Add additional host detail columns and parsers
HD Moore
parent
dabda58f17
commit
e840f7e9ee
|
|
@ -0,0 +1,24 @@
|
|||
class ExpandDetails2 < ActiveRecord::Migration
|
||||
|
||||
def self.up
|
||||
add_column :host_details, :nx_site_name, :string
|
||||
add_column :host_details, :nx_site_importance, :string
|
||||
add_column :host_details, :nx_scan_template, :string
|
||||
add_column :host_details, :nx_risk_score, :float
|
||||
|
||||
add_column :vuln_details, :nx_scan_id, :integer
|
||||
add_column :vuln_details, :nx_vulnerable_since, :timestamp
|
||||
add_column :vuln_details, :nx_pci_compliance_status, :string
|
||||
end
|
||||
|
||||
def self.down
|
||||
remove_column :host_details, :nx_site_name
|
||||
remove_column :host_details, :nx_site_importance
|
||||
remove_column :host_details, :nx_scan_template
|
||||
remove_column :host_details, :nx_risk_score
|
||||
|
||||
remove_column :vuln_details, :nx_scan_id
|
||||
remove_column :vuln_details, :nx_vulnerable_since
|
||||
remove_column :vuln_details, :nx_pci_compliance_status
|
||||
end
|
||||
end
|
||||
|
|
@ -4721,26 +4721,50 @@ class DBManager
|
|||
REXML::Document.parse_stream(data, parser)
|
||||
end
|
||||
|
||||
# This is starting to be more than just nmap -> msf, other
|
||||
# things are creeping in here. Consider renaming the method
|
||||
# and intentionally making it more general.
|
||||
def nmap_msf_service_map(proto)
|
||||
service_name_map(proto)
|
||||
end
|
||||
|
||||
#
|
||||
# This method normalizes an incoming service name to one of the
|
||||
# the standard ones recognized by metasploit
|
||||
#
|
||||
def service_name_map(proto)
|
||||
return proto unless proto.kind_of? String
|
||||
case proto.downcase
|
||||
when "msrpc", "nfs-or-iis"; "dcerpc"
|
||||
when "netbios-ns"; "netbios"
|
||||
when "netbios-ssn", "microsoft-ds"; "smb"
|
||||
when "ms-sql-s"; "mssql"
|
||||
when "ms-sql-m"; "mssql-m"
|
||||
when "msrpc", "nfs-or-iis", "dce endpoint resolution"
|
||||
"dcerpc"
|
||||
when "ms-sql-s", "tds"
|
||||
"mssql"
|
||||
when "ms-sql-m","microsoft sql monitor"
|
||||
"mssql-m"
|
||||
when "postgresql"; "postgres"
|
||||
when "http-proxy"; "http"
|
||||
when "iiimsf"; "db2"
|
||||
when "oracle-tns"; "oracle"
|
||||
when "quickbooksrds"; "metasploit"
|
||||
when "microsoft remote display protocol"
|
||||
"rdp"
|
||||
when "vmware authentication daemon"
|
||||
"vmauthd"
|
||||
when "netbios-ns", "cifs name service"
|
||||
"netbios"
|
||||
when "netbios-ssn", "microsoft-ds", "cifs"
|
||||
"smb"
|
||||
when "remote shell"
|
||||
"shell"
|
||||
when "remote login"
|
||||
"login"
|
||||
when "nfs lockd"
|
||||
"lockd"
|
||||
when "hp jetdirect"
|
||||
"jetdirect"
|
||||
when "dhcp server"
|
||||
"dhcp"
|
||||
when /^dns-(udp|tcp)$/; "dns"
|
||||
when /^dce[\s+]rpc$/; "dcerpc"
|
||||
else
|
||||
proto.downcase
|
||||
proto.downcase.gsub(/\s*\(.*/, '') # "service (some service)"
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -11,6 +11,13 @@ module Rex
|
|||
|
||||
attr_reader :tests
|
||||
|
||||
NEXPOSE_HOST_DETAIL_FIELDS = %W{ nx_device_id nx_site_name nx_site_importance nx_scan_template nx_risk_score }
