/**
* Create a new scan
* @param scan_type str: the plaintext id of the scan (eg. library)
* @return scan_id
*/
public function addScan($scan_type)
{
$scan = new Scan();
$scan->scan_time = date('Y-m-d h:i:s');
$scan->scan_type = $scan_type;
$scan->save();
$id = $scan->getId();
$scan->free();
unset($scan);
if ($id) {
return $id;
} else {
throw new Exception('Could not get a new scan id - please check your database is set up correctly');
}
}
public static function newScan()
{
global $wicker;
$instance = new self();
$instance->connectToDatabase();
$guid = $wicker->newGUID();
$statement = $instance->db->con()->prepare("INSERT INTO `scans` (`time`, `guid`) VALUES (?, ?)");
$statement->execute(array(time(), $guid));
return Scan::fromDB("[G]" . $guid);
}
static function getUserList()
{
$userList = User::all()->toArray();
//echo '<pre>'; print_r($userList); echo '</pre>'; exit;
//dd(User::all());
foreach ($userList as $key => $user) {
//echo $key;
//echo '<pre>'; print_r($user); echo '</pre>'; //exit;
$scanEnds = Scan::getScanEnds($user['id']);
//echo '<pre>'; print_r($scanEnds); echo '</pre>'; exit;
$userList[$key]['last_scan'] = $scanEnds[0]->last_scan;
$userList[$key]['first_scan'] = $scanEnds[0]->first_scan;
}
return $userList;
}
<th>Date</th>
</tr>
</thead>
<tbody>
<?php
if (!$hidden) {
$action = "hide";
$statement = $wicker->db->con()->prepare("SELECT * FROM `scans` WHERE `status` <> 3 AND `individual` <> 1 ORDER BY `id` DESC");
} else {
$action = "unhide";
$statement = $wicker->db->con()->prepare("SELECT * FROM `scans` WHERE `status` = 3 AND `individual` <> 1 ORDER BY `id` DESC");
}
$statement->execute();
for ($a = 0; $a < $statement->rowCount(); $a++) {
$info = $statement->fetchObject();
$scan = Scan::FromDB($info->id);
?>
<tr>
<td><?php
echo $a + 1;
?>
</td>
<td><a href="scanview.php?id=<?php
echo $scan->getID();
?>
">View</a> | <a href="scanner.php?do=<?php
echo $action;
?>
&id=<?php
echo $scan->getID();
?>
$scan_subnets[$sk]->discovered = $add_tmp[$s->id];
}
}
}
# print change
if ($Scan->debugging) {
"\nDiscovered addresses:\n----------\n";
print_r($scan_subnets);
}
# reinitialize objects
$Database = new Database_PDO();
$Admin = new Admin($Database, false);
$Addresses = new Addresses($Database);
$Subnets = new Subnets($Database);
$DNS = new DNS($Database);
$Scan = new Scan($Database);
$Result = new Result();
# insert to database
$discovered = 0;
//for mailing
foreach ($scan_subnets as $s) {
if (sizeof(@$s->discovered) > 0) {
foreach ($s->discovered as $ip) {
// fetch subnet
$subnet = $Subnets->fetch_subnet("id", $s->id);
$nsid = $subnet === false ? false : $subnet->nameserverId;
// try to resolve hostname
$hostname = $DNS->resolve_address($ip, false, true, $nsid);
//set update query
$values = array("subnetId" => $s->id, "ip_addr" => $Subnets->transform_address($ip, "decimal"), "dns_name" => $hostname['name'], "description" => "-- autodiscovered --", "note" => "This host was autodiscovered on " . $nowdate, "lastSeen" => $nowdate, "state" => "2", "action" => "add");
//insert
/**
* Script to check edited / deleted / new IP addresses
* If all is ok write to database
*************************************************/
# include required scripts
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize required objects
$Database = new Database_PDO();
$Result = new Result();
$User = new User($Database);
$Subnets = new Subnets($Database);
$Tools = new Tools($Database);
$Addresses = new Addresses($Database);
$Log = new Logging($Database, $User->settings);
$Zones = new FirewallZones($Database);
$Ping = new Scan($Database);
# verify that user is logged in
$User->check_user_session();
# validate csrf cookie
$User->csrf_cookie("validate", "address", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
# validate action
$Tools->validate_action($_POST['action']);
$action = $_POST['action'];
//reset delete action form visual visual
if (isset($_POST['action-visual'])) {
if (@$_POST['action-visual'] == "delete") {
$action = "delete";
}
}
# save $_POST to $address
$address = $_POST;
if ($scan->getPID() != 0 && $scan->getStatus() == 1) {
$scan->setStatus(2);
system("sudo kill " . $scan->getPID());
header('Location: apview.php?parent_scan=' . $_GET['parent_scan'] . '&scanid=' . $_GET['scanid'] . '&bssid=' . $_GET['bssid']);
die;
}
} else {
