diff --git a/scanner/commands.src b/scanner/commands.src new file mode 100644 index 0000000..e69de29 diff --git a/scanner/database.src b/scanner/database.src index 9a77f62..90485f8 100644 --- a/scanner/database.src +++ b/scanner/database.src @@ -1,11 +1,14 @@ +// import_code("/dev/scanner/util_import.src") +// import_code("/dev/scanner/libbindb.src") + // connect to database database = function() - myDB = BinDB.connect("vuln", "ukBfZkFwR2mutQItMD7Q9KQbUaoIIFo4vZqa3HtUtf1JcSOQbV", ["kernel_router.so", "libssh.so", "libftp.so","libsql.so","libsmtp.so","libhttp.so","libcam.so","librepository.so"], "/database") + return BinDB.connect("vuln", "ukBfZkFwR2mutQItMD7Q9KQbUaoIIFo4vZqa3HtUtf1JcSOQbV", ["kernel_router.so", "libssh.so", "libftp.so","libsql.so","libsmtp.so","libhttp.so","libcam.so","librepository.so"], "/database") end function // insert exploit with check if it already exists. // TODO: Add option to update missing data (requirments) -insertVuln = function(libName,libVersion,memAdress,keyValue,requirments,object,priv) +insertVuln = function(libName,libVersion,memAdress,keyValue,object,priv) data = myDB.fetchBy(libName, "version", libVersion) if data.len != 0 then for entry in data @@ -18,3 +21,106 @@ insertVuln = function(libName,libVersion,memAdress,keyValue,requirments,object,p myDB.insert(libName, {"version": libVersion, "memory_adress": memAdress, "key_value": keyValue, "object": object, "privilege": priv}) myDB.write() end function + +dbExport = function() + export = "/database/export" + + computer = get_shell.host_computer + + file = computer.File(export + "/export.txt") + if(file) then file.delete + + kernel = myDB.fetch("kernel_router.so") + ssh = myDB.fetch("libssh.so") + ftp = myDB.fetch("libftp.so") + sql = myDB.fetch("libsql.so") + smtp = myDB.fetch("libsmtp.so") + http = myDB.fetch("libhttp.so") + cam = myDB.fetch("libcam.so") + repo = myDB.fetch("librepository.so") + + touch(computer,export,"export.txt") + file = computer.File(export + "/export.txt") + + + + file.set_content(file.get_content() + "kernel: " + kernel + char(10)) + file.set_content(file.get_content() + "ssh: " + ssh + char(10)) + file.set_content(file.get_content() + "ftp: " + ftp + char(10)) + file.set_content(file.get_content() + "sql: " + sql + char(10)) + file.set_content(file.get_content() + "smtp: " + smtp + char(10)) + file.set_content(file.get_content() + "http: " + http + char(10)) + file.set_content(file.get_content() + "cam: " + cam + char(10)) + file.set_content(file.get_content() + "repo: " + repo + char(10)) +end function + +dbFetchAll = function() + + print("kernel_router.so") + myDB.printTable("kernel_router.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) + print("libssh.so") + myDB.printTable("libssh.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) + print("libftp.so") + myDB.printTable("libftp.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) + print("libsql.so") + myDB.printTable("libsql.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) + print("libsmtp.so") + myDB.printTable("libsmtp.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) + print("libhttp.so") + myDB.printTable("libhttp.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) + print("libcam.so") + myDB.printTable("libcam.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) + print("librepository.so") + myDB.printTable("librepository.so",{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) + +end function + + +dbFetchLib = function(table,release) + + myDB.printTableBy(table,"version",release,{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) + +end function + +dbFetchTarget = function(target_ip) + + + target_ip = webToIp(target_ip) + if(target_ip == 1) then exit("Invalid IP/Web Address") + + target_router = get_router(target_ip) + target_ports = target_router.used_ports + + router_data = [] + router_data.push({"port":"0", "port_info":"kernel_router", "port_info": target_router.kernel_version, "lan_ip":target_router.local_ip}) + for port in target_ports + router_data.push({"port":port.port_number,"port_info":target_router.port_info(port),"lan_ip":port.get_lan_ip}) + end for + + lib = [] + + for item in router_data + known = false + for i in lib + if(item.port_info == i) then known = true + end for + if not known then lib.push(item) + end for + + print("Kernel_router.so") + myDB.printTableBy("kernel_router.so","version",router_data[0].port_info,{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) + + lib.pull + for item in lib + data = item.port_info.split(" ") + + if(data[0] == "criminals") then data[0] = "sql" + if(data[0] == "employees") then data[0] = "sql" + if(data[0] == "employees") then data[0] = "sql" + if(data[0] == "bank_account") then data[0] = "sql" + if(data[0] == "students") then data[0] = "sql" + print("lib" + data[0] + ".so") + myDB.printTableBy("lib" + data[0] + ".so","version",data[1],{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) + end for + +end function \ No newline at end of file diff --git a/scanner/database_export.src b/scanner/old/database_export.src similarity index 100% rename from scanner/database_export.src rename to scanner/old/database_export.src diff --git a/scanner/database_fetch.src b/scanner/old/database_fetch.src similarity index 100% rename from scanner/database_fetch.src rename to scanner/old/database_fetch.src diff --git a/scanner/database_fetch_all.src b/scanner/old/database_fetch_all.src similarity index 100% rename from scanner/database_fetch_all.src rename to scanner/old/database_fetch_all.src diff --git a/scanner/database_fetch_ip.src b/scanner/old/database_fetch_ip.src similarity index 97% rename from scanner/database_fetch_ip.src rename to scanner/old/database_fetch_ip.src index 25b5f8c..d377644 100644 --- a/scanner/database_fetch_ip.src +++ b/scanner/old/database_fetch_ip.src @@ -38,6 +38,7 @@ for item in lib if(data[0] == "employees") then data[0] = "sql" if(data[0] == "employees") then data[0] = "sql" if(data[0] == "bank_account") then date[0] = "sql" + if(data[0] == "students") then data[0] = "sql" print("lib" + data[0] + ".so") myDB.printTableBy("lib" + data[0] + ".so","version",data[1],{"version": "Version", "memory_adress": "Memory Address", "key_value": "key Value", "object": "Object", "privilege": "Privilege"}) end for \ No newline at end of file diff --git a/scanner/scanner.src b/scanner/scanner.src index 5988584..d161e23 100644 --- a/scanner/scanner.src +++ b/scanner/scanner.src @@ -1,8 +1,6 @@ -// import Database/functions -// comment out if importing -import_code("/dev/scanner/libbindb.src") -import_code("/dev/scanner/database.src") -import_code("/dev/scanner/util_import.src") +// import_code("/dev/scanner/libbindb.src") +// import_code("/dev/scanner/database.src") +// import_code("/dev/scanner/util_import.src") // Trying to figure out what privileges the connected user has by checking what permissions are avaiable on commen files. // TODO: Needs confirming, initial tests seem correct. @@ -61,6 +59,7 @@ scanner = function(target_ip) metaxploit = mxploit() + print(target_ip) target_ip = webToIp(target_ip) if(target_ip == 1) then exit("Invalid IP") @@ -83,7 +82,6 @@ scanner = function(target_ip) end function //comment out if using as import - -if params.len == 0 then exit("Usage: scanner [IP/WEB_Address]") -myDB = database() -scanner(params[0]) \ No newline at end of file +//if params.len == 0 then exit("Usage: scanner [IP/WEB_Address]") +//myDB = database() +//scanner(params[0]) \ No newline at end of file diff --git a/scanner/util_import.src b/scanner/util_import.src index 0f30d81..58c858c 100644 --- a/scanner/util_import.src +++ b/scanner/util_import.src @@ -28,3 +28,27 @@ webToIp = function(target) return target end function +nmap = function(target_ip, echo) + + target_ip = webToIP(target_ip) + + target_router = get_router(target_ip) + target_ports = target_router.used_ports + + router_data = [] + column = "Number Type Version IP" + column = column + "\n" + "0" + " " + "kernel_router" + " " + target_router.kernel_version + " " + target_router.local_ip + router_data.push({"port":"0", "port_info":"kernel_router", "port_info": target_router.kernel_version, "lan_ip":target_router.local_ip}) + for port in target_ports + column = column + "\n" + port.port_number + " " + target_router.port_info(port) + " " + port.get_lan_ip + router_data.push({"port":port.port_number,"port_info":target_router.port_info(port),"lan_ip":port.get_lan_ip}) + end for + + if(echo == true) then + print("\nIP Address : " + target_ip) + print(format_columns(column)) + end if + + return router_data + +end function \ No newline at end of file diff --git a/tool/nmap.src b/tool/nmap.src index b1a3c59..2b8f4ba 100644 --- a/tool/nmap.src +++ b/tool/nmap.src @@ -1,6 +1,4 @@ -nmap = function(target_ip) - - target_ip = params[0] +nmap = function(target_ip, echo) if not (is_valid_ip(target_ip)) then target_ip = nslookup(target_ip) @@ -20,9 +18,11 @@ nmap = function(target_ip) router_data.push({"port":port.port_number,"port_info":target_router.port_info(port),"lan_ip":port.get_lan_ip}) end for - print("\nIP Address : " + target_ip) - print(format_columns(column)) - + if(echo == true) then + print("\nIP Address : " + target_ip) + print(format_columns(column)) + end if + return router_data end function \ No newline at end of file