From 3f317d8f0412695010a2cc006828309669635db2 Mon Sep 17 00:00:00 2001 From: zarzuelo Date: Wed, 20 Oct 2010 16:32:15 +0000 Subject: [PATCH] 2010-10-20 Sergio Martin * godmode/servers/manage_export_form.php godmode/servers/manage_recontask.php godmode/servers/manage_recontask_form.php: Improved and fixed little bugs into the custom recon scripts interface git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3436 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_console/ChangeLog | 7 + .../godmode/servers/manage_export_form.php | 224 ++++++++++++------ .../godmode/servers/manage_recontask.php | 8 +- .../godmode/servers/manage_recontask_form.php | 39 ++- 4 files changed, 195 insertions(+), 83 deletions(-) diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index ff8902acde..2755157f9b 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,10 @@ +2010-10-20 Sergio Martin + + * godmode/servers/manage_export_form.php + godmode/servers/manage_recontask.php + godmode/servers/manage_recontask_form.php: Improved and fixed + little bugs into the custom recon scripts interface + 2010-10-20 Sergio Martin * godmode/alerts/alert_list.list.php: Clean the code diff --git a/pandora_console/godmode/servers/manage_export_form.php b/pandora_console/godmode/servers/manage_export_form.php index ed3b7a0b7b..33fefb2c4f 100644 --- a/pandora_console/godmode/servers/manage_export_form.php +++ b/pandora_console/godmode/servers/manage_export_form.php @@ -13,6 +13,7 @@ // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. + // Load global vars global $config; @@ -20,112 +21,181 @@ check_login (); if (! give_acl ($config['id_user'], 0, "PM")) { audit_db ($config['id_user'], $_SERVER['REMOTE_ADDR'], "ACL Violation", - "Trying to access Export Server Management"); + "Trying to access Agent Management"); require ("general/noaccess.php"); return; } -$update = (int) get_parameter ("update"); - -if ($update) { - $row = get_db_row ("tserver_export", "id", $update); +if (isset (get_parameter("update")) { // Edit mode + $id_rt = (int) get_parameter_get ("update"); + $row = get_db_row ("trecon_task","id_rt",$id_rt); $name = $row["name"]; - $export_server = $row["id_export_server"]; - $preffix = $row["preffix"]; - $interval = $row["interval"]; - $ip_server = $row["ip_server"]; - $connect_mode = $row["connect_mode"]; - $user = $row["user"]; - $password = $row["pass"]; - $port = $row["port"]; - $directory = $row["directory"]; - $options = $row["options"]; -} -else { - $name = ''; - $export_server = 0; - $preffix = ''; - $interval = 300; - $ip_server = ''; - $connect_mode = 'tentacle'; - $user = ''; - $password = ''; - $port = 41121; - $directory = '/var/spool/pandora/data_in'; - $options = ''; + $network = $row["subnet"]; + $id_recon_server = $row["id_recon_server"]; + $description = $row["description"]; + $interval = $row["interval_sweep"]; + $id_group = $row["id_group"]; + $create_incident = $row["create_incident"]; + $id_network_profile = $row["id_network_profile"]; + $id_os = $row["id_os"]; + $recon_ports = $row["recon_ports"]; + $snmp_community = $row["snmp_community"]; + $id_recon_script = $row["id_recon_script"]; + $field1 = $row["field1"]; + $field2 = $row["field2"]; + $field3 = $row["field3"]; + $field4 = $row["field4"]; + if ($id_recon_script == 0) + $mode = "network_sweep"; + else + $mode = "recon_script"; + +} elseif (isset (get_parameter("create"))) { + $id_rt = -1; + $name = ""; + $network = ""; + $description = ""; + $id_recon_server = 0; + $interval = 43200; + $id_group = 0; + $create_incident = 1; + $snmp_community = "public"; + $id_network_profile = 1; + $id_os = -1; // Any + $recon_ports = ""; // Any + $field1 = ""; + $field2 = ""; + $field3 = ""; + $field4 = ""; + $id_recon_script = 0; + $mode = "network_sweep"; } // Headers -print_page_header (__('Export targets'), "", false, "", true); +print_page_header (__('Manage recontask')." ".print_help_icon ("recontask", true), "", false, "", true); -$table->width=700; + +$table->width=600; $table->cellspacing=4; +$table->cellpadding=4; $table->class="databox_color"; - -echo '
'; - +$table->rowclass[12] = "recon_script"; +$table->rowclass[13] = "recon_script"; +$table->rowclass[14] = "recon_script"; +$table->rowclass[15] = "recon_script"; // Name -$table->data[0][0] = __('Name'); +$table->data[0][0] = "".__('Task name').""; $table->data[0][1] = print_input_text ('name', $name, '', 25, 0, true); -// Export server -$table->data[1][0] = __('Export server'); -$table->data[1][1] = print_select_from_sql ('SELECT id_server, name FROM tserver WHERE server_type = 7 ORDER BY name', - 'export_server', $export_server, '', __('None'), 0, true); +// Recon server +$table->data[1][0] = "".__('Recon server').' '.__('You must select a Recon Server for the Task, otherwise the Recon Task will never run').''; -// Preffix -$table->data[2][0] = __('Preffix'); -$table->data[2][1] = print_input_text ('preffix', $preffix, '', 25, 0, true); +$table->data[1][1] = print_select_from_sql ('SELECT id_server, name FROM tserver WHERE server_type = 3 ORDER BY name', "id_recon_server", $id_recon_server, '', '', '', true); + + +$fields['network_sweep'] = __("Network sweep"); +$fields['recon_script'] = __("Custom script"); + + +$table->data[2][0] = "".__('Mode').""; +$table->data[2][1] = print_select ($fields, "mode", $mode, '', '', 0, true); + + +// Network +$table->data[3][0] = "".__('Network'); +$table->data[3][1] = print_input_text ('network', $network, '', 25, 0, true); // Interval -$table->data[3][0] = __('Interval'); -$table->data[3][1] = print_input_text ('interval', $interval, '', 25, 0, true); +$values = array (); +$values[3600] = __('%d hour', 1); +$values[7200] = __('%d hours', 2); +$values[21600] = __('%d hours', 6); +$values[43200] = __('%d hours', 12); +$values[86400] = __('%d day', 1); +$values[432000] = __('%d days', 5); +$values[604800] = __('%d week', 1); +$values[1209600] = __('%d weeks', 2); +$values[2592000] = __('%d month', 1); -// Address -$table->data[4][0] = __('Address'); -$table->data[4][1] = print_input_text ('ip_server', $ip_server, '', 25, 0, true); +$table->data[4][0] = "".__('Interval'); +$table->data[4][1] = print_select ($values, "interval", $interval, '', '', '', true); -// Transfer mode -$table->data[5][0] = __('Transfer mode'); -$transfer_mode_select = array ( - 'tentacle' => 'tentacle', - 'ssh' => 'ssh', - 'ftp' => 'ftp', - 'local' => 'local'); -$table->data[5][1] = print_select ($transfer_mode_select, "connect_mode", $connect_mode, '', '', '', true); +// Module template +$table->data[5][0] = "".__('Module template'); +$table->data[5][1] = print_select_from_sql ('SELECT id_np, name FROM tnetwork_profile', + "id_network_profile", $id_network_profile, '', '', '', true); -// User -$table->data[6][0] = __('User'); -$table->data[6][1] = print_input_text ('user', $user, '', 25, 0, true); +// Recon script +$table->data[6][0] = "".__('Recon script'); +$table->data[6][1] = print_select_from_sql ('SELECT id_recon_script, name FROM trecon_script', "id_recon_script", $id_recon_script, '', '', '', true); -// Password -$table->data[7][0] = __('Password'); -$table->data[7][1] = print_input_password ('password', $password, '', 25, 0, true); -// Port -$table->data[8][0] = __('Port'); -$table->data[8][1] = print_input_text ('port', $port, '', 25, 0, true); +// OS +$table->data[7][0] = "".__('OS'); +$table->data[7][1] = print_select_from_sql ('SELECT id_os, name FROM tconfig_os ORDER BY name', + "id_os", $id_os, '', __('Any'), -1, true); -// Directory -$table->data[9][0] = __('Target directory'); -$table->data[9][1] = print_input_text ('directory', $directory, '', 25, 0, true); +// Recon ports +$table->data[8][0] = "".__('Ports'); +$table->data[8][1] = print_input_text ('recon_ports', $recon_ports, '', 25, 0, true); +$table->data[8][1] .= ' '.__('Ports defined like: 80 or 80,443,512 or even 0-1024 (Like Nmap command line format). If dont want to do a sweep using portscan, left it in blank').''; -// Options -$table->data[10][0] = __('Extra options'); -$table->data[10][1] = print_input_text ('options', $options, '', 25, 0, true); +// Group +$table->data[9][0] = "".__('Group'); +$groups = get_user_groups (false, "AR", false); +$table->data[9][1] = print_select_groups(false, "AR", false, 'id_group', $id_group, '', '', 0, true); + +// Incident +$values = array (0 => __('No'), 1 => __('Yes')); +$table->data[10][0] = "".__('Incident'); +$table->data[10][1] = print_select ($values, "create_incident", $create_incident, + '','','',true); + +// SNMP default community +$table->data[11][0] = "".__('SNMP Default community'); +$table->data[11][1] = print_input_text ('snmp_community', $snmp_community, '', 35, 0, true); + +// Field1 +$table->data[12][0] = "".__('Script field #1'); +$table->data[12][1] = print_input_text ('field1', $field1, '', 40, 0, true); + +// Field2 +$table->data[13][0] = "".__('Script field #2'); +$table->data[13][1] = print_input_text ('field2', $field2, '', 40, 0, true); + +// Field3 +$table->data[14][0] = "".__('Script field #3'); +$table->data[14][1] = print_input_text ('field3', $field3, '', 40, 0, true); + +// Field4 +$table->data[15][0] = "".__('Script field #4'); +$table->data[15][1] = print_input_text ('field4', $field4, '', 40, 0, true); + + +// Comments +$table->data[16][0] = "".__('Comments'); +$table->data[16][1] = print_input_text ('description', $description, '', 45, 0, true); + + +// Different Form url if it's a create or if it's a update form +echo ''; print_table ($table); - -echo '
