2010-10-20 Sergio Martin <sergio.martin@artica.es>

* godmode/servers/manage_export_form.php
	godmode/servers/manage_recontask.php
	godmode/servers/manage_recontask_form.php: Improved and fixed
	little bugs into the custom recon scripts interface



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3436 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
zarzuelo 2010-10-20 16:32:15 +00:00
parent fbf3188cad
commit 3f317d8f04
4 changed files with 195 additions and 83 deletions

View File

@ -1,3 +1,10 @@
2010-10-20 Sergio Martin <sergio.martin@artica.es>
* godmode/servers/manage_export_form.php
godmode/servers/manage_recontask.php
godmode/servers/manage_recontask_form.php: Improved and fixed
little bugs into the custom recon scripts interface
2010-10-20 Sergio Martin <sergio.martin@artica.es>
* godmode/alerts/alert_list.list.php: Clean the code

View File

@ -13,6 +13,7 @@
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// Load global vars
global $config;
@ -20,112 +21,181 @@ check_login ();
if (! give_acl ($config['id_user'], 0, "PM")) {
audit_db ($config['id_user'], $_SERVER['REMOTE_ADDR'], "ACL Violation",
"Trying to access Export Server Management");
"Trying to access Agent Management");
require ("general/noaccess.php");
return;
}
$update = (int) get_parameter ("update");
if ($update) {
$row = get_db_row ("tserver_export", "id", $update);
if (isset (get_parameter("update")) { // Edit mode
$id_rt = (int) get_parameter_get ("update");
$row = get_db_row ("trecon_task","id_rt",$id_rt);
$name = $row["name"];
$export_server = $row["id_export_server"];
$preffix = $row["preffix"];
$interval = $row["interval"];
$ip_server = $row["ip_server"];
$connect_mode = $row["connect_mode"];
$user = $row["user"];
$password = $row["pass"];
$port = $row["port"];
$directory = $row["directory"];
$options = $row["options"];
}
else {
$name = '';
$export_server = 0;
$preffix = '';
$interval = 300;
$ip_server = '';
$connect_mode = 'tentacle';
$user = '';
$password = '';
$port = 41121;
$directory = '/var/spool/pandora/data_in';
$options = '';
$network = $row["subnet"];
$id_recon_server = $row["id_recon_server"];
$description = $row["description"];
$interval = $row["interval_sweep"];
$id_group = $row["id_group"];
$create_incident = $row["create_incident"];
$id_network_profile = $row["id_network_profile"];
$id_os = $row["id_os"];
$recon_ports = $row["recon_ports"];
$snmp_community = $row["snmp_community"];
$id_recon_script = $row["id_recon_script"];
$field1 = $row["field1"];
$field2 = $row["field2"];
$field3 = $row["field3"];
$field4 = $row["field4"];
if ($id_recon_script == 0)
$mode = "network_sweep";
else
$mode = "recon_script";
} elseif (isset (get_parameter("create"))) {
$id_rt = -1;
$name = "";
$network = "";
$description = "";
$id_recon_server = 0;
$interval = 43200;
$id_group = 0;
$create_incident = 1;
$snmp_community = "public";
$id_network_profile = 1;
$id_os = -1; // Any
$recon_ports = ""; // Any
$field1 = "";
$field2 = "";
$field3 = "";
$field4 = "";
$id_recon_script = 0;
$mode = "network_sweep";
}
// Headers
print_page_header (__('Export targets'), "", false, "", true);
print_page_header (__('Manage recontask')." ".print_help_icon ("recontask", true), "", false, "", true);
$table->width=700;
$table->width=600;
$table->cellspacing=4;
$table->cellpadding=4;
$table->class="databox_color";
echo '<form name="modulo" method="POST" action="index.php?sec=gservers&sec2=godmode/servers/manage_export&' . ($update ? "update=$update" : 'create=1') . '">';
$table->rowclass[12] = "recon_script";
$table->rowclass[13] = "recon_script";
$table->rowclass[14] = "recon_script";
$table->rowclass[15] = "recon_script";
// Name
$table->data[0][0] = __('Name');
$table->data[0][0] = "<b>".__('Task name')."</b>";
$table->data[0][1] = print_input_text ('name', $name, '', 25, 0, true);
// Export server
$table->data[1][0] = __('Export server');
$table->data[1][1] = print_select_from_sql ('SELECT id_server, name FROM tserver WHERE server_type = 7 ORDER BY name',
'export_server', $export_server, '', __('None'), 0, true);
// Recon server
$table->data[1][0] = "<b>".__('Recon server').'<a href="#" class="tip">&nbsp;<span>'.__('You must select a Recon Server for the Task, otherwise the Recon Task will never run').'</span></a>';
// Preffix
$table->data[2][0] = __('Preffix');
$table->data[2][1] = print_input_text ('preffix', $preffix, '', 25, 0, true);
$table->data[1][1] = print_select_from_sql ('SELECT id_server, name FROM tserver WHERE server_type = 3 ORDER BY name', "id_recon_server", $id_recon_server, '', '', '', true);
$fields['network_sweep'] = __("Network sweep");
$fields['recon_script'] = __("Custom script");
$table->data[2][0] = "<b>".__('Mode')."</b>";
$table->data[2][1] = print_select ($fields, "mode", $mode, '', '', 0, true);
// Network
$table->data[3][0] = "<b>".__('Network');
