Module: Msf::DBManager::Import::Retina

Included in:
Msf::DBManager::Import
Defined in:
lib/msf/core/db_manager/import/retina.rb

Instance Method Summary collapse

Instance Method Details

#import_retina_xml(args = {}, &block) ⇒ Object

Process Retina XML



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# File 'lib/msf/core/db_manager/import/retina.rb', line 6

def import_retina_xml(args={}, &block)
  data = args[:data]
  wspace = Msf::Util::DBManager.process_opts_workspace(args, framework).name
  bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []

  parser = Rex::Parser::RetinaXMLStreamParser.new
  parser.on_found_host = Proc.new do |host|
    hobj = nil
    data = {
      :workspace => wspace,
      :task      => args[:task]
    }
    addr = host['address']
    next if not addr

    next if bl.include? addr
    data[:host] = addr

    if host['mac']
      data[:mac] = host['mac']
    end

    data[:state] = Msf::HostState::Alive

    if host['hostname']
      data[:name] = host['hostname']
    end

    if host['netbios']
      data[:name] = host['netbios']
    end

    yield(:address, data[:host]) if block

    # Import Host
    hobj = report_host(data)
    report_import_note(wspace, hobj)

    # Import OS fingerprint
    if host["os"]
      note = {
        :workspace => wspace,
        :host      => addr,
        :type      => 'host.os.retina_fingerprint',
        :task      => args[:task],
        :data      => {
          :os => host["os"]
        }
      }
      report_note(note)
    end

    # Import vulnerabilities
    host['vulns'].each do |vuln|
      refs = vuln['refs'].map{|v| v.join("-")}
      refs << "RETINA-#{vuln['rthid']}" if vuln['rthid']

      vuln_info = {
        :workspace => wspace,
        :host      => addr,
        :name      => vuln['name'],
        :info      => vuln['description'],
        :refs      => refs,
        :task      => args[:task]
      }

      if vuln['port'] && vuln['proto']
        vuln_info.merge!(
          :port  => vuln['port'],
          :proto => vuln['proto'].to_s.downcase
        )
      end

      report_vuln(vuln_info)
    end
  end

  REXML::Document.parse_stream(data, parser)
end

#import_retina_xml_file(args = {}) ⇒ Object

Process a Retina XML file



87
88
89
90
91
92
93
94
95
# File 'lib/msf/core/db_manager/import/retina.rb', line 87

def import_retina_xml_file(args={})
  filename = args[:filename]

  data = ""
  ::File.open(filename, 'rb') do |f|
    data = f.read(f.stat.size)
  end
  import_retina_xml(args.merge(:data => data))
end