Ejemplo n.º 1
0
function script_id($id, $lookup, $details)
{
    global $showlive, $last30, $org, $site, $uroles, $username, $dbconn;
    $dbconn->SetFetchMode(ADODB_FETCH_BOTH);
    if (!$uroles['reports'] && !$uroles['admin']) {
        if ($org == "" && $site == "") {
            $org_code = "";
        }
    } else {
        $org_code = "";
    }
    $sql_filter = "";
    if ($org_code) {
        $sql_filter = " AND ORG='{$org_code}'";
    } elseif ($org) {
        $sql_filter = " AND ORG='{$org}'";
    }
    if ($site) {
        $sql_filter .= " AND site_code='{$site}'";
    }
    if ($lookup == "bysubnets") {
        $query = "SELECT t1.site_code, t1.ORG, t3.hostip, t3.hostname, t1.dtLastScanned, t3.service, t3.risk, t3.msg\n\t\t\tFROM vuln_subnets t1\n\t\t\tLEFT JOIN vuln_jobs t2 ON t1.CIDR = t2.fk_name\n\t\t\t\tAND ( t2.scan_SUBMIT >= t1.dtLastScanned OR t1.report_id = t2.report_id )\n\t\t\tLEFT JOIN vuln_nessus_results t3 ON t2.report_id = t3.report_id\n\t\t\tWHERE {$sql_filter}  t1.status != 'available' and t1.serial_flag='N' AND\n\t\t\tt3.scriptid='{$id}' GROUP BY t3.hostip ORDER BY INET_NTOA(t3.hostip) ASC";
    } elseif ($lookup == "byage") {
        subtractTime($hours = 0, $minutes = 0, $seconds = 0, $months = 0, $days = 0, $years = 0);
        $query = "SELECT t1.site_code, t1.ORG, t1.hostip, t1.hostname, t1.lastscandate, t2.service, t2.risk, t2.msg\n\t\t\tFROM vuln_hosts t1\n\t\t\tLEFT JOIN vuln_Incidents t2 ON t1.id = t2.host_id\n\t\t\tWHERE {$sql_filter} t2.status != 'resolved' AND t2.scriptid='{$id}'\n\t\t\tGROUP BY t2.host_id ORDER BY t1.site_code";
    } else {
        $query = "SELECT t2.site_code, t2.ORG, t2.hostip, t2.hostname, t2.lastscandate, t1.service, t1.risk, t1.msg\n\t\t  FROM vuln_Incidents t1\n\t\t  LEFT JOIN vuln_hosts t2 on t1.host_id=t2.id\n\t\t  WHERE t1.scriptid='{$id}' and t1.status = 'open' {$sql_filter} ORDER BY t2.ORG,t2.site_code,t2.lastscandate";
    }
    $result = $dbconn->execute($query);
    #ECHO "sql=$query<br>";
    echo "<table summary=\"Plugin Matches [ <font color=red>{$pid}</a> ]\" border=\"1\" width=\"100%\">";
    if ($details == "1") {
        echo "<tr><td colspan=7><h4>Vulnerabilities found:</h4></tr>\n\t\t<tr>\n\t\t\t<td><font face=\"Verdana\" color=\"#666666\" size=\"4\"><b>Host&nbsp;&nbsp;</b></font></td>\n      \t\t<td><font face=\"Verdana\" color=\"#666666\" size=\"4\"><b>Severity&nbsp;&nbsp;</b></font></td>\n      \t\t<td colspan=5><font face=\"Verdana\" color=\"#666666\" size=\"4\"><b>Description&nbsp;&nbsp;</b></font></td>\n      \t</tr>";
    } else {
        echo "<tr><td colspan=7><h4>Vulnerabilities found:</h4></tr>";
    }
    $htmldetails = "";
    $i = 0;
    while (!$result->EOF) {
        list($sCODE, $sORG, $hostIP, $hostname, $lastscanned, $service, $risk, $msg) = $result->fields;
        $i = $i += 1;
        $msg = preg_replace("/^[ \t]*/", "", $msg);
        $msg = wordwrap(preg_replace("/\n/", "<br>", $msg), 100, "<br>", 1);
        if ($details == "1") {
            $htmldetails .= "<tr>\n\t\t\t<td>{$hostIP}<br>{$hostname}</td>\n      \t\t<td>{$service}<br>" . getrisk($risk) . "</td>\n      \t\t<td colspan=5>{$msg}</td>\n      \t</tr>";
        } else {
            if ($htmldetails == "") {
                $legendcode = "</table><br>" . printLegend() . "<br><table border=\"1\" width=\"100%\">";
                $htmldetails .= "<tr><td>RISK</td><td colspan=6>" . getrisk($risk) . "</td></tr>\n        \t\t<tr><td>SERVICE</td><td colspan=6>{$service}</td></tr>\n        \t\t<tr><td>MSG</td><td colspan=6>{$msg}</td></tr>\n\t\t\t\t<tr><td colspan=7>&nbsp;</td></tr>\n\t\t\t\t{$legendcode}\n\t\t\t\t<tr><td colspan=7><h4>VULNERABLE HOSTS</h4></td></tr>\n\t\t\t\t<tr><td colspan=7>&nbsp;</td></tr>\n\t\t\t\t<tr><td>COUNT</td>\n\t\t\t\t\t<td>STATUS</td>\n\t\t\t\t\t<td>HOSTIP</td>\n\t\t\t\t\t<td>HOSTNAME</td>\n\t\t\t\t\t<td>SITE</td>\n\t\t\t\t\t<td>ORG</td>\n\t\t\t\t\t<td>LastScanned</td>\n\t\t\t\t</tr>";
            }
            if ($showlive) {
                $arrHOST = check_host($hostname, $hostIP);
                if ($arrHOST['hostname']) {
                    $hostname = $arrHOST['hostname'];
                }
                if ($arrHOST['hostip']) {
                    $hostIP = $arrHOST['hostip'];
                }
                $rating = $arrHOST['rating'];
                $rating_color = $arrHOST['rating_color'];
            }
            if ($sCODE == $sORG) {
                $sORG = "&nbsp;";
            }
            # no reason to show it twice
            if (!$showlive || $rating >= 3) {
                $htmldetails .= "<tr>\n        \t\t<td>[{$i}]</td>\n        \t\t<td bgcolor=\"{$rating_color}\">{$rating}</td>\n        \t\t<td>{$hostIP}</td>\n        \t\t<td>{$hostname}</td>\n        \t\t<td>{$sCODE}</td>\n        \t\t<td>{$sORG}</td>\n        \t\t<td>{$lastscanned}</td>\n        \t\t</tr>";
            }
        }
        $result->MoveNext();
    }
    echo $htmldetails;
    echo "</table>";
}
Ejemplo n.º 2
0
<?php

include 'config.php';
date_default_timezone_set('Asia/Kolkata');
echo 'Current Time: ' . date("Y-m-d H:i:s");
echo "<BR>";
// Now let us deduct 5 hours, 2 days and 1 year from now
echo 'New Time: ' . subtractTime();
date_default_timezone_set('Asia/Kolkata');
$curTime = date("Y-m-d H:i:s");
//echo $curTime;
//echo "<br>";
$fiveMinBefore = subtractTime();
$query = "Select * From applicant Where sid=1 AND created_on Between '" . $fiveMinBefore . "' And '" . $curTime . "'";
$result = mysql_query($query);
if (!$result) {
    echo "failed";
} else {
    while ($row = mysql_fetch_array($result)) {
        echo $row['aid'];
    }
}
function subtractTime()
{
    $five = 5;
    $totalHours = date("H");
    $totalMinutes = date("i") - $five;
    $totalSeconds = date("s");
    $totalMonths = date("m");
    $totalDays = date("d");
    $totalYears = date("Y");
Ejemplo n.º 3
0
<?php

$sid = $_GET['sid'];
date_default_timezone_set('Asia/Kolkata');
$curTime = date("Y-m-d H:i:s");
//echo $curTime;
//echo "<br>";
$threeMonBefore = subtractTime();
include 'config.php';
$json = array();
$failed = false;
//$query = "Select * From job Where created_on Between '".$newdate." 00:00:00' And '".$old." 00:00:00'";
$query = "Select * From ads Where created_on Between '" . $threeMonBefore . "' And '" . $curTime . "'";
//$query = "Select * From applicant Where sid=".$sid;
$result = mysql_query($query);
if (!$result) {
    //echo "failed";
    $failed = true;
} else {
    $json['adcid'] = array();
    $json['adcontent'] = array();
    $json['adid'] = array();
    $json['adctags'] = array();
    $json['adcname'] = array();
    $json['adprid'] = array();
    $i = 0;
    while ($row = mysql_fetch_array($result)) {
        $cid = $row['cid'];
        $json['adcid'][$i] = $row['cid'];
        $json['adcontent'][$i] = $row['content'];
        $json['adid'][$i] = $row['adid'];
Ejemplo n.º 4
0
 $results = $dbMan->executeQuery($request);
 if ($results == null) {
     //request failed
 } else {
     $delaySum = 0;
     $rows = $results->num_rows;
     for ($i = 0; $i < $rows; ++$i) {
         $results->data_seek($i);
         $row = $results->fetch_array(MYSQLI_NUM);
         $table = $table . '<tr>';
         for ($j = 0; $j < count($row); ++$j) {
             $table = $table . '<td>' . $row[$j] . '</td>';
         }
         if ($request->type == 'getDelayedFlights') {
             if ($row[3] > $row[2]) {
                 $delay = subtractTime($row[3], $row[2]);
                 //echo $row[3] . ' - ' . $row[2] . ' = ' . $delay . ' <br />';
                 $delaySum += $delay;
             } else {
                 $delay = $row[6] - $row[5];
                 $delaySum += $delay;
             }
         } else {
             if ($request->type == 'getAllFlights' && $rows > 0) {
                 if ($row[3] > $row[2] || $row[6] > $row[5]) {
                     $table = $table . '<td><span class="label label-danger">Delayed</span></td></tr>';
                 } else {
                     $table = $table . '<td><span class="label label-success">On-Time</span></td></tr>';
                 }
             }
         }