Esempio n. 1
0
 /**
  * Create a new scan
  * @param scan_type str: the plaintext id of the scan (eg. library)
  * @return scan_id
  */
 public function addScan($scan_type)
 {
     $scan = new Scan();
     $scan->scan_time = date('Y-m-d h:i:s');
     $scan->scan_type = $scan_type;
     $scan->save();
     $id = $scan->getId();
     $scan->free();
     unset($scan);
     if ($id) {
         return $id;
     } else {
         throw new Exception('Could not get a new scan id - please check your database is set up correctly');
     }
 }
Esempio n. 2
0
 public static function newScan()
 {
     global $wicker;
     $instance = new self();
     $instance->connectToDatabase();
     $guid = $wicker->newGUID();
     $statement = $instance->db->con()->prepare("INSERT INTO `scans` (`time`, `guid`) VALUES (?, ?)");
     $statement->execute(array(time(), $guid));
     return Scan::fromDB("[G]" . $guid);
 }
Esempio n. 3
0
 static function getUserList()
 {
     $userList = User::all()->toArray();
     //echo '<pre>'; print_r($userList); echo '</pre>'; exit;
     //dd(User::all());
     foreach ($userList as $key => $user) {
         //echo $key;
         //echo '<pre>'; print_r($user); echo '</pre>'; //exit;
         $scanEnds = Scan::getScanEnds($user['id']);
         //echo '<pre>'; print_r($scanEnds); echo '</pre>'; exit;
         $userList[$key]['last_scan'] = $scanEnds[0]->last_scan;
         $userList[$key]['first_scan'] = $scanEnds[0]->first_scan;
     }
     return $userList;
 }
Esempio n. 4
0
                                    <th>Date</th>
                                </tr>
                            </thead>
                            <tbody>
<?php 
if (!$hidden) {
    $action = "hide";
    $statement = $wicker->db->con()->prepare("SELECT * FROM `scans` WHERE `status` <> 3 AND `individual` <> 1 ORDER BY `id` DESC");
} else {
    $action = "unhide";
    $statement = $wicker->db->con()->prepare("SELECT * FROM `scans` WHERE `status` = 3 AND `individual` <> 1 ORDER BY `id` DESC");
}
$statement->execute();
for ($a = 0; $a < $statement->rowCount(); $a++) {
    $info = $statement->fetchObject();
    $scan = Scan::FromDB($info->id);
    ?>
                                <tr>
                                    <td><?php 
    echo $a + 1;
    ?>
</td>
                                    <td><a href="scanview.php?id=<?php 
    echo $scan->getID();
    ?>
">View</a> | <a href="scanner.php?do=<?php 
    echo $action;
    ?>
&id=<?php 
    echo $scan->getID();
    ?>
Esempio n. 5
0
            $scan_subnets[$sk]->discovered = $add_tmp[$s->id];
        }
    }
}
# print change
if ($Scan->debugging) {
    "\nDiscovered addresses:\n----------\n";
    print_r($scan_subnets);
}
# reinitialize objects
$Database = new Database_PDO();
$Admin = new Admin($Database, false);
$Addresses = new Addresses($Database);
$Subnets = new Subnets($Database);
$DNS = new DNS($Database);
$Scan = new Scan($Database);
$Result = new Result();
# insert to database
$discovered = 0;
//for mailing
foreach ($scan_subnets as $s) {
    if (sizeof(@$s->discovered) > 0) {
        foreach ($s->discovered as $ip) {
            // fetch subnet
            $subnet = $Subnets->fetch_subnet("id", $s->id);
            $nsid = $subnet === false ? false : $subnet->nameserverId;
            // try to resolve hostname
            $hostname = $DNS->resolve_address($ip, false, true, $nsid);
            //set update query
            $values = array("subnetId" => $s->id, "ip_addr" => $Subnets->transform_address($ip, "decimal"), "dns_name" => $hostname['name'], "description" => "-- autodiscovered --", "note" => "This host was autodiscovered on " . $nowdate, "lastSeen" => $nowdate, "state" => "2", "action" => "add");
            //insert
/**
 * Script to check edited / deleted / new IP addresses
 * If all is ok write to database
 *************************************************/
# include required scripts
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize required objects
$Database = new Database_PDO();
$Result = new Result();
$User = new User($Database);
$Subnets = new Subnets($Database);
$Tools = new Tools($Database);
$Addresses = new Addresses($Database);
$Log = new Logging($Database, $User->settings);
$Zones = new FirewallZones($Database);
$Ping = new Scan($Database);
# verify that user is logged in
$User->check_user_session();
# validate csrf cookie
$User->csrf_cookie("validate", "address", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
# validate action
$Tools->validate_action($_POST['action']);
$action = $_POST['action'];
//reset delete action form visual visual
if (isset($_POST['action-visual'])) {
    if (@$_POST['action-visual'] == "delete") {
        $action = "delete";
    }
}
# save $_POST to $address
$address = $_POST;
Esempio n. 7
0
    if ($scan->getPID() != 0 && $scan->getStatus() == 1) {
        $scan->setStatus(2);
        system("sudo kill " . $scan->getPID());
        header('Location: apview.php?parent_scan=' . $_GET['parent_scan'] . '&scanid=' . $_GET['scanid'] . '&bssid=' . $_GET['bssid']);
        die;
    }
} else {
    if ($_GET['do'] == "terminatenstart") {
        // Terminate parent scan
        $previous = Scan::fromDB($_GET['parent_scan']);
        if ($previous->getPID() != 0 && $previous->getStatus() == 1) {
            $previous->setStatus(2);
            system("sudo kill " . $previous->getPID());
