Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update port processing for openvas #12812

Merged
merged 1 commit into from Jan 12, 2020
Merged

Conversation

@jmartin-r7
Copy link
Member

jmartin-r7 commented Jan 11, 2020

Port in openvas OMP version 7.0 reports serialize in a new format.

<ports max="1000" start="1"><count>3</count>
  <port>general/tcp<host>192.168.8.100</host><severity>2.6</severity><threat>Low</threat></port>
  <port>general/CPE-T<host>192.168.8.100</host><severity>0.0</severity><threat>Log</threat></port>
  <port>general/icmp<host>192.168.8.100</host><severity>0.0</severity><threat>Log</threat></port>
  <port>445/tcp (IANA: microsoft-ds)<host>192.168.8.100</host><severity>9.3</severity><threat>High</threat></port>
  <port>139/tcp (IANA: netbios-ssn)<host>192.168.8.100</host><severity>0.0</severity><threat>Log</threat></port>
  <port>135/tcp (IANA: epmap)<host>192.168.8.100</host><severity>5.0</severity><threat>Medium</threat></port>
</ports>

Verification

List the steps needed to make sure this thing works

  • Generate recent openvas XML report with ports reported.
<report_format id="00000000-0000-0000-0000-000000000000">
  <name>XML</name>
</report_format>
<report id="00000000-0000-0000-0000-000000000000">
  <omp>
    <version>7.0</version>
  </omp>
...
<report>
  • Start msfconsole
  • db_import testScan.xml
  • Verify hosts and services import accurately
Port in openvas OMP version 7.0 reports serialize in a new format.
<ports max="1000" start="1"><count>3</count>
  <port>general/tcp<host>192.168.8.100</host><severity>2.6</severity><threat>Low</threat></port>
  <port>general/CPE-T<host>192.168.8.100</host><severity>0.0</severity><threat>Log</threat></port>
  <port>general/icmp<host>192.168.8.100</host><severity>0.0</severity><threat>Log</threat></port>
  <port>445/tcp (IANA: microsoft-ds)<host>192.168.8.100</host><severity>9.3</severity><threat>High</threat></port>
  <port>139/tcp (IANA: netbios-ssn)<host>192.168.8.100</host><severity>0.0</severity><threat>Log</threat></port>
  <port>135/tcp (IANA: epmap)<host>192.168.8.100</host><severity>5.0</severity><threat>Medium</threat></port>
</ports>
@bcoles

This comment has been minimized.

Copy link
Contributor

bcoles commented Jan 11, 2020

LGTM. Resolves #7903.

msf5 > db_import /root/Desktop/metasploit-framework/report.xml
[*] Importing 'OpenVAS XML' data
[*] Import: Parsing with 'Nokogiri v1.10.7'
[-] Error while running command db_import: undefined method `split' for nil:NilClass

Call stack:
/root/Desktop/metasploit-framework/lib/rex/parser/openvas_nokogiri.rb:100:in `end_element'
/var/lib/gems/2.5.0/gems/nokogiri-1.10.7/lib/nokogiri/xml/sax/document.rb:127:in `end_element_namespace'
/var/lib/gems/2.5.0/gems/nokogiri-1.10.7/lib/nokogiri/xml/sax/parser.rb:110:in `parse_with'
/var/lib/gems/2.5.0/gems/nokogiri-1.10.7/lib/nokogiri/xml/sax/parser.rb:110:in `parse_memory'
/var/lib/gems/2.5.0/gems/nokogiri-1.10.7/lib/nokogiri/xml/sax/parser.rb:83:in `parse'
/root/Desktop/metasploit-framework/lib/msf/core/db_manager/import/open_vas.rb:11:in `import_openvas_noko_stream'
/root/Desktop/metasploit-framework/lib/msf/core/db_manager/import/open_vas.rb:22:in `import_openvas_new_xml'
/root/Desktop/metasploit-framework/lib/msf/core/db_manager/import.rb:100:in `import'
/root/Desktop/metasploit-framework/lib/msf/core/db_manager/import.rb:219:in `import_file'
/root/Desktop/metasploit-framework/lib/metasploit/framework/data_service/proxy/db_import_data_proxy.rb:17:in `block in import_file'
/root/Desktop/metasploit-framework/lib/metasploit/framework/data_service/proxy/core.rb:166:in `data_service_operation'
/root/Desktop/metasploit-framework/lib/metasploit/framework/data_service/proxy/db_import_data_proxy.rb:15:in `import_file'
/root/Desktop/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:1467:in `block (3 levels) in cmd_db_import'
/root/Desktop/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:1460:in `each'
/root/Desktop/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:1460:in `block (2 levels) in cmd_db_import'
/root/Desktop/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:1454:in `each'
/root/Desktop/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:1454:in `block in cmd_db_import'
/var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:292:in `with_connection'
/root/Desktop/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:1449:in `cmd_db_import'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:523:in `run_command'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:474:in `block in run_single'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `each'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `run_single'
/root/Desktop/metasploit-framework/lib/rex/ui/text/shell.rb:158:in `run'
/root/Desktop/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/root/Desktop/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
./msfconsole:49:in `<main>'
msf5 > edit lib/rex/parser/openvas_nokogiri.rb
[*] Reloading /root/Desktop/metasploit-framework/lib/rex/parser/openvas_nokogiri.rb
msf5 > db_import /root/Desktop/metasploit-framework/report.xml
[*] Importing 'OpenVAS XML' data
[*] Import: Parsing with 'Nokogiri v1.10.7'
[*] Successfully imported /root/Desktop/metasploit-framework/report.xml
msf5 > services
Services
========

host           port  proto  name          state  info
----           ----  -----  ----          -----  ----
192.168.8.100  135   tcp    epmap         open   
192.168.8.100  139   tcp    netbios-ssn   open   
192.168.8.100  445   tcp    microsoft-ds  open   

msf5 > 
@busterb busterb self-assigned this Jan 12, 2020
busterb added a commit to busterb/metasploit-framework that referenced this pull request Jan 12, 2020
@busterb busterb merged commit 25e0355 into rapid7:master Jan 12, 2020
3 checks passed
3 checks passed
Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@busterb

This comment has been minimized.

Copy link
Member

busterb commented Jan 12, 2020

Release Notes

This updates the OpenVAS data importer to work with the new OpenVAS 7.0 format.

msjenkins-r7 added a commit that referenced this pull request Jan 12, 2020
@bcoles bcoles mentioned this pull request Jan 12, 2020
1 of 4 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.