def test_parse_reportitem(self):
"""test_parse_reportitem : check vuln parsing"""
fd = open("%s/files/reportitems.xml" % self.fdir, 'r')
s = fd.read()
fd.close()
root = ET.fromstring(s)
report_item = NessusParser.parse_reportitem(root)
self.assertEqual(isinstance(report_item, NessusReportItem), True)
def test_parse_host(self):
"""test_parse_host : check host parsing"""
fd = open("%s/files/hostnessus.xml" % self.fdir, 'r')
s = fd.read()
fd.close()
root = ET.fromstring(s)
host = NessusParser.parse_host(root=root)
self.assertEqual(
isinstance(host, NessusReportHost), True)
def import_report(fileobj):
if NessusParser is None:
raise ImportError("Could not find libnessus")
locale.setlocale(locale.LC_TIME, 'C')
report = NessusParser.parse_fromstring(fileobj.read())
session = Session()
if session.query(NessusReport.id).filter(NessusReport.name==report.name).first():
log.error("Report %s already exist", report.name)
return
dbreport = NessusReport()
dbreport.name = report.name
session.add(dbreport)
for host in report.hosts:
import_host(session, dbreport, host)
session.commit()
def import_nessus(self, path_to_directory):
for file in os.listdir(path_to_directory):
if file.endswith(".nessus"):
print "\n[*] importing nessus file: %s\n" % file
file = "%s%s" % (path_to_directory, file)
report = NessusParser.parse_fromfile(file)
for host in report.hosts:
ip = host.ip
os_fingerprint = host.get_host_property('operating-system')
for vuln in host.get_report_items:
service = vuln.service
proto = vuln.protocol
vuln_info = vuln.get_vuln_info
port = vuln_info['port']
#############################
#Vulnerability Infos
#############################
#vuln db references
vuln_cvss_score = ''
vuln_cve = ''
vuln_osvdb = ''
if 'cvss_base_score' in vuln_info:
vuln_cvss_score = vuln_info['cvss_base_score']
if 'cve' in vuln_info:
vuln_cve = ', '.join(vuln_info['cve'])
if 'osdvdb' in vuln_info:
vuln_osvdb = ', '.join(vuln_info['osvdb'])
##################
#vuln descriptions
##################
vuln_description = ''
vuln_plugin_output = ''
vuln_solution = ''
vuln_risk = ''
vuln_metasploit_availability = ''
vuln_patch_pub_date = ''
vuln_exploit_available = ''
vuln_metaasploit_name = ''
vuln_risk_factor = ''
vuln_exploitability = ''
vuln_metasploit_name = ''
vuln_references = ''
vuln_plugin_name = ''
vuln_metasploit_name = ''
if 'description' in vuln_info:
vuln_description = vuln_info['description']
if 'plugin_name' in vuln_info:
vuln_plugin_name = vuln_info['plugin_name']
if 'plugin_output' in vuln_info:
vuln_plugin_output = vuln_info['plugin_output']
if 'solution' in vuln_info:
vuln_solution = vuln_info['solution']
if 'synopsis' in vuln_info:
vuln_risk = vuln_info['synopsis']
if 'exploit_framework_metasploit' in vuln_info:
vuln_metasploit_availability = str(
vuln_info['exploit_framework_metasploit']
) #True or False
if 'patch_publication_date' in vuln_info:
vuln_patch_pub_date = vuln_info[
'patch_publication_date']
if 'exploit_available' in vuln_info:
vuln_exploit_available = vuln_info[
'exploit_available'] #true or false
if 'metasploit_name' in vuln_info:
vuln_metasploit_name = vuln_info['metasploit_name']
if 'risk_factor' in vuln_info:
vuln_risk_factor = vuln_info['risk_factor']
if 'see_also' in vuln_info:
vuln_references = vuln_info['see_also']
if 'exploitability_ease' in vuln_info:
vuln_exploitability = vuln_info[
'exploitability_ease']
self.insert_nessus_data(
ip, proto, port, service, vuln_risk_factor,
vuln_plugin_name, vuln_description, vuln_risk,
vuln_solution, vuln_patch_pub_date,
vuln_plugin_output, vuln_cvss_score, vuln_cve,
vuln_osvdb, vuln_exploitability,
vuln_exploit_available,
vuln_metasploit_availability, vuln_metasploit_name,
vuln_references)
from libnessus.plugins.backendpluginFactory import BackendPluginFactory
import glob
from datetime import datetime
url = {'plugin_name': "es"}
backend = BackendPluginFactory.create(**url)
listfiles = "../libnessus/test/files/nessus*"
files = glob.glob(listfiles)
idate = datetime.now().strftime('%Y.%m.%d')
iindex = "nessus-{date}".format(date=idate)
print iindex
for file in files:
try:
nessus_obj_list = NessusParser.parse_fromfile(file)
except:
continue
for i in nessus_obj_list.hosts:
docu = {}
docu['scantime'] = nessus_obj_list.endtime
docu['host_ip'] = i.ip
docu['host_name'] = i.name
docu['host-fqdn'] = i.get_host_property('host-fqdn')
docu['operating-system'] = i.get_host_property('operating-system')
docu['system-type'] = i.get_host_property('system-type')
for v in i.get_report_items:
docu['vulninfo'] = v.get_vuln_info
backend.es.index(index=iindex, doc_type="vulnerability", body=docu)
def parse_nessus():
'''
Parse .nessus file
'''
report = NessusParser.parse_fromfile(args.nessus)
return report
listfiles = args.filename
print(listfiles)
files = glob.glob(listfiles)
idate = datetime.now().strftime('%Y.%m.%d')
iindex = "nessus-{date}".format(date=idate)
backend.es.indices.create(index=iindex,
body=index_settings,
ignore=400
)
print(iindex)
for file in files:
try:
nessus_obj_list = NessusParser.parse_fromfile(file)
except:
print("file cannot be imported : %s" % file)
continue
for i in nessus_obj_list.hosts:
docu = {}
docu['scantime'] = nessus_obj_list.endtime
docu['host_ip'] = i.ip
docu['host_name'] = i.name
docu['host-fqdn'] = i.get_host_property('host-fqdn')
docu['operating-system'] = i.get_host_property('operating-system')
docu['system-type'] = i.get_host_property('system-type')
for v in i.get_report_items:
docu['vulninfo'] = v.get_vuln_info
backend.es.index(index=iindex, doc_type="vulnerability", body=docu)
print("file imported successfully : %s" % file)
def setUp(self):
"""setup a table of report based on the files in flist """
self.fdir = os.path.dirname(os.path.realpath(__file__))
self.flist = [
{
'file':
"%s/%s" % (self.fdir, 'files/nessus_report_local2.nessus'),
'hosts': 1,
'rep_start': "Fri Oct 4 15:06:24 2013",
'rep_end': "Fri Oct 4 15:07:30 2013",
'hosts_ip': [
"127.0.0.1",
],
'hosts_start': [
"Fri Oct 4 15:06:24 2013",
],
'hosts_end': [
"Fri Oct 4 15:07:30 2013",
],
'patch-summary-total-cves': ["0"],
'totalVulnPerHost': [62],
'hosts_names': [
"localhost",
]
},
{
'file':
"%s/%s" % (self.fdir, 'files/nessus_report_localpci.nessus'),
'hosts':
1,
'rep_start':
"Tue Jan 7 08:19:20 2014",
'rep_end':
"Tue Jan 7 08:19:25 2014",
'hosts_ip': [
"127.0.0.1",
],
'hosts_start': [
"Tue Jan 7 08:19:20 2014",
],
'hosts_end': [
"Tue Jan 7 08:19:25 2014",
],
'patch-summary-total-cves': ["156"],
'totalVulnPerHost': [167],
'hosts_names': [
"127.0.0.1",
]
},
{
'file':
"%s/%s" % (self.fdir, 'files/nessus_report_test_local.nessus'),
'hosts':
2,
'rep_start':
"Tue Oct 1 18:19:31 2013",
'rep_end':
"Wed Oct 2 09:03:58 2013",
'hosts_ip': ["192.168.1.3", "192.168.1.1"],
'hosts_start':
["Tue Oct 1 18:19:31 2013", "Tue Oct 1 18:19:31 2013"],
'hosts_end':
["Tue Oct 1 18:20:43 2013", "Wed Oct 2 09:03:58 2013"],
'patch-summary-total-cves': ["31", "14"],
'totalVulnPerHost': [74, 73],
'hosts_names': ["192.168.1.3", "192.168.1.1"]
},
{
'file':
"%s/%s" % (self.fdir, 'files/nessus_report_local_3.nessus'),
'hosts':
3,
'rep_start':
"Thu Mar 20 00:30:57 2014",
'rep_end':
"Thu Mar 20 01:22:17 2014",
'hosts_start': [
"Thu Mar 20 00:30:57 2014", "Thu Mar 20 00:30:57 2014",
"Thu Mar 20 00:30:57 2014"
],
'hosts_end': [
"Thu Mar 20 01:07:03 2014", "Thu Mar 20 00:57:04 2014",
"Thu Mar 20 01:22:17 2014"
],
'patch-summary-total-cves': ["0", "9", "43"],
'totalVulnPerHost': [2, 31, 73],
'hosts_ip':
["192.168.2.104", "192.168.2.101", "192.168.2.100"],
'hosts_names':
["192.168.2.104", "192.168.2.101", "192.168.2.100"]
},
]
#parse them once and for all
for testfile in self.flist:
fd = open(testfile['file'], 'r')
s = fd.read()
fd.close()
nrp = NessusParser.parse(s)
testfile['report'] = nrp
#cannot parse these file as it will provoque an excepetion
self.badlist = [
{
'file': "%s/%s" % (self.fdir, 'files/xxxxxxxx.nessus'),
'hosts': 0
},
]
#special report for Vuln Testing one host many vuln
self.expected_vuln = [{
'port': "0",
'svc_name': "general",
'protocol': "tcp",
'severity': "0",
'plugin_id': "19506",
'plugin_name': "Nessus Scan Information",
'plugin_family': "Settings",
'plugin_modification_date': "2013/11/21",
'plugin_publication_date': '2005/08/26',
'risk_factor': "None",
'solution': 'n/a',
'synopsis': 'Information about the Nessus scan.',
}, {
'port': '0',
'protocol': 'tcp',
'severity': '0',
'solution': 'Install the patches listed below',
'svc_name': 'general',
'synopsis': 'The remote host is missing several patches',
'risk_factor': 'None',
'plugin_family': 'General',
'plugin_id': '66334',
'plugin_modification_date': '2013/12/18',
'plugin_name': 'Patch Report',
'plugin_publication_date': '2013/05/07',
'plugin_type': 'local',
}, {
'port': '0',
'protocol': 'tcp',
'risk_factor': 'None',
'severity': '0',
'solution': 'n/a',
'svc_name': 'general',
'synopsis':
'Notes the proper handling of false positives in PCI DSS scans.',
'plugin_family': 'Policy Compliance',
'plugin_id': '60020',
'plugin_modification_date': '2012/07/05',
'plugin_name': 'PCI DSS Compliance : Handling False Positives',
'plugin_publication_date': '2012/07/18',
'plugin_type': 'summary',
}, {
'severity': '4',
'solution': 'Upgrade to the latest version of rpc.statd.',
'svc_name': 'rpc-status',
'synopsis':
'The remote service is vulnerable to a buffer overflow.',
'port': '33489',
'protocol': 'udp',
'risk_factor': 'Critical',
'plugin_id': '10544',
'plugin_modification_date': '2012/06/22',
'plugin_name':
'Linux Multiple statd Packages Remote Format String',
'plugin_family': 'RPC',
'plugin_publication_date': '2000/11/10',
'plugin_type': 'remote',
}, {
'severity': '3',
'solution': 'Update the affected nspr packages.',
'svc_name': 'general',
'synopsis':
'The remote CentOS host is missing one or more security updates.',
'port': '0',
'protocol': 'tcp',
'risk_factor': 'High',
'plugin_family': 'CentOS Local Security Checks',
'plugin_id': '64381',
'plugin_modification_date': '2013/06/29',
'plugin_name': 'CentOS 6 : nspr (CESA-2013:0213)',
'plugin_publication_date': '2013/02/01',
'plugin_type': 'local',
}]
fd = open("%s/%s" %
(self.fdir, 'files/nessus_forgedReport_ReportItem.nessus'))
s = fd.read()
fd.close()
nrp = NessusParser.parse(s)
# save the forged report
self.forgedreport = nrp
# save the forged host for fast retrieve in test
self.forgedHost = nrp.hosts[0]
# save the forged reportItem for fast retrieve in test
self.VulnList = nrp.hosts[0].get_report_items
def setUp(self):
'''setup a table of report based on the files in flist '''
self.fdir = os.path.dirname(os.path.realpath(__file__))
self.flist = [
{'file': "%s/%s" % (self.fdir, 'files/nessus_report_local2.nessus'),
'hosts': 1,
'rep_start': "Fri Oct 4 15:06:24 2013",
'rep_end': "Fri Oct 4 15:07:30 2013",
'hosts_ip': ["127.0.0.1", ],
'hosts_start': ["Fri Oct 4 15:06:24 2013", ],
'hosts_end': ["Fri Oct 4 15:07:30 2013", ],
'patch-summary-total-cves': ["0"],
'totalVulnPerHost': [62],
'hosts_names': ["localhost", ]},
{'file': "%s/%s" % (self.fdir, 'files/nessus_report_localpci.nessus'),
'hosts': 1,
'rep_start': "Tue Jan 7 08:19:20 2014",
'rep_end': "Tue Jan 7 08:19:25 2014",
'hosts_ip': ["127.0.0.1", ],
'hosts_start': ["Tue Jan 7 08:19:20 2014", ],
'hosts_end': ["Tue Jan 7 08:19:25 2014", ],
'patch-summary-total-cves': ["156"],
'totalVulnPerHost': [167],
'hosts_names': ["127.0.0.1", ]},
{'file': "%s/%s" % (self.fdir, 'files/nessus_report_test_local.nessus'),
'hosts': 2,
'rep_start': "Tue Oct 1 18:19:31 2013",
'rep_end': "Wed Oct 2 09:03:58 2013",
'hosts_ip': ["192.168.1.3", "192.168.1.1"],
'hosts_start': ["Tue Oct 1 18:19:31 2013",
"Tue Oct 1 18:19:31 2013"],
'hosts_end': ["Tue Oct 1 18:20:43 2013",
"Wed Oct 2 09:03:58 2013"],
'patch-summary-total-cves': ["31","14"],
'totalVulnPerHost': [74, 73],
'hosts_names': ["192.168.1.3", "192.168.1.1"]},
{'file': "%s/%s" % (self.fdir, 'files/nessus_report_local_3.nessus'),
'hosts': 3,
'rep_start': "Thu Mar 20 00:30:57 2014",
'rep_end': "Thu Mar 20 01:22:17 2014",
'hosts_start': ["Thu Mar 20 00:30:57 2014",
"Thu Mar 20 00:30:57 2014",
"Thu Mar 20 00:30:57 2014"],
'hosts_end': ["Thu Mar 20 01:07:03 2014",
"Thu Mar 20 00:57:04 2014",
"Thu Mar 20 01:22:17 2014"],
'patch-summary-total-cves': ["0","9","43"],
'totalVulnPerHost': [2,31,73],
'hosts_ip': ["192.168.2.104", "192.168.2.101", "192.168.2.100"],
'hosts_names': ["192.168.2.104", "192.168.2.101", "192.168.2.100"]},
]
#parse them once and for all
for testfile in self.flist:
fd = open(testfile['file'], 'r')
s = fd.read()
fd.close()
nrp = NessusParser.parse(s)
testfile['report'] = nrp
#cannot parse these file as it will provoque an excepetion
self.badlist = [
{'file': "%s/%s" % (self.fdir, 'files/xxxxxxxx.nessus'),
'hosts': 0},
]
#special report for Vuln Testing one host many vuln
self.expected_vuln = [
{
'port': "0",
'svc_name': "general",
'protocol': "tcp",
'severity': "0",
'plugin_id': "19506",
'plugin_name': "Nessus Scan Information",
'plugin_family': "Settings",
'plugin_modification_date': "2013/11/21",
'plugin_publication_date': '2005/08/26',
'risk_factor': "None",
'solution': 'n/a',
'synopsis': 'Information about the Nessus scan.',
},
{
'port': '0',
'protocol': 'tcp',
'severity': '0',
'solution': 'Install the patches listed below',
'svc_name': 'general',
'synopsis': 'The remote host is missing several patches',
'risk_factor': 'None',
'plugin_family': 'General',
'plugin_id': '66334',
'plugin_modification_date': '2013/12/18',
'plugin_name': 'Patch Report',
'plugin_publication_date': '2013/05/07',
'plugin_type': 'local',
},
{
'port': '0',
'protocol': 'tcp',
'risk_factor': 'None',
'severity': '0',
'solution': 'n/a',
'svc_name': 'general',
'synopsis': 'Notes the proper handling of false positives in PCI DSS scans.',
'plugin_family': 'Policy Compliance',
'plugin_id': '60020',
'plugin_modification_date': '2012/07/05',
'plugin_name': 'PCI DSS Compliance : Handling False Positives',
'plugin_publication_date': '2012/07/18',
'plugin_type': 'summary',
},
{
'severity': '4',
'solution': 'Upgrade to the latest version of rpc.statd.',
'svc_name': 'rpc-status',
'synopsis': 'The remote service is vulnerable to a buffer overflow.',
'port': '33489',
'protocol': 'udp',
'risk_factor': 'Critical',
'plugin_id': '10544',
'plugin_modification_date': '2012/06/22',
'plugin_name': 'Linux Multiple statd Packages Remote Format String',
'plugin_family': 'RPC',
'plugin_publication_date': '2000/11/10',
'plugin_type': 'remote',
},
{
'severity': '3',
'solution': 'Update the affected nspr packages.',
'svc_name': 'general',
'synopsis': 'The remote CentOS host is missing one or more security updates.',
'port': '0',
'protocol': 'tcp',
'risk_factor': 'High',
'plugin_family': 'CentOS Local Security Checks',
'plugin_id': '64381',
'plugin_modification_date': '2013/06/29',
'plugin_name': 'CentOS 6 : nspr (CESA-2013:0213)',
'plugin_publication_date': '2013/02/01',
'plugin_type': 'local',
}
]
fd = open("%s/%s" % (self.fdir, 'files/nessus_forgedReport_ReportItem.nessus'))
s = fd.read()
fd.close()
nrp = NessusParser.parse(s)
# save the forged report
self.forgedreport = nrp
# save the forged host for fast retrieve in test
self.forgedHost = nrp.hosts[0]
# save the forged reportItem for fast retrieve in test
self.VulnList = nrp.hosts[0].get_report_items
