Added univscan first version

univscan.gs

+// @author: Tom de Qu'est-ce que tu GEEKes ?
+// This script takes an address as input and scans all ports available to find vulnerabilities
+// Collect inputs and handling options
+if params.len < 1 or params[0] == "-h" or params[0] == "--help" then exit("<b>Usage: "+program_path.split("/")[-1]+" [ip_address]</b>")
+
+verbose = false
+if (params.len == 2) then
+	if params[1] == "-v" or params[1] == "--verbose" then
+		verbose = true
+	else
+		verbose = false
+	end if
+end if
+ipAddress = params[0]
+
+// Check mx
+metaxploit = include_lib("/lib/metaxploit.so")
+if not metaxploit then
+	currentPath = get_shell.host_computer.current_path
+	metaxploit = include_lib(currentPath + "/metaxploit.so")
+end if
+if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")
+address = params[0]
+
+// Defining functions
+
+// nmap
+// string ipAddress
+// @return Port[]
+nmap = function(ipAddress)
+	isLanIp = is_lan_ip( ipAddress )
+	if isLanIp then
+		globals.router = get_router;
+	else
+		globals.router = get_router( ipAddress )
+	end if
+
+	if globals.router == null then exit("nmap: ip address not found")
+
+	isRouterIp = globals.router.local_ip == ipAddress
+	ports = null
+
+	if not isLanIp or isRouterIp then
+		ports = globals.router.used_ports
+	else
+		ports = globals.router.computer_ports(ipAddress)
+	end if
+
+	if (verbose and (ports != null)) then
+		info = "PORT STATE SERVICE VERSION LAN"
+		print("\nScanning ports on " + params[0] + " at " + current_date)
+
+		for port in ports
+			service_info = globals.router.port_info(port)
+			lan_ips = port.get_lan_ip
+			port_status = "open"
+
+			if(port.is_closed and not isLanIp) then
+				port_status = "closed"
+			end if
+			info = info + "\n" + port.port_number + " " + port_status + " " + service_info + " " + lan_ips
+		end for
+		print(format_columns(info) + "\n")
+
+	end if
+
+	return ports
+end function
+
+// Port port
+displayPort = function(port)
+	res = null
+	isLanIp = is_lan_ip(ipAddress)
+	if (port != null) then
+		service_info = globals.router.port_info(port)
+		lan_ips = port.get_lan_ip
+		port_status = "open"
+		if(port.is_closed and not isLanIp) then
+			port_status = "closed"
+		end if
+		info = port.port_number + " " + port_status + " " + service_info + " " + lan_ips
+		res = format_columns(info)
+	end if
+	return res
+end function
+
+// Get distant lib
+// string address
+// Port port
+// @return metaLib|null
+getLib = function(address, port)
+	res = null
+	net_session = metaxploit.net_use( address, port.port_number )
+	if net_session then
+		res = net_session.dump_lib
+	end if
+	return res
+end function
+
+// Parses vuln
+// map <string,string> key = address value = vuln
+// @return
+parseVuln = function(vulnMap)
+	for vuln in vulnMap
+		vulnAddress = vuln.key
+		vulnText = vuln.value
+		vulnTextLines = vulnText.split("\n")
+		count = 0
+		for line in vulnTextLines
+			if line.indexOf("Unsafe check") == 0 then
+				count = count + 1
+				print(vulnAddress+":"+parseVulnDesc(line))
+			else if line.indexOf("*") == 0 then
+				print("  CONDITION:" + line.remove("* ").remove("."))
+			else
+				//print("unused line: " + line)
+			end if
+		end for
+		print("\n")
+	end for
+end function
+
+parseVulnDesc = function(vulnDesc)
+	vulnDesc = vulnDesc.remove("Unsafe check: ")
+	vulnDescArray = vulnDesc.split(". ")
+	vulnType = vulnDescArray[1].remove(".")
+	lastSpaceIndex = vulnDescArray[0].lastIndexOf(" ")
+	vulnMethod = vulnDescArray[0][0:lastSpaceIndex]
+	vulnKey = slice(vulnDescArray[0],lastSpaceIndex+1)
+	return vulnType + ":" + vulnMethod + ":" + vulnKey
+end function
+// END function definitions
+
+// finding vulnerabilities for each port
+ports = nmap(ipAddress)
+print("\nSCANNING ALL PORTS: " + ipAddress)
+for port in ports
+	lib = getLib(ipAddress, port)
+	scanResults = metaxploit.scan(lib)
+	// example with port 25, usefull to debug
+	// scanResults = ["0x19189A45", "0x1C021A4C", "0x5D601DE4"]
+	exploitsMap = {}
+	for address in scanResults
+		exploitsMap[address] = metaxploit.scan_address(lib, address)
+	end for
+	print("========================")
+  print(displayPort(port))
+	parseVuln(exploitsMap)
+end for