        }
        // Start new individual scan
        $scan = Scan::newScan();
        $scan->setStatus(1);
        $scan->startIndScan($parent_ap->getBSSID(), $parent_ap->getChannel());
        $parent_ap->setIndScanID($scan->getID());
        header('Location: apview.php?parent_scan=' . $_GET['parent_scan'] . '&scanid=' . $scan->getID() . '&bssid=' . $_GET['bssid']);
        die;
    } else {
        if ($_GET['do'] == "deauth") {
            $wicker->deauth($_GET['bssid'], $_GET['deauthmac'], "scans/" . $ind_scan->getGUID() . ".log");
        } else {
            if ($_GET['do'] == "deauthbroadcast") {
                $wicker->deauth($_GET['bssid'], null, "scans/" . $ind_scan->getGUID() . ".log");
            } else {
                if ($_GET['do'] == "associate") {
                    $wicker->associate($_GET['bssid'], "scans/" . $ind_scan->getGUID() . ".log");
                } else {
Esempio n. 8
0
* You may not use, modify or distribute this program under any other version
* of the GNU General Public License.
*
* This package is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA  02110-1301  USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
require_once 'scan_util.php';
Session::logcheck('environment-menu', 'ToolsScan');
$db = new ossim_db();
$conn = $db->connect();
$scan = new Scan();
$lastscan = $scan->get_results();
if (!empty($lastscan['scanned_ips'])) {
    scan2html($conn, $lastscan);
}
$db->close();
Esempio n. 9
0
<?php

/**
 *	Script that checks if IP is alive
 */
# include required scripts
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize required objects
$Database = new Database_PDO();
$Result = new Result();
$User = new User($Database);
$Subnets = new Subnets($Database);
$Tools = new Tools($Database);
$Addresses = new Addresses($Database);
$Ping = new Scan($Database, $User->settings);
# verify that user is logged in
$User->check_user_session();
# validate post
is_numeric($_POST['subnetId']) ?: $Result->show("danger", _("Invalid ID"), true);
is_numeric($_POST['id']) || strlen($_POST['id']) == 0 ?: $Result->show("danger", _("Invalid ID"), true);
# set and check permissions
$subnet_permission = $Subnets->check_permission($User->user, $_POST['subnetId']);
$subnet_permission > 2 ?: $Result->show("danger", _('Cannot edit IP address details') . '! <br>' . _('You do not have write access for this network'), true, true);
# fetch address
$address = (array) $Addresses->fetch_address(null, $_POST['id']);
# try to ping it
$pingRes = $Ping->ping_address($address['ip']);
# update last seen if success
if ($pingRes == 0) {
    @$Ping->ping_update_lastseen($address['id']);
}
Esempio n. 10
0
        ?>
		<script type="text/javascript">
			parent.$('#scan_button').attr('disabled', '');
			parent.$('#scan_button').removeClass();
			parent.$('#scan_button').addClass('button');
		</script>
		<?php 
        exit;
    }
}
$assets = rtrim($assets_string);
$scan_path_log = "/tmp/nmap_scanning_" . md5(Session::get_secure_id()) . ".log";
require_once 'classes/Scan.inc';
// Only Stop
if ($only_stop) {
    $scan = new Scan($assets);
    $scan->stop_nmap();
    exit;
}
session_write_close();
if (!$only_status && !$only_stop) {
    $rscan = new RemoteScan($assets, $full_scan == "full" ? "root" : "ping");
    if (($available = $rscan->available_scan()) != "") {
        $remote_sensor = $available;
    } else {
        $remote_sensor = "null";
    }
    $cmd = "/usr/bin/php /usr/share/ossim/scripts/vulnmeter/remote_nmap.php '{$assets}' '{$remote_sensor}' '{$timing_template}' '{$full_scan}' '" . $rscan->nmap_completed_scan . "' > {$scan_path_log} 2>&1 &";
    if (file_exists($rscan->nmap_completed_scan)) {
        @unlink($rscan->nmap_completed_scan);
    }
Esempio n. 11
0
 /**
  * Read address functions
  *
  *	identifiers can be:
  *		- /addresses/{id}/
  *		- /addresses/{id}/ping/					     // pings address
  *      - /addresses/{ip}/{subnetId}/                // Returns address from subnet
  *		- /addresses/search/{ip_address}/			 // searches for addresses in database, returns multiple if found
  *		- /addresses/search_hostname/{hostname}/     // searches for addresses in database by hostname, returns multiple if found
  *		- /addresses/search_hostbase/{hostbase}/     // searches for addresses by leading substring (base) of hostname, returns ordered multiple
  *      - /addresses/first_free/{subnetId}/          // returns first available address (subnetId can be provided with parameters)
  *		- /addresses/custom_fields/                  // custom fields
  *		- /addresses/tags/						     // all tags
  *		- /addresses/tags/{id}/					     // specific tag
  *		- /addresses/tags/{id}/addresses/			 // returns all addresses that are tagged with this tag ***if subnetId is provided it will be filtered to specific subnet
  *
  * @access public
  * @return void
  */
 public function GET()
 {
     // subnet Id > read all addresses in subnet
     if ($this->_params->id == "custom_fields") {
         // check result
         if (sizeof($this->custom_fields) == 0) {
             $this->Response->throw_exception(404, 'No custom fields defined');
         } else {
             return array("code" => 200, "data" => $this->custom_fields);
         }
     } elseif ($this->_params->id == "first_free") {
         // check for isFull
         if (isset($this->_params->subnetId)) {
