function create_new_profile($sname, $sdescription, $sautoenable, $stype, $cloneid, $auto_cat_status, $auto_fam_status, $tracker)
{
global $dbconn, $nessus_path;
$username = $stype;
// Owner Profile
if ($cloneid != '') {
// get the data from the original profile
$query = "SELECT autoenable, type\n FROM vuln_nessus_settings\n WHERE id = {$cloneid}";
$result = $dbconn->GetArray($query);
if ($result === false) {
$errMsg[] = "Error selecting profile data for id = {$cloneid}: " . $dbconn->ErrorMsg();
dispSQLError($errMsg, 1);
require_once 'footer.php';
die;
} else {
$orig = $result[0];
}
// create new entry in the vuln_nessus_settings table first and get
// the new id
$insert = "INSERT INTO vuln_nessus_settings\n (name, description, autoenable, type, owner, update_host_tracker )\n VALUES\n ('{$sname}', '{$sdescription}', '{$orig['autoenable']}', \n '{$orig['type']}', '{$username}', '{$tracker}' )";
$result = $dbconn->execute($insert);
if ($result === false) {
$errMsg[] = "Error creating vuln_nessus_settings record: " . $dbconn->ErrorMsg();
$error++;
dispSQLError($errMsg, $error);
require_once 'footer.php';
die;
} else {
$newPID = $dbconn->Insert_ID();
}
/* now we need to copy all the data from the other tables with the
* new sid = newPID
* vuln_nessus_settings_users -> sid, username
* vuln_nessus_settings_family
* vuln_nessus_settings_category
* vuln_nessus_settings_preferences
* vuln_nessus_settings_plugins
*/
//$query="insert into vuln_nessus_settings_users (sid, username)
// values ($newPID, '$username')";
//$result=$dbconn->execute($query);
//if($result === false) {
// $errMsg[] = "Error creating vuln_nessus_settings_users record: ".
// $dbconn->ErrorMsg();
// $error++;
//}
$query = "insert into vuln_nessus_settings_family\n (select {$newPID} as sid, fid, status \n from vuln_nessus_settings_family\n where sid={$cloneid})";
$result = $dbconn->execute($query);
if ($result === false) {
$errMsg[] = "Error copying vuln_nessus_settings_family records: " . $dbconn->ErrorMsg();
$error++;
}
$query = "insert into vuln_nessus_settings_category\n (select {$newPID} as sid, cid, status \n from vuln_nessus_settings_category\n where sid={$cloneid})";
$result = $dbconn->execute($query);
if ($result === false) {
$errMsg[] = "Error copying vuln_nessus_settings_category records: " . $dbconn->ErrorMsg();
$error++;
}
$query = "insert into vuln_nessus_settings_preferences \n (select {$newPID} as sid, id, nessus_id, value, \n category, type \n from vuln_nessus_settings_preferences\n where sid={$cloneid})";
$result = $dbconn->execute($query);
if ($result === false) {
$errMsg[] = "Error copying vuln_nessus_settings_preferences records: " . $dbconn->ErrorMsg();
$error++;
}
$query = "insert into vuln_nessus_settings_plugins \n (select id, {$newPID} as sid, enabled, category, \n family from vuln_nessus_settings_plugins \n where sid = {$cloneid})";
$result = $dbconn->execute($query);
if ($result === false) {
$errMsg[] = "Error copying vuln_nessus_settings_plugins records: " . $dbconn->ErrorMsg();
$error++;
}
$sid = $newPID;
// necessary so that success links have the sid set
} else {
// create a new profile from scratch
if ($sname != "" and ($sautoenable == "N" or $sautoenable == "C" or $sautoenable == "F")) {
# see if this is duplicate name or not
$query = "SELECT count(name)\n FROM vuln_nessus_settings\n WHERE name='{$sname}'";
$result = $dbconn->execute($query);
list($count) = $result->fields;
if ($count > 0) {
echo "Cannot create new profile. Duplicate profile name {$sname} exists.";
} else {
$type = $stype == "true" ? "G" : " ";
$query = "INSERT into vuln_nessus_settings (name, description, autoenable, type, owner, auto_cat_status, auto_fam_status)\n values ('{$sname}', '{$sdescription}', '{$sautoenable}', '{$type}', '{$username}', {$auto_cat_status}, {$auto_fam_status})";
$result = $dbconn->execute($query);
if ($result === false) {
$errMsg[] = "Error creating vuln_nessus_settings record: " . $dbconn->ErrorMsg();
$error++;
} else {
$sid = $dbconn->Insert_ID();
}
//$query="insert into vuln_nessus_settings_users ( sid, username ) values ($sid, '$username')";
//$result=$dbconn->execute($query);
//if($result === false) {
// $errMsg[] = "Error creating vuln_nessus_settings_users record: ".
// $dbconn->ErrorMsg();
// $error++;
//}
reset($_POST);
// if form method="post"
// improve logic here, only add these if this profile
// is set to autoenable anything, otherwise skip this
while (list($key, $value) = each($_POST)) {
$value = Util::htmlentities(mysql_real_escape_string(trim($value)), ENT_QUOTES);
if (substr($key, 0, 2) == "f_") {
$type = substr($key, 0, 1);
$key = substr($key, 2);
$query = "insert into vuln_nessus_settings_family values({$sid}, {$key}, {$value})";
$results = $dbconn->Execute($query);
if ($result === false) {
$errMsg[] = "Error creating vuln_nessus_settings_family records: " . $dbconn->ErrorMsg();
$error++;
}
} elseif (substr($key, 0, 2) == "c_") {
$type = substr($key, 0, 1);
$key = substr($key, 2);
$query = "insert into vuln_nessus_settings_category values({$sid}, {$key}, {$value})";
$results = $dbconn->Execute($query);
if ($result === false) {
$errMsg[] = "Error creating vuln_nessus_settings_category records: " . $dbconn->ErrorMsg();
$error++;
}
}
}
// not sure why we do this, there can't be any values in these tables
// with sid=$sid as $sid is a new ID
// $query="select count(*)
// from vuln_nessus_settings_preferences
// where sid=$sid";
// $result=$dbconn->execute($query);
// list($count)=$result->fields;
//
// if (!$count>0) {
$query = "insert into vuln_nessus_settings_preferences \n select {$sid} as sid, id, nessus_id, value, \n category, type \n from vuln_nessus_preferences";
$result = $dbconn->execute($query);
if ($result === false) {
$errMsg[] = "Error creating vuln_nessus_settings_preferences records: " . $dbconn->ErrorMsg();
$error++;
}
// }
//
// $query = "select count(*)
// from vuln_nessus_settings_plugins
// where sid=$sid";
// $result=$dbconn->execute($query);
// list($count)=$result->fields;
//
// if (!$count>0) {
$query = "insert into vuln_nessus_settings_plugins \n select id, {$sid} as sid, enabled, category, \n family from vuln_nessus_plugins \n where deleted is null";
$result = $dbconn->execute($query);
if ($result === false) {
$errMsg[] = "Error creating vuln_nessus_settings_plugins records: " . $dbconn->ErrorMsg();
$error++;
}
// }
if ($sautoenable == "C") {
$query = "select t1.cid, t1.status \n from vuln_nessus_settings_category as t1, \n vuln_nessus_category as t2 \n where sid={$sid}";
$result = $dbconn->execute($query);
while (!$result->EOF) {
list($cid, $catstatus) = $result->fields;
if ($catstatus == 4) {
$query1 = "update vuln_nessus_settings_plugins \n set enabled='N' \n where category={$cid} \n and sid={$sid}";
$result1 = $dbconn->execute($query1);
if ($result1 === false) {
