/**
* Check if the pages are being served over SSL
* This function uses the Apache server variable
* HTTPS to determine whether SSL is being used.
*
* @param boolean $stop Determine whether nessquik should
* stop all script execution if it hits this error.
* If this value is false, nessquik will just return
* a boolean true or false specifying whether the
* check passed or failed.
* @return bool True if the pages are being served over SSL
*/
public function check_secure($stop = false)
{
// If the user doesnt want me to check for HTTPS, then
// just always return true (aka lie that we're using HTTPS)
if (_CHECK_SECURE === false) {
return true;
}
$result = import_var('HTTPS', 'SE');
$result = strtolower($result);
$result = $result == "on" ? true : false;
if ($stop === true) {
if ($result === false) {
die("You're not running nessquik over HTTPS. Please correct this");
}
} else {
return $result;
}
}
/**
* Check to see if Nessus is running
*
* If Nessus is not running, obviously there could be a problem
* because no scheduled scans would be run. This will try to determine
* if the server is running on the local host. If nessquik is configured
* so that the scanner is on a different host from nessquik, then the
* check will always return true because there is no good way to
* absolutely make sure it is running on a remote system
*
* @return bool True on success, false on failure
*/
public function check_nessus()
{
/**
* If the nessus server is not running on localhost,
* there is no good (said fast) way to know if it is running.
* Therefore always return success if not running on localhost
*/
if (_NESSUS_SERVER != "localhost" && _NESSUS_SERVER != "127.0.0.1" && _NESSUS_SERVER != import_var('SERVER_NAME', 'SE') && _NESSUS_SERVER != import_var('SERVER_ADDR', 'SE')) {
return true;
}
exec("ps auxw|grep nessusd|grep -v grep", $pso);
$pso = @preg_replace("/\\s+/", " ", $pso[0]);
$list = explode(" ", $pso);
$pid = @$list[1];
$start = @$list[8];
if ($pid != "") {
return true;
} else {
return false;
}
}
$_hlp = Help::getInstance();
$tpl = SmartyTemplate::getInstance();
$tpl->template_dir = _ABSPATH . '/templates/';
$tpl->compile_dir = _ABSPATH . '/templates_c/';
if ($_POST) {
$action = import_var('action', 'P');
} else {
$action = import_var('action', 'G');
switch ($action) {
case "make_report":
continue;
default:
exit;
}
}
switch ($action) {
case "show_help_categories":
$categories = $_hlp->get_help_categories('G');
$tpl->assign('categories', $categories);
$tpl->display('help_categories.tpl');
break;
case "show_help_topics":
$category_id = import_var('category_id', 'P');
$topics = $_hlp->get_help_topics($category_id);
$category_name = $_hlp->get_category_name($category_id);
$tpl->assign('category_name', $category_name);
$tpl->assign('topics', $topics);
$tpl->assign('topic_count', count($topics));
$tpl->display('help_topics.tpl');
break;
}
$javascript = true;
} else {
$javascript = false;
}
break;
case "on":
$javascript = true;
break;
case "off":
$javascript = false;
break;
}
$log_file = _ABSPATH . "/logs/portscanmenow-" . $client_ip . '-' . $uniq . '.log';
$scantype = import_var('SCANTYPE', 'G');
$verbose = import_var('VERBOSE', 'G');
$port = import_var('PORT', 'G');
$port = get_port($port);
$verbose = get_verbose($verbose);
if ($scantype == "A") {
if ($port != "1-65535") {
$hdrtext = "Performing Aggressive Port {$port} Nmap Port Scan";
$logtype = "Port {$port} Aggressive Nmap Scan";
} else {
$hdrtext = "Performing Aggressive 65k Nmap Port Scan";
$logtype = "Aggressive 65k Nmap Scan";
}
$scanlength = "1 minute";
$options = "-sS -p {$port} -A -P0 -T4 --osscan_limit --osscan_guess --host_timeout 40m --max-retries 0";
} else {
if ($port != "1-65535") {
$hdrtext = "Performing Port {$port} Nmap Port Scan";
/**
* Prep the email related settings for the database
*
