Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update port processing for openvas #12812

Merged
merged 1 commit into from
Jan 12, 2020
Merged

update port processing for openvas #12812

merged 1 commit into from
Jan 12, 2020

Conversation

jmartin-tech
Copy link
Contributor

@jmartin-tech jmartin-tech commented Jan 11, 2020
edited by busterb
Loading

Port in openvas OMP version 7.0 reports serialize in a new format.

<ports max="1000" start="1"><count>3</count>
  <port>general/tcp<host>192.168.8.100</host><severity>2.6</severity><threat>Low</threat></port>
  <port>general/CPE-T<host>192.168.8.100</host><severity>0.0</severity><threat>Log</threat></port>
  <port>general/icmp<host>192.168.8.100</host><severity>0.0</severity><threat>Log</threat></port>
  <port>445/tcp (IANA: microsoft-ds)<host>192.168.8.100</host><severity>9.3</severity><threat>High</threat></port>
  <port>139/tcp (IANA: netbios-ssn)<host>192.168.8.100</host><severity>0.0</severity><threat>Log</threat></port>
  <port>135/tcp (IANA: epmap)<host>192.168.8.100</host><severity>5.0</severity><threat>Medium</threat></port>
</ports>

Verification

List the steps needed to make sure this thing works

  • Generate recent openvas XML report with ports reported.
<report_format id="00000000-0000-0000-0000-000000000000">
  <name>XML</name>
</report_format>
<report id="00000000-0000-0000-0000-000000000000">
  <omp>
    <version>7.0</version>
  </omp>
...
<report>
  • Start msfconsole
  • db_import testScan.xml
  • Verify hosts and services import accurately

@jmartin-tech
update port processing for openvas
25e0355 
Port in openvas OMP version 7.0 reports serialize in a new format.
<ports max="1000" start="1"><count>3</count>
  <port>general/tcp<host>192.168.8.100</host><severity>2.6</severity><threat>Low</threat></port>
  <port>general/CPE-T<host>192.168.8.100</host><severity>0.0</severity><threat>Log</threat></port>
  <port>general/icmp<host>192.168.8.100</host><severity>0.0</severity><threat>Log</threat></port>
  <port>445/tcp (IANA: microsoft-ds)<host>192.168.8.100</host><severity>9.3</severity><threat>High</threat></port>
  <port>139/tcp (IANA: netbios-ssn)<host>192.168.8.100</host><severity>0.0</severity><threat>Log</threat></port>
  <port>135/tcp (IANA: epmap)<host>192.168.8.100</host><severity>5.0</severity><threat>Medium</threat></port>
</ports>
@bcoles
Copy link
Contributor

bcoles commented Jan 11, 2020
edited
Loading

LGTM. Resolves #7903.

msf5 > db_import /root/Desktop/metasploit-framework/report.xml
[*] Importing 'OpenVAS XML' data
[*] Import: Parsing with 'Nokogiri v1.10.7'
[-] Error while running command db_import: undefined method `split' for nil:NilClass

Call stack:
/root/Desktop/metasploit-framework/lib/rex/parser/openvas_nokogiri.rb:100:in `end_element'
/var/lib/gems/2.5.0/gems/nokogiri-1.10.7/lib/nokogiri/xml/sax/document.rb:127:in `end_element_namespace'
/var/lib/gems/2.5.0/gems/nokogiri-1.10.7/lib/nokogiri/xml/sax/parser.rb:110:in `parse_with'
/var/lib/gems/2.5.0/gems/nokogiri-1.10.7/lib/nokogiri/xml/sax/parser.rb:110:in `parse_memory'
/var/lib/gems/2.5.0/gems/nokogiri-1.10.7/lib/nokogiri/xml/sax/parser.rb:83:in `parse'
/root/Desktop/metasploit-framework/lib/msf/core/db_manager/import/open_vas.rb:11:in `import_openvas_noko_stream'
/root/Desktop/metasploit-framework/lib/msf/core/db_manager/import/open_vas.rb:22:in `import_openvas_new_xml'
/root/Desktop/metasploit-framework/lib/msf/core/db_manager/import.rb:100:in `import'
/root/Desktop/metasploit-framework/lib/msf/core/db_manager/import.rb:219:in `import_file'
/root/Desktop/metasploit-framework/lib/metasploit/framework/data_service/proxy/db_import_data_proxy.rb:17:in `block in import_file'
/root/Desktop/metasploit-framework/lib/metasploit/framework/data_service/proxy/core.rb:166:in `data_service_operation'
/root/Desktop/metasploit-framework/lib/metasploit/framework/data_service/proxy/db_import_data_proxy.rb:15:in `import_file'
/root/Desktop/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:1467:in `block (3 levels) in cmd_db_import'
/root/Desktop/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:1460:in `each'
/root/Desktop/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:1460:in `block (2 levels) in cmd_db_import'
/root/Desktop/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:1454:in `each'
/root/Desktop/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:1454:in `block in cmd_db_import'
/var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:292:in `with_connection'
/root/Desktop/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:1449:in `cmd_db_import'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:523:in `run_command'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:474:in `block in run_single'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `each'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `run_single'
/root/Desktop/metasploit-framework/lib/rex/ui/text/shell.rb:158:in `run'
/root/Desktop/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/root/Desktop/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
./msfconsole:49:in `<main>'
msf5 > edit lib/rex/parser/openvas_nokogiri.rb
[*] Reloading /root/Desktop/metasploit-framework/lib/rex/parser/openvas_nokogiri.rb
msf5 > db_import /root/Desktop/metasploit-framework/report.xml
[*] Importing 'OpenVAS XML' data
[*] Import: Parsing with 'Nokogiri v1.10.7'
[*] Successfully imported /root/Desktop/metasploit-framework/report.xml
msf5 > services
Services
========

host           port  proto  name          state  info
----           ----  -----  ----          -----  ----
192.168.8.100  135   tcp    epmap         open   
192.168.8.100  139   tcp    netbios-ssn   open   
192.168.8.100  445   tcp    microsoft-ds  open   

msf5 >

@busterb busterb self-assigned this Jan 12, 2020
busterb added a commit to busterb/metasploit-framework that referenced this pull request Jan 12, 2020
@busterb
Land rapid7#12812, update port processing for openvas
55d782c
@busterb busterb merged commit 25e0355 into rapid7:master Jan 12, 2020
@busterb
Copy link
Member

busterb commented Jan 12, 2020

Release Notes

This updates the OpenVAS data importer to work with the new OpenVAS 7.0 format.

msjenkins-r7 pushed a commit that referenced this pull request Jan 12, 2020
@busterb @msjenkins-r7
Land #12812, update port processing for openvas
227d3a1
@bcoles bcoles mentioned this pull request Jan 12, 2020
Closed
4 tasks
@jmartin-tech jmartin-tech deleted the update-openvas-import branch November 17, 2020 15:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@busterb busterb

Labels
bug library
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jmartin-tech @bcoles @busterb @wvu