Open-AudIT
https://www.open-audit.org/phpBB3/

maybe useful changes from me
https://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=3834
Page 1 of 1

Author:  zeroCruel [ Wed Oct 27, 2010 7:34 pm ]
Post subject:  maybe useful changes from me

hello all together,

first i will commend the initiators of openaudit.

I have established it in the company were I work and it is real useful.

in the course of this i have made some small changes that could maybe be useful for somebody else, so i wanted to post them.

(All changes base on the 09.03.17 Version)

1.

Line 432
[code]
command1 = "cscript //Nologo " & script_name & " " & comparray(i)
[/code]
to
[code]
command1 = "cscript " & full_script_name & " " & comparray(i)
[/code]

because in the orginal the script dosnt run by me, so the change maybe helps someone else

2.

add after line 454

[code]
dim instr_pos
instr_pos = Instr(1,comparray(count),"-")

if instr_pos > 0 then
dim ip_start
dim ip_end
dim user
dim passwrd
ip_start = mid(comparray(count),1,instr_pos-1)
ip_end = mid(comparray(count),instr_pos+1)
user = userarray(count)
passwrd = passarray(count)

Echo("Add IP Range " & ip_start & " " & ip_end)

dim ip_sector_1_start
dim ip_sector_1_end
dim ip_sector_2_start
dim ip_sector_2_end
dim ip_sector_3_start
dim ip_sector_3_end
dim ip_sector_4_start
dim ip_sector_4_end

dim search_start
dim search_end

sector_start = 1
sector_end = Instr(1,ip_start,".")
ip_sector_1_start = mid(ip_start, sector_start, sector_end - sector_start)

sector_start = sector_end+1
sector_end = Instr(sector_start,ip_start,".")
ip_sector_2_start = mid(ip_start, sector_start, sector_end- sector_start)

sector_start = sector_end+1
sector_end = Instr(sector_start,ip_start,".")
ip_sector_3_start = mid(ip_start, sector_start, sector_end - sector_start)

sector_start = sector_end+1
ip_sector_4_start = mid(ip_start, sector_start)

sector_start = 1
sector_end = Instr(1,ip_end,".")
ip_sector_1_end = mid(ip_end, sector_start, sector_end - sector_start)

sector_start = sector_end+1
sector_end = Instr(sector_start,ip_end,".")
ip_sector_2_end = mid(ip_end, sector_start, sector_end - sector_start)

sector_start = sector_end+1
sector_end = Instr(sector_start,ip_end,".")
ip_sector_3_end = mid(ip_end, sector_start, sector_end - sector_start)

sector_start = sector_end+1
ip_sector_4_end = mid(ip_end, sector_start)

dim array_size
array_size = ((ip_sector_1_end - ip_sector_1_start) *(256^3)) + ((ip_sector_2_end - ip_sector_2_start) *(256^2)) + ((ip_sector_3_end - ip_sector_3_start) *256) + ((ip_sector_4_end - ip_sector_4_start))


Redim comparray(array_size)
Redim userarray(array_size)
Redim passarray(array_size)


dim ip_sector_2_bak
dim ip_sector_3_bak
dim ip_sector_4_bak

ip_sector_2_bak = -1
ip_sector_3_bak = -1
ip_sector_4_bak = -1

dim i
dim j
dim k
dim l

for i = ip_sector_1_start to ip_sector_1_end


if ip_sector_1_end > ip_sector_1_start then
if i = cint(ip_sector_1_start) then
ip_sector_2_bak = ip_sector_2_end
ip_sector_2_end = 255
elseif i = cint(ip_sector_1_start+1) then
ip_sector_2_start = 0
end if

if i = cint(ip_sector_1_end) then
ip_sector_2_end = ip_sector_2_bak
end if
end if

for j = ip_sector_2_start to ip_sector_2_end
if ip_sector_2_end > ip_sector_2_start then
if j = cint(ip_sector_2_start) then
ip_sector_3_bak = ip_sector_3_end
ip_sector_3_end = 255
elseif j = cint(ip_sector_2_start+1) then
ip_sector_3_start = 0
end if

