forked from HD421/Monitoring-Systems-Version-Check
-
Notifications
You must be signed in to change notification settings - Fork 0
/
mScan.py
163 lines (142 loc) · 5.77 KB
/
mScan.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
# -*- coding: utf-8 -*-
import argparse
import json
import os
import urllib2
import ssl
import re
import pprint
from BeautifulSoup import BeautifulSoup
__author__ = 'H_D'
__version__ = '0.1'
VULNERS_LINK = {'bulletin':'https://vulners.com/api/v3/search/id/'}
ASCII = r"""
==================================================================
// _____
// / ____|
// _ __ ___ | (___ ___ __ _ _ __
// | '_ ` _ \ \___ \ / __/ _` | '_ \
// | | | | | |____) | (_| (_| | | | |
// |_| |_| |_|_____/ \___\__,_|_| |_|
//
//
// NagiosXI & Zabbix version detector and Vulnerabilities scanner
// based on Vulners API
==================================================================
"""
parser = argparse.ArgumentParser(description='Command-line tool for Nagios fingerprint')
parser.add_argument("-H", "--host", help="Host to fingerprint")
parser.add_argument("-p", "--port", help="Port on which Monitoring System is located", type=int)
parser.add_argument("-t", "--type", help="What system are we going to fingerprint? Use N for nagios, Z for zabbix", default="N")
args = parser.parse_args()
def get_html(url):
if not (url.startswith('http://') or url.startswith('https://')):
url = 'https://{}'.format(url)
print "URL IS ", url
ctx = ssl.create_default_context() # avoid invalid ssl check
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
response = urllib2.urlopen(url, timeout=5, context=ctx)
return response.read()
def nagios_version_check(html):
soup = BeautifulSoup(html)
get_version = soup.find('input', {"name": "version"})['value']
get_productName = soup.find('input', {"name": "product"})['value']
get_buildV = soup.find('input', {"name": "build"})['value']
print("[X] Nagios version is : "+ get_version)
print("[X] Build is : "+ get_buildV)
print("[X] Product name is : "+ get_productName)
payload = {'query':'{} {}'.format(get_productName,get_version),
'size':5,
'sort':'cvss.score',
'references':'true',
'fields': ['id','cve','title']
}
url = 'https://vulners.com/api/v3/search/lucene/'
response = sendVulnRequest(url, payload)
resultCode = response.get("result")
if resultCode == "OK":
cvelist = []
try:
references = response.get('data').get('references')
for item in references:
for reference in references[item]:
for refID in references[item][reference]:
cvelist = cvelist + refID['cvelist']
for cve in cvelist:
print(' - ' + cve);
except TypeError:
if len(cvelist) == 0:
print(" - No vulnerabilities found.")
return
def zabbix_version_check(html):
soup = BeautifulSoup(html)
for link in soup.findAll('a', attrs={'href': re.compile("documentation")}):
version=link.get('href')
parts = re.split('/', version)
get_version = ''.join(parts[4:5])
print("[X] Zabbix version is " + get_version)
payload = {'query':'Zabbix {}'.format(get_version),
'size':5,
'sort':'cvss.score',
'references':'true',
'fields': ['id','cve','title']
}
url = 'https://vulners.com/api/v3/search/lucene/'
response = sendVulnRequest(url, payload)
resultCode = response.get("result")
if resultCode == "OK":
cvelist = []
try:
references = response.get('data').get('references')
for item in references:
for reference in references[item]:
for refID in references[item][reference]:
cvelist = cvelist + refID['cvelist']
for cve in cvelist:
print(' - ' + cve);
except TypeError:
if len(cvelist) == 0:
print(" - No vulnerabilities found.")
return
def sendVulnRequest(url, payload):
req = urllib2.Request(url)
req.add_header('Content-Type', 'application/json')
req.add_header('User-Agent', 'hd-scan-v0.1')
response = urllib2.urlopen(req, json.dumps(payload).encode('utf-8'))
responseData = response.read()
if isinstance(responseData, bytes):
responseData = responseData.decode('utf8')
responseData = json.loads(responseData)
return responseData
def main():
try:
if args.type is "N":
link = '{}:{}/nagiosxi/login.php'.format(args.host, args.port)
nagios_version_check(get_html(link))
if args.type is "Z":
link = '{}:{}/zabbix/'.format(args.host, args.port)
zabbix_version_check(get_html(link))
except UnboundLocalError:
print(
"You are trying to use a nonexistent key"
)
except urllib2.URLError:
print("SSL is not avaliable, trying http://" + link)
link = 'http://{}'.format(link)
try:
if args.type is "N":
nagios_version_check(get_html(link))
if args.type is "Z":
zabbix_version_check(get_html(link))
except TypeError:
print(
"Something went wrong, unable to fingerprint this server. Maybe this Nagios is placed on specific port?"
)
except TypeError:
print(
"Something went wrong, i didn't found a valid redirect or info about version"
) # TODO need some refactoring
if __name__ == '__main__':
print('\n'.join(ASCII.splitlines()))
main()