librex 0.0.68 → 0.0.70

data/lib/rex/ole/stream.rb

@@ -1,8 +1,4 @@
 # -*- coding: binary -*-
-##
-# $Id: stream.rb 15548 2012-06-29 06:08:20Z rapid7 $
-# Version: $Revision: 15548 $
-##
 
 ##
 # Rex::OLE - an OLE implementation
@@ -14,39 +10,39 @@ module OLE
 
 class Stream < DirEntry
 
-	def initialize(stg)
-		super
-
-		# for reading/writing from this
-		@offset = 0
-		@_mse = STGTY_STREAM
-	end
-
-	def close
-		@mode = nil
-		@offset = nil
-	end
-
-	def seek(offset)
-		@offset = offset
-	end
-
-	def read(len)
-		return nil if (not @data)
-
-		ret = @data[@offset, len]
-		@offset += len
-		ret
-	end
-
-	def <<(expr)
-		if (not @data)
-			@data = expr.dup
-		else
-			@data << expr
-		end
-		@_ulSize = @data.length
-	end
+  def initialize(stg)
+    super
+
+    # for reading/writing from this
+    @offset = 0
+    @_mse = STGTY_STREAM
+  end
+
+  def close
+    @mode = nil
+    @offset = nil
+  end
+
+  def seek(offset)
+    @offset = offset
+  end
+
+  def read(len)
+    return nil if (not @data)
+
+    ret = @data[@offset, len]
+    @offset += len
+    ret
+  end
+
+  def <<(expr)
+    if (not @data)
+      @data = expr.dup
+    else
+      @data << expr
+    end
+    @_ulSize = @data.length
+  end
 
 end
 

data/lib/rex/ole/substorage.rb

@@ -1,8 +1,4 @@
 # -*- coding: binary -*-
-##
-# $Id: substorage.rb 15548 2012-06-29 06:08:20Z rapid7 $
-# Version: $Revision: 15548 $
-##
 
 ##
 # Rex::OLE - an OLE implementation
@@ -14,35 +10,35 @@ module OLE
 
 class SubStorage < DirEntry
 
-	def initialize(stg)
-		super
+  def initialize(stg)
+    super
 
-		@_mse = STGTY_STORAGE
-	end
+    @_mse = STGTY_STORAGE
+  end
 
 
-	def close
-	end
+  def close
+  end
 
 
-	# stream handling stuff
-	def create_stream(name, mode=STGM_WRITE)
-		@stg.create_stream(name, mode, self)
-	end
+  # stream handling stuff
+  def create_stream(name, mode=STGM_WRITE)
+    @stg.create_stream(name, mode, self)
+  end
 
-	def open_stream(name, mode=STGM_READ)
-		@stg.open_stream(name, mode, self)
-	end
+  def open_stream(name, mode=STGM_READ)
+    @stg.open_stream(name, mode, self)
+  end
 
 
-	# storage handling stuff
-	def create_storage(name, mode=STGM_WRITE)
-		@stg.create_storage(name, mode, self)
-	end
+  # storage handling stuff
+  def create_storage(name, mode=STGM_WRITE)
+    @stg.create_storage(name, mode, self)
+  end
 
-	def open_storage(name, mode=STGM_WRITE)
-		@stg.open_storage(name, mode, self)
-	end
+  def open_storage(name, mode=STGM_WRITE)
+    @stg.open_storage(name, mode, self)
+  end
 
 end
 

data/lib/rex/ole/util.rb

@@ -1,8 +1,4 @@
 # -*- coding: binary -*-
-##
-# $Id: util.rb 15548 2012-06-29 06:08:20Z rapid7 $
-# Version: $Revision: 15548 $
-##
 
 ##
 # Rex::OLE - an OLE implementation
@@ -14,143 +10,143 @@ module OLE
 
 class Util
 
-	def self.Hexify32array(arr)
-		ret = ""
-		arr.each { |dw|
-			ret << " " if ret.length > 0
-			ret << "0x%08x" % dw
-		}
-		ret
-	end
-
-	def self.Printable(buf)
-		ret = ""
-		buf.unpack('C*').each { |byte|
-			ch = byte.chr
-			if (byte < 0x20 || byte > 0x7e)
-				ret << "\\x" + ch.unpack('H*')[0]
-			else
-				ret << ch
-			end
-		}
-		ret
-	end
-
-
-	def self.set_endian(endian)
-		@endian = endian
-	end
-
-	def self.get64(buf, offset)
-		@endian = LITTLE_ENDIAN if not @endian
-		if (@endian == LITTLE_ENDIAN)
-			arr = buf[offset,8].unpack('VV')
-			return (arr[0] + (arr[1] << 32))
-		else
-			arr = buf[offset,8].unpack('NN')
-			return ((arr[0] << 32) + arr[1])
-		end
-	end
-
-	def self.pack64(value)
-		@endian = LITTLE_ENDIAN if not @endian
-		arr = []
-		arr << (value & 0xffffffff)
-		arr << (value >> 32)
-		if (@endian == LITTLE_ENDIAN)
-			arr.pack('VV')
-		else
-			arr.reverse.pack('NN')
-		end
-	end
-
-	def self.get32(buf, offset)
-		@endian = LITTLE_ENDIAN if not @endian
-		if (@endian == LITTLE_ENDIAN)
-			buf[offset,4].unpack('V')[0]
-		else
-			buf[offset,4].unpack('N')[0]
-		end
-	end
-
-	def self.pack32(value)
-		@endian = LITTLE_ENDIAN if not @endian
-		if (@endian == LITTLE_ENDIAN)
-			[value].pack('V')
-		else
-			[value].pack('N')
-		end
-	end
-
-	def self.get32array(buf)
-		@endian = LITTLE_ENDIAN if not @endian
-		if (@endian == LITTLE_ENDIAN)
-			buf.unpack('V*')
-		else
-			buf.unpack('N*')
-		end
-	end
-
-	def self.pack32array(arr)
-		@endian = LITTLE_ENDIAN if not @endian
-		if (@endian == LITTLE_ENDIAN)
-			arr.pack('V*')
-		else
-			arr.pack('N*')
-		end
-	end
-
-	def self.get16(buf, offset)
-		@endian = LITTLE_ENDIAN if not @endian
-		if (@endian == LITTLE_ENDIAN)
-			buf[offset,2].unpack('v')[0]
-		else
-			buf[offset,2].unpack('n')[0]
-		end
-	end
-
-	def self.pack16(value)
-		@endian = LITTLE_ENDIAN if not @endian
-		if (@endian == LITTLE_ENDIAN)
-			[value].pack('v')
-		else
-			[value].pack('n')
-		end
-	end
-
-	def self.get8(buf, offset)
-		buf[offset,1].unpack('C')[0]
-	end
-
-	def self.pack8(value)
-		[value].pack('C')
-	end
-
-
-	def self.getUnicodeString(buf)
-		buf = buf.unpack('S*').pack('C*')
-		if (idx = buf.index(0x00.chr))
-			buf.slice!(idx, buf.length)
-		end
-		buf
-	end
-
-	def self.putUnicodeString(buf)
-		buf = buf.unpack('C*').pack('S*')
-		if (buf.length < 0x40)
-			buf << "\x00" * (0x40 - buf.length)
-		end
-		buf
-	end
-
-
-	def self.name_is_valid(name)
-		return nil if (name.length > 31)
-		(0..0x1f).to_a.each { |x|
-			return nil if (name.include?(x.chr))
-		}
-		return true
-	end
+  def self.Hexify32array(arr)
+    ret = ""
+    arr.each { |dw|
+      ret << " " if ret.length > 0
+      ret << "0x%08x" % dw
+    }
+    ret
+  end
+
+  def self.Printable(buf)
+    ret = ""
+    buf.unpack('C*').each { |byte|
+      ch = byte.chr
+      if (byte < 0x20 || byte > 0x7e)
+        ret << "\\x" + ch.unpack('H*')[0]
+      else
+        ret << ch
+      end
+    }
+    ret
+  end
+
+
+  def self.set_endian(endian)
+    @endian = endian
+  end
+
+  def self.get64(buf, offset)
+    @endian = LITTLE_ENDIAN if not @endian
+    if (@endian == LITTLE_ENDIAN)
+      arr = buf[offset,8].unpack('VV')
+      return (arr[0] + (arr[1] << 32))
+    else
+      arr = buf[offset,8].unpack('NN')
+      return ((arr[0] << 32) + arr[1])
+    end
+  end
+
+  def self.pack64(value)
+    @endian = LITTLE_ENDIAN if not @endian
+    arr = []
+    arr << (value & 0xffffffff)
+    arr << (value >> 32)
+    if (@endian == LITTLE_ENDIAN)
+      arr.pack('VV')
+    else
+      arr.reverse.pack('NN')
+    end
+  end
+
+  def self.get32(buf, offset)
+    @endian = LITTLE_ENDIAN if not @endian
+    if (@endian == LITTLE_ENDIAN)
+      buf[offset,4].unpack('V')[0]
+    else
+      buf[offset,4].unpack('N')[0]
+    end
+  end
+
+  def self.pack32(value)
+    @endian = LITTLE_ENDIAN if not @endian
+    if (@endian == LITTLE_ENDIAN)
+      [value].pack('V')
+    else
+      [value].pack('N')
+    end
+  end
+
+  def self.get32array(buf)
+    @endian = LITTLE_ENDIAN if not @endian
+    if (@endian == LITTLE_ENDIAN)
+      buf.unpack('V*')
+    else
+      buf.unpack('N*')
+    end
+  end
+
+  def self.pack32array(arr)
+    @endian = LITTLE_ENDIAN if not @endian
+    if (@endian == LITTLE_ENDIAN)
+      arr.pack('V*')
+    else
+      arr.pack('N*')
+    end
+  end
+
+  def self.get16(buf, offset)
+    @endian = LITTLE_ENDIAN if not @endian
+    if (@endian == LITTLE_ENDIAN)
+      buf[offset,2].unpack('v')[0]
+    else
+      buf[offset,2].unpack('n')[0]
+    end
+  end
+
+  def self.pack16(value)
+    @endian = LITTLE_ENDIAN if not @endian
+    if (@endian == LITTLE_ENDIAN)
+      [value].pack('v')
+    else
+      [value].pack('n')
+    end
+  end
+
+  def self.get8(buf, offset)
+    buf[offset,1].unpack('C')[0]
+  end
+
+  def self.pack8(value)
+    [value].pack('C')
+  end
+
+
+  def self.getUnicodeString(buf)
+    buf = buf.unpack('S*').pack('C*')
+    if (idx = buf.index(0x00.chr))
+      buf.slice!(idx, buf.length)
+    end
+    buf
+  end
+
+  def self.putUnicodeString(buf)
+    buf = buf.unpack('C*').pack('S*')
+    if (buf.length < 0x40)
+      buf << "\x00" * (0x40 - buf.length)
+    end
+    buf
+  end
+
+
+  def self.name_is_valid(name)
+    return nil if (name.length > 31)
+    (0..0x1f).to_a.each { |x|
+      return nil if (name.include?(x.chr))
+    }
+    return true
+  end
 
 end
 

data/lib/rex/parser/acunetix_nokogiri.rb

@@ -4,403 +4,403 @@ require 'rex'
 require 'uri'
 
 module Rex
-	module Parser
-
-		# If Nokogiri is available, define the Acunetix document class.
-		load_nokogiri && class AcunetixDocument < Nokogiri::XML::SAX::Document
-
-		include NokogiriDocMixin
-
-		# The resolver prefers your local /etc/hosts (or windows equiv), but will
-		# fall back to regular DNS. It retains a cache for the import to avoid
-		# spamming your network with DNS requests.
-		attr_reader :resolv_cache
-
-		# If name resolution of the host fails out completely, you will not be
-		# able to import that Scan task. Other scan tasks in the same report
-		# should be unaffected.
-		attr_reader :parse_warnings
-
-		def start_document
-			@parse_warnings = []
-			@resolv_cache = {}
-		end
-
-		def start_element(name=nil,attrs=[])
-			attrs = normalize_attrs(attrs)
-			block = @block
-			@state[:current_tag][name] = true
-			case name
-			when "Scan" # Start of the thing.
-			when "Name", "StartURL", "Banner", "Os"
-				@state[:has_text] = true
-			when "LoginSequence" # Skipping for now
-			when "Crawler"
-				record_crawler(attrs)
-			when "FullURL"
-				@state[:has_text] = true
-			when "Variable"
-				record_variable(attrs)
-			when "Request", "Response"
-				@state[:has_text] = true
-			end
-		end
-
-		def end_element(name=nil)
-			block = @block
-			case name
-			when "Scan"
-				# Clears most of the @state out, we're done with this web site.
-				@state.delete_if {|k| k != :current_tag}
-			when "Name"
-				@state[:has_text] = false
-				collect_scan_name
-				collect_report_item_name
-				@text = nil
-			when "StartURL" # Populates @state[:starturl_uri], we use this a lot
-				@state[:has_text] = false
-				collect_host
-				collect_service
-				@text = nil
-				handle_parse_warnings &block
-				host_object = report_host &block
-				if host_object
-					report_starturl_service(host_object,&block)
-					db.report_import_note(@args[:wspace],host_object)
-				end
-			when "Banner"
-				@state[:has_text] = false
-				collect_and_report_banner
-			when "Os"
-				@state[:has_text] = false
-				report_os_fingerprint
-			when "LoginSequence" # This comes up later in the report anyway
-			when "Crawler"
-				report_starturl_web_site(&block)
-			when "FullURL"
-				@state[:has_text] = false
-				report_web_site(@text,&block)
-				@text = nil
-			when "Inputs"
-				report_web_form(&block)
-			when "Request"
-				@state[:has_text] = false
-				collect_page_request
-				@text = nil
-			when "Response"
-				@state[:has_text] = false
-				collect_page_response
-				@text = nil
-				report_web_page(&block)
-			end
-			@state[:current_tag].delete name
-		end
-
-		def collect_page_response
-			return unless in_tag("TechnicalDetails")
-			return unless in_tag("ReportItem")
-			return unless @text
-			return if @text.to_s.empty?
-			@state[:page_response] = @text
-		end
-
-		def collect_page_request
-			return unless in_tag("TechnicalDetails")
-			return unless in_tag("ReportItem")
-			return unless @text
-			return if @text.to_s.empty?
-			@state[:page_request] = @text
-		end
-
-		def collect_scan_name
-			return unless in_tag("Scan")
-			return if in_tag("ReportItems")
-			return if in_tag("Crawler")
-			return unless @text
-			return if @text.strip.empty?
-			@state[:scan_name] = @text.strip
-		end
-
-		def collect_host
-			return unless in_tag("Scan")
-			return unless @text
-			return if @text.strip.empty?
-			uri = URI.parse(@text) rescue nil
-			return unless uri
-			address = resolve_scan_starturl_address(uri)
-			@report_data[:host] = address
-			@report_data[:state] = Msf::HostState::Alive
-		end
-
-		def collect_service
-			return unless @report_data[:host]
-			return unless in_tag("Scan")
-			return unless @text
-			return if @text.strip.empty?
-			uri = URI.parse(@text) rescue nil
-			return unless uri
-			@state[:starturl_uri] = uri
-			@report_data[:ports] ||= []
-			@report_data[:ports] << @state[:starturl_port]
-		end
-
-		def collect_and_report_banner
-			return unless (svc = @state[:starturl_service_object]) # Yes i want assignment
-			return unless @text
-			return if @text.strip.empty?
-			return unless in_tag("Scan")
-			svc_info = {
-				:host => svc.host,
-				:port => svc.port,
-				:proto => svc.proto,
-				:info => @text.strip
-			}
-			db_report(:service, svc_info)
-			@text = nil
-		end
-
-		def collect_report_item_name
-			return unless in_tag("ReportItem")
-			return unless @text
-			return if @text.strip.empty?
-			@state[:report_item] = @text
-		end
-
-		# @state[:fullurl] is set by report_web_site
-		def record_variable(attrs)
-			return unless in_tag("Inputs")
-			return unless @state[:fullurl].kind_of? URI
-			method = attr_hash(attrs)["Type"]
-			return unless method
-			return if method.strip.empty?
-			@state[:form_variables] ||= []
-			@state[:form_variables] << [attr_hash(attrs)["Name"],method]
-		end
-
-		def record_crawler(attrs)
-			return unless in_tag("Scan")
-			return unless @state[:starturl_service_object]