if j = cint(ip_sector_2_end) then
ip_sector_3_end = ip_sector_3_bak
end if
end if
for k = ip_sector_3_start to ip_sector_3_end
if ip_sector_3_end > ip_sector_3_start then
if k = cint(ip_sector_3_start) then
ip_sector_4_bak = ip_sector_4_end
ip_sector_4_end = 255
elseif k = cint(ip_sector_3_start+1) then
ip_sector_4_start = 0
end if

if k = cint(ip_sector_3_end) then
ip_sector_4_end = ip_sector_4_bak
end if
end if

for l = ip_sector_4_start to ip_sector_4_end
comparray(count) = (i & "." & j & "." & k & "." & l)
userarray(count) = user
passarray(count) = passwrd
count = count +1
next
next
next
next
count = count - 1
end if
[/code]

with this change u could add an ip range in the pc_list_file.txt sepperated by ' - ' (f.e 192.193.1.10 - 193.194.2.20,user,password).

3.

a new nmap.vbs file

[code]
'''''''''''''''''''''''''''''''''''
' Open Audit '
' Software and Hardware Inventory '
' Outputs into MySQL '
' (c) Mark Unwin 2003 '
'''''''''''''''''''''''''''''''''''


''''''''''''''''''''''''''''''''''''
' User defined settings below here '
''''''''''''''''''''''''''''''''''''

' Below calls the file audit_include.vbs to setup the variables.
ExecuteGlobal CreateObject("Scripting.FileSystemObject").OpenTextFile("audit.config").ReadAll

'nmap_tmp_cleanup = false ' Set this false if you want to leave the tmp files for analysis in your tmp folder
'nmap_subnet = "192.168.10." ' The subnet you wish to scan
'nmap_subnet_formatted = "192.168.010." ' The subnet padded with 0's
'nmap_ie_form_page = "http://192.168.10.28/oa/admin_nmap_input.php"
'nmap_ie_visible = "n"
'nmap_ie_auto_close = "y"
'nmap_ip_start = 21
'nmap_ip_end = 254

''''''''''''''''''''''''''''''''''''''''
' Don't change the settings below here '
''''''''''''''''''''''''''''''''''''''''
Const HKEY_CLASSES_ROOT = &H80000000
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS = &H80000003
Const ForAppending = 8


Set oShell = CreateObject("Wscript.Shell")
Set oFS = CreateObject("Scripting.FileSystemObject")

'''''''''''''''''''''''''''''''''''
' Script loop starts here '
'''''''''''''''''''''''''''''''''''
for ip = nmap_ip_start to nmap_ip_end
if ip = 1000 then
wscript.echo "bypassing 1000"
else
NMapScan(nmap_subnet & ip)
end if ' excluded ip number

next

if input_file <> "" then
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFileReading = objFSO.OpenTextFile(input_file, 1)
objTextFileReading.ReadAll
dimarray = objTextFileReading.Line - 1
objTextFileReading.close
Set objTextFileReading = objFSO.OpenTextFile(input_file, 1)
dim IP_String
Do Until objTextFileReading.AtEndOfStream
IP_String = objTextFileReading.ReadLine
dim instr_pos
instr_pos = Instr(1,IP_String,"-")

if instr_pos > 0 then
dim ip_start
dim ip_end
ip_start = mid(IP_String,1,instr_pos-1)
ip_end = mid(IP_String,instr_pos+1)


wscript.echo("Add IP Range " & ip_start & " " & ip_end)

dim ip_sector_1_start
dim ip_sector_1_end
dim ip_sector_2_start
dim ip_sector_2_end
dim ip_sector_3_start
dim ip_sector_3_end
dim ip_sector_4_start
dim ip_sector_4_end

dim search_start
dim search_end

sector_start = 1
sector_end = Instr(1,ip_start,".")
ip_sector_1_start = mid(ip_start, sector_start, sector_end - sector_start)

sector_start = sector_end+1
sector_end = Instr(sector_start,ip_start,".")
ip_sector_2_start = mid(ip_start, sector_start, sector_end- sector_start)

