2012-06-29 05:18:28 +00:00
|
|
|
# -*- coding: binary -*-
|
2010-10-07 06:24:26 +00:00
|
|
|
module Rex
|
|
|
|
module Parser
|
|
|
|
|
|
|
|
|
|
|
|
class NetSparkerXMLStreamParser
|
|
|
|
|
|
|
|
attr_accessor :on_found_vuln
|
|
|
|
|
|
|
|
def initialize(on_found_vuln = nil)
|
|
|
|
self.on_found_vuln = on_found_vuln if on_found_vuln
|
2012-05-24 23:10:26 +00:00
|
|
|
reset_state
|
2010-10-07 06:24:26 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def reset_state
|
|
|
|
@state = :generic_state
|
2010-10-11 02:57:07 +00:00
|
|
|
@vuln = {'info' => []}
|
2010-10-07 06:24:26 +00:00
|
|
|
@attr = {}
|
|
|
|
end
|
|
|
|
|
|
|
|
def tag_start(name, attributes)
|
|
|
|
@state = "in_#{name.downcase}".intern
|
|
|
|
@attr = attributes
|
2012-05-24 23:10:26 +00:00
|
|
|
|
2010-10-07 06:24:26 +00:00
|
|
|
case name
|
|
|
|
when "vulnerability"
|
2013-01-07 22:27:40 +00:00
|
|
|
@vuln = { 'info' => [] }
|
2010-10-07 06:24:26 +00:00
|
|
|
@vuln['confirmed'] = attributes['confirmed']
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def text(str)
|
|
|
|
case @state
|
|
|
|
when :in_url
|
|
|
|
@vuln['url'] ||= ""
|
|
|
|
@vuln['url'] += str
|
|
|
|
when :in_type
|
2012-05-24 23:10:26 +00:00
|
|
|
@vuln['type'] ||= ""
|
2010-10-07 06:24:26 +00:00
|
|
|
@vuln['type'] += str
|
|
|
|
when :in_severity
|
|
|
|
@vuln['severity'] ||= ""
|
|
|
|
@vuln['severity'] += str
|
|
|
|
when :in_vulnerableparametertype
|
|
|
|
@vuln["vparam_type"] ||= ""
|
|
|
|
@vuln["vparam_type"] += str
|
|
|
|
when :in_vulnerableparameter
|
2012-05-24 23:10:26 +00:00
|
|
|
@vuln["vparam_name"] ||= ""
|
|
|
|
@vuln["vparam_name"] += str
|
2010-10-07 06:24:26 +00:00
|
|
|
when :in_vulnerableparametervalue
|
2012-05-24 23:10:26 +00:00
|
|
|
@vuln["vparam_value"] ||= ""
|
|
|
|
@vuln["vparam_value"] += str
|
2010-10-07 06:24:26 +00:00
|
|
|
when :in_rawrequest
|
2012-05-24 23:10:26 +00:00
|
|
|
@vuln["request"] ||= ""
|
2010-10-07 06:24:26 +00:00
|
|
|
@vuln["request"] += str
|
|
|
|
when :in_rawresponse
|
|
|
|
@vuln["response"] ||= ""
|
|
|
|
@vuln["response"] += str
|
|
|
|
when :in_info
|
2010-10-11 02:57:07 +00:00
|
|
|
# <info name="Identified Internal Path(s)">C:\AppServ\www\test-apps\dokeos\main\inc\banner.inc.php</info>
|
|
|
|
if not str.to_s.strip.empty?
|
|
|
|
@vuln['info'] << [@attr['name'] || "Information", str]
|
|
|
|
end
|
2010-10-07 06:24:26 +00:00
|
|
|
when :in_netsparker
|
|
|
|
when :in_target
|
|
|
|
when :in_scantime
|
|
|
|
when :generic_state
|
|
|
|
when :in_vulnerability
|
|
|
|
when :in_extrainformation
|
2012-05-24 23:10:26 +00:00
|
|
|
else
|
2010-10-07 06:24:26 +00:00
|
|
|
# $stderr.puts "unknown state: #{@state}"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def tag_end(name)
|
|
|
|
case name
|
|
|
|
when "vulnerability"
|
|
|
|
@vuln.keys.each do |k|
|
2010-10-11 02:57:07 +00:00
|
|
|
@vuln[k] = @vuln[k].strip if @vuln[k].kind_of?(::String)
|
2010-10-07 06:24:26 +00:00
|
|
|
end
|
|
|
|
on_found_vuln.call(@vuln) if on_found_vuln
|
|
|
|
reset_state
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
# We don't need these methods, but they're necessary to keep REXML happy
|
|
|
|
def xmldecl(version, encoding, standalone); end
|
2013-01-07 23:16:48 +00:00
|
|
|
def cdata(data)
|
|
|
|
puts "cdata for #{@state} (#{data.length})"
|
|
|
|
case @state
|
|
|
|
when :in_rawresponse
|
|
|
|
@vuln["response"] = data
|
|
|
|
when :in_rawrequest
|
|
|
|
@vuln["request"] = data
|
|
|
|
when :in_info
|
|
|
|
if not data.to_s.strip.empty?
|
|
|
|
@vuln['info'] << [@attr['name'] || "Information", data]
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2010-10-07 06:24:26 +00:00
|
|
|
def comment(str); end
|
|
|
|
def instruction(name, instruction); end
|
|
|
|
def attlist; end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
__END__
|
|
|
|
|