adrien/lanScan2
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: adrien:5378e16e2468588a441a1e37ceb38239f0851374
Branches Tags
adrien:master
...
compare: adrien:master
Branches Tags
adrien:master

24 Commits
5378e16e24 ... master

Author SHA1 Message Date
adrien
9df3ae155a Merge branch 'master' of https://git.malingrey.fr/adrien/lanScan2 2023-05-16 09:47:55 +02:00
adrien
3775302fd1 five columns 2023-05-16 09:47:33 +02:00
adrien
d20c41693e change title order 2023-05-15 18:52:25 +02:00
adrien
3f662bafcc change 'hosts' to 'group' 2023-05-15 16:40:36 +02:00
adrien
87cedd0bce change file extensions 2023-05-15 16:17:18 +02:00
adrien
1046de0b8d change file extensions 2023-05-15 16:15:30 +02:00
adrien
0ac085a97e -Pn 2023-05-12 17:52:17 +02:00
adrien
bc04ce19a7 smb-shares-size in port script 2023-05-12 02:40:34 +02:00
adrien
1e26473930 show min(FreeSize/TotalSize) in smb button 2023-05-12 00:24:37 +02:00
adrien
657946708a css .share-size 2023-05-11 13:31:17 +02:00
adrien
c85c175416 improve smb share size 2023-05-11 12:09:05 +02:00
adrien
08187df3a8 rename script-args.ini 2023-05-11 11:13:28 +02:00
adrien
e42c1342eb Merge branch 'master' of https://git.malingrey.fr/adrien/lanScan2 2023-05-11 11:12:13 +02:00
adrien
e577ccb4c1 rename script-args.ini 2023-05-11 11:11:51 +02:00
adrien
5e4fb1aa61 fix "/usr/bin/../share/nmap/nselib/http.lua:1795: attempt to index a nil value (local 'options')" 2023-05-10 21:10:44 +02:00
adrien
556268b1e1 script_args.ini 2023-05-10 20:41:00 +02:00
adrien
8cb8a6cb04 ignore script_args.ini 2023-05-10 20:34:42 +02:00
Adrien MALINGREY
8098697c4d Mise à jour de 'nse/script_args.ini' 2023-05-10 18:56:22 +02:00
adrien
2f3bb6c4f3 share size xsl 2023-05-10 18:54:57 +02:00
adrien
d6207258ac rename 2023-05-10 17:42:17 +02:00
adrien
0ffd304d2d du script working! 2023-05-10 16:15:36 +02:00
adrien
a3c06ef825 merge 2023-05-09 16:18:07 +02:00
adrien
bbee70cef8 merge 2023-05-09 16:15:16 +02:00
adrien
e2e255f690 merge 2023-05-09 15:27:40 +02:00
15 changed files with 299 additions and 210 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
nse/script-args.ini
configs/ configs/
scans/ scans/
site/ site/

4
LISEZMOI.md
View File

@ -4,8 +4,8 @@ Scanne des hôtes avec `nmap`
et affiche le résultat dans une page web. et affiche le résultat dans une page web.
* Créer un fichier de configuration YAML dans un sous-dossier ./configs/ (voir l'exemple ci-dessous). * Créer un fichier de configuration YAML dans un sous-dossier ./configs/ (voir l'exemple ci-dessous).
Il peut être généré en scannant un réseau avec : `./discover <CIDR>`. Il peut être généré en scannant un réseau avec : `./discover.sh <CIDR>`.
* Scanner avec le script `./scan_all` (utiliser une tâche cron !). * Scanner avec le script `./scan_all.sh` (utiliser une tâche cron !).
* Voir les résultats en ouvrant `.\index.php` dans le navigateur web. * Voir les résultats en ouvrant `.\index.php` dans le navigateur web.
## Exemple ## Exemple

4
README.md
View File

@ -3,8 +3,8 @@
Scan hosts with `nmap` and display results in webpage. Scan hosts with `nmap` and display results in webpage.
* Create a configuration yaml file in ./configs/ subdirectory (see example below). * Create a configuration yaml file in ./configs/ subdirectory (see example below).
It may be generated by scanning a network with `./discover <CIDR>`. It may be generated by scanning a network with `./discover.sh <CIDR>`.
* Scan with `./scan_all` (use a cron task!). * Scan with `./scan_all.sh` (use a cron task!).
* Open `.\index.php` in web browser to see results. * Open `.\index.php` in web browser to see results.
## Example ## Example