-			starturl = attr_hash(attrs)["StartUrl"]
-			return unless starturl
-			@state[:crawler_starturl] = starturl
-		end
-
-		def report_web_form(&block)
-			return unless in_tag("SiteFiles")
-			return unless @state[:web_site]
-			return unless @state[:fullurl].kind_of? URI
-			return unless @state[:form_variables].kind_of? Array
-			return if @state[:form_variables].empty?
-			method = parse_method(@state[:form_variables].first[1])
-			vars = @state[:form_variables].map {|x| x[0]}
-			form_info = {}
-			form_info[:web_site] = @state[:web_site]
-			form_info[:path] = @state[:fullurl].path
-			form_info[:query] = @state[:fullurl].query
-			form_info[:method] = method
-			form_info[:params] = vars
-			url = @state[:fullurl].to_s
-			db.emit(:web_form,url,&block) if block
-			db_report(:web_form,form_info)
-			@state[:fullurl] = nil
-			@state[:form_variables] = nil
-		end
-
-		def report_web_page(&block)
-			return if should_skip_this_page
-			return unless @state[:web_site]
-			return unless @state[:page_request]
-			return if @state[:page_request].strip.empty?
-			return unless @state[:page_response]
-			return if @state[:page_response].strip.empty?
-			path,query_string = parse_request(@state[:page_request])
-			return unless path
-			parsed_response = parse_response(@state[:page_response])
-			return unless parsed_response
-			web_page_info = {}
-			web_page_info[:web_site] = @state[:web_site]
-			web_page_info[:path] = path
-			web_page_info[:code] = parsed_response[:code].to_i
-			web_page_info[:headers] = parsed_response[:headers]
-			web_page_info[:body] = parsed_response[:body]
-			web_page_info[:query] = query_string || ""
-			url = ""
-			url << @state[:web_site].service.name.to_s << "://"
-			url << @state[:web_site].vhost.to_s << ":"
-			url << path
-			uri = URI.parse(url) rescue nil
-			return unless uri # Sanity checker
-			db.emit(:web_page, url, &block) if block
-			web_page_object = db_report(:web_page,web_page_info)
-			@state[:page_request] = @state[:page_response] = nil
-			@state[:web_page] = web_page_object
-		end
-
-		# Reasons why we shouldn't collect a particular web page.
-		def should_skip_this_page
-			if @state[:report_item] =~ /Unrestricted File Upload/
-				# This means that the page being collected is something the
-				# auditor put there, so it's not useful to report on.
-				return true
-			end
-			return false
-		end
-
-		# XXX Rex::Proto::Http::Packet seems broken for
-		# actually parsing requests and responses, but all I
-		# need are the headers anyway
-		def parse_request(request)
-			headers = Rex::Proto::Http::Packet::Header.new
-			headers.from_s request.dup # It's destructive.
-			return unless headers.cmd_string
-			verb,req = headers.cmd_string.split(/\s+/)
-			return unless verb
-			return unless req
-			path,query_string = req.split(/\?/)[0,2]
-		end
-
-		def parse_response(response)
-			headers = Rex::Proto::Http::Packet::Header.new
-			headers.from_s response.dup # It's destructive.
-			return unless headers.cmd_string
-			http,code,msg = headers.cmd_string.split(/\s+/)
-			return unless code
-			return unless code.to_i.to_s == code
-			parsed = {}
-			parsed[:code] = code
-			parsed[:headers] = {}
-			headers.each do |k,v|
-				parsed[:headers][k.to_s.downcase] = []
-				parsed[:headers][k.to_s.downcase] << v
-			end
-			parsed[:body] = "" # We never seem to get this from Acunetix
-			parsed
-		end
-
-		# Don't cause the web report to die just because we can't tell
-		# what method was used -- default to GET. Sometimes it's just "POST," and
-		# sometimes it's "URL encoded POST," and sometimes it might be something
-		# else.
-		def parse_method(meth)
-			verbs = "(GET|POST|PATH)"
-			real_method = meth.match(/^\s*#{verbs}/)
-			real_method ||= meth.match(/\s*#{verbs}\s*$/)
-			( real_method && real_method[1] ) ? real_method[1] : "GET"
-		end
-
-		def report_host(&block)
-			return unless @report_data[:host]
-			return unless in_tag("Scan")
-			if host_is_okay
-				db.emit(:address,@report_data[:host],&block) if block
-				host_info = @report_data.merge(:workspace => @args[:wspace])
-				db_report(:host,host_info)
-			end
-		end
-
-		# The service is super important, so we hang on to it for the
-		# rest of the scan.
-		def report_starturl_service(host_object,&block)
-			return unless host_object
-			return unless @state[:starturl_uri]
-			name = @state[:starturl_uri].scheme
-			port = @state[:starturl_uri].port
-			addr = host_object.address
-			svc = {
-				:host => host_object,
-				:port => port,
-				:name => name.dup,
-				:proto => "tcp"
-			}
-			if name and port
-				db.emit(:service,[addr,port].join(":"),&block) if block
-				@state[:starturl_service_object] = db_report(:service,svc)
-			end
-		end
-
-		def report_web_site(url,&block)
-			return unless in_tag("Crawler")
-			return unless url
-			return if url.strip.empty?
-			uri = URI.parse(url) rescue nil
-			return unless uri
-			host = uri.host
-			port = uri.port
-			scheme = uri.scheme
-			return unless scheme[/^https?/]
-			return unless (host && port && scheme)
