hello all together,
first i will commend the initiators of openaudit.
I have established it in the company were I work and it is real useful.
in the course of this i have made some small changes that could maybe be useful for somebody else, so i wanted to post them.
(All changes base on the 09.03.17 Version)
1.
Line 432 [code] command1 = "cscript //Nologo " & script_name & " " & comparray(i) [/code] to [code] command1 = "cscript " & full_script_name & " " & comparray(i) [/code]
because in the orginal the script dosnt run by me, so the change maybe helps someone else
2.
add after line 454
[code] dim instr_pos instr_pos = Instr(1,comparray(count),"-")
if instr_pos > 0 then dim ip_start dim ip_end dim user dim passwrd ip_start = mid(comparray(count),1,instr_pos-1) ip_end = mid(comparray(count),instr_pos+1) user = userarray(count) passwrd = passarray(count)
Echo("Add IP Range " & ip_start & " " & ip_end)
dim ip_sector_1_start dim ip_sector_1_end dim ip_sector_2_start dim ip_sector_2_end dim ip_sector_3_start dim ip_sector_3_end dim ip_sector_4_start dim ip_sector_4_end dim search_start dim search_end
sector_start = 1 sector_end = Instr(1,ip_start,".") ip_sector_1_start = mid(ip_start, sector_start, sector_end - sector_start) sector_start = sector_end+1 sector_end = Instr(sector_start,ip_start,".") ip_sector_2_start = mid(ip_start, sector_start, sector_end- sector_start)
sector_start = sector_end+1 sector_end = Instr(sector_start,ip_start,".") ip_sector_3_start = mid(ip_start, sector_start, sector_end - sector_start)
sector_start = sector_end+1 ip_sector_4_start = mid(ip_start, sector_start)
sector_start = 1 sector_end = Instr(1,ip_end,".") ip_sector_1_end = mid(ip_end, sector_start, sector_end - sector_start) sector_start = sector_end+1 sector_end = Instr(sector_start,ip_end,".") ip_sector_2_end = mid(ip_end, sector_start, sector_end - sector_start)
sector_start = sector_end+1 sector_end = Instr(sector_start,ip_end,".") ip_sector_3_end = mid(ip_end, sector_start, sector_end - sector_start)
sector_start = sector_end+1 ip_sector_4_end = mid(ip_end, sector_start) dim array_size array_size = ((ip_sector_1_end - ip_sector_1_start) *(256^3)) + ((ip_sector_2_end - ip_sector_2_start) *(256^2)) + ((ip_sector_3_end - ip_sector_3_start) *256) + ((ip_sector_4_end - ip_sector_4_start))
Redim comparray(array_size) Redim userarray(array_size) Redim passarray(array_size)
dim ip_sector_2_bak dim ip_sector_3_bak dim ip_sector_4_bak
ip_sector_2_bak = -1 ip_sector_3_bak = -1 ip_sector_4_bak = -1
dim i dim j dim k dim l
for i = ip_sector_1_start to ip_sector_1_end
if ip_sector_1_end > ip_sector_1_start then if i = cint(ip_sector_1_start) then ip_sector_2_bak = ip_sector_2_end ip_sector_2_end = 255 elseif i = cint(ip_sector_1_start+1) then ip_sector_2_start = 0 end if
if i = cint(ip_sector_1_end) then ip_sector_2_end = ip_sector_2_bak end if end if
for j = ip_sector_2_start to ip_sector_2_end if ip_sector_2_end > ip_sector_2_start then if j = cint(ip_sector_2_start) then ip_sector_3_bak = ip_sector_3_end ip_sector_3_end = 255 elseif j = cint(ip_sector_2_start+1) then ip_sector_3_start = 0 end if
if j = cint(ip_sector_2_end) then ip_sector_3_end = ip_sector_3_bak end if end if for k = ip_sector_3_start to ip_sector_3_end if ip_sector_3_end > ip_sector_3_start then if k = cint(ip_sector_3_start) then ip_sector_4_bak = ip_sector_4_end ip_sector_4_end = 255 elseif k = cint(ip_sector_3_start+1) then ip_sector_4_start = 0 end if
if k = cint(ip_sector_3_end) then ip_sector_4_end = ip_sector_4_bak end if end if
for l = ip_sector_4_start to ip_sector_4_end comparray(count) = (i & "." & j & "." & k & "." & l) userarray(count) = user passarray(count) = passwrd count = count +1 next next next next count = count - 1 end if [/code]
with this change u could add an ip range in the pc_list_file.txt sepperated by ' - ' (f.e 192.193.1.10 - 193.194.2.20,user,password).