$errMsg[] = "Error updating vuln_nessus_settings_plugins records: " . $dbconn->ErrorMsg();
$error++;
}
} elseif ($catstatus == 1) {
$query1 = "update vuln_nessus_settings_plugins \n set enabled='Y' \n where category={$cid} \n and sid={$sid}";
$result1 = $dbconn->execute($query1);
if ($result1 === false) {
$errMsg[] = "Error updating vuln_nessus_settings_plugins records: " . $dbconn->ErrorMsg();
$error++;
}
}
$result->MoveNext();
}
} elseif ($sautoenable == "F") {
$query = "select t1.fid, t1.status \n from vuln_nessus_settings_family as t1, \n vuln_nessus_category as t2 \n where sid={$sid}";
$result = $dbconn->execute($query);
while (!$result->EOF) {
list($fid, $catstatus) = $result->fields;
if ($catstatus == 4) {
$query1 = "update vuln_nessus_settings_plugins \n set enabled='N' \n where family={$fid} \n and sid={$sid}";
$result1 = $dbconn->execute($query1);
if ($result1 === false) {
$errMsg[] = "Error updating vuln_nessus_settings_plugins records: " . $dbconn->ErrorMsg();
$error++;
}
} elseif ($catstatus == 1) {
$query1 = "update vuln_nessus_settings_plugins \n set enabled='Y' \n where family={$fid} \n and sid={$sid}";
$result1 = $dbconn->execute($query1);
if ($result1 === false) {
$errMsg[] = "Error updating vuln_nessus_settings_plugins records: " . $dbconn->ErrorMsg();
$error++;
}
}
$result->MoveNext();
}
}
}
} else {
echo "Please specify profile name";
}
}
if (!$error) {
if (preg_match("/omp\\s*\$/i", $nessus_path)) {
$omp = new OMP();
$omp->create_new_config($sid);
}
//logAccess( "Created Profile $sid - $sname" );
// echo <<<EOT
//Step 1. Done - Profile $sname created!!!<BR>
//Step 2. <a href="settings.php?item=editusers&sid=$sid">Edit Profile Users</a></br>
//Step 3. <A href="settings.php?item=edit&sid=$sid&page=1">Edit profile details</A>
//EOT;
?>
<script type="text/javascript">
//<![CDATA[
document.location.href='settings.php?hmenu=Vulnerabilities&smenu=ScanProfiles';
//]]>
</script><?php
} else {
//logAccess( "Created Profile Failed $errMsg[0]" );
dispSQLError($errMsg, $error);
}
}
function list_results($type, $value, $ctx_filter, $sortby, $sortdir)
{
global $allres, $offset, $pageSize, $dbconn;
global $user, $arruser;
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$filteredView = FALSE;
$selRadio = array("", "", "", "");
$query_onlyuser = "";
$url_filter = "";
// Deprecated filter
//if(!empty($arruser)) {$query_onlyuser = "******";}
$sortby = "t1.results_sent DESC, t1.hostIP DESC";
$sortdir = "";
$queryw = "";
$queryl = "";
$querys = "SELECT distinct t1.hostIP, HEX(t1.ctx) as ctx, t1.scantime, t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t1.sid, t3.name as profile\n FROM vuln_nessus_latest_reports AS t1 LEFT JOIN vuln_nessus_settings AS t3 ON t1.sid = t3.id, vuln_nessus_latest_results AS t5\n WHERE\n t1.hostIP = t5.hostIP\n AND t1.ctx = t5.ctx\n AND t1.deleted = '0' ";
// set up the SQL query based on the search form input (if any)
if ($type == "scantime" && $value != "") {
$selRadio[0] = "CHECKED";
$q = $value;
$queryw = " AND t1.scantime LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for Date/Time") . "</b> = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "service" && $value != "") {
$selRadio[5] = "CHECKED";
$q = $value;
$queryw = " AND t5.service LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for Service") . "</b> = '*" . html_entity_decode($q) . "*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "freetext" && $value != "") {
$selRadio[6] = "CHECKED";
$q = $value;
$queryw = " AND t5.msg LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for Free Text") . "</b> = '*" . html_entity_decode($q) . "*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "hostip" && $value != "") {
$selRadio[1] = "CHECKED";
$q = strtolower($value);
$queryw = " t1.hostIP LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for Host-IP") . "</b> = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "fk_name" && $value != "") {
$selRadio[2] = "CHECKED";
$q = strtolower($value);
$queryw = " AND t1.fk_name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = _("Search for Subnet/CIDR") . " = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "username" && $value != "") {
$selRadio[3] = "CHECKED";
$q = strtolower($value);
$queryw = " AND t1.username LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for user") . "</b> = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "hn" && $value != "") {
if (!empty($ctx_filter)) {
$queryw = " AND t1.ctx=UNHEX('{$ctx_filter}')";
}
$selRadio[4] = "CHECKED";
if (preg_match("/\\//", $value)) {
$ip_range = array();
$ip_range = Cidr::expand_CIDR($value, "SHORT");
$queryw .= " AND (inet_aton(t1.hostIP) >= '" . $ip_range[0] . "' AND inet_aton(t1.hostIP) <='" . $ip_range[1] . "') {$query_onlyuser} order by {$sortby} {$sortdir}";
} elseif (preg_match("/\\,/", $value)) {
$q = implode("','", explode(",", $value));
$queryw .= " AND t1.hostIP in ('{$q}') {$query_onlyuser} order by {$sortby} {$sortdir}";
$q = "Others";
} else {
$q = $value;
$queryw .= " AND t1.hostIP LIKE '{$q}' {$query_onlyuser} order by {$sortby} {$sortdir}";
}
$queryl = " limit {$offset},{$pageSize}";
if (!preg_match("/\\//", $value)) {
$stext = "<b>" . _("Search for Host") . "</b> = '" . html_entity_decode($q) . "'";
} else {
$stext = "<b>" . _("Search for Subnet/CIDR") . "</b> = '{$value}'";
}
$url_filter = "&type={$type}&value={$value}";
} else {
$selRadio[4] = "CHECKED";
$viewAll = FALSE;
$queryw = "{$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "";
}
}
}
}
}
}
}
// set up the pager and search fields if viewing all hosts
$reportCount = 0;
if (!$filteredView) {
$dbconn->Execute(str_replace("SELECT distinct", "SELECT SQL_CALC_FOUND_ROWS distinct", $querys) . $queryw);
$reportCount = $dbconn->GetOne("SELECT FOUND_ROWS() as total");
$previous = $offset - $pageSize;
if ($previous < 0) {
$previous = 0;
}
$last = intval($reportCount / $pageSize) * $pageSize;
if ($last < 0) {
$last = 0;
}
$next = $offset + $pageSize;
$pageEnd = $offset + $pageSize;
$value = html_entity_decode($value);
//echo "<center><table cellspacing='0' cellpadding='0' border='0' width='100%'><tr><td class='headerpr' style='border:0;'>"._("Current Vulnerablities")."</td></tr></table>";
// output the search form
echo "<table class='w100 transparent'>";
echo "<tr><td class='sec_title'>" . _("Asset Vulnerability Details") . "</td></tr>";
echo "<tr><td style='padding:12px 0px 0px 0px;' class='transparent'>";
?>
<div id='cvleftdiv'>
<a id="new_scan_button" class="button" href="<?php
echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs');
?>
" style="text-decoration:none;">
<?php
echo _("New Scan Job");
?>
</a>
</div>
<div id='cvrightdiv'>
<?php
echo '<form name="hostSearch" id="hostSearch" action="index.php" method="GET">
<input type="text" length="25" name="value" id="assets" class="assets" style="margin:0px !important;" value="' . Util::htmlentities($value) . '">';
// cvfiltertype -> current vulnerabilities filter type
echo "\n<input type=\"radio\" name=\"type\" value=\"service\" {$selRadio['5']}>" . _("Service") . "\n<input type=\"radio\" name=\"type\" value=\"freetext\" {$selRadio['6']}>" . _("Free text") . "\n<input type=\"radio\" name=\"type\" value=\"hn\" {$selRadio['4']}>" . _("Host/Net") . "\n";
echo "<input type=\"submit\" name=\"submit\" value=\"" . _("Find") . "\" id=\"current_vulns_find_button\" class=\"av_b_secondary small\" style=\"margin-left:15px;\">";
echo <<<EOT
</form>
</p>
EOT;
} else {
// get the search result count
$queryc = "SELECT count( report_id ) FROM vuln_nessus_latest_reports WHERE t1.deleted = '0' ";
$scount = $dbconn->GetOne($queryc . $queryw);
echo "<p>{$scount} report";
if ($scount != 1) {
echo "s";
} else {
}
echo " " . _("found matching search criteria") . " | ";
echo " <a href='index.php' alt='" . _("View All Reports") . "'>" . _("View All Reports") . "</a></p>";
}
echo "<p>";
echo $stext;
echo "</p>";
echo "</div></td></tr></table>";
$result = array();
// get the hosts to display
$result = $dbconn->GetArray($querys . $queryw . $queryl);
// main query
//echo $querys.$queryw.$queryl;
$delete_ids = array();
if (count($result) > 0) {
foreach ($result as $rpt) {
$delete_ids[] = $dreport_id = $rpt["report_id"];
}
}
$_SESSION["_dreport_ids"] = implode(",", $delete_ids);
//echo "$querys$queryw$queryl";
if ($result === false) {
$errMsg[] = _("Error getting results") . ": " . $dbconn->ErrorMsg();
$error++;
dispSQLError($errMsg, $error);
} else {
$data['vInfo'] = 0;
$data['vLow'] = 0;
$data['vMed'] = 0;
$data['vHigh'] = 0;
$data['vSerious'] = 0;
$perms_where = Asset_host::get_perms_where('host.', TRUE);
if (!empty($perms_where)) {
$queryt = "SELECT count(lr.result_id) AS total, lr.risk, lr.hostIP, HEX(lr.ctx) AS ctx\n FROM vuln_nessus_latest_results lr, host, host_ip hi\n WHERE host.id=hi.host_id AND inet6_ntoa(hi.ip)=lr.hostIP {$perms_where} AND falsepositive='N'\n GROUP BY risk, hostIP, ctx";
} else {
$queryt = "SELECT count(lr.result_id) AS total, risk, lr.hostIP, HEX(lr.ctx) AS ctx\n FROM vuln_nessus_latest_results lr\n WHERE falsepositive='N'\n GROUP BY risk, hostIP, ctx";
}
//echo "$queryt<br>";
$resultt = $dbconn->Execute($queryt);
while (!$resultt->EOF) {
$riskcount = $resultt->fields['total'];
$risk = $resultt->fields['risk'];
if ($risk == 7) {
$data['vInfo'] += $riskcount;
} else {
if ($risk == 6) {
$data['vLow'] += $riskcount;
} else {
if ($risk == 3) {
$data['vMed'] += $riskcount;
} else {
if ($risk == 2) {
$data['vHigh'] += $riskcount;
} else {
if ($risk == 1) {
$data['vSerious'] += $riskcount;
}
}
}
}
}
$resultt->MoveNext();
}
if ($data['vInfo'] == 0 && $data['vLow'] == 0 && $data['vMed'] == 0 && $data['vHigh'] == 0 && $data['vSerious'] == 0) {
$tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "", "plink" => "", "xlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']);
} else {
$tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "lr_reshtml.php?ipl=all&disp=html&output=full&scantype=M", "plink" => "lr_respdf.php?ipl=all&scantype=M", "xlink" => "lr_rescsv.php?ipl=all&scantype=M", "dlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']);
}
foreach ($result as $data) {
if (!Session::hostAllowed_by_ip_ctx($dbconn, $data["hostIP"], $data["ctx"])) {
continue;
}
$host_id = key(Asset_host::get_id_by_ips($dbconn, $data["hostIP"], $data["ctx"]));
if (valid_hex32($host_id)) {
$data['host_name'] = Asset_host::get_name_by_id($dbconn, $host_id);
}
$data['vSerious'] = 0;
$data['vHigh'] = 0;
$data['vMed'] = 0;
$data['vLow'] = 0;
$data['vInfo'] = 0;
// query for reports for each IP
$query_risk = "SELECT distinct risk, port, protocol, app, scriptid, msg, hostIP FROM vuln_nessus_latest_results WHERE hostIP = '" . $data['hostIP'];
$query_risk .= "' AND username = '******'username'] . "' AND sid =" . $data['sid'] . " AND ctx = UNHEX('" . $data['ctx'] . "') AND falsepositive='N'";
$result_risk = $dbconn->Execute($query_risk);
while (!$result_risk->EOF) {
if ($result_risk->fields["risk"] == 7) {
$data['vInfo']++;
} else {
if ($result_risk->fields["risk"] == 6) {
$data['vLow']++;
} else {
if ($result_risk->fields["risk"] == 3) {
$data['vMed']++;
} else {
if ($result_risk->fields["risk"] == 2) {
$data['vHigh']++;
} else {
if ($result_risk->fields["risk"] == 1) {
$data['vSerious']++;
}
}
}
}
}
$result_risk->MoveNext();
}
$data['plink'] = "lr_respdf.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype'];
$data['hlink'] = "lr_reshtml.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype'];
$data['xlink'] = "lr_rescsv.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype'];
if (Session::am_i_admin()) {
$data['dlink'] = "index.php?delete=" . $data['report_key'] . "&scantime=" . $data['scantime'];
}
$list = explode("\n", trim($data['meth_target']));
if (count($list) == 1) {
$list[0] = trim($list[0]);
$data['target'] = resolve_asset($dbconn, $list[0]);
} elseif (count($list) == 2) {
$list[0] = trim($list[0]);
$list[0] = resolve_asset($dbconn, $list[0]);
$list[1] = trim($list[1]);
$list[1] = resolve_asset($dbconn, $list[1]);
$data['target'] = $list[0] . ' ' . $list[1];
} else {
$list[0] = trim($list[0]);
$list[0] = resolve_asset($dbconn, $list[0]);
$list[count($list) - 1] = trim($list[count($list) - 1]);
$list[count($list) - 1] = resolve_asset($dbconn, $list[count($list) - 1]);
$data['target'] = $list[0] . " ... " . $list[count($list) - 1];
}
$tdata[] = $data;
}
if ($sortdir == "ASC") {
$sortdir = "DESC";
} else {
$sortdir = "ASC";
}
$url = $_SERVER['SCRIPT_NAME'] . "?offset={$offset}&sortby=%var%&sortdir={$sortdir}" . $url_filter;
$fieldMapLinks = array();
$fieldMapLinks = array(gettext("HTML Results") => array('url' => '%param%', 'param' => 'hlink', 'target' => 'main', 'icon' => 'images/html.png'), gettext("PDF Results") => array('url' => '%param%', 'param' => 'plink', 'target' => '_blank', 'icon' => 'images/pdf.png'), gettext("EXCEL Results") => array('url' => '%param%', 'param' => 'xlink', 'target' => '_blank', 'icon' => 'images/page_white_excel.png'));
if (Session::am_i_admin()) {
$fieldMapLinks["DELETE Results"] = array('url' => '%param%', 'param' => 'dlink', 'target' => 'main', 'icon' => 'images/delete.gif');
}
$fieldMap = array("Host - IP" => array('var' => 'hostip'), "Date/Time" => array('var' => 'scantime'), "Profile" => array('var' => 'profile'), "Serious" => array('var' => 'vSerious'), "High" => array('var' => 'vHigh'), "Medium" => array('var' => 'vMed'), "Low" => array('var' => 'vLow'), "Info" => array('var' => 'vInfo'), "Links" => $fieldMapLinks);
// echo "<pre>";
// var_dump($tdata);
// echo "</pre>";
if (count($tdata) > 1) {
drawTableLatest($fieldMap, $tdata, "Hosts");
} elseif (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
echo "<br><span class='gray'>" . _("No results found: ") . "</span><a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs') . "'>" . _("Click here to run a Vulnerability Scan now") . "</a><br><br>";
}
}
// draw the pager again, if viewing all hosts
if (!$filteredView && $reportCount > 10) {
?>
<div class="fright tmargin">
<?php
if ($next > $pageSize) {
?>
<a href="index.php?<?php
echo "offset={$previous}{$url_filter}";
?>
" class="pager">< <?php
echo _("PREVIOUS");
?>
</a>
<?php
} else {
?>
<a class='link_paginate_disabled' href="" onclick='return false'>< <?php
echo _("PREVIOUS");
?>
</a>
<?php
}
if ($next <= $last) {
?>
<a class='lmargin' href="index.php?<?php
echo "offset={$next}{$url_filter}";
?>
"> <?php
echo _("NEXT");
?>
></a>
<?php
} else {
?>
<a class='link_paginate_disabled lmargin' href="" onclick='return false'><?php
echo _("NEXT");
?>
></a>
<?php
}
?>
</div>
<?php
} else {
echo "<p> </p>";
}
}
function list_results($type, $value, $sortby, $sortdir)
{
global $scanstate, $isReportAdmin, $allres, $offset, $pageSize, $username, $uroles, $dbconn, $hosts;
global $user, $arruser;
$filteredView = FALSE;
$selRadio = array("", "", "", "");
$query_onlyuser = "";
$url_filter = "";
//if (!$isReportAdmin || (!$allres)) { $query_onlyuser="******"; }
if (!in_array("admin", $arruser)) {
$query_onlyuser = "******";
}
if ($sortby == "") {
$sortby = "scantime";
}
if ($sortdir == "") {
$sortdir = "DESC";
}
$queryw = "";
$queryl = "";
//$querys="SELECT distinct t1.report_id, t1.name as jobname, t4.meth_target, t1.scantime,
// t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t3.name as profile, t4.id as jobid, t4.meth_SCHED,
// t5.vSerious, t5.vHigh, t5.vMed, t5.vLow, t5.vInfo
// FROM vuln_nessus_reports t1
// LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id
// LEFT JOIN vuln_jobs t4 on t1.report_id = t4.report_id
// LEFT JOIN vuln_nessus_report_stats t5 on t1.report_id = t5.report_id
// WHERE t1.deleted = '0' ";
/* $querys="SELECT distinct t1.report_id, t4.name as jobname, t4.scan_submit, t4.meth_target, t1.scantime,
t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t3.name as profile, t4.id as jobid, t4.meth_SCHED,
t5.vSerious, t5.vHigh, t5.vMed, t5.vLow, t5.vInfo
FROM vuln_nessus_reports t1
LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id
LEFT JOIN vuln_jobs t4 on t1.report_id = t4.report_id
LEFT JOIN vuln_nessus_report_stats t5 on t1.report_id = t5.report_id
WHERE t1.deleted = '0' ";*/
$leftjoin = "";
if ($type == "net" && trim($value) != "") {
$leftjoin = "LEFT JOIN vuln_nessus_results t5 ON t5.report_id=t1.report_id";
}
$querys = "SELECT distinct t1.sid as sid, t1.report_id, t4.name as jobname, t4.scan_submit, t4.meth_target, t1.scantime,\n t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t3.name as profile, t4.id as jobid, t4.meth_SCHED, t1.name as report_name\n FROM vuln_nessus_reports t1\n LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id\n LEFT JOIN vuln_jobs t4 on t1.report_id = t4.report_id {$leftjoin}\n WHERE t1.deleted = '0' AND t1.scantime IS NOT NULL ";
// set up the SQL query based on the search form input (if any)
switch ($type) {
case "scantime":
$selRadio[0] = "CHECKED";
$q = $value;
$queryw = " AND t1.scantime LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for Date/Time") . "</b> = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
break;
case "jobname":
$selRadio[1] = "CHECKED";
$q = strtolower($value);
$queryw = " AND t1.name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for Job Name") . "</b> = '*" . html_entity_decode($q) . "*'";
$url_filter = "&type={$type}&value={$value}";
break;
case "fk_name":
$selRadio[2] = "CHECKED";
$q = strtolower($value);
$queryw = " AND t1.fk_name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = _("Search for Subnet/CIDR") . " = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
break;
case "username":
$selRadio[3] = "CHECKED";
$q = strtolower($value);
$queryw = " AND t1.username LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for user") . "</b> = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
break;
case "net":
$selRadio[4] = "CHECKED";
if (!preg_match("/\\//", $value)) {
$q = $value;
} else {
$tokens = explode("/", $value);
$bytes = explode(".", $tokens[0]);
if ($tokens[1] == "24") {
$q = $bytes[0] . "." . $bytes[1] . "." . $bytes[2] . ".";
} else {
if ($tokens[1] == "16") {
$q = $bytes[0] . "." . $bytes[1] . ".";
} else {
if ($tokens[1] == "8") {
$q = $bytes[0] . ".";
} else {
if ((int) $tokens[1] > 24) {
$q = $bytes[0] . "." . $bytes[1] . "." . $bytes[2] . "." . $bytes[3];
}
}
}
}
}
$queryw = " AND (t4.meth_TARGET LIKE '%{$q}%' OR t5.hostIP LIKE '%{$q}%') {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
if (!preg_match("/\\//", $value)) {
$stext = "<b>" . _("Search for Host") . "</b> = '*" . html_entity_decode($q) . "*'";
} else {
$stext = "<b>" . _("Search for Subnet/CIDR") . "</b> = '*{$q}*'";
}
$url_filter = "&type={$type}&value={$value}";
break;
default:
$selRadio[1] = "CHECKED";
$viewAll = FALSE;
$queryw = "{$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "";
break;
}
// put link to add new host
// if ($isReportAdmin) {
// $url_allres="&allres=";
// if ($allres=="" || !is_numeric($allres) || (!$allres)) {
// $allres=0;
// echo "<a href='results.php?offset=0".$url_allres."1'>Show all results</a><br>";
// } else {
// $allres=1;
// echo "<a href='results.php?offset=0".$url_allres."0'>Display only my Results</a><br>";
// }
// $url_allres .="$allres";
// }
// echo the search criteria used
// set up the pager and search fields if viewing all hosts
$reportCount = 0;
if (!$filteredView) {
$queryc = "SELECT count(t1.report_id) FROM vuln_nessus_reports t1 LEFT JOIN vuln_jobs t2 on t1.report_id = t2.report_id WHERE t1.deleted = '0' AND t2.scan_submit IS NOT NULL ";
$reportCount = $dbconn->GetOne($queryc . $queryw);
$previous = $offset - $pageSize;
if ($previous < 0) {
$previous = 0;
}
$last = $reportCount - $pageSize;
if ($last < 0) {
$last = 0;
}
$next = $offset + $pageSize;
if ($next > $last) {
$next = $last;
}
$pageEnd = $offset + $pageSize;
$value = html_entity_decode($value);
echo "<center><table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"100%\"><tr><td class=\"headerpr\" style=\"border:0;\">" . _("Reports") . "</td></tr></table></center>";
//echo "<p>There are $reportCount scans defined in the system.";
// output the search form
echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"100%\">";
echo "<tr><td style=\"padding-top:5px;\" class=\"nobborder\">";
echo <<<EOT
<!--<form name="hostSearch" onSubmit="return OnSubmitForm();">-->
<center>
<form name="hostSearch" action="reports.php" method="GET">
<input type="text" length="25" name="value" value="{$value}">
EOT;
