def test_report_parser_check_empty_results(self):
        xml = StringIO.StringIO('<report extension="xml" type="scan" id="aaaa" content_type="text/xml" format_id="a994b278-1f62-11e1-96ac-406186ea4fc5"></report>')

        r = report_parser(xml)

        self.assertIsInstance(r, list)
        self.assertEqual(0, len(r))
Beispiel #2
0
    def test_report_parser_check_empty_results(self):
        xml = StringIO.StringIO(
            '<report extension="xml" type="scan" id="aaaa" content_type="text/xml" format_id="a994b278-1f62-11e1-96ac-406186ea4fc5"></report>'
        )

        r = report_parser(xml)

        self.assertIsInstance(r, list)
        self.assertEqual(0, len(r))
Beispiel #3
0
 def import_results(self, input_file):
     try:
         openvas_results = report_parser(input_file)
         golismero_results = OpenVASPlugin.parse_results(openvas_results)
         if golismero_results:
             Database.async_add_many(golismero_results)
     except Exception, e:
         fmt = format_exc()
         Logger.log_error("Could not load OpenVAS results from file: %s" %
                          input_file)
         Logger.log_error_verbose(str(e))
         Logger.log_error_more_verbose(fmt)
Beispiel #4
0
 def import_results(self, input_file):
     try:
         openvas_results = report_parser(input_file);
         golismero_results = OpenVASPlugin.parse_results(openvas_results)
         if golismero_results:
             Database.async_add_many(golismero_results)
     except Exception, e:
         fmt = format_exc()
         Logger.log_error(
             "Could not load OpenVAS results from file: %s" % input_file)
         Logger.log_error_verbose(str(e))
         Logger.log_error_more_verbose(fmt)
Beispiel #5
0
def getReport():
    print("Retrieving report")
    report = report_parser("/var/log/openvas/result.xml")
    return report
    def get_results(self, openvas_results_path, key):
        print('Getting report')
        encryptor = Encryptor(key)
        encryptor.decrypt_file(openvas_results_path + '.enc')
        report = report_parser(
            openvas_results_path)  #-4 to remove .enc extensions
        os.remove(openvas_results_path)
        vulnResult = None
        scanResults = []
        for result in report:
            if Vulnerability.objects.filter(
                    vulnerabilityId=result.nvt.oid).exists():
                vulnResult = Vulnerability.objects.get(
                    vulnerabilityId=result.nvt.oid)

                serializedResult = VulnerabilitySerializer(vulnResult)

                scanResult = {}
                #This is for setting values from the object returned from the scan, and getting values from Foreign Key fields
                for key, value in serializedResult.data.items():
                    if (key is not 'host' or key is not 'port'
                            or key is not 'protocol'):
                        scanResult[key] = value
                    if key == 'host':
                        scanResult[key] = result.host
                    if key == 'port':
                        scanResult[key] = result.port.port_name
                    if key == 'protocol':
                        scanResult[key] = result.port.proto
                    if key == 'family':
                        vulnFamilyModel = VulnerabilityFamily.objects.get(
                            id=value)
                        scanResult[key] = vulnFamilyModel.family
                    if key == 'solution_type':
                        vulnSolutionModel = MitigationType.objects.get(
                            id=value)
                        scanResult[key] = vulnSolutionModel.mitigationtype
                        scanResult[
                            key +
                            '_technical'] = vulnSolutionModel.mitigationtypeTechnical
                    if key == 'threatRating':
                        vulnThreatModel = ThreatLevel.objects.get(id=value)
                        scanResult[key] = vulnThreatModel.threatLevel
                tags = result.nvt.tags

                urls = VulnerabilityURL.objects.filter(
                    vulnerability=vulnResult)
                serializedUrls = []
                for url in urls:
                    print('url name: ' + url.url.urlName + 'vuln name: ' +
                          vulnResult.name)
                    try:
                        urlInfo = Url.objects.get(id=url.url.id)
                        serializedUrl = UrlInfoSerializer(urlInfo)
                        serializedUrls.append(serializedUrl.data)
                    except Url.DoesNotExist:
                        print('id ' + str(url.id) + ' does not exist')

                if serializedUrls:
                    count = 0
                    scanResult['urlCount'] = len(serializedUrls)
                    for url in serializedUrls:
                        key = 'url' + str(count)
                        scanResult[key] = url
                        count += 1
                scanResults.append(scanResult)

