Module: Msf::DBManager::Import

Overview

Gems

Defined Under Namespace

Modules: Acunetix, Amap, Appscan, BurpIssue, BurpSession, CI, Foundstone, FusionVM, GPP, IP360, IPList, Libpcap, MBSA, MetasploitFramework, Nessus, Netsparker, Nexpose, Nikto, Nmap, Nuclei, OpenVAS, Outpost24, Qualys, Report, Retina, Spiceworks, Wapiti

Constant Summary

Constants included from Qualys

Qualys::TCP_QID, Qualys::UDP_QID

Constants included from MetasploitFramework::XML

MetasploitFramework::XML::MSF_WEB_PAGE_TEXT_ELEMENT_NAMES, MetasploitFramework::XML::MSF_WEB_TEXT_ELEMENT_NAMES, MetasploitFramework::XML::MSF_WEB_VULN_TEXT_ELEMENT_NAMES

Instance Method Summary collapse

Methods included from Wapiti

#import_wapiti_xml, #import_wapiti_xml_file

Methods included from Spiceworks

#import_spiceworks_csv

Methods included from Retina

#import_retina_xml, #import_retina_xml_file

Methods included from Report

#import_report

Methods included from Qualys

#handle_qualys

Methods included from Qualys::Scan

#import_qualys_scan_xml, #import_qualys_scan_xml_file

Methods included from Qualys::Asset

#find_qualys_asset_ports, #find_qualys_asset_vuln_refs, #find_qualys_asset_vulns, #import_qualys_asset_xml

Methods included from Outpost24

#import_outpost24_noko_stream, #import_outpost24_xml

Methods included from OpenVAS

#import_openvas_new_xml, #import_openvas_noko_stream, #import_openvas_xml

Methods included from Nuclei

#import_nuclei_json, #import_nuclei_jsonl

Methods included from Nmap

#import_nmap_noko_stream, #import_nmap_xml, #import_nmap_xml_file, #nmap_msf_service_map

Methods included from Nikto

#import_nikto_xml

Methods included from Nexpose::Simple

#import_nexpose_noko_stream, #import_nexpose_simplexml, #import_nexpose_simplexml_file, #process_nexpose_data_sxml_refs

Methods included from Nexpose::Raw

#import_nexpose_raw_noko_stream, #import_nexpose_rawxml, #import_nexpose_rawxml_file, #nexpose_host_from_rawxml, #nexpose_refs_to_struct

Methods included from Netsparker

#import_netsparker_xml, #import_netsparker_xml_file, #netsparker_method_map, #netsparker_params_map, #netsparker_pname_map, #netsparker_vulnerability_map

Methods included from Nessus

#handle_nessus

Methods included from Nessus::XML

#import_nessus_xml_file

Methods included from Nessus::XML::V2

#handle_nessus_v2, #import_nessus_xml_v2

Methods included from Nessus::XML::V1

#import_nessus_xml

Methods included from Nessus::NBE

#import_nessus_nbe, #import_nessus_nbe_file

Methods included from MetasploitFramework

#nils_for_nulls, #unserialize_object

Methods included from MetasploitFramework::Zip

#import_msf_collateral, #import_msf_zip, #is_child_of?, #parse_zip_host, #parse_zip_loot, #parse_zip_report, #parse_zip_task

Methods included from MetasploitFramework::XML

#import_msf_file, #import_msf_note_element, #import_msf_web_form_element, #import_msf_web_page_element, #import_msf_web_vuln_element, #import_msf_xml

Methods included from MetasploitFramework::Credential

#import_msf_cred_dump, #import_msf_cred_dump_zip, #import_msf_pwdump

Methods included from MBSA

#import_mbsa_noko_stream, #import_mbsa_xml

Methods included from Libpcap

#import_libpcap, #import_libpcap_file, #inspect_single_packet, #inspect_single_packet_http

Methods included from IPList

#import_ip_list, #import_ip_list_file

Methods included from IP360::V3

#handle_ip360_v3_svc, #handle_ip360_v3_vuln, #import_ip360_xml_file, #import_ip360_xml_v3

Methods included from IP360::ASPL

#import_ip360_aspl_xml

Methods included from GPP

#import_gpp_xml

Methods included from FusionVM

#import_fusionvm_xml

Methods included from Foundstone

#import_foundstone_noko_stream, #import_foundstone_xml

Methods included from CI

#import_ci_noko_stream, #import_ci_xml

Methods included from BurpSession

#import_burp_session_noko_stream, #import_burp_session_xml

Methods included from BurpIssue

#import_burp_issue_xml

Methods included from Appscan

#import_appscan_noko_stream, #import_appscan_xml

Methods included from Amap

#import_amap_log, #import_amap_log_file, #import_amap_mlog

Methods included from Acunetix

#import_acunetix_noko_stream, #import_acunetix_xml

Instance Method Details

#dehex(str) ⇒ Object

If hex notation is present, turn them into a character.



71
72
73
74
75
76
77
# File 'lib/msf/core/db_manager/import.rb', line 71

def dehex(str)
  hexen = str.scan(/\x5cx[0-9a-fA-F]{2}/n)
  hexen.each { |h|
    str.gsub!(h,h[2,2].to_i(16).chr)
  }
  return str
end

#emit(sym, data) {|sym, data| ... } ⇒ Object

A way to sneak the yield back into the db importer. Used by the SAX parsers.

Yields:

  • (sym, data)


81
82
83
# File 'lib/msf/core/db_manager/import.rb', line 81

def emit(sym,data,&block)
  yield(sym,data)
end

#import(args = {}) {|:filetype, @import_filedata[:type]| ... } ⇒ Object

A dispatcher method that figures out the data’s file type, and sends it off to the appropriate importer. Note that import_file_detect will raise an error if the filetype is unknown.

Yields:

  • (:filetype, @import_filedata[:type])


89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
# File 'lib/msf/core/db_manager/import.rb', line 89

def import(args={}, &block)
  wspace = Msf::Util::DBManager.process_opts_workspace(args, framework)
  preserve_hosts = args[:task].options["DS_PRESERVE_HOSTS"] if args[:task].present? && args[:task].options.present?
  wspace.update_attribute(:import_fingerprint, true)
  existing_host_ids = wspace.hosts.map(&:id)
  data = args[:data] || args['data']
  ftype = import_filetype_detect(data)
  yield(:filetype, @import_filedata[:type]) if block
  # this code looks to intentionally convert workspace to a string, why?
  opts = args.clone()
  opts.delete(:workspace)
  result = self.send "import_#{ftype}".to_sym, opts.merge(workspace: wspace.name), &block

  # post process the import here for missing default port maps
  mrefs, mports, _mservs = Msf::Modules::Metadata::Cache.instance.all_exploit_maps
  # the map build above is a little expensive, another option is to do
  # a host by ref search for each vuln ref and then check port reported for each module
  # IMHO this front loaded cost here is worth it with only a small number of modules
  # compared to the vast number of possible references offered by a Vulnerability scanner.
  deferred_service_ports = [ 139 ] # I hate special cases, however 139 is no longer a preferred default

  if result.is_a?(Rex::Parser::ParsedResult)
    new_host_ids = result.host_ids
  else
    new_host_ids = Mdm::Host.where(workspace: wspace).map(&:id) - existing_host_ids
  end

  new_host_ids.each do |id|
    imported_host = Mdm::Host.where(id: id).first
    next if imported_host.vulns.nil? || imported_host.vulns.empty?
    # get all vulns with ports
    with_ports = []
    imported_host.vulns.each do |vuln|
      next if vuln.service.nil?
      with_ports << vuln.name
    end

    imported_host.vulns.each do |vuln|
      # now get default ports for vulns where service is nil
      next unless vuln.service.nil?
      next if with_ports.include?(vuln.name)
      serv = nil

      # Module names that match this vulnerability
      matched_vulns = Set.new(mrefs.values_at(*vuln.refs.map { |x| x.name.upcase }).compact.flatten(1))
      next if matched_vulns.empty?

      second_pass_services = []

      imported_host.services.each do |service|
        if deferred_service_ports.include?(service.port)
          second_pass_services << service
          next
        end
        next unless mports[service.port]
        if (matched_vulns - mports[service.port]).size < matched_vulns.size
          serv = service
          break
        end
      end

      # post process any deferred services if no match has been found
      if serv.nil? && !second_pass_services.empty?
        second_pass_services.each do |service|
          next unless mports[service.port]
          if (matched_vulns - mports[service.port]).size < matched_vulns.size
            serv = service
            break
          end
        end
      end

      next if serv.nil?
      vuln.service = serv
      vuln.save

    end
  end
  if preserve_hosts || result.is_a?(Rex::Parser::ParsedResult)
    new_host_ids.each do |id|
      Mdm::Host.where(id: id).first.normalize_os
    end
  else
    Mdm::Host.where(workspace: wspace).each(&:normalize_os)
  end
  wspace.update_attribute(:import_fingerprint, false)
end

#import_file(args = {}, &block) ⇒ Object

Generic importer that automatically determines the file type being imported. Since this looks for vendor-specific strings in the given file, there shouldn’t be any false detections, but no guarantees.



182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# File 'lib/msf/core/db_manager/import.rb', line 182

def import_file(args={}, &block)
  filename = args[:filename] || args['filename']
  wspace = Msf::Util::DBManager.process_opts_workspace(args, framework)
  @import_filedata            = {}
  @import_filedata[:filename] = filename

  data = ""
  ::File.open(filename, 'rb') do |f|
    # This check is the largest (byte-wise) that we need to do
    # since the other 4-byte checks will be subsets of this larger one.
    data = f.read(Metasploit::Credential::Exporter::Pwdump::FILE_ID_STRING.size)
  end
  if data.nil?
    raise Msf::DBImportError.new("Zero-length file")
  end

  if data.index(Metasploit::Credential::Exporter::Pwdump::FILE_ID_STRING)
    data = ::File.open(filename, 'rb')
  else
    case data[0,4]
    when "PK\x03\x04"
      # When Msf::DBManager::Import::MetasploitFramework is included, it's child namespace of
      # Msf::DBManager::Import::MetasploitFramework::Zip becomes resolvable as Zip here, so need to use ::Zip so Zip
      # is resolved as one from rubyzip gem.
      data = ::Zip::File.open(filename)
    when "\xd4\xc3\xb2\xa1".force_encoding('ASCII-8BIT'), "\xa1\xb2\xc3\xd4".force_encoding('ASCII-8BIT')
      data = PacketFu::PcapFile.new(:filename => filename)
    else
      ::File.open(filename, 'rb') do |f|
        sz = f.stat.size
        data = f.read(sz)
      end
    end
  end

  # Override REXML's expansion text limit to 50k (default: 10240 bytes)
  REXML::Security.entity_expansion_text_limit = 51200

  # this code looks to intentionally convert workspace to a string, why?
  opts = args.clone()
  opts.delete(:workspace)
  if block
    import(opts.merge(data: data, workspace: wspace.name)) { |type,data| yield type,data }
  else
    import(opts.merge(data: data, workspace: wspace.name))
  end
end

#import_filetype_detect(data) ⇒ Object

Returns one of the following:

:acunetix_xml :amap_log :amap_mlog :appscan_xml :burp_session_xml :ci_xml :foundstone_xml :fusionvm_xml :gpp_xml :ip360_aspl_xml :ip360_xml_v3 :ip_list :libpcap :mbsa_xml :msf_cred_dump_zip :msf_pwdump :msf_xml :msf_zip :nessus_nbe :nessus_xml :nessus_xml_v2 :netsparker_xml :nexpose_rawxml :nexpose_simplexml :nikto_xml :nmap_xml :openvas_new_xml :openvas_xml :outpost24_xml :qualys_asset_xml :qualys_scan_xml :retina_xml :spiceworks_csv :wapiti_xml

If there is no match, an error is raised instead.

Raises:



270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
# File 'lib/msf/core/db_manager/import.rb', line 270

def import_filetype_detect(data)
  # When Msf::DBManager::Import::MetasploitFramework is included, it's child namespace of
  # Msf::DBManager::Import::MetasploitFramework::Zip becomes resolvable as Zip here, so need to use ::Zip so Zip
  # is resolved as one from rubyzip gem.
  if data and data.kind_of? ::Zip::File
    if data.entries.empty?
      raise Msf::DBImportError.new("The zip file provided is empty.")
    end

    @import_filedata ||= {}
    @import_filedata[:zip_filename] = File.split(data.to_s).last
    @import_filedata[:zip_basename] = @import_filedata[:zip_filename].gsub(/\.zip$/,"")
    @import_filedata[:zip_entry_names] = data.entries.map {|x| x.name}

    if @import_filedata[:zip_entry_names].include?(Metasploit::Credential::Importer::Zip::MANIFEST_FILE_NAME)
      @import_filedata[:type] = "Metasploit Credential Dump"
      return :msf_cred_dump_zip
    end

    xml_files = @import_filedata[:zip_entry_names].grep(/^(.*)\.xml$/)

    # TODO This check for our zip export should be more extensive
    if xml_files.empty?
      raise Msf::DBImportError.new("The zip file provided is not a Metasploit Zip Export")
    end

    @import_filedata[:zip_xml] = xml_files.first
    @import_filedata[:type] = "Metasploit Zip Export"

    return :msf_zip
  end

  if data and data.kind_of? PacketFu::PcapFile
    # Don't check for emptiness here because unlike other formats, we
    # haven't read any actual data in yet, only magic bytes to discover
    # that this is indeed a pcap file.
    #raise Msf::DBImportError.new("The pcap file provided is empty.") if data.body.empty?
    @import_filedata ||= {}
    @import_filedata[:type] = "Libpcap Packet Capture"
    return :libpcap
  end

  # msfpwdump
  if data.present? && data.kind_of?(::File)
    @import_filedata[:type] = "Metasploit PWDump Export"
    return :msf_pwdump
  end

  # This is a text string, lets make sure its treated as binary
  data.force_encoding(::Encoding::ASCII_8BIT)
  if data and data.to_s.strip.length == 0
    raise Msf::DBImportError.new("The data provided to the import function was empty")
  end

  # Parse the first line or 4k of data from the file
  di = data.index("\n") || 4096

  firstline = data[0, di]
  @import_filedata ||= {}
  if (firstline.index("<NeXposeSimpleXML"))
    @import_filedata[:type] = "NeXpose Simple XML"
    return :nexpose_simplexml
  elsif (firstline.index("<FusionVM"))
    @import_filedata[:type] = "FusionVM XML"
    return :fusionvm_xml
  elsif (firstline.index("<NexposeReport"))
    @import_filedata[:type] = "NeXpose XML Report"
    return :nexpose_rawxml
  elsif (firstline.index("Name,Manufacturer,Device Type,Model,IP Address,Serial Number,Location,Operating System"))
    @import_filedata[:type] = "Spiceworks CSV Export"
    return :spiceworks_csv
  elsif (firstline.index("<scanJob>"))
    @import_filedata[:type] = "Retina XML"
    return :retina_xml
  elsif (firstline.index(/<get_results_response status=['"]200['"] status_text=['"]OK['"]>/))
    @import_filedata[:type] = "OpenVAS XML"
    return :openvas_new_xml
  elsif (firstline.index(/<get_reports_response status=['"]200['"] status_text=['"]OK['"]>/))
    @import_filedata[:type] = "OpenVAS XML"
    return :openvas_new_xml
  elsif (firstline.index(/<report id=['"]/))
    @import_filedata[:type] = "OpenVAS XML"
    return :openvas_new_xml
  elsif (firstline.index("<NessusClientData>"))
    @import_filedata[:type] = "Nessus XML (v1)"
    return :nessus_xml
  elsif firstline.starts_with?('{"template":')
    @import_filedata[:type] = "Nuclei JSONL"
    return :nuclei_jsonl
  elsif firstline.starts_with?('[{"template":')
    @import_filedata[:type] = "Nuclei JSON"
    return :nuclei_json
  elsif (firstline.index("<SecScan ID="))
    @import_filedata[:type] = "Microsoft Baseline Security Analyzer"
    return :mbsa_xml
  elsif (data[0,1024] =~ /<!ATTLIST\s+items\s+burpVersion/)
    @import_filedata[:type] = "Burp Session XML"
    return :burp_session_xml
  elsif (data[0,1024] =~ /<!ATTLIST\s+issues\s+burpVersion/)
    @import_filedata[:type] = "Burp Issue XML"
    return :burp_issue_xml
  elsif (firstline.index("<?xml"))
    # it's xml, check for root tags we can handle
    line_count = 0
    data.each_line { |line|
      line =~ /<([a-zA-Z0-9\-\_]+)[ >]/

      case $1
      when "niktoscan"
        @import_filedata[:type] = "Nikto XML"
        return :nikto_xml
      when "nmaprun"
        if line.start_with?('<nmaprun scanner="masscan"')
          @import_filedata[:type] = "Masscan XML"
        else
          @import_filedata[:type] = "Nmap XML"
        end
        return :nmap_xml
      when "openvas-report"
        @import_filedata[:type] = "OpenVAS"
        return :openvas_xml
      when "NessusClientData"
        @import_filedata[:type] = "Nessus XML (v1)"
        return :nessus_xml
      when "NessusClientData_v2"
        @import_filedata[:type] = "Nessus XML (v2)"
        return :nessus_xml_v2
      when "SCAN"
        @import_filedata[:type] = "Qualys Scan XML"
        return :qualys_scan_xml
      when "report"
        @import_filedata[:type] = "Wapiti XML"
        return :wapiti_xml
      when "ASSET_DATA_REPORT"
        @import_filedata[:type] = "Qualys Asset XML"
        return :qualys_asset_xml
      when /MetasploitExpressV[1234]/
        @import_filedata[:type] = "Metasploit XML"
        return :msf_xml
      when /MetasploitV4/
        @import_filedata[:type] = "Metasploit XML"
        return :msf_xml
      when /MetasploitV5/
        @import_filedata[:type] = "Metasploit XML"
        return :msf_xml
      when /netsparker/
        @import_filedata[:type] = "NetSparker XML"
        return :netsparker_xml
      when /audits?/ # <audit> and <audits> are both valid for nCircle. wtfmate.
        @import_filedata[:type] = "IP360 XML v3"
        return :ip360_xml_v3
      when /ontology/
        @import_filedata[:type] = "IP360 ASPL"
        return :ip360_aspl_xml
      when /ReportInfo/
        @import_filedata[:type] = "Foundstone"
        return :foundstone_xml
      when /scanJob/
        @import_filedata[:type] = "Retina XML"
        return :retina_xml
      when /ScanGroup/
        @import_filedata[:type] = "Acunetix"
        return :acunetix_xml
      when /AppScanInfo/ # Actually the second line
        @import_filedata[:type] = "Appscan"
        return :appscan_xml
      when "entities"
        if  line =~ /creator.*\x43\x4f\x52\x45\x20\x49\x4d\x50\x41\x43\x54/ni
          @import_filedata[:type] = "CI"
          return :ci_xml
        end
      when "main"
        @import_filedata[:type] = "Outpost24 XML"
        return :outpost24_xml
      when /Groups|DataSources|Drives|ScheduledTasks|NTServices/
        @import_filedata[:type] = "Group Policy Preferences Credentials"
        return :gpp_xml
      else
        # Give up if we haven't hit the root tag in the first few lines
        break if line_count > 10
      end
      line_count += 1
    }
  elsif (firstline.index("timestamps|||scan_start"))
    @import_filedata[:type] = "Nessus NBE Report"
    # then it's a nessus nbe
    return :nessus_nbe
  elsif (firstline.index("# amap v"))
    # then it's an amap mlog
    @import_filedata[:type] = "Amap Log -m"
    return :amap_mlog
  elsif (firstline.index("amap v"))
    # then it's an amap log
    @import_filedata[:type] = "Amap Log"
    return :amap_log
  elsif ipv46_validator(firstline)
    # then its an IP list
    @import_filedata[:type] = "IP Address List"
    return :ip_list
  elsif (data[0,1024].index("<netsparker"))
    @import_filedata[:type] = "NetSparker XML"
    return :netsparker_xml
  elsif (firstline.index("# Metasploit PWDump Export"))
    # then it's a Metasploit PWDump export
    @import_filedata[:type] = "Metasploit PWDump Export"
    return :msf_pwdump
  end

