Exemple #1
0
 /**
  * @return array
  */
 public function provide_valid_parse()
 {
     $validNetmasks = array('255.255.255.255', '255.255.255.254', '255.255.255.252', '255.255.255.248', '255.255.255.240', '255.255.255.224', '255.255.255.192', '255.255.255.128', '255.255.255.0', '255.255.254.0', '255.255.252.0', '255.255.248.0', '255.255.240.0', '255.255.224.0', '255.255.192.0', '255.255.128.0', '255.255.0.0', '255.254.0.0', '255.252.0.0', '255.248.0.0', '255.240.0.0', '255.224.0.0', '255.192.0.0', '255.128.0.0', '255.0.0.0', '254.0.0.0', '252.0.0.0', '248.0.0.0', '240.0.0.0', '224.0.0.0', '192.0.0.0', '128.0.0.0', '0.0.0.0');
     return array_map(function ($netmask) {
         $ip = ip2long('10.0.0.1' . (rand(0, 1) ? '' : '28'));
         $bits = Cidr::countSetBits(ip2long($netmask));
         $bitmask = $bits == 0 ? 0 : ~0 << 32 - $bits;
         $start = $ip & $bitmask;
         $end = $ip | ~$bitmask & 0xffffffff;
         return array(long2ip($ip) . '/' . $netmask, $start, $end);
     }, $validNetmasks);
 }
Exemple #2
0
function list_results($type, $value, $ctx_filter, $sortby, $sortdir)
{
    global $allres, $offset, $pageSize, $dbconn;
    global $user, $arruser;
    $dbconn->SetFetchMode(ADODB_FETCH_BOTH);
    $filteredView = FALSE;
    $selRadio = array("", "", "", "");
    $query_onlyuser = "";
    $url_filter = "";
    // Deprecated filter
    //if(!empty($arruser)) {$query_onlyuser = "******";}
    $sortby = "t1.results_sent DESC, t1.hostIP DESC";
    $sortdir = "";
    $queryw = "";
    $queryl = "";
    $querys = "SELECT distinct t1.hostIP, HEX(t1.ctx) as ctx, t1.scantime, t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t1.sid, t3.name as profile\n    FROM vuln_nessus_latest_reports AS t1 LEFT JOIN vuln_nessus_settings AS t3 ON t1.sid = t3.id, vuln_nessus_latest_results AS t5\n    WHERE\n    t1.hostIP      = t5.hostIP\n    AND t1.ctx     = t5.ctx\n    AND t1.deleted = '0' ";
    // set up the SQL query based on the search form input (if any)
    if ($type == "scantime" && $value != "") {
        $selRadio[0] = "CHECKED";
        $q = $value;
        $queryw = " AND t1.scantime LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
        $queryl = " limit {$offset},{$pageSize}";
        $stext = "<b>" . _("Search for Date/Time") . "</b> = '*{$q}*'";
        $url_filter = "&type={$type}&value={$value}";
    } else {
        if ($type == "service" && $value != "") {
            $selRadio[5] = "CHECKED";
            $q = $value;
            $queryw = " AND t5.service LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
            $queryl = " limit {$offset},{$pageSize}";
            $stext = "<b>" . _("Search for Service") . "</b> = '*" . html_entity_decode($q) . "*'";
            $url_filter = "&type={$type}&value={$value}";
        } else {
            if ($type == "freetext" && $value != "") {
                $selRadio[6] = "CHECKED";
                $q = $value;
                $queryw = " AND t5.msg LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
                $queryl = " limit {$offset},{$pageSize}";
                $stext = "<b>" . _("Search for Free Text") . "</b> = '*" . html_entity_decode($q) . "*'";
                $url_filter = "&type={$type}&value={$value}";
            } else {
                if ($type == "hostip" && $value != "") {
                    $selRadio[1] = "CHECKED";
                    $q = strtolower($value);
                    $queryw = " t1.hostIP LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
                    $queryl = " limit {$offset},{$pageSize}";
                    $stext = "<b>" . _("Search for Host-IP") . "</b> = '*{$q}*'";
                    $url_filter = "&type={$type}&value={$value}";
                } else {
                    if ($type == "fk_name" && $value != "") {
                        $selRadio[2] = "CHECKED";
                        $q = strtolower($value);
                        $queryw = " AND t1.fk_name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
                        $queryl = " limit {$offset},{$pageSize}";
                        $stext = _("Search for Subnet/CIDR") . " = '*{$q}*'";
                        $url_filter = "&type={$type}&value={$value}";
                    } else {
                        if ($type == "username" && $value != "") {
                            $selRadio[3] = "CHECKED";