        return scanResults
Beispiel #7
0
 def test_report_parser_valid_vulnerability_returned_object_complex_xml(
         self):
     r = report_parser(self.path)
Beispiel #8
0
    def test_report_parser_valid_vulnerability_returned_object_simple_xml(
            self):
        xml = StringIO.StringIO(
            '''<report extension="xml" id="23327e93-b82d-4c41-9a26-ce99f15bbc63" type="scan" content_type="text/xml" format_id="a994b278-1f62-11e1-96ac-406186ea4fc5">
	<results start="1" max="148">
		<result id="685ab07e-9ac8-488e-b7b2-f3f97bd37505">
			<subnet>10.211.55.35</subnet>
			<host>10.211.55.35</host>
			<port>clm_pts (6200/tcp)</port>
			<nvt oid="1.3.6.1.4.1.25623.1.0.103185">
				<name>vsftpd Compromised Source Packages Backdoor Vulnerability</name>
				<family>Gain a shell remotely</family>
				<cvss_base>7.5</cvss_base>
				<risk_factor>High</risk_factor>
				<cve>NOCVE</cve>
				<bugtraq>188,999,191919,00000</bugtraq>
				<bid>48539, 43918</bid>
				<tags>cvss_base_vector=AV:N/AC:L/Au:N/C:P/I:P/A:P</tags>
				<cert></cert>
				<xref>NOXREF</xref>
			</nvt>
			<threat>High</threat>
			<description>

  Summary:
  The host is running ProFTPD and is prone to denial of service
  vulnerability.

  Vulnerability Insight:
  The flaw is due to an error in &apos;pr_data_xfer()&apos; function which allows
  remote authenticated users to cause a denial of service (CPU consumption)
  via an ABOR command during a data transfer.

  Impact:
  Successful exploitation will allow attackers to cause a denial of service.
  Impact Level: Application

  Affected Software/OS:
  ProFTPD versions prior to 1.3.2rc3

  Solution:
  Upgrade to ProFTPD version 1.3.2rc3 or later,
  For updates refer to http://www.proftpd.org/
			</description>
			<original_threat>High</original_threat>
			<notes></notes>
			<overrides></overrides>
		</result>
	</results>
</report>''')

        r = report_parser(xml)

        self.assertEqual(1, len(r))

        v = r[0]

        # Simple properties
        self.assertEqual("685ab07e-9ac8-488e-b7b2-f3f97bd37505", v.id)
        self.assertEqual("10.211.55.35", v.subnet)
        self.assertEqual("10.211.55.35", v.host)
        self.assertEqual("High", v.threat)

        # NVT
        self.assertEqual("1.3.6.1.4.1.25623.1.0.103185", v.nvt.oid)
        self.assertEqual(
            "vsftpd Compromised Source Packages Backdoor Vulnerability",
            v.nvt.name)
        self.assertEqual("Gain a shell remotely", v.nvt.family)
        self.assertEqual(7.5, v.nvt.cvss_base)
        self.assertEqual("AV:N/AC:L/Au:N/C:P/I:P/A:P", v.nvt.cvss_base_vector)
        self.assertEqual([], v.nvt.xrefs)

        # Port
        self.assertEqual("tcp", v.port.proto)
        self.assertEqual("clm_pts", v.port.port_name)
        self.assertEqual(6200, v.port.number)

        # CVE, BID and XREF
        self.assertIsInstance(v.nvt.cve, list)
        self.assertEqual(0, len(v.nvt.cve))

        self.assertIsInstance(v.nvt.bid, list)
        self.assertEqual(2, len(v.nvt.bid))
        self.assertEqual(["48539", "43918"], v.nvt.bid)

        self.assertIsInstance(v.nvt.bugtraq, list)
        self.assertEqual(4, len(v.nvt.bugtraq))
        self.assertEqual(["188", "999", "191919", "00000"], v.nvt.bugtraq)

        self.assertIsInstance(v.nvt.xrefs, list)
        self.assertEqual(0, len(v.nvt.xrefs))
Beispiel #9
0
    def test_report_parser_invalid_threat(self):
        xml_invalid_thread = StringIO.StringIO(
            '''<report extension="xml" id="23327e93-b82d-4c41-9a26-ce99f15bbc63" type="scan" content_type="text/xml" format_id="a994b278-1f62-11e1-96ac-406186ea4fc5">
	<results start="1" max="148">
		<result id="685ab07e-9ac8-488e-b7b2-f3f97bd37505">
			<subnet>10.211.55.35</subnet>
			<host>10.211.55.35</host>
			<port>clm_pts (6200/tcp)</port>
			<nvt oid="1.3.6.1.4.1.25623.1.0.103185">
				<name>vsftpd Compromised Source Packages Backdoor Vulnerability</name>
				<family>Gain a shell remotely</family>
				<cvss_base>7.5</cvss_base>
				<risk_factor>High</risk_factor>
				<cve>NOCVE</cve>
				<bid>48539</bid>
				<tags>cvss_base_vector=AV:N/AC:L/Au:N/C:P/I:P/A:P</tags>
				<cert></cert>
				<xref>NOXREF</xref>
			</nvt>
			<threat>AA</threat>
			<description>
 Summary:
 vsftpd is prone to a backdoor vulnerability.

Attackers can exploit this issue to execute arbitrary commands in the
context of the application. Successful attacks will compromise the
affected application.

The vsftpd 2.3.4 source package is affected.
 Solution:
 The repaired package can be downloaded from
https://security.appspot.com/vsftpd.html. Please validate the package
with its signature.
			</description>
			<original_threat>High</original_threat>
			<notes></notes>
			<overrides></overrides>
		</result>
	</results>
</report>''')

        xml_empty_thread = StringIO.StringIO(
            '''<report extension="xml" id="23327e93-b82d-4c41-9a26-ce99f15bbc63" type="scan" content_type="text/xml" format_id="a994b278-1f62-11e1-96ac-406186ea4fc5">
	<results start="1" max="148">
		<result id="685ab07e-9ac8-488e-b7b2-f3f97bd37505">
			<subnet>10.211.55.35</subnet>
			<host>10.211.55.35</host>
			<port>clm_pts (6200/tcp)</port>
			<nvt oid="1.3.6.1.4.1.25623.1.0.103185">
				<name>vsftpd Compromised Source Packages Backdoor Vulnerability</name>
				<family>Gain a shell remotely</family>
				<cvss_base>7.5</cvss_base>
				<risk_factor>High</risk_factor>
				<cve>NOCVE</cve>
				<bid>48539</bid>
				<tags>cvss_base_vector=AV:N/AC:L/Au:N/C:P/I:P/A:P</tags>
				<cert></cert>
				<xref>NOXREF</xref>
			</nvt>
			<threat></threat>
			<description>
 Summary:
 vsftpd is prone to a backdoor vulnerability.

Attackers can exploit this issue to execute arbitrary commands in the
context of the application. Successful attacks will compromise the
affected application.

The vsftpd 2.3.4 source package is affected.
 Solution:
 The repaired package can be downloaded from
https://security.appspot.com/vsftpd.html. Please validate the package
with its signature.
			</description>
			<original_threat>High</original_threat>
			<notes></notes>
			<overrides></overrides>
		</result>
	</results>
</report>''')

        self.assertEqual(0, len(report_parser(xml_invalid_thread)))
        self.assertEqual(0, len(report_parser(xml_empty_thread)))
 def test_report_parser_valid_vulnerability_returned_object_complex_xml(self):
     r = report_parser(self.path)
    def test_report_parser_valid_vulnerability_returned_object_simple_xml(self):
        xml = StringIO.StringIO('''<report extension="xml" id="23327e93-b82d-4c41-9a26-ce99f15bbc63" type="scan" content_type="text/xml" format_id="a994b278-1f62-11e1-96ac-406186ea4fc5">
	<results start="1" max="148">
		<result id="685ab07e-9ac8-488e-b7b2-f3f97bd37505">
			<subnet>10.211.55.35</subnet>
			<host>10.211.55.35</host>
			<port>clm_pts (6200/tcp)</port>
			<nvt oid="1.3.6.1.4.1.25623.1.0.103185">
				<name>vsftpd Compromised Source Packages Backdoor Vulnerability</name>
				<family>Gain a shell remotely</family>
				<cvss_base>7.5</cvss_base>
				<risk_factor>High</risk_factor>
				<cve>NOCVE</cve>
				<bugtraq>188,999,191919,00000</bugtraq>
				<bid>48539, 43918</bid>
				<tags>cvss_base_vector=AV:N/AC:L/Au:N/C:P/I:P/A:P</tags>
				<cert></cert>
				<xref>NOXREF</xref>
			</nvt>
			<threat>High</threat>
			<description>

  Summary:
  The host is running ProFTPD and is prone to denial of service
  vulnerability.

  Vulnerability Insight:
  The flaw is due to an error in &apos;pr_data_xfer()&apos; function which allows
  remote authenticated users to cause a denial of service (CPU consumption)
  via an ABOR command during a data transfer.

  Impact:
  Successful exploitation will allow attackers to cause a denial of service.
  Impact Level: Application

  Affected Software/OS:
  ProFTPD versions prior to 1.3.2rc3

  Solution:
  Upgrade to ProFTPD version 1.3.2rc3 or later,
  For updates refer to http://www.proftpd.org/
			</description>
			<original_threat>High</original_threat>
			<notes></notes>
			<overrides></overrides>
		</result>
	</results>
</report>''')

        r = report_parser(xml)

        self.assertEqual(1, len(r))

        v = r[0]

        # Simple properties
        self.assertEqual("685ab07e-9ac8-488e-b7b2-f3f97bd37505", v.id)
        self.assertEqual("10.211.55.35", v.subnet)
        self.assertEqual("10.211.55.35", v.host)
        self.assertEqual("High", v.threat)