if ($_GET['do'] == "terminatenstart") {
// Terminate parent scan
$previous = Scan::fromDB($_GET['parent_scan']);
if ($previous->getPID() != 0 && $previous->getStatus() == 1) {
$previous->setStatus(2);
system("sudo kill " . $previous->getPID());
}
// Start new individual scan
$scan = Scan::newScan();
$scan->setStatus(1);
$scan->startIndScan($parent_ap->getBSSID(), $parent_ap->getChannel());
$parent_ap->setIndScanID($scan->getID());
header('Location: apview.php?parent_scan=' . $_GET['parent_scan'] . '&scanid=' . $scan->getID() . '&bssid=' . $_GET['bssid']);
die;
} else {
if ($_GET['do'] == "deauth") {
$wicker->deauth($_GET['bssid'], $_GET['deauthmac'], "scans/" . $ind_scan->getGUID() . ".log");
} else {
if ($_GET['do'] == "deauthbroadcast") {
$wicker->deauth($_GET['bssid'], null, "scans/" . $ind_scan->getGUID() . ".log");
} else {
if ($_GET['do'] == "associate") {
$wicker->associate($_GET['bssid'], "scans/" . $ind_scan->getGUID() . ".log");
} else {
* You may not use, modify or distribute this program under any other version
* of the GNU General Public License.
*
* This package is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA 02110-1301 USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
require_once 'scan_util.php';
Session::logcheck('environment-menu', 'ToolsScan');
$db = new ossim_db();
$conn = $db->connect();
$scan = new Scan();
$lastscan = $scan->get_results();
if (!empty($lastscan['scanned_ips'])) {
scan2html($conn, $lastscan);
}
$db->close();
<?php
/**
* Script that checks if IP is alive
*/
# include required scripts
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize required objects
$Database = new Database_PDO();
$Result = new Result();
$User = new User($Database);
$Subnets = new Subnets($Database);
$Tools = new Tools($Database);
$Addresses = new Addresses($Database);
$Ping = new Scan($Database, $User->settings);
# verify that user is logged in
$User->check_user_session();
# validate post
is_numeric($_POST['subnetId']) ?: $Result->show("danger", _("Invalid ID"), true);
is_numeric($_POST['id']) || strlen($_POST['id']) == 0 ?: $Result->show("danger", _("Invalid ID"), true);
# set and check permissions
$subnet_permission = $Subnets->check_permission($User->user, $_POST['subnetId']);
$subnet_permission > 2 ?: $Result->show("danger", _('Cannot edit IP address details') . '! <br>' . _('You do not have write access for this network'), true, true);
# fetch address
$address = (array) $Addresses->fetch_address(null, $_POST['id']);
# try to ping it
$pingRes = $Ping->ping_address($address['ip']);
# update last seen if success
if ($pingRes == 0) {
@$Ping->ping_update_lastseen($address['id']);
}
?>
<script type="text/javascript">
parent.$('#scan_button').attr('disabled', '');
parent.$('#scan_button').removeClass();
parent.$('#scan_button').addClass('button');
</script>
<?php
exit;
}
}
$assets = rtrim($assets_string);
$scan_path_log = "/tmp/nmap_scanning_" . md5(Session::get_secure_id()) . ".log";
require_once 'classes/Scan.inc';
// Only Stop
if ($only_stop) {
$scan = new Scan($assets);
$scan->stop_nmap();
exit;
}
session_write_close();
if (!$only_status && !$only_stop) {
$rscan = new RemoteScan($assets, $full_scan == "full" ? "root" : "ping");
if (($available = $rscan->available_scan()) != "") {
$remote_sensor = $available;
} else {
$remote_sensor = "null";
}
$cmd = "/usr/bin/php /usr/share/ossim/scripts/vulnmeter/remote_nmap.php '{$assets}' '{$remote_sensor}' '{$timing_template}' '{$full_scan}' '" . $rscan->nmap_completed_scan . "' > {$scan_path_log} 2>&1 &";
if (file_exists($rscan->nmap_completed_scan)) {
@unlink($rscan->nmap_completed_scan);
}
/**
* Read address functions
*
* identifiers can be:
* - /addresses/{id}/
* - /addresses/{id}/ping/ // pings address
* - /addresses/{ip}/{subnetId}/ // Returns address from subnet
* - /addresses/search/{ip_address}/ // searches for addresses in database, returns multiple if found
* - /addresses/search_hostname/{hostname}/ // searches for addresses in database by hostname, returns multiple if found
* - /addresses/search_hostbase/{hostbase}/ // searches for addresses by leading substring (base) of hostname, returns ordered multiple
* - /addresses/first_free/{subnetId}/ // returns first available address (subnetId can be provided with parameters)
* - /addresses/custom_fields/ // custom fields
