.ToString();
model.SaveChanges();
//FREE MEMORY
parser = null;
J = null;
model.Dispose();
Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Leaving Run()"));
}
//public NessusParser(string data, int AccountID, int jobid)
public NessusParser(string target, int jobID, string policy, string strategy)
{
string Url = "https://CHANGEME.svc.nessus.org"; //HARDCODED
Stream stream;
long seqint = DateTime.Now.Ticks;
string snessus = "[email protected]&password=changeme&seq=" + seqint; //TODO Hardcoded
byte[] buffer;
buffer = Encoding.UTF8.GetBytes(snessus);
HttpWebRequest req;
req = (HttpWebRequest)WebRequest.Create(Url + "/login"); //Hardcoded
////ServicePointManager.CertificatePolicy = new AcceptAllCertificatePolicy();
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);
req.Method = "POST";
req.ContentLength = buffer.Length;
req.ContentType = "application/x-www-form-urlencoded";
stream = req.GetRequestStream();
stream.Write(buffer, 0, buffer.Length);
stream.Close();
HttpWebResponse resp;
resp = (HttpWebResponse)req.GetResponse();
StreamReader SR = new StreamReader(resp.GetResponseStream());
string ResponseTextNessus = SR.ReadToEnd();
XmlDocument docnessus = new XmlDocument();
//Console.WriteLine("DEBUG ResponseTextNessus="+ResponseTextNessus);
Utils.Helper_Trace("XORCISM PROVIDER NESSUS SCAN", "JobID:" + jobID + " LoginResponse: " + ResponseTextNessus);
string mytoken = string.Empty;
string patterntoken = "<token>(.*?)</token>"; //Hardcoded
MatchCollection matchestoken = Regex.Matches(ResponseTextNessus, patterntoken);
foreach (Match match in matchestoken)
{
mytoken = match.Value.Replace("<token>", "").Replace("</token>", "");
//Console.WriteLine(mytoken);
Utils.Helper_Trace("XORCISM PROVIDER NESSUS SCAN", "JobID:" + jobID + " token: " + mytoken);
}
//***************************************************************************************************************
//List the policies
//***************************************************************************************************************
/*
*
*/
//return;
//***************************************************************************************************************
//Launches the scan
//***************************************************************************************************************
XORCISMEntities model;
model = new XORCISMEntities();
var sessionidjob = from j in model.JOB
where j.JobID == jobID
select j.SessionID;
int sessidjob = (int)sessionidjob.FirstOrDefault();
var servicecat = from s in model.SESSION
where s.SessionID == sessidjob
select s.ServiceCategoryID;
string servicecategory = servicecat.FirstOrDefault().ToString();
string MyPolicy;
MyPolicy = string.Empty;
//HARDCODED
if (servicecategory == "1")
{
MyPolicy = "1"; //Perimeter Scan (fast)
}
else
{
MyPolicy = "3"; //Web App Tests
}
switch (policy)
{
case "Normal":
//MyPolicy = "network-audit";
break;
case "Moderate":
//MyPolicy = "full-audit";
break;
case "Intrusive":
//MyPolicy = "exhaustive-audit";
if (servicecategory == "1")
{
MyPolicy = "2"; //Perimeter Scan (exhaustive)
}
else
{
MyPolicy = "4"; //Web App Tests (exhaustive)
}
break;
case "Pentest":
//MyPolicy = "pentest-audit";
if (servicecategory == "1")
{
MyPolicy = "2"; //Perimeter Scan (exhaustive)
}
else
{
MyPolicy = "4"; //Web App Tests (exhaustive)
}
break;
case "Web":
//MyPolicy = "web-audit"; //internet-audit
if (servicecategory == "1")
{
MyPolicy = "2"; //Perimeter Scan (exhaustive)
}
else
{
MyPolicy = "4"; //Web App Tests (exhaustive)
}
break;
/*
* case "PCI DSS":
* MyPolicy = "pci-audit";
* break;
* case "HIPAA":
* MyPolicy = "hipaa-audit";
* break;
* case "SOX":
* MyPolicy = "sox-audit";
* break;
* case "SCADA":
* MyPolicy = "scada";
* break;
*/
default:
//MyPolicy = "network-audit";
break;
//pentest-audit
//discovery
//aggressive-discovery
//dos-audit
}
seqint = DateTime.Now.Ticks;
snessus = "target=" + target + "&scan_name=" + seqint + "&seq=" + seqint + "&token=" + mytoken + "&policy_id=" + MyPolicy; //Hardcoded
buffer = Encoding.UTF8.GetBytes(snessus);
req = (HttpWebRequest)WebRequest.Create(Url + "/scan/new"); //Hardcoded
////ServicePointManager.CertificatePolicy = new AcceptAllCertificatePolicy();
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);
req.Method = "POST";
req.ContentLength = buffer.Length;
req.ContentType = "application/x-www-form-urlencoded";
stream = req.GetRequestStream();
stream.Write(buffer, 0, buffer.Length);
stream.Close();
resp = (HttpWebResponse)req.GetResponse();
SR = new StreamReader(resp.GetResponseStream());
ResponseTextNessus = SR.ReadToEnd();
docnessus = new XmlDocument();
//Console.WriteLine(ResponseTextNessus);
/*
*
*/
/*
* docnessus.Load(ResponseTextNessus);
*
* Utils.Helper_Trace("XORCISM PROVIDER NESSUS SCAN", string.Format("NewScanResponse received : {0}", docnessus.OuterXml));
* Console.WriteLine("DEBUG="+docnessus.OuterXml);
*/
//***************************************************************************************************************
//List the running scans
//***************************************************************************************************************
//get the uuid of the scan with the 1st request
Thread.Sleep(30000); //Hardcoded
// seqint = DateTime.Now.Ticks;
snessus = "&token=" + mytoken;
buffer = Encoding.UTF8.GetBytes(snessus);
req = (HttpWebRequest)WebRequest.Create(Url + "/scan/list"); //Hardcoded