        # NVT
        self.assertEqual("1.3.6.1.4.1.25623.1.0.103185", v.nvt.oid)
        self.assertEqual("vsftpd Compromised Source Packages Backdoor Vulnerability", v.nvt.name)
        self.assertEqual("Gain a shell remotely", v.nvt.family)
        self.assertEqual(7.5, v.nvt.cvss_base)
        self.assertEqual("AV:N/AC:L/Au:N/C:P/I:P/A:P", v.nvt.cvss_base_vector)
        self.assertEqual([], v.nvt.xrefs)

        # Port
        self.assertEqual("tcp", v.port.proto)
        self.assertEqual("clm_pts", v.port.port_name)
        self.assertEqual(6200, v.port.number)

        # CVE, BID and XREF
        self.assertIsInstance(v.nvt.cve, list)
        self.assertEqual(0, len(v.nvt.cve))

        self.assertIsInstance(v.nvt.bid, list)
        self.assertEqual(2, len(v.nvt.bid))
        self.assertEqual(["48539", "43918"], v.nvt.bid)

        self.assertIsInstance(v.nvt.bugtraq, list)
        self.assertEqual(4, len(v.nvt.bugtraq))
        self.assertEqual(["188", "999", "191919", "00000"], v.nvt.bugtraq)

        self.assertIsInstance(v.nvt.xrefs, list)
        self.assertEqual(0, len(v.nvt.xrefs))
    def test_report_parser_invalid_threat(self):
        xml_invalid_thread = StringIO.StringIO('''<report extension="xml" id="23327e93-b82d-4c41-9a26-ce99f15bbc63" type="scan" content_type="text/xml" format_id="a994b278-1f62-11e1-96ac-406186ea4fc5">
	<results start="1" max="148">
		<result id="685ab07e-9ac8-488e-b7b2-f3f97bd37505">
			<subnet>10.211.55.35</subnet>
			<host>10.211.55.35</host>
			<port>clm_pts (6200/tcp)</port>
			<nvt oid="1.3.6.1.4.1.25623.1.0.103185">
				<name>vsftpd Compromised Source Packages Backdoor Vulnerability</name>
				<family>Gain a shell remotely</family>
				<cvss_base>7.5</cvss_base>
				<risk_factor>High</risk_factor>
				<cve>NOCVE</cve>
				<bid>48539</bid>
				<tags>cvss_base_vector=AV:N/AC:L/Au:N/C:P/I:P/A:P</tags>
				<cert></cert>
				<xref>NOXREF</xref>
			</nvt>
			<threat>AA</threat>
			<description>
 Summary:
 vsftpd is prone to a backdoor vulnerability.

Attackers can exploit this issue to execute arbitrary commands in the
context of the application. Successful attacks will compromise the
affected application.

The vsftpd 2.3.4 source package is affected.
 Solution:
 The repaired package can be downloaded from
https://security.appspot.com/vsftpd.html. Please validate the package
with its signature.
			</description>
			<original_threat>High</original_threat>
			<notes></notes>
			<overrides></overrides>
		</result>
	</results>
</report>''')

        xml_empty_thread = StringIO.StringIO('''<report extension="xml" id="23327e93-b82d-4c41-9a26-ce99f15bbc63" type="scan" content_type="text/xml" format_id="a994b278-1f62-11e1-96ac-406186ea4fc5">
	<results start="1" max="148">
		<result id="685ab07e-9ac8-488e-b7b2-f3f97bd37505">
			<subnet>10.211.55.35</subnet>
			<host>10.211.55.35</host>
			<port>clm_pts (6200/tcp)</port>
			<nvt oid="1.3.6.1.4.1.25623.1.0.103185">
				<name>vsftpd Compromised Source Packages Backdoor Vulnerability</name>
				<family>Gain a shell remotely</family>
				<cvss_base>7.5</cvss_base>
				<risk_factor>High</risk_factor>
				<cve>NOCVE</cve>
				<bid>48539</bid>
				<tags>cvss_base_vector=AV:N/AC:L/Au:N/C:P/I:P/A:P</tags>
				<cert></cert>
				<xref>NOXREF</xref>
			</nvt>
			<threat></threat>
			<description>
 Summary:
 vsftpd is prone to a backdoor vulnerability.

Attackers can exploit this issue to execute arbitrary commands in the
context of the application. Successful attacks will compromise the
affected application.

The vsftpd 2.3.4 source package is affected.
 Solution:
 The repaired package can be downloaded from
https://security.appspot.com/vsftpd.html. Please validate the package
with its signature.
			</description>
			<original_threat>High</original_threat>
			<notes></notes>
			<overrides></overrides>
		</result>
	</results>
</report>''')

        self.assertEqual(0, len(report_parser(xml_invalid_thread)))
        self.assertEqual(0, len(report_parser(xml_empty_thread)))
 def parse(self):
     results = report_parser('temp/server/'+self.result_name)
     print(results)