* - /addresses/tags/ // all tags
* - /addresses/tags/{id}/ // specific tag
* - /addresses/tags/{id}/addresses/ // returns all addresses that are tagged with this tag ***if subnetId is provided it will be filtered to specific subnet
*
* @access public
* @return void
*/
public function GET()
{
// subnet Id > read all addresses in subnet
if ($this->_params->id == "custom_fields") {
// check result
if (sizeof($this->custom_fields) == 0) {
$this->Response->throw_exception(404, 'No custom fields defined');
} else {
return array("code" => 200, "data" => $this->custom_fields);
}
} elseif ($this->_params->id == "first_free") {
// check for isFull
if (isset($this->_params->subnetId)) {
$subnet = $this->Tools->fetch_object("subnets", "id", $this->_params->subnetId);
} else {
$subnet = $this->Tools->fetch_object("subnets", "id", $this->_params->id2);
}
if ($subnet->isFull == 1) {
$this->Response->throw_exception(404, "No free addresses found");
}
$this->_params->ip_addr = $this->Addresses->get_first_available_address($subnet->id, $this->Subnets);
// null
if ($this->_params->ip_addr == false) {
$this->Response->throw_exception(404, 'No free addresses found');
} else {
return array("code" => 200, "data" => $this->Addresses->transform_address($this->_params->ip_addr, "dotted"));
}
} elseif ($this->Tools->validate_ip($this->_params->id) !== false && isset($this->_params->id2)) {
// fetch all in subnet
$result = $this->Tools->fetch_multiple_objects("ipaddresses", "subnetId", $this->_params->id2);
if ($result !== false) {
foreach ($result as $k => $r) {
if ($r->ip !== $this->_params->id) {
unset($result[$k]);
} else {
$result_filtered = $r;
}
}
if (sizeof($result) == 0) {
$result = false;
} else {
$result = $result_filtered;
}
}
if ($result == false) {
$this->Response->throw_exception(404, 'No addresses found');
} else {
return array("code" => 200, "data" => $result);
}
} elseif ($this->_params->id == "tags") {
// validate
$this->validate_tag();
// all addresses with tag
if (@$this->_params->id3 == "addresses") {
// fetch
$result = $this->Tools->fetch_multiple_objects("ipaddresses", "state", $this->_params->id2);
// filter by subnetId
if ($result !== false) {
if (isset($this->_params->subnetId)) {
if (is_numeric($this->_params->subnetId)) {
// filter
foreach ($result as $k => $v) {
if ($v->subnetId != $this->_params->subnetId) {
unset($result[$k]);
}
}
// any left
if (sizeof($result) == 0) {
$result = false;
}
}
}
}
// result
if ($result === false) {
$this->Response->throw_exception(404, 'No addresses found');
} else {
return array("code" => 200, "data" => $this->prepare_result($result, "addresses", true, false));
}
} else {
// fetch all by tag
if (isset($this->_params->id2)) {
// numeric
if (is_numeric($this->_params->id2)) {
$result = $this->Tools->fetch_object("ipTags", "id", $this->_params->id2);
} else {
$result = $this->Tools->fetch_multiple_objects("ipTags", "type", $this->_params->id2);
}
} else {
$result = $this->Tools->fetch_all_objects("ipTags");
}
// result
if ($result === false) {
$this->Response->throw_exception(404, 'Tag not found');
} else {
return array("code" => 200, "data" => $this->prepare_result($result, "addresses/tags", true, false));
}
}
} elseif (!isset($this->_params->id)) {
$this->Response->throw_exception(400, 'Address ID is required');
} elseif (is_numeric($this->_params->id)) {
// ping
if (@$this->_params->id2 == "ping") {
# scan class
$Scan = new Scan($this->Database);
$Scan->ping_set_exit(false);
// check address
$this->validate_address_id();
// set result
$result = array();
$result['scan_type'] = $Scan->icmp_type;
$result['exit_code'] = $Scan->ping_address($this->old_address->ip);
$result['result_code'] = $Scan->ping_exit_explain($result['exit_code']);
$result['message'] = $result['exit_code'] == 0 ? "Address online" : "Address offline";
// success
if ($result['exit_code'] == 0) {
$Scan->ping_update_lastseen($this->_params->id);
}
return array("code" => 200, "data" => $result);
} else {
// fetch
$result = $this->Addresses->fetch_address("id", $this->_params->id);
// check result
if ($result == false) {
$this->Response->throw_exception(404, "Invalid Id");
} else {
return array("code" => 200, "data" => $this->prepare_result($result, $this->_params->controller, true, true));
}
}
} elseif (@$this->_params->id == "search") {
