From f19c4ee4ca4b5735bec141c7342a084aae51ee69 Mon Sep 17 00:00:00 2001 From: Aaron McDonald Date: Tue, 1 Dec 2020 11:26:09 -0500 Subject: [PATCH 01/10] First attempt at adding IP and FQDN to evidence items. Renamed plugin to NessusTest... I think --- dradis-nessus.gemspec | 2 +- lib/dradis/plugins/nessus.rb | 2 +- lib/dradis/plugins/nessus/engine.rb | 4 ++-- lib/dradis/plugins/nessus/field_processor.rb | 4 ++-- lib/dradis/plugins/nessus/gem_version.rb | 4 ++-- lib/dradis/plugins/nessus/importer.rb | 13 +++++++++++-- lib/dradis/plugins/nessus/version.rb | 2 +- lib/nessus/host.rb | 2 +- lib/nessus/report_item.rb | 10 ++++++---- lib/tasks/thorfile.rb | 2 +- spec/dradis/plugins/nessus/field_processor_spec.rb | 2 +- spec/dradis/plugins/nessus/importer_spec.rb | 4 ++-- spec/nessus/host_spec.rb | 6 +++--- templates/evidence.fields | 2 ++ templates/evidence.template | 10 ++++++++-- 15 files changed, 44 insertions(+), 25 deletions(-) diff --git a/dradis-nessus.gemspec b/dradis-nessus.gemspec index 26b5d33..bd9c7cd 100644 --- a/dradis-nessus.gemspec +++ b/dradis-nessus.gemspec @@ -1,6 +1,6 @@ $:.push File.expand_path('../lib', __FILE__) require 'dradis/plugins/nessus/version' -version = Dradis::Plugins::Nessus::VERSION::STRING +version = Dradis::Plugins::NessusTest::VERSION::STRING # Describe your gem and declare its dependencies: diff --git a/lib/dradis/plugins/nessus.rb b/lib/dradis/plugins/nessus.rb index 038144f..f6b65e9 100644 --- a/lib/dradis/plugins/nessus.rb +++ b/lib/dradis/plugins/nessus.rb @@ -1,6 +1,6 @@ module Dradis module Plugins - module Nessus + module NessusTest end end end diff --git a/lib/dradis/plugins/nessus/engine.rb b/lib/dradis/plugins/nessus/engine.rb index 097bb7c..bfa6e53 100644 --- a/lib/dradis/plugins/nessus/engine.rb +++ b/lib/dradis/plugins/nessus/engine.rb @@ -1,8 +1,8 @@ module Dradis module Plugins - module Nessus + module NessusTest class Engine < ::Rails::Engine - isolate_namespace Dradis::Plugins::Nessus + isolate_namespace Dradis::Plugins::NessusTest include ::Dradis::Plugins::Base description 'Processes Nessus XML v2 format (.nessus)' diff --git a/lib/dradis/plugins/nessus/field_processor.rb b/lib/dradis/plugins/nessus/field_processor.rb index 8b1a7fd..d6d4889 100644 --- a/lib/dradis/plugins/nessus/field_processor.rb +++ b/lib/dradis/plugins/nessus/field_processor.rb @@ -1,11 +1,11 @@ module Dradis module Plugins - module Nessus + module NessusTest class FieldProcessor < Dradis::Plugins::Upload::FieldProcessor def post_initialize(args={}) - @nessus_object = (data.name == 'ReportHost') ? ::Nessus::Host.new(data) : ::Nessus::ReportItem.new(data) + @nessus_object = (data.name == 'ReportHost') ? ::NessusTest::Host.new(data) : ::NessusTest::ReportItem.new(data) end def value(args={}) diff --git a/lib/dradis/plugins/nessus/gem_version.rb b/lib/dradis/plugins/nessus/gem_version.rb index 45fd2e3..31cc7f5 100644 --- a/lib/dradis/plugins/nessus/gem_version.rb +++ b/lib/dradis/plugins/nessus/gem_version.rb @@ -1,6 +1,6 @@ module Dradis module Plugins - module Nessus + module NessusTest # Returns the version of the currently loaded Nessus as a Gem::Version def self.gem_version Gem::Version.new VERSION::STRING @@ -9,7 +9,7 @@ def self.gem_version module VERSION MAJOR = 3 MINOR = 19 - TINY = 0 + TINY = 1 PRE = nil STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") diff --git a/lib/dradis/plugins/nessus/importer.rb b/lib/dradis/plugins/nessus/importer.rb index c51734f..047ec5d 100644 --- a/lib/dradis/plugins/nessus/importer.rb +++ b/lib/dradis/plugins/nessus/importer.rb @@ -1,4 +1,4 @@ -module Dradis::Plugins::Nessus +module Dradis::Plugins::NessusTest class Importer < Dradis::Plugins::Upload::Importer # The framework will call this function if the user selects this plugin from @@ -80,7 +80,7 @@ def process_report_host(xml_host) content_service.create_note(text: host_note_text, node: host_node) if host_node.respond_to?(:properties) - nh = ::Nessus::Host.new(xml_host) + nh = ::NessusTest::Host.new(xml_host) host_node.set_property(:fqdn, nh.fqdn) if nh.try(:fqdn) host_node.set_property(:ip, nh.ip) if nh.try(:ip) host_node.set_property(:mac_address, nh.mac_address) if nh.try(:mac_address) @@ -116,6 +116,15 @@ def process_report_host(xml_host) # Returns nothing. # def process_report_item(xml_host, host_node, xml_report_item) + # fetch ip and fqdn from host_node and add to report_item node + if host_node.respond_to?(:properties) + xml_report_item.set_property(:ip, host_node.ip) if host_node.try(:ip) + xml_report_item.set_property(:fqdn, host_node.fqdn) if host_node.try(:fqdn) + xml_report_item.save + logger.info{ "\t\t\t ====> IP and FQDN should be added to report_item" } + logger.info{ "\t\t\t ======> Vals: #{xml_report_item['ip'].value} #{xml_report_item['fqdn'].value}" } + end + # 3.1. Add Issue to the project plugin_id = xml_report_item.attributes['pluginID'].value logger.info{ "\t\t => Creating new issue (plugin_id: #{plugin_id})" } diff --git a/lib/dradis/plugins/nessus/version.rb b/lib/dradis/plugins/nessus/version.rb index e2d2ee8..fe92ba8 100644 --- a/lib/dradis/plugins/nessus/version.rb +++ b/lib/dradis/plugins/nessus/version.rb @@ -2,7 +2,7 @@ module Dradis module Plugins - module Nessus + module NessusTest # Returns the version of the currently loaded Nessus as a # Gem::Version. def self.version diff --git a/lib/nessus/host.rb b/lib/nessus/host.rb index 6a937a0..b1c6748 100644 --- a/lib/nessus/host.rb +++ b/lib/nessus/host.rb @@ -1,4 +1,4 @@ -module Nessus +module NessusTest # This class represents each of the /NessusClientData_v2/Report/ReportHost # elements in the Nessus XML document. # diff --git a/lib/nessus/report_item.rb b/lib/nessus/report_item.rb index 2e8cbfd..4106d53 100644 --- a/lib/nessus/report_item.rb +++ b/lib/nessus/report_item.rb @@ -1,4 +1,4 @@ -module Nessus +module NessusTest # This class represents each of the /NessusClientData_v2/Report/ReportHost/ReportItem # elements in the Nessus XML document. # @@ -19,7 +19,7 @@ def initialize(xml_node) def supported_tags [ # attributes - :port, :svc_name, :protocol, :severity, :plugin_id, :plugin_name, :plugin_family, + :port, :svc_name, :protocol, :severity, :plugin_id, :plugin_name, :plugin_family, :ip, :fqdn, # simple tags :solution, :risk_factor, :description, :plugin_publication_date, :metasploit_name, :cvss_vector, :cvss3_vector, :cvss_temporal_vector, :synopsis, @@ -51,7 +51,7 @@ def respond_to?(method, include_private=false) # attribute, simple descendent or collection that it maps to in the XML # tree. def method_missing(method, *args) - + # We could remove this check and return nil for any non-recognized tag. # The problem would be that it would make tricky to debug problems with # typos. For instance: <>.potr would return nil instead of raising an @@ -65,6 +65,8 @@ def method_missing(method, *args) # plugin_id, plugin_name, plugin_family translations_table = { # @port = xml.attributes["port"] + # @ip = xml.attributes["ip"] + # @fqdn = xml.attributes["fqdn"] # @svc_name = xml.attributes["svc_name"] # @protocol = xml.attributes["protocol"] # @severity = xml.attributes["severity"] @@ -115,4 +117,4 @@ def method_missing(method, *args) end end end -end \ No newline at end of file +end diff --git a/lib/tasks/thorfile.rb b/lib/tasks/thorfile.rb index 9830abb..5593862 100644 --- a/lib/tasks/thorfile.rb +++ b/lib/tasks/thorfile.rb @@ -14,7 +14,7 @@ def upload(file_path) detect_and_set_project_scope - importer = Dradis::Plugins::Nessus::Importer.new(task_options) + importer = Dradis::Plugins::NessusTest::Importer.new(task_options) importer.import(file: file_path) end diff --git a/spec/dradis/plugins/nessus/field_processor_spec.rb b/spec/dradis/plugins/nessus/field_processor_spec.rb index 452c2e0..5189d09 100644 --- a/spec/dradis/plugins/nessus/field_processor_spec.rb +++ b/spec/dradis/plugins/nessus/field_processor_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper' require 