Lands rapid7#6730 Modify the open_vas importer and the nessus importer

greg.mikeska@rapid7.com · greg.mikeska@rapid7.com · commit 403696d53a32 · 2016-04-04T17:30:15.000-05:00
diff --git a/lib/msf/core/db_manager/import.rb b/lib/msf/core/db_manager/import.rb
@@ -254,6 +254,9 @@ def import_filetype_detect(data)
     elsif (firstline.index("<scanJob>"))
       @import_filedata[:type] = "Retina XML"
       return :retina_xml
+    elsif (firstline.index(/<get_results_response status=['"]200['"] status_text=['"]OK['"]>/))
+      @import_filedata[:type] = "OpenVAS XML"
+      return :openvas_new_xml
     elsif (firstline.index(/<get_reports_response status=['"]200['"] status_text=['"]OK['"]>/))
       @import_filedata[:type] = "OpenVAS XML"
       return :openvas_new_xml
@@ -286,7 +289,7 @@ def import_filetype_detect(data)
           @import_filedata[:type] = "Nmap XML"
           return :nmap_xml
         when "openvas-report"
-          @import_filedata[:type] = "OpenVAS Report"
+          @import_filedata[:type] = "OpenVAS"
           return :openvas_xml
         when "NessusClientData"
           @import_filedata[:type] = "Nessus XML (v1)"
diff --git a/lib/msf/core/db_manager/import/nessus.rb b/lib/msf/core/db_manager/import/nessus.rb
@@ -12,20 +12,22 @@ module Msf::DBManager::Import::Nessus
   # Nessus NBE and NESSUS v1 methods
   #
   def handle_nessus(wspace, hobj, port, nasl, plugin_name, severity, data,task=nil)
+
     addr = hobj.address
     # The port section looks like:
     #   http (80/tcp)
     p = port.match(/^([^\(]+)\((\d+)\/([^\)]+)\)/)
-    return if not p
 
-    # Unnecessary as the caller should already have reported this host
-    #report_host(:workspace => wspace, :host => addr, :state => Msf::HostState::Alive)
-    name = p[1].strip
-    port = p[2].to_i
-    proto = p[3].downcase
+    if p
+      name = p[1].strip
+      port = p[2].to_i
+      proto = p[3].downcase
+    else
+      port = nil
+    end
 
     info = { :workspace => wspace, :host => hobj, :port => port, :proto => proto, :task => task }
-    if name != "unknown" and name[-1,1] != "?"
+    if name and name != "unknown" and name[-1,1] != "?"
       info[:name] = name
     end
     report_service(info)
diff --git a/lib/msf/core/db_manager/import/open_vas.rb b/lib/msf/core/db_manager/import/open_vas.rb
@@ -29,6 +29,6 @@ def import_openvas_xml(args={}, &block)
     filename = args[:filename]
     wspace = args[:wspace] || workspace
 
-    raise Msf::DBImportError.new("No OpenVAS XML support. Please submit a patch to msfdev[at]metasploit.com")
+    raise Msf::DBImportError.new("No OpenVas XML support. Please submit a patch to msfdev[at]metasploit.com")
   end
 end
diff --git a/lib/rex/parser/openvas_nokogiri.rb b/lib/rex/parser/openvas_nokogiri.rb
@@ -4,7 +4,7 @@
 module Rex
 module Parser
 
-  # If Nokogiri is available, define OpenVAS document class.
+  # If Nokogiri is available, define OpenVas document class.
   load_nokogiri && class OpenVASDocument < Nokogiri::XML::SAX::Document
 
   include NokogiriDocMixin
@@ -37,8 +37,10 @@ def end_element(name=nil)
         @state[:vuln_name] = @text.strip if @text
       end
     when 'description'
-      @state[:has_text] = true
-      @state[:vuln_desc] = @text.strip if @text
+      if in_tag('result')
+        @state[:has_text] = true
+        @state[:vuln_desc] = @text.strip if @text
+      end
     when 'bid'
       if in_tag('result') && in_tag('nvt')
         @state[:has_text] = true
@@ -62,7 +64,7 @@ def end_element(name=nil)
     when 'subnet'
       @state[:has_text] = true
     when 'result'
-      record_vuln if in_tag('results')
+      record_vuln
     when 'threat'
       @state[:has_text] = true if in_tag('ports') && in_tag('port')
     when 'host'
