Univscan - Added Exploit Class to handle (collect and display) scan results - added QTG logo

d2f6db4f · Thomas Saquet · e9ab5123 · d2f6db4f
--- a/univscan.gs
+++ b/univscan.gs
@@ -3,14 +3,43 @@
 // Collect inputs and handling options
 if params.len < 1 or params[0] == "-h" or params[0] == "--help" then exit("<b>Usage: "+program_path.split("/")[-1]+" [ip_address]</b>")

-verbose = false
-if (params.len == 2) then
-	if params[1] == "-v" or params[1] == "--verbose" then
-		verbose = true
-	else
-		verbose = false
-	end if
-end if
+//print("<color=#f4ae34>QTG ORANGE</color>")
+//print("<color=#1a508d>QTG BLUE</color>")
+//print("<color=#182d53>QTG DARK BLUE</color>")
+
+print("\n")
+print("UnivScan By: \n")
+print("<color=#1a508d>      &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&     </color>")
+print("<color=#1a508d> &%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% </color>")
+print("<color=#1a508d>&%%%%                                                                       %%%%</color>")
+print("<color=#1a508d>&%%%&                                                                       &%%%</color>")
+print("<color=#1a508d>&%%%&                                                                       &%%%</color>")
+print("<color=#1a508d>&%%%&                                                                       &%%%</color>")
+print("<color=#1a508d>&%%%&                                                                       &%%%</color>")
+print("<color=#1a508d>&%%%&                                                                       &%%%</color>")
+print("<color=#1a508d>&%%%&       <color=#f4ae34>,***,***,***,***,                            ***,***,***,***,*</color>  &%%%</color>")
+print("<color=#1a508d>&%%%&       <color=#f4ae34>*</color>%%%%%%%%%%%%%%<color=#f4ae34>**</color>                            <color=#f4ae34>**</color>%%%%%%%%%%%%%<color=#f4ae34>**</color>  &%%%</color>")
+print("<color=#1a508d>&%%%&  <color=#f4ae34>******</color>%%%%%%%%%%%%%%<color=#f4ae34>*****, **************,** *******</color>%%%%%%%%%%%%%<color=#f4ae34>**</color>  &%%%</color>")
+print("<color=#1a508d>&%%%&  <color=#f4ae34>**</color>%%%%%<color=#f4ae34>*,         **</color>%%%%<color=#f4ae34>*, **</color>%%%%%%%%%%%%%<color=#f4ae34>** **</color>%%%%%<color=#f4ae34>**</color>               &%%%</color>")
+print("<color=#1a508d>&%%%&  <color=#f4ae34>*,</color>%%%%%<color=#f4ae34>*,         **</color>%%%%<color=#f4ae34>*, ******,</color>%%%%<color=#f4ae34>***,** **</color>%%%%%<color=#f4ae34>****</color>%%%%<color=#f4ae34>**</color>       &%%%</color>")
+print("<color=#1a508d>&%%%&  <color=#f4ae34>**</color>%%%%%<color=#f4ae34>*,******** **</color>%%%%<color=#f4ae34>*,      **</color>%%%%<color=#f4ae34>**     **</color>%%%%%<color=#f4ae34>****</color>%%%%<color=#f4ae34>*******</color>  &%%%</color>")
+print("<color=#1a508d>&%%%&  <color=#f4ae34>**</color>%%%%%<color=#f4ae34>*,,*</color>%%%%<color=#f4ae34>** **</color>%%%%<color=#f4ae34>*,      **</color>%%%%<color=#f4ae34>**     **</color>%%%%%<color=#f4ae34>*****,**</color>%%%%%<color=#f4ae34>**</color>  &%%%</color>")
+print("<color=#1a508d>&%%%&  <color=#f4ae34>**</color>%%%%%<color=#f4ae34>****</color>%%%%<color=#f4ae34>*****</color>%%%%<color=#f4ae34>*,      **</color>%%%%<color=#f4ae34>**     **</color>%%%%%<color=#f4ae34>*****,**</color>%%%%%<color=#f4ae34>**</color>  &%%%</color>")
+print("<color=#1a508d>&%%%&  <color=#f4ae34>*,*,*,</color>*%%%%%%%%%%%%%<color=#f4ae34>*,*,*,      *,</color>%%%%<color=#f4ae34>*,     ,*,*,*,</color>%%%%%%%%%%%%%<color=#f4ae34>,*</color>  &%%%</color>")
+print("<color=#1a508d>&%%%&       <color=#f4ae34>**</color>%%%%%%%%%%%%%<color=#f4ae34>*****,      **</color>%%%%<color=#f4ae34>**          **</color>%%%%%%%%%%%%%<color=#f4ae34>**</color>  &%%%</color>")
+print("<color=#1a508d>&%%%&       <color=#f4ae34>****,**********</color>%%%%<color=#f4ae34>*,      ********          *******,*********</color>  &%%%</color>")
+print("<color=#1a508d>&%%%&                    <color=#f4ae34>**####*,</color>                                           &%%%</color>")
+print("<color=#1a508d>&%%%&                                                                       &%%%</color>")
+print("<color=#1a508d>&%%%&                                                                       &%%%</color>")
+print("<color=#1a508d>&%%%&                                                                       &%%%</color>")
+print("<color=#1a508d>&%%%&                                                                       &%%%</color>")
+print("<color=#1a508d>@%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%</color>")
+print("<color=#1a508d>   &%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%&  </color>")
+print("                                                                                ")
+print("<color=#182d53>                              &&&&&&&&&&&&&&&&&&&&&                             </color>")
+print("<color=#182d53>                              &&&&&&&&&&&&&&&&&&&&&                             </color>")
+print("<color=#1a508d>                 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%                </color>")
+
 ipAddress = params[0]

 // Check mx
@@ -20,9 +49,101 @@ if not metaxploit then
 	metaxploit = include_lib(currentPath + "/metaxploit.so")
 end if
 if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")
-address = params[0]
+//address = params[0]
+
+//Defining classes
+//Exploit
+Exploit = {}
+// Attributes
+Exploit.portNumber = ""
+Exploit.portStatus = ""
+Exploit.portProtocol = ""
+Exploit.libName = ""
+Exploit.libVersion = ""
+Exploit.LanIpAddress = ""
+Exploit.ExternalIpAddress = ""
+Exploit.vulnMemoryAddress = ""
+Exploit.vulnType = "" //Buffer overflow
+Exploit.vulnMethod = "" // copy string
+Exploit.vulnUnsecValue = ""
+Exploit.vulnOption = ""
+Exploit.vulnConditions = []
+// Methods
+Exploit._toString = function ()
+	info = self.portNumber + " " + self.portStatus + " " + self.portProtocol + " " + self.libVersion + " " + self.LanIpAddress
+	res = "\n" + format_columns(info)
+	res = res + "\n" + "  " + self.vulnMemoryAddress + ":" + self.vulnMethod + ":" + self.vulnUnsecValue + ":" + self.vulnOption
+	conditionIndex = 0
+	for cond in self.vulnConditions
+	  conditionIndex = conditionIndex + 1
+		res = res + "\n" + "    " + "Condition "+ conditionIndex +": " + cond
+	end for
+	return res
+end function

-// Defining functions
+Exploit._toFile = function ()
+	//ToDo
+end function
+
+Exploit._fromFile = function ()
+	//ToDo
+end function
+
+Exploit._setExternalIpAddress = function(ipAddress)
+  self.vulnConditions = []
+	self.ExternalIpAddress = ipAddress
+end function
+
+Exploit._setPortInfos = function(port)
+	if (is_valid_ip(self.ExternalIpAddress) == false) then
+		exit("<color=#FF0000FF>External Ip Address should be set before port.</color>")
+	end if
+	isLanIp = is_lan_ip(self.ExternalIpAddress)
+	if (port != null) then
+		self.portNumber = port.port_number
+		serviceInfos = globals.router.port_info(port).split(" ")
+		self.portProtocol = serviceInfos[0]
+		self.libVersion = serviceInfos[1]
+		self.LanIpAddress = port.get_lan_ip
+		self.portStatus = "open"
+		if(port.is_closed and not isLanIp) then
+			self.portStatus = "closed"
+		end if
+	end if
+end function
+
+Exploit._setVuln = function(memAddress, vulnText)
+	self.vulnMemoryAddress = memAddress
+	//print("Debug: text: " + vulnText)
+	vulnTextLines = vulnText.split("###")
+	//print("Debug: textafter split: " + vulnTextLines)
+	for line in vulnTextLines
+		if line.indexOf("Unsafe check") == 0 then
+		  //print("Debug: lineToPush1: " + line)
+			self.parseVulnDesc(line)
+		else if line.indexOf("* ") == 0 then
+		  lineToPush = line.remove("* ").remove(".")
+			//print("Debug: lineToPush2: " + lineToPush)
+			self.vulnConditions.push(lineToPush)
+		else
+			//print("unused line: " + line)
+		end if
+	end for
+end function
+
+//private
+Exploit.parseVulnDesc = function(vulnDesc)
+	vulnDesc = vulnDesc.remove("Unsafe check: ")
+	vulnDescArray = vulnDesc.split(". ")
+	self.vulnType = vulnDescArray[1].remove(".")
+	lastSpaceIndex = vulnDescArray[0].lastIndexOf(" ")
+	self.vulnMethod = vulnDescArray[0][0:lastSpaceIndex]
+	self.vulnUnsecValue = slice(vulnDescArray[0],lastSpaceIndex+1)
+end function
+
+//END classes definitions
+
+//Defining functions

 // nmap
 // string ipAddress
@@ -46,44 +167,9 @@ nmap = function(ipAddress)
 		ports = globals.router.computer_ports(ipAddress)
 	end if

-	if (verbose and (ports != null)) then
-		info = "PORT STATE SERVICE VERSION LAN"
-		print("\nScanning ports on " + params[0] + " at " + current_date)
-
-		for port in ports
-			service_info = globals.router.port_info(port)
-			lan_ips = port.get_lan_ip
-			port_status = "open"
-
-			if(port.is_closed and not isLanIp) then
-				port_status = "closed"
-			end if
-			info = info + "\n" + port.port_number + " " + port_status + " " + service_info + " " + lan_ips
-		end for
-		print(format_columns(info) + "\n")
-
-	end if
-
 	return ports
 end function

-// Port port
-displayPort = function(port)
-	res = null
-	isLanIp = is_lan_ip(ipAddress)
-	if (port != null) then
-		service_info = globals.router.port_info(port)
-		lan_ips = port.get_lan_ip
-		port_status = "open"
-		if(port.is_closed and not isLanIp) then
-			port_status = "closed"
-		end if
-		info = port.port_number + " " + port_status + " " + service_info + " " + lan_ips
-		res = format_columns(info)
-	end if
-	return res
-end function
-
 // Get distant lib
 // string address
 // Port port
@@ -96,54 +182,56 @@ getLib = function(address, port)
 	end if
 	return res
 end function
-
-// Parses vuln
-// map <string,string> key = address value = vuln
-// @return
-parseVuln = function(vulnMap)
-	for vuln in vulnMap
-		vulnAddress = vuln.key
-		vulnText = vuln.value
-		vulnTextLines = vulnText.split("\n")
-		count = 0
-		for line in vulnTextLines
-			if line.indexOf("Unsafe check") == 0 then
-				count = count + 1
-				print(vulnAddress+":"+parseVulnDesc(line))
-			else if line.indexOf("*") == 0 then
-				print("  CONDITION:" + line.remove("* ").remove("."))
-			else
-				//print("unused line: " + line)
-			end if
-		end for
-		print("\n")
-	end for
-end function
-
-parseVulnDesc = function(vulnDesc)
-	vulnDesc = vulnDesc.remove("Unsafe check: ")
-	vulnDescArray = vulnDesc.split(". ")
-	vulnType = vulnDescArray[1].remove(".")
-	lastSpaceIndex = vulnDescArray[0].lastIndexOf(" ")
-	vulnMethod = vulnDescArray[0][0:lastSpaceIndex]
-	vulnKey = slice(vulnDescArray[0],lastSpaceIndex+1)
-	return vulnType + ":" + vulnMethod + ":" + vulnKey
-end function
-// END function definitions
+// END functions definitions

 // finding vulnerabilities for each port
 ports = nmap(ipAddress)
-print("\nSCANNING ALL PORTS: " + ipAddress)
+print("\n<color=#FF0000FF>SCANNING ALL PORTS: " + ipAddress + "</color>")
+exploitsArray = []
 for port in ports
 	lib = getLib(ipAddress, port)
+	print("Scanning lib " + lib.lib_name + ":" + lib.version)
 	scanResults = metaxploit.scan(lib)
 	// example with port 25, usefull to debug
-	// scanResults = ["0x19189A45", "0x1C021A4C", "0x5D601DE4"]
+	//scanResults = ["0x19189A45", "0x1C021A4C", "0x5D601DE4"]
 	exploitsMap = {}
 	for address in scanResults
 		exploitsMap[address] = metaxploit.scan_address(lib, address)
 	end for
-	print("========================")
-  print(displayPort(port))
-	parseVuln(exploitsMap)
+	for exploitByAddr in exploitsMap
+	  addressForThoseExploits = exploitByAddr.key
+		exploitsLines = exploitByAddr.value.split("\n")
+		exploitIndex = 0
+		exploitsToParse = []
+		currentExploitLines = ""
+		for exploitLine in exploitsLines
+			if exploitLine.indexOf("Unsafe check") == 0 then
+			  if exploitIndex > 0 then
+				  previousExploitLine = currentExploitLines
+					exploitsToParse.push(previousExploitLine)
+				end if
+			  exploitIndex = exploitIndex + 1
+				currentExploitLines = exploitLine + "###"
+			else if exploitLine.indexOf("* ") == 0 then
+			  currentExploitLines = currentExploitLines + exploitLine + "###"
+			else
+				//print("unused line: " + line)
+			end if
+		end for// split exploits
+		exploitsToParse.push(currentExploitLines)
+		//print("DEBUG To Parse: " + exploitsToParse)
+		//print("DEBUG addr: " + addressForThoseExploits)
+		for exploit in exploitsToParse
+			expl = new Exploit
+			expl._setExternalIpAddress(ipAddress)
+			expl._setPortInfos(port)
+			expl._setVuln(addressForThoseExploits, exploit)
+			exploitsArray.push(expl)
+		end for
+
+	end for
 end for
+
+for exploit in exploitsArray
+	print(exploit._toString)
+end for
\ No newline at end of file