From 3f317d8f0412695010a2cc006828309669635db2 Mon Sep 17 00:00:00 2001
From: zarzuelo <zarzuelo@gmail.com>
Date: Wed, 20 Oct 2010 16:32:15 +0000
Subject: [PATCH] 2010-10-20  Sergio Martin <sergio.martin@artica.es>

	* godmode/servers/manage_export_form.php
	godmode/servers/manage_recontask.php
	godmode/servers/manage_recontask_form.php: Improved and fixed
	little bugs into the custom recon scripts interface



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3436 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_console/ChangeLog                     |   7 +
 .../godmode/servers/manage_export_form.php    | 224 ++++++++++++------
 .../godmode/servers/manage_recontask.php      |   8 +-
 .../godmode/servers/manage_recontask_form.php |  39 ++-
 4 files changed, 195 insertions(+), 83 deletions(-)

diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index ff8902acde..2755157f9b 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,10 @@
+2010-10-20  Sergio Martin <sergio.martin@artica.es>
+
+	* godmode/servers/manage_export_form.php
+	godmode/servers/manage_recontask.php
+	godmode/servers/manage_recontask_form.php: Improved and fixed
+	little bugs into the custom recon scripts interface
+
 2010-10-20  Sergio Martin <sergio.martin@artica.es>
 
 	* godmode/alerts/alert_list.list.php: Clean the code
diff --git a/pandora_console/godmode/servers/manage_export_form.php b/pandora_console/godmode/servers/manage_export_form.php
index ed3b7a0b7b..33fefb2c4f 100644
--- a/pandora_console/godmode/servers/manage_export_form.php
+++ b/pandora_console/godmode/servers/manage_export_form.php
@@ -13,6 +13,7 @@
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 
+
 // Load global vars
 global $config;
 
@@ -20,112 +21,181 @@ check_login ();
 
 if (! give_acl ($config['id_user'], 0, "PM")) {
 	audit_db ($config['id_user'], $_SERVER['REMOTE_ADDR'], "ACL Violation",
-		"Trying to access Export Server Management");
+		"Trying to access Agent Management");
 	require ("general/noaccess.php");
 	return;
 }
 
-$update = (int) get_parameter ("update");
-
-if ($update) {
-	$row = get_db_row ("tserver_export", "id", $update);
+if (isset (get_parameter("update")) { // Edit mode
+	$id_rt = (int) get_parameter_get ("update");
+	$row = get_db_row ("trecon_task","id_rt",$id_rt);
 	$name = $row["name"];
-	$export_server = $row["id_export_server"];
-	$preffix = $row["preffix"];
-	$interval = $row["interval"];
-	$ip_server = $row["ip_server"];
-	$connect_mode = $row["connect_mode"];
-	$user = $row["user"];
-	$password = $row["pass"];
-	$port = $row["port"];
-	$directory = $row["directory"];
-	$options = $row["options"];
-}
-else {
-	$name = '';
-	$export_server = 0;
-	$preffix = '';
-	$interval = 300;
-	$ip_server = '';
-	$connect_mode = 'tentacle';
-	$user = '';
-	$password = '';
-	$port = 41121;
-	$directory = '/var/spool/pandora/data_in';
-	$options = '';
+	$network = $row["subnet"];
+	$id_recon_server = $row["id_recon_server"];
+	$description = $row["description"];
+	$interval = $row["interval_sweep"];
+	$id_group = $row["id_group"];
+	$create_incident = $row["create_incident"];
+	$id_network_profile = $row["id_network_profile"];
+	$id_os = $row["id_os"];
+	$recon_ports = $row["recon_ports"];
+	$snmp_community = $row["snmp_community"];
+	$id_recon_script = $row["id_recon_script"];
+	$field1 = $row["field1"];
+	$field2 = $row["field2"];
+	$field3 = $row["field3"];
+	$field4 = $row["field4"];
+	if ($id_recon_script == 0)
+		$mode = "network_sweep";
+	else
+		$mode = "recon_script";
+		
+} elseif (isset (get_parameter("create"))) {
+	$id_rt = -1;
+	$name = "";
+	$network = "";
+	$description = "";
+	$id_recon_server = 0;
+	$interval = 43200;
+	$id_group = 0;
+	$create_incident = 1;
+    $snmp_community = "public";
+	$id_network_profile = 1;
+	$id_os = -1; // Any
+	$recon_ports = ""; // Any
+	$field1 = "";
+	$field2 = "";
+	$field3 = "";
+	$field4 = "";
+	$id_recon_script = 0;
+	$mode = "network_sweep";
 }
 
 // Headers
-print_page_header (__('Export targets'), "", false, "", true);
+print_page_header (__('Manage recontask')." ".print_help_icon ("recontask", true), "", false, "", true);
 
-$table->width=700;
+
+$table->width=600;
 $table->cellspacing=4;
+$table->cellpadding=4;
 $table->class="databox_color";
-
-echo '<form name="modulo" method="POST" action="index.php?sec=gservers&sec2=godmode/servers/manage_export&' . ($update ? "update=$update" : 'create=1') . '">';
-
+$table->rowclass[12] = "recon_script";
+$table->rowclass[13] = "recon_script";
+$table->rowclass[14] = "recon_script";
+$table->rowclass[15] = "recon_script";
 
 // Name
-$table->data[0][0] = __('Name');
+$table->data[0][0] = "<b>".__('Task name')."</b>";
 $table->data[0][1] = print_input_text ('name', $name, '', 25, 0, true);
 
-// Export server
-$table->data[1][0] = __('Export server');
-$table->data[1][1] = print_select_from_sql ('SELECT id_server, name FROM tserver WHERE server_type = 7 ORDER BY name',
-			'export_server', $export_server, '', __('None'), 0, true);
+// Recon server
+$table->data[1][0] = "<b>".__('Recon server').'<a href="#" class="tip">&nbsp;<span>'.__('You must select a Recon Server for the Task, otherwise the Recon Task will never run').'</span></a>';
 
-// Preffix
-$table->data[2][0] = __('Preffix');
-$table->data[2][1] = print_input_text ('preffix', $preffix, '', 25, 0, true);
+$table->data[1][1] = print_select_from_sql ('SELECT id_server, name FROM tserver WHERE server_type = 3 ORDER BY name', "id_recon_server", $id_recon_server, '', '', '', true);
+
+
+$fields['network_sweep'] = __("Network sweep");
+$fields['recon_script'] = __("Custom script");
+
+
+$table->data[2][0] = "<b>".__('Mode')."</b>";
+$table->data[2][1] = print_select ($fields, "mode", $mode, '', '', 0, true);
+
+		
+// Network 
+$table->data[3][0] = "<b>".__('Network');
+$table->data[3][1] = print_input_text ('network', $network, '', 25, 0, true);
 
 // Interval
-$table->data[3][0] = __('Interval');
-$table->data[3][1] = print_input_text ('interval', $interval, '', 25, 0, true);
+$values = array ();
+$values[3600] = __('%d hour', 1);
+$values[7200] = __('%d hours', 2);
+$values[21600] = __('%d hours', 6);
+$values[43200] = __('%d hours', 12);
+$values[86400] = __('%d day', 1);
+$values[432000] = __('%d days', 5);
+$values[604800] = __('%d week', 1);
+$values[1209600] = __('%d weeks', 2);
+$values[2592000] = __('%d month', 1);
 
-// Address
-$table->data[4][0] = __('Address');
-$table->data[4][1] = print_input_text ('ip_server', $ip_server, '', 25, 0, true);
+$table->data[4][0] = "<b>".__('Interval');
+$table->data[4][1] = print_select ($values, "interval", $interval, '', '', '', true);
 
-// Transfer mode
-$table->data[5][0] = __('Transfer mode');
-$transfer_mode_select = array (
-		'tentacle' => 'tentacle',
-		'ssh' => 'ssh',
-		'ftp' => 'ftp',
-		'local' => 'local');
-$table->data[5][1] = print_select ($transfer_mode_select, "connect_mode", $connect_mode, '', '', '', true);
+// Module template
+$table->data[5][0] = "<b>".__('Module template');
+$table->data[5][1] = print_select_from_sql ('SELECT id_np, name FROM tnetwork_profile',
+	"id_network_profile", $id_network_profile, '', '', '', true);
 
-// User
-$table->data[6][0] = __('User');
-$table->data[6][1] = print_input_text ('user', $user, '', 25, 0, true);
+// Recon script
+$table->data[6][0] = "<b>".__('Recon script');
+$table->data[6][1] = print_select_from_sql ('SELECT id_recon_script, name FROM trecon_script', "id_recon_script", $id_recon_script, '', '', '', true);
 
-// Password
-$table->data[7][0] = __('Password');
-$table->data[7][1] = print_input_password ('password', $password, '', 25, 0, true);
 
-// Port
-$table->data[8][0] = __('Port');
-$table->data[8][1] = print_input_text ('port', $port, '', 25, 0, true);
+// OS
+$table->data[7][0] = "<b>".__('OS');
+$table->data[7][1] = print_select_from_sql ('SELECT id_os, name FROM tconfig_os ORDER BY name',
+	"id_os", $id_os, '', __('Any'), -1, true);
 
-// Directory
-$table->data[9][0] = __('Target directory');
-$table->data[9][1] = print_input_text ('directory', $directory, '', 25, 0, true);
+// Recon ports
+$table->data[8][0] = "<b>".__('Ports');
+$table->data[8][1] =  print_input_text ('recon_ports', $recon_ports, '', 25, 0, true);
+$table->data[8][1] .= '<a href="#" class="tip">&nbsp;<span>'.__('Ports defined like: 80 or 80,443,512 or even 0-1024 (Like Nmap command line format). If dont want to do a sweep using portscan, left it in blank').'</span></a>';
 
-// Options
-$table->data[10][0] = __('Extra options');
-$table->data[10][1] = print_input_text ('options', $options, '', 25, 0, true);
+// Group
+$table->data[9][0] = "<b>".__('Group');
+$groups = get_user_groups (false, "AR", false);
+$table->data[9][1] = print_select_groups(false, "AR", false, 'id_group', $id_group, '', '', 0, true);
+
+// Incident
+$values = array (0 => __('No'), 1 => __('Yes'));
+$table->data[10][0] = "<b>".__('Incident');
+$table->data[10][1] = print_select ($values, "create_incident", $create_incident,
+	'','','',true);
+
+// SNMP default community
+$table->data[11][0] = "<b>".__('SNMP Default community');
+$table->data[11][1] =  print_input_text ('snmp_community', $snmp_community, '', 35, 0, true);
+
+// Field1
+$table->data[12][0] = "<b>".__('Script field #1');
+$table->data[12][1] =  print_input_text ('field1', $field1, '', 40, 0, true);
+
+// Field2
+$table->data[13][0] = "<b>".__('Script field #2');
+$table->data[13][1] =  print_input_text ('field2', $field2, '', 40, 0, true);
+
+// Field3
+$table->data[14][0] = "<b>".__('Script field #3');
+$table->data[14][1] =  print_input_text ('field3', $field3, '', 40, 0, true);
+
+// Field4
+$table->data[15][0] = "<b>".__('Script field #4');
+$table->data[15][1] =  print_input_text ('field4', $field4, '', 40, 0, true);
+
+
+// Comments
+$table->data[16][0] = "<b>".__('Comments');
+$table->data[16][1] =  print_input_text ('description', $description, '', 45, 0, true);
+
+
+// Different Form url if it's a create or if it's a update form
+echo '<form name="modulo" method="post" action="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&'.(($id_rt != -1) ? 'update='.$id_rt : 'create=1').'">';
 
 print_table ($table);
-
-echo '<div class="action-buttons" style="width: 700px">';
-if ($update) 
-	echo print_submit_button (__('Update'),"crt",false,'class="sub upd"',true);
+echo '<div class="action-buttons" style="width: 620px">';
+if ($id_rt != -1) 
+	print_submit_button (__('Update'), "crt", false, 'class="sub upd"');
 else
-	echo print_submit_button (__('Add'),"crt",false,'class="sub wand"',true);
-echo '</form>';
+	print_submit_button (__('Add'), "crt", false, 'class="sub wand"');
 echo "</div>";
 
-
 echo "</form>";
-
 ?>
+
+<script type="text/javascript">
+/* <![CDATA[ */
+$(document).ready (function () {
+	alert("perro");
+});
+/* ]]> */
+</script>
diff --git a/pandora_console/godmode/servers/manage_recontask.php b/pandora_console/godmode/servers/manage_recontask.php
index 160a98d318..542dd6d228 100644
--- a/pandora_console/godmode/servers/manage_recontask.php
+++ b/pandora_console/godmode/servers/manage_recontask.php
@@ -58,14 +58,14 @@ if ((isset ($_GET["update"])) OR ((isset ($_GET["create"])))) {
 	$recon_ports = get_parameter_post ("recon_ports", "");
 	$id_os = get_parameter_post ("id_os", 10);
     $snmp_community = get_parameter_post ("snmp_community", "public");
-    $id_recon_script = get_parameter ("id_recon_script", 0);
+    $id_recon_script = get_parameter ("id_recon_script", 'NULL');
     $mode = get_parameter ("mode", "");
     $field1 = get_parameter ("field1", "");
     $field2 = get_parameter ("field2", "");
     $field3 = get_parameter ("field3", "");
     $field4 = get_parameter ("field4", "");
     if ($mode == "network_sweep")
-		$id_recon_script = 0;
+		$id_recon_script = 'NULL';
 	else
 		$id_network_profile = 0;
 		
@@ -101,8 +101,8 @@ if (isset($_GET["update"])) {
 if (isset($_GET["create"])) {
 	$sql = sprintf ("INSERT INTO trecon_task 
 			(name, subnet, description, id_recon_server, create_incident, id_group, id_network_profile, interval_sweep, id_os, recon_ports, snmp_community, id_recon_script, field1, field2, field3, field4) 
-			VALUES ( '%s', '%s', '%s', %u, %b, %d, %d, %u, %d, '%s', '%s', '%d', '%s', '%s', '%s', '%s')",$name,$network,$description,$id_recon_server,$create_incident,$id_group,$id_network_profile,$interval,$id_os, $recon_ports, $snmp_community,$id_recon_script, $field1, $field2, $field3, $field4);
-	
+			VALUES ( '%s', '%s', '%s', %u, %b, %d, %d, %u, %d, '%s', '%s', %s, '%s', '%s', '%s', '%s')",$name,$network,$description,$id_recon_server,$create_incident,$id_group,$id_network_profile,$interval,$id_os, $recon_ports, $snmp_community,$id_recon_script, $field1, $field2, $field3, $field4);
+
 	if ($name != "") {
 		if (($id_recon_script == 0) && preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network))
 			$result = process_sql ($sql);
diff --git a/pandora_console/godmode/servers/manage_recontask_form.php b/pandora_console/godmode/servers/manage_recontask_form.php
index 614b511372..fb0018a00b 100644
--- a/pandora_console/godmode/servers/manage_recontask_form.php
+++ b/pandora_console/godmode/servers/manage_recontask_form.php
@@ -75,11 +75,21 @@ if (isset ($_GET["update"])) { // Edit mode
 print_page_header (__('Manage recontask')." ".print_help_icon ("recontask", true), "", false, "", true);
 
 
-$table->width=600;
+$table->width='90%';
 $table->cellspacing=4;
 $table->cellpadding=4;
 $table->class="databox_color";
+$table->rowclass[3]="network_sweep";
+$table->rowclass[5]="network_sweep";
+$table->rowclass[7]="network_sweep";
+$table->rowclass[8]="network_sweep";
+$table->rowclass[11]="network_sweep";
 
+$table->rowclass[6]="recon_script";
+$table->rowclass[12]="recon_script";
+$table->rowclass[13]="recon_script";
+$table->rowclass[14]="recon_script";
+$table->rowclass[15]="recon_script";
 // Name
 $table->data[0][0] = "<b>".__('Task name')."</b>";
 $table->data[0][1] = print_input_text ('name', $name, '', 25, 0, true);
@@ -178,7 +188,7 @@ $table->data[16][1] =  print_input_text ('description', $description, '', 45, 0,
 echo '<form name="modulo" method="post" action="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&'.(($id_rt != -1) ? 'update='.$id_rt : 'create=1').'">';
 
 print_table ($table);
-echo '<div class="action-buttons" style="width: 620px">';
+echo '<div class="action-buttons" style="width: '.$table->width.'">';
 if ($id_rt != -1) 
 	print_submit_button (__('Update'), "crt", false, 'class="sub upd"');
 else
@@ -188,3 +198,28 @@ echo "</div>";
 echo "</form>";
 
 ?>
+<script type="text/javascript">
+/* <![CDATA[ */
+$(document).ready (function () {
+	if($('#mode').val() == 'recon_script') {
+			$(".recon_script").attr ('style', '');
+			$(".network_sweep").attr ('style', 'display:none');
+	}
+	else if($('#mode').val() == 'network_sweep') {
+			$(".network_sweep").attr ('style', '');
+			$(".recon_script").attr ('style', 'display:none');
+	}
+			
+	$('#mode').change(function() {
+		if(this.value == 'recon_script') {
+				$(".recon_script").attr ('style', '');
+				$(".network_sweep").attr ('style', 'display:none');
+		}
+		else if(this.value == 'network_sweep') {
+				$(".network_sweep").attr ('style', '');
+				$(".recon_script").attr ('style', 'display:none');
+		}
+	});
+});
+/* ]]> */
+</script>