dradis-nessus 3.18.0

data/README.md

@@ -0,0 +1,31 @@
+# Nessus add-on for Dradis
+
+[![Build Status](https://secure.travis-ci.org/dradis/dradis-nessus.png?branch=master)](http://travis-ci.org/dradis/dradis-nessus) [![Code Climate](https://codeclimate.com/github/dradis/dradis-nessus.png)](https://codeclimate.com/github/dradis/dradis-nessus.png)
+
+The Nessus upload add-on will enable user to upload Nessus output files in the nessus client format (.nessus) to create a structure of nodes/notes that contain the same information about the hosts/ports/services as the original file.
+
+The parser only supports version 2 of nessus xml format. Other formats (nbe, nsr) are not supported at the moment.
+
+Also, the xml parser only extracts the results of a scan. It is not able to parse the scan policy itself which is also part of the xml file.
+
+The add-on requires Dradis 3.0 or higher.
+
+
+## More information
+
+See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework/blob/master/README.md)
+
+
+## Contributing
+
+See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
+
+
+## License
+
+Dradis Framework and all its components are released under [GNU General Public License version 2.0](http://www.gnu.org/licenses/old-licenses/gpl-2.0.html) as published by the Free Software Foundation and appearing in the file LICENSE included in the packaging of this file.
+
+
+## Feature requests and bugs
+
+Please use the [Dradis Framework issue tracker](https://github.com/dradis/dradis-ce/issues) for add-on improvements and bug reports.

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/dradis-nessus.gemspec

@@ -0,0 +1,35 @@
+$:.push File.expand_path('../lib', __FILE__)
+require 'dradis/plugins/nessus/version'
+version = Dradis::Plugins::Nessus::VERSION::STRING
+
+
+# Describe your gem and declare its dependencies:
+Gem::Specification.new do |spec|
+  spec.platform      = Gem::Platform::RUBY
+  spec.name = 'dradis-nessus'
+  spec.version = version
+  spec.summary = 'Nessus upload add-on for the Dradis Framework.'
+  spec.description = 'This add-on allows you to upload and parse output produced from Tenable\'s Nessus Scanner into Dradis.'
+
+  spec.license = 'GPL-2'
+
+  spec.authors = ['Daniel Martin']
+  spec.email = ['etd@nomejortu.com']
+  spec.homepage = 'http://dradisframework.org'
+
+  spec.files = `git ls-files`.split($\)
+  spec.executables = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
+
+  # By not including Rails as a dependency, we can use the gem with different
+  # versions of Rails (a sure recipe for disaster, I'm sure), which is needed
+  # until we bump Dradis Pro to 4.1.
+  # s.add_dependency 'rails', '~> 4.1.1'
+  spec.add_dependency 'dradis-plugins', '~> 3.6'
+  spec.add_dependency 'nokogiri'
+
+  spec.add_development_dependency 'bundler', '~> 1.6'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec-rails'
+  spec.add_development_dependency 'combustion', '~> 0.5.2'
+end

data/lib/dradis-nessus.rb

@@ -0,0 +1,9 @@
+require 'dradis-plugins'
+
+# Require engine
+require 'dradis/plugins/nessus'
+
+
+# Require supporting Nessus library
+require 'nessus/host'
+require 'nessus/report_item'

data/lib/dradis/plugins/nessus.rb

@@ -0,0 +1,11 @@
+module Dradis
+  module Plugins
+    module Nessus
+    end
+  end
+end
+
+require 'dradis/plugins/nessus/engine'
+require 'dradis/plugins/nessus/field_processor'
+require 'dradis/plugins/nessus/importer'
+require 'dradis/plugins/nessus/version'

data/lib/dradis/plugins/nessus/engine.rb

@@ -0,0 +1,13 @@
+module Dradis
+  module Plugins
+    module Nessus
+      class Engine < ::Rails::Engine
+        isolate_namespace Dradis::Plugins::Nessus
+
+        include ::Dradis::Plugins::Base
+        description 'Processes Nessus XML v2 format (.nessus)'
+        provides :upload
+      end
+    end
+  end
+end