3.
a new nmap.vbs file
[code] ''''''''''''''''''''''''''''''''''' ' Open Audit ' ' Software and Hardware Inventory ' ' Outputs into MySQL ' ' (c) Mark Unwin 2003 ' '''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''' ' User defined settings below here ' ''''''''''''''''''''''''''''''''''''
' Below calls the file audit_include.vbs to setup the variables. ExecuteGlobal CreateObject("Scripting.FileSystemObject").OpenTextFile("audit.config").ReadAll
'nmap_tmp_cleanup = false ' Set this false if you want to leave the tmp files for analysis in your tmp folder 'nmap_subnet = "192.168.10." ' The subnet you wish to scan 'nmap_subnet_formatted = "192.168.010." ' The subnet padded with 0's 'nmap_ie_form_page = "http://192.168.10.28/oa/admin_nmap_input.php" 'nmap_ie_visible = "n" 'nmap_ie_auto_close = "y" 'nmap_ip_start = 21 'nmap_ip_end = 254
'''''''''''''''''''''''''''''''''''''''' ' Don't change the settings below here ' '''''''''''''''''''''''''''''''''''''''' Const HKEY_CLASSES_ROOT = &H80000000 Const HKEY_CURRENT_USER = &H80000001 Const HKEY_LOCAL_MACHINE = &H80000002 Const HKEY_USERS = &H80000003 Const ForAppending = 8
Set oShell = CreateObject("Wscript.Shell") Set oFS = CreateObject("Scripting.FileSystemObject")
''''''''''''''''''''''''''''''''''' ' Script loop starts here ' ''''''''''''''''''''''''''''''''''' for ip = nmap_ip_start to nmap_ip_end if ip = 1000 then wscript.echo "bypassing 1000" else NMapScan(nmap_subnet & ip) end if ' excluded ip number
next
if input_file <> "" then Set objFSO = CreateObject("Scripting.FileSystemObject") Set objTextFileReading = objFSO.OpenTextFile(input_file, 1) objTextFileReading.ReadAll dimarray = objTextFileReading.Line - 1 objTextFileReading.close Set objTextFileReading = objFSO.OpenTextFile(input_file, 1) dim IP_String Do Until objTextFileReading.AtEndOfStream IP_String = objTextFileReading.ReadLine dim instr_pos instr_pos = Instr(1,IP_String,"-")
if instr_pos > 0 then dim ip_start dim ip_end ip_start = mid(IP_String,1,instr_pos-1) ip_end = mid(IP_String,instr_pos+1)
wscript.echo("Add IP Range " & ip_start & " " & ip_end)
dim ip_sector_1_start dim ip_sector_1_end dim ip_sector_2_start dim ip_sector_2_end dim ip_sector_3_start dim ip_sector_3_end dim ip_sector_4_start dim ip_sector_4_end dim search_start dim search_end
sector_start = 1 sector_end = Instr(1,ip_start,".") ip_sector_1_start = mid(ip_start, sector_start, sector_end - sector_start) sector_start = sector_end+1 sector_end = Instr(sector_start,ip_start,".") ip_sector_2_start = mid(ip_start, sector_start, sector_end- sector_start)
sector_start = sector_end+1 sector_end = Instr(sector_start,ip_start,".") ip_sector_3_start = mid(ip_start, sector_start, sector_end - sector_start)
sector_start = sector_end+1 ip_sector_4_start = mid(ip_start, sector_start)
sector_start = 1 sector_end = Instr(1,ip_end,".") ip_sector_1_end = mid(ip_end, sector_start, sector_end - sector_start) sector_start = sector_end+1 sector_end = Instr(sector_start,ip_end,".") ip_sector_2_end = mid(ip_end, sector_start, sector_end - sector_start)
sector_start = sector_end+1 sector_end = Instr(sector_start,ip_end,".") ip_sector_3_end = mid(ip_end, sector_start, sector_end - sector_start)
