/** * Check if the pages are being served over SSL * This function uses the Apache server variable * HTTPS to determine whether SSL is being used. * * @param boolean $stop Determine whether nessquik should * stop all script execution if it hits this error. * If this value is false, nessquik will just return * a boolean true or false specifying whether the * check passed or failed. * @return bool True if the pages are being served over SSL */ public function check_secure($stop = false) { // If the user doesnt want me to check for HTTPS, then // just always return true (aka lie that we're using HTTPS) if (_CHECK_SECURE === false) { return true; } $result = import_var('HTTPS', 'SE'); $result = strtolower($result); $result = $result == "on" ? true : false; if ($stop === true) { if ($result === false) { die("You're not running nessquik over HTTPS. Please correct this"); } } else { return $result; } }
/** * Check to see if Nessus is running * * If Nessus is not running, obviously there could be a problem * because no scheduled scans would be run. This will try to determine * if the server is running on the local host. If nessquik is configured * so that the scanner is on a different host from nessquik, then the * check will always return true because there is no good way to * absolutely make sure it is running on a remote system * * @return bool True on success, false on failure */ public function check_nessus() { /** * If the nessus server is not running on localhost, * there is no good (said fast) way to know if it is running. * Therefore always return success if not running on localhost */ if (_NESSUS_SERVER != "localhost" && _NESSUS_SERVER != "127.0.0.1" && _NESSUS_SERVER != import_var('SERVER_NAME', 'SE') && _NESSUS_SERVER != import_var('SERVER_ADDR', 'SE')) { return true; } exec("ps auxw|grep nessusd|grep -v grep", $pso); $pso = @preg_replace("/\\s+/", " ", $pso[0]); $list = explode(" ", $pso); $pid = @$list[1]; $start = @$list[8]; if ($pid != "") { return true; } else { return false; } }
$_hlp = Help::getInstance(); $tpl = SmartyTemplate::getInstance(); $tpl->template_dir = _ABSPATH . '/templates/'; $tpl->compile_dir = _ABSPATH . '/templates_c/'; if ($_POST) { $action = import_var('action', 'P'); } else { $action = import_var('action', 'G'); switch ($action) { case "make_report": continue; default: exit; } } switch ($action) { case "show_help_categories": $categories = $_hlp->get_help_categories('G'); $tpl->assign('categories', $categories); $tpl->display('help_categories.tpl'); break; case "show_help_topics": $category_id = import_var('category_id', 'P'); $topics = $_hlp->get_help_topics($category_id); $category_name = $_hlp->get_category_name($category_id); $tpl->assign('category_name', $category_name); $tpl->assign('topics', $topics); $tpl->assign('topic_count', count($topics)); $tpl->display('help_topics.tpl'); break; }
$javascript = true; } else { $javascript = false; } break; case "on": $javascript = true; break; case "off": $javascript = false; break; } $log_file = _ABSPATH . "/logs/portscanmenow-" . $client_ip . '-' . $uniq . '.log'; $scantype = import_var('SCANTYPE', 'G'); $verbose = import_var('VERBOSE', 'G'); $port = import_var('PORT', 'G'); $port = get_port($port); $verbose = get_verbose($verbose); if ($scantype == "A") { if ($port != "1-65535") { $hdrtext = "Performing Aggressive Port {$port} Nmap Port Scan"; $logtype = "Port {$port} Aggressive Nmap Scan"; } else { $hdrtext = "Performing Aggressive 65k Nmap Port Scan"; $logtype = "Aggressive 65k Nmap Scan"; } $scanlength = "1 minute"; $options = "-sS -p {$port} -A -P0 -T4 --osscan_limit --osscan_guess --host_timeout 40m --max-retries 0"; } else { if ($port != "1-65535") { $hdrtext = "Performing Port {$port} Nmap Port Scan";
/** * Prep the email related settings for the database * * This method is a skeleton method right now and * is not used. In the future it will be used to * prep the email-ish settings before they're inserted * into the database */ public function update_alternate_email($email) { $settings['alternative_email_list'] = make_alternate_email_to_list($alternate_email_to); $settings['custom_email_subject'] = substr(import_var('custom_email_subject', 'P', 'email_subject'), 0, 128); }
$_snm->scanner_set = $_snm->getAllPlugins(); $settings = $_snm->getProfileSettings($profile_id); $_snm->merge_severities(); $_snm->merge_families(); $_snm->merge_plugin_profiles(); $_snm->merge_plugins(); $_snm->merge_all(); // Make the nessusrc file that contains scanner settings $output = $_snm->get_nrc_file_data($_snm->scanner_set, $settings); $filename = "nessusrc"; $format = "txt"; $params = array('data' => $output, 'cache' => false, 'contenttype' => 'application/octet-stream', 'contentdisposition' => array(HTTP_DOWNLOAD_ATTACHMENT, "{$filename}.{$format}")); HTTP_DOWNLOAD::staticSend($params, false); break; break; case "make_machine_list": require_once _ABSPATH . '/lib/ScanMaker.php'; if (!@(include_once _ABSPATH . '/lib/pear/HTTP/Download.php')) { die("Could not find the PEAR HTTP/Download.php file"); } $profile_id = import_var('profile_id'); $_snm = new ScanMaker($profile_id); // Make the machine list that specifies all the machines that need to be scanned $machine_list = $_snm->getMachines($profile_id); $output = $_snm->get_ml_file_data($machine_list); $filename = "machine-list"; $format = "txt"; $params = array('data' => $output, 'cache' => false, 'contenttype' => 'application/octet-stream', 'contentdisposition' => array(HTTP_DOWNLOAD_ATTACHMENT, "{$filename}.{$format}")); HTTP_DOWNLOAD::staticSend($params, false); break; }
} else { $profile_id = $stmt3->result(0); } $has_whitelist = $_usr->has_whitelist($username) ? true : false; $has_saved_scans = $_usr->has_saved_scans($username) ? true : false; $has_special_plugins = $_usr->has_special_plugins($division_id) ? true : false; $has_clusters = $_usr->has_clusters($username) ? true : false; $has_registered = $_usr->has_registered($username) ? true : false; // If plugins have not been updated, then die if ($stmt->num_rows() < 1) { die("You need to run the update-plugins and nasl_name_updater first"); } if ($page == "settings") { $scanners_count = $_usr->count_available_scanners($division_id); $tpl->assign('scanners_count', $scanners_count); $tpl->assign('page', 'settings'); } else { if ($page == "scans") { $tpl->assign('page', 'scans'); } else { if ($page == "help") { $tpl->assign('page', 'help'); } else { $scanners_count = $_usr->count_available_scanners($division_id); $tpl->assign('scanners_count', $scanners_count); $tpl->assign('page', 'create'); } } } $tpl->assign(array('the_page' => import_var('REQUEST_URI', 'SE'), 'vhosts' => $vhosts, 'username' => $username, 'proper' => $proper, 'tmp_profile_id' => $profile_id, 'admin' => $editor, '_RELEASE' => _RELEASE, 'HAS_WHITELIST' => $has_whitelist, 'HAS_SAVED_SCANS' => $has_saved_scans, 'HAS_SPECIAL_PLUGINS' => $has_special_plugins, 'HAS_CLUSTERS' => $has_clusters, 'HAS_REGISTERED_COMPS' => $has_registered, 'check_nessus' => $_chk->check_nessus(), 'check_secure' => $_chk->check_secure())); $tpl->display('index.tpl');
$stmt3->execute($to, $entry); if ($stmt3->num_rows() > 0) { continue; } else { $stmt2->execute($to, $entry); } } $status = 'pass'; } else { $status = 'none'; } echo $status; break; case "x_rename_user": $from = import_var('from', 'P'); $to = import_var('to', 'P'); $status = 'fail'; if ($from == '') { echo $status; break; } if ($to == '') { echo $status; break; } $sql = array('select' => "SELECT * FROM whitelist WHERE username='******';", 'update' => "UPDATE whitelist SET username='******' WHERE username='******';"); $stmt1 = $db->prepare($sql['select']); $stmt2 = $db->prepare($sql['update']); $stmt1->execute($to); if ($stmt1->num_rows() > 0) { echo "exists";
*/ if ($client_dn == '') { $logout = true; } // Send them away to log out and log back in again if neccessary if ($logout) { header("Location: deps/nessquik-main/logout.php"); } } $db = nessquikDB::getInstance(); $tpl = SmartyTemplate::getInstance(); $usr = User::getInstance(); $chk = SysOps::getInstance(); $chk->check_version(); $username = import_var('username', 'S'); $page = import_var('page', 'G'); $editor = 0; if ($chk->check_secure()) { $tpl->assign('check_secure', true); } else { $tpl->assign('check_secure', false); } $editor = $usr->is_editor($allowed_editors); if (!$editor) { $tpl->assign('MESSAGE', "<center>You do not have permission to access this page.</center>"); $tpl->assign('RETURN_LINK', "<center><p><a href='index.php'>Return to the main page</a></p></center>"); $tpl->assign('SUCCESS', 'noper'); $tpl->display('actions_done.tpl'); exit; } $_SESSION['admin'] = "1";
$output = trim($stmt->result(0)); if (substr($output, 0, 4) == "<br>") { $output = substr($output, 4); } $output = str_replace(" ", ' ', $output); $output = trim($output); echo $output; break; case "x_plugin_in_severity": $sql = array('select' => "SELECT sev FROM plugins WHERE sev=':1'"); $search_for = import_var('search_for', 'P'); $stmt = $db->prepare($sql['select']); $stmt->execute($search_for); if ($stmt->num_rows() > 0) { echo "true"; } else { echo "false"; } break; case "x_plugin_in_family": $sql = array('select' => "SELECT family FROM plugins WHERE family=':1'"); $search_for = import_var('search_for', 'P'); $stmt = $db->prepare($sql['select']); $stmt->execute($search_for); if ($stmt->num_rows() > 0) { echo "true"; } else { echo "false"; } break; }
} $stmt1 = $db->prepare($sql['update']); $stmt2 = $db->prepare($sql['all_groups']); $stmt3 = $db->prepare($sql['delete_groups']); $stmt4 = $db->prepare($sql['group_insert']); if (in_array('all', $groups)) { /** * Since the word 'all' is in the group list, blow away * the entire group list and specifically select the 'all groups' id. * There's no reason to worry about any other groups that may have * been chosen because 'all groups' trumps every other individual group */ $groups = array(); // Get the group id for 'all groups' $stmt2->execute(); // Store it by it's self in the groups array $groups[] = $stmt2->result(0); } $stmt1->execute($scanner_name, $client_key, $scanner_id); $stmt3->execute($scanner_id); foreach ($groups as $key => $group_id) { $stmt4->execute($group_id, $scanner_id); } echo "pass"; break; case "regenerate_client_key": $scanner_id = import_var('scanner_id', 'P'); $client_key = random_string(32); echo "pass::{$client_key}"; break; }
$stmt->execute($username); if ($stmt->num_rows() < 1) { echo "You have no whitelist entries"; return; } while ($row = $stmt->fetch_assoc()) { $id = $row['whitelist_id']; $entry = $row['listed_entry']; $devices[] = array('id' => $id, 'entry' => $entry); } $tpl->assign('device_type', 'whitelist'); $tpl->assign('devices', $devices); $tpl->display('device_list.tpl'); break; case "x_saved": $username = import_var('username', 'S'); $sql = array('select' => "SELECT ust.setting_id,ust.setting_name,pl.status \n\t\t\t\tFROM profile_settings AS ust \n\t\t\t\tLEFT JOIN profile_list AS pl\n\t\t\t\tON pl.profile_id = ust.profile_id\n\t\t\t\tWHERE ust.username='******' AND ust.setting_type = 'user'"); $stmt = $db->prepare($sql['select']); $stmt->execute($username); if ($stmt->num_rows() < 1) { echo "You have no saved scans"; break; } $output = "<table>"; while ($row = $stmt->fetch_assoc()) { $id = $row['setting_id']; $name = $row['setting_name']; $status = $row['status']; $devices[] = array('id' => $id, 'name' => $name, 'status' => $status); } $tpl->assign('device_type', 'saved');