  raise Msf::DBImportError.new("Could not automatically determine file type")
end

#msf_assign_timestamps(opts, obj) ⇒ Object

Assigns created_at and updated_at time stamps to an object.



537
538
539
540
541
542
# File 'lib/msf/core/db_manager/import.rb', line 537

def msf_assign_timestamps(opts,obj)
  obj.created_at = opts["created_at"] if opts["created_at"]
  obj.created_at = opts[:created_at] if opts[:created_at]
  obj.updated_at = opts["updated_at"] if opts["updated_at"]
  obj.updated_at = opts[:updated_at] if opts[:updated_at]
end

#msf_import_artifact(opts) ⇒ Object



531
532
533
534
# File 'lib/msf/core/db_manager/import.rb', line 531

def msf_import_artifact(opts)
  normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
  report_artifact(normalised_import_timestamp_opts)
end

#msf_import_host(opts) ⇒ Object



496
497
498
499
# File 'lib/msf/core/db_manager/import.rb', line 496

def msf_import_host(opts)
  normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
  report_host(normalised_import_timestamp_opts)
end

#msf_import_loot(opts) ⇒ Object



511
512
513
514
# File 'lib/msf/core/db_manager/import.rb', line 511

def msf_import_loot(opts)
  normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
  report_loot(normalised_import_timestamp_opts)
end

#msf_import_note(opts) ⇒ Object



491
492
493
494
# File 'lib/msf/core/db_manager/import.rb', line 491

def msf_import_note(opts)
  normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
  report_note(normalised_import_timestamp_opts)
end

#msf_import_service(opts) ⇒ Object



481
482
483
484
# File 'lib/msf/core/db_manager/import.rb', line 481

def msf_import_service(opts)
  normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
  report_service(normalised_import_timestamp_opts)
end

#msf_import_task(opts) ⇒ Object



501
502
503
504
# File 'lib/msf/core/db_manager/import.rb', line 501

def msf_import_task(opts)
  normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
  report_task(normalised_import_timestamp_opts)
end

#msf_import_user(opts) ⇒ Object



506
507
508
509
# File 'lib/msf/core/db_manager/import.rb', line 506

def msf_import_user(opts)
  normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
  report_user(normalised_import_timestamp_opts)
end

#msf_import_vuln(opts) ⇒ Object



486
487
488
489
# File 'lib/msf/core/db_manager/import.rb', line 486

def msf_import_vuln(opts)
  normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
  report_vuln(normalised_import_timestamp_opts)
end

#msf_import_web_page(opts) ⇒ Object



521
522
523
524
# File 'lib/msf/core/db_manager/import.rb', line 521

def msf_import_web_page(opts)
  normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
  report_web_page(normalised_import_timestamp_opts)
end

#msf_import_web_site(opts) ⇒ Object



516
517
518
519
# File 'lib/msf/core/db_manager/import.rb', line 516

def msf_import_web_site(opts)
  normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
  report_web_site(normalised_import_timestamp_opts)
end

#msf_import_web_vuln(opts) ⇒ Object



526
527
528
529
# File 'lib/msf/core/db_manager/import.rb', line 526

def msf_import_web_vuln(opts)
  normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
  report_web_vuln(normalised_import_timestamp_opts)
end

#msf_normalise_import_timestamps(opts) ⇒ Object

Handles timestamps from Metasploit Express/Pro imports.