// validate
if (!$this->Addresses->validate_address($this->_params->id2)) {
$this->Response->throw_exception(404, 'Invalid address');
}
// search
$result = $this->Tools->fetch_multiple_objects("ipaddresses", "ip_addr", $this->Subnets->transform_address($this->_params->id2, "decimal"));
// check result
if ($result === false) {
$this->Response->throw_exception(404, 'Address not found');
} else {
return array("code" => 200, "data" => $this->prepare_result($result, $this->_params->controller, true, true));
}
} elseif (@$this->_params->id == "search_hostname") {
$result = $this->Tools->fetch_multiple_objects("ipaddresses", "dns_name", $this->_params->id2);
// check result
if ($result === false) {
$this->Response->throw_exception(404, 'Host name not found');
} else {
return array("code" => 200, "data" => $this->prepare_result($result, $this->_params->controller, false, false));
}
} elseif (@$this->_params->id == "search_hostbase") {
$target = $this->_params->id2 . "%";
$result = $this->Tools->fetch_multiple_objects("ipaddresses", "dns_name", $target, "dns_name", true, true);
// check result
if ($result === false) {
$this->Response->throw_exception(404, 'Host name not found');
} else {
return array("code" => 200, "data" => $this->prepare_result($result, $this->_params->controller, false, false));
}
} else {
$this->Response->throw_exception(400, "Invalid Id");
}
}
if ($nmap_running) {
echo "do_scan.php?only_status=1";
}
?>
" frameborder="0" scrolling="no"></iframe>
</td>
</tr>
</table>
</div>
</form>
<!-- end of Asset form -->
<?php
require_once 'classes/Scan.inc';
$scan = new Scan("");
if (GET('clearscan')) {
Scan::del_scan($scan->nmap_completed_scan);
}
$lastscan = $scan->get_scan();
if (is_array($lastscan) && count($lastscan) > 0) {
require_once 'scan_util.php';
$_SESSION["_scan"] = $lastscan;
scan2html($lastscan);
} else {
echo "<!-- <p align=\"center\">";
echo _("NOTE: This tool is a nmap frontend. In order to use all nmap functionality, you need root privileges.");
echo "<br/>";
echo _("For this purpose you can use suphp, or change group to the web-user and set suid to nmap binary (<strong>chgrp www-data /usr/bin/nmap ; chmod 4750 /usr/bin/nmap</strong>).");
echo "</p> -->";
}
$statusCaracteresEspeciais = false;
}
$objRandom = new Random();
$senha = $objRandom->gerandoSenha($tamanho, $statusLetrasMinusculas, $statusLetrasMaiusculas, $statusNumeros, $statusCaracteresEspeciais);
$objScan = new Scan();
$result = $objScan->scanpassword($senha);
$objMountPeriod = new Period();
$period = $objMountPeriod->mountPeriod($result['product']);
$objDao = new Dao();
$objDao->executeQuery('INSERT INTO tbl_counting (forca_senha, auxiliado) VALUES (' . $period['level'] . ', 0)');
require 'view/viewResult.php';
} else {
if (isset($_POST['powerkey'])) {
$tamanho = 20;
$statusNumeros = $statusLetrasMinusculas = $statusLetrasMaiusculas = $statusCaracteresEspeciais = true;
$objRandom = new Random();
$senha = $objRandom->gerandoSenha($tamanho, $statusLetrasMinusculas, $statusLetrasMaiusculas, $statusNumeros, $statusCaracteresEspeciais);
$objScan = new Scan();
$result = $objScan->scanpassword($senha);
$objMountPeriod = new Period();
$period = $objMountPeriod->mountPeriod($result['product']);
$objDao = new Dao();
$objDao->executeQuery('INSERT INTO tbl_counting (forca_senha, auxiliado) VALUES (' . $period['level'] . ', 1)');
require 'view/viewResult.php';
} else {
$objDao = new Dao();
$retornoconsulta = $objDao->executeConsult('SELECT count(*) FROM tbl_counting');
$total = mysqli_fetch_array($retornoconsulta);
require 'view/viewIndex.php';
}
}
die("Incorrect net/host format {$net}\n");
}
if ($remote_sensor != "" && $remote_sensor != "null") {
$rscan = new RemoteScan($net, "ping", $remote_sensor, $nmap_completed_scan);
$quiet = $timing_template != "" ? FALSE : TRUE;
echo "Scanning remote network: {$net}\n";
$rscan->do_scan($quiet);
if ($rscan->err() == "") {
$ips = $rscan->get_scan();
} else {
$ips = array();
echo "Unable to run remote scan: " . $rscan->err() . "\n";
}
} else {
echo "Scanning local network: {$net}\n";
$scan = new Scan($net, null, $nmap_completed_scan);
$scan->append_option($timing_template);
if ($full == "fast") {
$scan->append_option("-F");
$scan->do_scan(TRUE);
} elseif ($full == "full") {
$scan->do_scan(TRUE);
} else {