////ServicePointManager.CertificatePolicy = new AcceptAllCertificatePolicy();
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);
req.Method = "POST";
req.ContentLength = buffer.Length;
req.ContentType = "application/x-www-form-urlencoded";
stream = req.GetRequestStream();
stream.Write(buffer, 0, buffer.Length);
stream.Close();
resp = (HttpWebResponse)req.GetResponse();
SR = new StreamReader(resp.GetResponseStream());
ResponseTextNessus = SR.ReadToEnd();
//Search the order of the current scan
patterntoken = "<readableName>(.*?)</readableName>";
matchestoken = Regex.Matches(ResponseTextNessus, patterntoken);
string scanmatch = string.Empty;
int scanorder = 0;
int myscanorder = 0;
foreach (Match match in matchestoken)
{
scanorder++;
scanmatch = match.Value.Replace("<readableName>", "").Replace("</readableName>", "");
if (scanmatch == seqint.ToString())
{
myscanorder = scanorder;
}
}
patterntoken = "<uuid>(.*?)</uuid>";
matchestoken = Regex.Matches(ResponseTextNessus, patterntoken);
string scanuuid = string.Empty;
scanorder = 0;
foreach (Match match in matchestoken)
{
scanorder++;
if (scanorder == myscanorder)
{
scanmatch = match.Value.Replace("<uuid>", "").Replace("</uuid>", "");
scanuuid = scanmatch;
}
}
//Wait until the scan is completed
//TODO: optimize this
bool scanfinished = false;
while (scanfinished != true)
{
//Console.WriteLine("XORCISM PROVIDER NESSUS SCAN", string.Format("Polling..."));
Utils.Helper_Trace("XORCISM PROVIDER NESSUS SCAN", "Jobid=" + jobID + " Polling...");
Thread.Sleep(30000);
// seqint = DateTime.Now.Ticks;
snessus = "&token=" + mytoken;
buffer = Encoding.UTF8.GetBytes(snessus);
req = (HttpWebRequest)WebRequest.Create(Url + "/scan/list"); //Hardcoded
////ServicePointManager.CertificatePolicy = new AcceptAllCertificatePolicy();
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);
req.Method = "POST";
req.ContentLength = buffer.Length;
req.ContentType = "application/x-www-form-urlencoded";
stream = req.GetRequestStream();
stream.Write(buffer, 0, buffer.Length);
stream.Close();
resp = (HttpWebResponse)req.GetResponse();
SR = new StreamReader(resp.GetResponseStream());
ResponseTextNessus = SR.ReadToEnd();
if (ResponseTextNessus.Contains(seqint.ToString()))
{
}
else
{
scanfinished = true;
}
}
//Console.WriteLine("NESSUS SCAN FINISHED");
Utils.Helper_Trace("XORCISM PROVIDER NESSUS SCAN", "Jobid=" + jobID + " NESSUS SCAN FINISHED");
//***************************************************************************************************************
//List the reports
//***************************************************************************************************************
// seqint = DateTime.Now.Ticks;
snessus = "&token=" + mytoken;
buffer = Encoding.UTF8.GetBytes(snessus);
req = (HttpWebRequest)WebRequest.Create(Url + "/report/list"); //Hardcoded
////ServicePointManager.CertificatePolicy = new AcceptAllCertificatePolicy();
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);
req.Method = "POST";
req.ContentLength = buffer.Length;
req.ContentType = "application/x-www-form-urlencoded";
stream = req.GetRequestStream();
stream.Write(buffer, 0, buffer.Length);
stream.Close();
resp = (HttpWebResponse)req.GetResponse();
SR = new StreamReader(resp.GetResponseStream());
ResponseTextNessus = SR.ReadToEnd();
docnessus = new XmlDocument();
//***************************************************************************************************************
//Downloads the report
//***************************************************************************************************************
// seqint = DateTime.Now.Ticks;
snessus = "&token=" + mytoken;
buffer = Encoding.UTF8.GetBytes(snessus);
req = (HttpWebRequest)WebRequest.Create(Url + "/file/report/download/?report=" + scanuuid); //Hardcoded
////ServicePointManager.CertificatePolicy = new AcceptAllCertificatePolicy();
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);
req.Method = "POST";
req.ContentLength = buffer.Length;
req.ContentType = "application/x-www-form-urlencoded";
stream = req.GetRequestStream();
stream.Write(buffer, 0, buffer.Length);
stream.Close();
resp = (HttpWebResponse)req.GetResponse();
SR = new StreamReader(resp.GetResponseStream());
ResponseTextNessus = SR.ReadToEnd();
//docnessus = new XmlDocument();
//Console.WriteLine(ResponseTextNessus);
StreamWriter monStreamWriter = new StreamWriter("nessus_report" + seqint + ".nessus");
monStreamWriter.Write(ResponseTextNessus);
monStreamWriter.Close();
Utils.Helper_Trace("XORCISM PROVIDER NESSUS SCAN", "JobID:" + jobID + " Result saved in nessus_report" + seqint + ".nessus");
string data = ResponseTextNessus;
Utils.Helper_Trace("XORCISM PROVIDER NESSUS SCAN", "JobID:" + jobID + " data=" + data);
//***************************************************************************************************************
//Logout
//***************************************************************************************************************
seqint = DateTime.Now.Ticks;
snessus = "token=" + mytoken;
buffer = Encoding.UTF8.GetBytes(snessus);
req = (HttpWebRequest)WebRequest.Create(Url + "/logout"); //Hardcoded
////ServicePointManager.CertificatePolicy = new AcceptAllCertificatePolicy();
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);
req.Method = "POST";
//req.Headers.Add("Cookie", "token=" + mytoken);
req.ContentLength = buffer.Length;
