-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathmodPluginsHandlingNASLRead.bas
273 lines (245 loc) · 12.1 KB
/
modPluginsHandlingNASLRead.bas
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
Attribute VB_Name = "modPluginsHandlingNASLRead"
Option Explicit
Public Sub ParseNASLPlugin(ByRef strNASLPluginContent As String)
Dim TempArray() As String 'A temporary array for the splitting and parsing
'Replace the problematic whitespaces in the plugin content
strNASLPluginContent = Replace$(strNASLPluginContent, vbLf, vbNewLine, , , vbBinaryCompare)
strNASLPluginContent = Replace$(strNASLPluginContent, vbCr, vbNewLine, , , vbBinaryCompare)
strNASLPluginContent = Replace$(strNASLPluginContent, vbNewLine & vbNewLine, vbNewLine, , , vbBinaryCompare)
strNASLPluginContent = Replace$(strNASLPluginContent, vbTab, "", , , vbBinaryCompare)
'Clear the values from the last plugin to prevent misunderstandings
Call ClearAllPluginVariables
On Error Resume Next
'Get the data fields and write them into the public variables
TempArray = Split(strNASLPluginContent, "script_id(")
TempArray = Split(TempArray(1), ");")
If LenB(TempArray(0)) <> LenB(strNASLPluginContent) Then
plugin_id = "N" & Val(TempArray(0))
source_nessus_id = Val(TempArray(0))
End If
TempArray = Split(strNASLPluginContent, "script_name(english:" & ChrW$(34))
TempArray = Split(TempArray(1), ChrW$(34) & ");")
If LenB(TempArray(0)) = LenB(strNASLPluginContent) Then
TempArray = Split(strNASLPluginContent, "name[" & ChrW$(34) & "english" & ChrW$(34) & "] = " & ChrW$(34))
TempArray = Split(TempArray(1), ChrW$(34) & ";")
If LenB(TempArray(0)) <> LenB(strNASLPluginContent) Then
plugin_name = TempArray(0)
Else
plugin_name = plugin_filename
End If
Else
plugin_name = TempArray(0)
End If
'Plugin version
TempArray = Split(strNASLPluginContent, "(" & ChrW$(34) & "$Revision: ")
TempArray = Split(TempArray(1), " $" & ChrW$(34) & ")")
If LenB(TempArray(0)) <> LenB(strNASLPluginContent) Then
plugin_version = TempArray(0)
Else
TempArray = Split(Replace(strNASLPluginContent, " ", vbNullString, , , vbBinaryCompare), "script_version(" & ChrW$(34))
TempArray = Split(TempArray(1), ChrW$(34) & ");")
If LenB(TempArray(0)) <> LenB(strNASLPluginContent) Then
plugin_version = TempArray(0)
End If
End If
'Description
TempArray = Split(strNASLPluginContent, "desc[" & ChrW$(34) & "english" & ChrW$(34) & "] = " & ChrW$(34))
TempArray = Split(TempArray(1), "Solution")
If LenB(TempArray(0)) = LenB(strNASLPluginContent) Then
TempArray = Split(strNASLPluginContent, "edesc= " & ChrW$(34) & vbNewLine)
TempArray = Split(TempArray(1), vbNewLine & "Solution")
If LenB(TempArray(0)) = LenB(strNASLPluginContent) Then
TempArray = Split(strNASLPluginContent, "script_description(english:string(" & ChrW$(34))
TempArray = Split(TempArray(1), "Risk")
End If
End If
bug_description = Replace$(TempArray(0), vbNewLine, " ")
bug_description = Replace$(bug_description, ChrW$(10), " ")
bug_description = Trim$(bug_description)
'Solution
TempArray = Split(strNASLPluginContent, "Solution")
TempArray = Split(TempArray(1), "Risk")
If LenB(TempArray(0)) <> LenB(strNASLPluginContent) Then
TempArray = Split(TempArray(0), ": ")
TempArray = Split(TempArray(1), ";")
bug_solution = Trim(Replace(TempArray(0), vbNewLine, " "))
End If
'The risk
TempArray = Split(strNASLPluginContent, "actor")
TempArray = Split(TempArray(1), ChrW$(34) & ";")
If LenB(TempArray(0)) <> LenB(strNASLPluginContent) Then
If InStrB(1, LCase$(TempArray(0)), "low", vbBinaryCompare) Then
bug_severity = "Low"
ElseIf InStrB(1, LCase$(TempArray(0)), "medium", vbBinaryCompare) Then
bug_severity = "Medium"
ElseIf InStrB(1, LCase$(TempArray(0)), "high", vbBinaryCompare) Then
bug_severity = "High"
ElseIf InStrB(1, LCase$(TempArray(0)), "critical", vbBinaryCompare) Then
bug_severity = "Critical"
Else
Dim j As Integer
For j = 1 To LenB(TempArray(0))
If Mid$(TempArray(0), j, 1) Like "[A-Za-z]" Then
bug_severity = bug_severity & Mid$(TempArray(0), j, 1)
ElseIf j > 3 Then
Exit For
End If
Next j
End If
bug_nessus_risk = bug_severity
End If
'Plugin family
TempArray = Split(strNASLPluginContent, "family[" & ChrW$(34) & "english" & ChrW$(34) & "] = " & ChrW$(34))
TempArray = Split(TempArray(1), ChrW$(34) & ";")
If LenB(TempArray(0)) = LenB(strNASLPluginContent) Then
TempArray = Split(TempArray(0), "script_family(english:" & ChrW$(34))
TempArray = Split(TempArray(1), ChrW$(34) & ");")
If LenB(TempArray(0)) <> LenB(strNASLPluginContent) Then
plugin_family = TempArray(0)
End If
Else
plugin_family = TempArray(0)
End If
'Vulnerability Class
If InStrB(1, LCase$(plugin_name), "buffer overflow", vbBinaryCompare) Then
bug_vulnerability_class = "Buffer Overflow"
ElseIf InStrB(1, LCase$(plugin_name), "bufferoverflow", vbBinaryCompare) Then
bug_vulnerability_class = "Buffer Overflow"
ElseIf InStrB(1, LCase$(plugin_name), "configuration", vbBinaryCompare) Then
bug_vulnerability_class = "Configuration"
ElseIf InStrB(1, LCase$(plugin_name), "cross site scripting", vbBinaryCompare) Then
bug_vulnerability_class = "Cross Site Scripting"
ElseIf InStrB(1, LCase$(plugin_name), "css", vbBinaryCompare) Then
bug_vulnerability_class = "Cross Site Scripting"
ElseIf InStrB(1, LCase$(plugin_name), "xss", vbBinaryCompare) Then
bug_vulnerability_class = "Cross Site Scripting"
ElseIf InStrB(1, LCase$(plugin_name), "html injection", vbBinaryCompare) Then
bug_vulnerability_class = "Cross Site Scripting"
ElseIf InStrB(1, LCase$(plugin_name), "cross domain scripting", vbBinaryCompare) Then
bug_vulnerability_class = "Cross Domain Scripting"
ElseIf InStrB(1, LCase$(plugin_name), "denial of service", vbBinaryCompare) Then
bug_vulnerability_class = "Denial Of Service"
ElseIf InStrB(1, LCase$(plugin_name), "evasion", vbBinaryCompare) Then
bug_vulnerability_class = "Evasion"
ElseIf InStrB(1, LCase$(plugin_name), "circumvent", vbBinaryCompare) Then
bug_vulnerability_class = "Evasion"
ElseIf InStrB(1, LCase$(plugin_name), "format string", vbBinaryCompare) Then
bug_vulnerability_class = "Format String"
ElseIf InStrB(1, LCase$(plugin_name), "sql injection", vbBinaryCompare) Then
bug_vulnerability_class = "SQL Injection"
ElseIf InStrB(1, LCase$(plugin_name), "symlink", vbBinaryCompare) Then
bug_vulnerability_class = "Symlink"
ElseIf InStrB(1, LCase$(plugin_name), "authentication", vbBinaryCompare) Then
bug_vulnerability_class = "Weak Authentication"
ElseIf InStrB(1, LCase$(plugin_name), "encryption", vbBinaryCompare) Then
bug_vulnerability_class = "Weak Encryption"
Else
bug_vulnerability_class = "Unknown"
End If
'Port
TempArray = Split(strNASLPluginContent, "require_ports(", , vbBinaryCompare)
TempArray = Split(TempArray(1), ");", , vbBinaryCompare)
If LenB(TempArray(0)) <> LenB(strNASLPluginContent) Then
TempArray = Split(TempArray(0), ", ", , vbBinaryCompare)
TempArray = Split(TempArray(1), ");", , vbBinaryCompare)
If InStr(1, TempArray(0), "/", vbBinaryCompare) Then
TempArray = Split(strNASLPluginContent, "require_ports(", , vbBinaryCompare)
TempArray = Split(TempArray(1), ", ", , vbBinaryCompare)
plugin_port = Val(TempArray(0))
Else
plugin_port = Val(TempArray(0))
End If
Else
TempArray = Split(strNASLPluginContent, "ort(default:", , vbBinaryCompare)
TempArray = Split(TempArray(1), ");", , vbBinaryCompare)
If LenB(TempArray(0)) = LenB(strNASLPluginContent) Then
TempArray = Split(TempArray(0), ",")
plugin_port = Replace(Val(TempArray(0)), "," Or vbNewLine, "", , , vbBinaryCompare)
Else
plugin_port = "80"
End If
End If
'Usual open tcp socket
If InStr(1, strNASLPluginContent, "open_sock_tcp", vbBinaryCompare) Or _
InStr(1, strNASLPluginContent, "http_get", vbBinaryCompare) Then
plugin_protocol = "tcp"
ElseIf InStr(1, strNASLPluginContent, "open_sock_udp", vbBinaryCompare) Then
plugin_protocol = "udp"
ElseIf InStr(1, strNASLPluginContent, "forge_icmp_packet", vbBinaryCompare) Then
plugin_protocol = "icmp"
Else
plugin_protocol = "unknown"
End If
'Plugin request
TempArray = Split(strNASLPluginContent, "http_get(item:" & ChrW$(34))
TempArray = Split(TempArray(1), ChrW$(34) & ", port:")
If LenB(TempArray(0)) = LenB(strNASLPluginContent) Then
plugin_procedure_detection = "open|sleep|close|pattern_exists"
Else
plugin_procedure_detection = "open|send " & TempArray(0) & " HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# ### *"
End If
'Copyright information
TempArray = Split(strNASLPluginContent, "script_copyright(english:" & ChrW$(34))
TempArray = Split(TempArray(1), ChrW$(34) & ");")
If LenB(TempArray(0)) <> LenB(strNASLPluginContent) Then
plugin_comment = TempArray(0)
Else
plugin_comment = "This script may be copyrighted by the Nessus project or Tenable Network Security."
End If
'bug_published_by
TempArray = Split(strNASLPluginContent, "From: ")
TempArray = Split(TempArray(1), vbNewLine)
If LenB(TempArray(0)) <> LenB(strNASLPluginContent) Then
bug_published_name = Replace(TempArray(0), ChrW$(34), "")
Else
TempArray = Split(strNASLPluginContent, "Ref: ")
TempArray = Split(TempArray(1), vbNewLine)
If LenB(TempArray(0)) <> LenB(strNASLPluginContent) Then
bug_published_name = Replace(TempArray(0), ChrW$(34), "")
End If
End If
'Plugin author
TempArray = Split(strNASLPluginContent, "Author: ")
TempArray = Split(TempArray(1), vbNewLine)
If LenB(TempArray(0)) <> LenB(strNASLPluginContent) Then
plugin_created_name = Replace(TempArray(0), ChrW$(34), "")
End If
'Pattern matching
TempArray = Split(strNASLPluginContent, "if(" & ChrW$(34))
TempArray = Split(TempArray(1), ChrW$(34) & " >< res")
If LenB(TempArray(0)) <> LenB(strNASLPluginContent) Then
plugin_procedure_detection = plugin_procedure_detection & " " & Replace(TempArray(0), "^", vbNullString, , , vbBinaryCompare) & "*"
plugin_detection_accuracy = "70"
Else
TempArray = Split(strNASLPluginContent, "egrep(pattern:")
TempArray = Split(TempArray(1), ", string:")
If LenB(TempArray(0)) <> LenB(strNASLPluginContent) Then
plugin_procedure_detection = plugin_procedure_detection & " " & Replace(TempArray(0), "^", vbNullString, , , vbBinaryCompare) & "*"
plugin_detection_accuracy = "70"
Else
plugin_detection_accuracy = "20"
End If
End If
'CVE ID
TempArray = Split(strNASLPluginContent, "script_cve_id(")
TempArray = Split(TempArray(1), ");")
If LenB(TempArray(0)) <> LenB(strNASLPluginContent) Then
source_cve = Replace(TempArray(0), ChrW$(34), "")
End If
'Bugtraq ID
TempArray = Split(strNASLPluginContent, "script_bugtraq_id(")
TempArray = Split(TempArray(1), ");")
If LenB(TempArray(0)) <> LenB(strNASLPluginContent) Then
source_securityfocus_bid = Val(Replace(TempArray(0), ChrW$(34), ""))
End If
'bug_checking_tool
bug_check_tool = "Nessus can check this flaw with the plugin " & source_nessus_id & " (" & plugin_name & ")."
bug_exploit_availability = "Maybe"
'bug_remote
bug_remote = "Yes"
bug_local = "Maybe"
source_literature = "Hacking Exposed: Network Security Secrets & Solutions, " & _
"Stuart McClure, Joel Scambray and George Kurtz, " & _
"February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427"
source_misc = "http://www.computec.ch"
End Sub