Add parser for nmap XML reports

Author: patriknordlen

dojo/forms.py

@@ -228,7 +228,7 @@ class Meta:
 
 
 class ImportScanForm(forms.Form):
-    SCAN_TYPE_CHOICES = (("Burp Scan", "Burp Scan"), ("Nessus Scan", "Nessus Scan"), ("Nexpose Scan", "Nexpose Scan"),
+    SCAN_TYPE_CHOICES = (("Burp Scan", "Burp Scan"), ("Nessus Scan", "Nessus Scan"), ("nmap Scan", "nmap Scan"), ("Nexpose Scan", "Nexpose Scan"),
                          ("AppSpider Scan", "AppSpider Scan"), ("Veracode Scan", "Veracode Scan"),
                          ("Checkmarx Scan", "Checkmarx Scan"), ("ZAP Scan", "ZAP Scan"),
                          ("Arachni Scan", "Arachni Scan"), ("VCG Scan", "VCG Scan"),

dojo/templates/dojo/import_scan_results.html

@@ -18,6 +18,7 @@
         <li><b>Burp XML</b> - When the Burp report is generated, we recommend selecting the option to Base64 encode both the request and
             response fields. These fields will be processed and made available in the Finding view page.</li>
         <li><b>Tenable Nessus</b> - Reports can be imported in the CSV, and .nessus (XML) report formats.</li>
+        <li><b>nmap</b> - XML output (use -oX)</li>
         <li><b>Rapid7 Nexpose XML 2.0</b> - Use the full XML export template from Nexpose.</li>
         <li><b>Rapid7 AppSpider</b> - Use the VulnerabilitiesSummary.xml file found in the zipped report download.</li>
         <li><b>Veracode Detailed XML Report</b></li>

dojo/tools/factory.py

@@ -1,5 +1,6 @@
 from dojo.tools.burp.parser import BurpXmlParser
 from dojo.tools.nessus.parser import NessusCSVParser, NessusXMLParser
+from dojo.tools.nmap.parser import NmapXMLParser
 from dojo.tools.nexpose.parser import NexposeFullXmlParser
 from dojo.tools.veracode.parser import VeracodeXMLParser
 from dojo.tools.zap.parser import ZapXmlParser
@@ -27,6 +28,8 @@ def import_parser_factory(file, test):
             parser = NessusCSVParser(file, test)
         elif filename.endswith("xml") or filename.endswith("nessus"):
             parser = NessusXMLParser(file, test)
+    elif scan_type == "nmap Scan":
+        parser = NmapXMLParser(file, test)
     elif scan_type == "Nexpose Scan":
         parser = NexposeFullXmlParser(file, test)
     elif scan_type == "Veracode Scan":

dojo/tools/nmap/__init__.py

@@ -0,0 +1 @@
+__author__ = 'patriknordlen'

dojo/tools/nmap/parser.py

@@ -0,0 +1,59 @@
+from xml.dom import NamespaceErr
+import lxml.etree as le
+import os
+import csv
+import re
+from dojo.models import Endpoint, Finding
+from pprint import pprint
+
+__author__ = 'patriknordlen'
+
+class NmapXMLParser(object):
+    def __init__(self, file, test):
+        nscan = le.parse(file)
+        root = nscan.getroot()
+
+        if 'nmaprun' not in root.tag:
+            raise NamespaceErr("This doesn't seem to be a valid nmap xml file.")
+        dupes = {}
+        for host in root.iter("host"):
+            ip = host.find("address[@addrtype='ipv4']").attrib['addr']
+            fqdn = host.find("hostnames/hostname[@type='PTR']").attrib['name'] if host.find("hostnames/hostname[@type='PTR']") is not None else None
+
+            for portelem in host.xpath("ports/port[state/@state='open']"):
+                port = portelem.attrib['portid']
+                protocol = portelem.attrib['protocol']
+
+                title = "Open port: %s/%s" % (port, protocol)
+                
+                description = "%s:%s A service was found to be listening on this port." % (ip, port)
+
+                if portelem.find('service'):
+                    if hasattr(portelem.find('service'),'product'):
+                        serviceinfo = " (%s%s)" % (portelem.find('service').attrib['product'], " "+portelem.find('service').attrib['version'] if hasattr(portelem.find('service'),'version') else "")
+                    else:
+                        serviceinfo = ""
+                    description += " It was identified as '%s%s'." % (portelem.find('service').attrib['name'], serviceinfo)
+                description += '\n\n'
+
+                severity = "Info"
+
+                dupe_key = port
+
+                if dupe_key in dupes:
+                    find = dupes[dupe_key]
+                    if description is not None:
+                        find.description += description
+                else:
+                    find = Finding(title=title,
+                                    test=test,
+                                    active=False,
+                                    verified=False,
+                                    description=description,
+                                    severity=severity,
+                                    numerical_severity=Finding.get_numerical_severity(severity))
+                    find.unsaved_endpoints = list()
+                    dupes[dupe_key] = find
+
+                find.unsaved_endpoints.append(Endpoint(host=ip, fqdn=fqdn, port=port, protocol=protocol))
+        self.items = dupes.values()