def run(self):
self.getargs()
self.localips=[]
for node in self.argsDict.get("passednodes",[]):
self.localips+=node.getallips()
self.setInfo("Massattack2 Attacking: %s"%(self.host))
self.log("Interface=%s"%self.host)
self.log("Netmask=%s"%self.netmask)
self.log("MaxThreads=%d"%self.maxthreads)
self.vulns=[] #clear it
#print ips
if not canvasengine.registeredallmodules:
canvasengine.registerAllModules()
#time our scan run
now=time.localtime(time.time())
# %y is broken it reports something like '22'
strtime=time.strftime("%Y/%m/%d %H:%M", now)
self.log("Start time: %s"%strtime)
tc0=time.time()
self.node=self.argsDict["passednodes"][0]
self.setInfo("[MassAttack2] Scanning network: %s/%s"%(self.host, self.netmask))
self.setProgress(5)
if not "threads" in self.node.capabilities:
self.log("Warning: not using threads because selected node does not support threading, maxthreads reset to 1.")
##We are running on a MOSDEFNode so we can't do stuffs in parallel, set number of threads to 1
self.maxthreads=1
##Do the scans
self.run_threaded_on_alive_hosts(e_module="autohack")
#end of our timing ...
now=time.localtime(time.time())
# same as above
strtime=time.strftime("%Y/%m/%d %H:%M", now)
self.log("Stop time: %s"%strtime)
tc1=time.time()
self.log("Seconds used: %s"%(tc1-tc0))
# if self.silica_flag:
# filename="MA_Report_%s_%s_%s.html"%(self.ssid,self.host,tc1)
# else:
# filename="Mass_Attack2_report_%s_%s_%.0f.html"%(self.host,self.netmask,(time.time()))
# if self.silica_flag:
# sr = reporting.SilicaReport('massattack2', self.ssid)
# data = sr.create_silica_report()
# else:
# data=self.report.generate_massattack_html()
self.setInfo("Massattack2 scanned %s (done)"%(self.host))
return 1
def run(self):
self.host = self.target.interface
self.netmask = dInt(
str(self.argsDict.get("netmask", self.netmask)).split(".")[0])
self.setInfo("Scanning %s" % (self.host))
self.log("Interface=%s" % self.host)
self.log("Netmask=%s" % self.netmask)
self.vulns = [] #clear it
#print ips
if not canvasengine.registeredallmodules:
canvasengine.registerAllModules()
self.run_on_all_alive_hosts()
self.result = ""
self.log("-" * 80)
self.log("Printing all vulnerabilities found!")
for v in self.vulns:
self.log("Host: %s Vuln: %s" % (v[0], v[1]))
self.result += "Vuln: %s\n" % (v[1])
self.log("-" * 80)
self.setInfo("Scanning %s (done)" % (self.host))
return 1
def getCVEList(self):
"""
Create a dictionary where we link CVE Numbers to CANVAS module instances
"""
self.log("Finding CVEs for all installed modules...")
canvasengine.registerAllModules()
exploitmods_old = canvasengine.exploitmodsGet(False)
bunkList = [
"N/A", '', 'Unknown', 'Unkown', 'None', 'None/SilentlyPatched'
]
cveDict = {} # {str(CVE-Num): module Instance}
skipList = 0
for key in exploitmods_old.keys():
try:
exploitmods_old[key].DOCUMENTATION["CVE Name"]
if exploitmods_old[key].DOCUMENTATION[
"CVE Name"] not in bunkList and exploitmods_old[
key].PROPERTY['SITE'] == 'Remote':
# If it has a legitimate CVE number and it is a remote
cveDict[
exploitmods_old[key].DOCUMENTATION["CVE Name"]] = key
except:
skipList += 1
self.log(
"Found %d remote exploit modules with CVEs, skipped %d non-applicable modules"
% (len(cveDict), skipList))
return cveDict, exploitmods_old
def run(self):
self.getargs()
self.log("Netmask=%s" % self.netmask)
self.setInfo("%s attacking %s/%s" %
(self.name, self.host, self.netmask))
##Load all modules - though this should have been done on start up
if not canvasengine.registeredallmodules:
canvasengine.registerAllModules()
##Find the subset of modules we actually want to run - no DoS etc
self.build_autohack_list()
##GO! this methos is in canvasexploit superclass, which calls back into the run_on_host method above
ret = self.run_on_all_alive_hosts()
##Display pretty stuffs
if not len(self.result):
logging.warning(
"Report is empty, either no module was run or we got no results"
)
else:
self.log("Autohack report:")
for host, vuln, newnode in self.result:
self.log("Used %s on %s" % (vuln, host.interface))
self.usedvuln = vuln
self.log("End of autohack report")
#print "Ret=%s"%ret #this is theexploit instance?!?
self.setInfo("%s finished attacking %s/%s" %
(self.name, self.host, self.netmask))
return ret
def run(self):
self.getargs()
self.log("Netmask=%s" % self.netmask)
if not canvasengine.registeredallmodules:
canvasengine.registerAllModules()
ret = self.run_on_all_alive_hosts()
self.log("Autoassess report:")
for host, vuln, newnode in self.result:
self.log("Used %s on %s" % (vuln, host.interface))
self.usedvuln = vuln
self.log("End of autoassess report")
return ret
def run(self):
self.getargs()
self.log("Netmask=%s" % self.netmask)
if not canvasengine.registeredallmodules:
canvasengine.registerAllModules()
ret = self.run_on_all_alive_hosts()
self.log("Autohack report:")
for host, vuln, newnode in self.result:
self.log("Used %s on %s" % (vuln, host.interface))
self.usedvuln = vuln
self.log("End of autohack report")
#print "Ret=%s"%ret #this is theexploit instance?!?
return ret
def run(self):
self.getargs()
self.log("Netmask=%s" % self.netmask)
if not canvasengine.registeredallmodules:
canvasengine.registerAllModules()
ret = self.run_on_all_alive_hosts()
if not self.called_from_ThreadRunner2:
self.log("Autoassess report:")
for host, vuln, newnode in self.result:
self.log("Used %s on %s" % (vuln, host.interface))
self.usedvuln = vuln
self.log("End of autoassess report")
else:
self.log("Autoassess finished, returning to Vulnassess2..")
return ret
def get_windows_local_map(self):
canvasengine.registerAllModules()
exploit_modules = canvasengine.exploitmodsGet()
patch_map = {}
for (module_name, exploit_module) in exploit_modules.iteritems():
if hasattr(exploit_module, "PROPERTY"):
if all(["local" in exploit_module.PROPERTY["SITE"].lower(),
"exploit" in exploit_module.PROPERTY["TYPE"].lower()]):
if "MS PATCHES" in exploit_module.PROPERTY:
for patch in exploit_module.PROPERTY["MS PATCHES"]:
patch_map[patch] = exploit_module
return patch_map
def getCVEList(self):
"""
Return a dict where {cve number : module name}
"""
canvasengine.registerAllModules()
exploitmods_old = canvasengine.exploitmodsGet(False)
bunkList = ["N/A", '', 'Unknown' , 'Unkown', 'None', 'None/SilentlyPatched']
cveDict = {}
skipList = 0
for key in exploitmods_old.keys():
try:
exploitmods_old[key].DOCUMENTATION["CVE Name"]
if exploitmods_old[key].DOCUMENTATION["CVE Name"] not in bunkList:
cveDict[exploitmods_old[key].DOCUMENTATION["CVE Name"]] = key
except:
skipList += 1
self.log_info("Found %d modules with CVEs, skipped %d" % (len(cveDict), skipList))
return cveDict
def run(self):
sil_flag=False
if self.argsDict.get("silica"):
self.scan_lock()
sil_flag=True
self.getargs()
self.log("Interface=%s"%self.host)
self.log("Netmask=%s"%self.netmask)
self.log("Maxthreads for VulnAssess: %d"%self.maxthreads)
self.log("Whereami set to: %s"%self.whereami)
self.log("Traceroute set to: %s"%self.traceroute)
self.report=reporting.report(self.tpref, sil_flag)
self.vulns=[] #clear it
try:
if not canvasengine.registeredallmodules:
canvasengine.registerAllModules()
self.node=self.argsDict["passednodes"][0]
dothreads = "threads" in self.node.capabilities
if not dothreads:
self.log("Warning: not using threads because select node does not support threading")
# Start passive os detection thread here
if sil_flag:
pof_thread = passive_os_detect.stpof(self,self.host,180,2)
pof_thread.start()
self.setInfo("[VulnAssess] Scanning network: %s/%s"%(self.host, self.netmask))
self.setProgress(5)
# Run whereami to note where we're running from
# Added toggle for customer 8/14/08
if self.whereami == True:
app=self.engine.getModuleExploit("whereami")
app.link(self)
ret=app.run()
else:
self.log("Whereami set to off, proceding")
self.run_on_all_alive_hosts(threads=dothreads)
if sil_flag:
pof_thread.stop_pof()
print "Up to now we found: ", pof_thread.pofhosts
self.report.pofhosts = pof_thread.pofhosts
else:
self.report.pofhosts = []
data=self.report.generate_vulnassess_html()
if(self.silica):
tdate = time.time()
filename = "%sVA_Report_%s_%s_%s.html"%(self.tpref, self.ssid,self.host,tdate)
else:
filename="Vulnassess_report_%s_%s.html"%(self.host,self.netmask)
filename = filename.replace("/", "")