|
||||
NEXPOSE_VULN_DETAIL_FIELDS = %W{
|
||||
nx_scan_id
|
||||
nx_vulnerable_since
|
||||
nx_pci_compliance_status
|
||||
}
|
||||
|
||||
# Triggered every time a new element is encountered. We keep state
|
||||
# ourselves with the @state variable, turning things on when we
|
||||
# get here (and turning things off when we exit in end_element()).
|
||||
|
|
@ -260,6 +267,14 @@ module Rex
|
|||
vdet[:nx_console_id] = @console_id if @console_id
|
||||
vdet[:nx_vuln_status] = @state[:test][:status] if @state[:test][:status]
|
||||
|
||||
vdet[:nx_scan_id] = @state[:test][:nx_scan_id] if @state[:test][:nx_scan_id]
|
||||
vdet[:nx_pci_compliance_status] = @state[:test][:nx_pci_compliance_status] if @state[:test][:nx_pci_compliance_status]
|
||||
|
||||
if @state[:test][:nx_vulnerable_since]
|
||||
ts = ::DateTime.parse(@state[:test][:nx_vulnerable_since]) rescue nil
|
||||
vdet[:nx_vulnerable_since] = ts if ts
|
||||
end
|
||||
|
||||
proof = @text.to_s.strip
|
||||
vuln_info[:info] = proof
|
||||
vdet[:proof] = proof
|
||||
|
|
@ -391,7 +406,7 @@ module Rex
|
|||
if state[:service]["name"] == "<unknown>"
|
||||
sname = nil
|
||||
else
|
||||
sname = db.nmap_msf_service_map(@state[:service]["name"])
|
||||
sname = db.service_name_map(@state[:service]["name"])
|
||||
end
|
||||
port_hash[:name] = sname
|
||||
end
|
||||
|
|
@ -418,10 +433,14 @@ module Rex
|
|||
return unless in_tag("node")
|
||||
return if in_tag("service")
|
||||
return unless in_tag("tests")
|
||||
|
||||
test = attr_hash(attrs)
|
||||
return unless actually_vulnerable(test)
|
||||
@state[:test] = {:id => test["id"].downcase}
|
||||
@state[:test][:key] = test["key"] if test["key"]
|
||||
@state[:test][:nx_scan_id] = test["scan-id"] if test["scan-id"]
|
||||
@state[:test][:nx_vulnerable_since] = test["vulnerable-since"] if test["vulnerable-since"]
|
||||
@state[:test][:nx_pci_compliance_status] = test["pci-compliance-status"] if test["pci-compliance-status"]
|
||||
end
|
||||
|
||||
def record_service_test(attrs)
|
||||
|
|
@ -438,6 +457,9 @@ module Rex
|
|||
}
|
||||
@state[:test][:key] = test["key"] if test["key"]
|
||||
@state[:test][:status] = test["status"] if test["status"]
|
||||
@state[:test][:nx_scan_id] = test["scan-id"] if test["scan-id"]
|
||||
@state[:test][:nx_vulnerable_since] = test["vulnerable-since"] if test["vulnerable-since"]
|
||||
@state[:test][:nx_pci_compliance_status] = test["pci-compliance-status"] if test["pci-compliance-status"]
|
||||
end
|
||||
|
||||
def record_host(attrs)
|
||||
|
|
@ -447,7 +469,14 @@ module Rex
|
|||
@state[:host_is_alive] = true
|
||||
@state[:address] = host_attrs["address"]
|
||||
@state[:mac] = host_attrs["hardware-address"] if host_attrs["hardware-address"]
|
||||
@state[:device_id] = host_attrs["device-id"] if host_attrs["device-id"]
|
||||
|
||||
NEXPOSE_HOST_DETAIL_FIELDS.each do |f|
|
||||
fs = f.to_sym
|
||||
fk = f.sub(/^nx_/, '').gsub('_', '-')
|
||||
if host_attrs[fk]
|
||||
@state[fs] = host_attrs[fk]
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -464,13 +493,17 @@ module Rex
|
|||
end
|
||||
end
|
||||
|
||||
@report_data[:device_id] = @state[:device_id] if @state[:device_id]
|
||||
NEXPOSE_HOST_DETAIL_FIELDS.each do |f|
|
||||
v = @state[f.to_sym]
|
||||
@report_data[f.to_sym] = v if v
|
||||
end
|
||||
end
|
||||
|
||||
def report_host(&block)
|
||||
if host_is_okay
|
||||
db.emit(:address,@report_data[:host],&block) if block
|
||||
device_id = @report_data.delete(:device_id)
|
||||
device_id = @report_data[:nx_device_id]
|
||||
|
||||
host_object = db_report(:host, @report_data.merge(:workspace => @args[:wspace] ) )
|
||||
if host_object
|
||||
db.report_import_note(host_object.workspace, host_object)
|
||||
|
|
@ -481,6 +514,13 @@ module Rex
|
|||
:nx_device_id => device_id
|
||||
}
|
||||
detail[:nx_console_id] = @nx_console_id if @nx_console_id
|
||||
|
||||
NEXPOSE_HOST_DETAIL_FIELDS.each do |f|
|
||||
v = @report_data.delete(f.to_sym)
|
||||
detail[f.to_sym] = v if v
|
||||
end
|
||||
|
||||
|
||||
db.report_host_details(host_object, detail)
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue