exit;
}
/* connect to db */
$db = new ossim_db(TRUE);
$conn = $db->connect();
$order = 'host.hostname';
$maxrows = $maxrows > 50 ? 50 : $maxrows;
$torder = $torder == 1 ? 'ASC' : 'DESC';
$to = $maxrows;
$user = Session::get_session_user();
$filters = array();
$tables = '';
$filters['order_by'] = $order . ' ' . $torder;
$filters['limit'] = $from . ', ' . $to;
if ($search != '') {
if (is_ip($search) || is_cidr($search)) {
$cidr = preg_match('/\\/[0-9]+/', $search) ? $search : $search . '/32';
//If it is an ip, we add '/32'
list($from, $to) = CIDR::expand_CIDR($cidr, 'SHORT', 'IP');
$tables = ', host_ip hi ';
$filters['where'] = "host.id=hi.host_id AND hi.ip BETWEEN INET6_PTON('{$from}') AND INET6_PTON('{$to}') ";
} else {
$search = utf8_decode($search);
$search = escape_sql($search, $conn);
$filters['where'] = 'host.hostname LIKE "%' . $search . '%"';
}
}
try {
list($assets, $total) = Asset_host::get_list($conn, $tables, $filters, TRUE);
} catch (Exception $e) {
$assets = array();
die("There are no machines listed in this scan profile: {$profile_id}");
}
// This prepares an array that will balance the output of the scan progress
foreach ($machine_list as $key => $val) {
/**
* I need to check for cidrs and ranges here because otherwise the
* total number of targets could be really small.
*
* example:
*
* the target 111.222.111.0/24 is 1 target to nessquik
* but to Nessus it is 255-2 targets. The progress will
* involves 253 targets but the total would only be calculated
* off of 1 target. This same problem occurs with ranges.
*/
if (is_cidr($val)) {
$_nm->init($val);
$targets += $_nm->hosts_per_subnet();
} else {
if (is_range($val)) {
$tmp = explode('-', $val);
$start_ip = $tmp[0];
$end_ip = $tmp[1];
$cidrs = $_nm->range2cidrlist($start_ip, $end_ip);
foreach ($cidrs as $key => $val) {
$_nm->init($val);
$targets += $_nm->hosts_per_subnet();
}
} else {
// Better be an IP address
$targets += 1;
/**
* Create list of machines to scan
*
* This function will query the database for the list
* of all the machines that were specified when the
* scan was created
*
* @param string $profile_id ID of the profile to get machines of
* @return array Return array of machines listed in profile
*/
public function getMachines($profile_id)
{
require_once _ABSPATH . '/lib/Devices.php';
require_once _ABSPATH . '/lib/Clusters.php';
$db = nessquikDB::getInstance();
$_dev = Devices::getInstance();
$_clu = Clusters::getInstance();
$result = array();
$sql = array('select' => "SELECT machine FROM profile_machine_list WHERE profile_id=':1';");
$stmt = $db->prepare($sql['select']);
$stmt->execute($profile_id);
while ($row = $stmt->fetch_assoc()) {
$machine = $row['machine'];
$type = $_dev->determine_device_type($machine);
/**
* Clusters are special cases because they conflict with
* hostnames by not having any special defining characters
* in them. That's one of the reasons I do the cluster
* processing here.
*
* Another is because in the settings for a specific scan
* you can add and remove devices. Well, clusters are one
* of those things you can remove and to distinctly know
* which device is a cluster, I need to retain the :clu:
* prefix on the cluster name.
*/
if ($type == "cluster") {
$machine_list = array();
foreach ($cluster as $key => $cluster_id) {
$output = array();
$output = $_clu->get_cluster($cluster_id);
foreach ($output as $key2 => $val2) {
// Index 1 is the hostname as pulled from miscomp
$hostname = $val2[1];
$tmp = array();
$tmp = $_dev->get_mac_from_system($hostname);
// The first index will hold the IP address
array_push($machine_list, $tmp[0]);
}
}
$result = array_merge($result, $machine_list);
} else {
$item = $_dev->strip_device_type($machine);
if (is_ip($item)) {
$result[] = $item;
} else {
if (is_cidr($item)) {
$result[] = $item;
} else {
if (is_vhost($item)) {
$result[] = $item;
} else {
$item = gethostbyname($item);
if ($item != '') {
$result[] = $item;
}
}
}
}
}
}
return $result;
}
/**
* Deeper scan of the whitelist to match entries
*
* A deeper whitelist scan is needed if the user
* has specified a range, CIDR block, vhost, etc,
* because these particular types could be stored
* in the whitelist in a number of ways. This
* method performs the deeper interrogation of the
* whitelist to try to definitively proove that
* a specified machine is or is not in the whitelist
*
* @param array $wl Whitelist to check for machines in
* @param array $machine_list List of questionable
* machines that need to be checked for in the
* whitelist
* @param array $ok_computers List of computers that
* have been deemed "ok", aka the user is
* allowed to scan them
*/
function whitelist_dig_deep_verify_nodes(&$wl, &$machine_list, &$ok_computers)
{
$_nm = Netmask::getInstance();
foreach ($machine_list as $key3 => $val3) {
foreach ($wl as $key4 => $val4) {
// If the entry is a cidr and the whitelist is a cidr
if (is_cidr($val4) && is_cidr($val3)) {
if ($_nm->match_cidr($val4, $val3)) {
$ok_computers[] = ":whi:{$val3}";
$machine_list[$key3] = '';
}
// if the entry is an ip and the whitelist is a cidr
} else {
if (is_cidr($val4) && is_ip($val3)) {
if ($_nm->net_match($val4, $val3)) {
$ok_computers[] = ":whi:{$val3}";
$machine_list[$key3] = '';
}
// if the entry is a vhost and the whitelist is a cidr
} else {
if (is_cidr($val4) && is_vhost($val3)) {
$vhost = $val3;
$tmp = substr($val3, 1, -1);
$comp = gethostbyname($tmp);
if ($_nm->net_match($val4, $comp)) {
$ok_computers[] = ":vho:{$vhost}";
$machine_list[$key3] = '';
}
// if entry is a ?hostname? and whitelist is a cidr
} else {
if (is_cidr($val4) && $val3 != '') {
$val3 = gethostbyname($val3);
// Check if it's in the CIDR range and remove it
// if it is, because that means it's whitelisted
if ($_nm->net_match($val4, $val3)) {
// Not keeping the hostname because whitelist
// entries can only be IP based?
$ok_computers[] = ":whi:{$val3}";
$machine_list[$key3] = '';
}
}
}
}
}
}
}
}