-			address = resolve_address(host)
-			return unless address
-			service_info = [ @args[:wspace], address, "tcp", port ]
-			service_object = db.get_service(*service_info)
-			service_object = db_report(:service,service_info) unless service_object
-			web_site_info = {
-				:workspace => @args[:wspace],
-				:service => service_object,
-				:vhost => host,
-				:ssl => (scheme == "https")
-			}
-			@state[:web_site] = db_report(:web_site,web_site_info)
-			@state[:fullurl] = uri
-		end
-
-		def report_starturl_web_site(&block)
-			return unless @state[:crawler_starturl]
-			starturl = @state[:crawler_starturl].dup
-			report_web_site(starturl,&block)
-		end
-
-		def report_os_fingerprint
-			return unless @state[:starturl_service_object]
-			return unless @text
-			return if @text.strip.empty?
-			return unless in_tag("Scan")
-			host = @state[:starturl_service_object].host
-			fp_note = {
-				:workspace => host.workspace,
-				:host => host,
-				:type => 'host.os.acunetix_fingerprint',
-				:data => {:os => @text}
-			}
-			db_report(:note, fp_note)
-			@text = nil
-		end
-
-		def resolve_port(uri)
-			@state[:port] = uri.port
-			unless @state[:port]
-				@parse_warnings << "Could not determine a port for '#{@state[:scan_name]}'"
-			end
-			@state[:port] = uri.port
-		end
-
-		def resolve_address(host)
-			return @resolv_cache[host] if @resolv_cache[host]
-			address = Rex::Socket.resolv_to_dotted(host) rescue nil
-			@resolv_cache[host] = address
-			return address
-		end
-
-		def resolve_scan_starturl_address(uri)
-			if uri.host
-				address = resolve_address(uri.host)
-				unless address
-					@parse_warnings << "Could not resolve address for '#{uri.host}', skipping '#{@state[:scan_name]}'"
-				end
-			else
-				@parse_warnings << "Could not determine a host for '#{@state[:scan_name]}'"
-			end
-			address
-		end
-
-		def handle_parse_warnings(&block)
-			return if @parse_warnings.empty?
-			@parse_warnings.each do |pwarn|
-				db.emit(:warning, pwarn, &block) if block
-			end
-		end
-
-	end
-	end
+  module Parser
+
+    # If Nokogiri is available, define the Acunetix document class.
+    load_nokogiri && class AcunetixDocument < Nokogiri::XML::SAX::Document
+
+    include NokogiriDocMixin
+
+    # The resolver prefers your local /etc/hosts (or windows equiv), but will
+    # fall back to regular DNS. It retains a cache for the import to avoid
+    # spamming your network with DNS requests.
+    attr_reader :resolv_cache
+
+    # If name resolution of the host fails out completely, you will not be
+    # able to import that Scan task. Other scan tasks in the same report
+    # should be unaffected.
+    attr_reader :parse_warnings
+
+    def start_document
+      @parse_warnings = []
+      @resolv_cache = {}
+    end
+
+    def start_element(name=nil,attrs=[])
+      attrs = normalize_attrs(attrs)
+      block = @block
+      @state[:current_tag][name] = true
+      case name
+      when "Scan" # Start of the thing.
+      when "Name", "StartURL", "Banner", "Os"
+        @state[:has_text] = true
+      when "LoginSequence" # Skipping for now
+      when "Crawler"
+        record_crawler(attrs)
+      when "FullURL"
+        @state[:has_text] = true
+      when "Variable"
+        record_variable(attrs)
+      when "Request", "Response"
+        @state[:has_text] = true
+      end
+    end
+
+    def end_element(name=nil)
+      block = @block
+      case name
+      when "Scan"
+        # Clears most of the @state out, we're done with this web site.
+        @state.delete_if {|k| k != :current_tag}
+      when "Name"
+        @state[:has_text] = false
+        collect_scan_name
+        collect_report_item_name
+        @text = nil
+      when "StartURL" # Populates @state[:starturl_uri], we use this a lot
+        @state[:has_text] = false
+        collect_host
+        collect_service
+        @text = nil
+        handle_parse_warnings &block
+        host_object = report_host &block
+        if host_object
+          report_starturl_service(host_object,&block)
+          db.report_import_note(@args[:wspace],host_object)
+        end
+      when "Banner"
+        @state[:has_text] = false
+        collect_and_report_banner
+      when "Os"
+        @state[:has_text] = false
+        report_os_fingerprint
+      when "LoginSequence" # This comes up later in the report anyway
+      when "Crawler"
+        report_starturl_web_site(&block)
+      when "FullURL"
+        @state[:has_text] = false
+        report_web_site(@text,&block)
+        @text = nil
+      when "Inputs"
+        report_web_form(&block)
+      when "Request"
+        @state[:has_text] = false
+        collect_page_request
+        @text = nil
+      when "Response"
+        @state[:has_text] = false
+        collect_page_response
+        @text = nil
+        report_web_page(&block)
+      end
+      @state[:current_tag].delete name
+    end
+
+    def collect_page_response
+      return unless in_tag("TechnicalDetails")
+      return unless in_tag("ReportItem")
+      return unless @text
