dradis · amcdonaldSC · Dec 1, 2020 · Dec 1, 2020 · Dec 1, 2020 · Dec 2, 2020
diff --git a/lib/dradis/plugins/nessus/gem_version.rb b/lib/dradis/plugins/nessus/gem_version.rb
@@ -9,7 +9,7 @@ def self.gem_version
       module VERSION
         MAJOR = 3
         MINOR = 19
-        TINY = 0
+        TINY = 1
         PRE = nil
 
         STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")

diff --git a/lib/dradis/plugins/nessus/importer.rb b/lib/dradis/plugins/nessus/importer.rb
@@ -116,6 +116,21 @@ def process_report_host(xml_host)
     # Returns nothing.
     #
     def process_report_item(xml_host, host_node, xml_report_item)
+      # fetch ip and fqdn from xml_host and add to clone of report_item node
+      ip = xml_host.at_xpath('./HostProperties/tag[@name=\'host-ip\']').try(:text)
+      fqdn = xml_host.at_xpath('./HostProperties/tag[@name=\'host-fqdn\']').try(:text)
+      rdns = xml_host.at_xpath('./HostProperties/tag[@name=\'host-rdns\']').try(:text)
+      netbios = xml_host.at_xpath('./HostProperties/tag[@name=\'netbios-name\']').try(:text)
+
+      fqdn = netbios.downcase if fqdn.nil? || fqdn.empty?
+
+      # clone original b/c I think the original is read-only, and add params
+      new_report = xml_report_item.dup()
+      new_report.[]=("ip", ip)
+      new_report.[]=("fqdn", fqdn)
+      new_report.[]=("rdns", rdns)
+      new_report.[]=("netbios", netbios)
+
       # 3.1. Add Issue to the project
       plugin_id = xml_report_item.attributes['pluginID'].value
       logger.info{ "\t\t => Creating new issue (plugin_id: #{plugin_id})" }
@@ -130,7 +145,7 @@ def process_report_item(xml_host, host_node, xml_report_item)
       port_info += xml_report_item.attributes['port'].value
 
       logger.info{ "\t\t\t => Adding reference to this host" }
-      evidence_content = template_service.process_template(template: 'evidence', data: xml_report_item)
+      evidence_content = template_service.process_template(template: 'evidence', data: new_report)
 
       content_service.create_evidence(issue: issue, node: host_node, content: evidence_content)
 

diff --git a/lib/nessus/report_item.rb b/lib/nessus/report_item.rb
@@ -19,7 +19,7 @@ def initialize(xml_node)
     def supported_tags
       [
         # attributes
-        :port, :svc_name, :protocol, :severity, :plugin_id, :plugin_name, :plugin_family,
+        :port, :svc_name, :protocol, :severity, :plugin_id, :plugin_name, :plugin_family, :ip, :fqdn, :rdns, :netbios,
         # simple tags
         :solution, :risk_factor, :description, :plugin_publication_date,
         :metasploit_name, :cvss_vector, :cvss3_vector, :cvss_temporal_vector, :synopsis,
@@ -51,7 +51,7 @@ def respond_to?(method, include_private=false)
     # attribute, simple descendent or collection that it maps to in the XML
     # tree.
     def method_missing(method, *args)
-      
+
       # We could remove this check and return nil for any non-recognized tag.
       # The problem would be that it would make tricky to debug problems with
       # typos. For instance: <>.potr would return nil instead of raising an
@@ -65,12 +65,20 @@ def method_missing(method, *args)
       #   plugin_id, plugin_name, plugin_family
       translations_table = {
         # @port           = xml.attributes["port"]
+        # @ip             = xml.attributes["ip"]
+        # @fqdn           = xml.attributes["fqdn"]
+        # @rdns           = xml.attributes["rdns"]
+        # @netbios        = xml.attributes["netbios"]
         # @svc_name       = xml.attributes["svc_name"]
         # @protocol       = xml.attributes["protocol"]
         # @severity       = xml.attributes["severity"]
         :plugin_id => 'pluginID',
         :plugin_name => 'pluginName',
-        :plugin_family  => 'pluginFamily'
+        :plugin_family  => 'pluginFamily',
+        :ip  => 'ip',
+        :fqdn  => 'fqdn',
+        :rdns  => 'rdns',
+        :netbios  => 'netbios'
       }
       method_name = translations_table.fetch(method, method.to_s)
       return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
@@ -115,4 +123,4 @@ def method_missing(method, *args)
       end
     end
   end
-end
+end
diff --git a/templates/evidence.fields b/templates/evidence.fields
@@ -11,6 +11,10 @@ compliance.cm_see_also
 compliance.cm_solution
 evidence.plugin_output
 evidence.port
+evidence.ip
+evidence.fqdn
+evidence.rdns
+evidence.netbios
 evidence.protocol
 evidence.svc_name
 evidence.severity

diff --git a/templates/evidence.template b/templates/evidence.template
@@ -1,5 +1,17 @@
-#[Location]#
+#[Port]#
 %evidence.protocol%/%evidence.port%
 
+#[IP]#
+%evidence.ip%
+
+#[FQDN]#
+%evidence.fqdn%
+
+#[RDNS]#
+%evidence.rdns%
+
+#[Netbios]#
+%evidence.netbios%
+
 #[Output]#
-bc.. %evidence.plugin_output%
+bc.. %evidence.plugin_output%