Module: Msf::DBManager::Import::Nikto

Included in:
Msf::DBManager::Import
Defined in:
lib/msf/core/db_manager/import/nikto.rb

Instance Method Summary collapse

Instance Method Details

#import_nikto_xml(args = {}, &block) ⇒ Object

Imports Nikto scan data from -Format xml as notes.



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# File 'lib/msf/core/db_manager/import/nikto.rb', line 5

def import_nikto_xml(args={}, &block)
  data = args[:data]
  wspace = Msf::Util::DBManager.process_opts_workspace(args, framework).name
  bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
  doc = rexmlify(data)
  doc.elements.each do |f|
    f.elements.each('scandetails') do |host|
      # Get host information
      addr = host.attributes['targetip']
      next if not addr
      if bl.include? addr
        next
      else
        yield(:address,addr) if block
      end
      # Get service information
      port = host.attributes['targetport']
      next if port.to_i == 0
      uri = URI.parse(host.attributes['sitename']) rescue nil
      next unless uri and uri.scheme
      # Collect and report scan descriptions.
      host.elements.each do |item|
        if item.elements['description']
          desc_text = item.elements['description'].text
          next if desc_text.nil? or desc_text.empty?
          desc_data = {
              :workspace => wspace,
              :host      => addr,
              :type      => "service.nikto.scan.description",
              :data      => desc_text,
              :proto     => "tcp",
              :port      => port.to_i,
              :sname     => uri.scheme,
              :update    => :unique_data,
              :task      => args[:task]
          }
          # Always report it as a note.
          report_note(desc_data)
          # Sometimes report it as a vuln, too.
          # XXX: There's a Vuln.info field but nothing reads from it? See Bug #5837
          if item.attributes['osvdbid'].to_i != 0
            desc_data[:refs] = ["OSVDB-#{item.attributes['osvdbid']}"]
            desc_data[:name] = "NIKTO-#{item.attributes['id']}"
            desc_data.delete(:data)
            desc_data.delete(:type)
            desc_data.delete(:update)
            report_vuln(desc_data)
          end
        end
      end
    end
  end
end