'ostruct' -describe Dradis::Plugins::Nessus::FieldProcessor do +describe Dradis::Plugins::NessusTest::FieldProcessor do describe '%report_item.description% field formatting' do context 'bullet points' do diff --git a/spec/dradis/plugins/nessus/importer_spec.rb b/spec/dradis/plugins/nessus/importer_spec.rb index ecfffd7..b9bad28 100644 --- a/spec/dradis/plugins/nessus/importer_spec.rb +++ b/spec/dradis/plugins/nessus/importer_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper' require 'ostruct' -describe Dradis::Plugins::Nessus::Importer do +describe Dradis::Plugins::NessusTest::Importer do before(:each) do # Stub template service @@ -11,7 +11,7 @@ # Init services - plugin = Dradis::Plugins::Nessus + plugin = Dradis::Plugins::NessusTest @content_service = Dradis::Plugins::ContentService::Base.new( logger: Logger.new(STDOUT), diff --git a/spec/nessus/host_spec.rb b/spec/nessus/host_spec.rb index cff7101..72cdaea 100644 --- a/spec/nessus/host_spec.rb +++ b/spec/nessus/host_spec.rb @@ -1,11 +1,11 @@ require 'spec_helper' -describe Nessus::Host do +describe NessusTest::Host do let(:host1_xml) { File.expand_path('../../fixtures/files/host-01.xml', __FILE__) } before do doc = Nokogiri::XML(File.read(host1_xml)) - @host = Nessus::Host.new(doc.xpath('/NessusClientData_v2/Report/ReportHost').first) + @host = NessusTest::Host.new(doc.xpath('/NessusClientData_v2/Report/ReportHost').first) end # These are the properties we need to support: @@ -24,6 +24,6 @@ it 'provides access to each of its ReportItems' do report_items = @host.report_items - report_items.each { |item| expect(item).to be_a(Nessus::ReportItem) } + report_items.each { |item| expect(item).to be_a(NessusTest::ReportItem) } end end diff --git a/templates/evidence.fields b/templates/evidence.fields index 05e9755..2d7b11f 100644 --- a/templates/evidence.fields +++ b/templates/evidence.fields @@ -11,6 +11,8 @@ compliance.cm_see_also compliance.cm_solution evidence.plugin_output evidence.port +evidence.ip +evidence.fqdn evidence.protocol evidence.svc_name evidence.severity diff --git a/templates/evidence.template b/templates/evidence.template index d158e88..851c6a4 100644 --- a/templates/evidence.template +++ b/templates/evidence.template @@ -1,5 +1,11 @@ -#[Location]# +#[Port]# %evidence.protocol%/%evidence.port% +#[IP]# +%evidence.ip% + +#[FQDN]# +%evidence.fqdn% + #[Output]# -bc.. %evidence.plugin_output% \ No newline at end of file +bc.. %evidence.plugin_output% From e056d7dd4184526b0ad5895a61791fec30eb97f2 Mon Sep 17 00:00:00 2001 From: Aaron McDonald Date: Tue, 1 Dec 2020 13:41:28 -0500 Subject: [PATCH 02/10] Reverting rename efforts --- lib/dradis/plugins/nessus.rb | 2 +- lib/dradis/plugins/nessus/engine.rb | 4 ++-- lib/dradis/plugins/nessus/field_processor.rb | 4 ++-- lib/dradis/plugins/nessus/gem_version.rb | 2 +- lib/dradis/plugins/nessus/importer.rb | 4 ++-- lib/dradis/plugins/nessus/version.rb | 2 +- lib/nessus/host.rb | 2 +- lib/nessus/report_item.rb | 2 +- lib/tasks/thorfile.rb | 2 +- spec/dradis/plugins/nessus/field_processor_spec.rb | 2 +- spec/dradis/plugins/nessus/importer_spec.rb | 4 ++-- spec/nessus/host_spec.rb | 6 +++--- 12 files changed, 18 insertions(+), 18 deletions(-) diff --git a/lib/dradis/plugins/nessus.rb b/lib/dradis/plugins/nessus.rb index f6b65e9..038144f 100644 --- a/lib/dradis/plugins/nessus.rb +++ b/lib/dradis/plugins/nessus.rb @@ -1,6 +1,6 @@ module Dradis module Plugins - module NessusTest + module Nessus end end end diff --git a/lib/dradis/plugins/nessus/engine.rb b/lib/dradis/plugins/nessus/engine.rb index bfa6e53..097bb7c 100644 --- a/lib/dradis/plugins/nessus/engine.rb +++ b/lib/dradis/plugins/nessus/engine.rb @@ -1,8 +1,8 @@ module Dradis module Plugins - module NessusTest + module Nessus class Engine < ::Rails::Engine - isolate_namespace Dradis::Plugins::NessusTest + isolate_namespace Dradis::Plugins::Nessus include ::Dradis::Plugins::Base