Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.


What's on your network?
It is currently Thu Apr 18, 2024 2:32 pm

All times are UTC + 10 hours

Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 1 post ] 
Author Message
PostPosted: Wed Oct 27, 2010 7:34 pm 

Joined: Wed Oct 27, 2010 6:38 pm
Posts: 1
hello all together,

first i will commend the initiators of openaudit.

I have established it in the company were I work and it is real useful.

in the course of this i have made some small changes that could maybe be useful for somebody else, so i wanted to post them.

(All changes base on the 09.03.17 Version)


Line 432
command1 = "cscript //Nologo " & script_name & " " & comparray(i)
command1 = "cscript " & full_script_name & " " & comparray(i)

because in the orginal the script dosnt run by me, so the change maybe helps someone else


add after line 454

dim instr_pos
instr_pos = Instr(1,comparray(count),"-")

if instr_pos > 0 then
dim ip_start
dim ip_end
dim user
dim passwrd
ip_start = mid(comparray(count),1,instr_pos-1)
ip_end = mid(comparray(count),instr_pos+1)
user = userarray(count)
passwrd = passarray(count)

Echo("Add IP Range " & ip_start & " " & ip_end)

dim ip_sector_1_start
dim ip_sector_1_end
dim ip_sector_2_start
dim ip_sector_2_end
dim ip_sector_3_start
dim ip_sector_3_end
dim ip_sector_4_start
dim ip_sector_4_end

dim search_start
dim search_end

sector_start = 1
sector_end = Instr(1,ip_start,".")
ip_sector_1_start = mid(ip_start, sector_start, sector_end - sector_start)

sector_start = sector_end+1
sector_end = Instr(sector_start,ip_start,".")
ip_sector_2_start = mid(ip_start, sector_start, sector_end- sector_start)

sector_start = sector_end+1
sector_end = Instr(sector_start,ip_start,".")
ip_sector_3_start = mid(ip_start, sector_start, sector_end - sector_start)

sector_start = sector_end+1
ip_sector_4_start = mid(ip_start, sector_start)

sector_start = 1
sector_end = Instr(1,ip_end,".")
ip_sector_1_end = mid(ip_end, sector_start, sector_end - sector_start)

sector_start = sector_end+1
sector_end = Instr(sector_start,ip_end,".")
ip_sector_2_end = mid(ip_end, sector_start, sector_end - sector_start)

sector_start = sector_end+1
sector_end = Instr(sector_start,ip_end,".")
ip_sector_3_end = mid(ip_end, sector_start, sector_end - sector_start)

sector_start = sector_end+1
ip_sector_4_end = mid(ip_end, sector_start)

dim array_size
array_size = ((ip_sector_1_end - ip_sector_1_start) *(256^3)) + ((ip_sector_2_end - ip_sector_2_start) *(256^2)) + ((ip_sector_3_end - ip_sector_3_start) *256) + ((ip_sector_4_end - ip_sector_4_start))

Redim comparray(array_size)
Redim userarray(array_size)
Redim passarray(array_size)

dim ip_sector_2_bak
dim ip_sector_3_bak
dim ip_sector_4_bak

ip_sector_2_bak = -1
ip_sector_3_bak = -1
ip_sector_4_bak = -1

dim i
dim j
dim k
dim l

for i = ip_sector_1_start to ip_sector_1_end

if ip_sector_1_end > ip_sector_1_start then
if i = cint(ip_sector_1_start) then
ip_sector_2_bak = ip_sector_2_end
ip_sector_2_end = 255
elseif i = cint(ip_sector_1_start+1) then
ip_sector_2_start = 0
end if

if i = cint(ip_sector_1_end) then
ip_sector_2_end = ip_sector_2_bak
end if
end if

for j = ip_sector_2_start to ip_sector_2_end
if ip_sector_2_end > ip_sector_2_start then
if j = cint(ip_sector_2_start) then
ip_sector_3_bak = ip_sector_3_end
ip_sector_3_end = 255
elseif j = cint(ip_sector_2_start+1) then
ip_sector_3_start = 0
end if

if j = cint(ip_sector_2_end) then
ip_sector_3_end = ip_sector_3_bak
end if
end if
for k = ip_sector_3_start to ip_sector_3_end
if ip_sector_3_end > ip_sector_3_start then
if k = cint(ip_sector_3_start) then
ip_sector_4_bak = ip_sector_4_end
ip_sector_4_end = 255
elseif k = cint(ip_sector_3_start+1) then
ip_sector_4_start = 0
end if

if k = cint(ip_sector_3_end) then
ip_sector_4_end = ip_sector_4_bak
end if
end if

for l = ip_sector_4_start to ip_sector_4_end
comparray(count) = (i & "." & j & "." & k & "." & l)
userarray(count) = user
passarray(count) = passwrd
count = count +1
count = count - 1
end if

with this change u could add an ip range in the pc_list_file.txt sepperated by ' - ' (f.e -,user,password).


a new nmap.vbs file

' Open Audit '
' Software and Hardware Inventory '
' Outputs into MySQL '
' (c) Mark Unwin 2003 '

' User defined settings below here '

' Below calls the file audit_include.vbs to setup the variables.
ExecuteGlobal CreateObject("Scripting.FileSystemObject").OpenTextFile("audit.config").ReadAll

'nmap_tmp_cleanup = false ' Set this false if you want to leave the tmp files for analysis in your tmp folder
'nmap_subnet = "192.168.10." ' The subnet you wish to scan
'nmap_subnet_formatted = "192.168.010." ' The subnet padded with 0's
'nmap_ie_form_page = ""
'nmap_ie_visible = "n"
'nmap_ie_auto_close = "y"
'nmap_ip_start = 21
'nmap_ip_end = 254

' Don't change the settings below here '
Const HKEY_CLASSES_ROOT = &H80000000
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS = &H80000003
Const ForAppending = 8

Set oShell = CreateObject("Wscript.Shell")
Set oFS = CreateObject("Scripting.FileSystemObject")

' Script loop starts here '
for ip = nmap_ip_start to nmap_ip_end
if ip = 1000 then
wscript.echo "bypassing 1000"
NMapScan(nmap_subnet & ip)
end if ' excluded ip number


if input_file <> "" then
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFileReading = objFSO.OpenTextFile(input_file, 1)
dimarray = objTextFileReading.Line - 1
Set objTextFileReading = objFSO.OpenTextFile(input_file, 1)
dim IP_String
Do Until objTextFileReading.AtEndOfStream
IP_String = objTextFileReading.ReadLine
dim instr_pos
instr_pos = Instr(1,IP_String,"-")

if instr_pos > 0 then
dim ip_start
dim ip_end
ip_start = mid(IP_String,1,instr_pos-1)
ip_end = mid(IP_String,instr_pos+1)

wscript.echo("Add IP Range " & ip_start & " " & ip_end)

dim ip_sector_1_start
dim ip_sector_1_end
dim ip_sector_2_start
dim ip_sector_2_end
dim ip_sector_3_start
dim ip_sector_3_end
dim ip_sector_4_start
dim ip_sector_4_end

dim search_start
dim search_end

sector_start = 1
sector_end = Instr(1,ip_start,".")
ip_sector_1_start = mid(ip_start, sector_start, sector_end - sector_start)

sector_start = sector_end+1
sector_end = Instr(sector_start,ip_start,".")
ip_sector_2_start = mid(ip_start, sector_start, sector_end- sector_start)

sector_start = sector_end+1
sector_end = Instr(sector_start,ip_start,".")
ip_sector_3_start = mid(ip_start, sector_start, sector_end - sector_start)

sector_start = sector_end+1
ip_sector_4_start = mid(ip_start, sector_start)

sector_start = 1
sector_end = Instr(1,ip_end,".")
ip_sector_1_end = mid(ip_end, sector_start, sector_end - sector_start)

sector_start = sector_end+1
sector_end = Instr(sector_start,ip_end,".")
ip_sector_2_end = mid(ip_end, sector_start, sector_end - sector_start)

sector_start = sector_end+1
sector_end = Instr(sector_start,ip_end,".")
ip_sector_3_end = mid(ip_end, sector_start, sector_end - sector_start)

sector_start = sector_end+1
ip_sector_4_end = mid(ip_end, sector_start)

dim ip_sector_2_bak
dim ip_sector_3_bak
dim ip_sector_4_bak

ip_sector_2_bak = -1
ip_sector_3_bak = -1
ip_sector_4_bak = -1

dim i
dim j
dim k
dim l

for i = ip_sector_1_start to ip_sector_1_end

if ip_sector_1_end > ip_sector_1_start then
if i = cint(ip_sector_1_start) then
ip_sector_2_bak = ip_sector_2_end
ip_sector_2_end = 255
elseif i = cint(ip_sector_1_start+1) then
ip_sector_2_start = 0
end if

if i = cint(ip_sector_1_end) then
ip_sector_2_end = ip_sector_2_bak
end if
end if

for j = ip_sector_2_start to ip_sector_2_end
if ip_sector_2_end > ip_sector_2_start then
if j = cint(ip_sector_2_start) then
ip_sector_3_bak = ip_sector_3_end
ip_sector_3_end = 255
elseif j = cint(ip_sector_2_start+1) then
ip_sector_3_start = 0
end if

if j = cint(ip_sector_2_end) then
ip_sector_3_end = ip_sector_3_bak
end if
end if
for k = ip_sector_3_start to ip_sector_3_end
if ip_sector_3_end > ip_sector_3_start then
if k = cint(ip_sector_3_start) then
ip_sector_4_bak = ip_sector_4_end
ip_sector_4_end = 255
elseif k = cint(ip_sector_3_start+1) then
ip_sector_4_start = 0
end if

if k = cint(ip_sector_3_end) then
ip_sector_4_end = ip_sector_4_bak
end if
end if

for l = ip_sector_4_start to ip_sector_4_end
NMapScan(i & "." & j & "." & k & "." & l)

