Article Listing 1 Listing 2 Listing 3 Listing 4 aug2005.tar

Listing 4 getbanner.pl

#!/usr/bin/env perl

use Getopt::Std;
use Net::Nessus::ScanLite;
use Nmap::Parser;


$NESSUS_HOST = "localhost";
$NESSUS_PORT = 1241;
$NESSUS_SSL = 1;

$NESSUS_USER = "nessus";
$NESSUS_PASS = "nessus";

$NMAP_EXE = "/usr/local/bin/nmap";
$NMAP_ARGS = "-sT ";

&getopts('P:t:n:');

if (defined($opt_P)) {
    $port = $opt_P;
}

if ($opt_n) {
    $plugin_list = $opt_n;
}

if ($opt_t) {
    $target_net = $opt_t;
}

unless ($target_net && ($port >= 0 || $plugin_list)) { 
    die "$ARGV[0]: -t <target network> -n <plugin list> -P <port>\n";
}

# get an nmap parser going

$np = new Nmap::Parser;

# add the port to our args

$NEW_NMAP_ARGS = $NMAP_ARGS . "-p " . $port;

# $np -> parse_filters({only_active => 1}); # not needed with Nmap::Parser-1.x
$np -> callback(\&host_found); # syntax change for Nmap::Parser-1.x
$np -> parsescan($NMAP_EXE, $NEW_NMAP_ARGS, $target_net);

# the host_found callback will accumulate a list of possible IPs for us

$np -> clean();

if ($plugin_list) {
    &run_nessus;
} else {
    &banners;
}


exit (0);

sub host_found {

    $self = shift;
    
    $ip = $self -> ipv4_addr();

    if ($self -> tcp_port_state($port) ne 'closed' &&
        $self -> tcp_port_state($port) ne 'filtered') {
        push(@target_list, $ip);
    }
    
    return;

}

sub banners {
    # now what we'll do is run a full port scan of the host
    
    foreach $target (@target_list) {
        print "Fully scanning $target\n";
        $newscan = new Nmap::Parser;
#        $newscan -> parse_filters({only_active => 1}); # not needed with Nmap::Parser-1.x
        $newscan -> callback(\&grabber); # syntax change for Nmap::Parser-1.x
        $newscan -> parsescan($NMAP_EXE, $FULL_SCAN, $target);
        # free up some memory
        $newscan -> clean();
    }

}

sub grabber {
    $self = shift;

    $ip = $self -> ipv4_addr();    

    print "Getting banners from host: $ip\n";

    # ask Nmap::Parser for just the open ports

    foreach $port ($self -> tcp_ports('open')) {
        # establish a connection
        $nt = new Net::Telnet (
                Binmode => 0,
                Host => $ip,
                Port => $port,
                Errmode => 'return',
                Telnetmode => 0,
                Timeout => 5
                );

        if ($nt) {
            print "Connected to $ip:$port\n";
            $nt -> put("\n\n");
            $lines = 0;
            while ($lines < 5 && $nt) {
                $line = $nt -> getline();
                print "$line";
                $lines++;
            }
            # an extra newline, for tidy output
            print "\n";
            $nt -> close();
        } else {
            print "Unable to contact $ip:$port\n";

        }

    }

    return;
    
}

sub run_nessus {

    foreach $ip (@target_list) {
        # create a new connection to the Nessus server    
        print "Nessus scanning $ip\n";
        $nessus = Net::Nessus::ScanLite -> new (host => $NESSUS_HOST,
                            port => $NESSUS_PORT,
                            ssl => $NESSUS_SSL);
        $nessus -> preferences( { host_expansion => 'none',
                    safe_checks => 'no',
                    auto_enable_dependencies => 'yes',
                    checks_read_timeout => 1 } );

        $nessus -> plugin_set($plugin_list);
        if ($nessus -> login($NESSUS_USER, $NESSUS_PASS)) {
            $nessus -> attack($ip);
            print "Total info: " . $nessus -> total_info . "\n";
            foreach $info ($nessus -> info_list) {
                print "Info:\n";
                print "ID: " . $info -> ScanID . "\n";
                print "Port: " . $info -> Port . "\n";
                print "Description: " . $info -> Description . "\n";
            }
            print "Total holes: " . $nessus -> total_holes . "\n";
            foreach $hole ($nessus -> hole_list) {
                print "Hole:\n";
                print "ID: " . $hole -> ScanID . "\n";
                print "Port: " . $hole -> Port . "\n";
                print "Description: " . $hole -> Description . "\n";
            }
        } else {
            die "Nessus login failed!\n";
        }
    }
    return;
}