CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
# -*- coding: binary -*-
2
require 'rexml/document'
3

4
module Rex
5
module Parser
6

7

8
class NessusXMLStreamParser
9

10
  attr_accessor :on_found_host
11

12
  def initialize(&block)
13
    reset_state
14
    on_found_host = block if block
15
  end
16

17
  def reset_state
18
    @host = {'hname' => nil, 'addr' => nil, 'mac' => nil, 'os' => nil, 'ports' => [
19
      'port' => {'port' => nil, 'svc_name'  => nil, 'proto' => nil, 'severity' => nil,
20
      'nasl' => nil, 'nasl_name' => nil, 'description' => nil,
21
      'cve' => [], 'bid' => [], 'xref' => [], 'msf' => nil } ] }
22
    @state = :generic_state
23
  end
24

25
  def tag_start(name, attributes)
26
    case name
27
    when "tag"
28
      if attributes['name'] == "mac-address"
29
        @state = :is_mac
30
      end
31
      if attributes['name'] == "host-fqdn"
32
        @state = :is_fqdn
33
      end
34
      if attributes['name'] == "ip-addr"
35
        @state = :is_ip
36
      end
37
      if attributes['name'] == "host-ip"
38
        @state = :is_ip
39
      end
40
      if attributes['name'] == "operating-system"
41
        @state = :is_os
42
      end
43
    when "ReportHost"
44
      @host['hname'] = attributes['name']
45
    when "ReportItem"
46
      @cve = Array.new
47
      @bid = Array.new
48
      @xref = Array.new
49
      @x = Hash.new
50
      @x['nasl'] = attributes['pluginID']
51
      @x['nasl_name'] = attributes['pluginName']
52
      @x['port'] = attributes['port']
53
      @x['proto'] = attributes['protocol']
54
      @x['svc_name'] = attributes['svc_name']
55
      @x['severity'] = attributes['severity']
56
    when "description"
57
      @state = :is_desc
58
    when "cve"
59
      @state = :is_cve
60
    when "bid"
61
      @state = :is_bid
62
    when "xref"
63
      @state = :is_xref
64
    when "solution"
65
      @state = :is_solution
66
    when "metasploit_name"
67
      @state = :msf
68
    end
69
  end
70

71
  def text(str)
72
    case @state
73
    when :is_fqdn
74
      @host['hname'] = str
75
    when :is_ip
76
      @host['addr'] = str
77
    when :is_os
78
      @host['os'] = str
79
    when :is_mac
80
      @host['mac'] = str
81
    when :is_desc
82
      @x['description'] = str
83
    when :is_cve
84
      @cve.push str
85
    when :is_bid
86
      @bid.push str
87
    when :is_xref
88
      @xref.push str
89
    when :msf
90
      #p str
91
      @x['msf'] = str
92
    end
93
  end
94

95
  def tag_end(name)
96
    case name
97
    when "ReportHost"
98
      on_found_host.call(@host) if on_found_host
99
      reset_state
100
    when "ReportItem"
101
      @x['cve'] = @cve
102
      @x['bid'] = @bid
103
      @x['xref'] = @xref
104
      @host['ports'].push @x
105
    end
106
    @state = :generic_state
107
  end
108

109
  # We don't need these methods, but they're necessary to keep REXML happy
110
  #
111
  def xmldecl(version, encoding, standalone); end
112
  def cdata; end
113
  def comment(str); end
114
  def instruction(name, instruction); end
115
  def attlist; end
116
end
117

118
end
119
end
120

121

122