4
discover → discover.sh
View File

@ -19,7 +19,7 @@ site="${network/\//_}"
mkdir -p "scans" mkdir -p "scans"
nmap -F -oX "scans/$site.xml" $network nmap -F -oX "scans/$site.xml" $network
mkdir -p "configs" mkdir -p "configs"
xsltproc --stringparam network "$network" to_config.xsl "scans/$site.xml" > "configs/$site.yaml" xsltproc --stringparam network "$network" to_config.xsl "scans/$site.xml" > "configs/$site.yml"
php to_XML.php "configs/$site.yaml" > "site/$site.xml" php to_XML.php "configs/$site.yml" > "site/$site.xml"
popd > /dev/null popd > /dev/null

6
nmap_cmd.xsl
View File

@ -8,9 +8,9 @@
<xsl:param name="site"/> <xsl:param name="site"/>
<xsl:template match="lanScan"> <xsl:template match="lanScan">
<xsl:text>nmap -v -T4 -p </xsl:text> <xsl:text>nmap -v -T4 -Pn -p </xsl:text>
<xsl:apply-templates select="//service[not(.=preceding::*)]" /> <xsl:apply-templates select="//service[not(.=preceding::*)]" />
<xsl:text> --script "nse/" -oX "</xsl:text> <xsl:text> --script nse/ --datadir nse/ --script-args-file script-args.ini -oX "</xsl:text>
<xsl:value-of select="@scanpath"/> <xsl:value-of select="@scanpath"/>
<xsl:text>.tmp" </xsl:text> <xsl:text>.tmp" </xsl:text>
<xsl:apply-templates select="//host"/> <xsl:apply-templates select="//host"/>
@ -32,4 +32,4 @@
</xsl:if> </xsl:if>
</xsl:template> </xsl:template>
</xsl:stylesheet> </xsl:stylesheet>

8
nse/http-info.nse
View File

@ -7,7 +7,7 @@ Get and return a page info
--- ---
-- @args http-get.path Path to get. Default /. -- @args http-get.path Path to get. Default /.
-- --
-- @usage nmap -p80 --script http-info.nse --script-args http-info.path=/ <target> -- @usage nmap -p80 --script http-info.nse --script-args http-info.path=/ <host>
-- --
-- @output -- @output
-- status: 200 -- status: 200
@ -20,7 +20,6 @@ license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
portrule = shortport.service({"http", "https", "ssl"}) portrule = shortport.service({"http", "https", "ssl"})
local http = require "http" local http = require "http"
local stdnse = require "stdnse" local stdnse = require "stdnse"
@ -43,7 +42,8 @@ action = function(host, port)
end end
uri = scheme.."://"..hostaddress..":"..port.number..path uri = scheme.."://"..hostaddress..":"..port.number..path
local answer = http.get_url(uri) stdnse.debug1("Try to download %s", uri)
local answer = http.get_url(uri, {})
local info = {status=answer.status, ["status-line"]=answer["status-line"]} local info = {status=answer.status, ["status-line"]=answer["status-line"]}
@ -61,7 +61,7 @@ action = function(host, port)
end end
favicon_absolute_uri = scheme.."://"..hostaddress..":"..port.number..favicon_relative_uri favicon_absolute_uri = scheme.."://"..hostaddress..":"..port.number..favicon_relative_uri
favicon = http.get_url(favicon_absolute_uri) favicon = http.get_url(favicon_absolute_uri, {})
if (favicon and favicon.status == 200) then if (favicon and favicon.status == 200) then
stdnse.debug1("[SUCCESS] Load favicon %s", favicon_absolute_uri) stdnse.debug1("[SUCCESS] Load favicon %s", favicon_absolute_uri)

2
nse/script-args.ini Normal file
View File

@ -0,0 +1,2 @@
smbuser =
smbpassword =

139
nse/smb-shares-du.nse
View File

@ -1,139 +0,0 @@
local stdnse = require "stdnse"
local smb = require "smb"
local msrpc = require "msrpc"
local msrpctypes = require "msrpctypes"
hostrule = function(host)
return smb.get_port(host) ~= nil
end
action = function(host)
local status, shares, extra
local response = stdnse.output_table()
-- Try and do this the good way, make a MSRPC call to get the shares
stdnse.debug1("SMB: Attempting to log into the system to enumerate shares")
status, shares = msrpc.enum_shares(host)
if(status == false) then
return stdnse.format_output(false, string.format("Couldn't enumerate shares: %s", shares))
end
-- Get more information on each share
for i = 1, #shares, 1 do
local share = shares[i]
stdnse.debug1("SMB: Getting information for share: %s", share)
status, result = get_share_info(host, share)
response[share] = result
end
return response
end
---Attempts to retrieve additional information about a share. Will fail unless we have
-- administrative access.
--
--@param host The host object.
--@return Status (true or false).
--@return A table of information about the share (if status is true) or an an error string (if
-- status is false).
function get_share_info(host, name)
local response = {}
-- Create the SMB session
local status, smbstate = msrpc.start_smb(host, msrpc.SRVSVC_PATH)
if(status == false) then
return false, smbstate
end
-- Bind to SRVSVC service
local status, bind_result = msrpc.bind(smbstate, msrpc.SRVSVC_UUID, msrpc.SRVSVC_VERSION, nil)
if(status == false) then
smb.stop(smbstate)
return false, bind_result
end
-- Call NetShareGetInfo
local status, netsharegetinfo_result = srvsvc_netsharegetinfo(smbstate, host.ip, name, 2)
stdnse.debug2("NetShareGetInfo status:%s result:%s", status, netsharegetinfo_result)
if(status == false) then
if(string.find(netsharegetinfo_result, "NT_STATUS_WERR_ACCESS_DENIED")) then
stdnse.debug2("Calling NetShareGetInfo with information level 1")
status, netsharegetinfo_result = srvsvc_netsharegetinfo(smbstate, host.ip, name, 1)
if status then
smb.stop(smbstate)
return true, netsharegetinfo_result
end
end
smb.stop(smbstate)
return false, netsharegetinfo_result
end
smb.stop(smbstate)
return true, netsharegetinfo_result
end
---Call the MSRPC function <code>netsharegetinfo</code> on the remote system. This function retrieves extra information about a share
-- on the system.
--
--@param smbstate The SMB state table
--@param server The IP or Hostname of the server (seems to be ignored but it's a good idea to have it)
--@return (status, result) If status is false, result is an error message. Otherwise, result is a table of values, the most
-- useful one being 'shares', which is a list of the system's shares.
function srvsvc_netsharegetinfo(smbstate, server, share, level)
stdnse.debug2("Calling NetShareGetInfo(%s, %s, %d)", server, share, level)
--NetGetShareInfo seems to reject FQPN and reads the server value from the request
--If any function called this function using a FQPN, this should take care of it.
local _, _, sharename = string.find(share, "\\\\.*\\(.*)")
if sharename then
share = sharename
end
-- [in] [string,charset(UTF16)] uint16 *server_unc,
local arguments = msrpctypes.marshall_unicode_ptr("\\\\" .. server, true)
-- [in] [string,charset(UTF16)] uint16 share_name[],
.. msrpctypes.marshall_unicode(share, true)
-- [in] uint32 level,
.. msrpctypes.marshall_int32(level)
-- [out,switch_is(level)] srvsvc_NetShareInfo info
-- Do the call
local status, result = msrpc.call_function(smbstate, smb.command_codes.SMB_COM_QUERY_INFORMATION_DISK, arguments)
if(status ~= true) then
return false, result
end
stdnse.debug3("MSRPC: NetShareGetInfo() returned successfully")
-- Make arguments easier to use
arguments = result['arguments']
local pos = 1
-- [in] [string,charset(UTF16)] uint16 *server_unc,
-- [in] [string,charset(UTF16)] uint16 share_name[],
-- [in] uint32 level,
-- [out,switch_is(level)] srvsvc_NetShareInfo info
pos, result['info'] = msrpctypes.unmarshall_srvsvc_NetShareInfo(arguments, pos)
if(pos == nil) then
return false, "unmarshall_srvsvc_NetShareInfo() returned an error"
end
-- The return value
pos, result['return'] = msrpctypes.unmarshall_int32(arguments, pos)
if(result['return'] == nil) then
return false, "Read off the end of the packet (srvsvc.netsharegetinfo)"
end
if(result['return'] ~= 0) then
return false, smb.get_status_name(result['return']) .. " (srvsvc.netsharegetinfo)"
end
return true, result
end

206
nse/smb-shares-size.nse Normal file
View File

@ -0,0 +1,206 @@
local stdnse = require "stdnse"
local smb = require "smb"
local smb2 = require "smb2"
local msrpc = require "msrpc"
local bin = require "bin"
local shortport = require "shortport"
description = [[
Return free and total size in octets of each SMB shares
]]
---
-- @args See the documentation for the smbauth library.
--
-- @usage nmap -p445 --script smb-shares-size.nse <host>
--
-- @output
-- Host script results:
-- | smb-shares-size:
-- | data:
-- | FreeSize: 38495883264
-- | TotalSize: 500961574912
-- |_ IPC$: NT_STATUS_ACCESS_DENIED
---
categories = {"discovery", "intrusive"}
author = "Adrien Malingrey"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
portrule = shortport.service({"microsoft-ds", "netbios-ssn", "smb"})
action = function(host)
local status, shares, extra
local response = stdnse.output_table()
-- Try and do this the good way, make a MSRPC call to get the shares
stdnse.debug1("SMB: Attempting to log into the system to enumerate shares")
status, shares = msrpc.enum_shares(host)
if(status == false) then
return stdnse.format_output(false, string.format("Couldn't enumerate shares: %s", shares))
end
-- Get more information on each share
for i = 1, #shares, 1 do
local share = shares[i]
if (share ~= nil) then
local status, result = get_share_info(host, share)
if (status) then
response[share] = result
end
end
end
return response
end
TRANS2_QUERY_FS_INFORMATION = 0x0003
SMB_QUERY_FS_SIZE_INFO = 0x0103
---Attempts to retrieve additional information about a share. Will fail unless we have
-- administrative access.
--
--@param host The host object.
--@return Status (true or false).
--@return A table of information about the share (if status is true) or an an error string (if
-- status is false).
function get_share_info(host, share)
local status, smbstate, err
local hostaddress = (host.name ~= '' and host.name) or host.ip
local path = "\\\\" .. hostaddress .. "\\" .. share
status, smbstate = smb.start(host)
status, err = smb.negotiate_protocol(smbstate, {})
status, err = smb.start_session(smbstate, {})
status, err = smb.tree_connect(smbstate, path, {})
stdnse.debug1("SMB: Getting information for share: %s", path)
local status, err = send_transaction2(smbstate, TRANS2_QUERY_FS_INFORMATION, bin.pack("<S", SMB_QUERY_FS_SIZE_INFO))
if ( not(status) ) then
status, err = smb.stop(smbstate)
return false, "Failed to send data to server: send_transaction2"
end
local status, response = receive_transaction2(smbstate)
if ( not(status) ) then
status, err = smb.stop(smbstate)
return false, response
end
local pos, totalAllocationUnits, totalFreeAllocationUnits, sectorsPerAllocationUnit, bytesPerSector = bin.unpack("<LLII", response.data)
status, err = smb.stop(smbstate)
return true, {
TotalSize = totalAllocationUnits * sectorsPerAllocationUnit * bytesPerSector,
FreeSize = totalFreeAllocationUnits * sectorsPerAllocationUnit * bytesPerSector
}
end
-- Taken from smb lib
function send_transaction2(smbstate, sub_command, function_parameters, function_data, overrides)
overrides = overrides or {}
local header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, pid, mid
local header, parameters, data
local parameter_offset = 0
local parameter_size = 0
local data_offset = 0
local data_size = 0
local total_word_count, total_data_count, reserved1, parameter_count, parameter_displacement, data_count, data_displacement, setup_count, reserved2
local response = {}
-- Header is 0x20 bytes long (not counting NetBIOS header).
header = smb.smb_encode_header(smbstate, smb.command_codes['SMB_COM_TRANSACTION2'], overrides) -- 0x32 = SMB_COM_TRANSACTION2
if(function_parameters) then
parameter_offset = 0x44
parameter_size = #function_parameters
data_offset = #function_parameters + 33 + 32
end
-- Parameters are 0x20 bytes long.
parameters = bin.pack("<SSSSCCSISSSSSCCS",
parameter_size, -- Total parameter count.
data_size, -- Total data count.
0x000a, -- Max parameter count.
0x3984, -- Max data count.
0x00, -- Max setup count.
0x00, -- Reserved.
0x0000, -- Flags (0x0000 = 2-way transaction, don't disconnect TIDs).
0x00001388, -- Timeout (0x00000000 = return immediately).
0x0000, -- Reserved.
parameter_size, -- Parameter bytes.
parameter_offset, -- Parameter offset.
data_size, -- Data bytes.
data_offset, -- Data offset.
0x01, -- Setup Count
0x00, -- Reserved
sub_command -- Sub command
)
local data = "\0\0\0" .. (function_parameters or '')
.. (function_data or '')
-- Send the transaction request
stdnse.debug2("SMB: Sending SMB_COM_TRANSACTION2")
local result, err = smb.smb_send(smbstate, header, parameters, data, overrides)
if(result == false) then
stdnse.debug1("SMB: Try SMBv2 connexion")
local result, err = smb2.smb2_send(smbstate, header, parameters, data, overrides)
if(result == false) then
return false, err
end
end
return true
end
function receive_transaction2(smbstate)
-- Read the result
local status, header, parameters, data = smb.smb_read(smbstate)
if(status ~= true) then
stdnse.debug1("SMB: Try SMBv2 connexion")
local status, header, parameters, data = smb2.smb2_read(smbstate)
if(status ~= true) then
return false, header
end
end
-- Check if it worked
local pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
if(header1 == nil or mid == nil) then
return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [29]"
end
if(status ~= 0) then
if(smb.status_names[status] == nil) then
return false, string.format("Unknown SMB error: 0x%08x\n", status)
else
return false, smb.status_names[status]
end
end
-- Parse the parameters
local pos, total_word_count, total_data_count, reserved1, parameter_count, parameter_offset, parameter_displacement, data_count, data_offset, data_displacement, setup_count, reserved2 = bin.unpack("<SSSSSSSSSCC", parameters)
if(total_word_count == nil or reserved2 == nil) then
return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [30]"
end
-- Convert the parameter/data offsets into something more useful (the offset into the data section)
-- - 0x20 for the header, - 0x01 for the length.
parameter_offset = parameter_offset - 0x20 - 0x01 - #parameters - 0x02;
-- - 0x20 for the header, - 0x01 for parameter length, the parameter length, and - 0x02 for the data length.
data_offset = data_offset - 0x20 - 0x01 - #parameters - 0x02;
-- I'm not sure I entirely understand why the '+1' is here, but I think it has to do with the string starting at '1' and not '0'.
local function_parameters = string.sub(data, parameter_offset + 1, parameter_offset + parameter_count)
local function_data = string.sub(data, data_offset + 1, data_offset + data_count)
local response = {}
response['parameters'] = function_parameters
response['data'] = function_data
return true, response
end

92
results.xsl
View File

@ -10,7 +10,7 @@
<xsl:template match="lanScan"> <xsl:template match="lanScan">
<html lang="fr"> <html lang="fr">
<head> <head>
<title>lanScan - <xsl:value-of select="@site"/></title> <title><xsl:value-of select="@site"/> - lanScan</title>
<script src="https://cdn.jsdelivr.net/npm/jquery@3.6.3/dist/jquery.min.js"></script> <script src="https://cdn.jsdelivr.net/npm/jquery@3.6.3/dist/jquery.min.js"></script>
<link rel="stylesheet" type="text/css" href="https://cdn.jsdelivr.net/npm/fomantic-ui@2.9.2/dist/semantic.min.css"/> <link rel="stylesheet" type="text/css" href="https://cdn.jsdelivr.net/npm/fomantic-ui@2.9.2/dist/semantic.min.css"/>
<script src="https://cdn.jsdelivr.net/npm/fomantic-ui@2.9.2/dist/semantic.min.js"></script> <script src="https://cdn.jsdelivr.net/npm/fomantic-ui@2.9.2/dist/semantic.min.js"></script>
@ -33,6 +33,13 @@
height: 16px; height: 16px;
margin: auto; margin: auto;
} }
.share-size {
--free-ratio: calc(var(--free) / var(--total));
--used-percent: calc(100% - 100%*var(--free-ratio));
--color: hsl(calc(120*var(--free-ratio)) 100% 50%);
background-image: linear-gradient(to right, var(--color) var(--used-percent), transparent var(--used-percent), transparent) !important;
}
</style> </style>
<meta http-equiv="refresh" content="60"/> <meta http-equiv="refresh" content="60"/>
</head> </head>
@ -62,7 +69,7 @@
</div> </div>
</xsl:when> </xsl:when>
</xsl:choose> </xsl:choose>
<xsl:apply-templates select="hosts"/> <xsl:apply-templates select="group"/>
</div> </div>
<script> <script>
$('.ui.dropdown').dropdown() $('.ui.dropdown').dropdown()
@ -71,9 +78,9 @@
</html> </html>
</xsl:template> </xsl:template>
<xsl:template match="hosts"> <xsl:template match="group">
<h1 class="ui header"><xsl:value-of select="@name"/></h1> <h1 class="ui header"><xsl:value-of select="@name"/></h1>
<div class="ui doubling stackable four column compact grid"> <div class="ui doubling stackable five column compact grid">
<xsl:apply-templates select="host"/> <xsl:apply-templates select="host"/>
</div> </div>
</xsl:template> </xsl:template>
@ -94,10 +101,16 @@
</xsl:otherwise> </xsl:otherwise>
</xsl:choose> </xsl:choose>
</xsl:variable> </xsl:variable>
<xsl:variable name="name">
<xsl:choose>
<xsl:when test="@name"><xsl:value-of select="@name"/></xsl:when>
<xsl:when test="$scannedHost/hostnames/hostname/@name"><xsl:value-of select="substring-before($scannedHost/hostnames/hostname/@name, '.')"/></xsl:when>
</xsl:choose>
</xsl:variable>
<div class="column"> <div class="column">
<xsl:variable name="status"> <xsl:variable name="status">
<xsl:choose> <xsl:choose>
<xsl:when test="$scannedHost/status/@state='up'">info</xsl:when> <xsl:when test="$scannedHost/status/@state='up'">success</xsl:when>
<xsl:otherwise>error</xsl:otherwise> <xsl:otherwise>error</xsl:otherwise>
</xsl:choose> </xsl:choose>
</xsl:variable> </xsl:variable>
@ -110,10 +123,9 @@
<i class="server icon"></i> <i class="server icon"></i>
</xsl:otherwise> </xsl:otherwise>
</xsl:choose> </xsl:choose>
<input type="text" readonly="" value="{substring-before($scannedHost/hostnames/hostname/@name, '.')}" <input type="text" readonly="" value="{$name}" placeholder="{$scannedHost/address/@addr}"
title="{$scannedHost/hostnames/hostname/@name} ({$scannedHost/address/@addr})" placeholder="{$scannedHost/address/@addr}" title="{@comment} {$scannedHost/hostnames/hostname/@name} ({$scannedHost/address/@addr}) "
onfocus="this.value='{$scannedHostAddress}'; this.select()" onfocus="this.value='{$scannedHostAddress}'; this.select()" onblur="this.value='{$name}'"
onblur="this.value='{substring-before($scannedHost/hostnames/hostname/@name, '.')}'"
/> />
<xsl:apply-templates select="service"> <xsl:apply-templates select="service">
<xsl:with-param name="scannedHost" select="$scannedHost"/> <xsl:with-param name="scannedHost" select="$scannedHost"/>
@ -130,10 +142,8 @@
<xsl:variable name="scannedPort" select="$scannedHost/ports/port[service/@name=$serviceName or @portid=$serviceName][1]"/> <xsl:variable name="scannedPort" select="$scannedHost/ports/port[service/@name=$serviceName or @portid=$serviceName][1]"/>
<xsl:variable name="state"> <xsl:variable name="state">
<xsl:choose> <xsl:choose>
<xsl:when test="$scannedPort/script[@id='http-info']/elem[@key='status']>=500">red</xsl:when> <xsl:when test="$scannedPort/state/@state='open'">green</xsl:when>
<xsl:when test="$scannedPort/script[@id='http-info']/elem[@key='status']>=400">yellow</xsl:when>
<xsl:when test="$scannedPort/state/@state='filtered'">yellow</xsl:when> <xsl:when test="$scannedPort/state/@state='filtered'">yellow</xsl:when>
<xsl:when test="$scannedPort/state/@state='open'">primary</xsl:when>
<xsl:otherwise>red</xsl:otherwise> <xsl:otherwise>red</xsl:otherwise>
</xsl:choose> </xsl:choose>
</xsl:variable> </xsl:variable>
@ -145,20 +155,26 @@
<xsl:value-of select="$scannedPort/state/@state"/> <xsl:value-of select="$scannedPort/state/@state"/>
<xsl:text> </xsl:text> <xsl:text> </xsl:text>
<xsl:value-of select="$scannedPort/service/@name"/> <xsl:value-of select="$scannedPort/service/@name"/>
<xsl:if test="$scannedPort/script[@id='http-info']">
<xsl:text> </xsl:text>
<xsl:value-of select="$scannedPort/script[@id='http-info']/elem[@key='status-line']"/>
<xsl:value-of select="$scannedPort/script[@id='http-info']/elem[@key='title']"/>
</xsl:if>
</xsl:variable> </xsl:variable>
<xsl:choose> <xsl:choose>
<xsl:when test="($scannedPort/service/@name='microsoft-ds' or $scannedPort/service/@name='netbios-ssn' or $scannedPort/service/@name='smb') and $scannedHost/hostscript/script[@id='smb-enum-shares']/table[not(contains(@key, '$'))]"> <xsl:when test="$scannedPort/script[@id='smb-shares-size']/table">
<div class="ui {$state} dropdown mini button" title="{$title}"> <div class="ui {$state} dropdown mini button share-size" title="{$title}">
<div class="text"><xsl:value-of select="@name"/></div> <xsl:attribute name="style">
<xsl:for-each select="$scannedPort/script[@id='smb-shares-size']/table">
<xsl:sort select="elem[@key='FreeSize'] div elem[@key='TotalSize']" order="ascending"/>
<xsl:if test="position()=1">
<xsl:text>--free: </xsl:text>
<xsl:value-of select="elem[@key='FreeSize']"/>
<xsl:text>; --total: </xsl:text>
<xsl:value-of select="elem[@key='TotalSize']"/>
