/** * Merge plugins in special plugin profile into the scanner set * * This function will iterate through plugins associated with * a special plugin profile and set the plugins equal to 'yes' * that have been specified in the special plugin profile * * @param string $profile_id Profile ID of the scan whose * plugin list is to be updated * @param array $scanner_set List of all plugins used by nessus. * The array is indexed by plugin ID with the values of * each item being either 'yes' if the plugin should be */ function merge_plugin_profiles($profile_id, &$scanner_set) { global $client; $client->query('jobs.getProfilePlugins', _CLIENT_KEY, $profile_id, 'spe'); $special = $client->getResponse(); if (count($special) < 1) { return; } foreach ($special as $key => $spe) { $client->query('jobs.getSpecialProfileItems', $profile_id); $profile_items = $client->getResponse(); foreach ($profile_items as $key => $item) { $type = $item['plugin_type']; $plugin = $item['plugin']; if ($type == 'fam') { merge_families($profile_id, $scanner_set); } else { if ($type == 'sev') { merge_severities($profile_id, $scanner_set); } else { if ($type == 'plu') { $scanner_set[$plugin] = 'yes'; } } } } } }
$scanner_set[$row['pluginid']] = 'no'; } $set = $scanner_set; // Get the information for all the profiles $stmt2->execute($profile_id); // Loop through each profile's information $row = $stmt2->fetch_assoc(); $machine_list = array(); $username = $row['username']; $rand = rand(0, 1000000); $scanner_set = $set; $output = array(); $machine_list = make_machine_list($profile_id); merge_severities($profile_id, $scanner_set); merge_all($profile_id, $scanner_set); merge_families($profile_id, $scanner_set); merge_plugins($profile_id, $scanner_set); $ml = make_ml_file($username, $rand, $machine_list); $nrc = make_nrc_file($username, $rand, $scanner_set); $stmt3->execute($profile_id); $stmt4->execute($profile_id); $stmt5->execute($profile_id); $command = escapeshellcmd("nohup " . _NESSUS_CMD . " -q -c {$nrc} -T html -x " . _NESSUS_SERVER . ' ' . _NESSUS_PORT . ' ' . _NESSUS_USER . ' ' . _NESSUS_PASS . " {$ml} -"); exec($command, $output); if (count($output) < 1) { $retval = "The scan was not run. Did you remeber to give appropriate sudo privileges to the web user?"; } else { foreach ($output as $key => $val) { $val = trim($val); if ($val == '') { $retval .= ' ';