View previous topic :: View next topic |
Author |
Message |
gameyoda Expert Cheater Reputation: 0
Joined: 06 Oct 2006 Posts: 150
|
Posted: Sun Nov 14, 2010 4:35 pm Post subject: Nessus in PHP |
|
|
Hello,
Lately I wanted to make a site that gets your IP-adress and then does a port scan using Nessus.
However I'm having some problems with the command lines that you can give to Nessus.
Also I'm not sure if there is another way, but if you write your scan to a file how do you read the file and print it in a nice list?
I assume you could put it in an array and just print that in a for loop, but how do you read the file to begin with, because the scan results are written to a .NBE file.
|
|
Back to top |
|
|
AhMunRa Grandmaster Cheater Supreme Reputation: 27
Joined: 06 Aug 2010 Posts: 1117
|
|
Back to top |
|
|
gameyoda Expert Cheater Reputation: 0
Joined: 06 Oct 2006 Posts: 150
|
Posted: Mon Nov 15, 2010 2:55 am Post subject: |
|
|
Ok, thanks for the help. Would still like to know about the command lines.
edit: got to try it out and it works. Do have a question though, is it possible to create the file and then write to it using fopen?
So you can get something like fopen("C:\test.txt").
edit: Can also create files now (fopen($path, "w+")). Only need to know about Nessus and how to use it with the propper command lines, but that can't be too hard I think. Help on that is still welcome though.
Thanks again for your help.
|
|
Back to top |
|
|
gameyoda Expert Cheater Reputation: 0
Joined: 06 Oct 2006 Posts: 150
|
Posted: Tue Nov 16, 2010 7:40 am Post subject: |
|
|
Hello again, been bussy with the site and it can now read and write files, but for some reason it wont start Nessus. At the moment I have this code:
Code: | exec($nessus." -q ".$ip." ".$port." ".$user." ".$pass." ".$path." ".$result); |
It won't start nessus and the file isn't written to the drive.
Does anybody know why this doesn't work?
Using exec I can start different programs.
Also I'm using Windows should that change anything.
|
|
Back to top |
|
|
AhMunRa Grandmaster Cheater Supreme Reputation: 27
Joined: 06 Aug 2010 Posts: 1117
|
Posted: Tue Nov 16, 2010 2:41 pm Post subject: |
|
|
Try shell_exec() instead of exec.
http://php.net/manual/en/function.shell-exec.php
http://php.net/manual/en/function.exec.php
Also make sure that the web process has permissions to execute the command. If on Linux you may need to add www-data to /etc/sudoers (if you do, I strongly suggest only allowing sudo for the command you need in this case to execute nessus.)
If on Windows I'm not quite sure, either add code for debugging or check your event log in Windows to make sure it is firing. Also check the Nessuss logs, should be something in there.
_________________
<Wiccaan> Bah that was supposed to say 'not saying its dead' lol. Fixing >.> |
|
Back to top |
|
|
gameyoda Expert Cheater Reputation: 0
Joined: 06 Oct 2006 Posts: 150
|
Posted: Tue Nov 16, 2010 4:06 pm Post subject: |
|
|
Changed exec to shell_exec now and it does write a file, but it is empty.
Is it at all possible to have "C:\scanResult.txt" as destination for the file or should it just be "C:\scanResult"?
Also, after I started the site I did notice I could no longer start the client (the one in the browser, https://localhost:8834/) and after a restart I went there and saw the scan was not in the log. At the moment I don't really know what to do to make it work.
PS: I started everything as admin just to be sure that the permissions wouldn't be in the way. I can start a scan manually and it will be visible in the log on localhost:8834.
edit 1:
Ok, it appears that it doesnt do anything now. The file was made because of a test I made in my code.
That was why the file was created, but the normal one still doesn't work. Do wonder why it didn't allow me to start the client the first time though.
The normal code I use to execute it is:
Code: | $executeNessus = "E:\Nessus\nessus.exe -q ".$ip." ".$port." ".$user." ".$pass." ".$path." ".$result;
shell_exec($executeNessus); |
But that doesn't do anything.
edit 2:
I don't know how to get to the log of what it did exactly.
Also I tried putting the shell_exec in an if form:
Code: | if(shell_exec($executeNessus))
{
print("works");
} |
But it does not return true, meaning it doesn't execute it. Because of this I am just confused with what the problem is and how it's caused.
edit 3:
Tried to run it through start today and I got quite a weird message:
Quote: | "Please choose your level of SSL paranoia (Hint: if you want to manage many servers from your client, choose 2. Otherwise, choose 1, or 3, if you are paranoid)" |
After I tried it again with "-T text" behind it all so that it would automatically be saved as a .txt file, but then the program opens as a small black screen (like cmd) that is completely empty. The result file is not created.
|
|
Back to top |
|
|
AhMunRa Grandmaster Cheater Supreme Reputation: 27
Joined: 06 Aug 2010 Posts: 1117
|
Posted: Wed Nov 17, 2010 9:09 am Post subject: |
|
|
If you would upload your code somewhere with a list of all tools you are using. I'd be happy to go through tonight and see if I can get it running on one of my servers.
_________________
<Wiccaan> Bah that was supposed to say 'not saying its dead' lol. Fixing >.> |
|
Back to top |
|
|
|