             $subnet = $this->Tools->fetch_object("subnets", "id", $this->_params->subnetId);
         } else {
             $subnet = $this->Tools->fetch_object("subnets", "id", $this->_params->id2);
         }
         if ($subnet->isFull == 1) {
             $this->Response->throw_exception(404, "No free addresses found");
         }
         $this->_params->ip_addr = $this->Addresses->get_first_available_address($subnet->id, $this->Subnets);
         // null
         if ($this->_params->ip_addr == false) {
             $this->Response->throw_exception(404, 'No free addresses found');
         } else {
             return array("code" => 200, "data" => $this->Addresses->transform_address($this->_params->ip_addr, "dotted"));
         }
     } elseif ($this->Tools->validate_ip($this->_params->id) !== false && isset($this->_params->id2)) {
         // fetch all in subnet
         $result = $this->Tools->fetch_multiple_objects("ipaddresses", "subnetId", $this->_params->id2);
         if ($result !== false) {
             foreach ($result as $k => $r) {
                 if ($r->ip !== $this->_params->id) {
                     unset($result[$k]);
                 } else {
                     $result_filtered = $r;
                 }
             }
             if (sizeof($result) == 0) {
                 $result = false;
             } else {
                 $result = $result_filtered;
             }
         }
         if ($result == false) {
             $this->Response->throw_exception(404, 'No addresses found');
         } else {
             return array("code" => 200, "data" => $result);
         }
     } elseif ($this->_params->id == "tags") {
         // validate
         $this->validate_tag();
         // all addresses with tag
         if (@$this->_params->id3 == "addresses") {
             // fetch
             $result = $this->Tools->fetch_multiple_objects("ipaddresses", "state", $this->_params->id2);
             // filter by subnetId
             if ($result !== false) {
                 if (isset($this->_params->subnetId)) {
                     if (is_numeric($this->_params->subnetId)) {
                         // filter
                         foreach ($result as $k => $v) {
                             if ($v->subnetId != $this->_params->subnetId) {
                                 unset($result[$k]);
                             }
                         }
                         // any left
                         if (sizeof($result) == 0) {
                             $result = false;
                         }
                     }
                 }
             }
             // result
             if ($result === false) {
                 $this->Response->throw_exception(404, 'No addresses found');
             } else {
                 return array("code" => 200, "data" => $this->prepare_result($result, "addresses", true, false));
             }
         } else {
             // fetch all by tag
             if (isset($this->_params->id2)) {
                 // numeric
                 if (is_numeric($this->_params->id2)) {
                     $result = $this->Tools->fetch_object("ipTags", "id", $this->_params->id2);
                 } else {
                     $result = $this->Tools->fetch_multiple_objects("ipTags", "type", $this->_params->id2);
                 }
             } else {
                 $result = $this->Tools->fetch_all_objects("ipTags");
             }
             // result
             if ($result === false) {
                 $this->Response->throw_exception(404, 'Tag not found');
             } else {
                 return array("code" => 200, "data" => $this->prepare_result($result, "addresses/tags", true, false));
             }
         }
     } elseif (!isset($this->_params->id)) {
         $this->Response->throw_exception(400, 'Address ID is required');
     } elseif (is_numeric($this->_params->id)) {
         // ping
         if (@$this->_params->id2 == "ping") {
             # scan class
             $Scan = new Scan($this->Database);
             $Scan->ping_set_exit(false);
             // check address
             $this->validate_address_id();
             // set result
             $result = array();
             $result['scan_type'] = $Scan->icmp_type;
             $result['exit_code'] = $Scan->ping_address($this->old_address->ip);
             $result['result_code'] = $Scan->ping_exit_explain($result['exit_code']);
             $result['message'] = $result['exit_code'] == 0 ? "Address online" : "Address offline";
             // success
             if ($result['exit_code'] == 0) {
                 $Scan->ping_update_lastseen($this->_params->id);
             }
             return array("code" => 200, "data" => $result);
         } else {
             // fetch
             $result = $this->Addresses->fetch_address("id", $this->_params->id);
             // check result
             if ($result == false) {
                 $this->Response->throw_exception(404, "Invalid Id");
             } else {
                 return array("code" => 200, "data" => $this->prepare_result($result, $this->_params->controller, true, true));
             }
         }
     } elseif (@$this->_params->id == "search") {
         // validate
         if (!$this->Addresses->validate_address($this->_params->id2)) {
             $this->Response->throw_exception(404, 'Invalid address');
         }
         // search
         $result = $this->Tools->fetch_multiple_objects("ipaddresses", "ip_addr", $this->Subnets->transform_address($this->_params->id2, "decimal"));
         // check result
         if ($result === false) {
             $this->Response->throw_exception(404, 'Address not found');
         } else {
             return array("code" => 200, "data" => $this->prepare_result($result, $this->_params->controller, true, true));
         }
     } elseif (@$this->_params->id == "search_hostname") {
         $result = $this->Tools->fetch_multiple_objects("ipaddresses", "dns_name", $this->_params->id2);
         // check result
         if ($result === false) {
             $this->Response->throw_exception(404, 'Host name not found');
         } else {
             return array("code" => 200, "data" => $this->prepare_result($result, $this->_params->controller, false, false));
         }
     } elseif (@$this->_params->id == "search_hostbase") {
         $target = $this->_params->id2 . "%";
         $result = $this->Tools->fetch_multiple_objects("ipaddresses", "dns_name", $target, "dns_name", true, true);
         // check result
         if ($result === false) {
             $this->Response->throw_exception(404, 'Host name not found');
         } else {
             return array("code" => 200, "data" => $this->prepare_result($result, $this->_params->controller, false, false));
         }
     } else {
         $this->Response->throw_exception(400, "Invalid Id");
     }
 }
Esempio n. 12
0
if ($nmap_running) {
    echo "do_scan.php?only_status=1";
}
?>
" frameborder="0" scrolling="no"></iframe>
				</td>
			</tr>
		</table>
	</div>
</form>
<!-- end of Asset form -->


<?php 
require_once 'classes/Scan.inc';
$scan = new Scan("");
if (GET('clearscan')) {
    Scan::del_scan($scan->nmap_completed_scan);
}
$lastscan = $scan->get_scan();
if (is_array($lastscan) && count($lastscan) > 0) {
    require_once 'scan_util.php';
    $_SESSION["_scan"] = $lastscan;
    scan2html($lastscan);
} else {
    echo "<!-- <p align=\"center\">";
    echo _("NOTE: This tool is a nmap frontend. In order to use all nmap functionality, you need root privileges.");
    echo "<br/>";
    echo _("For this purpose you can use suphp, or change group to the web-user and set suid to nmap binary (<strong>chgrp www-data /usr/bin/nmap ; chmod 4750 /usr/bin/nmap</strong>).");
    echo "</p> -->";
}
Esempio n. 13
0
        $statusCaracteresEspeciais = false;
    }
    $objRandom = new Random();
    $senha = $objRandom->gerandoSenha($tamanho, $statusLetrasMinusculas, $statusLetrasMaiusculas, $statusNumeros, $statusCaracteresEspeciais);
    $objScan = new Scan();
    $result = $objScan->scanpassword($senha);
    $objMountPeriod = new Period();
    $period = $objMountPeriod->mountPeriod($result['product']);
    $objDao = new Dao();
    $objDao->executeQuery('INSERT INTO tbl_counting (forca_senha, auxiliado) VALUES (' . $period['level'] . ', 0)');
    require 'view/viewResult.php';
} else {
    if (isset($_POST['powerkey'])) {
        $tamanho = 20;
        $statusNumeros = $statusLetrasMinusculas = $statusLetrasMaiusculas = $statusCaracteresEspeciais = true;
        $objRandom = new Random();
        $senha = $objRandom->gerandoSenha($tamanho, $statusLetrasMinusculas, $statusLetrasMaiusculas, $statusNumeros, $statusCaracteresEspeciais);
        $objScan = new Scan();
        $result = $objScan->scanpassword($senha);
        $objMountPeriod = new Period();
        $period = $objMountPeriod->mountPeriod($result['product']);
        $objDao = new Dao();
        $objDao->executeQuery('INSERT INTO tbl_counting (forca_senha, auxiliado) VALUES (' . $period['level'] . ', 1)');
        require 'view/viewResult.php';
    } else {
        $objDao = new Dao();
        $retornoconsulta = $objDao->executeConsult('SELECT count(*) FROM tbl_counting');
        $total = mysqli_fetch_array($retornoconsulta);
        require 'view/viewIndex.php';
    }
}
Esempio n. 14
0
    die("Incorrect net/host format {$net}\n");
}
if ($remote_sensor != "" && $remote_sensor != "null") {
    $rscan = new RemoteScan($net, "ping", $remote_sensor, $nmap_completed_scan);
    $quiet = $timing_template != "" ? FALSE : TRUE;
    echo "Scanning remote network: {$net}\n";
    $rscan->do_scan($quiet);
    if ($rscan->err() == "") {
        $ips = $rscan->get_scan();
    } else {
        $ips = array();
        echo "Unable to run remote scan: " . $rscan->err() . "\n";
    }
} else {
    echo "Scanning local network: {$net}\n";
    $scan = new Scan($net, null, $nmap_completed_scan);
    $scan->append_option($timing_template);
    if ($full == "fast") {
        $scan->append_option("-F");
        $scan->do_scan(TRUE);
    } elseif ($full == "full") {
        $scan->do_scan(TRUE);
    } else {
        $scan->do_scan(FALSE);
    }
    echo "\n";
    $ips = $scan->get_scan();
}
foreach ($ips as $ip => $val) {
    echo "Host {$ip} appears to be up\n";
}
Esempio n. 15
0
                                }
                                else
                                {
                                    var tt_class = 'tt_error';
                                    var hd_class = 'host_details_e';
                                }
                                
                                                                                                                  			
