Closed ITGSean closed 7 years ago
Do you have your vuln mappings setup?
https://github.com/SerpicoProject/Serpico/wiki/Setting-up-Metasploit-RPC-Connection#automatically-map-vulnerabilities
Hi Pete
Yes, that's all set up. Can see hosts in the workspace from serpico etc.
Here's my config.json:
{ "port": "8443", "use_ssl": true, "bind_address": "0.0.0.0", "ssl_certificate": "./cert.pem", "ssl_key": "key.pem", "ldap": false, "ldap_domain": "", "ldap_dc": "", "dread": false, "cvss": true, "nessusmap": true, "burpmap": true, "vulnmap": true, "finding_types": [ "Web Application", "Business Logic", "Network Services", "Best Practice", "Compliance", "Database", "Network Internal", "Router Configuration", "Social Engineering", "Physical", "Wireless", "Network Security", "System Security", "Logging and Auditing", "Imported" ], "logo": "/img/logo_1.svg", "auto_import": true, "chart": true, "user_defined_variables": [ "account_mgr", "testing_level", "psa_ref" ], "threshold": "2", "log_file": "./log/serpico.log", "show_exceptions": false, "cvssv3": false, "riskmatrix": false }
Each Serpico finding you want anatomically mapped will have to have a CVE (or other supported ID) assigned to the finding. This is done by editing the finding in the findings database. More information on what IDs are supported can be found by clicking on the "Add new vuln mapping ID" button. Please check out the wiki.
Yes, I understand that, and we do have a couple of dozen findings in our findings DB which have nessus plugin ID mappings. We just don't get the expected list of vulns to include in the report/or any findings being added into the report once the auto-import from rpc option is clicked.
(The mappings work if we use the deprecated Nessus XML import by the way from the same scan)
One thing I have just noticed is the following in ./log/serpico.log:
"auto_import function not supported with MSF intergration"
I'm unable to repo the issue with the latest dev version. Can you please provide more information about your setup? Ruby server, Serpico version, Metasploit version, OS version, how you're starting msfrpcd and so on.
the "auto_import function not supported with MSF intergration" is a red herring.
sorry to waste your time Pete. It was an RTFM issue combined with older versions of files mixed up with the dev release. Confirmed that non of this happens in a fresh install of the latest dev release
No problem @ITGSean. I'm glad its working.
Having issues with importing from msfrpcd guys!
Bug
Describe the issue and steps to reproduce
Also, there was a warning message appearing in STDOUT on the SSH console from which I started serpico.rb: