#!/bin/bash # ------------------------------------------------------------------------------ # $Id: do-scan,v 1.8 2009/12/17 15:29:45 frank_breedijk Exp $ # ------------------------------------------------------------------------------ # This is the shell script that actually kicks off a scan usin nessus # after kicking of the scan it converts the output to xml and html format and # starts the process-scan.pl perl script to update the flat file database. # After this is runs a chmod to fix the permissions for the webserver. # ------------------------------------------------------------------------------ # Copyright (C) 2008 Schuberg Philis, Frank Breedijk - Under GPLv3 # ------------------------------------------------------------------------------ # # << ----------->> # for my custom mods to run multiple scanmonitors and do-scans on the same host # add extra config files to etc --> mod line 20 # change default scan type to a ping sweep --> mod lines 23, 24 # added the scangrp / subnet name to the output file and added the default .nessus format --> mode lines 80, 82 # commented out the post scan processing --> mode lines 87+ source ~/etc/config export SENDMAIL #MODE="safe" MODE="ping_sweep" if [ -d $VAR/$1 ] then if [ -e $VAR/$1/config ] then source $VAR/$1/config else echo "Config file $1/config not found" exit fi if [ -e $VAR/$1/hosts ] then echo else echo "Config file $1/hosts not found" exit fi else echo "Directory for scan $1 does not exist" exit fi DATE=`date +%Y%m%d%H%M` cd $VAR/$1 if [ ! -d "$VAR/$1/output" ]; then mkdir output fi if [ ! -d "$VAR/$1/findings" ]; then i mkdir findings fi eval "$PRESCAN" # BUG [ 2740102 ] Nessus v 2.2.5 issue VERSION=`$NESSUSBIN -v|head -1` # VERSION="$NESSUSBIN -v|head -1" if [ `echo $VERSION|grep -i openvas|wc -l` -ge 1 ] then # BUG [ 2316867 ] OpenVas does not allow the -x flag before the host # spec, but needs it after that. #changed this to include the directory in the file name #CMD="$NESSUSBIN -c $HOME/etc/$MODE-nessusrc -q $HOST $PORT $USER '$PASS' hosts output/$DATE.nbe -x" CMD="$NESSUSBIN -c $HOME/etc/$MODE-nessusrc -q $HOST $PORT $USER '$PASS' hosts output/$1-$DATE.nbe -x" #CMD="$NESSUSBIN -c $HOME/etc/$MODE-nessusrc -q $HOST $PORT $USER "$PASS" hosts output/$1-$DATE.nbe -x" else CMD="$NESSUSBIN -c $HOME/etc/$MODE-nessusrc -q -x $HOST $PORT $USER '$PASS' hosts output/$1-$DATE.nbe" #CMD="$NESSUSBIN -c $HOME/etc/$MODE-nessusrc -q -x $HOST $PORT $USER "$PASS" hosts output/$1-$DATE.nbe" fi eval $CMD #eval "$CMD" eval "$POSTSCAN" # BUG [ 2433253 ] - When scan fails nbe file should not be processed # Updated do-scan to not run process-scan if the NBE file does not exist. #if [ -e $HOME/var/$1/output/$DATE.nbe ] if [ -e $HOME/var/$1/output/$1-$DATE.nbe ] then # XML FORMAT NOT SUPPORTED - LINE COMMENTED OUT # $NESSUSBIN -c $HOME/etc/$MODE-nessusrc -i $HOME/var/$1/output/$DATE.nbe -o $HOME/var/$1/output/$DATE.xml #$NESSUSBIN -c $HOME/etc/$MODE-nessusrc -i $HOME/var/$1/output/$DATE.nbe -o $HOME/var/$1/output/$DATE.html # we want to prefix the scangrp / subnet name to the results file #$NESSUSBIN -c $HOME/etc/$MODE-nessusrc -i $HOME/var/$1/output/$1-$DATE.nbe -o $HOME/var/$1/output/$1-$DATE.html # we also want a .nessus format $NESSUSBIN -c $HOME/etc/$MODE-nessusrc -i $HOME/var/$1/output/$1-$DATE.nbe -o $HOME/var/$1/output/$1-$DATE.nessus find . -type f |xargs chmod 660 find . -type d |xargs chmod 775 # Commented out the process-scan.pl section. # We only want the nbe files. # $HOME/bin/process-scan.pl $1 $EMAIL # find . -type f |xargs chmod 660 # find . -type d |xargs chmod 775 else #echo "Scan failed, .NBE file $HOME/var/$1/output/$DATE.nbe does not exist" echo "Scan failed, .NBE file $HOME/var/$1/output/$1-$DATE.nbe does not exist" fi