Open-AudIT

What's on your network?
It is currently Fri Jan 19, 2018 7:51 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 1 post ] 
Author Message
PostPosted: Tue Sep 22, 2009 11:01 pm 
Offline
Newbie

Joined: Tue Sep 08, 2009 10:52 pm
Posts: 11
Lo there,
I was scanning my network and noticed that after a scan and audit that I was missing things there were listed 10 mins ago.
I noticed that if a nmap scan is returning a mac address of 00:00:00:00:00:00 that it would remove all things listed with a mac address of 00:00:00:00:00:00.
If you are on one IP range and scan another one it will not return a MAC address and the script will freak out a bit.
Here is what I changed to make this work on my network thus far.

Code:
<?php
$page = "add_pc";
include "include.php";
echo "<td valign=\"top\">\n";
echo "<div class=\"main_each\">";

echo "<p class=\"contenthead\">".__("NMap")."</p>\n";
//
// Avoid undeclared vars warnings (AJH).
//
$device_type="unknown";
$running="unknown";
$ip_address="000.000.000.000";
$manufacturer="unknown";
$mac="00:00:00:00:00:00";
//
$timestamp = date("YmdHis");
$uuid = "";
$process = "";
if (isset($_POST["submit"])){
  $input = $_POST['add'];
  $input = explode("\n", $input);
  //add in my debug : seraphielx
  echo "<fieldset><legend>POST DATA DEBUG</legend><div>".$_POST['add']."</div>";
  echo "</fieldset><br>";
  //add in the input debug : seraphielx
  echo "<fieldset><legend>Input DEBUG</legend><div>";
  print_r($input);
  echo "</div></fieldset><br>";
 
 
  foreach ($input as $split) {
  //lets add in some logic and see if we can make this work
    if (substr($split, 0, 12) == "MAC Address:") {
      // OK - we have a hit.
      $mac = substr($split,13,17);
      echo "Mac Address: " . $mac . "<br />";
      $temp = explode(")",substr($split, strpos($split, "(")+1));
      $manufacturer = $temp[0];
      echo "Manufacturer: " . $manufacturer . "<br />";
    }
   
   
    if (substr($split, 0, 12) == "Device type:") {
      // OK - we have a hit.
      $temp = explode(":", $split);
      $temp2 = explode("|",$temp[1]);
      $device_type = ltrim(rtrim($temp2[0]));
      echo "Device Type: " . $device_type . "<br />";
    }
   
    if (substr($split, 0, 8) == "Running:") {
      // OK - we have a hit.
      $temp = explode(":", $split);
      $running = ltrim(rtrim($temp[1]));
      echo "Running: " . $running . "<br />";
    }
   
