def parse(self, report) -> [Dict, Dict]: for host in iter_elements_by_name(report, "ReportHost"): self.__scanned_hosts.append(host.get('name')) for item in host.iter('ReportItem'): if item.get('severity') != NessusReportParser.INFO: vuln = dict() vuln['asset'] = AssetFactory.create(host, self.__config) vuln['plugin_id'] = item.get('pluginID') vuln['port'] = item.get('port') if vuln['port'] != '0': vuln['svc_name'] = item.get('svc_name') vuln['protocol'] = item.get('protocol') else: vuln['port'] = None vuln['svc_name'] = None vuln['protocol'] = None vuln['description'] = get_value(item.find('description')) vuln['solution'] = get_value(item.find('solution')) vuln['exploit_available'] = True if get_value(item.find('exploit_available')) == 'true' else False vuln['id'] = self._vuln_id(vuln['asset'].ip_address, vuln['protocol'], vuln['plugin_id']) cves = item.findall('cve') if cves: for cve in cves: vuln['cve_id'] = get_value(cve) vuln['cve'] = CveDocument.get_or_create(cve_id=vuln['cve_id']) self._create(vuln) else: vuln['cve'] = self._create_nessus_cve(item) self._create(vuln) return self.__parsed, self.__scanned_hosts
def get_cve(cve_id, oid, tags): if cve_id == 'NOCVE': cve_id = F'NOCVE-{oid}' cve = CveDocument.get_or_create(cve_id=cve_id) vector = tags['cvss_base_vector'] vector = dict(x.split(':') for x in vector.split('/')) new_cve = CveDocument(id=cve_id) new_cve.access_vector_v2 = metrics.AccessVectorV2(vector['AV']) new_cve.access_complexity_v2 = metrics.AccessComplexityV2(vector['AC']) new_cve.authentication_v2 = metrics.AuthenticationV2(vector['Au']) new_cve.confidentiality_impact_v2 = metrics.ImpactV2(vector['C']) new_cve.integrity_impact_v2 = metrics.ImpactV2(vector['I']) new_cve.availability_impact_v2 = metrics.ImpactV2(vector['A']) new_cve.base_score_v2 = calculate_base_score_v2(new_cve) if cve.has_changed(new_cve): return cve.update(new_cve, refresh=True) return cve return CveDocument.get_or_create(cve_id=cve_id)
def parse(self, report, file_url) -> [Dict, Dict]: for host in iter_elements_by_name(report, "ReportHost"): scan_date = host.find( 'HostProperties/tag[@name="HOST_START_TIMESTAMP"]').text scan_date = datetime.fromtimestamp(int(scan_date)) asset = AssetFactory.create(host, self.__config) asset.last_scan_date = scan_date self.__scanned_hosts.append(asset) for item in host.iter('ReportItem'): if item.get('severity') != NessusReportParser.INFO: vuln = dict() vuln['scan_date'] = scan_date vuln['scan_file_url'] = file_url vuln['asset'] = asset vuln['plugin_id'] = item.get('pluginID') vuln['name'] = item.get('pluginName') vuln['port'] = item.get('port') if vuln['port'] != '0': vuln['svc_name'] = item.get('svc_name') vuln['protocol'] = item.get('protocol') else: vuln['port'] = None vuln['svc_name'] = None vuln['protocol'] = None vuln['description'] = get_value(item.find('description')) vuln['solution'] = get_value(item.find('solution')) vuln['exploit_available'] = True if get_value( item.find('exploit_available')) == 'true' else False vuln[ 'tenant'] = self.__config.tenant.name if self.__config.tenant else None cves = item.findall('cve') if cves: for cve in cves: vuln['cve_id'] = get_value(cve) vuln['cve'] = CveDocument.get_or_create( cve_id=vuln['cve_id']) vuln['id'] = self._vuln_id(vuln, vuln['cve_id']) self._create(vuln) else: vuln['cve'] = self._create_nessus_cve(item) vuln['id'] = self._vuln_id(vuln, vuln['cve'].id) self._create(vuln) return self.__parsed, self.__scanned_hosts