* This method is a skeleton method right now and
* is not used. In the future it will be used to
* prep the email-ish settings before they're inserted
* into the database
*/
public function update_alternate_email($email)
{
$settings['alternative_email_list'] = make_alternate_email_to_list($alternate_email_to);
$settings['custom_email_subject'] = substr(import_var('custom_email_subject', 'P', 'email_subject'), 0, 128);
}
$_snm->scanner_set = $_snm->getAllPlugins();
$settings = $_snm->getProfileSettings($profile_id);
$_snm->merge_severities();
$_snm->merge_families();
$_snm->merge_plugin_profiles();
$_snm->merge_plugins();
$_snm->merge_all();
// Make the nessusrc file that contains scanner settings
$output = $_snm->get_nrc_file_data($_snm->scanner_set, $settings);
$filename = "nessusrc";
$format = "txt";
$params = array('data' => $output, 'cache' => false, 'contenttype' => 'application/octet-stream', 'contentdisposition' => array(HTTP_DOWNLOAD_ATTACHMENT, "{$filename}.{$format}"));
HTTP_DOWNLOAD::staticSend($params, false);
break;
break;
case "make_machine_list":
require_once _ABSPATH . '/lib/ScanMaker.php';
if (!@(include_once _ABSPATH . '/lib/pear/HTTP/Download.php')) {
die("Could not find the PEAR HTTP/Download.php file");
}
$profile_id = import_var('profile_id');
$_snm = new ScanMaker($profile_id);
// Make the machine list that specifies all the machines that need to be scanned
$machine_list = $_snm->getMachines($profile_id);
$output = $_snm->get_ml_file_data($machine_list);
$filename = "machine-list";
$format = "txt";
$params = array('data' => $output, 'cache' => false, 'contenttype' => 'application/octet-stream', 'contentdisposition' => array(HTTP_DOWNLOAD_ATTACHMENT, "{$filename}.{$format}"));
HTTP_DOWNLOAD::staticSend($params, false);
break;
}
} else {
$profile_id = $stmt3->result(0);
}
$has_whitelist = $_usr->has_whitelist($username) ? true : false;
$has_saved_scans = $_usr->has_saved_scans($username) ? true : false;
$has_special_plugins = $_usr->has_special_plugins($division_id) ? true : false;
$has_clusters = $_usr->has_clusters($username) ? true : false;
$has_registered = $_usr->has_registered($username) ? true : false;
// If plugins have not been updated, then die
if ($stmt->num_rows() < 1) {
die("You need to run the update-plugins and nasl_name_updater first");
}
if ($page == "settings") {
$scanners_count = $_usr->count_available_scanners($division_id);
$tpl->assign('scanners_count', $scanners_count);
$tpl->assign('page', 'settings');
} else {
if ($page == "scans") {
$tpl->assign('page', 'scans');
} else {
if ($page == "help") {
$tpl->assign('page', 'help');
} else {
$scanners_count = $_usr->count_available_scanners($division_id);
$tpl->assign('scanners_count', $scanners_count);
$tpl->assign('page', 'create');
}
}
}
$tpl->assign(array('the_page' => import_var('REQUEST_URI', 'SE'), 'vhosts' => $vhosts, 'username' => $username, 'proper' => $proper, 'tmp_profile_id' => $profile_id, 'admin' => $editor, '_RELEASE' => _RELEASE, 'HAS_WHITELIST' => $has_whitelist, 'HAS_SAVED_SCANS' => $has_saved_scans, 'HAS_SPECIAL_PLUGINS' => $has_special_plugins, 'HAS_CLUSTERS' => $has_clusters, 'HAS_REGISTERED_COMPS' => $has_registered, 'check_nessus' => $_chk->check_nessus(), 'check_secure' => $_chk->check_secure()));
$tpl->display('index.tpl');
$stmt3->execute($to, $entry);
if ($stmt3->num_rows() > 0) {
continue;
} else {
$stmt2->execute($to, $entry);
}
}
$status = 'pass';
} else {
$status = 'none';
}
echo $status;
break;
case "x_rename_user":
$from = import_var('from', 'P');
$to = import_var('to', 'P');
$status = 'fail';
if ($from == '') {
echo $status;
break;
}
if ($to == '') {
echo $status;
break;
}
$sql = array('select' => "SELECT * FROM whitelist WHERE username='******';", 'update' => "UPDATE whitelist SET username='******' WHERE username='******';");
