Land rapid7#5241, sqlmap parsing fixes

Author: wchen-r7

lib/nessus/nessus-xmlrpc.rb

@@ -181,7 +181,12 @@ def scan_export_status(scan_id, file_id)
       request = Net::HTTP::Get.new("/scans/#{scan_id}/export/#{file_id}/status")
       request.add_field("X-Cookie", @token)
       res = @connection.request(request)
-      return res.code, JSON.parse(res.body)
+      if res.code == "200"
+        return "ready"
+      else
+        res = JSON.parse(res.body)
+        return res
+      end
     end
 
     def policy_delete(policy_id)

lib/sqlmap/sqlmap_manager.rb

@@ -8,43 +8,57 @@ def initialize(session)
 
     def new_task
       res = @session.get('/task/new')
-      return JSON.parse(res.body)
+      parse_response(res)
     end
 
     def delete_task(task_id)
       res = @session.get('/task/' + task_id + '/delete')
-      return JSON.parse(res.body)
+      parse_response(res)
     end
 
     def set_option(task_id, key, value)
       post = { key => value }
       res = @session.post('/option/' + task_id + '/set', nil, post.to_json, {'ctype' => 'application/json'})
-      return JSON.parse(res.body)
+      parse_response(res)
     end
 
     def get_options(task_id)
       res = @session.get('/option/' + task_id + '/list')
-      return JSON.parse(res.body)
+      parse_response(res)
     end
 
     def start_task(task_id, options = {})
       res = @session.post('/scan/' + task_id + '/start' , nil, options.to_json, {'ctype' => 'application/json'})
-      return JSON.parse(res.body)
+      parse_response(res)
+
     end
 
     def get_task_status(task_id)
       res = @session.get('/scan/' + task_id + '/status')
-      return JSON.parse(res.body)
+      parse_response(res)
     end
 
     def get_task_log(task_id)
       res = @session.get('/scan/' + task_id + '/log')
-      return JSON.parse(res.body)
+      parse_response(res)
     end
 
     def get_task_data(task_id)
       res = @session.get('/scan/' + task_id + '/data')
-      return JSON.parse(res.body)
+      parse_response(res)
+    end
+
+    private
+    def parse_response(res)
+      json = {}
+      if res && res.body
+        begin
+          json = JSON.parse(res.body)
+        rescue JSON::ParserError
+        end
+      end
+
+      json
     end
   end
 end

lib/sqlmap/sqlmap_session.rb

@@ -1,6 +1,6 @@
 module Sqlmap
   class Session
-    def initialize(host, port = 8775)
+    def initialize(host, port)
       @host = host
       @port = port
     end
@@ -13,9 +13,13 @@ def get(uri, headers = nil, params = nil)
 
       args['headers'] = headers if headers
       args['vars_get'] = params if params
-      res = c.request_cgi(args)
-      res = c.send_recv(res)
-      return res
+      begin
+        res = c.request_cgi(args)
+        res = c.send_recv(res)
+        return res
+      rescue Rex::ConnectionRefused
+        return
+      end
     end
 
     def post(uri, headers = nil, data = nil, originator_args = nil)
@@ -26,12 +30,15 @@ def post(uri, headers = nil, data = nil, originator_args = nil)
       }
 
       args.merge!(originator_args) if originator_args
-
       args['headers'] = headers if headers
       args['data'] = data if data
-      res = c.request_cgi(args)
-      res = c.send_recv(res)
-      return res
+      begin
+        res = c.request_cgi(args)
+        res = c.send_recv(res)
+        return res
+      rescue Rex::ConnectionRefused
+        return
+      end
     end
   end
 end

plugins/nessus.rb

@@ -4,14 +4,13 @@
 
 module Msf
 
+  PLUGIN_NAME        = 'Nessus'
+  PLUGIN_DESCRIPTION = 'Nessus Bridge for Metasploit'
+
   class Plugin::Nessus < Msf::Plugin
 
     def name
-      "Nessus"
-    end
-
-    def desc
-        "Nessus Bridge for Metasploit"
+      PLUGIN_NAME
     end
 
     def desc
@@ -22,7 +21,7 @@ class ConsoleCommandDispatcher
       include Msf::Ui::Console::CommandDispatcher
 
       def name
-        "Nessus"
+        PLUGIN_NAME
       end
 
       def xindex
@@ -455,7 +454,7 @@ def cmd_nessus_template_list(*args)
           print_status("Returns a list of information about the scan or policy templates..")
           return
         end
-        if type.downcase.in?(['scan', 'policy'])
+        if type.in?(['scan', 'policy'])
           list=@n.list_template(type)
         else
           print_error("Only scan and policy are valid templates")
@@ -1188,7 +1187,7 @@ def cmd_nessus_scan_details(*args)
         when 2
           scan_id = args[0]
           category = args[1]
-          if category.downcase.in?(['info', 'hosts', 'vulnerabilities', 'history'])
+          if category.in?(['info', 'hosts', 'vulnerabilities', 'history'])
             category = args[1]
           else
             print_error("Invalid category. The available categories are info, hosts, vulnerabilities, and history")
@@ -1265,27 +1264,23 @@ def cmd_nessus_scan_export(*args)
         case args.length
         when 2
           scan_id = args[0]
-          format = args[1]
+          format = args[1].downcase
         else
           print_status("Usage: ")
           print_status("nessus_scan_export <scan ID> <export format>")
           print_status("The available export formats are Nessus, HTML, PDF, CSV, or DB")
           print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs")
           return
         end
-        if format.downcase.in?(['nessus','html','pdf','csv','db'])
+        if format.in?(['nessus','html','pdf','csv','db'])
           export = @n.scan_export(scan_id, format)
           if export["file"]
             file_id = export["file"]
             print_good("The export file ID for scan ID #{scan_id} is #{file_id}")
             print_status("Checking export status...")
-            code, body = @n.scan_export_status(scan_id, file_id)
-            if code == "200"
-              if body =~ /ready/
-                print_good("The status of scan ID #{scan_id} export is ready")
-              else
-                print_status("Scan result not ready for download. Please check again after a few seconds")
-              end
+            status = @n.scan_export_status(scan_id, file_id)
+            if status == "ready"
+              print_good("The status of scan ID #{scan_id} export is ready")
             else
               print_error("There was some problem in exporting the scan. The error message is #{status}")
             end
@@ -1310,30 +1305,16 @@ def cmd_nessus_scan_export_status(*args)
         when 2
           scan_id = args[0]
           file_id = args[1]
-          check_export_status(scan_id, file_id)
-        else
-          print_status("Usage: ")
-          print_status("nessus_scan_export_status <scan ID> <file ID>")
-          print_status("Use nessus_scan_export <scan ID> <format> to export a scan and get its file ID")
-        end
-      end
-
-      def check_export_status(scan_id, file_id, attempt = 0)
-        code, body = @n.scan_export_status(scan_id, file_id)
-        if code == "200"
-          if body.to_s =~ /ready/
+          status = @n.scan_export_status(scan_id, file_id)
+          if status == "ready"
             print_status("The status of scan ID #{scan_id} export is ready")
           else
-            if attempt < 3
-              print_status("Scan result not ready for download. Checking again...")
-              select(nil, nil, nil, 1)
-              attempt = attempt + 1
-              print_error("Current value of attempt is #{attempt}")
-              check_export_status(scan_id, file_id, attempt)
-            end
+            print_error("There was some problem in exporting the scan. The error message is #{status}")
           end
         else
-          print_error("There was some problem in exporting the scan. The error message is #{body}")
+          print_status("Usage: ")
+          print_status("nessus_scan_export_status <scan ID> <file ID>")
+          print_status("Use nessus_scan_export <scan ID> <format> to export a scan and get its file ID")
         end
       end
 
@@ -1691,7 +1672,7 @@ def nessus_verify_db
     def initialize(framework, opts)
       super
       add_console_dispatcher(ConsoleCommandDispatcher)
-      print_status("Nessus Bridge for Metasploit")
+      print_status(PLUGIN_DESCRIPTION)
       print_status("Type %bldnessus_help%clr for a command listing")
     end