Module: Msf::DBManager::Import::Nessus::XML::V1

Included in:
Msf::DBManager::Import::Nessus::XML
Defined in:
lib/msf/core/db_manager/import/nessus/xml/v1.rb

Instance Method Summary collapse

Instance Method Details

#import_nessus_xml(args = {}, &block) ⇒ Object



2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# File 'lib/msf/core/db_manager/import/nessus/xml/v1.rb', line 2

def import_nessus_xml(args={}, &block)
  data = args[:data]
  wspace = Msf::Util::DBManager.process_opts_workspace(args, framework).name
  bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []

  doc = rexmlify(data)
  doc.elements.each('/NessusClientData/Report/ReportHost') do |host|
    hobj = nil
    addr = nil
    hname = nil
    os = nil
    # If the name is resolved, the Nessus plugin for DNS
    # resolution should be there. If not, fall back to the
    # HostName
    host.elements.each('ReportItem') do |item|
      next unless item.elements['pluginID'].text == "12053"
      addr = item.elements['data'].text.match(/([0-9\x2e]+) resolves as/n)[1]
      hname = host.elements['HostName'].text
    end
    addr ||= host.elements['HostName'].text
    next unless ipv46_validator(addr) # Skip resolved names and SCAN-ERROR.
    if bl.include? addr
      next
    else
      yield(:address,addr) if block
    end

    hinfo = {
      :workspace => wspace,
      :host => addr,
      :task => args[:task]
    }

    # Record the hostname
    hinfo.merge!(:name => hname.to_s.strip) if hname
    hobj = report_host(hinfo)
    report_import_note(wspace,hobj)

    # Record the OS
    os ||= host.elements["os_name"]
    if os
      report_note(
        :workspace => wspace,
        :task => args[:task],
        :host => hobj,
        :type => 'host.os.nessus_fingerprint',
        :data => {
          :os => os.text.to_s.strip
        }
      )
    end

    host.elements.each('ReportItem') do |item|
      nasl = item.elements['pluginID'].text
      plugin_name = item.elements['pluginName'].text
      port = item.elements['port'].text
      data = item.elements['data'].text
      severity = item.elements['severity'].text

      handle_nessus(wspace, hobj, port, nasl, plugin_name, severity, data, args[:task])
    end
  end
end