PageRenderTime 59ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 0ms

/nselib/omp2.lua

https://github.com/prakashgamit/nmap
Lua | 181 lines | 101 code | 35 blank | 45 comment | 17 complexity | cf9913dde87c8537688d35e8f6b380fc MD5 | raw file
Possible License(s): BSD-3-Clause, GPL-2.0, LGPL-2.0, LGPL-2.1 
    

  1. ---
    2. 

  2. -- This library was written to ease interaction with OpenVAS Manager servers
    3. 

  3. -- using OMP (OpenVAS Management Protocol) version 2.
    4. 

  4. --
    5. 

  5. -- A very small subset of the protocol is implemented.
    6. 

  6. -- * Connection/authentication
    7. 

  7. -- * Targets enumeration
    8. 

  8. --
    9. 

  9. -- The library can also store accounts in the registry to share them between
    10. 

  10. -- scripts.
    11. 

  11. --
    12. 

  12. -- The complete protocol documentation is available on the official OpenVAS
    13. 

  13. -- website: http://www.openvas.org/omp-2-0.html
    14. 

  14. --
    15. 

  15. -- Sample use:
    16. 

  16. -- <code>
    17. 

  17. --    local session = omp2.Session:new()
    18. 

  18. --    local status, err = session:connect(host, port)
    19. 

  19. --    local status, err = session:authenticate(username, password)
    20. 

  20. --    ...
    21. 

  21. --    session:close()
    22. 

  22. -- </code>
    23. 

  23. --
    24. 

  24. -- @author Henri Doreau
    25. 

  25. -- @copyright Same as Nmap -- See http://nmap.org/book/man-legal.html
    26. 

  26. --
    27. 

  27. -- @args omp2.username The username to use for authentication.
    28. 

  28. -- @args omp2.password The password to use for authentication.
    29. 

  29. --
    30. 

  30. 

  31. local nmap = require "nmap"
    32. 

  32. local stdnse = require "stdnse"
    33. 

  33. local table = require "table"
    34. 

  34. _ENV = stdnse.module("omp2", stdnse.seeall)
    35. 

  35. 

  36. local HAVE_SSL = false
    37. 

  37. 

  38. if pcall(require,'openssl') then
    39. 

  39.   HAVE_SSL = true
    40. 

  40. end
    41. 

  41. 

  42. --- A Session class holds connection and interaction with the server 
    43. 

  43. Session = {
    44. 

  44. 

  45.   --- Creates a new session object
    46. 

  46.   new = function(self, o)
    47. 

  47. 

  48.     o = o or {}
    49. 

  49.     setmetatable(o, self)
    50. 

  50.     self.__index = self
    51. 

  51. 

  52.     o.username = nmap.registry.args["omp2.username"]
    53. 

  53.     o.password = nmap.registry.args["omp2.password"]
    54. 

  54.     o.socket = nmap.new_socket()
    55. 

  55. 

  56.     return o
    57. 

  57.   end,
    58. 

  58. 

  59.   --- Establishes the (SSL) connection to the remote server
    60. 

  60.   connect = function(self, host, port)
    61. 

  61.     if not HAVE_SSL then
    62. 

  62.       return false, "The OMP2 module requires OpenSSL support"
    63. 

  63.     end
    64. 

  64. 

  65.     return self.socket:connect(host, port, "ssl")
    66. 

  66.   end,
    67. 

  67. 

  68.   --- Closes connection
    69. 

  69.   close = function(self)
    70. 

  70.     return self.socket:close()
    71. 

  71.   end,
    72. 

  72. 

  73.   --- Attempts to authenticate on the current connection
    74. 

  74.   authenticate = function(self, username, password)
    75. 

  75.     local status, err, xmldata
    76. 

  76. 

  77.     -- TODO escape credentials
    78. 

  78.     status, err = self.socket:send("<authenticate><credentials>"
    79. 

  79.       .. "<username>" .. username .. "</username>"
    80. 

  80.       .. "<password>" .. password .. "</password>"
    81. 

  81.       .. "</credentials></authenticate>")
    82. 

  82. 

  83.     if not status then
    84. 

  84.       stdnse.print_debug("ERROR: %s", err)
    85. 

  85.       return false, err
    86. 

  86.     end
    87. 

  87. 

  88.     status, xmldata = self.socket:receive()
    89. 

  89.     if not status then
    90. 

  90.       stdnse.print_debug("ERROR: %s", xmldata)
    91. 

  91.       return false, xmldata
    92. 

  92.     end
    93. 

  93. 

  94.     return xmldata:match('status="200"')
    95. 

  95.   end,
    96. 

  96. 

  97.   --- Lists targets defined on the remote server
    98. 

  98.   ls_targets = function(self)
    99. 

  99.     local status, err, xmldata
    100. 

  100.     local res, target_names, target_hosts = {}, {}, {}
    101. 

  101. 

  102.     status, err = self.socket:send("<get_targets/>")
    103. 

  103. 

  104.     if not status then
    105. 

  105.       stdnse.print_debug("ERROR: %s", err)
    106. 

  106.       return false, err
    107. 

  107.     end
    108. 

  108. 

  109.     status, xmldata = self.socket:receive()
    110. 

  110.     if not status then
    111. 

  111.       stdnse.print_debug("ERROR: %s", xmldata)
    112. 

  112.       return false, xmldata
    113. 

  113.     end
    114. 

  114. 

  115.     -- As NSE has no XML parser yet, we use regexp to extract the data from the
    116. 

  116.     -- XML output. Targets are defined as a name and the corresponding host(s).
    117. 

  117.     -- Thus we gather both and return an associative array, using names as keys
    118. 

  118.     -- and hosts as values.
    119. 

  119. 

  120.     local i = 0
    121. 

  121.     for name in xmldata:gmatch("<name>(.-)</name>") do
    122. 

  122.       -- XXX this is hackish: skip the second and third "<name>" tags, as they
    123. 

  123.       -- describe other components than the targets.
    124. 

  124.       -- see: http://www.openvas.org/omp-2-0.html#command_get_targets
    125. 

  125.       if i % 3 == 0 then
    126. 

  126.         table.insert(target_names, name)
    127. 

  127.       end
    128. 

  128.       i = i + 1
    129. 

  129.     end
    130. 

  130. 

  131.     for hosts in xmldata:gmatch("<hosts>(.-)</hosts>") do
    132. 

  132.       table.insert(target_hosts, hosts)
    133. 

  133.     end
    134. 

  134. 

  135.     for i, _ in ipairs(target_names) do
    136. 

  136.       res[target_names[i]] = target_hosts[i]
    137. 

  137.     end
    138. 

  138. 

  139.     return res
    140. 

  140.   end,
    141. 

  141. }
    142. 

  142. 

  143. --- Registers OMP2 credentials for a given host
    144. 

  144. function add_account(host, username, password)
    145. 

  145.   if not nmap.registry[host.ip] then
    146. 

  146.     nmap.registry[host.ip] = {}
    147. 

  147.   end
    148. 

  148. 

  149.   if not nmap.registry[host.ip]["omp2accounts"] then
    150. 

  150.     nmap.registry[host.ip]["omp2accounts"] = {}
    151. 

  151.   end
    152. 

  152. 

  153.   table.insert(nmap.registry[host.ip]["omp2accounts"], {["username"] = username, ["password"] = password})
    154. 

  154. end
    155. 

  155. 

  156. --- Retrieves the list of accounts for a given host
    157. 

  157. function get_accounts(host)
    158. 

  158.   local accounts = {}
    159. 

  159.   local username, password
    160. 

  160. 

  161.   username = nmap.registry.args["omp2.username"]
    162. 

  162.   password = nmap.registry.args["omp2.password"]
    163. 

  163. 

  164.   if username and password then
    165. 

  165.     table.insert(accounts, {["username"] = username, ["password"] = password})
    166. 

  166.   end
    167. 

  167. 

  168.   if nmap.registry[host.ip] and nmap.registry[host.ip]["omp2accounts"] then
    169. 

  169.     for _, account in pairs(nmap.registry[host.ip]["omp2accounts"]) do
    170. 

  170.       table.insert(accounts, account)
    171. 

  171.     end
    172. 

  172.   end
    173. 

  173. 

  174.   if #accounts > 0 then
    175. 

  175.     return accounts
    176. 

  176.   end
    177. 

  177.   return nil
    178. 

  178. end
    179. 

  179. 

  180. 

  181. return _ENV;
    182. 

  182.