librex 0.0.5 → 0.0.6

data/lib/rex/ole/propset.rb

@@ -0,0 +1,144 @@
+##
+# $Id: propset.rb 11444 2010-12-29 17:07:46Z jduck $
+# Version: $Revision: 11444 $
+##
+
+##
+# Rex::OLE - an OLE implementation
+# written in 2010 by Joshua J. Drake <jduck [at] metasploit.com>
+##
+
+module Rex
+module OLE
+
+class Property
+
+	def initialize(id, type, data)
+		@id = id
+		@type = type
+		@data = data
+	end
+
+	def pack_pio(off = 0)
+		[ @id, off ].pack('V*')
+	end
+
+	def pack_data
+		buf = [ @type ].pack('V')
+		case @type
+		when VT_BLOB
+			buf << [ @data.length ].pack('V')
+		when VT_CF
+			buf << [ 4 + @data.length, -1 ].pack('V*')
+		end
+		buf << @data
+		buf
+	end
+
+	def to_s
+		"Rex::OLE::Property - to_s unimplemented"
+	end
+
+end
+
+class PropertySet
+
+	def initialize(fmtid = nil)
+		@fmtid = CLSID.new(fmtid)
+		@properties = []
+	end
+
+	def <<(val)
+		@properties << val
+	end
+
+	def pack_fno(off = 0)
+		@fmtid.pack + [ off ].pack('V')
+	end
+
+	def pack_data
+		# Pack all the property data
+		data = []
+		dlen = 0
+		@properties.each { |p|
+			dat = p.pack_data
+			dlen += dat.length
+			data << dat
+		}
+
+		buf = ''
+		# First the header
+		off = 8 + (@properties.length * 8)
+		buf << [ off + dlen, @properties.length ].pack('V*')
+		# Now, the Property Id and Offset for each
+		@properties.each_with_index { |p,x|
+			buf << p.pack_pio(off)
+			off += data[x].length
+		}
+		# Finally, all the data
+		buf << data.join
+		buf
+	end
+
+	def to_s
+		"Rex::OLE::PropertySet - to_s unimplemented"
+	end
+
+end
+
+class PropertySetStream
+
+	def initialize
+		@byte_order = 0xfffe
+		@ole_version = 0
+		@os_version = 1
+		@os_platform = 2
+		@clsid = CLSID.new
+
+		@propsets = []
+	end
+
+	def <<(ps)
+		@propsets << ps
+	end
+
+	def pack
+		buf = ''
+
+		# First, add the header
+		buf << [
+			@byte_order,
+			@ole_version,
+			@os_version,
+			@os_platform
+		].pack('vvvv')
+		buf << @clsid.pack
+		buf << [@propsets.length].pack('V')			
+
+		# Pack all the PropertySet children
+		data = []
+		@propsets.each { |p|
+			data << p.pack_data
+		}
+
+		# Next, add all the FMTID and Offset headers
+		off = buf.length + (20 * @propsets.length)
+		@propsets.each_with_index { |ps,x|
+			buf << ps.pack_fno(off)
+			off += data[x].length
+		}
+
+		# Finally, add all the data
+		buf << data.join
+		buf
+	end
+
+	def to_s
+		"Rex::OLE::PropertySetStream - to_s unimplemented"
+	end
+
+end
+
+
+end
+end

data/lib/rex/parser/ip360_aspl_xml.rb

@@ -0,0 +1,102 @@
+require 'rexml/document'
+require 'rex/ui'
+
+module Rex
+module Parser
+
+
+class IP360ASPLXMLStreamParser
+	
+	@vulnid = nil
+	@appid = nil
+	@location = nil
+
+	attr_accessor :on_found_aspl
+
+	def initialize(&block)
+		reset_state
+		on_found_aspl = block if block
+	end
+
+	def reset_state
+                @aspl = {'vulns' => {'name' => { }, 'cve' => { }, 'bid' => { } },
+		         'oses' => {'name' => { } } }
+                @state = :generic_state
+	end
+
+	def tag_start(name, attributes)
+		case name
+		when "vulns"
+			@location = "vulns"
+		when "vuln"
+			@vulnid = attributes['id'].strip
+		when "name"
+			@state = :is_name
+		when "advisories"
+			@c = ""
+			@cfirst = 1
+			@b = ""
+			@bfirst = 1
+			@x = Hash.new
+		when "publisher"
+			@state = :is_pub
+		when "id"
+			@state = :is_refid
+		when "operatingSystems"
+			@location = "os"
+		when "operatingSystem"
+			@osid = attributes['id'].strip
+		end
+	end
+	
+	def text(str)
+		case @state
+		when :is_name
+			@aspl['vulns']['name'][@vulnid] = str if @location == "vulns"
+			@aspl['oses'][@osid] = str if @location == "os"
+		when :is_pub
+			@x['pub'] = str
+		when :is_refid
+			@x['refid'] = str
+		end
+	end
+
+	def tag_end(name)
+		case name
+		when "ontology"
+			on_found_aspl.call(@aspl) if on_found_aspl
+			reset_state
+		when "advisory"
+			if (@x['pub'] =~ /CVE/)
+				if (@cfirst == 0)
+					@c += ","
+				end
+				@c += @x['refid']
+				@cfirst = 0
+			elsif (@x['pub'] =~ /BugTraq/)
+				if (@bfirst == 0)
+					@b += ","
+				end
+				@b += @x['refid']
+				@bfirst = 0
+			end
+		when "advisories"
+			@aspl['vulns']['cve'][@vulnid] = @c
+			@aspl['vulns']['bid'][@vulnid] = @b
+			@c = ""
+			@b = ""
+		end
+		@state = :generic_state
+	end
+
+	# We don't need these methods, but they're necessary to keep REXML happy
+	#
+	def xmldecl(version, encoding, standalone); end
+	def cdata; end
+	def comment(str); end
+	def instruction(name, instruction); end
+	def attlist; end
+end
+
+end
+end

data/lib/rex/parser/ip360_xml.rb

@@ -0,0 +1,93 @@
+require 'rexml/document'
+require 'rex/ui'
+
+module Rex
+module Parser
+
+
+class IP360XMLStreamParser
+
+	attr_accessor :on_found_host
+
+	def initialize(&block)
+		reset_state
+		on_found_host = block if block
+	end
+
+	def reset_state
+                @host = {'hname' => nil, 'hid' => nil, 'addr' => nil, 'mac' => nil, 'os' => nil,
+                         'vulns' => ['vuln' => {'vulnid' => nil, 'port' => nil, 'proto' => nil} ],
+                         'apps' => ['app' => {'appid' => nil, 'svcid' => nil, 'port' => nil, 'proto' => nil } ],
+                        }
+                @state = :generic_state
+	end
+
+	def tag_start(name, attributes)
+		case name
+		when "host"
+			@host['hid'] = attributes['persistent_id']
+		when "ip"
+			@state = :is_ip
+		when "dnsName"
+			@state = :is_fqdn
+		when "macAddress"
+			@state = :is_mac
+		when "os"
+			@host['os'] = attributes['id']	
+		when "vulnerability"
+			@x = Hash.new	
+			@x['vulnid'] = attributes['id']
+		when "port"
+			@state = :is_port
+		when "protocol"
+			@state = :is_proto
+		when "application"
+			@y = Hash.new
+			@y['appid'] = attributes['application_id']
+			@y['svcid'] = attributes['svcid']
+			@y['port'] = attributes['port']
+			@y['proto'] = attributes['protocol']
+			@host['apps'].push @y
+		end
+	end
+	
+	def text(str)
+		case @state
+		when :is_fqdn
+			@host['hname'] = str
+		when :is_ip
+			@host['addr'] = str
+		when :is_mac
+			@host['mac'] = str
+		when :is_port
+			@x['port'] = str
+		when :is_proto
+			@x['proto'] = str
+		end
+	end
+
+	def tag_end(name)
+		case name
+		when "host"
+			on_found_host.call(@host) if on_found_host
+			reset_state
+		when "vulnerability"
+			@host['vulns'].push @x
+		end
+		@state = :generic_state
+	end
+
+	def cdata(d)
+		#do nothing
+	end
+
+	# We don't need these methods, but they're necessary to keep REXML happy
+	#
+	def xmldecl(version, encoding, standalone); end
+	def comment(str); end
+	def instruction(name, instruction); end
+	def attlist; end
+end
+
+end
+end

data/lib/rex/parser/nessus_xml.rb

@@ -0,0 +1,118 @@
+require 'rexml/document'
+require 'rex/ui'
+
+module Rex
+module Parser
+
+
+class NessusXMLStreamParser
+
+	attr_accessor :on_found_host
+
+	def initialize(&block)
+		reset_state
+		on_found_host = block if block
+	end
+
+	def reset_state
+		@host = {'hname' => nil, 'addr' => nil, 'mac' => nil, 'os' => nil, 'ports' => [
+			'port' => {'port' => nil, 'svc_name'  => nil, 'proto' => nil, 'severity' => nil,
+			'nasl' => nil, 'description' => nil, 'cve' => [], 'bid' => [], 'xref' => [], 'msf' => nil } ] }
+		@state = :generic_state
+	end
+
+	def tag_start(name, attributes)
+		case name
+		when "tag"
+			if attributes['name'] == "mac-address"
+				@state = :is_mac
+			end
+			if attributes['name'] == "host-fqdn"
+				@state = :is_fqdn
+			end
+			if attributes['name'] == "ip-addr"
+				@state = :is_ip
+			end
+			if attributes['name'] == "host-ip"
+				@state = :is_ip
+			end
+			if attributes['name'] == "operating-system"
+				@state = :is_os
+			end
+		when "ReportHost"
+			@host['hname'] = attributes['name']
+		when "ReportItem"
+			@cve = Array.new
+			@bid = Array.new
+			@xref = Array.new
+			@x = Hash.new
+			@x['nasl'] = attributes['pluginID']
+			@x['port'] = attributes['port']
+			@x['proto'] = attributes['protocol']
+			@x['svc_name'] = attributes['svc_name']
+			@x['severity'] = attributes['severity']
+		when "description"
+			@state = :is_desc
+		when "cve"
+			@state = :is_cve
+		when "bid"
+			@state = :is_bid
+		when "xref"
+			@state = :is_xref
+		when "solution"
+			@state = :is_solution
+		when "metasploit_name"
+			@state = :msf
+		end
+	end
+	
+	def text(str)
+		case @state
+		when :is_fqdn
+			@host['hname'] = str
+		when :is_ip
+			@host['addr'] = str
+		when :is_os
+			@host['os'] = str
+		when :is_mac
+			@host['mac'] = str
+		when :is_desc
+			@x['description'] = str
+		when :is_cve
+			@cve.push str
+		when :is_bid
+			@bid.push str
+		when :is_xref
+			@xref.push str
+		when :msf
+			#p str
+			@x['msf'] = str
+		end
+	end
+
+	def tag_end(name)
+		case name
+		when "ReportHost"
+			on_found_host.call(@host) if on_found_host
+			reset_state
+		when "ReportItem"
+			@x['cve'] = @cve
+			@x['bid'] = @bid
+			@x['xref'] = @xref
+			@host['ports'].push @x
+		end
+		@state = :generic_state
+	end
+
+	# We don't need these methods, but they're necessary to keep REXML happy
+	#
+	def xmldecl(version, encoding, standalone); end
+	def cdata; end
+	def comment(str); end
+	def instruction(name, instruction); end
+	def attlist; end
+end
+
+end
+end
+