</xsl:if>
</xsl:for-each>
</xsl:attribute>
<xsl:value-of select="$serviceName"/>
<i class="dropdown icon"></i> <i class="dropdown icon"></i>
<div class="menu"> <div class="menu">
<xsl:apply-templates select="$scannedHost/hostscript/script[@id='smb-enum-shares']/table[not(contains(@key, '$'))]"> <xsl:apply-templates select="$scannedPort/script[@id='smb-shares-size']/table">
<xsl:with-param name="scannedHost" select="$scannedHost"/> <xsl:with-param name="scannedHostAddress" select="$scannedHostAddress"/>
</xsl:apply-templates> </xsl:apply-templates>
</div> </div>
</div> </div>
@ -168,6 +184,20 @@
<xsl:value-of select="$serviceName"/> <xsl:value-of select="$serviceName"/>
</a> </a>
</xsl:when> </xsl:when>
<xsl:when test="$scannedPort/script[@id='http-info']">
<xsl:variable name="status">
<xsl:choose>
<xsl:when test="$scannedPort/script[@id='http-info']/elem[@key='status']>=500">red</xsl:when>
<xsl:when test="$scannedPort/script[@id='http-info']/elem[@key='status']>=400">yellow</xsl:when>
<xsl:when test="$scannedPort/script[@id='http-info']/elem[@key='status']>=200">green</xsl:when>
<xsl:otherwise>red</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<a class="ui {$status} mini button" href="{$scannedPort/service/@name}://{$scannedHostAddress}:{$scannedPort/@portid}" target="_blank"
title="{$scannedPort/script[@id='http-info']/elem[@key='title' or @key='status-line']}">
<xsl:value-of select="$serviceName"/>
</a>
</xsl:when>
<xsl:when test="$scannedPort/service/@name='ftp' or $scannedPort/service/@name='ssh' or $scannedPort/service/@name='http' or $scannedPort/service/@name='https'"> <xsl:when test="$scannedPort/service/@name='ftp' or $scannedPort/service/@name='ssh' or $scannedPort/service/@name='http' or $scannedPort/service/@name='https'">
<a class="ui {$state} mini button" href="{$scannedPort/service/@name}://{$scannedHostAddress}:{$scannedPort/@portid}" target="_blank" title="{$title}"> <a class="ui {$state} mini button" href="{$scannedPort/service/@name}://{$scannedHostAddress}:{$scannedPort/@portid}" target="_blank" title="{$title}">
<xsl:value-of select="$serviceName"/> <xsl:value-of select="$serviceName"/>
@ -183,21 +213,9 @@
<xsl:template match="table"> <xsl:template match="table">
<xsl:param name="scannedHost"/> <xsl:param name="scannedHostAddress"/>
<xsl:variable name="path"> <a class="item share-size" href="file://///{$scannedHostAddress}/{@key}" target="_blank" rel="noopener noreferrer" style="--free: {elem[@key='FreeSize']}; --total: {elem[@key='TotalSize']}">
<xsl:choose> <xsl:value-of select="@key"/>
<xsl:when test="$scannedHost/hostnames/hostname/@name and contains(@key, $scannedHost/address/@addr)">
<xsl:text>\\</xsl:text>
<xsl:value-of select="$scannedHost/hostnames/hostname/@name"/>
<xsl:value-of select="substring-after(@key, $scannedHost/address/@addr)"/>
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="@key"/>
</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<a class="item" href="file:///{$path}" target="_blank" rel="noopener noreferrer">
<xsl:value-of select="elem[@key='Comment']"/>
</a> </a>
</xsl:template> </xsl:template>

15
scan
View File

@ -1,15 +0,0 @@
#!/usr/bin/env bash
if [ "$#" -ne 1 ]; then
echo "Usage: ./scan <config>" >&2
exit 1
fi
pushd "$(dirname -- "$0")" > /dev/null
site="$(basename ${1/.yaml/})"
php "to_XML.php" "configs/$site.yaml" > "site/$site.xml"
eval $(xsltproc "nmap_cmd.xsl" "site/$site.xml")
mv "scans/$site.xml.tmp" "scans/$site.xml"
popd > /dev/null

15
scan.sh Executable file
View File

@ -0,0 +1,15 @@
#!/usr/bin/env bash
if [ "$#" -ne 1 ]; then
echo "Usage: ./scan <config>" >&2
exit 1
fi
pushd "$(dirname -- "$0")" > /dev/null
site="$(basename ${1/.yml/})"
php "to_XML.php" "configs/$site.yml" > "site/$site.xml" \
&& eval $(xsltproc "nmap_cmd.xsl" "site/$site.xml") \
&& mv "scans/$site.xml.tmp" "scans/$site.xml"
popd > /dev/null

8
scan_all → scan_all.sh
View File

@ -5,11 +5,11 @@ pushd "$(dirname -- $0)" > /dev/null
mkdir -p scans mkdir -p scans
mkdir -p site mkdir -p site
for config in configs/*.yaml for config in configs/*.yml
do do
site="$(basename ${config/.yaml/})" site="$(basename ${config/.yml/})"
echo "Scan $site" echo "Scan $site"
./scan "$site" & ./scan.sh "$site"
done done
popd > /dev/null popd > /dev/null

2
to_XML.php
View File

@ -1,6 +1,6 @@
<?php <?php
$file = $argv[1]; $file = $argv[1];
$site = basename($file, ".yaml"); $site = basename($file, ".yml");
$__DIR__ = __DIR__; $__DIR__ = __DIR__;
$conf = yaml_parse_file($file); $conf = yaml_parse_file($file);

3
to_config.xsl
View File

@ -11,11 +11,12 @@
<xsl:text>--- <xsl:text>---
site: Nom du site site: Nom du site
hosts: group:
- name: Réseau </xsl:text><xsl:value-of select="$network"/><xsl:text> - name: Réseau </xsl:text><xsl:value-of select="$network"/><xsl:text>
host: host:
</xsl:text> </xsl:text>
<xsl:apply-templates select="host"/> <xsl:apply-templates select="host"/>
<xsl:text>...</xsl:text>
</xsl:template> </xsl:template>
<xsl:template match="host"> <xsl:template match="host">