lib/msf/core/db_manager/import/qualys/scan.rb from rapid7/metasploit-framework

lib/msf/core/db_manager/import/qualys/scan.rb
Summary

Maintainability

1 day
Test Coverage

Issues
module Msf::DBManager::Import::Qualys::Scan
  def import_qualys_scan_xml(args={}, &block)
    data = args[:data]
    wspace = Msf::Util::DBManager.process_opts_workspace(args, framework).name
    bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []


    doc = Nokogiri.XML(data)
    doc.xpath('/SCAN/IP').each do |host|
      hobj = nil
      addr  = host.attr('value')
      if bl.include? addr
        next
      else
        yield(:address,addr) if block
      end
      hname = host.attr('name') || ''

      hobj = report_host(:workspace => wspace, :host => addr, :name => hname, :state => Msf::HostState::Alive, :task => args[:task])
      report_import_note(wspace,hobj)

      os_el = host.xpath("OS").first
      if os_el
        hos = os_el.text
        report_note(
          :workspace => wspace,
          :task => args[:task],
          :host => hobj,
          :type => 'host.os.qualys_fingerprint',
          :data => {
            :os => hos
          }
        )
      end

      # Open TCP Services List (Qualys ID 82023)
      services_tcp = host.xpath("SERVICES/CAT/SERVICE[@number='#{Msf::DBManager::Import::Qualys::TCP_QID}']/RESULT").first
      if services_tcp
        services_tcp.text.scan(/([0-9]+)\t(.*?)\t.*?\t([^\t\n]*)/) do |match|
          if match[2] == nil or match[2].strip == 'unknown'
            name = match[1].strip
          else
            name = match[2].strip
          end
          handle_qualys(wspace, hobj, match[0].to_s, 'tcp', 0, nil, nil, name, nil, args[:task])
        end
      end
      # Open UDP Services List (Qualys ID 82004)
      services_udp = host.xpath("SERVICES/CAT/SERVICE[@number='#{Msf::DBManager::Import::Qualys::UDP_QID}']/RESULT").first
      if services_udp
        services_udp.text.scan(/([0-9]+)\t(.*?)\t.*?\t([^\t\n]*)/) do |match|
          if match[2] == nil or match[2].strip == 'unknown'
            name = match[1].strip
          else
            name = match[2].strip
          end
          handle_qualys(wspace, hobj, match[0].to_s, 'udp', 0, nil, nil, name, nil, args[:task])
        end
      end

      # VULNS are confirmed, PRACTICES are unconfirmed vulnerabilities
      host.xpath('VULNS/CAT | PRACTICES/CAT').each do |cat|
        port = cat.attr('port')
        protocol = cat.attr('protocol')
        cat.xpath('VULN | PRACTICE').each do |vuln|
          refs = []
          qid = vuln.attr('number')
          severity = vuln.attr('severity')
          title = vuln.xpath('TITLE').first&.text
          vuln.xpath('VENDOR_REFERENCE_LIST/VENDOR_REFERENCE').each do |ref|
            id = ref.xpath('ID').first&.text
            refs.push(id) if id
          end
          vuln.xpath('CVE_ID_LIST/CVE_ID').each do |ref|
            id = ref.xpath("ID").first&.text
            refs.push(id) if id
          end
          vuln.xpath('BUGTRAQ_ID_LIST/BUGTRAQ_ID').each do |ref|
            id = ref.xpath("ID").first&.text
            refs.push("BID-#{id}") if id
          end

          handle_qualys(wspace, hobj, port, protocol, qid, severity, refs, nil,title, args[:task])
        end
      end
    end
  end

  #
  # Import Qualys' Scan xml output
  #
  def import_qualys_scan_xml_file(args={})
    filename = args[:filename]

    data = ""
    ::File.open(filename, 'rb') do |f|
      data = f.read(f.stat.size)
    end
    import_qualys_scan_xml(args.merge(:data => data))
  end
end