filename=os.path.join(canvas_reports_directory,filename)
file(filename,"wb").write(data)
self.log("Wrote HTML formatted report to: %s"%filename)
self.setInfo("VulnAssess scanning %s (done)"%(self.host))
self.finish()
except:
self.finish()
raise #this will raise the exception again
return 1
def run(self):
self.getargs()
self.log("Interface=%s"%self.host)
self.log("Netmask=%s"%self.netmask)
self.log("Maxthreads for VulnAssess: %d"%self.maxthreads)
self.log("Whereami set to: %s"%self.whereami)
self.log("Traceroute set to: %s"%self.traceroute)
self.localips=[]
for node in self.argsDict.get("passednodes",[]):
self.localips+=node.getallips()
self.vulns=[] #clear it
try:
if not canvasengine.registeredallmodules:
canvasengine.registerAllModules()
##Get the list of modules that we want autohack to run through (this will be made not static in future)
fd=open(os.path.join(canvas_resources_directory,"vulnassess.txt"),"rb")
self.exploit_modules=fd.readlines()
fd.close()
self.exploit_modules=map(str.strip,self.exploit_modules)
self.node=self.argsDict["passednodes"][0]
dothreads = "threads" in self.node.capabilities
if not dothreads:
self.log("Warning: not using threads because select node does not support threading, resetting maxthreads to 1.")
self.maxthreads=1
self.setInfo("[VulnAssess2] Scanning network: %s/%s"%(self.host, self.netmask))
self.setProgress(5)
# Run whereami to note where we're running from
# Added toggle for customer 8/14/08
if self.whereami == True:
app=self.engine.getModuleExploit("whereami")
app.link(self)
ret=app.run()
else:
self.log("Whereami set to off, proceding")
self.run_threaded_on_alive_hosts(e_module="autoassess")
# if self.silica_flag:
# tdate = time.time()
# filename = "VA_Report_%s_%s_%s.html"%(self.ssid,self.host,tdate)
# sr = reporting.SilicaReport('VulnAssess2', self.ssid)
# data = sr.create_silica_report()
# else:
# filename="Vulnassess2_report_%s_%s.html"%(self.host,self.netmask)
# data=self.report.generate_vulnassess_html()
self.setInfo("VulnAssess2 scanning %s (done)"%(self.host))
self.finish()
except:
self.finish()
raise #this will raise the exception again
return 1
def run(self):
sil_flag = False
if self.argsDict.get("silica"):
sil_flag = True
self.scan_lock()
self.getargs()
self.localips = []
for node in self.argsDict.get("passednodes", []):
self.localips += node.getallips()
self.setInfo("Attacking: %s" % (self.host))
self.log("Interface=%s" % self.host)
self.log("Netmask=%s" % self.netmask)
self.log("MaxThreads=%d" % self.maxthreads)
self.report = reporting.report(self.tpref, sil_flag)
self.vulns = [] #clear it
#print ips
if not canvasengine.registeredallmodules:
canvasengine.registerAllModules()
#time our scan run
now = time.localtime(time.time())
# %y is broken it reports something like '22'
strtime = time.strftime("%Y/%m/%d %H:%M", now)
self.log("Start time: %s" % strtime)
tc0 = time.time()
self.node = self.argsDict["passednodes"][0]
self.setInfo("[MassAttack2] Scanning network: %s/%s" %
(self.host, self.netmask))
self.setProgress(5)
if not "threads" in self.node.capabilities:
self.log(
"Warning: not using threads because selected node does not support threading, maxthreads reset to 1."
)
##We are running on a MOSDEFNode so we can't do stuffs in parallel, set number of threads to 1
self.maxthreads = 1
##Do the scans
self.run_threaded_on_alive_hosts(e_module="autohack")
#end of our timing ...
now = time.localtime(time.time())
# same as above
strtime = time.strftime("%Y/%m/%d %H:%M", now)
self.log("Stop time: %s" % strtime)
tc1 = time.time()
self.log("Seconds used: %s" % (tc1 - tc0))
if (self.silica):
filename = "%sMA_Report_%s_%s_%s.html" % (self.tpref, self.ssid,
self.host, tc1)
else:
filename = "Mass_Attack2_report_%s_%s.html" % (self.host,
self.netmask)
filename = filename.replace("/", "")
filename = os.path.join(canvas_reports_directory, filename)
data = self.report.generate_massattack_html()
file(filename, "wb").write(data)
self.log("Wrote HTML formatted report to: %s" % filename)
self.setInfo("Scanning %s (done)" % (self.host))
if self.argsDict.get("silica"):
self.scan_unlock()
return 1