$tpl = SmartyTemplate::getInstance(); $tpl->template_dir = _ABSPATH . '/templates/'; $tpl->compile_dir = _ABSPATH . '/templates_c/'; if ($_GET) { $action = import_var('action', 'G'); } else { $action = import_var('action', 'P'); } switch ($action) { case "show_metric_config": $metric_id = import_var('metric_id', 'P'); $class_name = $_met->get_metric_class($metric_id); $type = $_met->get_metric_type($metric_id); require_once _ABSPATH . '/lib/metrics/' . $type . '/' . $class_name . '.php'; $metric_class = new ReflectionClass($class_name); $metric = $metric_class->newInstance(); $metric->is_admin(false); $metric->_prepare($params, false); $metric->_config($metric_id); case "view_metric": $metric_id = import_var('metric_id', 'P'); $class_name = $_met->get_metric_class($metric_id); $type = $_met->get_metric_type($metric_id); require_once _ABSPATH . '/lib/metrics/' . $type . '/' . $class_name . '.php'; $metric_class = new ReflectionClass($class_name); $metric = $metric_class->newInstance(); $metric->is_admin(false); $metric->_prepare($params, false); $metric->_create(true); break; }
$settings['recurring'] = import_var('recurrence', 'P'); $settings['scanner_id'] = import_var('scanner_id', 'P'); // max length of custom email subject is 128 characters $settings['custom_email_subject'] = substr(import_var('custom_email_subject', 'P', 'email_subject'), 0, 128); $recurrence['recur_type'] = import_var('recur_type', 'P'); // maxlength of the interval is 2 characters $recurrence['the_interval'] = substr(import_var('the_interval', 'P'), 0, 2); $recurrence['recur_on_day'] = import_var('recur_on_day', 'P'); $recurrence['recur_on_day_general'] = import_var('recur_on_day_general', 'P'); $recurrence['day_of_week'] = import_var('day_of_week', 'P'); $recurrence['days'] = import_var('days', 'P'); $recurrence['recur_on'] = import_var('recur_on', 'P'); $alternate_email_to = import_var('alternate_email_to', 'P'); $alternate_cgibin = import_var('alternate_cgibin', 'P'); $run_time = strtolower(import_var('run_time', 'P')); $recurring_run_time = strtolower(import_var('recurring_run_time', 'P')); $count = 1; $rules_string = ''; if (count($alternate_email_to) < 1) { $alternate_email_to = array(); } if (count($alternate_cgibin) < 1) { $alternate_cgibin = array(); } /** * This list contains the possible days in the week that a scan could be * scheduled on. The list that is sent from the browser will be merged * into this one, so days that are chosen will turn the values of the * array into '1's */ $days_list = array('sun' => 0, 'mon' => 0, 'tue' => 0, 'wed' => 0, 'thu' => 0, 'fri' => 0, 'sat' => 0);
} else { echo $output; } break; case "do_delete_help_topic": $help_id = import_var('help_id', 'P'); $_hlp->delete_help_topic($help_id); echo "pass"; break; case "do_delete_help_category": $category_id = import_var('category_id', 'P'); $_hlp->delete_category($category_id); echo "pass"; break; case "edit_specific_help_topic": $help_id = import_var('help_id', 'P'); $admin_categories = $_hlp->get_help_categories('A'); $general_categories = $_hlp->get_help_categories('G'); $help_topic = $_hlp->get_topic_values($help_id); $tpl->assign(array('help_id' => $help_topic['help_id'], 'selected_category' => $help_topic['category_id'], 'question' => htmlentities($help_topic['question'], ENT_QUOTES), 'answer' => htmlentities($help_topic['answer'], ENT_QUOTES), 'admin_categories' => $admin_categories, 'general_categories' => $general_categories)); $tpl->display('edit_help_topic.tpl'); break; case "do_edit_specific_help_topic": $help_id = import_var('help_id', 'P'); $category_id = import_var('category_id', 'P'); $question = import_var('question', 'P'); $answer = import_var('answer', 'P', 'htmlcontent'); $_hlp->edit_help_topic($help_id, $category_id, $question, $answer); echo "pass"; break; }