Fixes #690 by merging John Miller's patch to enable Nessus v2 support

git-svn-id: file:///home/svn/framework3/trunk@8114 4d416f70-5f16-0410-b530-b9f4589650da
unstable
HD Moore 2010-01-14 12:57:26 +00:00
parent b9e6c8eef7
commit 568770ae23
1 changed files with 89 additions and 10 deletions

View File

@ -1136,21 +1136,24 @@ class DBManager
end end
# #
# Import Nessus XML v1 output # Import Nessus XML v1 and v2 output
# #
# Old versions of openvas exported this as well # Old versions of openvas exported this as well
# #
def import_nessus_xml_file(filename) def import_nessus_xml_file(filename)
f = File.open(filename, 'r') f = File.open(filename, 'r')
data = f.read(f.stat.size) data = f.read(f.stat.size)
import_nessus_xml(data)
end
def import_nessus_xml(data)
if(data.index("NessusClientData_v2"))
raise DBImportError.new("The v2 .nessus format is not currently supported (patches welcome).")
end
doc = REXML::Document.new(file_contents) if data.index("NessusClientData_v2")
import_nessus_xml_v2(data)
else
import_nessus_xml(data)
end
end
def import_nessus_xml(data)
doc = REXML::Document.new(data)
doc.elements.each('/NessusClientData/Report/ReportHost') do |host| doc.elements.each('/NessusClientData/Report/ReportHost') do |host|
addr = host.elements['HostName'].text addr = host.elements['HostName'].text
@ -1165,6 +1168,36 @@ class DBManager
end end
end end
def import_nessus_xml_v2(data)
doc = REXML::Document.new(data)
doc.elements.each('/NessusClientData_v2/Report/ReportHost') do |host|
# if Nessus resovled the host, its host-ip tag should be set
# otherwise, fall back to the name attribute which would
# logically need to be an IP address
begin
addr = host.elements["HostProperties/tag[@name='host-ip']"].text
rescue
addr = host.attribute("name").value
end
host.elements.each('ReportItem') do |item|
nasl = item.attribute('pluginID').value
port = item.attribute('port').value
proto = item.attribute('protocol').value
name = item.attribute('svc_name').value
severity = item.attribute('severity').value
description = item.elements['description']
cve = item.elements['cve']
bid = item.elements['bid']
xref = item.elements['xref']
handle_nessus_v2(addr, port, proto, name, nasl, severity, description, cve, bid, xref)
end
end
end
def import_amap_log_file(filename) def import_amap_log_file(filename)
f = File.open(filename, 'r') f = File.open(filename, 'r')
data = f.read(f.stat.size) data = f.read(f.stat.size)
@ -1201,7 +1234,7 @@ protected
# #
# This holds all of the shared parsing/handling used by the # This holds all of the shared parsing/handling used by the
# Nessus NBE and NESSUS methods # Nessus NBE and NESSUS v1 methods
# #
def handle_nessus(addr, port, nasl, severity, data) def handle_nessus(addr, port, nasl, severity, data)
# The port section looks like: # The port section looks like:
@ -1258,6 +1291,52 @@ protected
:refs => refs) :refs => refs)
end end
#
# NESSUS v2 file format has a dramatically different layout
# for ReportItem data
#
def handle_nessus_v2(addr,port,proto,name,nasl,severity,description,cve,bid,xref)
report_host(:host => addr, :state => Msf::HostState::Alive)
info = { :host => addr, :port => port, :proto => proto }
if name != "unknown"
info[:name] = name
end
if nasl == "0"
report_service(info)
return
end
service = find_or_create_service(info)
refs = []
cve.collect do |r|
r.to_s.gsub!(/C(VE|AN)\-/, '')
refs.push('CVE-' + r.to_s)
end if cve
bid.collect do |r|
refs.push('BID-' + r.to_s)
end if bid
xref.collect do |r|
ref_id, ref_val = r.to_s.split(':')
ref_val ? refs.push(ref_id + '-' + ref_val) : refs.push(ref_id)
end if xref
nss = 'NSS-' + nasl
vuln = report_vuln(
:host => addr,
:service => service,
:name => nss,
:data => :description ? description.text : "",
:refs => refs)
end
def process_nexpose_data_sxml_refs(vuln) def process_nexpose_data_sxml_refs(vuln)
refs = [] refs = []
vid = vuln.attributes['id'].to_s.downcase vid = vuln.attributes['id'].to_s.downcase