    if (substr($split, 0, 20) == "Interesting ports on") {
      // OK - we have a hit.
      if (strpos($split, ")") !== false){
        // Name resolution succeeded
        $temp = explode(")",substr($split, strpos($split, "(")+1));
        $ip_address = $temp[0];
        echo "IP Address: " . $ip_address . "<br />";
        $temp = explode(" ", $split);
        $temp2 = explode(".", $temp[3]);
        $name = $temp2[0];
        echo "Name: " . $name . "<br />";
      } else {
        // No name resolution
        $temp = explode(" ",$split);
        $temp2 = $temp[3];
        $temp = explode(":",$temp2);
        $ip_address = $temp[0];
        $ip_explode = explode(".",$ip_address);
        if (strlen($ip_explode[0]) < 2){$ip_explode[0] = "0" . $ip_explode[0];}
        if (strlen($ip_explode[0]) < 3){$ip_explode[0] = "0" . $ip_explode[0];}
        if (strlen($ip_explode[1]) < 2){$ip_explode[1] = "0" . $ip_explode[1];}
        if (strlen($ip_explode[1]) < 3){$ip_explode[1] = "0" . $ip_explode[1];}
        if (strlen($ip_explode[2]) < 2){$ip_explode[2] = "0" . $ip_explode[2];}
        if (strlen($ip_explode[2]) < 3){$ip_explode[2] = "0" . $ip_explode[2];}
        if (strlen($ip_explode[3]) < 2){$ip_explode[3] = "0" . $ip_explode[3];}
        if (strlen($ip_explode[3]) < 3){$ip_explode[3] = "0" . $ip_explode[3];}
        $ip_address = $ip_explode[0] . "." . $ip_explode[1] . "." . $ip_explode[2] . "." . $ip_explode[3];
        echo "IP Address: " . $ip_address . "<br />";
        $name = $ip_address;
        echo "Name: " . $name . "<br />";
      }
    }
    //if ((substr($split, 0, 25) == "All 3199 scanned ports on") or (substr($split, 0, 25) == "All 3185 scanned ports on") or (substr($split, 0, 25) == "All 1711 scanned ports on") or (substr($split, 0, 25) == "All 1697 scanned ports on") or (substr($split, 0, 25) == "All 1488 scanned ports on")) {
    if (preg_match("/^All (\d)* scanned ports on/",$split)){
      // OK - we have a hit (but all scanned ports are closed or filtered).
      $temp = explode(" ", $split);
      $temp2 = $temp[6];
      if (strpos($temp2, ")") !== false){
        // Name resolution succeeded
        $temp = explode(")",substr($split, strpos($split, "(")+1));
        $ip_address = $temp[0];
        echo "IP Address: " . $ip_address . "<br />";
        $temp = explode(" ", $split);
        $temp2 = explode(".", $temp[5]);
        $name = $temp2[0];
        echo "Name: " . $name . "<br />";
      } else {
        // No name resolution
        $temp = explode(" ",$split);
        $ip_address = $temp[5];
        $ip_explode = explode(".",$ip_address);
        if (strlen($ip_explode[0]) < 2){$ip_explode[0] = "0" . $ip_explode[0];}
        if (strlen($ip_explode[0]) < 3){$ip_explode[0] = "0" . $ip_explode[0];}
        if (strlen($ip_explode[1]) < 2){$ip_explode[1] = "0" . $ip_explode[1];}
        if (strlen($ip_explode[1]) < 3){$ip_explode[1] = "0" . $ip_explode[1];}
        if (strlen($ip_explode[2]) < 2){$ip_explode[2] = "0" . $ip_explode[2];}
        if (strlen($ip_explode[2]) < 3){$ip_explode[2] = "0" . $ip_explode[2];}
        if (strlen($ip_explode[3]) < 2){$ip_explode[3] = "0" . $ip_explode[3];}
        if (strlen($ip_explode[3]) < 3){$ip_explode[3] = "0" . $ip_explode[3];}
        $ip_address = $ip_explode[0] . "." . $ip_explode[1] . "." . $ip_explode[2] . "." . $ip_explode[3];
        echo "IP Address: " . $ip_address . "<br />";
        $name = $ip_address;
        echo "Name: " . $name . "<br />";
      }
    }
  } // End of for each
 

 
  //if device type in blank make it a unknown
  if ($device_type == ""){$device_type = "unknown";}
  //if running is blank make it unknown
  if ($running == ""){$running = "unknown";}
  //now to check on the device type again and see what is running
  if (substr_count($device_type, "general purpose") > "0"){
    if (substr_count($running, "Linux") > "0")   { $device_type = "os_linux";}
    if (substr_count($running, "Windows") > "0") { $device_type = "os_windows"; echo "Windows.<br />";}
    if (substr_count($running, "unix") > "0")    { $device_type = "os_unix";}
    if (substr_count($running, "MAC") > "0")     { $device_type = "os_mac";}
    if (substr_count($running, "AIX") > "0")     { $device_type = "os_unix";}
    if (substr_count($running, "SCO UnixWare") > "0"){ $device_type = "os_unix";}
  } else {
   //lets add in other things to see if this will work : seraphielx
   if (substr_count($running, "Cisco IOS 12.X") > "0") { $device_type = "broadband_router"; echo "Cisco router.<br />";}
   }
 

