From 8f0d664a3843442532d8a14efae72c0fb2a03f8e Mon Sep 17 00:00:00 2001 From: Brian Patterson Date: Wed, 30 Mar 2016 17:44:26 -0500 Subject: [PATCH] Modify the open_vas importer to support both results.xml and reports.xml open_vas exports and modify the nessus importer to import what it can when it can't find a properly formatted port number --- lib/msf/core/db_manager/import.rb | 5 ++++- lib/msf/core/db_manager/import/nessus.rb | 16 +++++++++------- lib/msf/core/db_manager/import/open_vas.rb | 2 +- lib/rex/parser/openvas_nokogiri.rb | 10 ++++++---- 4 files changed, 20 insertions(+), 13 deletions(-) diff --git a/lib/msf/core/db_manager/import.rb b/lib/msf/core/db_manager/import.rb index c5a0e9d8d4..3a243fdfb1 100644 --- a/lib/msf/core/db_manager/import.rb +++ b/lib/msf/core/db_manager/import.rb @@ -254,6 +254,9 @@ module Msf::DBManager::Import elsif (firstline.index("")) @import_filedata[:type] = "Retina XML" return :retina_xml + elsif (firstline.index(//)) + @import_filedata[:type] = "OpenVAS XML" + return :openvas_new_xml elsif (firstline.index(//)) @import_filedata[:type] = "OpenVAS XML" return :openvas_new_xml @@ -286,7 +289,7 @@ module Msf::DBManager::Import @import_filedata[:type] = "Nmap XML" return :nmap_xml when "openvas-report" - @import_filedata[:type] = "OpenVAS Report" + @import_filedata[:type] = "OpenVAS" return :openvas_xml when "NessusClientData" @import_filedata[:type] = "Nessus XML (v1)" diff --git a/lib/msf/core/db_manager/import/nessus.rb b/lib/msf/core/db_manager/import/nessus.rb index 078438d922..cbfeeb7e4a 100644 --- a/lib/msf/core/db_manager/import/nessus.rb +++ b/lib/msf/core/db_manager/import/nessus.rb @@ -12,20 +12,22 @@ module Msf::DBManager::Import::Nessus # Nessus NBE and NESSUS v1 methods # def handle_nessus(wspace, hobj, port, nasl, plugin_name, severity, data,task=nil) + addr = hobj.address # The port section looks like: # http (80/tcp) p = port.match(/^([^\(]+)\((\d+)\/([^\)]+)\)/) - return if not p - # Unnecessary as the caller should already have reported this host - #report_host(:workspace => wspace, :host => addr, :state => Msf::HostState::Alive) - name = p[1].strip - port = p[2].to_i - proto = p[3].downcase + if p + name = p[1].strip + port = p[2].to_i + proto = p[3].downcase + else + port = nil + end info = { :workspace => wspace, :host => hobj, :port => port, :proto => proto, :task => task } - if name != "unknown" and name[-1,1] != "?" + if name and name != "unknown" and name[-1,1] != "?" info[:name] = name end report_service(info) diff --git a/lib/msf/core/db_manager/import/open_vas.rb b/lib/msf/core/db_manager/import/open_vas.rb index 9991d19e86..f2ef38929f 100644 --- a/lib/msf/core/db_manager/import/open_vas.rb +++ b/lib/msf/core/db_manager/import/open_vas.rb @@ -29,6 +29,6 @@ module Msf::DBManager::Import::OpenVAS filename = args[:filename] wspace = args[:wspace] || workspace - raise Msf::DBImportError.new("No OpenVAS XML support. Please submit a patch to msfdev[at]metasploit.com") + raise Msf::DBImportError.new("No OpenVas XML support. Please submit a patch to msfdev[at]metasploit.com") end end diff --git a/lib/rex/parser/openvas_nokogiri.rb b/lib/rex/parser/openvas_nokogiri.rb index 07fd3c6b82..b38d034abe 100644 --- a/lib/rex/parser/openvas_nokogiri.rb +++ b/lib/rex/parser/openvas_nokogiri.rb @@ -4,7 +4,7 @@ require "rex/parser/nokogiri_doc_mixin" module Rex module Parser - # If Nokogiri is available, define OpenVAS document class. + # If Nokogiri is available, define OpenVas document class. load_nokogiri && class OpenVASDocument < Nokogiri::XML::SAX::Document include NokogiriDocMixin @@ -37,8 +37,10 @@ module Parser @state[:vuln_name] = @text.strip if @text end when 'description' - @state[:has_text] = true - @state[:vuln_desc] = @text.strip if @text + if in_tag('result') + @state[:has_text] = true + @state[:vuln_desc] = @text.strip if @text + end when 'bid' if in_tag('result') && in_tag('nvt') @state[:has_text] = true @@ -62,7 +64,7 @@ module Parser when 'subnet' @state[:has_text] = true when 'result' - record_vuln if in_tag('results') + record_vuln when 'threat' @state[:has_text] = true if in_tag('ports') && in_tag('port') when 'host'