$stmt1 = $db->prepare($sql['select']);
$stmt2 = $db->prepare($sql['update']);
$stmt1->execute($to);
if ($stmt1->num_rows() > 0) {
echo "exists";
*/
if ($client_dn == '') {
$logout = true;
}
// Send them away to log out and log back in again if neccessary
if ($logout) {
header("Location: deps/nessquik-main/logout.php");
}
}
$db = nessquikDB::getInstance();
$tpl = SmartyTemplate::getInstance();
$usr = User::getInstance();
$chk = SysOps::getInstance();
$chk->check_version();
$username = import_var('username', 'S');
$page = import_var('page', 'G');
$editor = 0;
if ($chk->check_secure()) {
$tpl->assign('check_secure', true);
} else {
$tpl->assign('check_secure', false);
}
$editor = $usr->is_editor($allowed_editors);
if (!$editor) {
$tpl->assign('MESSAGE', "<center>You do not have permission to access this page.</center>");
$tpl->assign('RETURN_LINK', "<center><p><a href='index.php'>Return to the main page</a></p></center>");
$tpl->assign('SUCCESS', 'noper');
$tpl->display('actions_done.tpl');
exit;
}
$_SESSION['admin'] = "1";
$output = trim($stmt->result(0));
if (substr($output, 0, 4) == "<br>") {
$output = substr($output, 4);
}
$output = str_replace(" ", ' ', $output);
$output = trim($output);
echo $output;
break;
case "x_plugin_in_severity":
$sql = array('select' => "SELECT sev FROM plugins WHERE sev=':1'");
$search_for = import_var('search_for', 'P');
$stmt = $db->prepare($sql['select']);
$stmt->execute($search_for);
if ($stmt->num_rows() > 0) {
echo "true";
} else {
echo "false";
}
break;
case "x_plugin_in_family":
$sql = array('select' => "SELECT family FROM plugins WHERE family=':1'");
$search_for = import_var('search_for', 'P');
$stmt = $db->prepare($sql['select']);
$stmt->execute($search_for);
if ($stmt->num_rows() > 0) {
echo "true";
} else {
echo "false";
}
break;
}
}
$stmt1 = $db->prepare($sql['update']);
$stmt2 = $db->prepare($sql['all_groups']);
$stmt3 = $db->prepare($sql['delete_groups']);
$stmt4 = $db->prepare($sql['group_insert']);
if (in_array('all', $groups)) {
/**
* Since the word 'all' is in the group list, blow away
* the entire group list and specifically select the 'all groups' id.
* There's no reason to worry about any other groups that may have
* been chosen because 'all groups' trumps every other individual group
*/
$groups = array();
// Get the group id for 'all groups'
$stmt2->execute();
// Store it by it's self in the groups array
$groups[] = $stmt2->result(0);
}
$stmt1->execute($scanner_name, $client_key, $scanner_id);
$stmt3->execute($scanner_id);
foreach ($groups as $key => $group_id) {
$stmt4->execute($group_id, $scanner_id);
}
echo "pass";
break;
case "regenerate_client_key":
$scanner_id = import_var('scanner_id', 'P');
$client_key = random_string(32);
echo "pass::{$client_key}";
break;
}
$stmt->execute($username);
if ($stmt->num_rows() < 1) {
echo "You have no whitelist entries";
return;
}
while ($row = $stmt->fetch_assoc()) {
$id = $row['whitelist_id'];
$entry = $row['listed_entry'];
$devices[] = array('id' => $id, 'entry' => $entry);
}
$tpl->assign('device_type', 'whitelist');
$tpl->assign('devices', $devices);
$tpl->display('device_list.tpl');
break;
case "x_saved":
$username = import_var('username', 'S');
$sql = array('select' => "SELECT ust.setting_id,ust.setting_name,pl.status \n\t\t\t\tFROM profile_settings AS ust \n\t\t\t\tLEFT JOIN profile_list AS pl\n\t\t\t\tON pl.profile_id = ust.profile_id\n\t\t\t\tWHERE ust.username='******' AND ust.setting_type = 'user'");
$stmt = $db->prepare($sql['select']);
$stmt->execute($username);
if ($stmt->num_rows() < 1) {
echo "You have no saved scans";
break;
}
$output = "<table>";
while ($row = $stmt->fetch_assoc()) {
$id = $row['setting_id'];
$name = $row['setting_name'];
$status = $row['status'];
$devices[] = array('id' => $id, 'name' => $name, 'status' => $status);
}
$tpl->assign('device_type', 'saved');
$tpl = SmartyTemplate::getInstance();
$tpl->template_dir = _ABSPATH . '/templates/';
$tpl->compile_dir = _ABSPATH . '/templates_c/';
if ($_GET) {
$action = import_var('action', 'G');
} else {
$action = import_var('action', 'P');
}
switch ($action) {
case "show_metric_config":
$metric_id = import_var('metric_id', 'P');
$class_name = $_met->get_metric_class($metric_id);
$type = $_met->get_metric_type($metric_id);
require_once _ABSPATH . '/lib/metrics/' . $type . '/' . $class_name . '.php';
$metric_class = new ReflectionClass($class_name);
$metric = $metric_class->newInstance();
$metric->is_admin(false);
$metric->_prepare($params, false);
$metric->_config($metric_id);
case "view_metric":
$metric_id = import_var('metric_id', 'P');
$class_name = $_met->get_metric_class($metric_id);
$type = $_met->get_metric_type($metric_id);
require_once _ABSPATH . '/lib/metrics/' . $type . '/' . $class_name . '.php';
$metric_class = new ReflectionClass($class_name);
$metric = $metric_class->newInstance();
$metric->is_admin(false);
$metric->_prepare($params, false);
$metric->_create(true);
break;
}
$settings['recurring'] = import_var('recurrence', 'P');
$settings['scanner_id'] = import_var('scanner_id', 'P');
// max length of custom email subject is 128 characters
$settings['custom_email_subject'] = substr(import_var('custom_email_subject', 'P', 'email_subject'), 0, 128);
$recurrence['recur_type'] = import_var('recur_type', 'P');
// maxlength of the interval is 2 characters
$recurrence['the_interval'] = substr(import_var('the_interval', 'P'), 0, 2);
$recurrence['recur_on_day'] = import_var('recur_on_day', 'P');
$recurrence['recur_on_day_general'] = import_var('recur_on_day_general', 'P');
$recurrence['day_of_week'] = import_var('day_of_week', 'P');
$recurrence['days'] = import_var('days', 'P');
$recurrence['recur_on'] = import_var('recur_on', 'P');
$alternate_email_to = import_var('alternate_email_to', 'P');
$alternate_cgibin = import_var('alternate_cgibin', 'P');
$run_time = strtolower(import_var('run_time', 'P'));
$recurring_run_time = strtolower(import_var('recurring_run_time', 'P'));
$count = 1;
$rules_string = '';
if (count($alternate_email_to) < 1) {
$alternate_email_to = array();
}
if (count($alternate_cgibin) < 1) {
$alternate_cgibin = array();
}
/**
* This list contains the possible days in the week that a scan could be
* scheduled on. The list that is sent from the browser will be merged
* into this one, so days that are chosen will turn the values of the
* array into '1's
*/
$days_list = array('sun' => 0, 'mon' => 0, 'tue' => 0, 'wed' => 0, 'thu' => 0, 'fri' => 0, 'sat' => 0);
} else {
echo $output;
}
break;
case "do_delete_help_topic":
$help_id = import_var('help_id', 'P');
$_hlp->delete_help_topic($help_id);
echo "pass";
break;
case "do_delete_help_category":
$category_id = import_var('category_id', 'P');
$_hlp->delete_category($category_id);
echo "pass";
break;
case "edit_specific_help_topic":
$help_id = import_var('help_id', 'P');
$admin_categories = $_hlp->get_help_categories('A');
$general_categories = $_hlp->get_help_categories('G');
$help_topic = $_hlp->get_topic_values($help_id);
$tpl->assign(array('help_id' => $help_topic['help_id'], 'selected_category' => $help_topic['category_id'], 'question' => htmlentities($help_topic['question'], ENT_QUOTES), 'answer' => htmlentities($help_topic['answer'], ENT_QUOTES), 'admin_categories' => $admin_categories, 'general_categories' => $general_categories));
$tpl->display('edit_help_topic.tpl');
break;
case "do_edit_specific_help_topic":
$help_id = import_var('help_id', 'P');
$category_id = import_var('category_id', 'P');
$question = import_var('question', 'P');
$answer = import_var('answer', 'P', 'htmlcontent');
$_hlp->edit_help_topic($help_id, $category_id, $question, $answer);
echo "pass";
break;
}
