Extract Msf::DBManager::Import::Nessus::XML::V*
MSP-11124 Extract different versions of Nessus XML format.bug/bundler_fix
Luke Imhoff
parent
cee782ab8b
commit
aae6dc9066
|
|
@ -349,164 +349,6 @@ module Msf::DBManager::Import
|
|||
raise DBImportError.new("Could not automatically determine file type")
|
||||
end
|
||||
|
||||
def import_nessus_xml(args={}, &block)
|
||||
data = args[:data]
|
||||
wspace = args[:wspace] || workspace
|
||||
bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
|
||||
|
||||
doc = rexmlify(data)
|
||||
doc.elements.each('/NessusClientData/Report/ReportHost') do |host|
|
||||
hobj = nil
|
||||
addr = nil
|
||||
hname = nil
|
||||
os = nil
|
||||
# If the name is resolved, the Nessus plugin for DNS
|
||||
# resolution should be there. If not, fall back to the
|
||||
# HostName
|
||||
host.elements.each('ReportItem') do |item|
|
||||
next unless item.elements['pluginID'].text == "12053"
|
||||
addr = item.elements['data'].text.match(/([0-9\x2e]+) resolves as/n)[1]
|
||||
hname = host.elements['HostName'].text
|
||||
end
|
||||
addr ||= host.elements['HostName'].text
|
||||
next unless ipv46_validator(addr) # Skip resolved names and SCAN-ERROR.
|
||||
if bl.include? addr
|
||||
next
|
||||
else
|
||||
yield(:address,addr) if block
|
||||
end
|
||||
|
||||
hinfo = {
|
||||
:workspace => wspace,
|
||||
:host => addr,
|
||||
:task => args[:task]
|
||||
}
|
||||
|
||||
# Record the hostname
|
||||
hinfo.merge!(:name => hname.to_s.strip) if hname
|
||||
hobj = report_host(hinfo)
|
||||
report_import_note(wspace,hobj)
|
||||
|
||||
# Record the OS
|
||||
os ||= host.elements["os_name"]
|
||||
if os
|
||||
report_note(
|
||||
:workspace => wspace,
|
||||
:task => args[:task],
|
||||
:host => hobj,
|
||||
:type => 'host.os.nessus_fingerprint',
|
||||
:data => {
|
||||
:os => os.text.to_s.strip
|
||||
}
|
||||
)
|
||||
end
|
||||
|
||||
host.elements.each('ReportItem') do |item|
|
||||
nasl = item.elements['pluginID'].text
|
||||
plugin_name = item.elements['pluginName'].text
|
||||
port = item.elements['port'].text
|
||||
data = item.elements['data'].text
|
||||
severity = item.elements['severity'].text
|
||||
|
||||
handle_nessus(wspace, hobj, port, nasl, plugin_name, severity, data, args[:task])
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def import_nessus_xml_v2(args={}, &block)
|
||||
data = args[:data]
|
||||
wspace = args[:wspace] || workspace
|
||||
bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
|
||||
|
||||
#@host = {
|
||||
#'hname' => nil,
|
||||
#'addr' => nil,
|
||||
#'mac' => nil,
|
||||
#'os' => nil,
|
||||
#'ports' => [ 'port' => { 'port' => nil,
|
||||
# 'svc_name' => nil,
|
||||
# 'proto' => nil,
|
||||
# 'severity' => nil,
|
||||
# 'nasl' => nil,
|
||||
# 'description' => nil,
|
||||
# 'cve' => [],
|
||||
# 'bid' => [],
|
||||
# 'xref' => []
|
||||
# }
|
||||
# ]
|
||||
#}
|
||||
parser = Rex::Parser::NessusXMLStreamParser.new
|
||||
parser.on_found_host = Proc.new { |host|
|
||||
|
||||
hobj = nil
|
||||
addr = host['addr'] || host['hname']
|
||||
|
||||
next unless ipv46_validator(addr) # Catches SCAN-ERROR, among others.
|
||||
|
||||
if bl.include? addr
|
||||
next
|
||||
else
|
||||
yield(:address,addr) if block
|
||||
end
|
||||
|
||||
os = host['os']
|
||||
hname = host['hname']
|
||||
mac = host['mac']
|
||||
|
||||
host_info = {
|
||||
:workspace => wspace,
|
||||
:host => addr,
|
||||
:task => args[:task]
|
||||
}
|
||||
host_info[:name] = hname.to_s.strip if hname
|
||||
# Short mac, protect against Nessus's habit of saving multiple macs
|
||||
# We can't use them anyway, so take just the first.
|
||||
host_info[:mac] = mac.to_s.strip.upcase.split(/\s+/).first if mac
|
||||
|
||||
hobj = report_host(host_info)
|
||||
report_import_note(wspace,hobj)
|
||||
|
||||
os = host['os']
|
||||
yield(:os,os) if block
|
||||
if os
|
||||
report_note(
|
||||
:workspace => wspace,
|
||||
:task => args[:task],
|
||||
:host => hobj,
|
||||
:type => 'host.os.nessus_fingerprint',
|
||||
:data => {
|
||||
:os => os.to_s.strip
|
||||
}
|
||||
)
|
||||
end
|
||||
|
||||
host['ports'].each do |item|
|
||||
next if item['port'] == 0
|
||||
msf = nil
|
||||
nasl = item['nasl'].to_s
|
||||
nasl_name = item['nasl_name'].to_s
|
||||
port = item['port'].to_s
|
||||
proto = item['proto'] || "tcp"
|
||||
sname = item['svc_name']
|
||||
severity = item['severity']
|
||||
description = item['description']
|
||||
cve = item['cve']
|
||||
bid = item['bid']
|
||||
xref = item['xref']
|
||||
msf = item['msf']
|
||||
|
||||
yield(:port,port) if block
|
||||
|
||||
handle_nessus_v2(wspace, hobj, port, proto, sname, nasl, nasl_name, severity, description, cve, bid, xref, msf, args[:task])
|
||||
|
||||
end
|
||||
yield(:end,hname) if block
|
||||
}
|
||||
|
||||
REXML::Document.parse_stream(data, parser)
|
||||
|
||||
end
|
||||
|
||||
# Process NetSparker XML
|
||||
def import_netsparker_xml(args={}, &block)
|
||||
data = args[:data]
|
||||
|
|
|
|||
|
|
@ -1,4 +1,10 @@
|
|||
module Msf::DBManager::Import::Nessus::XML
|
||||
autoload :V1, 'msf/core/db_manager/import/nessus/xml/v1'
|
||||
autoload :V2, 'msf/core/db_manager/import/nessus/xml/v2'
|
||||
|
||||
include Msf::DBManager::Import::Nessus::XML::V1
|
||||
include Msf::DBManager::Import::Nessus::XML::V2
|
||||
|
||||
#
|
||||
# Import Nessus XML v1 and v2 output
|
||||
#
|
||||
|
|
|
|||
|
|
@ -0,0 +1,65 @@
|
|||
module Msf::DBManager::Import::Nessus::XML::V1
|
||||
def import_nessus_xml(args={}, &block)
|
||||
data = args[:data]
|
||||
wspace = args[:wspace] || workspace
|
||||
bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
|
||||
|
||||
doc = rexmlify(data)
|
||||
doc.elements.each('/NessusClientData/Report/ReportHost') do |host|
|
||||
hobj = nil
|
||||
addr = nil
|
||||
hname = nil
|
||||
os = nil
|
||||
# If the name is resolved, the Nessus plugin for DNS
|
||||
# resolution should be there. If not, fall back to the
|
||||
# HostName
|
||||
host.elements.each('ReportItem') do |item|
|
||||
next unless item.elements['pluginID'].text == "12053"
|
||||
addr = item.elements['data'].text.match(/([0-9\x2e]+) resolves as/n)[1]
|
||||
hname = host.elements['HostName'].text
|
||||
end
|
||||
addr ||= host.elements['HostName'].text
|
||||
next unless ipv46_validator(addr) # Skip resolved names and SCAN-ERROR.
|
||||
if bl.include? addr
|
||||
next
|
||||
else
|
||||
yield(:address,addr) if block
|
||||
end
|
||||
|
||||
hinfo = {
|
||||
:workspace => wspace,
|
||||
:host => addr,
|
||||
:task => args[:task]
|
||||
}
|
||||
|
||||
# Record the hostname
|
||||
hinfo.merge!(:name => hname.to_s.strip) if hname
|
||||
hobj = report_host(hinfo)
|
||||
report_import_note(wspace,hobj)
|
||||
|
||||
# Record the OS
|
||||
os ||= host.elements["os_name"]
|
||||
if os
|
||||
report_note(
|
||||
:workspace => wspace,
|
||||
:task => args[:task],
|
||||
:host => hobj,
|
||||
:type => 'host.os.nessus_fingerprint',
|
||||
:data => {
|
||||
:os => os.text.to_s.strip
|
||||
}
|
||||
)
|
||||
end
|
||||
|
||||
host.elements.each('ReportItem') do |item|
|
||||
nasl = item.elements['pluginID'].text
|
||||
plugin_name = item.elements['pluginName'].text
|
||||
port = item.elements['port'].text
|
||||
data = item.elements['data'].text
|
||||
severity = item.elements['severity'].text
|
||||
|
||||
handle_nessus(wspace, hobj, port, nasl, plugin_name, severity, data, args[:task])
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -0,0 +1,95 @@
|
|||
module Msf::DBManager::Import::Nessus::XML::V2
|
||||
def import_nessus_xml_v2(args={}, &block)
|
||||
data = args[:data]
|
||||
wspace = args[:wspace] || workspace
|
||||
bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
|
||||
|
||||
#@host = {
|
||||
#'hname' => nil,
|
||||
#'addr' => nil,
|
||||
#'mac' => nil,
|
||||
#'os' => nil,
|
||||
#'ports' => [ 'port' => { 'port' => nil,
|
||||
# 'svc_name' => nil,
|
||||
# 'proto' => nil,
|
||||
# 'severity' => nil,
|
||||
# 'nasl' => nil,
|
||||
# 'description' => nil,
|
||||
# 'cve' => [],
|
||||
# 'bid' => [],
|
||||
# 'xref' => []
|
||||
# }
|
||||
# ]
|
||||
#}
|
||||
parser = Rex::Parser::NessusXMLStreamParser.new
|
||||
parser.on_found_host = Proc.new { |host|
|
||||
|
||||
hobj = nil
|
||||
addr = host['addr'] || host['hname']
|
||||
|
||||
next unless ipv46_validator(addr) # Catches SCAN-ERROR, among others.
|
||||
|
||||
if bl.include? addr
|
||||
next
|
||||
else
|
||||
yield(:address,addr) if block
|
||||
end
|
||||
|
||||
os = host['os']
|
||||
hname = host['hname']
|
||||
mac = host['mac']
|
||||
|
||||
host_info = {
|
||||
:workspace => wspace,
|
||||
:host => addr,
|
||||
:task => args[:task]
|
||||
}
|
||||
host_info[:name] = hname.to_s.strip if hname
|
||||
# Short mac, protect against Nessus's habit of saving multiple macs
|
||||
# We can't use them anyway, so take just the first.
|
||||
host_info[:mac] = mac.to_s.strip.upcase.split(/\s+/).first if mac
|
||||
|
||||
hobj = report_host(host_info)
|
||||
report_import_note(wspace,hobj)
|
||||
|
||||
os = host['os']
|
||||
yield(:os,os) if block
|
||||
if os
|
||||
report_note(
|
||||
:workspace => wspace,
|
||||
:task => args[:task],
|
||||
:host => hobj,
|
||||
:type => 'host.os.nessus_fingerprint',
|
||||
:data => {
|
||||
:os => os.to_s.strip
|
||||
}
|
||||
)
|
||||
end
|
||||
|
||||
host['ports'].each do |item|
|
||||
next if item['port'] == 0
|
||||
msf = nil
|
||||
nasl = item['nasl'].to_s
|
||||
nasl_name = item['nasl_name'].to_s
|
||||
port = item['port'].to_s
|
||||
proto = item['proto'] || "tcp"
|
||||
sname = item['svc_name']
|
||||
severity = item['severity']
|
||||
description = item['description']
|
||||
cve = item['cve']
|
||||
bid = item['bid']
|
||||
xref = item['xref']
|
||||
msf = item['msf']
|
||||
|
||||
yield(:port,port) if block
|
||||
|
||||
handle_nessus_v2(wspace, hobj, port, proto, sname, nasl, nasl_name, severity, description, cve, bid, xref, msf, args[:task])
|
||||
|
||||
end
|
||||
yield(:end,hname) if block
|
||||
}
|
||||
|
||||
REXML::Document.parse_stream(data, parser)
|
||||
|
||||
end
|
||||
end
|
||||
Loading…
Reference in New Issue