Grey_Hack/scanner/scanner.src

// name import Database/functions
import_code("/dev/scanner/libbindb.src")
import_code("/dev/scanner/database.src")

myDB = database()

if params.len == 0 then exit("<b>Usage: </b>scanner [IP/WEB_Address]")


// import metaexploit from /lib or current folder
metaxploit = include_lib("/lib/metaxploit.so")
if not metaxploit then
    metaxploit = include_lib(current_path + "/metaxploit.so")
end if
if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")

// convert argv for easier readability
target_ip = params[0]

if not is_valid_ip(target_ip) then 
    target_ip = nslookup(target_ip)
    if not is_valid_ip(target_ip) then exit("<b>Usage: </b>scanner [IP/WEB_Address]") 
end if

// fetch router object en configured ports
target_router = get_router(target_ip)
target_ports = target_router.used_ports

// print details of router and configured ports
// TODO: Add port status
// TODO: Add deepscan for connected devices
column = "<b>Number Type Version IP</b>"
	column = column + "\n" + "0" + " " + "kernel_router" + " " + target_router.kernel_version + " " + target_router.local_ip
for port in target_ports
	column = column + "\n" + port.port_number + " " + target_router.port_info(port) + " " + port.get_lan_ip
end for

print("\nIP Address : " + target_ip)
print(format_columns(column))


// Trying to figure out what privileges the connected user has by checking what permissions are avaiable on commen files.
// TODO: Needs confirming, initial tests seem correct. 
checkPrivilege = function(result)
    if(typeof(result) == "shell") then result = result.host_computer
    if(typeof(result) == "computer") then
        //checking root
        file = result.File("/lib/init.so")
        if( file.has_permission("w") != 0) then return "Root"
        //check user
        file = result.File("/etc/passwd")
        if( file.has_permission("w")) then return "User"
    
        return "Guest"
    end if
    return "null"
end function


// scan port on IP address. Set optional local ip address for extra kernel_router exploits and a password for pass change exploits
// TODO: figure out how to get proper feedback from firewall exploits and pass change exploits.
// TODO: figure out how to get requirments for exploits.
scanPort = function(ip, port, optional)
    net_session = metaxploit.net_use(ip,port)
    
    lib = net_session.dump_lib
    memList = metaxploit.scan(lib)
    for address in memList
        keys = metaxploit.scan_address(lib,address)
        vulns = keys.split("Unsafe check: ")
        keyList =[]
        for string in vulns
            keyList.push(string[string.indexOf("<b>")+3:string.indexOf("</b>")])
        end for

        for key in keyList
            result = lib.overflow(address,key,optional)
            if (typeof(result) != "null") then 
                print(typeof(result))
                insertVuln(lib.lib_name,lib.version,address,key,"",typeof(result),checkPrivilege(result))
            end if
            print("\n")
        end for
    end for
end function


// DO ALL THE THINGS. needs cleaning
scanPort(target_ip, 0, target_router.local_ip)
for port in target_ports

    if(port.is_closed != 1) then
        scanPort(target_ip, port.port_number, "dave")
    else
        print(port.port_number + " is Closed.")
    end if
end for
added Comments 2025-02-09 18:40:51 +01:00			`// name import Database/functions`
clean up 2025-02-14 19:19:17 +01:00			`import_code("/dev/scanner/libbindb.src")`
			`import_code("/dev/scanner/database.src")`

			`myDB = database()`
Just some stuff 2025-02-09 17:42:21 +01:00
added Comments 2025-02-09 18:40:51 +01:00			`if params.len == 0 then exit("<b>Usage: </b>scanner [IP/WEB_Address]")`
Just some stuff 2025-02-09 17:42:21 +01:00
added Comments 2025-02-09 18:40:51 +01:00
			`// import metaexploit from /lib or current folder`
Just some stuff 2025-02-09 17:42:21 +01:00			`metaxploit = include_lib("/lib/metaxploit.so")`
			`if not metaxploit then`
			`metaxploit = include_lib(current_path + "/metaxploit.so")`
			`end if`
			`if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")`

added Comments 2025-02-09 18:40:51 +01:00			`// convert argv for easier readability`
Just some stuff 2025-02-09 17:42:21 +01:00			`target_ip = params[0]`

added Comments 2025-02-09 18:40:51 +01:00			`if not is_valid_ip(target_ip) then`
			`target_ip = nslookup(target_ip)`
			`if not is_valid_ip(target_ip) then exit("<b>Usage: </b>scanner [IP/WEB_Address]")`
Just some stuff 2025-02-09 17:42:21 +01:00			`end if`

added Comments 2025-02-09 18:40:51 +01:00			`// fetch router object en configured ports`
Just some stuff 2025-02-09 17:42:21 +01:00			`target_router = get_router(target_ip)`
			`target_ports = target_router.used_ports`

added Comments 2025-02-09 18:40:51 +01:00			`// print details of router and configured ports`
			`// TODO: Add port status`
			`// TODO: Add deepscan for connected devices`
Just some stuff 2025-02-09 17:42:21 +01:00			`column = "<b>Number Type Version IP</b>"`
			`column = column + "\n" + "0" + " " + "kernel_router" + " " + target_router.kernel_version + " " + target_router.local_ip`
			`for port in target_ports`
			`column = column + "\n" + port.port_number + " " + target_router.port_info(port) + " " + port.get_lan_ip`
			`end for`

			`print("\nIP Address : " + target_ip)`
			`print(format_columns(column))`


added Comments 2025-02-09 18:40:51 +01:00			`// Trying to figure out what privileges the connected user has by checking what permissions are avaiable on commen files.`
			`// TODO: Needs confirming, initial tests seem correct.`
Just some stuff 2025-02-09 17:42:21 +01:00			`checkPrivilege = function(result)`
			`if(typeof(result) == "shell") then result = result.host_computer`
			`if(typeof(result) == "computer") then`
			`//checking root`
			`file = result.File("/lib/init.so")`
			`if( file.has_permission("w") != 0) then return "Root"`
			`//check user`
			`file = result.File("/etc/passwd")`
			`if( file.has_permission("w")) then return "User"`

			`return "Guest"`
			`end if`
			`return "null"`
			`end function`

added Comments 2025-02-09 18:40:51 +01:00
			`// scan port on IP address. Set optional local ip address for extra kernel_router exploits and a password for pass change exploits`
			`// TODO: figure out how to get proper feedback from firewall exploits and pass change exploits.`
			`// TODO: figure out how to get requirments for exploits.`
Just some stuff 2025-02-09 17:42:21 +01:00			`scanPort = function(ip, port, optional)`
			`net_session = metaxploit.net_use(ip,port)`

			`lib = net_session.dump_lib`
			`memList = metaxploit.scan(lib)`
			`for address in memList`
			`keys = metaxploit.scan_address(lib,address)`
			`vulns = keys.split("Unsafe check: ")`
			`keyList =[]`
			`for string in vulns`
			`keyList.push(string[string.indexOf("<b>")+3:string.indexOf("</b>")])`
			`end for`

			`for key in keyList`
			`result = lib.overflow(address,key,optional)`
			`if (typeof(result) != "null") then`
			`print(typeof(result))`
			`insertVuln(lib.lib_name,lib.version,address,key,"",typeof(result),checkPrivilege(result))`
			`end if`
			`print("\n")`
			`end for`
			`end for`
			`end function`



added Comments 2025-02-09 18:40:51 +01:00			`// DO ALL THE THINGS. needs cleaning`
Just some stuff 2025-02-09 17:42:21 +01:00			`scanPort(target_ip, 0, target_router.local_ip)`
			`for port in target_ports`

			`if(port.is_closed != 1) then`
			`scanPort(target_ip, port.port_number, "dave")`
			`else`
			`print(port.port_number + " is Closed.")`
			`end if`
			`end for`