echo "\n<input type=\"radio\" name=\"type\" value=\"scantime\" {$selRadio['0']}>" . _("Date") . "/" . _("Time") . "\n<input type=\"radio\" name=\"type\" value=\"jobname\" {$selRadio['1']}>" . _("Job Name") . "\n<!--<input type=\"radio\" name=\"type\" value=\"fk_name\" {$selRadio['2']}>Subnet Name-->\n<input type=\"radio\" name=\"type\" value=\"net\" {$selRadio['4']}>" . _("Host") . "/" . _("Net") . "\n<!--<input type=\"radio\" name=\"type\" value=\"username\" {$selRadio['3']}>Username-->\n";
echo <<<EOT
<input type="hidden" name="sortby" value="{$sortby}">
<input type="hidden" name="allres" value="{$allres}">
<input type="hidden" name="op" value="search">
EOT;
echo '<input type="hidden" name="withoutmenu" value="' . GET('withoutmenu') . '">';
echo "<input type=\"submit\" name=\"submit\" value=\"" . _("Find") . "\" class=\"button\">";
echo <<<EOT
</form>
</center>
</p>
EOT;
// output the pager
//echo "<p align=center><a href='reports.php?offset=0".$url_allres.$url_filter."' class='pager'><< "._("First")."</a> | ";
//if($offset != 0) {
// echo "<a href='reports.php?offset=$previous".$url_allres.$url_filter."' class='pager'>< "._("Previous")." </a> | ";
//}
//if($pageEnd >= $reportCount) { $pageEnd = $reportCount; }
//echo "[ ".($offset+1)." - $pageEnd of $reportCount ] | ";
//if($next < $last) {
// echo "<a href='reports.php?offset=$next".$url_allres.$url_filter."' class='pager'>| "._("Next")." ></a> | ";
//}
//echo "<a href='reports.php?offset=$last".$url_allres.$url_filter."' class='pager'> "._("Last")." >></a></p>";
} else {
// get the search result count
$queryc = "SELECT count( report_id ) FROM vuln_nessus_reports WHERE t1.deleted = '0' ";
$scount = $dbconn->GetOne($queryc . $queryw);
echo "<p>{$scount} report";
if ($scount != 1) {
echo "s";
} else {
}
echo " " . _("found matching search criteria") . " | ";
echo " <a href='reports.php' alt='" . _("View All Reports") . "'>" . _("View All Reports") . "</a></p>";
}
echo "<p>";
echo $stext;
echo "</p>";
echo "</td></tr></table>";
// get the hosts to display
//print_r($querys.$queryw.$queryl);
$result = $dbconn->GetArray($querys . $queryw . $queryl);
//echo "[$querys$queryw$queryl]";
if ($result === false) {
$errMsg[] = _("Error getting results") . ": " . $dbconn->ErrorMsg();
$error++;
dispSQLError($errMsg, $error);
} else {
$tdata = array();
foreach ($result as $data) {
$data['vSerious'] = 0;
$data['vHigh'] = 0;
$data['vMed'] = 0;
$data['vLow'] = 0;
$data['vInfo'] = 0;
// query for reports for each IP
$query_risk = "SELECT distinct risk, port, protocol, app, scriptid, msg, hostIP FROM vuln_nessus_results WHERE report_id = " . $data['report_id'];
$query_risk .= " AND falsepositive='N'";
$result_risk = $dbconn->Execute($query_risk);
while (!$result_risk->EOF) {
if ($result_risk->fields["risk"] == 7) {
$data['vInfo']++;
} else {
if ($result_risk->fields["risk"] == 6) {
$data['vLow']++;
} else {
if ($result_risk->fields["risk"] == 3) {
$data['vMed']++;
} else {
if ($result_risk->fields["risk"] == 2) {
$data['vHigh']++;
} else {
if ($result_risk->fields["risk"] == 1) {
$data['vSerious']++;
}
}
}
}
}
$result_risk->MoveNext();
}
$more = "&hmenu=Vulnerabilities&smenu=Vulnerabilities";
$data['clink'] = "respdfc.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more;
$data['plink'] = "respdf.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more;
$data['hlink'] = "reshtml.php?hmenu=Vulnerabilities&smenu=Reports&disp=html&output=full&scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'];
$data['rerun'] = "sched.php?disp=rerun&job_id=" . $data['jobid'] . $more;
$data['xlink'] = "rescsv.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more;
$data['xbase'] = "restextsummary.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . $more . "&key=" . $data['report_key'];
/*
$data['vSerious'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
."&key=".$data['report_key']."&critical=1\">".$data['vSerious']."</a>";
$data['vHigh'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
."&key=".$data['report_key']."&critical=2\">".$data['vHigh']."</a>";
$data['vMed'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
."&key=".$data['report_key']."&critical=3\">".$data['vMed']."</a>";
$data['vLow'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
."&key=".$data['report_key']."&critical=6\">".$data['vLow']."</a>";
$data['vInfo'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
."&key=".$data['report_key']."&critical=7\">".$data['vInfo']."</a>";*/
//$data['vSerious'] = $data['vSerious'];
//$data['vHigh'] = $data['vHigh'];
//$data['vMed'] = $data['vMed'];
//$data['vLow'] = $data['vLow'];
//$data['vInfo'] = $data['vInfo'];
//$data['scan_submit'] = $data['scan_submit'];
$list = array();
if ($data["report_type"] == "I") {
$result = $dbconn->execute("SELECT DISTINCT hostIP FROM vuln_nessus_results WHERE report_id =" . $data['report_id']);
while (!$result->EOF) {
$list[] = $result->fields["hostIP"];
$result->MoveNext();
}
} else {
$list = explode("\n", trim($data['meth_target']));
}
//var_dump($list);
if (count($list) == 1) {
$list[0] = trim($list[0]);
if ($list[0] != "") {
if ($hosts[$list[0]] != "" && $hosts[$list[0]] != $list[0]) {
$data['target'] = $hosts[$list[0]] . " (" . $list[0] . ")";
} else {
$data['target'] = $list[0];
}
} else {
$data['target'] = "-";
}
} elseif (count($list) == 2) {
$list[0] = trim($list[0]);
if ($hosts[$list[0]] != "" && $hosts[$list[0]] != $list[0]) {
$list[0] = $hosts[$list[0]] . " (" . $list[0] . ")";
}
$list[1] = trim($list[1]);
if ($hosts[$list[1]] != "" && $hosts[$list[1]] != $list[1]) {
$list[1] = $hosts[$list[1]] . " (" . $list[1] . ")";
}
$data['target'] = $list[0] . ' ' . $list[1];
} else {
$list[0] = trim($list[0]);
if ($hosts[$list[0]] != "" && $hosts[$list[0]] != $list[0]) {
$list[0] = $hosts[$list[0]] . " (" . $list[0] . ")";
}
$list[count($list) - 1] = trim($list[count($list) - 1]);
if ($hosts[$list[count($list) - 1]] != "" && $hosts[$list[count($list) - 1]] != $list[count($list) - 1]) {
$list[count($list) - 1] = $hosts[$list[count($list) - 1]] . " (" . $list[count($list) - 1] . ")";
}
$data['target'] = $list[0] . " ... " . $list[count($list) - 1];
}
if ($data["report_type"] == "I") {
$data["jobname"] = $data["report_name"];
}
$tdata[] = $data;
}
if ($sortdir == "ASC") {
$sortdir = "DESC";
} else {
$sortdir = "ASC";
}
$url = $_SERVER['SCRIPT_NAME'] . "?offset={$offset}&sortby=%var%&sortdir={$sortdir}" . $url_allres . $url_filter;
$fieldMapLinks = array();
$fieldMapLinks = array(gettext("HTML Results") => array('url' => '%param%', 'param' => 'hlink', 'target' => 'main', 'icon' => 'images/html.png'), gettext("PDF Results") => array('url' => '%param%', 'param' => 'plink', 'target' => '_blank', 'icon' => 'images/pdf.png'), gettext("EXCEL Results") => array('url' => '%param%', 'param' => 'xlink', 'target' => '_blank', 'icon' => 'images/page_white_excel.png'));
$fieldMap = array("Date/Time" => array('var' => 'scantime', 'link' => $url), "Job Name" => array('var' => 'jobname', 'link' => $url), "Targets" => array('var' => 'target', 'link' => $url), "Profile" => array('var' => 'profile', 'link' => $url), "Serious" => array('var' => 'vSerious', 'link' => $url), "High" => array('var' => 'vHigh', 'link' => $url), "Medium" => array('var' => 'vMed', 'link' => $url), "Low" => array('var' => 'vLow', 'link' => $url), "Info" => array('var' => 'vInfo', 'link' => $url), "Links" => $fieldMapLinks);
drawTable($fieldMap, $tdata, "Hosts");
}
// draw the pager again, if viewing all hosts
if (!$filteredView && $last != 0) {
echo "<p align=center>\n<a href=\"reports.php?offset=0" . $url_allres . $url_filter . "\" class=\"pager\"><< " . _("First") . "</a>\n<a href=\"reports.php?offset={$previous}" . $url_allres . $url_filter . "\" class=\"pager\">< " . _("Previous") . " </a>";
echo " [ " . ($offset + 1) . " - {$pageEnd} " . _("of") . " {$reportCount} ] ";
echo "<a href=\"reports.php?offset={$next}" . $url_allres . $url_filter . "\" class=\"pager\"> " . _("Next") . " ></a>\n<a href=\"reports.php?offset={$last}" . $url_allres . $url_filter . "\" class=\"pager\"> " . _("Last") . " >></a>\n</p>";
} else {
echo "<br>";
}
}
function list_results($type, $value, $sortby, $sortdir)
{
global $scanstate, $isReportAdmin, $allres, $offset, $pageSize, $username, $uroles, $dbconn, $hosts;
global $user, $arruser, $delete_selected;
$filteredView = FALSE;
$selRadio = array("", "", "", "");
$query_onlyuser = "";
$url_filter = "";
//if (!$isReportAdmin || (!$allres)) { $query_onlyuser="******"; }
if (!in_array("admin", $arruser)) {
$query_onlyuser = "******";
}
//echo $query_onlyuser;
//if ($sortby == "" ) { $sortby = "scantime"; }
//if ($sortdir == "" ) { $sortdir = "DESC"; }
$sortby = "t1.results_sent DESC, t1.name DESC";
//$sortdir = "DESC";
$sortdir = "";
$queryw = "";
$queryl = "";
//$querys="SELECT distinct t1.report_id, t1.name as jobname, t4.meth_target, t1.scantime,
// t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t3.name as profile, t4.id as jobid, t4.meth_SCHED,
// t5.vSerious, t5.vHigh, t5.vMed, t5.vLow, t5.vInfo
// FROM vuln_nessus_latest_reports t1
// LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id
// LEFT JOIN vuln_jobs t4 on t1.report_id = t4.report_id
// LEFT JOIN vuln_nessus_report_stats t5 on t1.report_id = t5.report_id
// WHERE t1.deleted = '0' ";
// $querys="SELECT distinct t1.report_id, t4.name as jobname, t4.scan_submit, t4.meth_target, t1.scantime,
// t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t3.name as profile, t4.id as jobid, t4.meth_SCHED,
// t5.vSerious, t5.vHigh, t5.vMed, t5.vLow, t5.vInfo
// FROM vuln_nessus_latest_reports t1
// LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id
// LEFT JOIN vuln_jobs t4 on t1.report_id = t4.report_id
// LEFT JOIN vuln_nessus_report_stats t5 on t1.report_id = t5.report_id
// WHERE t1.deleted = '0' ";
/*$querys="SELECT distinct t1.report_id, t1.scantime,
t1.username, t1.scantype, t1.report_key, t1.report_type as report_type,
t3.name as profile, '0' as vSerious, '0' as High, '0' as vMed, '0' as vLow, '0' as vInfo
FROM vuln_nessus_latest_reports t1
LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id
WHERE t1.deleted = '0' ";*/
$querys = "SELECT distinct t1.report_id, t4.hostname as host_name, t1.scantime,\n t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t1.sid,\n t3.name as profile\n FROM vuln_nessus_latest_reports t1\n LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id\n LEFT JOIN host t4 ON t4.ip=inet_ntoa(t1.report_id)\n LEFT JOIN vuln_nessus_latest_results t5 ON t1.report_id=t5.report_id \n WHERE t1.deleted = '0' ";
// set up the SQL query based on the search form input (if any)
if ($type == "scantime" && $value != "") {
$selRadio[0] = "CHECKED";
$q = $value;
$queryw = " AND t1.scantime LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for Date/Time") . "</b> = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "service" && $value != "") {
$selRadio[5] = "CHECKED";
$q = $value;
$queryw = " AND t5.service LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for Service") . "</b> = '*" . html_entity_decode($q) . "*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "freetext" && $value != "") {
$selRadio[6] = "CHECKED";
$q = $value;
$queryw = " AND t5.msg LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for Free Text") . "</b> = '*" . html_entity_decode($q) . "*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "hostip" && $value != "") {
$selRadio[1] = "CHECKED";
$q = strtolower($value);
$queryw = " AND (t4.hostname LIKE '%{$q}%' OR inet_ntoa(t1.report_id) LIKE '%{$q}%') {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for Host-IP") . "</b> = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "fk_name" && $value != "") {
$selRadio[2] = "CHECKED";
$q = strtolower($value);
$queryw = " AND t1.fk_name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = _("Search for Subnet/CIDR") . " = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "username" && $value != "") {
$selRadio[3] = "CHECKED";
$q = strtolower($value);
$queryw = " AND t1.username LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for user") . "</b> = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "hn" && $value != "") {
$selRadio[4] = "CHECKED";
if (preg_match("/\\//", $value)) {
/*$tokens = explode("/", $value);
$bytes = explode(".",$tokens[0]);
if($tokens[1]=="24")
$q = $bytes[0].".".$bytes[1].".".$bytes[2].".";
else if ($tokens[1]=="16")
$q = $bytes[0].".".$bytes[1].".";
else if ($tokens[1]=="8")
$q = $bytes[0].".";
else if ((int)$tokens[1]>24)
$q = $bytes[0].".".$bytes[1].".".$bytes[2].".".$bytes[3];
//
*/
$ip_range = array();
$ip_range = CIDR::expand_CIDR($value, "SHORT");
$queryw = " AND (inet_aton(t1.name) >= '" . $ip_range[0] . "' AND inet_aton(t1.name) <='" . $ip_range[1] . "') {$query_onlyuser} order by {$sortby} {$sortdir}";
} elseif (preg_match("/\\,/", $value)) {
$q = implode("','", explode(",", $value));
$queryw = " AND t1.name in ('{$q}') {$query_onlyuser} order by {$sortby} {$sortdir}";
$q = "Others";
} else {
$q = $value;
$queryw = " AND t1.name LIKE '{$q}' {$query_onlyuser} order by {$sortby} {$sortdir}";
}
$queryl = " limit {$offset},{$pageSize}";
if (!preg_match("/\\//", $value)) {
$stext = "<b>" . _("Search for Host") . "</b> = '" . html_entity_decode($q) . "'";
} else {
$stext = "<b>" . _("Search for Subnet/CIDR") . "</b> = '{$value}'";
}
$url_filter = "&type={$type}&value={$value}";
} else {
$selRadio[4] = "CHECKED";
$viewAll = FALSE;
$queryw = "{$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "";
}
}
}
}
}
}
}
// put link to add new host
// if ($isReportAdmin) {
// $url_allres="&allres=";
// if ($allres=="" || !is_numeric($allres) || (!$allres)) {
// $allres=0;
// echo "<a href='results.php?offset=0".$url_allres."1'>Show all results</a><br>";
// } else {
// $allres=1;
// echo "<a href='results.php?offset=0".$url_allres."0'>Display only my Results</a><br>";
// }
