class Rex::Parser::NexposeSimpleDocument
Attributes
text[R]
Public Instance Methods
actually_vulnerable(vuln)
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 190 def actually_vulnerable(vuln) vuln_result = vuln["resultCode"] vuln_result =~ /^V[VE]$/ end
collect_device_data()
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 208 def collect_device_data return unless in_tag("device") @report_data[:host] = @state[:address] @report_data[:state] = Msf::HostState::Alive # always end
collect_host_fingerprint_data(name)
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 222 def collect_host_fingerprint_data(name) return unless in_tag("device") return if in_tag("service") return unless in_tag("fingerprint") return unless @text @report_data[:host_fingerprint] ||= {} @report_data[:host_fingerprint].merge!(@state[:host_fingerprint]) @report_data[:host_fingerprint][name] = @text.to_s.strip @text = nil end
collect_host_vuln()
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 151 def collect_host_vuln return unless in_tag("vulnerability") return unless in_tag("device") return if in_tag("service") @report_data[:vulns] ||= [] return unless actually_vulnerable(@state[:host_vuln]) vid = @state[:host_vuln]["id"].to_s.downcase vuln = { :name => "NEXPOSE-#{vid}", :info => vid, :refs => @state[:references] } @report_data[:vulns] << vuln end
collect_host_vuln_id()
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 109 def collect_host_vuln_id return unless in_tag("device") return unless in_tag("vulnerability") return if in_tag("service") return unless @state[:host_vuln_id] @state[:references] ||= [] ref = normalize_ref( @state[:host_vuln_id]["type"], @text ) @state[:references] << ref if ref @state[:host_vuln_id] = nil @text = nil end
collect_service_data()
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 277 def collect_service_data return unless in_tag("device") port_hash = {} @report_data[:ports] ||= [] @state[:service].each do |k,v| case k when "protocol" port_hash[:proto] = v when "port" port_hash[:port] = v when "name" sname = v.to_s.downcase.split("(")[0].strip if sname == "<unknown>" port_hash[:name] = nil else port_hash[:name] = db.nmap_msf_service_map(sname) end end end if @state[:service_fingerprint] port_hash[:info] = "#{@state[:service_fingerprint]}" end @report_data[:ports] << port_hash.clone @state.delete :service_fingerprint @state.delete :service @report_data[:ports] end
collect_service_fingerprint_description()
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 305 def collect_service_fingerprint_description return unless in_tag("device") return unless in_tag("service") return unless in_tag("fingerprint") return unless @text @state[:service_fingerprint] = @text.to_s.strip @text = nil end
collect_service_vuln()
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 133 def collect_service_vuln return unless in_tag("device") return unless in_tag("vulnerability") return unless in_tag("service") @report_data[:vulns] ||= [] return unless actually_vulnerable(@state[:service_vuln]) return if @state[:service]["port"].to_i == 0 vid = @state[:service_vuln]["id"].to_s.downcase vuln = { :name => "NEXPOSE-#{vid}", :info => vid, :refs => @state[:references], :port => @state[:service]["port"].to_i, :proto => @state[:service]["protocol"] } @report_data[:vulns] << vuln end
collect_service_vuln_id()
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 121 def collect_service_vuln_id return unless in_tag("device") return unless in_tag("vulnerability") return unless in_tag("service") return unless @state[:service_vuln_id] @state[:references] ||= [] ref = normalize_ref( @state[:service_vuln_id]["type"], @text ) @state[:references] << ref if ref @state[:service_vuln_id] = nil @text = nil end
end_element(name=nil)
click to toggle source
When we exit a tag, this is triggered.
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 45 def end_element(name=nil) block = @block case name when "device" # Wrap it up collect_device_data host_object = report_host &block report_services(host_object) report_host_fingerprint(host_object) report_vulns(host_object) # Reset the state once we close a host @state.delete_if {|k| k != :current_tag} @report_data = {:wspace => @args[:wspace]} when "description" @state[:has_text] = false collect_service_fingerprint_description collect_host_fingerprint_data(name) @text = nil when "vendor", "family", "product", "version", "architecture" @state[:has_text] = false collect_host_fingerprint_data(name) @text = nil when "service" collect_service_data when "id" @state[:has_text] = false collect_service_vuln_id collect_host_vuln_id @text = nil when "vulnerability" collect_service_vuln collect_host_vuln @state[:references] = nil end @state[:current_tag].delete name end
record_device(attrs)
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 195 def record_device(attrs) attrs.each do |k,v| next unless k == "address" @state[:address] = v end end
record_host_fingerprint(attrs)
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 202 def record_host_fingerprint(attrs) return unless in_tag("device") return if in_tag("service") @state[:host_fingerprint] = attr_hash(attrs) end
record_host_fingerprint_data(name, attrs)
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 214 def record_host_fingerprint_data(name, attrs) return unless in_tag("device") return if in_tag("service") return unless in_tag("fingerprint") @state[:host_fingerprint] ||= {} @state[:host_fingerprint].merge! attr_hash(attrs) end
record_host_vuln(attrs)
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 172 def record_host_vuln(attrs) return unless in_tag("device") return if in_tag("service") @state[:host_vuln] = attr_hash(attrs) end
record_host_vuln_id(attrs)
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 166 def record_host_vuln_id(attrs) return unless in_tag("device") return if in_tag("service") @state[:host_vuln_id] = attr_hash(attrs) end
record_service(attrs)
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 266 def record_service(attrs) return unless in_tag("device") @state[:service] = attr_hash(attrs) end
record_service_fingerprint(attrs)
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 271 def record_service_fingerprint(attrs) return unless in_tag("device") return unless in_tag("service") @state[:service][:fingerprint] = attr_hash(attrs) end
record_service_vuln(attrs)
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 184 def record_service_vuln(attrs) return unless in_tag("device") return unless in_tag("service") @state[:service_vuln] = attr_hash(attrs) end
record_service_vuln_id(attrs)
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 178 def record_service_vuln_id(attrs) return unless in_tag("device") return unless in_tag("service") @state[:service_vuln_id] = attr_hash(attrs) end
report_host(&block)
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 233 def report_host(&block) if host_is_okay db.emit(:address,@report_data[:host],&block) if block host_object = db_report(:host, @report_data.merge( :workspace => @args[:wspace] ) ) if host_object db.report_import_note(host_object.workspace, host_object) end host_object end end
report_host_fingerprint(host_object)
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 245 def report_host_fingerprint(host_object) return unless host_object.kind_of? ::Mdm::Host return unless @report_data[:host_fingerprint].kind_of? Hash @report_data[:host_fingerprint].reject! {|k,v| v.nil? || v.empty?} return if @report_data[:host_fingerprint].empty? note = { :workspace => host_object.workspace, :host => host_object, :type => "host.os.nexpose_fingerprint" } data = { :desc => @report_data[:host_fingerprint]["description"], :vendor => @report_data[:host_fingerprint]["vendor"], :family => @report_data[:host_fingerprint]["family"], :product => @report_data[:host_fingerprint]["product"], :version => @report_data[:host_fingerprint]["version"], :arch => @report_data[:host_fingerprint]["architecture"] } db_report(:note, note.merge(:data => data)) end
report_services(host_object)
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 314 def report_services(host_object) return unless host_object.kind_of? ::Mdm::Host return unless @report_data[:ports] return if @report_data[:ports].empty? reported = [] @report_data[:ports].each do |svc| reported << db_report(:service, svc.merge(:host => host_object)) end reported end
report_vulns(host_object)
click to toggle source
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 81 def report_vulns(host_object) vuln_count = 0 block = @block return unless host_object.kind_of? ::Mdm::Host return unless @report_data[:vulns] @report_data[:vulns].each do |vuln| if vuln[:refs] vuln[:refs] << vuln[:name] else vuln[:refs] = [vuln[:name]] end vuln[:refs].uniq! data = { :workspace => host_object.workspace, :host => host_object, :name => vuln[:name], :info => vuln[:info], :refs => vuln[:refs] } if vuln[:port] && vuln[:proto] data[:port] = vuln[:port] data[:proto] = vuln[:proto] end db_report(:vuln,data) end end
start_element(name=nil,attrs=[])
click to toggle source
Triggered every time a new element is encountered. We keep state ourselves with the @state variable, turning things on when we get here (and turning things off when we exit in end_element
()).
# File lib/rex/parser/nexpose_simple_nokogiri.rb, line 16 def start_element(name=nil,attrs=[]) attrs = normalize_attrs(attrs) block = @block @state[:current_tag][name] = true case name when "device" record_device(attrs) when "service" record_service(attrs) when "fingerprint" record_service_fingerprint(attrs) record_host_fingerprint(attrs) when "description" @state[:has_text] = true record_host_fingerprint_data(name,attrs) when "vendor", "family", "product", "version", "architecture" @state[:has_text] = true record_host_fingerprint_data(name,attrs) when "vulnerability" record_service_vuln(attrs) record_host_vuln(attrs) when "id" @state[:has_text] = true record_service_vuln_id(attrs) record_host_vuln_id(attrs) end end