$table->data[3][1] = print_input_text ('network', $network, '', 25, 0, true);
// Interval
$table->data[3][0] = __('Interval');
$table->data[3][1] = print_input_text ('interval', $interval, '', 25, 0, true);
$values = array ();
$values[3600] = __('%d hour', 1);
$values[7200] = __('%d hours', 2);
$values[21600] = __('%d hours', 6);
$values[43200] = __('%d hours', 12);
$values[86400] = __('%d day', 1);
$values[432000] = __('%d days', 5);
$values[604800] = __('%d week', 1);
$values[1209600] = __('%d weeks', 2);
$values[2592000] = __('%d month', 1);
// Address
$table->data[4][0] = __('Address');
$table->data[4][1] = print_input_text ('ip_server', $ip_server, '', 25, 0, true);
$table->data[4][0] = "<b>".__('Interval');
$table->data[4][1] = print_select ($values, "interval", $interval, '', '', '', true);
// Transfer mode
$table->data[5][0] = __('Transfer mode');
$transfer_mode_select = array (
'tentacle' => 'tentacle',
'ssh' => 'ssh',
'ftp' => 'ftp',
'local' => 'local');
$table->data[5][1] = print_select ($transfer_mode_select, "connect_mode", $connect_mode, '', '', '', true);
// Module template
$table->data[5][0] = "<b>".__('Module template');
$table->data[5][1] = print_select_from_sql ('SELECT id_np, name FROM tnetwork_profile',
"id_network_profile", $id_network_profile, '', '', '', true);
// User
$table->data[6][0] = __('User');
$table->data[6][1] = print_input_text ('user', $user, '', 25, 0, true);
// Recon script
$table->data[6][0] = "<b>".__('Recon script');
$table->data[6][1] = print_select_from_sql ('SELECT id_recon_script, name FROM trecon_script', "id_recon_script", $id_recon_script, '', '', '', true);
// Password
$table->data[7][0] = __('Password');
$table->data[7][1] = print_input_password ('password', $password, '', 25, 0, true);
// Port
$table->data[8][0] = __('Port');
$table->data[8][1] = print_input_text ('port', $port, '', 25, 0, true);
// OS
$table->data[7][0] = "<b>".__('OS');
$table->data[7][1] = print_select_from_sql ('SELECT id_os, name FROM tconfig_os ORDER BY name',
"id_os", $id_os, '', __('Any'), -1, true);
// Directory
$table->data[9][0] = __('Target directory');
$table->data[9][1] = print_input_text ('directory', $directory, '', 25, 0, true);
// Recon ports
$table->data[8][0] = "<b>".__('Ports');
$table->data[8][1] = print_input_text ('recon_ports', $recon_ports, '', 25, 0, true);
$table->data[8][1] .= '<a href="#" class="tip">&nbsp;<span>'.__('Ports defined like: 80 or 80,443,512 or even 0-1024 (Like Nmap command line format). If dont want to do a sweep using portscan, left it in blank').'</span></a>';
// Options
$table->data[10][0] = __('Extra options');
$table->data[10][1] = print_input_text ('options', $options, '', 25, 0, true);
// Group
$table->data[9][0] = "<b>".__('Group');
$groups = get_user_groups (false, "AR", false);
$table->data[9][1] = print_select_groups(false, "AR", false, 'id_group', $id_group, '', '', 0, true);
// Incident
$values = array (0 => __('No'), 1 => __('Yes'));
$table->data[10][0] = "<b>".__('Incident');
$table->data[10][1] = print_select ($values, "create_incident", $create_incident,
'','','',true);
// SNMP default community
$table->data[11][0] = "<b>".__('SNMP Default community');
$table->data[11][1] = print_input_text ('snmp_community', $snmp_community, '', 35, 0, true);
// Field1
$table->data[12][0] = "<b>".__('Script field #1');
$table->data[12][1] = print_input_text ('field1', $field1, '', 40, 0, true);
// Field2
$table->data[13][0] = "<b>".__('Script field #2');
$table->data[13][1] = print_input_text ('field2', $field2, '', 40, 0, true);
// Field3
$table->data[14][0] = "<b>".__('Script field #3');
$table->data[14][1] = print_input_text ('field3', $field3, '', 40, 0, true);
// Field4
$table->data[15][0] = "<b>".__('Script field #4');
$table->data[15][1] = print_input_text ('field4', $field4, '', 40, 0, true);
// Comments
$table->data[16][0] = "<b>".__('Comments');
$table->data[16][1] = print_input_text ('description', $description, '', 45, 0, true);
// Different Form url if it's a create or if it's a update form
echo '<form name="modulo" method="post" action="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&'.(($id_rt != -1) ? 'update='.$id_rt : 'create=1').'">';
print_table ($table);
echo '<div class="action-buttons" style="width: 700px">';
if ($update)
echo print_submit_button (__('Update'),"crt",false,'class="sub upd"',true);
echo '<div class="action-buttons" style="width: 620px">';
if ($id_rt != -1)
print_submit_button (__('Update'), "crt", false, 'class="sub upd"');
else
echo print_submit_button (__('Add'),"crt",false,'class="sub wand"',true);
echo '</form>';
print_submit_button (__('Add'), "crt", false, 'class="sub wand"');
echo "</div>";
echo "</form>";
?>
<script type="text/javascript">
/* <![CDATA[ */
$(document).ready (function () {
alert("perro");
});
/* ]]> */
</script>

View File

@ -58,14 +58,14 @@ if ((isset ($_GET["update"])) OR ((isset ($_GET["create"])))) {
$recon_ports = get_parameter_post ("recon_ports", "");
$id_os = get_parameter_post ("id_os", 10);
$snmp_community = get_parameter_post ("snmp_community", "public");
$id_recon_script = get_parameter ("id_recon_script", 0);
$id_recon_script = get_parameter ("id_recon_script", 'NULL');
$mode = get_parameter ("mode", "");
$field1 = get_parameter ("field1", "");
$field2 = get_parameter ("field2", "");
$field3 = get_parameter ("field3", "");
$field4 = get_parameter ("field4", "");
if ($mode == "network_sweep")
$id_recon_script = 0;
$id_recon_script = 'NULL';
else
$id_network_profile = 0;
@ -101,8 +101,8 @@ if (isset($_GET["update"])) {
if (isset($_GET["create"])) {
$sql = sprintf ("INSERT INTO trecon_task
(name, subnet, description, id_recon_server, create_incident, id_group, id_network_profile, interval_sweep, id_os, recon_ports, snmp_community, id_recon_script, field1, field2, field3, field4)
VALUES ( '%s', '%s', '%s', %u, %b, %d, %d, %u, %d, '%s', '%s', '%d', '%s', '%s', '%s', '%s')",$name,$network,$description,$id_recon_server,$create_incident,$id_group,$id_network_profile,$interval,$id_os, $recon_ports, $snmp_community,$id_recon_script, $field1, $field2, $field3, $field4);
VALUES ( '%s', '%s', '%s', %u, %b, %d, %d, %u, %d, '%s', '%s', %s, '%s', '%s', '%s', '%s')",$name,$network,$description,$id_recon_server,$create_incident,$id_group,$id_network_profile,$interval,$id_os, $recon_ports, $snmp_community,$id_recon_script, $field1, $field2, $field3, $field4);
if ($name != "") {
if (($id_recon_script == 0) && preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network))
$result = process_sql ($sql);

View File

@ -75,11 +75,21 @@ if (isset ($_GET["update"])) { // Edit mode
print_page_header (__('Manage recontask')." ".print_help_icon ("recontask", true), "", false, "", true);
$table->width=600;
$table->width='90%';
$table->cellspacing=4;
$table->cellpadding=4;
$table->class="databox_color";
$table->rowclass[3]="network_sweep";
$table->rowclass[5]="network_sweep";
$table->rowclass[7]="network_sweep";
$table->rowclass[8]="network_sweep";
$table->rowclass[11]="network_sweep";
$table->rowclass[6]="recon_script";
$table->rowclass[12]="recon_script";
$table->rowclass[13]="recon_script";
$table->rowclass[14]="recon_script";
$table->rowclass[15]="recon_script";
// Name
$table->data[0][0] = "<b>".__('Task name')."</b>";
$table->data[0][1] = print_input_text ('name', $name, '', 25, 0, true);
@ -178,7 +188,7 @@ $table->data[16][1] = print_input_text ('description', $description, '', 45, 0,
echo '<form name="modulo" method="post" action="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&'.(($id_rt != -1) ? 'update='.$id_rt : 'create=1').'">';
print_table ($table);
echo '<div class="action-buttons" style="width: 620px">';
echo '<div class="action-buttons" style="width: '.$table->width.'">';
if ($id_rt != -1)
print_submit_button (__('Update'), "crt", false, 'class="sub upd"');
else
@ -188,3 +198,28 @@ echo "</div>";
echo "</form>";
?>
<script type="text/javascript">
/* <![CDATA[ */
$(document).ready (function () {
if($('#mode').val() == 'recon_script') {
$(".recon_script").attr ('style', '');
$(".network_sweep").attr ('style', 'display:none');
}
else if($('#mode').val() == 'network_sweep') {
$(".network_sweep").attr ('style', '');
$(".recon_script").attr ('style', 'display:none');
}
$('#mode').change(function() {
if(this.value == 'recon_script') {
$(".recon_script").attr ('style', '');
$(".network_sweep").attr ('style', 'display:none');
}
else if(this.value == 'network_sweep') {
$(".network_sweep").attr ('style', '');
$(".recon_script").attr ('style', 'display:none');
}
});
});
/* ]]> */
</script>