    if (isset($mac) AND $mac <> "00:00:00:00:00:00"){
    // First check the network_card table
    $sql = "SELECT net_uuid FROM network_card WHERE net_mac_address = '" . $mac . "'";
    echo $sql . "<br />";
    $result = mysql_query($sql) or die ('Query Failed: <br />$sql<br />' . mysql_error() . '<br />' . $sql);
    $myrow = mysql_fetch_array($result);
    if (isset($myrow["net_uuid"])){
      $process = "network_mac";
      $uuid = $myrow["net_uuid"];
    } else {
      // Not in network_card - check other table
      $sql = "SELECT other_id, other_mac_address FROM other WHERE other_mac_address = '" . $mac . "' OR other_ip_address = '" . ip_trans_to($ip_address) . "' ORDER BY other_timestamp";
      echo $sql . "<br />";
      $result = mysql_query($sql) or die ('Query Failed: <br />$sql<br />' . mysql_error() . '<br />' . $sql);
      $myrow = mysql_fetch_array($result);
      if (isset($myrow["other_id"])){
        $process = "other_mac";
        $uuid = $myrow["other_id"];
      //now for the fun of updateing the mac address with my crazy network : seraphielx
        if ($myrow["other_mac_address"] == "00:00:00:00:00:00" ){
      $mac = $mac;
      }else{
      $mac = $myrow["other_mac_address"];
      }
      }
    }
  } else {}

  if ($mac == "00:00:00:00:00:00"){
  echo "The mac address is ".$mac."<br>";
    $sql = "SELECT net_uuid FROM network_card WHERE net_ip_address = '" . ip_trans_to($ip_address) . "'";
    echo $sql . "<br />";
    $result = mysql_query($sql) or die ('Query Failed: <br />$sql<br />' . mysql_error() . '<br />' . $sql);
    $myrow = mysql_fetch_array($result);
    if (isset($myrow["net_uuid"])){
      $process = "network_ip";
      $uuid = $myrow["net_uuid"];
    } else {
      $sql = "SELECT other_id FROM other WHERE other_ip_address = '" . ip_trans_to($ip_address) . "'";
      echo $sql . "<br />";
      $result = mysql_query($sql) or die ('Query Failed: <br />$sql<br />' . mysql_error() . '<br />' . $sql);
      $myrow = mysql_fetch_array($result);
      if (isset($myrow["other_id"])){
        $process = "other_ip";
        $uuid = $myrow["other_id"];
      } else {}
    }
  } else {}
 


  if ($uuid == "" and $mac <> "00:00:00:00:00:00") {
    // Insert into other table
    $sql  = "INSERT INTO other (other_network_name, other_ip_address, other_mac_address, ";
    $sql .= "other_description, other_manufacturer, other_type, ";
    $sql .= "other_timestamp, other_first_timestamp) VALUES (";
    $sql .= "'$name','" . ip_trans_to($ip_address) . "','$mac',";
    $sql .= "'$running','$manufacturer','$device_type',";
    $sql .= "'$timestamp','$timestamp')";
    $result = mysql_query($sql) or die ('Insert Failed: <br />' . $sql . '<br />' . mysql_error());
    $uuid = mysql_insert_id();
    $process = "new_other";
    echo $sql . "<br />";
  } else {}
 
  //add this to add in the cicso router and other things so we do not add in blank records : seraphielx
   if ($uuid == "" and $mac == "00:00:00:00:00:00" and $ip_address <> "000.000.000.000") {
    // Insert into other table
    $sql  = "INSERT INTO other (other_network_name, other_ip_address, other_mac_address, ";
    $sql .= "other_description, other_manufacturer, other_type, ";
    $sql .= "other_timestamp, other_first_timestamp) VALUES (";
    $sql .= "'$name','" . ip_trans_to($ip_address) . "','$mac',";
    $sql .= "'$running','$manufacturer','$device_type',";
    $sql .= "'$timestamp','$timestamp')";
    $result = mysql_query($sql) or die ('Insert Failed: <br />' . $sql . '<br />' . mysql_error());
    $uuid = mysql_insert_id();
    $process = "new_other";
    echo $sql . "<br />";
  } else {}
  //end add

  if ($process == "other_mac"){
    $sql  = "UPDATE other SET other_ip_address = '". ip_trans_to($ip_address) . "', ";
    $sql .= "other_mac_address = '$mac', other_timestamp = '$timestamp' ";
    $sql .= "WHERE other_id = '$uuid'";
    $result = mysql_query($sql) or die ('Insert Failed: <br />' . $sql . '<br />' . mysql_error());
    //$uuid = mysql_insert_id();
    $process = "update_other";
    echo $sql . "<br />\n";
  } else {}

  if ($process <> ""){
    // Process the file
    echo "UUID: " . $uuid . "<br />";
    echo "Process: " . $process . "<br />";
    $sql = "DELETE FROM nmap_ports WHERE nmap_other_id = '" . $uuid . "'";
    echo $sql . "<br />\n";
    $result = mysql_query($sql) or die ('Delete Failed: <br />' . $sql . '<br />' . mysql_error());
    foreach ($input as $split) {
      // Search every row for tcp/udp open or open|filtered  ports
      if (strpos($split, "open") === false) {
      } else if ((strpos($split, "/tcp") === false) and (strpos($split, "/udp") === false)) {
             } else {
               $temp = explode(" ", $split);
               $temp1 = explode("/", $temp[0]);
               $port_number = $temp1[0];
               $port_proto = $temp1[1];
               $pos = strlen($temp[0]) + 1;
               while (substr($split, $pos, 1) == " ") {
                 $pos++; }
               $temp = substr($split, $pos);
               $temp1 = explode(" ", $temp);
               $port_state = $temp1[0];
               $pos = $pos + strlen($port_state);
               while (substr($split, $pos, 1) == " ") {
                 $pos++; }
               $temp = substr($split, $pos);
               $temp1 = explode(" ", $temp);
               $port_name = $temp1[0];
               $pos = $pos + strlen($port_name);
               while (substr($split, $pos, 1) == " ") {
                 $pos++; }
               $port_version = rtrim(substr($split, $pos));
               if ($port_version == "") {
                 $port_version = "Not detected"; }
               else { }

               echo "<br /> Port found. <br />";
               echo "Port: " . $port_number . "<br />";
               echo "Protocol: " . $port_proto . "<br />";
               echo "State: " . $port_state . "<br />";
               echo "Service: " . $port_name . "<br />";
               echo "Version: " . $port_version . "<br />";

               $sql  = "INSERT INTO nmap_ports (nmap_other_id, nmap_port_number, nmap_port_proto, nmap_port_name, nmap_port_version, nmap_timestamp) VALUES (";
               $sql .= "'" . $uuid . "','" . $port_number . "','" . $port_proto . "','" . $port_name . "','" . $port_version . "','" . $timestamp . "')";
               $result = mysql_query($sql) or die ('Insert Failed: <br />' . $sql . '<br />' . mysql_error());
               echo "<br />" . $sql . "<br />";
               }
    }// End of foreach
  }//End of if ($process <> "")
 

//echo "<br />" .$sql . "<br />";


} // End of isset($_POST["submit"])
  else {

  echo "<form action=\"admin_nmap_input.php\" method=\"post\">\n";
  echo "<table>\n";
  echo "<tr><td colspan=\"2\"><textarea rows=\"20\" name=\"add\" cols=\"90\" class=\"for_forms\"></textarea></td></tr>\n";
  echo "<tr><td colspan=\"2\"><input name=\"submit\" value=\"".__("Save")."\" type=\"submit\" /></td></tr>\n";
  echo "</table>\n";
  echo "</form>\n";

}

echo "</div>\n";
echo "</div>\n";
echo "</td>\n";
echo "</body>\n";
echo "</html>\n";
?>




Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 1 post ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group