def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
ports = kb.get([
'service/https/host/' + t + '/tcpport',
'service/ssl/host/' + t + '/tcpport'
])
for port in ports:
# verify we have not tested this host before
if not self.seentarget(t + str(port)):
# add the new IP to the already seen list
self.addseentarget(t + str(port))
# run nmap
n = mynmap(self.config, self.display)
scan_results = n.run(
target=t,
flags=
"--script ssl-ccs-injection,ssl-cert,ssl-date,ssl-dh-params,"
"ssl-enum-ciphers,ssl-google-cert-catalog,ssl-heartbleed,"
"ssl-known-key,ssl-poodle,sslv2",
ports=str(port),
vector=self.vector,
filetag=t + "_" + str(port) + "_SSLSCAN")['scan']
return
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
self.display.verbose(self.shortName + " - Connecting to " + t)
# run nmap
n = mynmap(self.config, self.display)
scan_results = n.run(target=t,
flags="--script=smb-enum-shares",
ports="445",
vector=self.vector,
filetag=t + "_SMBSHARESCAN")['scan']
tree = ET.parse(n.outfile + '.xml')
root = tree.getroot()
for table in root.iter('table'):
sharename = table.attrib["key"]
for elem in table:
if elem.text is not None:
kb.add("host/" + t + "/shares/SMB/" + sharename +
"/" + str(elem.attrib['key'] + ": " +
elem.text).replace("/", "%2F"))
return
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
self.display.verbose(self.shortName + " - Connecting to " + t)
# run nmap
n = mynmap(self.config, self.display)
scan_results = n.run(target=t, flags="--script=smb-enum-shares", ports="445", vector=self.vector,
filetag=t + "_SMBSHARESCAN")['scan']
tree = ET.parse(n.outfile + '.xml')
root = tree.getroot()
for table in root.iter('table'):
sharename = table.attrib["key"]
for elem in table:
if elem.text is not None:
kb.add("host/" + t + "/shares/SMB/" + sharename + "/" + str(elem.attrib['key'] + ": " + elem.text).replace("/", "%2F"))
return
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
self.display.verbose(self.shortName + " - Connecting to " + t)
# run nmap
n = mynmap(self.config, self.display)
scan_results = n.run(target=t, flags="--script=vnc-brute", ports="5800,5900", vector=self.vector,
filetag=t + "_VNCBRUTE")['scan']
tree = ET.parse(n.outfile + '.xml')
root = tree.getroot()
for porttag in tree.iter('port'):
portnum = porttag.attrib['portid']
for scriptid in porttag.findall('script'):
if scriptid.attrib['id'] == "vnc-brute":
if scriptid.attrib['output'] == "No authentication required":
self.addVuln(t, "VNCNoAuth", {"port":portnum,"message":"No authentication required","output": n.outfile.replace("/", "%2F") + ".xml"})
self.fire("VNCNoAuth")
for elem in scriptid.iter('elem'):
if elem.attrib['key'] == "password":
self.addVuln(t, "VNCBrutePass", {"port":portnum, "password":elem.text})
self.fire("VNCBrutePass")
return
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
self.display.verbose(self.shortName + " - Connecting to " + t)
# run nmap
n = mynmap(self.config, self.display)
scan_results = n.run(target=t, flags="--script=vnc-brute", ports="5800,5900", vector=self.vector,
filetag=t + "_VNCBRUTE")['scan']
tree = ET.parse(n.outfile + '.xml')
root = tree.getroot()
for porttag in tree.iter('port'):
portnum = porttag.attrib['portid']
for scriptid in porttag.findall('script'):
if scriptid.attrib['id'] == "vnc-brute":
if scriptid.attrib['output'] == "No authentication required":
self.addVuln(t, "VNCNoAuth", {"port":portnum,"message":"No authentication required","output": n.outfile.replace("/", "%2F") + ".xml"})
self.fire("VNCNoAuth")
for elem in scriptid.iter('elem'):
if elem.attrib['key'] == "password":
self.addVuln(t, "VNCBrutePass", {"port":portnum, "password":elem.text})
slef.fire("VNCBrutePass")
return
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
temp_file = self.config["proofsDir"] + Utils.getRandStr(10)
# run nmap
n = mynmap(self.config, self.diaplay)
scan_results = n.run(target=t,
flags="-sS -A",
vector=self.vector)['scan']
# loop over scan results and do anything you need
# fire any new triggers that are needed
# self.fire("TEST123")
for host in scan_results.keys():
# loop over each proto and process it
for proto in ['tcp', 'udp']:
if (proto in scan_results[host]):
# loop over each proto and process it
for port in scan_results[host][proto].keys():
# only worry about open ports
if (scan_results[host][proto][port]["state"] ==
"open"):
# fire event for "newPortXXX"
self.fire("newPort" + str(port))
kb.add(
'host/' + host + '/' + proto + 'port',
port)
# process services and info
s = scan_results[host][proto][port]
# print "%s - %i/%s (%s) \"%s %s\" [%s]" % (host, port, proto, s['name'],
# s['product'], s['version'], s['extrainfo'])
if (s['name'] == 'http') or (s['name']
== 'https'):
self.fire('web')
# check for any scripts and loop over them
if ('script' in scan_results[host][proto]
[port].keys()):
for script in scan_results[host][
proto][port]['script'].keys():
a = 1
# print " %s - [[%s]]" % (script, scan_results[host][proto][port][
# 'script'][script])
return
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
self.display.verbose(self.shortName + " - Connecting to " + t)
# run nmap
n = mynmap(self.config, self.display)
scan_results = n.run(target=t,
flags="--script=nfs-ls,nfs-showmount",
ports="111",
vector=self.vector,
filetag=t + "_NFSSHARESCAN")['scan']
tree = ET.parse(n.outfile + '.xml')
root = tree.getroot()
for volumestable in root.iter("table"):
if volumestable.attrib.has_key(
'key') and volumestable.attrib['key'] == "volumes":
for volume in volumestable:
sharename = ""
shareinfo = ""
files = {}
for elem in volume:
if elem.attrib["key"] == "volume":
sharename = elem.text.replace("/", "%2F")
if elem.attrib["key"] == "info":
shareinfo = elem[0].text.replace(
"/", "%2F")
if elem.attrib["key"] == "files":
for file in elem:
newfile = {}
for fileprop in file:
newfile[fileprop.attrib[
"key"]] = fileprop.text
files[newfile["filename"]] = newfile
kb.add("host/" + t + "/shares/NFS/" + sharename +
"/" + str("Info: " + shareinfo))
for file in files:
# TODO - Maybe revisit adding more file properties here in addition to names
kb.add("host/" + t + "/shares/NFS/" +
sharename + "/Files/" +
str(file).replace("/", "%2F"))
return
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen lisT
self.addseentarget(t)
self.display.verbose(self.shortName + " - Connecting to " + t)
# run nmap
n = mynmap(self.config, self.display, hostScriptFunc=self.myProcessHostScript)
scan_results = n.run(target=t, flags="--script vuln", ports="445", vector=self.vector, filetag=t + "_MSVULNSCAN")
return
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
# run nmap
n = mynmap(self.config, self.display, hostScriptFunc=self.myProcessHostScript)
scan_results = n.run(target=t, flags="--script smb-security-mode", ports="445", vector=self.vector, filetag=t + "_SMBSIGNINGSCAN")
return
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
self.display.verbose(self.shortName + " - Connecting to " + t)
# run nmap
n = mynmap(self.config, self.display, portScriptFunc=self.myProcessPortScript)
scan_results = n.run(target=t, flags="--script realvnc-auth-bypass", ports="5800,5900", vector=self.vector, filetag=t + "_VNCAUTHBYPASS")
return
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
self.display.verbose(self.shortName + " - Connecting to " + t)
# run nmap
n = mynmap(self.config, self.display, portScriptFunc=self.myProcessPortScript)
scan_results = n.run(target=t, flags="--script vnc-brute", ports="5800,5900", vector=self.vector, filetag=t + "_VNCBRUTE")
return
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
self.display.verbose(self.shortName + " - Connecting to " + t)
# run nmap
n = mynmap(self.config, self.display)
scan_results = n.run(target=t, flags="--script=vnc-brute", ports="5800,5900", vector=self.vector,
filetag=t + "_VNCBRUTE")['scan']
return
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
self.display.verbose(self.shortName + " - Connecting to " + t)
# run nmap
n = mynmap(self.config, self.display)
scan_results = n.run(target=t, flags="--script=nfs-ls,nfs-showmount", ports="2049", vector=self.vector,
filetag=t + "_NFSSHARESCAN")['scan']
# TODO - process results
return
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
self.display.verbose(self.shortName + " - Connecting to " + t)
# run nmap
n = mynmap(self.config, self.display)
scan_results = n.run(target=t,
flags="--script smb-vuln-ms08-067.nse",
ports="445",
vector=self.vector,
filetag=t + "_MS08067SCAN")['scan']
return
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
temp_file = self.config["proofsDir"] + Utils.getRandStr(10)
# run nmap
n = mynmap(self.config, self.diaplay)
scan_results = n.run(target=t, flags="-sS -A", vector=self.vector)['scan']
# loop over scan results and do anything you need
# fire any new triggers that are needed
# self.fire("TEST123")
for host in scan_results.keys():
# loop over each proto and process it
for proto in ['tcp', 'udp']:
if (proto in scan_results[host]):
# loop over each proto and process it
for port in scan_results[host][proto].keys():
# only worry about open ports
if (scan_results[host][proto][port]["state"] == "open"):
# fire event for "newPortXXX"
self.fire("newPort" + str(port))
kb.add('host/' + host + '/' + proto + 'port', port)
# process services and info
s = scan_results[host][proto][port]
# print "%s - %i/%s (%s) \"%s %s\" [%s]" % (host, port, proto, s['name'],
# s['product'], s['version'], s['extrainfo'])
if (s['name'] == 'http') or (s['name'] == 'https'):
self.fire('web')
# check for any scripts and loop over them
if ('script' in scan_results[host][proto][port].keys()):
for script in scan_results[host][proto][port]['script'].keys():
a = 1
# print " %s - [[%s]]" % (script, scan_results[host][proto][port][
# 'script'][script])
return
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
# run nmap
n = mynmap(self.config, self.display)
scan_results = n.run(target=t,
flags="--script=smb-security-mode",
ports="445",
vector=self.vector,
filetag=t + "_SMBSINGINGSCAN")['scan']
# TODO - process results
return
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
self.display.verbose(self.shortName + " - Connecting to " + t)
# run nmap
n = mynmap(self.config, self.display)
scan_results = n.run(target=t, flags="--script=nfs-ls,nfs-showmount", ports="111", vector=self.vector,
filetag=t + "_NFSSHARESCAN")['scan']
tree = ET.parse(n.outfile + '.xml')
root = tree.getroot()
for volumestable in root.iter("table"):
if volumestable.attrib.has_key('key') and volumestable.attrib['key'] == "volumes":
for volume in volumestable:
sharename = ""
shareinfo = ""
files = {}
for elem in volume:
if elem.attrib["key"] == "volume":
sharename = elem.text.replace("/", "%2F")
if elem.attrib["key"] == "info":
shareinfo = elem[0].text.replace("/", "%2F")
if elem.attrib["key"] == "files":
for file in elem:
newfile = {}
for fileprop in file:
newfile[fileprop.attrib["key"]] = fileprop.text
files[newfile["filename"]] = newfile
kb.add("host/" + t + "/shares/NFS/" + sharename + "/" + str("Info: " + shareinfo))
for file in files:
# TODO - Maybe revisit adding more file properties here in addition to names
kb.add("host/" + t + "/shares/NFS/" + sharename + "/Files/" + str(file).replace("/", "%2F"))
return
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
self.display.verbose(self.shortName + " - Connecting to " + t)
# run nmap
n = mynmap(self.config,
self.display,
hostScriptFunc=self.myProcessHostScript)
scan_results = n.run(target=t,
flags="--script smb-enum-shares",
ports="445",
vector=self.vector,
filetag=t + "_SMBSHARESCAN")
return
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
# run nmap
n = mynmap(self.config, self.display)
scan_results = n.run(target=t, flags="--script=smb-security-mode", ports="445", vector=self.vector,
filetag=t + "_SMBSINGINGSCAN")['scan']
tree = ET.parse(n.outfile + '.xml')
root = tree.getroot()
account_used = ""
authentication_level = ""
challenge_response = ""
message_signing = ""
for elem in root.iter("elem"):
if elem.attrib["key"] == "account_used":
account_used = elem.text
elif elem.attrib["key"] == "authentication_level":
authentication_level = elem.text
elif elem.attrib["key"] == "challenge_response":
challenge_response = elem.text
elif elem.attrib["key"] == "message_signing":
message_signing = elem.text
if message_signing == "disabled":
self.addVuln(t, "SMBSigningDisabled", {"port": "445",
"output": n.outfile.replace("/", "%2F") + ".xml",
"Account Used": account_used,
"Authentication Level": authentication_level,
"Challenge Response": challenge_response,
"Message Signing": message_signing})
self.fire("SMBSigningDisabled")
return
def process(self, inputfile):
n = mynmap(self.config, self.display)
n.loadXMLFile(inputfile, "nmapFile")
return
