risu 1.5.0 → 1.5.1

data/lib/risu/models/servicedescription.rb

@@ -1,9 +1,34 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Models
 
 		# Service Description Model; Use for creating generic text for service descriptions
 		#
-		# @author Jacob Hammack
 		class ServiceDescription < ActiveRecord::Base
 		end
 	end

data/lib/risu/models/version.rb

@@ -1,9 +1,34 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Models
 
 		# Version Model for the DB
 		#
-		# @author Jacob Hammack
 		class Version < ActiveRecord::Base
 		end
 	end

data/lib/risu/parsers.rb

@@ -1,3 +1,29 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Parsers
 	end
@@ -5,3 +31,6 @@ end
 
 require 'risu/parsers/nessus/nessus_document'
 require 'risu/parsers/nessus/nessus_sax_listener'
+
+require 'risu/parsers/nexpose/nexpose_document'
+require 'risu/parsers/nexpose/simple_nexpose'

data/lib/risu/parsers/nessus/nessus_document.rb

@@ -1,4 +1,28 @@
-# encoding: utf-8
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Parsers
@@ -18,21 +42,30 @@ module Risu
 				#
 				# @return [Boolean] True if valid, False if invalid
 				def valid?
+					parser = nil
+
 					if File.exist?(@document)
-						@parser = LibXML::XML::Parser.file @document
-						doc = @parser.parse
+						parser = LibXML::XML::Parser.file @document
+					elsif @document.class == "String"
+						parser = LibXML::XML::Parser.string @document
+					else
+						return false
+					end
 
-						if doc.root.name == nil
-							return false
-						end
-				
-						if doc.root.name == "NessusClientData_v2"
-							return true
-						elsif doc.root.name == "NessusClientData"
-							return false
-						else
-							return false
-						end
+					if parser == nil
+						return false
+					end
+
+					doc = parser.parse
+
+					if doc.root.name == nil
+						return false
+					end
+
+					if doc.root.name == "NessusClientData_v2"
+						return true
+					elsif doc.root.name == "NessusClientData"
+						return false
 					else
 						return false
 					end

data/lib/risu/parsers/nessus/nessus_sax_listener.rb

@@ -1,3 +1,29 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 require 'risu'
 
 ActiveRecord::Migration.verbose = false
@@ -5,7 +31,7 @@ ActiveRecord::Migration.verbose = false
 module Risu
 	module Parsers
 		module Nessus
-			
+
 			# NessusSaxListener
 			#
 			# @author Jacob Hammack <jacob.hammack@hammackj.com>
@@ -16,11 +42,13 @@ module Risu
 				#
 				def initialize
 					@vals = Hash.new
-					
+
 					@valid_references = Array[
-						"cpe", "bid", "see_also", "xref", "cve", "iava", "msft", 
-						"osvdb", "cert", "edb-id", "rhsa", "secunia", "suse", "dsa", 
-						"owasp", "cwe"]
+						"cpe", "bid", "see_also", "xref", "cve", "iava", "msft",
+						"osvdb", "cert", "edb-id", "rhsa", "secunia", "suse", "dsa",
+						"owasp", "cwe", "iadb", "iavt", "cisco-sa", "ics-alert",
+						"cisco-bug-id", "cisco-sr"
+					]
 
 					@valid_elements = Array["ReportItem", "plugin_version", "risk_factor",
 						"description", "cvss_base_score", "solution", "item", "plugin_output", "tag", "synopsis", "plugin_modification_date",
@@ -31,12 +59,12 @@ module Risu
 						"Report", "Family", "Preferences", "PluginsPreferences", "FamilySelection", "IndividualPluginSelection", "PluginId",
 						"pci-dss-compliance", "exploitability_ease", "cvss_temporal_vector", "exploit_framework_core", "cvss_temporal_score",
 						"exploit_available", "metasploit_name", "exploit_framework_canvas", "canvas_package", "exploit_framework_metasploit",
-						"plugin_type", "exploithub_sku", "exploit_framework_exploithub", "stig_severity", "plugin_name", "fname",
-						]
-						
+						"plugin_type", "exploithub_sku", "exploit_framework_exploithub", "stig_severity", "plugin_name", "fname", "always_run"
+					]
+
 						@valid_elements = @valid_elements + @valid_references
-																		
-						# This makes adding new host properties really easy, except for the 
+
+						# This makes adding new host properties really easy, except for the
 						#MS patch numbers, this are handled differently.
 						@valid_host_properties = {
 							"HOST_END" => :end,
@@ -69,7 +97,7 @@ module Risu
 							"pcidss:unprotected_mssql_db" => :pcidss_unprotected_mssql_db,
 							"pcidss:obsolete_software" => :pcidss_obsolete_software,
 							"pcidss:www:sql_injection" => :pcidss_www_sql_injection,
-							"fname" => :fname
+							"pcidss:backup_files" => :pcidss_backup_files
 						}
 				end
 