data/lib/dradis/plugins/nessus/field_processor.rb

@@ -0,0 +1,55 @@
+module Dradis
+  module Plugins
+    module Nessus
+
+      class FieldProcessor < Dradis::Plugins::Upload::FieldProcessor
+
+        def post_initialize(args={})
+          @nessus_object = (data.name == 'ReportHost') ? ::Nessus::Host.new(data) : ::Nessus::ReportItem.new(data)
+        end
+
+        def value(args={})
+          field = args[:field]
+
+          # fields in the template are of the form <foo>.<field>, where <foo>
+          # is common across all fields for a given template (and meaningless).
+          _, name = field.split('.')
+
+          if name.end_with?('entries')
+            # report_item.bid_entries
+            # report_item.cve_entries
+            # report_item.xref_entries
+            entries = @nessus_object.try(name)
+            if entries.any?
+              entries.to_a.join("\n")
+            else
+              'n/a'
+            end
+          else
+            output = @nessus_object.try(name) || 'n/a'
+
+            if field == 'report_item.description' && output =~ /^\s+-/
+              format_bullet_point_lists(output)
+            else
+              output
+            end
+          end
+        end
+
+        private
+        def format_bullet_point_lists(input)
+          input.split("\n").map do |paragraph|
+            if paragraph =~ /(.*)\s+:\s*$/m
+              $1 + ':'
+            elsif paragraph =~ /^\s+-\s+(.*)$/m
+              '* ' + $1.gsub(/\s{3,}/, ' ').gsub(/\n/, ' ')
+            else
+              paragraph
+            end
+          end.join("\n")
+        end
+      end
+
+    end
+  end
+end

data/lib/dradis/plugins/nessus/gem_version.rb

@@ -0,0 +1,19 @@
+module Dradis
+  module Plugins
+    module Nessus
+      # Returns the version of the currently loaded Nessus as a <tt>Gem::Version</tt>
+      def self.gem_version
+        Gem::Version.new VERSION::STRING
+      end
+
+      module VERSION
+        MAJOR = 3
+        MINOR = 18
+        TINY = 0
+        PRE = nil
+
+        STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
+      end
+    end
+  end
+end

data/lib/dradis/plugins/nessus/importer.rb

@@ -0,0 +1,177 @@
+module Dradis::Plugins::Nessus
+  class Importer < Dradis::Plugins::Upload::Importer
+
+    # The framework will call this function if the user selects this plugin from
+    # the dropdown list and uploads a file.
+    # @returns true if the operation was successful, false otherwise
+    def import(params={})
+      file_content    = File.read( params[:file] )
+
+      logger.info{'Parsing nessus output file...'}
+      doc = Nokogiri::XML( file_content )
+      logger.info{'Done.'}
+
+      if doc.xpath('/NessusClientData_v2/Report').empty?
+        error = "No reports were detected in the uploaded file (/NessusClientData_v2/Report). Ensure you uploaded a Nessus XML v2 (.nessus) report."
+        logger.fatal{ error }
+        content_service.create_note text: error
+        return false
+      end
+
+      doc.xpath('/NessusClientData_v2/Report').each do |xml_report|
+        report_label = xml_report.attributes['name'].value
+        logger.info{ "Processing report: #{report_label}" }
+        # No need to create a report node for each report. It may be good to
+        # create a plugin.output/nessus.reports with info for each scan, but
+        # for the time being we just append stuff to the Host
+        # report_node = parent.children.find_or_create_by_label(report_label)
+
+        xml_report.xpath('./ReportHost').each do |xml_host|
+          process_report_host(xml_host)
+        end #/ReportHost
+        logger.info{ "Report processed." }
+      end  #/Report
+
+      return true
+    end # /import
+
+
+    private
+
+    # Internal: Parses the specific "Nessus SYN Scanner" and similar plugin into
+    # Dradis node properties.
+    #
+    # host_node       - The Dradis Node that represents the host in the project.
+    # xml_report_item - The Nokogiri XML node representing the Service Detection
+    #                   <ReportItem> tag.
+    #
+    # Returns nothing.
+    #
+    # Plugins processed using this method:
+    #   - [11219] Nessus SYN Scanner
+    #   - [34220] Netstat Portscanner (WMI)
+    def process_nessus_syn_scanner(host_node, xml_report_item)
+      process_service(
+        host_node,
+        xml_report_item,
+        { 'syn-scanner' => xml_report_item.at_xpath('./plugin_output').try(:text)}
+      )
+    end
+
+    # Internal: Process each /NessusClientData_v2/Report/ReportHost creating a
+    # Dradis node and adding some properties to it (:ip, :os, etc.).
+    #
+    # xml_host        - The Nokogiri XML node representing the parent host for
+    #                   this issue.
+    #
+    # Returns nothing.
+    #
+    def process_report_host(xml_host)
+
+      # 1. Create host node
+      host_label = xml_host.attributes['name'].value
+      host_label += " (#{xml_host.attributes['fqdn'].value})" if xml_host.attributes['fqdn']
+
+      host_node = content_service.create_node(label: host_label, type: :host)
+      logger.info{ "\tHost: #{host_label}" }
+
+      # 2. Add host info note and host properties
+      host_note_text = template_service.process_template(template: 'report_host', data: xml_host)
+      content_service.create_note(text: host_note_text, node: host_node)
+
+      if host_node.respond_to?(:properties)
+        nh = ::Nessus::Host.new(xml_host)
+        host_node.set_property(:fqdn,         nh.fqdn)             if nh.try(:fqdn)
+        host_node.set_property(:ip,           nh.ip)               if nh.try(:ip)
+        host_node.set_property(:mac_address,  nh.mac_address)      if nh.try(:mac_address)
+        host_node.set_property(:netbios_name, nh.netbios_name)     if nh.try(:netbios_name)
+        host_node.set_property(:os,           nh.operating_system) if nh.try(:operating_system)
+        host_node.save
+      end
+
+
+      # 3. Add Issue and associated Evidence for this host/port combination
+      xml_host.xpath('./ReportItem').each do |xml_report_item|
+        case xml_report_item.attributes['pluginID'].value
+        when '0'
+        when '11219', '34220' # Nessus SYN scanner, Netstat Portscanner (WMI)
+          process_nessus_syn_scanner(host_node, xml_report_item)
+        when '22964' # Service Detection
+          process_service_detection(host_node, xml_report_item)
+        else
+          process_report_item(xml_host, host_node, xml_report_item)
+        end
+      end #/ReportItem
+    end
+
+    # Internal: Process each /NessusClientData_v2/Report/ReportHost/ReportItem
+    # and creates the corresponding Issue and Evidence in Dradis.
+    #
+    # xml_host        - The Nokogiri XML node representing the parent host for
+    #                   this issue.
+    # host_node       - The Dradis Node that represents the host in the project.
+    # xml_report_item - The Nokogiri XML node representing the Service Detection
+    #                   <ReportItem> tag.
+    #
+    # Returns nothing.
+    #
+    def process_report_item(xml_host, host_node, xml_report_item)
+      # 3.1. Add Issue to the project
+      plugin_id = xml_report_item.attributes['pluginID'].value
+      logger.info{ "\t\t => Creating new issue (plugin_id: #{plugin_id})" }
+
+      issue_text = template_service.process_template(template: 'report_item', data: xml_report_item)
+
+      issue = content_service.create_issue(text: issue_text, id: plugin_id)
+
+      # 3.2. Add Evidence to link the port/protocol and Issue
+      port_info = xml_report_item.attributes['protocol'].value
+      port_info += "/"
+      port_info += xml_report_item.attributes['port'].value
+
+      logger.info{ "\t\t\t => Adding reference to this host" }
+      evidence_content = template_service.process_template(template: 'evidence', data: xml_report_item)
+
+      content_service.create_evidence(issue: issue, node: host_node, content: evidence_content)
+
+      # 3.3. Compliance check information
+    end
+
+    # Internal: Parses the specific "Service Detection" plugin into Dradis node
+    # properties.
+    #
+    # host_node       - The Dradis Node that represents the host in the project.
+    # xml_report_item - The Nokogiri XML node representing the Service Detection
+    #                   <ReportItem> tag.
+    #
+    # Returns nothing.
+    #
+    def process_service_detection(host_node, xml_report_item)
+      output = xml_report_item.at_xpath('./plugin_output').try(:text) || xml_report_item.at_xpath('./description').try(:text)
+      process_service(
+        host_node,
+        xml_report_item,
+        { 'service-detection' => output }
+      )
+    end
+
+    def process_service(host_node, xml_report_item, service_extra)
+      name     = xml_report_item['svc_name']
+      port     = xml_report_item['port'].to_i
+      protocol = xml_report_item['protocol']
+      logger.info { "\t\t => Creating new service: #{protocol}/#{port}" }
+
+      host_node.set_service(
+        service_extra.merge({
+          name: name,
+          port: port,
+          protocol: protocol,
+          state: :open,
+          source: :nessus
+        })
+      )
+
+      host_node.save
+    end
+  end
+end

