Issues importing from msfrpcd

[ITGSean]

Having issues with importing from msfrpcd guys!

Bug

Describe the issue and steps to reproduce

1. msfconsole > create workspace > db_import a nessus file to populate the workspace
2. "vulns" lists the issues in msfconsole
3. msfrpcd -a 127.0.0.1 -U msf -P msf --ssl
4. in serpico > new report > configure msfrpcd with appropriate details
5. Clicking on Hosts or Vulns in METASPLOIT DATA MANAGEMENT lists what you would expect
6. Clicking on "Auto Add Vulnerabilities from Metasploit DB" makes it think for a few seconds, then the following page is shown (not the expected list of vulns):

Also, there was a warning message appearing in STDOUT on the SSH console from which I started serpico.rb:

The PGconn, PGresult, and PGError constants are deprecated, and will be
removed as of version 1.0.

You should use PG::Connection, PG::Result, and PG::Error instead, respectively.

Called from /usr/local/rvm/gems/ruby-2.2.0/gems/activerecord-4.2.8/lib/active_record/connection_adapters/postgresql_adapter.rb:44:in `new'
Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged.
                                                                              [20742:24135:0713/142847.592296:ERROR:cert_verify_proc_nss.cc(923)] CERT_PKIXVerifyCert for 127.0.0.1 failed err=-8179

[Petessss]

Do you have your vuln mappings setup?
https://github.com/SerpicoProject/Serpico/wiki/Setting-up-Metasploit-RPC-Connection#automatically-map-vulnerabilities

[ITGSean]

Hi Pete

Yes, that's all set up. Can see hosts in the workspace from serpico etc.

Here's my config.json:

{ "port": "8443", "use_ssl": true, "bind_address": "0.0.0.0", "ssl_certificate": "./cert.pem", "ssl_key": "key.pem", "ldap": false, "ldap_domain": "", "ldap_dc": "", "dread": false, "cvss": true, "nessusmap": true, "burpmap": true, "vulnmap": true, "finding_types": [ "Web Application", "Business Logic", "Network Services", "Best Practice", "Compliance", "Database", "Network Internal", "Router Configuration", "Social Engineering", "Physical", "Wireless", "Network Security", "System Security", "Logging and Auditing", "Imported" ], "logo": "/img/logo_1.svg", "auto_import": true, "chart": true, "user_defined_variables": [ "account_mgr", "testing_level", "psa_ref" ], "threshold": "2", "log_file": "./log/serpico.log", "show_exceptions": false, "cvssv3": false, "riskmatrix": false }

[Petessss]

Each Serpico finding you want anatomically mapped will have to have a CVE (or other supported ID) assigned to the finding. This is done by editing the finding in the findings database. More information on what IDs are supported can be found by clicking on the "Add new vuln mapping ID" button. Please check out the wiki.

https://github.com/SerpicoProject/Serpico/wiki/Setting-up-Metasploit-RPC-Connection#automatically-map-vulnerabilities

[ITGSean]

Yes, I understand that, and we do have a couple of dozen findings in our findings DB which have nessus plugin ID mappings. We just don't get the expected list of vulns to include in the report/or any findings being added into the report once the auto-import from rpc option is clicked.

(The mappings work if we use the deprecated Nessus XML import by the way from the same scan)

One thing I have just noticed is the following in ./log/serpico.log:

"auto_import function not supported with MSF intergration"

[Petessss]

I'm unable to repo the issue with the latest dev version. Can you please provide more information about your setup? Ruby server, Serpico version, Metasploit version, OS version, how you're starting msfrpcd and so on.

the "auto_import function not supported with MSF intergration" is a red herring.

[ITGSean]

sorry to waste your time Pete. It was an RTFM issue combined with older versions of files mixed up with the dev release. Confirmed that non of this happens in a fresh install of the latest dev release

[Petessss]

No problem @ITGSean. I'm glad its working.