def run(self): self.getargs() self.localips=[] for node in self.argsDict.get("passednodes",[]): self.localips+=node.getallips() self.setInfo("Massattack2 Attacking: %s"%(self.host)) self.log("Interface=%s"%self.host) self.log("Netmask=%s"%self.netmask) self.log("MaxThreads=%d"%self.maxthreads) self.vulns=[] #clear it #print ips if not canvasengine.registeredallmodules: canvasengine.registerAllModules() #time our scan run now=time.localtime(time.time()) # %y is broken it reports something like '22' strtime=time.strftime("%Y/%m/%d %H:%M", now) self.log("Start time: %s"%strtime) tc0=time.time() self.node=self.argsDict["passednodes"][0] self.setInfo("[MassAttack2] Scanning network: %s/%s"%(self.host, self.netmask)) self.setProgress(5) if not "threads" in self.node.capabilities: self.log("Warning: not using threads because selected node does not support threading, maxthreads reset to 1.") ##We are running on a MOSDEFNode so we can't do stuffs in parallel, set number of threads to 1 self.maxthreads=1 ##Do the scans self.run_threaded_on_alive_hosts(e_module="autohack") #end of our timing ... now=time.localtime(time.time()) # same as above strtime=time.strftime("%Y/%m/%d %H:%M", now) self.log("Stop time: %s"%strtime) tc1=time.time() self.log("Seconds used: %s"%(tc1-tc0)) # if self.silica_flag: # filename="MA_Report_%s_%s_%s.html"%(self.ssid,self.host,tc1) # else: # filename="Mass_Attack2_report_%s_%s_%.0f.html"%(self.host,self.netmask,(time.time())) # if self.silica_flag: # sr = reporting.SilicaReport('massattack2', self.ssid) # data = sr.create_silica_report() # else: # data=self.report.generate_massattack_html() self.setInfo("Massattack2 scanned %s (done)"%(self.host)) return 1
def run(self): self.host = self.target.interface self.netmask = dInt( str(self.argsDict.get("netmask", self.netmask)).split(".")[0]) self.setInfo("Scanning %s" % (self.host)) self.log("Interface=%s" % self.host) self.log("Netmask=%s" % self.netmask) self.vulns = [] #clear it #print ips if not canvasengine.registeredallmodules: canvasengine.registerAllModules() self.run_on_all_alive_hosts() self.result = "" self.log("-" * 80) self.log("Printing all vulnerabilities found!") for v in self.vulns: self.log("Host: %s Vuln: %s" % (v[0], v[1])) self.result += "Vuln: %s\n" % (v[1]) self.log("-" * 80) self.setInfo("Scanning %s (done)" % (self.host)) return 1
def getCVEList(self): """ Create a dictionary where we link CVE Numbers to CANVAS module instances """ self.log("Finding CVEs for all installed modules...") canvasengine.registerAllModules() exploitmods_old = canvasengine.exploitmodsGet(False) bunkList = [ "N/A", '', 'Unknown', 'Unkown', 'None', 'None/SilentlyPatched' ] cveDict = {} # {str(CVE-Num): module Instance} skipList = 0 for key in exploitmods_old.keys(): try: exploitmods_old[key].DOCUMENTATION["CVE Name"] if exploitmods_old[key].DOCUMENTATION[ "CVE Name"] not in bunkList and exploitmods_old[ key].PROPERTY['SITE'] == 'Remote': # If it has a legitimate CVE number and it is a remote cveDict[ exploitmods_old[key].DOCUMENTATION["CVE Name"]] = key except: skipList += 1 self.log( "Found %d remote exploit modules with CVEs, skipped %d non-applicable modules" % (len(cveDict), skipList)) return cveDict, exploitmods_old
def run(self): self.getargs() self.log("Netmask=%s" % self.netmask) self.setInfo("%s attacking %s/%s" % (self.name, self.host, self.netmask)) ##Load all modules - though this should have been done on start up if not canvasengine.registeredallmodules: canvasengine.registerAllModules() ##Find the subset of modules we actually want to run - no DoS etc self.build_autohack_list() ##GO! this methos is in canvasexploit superclass, which calls back into the run_on_host method above ret = self.run_on_all_alive_hosts() ##Display pretty stuffs if not len(self.result): logging.warning( "Report is empty, either no module was run or we got no results" ) else: self.log("Autohack report:") for host, vuln, newnode in self.result: self.log("Used %s on %s" % (vuln, host.interface)) self.usedvuln = vuln self.log("End of autohack report") #print "Ret=%s"%ret #this is theexploit instance?!? self.setInfo("%s finished attacking %s/%s" % (self.name, self.host, self.netmask)) return ret
def run(self): self.getargs() self.log("Netmask=%s" % self.netmask) if not canvasengine.registeredallmodules: canvasengine.registerAllModules() ret = self.run_on_all_alive_hosts() self.log("Autoassess report:") for host, vuln, newnode in self.result: self.log("Used %s on %s" % (vuln, host.interface)) self.usedvuln = vuln self.log("End of autoassess report") return ret
def run(self): self.getargs() self.log("Netmask=%s" % self.netmask) if not canvasengine.registeredallmodules: canvasengine.registerAllModules() ret = self.run_on_all_alive_hosts() self.log("Autohack report:") for host, vuln, newnode in self.result: self.log("Used %s on %s" % (vuln, host.interface)) self.usedvuln = vuln self.log("End of autohack report") #print "Ret=%s"%ret #this is theexploit instance?!? return ret
def run(self): self.getargs() self.log("Netmask=%s" % self.netmask) if not canvasengine.registeredallmodules: canvasengine.registerAllModules() ret = self.run_on_all_alive_hosts() if not self.called_from_ThreadRunner2: self.log("Autoassess report:") for host, vuln, newnode in self.result: self.log("Used %s on %s" % (vuln, host.interface)) self.usedvuln = vuln self.log("End of autoassess report") else: self.log("Autoassess finished, returning to Vulnassess2..") return ret
def get_windows_local_map(self): canvasengine.registerAllModules() exploit_modules = canvasengine.exploitmodsGet() patch_map = {} for (module_name, exploit_module) in exploit_modules.iteritems(): if hasattr(exploit_module, "PROPERTY"): if all(["local" in exploit_module.PROPERTY["SITE"].lower(), "exploit" in exploit_module.PROPERTY["TYPE"].lower()]): if "MS PATCHES" in exploit_module.PROPERTY: for patch in exploit_module.PROPERTY["MS PATCHES"]: patch_map[patch] = exploit_module return patch_map
def getCVEList(self): """ Return a dict where {cve number : module name} """ canvasengine.registerAllModules() exploitmods_old = canvasengine.exploitmodsGet(False) bunkList = ["N/A", '', 'Unknown' , 'Unkown', 'None', 'None/SilentlyPatched'] cveDict = {} skipList = 0 for key in exploitmods_old.keys(): try: exploitmods_old[key].DOCUMENTATION["CVE Name"] if exploitmods_old[key].DOCUMENTATION["CVE Name"] not in bunkList: cveDict[exploitmods_old[key].DOCUMENTATION["CVE Name"]] = key except: skipList += 1 self.log_info("Found %d modules with CVEs, skipped %d" % (len(cveDict), skipList)) return cveDict
def run(self): sil_flag=False if self.argsDict.get("silica"): self.scan_lock() sil_flag=True self.getargs() self.log("Interface=%s"%self.host) self.log("Netmask=%s"%self.netmask) self.log("Maxthreads for VulnAssess: %d"%self.maxthreads) self.log("Whereami set to: %s"%self.whereami) self.log("Traceroute set to: %s"%self.traceroute) self.report=reporting.report(self.tpref, sil_flag) self.vulns=[] #clear it try: if not canvasengine.registeredallmodules: canvasengine.registerAllModules() self.node=self.argsDict["passednodes"][0] dothreads = "threads" in self.node.capabilities if not dothreads: self.log("Warning: not using threads because select node does not support threading") # Start passive os detection thread here if sil_flag: pof_thread = passive_os_detect.stpof(self,self.host,180,2) pof_thread.start() self.setInfo("[VulnAssess] Scanning network: %s/%s"%(self.host, self.netmask)) self.setProgress(5) # Run whereami to note where we're running from # Added toggle for customer 8/14/08 if self.whereami == True: app=self.engine.getModuleExploit("whereami") app.link(self) ret=app.run() else: self.log("Whereami set to off, proceding") self.run_on_all_alive_hosts(threads=dothreads) if sil_flag: pof_thread.stop_pof() print "Up to now we found: ", pof_thread.pofhosts self.report.pofhosts = pof_thread.pofhosts else: self.report.pofhosts = [] data=self.report.generate_vulnassess_html() if(self.silica): tdate = time.time() filename = "%sVA_Report_%s_%s_%s.html"%(self.tpref, self.ssid,self.host,tdate) else: filename="Vulnassess_report_%s_%s.html"%(self.host,self.netmask) filename = filename.replace("/", "") filename=os.path.join(canvas_reports_directory,filename) file(filename,"wb").write(data) self.log("Wrote HTML formatted report to: %s"%filename) self.setInfo("VulnAssess scanning %s (done)"%(self.host)) self.finish() except: self.finish() raise #this will raise the exception again return 1
def run(self): self.getargs() self.log("Interface=%s"%self.host) self.log("Netmask=%s"%self.netmask) self.log("Maxthreads for VulnAssess: %d"%self.maxthreads) self.log("Whereami set to: %s"%self.whereami) self.log("Traceroute set to: %s"%self.traceroute) self.localips=[] for node in self.argsDict.get("passednodes",[]): self.localips+=node.getallips() self.vulns=[] #clear it try: if not canvasengine.registeredallmodules: canvasengine.registerAllModules() ##Get the list of modules that we want autohack to run through (this will be made not static in future) fd=open(os.path.join(canvas_resources_directory,"vulnassess.txt"),"rb") self.exploit_modules=fd.readlines() fd.close() self.exploit_modules=map(str.strip,self.exploit_modules) self.node=self.argsDict["passednodes"][0] dothreads = "threads" in self.node.capabilities if not dothreads: self.log("Warning: not using threads because select node does not support threading, resetting maxthreads to 1.") self.maxthreads=1 self.setInfo("[VulnAssess2] Scanning network: %s/%s"%(self.host, self.netmask)) self.setProgress(5) # Run whereami to note where we're running from # Added toggle for customer 8/14/08 if self.whereami == True: app=self.engine.getModuleExploit("whereami") app.link(self) ret=app.run() else: self.log("Whereami set to off, proceding") self.run_threaded_on_alive_hosts(e_module="autoassess") # if self.silica_flag: # tdate = time.time() # filename = "VA_Report_%s_%s_%s.html"%(self.ssid,self.host,tdate) # sr = reporting.SilicaReport('VulnAssess2', self.ssid) # data = sr.create_silica_report() # else: # filename="Vulnassess2_report_%s_%s.html"%(self.host,self.netmask) # data=self.report.generate_vulnassess_html() self.setInfo("VulnAssess2 scanning %s (done)"%(self.host)) self.finish() except: self.finish() raise #this will raise the exception again return 1
def run(self): sil_flag = False if self.argsDict.get("silica"): sil_flag = True self.scan_lock() self.getargs() self.localips = [] for node in self.argsDict.get("passednodes", []): self.localips += node.getallips() self.setInfo("Attacking: %s" % (self.host)) self.log("Interface=%s" % self.host) self.log("Netmask=%s" % self.netmask) self.log("MaxThreads=%d" % self.maxthreads) self.report = reporting.report(self.tpref, sil_flag) self.vulns = [] #clear it #print ips if not canvasengine.registeredallmodules: canvasengine.registerAllModules() #time our scan run now = time.localtime(time.time()) # %y is broken it reports something like '22' strtime = time.strftime("%Y/%m/%d %H:%M", now) self.log("Start time: %s" % strtime) tc0 = time.time() self.node = self.argsDict["passednodes"][0] self.setInfo("[MassAttack2] Scanning network: %s/%s" % (self.host, self.netmask)) self.setProgress(5) if not "threads" in self.node.capabilities: self.log( "Warning: not using threads because selected node does not support threading, maxthreads reset to 1." ) ##We are running on a MOSDEFNode so we can't do stuffs in parallel, set number of threads to 1 self.maxthreads = 1 ##Do the scans self.run_threaded_on_alive_hosts(e_module="autohack") #end of our timing ... now = time.localtime(time.time()) # same as above strtime = time.strftime("%Y/%m/%d %H:%M", now) self.log("Stop time: %s" % strtime) tc1 = time.time() self.log("Seconds used: %s" % (tc1 - tc0)) if (self.silica): filename = "%sMA_Report_%s_%s_%s.html" % (self.tpref, self.ssid, self.host, tc1) else: filename = "Mass_Attack2_report_%s_%s.html" % (self.host, self.netmask) filename = filename.replace("/", "") filename = os.path.join(canvas_reports_directory, filename) data = self.report.generate_massattack_html() file(filename, "wb").write(data) self.log("Wrote HTML formatted report to: %s" % filename) self.setInfo("Scanning %s (done)" % (self.host)) if self.argsDict.get("silica"): self.scan_unlock() return 1