'; -if ($update) - echo print_submit_button (__('Update'),"crt",false,'class="sub upd"',true); +echo '
'; +if ($id_rt != -1) + print_submit_button (__('Update'), "crt", false, 'class="sub upd"'); else - echo print_submit_button (__('Add'),"crt",false,'class="sub wand"',true); -echo ''; + print_submit_button (__('Add'), "crt", false, 'class="sub wand"'); echo "
"; - echo ""; - ?> + + diff --git a/pandora_console/godmode/servers/manage_recontask.php b/pandora_console/godmode/servers/manage_recontask.php index 160a98d318..542dd6d228 100644 --- a/pandora_console/godmode/servers/manage_recontask.php +++ b/pandora_console/godmode/servers/manage_recontask.php @@ -58,14 +58,14 @@ if ((isset ($_GET["update"])) OR ((isset ($_GET["create"])))) { $recon_ports = get_parameter_post ("recon_ports", ""); $id_os = get_parameter_post ("id_os", 10); $snmp_community = get_parameter_post ("snmp_community", "public"); - $id_recon_script = get_parameter ("id_recon_script", 0); + $id_recon_script = get_parameter ("id_recon_script", 'NULL'); $mode = get_parameter ("mode", ""); $field1 = get_parameter ("field1", ""); $field2 = get_parameter ("field2", ""); $field3 = get_parameter ("field3", ""); $field4 = get_parameter ("field4", ""); if ($mode == "network_sweep") - $id_recon_script = 0; + $id_recon_script = 'NULL'; else $id_network_profile = 0; @@ -101,8 +101,8 @@ if (isset($_GET["update"])) { if (isset($_GET["create"])) { $sql = sprintf ("INSERT INTO trecon_task (name, subnet, description, id_recon_server, create_incident, id_group, id_network_profile, interval_sweep, id_os, recon_ports, snmp_community, id_recon_script, field1, field2, field3, field4) - VALUES ( '%s', '%s', '%s', %u, %b, %d, %d, %u, %d, '%s', '%s', '%d', '%s', '%s', '%s', '%s')",$name,$network,$description,$id_recon_server,$create_incident,$id_group,$id_network_profile,$interval,$id_os, $recon_ports, $snmp_community,$id_recon_script, $field1, $field2, $field3, $field4); - + VALUES ( '%s', '%s', '%s', %u, %b, %d, %d, %u, %d, '%s', '%s', %s, '%s', '%s', '%s', '%s')",$name,$network,$description,$id_recon_server,$create_incident,$id_group,$id_network_profile,$interval,$id_os, $recon_ports, $snmp_community,$id_recon_script, $field1, $field2, $field3, $field4); + if ($name != "") { if (($id_recon_script == 0) && preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network)) $result = process_sql ($sql); diff --git a/pandora_console/godmode/servers/manage_recontask_form.php b/pandora_console/godmode/servers/manage_recontask_form.php index 614b511372..fb0018a00b 100644 --- a/pandora_console/godmode/servers/manage_recontask_form.php +++ b/pandora_console/godmode/servers/manage_recontask_form.php @@ -75,11 +75,21 @@ if (isset ($_GET["update"])) { // Edit mode print_page_header (__('Manage recontask')." ".print_help_icon ("recontask", true), "", false, "", true); -$table->width=600; +$table->width='90%'; $table->cellspacing=4; $table->cellpadding=4; $table->class="databox_color"; +$table->rowclass[3]="network_sweep"; +$table->rowclass[5]="network_sweep"; +$table->rowclass[7]="network_sweep"; +$table->rowclass[8]="network_sweep"; +$table->rowclass[11]="network_sweep"; +$table->rowclass[6]="recon_script"; +$table->rowclass[12]="recon_script"; +$table->rowclass[13]="recon_script"; +$table->rowclass[14]="recon_script"; +$table->rowclass[15]="recon_script"; // Name $table->data[0][0] = "".__('Task name').""; $table->data[0][1] = print_input_text ('name', $name, '', 25, 0, true); @@ -178,7 +188,7 @@ $table->data[16][1] = print_input_text ('description', $description, '', 45, 0, echo '
'; print_table ($table); -echo '
'; +echo '
'; if ($id_rt != -1) print_submit_button (__('Update'), "crt", false, 'class="sub upd"'); else @@ -188,3 +198,28 @@ echo "
"; echo ""; ?> +