Listing 4 getbanner.pl
#!/usr/bin/env perl
use Getopt::Std;
use Net::Nessus::ScanLite;
use Nmap::Parser;
$NESSUS_HOST = "localhost";
$NESSUS_PORT = 1241;
$NESSUS_SSL = 1;
$NESSUS_USER = "nessus";
$NESSUS_PASS = "nessus";
$NMAP_EXE = "/usr/local/bin/nmap";
$NMAP_ARGS = "-sT ";
&getopts('P:t:n:');
if (defined($opt_P)) {
$port = $opt_P;
}
if ($opt_n) {
$plugin_list = $opt_n;
}
if ($opt_t) {
$target_net = $opt_t;
}
unless ($target_net && ($port >= 0 || $plugin_list)) {
die "$ARGV[0]: -t <target network> -n <plugin list> -P <port>\n";
}
# get an nmap parser going
$np = new Nmap::Parser;
# add the port to our args
$NEW_NMAP_ARGS = $NMAP_ARGS . "-p " . $port;
# $np -> parse_filters({only_active => 1}); # not needed with Nmap::Parser-1.x
$np -> callback(\&host_found); # syntax change for Nmap::Parser-1.x
$np -> parsescan($NMAP_EXE, $NEW_NMAP_ARGS, $target_net);
# the host_found callback will accumulate a list of possible IPs for us
$np -> clean();
if ($plugin_list) {
&run_nessus;
} else {
&banners;
}
exit (0);
sub host_found {
$self = shift;
$ip = $self -> ipv4_addr();
if ($self -> tcp_port_state($port) ne 'closed' &&
$self -> tcp_port_state($port) ne 'filtered') {
push(@target_list, $ip);
}
return;
}
sub banners {
# now what we'll do is run a full port scan of the host
foreach $target (@target_list) {
print "Fully scanning $target\n";
$newscan = new Nmap::Parser;
# $newscan -> parse_filters({only_active => 1}); # not needed with Nmap::Parser-1.x
$newscan -> callback(\&grabber); # syntax change for Nmap::Parser-1.x
$newscan -> parsescan($NMAP_EXE, $FULL_SCAN, $target);
# free up some memory
$newscan -> clean();
}
}
sub grabber {
$self = shift;
$ip = $self -> ipv4_addr();
print "Getting banners from host: $ip\n";
# ask Nmap::Parser for just the open ports
foreach $port ($self -> tcp_ports('open')) {
# establish a connection
$nt = new Net::Telnet (
Binmode => 0,
Host => $ip,
Port => $port,
Errmode => 'return',
Telnetmode => 0,
Timeout => 5
);
if ($nt) {
print "Connected to $ip:$port\n";
$nt -> put("\n\n");
$lines = 0;
while ($lines < 5 && $nt) {
$line = $nt -> getline();
print "$line";
$lines++;
}
# an extra newline, for tidy output
print "\n";
$nt -> close();
} else {
print "Unable to contact $ip:$port\n";
}
}
return;
}
sub run_nessus {
foreach $ip (@target_list) {
# create a new connection to the Nessus server
print "Nessus scanning $ip\n";
$nessus = Net::Nessus::ScanLite -> new (host => $NESSUS_HOST,
port => $NESSUS_PORT,
ssl => $NESSUS_SSL);
$nessus -> preferences( { host_expansion => 'none',
safe_checks => 'no',
auto_enable_dependencies => 'yes',
checks_read_timeout => 1 } );
$nessus -> plugin_set($plugin_list);
if ($nessus -> login($NESSUS_USER, $NESSUS_PASS)) {
$nessus -> attack($ip);
print "Total info: " . $nessus -> total_info . "\n";
foreach $info ($nessus -> info_list) {
print "Info:\n";
print "ID: " . $info -> ScanID . "\n";
print "Port: " . $info -> Port . "\n";
print "Description: " . $info -> Description . "\n";
}
print "Total holes: " . $nessus -> total_holes . "\n";
foreach $hole ($nessus -> hole_list) {
print "Hole:\n";
print "ID: " . $hole -> ScanID . "\n";
print "Port: " . $hole -> Port . "\n";
print "Description: " . $hole -> Description . "\n";
}
} else {
die "Nessus login failed!\n";
}
}
return;
}
|