req.ContentType = "application/x-www-form-urlencoded";
stream = req.GetRequestStream();
stream.Write(buffer, 0, buffer.Length);
stream.Close();
resp = (HttpWebResponse)req.GetResponse();
SR = new StreamReader(resp.GetResponseStream());
ResponseTextNessus = SR.ReadToEnd();
//Console.WriteLine("LogoutResponse=" + ResponseTextNessus);
Utils.Helper_Trace("XORCISM PROVIDER NESSUS SCAN", "Jobid=" + jobID + " LogoutResponse=" + ResponseTextNessus);
m_data = data;
m_JobId = jobID;
}
static void Main()
{
//Application.EnableVisualStyles();
//Application.SetCompatibleTextRenderingDefault(false);
//Application.Run(new Form1());
//https://raw.github.com/vz-risk/veris/master/verisc-enum.json
try
{
WebClient wc = new WebClient();
Console.WriteLine("Downloading verisc-enum.json");
wc.DownloadFile("https://raw.github.com/vz-risk/veris/master/verisc-enum.json", "C:/nvdcve/verisc-enum.json"); //HARDCODED
//
wc.Dispose();
//Console.WriteLine("Download is completed", "info", MessageBoxButtons.OK, MessageBoxIcon.Question, MessageBoxDefaultButton.Button1);
}
catch (Exception ex)
{
Console.WriteLine("Error while downloading\n" + ex.Message + " " + ex.InnerException);
}
// create reader & open file
StreamReader tr = new StreamReader(@"C:\nvdcve\verisc-enum.json"); //HARDCODED
// read the file
string verisenum = tr.ReadToEnd();
//Console.WriteLine(verisenum);
// close the stream
tr.Close();
XORCISMEntities model = new XORCISMEntities();
XTHREATEntities threat_model = new XTHREATEntities();
JsonObject jobj = (JsonObject)JsonConvert.Import(verisenum);
JsonArray jarray = new JsonArray();
foreach (string loc in jobj.Names)
{
//Console.WriteLine(loc);
switch (loc)
{
case "security_compromise":
break;
case "confidence":
break;
case "victim":
//Console.WriteLine(Convert.ToString(((JsonObject)jobj[loc])["employee_count"]));
jarray = (JsonArray)((JsonObject)jobj[loc])["employee_count"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
//Console.WriteLine(Convert.ToString(jarray[cpt]));
}
break;
case "actor":
break;
case "action":
//Console.WriteLine(Convert.ToString(((JsonObject)jobj[loc])["malware"]));
//************* MALWARE **************************
JsonObject jobj2 = (JsonObject)JsonConvert.Import(Convert.ToString(((JsonObject)jobj[loc])["malware"]));
foreach (string loc2 in jobj2.Names)
{
//Console.WriteLine(loc2);
//variety
//vector
switch (loc2)
{
case "variety":
jarray = (JsonArray)(jobj2)["variety"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVarietyName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVarietyName);
//ThreatActionCategoryID=1 //malware
XTHREATModel.THREATACTIONVARIETY tactionvariety = new THREATACTIONVARIETY();
tactionvariety = threat_model.THREATACTIONVARIETY.FirstOrDefault(o => o.ThreatActionCategoryID == 1 && o.ThreatActionVarietyName == sThreatActionVarietyName);
if (tactionvariety == null)
{
tactionvariety = new THREATACTIONVARIETY();
tactionvariety.ThreatActionCategoryID = 1; //malware
tactionvariety.ThreatActionVarietyName = sThreatActionVarietyName;
threat_model.THREATACTIONVARIETY.Add(tactionvariety);
threat_model.SaveChanges();
}
}
break;
case "vector":
jarray = (JsonArray)(jobj2)["vector"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVectorName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVectorName);
//ThreatActionCategoryID=1 //malware
XTHREATModel.THREATACTIONVECTOR tactionvector = new THREATACTIONVECTOR();
tactionvector = threat_model.THREATACTIONVECTOR.FirstOrDefault(o => o.ThreatActionCategoryID == 1 && o.ThreatActionVectorName == sThreatActionVectorName);
if (tactionvector == null)
{
tactionvector = new THREATACTIONVECTOR();
tactionvector.ThreatActionCategoryID = 1; //malware
tactionvector.ThreatActionVectorName = sThreatActionVectorName;
threat_model.THREATACTIONVECTOR.Add(tactionvector);
threat_model.SaveChanges();
}
}
break;
default:
Console.WriteLine("ERROR " + loc2 + " is unknown for action.malware");
break;
}
}
//************* HACKING **************************
jobj2 = (JsonObject)JsonConvert.Import(Convert.ToString(((JsonObject)jobj[loc])["hacking"]));
foreach (string loc2 in jobj2.Names)
{
//Console.WriteLine(loc2);
//variety
//vector
switch (loc2)
{
case "variety":
jarray = (JsonArray)(jobj2)["variety"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVarietyName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVarietyName);
//ThreatActionCategoryID=2 //hacking
XTHREATModel.THREATACTIONVARIETY tactionvariety = new THREATACTIONVARIETY();
tactionvariety = threat_model.THREATACTIONVARIETY.FirstOrDefault(o => o.ThreatActionCategoryID == 2 && o.ThreatActionVarietyName == sThreatActionVarietyName);
if (tactionvariety == null)
{
tactionvariety = new THREATACTIONVARIETY();
tactionvariety.ThreatActionCategoryID = 2; //hacking
tactionvariety.ThreatActionVarietyName = sThreatActionVarietyName;
threat_model.THREATACTIONVARIETY.Add(tactionvariety);
threat_model.SaveChanges();
}
}
break;
case "vector":
jarray = (JsonArray)(jobj2)["vector"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVectorName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVectorName);
//ThreatActionCategoryID=2 //hacking
XTHREATModel.THREATACTIONVECTOR tactionvector = new THREATACTIONVECTOR();
tactionvector = threat_model.THREATACTIONVECTOR.FirstOrDefault(o => o.ThreatActionCategoryID == 2 && o.ThreatActionVectorName == sThreatActionVectorName);
if (tactionvector == null)
{
tactionvector = new THREATACTIONVECTOR();
tactionvector.ThreatActionCategoryID = 2; //hacking
tactionvector.ThreatActionVectorName = sThreatActionVectorName;
threat_model.THREATACTIONVECTOR.Add(tactionvector);
threat_model.SaveChanges();
}
}
break;
default:
Console.WriteLine(loc2 + " is unknown for action.hacking");
break;
}
}
//************* SOCIAL **************************
jobj2 = (JsonObject)JsonConvert.Import(Convert.ToString(((JsonObject)jobj[loc])["social"]));
foreach (string loc2 in jobj2.Names)
{
//Console.WriteLine(loc2);
//variety
//vector
switch (loc2)
{
case "variety":
jarray = (JsonArray)(jobj2)["variety"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVarietyName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVarietyName);
//ThreatActionCategoryID=3 //social
XTHREATModel.THREATACTIONVARIETY tactionvariety = new THREATACTIONVARIETY();
tactionvariety = threat_model.THREATACTIONVARIETY.FirstOrDefault(o => o.ThreatActionCategoryID == 3 && o.ThreatActionVarietyName == sThreatActionVarietyName);
if (tactionvariety == null)
{
tactionvariety = new THREATACTIONVARIETY();
tactionvariety.ThreatActionCategoryID = 3; //social
tactionvariety.ThreatActionVarietyName = sThreatActionVarietyName;
threat_model.THREATACTIONVARIETY.Add(tactionvariety);
threat_model.SaveChanges();
}
}
break;
case "vector":
jarray = (JsonArray)(jobj2)["vector"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVectorName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVectorName);
//ThreatActionCategoryID=3 //social
XTHREATModel.THREATACTIONVECTOR tactionvector = new THREATACTIONVECTOR();
tactionvector = threat_model.THREATACTIONVECTOR.FirstOrDefault(o => o.ThreatActionCategoryID == 3 && o.ThreatActionVectorName == sThreatActionVectorName);
if (tactionvector == null)
{
tactionvector = new THREATACTIONVECTOR();
tactionvector.ThreatActionCategoryID = 3; //social
tactionvector.ThreatActionVectorName = sThreatActionVectorName;
threat_model.THREATACTIONVECTOR.Add(tactionvector);
threat_model.SaveChanges();
}
}
break;
case "target":
jarray = (JsonArray)(jobj2)["target"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionTargetName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionTargetName);
//ThreatActionCategoryID=3 //social
XTHREATModel.THREATACTIONTARGET tactiontarget = new THREATACTIONTARGET();
tactiontarget = threat_model.THREATACTIONTARGET.FirstOrDefault(o => o.ThreatActionCategoryID == 3 && o.ThreatActionTargetName == sThreatActionTargetName);
if (tactiontarget == null)
{
tactiontarget = new THREATACTIONTARGET();
tactiontarget.ThreatActionCategoryID = 3; //social
tactiontarget.ThreatActionTargetName = sThreatActionTargetName;
threat_model.THREATACTIONTARGET.Add(tactiontarget);
threat_model.SaveChanges();
}
}
break;
default:
Console.WriteLine(loc2 + " is unknown for action.social");
break;
}
}
//************* SOCIAL **************************
jobj2 = (JsonObject)JsonConvert.Import(Convert.ToString(((JsonObject)jobj[loc])["social"]));
foreach (string loc2 in jobj2.Names)
{
//Console.WriteLine(loc2);
//variety
//vector
switch (loc2)
{
case "variety":
jarray = (JsonArray)(jobj2)["variety"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVarietyName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVarietyName);
//ThreatActionCategoryID=3 //social
XTHREATModel.THREATACTIONVARIETY tactionvariety = new THREATACTIONVARIETY();
tactionvariety = threat_model.THREATACTIONVARIETY.FirstOrDefault(o => o.ThreatActionCategoryID == 3 && o.ThreatActionVarietyName == sThreatActionVarietyName);
if (tactionvariety == null)
{
tactionvariety = new THREATACTIONVARIETY();
tactionvariety.ThreatActionCategoryID = 3; //social
tactionvariety.ThreatActionVarietyName = sThreatActionVarietyName;
threat_model.THREATACTIONVARIETY.Add(tactionvariety);
threat_model.SaveChanges();
}
}
break;
case "vector":
jarray = (JsonArray)(jobj2)["vector"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVectorName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVectorName);
//ThreatActionCategoryID=3 //social
XTHREATModel.THREATACTIONVECTOR tactionvector = new THREATACTIONVECTOR();
tactionvector = threat_model.THREATACTIONVECTOR.FirstOrDefault(o => o.ThreatActionCategoryID == 3 && o.ThreatActionVectorName == sThreatActionVectorName);
if (tactionvector == null)
{
tactionvector = new THREATACTIONVECTOR();
tactionvector.ThreatActionCategoryID = 3; //social
tactionvector.ThreatActionVectorName = sThreatActionVectorName;
threat_model.THREATACTIONVECTOR.Add(tactionvector);
threat_model.SaveChanges();
}
}
break;
default:
Console.WriteLine(loc2 + " is unknown for action.social");
break;
}
}
//************* MISUSE **************************
jobj2 = (JsonObject)JsonConvert.Import(Convert.ToString(((JsonObject)jobj[loc])["misuse"]));
foreach (string loc2 in jobj2.Names)
{
//Console.WriteLine(loc2);
//variety
//vector
switch (loc2)
{
case "variety":
jarray = (JsonArray)(jobj2)["variety"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVarietyName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVarietyName);
//ThreatActionCategoryID=4 //misuse
XTHREATModel.THREATACTIONVARIETY tactionvariety = new THREATACTIONVARIETY();
tactionvariety = threat_model.THREATACTIONVARIETY.FirstOrDefault(o => o.ThreatActionCategoryID == 4 && o.ThreatActionVarietyName == sThreatActionVarietyName);
if (tactionvariety == null)
{
tactionvariety = new THREATACTIONVARIETY();
tactionvariety.ThreatActionCategoryID = 4; //misuse
tactionvariety.ThreatActionVarietyName = sThreatActionVarietyName;
threat_model.THREATACTIONVARIETY.Add(tactionvariety);
threat_model.SaveChanges();
}
}
break;
case "vector":
jarray = (JsonArray)(jobj2)["vector"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVectorName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVectorName);
//ThreatActionCategoryID=4 //misuse
XTHREATModel.THREATACTIONVECTOR tactionvector = new THREATACTIONVECTOR();
tactionvector = threat_model.THREATACTIONVECTOR.FirstOrDefault(o => o.ThreatActionCategoryID == 4 && o.ThreatActionVectorName == sThreatActionVectorName);
if (tactionvector == null)
{
tactionvector = new THREATACTIONVECTOR();
tactionvector.ThreatActionCategoryID = 4; //misuse
tactionvector.ThreatActionVectorName = sThreatActionVectorName;
threat_model.THREATACTIONVECTOR.Add(tactionvector);
threat_model.SaveChanges();
}
}
break;
default:
Console.WriteLine(loc2 + " is unknown for action.misuse");
break;
}
}
//************* PHYSICAL **************************
jobj2 = (JsonObject)JsonConvert.Import(Convert.ToString(((JsonObject)jobj[loc])["physical"]));
foreach (string loc2 in jobj2.Names)
{
//Console.WriteLine(loc2);
//variety
//vector
switch (loc2)
{
case "variety":
jarray = (JsonArray)(jobj2)["variety"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVarietyName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVarietyName);
//ThreatActionCategoryID=5 //physical
XTHREATModel.THREATACTIONVARIETY tactionvariety = new THREATACTIONVARIETY();
tactionvariety = threat_model.THREATACTIONVARIETY.FirstOrDefault(o => o.ThreatActionCategoryID == 5 && o.ThreatActionVarietyName == sThreatActionVarietyName);
if (tactionvariety == null)
{
tactionvariety = new THREATACTIONVARIETY();
tactionvariety.ThreatActionCategoryID = 5; //physical
tactionvariety.ThreatActionVarietyName = sThreatActionVarietyName;
threat_model.THREATACTIONVARIETY.Add(tactionvariety);
threat_model.SaveChanges();
}
}
break;
case "location":
jarray = (JsonArray)(jobj2)["location"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionLocationName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionLocationName);
//ThreatActionCategoryID=5 //physical
XTHREATModel.THREATACTIONLOCATION tactionlocation = new THREATACTIONLOCATION();
tactionlocation = threat_model.THREATACTIONLOCATION.FirstOrDefault(o => o.ThreatActionLocationName == sThreatActionLocationName);
if (tactionlocation == null)
{
tactionlocation = new THREATACTIONLOCATION();
//tactionlocation.ThreatActionCategoryID = 5; //physical
tactionlocation.ThreatActionLocationName = sThreatActionLocationName;
threat_model.THREATACTIONLOCATION.Add(tactionlocation);
threat_model.SaveChanges();
}
}
break;
case "vector":
jarray = (JsonArray)(jobj2)["vector"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVectorName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVectorName);
//ThreatActionCategoryID=5 //physical
XTHREATModel.THREATACTIONVECTOR tactionvector = new THREATACTIONVECTOR();
tactionvector = threat_model.THREATACTIONVECTOR.FirstOrDefault(o => o.ThreatActionCategoryID == 5 && o.ThreatActionVectorName == sThreatActionVectorName);
if (tactionvector == null)
{
tactionvector = new THREATACTIONVECTOR();
tactionvector.ThreatActionCategoryID = 5; //physical
tactionvector.ThreatActionVectorName = sThreatActionVectorName;
threat_model.THREATACTIONVECTOR.Add(tactionvector);
threat_model.SaveChanges();
}
}
break;
default:
Console.WriteLine(loc2 + " is unknown for action.physical");
break;
}
}
//************* ERROR **************************
jobj2 = (JsonObject)JsonConvert.Import(Convert.ToString(((JsonObject)jobj[loc])["error"]));
foreach (string loc2 in jobj2.Names)
{
//Console.WriteLine(loc2);
//variety
//vector
switch (loc2)
{
case "variety":
jarray = (JsonArray)(jobj2)["variety"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVarietyName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVarietyName);
//ThreatActionCategoryID=6 //error
XTHREATModel.THREATACTIONVARIETY tactionvariety = new THREATACTIONVARIETY();
tactionvariety = threat_model.THREATACTIONVARIETY.FirstOrDefault(o => o.ThreatActionCategoryID == 6 && o.ThreatActionVarietyName == sThreatActionVarietyName);
if (tactionvariety == null)
{
tactionvariety = new THREATACTIONVARIETY();
tactionvariety.ThreatActionCategoryID = 6; //error
tactionvariety.ThreatActionVarietyName = sThreatActionVarietyName;
threat_model.THREATACTIONVARIETY.Add(tactionvariety);
threat_model.SaveChanges();
}
}
break;
case "vector":
jarray = (JsonArray)(jobj2)["vector"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVectorName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVectorName);
//ThreatActionCategoryID=6 //error
XTHREATModel.THREATACTIONVECTOR tactionvector = new THREATACTIONVECTOR();
tactionvector = threat_model.THREATACTIONVECTOR.FirstOrDefault(o => o.ThreatActionCategoryID == 6 && o.ThreatActionVectorName == sThreatActionVectorName);
if (tactionvector == null)
{
tactionvector = new THREATACTIONVECTOR();
tactionvector.ThreatActionCategoryID = 6; //error
tactionvector.ThreatActionVectorName = sThreatActionVectorName;
threat_model.THREATACTIONVECTOR.Add(tactionvector);
threat_model.SaveChanges();
}
}
break;
default:
Console.WriteLine(loc2 + " is unknown for action.error");
break;
}
}
//************* ENVIRONMENTAL **************************
jobj2 = (JsonObject)JsonConvert.Import(Convert.ToString(((JsonObject)jobj[loc])["environmental"]));
foreach (string loc2 in jobj2.Names)
{
//Console.WriteLine(loc2);
//variety
switch (loc2)
{
case "variety":
jarray = (JsonArray)(jobj2)["variety"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sThreatActionVarietyName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sThreatActionVarietyName);
//ThreatActionCategoryID=7 //environmental
XTHREATModel.THREATACTIONVARIETY tactionvariety = new THREATACTIONVARIETY();
tactionvariety = threat_model.THREATACTIONVARIETY.FirstOrDefault(o => o.ThreatActionCategoryID == 7 && o.ThreatActionVarietyName == sThreatActionVarietyName);
if (tactionvariety == null)
{
tactionvariety = new THREATACTIONVARIETY();
tactionvariety.ThreatActionCategoryID = 7; //environmental
tactionvariety.ThreatActionVarietyName = sThreatActionVarietyName;
threat_model.THREATACTIONVARIETY.Add(tactionvariety);
threat_model.SaveChanges();
}
}
break;
default:
Console.WriteLine(loc2 + " is unknown for action.environmental");
break;
}
}
break;
case "asset":
jarray = (JsonArray)((JsonObject)jobj[loc])["variety"];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string sAssetVarietyName = Convert.ToString(jarray[cpt]);
//Console.WriteLine(sAssetVarietyName);
XORCISMModel.ASSETVARIETY assetvariety = new ASSETVARIETY();
assetvariety = model.ASSETVARIETY.FirstOrDefault(o => o.AssetVarietyName == sAssetVarietyName);
if (assetvariety == null)
{
assetvariety = new ASSETVARIETY();
assetvariety.AssetVarietyName = sAssetVarietyName;
model.ASSETVARIETY.Add(assetvariety);
model.SaveChanges();
}
}
//cloud
break;
case "attribute":
break;
case "timeline":
break;
case "discovery_method":
break;
case "cost_corrective_action":
break;
case "impact":
break;
case "country":
//ISOCOUNTRY COUNTRYISO
//http://www.iso.org/iso/home/standards/country_codes/country_names_and_code_elements.htm
// create reader & open file
tr = new StreamReader(@"country_names_and_code_element.txt"); //HARDCODED
// read the file
string scountryline = tr.ReadLine();
//Console.WriteLine(verisenum);
//Country Name;ISO 3166-1-alpha-2 code
//Ignore the first line (headers)
scountryline = tr.ReadLine();
string[] row;
while (scountryline != null && scountryline != "")
{
row = scountryline.Split(';');
string sCountryName = row[0];
string sCountryCode = row[1];
XORCISMModel.COUNTRY country = new COUNTRY();
country = model.COUNTRY.FirstOrDefault(o => o.CountryName == sCountryName && o.CountryCode == sCountryCode);
if (country == null)
{
country = new COUNTRY();
country.CountryCode = sCountryCode;
country.CountryName = sCountryName;
model.COUNTRY.Add(country);
model.SaveChanges();
}
scountryline = tr.ReadLine();
}
// close the stream
tr.Close();
jarray = (JsonArray)jobj[loc];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string scountry = Convert.ToString(jarray[cpt]).ToUpper();
//Console.WriteLine(scountry);
XORCISMModel.COUNTRY country = new COUNTRY();
country = model.COUNTRY.FirstOrDefault(o => o.CountryName == scountry);
if (country == null)
{
country = new COUNTRY();
//country.CountryCode = "";
country.CountryName = scountry;
Console.WriteLine("Country: " + scountry + " not found in the database.");
//model.AddToCOUNTRY(country);
//model.SaveChanges();
}
}
break;
case "iso_currency_code":
//jarray = (JsonArray)((JsonObject)jobj[loc])[0];
//jarray = new JsonArray(loc);
jarray = (JsonArray)jobj[loc];
for (int cpt = 0; cpt < jarray.Length - 1; cpt++)
{
string scurrency = Convert.ToString(jarray[cpt]);
//Console.WriteLine(scurrency);
XORCISMModel.ISOCURRENCY currency = new ISOCURRENCY();
currency = model.ISOCURRENCY.FirstOrDefault(o => o.iso_currency_code == scurrency);
if (currency == null)
{
currency = new ISOCURRENCY();
currency.iso_currency_code = scurrency;
model.ISOCURRENCY.Add(currency);
model.SaveChanges();
}
}
break;
default:
break;
}
//wid.value = Convert.ToString(((JsonObject)jobj[loc])["name"]);
//JsonArray coords = (JsonArray)((JsonObject)jobj[loc])["coords"];
//wid.style.left = Convert.ToString(coords[0]);
//wid.style.top = Convert.ToString(coords[1]);
}
//FREE
model.Dispose();
model = null;
}
public void parse()
{
Assembly a;
a = Assembly.GetExecutingAssembly();
Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "Assembly location = " + a.Location);
// ============================================
// Parse the XML Document and populate the database
// ============================================
XmlDocument doc = new XmlDocument();
doc.LoadXml(m_data);
XORCISMEntities model;
model = new XORCISMEntities();
string query = "/NessusClientData_v2/Report";
XmlNode report;
report = doc.SelectSingleNode(query);
Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("Found {0} hosts to parse", report.ChildNodes.Count));
foreach (XmlNode reportHost in report.ChildNodes)
{
string ipAddress;
ipAddress = reportHost.Attributes["name"].InnerText;
Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("Handling host with IP {0}", ipAddress));
// =============================================
// If necessary, create an asset in the database
// =============================================
//TODO ipaddressIPv4
var myass = from ass in model.ASSET
where ass.ipaddressIPv4 == ipAddress //&& ass.AccountID == m_AccountID
select ass;
ASSET asset = myass.FirstOrDefault();
if (asset == null)
{
Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "Creates a new entry in table ASSET for this IP");
asset = new ASSET();
//asset.AccountID = m_AccountID;
asset.AssetName = ipAddress;
asset.AssetDescription = ipAddress;
//TODO ipaddressIPv4
asset.ipaddressIPv4 = ipAddress;
asset.Enabled = true;
//asset.JobID = m_JobId;
model.ASSET.Add(asset);
model.SaveChanges();
}
else
{
Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "This IP already corresponds to an existing asset");
}
Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "Creating ASSETINSESSION reference");
ASSETSESSION assinsess = new ASSETSESSION();
assinsess.AssetID = asset.AssetID;
assinsess.SessionID = model.JOB.Single(x => x.JobID == m_JobId).SessionID;
model.ASSETSESSION.Add(assinsess);
model.SaveChanges();
Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "Update JOB with ASSETINSESSIONID");
JOB daJob = model.JOB.Single(x => x.JobID == m_JobId);
daJob.AssetSessionID = assinsess.AssetSessionID;
model.SaveChanges();
// =============================
// Handles every ReportItem tag
// =============================
foreach (XmlNode n in reportHost.ChildNodes)
{
//Hardcoded
if (n.Name.ToUpper() == "ReportItem".ToUpper() && n.ChildNodes != null && n.ChildNodes.Count > 0)
{
string protocol = n.Attributes["protocol"].InnerText.ToUpper();
int port = Convert.ToInt32(n.Attributes["port"].InnerText);
//svc_name
//pluginID
//pluginName
//pluginFamily
//risk_factor
VulnerabilityEndPoint vulnerabilityEndPoint = new VulnerabilityEndPoint();
vulnerabilityEndPoint.IpAdress = ipAddress;
vulnerabilityEndPoint.Protocol = protocol;
vulnerabilityEndPoint.Port = port;
VulnerabilityFound vulnerabilityFound = new VulnerabilityFound();
vulnerabilityFound.ListItem = Helper_GetCVE(n);
vulnerabilityFound.ListReference = Helper_GetREFERENCE(n); //TODO: Helper_GetCVE and Helper_GetREFERENCE could be mixed for only 1 parsing
vulnerabilityFound.InnerXml = n.OuterXml;
vulnerabilityFound.Description = HelperGetChildInnerText(n, "description");
vulnerabilityFound.Solution = HelperGetChildInnerText(n, "solution");
vulnerabilityFound.Title = HelperGetChildInnerText(n, "synopsis");
vulnerabilityFound.rawresponse = HelperGetChildInnerText(n, "plugin_output");
vulnerabilityFound.Result = HelperGetChildInnerText(n, "plugin_output");
vulnerabilityFound.Severity = n.Attributes["severity"].InnerText; //1
//vulnerabilityFound.Severity = HelperGetChildInnerText(n, "risk_factor"); //None Low
if (HelperGetChildInnerText(n, "exploit_available") == "true")
{
vulnerabilityFound.Exploitable = true;
}
//exploitability_ease Exploits are available
//exploit_framework_canvas
//exploit_framework_metasploit
//exploit_framework_core
//metasploit_name
//canvas_package
//cvss_vector
//cvss_temporal_score
try
{
vulnerabilityFound.CVSSBaseScore = float.Parse(HelperGetChildInnerText(n, "cvss_base_score"), System.Globalization.CultureInfo.InvariantCulture);
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("Error parsing CVSS_BASE : Exception = {0}", ex.Message));
Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("CVSS_BASE =", HelperGetChildInnerText(n, "cvss_base_score")));
}
bool PatchUpgrade = false;
string MSPatch = "";
string title;
string Solution;
//patch_publication_date
if (HelperGetChildInnerText(n, "patch_publication_date") != "")
{
PatchUpgrade = true;
}
title = n.Attributes["pluginName"].InnerText;
Regex objNaturalPattern = new Regex("MS[0-9][0-9]-[0-9][0-9][0-9]");
MSPatch = objNaturalPattern.Match(title).ToString();
if (MSPatch != "")
{
Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "MSPatch=" + MSPatch);
PatchUpgrade = true;
}
//Hardcoded
Solution = HelperGetChildInnerText(n, "solution");
if (Solution.Contains(" upgrade to "))
{
PatchUpgrade = true;
}
if (Solution.Contains("Upgrade "))
{
PatchUpgrade = true;
}
if (Solution.Contains("has released a set of patches"))
{
PatchUpgrade = true;
}
if (Solution.Contains("Apply the appropriate patch"))
{
PatchUpgrade = true;
}
//<patch_publication_date>
vulnerabilityFound.PatchUpgrade = PatchUpgrade;
vulnerabilityFound.MSPatch = MSPatch;
// ===========
// Persistance
// ===========
Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("Persistance [{0}] [{1}] [{2}]", protocol, port, Helper_ListCVEToString(vulnerabilityFound.ListItem)));
int etat = VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, m_JobId, "nessus", model);
if (etat == -1)
{
Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("CANNOT IMPORT THIS ASSET !!!! "));
}
}
}
}
// TODO
// VulnerabilityPersistor.UpdateVulnerabilityJob(list_vulnerabilyFound,m_JobId,m_model);
}
/* @default : port = "80"
* @default : strategy | tunning ="x"
*/
public void Run(string target, int jobID, string policy, string strategy)
{
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", "Entering Run()");
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("Target = {0} , JobID = {1} , Policy = {2}, Strategy = {3}", target, jobID, policy, strategy));
// delete spaces for multisite
target = target.Replace(" ", "");
/* On initialise une var */
NiktoParser niktoParser = null;
try
{
niktoParser = new NiktoParser(target, jobID, policy, strategy);
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", "JobID:" + jobID + "Exception NiktoParser = " + ex.Message + " " + ex.InnerException);
}
string status = XCommon.STATUS.FINISHED.ToString();
// =================================================
// Change the status of the job to FINISHED or ERROR
// =================================================
if (niktoParser.Parse() == false)
{
status = XCommon.STATUS.ERROR.ToString();
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("Updating job {0} status to ERROR", jobID));
XCommon.Utils.Helper_SendEmail("*****@*****.**", "Nikto ERROR", "Nikto ERROR for job:" + jobID);
}
else
{
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("Updating job {0} status to FINISHED", jobID));
}
try
{
XORCISMEntities model = new XORCISMEntities();
var Q = from j in model.JOB
where j.JobID == jobID
select j;
JOB myJob = Q.FirstOrDefault();
myJob.Status = status;
myJob.DateEnd = DateTimeOffset.Now;
//image
System.Text.UTF8Encoding encoding = new System.Text.UTF8Encoding();
myJob.XmlResult = encoding.GetBytes(m_data);
model.SaveChanges();
//FREE MEMORY
model.Dispose();
niktoParser = null;
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", "JobID:" + jobID + "Exception UpdateJob = " + ex.Message + " " + ex.InnerException);
}
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", "JobID:" + jobID + "Leaving Run()");
}
public void search_email_collector(string domainname)
{
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + m_jobId + " search_email_collector on : " + domainname);
SshShell sshShell = connect();
string stdout = "";
//string stderr = "";
string cmd1 = "cd /home/root/tools/metasploitsvn"; //TODO Hardcoded
//prompt1 = prompt + "~/tools/metasploitsvn" + promptend;
sshShell.WriteLine(cmd1);
Thread.Sleep(2000);
stdout = sshShell.Expect(prompt);
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + m_jobId + " stdout001: " + stdout);
//TODO Hardcoded
cmd1 = "./msfcli auxiliary/gather/search_email_collector DOMAIN=" + domainname + " E"; //Hardcoded
sshShell.WriteLine(cmd1);
Thread.Sleep(60000);
stdout = sshShell.Expect(prompt);
/*
* DOMAIN => target.com
* [*] Harvesting emails .....
* [*] Searching Google for email addresses from target.com
* [*] Extracting emails from Google search results...
* [*] Searching Bing email addresses from target.com
* [*] Extracting emails from Bing search results...
* [*] Searching Yahoo for email addresses from target.com
* [*] Extracting emails from Yahoo search results...
* [*] Located 2 email addresses for target.com
* [*] [email protected]
* [*] [email protected]
* [*] Auxiliary module execution completed
*/
XORCISMEntities model = new XORCISMEntities();
string[] mytab = Regex.Split(stdout, "\r\n");
string mymail = "";
foreach (string line in mytab)
{
if (line.Contains("@" + domainname))
{
mymail = line.Replace("[*]", "").Trim();
Console.WriteLine(mymail);
//TODO
/*
* //Check if we already collected this email
* var Q = from e in model.INFORMATION
* where e.JobID == m_jobId && e.Title == "Email" && e.Result == mymail
* select e;
*
* INFORMATION newInfo = Q.FirstOrDefault();
*
* if (newInfo == null)
* {
* Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + m_jobId + "Email collected: " + mymail);
*
* newInfo = new INFORMATION();
* newInfo.Title = "Email";
* newInfo.Result = mymail;
* newInfo.JobID = m_jobId;
* m_model.AddToINFORMATION(newInfo);
* m_model.SaveChanges();
* }
*/
}
}
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + m_jobId + " esearchy on : " + domainname);
cmd1 = "esearchy -q \"@" + domainname + "\" --enable-all --disable-bing --disable-yahoo -m 500 -w " + m_target; //company //HARDCODED
//TODO Review
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + m_jobId + " esearchy command : " + cmd1);
sshShell.WriteLine(cmd1);
Thread.Sleep(60000);
stdout = sshShell.Expect(prompt);
Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + m_jobId + "esearchy stdout: " + stdout);
mytab = Regex.Split(stdout, "\r\n");
mymail = "";
foreach (string line in mytab)
{
//TODO
/*
* if (line.ToLower().EndsWith("@" + domainname.ToLower()))
* {
* mymail = line.Trim();
* Console.WriteLine(mymail);
*
* //Check if we already collected this email
* var Q = from e in model.INFORMATION
* where e.JobID == m_jobId && e.Title == "Email" && e.Result == mymail
* select e;
*
* INFORMATION newInfo = Q.FirstOrDefault();
*
* if (newInfo == null)
* {
* Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + m_jobId + "Email collected: " + mymail);
* newInfo = new INFORMATION();
* newInfo.Title = "Email";
* newInfo.Result = mymail;
* newInfo.JobID = m_jobId;
* m_model.AddToINFORMATION(newInfo);
* m_model.SaveChanges();
* }
* }
* else
* {
*
* //Kerry Davis -> http://www.spoke.com/info/pC4F8IB/KerryDavis
* //Tom Bui -> http://www.linkedin.com/pub/tom-bui/2/329/168
* //Mark Behm profiles -> http://www.linkedin.com/pub/dir/Mark/Behm
*
* if (line.Contains("-> http://"))
* {
* try
* {
* mytab = Regex.Split(line, " -> ");
* Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + m_jobId + "People collected: " + line);
* INFORMATION newInfo = new INFORMATION();
* newInfo.Title = "People";
* newInfo.Result = mytab[0];
* newInfo.Url = mytab[1];
* newInfo.JobID = m_jobId;
* m_model.AddToINFORMATION(newInfo);
* m_model.SaveChanges();
* }
* catch (Exception ex)
* {
* Utils.Helper_Trace("XORCISM PROVIDER XINFO", "JobID:" + m_jobId + "Exception esearchy: " + ex.Message + " " + ex.InnerException);
* }
* }
* else
* {
* if (line.StartsWith(m_target))
* {
* //TODO : URLs
* }
* }
* }
*/
}
sshShell.Close();
}