// $url_allres .="$allres";
// }
// echo the search criteria used
// set up the pager and search fields if viewing all hosts
$reportCount = 0;
if (!$filteredView) {
//$queryc = "SELECT count(report_id) FROM vuln_nessus_latest_reports t1 WHERE 1=1 ";
$queryc = "SELECT SQL_CALC_FOUND_ROWS distinct t1.report_id, t4.hostname as host_name, t1.scantime,\n t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t1.sid,\n t3.name as profile\n FROM vuln_nessus_latest_reports t1\n LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id\n LEFT JOIN host t4 ON t4.ip=inet_ntoa(t1.report_id)" . ($type == "service" || $type == "freetext" ? " LEFT JOIN vuln_nessus_latest_results t5 ON t1.report_id=t5.report_id " : " ") . "WHERE t1.deleted = '0' ";
$dbconn->Execute($queryc . $queryw);
$reportCount = $dbconn->GetOne("SELECT FOUND_ROWS() as total");
$previous = $offset - $pageSize;
if ($previous < 0) {
$previous = 0;
}
$last = intval($reportCount / $pageSize) * $pageSize;
if ($last < 0) {
$last = 0;
}
$next = $offset + $pageSize;
/*if ($next < $last) {
$last = $next;
}*/
$pageEnd = $offset + $pageSize;
$value = html_entity_decode($value);
echo "<center><table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"900\"><tr><td class=\"headerpr\" style=\"border:0;\">" . _("Current Vulnerablities") . "</td></tr></table>";
//echo "<p>There are $reportCount scans defined in the system.";
// output the search form
echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"900\">";
echo "<tr><td style=\"padding-top:5px;\" class=\"nobborder\">";
echo <<<EOT
<center>
<form name="hostSearch" id="hostSearch" action="index.php" method="GET">
<input type="text" length="25" name="value" class="assets" id="assets" value="{$value}">
EOT;
echo "\n<!--<input type=\"radio\" name=\"type\" value=\"scantime\" {$selRadio['0']}>" . _("Date") . "/" . _("Time") . "-->\n<!--<input type=\"radio\" name=\"type\" value=\"hostip\" {$selRadio['1']}>" . _("Host - IP") . "-->\n<!--<input type=\"radio\" name=\"type\" value=\"fk_name\" {$selRadio['2']}>Subnet Name-->\n<input type=\"radio\" name=\"type\" value=\"service\" {$selRadio['5']}>" . _("Service") . "\n<input type=\"radio\" name=\"type\" value=\"freetext\" {$selRadio['6']}>" . _("Free text") . "\n<input type=\"radio\" name=\"type\" value=\"hn\" {$selRadio['4']}>" . _("Host/Net") . "\n<!--<input type=\"radio\" name=\"type\" value=\"username\" {$selRadio['3']}>Username-->\n";
/* echo <<<EOT
<input type="hidden" name="sortby" value="$sortby">
<input type="hidden" name="allres" value="$allres">
<input type="hidden" name="op" value="search">
EOT;*/
echo '<input type="hidden" name="withoutmenu" value="' . GET('withoutmenu') . '">';
echo "<input type=\"submit\" name=\"submit\" value=\"" . _("Find") . "\" class=\"button\" style=\"margin-left:15px;\">";
if (Session::am_i_admin() && (GET("submit") != "" || GET("type") != "") && GET("value") != "") {
echo "<input style=\"margin-left:5px;\" type=\"button\" value=\"" . _("Delete selection") . "\" onclick=\"deleteSelected(this.form)\" class=\"button\">";
}
echo <<<EOT
</form>
</center>
</p>
EOT;
// output the pager
//echo "<p align=center><a href='index.php?offset=0".$url_allres.$url_filter."' class='pager'><< "._("First")."</a> | ";
//if($offset != 0) {
// echo "<a href='index.php?offset=$previous".$url_allres.$url_filter."' class='pager'>< "._("Previous")." </a> | ";
//}
//if($pageEnd >= $reportCount) { $pageEnd = $reportCount; }
//echo "[ ".($offset+1)." - $pageEnd of $reportCount ] | ";
//if($next < $last) {
// echo "<a href='index.php?offset=$next".$url_allres.$url_filter."' class='pager'>| "._("Next")." ></a> | ";
//}
//echo "<a href='index.php?offset=$last".$url_allres.$url_filter."' class='pager'> "._("Last")." >></a></p>";
} else {
// get the search result count
$queryc = "SELECT count( report_id ) FROM vuln_nessus_latest_reports WHERE t1.deleted = '0' ";
$scount = $dbconn->GetOne($queryc . $queryw);
echo "<p>{$scount} report";
if ($scount != 1) {
echo "s";
} else {
}
echo " " . _("found matching search criteria") . " | ";
echo " <a href='index.php' alt='" . _("View All Reports") . "'>" . _("View All Reports") . "</a></p>";
}
echo "<p>";
echo $stext;
echo "</p>";
echo "</td></tr></table>";
// get the hosts to display
$result = $dbconn->GetArray($querys . $queryw . $queryl);
$delete_ids = array();
foreach ($result as $rpt) {
$delete_ids[] = $dreport_id = $rpt["report_id"];
}
$_SESSION["_dreport_ids"] = implode(",", $delete_ids);
/* if ($delete_selected!="") { // delete selected current vulns from latest tables defore display
foreach ($result as $rpt) {
$dreport_id = $rpt["report_id"];
$query = "DELETE FROM vuln_nessus_latest_reports WHERE report_id=$dreport_id";
$result=$dbconn->execute($query);
$query = "DELETE FROM vuln_nessus_latest_results WHERE report_id=$dreport_id";
$result=$dbconn->execute($query);
}
?>
<script type="text/javascript">
// document.location.href='index.php';
</script>
<?php
}
*/
//echo "[$querys$queryw$queryl]";
if ($result === false) {
$errMsg[] = _("Error getting results") . ": " . $dbconn->ErrorMsg();
$error++;
dispSQLError($errMsg, $error);
} else {
$data['vInfo'] = 0;
$data['vLow'] = 0;
$data['vMed'] = 0;
$data['vHigh'] = 0;
$data['vSerious'] = 0;
$queryt = "SELECT count(*) AS total, risk, hostIP FROM (\n SELECT DISTINCT port, protocol, app, scriptid, msg, risk, hostIP\n FROM vuln_nessus_latest_results where falsepositive='N'" . (in_array("admin", $arruser) ? "" : " and username in ('" . $user . "')") . ") AS t GROUP BY risk, hostIP";
//echo "$queryt<br>";
$resultt = $dbconn->Execute($queryt);
while (list($riskcount, $risk, $hostIP) = $resultt->fields) {
if ($risk == 7) {
$data['vInfo'] += $riskcount;
} else {
if ($risk == 6) {
$data['vLow'] += $riskcount;
} else {
if ($risk == 3) {
$data['vMed'] += $riskcount;
} else {
if ($risk == 2) {
$data['vHigh'] += $riskcount;
} else {
if ($risk == 1) {
$data['vSerious'] += $riskcount;
}
}
}
}
}
$resultt->MoveNext();
}
if ($data['vInfo'] == 0 && $data['vLow'] == 0 && $data['vMed'] == 0 && $data['vHigh'] == 0 && $data['vSerious'] == 0) {
$tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "", "plink" => "", "xlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']);
} else {
$tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "reshtml.php?ipl=all&disp=html&output=full&scantype=M", "plink" => "respdf.php?ipl=all&scantype=M", "xlink" => "rescsv.php?ipl=all&scantype=M", "dlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']);
}
foreach ($result as $data) {
$data['vSerious'] = 0;
$data['vHigh'] = 0;
$data['vMed'] = 0;
$data['vLow'] = 0;
$data['vInfo'] = 0;
// query for reports for each IP
$query_risk = "SELECT distinct risk, port, protocol, app, scriptid, msg, hostIP FROM vuln_nessus_latest_results WHERE report_id = " . $data['report_id'];
$query_risk .= " AND username = '******'username'] . "' AND sid =" . $data['sid'] . " AND falsepositive='N'";
//echo "[$query_risk]<br>";
$result_risk = $dbconn->Execute($query_risk);
while (!$result_risk->EOF) {
if ($result_risk->fields["risk"] == 7) {
$data['vInfo']++;
} else {
if ($result_risk->fields["risk"] == 6) {
$data['vLow']++;
} else {
if ($result_risk->fields["risk"] == 3) {
$data['vMed']++;
} else {
if ($result_risk->fields["risk"] == 2) {
$data['vHigh']++;
} else {
if ($result_risk->fields["risk"] == 1) {
$data['vSerious']++;
}
}
}
}
}
$result_risk->MoveNext();
}
$more = "&hmenu=Vulnerabilities&smenu=Vulnerabilities";
$data['clink'] = "respdfc.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more;
$data['plink'] = "respdf.php?treport=latest&scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more;
$data['hlink'] = "reshtml.php?treport=latest&key=" . $data['report_key'] . "&disp=html&output=full&scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . $more;
$data['rerun'] = "sched.php?disp=rerun&job_id=" . $data['jobid'] . $more;
$data['xlink'] = "rescsv.php?treport=latest&scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more;
$data['xbase'] = "restextsummary.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . $more . "&key=" . $data['report_key'];
if (Session::am_i_admin()) {
$data['dlink'] = "index.php?delete=" . $data['report_key'] . "&scantime=" . $data['scantime'];
}
/*
$data['vSerious'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
."&key=".$data['report_key']."&critical=1\">".$data['vSerious']."</a>";
$data['vHigh'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
."&key=".$data['report_key']."&critical=2\">".$data['vHigh']."</a>";
$data['vMed'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
."&key=".$data['report_key']."&critical=3\">".$data['vMed']."</a>";
$data['vLow'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
."&key=".$data['report_key']."&critical=6\">".$data['vLow']."</a>";
$data['vInfo'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
."&key=".$data['report_key']."&critical=7\">".$data['vInfo']."</a>";*/
//$data['vSerious'] = $data['vSerious'];
//$data['vHigh'] = $data['vHigh'];
//$data['vMed'] = $data['vMed'];
//$data['vLow'] = $data['vLow'];
//$data['vInfo'] = $data['vInfo'];
//$data['scan_submit'] = $data['scan_submit'];
$list = explode("\n", trim($data['meth_target']));
if (count($list) == 1) {
$list[0] = trim($list[0]);
if ($list[0] != "") {
if ($hosts[$list[0]] != "" && $hosts[$list[0]] != $list[0]) {
$data['target'] = $hosts[$list[0]] . " (" . $list[0] . ")";
} else {
$data['target'] = $list[0];
}
} else {
$data['target'] = "-";
}
} elseif (count($list) == 2) {
$list[0] = trim($list[0]);
if ($hosts[$list[0]] != "" && $hosts[$list[0]] != $list[0]) {
$list[0] = $hosts[$list[0]] . " (" . $list[0] . ")";
}
$list[1] = trim($list[1]);
if ($hosts[$list[1]] != "" && $hosts[$list[1]] != $list[1]) {
$list[1] = $hosts[$list[1]] . " (" . $list[1] . ")";
}
$data['target'] = $list[0] . ' ' . $list[1];
} else {
$list[0] = trim($list[0]);
if ($hosts[$list[0]] != "" && $hosts[$list[0]] != $list[0]) {
$list[0] = $hosts[$list[0]] . " (" . $list[0] . ")";
}
$list[count($list) - 1] = trim($list[count($list) - 1]);
if ($hosts[$list[count($list) - 1]] != "" && $hosts[$list[count($list) - 1]] != $list[count($list) - 1]) {
$list[count($list) - 1] = $hosts[$list[count($list) - 1]] . " (" . $list[count($list) - 1] . ")";
}
$data['target'] = $list[0] . " ... " . $list[count($list) - 1];
}
$tdata[] = $data;
}
if ($sortdir == "ASC") {
$sortdir = "DESC";
} else {
$sortdir = "ASC";
}
$url = $_SERVER['SCRIPT_NAME'] . "?offset={$offset}&sortby=%var%&sortdir={$sortdir}" . $url_allres . $url_filter;
$fieldMapLinks = array();
$fieldMapLinks = array(gettext("HTML Results") => array('url' => '%param%', 'param' => 'hlink', 'target' => 'main', 'icon' => 'images/html.png'), gettext("PDF Results") => array('url' => '%param%', 'param' => 'plink', 'target' => '_blank', 'icon' => 'images/pdf.png'), gettext("EXCEL Results") => array('url' => '%param%', 'param' => 'xlink', 'target' => '_blank', 'icon' => 'images/page_white_excel.png'));
if (Session::am_i_admin()) {
$fieldMapLinks["DELETE Results"] = array('url' => '%param%', 'param' => 'dlink', 'target' => 'main', 'icon' => 'images/delete.gif');
}
$fieldMap = array("Host - IP" => array('var' => 'hostip'), "Date/Time" => array('var' => 'scantime'), "Profile" => array('var' => 'profile'), "Serious" => array('var' => 'vSerious'), "High" => array('var' => 'vHigh'), "Medium" => array('var' => 'vMed'), "Low" => array('var' => 'vLow'), "Info" => array('var' => 'vInfo'), "Links" => $fieldMapLinks);
if (count($tdata) > 1) {
drawTableLatest($fieldMap, $tdata, "Hosts");
} else {
echo "<br><b>" . _("No results found: ") . "<a href='sched.php?smethod=schedule&hosts_alive=1&scan_locally=1'>" . _("Click here to run a Vulnerability Scan now") . "</a><br><br></b>";
}
}
// draw the pager again, if viewing all hosts
if (!$filteredView && $reportCount > 10) {
echo "<p align=center>\n<a href=\"index.php?offset=0" . $url_allres . $url_filter . "\" class=\"pager\"><< " . _("First") . "</a>\n<a href=\"index.php?offset={$previous}" . $url_allres . $url_filter . "\" class=\"pager\">< " . _("Previous") . " </a>";
echo " [ " . ($offset + 1) . " - {$pageEnd} " . _("of") . " {$reportCount} ] ";
if ($reportCount > $pageEnd) {
echo "<a href=\"index.php?offset={$next}" . $url_allres . $url_filter . "\" class=\"pager\"> " . _("Next") . " ></a>\n <a href=\"index.php?offset={$last}" . $url_allres . $url_filter . "\" class=\"pager\"> " . _("Last") . " >></a>";
}
echo "</p>";
}
}
$sq = "SELECT distinct settingSection\n FROM vuln_settings\n ORDER BY settingSection";
$result = $dbconn->GetArray($sq);
$query = "SELECT *\n FROM vuln_settings \n WHERE settingSection = ?";
$stmt = $dbconn->Prepare($query);
if ($result === false) {
$errMsg[] = _("SQL Error getting settingSections") . ": " . $dbconn->ErrorMsg();
dispSQLError($errMsg, 1);
} else {
echo "<form>";
$i = 0;
$numSections = count($result) - 1;
foreach ($result as $section) {
$result2 = $dbconn->GetArray($stmt, array($section['settingSection']));
if ($result2 === false) {
$errMsg[] = _("SQL Error getting data") . ": " . $dbconn->ErrorMsg();
dispSQLError($errMsg, 1);
} else {
if ($settingTabs != "") {
$settingTabs .= "";
}
if ($section['settingSection'] == "Subnets" && $enableSub == "0") {
} elseif ($section['settingSection'] != "Compliance" && $section['settingSection'] != "Lists" && $section['settingSection'] != "Mail") {
$settingTabs .= "<input id=\"b{$i}\" type=\"button\" onClick=\"showDivSettings({$i}, 'section',{$numSections});return false;\" value=\"" . $section['settingSection'] . "\" class=\"" . ($section['settingSection'] == "Auth" ? "buttonon" : "button") . "\"> ";
}
$settingContent .= createHiddenDiv($section['settingSection'], $i, $result2);
$i++;
}
}
echo "</form>";
}
echo "<div>";