def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: ports = kb.get([ 'service/https/host/' + t + '/tcpport', 'service/ssl/host/' + t + '/tcpport' ]) for port in ports: # verify we have not tested this host before if not self.seentarget(t + str(port)): # add the new IP to the already seen list self.addseentarget(t + str(port)) # run nmap n = mynmap(self.config, self.display) scan_results = n.run( target=t, flags= "--script ssl-ccs-injection,ssl-cert,ssl-date,ssl-dh-params," "ssl-enum-ciphers,ssl-google-cert-catalog,ssl-heartbleed," "ssl-known-key,ssl-poodle,sslv2", ports=str(port), vector=self.vector, filetag=t + "_" + str(port) + "_SSLSCAN")['scan'] return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) self.display.verbose(self.shortName + " - Connecting to " + t) # run nmap n = mynmap(self.config, self.display) scan_results = n.run(target=t, flags="--script=smb-enum-shares", ports="445", vector=self.vector, filetag=t + "_SMBSHARESCAN")['scan'] tree = ET.parse(n.outfile + '.xml') root = tree.getroot() for table in root.iter('table'): sharename = table.attrib["key"] for elem in table: if elem.text is not None: kb.add("host/" + t + "/shares/SMB/" + sharename + "/" + str(elem.attrib['key'] + ": " + elem.text).replace("/", "%2F")) return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) self.display.verbose(self.shortName + " - Connecting to " + t) # run nmap n = mynmap(self.config, self.display) scan_results = n.run(target=t, flags="--script=vnc-brute", ports="5800,5900", vector=self.vector, filetag=t + "_VNCBRUTE")['scan'] tree = ET.parse(n.outfile + '.xml') root = tree.getroot() for porttag in tree.iter('port'): portnum = porttag.attrib['portid'] for scriptid in porttag.findall('script'): if scriptid.attrib['id'] == "vnc-brute": if scriptid.attrib['output'] == "No authentication required": self.addVuln(t, "VNCNoAuth", {"port":portnum,"message":"No authentication required","output": n.outfile.replace("/", "%2F") + ".xml"}) self.fire("VNCNoAuth") for elem in scriptid.iter('elem'): if elem.attrib['key'] == "password": self.addVuln(t, "VNCBrutePass", {"port":portnum, "password":elem.text}) self.fire("VNCBrutePass") return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) self.display.verbose(self.shortName + " - Connecting to " + t) # run nmap n = mynmap(self.config, self.display) scan_results = n.run(target=t, flags="--script=vnc-brute", ports="5800,5900", vector=self.vector, filetag=t + "_VNCBRUTE")['scan'] tree = ET.parse(n.outfile + '.xml') root = tree.getroot() for porttag in tree.iter('port'): portnum = porttag.attrib['portid'] for scriptid in porttag.findall('script'): if scriptid.attrib['id'] == "vnc-brute": if scriptid.attrib['output'] == "No authentication required": self.addVuln(t, "VNCNoAuth", {"port":portnum,"message":"No authentication required","output": n.outfile.replace("/", "%2F") + ".xml"}) self.fire("VNCNoAuth") for elem in scriptid.iter('elem'): if elem.attrib['key'] == "password": self.addVuln(t, "VNCBrutePass", {"port":portnum, "password":elem.text}) slef.fire("VNCBrutePass") return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) temp_file = self.config["proofsDir"] + Utils.getRandStr(10) # run nmap n = mynmap(self.config, self.diaplay) scan_results = n.run(target=t, flags="-sS -A", vector=self.vector)['scan'] # loop over scan results and do anything you need # fire any new triggers that are needed # self.fire("TEST123") for host in scan_results.keys(): # loop over each proto and process it for proto in ['tcp', 'udp']: if (proto in scan_results[host]): # loop over each proto and process it for port in scan_results[host][proto].keys(): # only worry about open ports if (scan_results[host][proto][port]["state"] == "open"): # fire event for "newPortXXX" self.fire("newPort" + str(port)) kb.add( 'host/' + host + '/' + proto + 'port', port) # process services and info s = scan_results[host][proto][port] # print "%s - %i/%s (%s) \"%s %s\" [%s]" % (host, port, proto, s['name'], # s['product'], s['version'], s['extrainfo']) if (s['name'] == 'http') or (s['name'] == 'https'): self.fire('web') # check for any scripts and loop over them if ('script' in scan_results[host][proto] [port].keys()): for script in scan_results[host][ proto][port]['script'].keys(): a = 1 # print " %s - [[%s]]" % (script, scan_results[host][proto][port][ # 'script'][script]) return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) self.display.verbose(self.shortName + " - Connecting to " + t) # run nmap n = mynmap(self.config, self.display) scan_results = n.run(target=t, flags="--script=nfs-ls,nfs-showmount", ports="111", vector=self.vector, filetag=t + "_NFSSHARESCAN")['scan'] tree = ET.parse(n.outfile + '.xml') root = tree.getroot() for volumestable in root.iter("table"): if volumestable.attrib.has_key( 'key') and volumestable.attrib['key'] == "volumes": for volume in volumestable: sharename = "" shareinfo = "" files = {} for elem in volume: if elem.attrib["key"] == "volume": sharename = elem.text.replace("/", "%2F") if elem.attrib["key"] == "info": shareinfo = elem[0].text.replace( "/", "%2F") if elem.attrib["key"] == "files": for file in elem: newfile = {} for fileprop in file: newfile[fileprop.attrib[ "key"]] = fileprop.text files[newfile["filename"]] = newfile kb.add("host/" + t + "/shares/NFS/" + sharename + "/" + str("Info: " + shareinfo)) for file in files: # TODO - Maybe revisit adding more file properties here in addition to names kb.add("host/" + t + "/shares/NFS/" + sharename + "/Files/" + str(file).replace("/", "%2F")) return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen lisT self.addseentarget(t) self.display.verbose(self.shortName + " - Connecting to " + t) # run nmap n = mynmap(self.config, self.display, hostScriptFunc=self.myProcessHostScript) scan_results = n.run(target=t, flags="--script vuln", ports="445", vector=self.vector, filetag=t + "_MSVULNSCAN") return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) # run nmap n = mynmap(self.config, self.display, hostScriptFunc=self.myProcessHostScript) scan_results = n.run(target=t, flags="--script smb-security-mode", ports="445", vector=self.vector, filetag=t + "_SMBSIGNINGSCAN") return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) self.display.verbose(self.shortName + " - Connecting to " + t) # run nmap n = mynmap(self.config, self.display, portScriptFunc=self.myProcessPortScript) scan_results = n.run(target=t, flags="--script realvnc-auth-bypass", ports="5800,5900", vector=self.vector, filetag=t + "_VNCAUTHBYPASS") return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) self.display.verbose(self.shortName + " - Connecting to " + t) # run nmap n = mynmap(self.config, self.display, portScriptFunc=self.myProcessPortScript) scan_results = n.run(target=t, flags="--script vnc-brute", ports="5800,5900", vector=self.vector, filetag=t + "_VNCBRUTE") return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) self.display.verbose(self.shortName + " - Connecting to " + t) # run nmap n = mynmap(self.config, self.display) scan_results = n.run(target=t, flags="--script=vnc-brute", ports="5800,5900", vector=self.vector, filetag=t + "_VNCBRUTE")['scan'] return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) self.display.verbose(self.shortName + " - Connecting to " + t) # run nmap n = mynmap(self.config, self.display) scan_results = n.run(target=t, flags="--script=nfs-ls,nfs-showmount", ports="2049", vector=self.vector, filetag=t + "_NFSSHARESCAN")['scan'] # TODO - process results return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) self.display.verbose(self.shortName + " - Connecting to " + t) # run nmap n = mynmap(self.config, self.display) scan_results = n.run(target=t, flags="--script smb-vuln-ms08-067.nse", ports="445", vector=self.vector, filetag=t + "_MS08067SCAN")['scan'] return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) temp_file = self.config["proofsDir"] + Utils.getRandStr(10) # run nmap n = mynmap(self.config, self.diaplay) scan_results = n.run(target=t, flags="-sS -A", vector=self.vector)['scan'] # loop over scan results and do anything you need # fire any new triggers that are needed # self.fire("TEST123") for host in scan_results.keys(): # loop over each proto and process it for proto in ['tcp', 'udp']: if (proto in scan_results[host]): # loop over each proto and process it for port in scan_results[host][proto].keys(): # only worry about open ports if (scan_results[host][proto][port]["state"] == "open"): # fire event for "newPortXXX" self.fire("newPort" + str(port)) kb.add('host/' + host + '/' + proto + 'port', port) # process services and info s = scan_results[host][proto][port] # print "%s - %i/%s (%s) \"%s %s\" [%s]" % (host, port, proto, s['name'], # s['product'], s['version'], s['extrainfo']) if (s['name'] == 'http') or (s['name'] == 'https'): self.fire('web') # check for any scripts and loop over them if ('script' in scan_results[host][proto][port].keys()): for script in scan_results[host][proto][port]['script'].keys(): a = 1 # print " %s - [[%s]]" % (script, scan_results[host][proto][port][ # 'script'][script]) return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) # run nmap n = mynmap(self.config, self.display) scan_results = n.run(target=t, flags="--script=smb-security-mode", ports="445", vector=self.vector, filetag=t + "_SMBSINGINGSCAN")['scan'] # TODO - process results return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) self.display.verbose(self.shortName + " - Connecting to " + t) # run nmap n = mynmap(self.config, self.display) scan_results = n.run(target=t, flags="--script=nfs-ls,nfs-showmount", ports="111", vector=self.vector, filetag=t + "_NFSSHARESCAN")['scan'] tree = ET.parse(n.outfile + '.xml') root = tree.getroot() for volumestable in root.iter("table"): if volumestable.attrib.has_key('key') and volumestable.attrib['key'] == "volumes": for volume in volumestable: sharename = "" shareinfo = "" files = {} for elem in volume: if elem.attrib["key"] == "volume": sharename = elem.text.replace("/", "%2F") if elem.attrib["key"] == "info": shareinfo = elem[0].text.replace("/", "%2F") if elem.attrib["key"] == "files": for file in elem: newfile = {} for fileprop in file: newfile[fileprop.attrib["key"]] = fileprop.text files[newfile["filename"]] = newfile kb.add("host/" + t + "/shares/NFS/" + sharename + "/" + str("Info: " + shareinfo)) for file in files: # TODO - Maybe revisit adding more file properties here in addition to names kb.add("host/" + t + "/shares/NFS/" + sharename + "/Files/" + str(file).replace("/", "%2F")) return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) self.display.verbose(self.shortName + " - Connecting to " + t) # run nmap n = mynmap(self.config, self.display, hostScriptFunc=self.myProcessHostScript) scan_results = n.run(target=t, flags="--script smb-enum-shares", ports="445", vector=self.vector, filetag=t + "_SMBSHARESCAN") return
def process(self): # load any targets we are interested in self.getTargets() # loop over each target for t in self.targets: # verify we have not tested this host before if not self.seentarget(t): # add the new IP to the already seen list self.addseentarget(t) # run nmap n = mynmap(self.config, self.display) scan_results = n.run(target=t, flags="--script=smb-security-mode", ports="445", vector=self.vector, filetag=t + "_SMBSINGINGSCAN")['scan'] tree = ET.parse(n.outfile + '.xml') root = tree.getroot() account_used = "" authentication_level = "" challenge_response = "" message_signing = "" for elem in root.iter("elem"): if elem.attrib["key"] == "account_used": account_used = elem.text elif elem.attrib["key"] == "authentication_level": authentication_level = elem.text elif elem.attrib["key"] == "challenge_response": challenge_response = elem.text elif elem.attrib["key"] == "message_signing": message_signing = elem.text if message_signing == "disabled": self.addVuln(t, "SMBSigningDisabled", {"port": "445", "output": n.outfile.replace("/", "%2F") + ".xml", "Account Used": account_used, "Authentication Level": authentication_level, "Challenge Response": challenge_response, "Message Signing": message_signing}) self.fire("SMBSigningDisabled") return
def process(self, inputfile): n = mynmap(self.config, self.display) n.loadXMLFile(inputfile, "nmapFile") return