$scan->do_scan(FALSE);
}
echo "\n";
$ips = $scan->get_scan();
}
foreach ($ips as $ip => $val) {
echo "Host {$ip} appears to be up\n";
}
}
else
{
var tt_class = 'tt_error';
var hd_class = 'host_details_e';
}
var html_details = '<div class="tray_container">' +
'<div class="tray_triangle ' + tt_class +'"></div>' +
details +
'</div>';
dt.fnOpen(nTr, html_details, hd_class);
}
});
});
}
}
});
</script>
<?php
//Delete scan results
if (count($data['general']['hosts_in_group']) > 0) {
$scan_object = new Scan();
$scan_object->delete_data();
}
$db->close();
}
function cancel_scan($wizard)
{
$step = intval($wizard->get_step_data('scan_step'));
if ($step == 1 || $step == 2) {
$obj = new Scan();
$obj->stop();
$obj->delete_data();
}
$wizard->clean_step_data();
$wizard->save_status();
$response['error'] = FALSE;
return $response;
}
break;
}
if (isset($joomlaFolders)) {
foreach ($joomlaFolders as $value) {
if (!isset($skipFolders)) {
$skipFolders = array($value . "/tmp/");
} else {
array_push($skipFolders, $value . "/tmp/");
}
array_push($skipFolders, $value . "/log/");
array_push($skipFolders, $value . "/cache/");
array_push($skipFolders, $value . "/administrator/cache/");
}
}
$dbconfig = new Dbconfig($host, $database, $user, $password);
$scan = new Scan($dbconfig, $domain);
if ($scan->Connect()) {
// check to see if last scan completed correctly
if ($alreadyRunning === false) {
$scan->scanFiles($path, $skipFolders, $processExtensions, $skipExtensions);
}
set_time_limit(30);
$scan->emailResults($email, $emailinterval, $alreadyRunning);
$scan->deleteOldTestedRecords();
$scan = NULL;
} else {
$text = "Error in running hashscan.php for this domain, consult logfile";
$mailed = mail($email, "WebMonitor: ERROR SCANNING " . $domain, $text);
}
unset($appStatus);
Logfile::writeWhen("Closing Logfile");
$data['progress']['total'] = $progress['total_hosts'];
if ($progress['remaining'] == -1) {
$data['progress']['time'] = _('Calculating Remaining Time');
} else {
$data['progress']['time'] = Welcome_wizard::format_time($progress['remaining']) . ' ' . _('remaining');
}
} else {
$data['message'] = NULL;
$data['progress'] = NULL;
$data['debug_info'] = NULL;
}
$data['debug_info'] = NULL;
}
}
} else {
$scan = new Scan();
if (preg_match('/finished/i', $scan->get_status())) {
$lastscan = $scan->get_results();
$debug_info = '';
if (is_array($lastscan['nmap_data']) && !empty($lastscan['nmap_data'])) {
$debug_info = $lastscan['nmap_data']['cmd'] . '|' . $lastscan['nmap_data']['version'] . '|' . $lastscan['nmap_data']['xmloutputversion'];
unset($lastscan['nmap_data']);
}
$data['state'] = 'finished';
$data['message'] = NULL;
$data['progress'] = NULL;
$data['debug_info'] = $debug_info;
if (is_array($lastscan['scanned_ips']) && count($lastscan['scanned_ips']) == 0) {
$scan->delete_data();
}
} else {
header('Location: scanview.php?id=' . $scan->getID());
} else {
if ($scan->getPID() == 0) {
$wicker->error("PID of scan was 0.");
} else {
if ($scan->getStatus() == 2) {
$wicker->error("This scan has already been terminated");
} else {
$wicker->error("An unknown error has occured");
}
}
}
die;
} else {
if ($do == "update") {
$scan = Scan::fromDB($id);
$data = $scan->parseCSV();
$aps = $data["aps"];
$clients = $data["clients"];
// Update scan counts for APs and Clients
$scan->setAPCount(count($aps));
$scan->setClientCount(count($clients));
// Add APs to DB if they aren't already there
foreach ($aps as $ap) {
$check = AP::fromDB($scan->getID(), $ap["bssid"]);
// Add AP if not found
if ($check->getID() == null) {
AP::newAP($scan->getID(), $ap["bssid"], strtotime($ap["first_seen"]), strtotime($ap["last_seen"]), $ap["channel"], $ap["privacy"], $ap["cipher"], $ap["authentication"], $ap["power"], $ap["beacons"], $ap["ivs"], $ap["essid"], round($_POST['lat'], 7), round($_POST['long'], 7));
// Update AP in DB
} else {
// Update Coordinates if seen within last 10 seconds
$rscan->do_scan($quiet);
if ($rscan->err() == '') {
$ips = $rscan->get_scan();
} else {
$ips = array();
echo '<br>\\n<b>Unable to run remote scan:</b> ' . $rscan->err() . "\n";
}
// delete results (only for vulnerabilities scans)
if ($argv[3] == 'vulnscan') {
$rscan->del_scan();
}
} else {
echo 'Scanning local networks: ' . $targets . "\n";
$only_ping = $scan_type == 'ping' || $argv[3] == 'vulnscan' ? TRUE : FALSE;
