Study Guides, Notes, & Quizzes

1.1 Benefits of using a script debugger. 1.2 Features of GFI LanGuard Script Debugger

Description
Scripting Guide The information and content in this document is provided for informational purposes only and is provided as is with no warranty of any kind, either express or implied, including but not
Published
of 42
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
Scripting Guide The information and content in this document is provided for informational purposes only and is provided as is with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, out-of-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical. All product and company names herein may be trademarks of their respective owners. GFI LanGuard is copyright of GFI SOFTWARE Ltd GFI Software Ltd. All rights reserved. Document Version: 11.3 Last updated (month/day/year): 09/05/2014 1 Introduction GFI LanGuard allows users to write custom scripts that check for vulnerabilities. Scripts can be platform dependent or platform independent: Platform dependent (the scripts are run on the scanned machine): UNIX shell scripts run through SSH - The remote machine must be a UNIX machine and allow remote connections via SSH Platform independent (the scripts are run on the machine where GFI LanGuard is installed): Visual Basic scripts - This manual provides extensive information on how to write, debug and setup Visual Basic custom vulnerability checks Python scripts - More details are available in the Python Scripting chapter in this manual. Topics in this chapter: 1.1 Benefits of using a script debugger Features of GFI LanGuard Script Debugger Benefits of using a script debugger The benefit of using an editor is that it is safer and faster to correct and create working scripts. Using an editor will ensure that the script is functional prior to running the script in a working environment. GFI LanGuard Script Debugger enables you to run the script as if in a working environment. The GFI LanGuard Script Debugger has all the common functionality found in an integrated development environment, amongst others it includes: Breakpoints Step into Step over Enables you to specify parameters for proper testing. Important Running the script in GFI LanGuard without debugging is not recommended. If the script is not functional you will not be able to identify why the script failed. In addition, improper coding can lead to infinite loops which can stall GFI LanGuard scanner. 1.2 Features of GFI LanGuard Script Debugger The following table contains the main features of GFI LanGuard Script Debugger: Feature Support for variable watches Step into/step over functionality highlighting Description Monitor in real time the changing variable values used. Enables you to debug your scripts line by line while monitoring what is going on during execution of the script. Easier to program scripts and locate problems. GFI LanGuard 1 Introduction 4 Feature Comprehensive error messaging Breakpoint Run/debug scripts using alternate credentials Description Indicates the type and location of the errors. Helps detecting variable type based errors. The debugger supports breakpoints which will shift into line by line debugging at a particular point of interest. Capability to debug and run the script under alternative credentials during the script development and debugging process. GFI LanGuard 1 Introduction 5 2 Visual Basic Script (VBScript) This chapter provides you with information about VBScript and how to create scripts using GFI LanGuard Script Debugger. A complete language reference for the Visual Basic programming language used by GFI LanGuard is available here: Topics in this chapter: 2.1 VBScript important notes VBScript functions supported by GFI LanGuard Common mistakes and pitfalls Tips and tricks Developing a script in GFI LanGuard Script Debugger Adding a new script-based vulnerability check to the scanner VBScript important notes In every script created, there must be a Function named Main. GFI LanGuard will look for and start from this function when executing any script. The return value of the Main function to the scripting engine is a Boolean (true or false). The return value is specified by assigning the result value to a variable which has the same name of the function name (example: if the function is named MyFunction, the return value is specified as MyFunction = true). This return value is generally specified at the end of the function. 