mirror of
https://github.com/ntop/ntopng.git
synced 2026-04-29 15:39:33 +00:00
[VS] Add IPv4 Network Scan. (#8062)
This commit is contained in:
Nicolo Maio
parent
fd418514d0
commit
d1dc23d23b
7 changed files with 236 additions and 36 deletions
|
|
@ -1000,7 +1000,7 @@ end
|
|||
-- **********************************************************
|
||||
|
||||
--Function to save
|
||||
function vs_utils.add_host_pref(scan_type, host, ports, scan_frequency)
|
||||
function vs_utils.add_host_pref(scan_type, host, ports, scan_frequency, discovered_host_scan_type)
|
||||
|
||||
local host_hash_key = vs_utils.get_host_hash_key(host, scan_type)
|
||||
|
||||
|
|
@ -1009,6 +1009,7 @@ function vs_utils.add_host_pref(scan_type, host, ports, scan_frequency)
|
|||
host_name = host_name,
|
||||
scan_type = scan_type,
|
||||
ports = ports,
|
||||
discovered_host_scan_type = discovered_host_scan_type
|
||||
}
|
||||
if not isEmptyString(scan_frequency) then
|
||||
new_item.scan_frequency = scan_frequency
|
||||
|
|
@ -1025,13 +1026,14 @@ function vs_utils.add_host_pref(scan_type, host, ports, scan_frequency)
|
|||
return result
|
||||
end
|
||||
|
||||
function vs_utils.edit_host_pref(scan_type, host, ports, scan_frequency)
|
||||
function vs_utils.edit_host_pref(scan_type, host, ports, scan_frequency, discovered_host_scan_type)
|
||||
local host_hash_key = vs_utils.get_host_hash_key(host, scan_type)
|
||||
local old_item_string = ntop.getHashCache(prefs_host_values_key,host_hash_key)
|
||||
if (not isEmptyString(old_item_string)) then
|
||||
local old_item = json.decode(old_item_string)
|
||||
old_item.ports = ports
|
||||
old_item.scan_frequency = scan_frequency
|
||||
old_item.discovered_host_scan_type = discovered_host_scan_type
|
||||
|
||||
ntop.setHashCache(prefs_host_values_key, host_hash_key, json.encode(old_item))
|
||||
return 1 --ok
|
||||
|
|
@ -1224,7 +1226,8 @@ function vs_utils.save_host_to_scan(scan_type, host, scan_result, last_scan_time
|
|||
end
|
||||
|
||||
local host_info_differences
|
||||
if trigger_alert and old_data and (not is_edit) and
|
||||
-- TODO FIX HARD CODING HERE of ipv4_netscan exclusion
|
||||
if trigger_alert and old_data and (not is_edit) and scan_type ~= 'ipv4_netscan' and
|
||||
-- old scan and new scan must be successfully to perform discrepancies check
|
||||
(old_data.is_ok_last_scan == vs_utils.scan_status.ok and new_item.is_ok_last_scan == vs_utils.scan_status.ok)
|
||||
then
|
||||
|
|
@ -1444,11 +1447,11 @@ local function retrieve_report_info(date)
|
|||
|
||||
for _, item in ipairs(host_scanned_info) do
|
||||
if (not isEmptyString(item.num_vulnerabilities_found)) then
|
||||
info.cves = info.cves + tonumber(item.num_vulnerabilities_found)
|
||||
info.cves = info.cves + tonumber(item.num_vulnerabilities_found or 0)
|
||||
end
|
||||
|
||||
info.tcp_ports = info.tcp_ports + tonumber(item.tcp_ports)
|
||||
info.udp_ports = info.udp_ports + tonumber(item.udp_ports)
|
||||
info.tcp_ports = info.tcp_ports + tonumber(item.tcp_ports or 0)
|
||||
info.udp_ports = info.udp_ports + tonumber(item.udp_ports or 0)
|
||||
|
||||
-- plus 1 because start from 0
|
||||
info.scanned_hosts = info.scanned_hosts + 1
|
||||
|
|
@ -2098,7 +2101,10 @@ function vs_utils.scan_host(scan_type, host, ports, scan_id, use_coroutines)
|
|||
if scan_result and scan_result ~= vs_utils.scan_status.failed then
|
||||
scan_result = vs_utils.scan_status.ok
|
||||
|
||||
ntop.incrCache(scanned_hosts_count_key)
|
||||
if (scan_type ~= 'ipv4_netscan') then
|
||||
-- excluding the netscan
|
||||
ntop.incrCache(scanned_hosts_count_key)
|
||||
end
|
||||
elseif(scan_result and scan_result == vs_utils.scan_status.failed) then
|
||||
scan_result = vs_utils.scan_status.failed
|
||||
end
|
||||
|
|
@ -2352,7 +2358,47 @@ end
|
|||
|
||||
-- Example vs_utils.get_active_hosts("192.168.2.0", "24")
|
||||
function vs_utils.get_active_hosts(host, cidr)
|
||||
local result = vs_utils.exec_netscan(host, cidr)
|
||||
|
||||
return result
|
||||
end
|
||||
|
||||
-- **********************************************************
|
||||
-- Function to cleanup netscan result
|
||||
|
||||
function vs_utils.netscan_cleanup(scan_result)
|
||||
|
||||
scan_result = lines(scan_result)
|
||||
|
||||
local scan_out = {}
|
||||
local discovered_hosts = {}
|
||||
for i=1,4 do
|
||||
table.remove(scan_result, 1)
|
||||
end
|
||||
|
||||
table.remove(scan_result, #scan_result)
|
||||
|
||||
for _,l in pairs(scan_result) do
|
||||
if (string.find(l, "Nmap scan report for") ~= nil) then
|
||||
discovered_hosts[#discovered_hosts + 1] = string.split(l," ")[5]
|
||||
|
||||
end
|
||||
table.insert(scan_out, l)
|
||||
end
|
||||
|
||||
local scan_result_out = table.concat(scan_out, "\n")
|
||||
return scan_result_out, discovered_hosts
|
||||
end
|
||||
|
||||
-- **********************************************************
|
||||
|
||||
-- Example vs_utils.get_active_hosts("192.168.2.0", "24")
|
||||
function vs_utils.exec_netscan(host, cidr)
|
||||
local result = {}
|
||||
local out
|
||||
local begin_epoch
|
||||
local duration
|
||||
local scan_ok
|
||||
|
||||
cidr = tonumber(cidr)
|
||||
|
||||
|
|
@ -2365,16 +2411,18 @@ function vs_utils.get_active_hosts(host, cidr)
|
|||
local s = string.split(host, '%.')
|
||||
local net = s[1].."."..s[2].."."..s[3].."."
|
||||
local nmap = vs_utils.get_nmap_path()
|
||||
local command = nmap..' -sP -n ' .. net .. '1-254 | grep "Nmap scan report for" | cut -d " " -f 5'
|
||||
local out = ntop.execCmd(command)
|
||||
local l = lines(out)
|
||||
local command = nmap..' -sP -n ' .. net .. '1-254'
|
||||
|
||||
begin_epoch = os.time()
|
||||
out = ntop.execCmd(command)
|
||||
duration = os.time() - begin_epoch
|
||||
|
||||
for _,h in pairs(l) do
|
||||
result[#result+1] = h
|
||||
end
|
||||
out, result = vs_utils.netscan_cleanup(out)
|
||||
scan_ok = true
|
||||
|
||||
end
|
||||
|
||||
return result
|
||||
return result,out,begin_epoch,duration,scan_ok
|
||||
end
|
||||
|
||||
-- **********************************************************
|
||||
|
|
@ -2530,6 +2578,10 @@ function vs_utils.migrate_keys()
|
|||
ports = old_hash_value.ports,
|
||||
}
|
||||
|
||||
if (not isEmptyString(old_hash_value.discovered_host_scan_type)) then
|
||||
new_hash_value = old_hash_value.discovered_host_scan_type
|
||||
end
|
||||
|
||||
ntop.setHashCache(prefs_host_values_key, key,json.encode(new_hash_value))
|
||||
end
|
||||
end
|
||||
|
|
@ -2562,6 +2614,29 @@ else
|
|||
use_slow_scan = ""
|
||||
end
|
||||
|
||||
-- ##########################################################
|
||||
-- ipv4_netscan functions
|
||||
|
||||
-- **********************************************************
|
||||
-- Function to retrieve discovered_host_scan_type
|
||||
-- and scan_frequency
|
||||
|
||||
-- discovered_host_scan_type:
|
||||
-- the scan type for the hosts discovered by the netscan
|
||||
|
||||
-- scan_frequency:
|
||||
-- the scan_frequency for the hosts discovered by the netscan
|
||||
function vs_utils.get_network_pref_value(network_ip, scan_type)
|
||||
|
||||
local hash_key = vs_utils.get_host_hash_key(network_ip, scan_type)
|
||||
local network_pref_value = json.decode(ntop.getHashCache(prefs_host_values_key,hash_key) or {})
|
||||
|
||||
if(network_pref_value and not isEmptyString(network_pref_value)) then
|
||||
return network_pref_value.discovered_host_scan_type, network_pref_value.scan_frequency
|
||||
end
|
||||
return nil
|
||||
end
|
||||
|
||||
-- **********************************************************
|
||||
-- Function to find if an ip is configured
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue