Add additional host detail columns and parsers

unstable
HD Moore 2012-06-09 00:43:03 -05:00
parent dabda58f17
commit e840f7e9ee
3 changed files with 101 additions and 13 deletions

View File

@ -0,0 +1,24 @@
class ExpandDetails2 < ActiveRecord::Migration
def self.up
add_column :host_details, :nx_site_name, :string
add_column :host_details, :nx_site_importance, :string
add_column :host_details, :nx_scan_template, :string
add_column :host_details, :nx_risk_score, :float
add_column :vuln_details, :nx_scan_id, :integer
add_column :vuln_details, :nx_vulnerable_since, :timestamp
add_column :vuln_details, :nx_pci_compliance_status, :string
end
def self.down
remove_column :host_details, :nx_site_name
remove_column :host_details, :nx_site_importance
remove_column :host_details, :nx_scan_template
remove_column :host_details, :nx_risk_score
remove_column :vuln_details, :nx_scan_id
remove_column :vuln_details, :nx_vulnerable_since
remove_column :vuln_details, :nx_pci_compliance_status
end
end

View File

@ -4721,26 +4721,50 @@ class DBManager
REXML::Document.parse_stream(data, parser)
end
# This is starting to be more than just nmap -> msf, other
# things are creeping in here. Consider renaming the method
# and intentionally making it more general.
def nmap_msf_service_map(proto)
service_name_map(proto)
end
#
# This method normalizes an incoming service name to one of the
# the standard ones recognized by metasploit
#
def service_name_map(proto)
return proto unless proto.kind_of? String
case proto.downcase
when "msrpc", "nfs-or-iis"; "dcerpc"
when "netbios-ns"; "netbios"
when "netbios-ssn", "microsoft-ds"; "smb"
when "ms-sql-s"; "mssql"
when "ms-sql-m"; "mssql-m"
when "msrpc", "nfs-or-iis", "dce endpoint resolution"
"dcerpc"
when "ms-sql-s", "tds"
"mssql"
when "ms-sql-m","microsoft sql monitor"
"mssql-m"
when "postgresql"; "postgres"
when "http-proxy"; "http"
when "iiimsf"; "db2"
when "oracle-tns"; "oracle"
when "quickbooksrds"; "metasploit"
when "microsoft remote display protocol"
"rdp"
when "vmware authentication daemon"
"vmauthd"
when "netbios-ns", "cifs name service"
"netbios"
when "netbios-ssn", "microsoft-ds", "cifs"
"smb"
when "remote shell"
"shell"
when "remote login"
"login"
when "nfs lockd"
"lockd"
when "hp jetdirect"
"jetdirect"
when "dhcp server"
"dhcp"
when /^dns-(udp|tcp)$/; "dns"
when /^dce[\s+]rpc$/; "dcerpc"
else
proto.downcase
proto.downcase.gsub(/\s*\(.*/, '') # "service (some service)"
end
end

View File

@ -11,6 +11,13 @@ module Rex
attr_reader :tests
NEXPOSE_HOST_DETAIL_FIELDS = %W{ nx_device_id nx_site_name nx_site_importance nx_scan_template nx_risk_score }
NEXPOSE_VULN_DETAIL_FIELDS = %W{
nx_scan_id
nx_vulnerable_since
nx_pci_compliance_status
}
# Triggered every time a new element is encountered. We keep state
# ourselves with the @state variable, turning things on when we
# get here (and turning things off when we exit in end_element()).
@ -259,6 +266,14 @@ module Rex
vdet[:nx_console_id] = @console_id if @console_id
vdet[:nx_vuln_status] = @state[:test][:status] if @state[:test][:status]
vdet[:nx_scan_id] = @state[:test][:nx_scan_id] if @state[:test][:nx_scan_id]
vdet[:nx_pci_compliance_status] = @state[:test][:nx_pci_compliance_status] if @state[:test][:nx_pci_compliance_status]
if @state[:test][:nx_vulnerable_since]
ts = ::DateTime.parse(@state[:test][:nx_vulnerable_since]) rescue nil
vdet[:nx_vulnerable_since] = ts if ts
end
proof = @text.to_s.strip
vuln_info[:info] = proof
@ -391,7 +406,7 @@ module Rex
if state[:service]["name"] == "<unknown>"
sname = nil
else
sname = db.nmap_msf_service_map(@state[:service]["name"])
sname = db.service_name_map(@state[:service]["name"])
end
port_hash[:name] = sname
end
@ -418,10 +433,14 @@ module Rex
return unless in_tag("node")
return if in_tag("service")
return unless in_tag("tests")
test = attr_hash(attrs)
return unless actually_vulnerable(test)
@state[:test] = {:id => test["id"].downcase}
@state[:test][:key] = test["key"] if test["key"]
@state[:test][:nx_scan_id] = test["scan-id"] if test["scan-id"]
@state[:test][:nx_vulnerable_since] = test["vulnerable-since"] if test["vulnerable-since"]
@state[:test][:nx_pci_compliance_status] = test["pci-compliance-status"] if test["pci-compliance-status"]
end
def record_service_test(attrs)
@ -438,6 +457,9 @@ module Rex
}
@state[:test][:key] = test["key"] if test["key"]
@state[:test][:status] = test["status"] if test["status"]
@state[:test][:nx_scan_id] = test["scan-id"] if test["scan-id"]
@state[:test][:nx_vulnerable_since] = test["vulnerable-since"] if test["vulnerable-since"]
@state[:test][:nx_pci_compliance_status] = test["pci-compliance-status"] if test["pci-compliance-status"]
end
def record_host(attrs)
@ -447,7 +469,14 @@ module Rex
@state[:host_is_alive] = true
@state[:address] = host_attrs["address"]
@state[:mac] = host_attrs["hardware-address"] if host_attrs["hardware-address"]
@state[:device_id] = host_attrs["device-id"] if host_attrs["device-id"]
NEXPOSE_HOST_DETAIL_FIELDS.each do |f|
fs = f.to_sym
fk = f.sub(/^nx_/, '').gsub('_', '-')
if host_attrs[fk]
@state[fs] = host_attrs[fk]
end
end
end
end
@ -464,13 +493,17 @@ module Rex
end
end
@report_data[:device_id] = @state[:device_id] if @state[:device_id]
NEXPOSE_HOST_DETAIL_FIELDS.each do |f|
v = @state[f.to_sym]
@report_data[f.to_sym] = v if v
end
end
def report_host(&block)
if host_is_okay
db.emit(:address,@report_data[:host],&block) if block
device_id = @report_data.delete(:device_id)
device_id = @report_data[:nx_device_id]
host_object = db_report(:host, @report_data.merge(:workspace => @args[:wspace] ) )
if host_object
db.report_import_note(host_object.workspace, host_object)
@ -481,6 +514,13 @@ module Rex
:nx_device_id => device_id
}
detail[:nx_console_id] = @nx_console_id if @nx_console_id
NEXPOSE_HOST_DETAIL_FIELDS.each do |f|
v = @report_data.delete(f.to_sym)
detail[f.to_sym] = v if v
end
db.report_host_details(host_object, detail)
end
end