Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
# -*- coding: binary -*-
2
module Rex
3
module Parser
4

5

6
class NetSparkerXMLStreamParser
7

8
  attr_accessor :on_found_vuln
9

10
  def initialize(on_found_vuln = nil)
11
    self.on_found_vuln = on_found_vuln if on_found_vuln
12
    reset_state
13
  end
14

15
  def reset_state
16
    @state = :generic_state
17
    @vuln  = {'info' => []}
18
    @attr  = {}
19
  end
20

21
  def tag_start(name, attributes)
22
    @state = "in_#{name.downcase}".intern
23
    @attr  = attributes
24

25
    case name
26
    when "vulnerability"
27
      @vuln = { 'info' => [] }
28
      @vuln['confirmed'] = attributes['confirmed']
29
    end
30
  end
31

32
  def text(str)
33
    case @state
34
    when :in_url
35
      @vuln['url'] ||= ""
36
      @vuln['url']  += str
37
    when :in_type
38
      @vuln['type'] ||= ""
39
      @vuln['type']  += str
40
    when :in_severity
41
      @vuln['severity'] ||= ""
42
      @vuln['severity']  += str
43
    when :in_vulnerableparametertype
44
      @vuln["vparam_type"] ||= ""
45
      @vuln["vparam_type"]  += str
46
    when :in_vulnerableparameter
47
      @vuln["vparam_name"] ||= ""
48
      @vuln["vparam_name"]  += str
49
    when :in_vulnerableparametervalue
50
      @vuln["vparam_value"] ||= ""
51
      @vuln["vparam_value"]  += str
52
    when :in_rawrequest
53
      @vuln["request"] ||= ""
54
      @vuln["request"]  += str
55
    when :in_rawresponse
56
      @vuln["response"] ||= ""
57
      @vuln["response"]  += str
58
    when :in_info
59
      # <info name="Identified Internal Path(s)">C:\AppServ\www\test-apps\dokeos\main\inc\banner.inc.php</info>
60
      if not str.to_s.strip.empty?
61
        @vuln['info'] << [@attr['name'] || "Information", str]
62
      end
63
    when :in_netsparker
64
    when :in_target
65
    when :in_scantime
66
    when :generic_state
67
    when :in_vulnerability
68
    when :in_extrainformation
69
    else
70
      # $stderr.puts "unknown state: #{@state}"
71
    end
72
  end
73

74
  def tag_end(name)
75
    case name
76
    when "vulnerability"
77
      @vuln.keys.each do |k|
78
        @vuln[k] = @vuln[k].strip if @vuln[k].kind_of?(::String)
79
      end
80
      on_found_vuln.call(@vuln) if on_found_vuln
81
      reset_state
82
    end
83
  end
84

85
  # We don't need these methods, but they're necessary to keep REXML happy
86
  def xmldecl(version, encoding, standalone); end
87
  def cdata(data)
88
    puts "cdata for #{@state} (#{data.length})"
89
    case @state
90
    when :in_rawresponse
91
      @vuln["response"] = data
92
    when :in_rawrequest
93
      @vuln["request"] = data
94
    when :in_info
95
      if not data.to_s.strip.empty?
96
        @vuln['info'] << [@attr['name'] || "Information", data]
97
      end
98
    end
99
  end
100

101
  def comment(str); end
102
  def instruction(name, instruction); end
103
  def attlist; end
104
end
105
end
106
end
107

108
__END__
109

110

111