From dfe690ac526a7ce3ffc9863fb48e931788e2dfac Mon Sep 17 00:00:00 2001 From: Luke Imhoff Date: Wed, 15 Oct 2014 13:23:12 -0500 Subject: [PATCH] Extract Msf::DBManager::Import::Retina MSP-11124 --- lib/msf/core/db_manager/import.rb | 95 +----------------------- lib/msf/core/db_manager/import/retina.rb | 95 ++++++++++++++++++++++++ 2 files changed, 97 insertions(+), 93 deletions(-) create mode 100644 lib/msf/core/db_manager/import/retina.rb diff --git a/lib/msf/core/db_manager/import.rb b/lib/msf/core/db_manager/import.rb index 9b87fd1cb7..cd3184733b 100644 --- a/lib/msf/core/db_manager/import.rb +++ b/lib/msf/core/db_manager/import.rb @@ -12,7 +12,6 @@ require 'uri' # require 'packetfu' -require 'rex/parser/retina_xml' require 'rex/parser/wapiti_nokogiri' module Msf::DBManager::Import @@ -36,6 +35,7 @@ module Msf::DBManager::Import autoload :OpenVAS, 'msf/core/db_manager/import/open_vas' autoload :Outpost24, 'msf/core/db_manager/import/outpost24' autoload :Qualys, 'msf/core/db_manager/import/qualys' + autoload :Retina, 'msf/core/db_manager/import/retina' include Msf::DBManager::Import::Acunetix include Msf::DBManager::Import::Amap @@ -57,6 +57,7 @@ module Msf::DBManager::Import include Msf::DBManager::Import::OpenVAS include Msf::DBManager::Import::Outpost24 include Msf::DBManager::Import::Qualys + include Msf::DBManager::Import::Retina # If hex notation is present, turn them into a character. def dehex(str) @@ -514,98 +515,6 @@ module Msf::DBManager::Import end end - # Process Retina XML - def import_retina_xml(args={}, &block) - data = args[:data] - wspace = args[:wspace] || workspace - bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : [] - msg = "Warning: The Retina XML format does not associate vulnerabilities with the\n" - msg << "specific service on which they were found.\n" - msg << "This makes it impossible to correlate exploits to discovered vulnerabilities\n" - msg << "in a reliable fashion." - - yield(:warning,msg) if block - - parser = Rex::Parser::RetinaXMLStreamParser.new - parser.on_found_host = Proc.new do |host| - hobj = nil - data = { - :workspace => wspace, - :task => args[:task] - } - addr = host['address'] - next if not addr - - next if bl.include? addr - data[:host] = addr - - if host['mac'] - data[:mac] = host['mac'] - end - - data[:state] = Msf::HostState::Alive - - if host['hostname'] - data[:name] = host['hostname'] - end - - if host['netbios'] - data[:name] = host['netbios'] - end - - yield(:address, data[:host]) if block - - # Import Host - hobj = report_host(data) - report_import_note(wspace, hobj) - - # Import OS fingerprint - if host["os"] - note = { - :workspace => wspace, - :host => addr, - :type => 'host.os.retina_fingerprint', - :task => args[:task], - :data => { - :os => host["os"] - } - } - report_note(note) - end - - # Import vulnerabilities - host['vulns'].each do |vuln| - refs = vuln['refs'].map{|v| v.join("-")} - refs << "RETINA-#{vuln['rthid']}" if vuln['rthid'] - - vuln_info = { - :workspace => wspace, - :host => addr, - :name => vuln['name'], - :info => vuln['description'], - :refs => refs, - :task => args[:task] - } - - report_vuln(vuln_info) - end - end - - REXML::Document.parse_stream(data, parser) - end - - # Process a Retina XML file - def import_retina_xml_file(args={}) - filename = args[:filename] - wspace = args[:wspace] || workspace - - data = "" - ::File.open(filename, 'rb') do |f| - data = f.read(f.stat.size) - end - import_retina_xml(args.merge(:data => data)) - end - def import_spiceworks_csv(args={}, &block) data = args[:data] wspace = args[:wspace] || workspace diff --git a/lib/msf/core/db_manager/import/retina.rb b/lib/msf/core/db_manager/import/retina.rb new file mode 100644 index 0000000000..66e6da12f1 --- /dev/null +++ b/lib/msf/core/db_manager/import/retina.rb @@ -0,0 +1,95 @@ +require 'rex/parser/retina_xml' + +module Msf::DBManager::Import::Retina + # Process Retina XML + def import_retina_xml(args={}, &block) + data = args[:data] + wspace = args[:wspace] || workspace + bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : [] + msg = "Warning: The Retina XML format does not associate vulnerabilities with the\n" + msg << "specific service on which they were found.\n" + msg << "This makes it impossible to correlate exploits to discovered vulnerabilities\n" + msg << "in a reliable fashion." + + yield(:warning,msg) if block + + parser = Rex::Parser::RetinaXMLStreamParser.new + parser.on_found_host = Proc.new do |host| + hobj = nil + data = { + :workspace => wspace, + :task => args[:task] + } + addr = host['address'] + next if not addr + + next if bl.include? addr + data[:host] = addr + + if host['mac'] + data[:mac] = host['mac'] + end + + data[:state] = Msf::HostState::Alive + + if host['hostname'] + data[:name] = host['hostname'] + end + + if host['netbios'] + data[:name] = host['netbios'] + end + + yield(:address, data[:host]) if block + + # Import Host + hobj = report_host(data) + report_import_note(wspace, hobj) + + # Import OS fingerprint + if host["os"] + note = { + :workspace => wspace, + :host => addr, + :type => 'host.os.retina_fingerprint', + :task => args[:task], + :data => { + :os => host["os"] + } + } + report_note(note) + end + + # Import vulnerabilities + host['vulns'].each do |vuln| + refs = vuln['refs'].map{|v| v.join("-")} + refs << "RETINA-#{vuln['rthid']}" if vuln['rthid'] + + vuln_info = { + :workspace => wspace, + :host => addr, + :name => vuln['name'], + :info => vuln['description'], + :refs => refs, + :task => args[:task] + } + + report_vuln(vuln_info) + end + end + + REXML::Document.parse_stream(data, parser) + end + + # Process a Retina XML file + def import_retina_xml_file(args={}) + filename = args[:filename] + wspace = args[:wspace] || workspace + + data = "" + ::File.open(filename, 'rb') do |f| + data = f.read(f.stat.size) + end + import_retina_xml(args.merge(:data => data)) + end +end