infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Extract Msf::DBManager::Import::Retina 

MSP-11124
bug/bundler_fix
Luke Imhoff 2014-10-15 13:23:12 -05:00
parent ac6a8387a5
commit dfe690ac52
No known key found for this signature in database
GPG Key ID: 5B1FB01FB33356F8
2 changed files with 97 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
lib/msf/core/db_manager/import.rb
View File

@ -12,7 +12,6 @@ require 'uri'
# #
require 'packetfu' require 'packetfu'
require 'rex/parser/retina_xml'
require 'rex/parser/wapiti_nokogiri' require 'rex/parser/wapiti_nokogiri'
module Msf::DBManager::Import module Msf::DBManager::Import
@ -36,6 +35,7 @@ module Msf::DBManager::Import
autoload :OpenVAS, 'msf/core/db_manager/import/open_vas' autoload :OpenVAS, 'msf/core/db_manager/import/open_vas'
autoload :Outpost24, 'msf/core/db_manager/import/outpost24' autoload :Outpost24, 'msf/core/db_manager/import/outpost24'
autoload :Qualys, 'msf/core/db_manager/import/qualys' autoload :Qualys, 'msf/core/db_manager/import/qualys'
autoload :Retina, 'msf/core/db_manager/import/retina'
include Msf::DBManager::Import::Acunetix include Msf::DBManager::Import::Acunetix
include Msf::DBManager::Import::Amap include Msf::DBManager::Import::Amap
@ -57,6 +57,7 @@ module Msf::DBManager::Import
include Msf::DBManager::Import::OpenVAS include Msf::DBManager::Import::OpenVAS
include Msf::DBManager::Import::Outpost24 include Msf::DBManager::Import::Outpost24
include Msf::DBManager::Import::Qualys include Msf::DBManager::Import::Qualys
include Msf::DBManager::Import::Retina
# If hex notation is present, turn them into a character. # If hex notation is present, turn them into a character.
def dehex(str) def dehex(str)
@ -514,98 +515,6 @@ module Msf::DBManager::Import
end end
end end
# Process Retina XML
def import_retina_xml(args={}, &block)
data = args[:data]
wspace = args[:wspace] || workspace
bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
msg = "Warning: The Retina XML format does not associate vulnerabilities with the\n"
msg << "specific service on which they were found.\n"
msg << "This makes it impossible to correlate exploits to discovered vulnerabilities\n"
msg << "in a reliable fashion."
yield(:warning,msg) if block
parser = Rex::Parser::RetinaXMLStreamParser.new
parser.on_found_host = Proc.new do |host|
hobj = nil
data = {
:workspace => wspace,
:task => args[:task]
}
addr = host['address']
next if not addr
next if bl.include? addr
data[:host] = addr
if host['mac']
data[:mac] = host['mac']
end
data[:state] = Msf::HostState::Alive
if host['hostname']
data[:name] = host['hostname']
end
if host['netbios']
data[:name] = host['netbios']
end
yield(:address, data[:host]) if block
# Import Host
hobj = report_host(data)
report_import_note(wspace, hobj)
# Import OS fingerprint
if host["os"]
note = {
:workspace => wspace,
:host => addr,
:type => 'host.os.retina_fingerprint',
:task => args[:task],
:data => {
:os => host["os"]
}
}
report_note(note)
end
# Import vulnerabilities
host['vulns'].each do |vuln|
refs = vuln['refs'].map{|v| v.join("-")}
refs << "RETINA-#{vuln['rthid']}" if vuln['rthid']
vuln_info = {
:workspace => wspace,
:host => addr,
:name => vuln['name'],
:info => vuln['description'],
:refs => refs,
:task => args[:task]
}
report_vuln(vuln_info)
end
end
REXML::Document.parse_stream(data, parser)
end
# Process a Retina XML file
def import_retina_xml_file(args={})
filename = args[:filename]
wspace = args[:wspace] || workspace
data = ""
::File.open(filename, 'rb') do |f|
data = f.read(f.stat.size)
end
import_retina_xml(args.merge(:data => data))
end
def import_spiceworks_csv(args={}, &block) def import_spiceworks_csv(args={}, &block)
data = args[:data] data = args[:data]
wspace = args[:wspace] || workspace wspace = args[:wspace] || workspace

95
lib/msf/core/db_manager/import/retina.rb Normal file
View File

@ -0,0 +1,95 @@
require 'rex/parser/retina_xml'
module Msf::DBManager::Import::Retina
# Process Retina XML
def import_retina_xml(args={}, &block)
data = args[:data]
wspace = args[:wspace] || workspace
bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
msg = "Warning: The Retina XML format does not associate vulnerabilities with the\n"
msg << "specific service on which they were found.\n"
msg << "This makes it impossible to correlate exploits to discovered vulnerabilities\n"
msg << "in a reliable fashion."
yield(:warning,msg) if block
parser = Rex::Parser::RetinaXMLStreamParser.new
parser.on_found_host = Proc.new do |host|
hobj = nil
data = {
:workspace => wspace,
:task => args[:task]
}
addr = host['address']
next if not addr
next if bl.include? addr
data[:host] = addr
if host['mac']
data[:mac] = host['mac']
end
data[:state] = Msf::HostState::Alive
if host['hostname']
data[:name] = host['hostname']
end
if host['netbios']
data[:name] = host['netbios']
end
yield(:address, data[:host]) if block
# Import Host
hobj = report_host(data)
report_import_note(wspace, hobj)
# Import OS fingerprint
if host["os"]
note = {
:workspace => wspace,
:host => addr,
:type => 'host.os.retina_fingerprint',
:task => args[:task],
:data => {
:os => host["os"]
}
}
report_note(note)
end
# Import vulnerabilities
host['vulns'].each do |vuln|
refs = vuln['refs'].map{|v| v.join("-")}
refs << "RETINA-#{vuln['rthid']}" if vuln['rthid']
vuln_info = {
:workspace => wspace,
:host => addr,
:name => vuln['name'],
:info => vuln['description'],
:refs => refs,
:task => args[:task]
}
report_vuln(vuln_info)
end
end
REXML::Document.parse_stream(data, parser)
end
# Process a Retina XML file
def import_retina_xml_file(args={})
filename = args[:filename]
wspace = args[:wspace] || workspace
data = ""
::File.open(filename, 'rb') do |f|
data = f.read(f.stat.size)
end
import_retina_xml(args.merge(:data => data))
end
end