data/lib/dradis/plugins/nessus/version.rb

@@ -0,0 +1,13 @@
+require_relative 'gem_version'
+
+module Dradis
+  module Plugins
+    module Nessus
+      # Returns the version of the currently loaded Nessus as a
+      # <tt>Gem::Version</tt>.
+      def self.version
+        gem_version
+      end
+    end
+  end
+end

data/lib/nessus/host.rb

@@ -0,0 +1,82 @@
+module Nessus
+  # This class represents each of the /NessusClientData_v2/Report/ReportHost
+  # elements in the Nessus XML document.
+  #
+  # It provides a convenient way to access the information scattered all over
+  # the XML in attributes and nested tags.
+  #
+  # Instead of providing separate methods for each supported property we rely
+  # on Ruby's #method_missing to do most of the work.
+  class Host
+    # Accepts an XML node from Nokogiri::XML.
+    def initialize(xml_node)
+      @xml = xml_node
+    end
+
+    # List of supported tags. They are all desdendents of the ./HostProperties
+    # node.
+    def supported_tags
+      [
+        # attributes
+        :name,
+
+        # simple tags
+        :ip, :fqdn, :operating_system, :mac_address, :netbios_name,
+        :scan_start_time, :scan_stop_time
+      ]
+    end
+
+    # Each of the entries associated with this host. Returns an array of
+    # Nessus::ReportItem objects
+    def report_items
+      @xml.xpath('./ReportItem').collect { |xml_report_item| ReportItem.new(xml_report_item) }
+    end
+
+    # This allows external callers (and specs) to check for implemented
+    # properties
+    def respond_to?(method, include_private=false)
+      return true if supported_tags.include?(method.to_sym)
+      super
+    end
+
+    # This method is invoked by Ruby when a method that is not defined in this
+    # instance is called.
+    #
+    # In our case we inspect the @method@ parameter and try to find the
+    # corresponding <tag/> element inside the ./HostProperties child.
+    def method_missing(method, *args)
+      # We could remove this check and return nil for any non-recognized tag.
+      # The problem would be that it would make tricky to debug problems with
+      # typos. For instance: <>.potr would return nil instead of raising an
+      # exception
+      unless supported_tags.include?(method)
+        super
+        return
+      end
+
+      # first we try the attributes: name
+      translations_table = {}
+      method_name = translations_table.fetch(method, method.to_s)
+      return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
+
+
+      # translation of Host properties
+      translations_table = {
+        ip:               'host-ip',
+        fqdn:             'host-fqdn',
+        operating_system: 'operating-system',
+        mac_address:      'mac-address',
+        netbios_name:     'netbios-name',
+        scan_start_time:  'HOST_START',
+        scan_stop_time:   'HOST_END'
+      }
+      method_name = translations_table.fetch(method, method.to_s)
+
+      if property = @xml.at_xpath("./HostProperties/tag[@name='#{method_name}']")
+        return property.text
+      else
+        return nil
+      end
+    end
+  end
+end