ntopng/scripts/lua/modules/host/vulnerability_scan.lua

--
-- (C) 2013-23 - ntop.org
--

--
-- Module used to build exec vulnerability scan 
--

dirs = ntop.getDirs()
package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
package.path = dirs.installdir .. "/scripts/lua/modules/host/?.lua;" .. package.path
package.path = dirs.installdir .. "/scripts/lua/pro/modules/?.lua;" .. package.path

local vulnerability_scan = {}
local vulnerability_scan_utils = require "vulnerability_scan_utils"

local debug = false

--debug = true

-- **********************************************************

-- Function to exec single host scan
function vulnerability_scan.scan_host(scan_type, ip, save_on_redis) 
    local scan_command = string.format("%s %s",scan_type, ip)
    local handle = io.popen(scan_command)
    local result = handle:read("*a")
    handle:close()
    local now = os.time()

    local scan_status = false
    if result then
        scan_status = true
        if save_on_redis then
            vulnerability_scan_utils.save_host_to_scan(scan_type, ip, result, now, scan_status)
        end
    else 
        if save_on_redis then
            vulnerability_scan_utils.save_host_to_scan(scan_type, ip, nil, now, scan_status)
        end
    end

    return 1
end

-- **********************************************************

-- Function to exec scan to all hosts set
function vulnerability_scan.scan_all_host(save_on_redis) 
    local host_to_scan_list = vulnerability_scan_utils.retrieve_hosts_to_scan()

    if #host_to_scan_list > 0 then
        for _,scan_info in ipairs(host_to_scan_list) do

            local scan_type = scan_info.scan_type
            local ip = scan_info.host
            local scan_command = string.format("%s %s",scan_type, ip)
            local handle = io.popen(scan_command)
            local result = handle:read("*a")
            handle:close()
            local now = os.time()

            local scan_status = false
            if result then
                scan_status = true
                if save_on_redis then
                    vulnerability_scan_utils.save_host_to_scan(scan_type, ip, result, now, scan_status)
                end
            else 
                if save_on_redis then
                    vulnerability_scan_utils.save_host_to_scan(scan_type, ip, nil, now, scan_status)
                end
            end
        end
    end

    return 1
end

-- **********************************************************

return vulnerability_scan