added xploit payloads, move things to util folder, tool needs alot of work, scanner cleaned up, bunch of database features

scanner/database.src

@@ -1,6 +1,6 @@
 // connect to database
 database = function()
-	myDB = BinDB.connect("vuln", "<enter password>", ["kernel_router.so", "libssh.so", "libftp.so","libsql.so","libsmtp.so","libhttp.so","libcam.so","librepository.so"], "/database")
+	myDB = BinDB.connect("vuln", "ukBfZkFwR2mutQItMD7Q9KQbUaoIIFo4vZqa3HtUtf1JcSOQbV", ["kernel_router.so", "libssh.so", "libftp.so","libsql.so","libsmtp.so","libhttp.so","libcam.so","librepository.so"], "/database")
 end function
 
 // insert exploit with check if it already exists.

scanner/database_export.src

@@ -0,0 +1,32 @@
+import_code("/dev/scanner/libbindb.src")
+import_code("/dev/scanner/database.src")
+
+export = "/database/export"
+
+computer = get_shell.host_computer
+
+file = computer.File(export + "/export.txt")
+if(file) then file.delete
+
+kernel = myDB.fetch("kernel_router.so")
+ssh = myDB.fetch("libssh.so")
+ftp = myDB.fetch("libftp.so")
+sql = myDB.fetch("libsql.so")
+smtp = myDB.fetch("libsmtp.so")
+http = myDB.fetch("libhttp.so")
+cam = myDB.fetch("libcam.so")
+repo = myDB.fetch("librepository.so")
+
+touch(computer,export,"export.txt")
+file = computer.File(export + "/export.txt")
+
+
+
+file.set_content(file.get_content() + "kernel: " + kernel + char(10))
+file.set_content(file.get_content() + "ssh: " + ssh +  char(10))
+file.set_content(file.get_content() + "ftp: " + ftp +  char(10))
+file.set_content(file.get_content() + "sql: " + sql +  char(10))
+file.set_content(file.get_content() + "smtp: " + smtp +  char(10))
+file.set_content(file.get_content() + "http: " + http +  char(10))
+file.set_content(file.get_content() + "cam: " + cam +  char(10))
+file.set_content(file.get_content() + "repo: " + repo +  char(10))

scanner/database_fetch.src

@@ -1,4 +1,7 @@
-import_code("/scanner/database.lib")
+import_code("/dev/scanner/libbindb.src")
+import_code("/dev/scanner/database.src")
+
+if len(params) != 2 then exit("fetch [lib.so] [Version]")
 
 table = params[0]
 release = params[1] 

scanner/database_fetch_all.src

@@ -0,0 +1,21 @@
+import_code("/dev/scanner/libbindb.src")
+import_code("/dev/scanner/database.src")
+
+myDB = database()
+
+print("kernel_router.so")
+myDB.printTable("kernel_router.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"})
+print("libssh.so")
+myDB.printTable("libssh.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"})
+print("libftp.so")
+myDB.printTable("libftp.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"})
+print("libsql.so")
+myDB.printTable("libsql.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"})
+print("libsmtp.so")
+myDB.printTable("libsmtp.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"})
+print("libhttp.so")
+myDB.printTable("libhttp.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"})
+print("libcam.so")
+myDB.printTable("libcam.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"})
+print("librepository.so")
+myDB.printTable("librepository.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"})

scanner/database_fetch_ip.src

@@ -0,0 +1,43 @@
+import_code("/dev/scanner/libbindb.src")
+import_code("/dev/scanner/database.src")
+
+if len(params) != 1 then exit("fetch [IP/Web]")
+myDB = database()
+target_ip = params[0]
+
+if not (is_valid_ip(target_ip)) then target_ip = nslookup(target_ip)
+if not(is_valid_ip(target_ip)) then exit("Invalid IP")
+
+target_router = get_router(target_ip)
+target_ports = target_router.used_ports
+
+router_data = []
+router_data.push({"port":"0", "port_info":"kernel_router", "port_info": target_router.kernel_version, "lan_ip":target_router.local_ip})
+for port in target_ports
+    router_data.push({"port":port.port_number,"port_info":target_router.port_info(port),"lan_ip":port.get_lan_ip})
+end for
+
+lib = []
+
+for item in router_data
+    known = false
+    for i in lib
+        if(item.port_info == i) then known = true 
+    end for
+    if not known then lib.push(item)
+end for      
+
+print("<color=yellow><b>Kernel_router.so</b></color>")
+myDB.printTableBy("kernel_router.so","version",router_data[0].port_info,{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"})
+
+lib.pull
+for item in lib
+    data = item.port_info.split(" ")
+
+    if(data[0] == "criminals") then data[0] = "sql"
+    if(data[0] == "employees") then data[0] = "sql"
+    if(data[0] == "employees") then data[0] = "sql"
+    if(data[0] == "bank_account") then date[0] = "sql"
+    print("<color=yellow><b>lib" + data[0] + ".so</b></color>")
+    myDB.printTableBy("lib" + data[0] + ".so","version",data[1],{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"})
+end for

scanner/pop_database_test.src

@@ -0,0 +1,19 @@
+import_code("/dev/scanner/libbindb.src")
+import_code("/dev/scanner/database.src")
+import_code("/dev/scanner/util_import.src")
+import_code("/dev/scanner/scanner.src")
+
+//sometimes giving out non existing IP, maybe whois to filter those out.
+myDB = database()
+count = params[0]
+
+i = 0
+while true
+    if(i == count.to_int) then break
+	ip = randomIp()
+	print("\n" + ip)
+	scanner(ip)
+    i= i + 1
+end while
+
+print("Done")

scanner/scanner.src

@@ -1,43 +1,8 @@
-// name import Database/functions
+// import Database/functions
+// comment out if importing
 import_code("/dev/scanner/libbindb.src")
 import_code("/dev/scanner/database.src")
-
-myDB = database()
-
-if params.len == 0 then exit("<b>Usage: </b>scanner [IP/WEB_Address]")
-
-
-// import metaexploit from /lib or current folder
-metaxploit = include_lib("/lib/metaxploit.so")
-if not metaxploit then
-    metaxploit = include_lib(current_path + "/metaxploit.so")
-end if
-if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")
-
-// convert argv for easier readability
-target_ip = params[0]
-
-if not is_valid_ip(target_ip) then 
-    target_ip = nslookup(target_ip)
-    if not is_valid_ip(target_ip) then exit("<b>Usage: </b>scanner [IP/WEB_Address]") 
-end if
-
-// fetch router object en configured ports
-target_router = get_router(target_ip)
-target_ports = target_router.used_ports
-
-// print details of router and configured ports
-// TODO: Add port status
-// TODO: Add deepscan for connected devices
-column = "<b>Number Type Version IP</b>"
-	column = column + "\n" + "0" + " " + "kernel_router" + " " + target_router.kernel_version + " " + target_router.local_ip
-for port in target_ports
-	column = column + "\n" + port.port_number + " " + target_router.port_info(port) + " " + port.get_lan_ip
-end for
-
-print("\nIP Address : " + target_ip)
-print(format_columns(column))
-
+import_code("/dev/scanner/util_import.src")
 
 // Trying to figure out what privileges the connected user has by checking what permissions are avaiable on commen files.
 // TODO: Needs confirming, initial tests seem correct. 
@@ -48,8 +13,15 @@ checkPrivilege = function(result)
         file = result.File("/lib/init.so")
         if( file.has_permission("w") != 0) then return "Root"
         //check user
-        file = result.File("/etc/passwd")
-        if( file.has_permission("w")) then return "User"
+        homeFolders = result.File("/home")
+        homeFolders = homeFolders.get_folders
+        if(len(homeFolders) <= 1) then return "Guest"
+        for folder in homeFolders
+            file = result.File("/home/" + folder.name + "/Config/Mail.txt")
+            if(file) then
+                if(file.has_permission("w")) then return "User"
+            end if
+        end for
     
         return "Guest"
     end if
@@ -60,10 +32,11 @@ end function
 // scan port on IP address. Set optional local ip address for extra kernel_router exploits and a password for pass change exploits
 // TODO: figure out how to get proper feedback from firewall exploits and pass change exploits.
 // TODO: figure out how to get requirments for exploits.
-scanPort = function(ip, port, optional)
+scanPort = function(ip, port, optional, metaxploit)
     net_session = metaxploit.net_use(ip,port)
     
     lib = net_session.dump_lib
+    print(lib.lib_name)
     memList = metaxploit.scan(lib)
     for address in memList
         keys = metaxploit.scan_address(lib,address)
@@ -77,22 +50,40 @@ scanPort = function(ip, port, optional)
             result = lib.overflow(address,key,optional)
             if (typeof(result) != "null") then 
                 print(typeof(result))
-                insertVuln(lib.lib_name,lib.version,address,key,"",typeof(result),checkPrivilege(result))
+                insertVuln(lib.lib_name,lib.version,address,key,typeof(result),checkPrivilege(result))
             end if
-            print("\n")
         end for
     end for
 end function
 
+scanner = function(target_ip)
+	
+	
+    metaxploit = mxploit()
 
+    target_ip = webToIp(target_ip)
+    if(target_ip == 1) then exit("Invalid IP")
 
-// DO ALL THE THINGS. needs cleaning
-scanPort(target_ip, 0, target_router.local_ip)
-for port in target_ports
+    // fetch router object and configured ports
+    target_router = get_router(target_ip)
+    target_ports = target_router.used_ports
 
-    if(port.is_closed != 1) then
-        scanPort(target_ip, port.port_number, "dave")
-    else
-        print(port.port_number + " is Closed.")
-    end if
-end for
+    // DO ALL THE THINGS. needs cleaning
+    scanPort(target_ip, 0, target_router.local_ip, metaxploit)
+    for port in target_ports
+        if(port.is_closed != 1) then
+            scanPort(target_ip, port.port_number, "dave", metaxploit)
+        else
+            print(port.port_number + " is Closed.")
+        end if
+    end for
+
+    nmap(target_ip, true)
+
+end function
+
+//comment out if using as import
+
+if params.len == 0 then exit("<b>Usage: </b>scanner [IP/WEB_Address]")
+myDB = database()
+scanner(params[0])

scanner/util_import.src

@@ -0,0 +1,30 @@
+//loads metaxploit
+mxploit = function()
+    metaxploit = include_lib("/lib/metaxploit.so")
+    if not metaxploit then
+        metaxploit = include_lib(current_path + "/metaxploit.so")
+    end if
+    if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")
+    return metaxploit
+end function
+
+//returns random external IP
+randomIp = function()
+    while true
+        ip = floor((rnd * 255) + 1) + "." + floor((rnd * 255) + 1) + "." + floor((rnd * 255) + 1) + "." + floor((rnd * 255) + 1)
+        if not is_valid_ip(ip) then continue
+        if is_lan_ip(ip) then continue
+        return ip
+    end while
+end function
+
+//convert webadress to IP
+webToIp = function(target)
+    if not is_valid_ip(target) then 
+        target = nslookup(target)
+        if not is_valid_ip(target) then return 1
+        return target
+    end if
+    return target
+end function
+