+      return if @text.to_s.empty?
+      @state[:page_response] = @text
+    end
+
+    def collect_page_request
+      return unless in_tag("TechnicalDetails")
+      return unless in_tag("ReportItem")
+      return unless @text
+      return if @text.to_s.empty?
+      @state[:page_request] = @text
+    end
+
+    def collect_scan_name
+      return unless in_tag("Scan")
+      return if in_tag("ReportItems")
+      return if in_tag("Crawler")
+      return unless @text
+      return if @text.strip.empty?
+      @state[:scan_name] = @text.strip
+    end
+
+    def collect_host
+      return unless in_tag("Scan")
+      return unless @text
+      return if @text.strip.empty?
+      uri = URI.parse(@text) rescue nil
+      return unless uri
+      address = resolve_scan_starturl_address(uri)
+      @report_data[:host] = address
+      @report_data[:state] = Msf::HostState::Alive
+    end
+
+    def collect_service
+      return unless @report_data[:host]
+      return unless in_tag("Scan")
+      return unless @text
+      return if @text.strip.empty?
+      uri = URI.parse(@text) rescue nil
+      return unless uri
+      @state[:starturl_uri] = uri
+      @report_data[:ports] ||= []
+      @report_data[:ports] << @state[:starturl_port]
+    end
+
+    def collect_and_report_banner
+      return unless (svc = @state[:starturl_service_object]) # Yes i want assignment
+      return unless @text
+      return if @text.strip.empty?
+      return unless in_tag("Scan")
+      svc_info = {
+        :host => svc.host,
+        :port => svc.port,
+        :proto => svc.proto,
+        :info => @text.strip
+      }
+      db_report(:service, svc_info)
+      @text = nil
+    end
+
+    def collect_report_item_name
+      return unless in_tag("ReportItem")
+      return unless @text
+      return if @text.strip.empty?
+      @state[:report_item] = @text
+    end
+
+    # @state[:fullurl] is set by report_web_site
+    def record_variable(attrs)
+      return unless in_tag("Inputs")
+      return unless @state[:fullurl].kind_of? URI
+      method = attr_hash(attrs)["Type"]
+      return unless method
+      return if method.strip.empty?
+      @state[:form_variables] ||= []
+      @state[:form_variables] << [attr_hash(attrs)["Name"],method]
+    end
+
+    def record_crawler(attrs)
+      return unless in_tag("Scan")
+      return unless @state[:starturl_service_object]
+      starturl = attr_hash(attrs)["StartUrl"]
+      return unless starturl
+      @state[:crawler_starturl] = starturl
+    end
+
+    def report_web_form(&block)
+      return unless in_tag("SiteFiles")
+      return unless @state[:web_site]
+      return unless @state[:fullurl].kind_of? URI
+      return unless @state[:form_variables].kind_of? Array
+      return if @state[:form_variables].empty?
+      method = parse_method(@state[:form_variables].first[1])
+      vars = @state[:form_variables].map {|x| x[0]}
+      form_info = {}
+      form_info[:web_site] = @state[:web_site]
+      form_info[:path] = @state[:fullurl].path
+      form_info[:query] = @state[:fullurl].query
+      form_info[:method] = method
+      form_info[:params] = vars
+      url = @state[:fullurl].to_s
+      db.emit(:web_form,url,&block) if block
+      db_report(:web_form,form_info)
+      @state[:fullurl] = nil
+      @state[:form_variables] = nil
+    end
+
+    def report_web_page(&block)
+      return if should_skip_this_page
+      return unless @state[:web_site]
+      return unless @state[:page_request]
+      return if @state[:page_request].strip.empty?
+      return unless @state[:page_response]
+      return if @state[:page_response].strip.empty?
+      path,query_string = parse_request(@state[:page_request])
+      return unless path
+      parsed_response = parse_response(@state[:page_response])
+      return unless parsed_response
+      web_page_info = {}
+      web_page_info[:web_site] = @state[:web_site]
+      web_page_info[:path] = path
+      web_page_info[:code] = parsed_response[:code].to_i
+      web_page_info[:headers] = parsed_response[:headers]
+      web_page_info[:body] = parsed_response[:body]
+      web_page_info[:query] = query_string || ""
+      url = ""
+      url << @state[:web_site].service.name.to_s << "://"
+      url << @state[:web_site].vhost.to_s << ":"
+      url << path
+      uri = URI.parse(url) rescue nil
+      return unless uri # Sanity checker
+      db.emit(:web_page, url, &block) if block
+      web_page_object = db_report(:web_page,web_page_info)
+      @state[:page_request] = @state[:page_response] = nil
+      @state[:web_page] = web_page_object
+    end
+
+    # Reasons why we shouldn't collect a particular web page.
+    def should_skip_this_page
+      if @state[:report_item] =~ /Unrestricted File Upload/
+        # This means that the page being collected is something the
+        # auditor put there, so it's not useful to report on.
+        return true
+      end
+      return false
+    end
+
+    # XXX Rex::Proto::Http::Packet seems broken for
+    # actually parsing requests and responses, but all I