                                var html_details = '<div class="tray_container">' +
                                   '<div class="tray_triangle ' + tt_class +'"></div>' +
                                        details +               
                                   '</div>';           			
                                                                 
                                                                                                                          			
                                dt.fnOpen(nTr, html_details, hd_class);
                            }                  				            				
        				});            				                								
        			});	
    			}                                     		    
    		}                
        });  	
    </script> 
   
    <?php 
    //Delete scan results
    if (count($data['general']['hosts_in_group']) > 0) {
        $scan_object = new Scan();
        $scan_object->delete_data();
    }
    $db->close();
}
Esempio n. 16
0
function cancel_scan($wizard)
{
    $step = intval($wizard->get_step_data('scan_step'));
    if ($step == 1 || $step == 2) {
        $obj = new Scan();
        $obj->stop();
        $obj->delete_data();
    }
    $wizard->clean_step_data();
    $wizard->save_status();
    $response['error'] = FALSE;
    return $response;
}
Esempio n. 17
0
        break;
}
if (isset($joomlaFolders)) {
    foreach ($joomlaFolders as $value) {
        if (!isset($skipFolders)) {
            $skipFolders = array($value . "/tmp/");
        } else {
            array_push($skipFolders, $value . "/tmp/");
        }
        array_push($skipFolders, $value . "/log/");
        array_push($skipFolders, $value . "/cache/");
        array_push($skipFolders, $value . "/administrator/cache/");
    }
}
$dbconfig = new Dbconfig($host, $database, $user, $password);
$scan = new Scan($dbconfig, $domain);
if ($scan->Connect()) {
    // check to see if last scan completed correctly
    if ($alreadyRunning === false) {
        $scan->scanFiles($path, $skipFolders, $processExtensions, $skipExtensions);
    }
    set_time_limit(30);
    $scan->emailResults($email, $emailinterval, $alreadyRunning);
    $scan->deleteOldTestedRecords();
    $scan = NULL;
} else {
    $text = "Error in running hashscan.php for this domain, consult logfile";
    $mailed = mail($email, "WebMonitor: ERROR SCANNING " . $domain, $text);
}
unset($appStatus);
Logfile::writeWhen("Closing Logfile");
Esempio n. 18
0
                $data['progress']['total'] = $progress['total_hosts'];
                if ($progress['remaining'] == -1) {
                    $data['progress']['time'] = _('Calculating Remaining Time');
                } else {
                    $data['progress']['time'] = Welcome_wizard::format_time($progress['remaining']) . ' ' . _('remaining');
                }
            } else {
                $data['message'] = NULL;
                $data['progress'] = NULL;
                $data['debug_info'] = NULL;
            }
            $data['debug_info'] = NULL;
        }
    }
} else {
    $scan = new Scan();
    if (preg_match('/finished/i', $scan->get_status())) {
        $lastscan = $scan->get_results();
        $debug_info = '';
        if (is_array($lastscan['nmap_data']) && !empty($lastscan['nmap_data'])) {
            $debug_info = $lastscan['nmap_data']['cmd'] . '|' . $lastscan['nmap_data']['version'] . '|' . $lastscan['nmap_data']['xmloutputversion'];
            unset($lastscan['nmap_data']);
        }
        $data['state'] = 'finished';
        $data['message'] = NULL;
        $data['progress'] = NULL;
        $data['debug_info'] = $debug_info;
        if (is_array($lastscan['scanned_ips']) && count($lastscan['scanned_ips']) == 0) {
            $scan->delete_data();
        }
    } else {
Esempio n. 19
0
         header('Location: scanview.php?id=' . $scan->getID());
     } else {
         if ($scan->getPID() == 0) {
             $wicker->error("PID of scan was 0.");
         } else {
             if ($scan->getStatus() == 2) {
                 $wicker->error("This scan has already been terminated");
             } else {
                 $wicker->error("An unknown error has occured");
             }
         }
     }
     die;
 } else {
     if ($do == "update") {
         $scan = Scan::fromDB($id);
         $data = $scan->parseCSV();
         $aps = $data["aps"];
         $clients = $data["clients"];
         // Update scan counts for APs and Clients
         $scan->setAPCount(count($aps));
         $scan->setClientCount(count($clients));
         // Add APs to DB if they aren't already there
         foreach ($aps as $ap) {
             $check = AP::fromDB($scan->getID(), $ap["bssid"]);
             // Add AP if not found
             if ($check->getID() == null) {
                 AP::newAP($scan->getID(), $ap["bssid"], strtotime($ap["first_seen"]), strtotime($ap["last_seen"]), $ap["channel"], $ap["privacy"], $ap["cipher"], $ap["authentication"], $ap["power"], $ap["beacons"], $ap["ivs"], $ap["essid"], round($_POST['lat'], 7), round($_POST['long'], 7));
                 // Update AP in DB
             } else {
                 // Update Coordinates if seen within last 10 seconds
Esempio n. 20
0
    $rscan->do_scan($quiet);