$config = array('only_ping' => $only_ping, 'user' => $user);
$scan = new Scan($targets, $config);
if ($argv[3] != 'vulnscan') {
// Append Timing
$scan->append_option($timing_template);
// Append Autodetect
if ($autodetect) {
if ($scan_type != 'fast') {
$scan->append_option('-A');
} else {
$scan->append_option('-sV -O --osscan-guess --max-os-tries=1');
}
}
// Append RDNS
if (!$rdns) {
$scan->append_option('-n');
}
* values : error //provided error text
* alive //array of active hosts
* dead //array of dead hosts
* serror //error in scanning
*
* Scan type is telnet
*
*/
/* functions */
require dirname(__FILE__) . '/../../functions/functions.php';
require dirname(__FILE__) . '/../../functions/classes/class.Thread.php';
# initialize user object
$Database = new Database_PDO();
$Subnets = new Subnets($Database);
$Addresses = new Addresses($Database);
$Scan = new Scan($Database);
//set exit flag to true
$Scan->ping_set_exit(true);
/**
* Input checks
*/
//script can only be run from cli
if (php_sapi_name() != "cli") {
die(json_encode(array("status" => 1, "error" => "This script can only be run from cli!")));
}
//check input parameters
if (!isset($argv[1]) || !isset($argv[2])) {
die(json_encode(array("status" => 1, "error" => "Missing required input parameters")));
}
// test to see if threading is available
if (!Thread::available()) {
/****************************************************
**************** Configuration Data ****************
****************************************************/
$conf = $GLOBALS['CONF'];
if (!$conf) {
$conf = new Ossim_conf();
$GLOBALS['CONF'] = $conf;
}
/****************************************************
******************** Scan Data *********************
****************************************************/
//Database connection
$db = new ossim_db();
$conn = $db->connect();
//Scan results
$scan = new Scan();
$scan_results = $scan->get_results();
$sensor = $scan_results['sensor'];
if (!empty($sensor['ctx'])) {
$ctx = $sensor['ctx'];
} else {
echo ossim_error(_('Error! Scan results not found'));
exit;
}
/*
echo '<pre style="white-space: pre;">';
print_r($_SESSION['_scan']);
echo '</pre>';
*/
//All sensors
$filters = array('where' => "sensor.id = acl_sensors.sensor_id AND acl_sensors.entity_id = UNHEX('{$ctx}')");
<?php
require_once "Scan.class.php";
$type = $_GET['type'];
$scan = Scan::FromDB($_GET['id']);
if ($type == "ap") {
?>
<table class="table">
<h3>APs - <?php
echo $scan->getAPCount();
?>
</h3>
<thead>
<tr>
<th>#</th>
<th>BSSID</th>
<th>ESSID</th>
<th>First seen</th>
<th>Last seen</th>
<th>Channel</th>
<th>Privacy</th>
<th>Power</th>
<th>Beacons</th>
<th>IVs</th>
</tr>
</thead>
<tbody>
<?php
$aps = $scan->getAPs("power", "DESC");
$a = 0;
if (count($aps) != 0) {
<?php
require_once "Wicker.php";
require_once "Scan.class.php";
$scan = Scan::fromDB(1);
$statement = $wicker->db->con()->prepare("SELECT * FROM `aps` WHERE `scan_id` = ? GROUP BY `latitude` ORDER BY `id`");
$statement->execute(array(1));
$a = 0;
while ($info = $statement->fetchObject()) {
$coords[$a]["lat"] = $info->latitude;
$coords[$a]["long"] = $info->longitude;
$array_lat[] = $info->latitude;
$array_long[] = $info->longitude;
$a++;
}
$avg_lat = array_avg($array_lat);
$avg_long = array_avg($array_long);
$coord_data = <<<COORD
var latlng = new google.maps.LatLng({$avg_lat}, {$avg_long});
var myOptions = {
zoom: 14,
center: latlng,
mapTypeId: google.maps.MapTypeId.ROADMAP
};
var map = new google.maps.Map(document.getElementById("map_canvas"),
myOptions);
COORD;
$coord_data .= "\n";
$a = 0;
$multiple = true;
foreach ($coords as $coord) {
* 0 1 * * * /usr/local/bin/php /<sitepath>/functions/scripts/pingCheck.php > /dev/null 2>&1
*
*
* In case of problems set reset_debugging to true
*
*/
# include required scripts
require dirname(__FILE__) . '/../functions.php';
require dirname(__FILE__) . '/../../functions/classes/class.Thread.php';
require dirname(__FILE__) . '/../../functions/classes/class.Mail.php';
# initialize objects
$Database = new Database_PDO();
$Subnets = new Subnets($Database);
$Addresses = new Addresses($Database);
$Tools = new Tools($Database);
$Scan = new Scan($Database);
$DNS = new DNS($Database);
$Result = new Result();
// set exit flag to true
$Scan->ping_set_exit(true);
// set debugging
$Scan->reset_debugging(false);
// change scan type?
