Adds imported file metadata to imported hosts as a "host.imported" note, indicating the source filename, the detected file type, and the imported time.
git-svn-id: file:///home/svn/framework3/trunk@9227 4d416f70-5f16-0410-b530-b9f4589650daunstable
Tod Beardsley
parent
47cea7bbb3
commit
8632146be4
|
|
@ -1118,6 +1118,8 @@ class DBManager
|
||||||
# file, there shouldn't be any false detections, but no guarantees.
|
# file, there shouldn't be any false detections, but no guarantees.
|
||||||
#
|
#
|
||||||
def import_file(filename, wspace=workspace)
|
def import_file(filename, wspace=workspace)
|
||||||
|
@import_filedata = {}
|
||||||
|
@import_filedata[:filename] = filename
|
||||||
f = File.open(filename, 'rb')
|
f = File.open(filename, 'rb')
|
||||||
data = f.read(f.stat.size)
|
data = f.read(f.stat.size)
|
||||||
import(data, wspace)
|
import(data, wspace)
|
||||||
|
|
@ -1142,7 +1144,9 @@ class DBManager
|
||||||
end
|
end
|
||||||
firstline = data[0, di]
|
firstline = data[0, di]
|
||||||
if (firstline.index("<NeXposeSimpleXML"))
|
if (firstline.index("<NeXposeSimpleXML"))
|
||||||
|
@import_filedata[:type] = "NeXpose Report (SimpleXML)" if @import_filedata
|
||||||
return import_nexpose_simplexml(data, wspace)
|
return import_nexpose_simplexml(data, wspace)
|
||||||
|
@import_filedata[:type] = "NeXpose Report" if @import_filedata
|
||||||
elsif (firstline.index("<NexposeReport"))
|
elsif (firstline.index("<NexposeReport"))
|
||||||
return import_nexpose_rawxml(data, wspace)
|
return import_nexpose_rawxml(data, wspace)
|
||||||
elsif (firstline.index("<?xml"))
|
elsif (firstline.index("<?xml"))
|
||||||
|
|
@ -1152,16 +1156,22 @@ class DBManager
|
||||||
line =~ /<([a-zA-Z0-9\-\_]+)[ >]/
|
line =~ /<([a-zA-Z0-9\-\_]+)[ >]/
|
||||||
case $1
|
case $1
|
||||||
when "nmaprun"
|
when "nmaprun"
|
||||||
|
@import_filedata[:type] = "Nmap Scan" if @import_filedata
|
||||||
return import_nmap_xml(data, wspace)
|
return import_nmap_xml(data, wspace)
|
||||||
when "openvas-report"
|
when "openvas-report"
|
||||||
|
@import_filedata[:type] = "OpenVAS Report" if @import_filedata
|
||||||
return import_openvas_xml(data, wspace)
|
return import_openvas_xml(data, wspace)
|
||||||
when "NessusClientData"
|
when "NessusClientData"
|
||||||
|
@import_filedata[:type] = "Nessus Report" if @import_filedata
|
||||||
return import_nessus_xml(data, wspace)
|
return import_nessus_xml(data, wspace)
|
||||||
when "NessusClientData_v2"
|
when "NessusClientData_v2"
|
||||||
|
@import_filedata[:type] = "Nessus Report (v2)" if @import_filedata
|
||||||
return import_nessus_xml_v2(data, wspace)
|
return import_nessus_xml_v2(data, wspace)
|
||||||
when "SCAN"
|
when "SCAN"
|
||||||
|
@import_filedata[:type] = "Qualys Scan" if @import_filedata
|
||||||
return import_qualys_xml(data, wspace)
|
return import_qualys_xml(data, wspace)
|
||||||
when "MetasploitExpressV1"
|
when "MetasploitExpressV1"
|
||||||
|
@import_filedata[:type] = "Metasploit Express Report" if @import_filedata
|
||||||
return import_msfe_v1_xml(data, wspace)
|
return import_msfe_v1_xml(data, wspace)
|
||||||
else
|
else
|
||||||
# Give up if we haven't hit the root tag in the first few lines
|
# Give up if we haven't hit the root tag in the first few lines
|
||||||
|
|
@ -1170,13 +1180,16 @@ class DBManager
|
||||||
line_count += 1
|
line_count += 1
|
||||||
}
|
}
|
||||||
elsif (firstline.index("timestamps|||scan_start"))
|
elsif (firstline.index("timestamps|||scan_start"))
|
||||||
|
@import_filedata[:type] = "Nessus NBE Report" if @import_filedata
|
||||||
# then it's a nessus nbe
|
# then it's a nessus nbe
|
||||||
return import_nessus_nbe(data, wspace)
|
return import_nessus_nbe(data, wspace)
|
||||||
elsif (firstline.index("# amap v"))
|
elsif (firstline.index("# amap v"))
|
||||||
# then it's an amap mlog
|
# then it's an amap mlog
|
||||||
|
@import_filedata[:type] = "Amap Log" if @import_filedata
|
||||||
return import_amap_mlog(data, wspace)
|
return import_amap_mlog(data, wspace)
|
||||||
elsif (firstline =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/)
|
elsif (firstline =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/)
|
||||||
# then its an IP list
|
# then its an IP list
|
||||||
|
@import_filedata[:type] = "IP List Text File" if @import_filedata
|
||||||
return import_ip_list(data, wspace)
|
return import_ip_list(data, wspace)
|
||||||
end
|
end
|
||||||
raise DBImportError.new("Could not automatically determine file type")
|
raise DBImportError.new("Could not automatically determine file type")
|
||||||
|
|
@ -1655,6 +1668,8 @@ class DBManager
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
report_import_note(wspace,addr)
|
||||||
|
|
||||||
# Put all the ports, regardless of state, into the db.
|
# Put all the ports, regardless of state, into the db.
|
||||||
h["ports"].each { |p|
|
h["ports"].each { |p|
|
||||||
extra = ""
|
extra = ""
|
||||||
|
|
@ -1679,6 +1694,17 @@ class DBManager
|
||||||
REXML::Document.parse_stream(data, parser)
|
REXML::Document.parse_stream(data, parser)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def report_import_note(wspace,addr)
|
||||||
|
if @import_filedata.kind_of?(Hash) && @import_filedata[:type]
|
||||||
|
report_note(
|
||||||
|
:workspace => wspace,
|
||||||
|
:host => addr,
|
||||||
|
:type => 'host.imported',
|
||||||
|
:data => @import_filedata.merge(:time=> Time.now.utc)
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
# Import Nessus NBE files
|
# Import Nessus NBE files
|
||||||
#
|
#
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue