mirror of
https://github.com/ntop/ntopng.git
synced 2026-05-05 19:15:03 +00:00
113 lines
2.8 KiB
Lua
113 lines
2.8 KiB
Lua
--
|
|
-- (C) 2013-23 - ntop.org
|
|
--
|
|
|
|
--
|
|
-- Module used to run vulnerability scans
|
|
--
|
|
|
|
dirs = ntop.getDirs()
|
|
package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
|
|
package.path = dirs.installdir .. "/scripts/lua/modules/host/?.lua;" .. package.path
|
|
package.path = dirs.installdir .. "/scripts/lua/modules/vulnerability_scan/?.lua;".. package.path
|
|
|
|
local vs = {}
|
|
local vs_utils = require "vs_utils"
|
|
|
|
local debug = false
|
|
|
|
--debug = true
|
|
|
|
--
|
|
-- https://geekflare.com/nmap-vulnerability-scan/
|
|
-- cd /usr/share/nmap/scripts/
|
|
-- git clone https://github.com/scipag/vulscan.git
|
|
-- ln -s `pwd`/scipag_vulscan /usr/share/nmap/scripts/vulscan
|
|
-- cd vulscan/utilities/updater/
|
|
-- chmod +x updateFiles.sh
|
|
-- ./updateFiles.sh
|
|
--
|
|
-- Example:
|
|
-- nmap -sV --script vulscan --script-args vulscandb=openvas.csv <target> -p 80,233
|
|
--
|
|
--
|
|
-- exploitdb.csv
|
|
-- osvdb.csv
|
|
-- securitytracker.csv
|
|
-- openvas.csv
|
|
-- scipvuldb.csv
|
|
-- xforce.csv
|
|
-- securityfocus.csv
|
|
-- cve.csv
|
|
--
|
|
|
|
-- **********************************************************
|
|
|
|
function vs.list_scan_modules()
|
|
local dirs = ntop.getDirs()
|
|
local basedir = dirs.scriptdir .. "/lua/modules/vulnerability_scan/modules"
|
|
local modules = {}
|
|
|
|
for name in pairs(ntop.readdir(basedir)) do
|
|
if(ends(name, ".lua")) then
|
|
name = string.sub(name, 1, string.len(name)-4) -- remove .lua trailer
|
|
table.insert(modules, name)
|
|
end
|
|
end
|
|
|
|
return(modules)
|
|
end
|
|
|
|
-- **********************************************************
|
|
|
|
function vs.load_module(name)
|
|
package.path = dirs.installdir .. "/scripts/lua/modules/vulnerability_scan/modules/?.lua;".. package.path
|
|
return(require(name):new())
|
|
end
|
|
|
|
-- **********************************************************
|
|
|
|
-- Function to exec single host scan
|
|
function vs.scan_host(scan_type, ip, save_on_redis)
|
|
local scan_command = string.format("%s %s", scan_type, ip)
|
|
local handle = io.popen(scan_command)
|
|
local result = handle:read("*a")
|
|
handle:close()
|
|
local now = os.time()
|
|
|
|
local scan_status = false
|
|
if result then
|
|
scan_status = true
|
|
if save_on_redis then
|
|
vs_utils.save_host_to_scan(scan_type, ip, result, now, scan_status)
|
|
end
|
|
else
|
|
if save_on_redis then
|
|
vs_utils.save_host_to_scan(scan_type, ip, nil, now, scan_status)
|
|
end
|
|
end
|
|
|
|
return 1
|
|
end
|
|
|
|
-- **********************************************************
|
|
|
|
-- Function to exec scan to all defined hosts
|
|
function vs.scan_all_hosts(save_on_redis)
|
|
local host_to_scan_list = vs_utils.retrieve_hosts_to_scan()
|
|
|
|
if #host_to_scan_list > 0 then
|
|
for _,scan_info in ipairs(host_to_scan_list) do
|
|
local scan_type = scan_info.scan_type
|
|
local ip = scan_info.host
|
|
|
|
vs.scan_host(scan_type, ip, save_on_redis)
|
|
end
|
|
end
|
|
|
|
return 1
|
|
end
|
|
|
|
-- **********************************************************
|
|
|
|
return vs
|