//$Scan->reset_scan_method ("pear");
// set ping statuses
$statuses = explode(";", $Scan->settings->pingStatus);
// set mail override flag
$send_mail = true;
// response for mailing
$address_change = array();
// Array with differences, can be used to email to admins
// Launch scan
if (!$only_status && !$only_stop) {
// This object is only for checking available sensors
$rscan = new Remote_scan($assets, $scan_mode == 'full' ? 'root' : 'ping');
$available = $rscan->available_scan(preg_match('/^[0-9A-F]{32}$/i', $sensor) ? $sensor : '');
$remote_sensor = "null";
// default runs local scan
unset($_SESSION['_remote_sensor_scan']);
if (preg_match('/[0-9A-F]{32}/i', $sensor)) {
if ($available == '') {
$remote_sensor = 'null';
$data['status'] = 'warning';
$data['data'] = _('Warning! The selected sensor is not available for remote scan. Using automatic option...');
} else {
$remote_sensor = $sensor;
$_SESSION['_remote_sensor_scan'] = $sensor;
}
}
if ($sensor == 'auto' && $available != '') {
$remote_sensor = $available;
$_SESSION['_remote_sensor_scan'] = $available;
}
$scan = new Scan();
$scan->delete_data();
// Launch scan in background
$cmd = "/usr/bin/php /usr/share/ossim/scripts/vulnmeter/remote_nmap.php '{$assets}' '{$remote_sensor}' '{$timing_template}' '{$scan_mode}' '" . Session::get_session_user() . "' '{$autodetect}' '{$rdns}' '{$custom_ports}' > {$scan_path_log} 2>&1 &";
system($cmd);
}
session_write_close();
echo json_encode($data);
exit;
/**
* Read address functions
*
* identifiers can be:
* - {id}
* - {id}/ping/ // pings address
* - /search/{ip_address}/ // searches for addresses in database, returns multiple if found
* - custom_fields
* - tags // all tags
* - tags/{id}/ // specific tag
* - tags/{id}/addresses // returns all addresses that are tagged with this tag ***if subnetId is provided it will be filtered to specific subnet
*
* @access public
* @return void
*/
public function GET()
{
// subnet Id > read all addresses in subnet
if ($this->_params->id == "custom_fields") {
// check result
if (sizeof($this->custom_fields) == 0) {
$this->Response->throw_exception(404, 'No custom fields defined');
} else {
return array("code" => 200, "data" => $this->custom_fields);
}
} elseif ($this->_params->id == "tags") {
// validate
$this->validate_tag();
// all addresses with tag
if (@$this->_params->id3 == "addresses") {
// fetch
$result = $this->Tools->fetch_multiple_objects("ipaddresses", "state", $this->_params->id2);
// filter by subnetId
if ($result !== false) {
if (isset($this->_params->subnetId)) {
if (is_numeric($this->_params->subnetId)) {
// filter
foreach ($result as $k => $v) {
if ($v->subnetId != $this->_params->subnetId) {
unset($result[$k]);
}
}
// any left
if (sizeof($result) == 0) {
$result = false;
}
}
}
}
// result
if ($result === false) {
$this->Response->throw_exception(404, 'No addresses found');
} else {
return array("code" => 200, "data" => $this->prepare_result($result, "addresses", true, false));
}
} else {
// fetch all by tag
if (isset($this->_params->id2)) {
// numeric
if (is_numeric($this->_params->id2)) {
$result = $this->Tools->fetch_object("ipTags", "id", $this->_params->id2);
} else {
$result = $this->Tools->fetch_multiple_objects("ipTags", "type", $this->_params->id2);
}
} else {
$result = $this->Tools->fetch_all_objects("ipTags");
}
// result
if ($result === false) {
$this->Response->throw_exception(404, 'Tag not found');
} else {
return array("code" => 200, "data" => $this->prepare_result($result, "addresses/tags", true, false));
}
}
} elseif (!isset($this->_params->id)) {
$this->Response->throw_exception(400, 'Address ID is required');
} elseif (is_numeric($this->_params->id)) {
// ping
if (@$this->_params->id2 == "ping") {
# scan class
$Scan = new Scan($this->Database);