@@ -112,8 +140,8 @@ module Risu
 						when "tag"
 							@attr = nil
 
-							if attributes["name"] =~ /[M|m][S|s]\d{2}-\d{2,}/
-								@attr = if attributes["name"] =~ /[M|m][S|s]\d{2}-\d{2,}/
+							if attributes["name"] =~ /[M|m][S|s]\d{2,}-\d{2,}/
+								@attr = if attributes["name"] =~ /[M|m][S|s]\d{2,}-\d{2,}/
 										attributes["name"]
 									else
 										nil
@@ -236,7 +264,7 @@ module Risu
 							end if @attr != nil
 						#We cannot handle the references in the same block as the rest of the ReportItem tag because
 						#there tends to be more than of the different types of reference per ReportItem, this causes issue for a sax
-						#parser. To solve this we do the references before the final plugin data, Valid references must be added 
+						#parser. To solve this we do the references before the final plugin data, Valid references must be added
 						#the @valid_reference array at the top to be parsed.
 						# *@valid_reference, does a 'when' on each element of the @valid_references array, pure magic
 						when *@valid_references
@@ -254,7 +282,7 @@ module Risu
 								:risk_factor => @vals["risk_factor"],
 								:description => @vals["description"],
 								:plugin_publication_date => @vals["plugin_publication_date"],
-								:plugin_modification_date => @vals["plugin_modification_date"],								
+								:plugin_modification_date => @vals["plugin_modification_date"],
 								:synopsis => @vals["synopsis"],
 								:plugin_type => @vals["plugin_type"],
 								:cvss_vector => @vals["cvss_vector"],
@@ -273,7 +301,8 @@ module Risu
 								:exploit_framework_exploithub => @vals["exploit_framework_exploithub"],
 								:exploithub_sku => @vals["exploithub_sku"],
 								:stig_severity => @vals["stig_severity"],
-								:fname => @vals["fname"]						
+								:fname => @vals["fname"],
+								:always_run => @vals["always_run"]
 							}
 							@plugin.save
 					end

data/lib/risu/parsers/nexpose/nexpose_document.rb

@@ -0,0 +1,91 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Parsers
+		module Nexpose
+			# A Object to represent the Nexpose xml file in memory
+			#
+			# @author Jacob Hammack <jacob.hammack@hammackj.com>
+			class NexposeDocument
+
+				# Creates a instance of the NexposeDocument class
+				#
+				def initialize document
+					@document = document
+				end
+
+				# Checks the validness of a Nexpose
+				#
+				# @return [Boolean] True if valid, False if invalid
+				def valid?
+					if File.exist?(@document)
+						@parser = LibXML::XML::Parser.file @document
+						doc = @parser.parse
+
+						if doc.root.name == nil
+							return false
+						end
+
+						if doc.root.name == "NeXposeSimpleXML"
+							return true
+						else
+							return false
+						end
+					else
+						return false
+					end
+				end
+
+				# Invokes the SAX parser on the XML document
+				#
+				def parse
+					@parser = LibXML::XML::SaxParser.file @document
+					@parser.callbacks = SimpleNexpose.new
+					@parser.parse
+				end
+
+				# Fixes the ip field if nil and replaces it with the name if its an ip
+				#
+				def fix_ips
+					@hosts = Host.all
+
+					@hosts.each do |host|
+						if host.ip == nil
+							begin
+								ip = IPAddr.new host.name
+								host.ip = ip.to_string
+								host.save
+							rescue ArgumentError => ae
+								next
+							end
+						end
+					end
+				end
+			end
+		end
+	end
+end

data/lib/risu/parsers/nexpose/simple_nexpose.rb

@@ -0,0 +1,108 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
+require 'risu'
+
+ActiveRecord::Migration.verbose = false
+
+module Risu
+	module Parsers
+		module Nexpose
+			class SimpleNexpose
+				include LibXML::XML::SaxParser::Callbacks
+
+				#
+				#
+				def initialize
+					@vals = Hash.new
+
+					@valid_fingerprints = {
+						"description" => :os,
+						"vendor" => nil,
+						"family" => nil,
+						"product" => nil,
+						"version" => nil,
+						"device-class" => :system_type,
+						"architecture" => nil
+					}
+
+					@report = Report.create
+				end
+
+				#
+				#
+				def on_start_element(element, attributes)
+					@tag = element
+					@vals[@tag] = ""
+					puts element
+
+					case element
+						when "device"
+							@in_device = true
+							@rh = @report.hosts.create
+							@rh.name = attributes["address"]
+							@rh.ip = attributes["address"]
+							@rh.save
+						when "fingerprint"
+							@in_fingerprint = true
+					end
+
+				end
+
+				# Called when the inner text of a element is reached
+				#
+				# @param text
+				def on_characters(text)
+					if @vals[@tag] == nil then
+						@vals[@tag] = text
+					else
+						@vals[@tag] << text
+					end
+				end
+
+				# Called when the end of the xml element is reached
+				#
+				# @param element
+				def on_end_element(element)
+					@tag = nil
+					case element
+						when "device"
+							@in_device = false
+						when "description"
+							if @in_device && @in_fingerprint
+								@rh.attributes = { @valid_fingerprints[element] => @vals[element].gsub("\n", ",") } if @valid_fingerprints.keys.include?(element)
+								@rh.save
+							end
+						when "fingerprint"
+							@in_fingerprint = false
+					end
+				end
+
+			end
+		end
+	end
+end
+