end if


end if

sub NMapScan(ip)
Dim ie
Dim oDoc
' Create a valid tmp file.
dim dt : dt = Now()
timestamp = Year(dt) & Right("0" & Month(dt),2) & Right("0" & Day(dt),2) & Right("0" & Hour(dt),2) & Right("0" & Minute(dt),2) & Right("0" & Second(dt),2)
sTemp = oShell.ExpandEnvironmentStrings("%TEMP%")
sTempFile = sTemp & "\" & "nmap_" & ip & "_" & timestamp & ".tmp"
'Create a valid nmap.exe string
nmap = "C:\Programme\Nmap\nmap.exe "
if nmap_syn_scan = "y" then
nmap = nmap & "-sS "
end if
if nmap_udp_scan = "y" then
nmap = nmap & "-sU "
end if
if nmap_srv_ver_scan = "y" then
nmap = nmap & "-sV --version-intensity " & nmap_srv_ver_int & " "
end if
nmap = nmap & "-O -v -oN " & sTempFile
scan = nmap & " " & ip
wscript.echo scan
Set sh=WScript.CreateObject("WScript.Shell")
sh.Run scan, 6, True
set sh = nothing
set form_input = nothing
set file_read = nothing
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(sTempFile, 1)
Do Until objTextFile.AtEndOfStream
strText = objTextFile.ReadAll
Set ie = CreateObject("InternetExplorer.Application")
ie.navigate nmap_ie_form_page
Do Until IE.readyState = 4 : WScript.sleep(200) : Loop
if nmap_ie_visible = "y" then
ie.visible= True
ie.visible = False
end if
Set oDoc = IE.document
Set oAdd = oDoc.getElementById("add")
' oAdd.value = oAdd.value + strText
oAdd.value = strText
if nmap_ie_auto_close = "y" then
Do Until IE.readyState = 4 : WScript.sleep(5000) : Loop
end if
' Cleanup the text file if requested
if nmap_tmp_cleanup = true then
end if
end sub


like in audit.vba you could add an ip range in the nmap_pc_list_file.txt which is definied in the audit.config file as "nmap_input_file"


in the software_register_add.php file:

change line 69

echo " <td>&nbsp;&nbsp;" . $myrow["software_name"] . "</td>\n";

echo " <td><a href='" .$myrow["software_name"]. "' onclick=\"'_blank';\">".$myrow["software_name"]."</a></td>\n";

the softwarename is a google link so you can find out what licence type has the software


in the software_register_add.php file

add after line 63

echo " <td align=\"center\"><b>Viewed</b></td>\n";

and after line 74

echo "<td align=\"center\">";
echo "<div id=\"s" . div_clean($myrow["software_id"]) . "\">";
echo "<a href=\"#\" onclick=\"sendViewed('" . $myrow["software_id"] . "','" .($myrow["viewed"] == 0 ? 1:0) . "');\"><img border=\"0\" src=\"images/" .($myrow["viewed"] == 0 ? "button_fail.png" : "button_success.png")."\" width=\"16\" height=\"16\" alt=\"\" /></a>";
echo "</div>\n";
echo "</td>\n";

and the variables and functions

$viewedRes = 0;
$viewedID = "";

function sendViewed(software,viewed) {
// Open PHP script for requests'get', 'software_register_viewed_ajax.php?software='+software + '&viewed=' + viewed);
http.onreadystatechange = handleResponse2;
$viewedRes = viewed
$viewedID = software

function handleResponse2() {
if(http.readyState == 4 && http.status == 200){
// Text returned FROM the PHP script
var response = http.responseText;
if(response) {
// UPDATE ajaxTest content
document.getElementById(response).innerHTML = "<a href=\"#\" onclick=\"sendViewed('" + $viewedID + "','" + ($viewedRes == 0 ? 1:0) + "');\"><img border=\"0\" src=\"images/" + ($viewedRes == 0 ? "button_fail.png" : "button_success.png") + "\" width=\"16\" height=\"16\" alt=\"\" /></a>";


and the new data software_register_viewed_ajax.php

include "include_config.php";

if (isset($_GET['software'])){ $id = $_GET['software']; } else { $id = ''; }
mysql_connect($mysql_server, $mysql_user, $mysql_password) or die("Could not connect");
mysql_select_db($mysql_database) or die("Could not select database");
$viewed = $_GET['viewed'];

if($id <> '') {
$sql = "UPDATE software SET viewed = '$viewed' WHERE software_id ='$id'";
else {
$sql = "UPDATE software SET viewed = '$viewed'";
$result = mysql_query($sql) or die ('<td>Insert Failed: ' . mysql_error() . '<br />' . $sql . "</td>");

echo "s" .$id;

and the table row "viewed" (bool standard value 0) in the table software.

Now you can mark a line in the software_register_add.php site when you have checked if it need a licence and every time after a audit find a new software it will be seen by this.

Maybe i can help someone with this.

cu zeroCruel

Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 1 post ] 

All times are UTC + 10 hours

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group