                            $q = strtolower($value);
                            $queryw = " AND t1.username LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
                            $queryl = " limit {$offset},{$pageSize}";
                            $stext = "<b>" . _("Search for user") . "</b> = '*{$q}*'";
                            $url_filter = "&type={$type}&value={$value}";
                        } else {
                            if ($type == "hn" && $value != "") {
                                if (!empty($ctx_filter)) {
                                    $queryw = " AND t1.ctx=UNHEX('{$ctx_filter}')";
                                }
                                $selRadio[4] = "CHECKED";
                                if (preg_match("/\\//", $value)) {
                                    $ip_range = array();
                                    $ip_range = Cidr::expand_CIDR($value, "SHORT");
                                    $queryw .= " AND (inet_aton(t1.hostIP) >= '" . $ip_range[0] . "' AND inet_aton(t1.hostIP) <='" . $ip_range[1] . "') {$query_onlyuser} order by {$sortby} {$sortdir}";
                                } elseif (preg_match("/\\,/", $value)) {
                                    $q = implode("','", explode(",", $value));
                                    $queryw .= " AND t1.hostIP in ('{$q}') {$query_onlyuser} order by {$sortby} {$sortdir}";
                                    $q = "Others";
                                } else {
                                    $q = $value;
                                    $queryw .= " AND t1.hostIP LIKE '{$q}' {$query_onlyuser} order by {$sortby} {$sortdir}";
                                }
                                $queryl = " limit {$offset},{$pageSize}";
                                if (!preg_match("/\\//", $value)) {
                                    $stext = "<b>" . _("Search for Host") . "</b> = '" . html_entity_decode($q) . "'";
                                } else {
                                    $stext = "<b>" . _("Search for Subnet/CIDR") . "</b> = '{$value}'";
                                }
                                $url_filter = "&type={$type}&value={$value}";
                            } else {
                                $selRadio[4] = "CHECKED";
                                $viewAll = FALSE;
                                $queryw = "{$query_onlyuser} order by {$sortby} {$sortdir}";
                                $queryl = " limit {$offset},{$pageSize}";
                                $stext = "";
                            }
                        }
                    }
                }
            }
        }
    }
    // set up the pager and search fields if viewing all hosts
    $reportCount = 0;
    if (!$filteredView) {
        $dbconn->Execute(str_replace("SELECT distinct", "SELECT SQL_CALC_FOUND_ROWS distinct", $querys) . $queryw);
        $reportCount = $dbconn->GetOne("SELECT FOUND_ROWS() as total");
        $previous = $offset - $pageSize;
        if ($previous < 0) {
            $previous = 0;
        }
        $last = intval($reportCount / $pageSize) * $pageSize;
        if ($last < 0) {
            $last = 0;
        }
        $next = $offset + $pageSize;
        $pageEnd = $offset + $pageSize;
        $value = html_entity_decode($value);
        //echo "<center><table cellspacing='0' cellpadding='0' border='0' width='100%'><tr><td class='headerpr' style='border:0;'>"._("Current Vulnerablities")."</td></tr></table>";
        // output the search form
        echo "<table class='w100 transparent'>";
        echo "<tr><td class='sec_title'>" . _("Asset Vulnerability Details") . "</td></tr>";
        echo "<tr><td style='padding:12px 0px 0px 0px;' class='transparent'>";
        ?>
    <div id='cvleftdiv'>
        <a id="new_scan_button" class="button" href="<?php 
        echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs');
        ?>
" style="text-decoration:none;">
        <?php 
        echo _("New Scan Job");
        ?>
        </a>
    </div>
    <div id='cvrightdiv'>

<?php 
        echo '<form name="hostSearch" id="hostSearch" action="index.php" method="GET">
<input type="text" length="25" name="value" id="assets" class="assets" style="margin:0px !important;" value="' . Util::htmlentities($value) . '">';