$Scan->ping_set_exit(false);
// check address
$this->validate_address_id();
// set result
$result['scan_type'] = $Scan->icmp_type;
$result['exit_code'] = $Scan->ping_address($this->old_address->ip_addr);
// success
if ($result['exit_code'] == 0) {
$Scan->ping_update_lastseen($this->_params->id);
return array("code" => 200, "data" => $result);
} else {
$this->Response->throw_exception(404, "Address offline. Exit code: " . $result['exit_code'] . "( " . $Scan->ping_exit_explain($result['exit_code']) . " )");
}
} else {
// fetch
$result = $this->Addresses->fetch_address("id", $this->_params->id);
// check result
if ($result == false) {
$this->Response->throw_exception(404, "Invalid Id");
} else {
return array("code" => 200, "data" => $this->prepare_result($result, $this->_params->controller, true, true));
}
}
} elseif (@$this->_params->id == "search") {
// validate
if (!$this->Addresses->validate_address($this->_params->id2)) {
$this->Response->throw_exception(404, 'Invalid address');
}
// search
$result = $this->Tools->fetch_multiple_objects("ipaddresses", "ip_addr", $this->Subnets->transform_address($this->_params->id2, "decimal"));
// check result
if ($result === false) {
$this->Response->throw_exception(404, 'Address not found');
} else {
return array("code" => 200, "data" => $this->prepare_result($result, $this->_params->controller, true, true));
}
} else {
$this->Response->throw_exception(400, "Invalid Id");
}
}
* dead //array of dead hosts
* serror //error in scanning
*
* Scan type is fetched from DB settings, currently supported scans for cli are:
* * ping
* * pear
* * fping
*
*/
/* functions */
require dirname(__FILE__) . '/../../functions/functions.php';
require dirname(__FILE__) . '/../../functions/classes/class.Thread.php';
# initialize user object
$Database = new Database_PDO();
$Subnets = new Subnets($Database);
$Scan = new Scan($Database);
//set exit flag to true
$Scan->ping_set_exit(true);
/**
* Input checks
*/
//script can only be run from cli
if (php_sapi_name() != "cli") {
die(json_encode(array("status" => 1, "error" => "This script can only be run from cli!")));
}
//check input parameters
if (!isset($argv[1]) || !isset($argv[2])) {
die(json_encode(array("status" => 1, "error" => "Missing required input parameters")));
}
// test to see if threading is available
if (!Thread::available()) {
}
}
}
# print change
if ($Scan->debugging) {
print "\nAddress changes:\n----------\n";
print_r($address_change);
}
# all done, mail diff?
if (sizeof($address_change) > 0 && $send_mail) {
if (!is_object(@$Scan)) {
$Database = new Database_PDO();
$Subnets = new Subnets($Database);
$Addresses = new Addresses($Database);
$Tools = new Tools($Database);
$Scan = new Scan($Database);
$Result = new Result();
// set exit flag to true
$Scan->ping_set_exit(true);
// set debugging
$Scan->reset_debugging(false);
}
# check for recipients
foreach ($Tools->fetch_multiple_objects("users", "role", "Administrator") as $admin) {
if ($admin->mailNotify == "Yes") {
$recepients[] = array("name" => $admin->real_name, "email" => $admin->email);
}
}
# none?
if (!isset($recepients)) {
die;
****************************************************************************/
/**
* Class and Function List:
* Function list:
* Classes list:
*/
require_once 'classes/Session.inc';
Session::logcheck("MenuConfiguration", "ConfigurationHostScan");
?>
<?php
require_once 'classes/Security.inc';
if (POST('delete')) {
require_once 'classes/Scan.inc';
require_once 'ossim_db.inc';
$db = new ossim_db();
$conn = $db->connect();
Scan::delete_all($conn);
$db->close($conn);
}
?>
<form method="post" action="<?php
echo $_SERVER["SCRIPT_NAME"];
?>
">
<input type="hidden" name="delete" value="delete">
<input type="submit" value="Delete">
</form>