// Get the information for all the profiles $stmt2->execute($profile_id); // Loop through each profile's information $row = $stmt2->fetch_assoc(); $machine_list = array(); $username = $row['username']; $rand = rand(0, 1000000); $scanner_set = $set; $output = array(); $machine_list = make_machine_list($profile_id); merge_severities($profile_id, $scanner_set); merge_all($profile_id, $scanner_set); merge_families($profile_id, $scanner_set); merge_plugins($profile_id, $scanner_set); $ml = make_ml_file($username, $rand, $machine_list); $nrc = make_nrc_file($username, $rand, $scanner_set); $stmt3->execute($profile_id); $stmt4->execute($profile_id); $stmt5->execute($profile_id); $command = escapeshellcmd("nohup " . _NESSUS_CMD . " -q -c {$nrc} -T html -x " . _NESSUS_SERVER . ' ' . _NESSUS_PORT . ' ' . _NESSUS_USER . ' ' . _NESSUS_PASS . " {$ml} -"); exec($command, $output); if (count($output) < 1) { $retval = "The scan was not run. Did you remeber to give appropriate sudo privileges to the web user?"; } else { foreach ($output as $key => $val) { $val = trim($val); if ($val == '') { $retval .= ' '; } else { if (strpos(strtolower($val), "<!doctype") !== false) { continue;
$targets += 1; } } } $max_progress = $targets * 100; merge_severities($profile_id, $scanner_set); merge_families($profile_id, $scanner_set); merge_plugin_profiles($profile_id, $scanner_set); merge_plugins($profile_id, $scanner_set); merge_all($profile_id, $scanner_set); // Make the machine list that specifies all the machines that need to be scanned $ml_data = get_ml_file_data($machine_list); $ml = make_ml_file($ml_data); // Make the nessusrc file that contains scanner settings $nrc_data = get_nrc_file_data($scanner_set, $settings); $nrc = make_nrc_file($nrc_data); // Update the status of the scan to Running if (!$client->query('jobs.setStatus', _CLIENT_KEY, $profile_id, 'P', 'R')) { die($client->getErrorCode() . ' : ' . $client->getErrorMessage()); } // Build command to run in proc $cmd = "nohup " . _NESSUS_CMD . " -c {$nrc} -T nbe -x -V -q " . _NESSUS_SERVER . ' ' . _NESSUS_PORT . ' ' . _NESSUS_USER . ' ' . _NESSUS_PASS . " {$ml} -"; // Set up array to hand to proc telling it how to handle std{in|out|err} $descriptor_spec = array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('file', '/dev/null', 'a')); // Indexed array of file pointers that correspond to // PHP's end of pipes that are created $pipes = array(); // Now open the process and run the nessus command $handle = proc_open($cmd, $descriptor_spec, $pipes); // I'm setting $reading_source here as a way of abstracting the // difference in data sources between php4 and php5