sector_start = sector_end+1 ip_sector_4_end = mid(ip_end, sector_start)
dim ip_sector_2_bak dim ip_sector_3_bak dim ip_sector_4_bak
ip_sector_2_bak = -1 ip_sector_3_bak = -1 ip_sector_4_bak = -1
dim i dim j dim k dim l
for i = ip_sector_1_start to ip_sector_1_end
if ip_sector_1_end > ip_sector_1_start then if i = cint(ip_sector_1_start) then ip_sector_2_bak = ip_sector_2_end ip_sector_2_end = 255 elseif i = cint(ip_sector_1_start+1) then ip_sector_2_start = 0 end if
if i = cint(ip_sector_1_end) then ip_sector_2_end = ip_sector_2_bak end if end if
for j = ip_sector_2_start to ip_sector_2_end if ip_sector_2_end > ip_sector_2_start then if j = cint(ip_sector_2_start) then ip_sector_3_bak = ip_sector_3_end ip_sector_3_end = 255 elseif j = cint(ip_sector_2_start+1) then ip_sector_3_start = 0 end if
if j = cint(ip_sector_2_end) then ip_sector_3_end = ip_sector_3_bak end if end if for k = ip_sector_3_start to ip_sector_3_end if ip_sector_3_end > ip_sector_3_start then if k = cint(ip_sector_3_start) then ip_sector_4_bak = ip_sector_4_end ip_sector_4_end = 255 elseif k = cint(ip_sector_3_start+1) then ip_sector_4_start = 0 end if
if k = cint(ip_sector_3_end) then ip_sector_4_end = ip_sector_4_bak end if end if
for l = ip_sector_4_start to ip_sector_4_end NMapScan(i & "." & j & "." & k & "." & l) next next next next else NMapScan(IP_String)
end if
Loop
end if
sub NMapScan(ip) Dim ie Dim oDoc ' ' Create a valid tmp file. dim dt : dt = Now() timestamp = Year(dt) & Right("0" & Month(dt),2) & Right("0" & Day(dt),2) & Right("0" & Hour(dt),2) & Right("0" & Minute(dt),2) & Right("0" & Second(dt),2) sTemp = oShell.ExpandEnvironmentStrings("%TEMP%") sTempFile = sTemp & "\" & "nmap_" & ip & "_" & timestamp & ".tmp" ' 'Create a valid nmap.exe string nmap = "C:\Programme\Nmap\nmap.exe " if nmap_syn_scan = "y" then nmap = nmap & "-sS " end if if nmap_udp_scan = "y" then nmap = nmap & "-sU " end if if nmap_srv_ver_scan = "y" then nmap = nmap & "-sV --version-intensity " & nmap_srv_ver_int & " " end if nmap = nmap & "-O -v -oN " & sTempFile ' ' scan = nmap & " " & ip wscript.echo scan Set sh=WScript.CreateObject("WScript.Shell") sh.Run scan, 6, True set sh = nothing set form_input = nothing set file_read = nothing Set objFSO = CreateObject("Scripting.FileSystemObject") Set objTextFile = objFSO.OpenTextFile(sTempFile, 1) Do Until objTextFile.AtEndOfStream strText = objTextFile.ReadAll Loop objTextFile.Close Set ie = CreateObject("InternetExplorer.Application") ie.navigate nmap_ie_form_page Do Until IE.readyState = 4 : WScript.sleep(200) : Loop if nmap_ie_visible = "y" then ie.visible= True else ie.visible = False end if Set oDoc = IE.document Set oAdd = oDoc.getElementById("add") ' oAdd.value = oAdd.value + strText oAdd.value = strText IE.Document.All("submit").Click if nmap_ie_auto_close = "y" then Do Until IE.readyState = 4 : WScript.sleep(5000) : Loop WScript.sleep(5000) ie.Quit end if ' Cleanup the text file if requested if nmap_tmp_cleanup = true then objFSO.DeleteFile(sTempFile) end if end sub
wscript.quit [/code]
like in audit.vba you could add an ip range in the nmap_pc_list_file.txt which is definied in the audit.config file as "nmap_input_file"
4.
in the software_register_add.php file:
change line 69
from [code] echo " <td> " . $myrow["software_name"] . "</td>\n"; [/code] to
[code] echo " <td><a href='http://www.google.de#q=" .$myrow["software_name"]. "' onclick=\"this.target='_blank';\">".$myrow["software_name"]."</a></td>\n"; [/code]
the softwarename is a google link so you can find out what licence type has the software
5.
in the software_register_add.php file
add after line 63
[code] echo " <td align=\"center\"><b>Viewed</b></td>\n"; [/code]
and after line 74
[code] echo "<td align=\"center\">"; echo "<div id=\"s" . div_clean($myrow["software_id"]) . "\">"; echo "<a href=\"#\" onclick=\"sendViewed('" . $myrow["software_id"] . "','" .($myrow["viewed"] == 0 ? 1:0) . "');\"><img border=\"0\" src=\"images/" .($myrow["viewed"] == 0 ? "button_fail.png" : "button_success.png")."\" width=\"16\" height=\"16\" alt=\"\" /></a>"; echo "</div>\n"; echo "</td>\n"; [/code]
and the variables and functions
$viewedRes = 0; $viewedID = "";
[code] function sendViewed(software,viewed) { // Open PHP script for requests http.open('get', 'software_register_viewed_ajax.php?software='+software + '&viewed=' + viewed); http.onreadystatechange = handleResponse2; $viewedRes = viewed $viewedID = software http.send(null); }
function handleResponse2() { if(http.readyState == 4 && http.status == 200){ // Text returned FROM the PHP script var response = http.responseText; if(response) { // UPDATE ajaxTest content document.getElementById(response).innerHTML = "<a href=\"#\" onclick=\"sendViewed('" + $viewedID + "','" + ($viewedRes == 0 ? 1:0) + "');\"><img border=\"0\" src=\"images/" + ($viewedRes == 0 ? "button_fail.png" : "button_success.png") + "\" width=\"16\" height=\"16\" alt=\"\" /></a>"; } } }
[/code]
and the new data software_register_viewed_ajax.php
[code] <?php include "include_config.php";
if (isset($_GET['software'])){ $id = $_GET['software']; } else { $id = ''; } mysql_connect($mysql_server, $mysql_user, $mysql_password) or die("Could not connect"); mysql_select_db($mysql_database) or die("Could not select database"); $viewed = $_GET['viewed'];
if($id <> '') { $sql = "UPDATE software SET viewed = '$viewed' WHERE software_id ='$id'"; } else { $sql = "UPDATE software SET viewed = '$viewed'"; } $result = mysql_query($sql) or die ('<td>Insert Failed: ' . mysql_error() . '<br />' . $sql . "</td>");
echo "s" .$id; ?> [/code]
and the table row "viewed" (bool standard value 0) in the table software.
Now you can mark a line in the software_register_add.php site when you have checked if it need a licence and every time after a audit find a new software it will be seen by this.
Maybe i can help someone with this.
cu zeroCruel
|