        // cvfiltertype -> current vulnerabilities filter type
        echo "\n<input type=\"radio\" name=\"type\" value=\"service\" {$selRadio['5']}>" . _("Service") . "\n<input type=\"radio\" name=\"type\" value=\"freetext\" {$selRadio['6']}>" . _("Free text") . "\n<input type=\"radio\" name=\"type\" value=\"hn\" {$selRadio['4']}>" . _("Host/Net") . "\n";
        echo "<input type=\"submit\" name=\"submit\" value=\"" . _("Find") . "\" id=\"current_vulns_find_button\" class=\"av_b_secondary small\" style=\"margin-left:15px;\">";
        echo <<<EOT
</form>
</p>
EOT;
    } else {
        // get the search result count
        $queryc = "SELECT count( report_id ) FROM vuln_nessus_latest_reports WHERE t1.deleted = '0' ";
        $scount = $dbconn->GetOne($queryc . $queryw);
        echo "<p>{$scount} report";
        if ($scount != 1) {
            echo "s";
        } else {
        }
        echo " " . _("found matching search criteria") . " | ";
        echo " <a href='index.php' alt='" . _("View All Reports") . "'>" . _("View All Reports") . "</a></p>";
    }
    echo "<p>";
    echo $stext;
    echo "</p>";
    echo "</div></td></tr></table>";
    $result = array();
    // get the hosts to display
    $result = $dbconn->GetArray($querys . $queryw . $queryl);
    // main query
    //echo $querys.$queryw.$queryl;
    $delete_ids = array();
    if (count($result) > 0) {
        foreach ($result as $rpt) {
            $delete_ids[] = $dreport_id = $rpt["report_id"];
        }
    }
    $_SESSION["_dreport_ids"] = implode(",", $delete_ids);
    //echo "$querys$queryw$queryl";
    if ($result === false) {
        $errMsg[] = _("Error getting results") . ": " . $dbconn->ErrorMsg();
        $error++;
        dispSQLError($errMsg, $error);
    } else {
        $data['vInfo'] = 0;
        $data['vLow'] = 0;
        $data['vMed'] = 0;
        $data['vHigh'] = 0;
        $data['vSerious'] = 0;
        $perms_where = Asset_host::get_perms_where('host.', TRUE);
        if (!empty($perms_where)) {
            $queryt = "SELECT count(lr.result_id) AS total, lr.risk, lr.hostIP, HEX(lr.ctx) AS ctx\n                        FROM vuln_nessus_latest_results lr, host, host_ip hi\n                        WHERE host.id=hi.host_id AND inet6_ntoa(hi.ip)=lr.hostIP {$perms_where} AND falsepositive='N'\n                        GROUP BY risk, hostIP, ctx";
        } else {
            $queryt = "SELECT count(lr.result_id) AS total, risk, lr.hostIP, HEX(lr.ctx) AS ctx\n                        FROM vuln_nessus_latest_results lr\n                        WHERE falsepositive='N'\n                        GROUP BY risk, hostIP, ctx";
        }
        //echo "$queryt<br>";
        $resultt = $dbconn->Execute($queryt);
        while (!$resultt->EOF) {
            $riskcount = $resultt->fields['total'];
            $risk = $resultt->fields['risk'];
            if ($risk == 7) {
                $data['vInfo'] += $riskcount;
            } else {
                if ($risk == 6) {
                    $data['vLow'] += $riskcount;
                } else {
                    if ($risk == 3) {
                        $data['vMed'] += $riskcount;
                    } else {
                        if ($risk == 2) {
                            $data['vHigh'] += $riskcount;
                        } else {
                            if ($risk == 1) {
                                $data['vSerious'] += $riskcount;
                            }
                        }
                    }
                }
            }
            $resultt->MoveNext();
        }
        if ($data['vInfo'] == 0 && $data['vLow'] == 0 && $data['vMed'] == 0 && $data['vHigh'] == 0 && $data['vSerious'] == 0) {
            $tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "", "plink" => "", "xlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']);
        } else {
            $tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "lr_reshtml.php?ipl=all&disp=html&output=full&scantype=M", "plink" => "lr_respdf.php?ipl=all&scantype=M", "xlink" => "lr_rescsv.php?ipl=all&scantype=M", "dlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']);
        }
        foreach ($result as $data) {
            if (!Session::hostAllowed_by_ip_ctx($dbconn, $data["hostIP"], $data["ctx"])) {
                continue;
            }
            $host_id = key(Asset_host::get_id_by_ips($dbconn, $data["hostIP"], $data["ctx"]));
            if (valid_hex32($host_id)) {
                $data['host_name'] = Asset_host::get_name_by_id($dbconn, $host_id);
            }
            $data['vSerious'] = 0;
            $data['vHigh'] = 0;
            $data['vMed'] = 0;
            $data['vLow'] = 0;
            $data['vInfo'] = 0;
            // query for reports for each IP
            $query_risk = "SELECT distinct risk, port, protocol, app, scriptid, msg, hostIP FROM vuln_nessus_latest_results WHERE hostIP = '" . $data['hostIP'];
            $query_risk .= "' AND username = '******'username'] . "' AND sid =" . $data['sid'] . " AND ctx = UNHEX('" . $data['ctx'] . "') AND falsepositive='N'";
            $result_risk = $dbconn->Execute($query_risk);
            while (!$result_risk->EOF) {
                if ($result_risk->fields["risk"] == 7) {
                    $data['vInfo']++;
                } else {
                    if ($result_risk->fields["risk"] == 6) {
                        $data['vLow']++;
                    } else {
                        if ($result_risk->fields["risk"] == 3) {
                            $data['vMed']++;
                        } else {
                            if ($result_risk->fields["risk"] == 2) {
                                $data['vHigh']++;
                            } else {
                                if ($result_risk->fields["risk"] == 1) {
                                    $data['vSerious']++;
                                }
                            }
                        }
                    }
                }
                $result_risk->MoveNext();
            }
            $data['plink'] = "lr_respdf.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype'];
            $data['hlink'] = "lr_reshtml.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype'];
            $data['xlink'] = "lr_rescsv.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype'];
            if (Session::am_i_admin()) {
                $data['dlink'] = "index.php?delete=" . $data['report_key'] . "&scantime=" . $data['scantime'];
            }
            $list = explode("\n", trim($data['meth_target']));
            if (count($list) == 1) {
                $list[0] = trim($list[0]);
                $data['target'] = resolve_asset($dbconn, $list[0]);
            } elseif (count($list) == 2) {
                $list[0] = trim($list[0]);
                $list[0] = resolve_asset($dbconn, $list[0]);
                $list[1] = trim($list[1]);
                $list[1] = resolve_asset($dbconn, $list[1]);
                $data['target'] = $list[0] . ' ' . $list[1];
            } else {
                $list[0] = trim($list[0]);
                $list[0] = resolve_asset($dbconn, $list[0]);
                $list[count($list) - 1] = trim($list[count($list) - 1]);
                $list[count($list) - 1] = resolve_asset($dbconn, $list[count($list) - 1]);
                $data['target'] = $list[0] . " ... " . $list[count($list) - 1];
            }
            $tdata[] = $data;
        }
        if ($sortdir == "ASC") {
            $sortdir = "DESC";
        } else {
            $sortdir = "ASC";
        }
        $url = $_SERVER['SCRIPT_NAME'] . "?offset={$offset}&sortby=%var%&sortdir={$sortdir}" . $url_filter;
        $fieldMapLinks = array();
        $fieldMapLinks = array(gettext("HTML Results") => array('url' => '%param%', 'param' => 'hlink', 'target' => 'main', 'icon' => 'images/html.png'), gettext("PDF Results") => array('url' => '%param%', 'param' => 'plink', 'target' => '_blank', 'icon' => 'images/pdf.png'), gettext("EXCEL Results") => array('url' => '%param%', 'param' => 'xlink', 'target' => '_blank', 'icon' => 'images/page_white_excel.png'));
        if (Session::am_i_admin()) {
            $fieldMapLinks["DELETE Results"] = array('url' => '%param%', 'param' => 'dlink', 'target' => 'main', 'icon' => 'images/delete.gif');
        }
        $fieldMap = array("Host - IP" => array('var' => 'hostip'), "Date/Time" => array('var' => 'scantime'), "Profile" => array('var' => 'profile'), "Serious" => array('var' => 'vSerious'), "High" => array('var' => 'vHigh'), "Medium" => array('var' => 'vMed'), "Low" => array('var' => 'vLow'), "Info" => array('var' => 'vInfo'), "Links" => $fieldMapLinks);
        // echo "<pre>";
        // var_dump($tdata);