description 'Processes Nessus XML v2 format (.nessus)' diff --git a/lib/dradis/plugins/nessus/field_processor.rb b/lib/dradis/plugins/nessus/field_processor.rb index d6d4889..8b1a7fd 100644 --- a/lib/dradis/plugins/nessus/field_processor.rb +++ b/lib/dradis/plugins/nessus/field_processor.rb @@ -1,11 +1,11 @@ module Dradis module Plugins - module NessusTest + module Nessus class FieldProcessor < Dradis::Plugins::Upload::FieldProcessor def post_initialize(args={}) - @nessus_object = (data.name == 'ReportHost') ? ::NessusTest::Host.new(data) : ::NessusTest::ReportItem.new(data) + @nessus_object = (data.name == 'ReportHost') ? ::Nessus::Host.new(data) : ::Nessus::ReportItem.new(data) end def value(args={}) diff --git a/lib/dradis/plugins/nessus/gem_version.rb b/lib/dradis/plugins/nessus/gem_version.rb index 31cc7f5..6b839f7 100644 --- a/lib/dradis/plugins/nessus/gem_version.rb +++ b/lib/dradis/plugins/nessus/gem_version.rb @@ -1,6 +1,6 @@ module Dradis module Plugins - module NessusTest + module Nessus # Returns the version of the currently loaded Nessus as a Gem::Version def self.gem_version Gem::Version.new VERSION::STRING diff --git a/lib/dradis/plugins/nessus/importer.rb b/lib/dradis/plugins/nessus/importer.rb index 047ec5d..d3084df 100644 --- a/lib/dradis/plugins/nessus/importer.rb +++ b/lib/dradis/plugins/nessus/importer.rb @@ -1,4 +1,4 @@ -module Dradis::Plugins::NessusTest +module Dradis::Plugins::Nessus class Importer < Dradis::Plugins::Upload::Importer # The framework will call this function if the user selects this plugin from @@ -80,7 +80,7 @@ def process_report_host(xml_host) content_service.create_note(text: host_note_text, node: host_node) if host_node.respond_to?(:properties) - nh = ::NessusTest::Host.new(xml_host) + nh = ::Nessus::Host.new(xml_host) host_node.set_property(:fqdn, nh.fqdn) if nh.try(:fqdn) host_node.set_property(:ip, nh.ip) if nh.try(:ip) host_node.set_property(:mac_address, nh.mac_address) if nh.try(:mac_address) diff --git a/lib/dradis/plugins/nessus/version.rb b/lib/dradis/plugins/nessus/version.rb index fe92ba8..e2d2ee8 100644 --- a/lib/dradis/plugins/nessus/version.rb +++ b/lib/dradis/plugins/nessus/version.rb @@ -2,7 +2,7 @@ module Dradis module Plugins - module NessusTest + module Nessus # Returns the version of the currently loaded Nessus as a # Gem::Version. def self.version diff --git a/lib/nessus/host.rb b/lib/nessus/host.rb index b1c6748..6a937a0 100644 --- a/lib/nessus/host.rb +++ b/lib/nessus/host.rb @@ -1,4 +1,4 @@ -module NessusTest +module Nessus # This class represents each of the /NessusClientData_v2/Report/ReportHost # elements in the Nessus XML document. # diff --git a/lib/nessus/report_item.rb b/lib/nessus/report_item.rb index 4106d53..6b639f4 100644 --- a/lib/nessus/report_item.rb +++ b/lib/nessus/report_item.rb @@ -1,4 +1,4 @@ -module NessusTest +module Nessus # This class represents each of the /NessusClientData_v2/Report/ReportHost/ReportItem # elements in the Nessus XML document. # diff --git a/lib/tasks/thorfile.rb b/lib/tasks/thorfile.rb index 5593862..9830abb 100644 --- a/lib/tasks/thorfile.rb +++ b/lib/tasks/thorfile.rb @@ -14,7 +14,7 @@ def upload(file_path) detect_and_set_project_scope - importer = Dradis::Plugins::NessusTest::Importer.new(task_options) + importer = Dradis::Plugins::Nessus::Importer.new(task_options) importer.import(file: file_path) end diff --git a/spec/dradis/plugins/nessus/field_processor_spec.rb b/spec/dradis/plugins/nessus/field_processor_spec.rb index 5189d09..452c2e0 100644 --- a/spec/dradis/plugins/nessus/field_processor_spec.rb +++ b/spec/dradis/plugins/nessus/field_processor_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper' require 'ostruct' -describe Dradis::Plugins::NessusTest::FieldProcessor do +describe Dradis::Plugins::Nessus::FieldProcessor do describe '%report_item.description% field formatting' do context 'bullet points' do diff --git a/spec/dradis/plugins/nessus/importer_spec.rb b/spec/dradis/plugins/nessus/importer_spec.rb index b9bad28..ecfffd7 100644 --- a/spec/dradis/plugins/nessus/importer_spec.rb +++ b/spec/dradis/plugins/nessus/importer_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper' require 'ostruct' -describe Dradis::Plugins::NessusTest::Importer do +describe Dradis::Plugins::Nessus::Importer do before(:each) do # Stub template service @@ -11,7 +11,7 @@ # Init services - plugin = Dradis::Plugins::NessusTest + plugin = Dradis::Plugins::Nessus @content_service = Dradis::Plugins::ContentService::Base.new( logger: Logger.new(STDOUT), diff --git a/spec/nessus/host_spec.rb b/spec/nessus/host_spec.rb index 72cdaea..cff7101 100644 --- a/spec/nessus/host_spec.rb +++ b/spec/nessus/host_spec.rb @@ -1,11 +1,11 @@ require 'spec_helper' -describe NessusTest::Host do +describe Nessus::Host do let(:host1_xml) { File.expand_path('../../fixtures/files/host-01.xml', __FILE__) } before do doc = Nokogiri::XML(File.read(host1_xml)) - @host = NessusTest::Host.new(doc.xpath('/NessusClientData_v2/Report/ReportHost').first) + @host = Nessus::Host.new(doc.xpath('/NessusClientData_v2/Report/ReportHost').first) end # These are the properties we need to support: @@ -24,6 +24,6 @@ it 'provides access to each of its ReportItems' do report_items = @host.report_items - report_items.each { |item| expect(item).to be_a(NessusTest::ReportItem) } + report_items.each { |item| expect(item).to be_a(Nessus::ReportItem) } end end From 45e8ed73a883b33908124872852e9e073238c910 Mon Sep 17 00:00:00 2001 From: Aaron McDonald Date: Tue, 1 Dec 2020 13:44:21 -0500 Subject: [PATCH 03/10] Finishing rename revert --- dradis-nessus.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dradis-nessus.gemspec b/dradis-nessus.gemspec index bd9c7cd..26b5d33 100644 --- a/dradis-nessus.gemspec +++ b/dradis-nessus.gemspec @@ -1,6 +1,6 @@ $:.push File.expand_path('../lib', __FILE__) require 'dradis/plugins/nessus/version' -version = Dradis::Plugins::NessusTest::VERSION::STRING +version = Dradis::Plugins::Nessus::VERSION::STRING # Describe your gem and declare its dependencies: From 5b553b684e37eb4cfb7ddd850393045058e48d51 Mon Sep 17 00:00:00 2001 From: Aaron McDonald Date: Wed, 2 Dec 2020 12:23:11 -0500 Subject: [PATCH 04/10] Added IP and FQDN to clone of report_item as attributes. Should be working. isn't. --- lib/dradis/plugins/nessus/importer.rb | 22 +++++++++++++--------- lib/nessus/report_item.rb | 4 +++- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/lib/dradis/plugins/nessus/importer.rb b/lib/dradis/plugins/nessus/importer.rb index d3084df..60978ea 100644 --- a/lib/dradis/plugins/nessus/importer.rb +++ b/lib/dradis/plugins/nessus/importer.rb @@ -116,14 +116,18 @@ def process_report_host(xml_host) # Returns nothing. # def process_report_item(xml_host, host_node, xml_report_item) - # fetch ip and fqdn from host_node and add to report_item node - if host_node.respond_to?(:properties) - xml_report_item.set_property(:ip, host_node.ip) if host_node.try(:ip) - xml_report_item.set_property(:fqdn, host_node.fqdn) if host_node.try(:fqdn) - xml_report_item.save - logger.info{ "\t\t\t ====> IP and FQDN should be added to report_item" } - logger.info{ "\t\t\t ======> Vals: #{xml_report_item['ip'].value} #{xml_report_item['fqdn'].value}" } - end + # fetch ip and fqdn from host_node and add to clone of report_item node + logger.info{ "--- #{xml_host.at_xpath('./HostProperties/tag[@name=\'host-ip\']').try(:text)}" } + ip = xml_host.at_xpath('./HostProperties/tag[@name=\'host-ip\']').try(:text) + fqdn = xml_host.at_xpath('./HostProperties/tag[@name=\'host-fqdn\']').try(:text) + + logger.info{ "Trying to clone report_item" } + new_report = xml_report_item.dup() + logger.info{ "Cloned report item" } + + new_report.[]=("ip", ip) + new_report.[]=("fqdn", fqdn) + logger.info{ "==>! #{new_report}" } # 3.1. Add Issue to the project plugin_id = xml_report_item.attributes['pluginID'].value @@ -139,7 +143,7 @@ def process_report_item(xml_host, host_node, xml_report_item) port_info += xml_report_item.attributes['port'].value logger.info{ "\t\t\t => Adding reference to this host" } - evidence_content = template_service.process_template(template: 'evidence', data: xml_report_item) + evidence_content = template_service.process_template(template: 'evidence', data: new_report) content_service.create_evidence(issue: issue, node: host_node, content: evidence_content) diff --git a/lib/nessus/report_item.rb b/lib/nessus/report_item.rb index 6b639f4..59754bb 100644 --- a/lib/nessus/report_item.rb +++ b/lib/nessus/report_item.rb @@ -72,7 +72,9 @@ def method_missing(method, *args) # @severity = xml.attributes["severity"] :plugin_id => 'pluginID', :plugin_name => 'pluginName', - :plugin_family => 'pluginFamily' + :plugin_family => 'pluginFamily', + :ip => 'ip', + :fqdn => 'fqdn' } method_name = translations_table.fetch(method, method.to_s) return @xml.attributes[method_name].value if @xml.attributes.key?(method_name) From e923465aad6e4c6182fbea4770437c188fb432dd Mon Sep 17 00:00:00 2001 From: Aaron McDonald Date: Wed, 2 Dec 2020 12:32:52 -0500 Subject: [PATCH 05/10] Cleanup excessive logs, fixed comments --- lib/dradis/plugins/nessus/importer.rb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/dradis/plugins/nessus/importer.rb b/lib/dradis/plugins/nessus/importer.rb index 60978ea..5b0079f 100644 --- a/lib/dradis/plugins/nessus/importer.rb +++ b/lib/dradis/plugins/nessus/importer.rb @@ -116,14 +116,13 @@ def process_report_host(xml_host) # Returns nothing. # def process_report_item(xml_host, host_node, xml_report_item) - # fetch ip and fqdn from host_node and add to clone of report_item node + # fetch ip and fqdn from xml_host and add to clone of report_item node logger.info{ "--- #{xml_host.at_xpath('./HostProperties/tag[@name=\'host-ip\']').try(:text)}" } ip = xml_host.at_xpath('./HostProperties/tag[@name=\'host-ip\']').try(:text) fqdn = xml_host.at_xpath('./HostProperties/tag[@name=\'host-fqdn\']').try(:text) - logger.info{ "Trying to clone report_item" } + # clone original b/c I think the original is read-only new_report = xml_report_item.dup() - logger.info{ "Cloned report item" } new_report.[]=("ip", ip) new_report.[]=("fqdn", fqdn) From 333244647f8eba086b628dabf0072eacf770bf68 Mon Sep 17 00:00:00 2001 From: Aaron McDonald Date: Wed, 2 Dec 2020 12:34:27 -0500 Subject: [PATCH 06/10] added additional logging --- lib/dradis/plugins/nessus/importer.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/dradis/plugins/nessus/importer.rb b/lib/dradis/plugins/nessus/importer.rb index 5b0079f..1efb906 100644 --- a/lib/dradis/plugins/nessus/importer.rb +++ b/lib/dradis/plugins/nessus/importer.rb @@ -145,6 +145,7 @@ def process_report_item(xml_host, host_node, xml_report_item) evidence_content = template_service.process_template(template: 'evidence', data: new_report) content_service.create_evidence(issue: issue, node: host_node, content: evidence_content) + logger.info{ "-=-=- #{evidence_content}" } # 3.3. Compliance check information end From ac8bd22a8e8ae1325a56bcaad805f56bf3500f60 Mon Sep 17 00:00:00 2001 From: Aaron McDonald Date: Wed, 2 Dec 2020 13:17:26 -0500 Subject: [PATCH 07/10] Removed excessive logging --- lib/dradis/plugins/nessus/importer.rb | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/lib/dradis/plugins/nessus/importer.rb b/lib/dradis/plugins/nessus/importer.rb index 1efb906..edbf457 100644 --- a/lib/dradis/plugins/nessus/importer.rb +++ b/lib/dradis/plugins/nessus/importer.rb @@ -117,16 +117,13 @@ def process_report_host(xml_host) # def process_report_item(xml_host, host_node, xml_report_item) # fetch ip and fqdn from xml_host and add to clone of report_item node - logger.info{ "--- #{xml_host.at_xpath('./HostProperties/tag[@name=\'host-ip\']').try(:text)}" } ip = xml_host.at_xpath('./HostProperties/tag[@name=\'host-ip\']').try(:text) fqdn = xml_host.at_xpath('./HostProperties/tag[@name=\'host-fqdn\']').try(:text) - # clone original b/c I think the original is read-only + # clone original b/c I think the original is read-only, and add params new_report = xml_report_item.dup() - new_report.[]=("ip", ip) new_report.[]=("fqdn", fqdn) - logger.info{ "==>! #{new_report}" } # 3.1. Add Issue to the project plugin_id = xml_report_item.attributes['pluginID'].value @@ -145,7 +142,6 @@ def process_report_item(xml_host, host_node, xml_report_item) evidence_content = template_service.process_template(template: 'evidence', data: new_report) content_service.create_evidence(issue: issue, node: host_node, content: evidence_content) - logger.info{ "-=-=- #{evidence_content}" } # 3.3. Compliance check information end From 43cbbb27a4da358340a27c424cec2433980e67e8 Mon Sep 17 00:00:00 2001 From: Aaron McDonald Date: Wed, 2 Dec 2020 14:05:01 -0500 Subject: [PATCH 08/10] Added RDNS param --- lib/dradis/plugins/nessus/importer.rb | 2 ++ lib/nessus/report_item.rb | 6 ++++-- templates/evidence.fields | 1 + templates/evidence.template | 3 +++ 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/dradis/plugins/nessus/importer.rb b/lib/dradis/plugins/nessus/importer.rb index edbf457..29fc355 100644 --- a/lib/dradis/plugins/nessus/importer.rb +++ b/lib/dradis/plugins/nessus/importer.rb @@ -119,11 +119,13 @@ def process_report_item(xml_host, host_node, xml_report_item) # fetch ip and fqdn from xml_host and add to clone of report_item node ip = xml_host.at_xpath('./HostProperties/tag[@name=\'host-ip\']').try(:text) fqdn = xml_host.at_xpath('./HostProperties/tag[@name=\'host-fqdn\']').try(:text) + rdns = xml_host.at_xpath('./HostProperties/tag[@name=\'host-rdns\']').try(:text) # clone original b/c I think the original is read-only, and add params new_report = xml_report_item.dup() new_report.[]=("ip", ip) new_report.[]=("fqdn", fqdn) + new_report.[]=("rdns", rdns) # 3.1. Add Issue to the project plugin_id = xml_report_item.attributes['pluginID'].value diff --git a/lib/nessus/report_item.rb b/lib/nessus/report_item.rb index 59754bb..093dcef 100644 --- a/lib/nessus/report_item.rb +++ b/lib/nessus/report_item.rb @@ -19,7 +19,7 @@ def initialize(xml_node) def supported_tags [ # attributes - :port, :svc_name, :protocol, :severity, :plugin_id, :plugin_name, :plugin_family, :ip, :fqdn, + :port, :svc_name, :protocol, :severity, :plugin_id, :plugin_name, :plugin_family, :ip, :fqdn, :rdns, # simple tags :solution, :risk_factor, :description, :plugin_publication_date, :metasploit_name, :cvss_vector, :cvss3_vector, :cvss_temporal_vector, :synopsis, @@ -67,6 +67,7 @@ def method_missing(method, *args) # @port = xml.attributes["port"] # @ip = xml.attributes["ip"] # @fqdn = xml.attributes["fqdn"] + # @rdns = xml.attributes["rdns"] # @svc_name = xml.attributes["svc_name"] # @protocol = xml.attributes["protocol"] # @severity = xml.attributes["severity"] @@ -74,7 +75,8 @@ def method_missing(method, *args) :plugin_name => 'pluginName', :plugin_family => 'pluginFamily', :ip => 'ip', - :fqdn => 'fqdn' + :fqdn => 'fqdn', + :rdns => 'rdns' } method_name = translations_table.fetch(method, method.to_s) return @xml.attributes[method_name].value if @xml.attributes.key?(method_name) diff --git a/templates/evidence.fields b/templates/evidence.fields index 2d7b11f..482a599 100644 --- a/templates/evidence.fields +++ b/templates/evidence.fields @@ -13,6 +13,7 @@ evidence.plugin_output evidence.port evidence.ip evidence.fqdn +evidence.rdns evidence.protocol evidence.svc_name evidence.severity diff --git a/templates/evidence.template b/templates/evidence.template index 851c6a4..65e2410 100644 --- a/templates/evidence.template +++ b/templates/evidence.template @@ -7,5 +7,8 @@ #[FQDN]# %evidence.fqdn% +#[RDNS]# +%evidence.rdns% + #[Output]# bc.. %evidence.plugin_output% From bf8e11aa426db9f7fcc544d55e8a7b6bf64be22d Mon Sep 17 00:00:00 2001 From: Aaron McDonald Date: Wed, 2 Dec 2020 14:28:21 -0500 Subject: [PATCH 09/10] Added support for addtional params --- lib/dradis/plugins/nessus/importer.rb | 2 ++ lib/nessus/report_item.rb | 6 ++++-- templates/evidence.fields | 1 + templates/evidence.template | 3 +++ 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/dradis/plugins/nessus/importer.rb b/lib/dradis/plugins/nessus/importer.rb index 29fc355..7b75fbc 100644 --- a/lib/dradis/plugins/nessus/importer.rb +++ b/lib/dradis/plugins/nessus/importer.rb @@ -120,12 +120,14 @@ def process_report_item(xml_host, host_node, xml_report_item) ip = xml_host.at_xpath('./HostProperties/tag[@name=\'host-ip\']').try(:text) fqdn = xml_host.at_xpath('./HostProperties/tag[@name=\'host-fqdn\']').try(:text) rdns = xml_host.at_xpath('./HostProperties/tag[@name=\'host-rdns\']').try(:text) + netbios = xml_host.at_xpath('./HostProperties/tag[@name=\'netbios-name\']').try(:text) # clone original b/c I think the original is read-only, and add params new_report = xml_report_item.dup() new_report.[]=("ip", ip) new_report.[]=("fqdn", fqdn) new_report.[]=("rdns", rdns) + new_report.[]=("netbios", netbios) # 3.1. Add Issue to the project plugin_id = xml_report_item.attributes['pluginID'].value diff --git a/lib/nessus/report_item.rb b/lib/nessus/report_item.rb index 093dcef..9bebc4c 100644 --- a/lib/nessus/report_item.rb +++ b/lib/nessus/report_item.rb @@ -19,7 +19,7 @@ def initialize(xml_node) def supported_tags [ # attributes - :port, :svc_name, :protocol, :severity, :plugin_id, :plugin_name, :plugin_family, :ip, :fqdn, :rdns, + :port, :svc_name, :protocol, :severity, :plugin_id, :plugin_name, :plugin_family, :ip, :fqdn, :rdns, :netbios, # simple tags :solution, :risk_factor, :description, :plugin_publication_date, :metasploit_name, :cvss_vector, :cvss3_vector, :cvss_temporal_vector, :synopsis, @@ -68,6 +68,7 @@ def method_missing(method, *args) # @ip = xml.attributes["ip"] # @fqdn = xml.attributes["fqdn"] # @rdns = xml.attributes["rdns"] + # @netbios = xml.attributes["netbios"] # @svc_name = xml.attributes["svc_name"] # @protocol = xml.attributes["protocol"] # @severity = xml.attributes["severity"] @@ -76,7 +77,8 @@ def method_missing(method, *args) :plugin_family => 'pluginFamily', :ip => 'ip', :fqdn => 'fqdn', - :rdns => 'rdns' + :rdns => 'rdns', + :netbios => 'netbios' } method_name = translations_table.fetch(method, method.to_s) return @xml.attributes[method_name].value if @xml.attributes.key?(method_name) diff --git a/templates/evidence.fields b/templates/evidence.fields index 482a599..f112ec1 100644 --- a/templates/evidence.fields +++ b/templates/evidence.fields @@ -14,6 +14,7 @@ evidence.port evidence.ip evidence.fqdn evidence.rdns +evidence.netbios evidence.protocol evidence.svc_name evidence.severity diff --git a/templates/evidence.template b/templates/evidence.template index 65e2410..846048b 100644 --- a/templates/evidence.template +++ b/templates/evidence.template @@ -10,5 +10,8 @@ #[RDNS]# %evidence.rdns% +#[Netbios]# +%evidence.netbios% + #[Output]# bc.. %evidence.plugin_output% From 6739d817d6b4d6d6bc52d06c985fb2c30e51644b Mon Sep 17 00:00:00 2001 From: Aaron McDonald Date: Wed, 2 Dec 2020 15:12:15 -0500 Subject: [PATCH 10/10] set the fqdn to the netbios if fqdn is empty --- lib/dradis/plugins/nessus/importer.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/dradis/plugins/nessus/importer.rb b/lib/dradis/plugins/nessus/importer.rb index 7b75fbc..8cbfea3 100644 --- a/lib/dradis/plugins/nessus/importer.rb +++ b/lib/dradis/plugins/nessus/importer.rb @@ -122,6 +122,8 @@ def process_report_item(xml_host, host_node, xml_report_item) rdns = xml_host.at_xpath('./HostProperties/tag[@name=\'host-rdns\']').try(:text) netbios = xml_host.at_xpath('./HostProperties/tag[@name=\'netbios-name\']').try(:text) + fqdn = netbios.downcase if fqdn.nil? || fqdn.empty? + # clone original b/c I think the original is read-only, and add params new_report = xml_report_item.dup() new_report.[]=("ip", ip)