+    # need are the headers anyway
+    def parse_request(request)
+      headers = Rex::Proto::Http::Packet::Header.new
+      headers.from_s request.dup # It's destructive.
+      return unless headers.cmd_string
+      verb,req = headers.cmd_string.split(/\s+/)
+      return unless verb
+      return unless req
+      path,query_string = req.split(/\?/)[0,2]
+    end
+
+    def parse_response(response)
+      headers = Rex::Proto::Http::Packet::Header.new
+      headers.from_s response.dup # It's destructive.
+      return unless headers.cmd_string
+      http,code,msg = headers.cmd_string.split(/\s+/)
+      return unless code
+      return unless code.to_i.to_s == code
+      parsed = {}
+      parsed[:code] = code
+      parsed[:headers] = {}
+      headers.each do |k,v|
+        parsed[:headers][k.to_s.downcase] = []
+        parsed[:headers][k.to_s.downcase] << v
+      end
+      parsed[:body] = "" # We never seem to get this from Acunetix
+      parsed
+    end
+
+    # Don't cause the web report to die just because we can't tell
+    # what method was used -- default to GET. Sometimes it's just "POST," and
+    # sometimes it's "URL encoded POST," and sometimes it might be something
+    # else.
+    def parse_method(meth)
+      verbs = "(GET|POST|PATH)"
+      real_method = meth.match(/^\s*#{verbs}/)
+      real_method ||= meth.match(/\s*#{verbs}\s*$/)
+      ( real_method && real_method[1] ) ? real_method[1] : "GET"
+    end
+
+    def report_host(&block)
+      return unless @report_data[:host]
+      return unless in_tag("Scan")
+      if host_is_okay
+        db.emit(:address,@report_data[:host],&block) if block
+        host_info = @report_data.merge(:workspace => @args[:wspace])
+        db_report(:host,host_info)
+      end
+    end
+
+    # The service is super important, so we hang on to it for the
+    # rest of the scan.
+    def report_starturl_service(host_object,&block)
+      return unless host_object
+      return unless @state[:starturl_uri]
+      name = @state[:starturl_uri].scheme
+      port = @state[:starturl_uri].port
+      addr = host_object.address
+      svc = {
+        :host => host_object,
+        :port => port,
+        :name => name.dup,
+        :proto => "tcp"
+      }
+      if name and port
+        db.emit(:service,[addr,port].join(":"),&block) if block
+        @state[:starturl_service_object] = db_report(:service,svc)
+      end
+    end
+
+    def report_web_site(url,&block)
+      return unless in_tag("Crawler")
+      return unless url
+      return if url.strip.empty?
+      uri = URI.parse(url) rescue nil
+      return unless uri
+      host = uri.host
+      port = uri.port
+      scheme = uri.scheme
+      return unless scheme[/^https?/]
+      return unless (host && port && scheme)
+      address = resolve_address(host)
+      return unless address
+      service_info = [ @args[:wspace], address, "tcp", port ]
+      service_object = db.get_service(*service_info)
+      service_object = db_report(:service,service_info) unless service_object
+      web_site_info = {
+        :workspace => @args[:wspace],
+        :service => service_object,
+        :vhost => host,
+        :ssl => (scheme == "https")
+      }
+      @state[:web_site] = db_report(:web_site,web_site_info)
+      @state[:fullurl] = uri
+    end
+
+    def report_starturl_web_site(&block)
+      return unless @state[:crawler_starturl]
+      starturl = @state[:crawler_starturl].dup
+      report_web_site(starturl,&block)
+    end
+
+    def report_os_fingerprint
+      return unless @state[:starturl_service_object]
+      return unless @text
+      return if @text.strip.empty?
+      return unless in_tag("Scan")
+      host = @state[:starturl_service_object].host
+      fp_note = {
+        :workspace => host.workspace,
+        :host => host,
+        :type => 'host.os.acunetix_fingerprint',
+        :data => {:os => @text}
+      }
+      db_report(:note, fp_note)
+      @text = nil
+    end
+
+    def resolve_port(uri)
+      @state[:port] = uri.port
+      unless @state[:port]
+        @parse_warnings << "Could not determine a port for '#{@state[:scan_name]}'"
+      end
+      @state[:port] = uri.port
+    end
+
+    def resolve_address(host)
+      return @resolv_cache[host] if @resolv_cache[host]
+      address = Rex::Socket.resolv_to_dotted(host) rescue nil
+      @resolv_cache[host] = address
+      return address
+    end
+
+    def resolve_scan_starturl_address(uri)
+      if uri.host
+        address = resolve_address(uri.host)
+        unless address
+          @parse_warnings << "Could not resolve address for '#{uri.host}', skipping '#{@state[:scan_name]}'"
+        end
+      else
+        @parse_warnings << "Could not determine a host for '#{@state[:scan_name]}'"
+      end
+      address
+    end
+
+    def handle_parse_warnings(&block)
+      return if @parse_warnings.empty?
+      @parse_warnings.each do |pwarn|
+        db.emit(:warning, pwarn, &block) if block
+      end
+    end
+
+  end
+  end
 end