search

cyberperspectives / sagacity

Security Assessment Data Management and Analysis Tool
http://www.cyberperspectives.com
Apache License 2.0
38 stars 13 forks source link

parse_nmap undefined variable filetype #91

Closed JeffOdegard closed 5 years ago

JeffOdegard commented 5 years ago

When loading a text nmap scan result file from a newer version of nmap (7.70 in this case), the following two errors are produced repeatedly:

[21-Jan-2019 16:40:53 America/Denver] PHP Notice: Undefined variable: filetype in C:\xampp\www\exec\parse_nmap.php on line 113 [21-Jan-2019 16:40:53 America/Denver] PHP Notice: Undefined variable: filetype in C:\xampp\www\exec\parse_nmap.php on line 190

We changed the way we run our scans - using -oA (all output formats) instead of -oN (normal), so it does not appear in the first line of the nmap file anymore.

----- Fix ------

I added in checks for the file extension starting on line 96. Please note that I did not include xml, since that is a common output extension for other files, and we need to check the first line of the file to make sure it is an nmap file.

if (!isset($filetype)) { if (preg_match('/.nmap/', $cmd['f'])) { $filetype = "text"; } elseif (preg_match('/.gnmap/', $cmd['f'])) { $filetype = "grep"; } elseif (preg_match('/Starting|-oN/', $line)) { $filetype = "text"; } elseif (preg_match('/-oG/', $line)) { $filetype = "grep"; } elseif (preg_match('/xml version/', $line)) { $filetype = "xml"; break; }

    if ($line_num >= 1 && !isset($filetype)) {
        $err->script_log("ERROR File Type not found");
    }
}

I've uploaded a fix to the dev repository. Please double check my work.

JeffOdegard commented 5 years ago

No complaints from the peanut gallery, and it works for me...