'Show some text in the scanner activity window echo Script has run successfully 'return the result Main = true 2.2 VBScript functions supported by GFI LanGuard All VBScript functions and scripting methods are supported by GFI LanGuard. Use the following VBScript resources for more information: GFI LanGuard 2 Visual Basic Script (VBScript) 6 2.3 Common mistakes and pitfalls In VBScript there are two types of variables: Variable Type Simple Objects Description Variables are true types like integer, Boolean, string. Are complex items whose functionality is exposed by the automation objects interface. It is important to declare the automation object types as Object before assigning them values. Important It is highly recommended that you assign a value to all declared variables and/or objects. 'declare the object to be used Dim namestr As String 'assign a value to the variable namestr = This is a test assignment of text 'display the result in the scanner activity window of the assignment echo namestr 'return the result Main = true For a more advanced example, the script below will list which services are installed on the target machine (localhost = ). Copy paste the following text in the script debugger and run it (F5). In the debug window you will see the list of installed services on the local machine. Function main 'declare the objects we will need to use Dim wmi As Object Dim objswbemobject As Object 'declare other variables we need Dim strcomputer As String Dim cr As String strcomputer = 'Carriage return cr = Chr(13) + Chr(10) 'hook with the wmi object Set wmi = GetObject( winmgmts:\\ & strcomputer & \root\cimv2 ) 'Check that hook was successful GFI LanGuard 2 Visual Basic Script (VBScript) 7 If wmi is Nothing Then echo ( error1 ) 'Return the services instance of the wmi Set wmiinst=wmi.instancesof( win32_service ) 'Check to see that instance is available If wmiinst is Nothing Then echo ( error2 ) 'Loop true each instance For Each objswbemobject In wmiinst echo( service Name= ) 'Display services echo(objswbemobject.displayname+cr) Next Note If you try to use an automation object without declaration, the script will fail while compiling. As an example consider the same piece of code but with a missing full declaration of the object variable wmi. The instant you try to run the script you will be presented with an error message as well as a clear indication of the line on which the error occurred: Function main Dim wmi 'WARNING : missing as object Dim objswbemobject As Object 2.4 Tips and tricks To display progress information in the Scanner activity window (the bottom window of the scanner tool, or the bottom left window of the script debugger) use the echo command. 'Show some text in the scanner activity window echo Script has run successfully 'return the result Main = true GFI LanGuard 2 Visual Basic Script (VBScript) 8 2.5 Developing a script in GFI LanGuard Script Debugger This section contains information about creating a VBScript using GFI LanGuard Script Debugger. For more information, refer to: Creating a VBScript Running a script Debugging breakpoints - Step in functionality Monitoring values inside variables Debugging under alternative user sessions Sending parameters to the script Creating a script In this section, a script is created. This script checks if the messenger service is running or not on the local machine. The script is developed using the script debugger and demonstrates some of its features. Function main 'declare the objects we will need to use Dim wmi As Object Dim objswbemobject As Object 'declare other variables we need Dim strcomputer As String Dim cr As String strcomputer = 'carriage return cr = Chr(13) + Chr(10) 'hook with the wmi object Set wmi = GetObject( winmgmts:\\ & strcomputer & \root\cimv2 ) 'check that hook was successful If wmi is Nothing Then echo ( error1 ) 'return the services instance of the wmi Set wmiinst=wmi.instancesof( win32_service ) 'check to see that instance is available If wmiinst is Nothing Then echo ( error2 ) 'loop true each instance For Each objswbemobject In wmiinst If objswbemobject.displayname = Messenger Then echo( service Name= ) 'display services GFI LanGuard 2 Visual Basic Script (VBScript) 9 echo(objswbemobject.displayname+cr) echo( service Status= ) 'display state Next echo(objswbemobject.state+cr) If objswbemobject.state = Running Then main = true If objswbemobject.state = Running Then main = true Running a script To run the script, press F5 or click Debug Go Debugging breakpoints - Step in functionality The script debugger enables you to pause the execution at a specific position in the script. For example, you can set a break point to execute when the variable containing the display name of the service is Messenger. To do this in the example script, you would go to line 17 ( echo( service Name= ) ), and put the break point (Press F9) just under the if statement. During execution use the F10 key (step in) to execute the remaining code line by line Monitoring values inside variables To monitor the values contained in variables you have to add a watch for that variable. If you want to monitor the contents of the variable: 1. Expand the bottom status section. 2. Right-click the top free row under Variable. 3. Select Add watch and key in the name of the variable you want to monitor. Repeat this step to add monitors for more variables. 4. To remove a watch, right-click on it and select Delete watch Debugging under alternative user sessions To test the script under alternative credentials: 1. Launch GFI LanGuard Script Debugger 2. In the Using drop down list, select Alternative Credentials. 3. Key-in a user name and password in the provided text boxes Sending parameters to the script The GFI LanGuard scanner tool passes parameters to the scripts when executed., the computer name and computer IP of the target machine being scanned for vulnerabilities. To be able to debug your scripts you may want to test with various types of values for these parameters. You can specify alternative values for these parameters from Options Parameters. In order to gain access to these parameters in scripts, one has to use a special GFI LanGuard function called GetParameter and pass it the name of the parameter you want, for example: Function main 'declare the objects we will need to use GFI LanGuard 2 Visual Basic Script (VBScript) 10 Dim wmi As Object Dim objswbemobject As Object 'declare other variables we need Dim strcomputer As String Dim cr As String strcomputer = 'Carriage return cr = Chr(13) + Chr(10) 'hook with the wmi object Set wmi = GetObject( winmgmts:\\ & strcomputer & \root\cimv2 ) 'Check that hook was successful If wmi is Nothing Then echo ( error1 ) 'Return the services instance of the wmi Set wmiinst=wmi.instancesof( win32_service ) 'Check to see that instance is available If wmiinst is Nothing Then echo ( error2 ) 'Loop true each instance For Each objswbemobject In wmiinst echo( service Name= ) 'Display services echo(objswbemobject.displayname+cr) Next 2.6 Adding a new script-based vulnerability check to the scanner The following example describes how to create a new vulnerability check and will run a script to check for the new vulnerability. The script displays Script ran successfully in the Scanner Activity Window, and will indicate to GFI LanGuard that vulnerability has been detected and should be reported to the administrator. To achieve this you must: Step 1 - Create a script which checks for the vulnerability (as described in the previous section) Step 2 - Create a new vulnerability to run the script Step 1: Create a script which checks for the vulnerability 1. Launch the GFI LanGuard Script Debugger from Start Programs GFI LanGuard 2012 GFI LanGuard Script Debugger. 2. Click File New. 3. Paste the following text in the debugger: echo Script has run successfully GFI LanGuard 2 Visual Basic Script (VBScript) 11 Main = true 4. Save the file to a directory of your choice, example c:\myscript.vbs Step 2: Create a new vulnerability to run the script 1. Launch the GFI LanGuard management console from Start Programs GFI LanGuard 2014 GFI LanGuard Click the main options button and select Configure Scanning Profiles Editor. Alternatively, click Ctrl + P. This opens the Scanning Profiles Editor. 3. From Common Tasks, click New scanning profile or select an existing scanning profile you want to edit. 4. Key in a profile name and optionally, key in a description. 5. (Optional) Select Copy all settings from an existing profile and from the Profile drop-down menu, select the existing scanning profile you want to duplicate. 6. Click OK. Note The new scanning profile is added under the Profiles section in the left pane. 7. Select the new scanning profile and from the right-pane, click Add This opens the Add vulnerability dialog. 8. From the General tab, key in general details, such as the vulnerability name, type, etc. 9. Click Conditions tab Add. 10. Set the check type to Independent Checks VB Script Test. Click Next. 11. Specify the location of the script (example: ProductDataDir \Scripts\newvulnerability.vbs). Click Next. 12. Select the attribute you want to set the condition on, the corresponding operator and the value of the script execution. Note Each script provides you with supported values in the Description section. 13. Click Finish. The vulnerability check is added and will be included in the list of vulnerabilities checked for on the next scan of a computer. To test it out, simply scan your localhost machine ( ) and you should see the vulnerability warning under the miscellaneous section of the vulnerabilities node of the scan results. GFI LanGuard 2 Visual Basic Script (VBScript) 12 3 Python Scripting This chapter provides you with the required information to create and run Python scripts. Starting with version 9.0, GFI LanGuard supports Python-based vulnerability checks. This type of check is available under the Independent Checks type. Topics in this chapter: 3.1 What is Python scripting language? Creating a new vulnerability check using Python Script Test Application Programming Interfaces (APIs) available in Python Scripts Debugging Python scripts Python libraries and code reusability What is Python scripting language? Python is an interpreted programming language created by Guido van Rossum in Python is entirely dynamically typed and uses automatic memory management. One important thing to remember is that instead of punctuation or keywords, Python source code uses indentation itself to indicate the run of a block. of a factorial function in Python: def factorial(x): if x == 0: else: return 1 return x * factorial(x-1) 3.2 Creating a new vulnerability check using Python Script Test To create Python Script Tests, you must: Step 1: Creating the script Step 2: Creating the new vulnerability check Step 1: Creating the script 1. Launch GFI LanGuard Script Debugger from Start Programs GFI LanGuard 2014 GFI LanGuard Script Debugger. 2. Click File New. 3. Copy and paste the following script in the script debugger: #PythonSuccessfullCheck.py See the file ProductDataDir \Scripts\lpy.py for details. def main(): Return values: * 0 - false, failed GFI LanGuard 3 Python Scripting 13 * 1 - true, success result = 0 #Your code here... result = 1 return(result) 4. Save the script to a location of your choice Step 2: Creating the new vulnerability check 1. Launch the GFI LanGuard management console from Start Programs GFI LanGuard 2014 GFI LanGuard Click the main options button and select Configure Scanning Profiles Editor. Alternatively, click Ctrl + P. This opens the Scanning Profiles Editor. 3. From Common Tasks, click New scanning profile or select an existing scanning profile you want to edit. 4. From the Scanning Profiles Editor, click Vulnerability Assessment Options Vulnerabilities. 5. From the vulnerabilities type list, expand Vulnerabilities and select Miscellaneous. Click Add. This opens the Add vulnerability dialog. 6. From the General tab, key in general information such as the name, type and description of the new vulnerability. 7. Click Conditions tab Add. 8. Select Independent Checks Independent Python Script Test. Click Next. 9. Specify the location of the script (example: ProductDataDir \Scripts\newvulnerability.vbs). (Load the script created in Step 1: Create a script which checks for the vulnerability). 10. From the drop-down menu, select the number of objects that must match, for the condition to return TRUE. Click Next. 11. In the Value edit box specify the value returned by the Python script when the vulnerability is discovered. Note Each script provides you with supported values in the Description section. 12. Click Finish. 3.3 Application Programming Interfaces (APIs) available in Python Scripts GFI LanGuard embeds most of the default Python implementation (also known as CPython, available from Currently we use Python version 2.5. Therefore, most existing Python scripts work with minor modifications in GFI LanGuard. The most important modification is that scripts must have a main() function which returns 1 or 0. All of the Python scripts used by security scanner modules (vulnerability checks and security applications information) have access to the following global variables: GFI LanGuard 3 Python Scripting 14 ComputerIP ComputerName LNSSDir localprogramfilespath localwindowspath localsystem32path User Password ComputerIP = ' ' ComputerName = 'WXPSandbox LNSSDir = 'C:\\Program Files\\GFI\\LanGuard 2011\\' localprogramfilespath = 'C:\\Program Files' localwindowspath = 'C:\\WINDOWS' localsystem32path = 'C:\\WINDOWS\\system32' User = '' Password = '' Use these global variables in order to get access to the name or IP address of the scanned machine, to credentials needed to connect to the scanned machine. The GFI LanGuard global functions are available to Python scripts as methods of the GlobalFunctions object. I.E: # Using global functions. def main(): Return values: * 0 - false, failed * 1 - true, success result = 0 # Display text. GlobalFunctions.echo( Hello! ) # Adds given text to the log file. GlobalFunctions.writetolog( Python script started. ) # Adds given text to the status bar. GlobalFunctions.statusbar( Hello StatusBar! ) # Adds a subnode named like the second parameter to the current vulnerability. GlobalFunctions.addlistitem( , Vulnerability description. ) # Changes the description of the current vulnerability. GlobalFunctions.setdescription( List of modems installed ) GFI LanGuard 3 Python Scripting 15 GlobalFunctions.writetolog( Python script finished. ) result = 1 return(result) GFI LanGuard also provides a COM client API for Python scripts in the form of pywin32. Note All GFI LanGuard COM scripting libraries are available via win32com.client to Python scripts. For more information, refer to Scripting Objects (page 19). # DNS lookup using LanGuard COM object GlbObj.Socket. def main(): R
Search
Similar documents
View more...
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks