Extract Msf::DBManager::Import::Qualys::Scan

MSP-11124
2024-10-29 18:07:27 +01:00 · 2014-10-14 15:19:55 -05:00 · 2014-10-14 15:19:55 -05:00 · 11bcac8a4e
commit 11bcac8a4e
parent dd5ae26174
3 changed files with 100 additions and 97 deletions
--- a/lib/msf/core/db_manager/import.rb
+++ b/lib/msf/core/db_manager/import.rb
@ -2353,103 +2353,6 @@ module Msf::DBManager::Import
    end
  end

-  def import_qualys_scan_xml(args={}, &block)
-    data = args[:data]
-    wspace = args[:wspace] || workspace
-    bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
-
-
-    doc = rexmlify(data)
-    doc.elements.each('/SCAN/IP') do |host|
-      hobj = nil
-      addr  = host.attributes['value']
-      if bl.include? addr
-        next
-      else
-        yield(:address,addr) if block
-      end
-      hname = host.attributes['name'] || ''
-
-      hobj = report_host(:workspace => wspace, :host => addr, :name => hname, :state => Msf::HostState::Alive, :task => args[:task])
-      report_import_note(wspace,hobj)
-
-      if host.elements["OS"]
-        hos = host.elements["OS"].text
-        report_note(
-          :workspace => wspace,
-          :task => args[:task],
-          :host => hobj,
-          :type => 'host.os.qualys_fingerprint',
-          :data => {
-            :os => hos
-          }
-        )
-      end
-
-      # Open TCP Services List (Qualys ID 82023)
-      services_tcp = host.elements["SERVICES/CAT/SERVICE[@number='82023']/RESULT"]
-      if services_tcp
-        services_tcp.text.scan(/([0-9]+)\t(.*?)\t.*?\t([^\t\n]*)/) do |match|
-          if match[2] == nil or match[2].strip == 'unknown'
-            name = match[1].strip
-          else
-            name = match[2].strip
-          end
-          handle_qualys(wspace, hobj, match[0].to_s, 'tcp', 0, nil, nil, name, nil, args[:task])
-        end
-      end
-      # Open UDP Services List (Qualys ID 82004)
-      services_udp = host.elements["SERVICES/CAT/SERVICE[@number='82004']/RESULT"]
-      if services_udp
-        services_udp.text.scan(/([0-9]+)\t(.*?)\t.*?\t([^\t\n]*)/) do |match|
-          if match[2] == nil or match[2].strip == 'unknown'
-            name = match[1].strip
-          else
-            name = match[2].strip
-          end
-          handle_qualys(wspace, hobj, match[0].to_s, 'udp', 0, nil, nil, name, nil, args[:task])
-        end
-      end
-
-      # VULNS are confirmed, PRACTICES are unconfirmed vulnerabilities
-      host.elements.each('VULNS/CAT | PRACTICES/CAT') do |cat|
-        port = cat.attributes['port']
-        protocol = cat.attributes['protocol']
-        cat.elements.each('VULN | PRACTICE') do |vuln|
-          refs = []
-          qid = vuln.attributes['number']
-          severity = vuln.attributes['severity']
-          title = vuln.elements['TITLE'].text.to_s
-          vuln.elements.each('VENDOR_REFERENCE_LIST/VENDOR_REFERENCE') do |ref|
-            refs.push(ref.elements['ID'].text.to_s)
-          end
-          vuln.elements.each('CVE_ID_LIST/CVE_ID') do |ref|
-            refs.push('CVE-' + /C..-([0-9\-]{9})/.match(ref.elements['ID'].text.to_s)[1])
-          end
-          vuln.elements.each('BUGTRAQ_ID_LIST/BUGTRAQ_ID') do |ref|
-            refs.push('BID-' + ref.elements['ID'].text.to_s)
-          end
-
-          handle_qualys(wspace, hobj, port, protocol, qid, severity, refs, nil,title, args[:task])
-        end
-      end
-    end
-  end
-
-  #
-  # Import Qualys' Scan xml output
-  #
-  def import_qualys_scan_xml_file(args={})
-    filename = args[:filename]
-    wspace = args[:wspace] || workspace
-
-    data = ""
-    ::File.open(filename, 'rb') do |f|
-      data = f.read(f.stat.size)
-    end
-    import_qualys_scan_xml(args.merge(:data => data))
-  end
-
  # @param report [REXML::Element] to be imported
  # @param args [Hash]
  # @param base_dir [String]
--- a/lib/msf/core/db_manager/import/qualys.rb
+++ b/lib/msf/core/db_manager/import/qualys.rb
@ -1,5 +1,7 @@
 module Msf::DBManager::Import::Qualys
  autoload :Asset, 'msf/core/db_manager/import/qualys/asset'
+  autoload :Scan, 'msf/core/db_manager/import/qualys/scan'

  include Msf::DBManager::Import::Qualys::Asset
+  include Msf::DBManager::Import::Qualys::Scan
 end
--- a/lib/msf/core/db_manager/import/qualys/scan.rb
+++ b/lib/msf/core/db_manager/import/qualys/scan.rb
@ -0,0 +1,98 @@
+module Msf::DBManager::Import::Qualys::Scan
+  def import_qualys_scan_xml(args={}, &block)
+    data = args[:data]
+    wspace = args[:wspace] || workspace
+    bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
+
+
+    doc = rexmlify(data)
+    doc.elements.each('/SCAN/IP') do |host|
+      hobj = nil
+      addr  = host.attributes['value']
+      if bl.include? addr
+        next
+      else
+        yield(:address,addr) if block
+      end
+      hname = host.attributes['name'] || ''
+
+      hobj = report_host(:workspace => wspace, :host => addr, :name => hname, :state => Msf::HostState::Alive, :task => args[:task])
+      report_import_note(wspace,hobj)
+
+      if host.elements["OS"]
+        hos = host.elements["OS"].text
+        report_note(
+          :workspace => wspace,
+          :task => args[:task],
+          :host => hobj,
+          :type => 'host.os.qualys_fingerprint',
+          :data => {
+            :os => hos
+          }
+        )
+      end
+
+      # Open TCP Services List (Qualys ID 82023)
+      services_tcp = host.elements["SERVICES/CAT/SERVICE[@number='82023']/RESULT"]
+      if services_tcp
+        services_tcp.text.scan(/([0-9]+)\t(.*?)\t.*?\t([^\t\n]*)/) do |match|
+          if match[2] == nil or match[2].strip == 'unknown'
+            name = match[1].strip
+          else
+            name = match[2].strip
+          end
+          handle_qualys(wspace, hobj, match[0].to_s, 'tcp', 0, nil, nil, name, nil, args[:task])
+        end
+      end
+      # Open UDP Services List (Qualys ID 82004)
+      services_udp = host.elements["SERVICES/CAT/SERVICE[@number='82004']/RESULT"]
+      if services_udp
+        services_udp.text.scan(/([0-9]+)\t(.*?)\t.*?\t([^\t\n]*)/) do |match|
+          if match[2] == nil or match[2].strip == 'unknown'
+            name = match[1].strip
+          else
+            name = match[2].strip
+          end
+          handle_qualys(wspace, hobj, match[0].to_s, 'udp', 0, nil, nil, name, nil, args[:task])
+        end
+      end
+
+      # VULNS are confirmed, PRACTICES are unconfirmed vulnerabilities
+      host.elements.each('VULNS/CAT | PRACTICES/CAT') do |cat|
+        port = cat.attributes['port']
+        protocol = cat.attributes['protocol']
+        cat.elements.each('VULN | PRACTICE') do |vuln|
+          refs = []
+          qid = vuln.attributes['number']
+          severity = vuln.attributes['severity']
+          title = vuln.elements['TITLE'].text.to_s
+          vuln.elements.each('VENDOR_REFERENCE_LIST/VENDOR_REFERENCE') do |ref|
+            refs.push(ref.elements['ID'].text.to_s)
+          end
+          vuln.elements.each('CVE_ID_LIST/CVE_ID') do |ref|
+            refs.push('CVE-' + /C..-([0-9\-]{9})/.match(ref.elements['ID'].text.to_s)[1])
+          end
+          vuln.elements.each('BUGTRAQ_ID_LIST/BUGTRAQ_ID') do |ref|
+            refs.push('BID-' + ref.elements['ID'].text.to_s)
+          end
+
+          handle_qualys(wspace, hobj, port, protocol, qid, severity, refs, nil,title, args[:task])
+        end
+      end
+    end
+  end
+
+  #
+  # Import Qualys' Scan xml output
+  #
+  def import_qualys_scan_xml_file(args={})
+    filename = args[:filename]
+    wspace = args[:wspace] || workspace
+
+    data = ""
+    ::File.open(filename, 'rb') do |f|
+      data = f.read(f.stat.size)
+    end
+    import_qualys_scan_xml(args.merge(:data => data))
+  end
+end