Module: Msf::DBManager::Import::Qualys::Asset
- Included in:
- Msf::DBManager::Import::Qualys
- Defined in:
- lib/msf/core/db_manager/import/qualys/asset.rb
Instance Method Summary collapse
-
#find_qualys_asset_ports(i, host, wspace, hobj, task_id) ⇒ Object
Takes QID numbers and finds the discovered services in a qualys_asset_xml.
- #find_qualys_asset_vuln_refs(doc) ⇒ Object
-
#find_qualys_asset_vulns(host, wspace, hobj, vuln_refs, task_id, &block) ⇒ Object
Pull out vulnerabilities that have at least one matching ref – many “vulns” are not vulns, just audit information.
-
#import_qualys_asset_xml(args = {}, &block) ⇒ Object
Import Qualys’s Asset Data Report format.
Instance Method Details
#find_qualys_asset_ports(i, host, wspace, hobj, task_id) ⇒ Object
Takes QID numbers and finds the discovered services in a qualys_asset_xml.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
# File 'lib/msf/core/db_manager/import/qualys/asset.rb', line 4 def find_qualys_asset_ports(i,host,wspace,hobj,task_id) return unless (i == Msf::DBManager::Import::Qualys::TCP_QID || i == Msf::DBManager::Import::Qualys::UDP_QID) proto = i == Msf::DBManager::Import::Qualys::TCP_QID ? 'tcp' : 'udp' qid = host.xpath("VULN_INFO_LIST/VULN_INFO/QID[@id='qid_#{i}']").first qid_result = qid.parent.xpath("RESULT[@format='table']") if qid hports = qid_result.first.text if qid_result if hports hports.scan(/([0-9]+)\t(.*?)\t.*?\t([^\t\n]*)/) do |match| if match[2] == nil or match[2].strip == 'unknown' name = match[1].strip else name = match[2].strip end handle_qualys(wspace, hobj, match[0].to_s, proto, 0, nil, nil, name, nil, task_id) end end end |
#find_qualys_asset_vuln_refs(doc) ⇒ Object
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
# File 'lib/msf/core/db_manager/import/qualys/asset.rb', line 22 def find_qualys_asset_vuln_refs(doc) vuln_refs = {} doc.xpath("/ASSET_DATA_REPORT/GLOSSARY/VULN_DETAILS_LIST/VULN_DETAILS").each do |vuln| qid_el = vuln.xpath('QID') next unless qid_el && qid_el.first qid = qid_el.first.text vuln_refs[qid] ||= [] vuln.xpath('CVE_ID_LIST/CVE_ID').each do |ref| id = ref.xpath("ID").first&.text vuln_refs[qid].push(id) if id end vuln.xpath('BUGTRAQ_ID_LIST/BUGTRAQ_ID').each do |ref| id = ref.xpath("ID").first&.text vuln_refs[qid].push("BID-#{id}") if id end end return vuln_refs end |
#find_qualys_asset_vulns(host, wspace, hobj, vuln_refs, task_id, &block) ⇒ Object
Pull out vulnerabilities that have at least one matching ref – many “vulns” are not vulns, just audit information.
43 44 45 46 47 48 49 50 51 |
# File 'lib/msf/core/db_manager/import/qualys/asset.rb', line 43 def find_qualys_asset_vulns(host,wspace,hobj,vuln_refs,task_id,&block) host.xpath("VULN_INFO_LIST/VULN_INFO").each do |vi| next unless vi.xpath("QID").first vi.xpath("QID").each do |qid| next if vuln_refs[qid.text].nil? || vuln_refs[qid.text].empty? handle_qualys(wspace, hobj, nil, nil, qid.text, nil, vuln_refs[qid.text], nil, nil, task_id) end end end |
#import_qualys_asset_xml(args = {}, &block) ⇒ Object
Import Qualys’s Asset Data Report format
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 |
# File 'lib/msf/core/db_manager/import/qualys/asset.rb', line 56 def import_qualys_asset_xml(args={}, &block) data = args[:data] wspace = Msf::Util::DBManager.process_opts_workspace(args, framework).name bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : [] doc = Nokogiri.XML(data) vuln_refs = find_qualys_asset_vuln_refs(doc) # 2nd pass, actually grab the hosts. doc.xpath("/ASSET_DATA_REPORT/HOST_LIST/HOST").each do |host| hobj = nil addr_el = host.xpath("IP").first addr = addr_el.text if addr_el next unless validate_ips(addr) if bl.include? addr next else yield(:address,addr) if block end netbios_el = host.xpath("NETBIOS").first dns_el = host.xpath("DNS").first hname = ( # Prefer NetBIOS over DNS (netbios_el.text if netbios_el) || (dns_el.text if dns_el) || "" ) hobj = report_host(:workspace => wspace, :host => addr, :name => hname, :state => Msf::HostState::Alive, :task => args[:task]) report_import_note(wspace,hobj) os_el = host.xpath("OPERATING_SYSTEM").first if os_el hos = os_el.text report_note( :workspace => wspace, :task => args[:task], :host => hobj, :type => 'host.os.qualys_fingerprint', :data => { :os => hos } ) end # Report open ports. find_qualys_asset_ports(82023,host,wspace,hobj, args[:task]) # TCP find_qualys_asset_ports(82004,host,wspace,hobj, args[:task]) # UDP # Report vulns find_qualys_asset_vulns(host,wspace,hobj,vuln_refs, args[:task],&block) end # host end |