sector_start = sector_end+1
sector_end = Instr(sector_start,ip_start,".")
ip_sector_3_start = mid(ip_start, sector_start, sector_end - sector_start)

sector_start = sector_end+1
ip_sector_4_start = mid(ip_start, sector_start)

sector_start = 1
sector_end = Instr(1,ip_end,".")
ip_sector_1_end = mid(ip_end, sector_start, sector_end - sector_start)

sector_start = sector_end+1
sector_end = Instr(sector_start,ip_end,".")
ip_sector_2_end = mid(ip_end, sector_start, sector_end - sector_start)

sector_start = sector_end+1
sector_end = Instr(sector_start,ip_end,".")
ip_sector_3_end = mid(ip_end, sector_start, sector_end - sector_start)

sector_start = sector_end+1
ip_sector_4_end = mid(ip_end, sector_start)


dim ip_sector_2_bak
dim ip_sector_3_bak
dim ip_sector_4_bak

ip_sector_2_bak = -1
ip_sector_3_bak = -1
ip_sector_4_bak = -1

dim i
dim j
dim k
dim l

for i = ip_sector_1_start to ip_sector_1_end


if ip_sector_1_end > ip_sector_1_start then
if i = cint(ip_sector_1_start) then
ip_sector_2_bak = ip_sector_2_end
ip_sector_2_end = 255
elseif i = cint(ip_sector_1_start+1) then
ip_sector_2_start = 0
end if

if i = cint(ip_sector_1_end) then
ip_sector_2_end = ip_sector_2_bak
end if
end if

for j = ip_sector_2_start to ip_sector_2_end
if ip_sector_2_end > ip_sector_2_start then
if j = cint(ip_sector_2_start) then
ip_sector_3_bak = ip_sector_3_end
ip_sector_3_end = 255
elseif j = cint(ip_sector_2_start+1) then
ip_sector_3_start = 0
end if

if j = cint(ip_sector_2_end) then
ip_sector_3_end = ip_sector_3_bak
end if
end if
for k = ip_sector_3_start to ip_sector_3_end
if ip_sector_3_end > ip_sector_3_start then
if k = cint(ip_sector_3_start) then
ip_sector_4_bak = ip_sector_4_end
ip_sector_4_end = 255
elseif k = cint(ip_sector_3_start+1) then
ip_sector_4_start = 0
end if

if k = cint(ip_sector_3_end) then
ip_sector_4_end = ip_sector_4_bak
end if
end if

for l = ip_sector_4_start to ip_sector_4_end
NMapScan(i & "." & j & "." & k & "." & l)
next
next
next
next
else
NMapScan(IP_String)

end if

Loop

end if



sub NMapScan(ip)
Dim ie
Dim oDoc
'
' Create a valid tmp file.
dim dt : dt = Now()
timestamp = Year(dt) & Right("0" & Month(dt),2) & Right("0" & Day(dt),2) & Right("0" & Hour(dt),2) & Right("0" & Minute(dt),2) & Right("0" & Second(dt),2)
sTemp = oShell.ExpandEnvironmentStrings("%TEMP%")
sTempFile = sTemp & "\" & "nmap_" & ip & "_" & timestamp & ".tmp"
'
'Create a valid nmap.exe string
nmap = "C:\Programme\Nmap\nmap.exe "
if nmap_syn_scan = "y" then
nmap = nmap & "-sS "
end if
if nmap_udp_scan = "y" then
nmap = nmap & "-sU "
end if
if nmap_srv_ver_scan = "y" then
nmap = nmap & "-sV --version-intensity " & nmap_srv_ver_int & " "
end if
nmap = nmap & "-O -v -oN " & sTempFile
'
'
scan = nmap & " " & ip
wscript.echo scan
Set sh=WScript.CreateObject("WScript.Shell")
sh.Run scan, 6, True
set sh = nothing
set form_input = nothing
set file_read = nothing
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(sTempFile, 1)
Do Until objTextFile.AtEndOfStream
strText = objTextFile.ReadAll
Loop
objTextFile.Close
Set ie = CreateObject("InternetExplorer.Application")
ie.navigate nmap_ie_form_page
Do Until IE.readyState = 4 : WScript.sleep(200) : Loop
if nmap_ie_visible = "y" then
ie.visible= True
else
ie.visible = False
end if
Set oDoc = IE.document
Set oAdd = oDoc.getElementById("add")
' oAdd.value = oAdd.value + strText
oAdd.value = strText
IE.Document.All("submit").Click
if nmap_ie_auto_close = "y" then
Do Until IE.readyState = 4 : WScript.sleep(5000) : Loop
WScript.sleep(5000)
ie.Quit
end if
' Cleanup the text file if requested
if nmap_tmp_cleanup = true then
objFSO.DeleteFile(sTempFile)
end if
end sub

wscript.quit
[/code]

like in audit.vba you could add an ip range in the nmap_pc_list_file.txt which is definied in the audit.config file as "nmap_input_file"

4.

in the software_register_add.php file:

change line 69

from
[code]
echo " <td>&nbsp;&nbsp;" . $myrow["software_name"] . "</td>\n";
[/code]
to

[code]
echo " <td><a href='http://www.google.de#q=" .$myrow["software_name"]. "' onclick=\"this.target='_blank';\">".$myrow["software_name"]."</a></td>\n";
[/code]

the softwarename is a google link so you can find out what licence type has the software

5.

in the software_register_add.php file

add after line 63

[code]
echo " <td align=\"center\"><b>Viewed</b></td>\n";
[/code]

and after line 74

[code]
echo "<td align=\"center\">";
echo "<div id=\"s" . div_clean($myrow["software_id"]) . "\">";
echo "<a href=\"#\" onclick=\"sendViewed('" . $myrow["software_id"] . "','" .($myrow["viewed"] == 0 ? 1:0) . "');\"><img border=\"0\" src=\"images/" .($myrow["viewed"] == 0 ? "button_fail.png" : "button_success.png")."\" width=\"16\" height=\"16\" alt=\"\" /></a>";
echo "</div>\n";
echo "</td>\n";
[/code]

and the variables and functions

$viewedRes = 0;
$viewedID = "";


[code]
function sendViewed(software,viewed) {
// Open PHP script for requests
http.open('get', 'software_register_viewed_ajax.php?software='+software + '&viewed=' + viewed);
http.onreadystatechange = handleResponse2;
$viewedRes = viewed
$viewedID = software
http.send(null);
}

function handleResponse2() {
if(http.readyState == 4 && http.status == 200){
// Text returned FROM the PHP script
var response = http.responseText;
if(response) {
// UPDATE ajaxTest content
document.getElementById(response).innerHTML = "<a href=\"#\" onclick=\"sendViewed('" + $viewedID + "','" + ($viewedRes == 0 ? 1:0) + "');\"><img border=\"0\" src=\"images/" + ($viewedRes == 0 ? "button_fail.png" : "button_success.png") + "\" width=\"16\" height=\"16\" alt=\"\" /></a>";
}
}
}

[/code]

and the new data software_register_viewed_ajax.php

[code]
<?php
include "include_config.php";

if (isset($_GET['software'])){ $id = $_GET['software']; } else { $id = ''; }
mysql_connect($mysql_server, $mysql_user, $mysql_password) or die("Could not connect");
mysql_select_db($mysql_database) or die("Could not select database");
$viewed = $_GET['viewed'];

if($id <> '') {
$sql = "UPDATE software SET viewed = '$viewed' WHERE software_id ='$id'";
}
else {
$sql = "UPDATE software SET viewed = '$viewed'";
}
$result = mysql_query($sql) or die ('<td>Insert Failed: ' . mysql_error() . '<br />' . $sql . "</td>");

echo "s" .$id;
?>
[/code]

and the table row "viewed" (bool standard value 0) in the table software.

Now you can mark a line in the software_register_add.php site when you have checked if it need a licence and every time after a audit find a new software it will be seen by this.


Maybe i can help someone with this.

cu zeroCruel

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/