    if ($rscan->err() == '') {
        $ips = $rscan->get_scan();
    } else {
        $ips = array();
        echo '<br>\\n<b>Unable to run remote scan:</b> ' . $rscan->err() . "\n";
    }
    // delete results (only for vulnerabilities scans)
    if ($argv[3] == 'vulnscan') {
        $rscan->del_scan();
    }
} else {
    echo 'Scanning local networks: ' . $targets . "\n";
    $only_ping = $scan_type == 'ping' || $argv[3] == 'vulnscan' ? TRUE : FALSE;
    $config = array('only_ping' => $only_ping, 'user' => $user);
    $scan = new Scan($targets, $config);
    if ($argv[3] != 'vulnscan') {
        // Append Timing
        $scan->append_option($timing_template);
        // Append Autodetect
        if ($autodetect) {
            if ($scan_type != 'fast') {
                $scan->append_option('-A');
            } else {
                $scan->append_option('-sV -O --osscan-guess --max-os-tries=1');
            }
        }
        // Append RDNS
        if (!$rdns) {
            $scan->append_option('-n');
        }
Esempio n. 21
0
 *	values : error 			//provided error text
 *			 alive			//array of active hosts
 *			 dead			//array of dead hosts
 *			 serror			//error in scanning
 *
 *	Scan type is telnet
 *
 */
/* functions */
require dirname(__FILE__) . '/../../functions/functions.php';
require dirname(__FILE__) . '/../../functions/classes/class.Thread.php';
# initialize user object
$Database = new Database_PDO();
$Subnets = new Subnets($Database);
$Addresses = new Addresses($Database);
$Scan = new Scan($Database);
//set exit flag to true
$Scan->ping_set_exit(true);
/**
 *	Input checks
 */
//script can only be run from cli
if (php_sapi_name() != "cli") {
    die(json_encode(array("status" => 1, "error" => "This script can only be run from cli!")));
}
//check input parameters
if (!isset($argv[1]) || !isset($argv[2])) {
    die(json_encode(array("status" => 1, "error" => "Missing required input parameters")));
}
// test to see if threading is available
if (!Thread::available()) {
Esempio n. 22
0
/****************************************************
 **************** Configuration Data ****************
 ****************************************************/
$conf = $GLOBALS['CONF'];
if (!$conf) {
    $conf = new Ossim_conf();
    $GLOBALS['CONF'] = $conf;
}
/****************************************************
 ******************** Scan Data *********************
 ****************************************************/
//Database connection
$db = new ossim_db();
$conn = $db->connect();
//Scan results
$scan = new Scan();
$scan_results = $scan->get_results();
$sensor = $scan_results['sensor'];
if (!empty($sensor['ctx'])) {
    $ctx = $sensor['ctx'];
} else {
    echo ossim_error(_('Error! Scan results not found'));
    exit;
}
/*
echo '<pre style="white-space: pre;">';
    print_r($_SESSION['_scan']);
echo '</pre>';
*/
//All sensors
$filters = array('where' => "sensor.id = acl_sensors.sensor_id AND acl_sensors.entity_id = UNHEX('{$ctx}')");
Esempio n. 23
0
<?php

require_once "Scan.class.php";
$type = $_GET['type'];
$scan = Scan::FromDB($_GET['id']);
if ($type == "ap") {
    ?>
    <table class="table">
        <h3>APs - <?php 
    echo $scan->getAPCount();
    ?>
</h3>
        <thead>
            <tr>
                <th>#</th>
                <th>BSSID</th>
                <th>ESSID</th>
                <th>First seen</th>
                <th>Last seen</th>
                <th>Channel</th>
                <th>Privacy</th>
                <th>Power</th>
                <th>Beacons</th>
                <th>IVs</th>
            </tr>
        </thead>
        <tbody>
<?php 
    $aps = $scan->getAPs("power", "DESC");
    $a = 0;
    if (count($aps) != 0) {
Esempio n. 24
0
<?php

require_once "Wicker.php";
require_once "Scan.class.php";
$scan = Scan::fromDB(1);
$statement = $wicker->db->con()->prepare("SELECT * FROM `aps` WHERE `scan_id` = ? GROUP BY `latitude` ORDER BY `id`");
$statement->execute(array(1));
$a = 0;
while ($info = $statement->fetchObject()) {
    $coords[$a]["lat"] = $info->latitude;
    $coords[$a]["long"] = $info->longitude;
    $array_lat[] = $info->latitude;
    $array_long[] = $info->longitude;
    $a++;
}
$avg_lat = array_avg($array_lat);
$avg_long = array_avg($array_long);
$coord_data = <<<COORD
var latlng = new google.maps.LatLng({$avg_lat}, {$avg_long});
var myOptions = {
    zoom: 14,
    center: latlng,
    mapTypeId: google.maps.MapTypeId.ROADMAP
};
var map = new google.maps.Map(document.getElementById("map_canvas"),
    myOptions);
COORD;
$coord_data .= "\n";
$a = 0;
$multiple = true;
foreach ($coords as $coord) {
Esempio n. 25
0
 * 		0 1 * * *  /usr/local/bin/php /<sitepath>/functions/scripts/pingCheck.php > /dev/null 2>&1
 *
 *
 *	In case of problems set reset_debugging to true
 *
 */
# include required scripts
require dirname(__FILE__) . '/../functions.php';
require dirname(__FILE__) . '/../../functions/classes/class.Thread.php';
require dirname(__FILE__) . '/../../functions/classes/class.Mail.php';
# initialize objects
$Database = new Database_PDO();
$Subnets = new Subnets($Database);
$Addresses = new Addresses($Database);
$Tools = new Tools($Database);
$Scan = new Scan($Database);
$DNS = new DNS($Database);
$Result = new Result();
// set exit flag to true
$Scan->ping_set_exit(true);
// set debugging
$Scan->reset_debugging(false);
// change scan type?
//$Scan->reset_scan_method ("pear");
// set ping statuses
$statuses = explode(";", $Scan->settings->pingStatus);
// set mail override flag
$send_mail = true;
// response for mailing
$address_change = array();
// Array with differences, can be used to email to admins
Esempio n. 26
0
// Launch scan
if (!$only_status && !$only_stop) {
    // This object is only for checking available sensors
    $rscan = new Remote_scan($assets, $scan_mode == 'full' ? 'root' : 'ping');
    $available = $rscan->available_scan(preg_match('/^[0-9A-F]{32}$/i', $sensor) ? $sensor : '');
    $remote_sensor = "null";
    // default runs local scan
    unset($_SESSION['_remote_sensor_scan']);
    if (preg_match('/[0-9A-F]{32}/i', $sensor)) {
        if ($available == '') {
            $remote_sensor = 'null';
            $data['status'] = 'warning';
            $data['data'] = _('Warning! The selected sensor is not available for remote scan. Using automatic option...');
        } else {
            $remote_sensor = $sensor;
            $_SESSION['_remote_sensor_scan'] = $sensor;
        }
    }
    if ($sensor == 'auto' && $available != '') {
        $remote_sensor = $available;
        $_SESSION['_remote_sensor_scan'] = $available;
    }
    $scan = new Scan();
    $scan->delete_data();
    // Launch scan in background
    $cmd = "/usr/bin/php /usr/share/ossim/scripts/vulnmeter/remote_nmap.php '{$assets}' '{$remote_sensor}' '{$timing_template}' '{$scan_mode}' '" . Session::get_session_user() . "' '{$autodetect}' '{$rdns}' '{$custom_ports}' > {$scan_path_log} 2>&1 &";
    system($cmd);
}
session_write_close();
echo json_encode($data);
exit;
Esempio n. 27
0
 /**
  * Read address functions
  *
  *	identifiers can be:
  *		- {id}
  *		- {id}/ping/					// pings address
  *		- /search/{ip_address}/			// searches for addresses in database, returns multiple if found
  *		- custom_fields
  *		- tags							// all tags
  *		- tags/{id}/					// specific tag
  *		- tags/{id}/addresses			// returns all addresses that are tagged with this tag ***if subnetId is provided it will be filtered to specific subnet
  *
  * @access public
  * @return void
  */
 public function GET()
 {
     // subnet Id > read all addresses in subnet
     if ($this->_params->id == "custom_fields") {
         // check result
         if (sizeof($this->custom_fields) == 0) {
             $this->Response->throw_exception(404, 'No custom fields defined');
         } else {
             return array("code" => 200, "data" => $this->custom_fields);
         }
     } elseif ($this->_params->id == "tags") {
         // validate
         $this->validate_tag();
         // all addresses with tag
         if (@$this->_params->id3 == "addresses") {
             // fetch
             $result = $this->Tools->fetch_multiple_objects("ipaddresses", "state", $this->_params->id2);
             // filter by subnetId
             if ($result !== false) {
                 if (isset($this->_params->subnetId)) {
                     if (is_numeric($this->_params->subnetId)) {
                         // filter
                         foreach ($result as $k => $v) {
                             if ($v->subnetId != $this->_params->subnetId) {
                                 unset($result[$k]);
                             }
                         }
                         // any left
                         if (sizeof($result) == 0) {
                             $result = false;
                         }
                     }
                 }
             }
             // result
             if ($result === false) {
                 $this->Response->throw_exception(404, 'No addresses found');
             } else {
                 return array("code" => 200, "data" => $this->prepare_result($result, "addresses", true, false));
             }
         } else {
             // fetch all by tag
             if (isset($this->_params->id2)) {
                 // numeric
                 if (is_numeric($this->_params->id2)) {
                     $result = $this->Tools->fetch_object("ipTags", "id", $this->_params->id2);
                 } else {
                     $result = $this->Tools->fetch_multiple_objects("ipTags", "type", $this->_params->id2);
                 }
             } else {
                 $result = $this->Tools->fetch_all_objects("ipTags");
             }
             // result
             if ($result === false) {
                 $this->Response->throw_exception(404, 'Tag not found');
             } else {
                 return array("code" => 200, "data" => $this->prepare_result($result, "addresses/tags", true, false));
             }
         }
     } elseif (!isset($this->_params->id)) {
         $this->Response->throw_exception(400, 'Address ID is required');
     } elseif (is_numeric($this->_params->id)) {
         // ping
         if (@$this->_params->id2 == "ping") {
             # scan class
             $Scan = new Scan($this->Database);
             $Scan->ping_set_exit(false);
             // check address
             $this->validate_address_id();
             // set result
             $result['scan_type'] = $Scan->icmp_type;
             $result['exit_code'] = $Scan->ping_address($this->old_address->ip_addr);
             // success
             if ($result['exit_code'] == 0) {
                 $Scan->ping_update_lastseen($this->_params->id);
                 return array("code" => 200, "data" => $result);
             } else {
                 $this->Response->throw_exception(404, "Address offline. Exit code: " . $result['exit_code'] . "( " . $Scan->ping_exit_explain($result['exit_code']) . " )");
             }
         } else {
             // fetch
             $result = $this->Addresses->fetch_address("id", $this->_params->id);
             // check result
             if ($result == false) {
                 $this->Response->throw_exception(404, "Invalid Id");
             } else {
                 return array("code" => 200, "data" => $this->prepare_result($result, $this->_params->controller, true, true));
             }
         }
     } elseif (@$this->_params->id == "search") {
         // validate
         if (!$this->Addresses->validate_address($this->_params->id2)) {
             $this->Response->throw_exception(404, 'Invalid address');
         }
         // search
         $result = $this->Tools->fetch_multiple_objects("ipaddresses", "ip_addr", $this->Subnets->transform_address($this->_params->id2, "decimal"));
         // check result
         if ($result === false) {
             $this->Response->throw_exception(404, 'Address not found');
         } else {
             return array("code" => 200, "data" => $this->prepare_result($result, $this->_params->controller, true, true));
         }
     } else {
         $this->Response->throw_exception(400, "Invalid Id");
     }
 }
Esempio n. 28
0
 *			 dead			//array of dead hosts
 *			 serror			//error in scanning
 *
 *	Scan type is fetched from DB settings, currently supported scans for cli are:
 *		* ping
 *		* pear
 *		* fping
 *
 */
/* functions */
require dirname(__FILE__) . '/../../functions/functions.php';
require dirname(__FILE__) . '/../../functions/classes/class.Thread.php';
# initialize user object
$Database = new Database_PDO();
$Subnets = new Subnets($Database);
$Scan = new Scan($Database);
//set exit flag to true
$Scan->ping_set_exit(true);
/**
 *	Input checks
 */
//script can only be run from cli
if (php_sapi_name() != "cli") {
    die(json_encode(array("status" => 1, "error" => "This script can only be run from cli!")));
}
//check input parameters
if (!isset($argv[1]) || !isset($argv[2])) {
    die(json_encode(array("status" => 1, "error" => "Missing required input parameters")));
}
// test to see if threading is available
if (!Thread::available()) {
Esempio n. 29
0
        }
    }
}
# print change
if ($Scan->debugging) {
    print "\nAddress changes:\n----------\n";
    print_r($address_change);
}
# all done, mail diff?
if (sizeof($address_change) > 0 && $send_mail) {
    if (!is_object(@$Scan)) {
        $Database = new Database_PDO();
        $Subnets = new Subnets($Database);
        $Addresses = new Addresses($Database);
        $Tools = new Tools($Database);
        $Scan = new Scan($Database);
        $Result = new Result();
        // set exit flag to true
        $Scan->ping_set_exit(true);
        // set debugging
        $Scan->reset_debugging(false);
    }
    # check for recipients
    foreach ($Tools->fetch_multiple_objects("users", "role", "Administrator") as $admin) {
        if ($admin->mailNotify == "Yes") {
            $recepients[] = array("name" => $admin->real_name, "email" => $admin->email);
        }
    }
    # none?
    if (!isset($recepients)) {
        die;
Esempio n. 30
0
****************************************************************************/
/**
* Class and Function List:
* Function list:
* Classes list:
*/
require_once 'classes/Session.inc';
Session::logcheck("MenuConfiguration", "ConfigurationHostScan");
?>

<?php 
require_once 'classes/Security.inc';
if (POST('delete')) {
    require_once 'classes/Scan.inc';
    require_once 'ossim_db.inc';
    $db = new ossim_db();
    $conn = $db->connect();
    Scan::delete_all($conn);
    $db->close($conn);
}
?>

    <form method="post" action="<?php 
echo $_SERVER["SCRIPT_NAME"];
?>
">
      <input type="hidden" name="delete" value="delete">
      <input type="submit" value="Delete">
    </form>