        // echo "</pre>";
        if (count($tdata) > 1) {
            drawTableLatest($fieldMap, $tdata, "Hosts");
        } elseif (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
            echo "<br><span class='gray'>" . _("No results found: ") . "</span><a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs') . "'>" . _("Click here to run a Vulnerability Scan now") . "</a><br><br>";
        }
    }
    // draw the pager again, if viewing all hosts
    if (!$filteredView && $reportCount > 10) {
        ?>
    <div class="fright tmargin">
        <?php 
        if ($next > $pageSize) {
            ?>
	        <a href="index.php?<?php 
            echo "offset={$previous}{$url_filter}";
            ?>
" class="pager">< <?php 
            echo _("PREVIOUS");
            ?>
 </a>
	    <?php 
        } else {
            ?>
	        <a class='link_paginate_disabled' href="" onclick='return false'>< <?php 
            echo _("PREVIOUS");
            ?>
 </a>
		<?php 
        }
        if ($next <= $last) {
            ?>
            <a class='lmargin' href="index.php?<?php 
            echo "offset={$next}{$url_filter}";
            ?>
">  <?php 
            echo _("NEXT");
            ?>
 ></a>
        <?php 
        } else {
            ?>
            <a class='link_paginate_disabled lmargin' href="" onclick='return false'><?php 
            echo _("NEXT");
            ?>
 ></a>
        <?php 
        }
        ?>
    </div>
<?php 
    } else {
        echo "<p>&nbsp;</p>";
    }
}
function make_sid_filter($conn, $ip)
{
    $sids = array();
    if (preg_match("/\\d+\\/\\d+/", $ip)) {
        $aux = Cidr::expand_CIDR($ip, "SHORT", "IP");
        if ($aux[0] == "I" && $aux[1] == "P") {
            $aux[0] = $aux[1] = "0x0";
        } else {
            $aux[0] = bin2hex(inet_pton($aux[0]));
            $aux[1] = bin2hex(inet_pton($aux[1]));
        }
        $query = "SELECT d.id FROM alienvault_siem.device d, alienvault.sensor s WHERE d.sensor_id=s.id AND s.ip>=unhex('" . $aux[0] . "') AND s.ip<=unhex('" . $aux[1] . "')";
    } else {
        $ip = bin2hex(@inet_pton($ip));
        $query = "SELECT d.id FROM alienvault_siem.device d, alienvault.sensor s WHERE d.sensor_id=s.id AND s.ip>=unhex('{$ip}') AND s.ip<=unhex('{$ip}')";
    }
    //print_r($query);
    if (!($rs =& $conn->Execute($query))) {
        print $conn->ErrorMsg();
        exit;
    }
    while (!$rs->EOF) {
        $sids[] = $rs->fields['id'];
        $rs->MoveNext();
    }
    return implode(",", $sids);
}
function make_sid_filter($conn, $ip)
{
    $sids = array();
    if (preg_match("/\\d+\\/\\d+/", $ip)) {
        $aux = Cidr::expand_cidr($ip, 'SHORT', 'IP');
        if ($aux[0] == 'I' && $aux[1] == 'P') {
            $aux[0] = '0x0';
            $aux[1] = '0x0';
        } else {
            $aux[0] = bin2hex(inet_pton($aux[0]));
            $aux[1] = bin2hex(inet_pton($aux[1]));
        }
        $query = "SELECT d.id FROM alienvault_siem.device d, alienvault.sensor s \n\t\t          WHERE d.sensor_id=s.id \n\t\t          AND ( (s.ip >= UNHEX('" . $aux[0] . "') AND s.ip <= UNHEX('" . $aux[1] . "')) \n\t\t          OR (d.device_ip>=UNHEX('" . $aux[0] . "') AND d.device_ip <= UNHEX('" . $aux[1] . "')) )";
    } else {
        $ip = bin2hex(@inet_pton($ip));
        $query = "SELECT d.id FROM alienvault_siem.device d, alienvault.sensor s \n\t\t          WHERE d.sensor_id = s.id AND ( s.ip = UNHEX('{$ip}') OR d.device_ip = UNHEX('{$ip}') )";
    }
    //echo $query;
    if (!($rs =& $conn->Execute($query))) {
        Av_exception::throw_error(Av_exception::DB_ERROR, $conn->ErrorMsg());
    }
    while (!$rs->EOF) {
        $sids[] = $rs->fields['id'];
        $rs->MoveNext();
    }
    return implode(',', $sids);
}
Exemple #5
0
* You may not use, modify or distribute this program under any other version
* of the GNU General Public License.
*
* This package is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA  02110-1301  USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
ob_implicit_flush();
ini_set('include_path', '/usr/share/ossim/include');
require_once 'av_init.php';
$net = $argv[1];
if (!preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+\\/\\d+/", $net)) {
    die("Incorrect CIDR\n");
}
$ip_range = Cidr::expand_CIDR($net, 'FULL', 'IP');
foreach ($ip_range as $ip) {
    echo $ip . "\n";
}