545
546
547
548
549
# File 'lib/msf/core/db_manager/import.rb', line 545

def msf_normalise_import_timestamps(opts)
  opts[:created_at] ||= (opts["created_at"] || ::Time.now.utc)
  opts[:updated_at] ||= (opts["updated_at"] || opts[:created_at])
  opts
end

#report_import_note(wspace, addr) ⇒ Object



551
552
553
554
555
556
557
558
559
560
# File 'lib/msf/core/db_manager/import.rb', line 551

def report_import_note(wspace,addr)
  if @import_filedata.kind_of?(Hash) && @import_filedata[:filename] && @import_filedata[:filename] !~ /msfe-nmap[0-9]{8}/
    msf_import_note(
      :workspace => wspace,
      :host => addr,
      :type => 'host.imported',
      :data => @import_filedata.merge(:time=> Time.now.utc)
    )
  end
end

#rexmlify(data) ⇒ Object

Returns a REXML::Document from the given data.



563
564
565
566
567
568
569
570
571
572
573
574
575
576
# File 'lib/msf/core/db_manager/import.rb', line 563

def rexmlify(data)
  if data.kind_of?(REXML::Document)
    return data
  else
    # Make an attempt to recover from a REXML import fail, since
    # it's better than dying outright.
    begin
      return REXML::Document.new(data)
    rescue REXML::ParseException => e
      dlog("REXML error: Badly formatted XML, attempting to recover. Error was: #{e.inspect}")
      return REXML::Document.new(data.gsub(/([\x00-\x08\x0b\x0c\x0e-\x1f\x80-\xff])/n){ |x| "\\x%.2x" % x.unpack("C*")[0] })
    end
  end
end

#service_name_map(proto) ⇒ Object

This method normalizes an incoming service name to one of the the standard ones recognized by metasploit



582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
# File 'lib/msf/core/db_manager/import.rb', line 582

def service_name_map(proto)
  return proto unless proto.kind_of? String
  case proto.downcase
  when "msrpc", "nfs-or-iis", "dce endpoint resolution"
    "dcerpc"
  when "ms-sql-s", "tds"
    "mssql"
  when "ms-sql-m","microsoft sql monitor"
    "mssql-m"
  when "postgresql";                  "postgres"
  when "http-proxy";                  "http"
  when "iiimsf";                      "db2"
  when "oracle-tns";                  "oracle"
  when "quickbooksrds";               "metasploit"
  when "microsoft remote display protocol"
    "rdp"
  when "vmware authentication daemon"
    "vmauthd"
  when "netbios-ns", "cifs name service"
    "netbios"
  when "netbios-ssn", "microsoft-ds", "cifs"
    "smb"
  when "remote shell"
    "shell"
  when "remote login"
    "login"
  when "nfs lockd"
    "lockd"
  when "hp jetdirect"
    "jetdirect"
  when "dhcp server"
    "dhcp"
  when /^dns-(udp|tcp)$/;             "dns"
  when /^dce[\s+]rpc$/;               "dcerpc"
  else
    proto.downcase.gsub(/\s*\(.*/, '')   # "service (some service)"
  end
end

#validate_import_file(data) ⇒ Object

Boils down the validate_import_file to a boolean



622
623
624
625
626
627
628
629
# File 'lib/msf/core/db_manager/import.rb', line 622

def validate_import_file(data)
  begin
    import_filetype_detect(data)
  rescue Msf::DBImportError
    return false
  end
  return true
end