search

dradis / dradis-ce

Dradis Framework: Collaboration and reporting for IT Security teams
https://dradis.com/ce/
GNU General Public License v2.0
668 stars 190 forks source link

dradis ce import reporter from cli ,buf failed #238

Closed Mod233 closed 6 years ago

Mod233 commented 6 years ago

Steps to reproduce

i use metasploit 

msf > use auxiliary/admin/mysql/mysql_enum
msf > set ...
msf > run
msf auxiliary(admin/mysql/mysql_enum) > db_export -f xml /home/xxdir/mysql.xml

and then try to upload the xml file.

Expected behavior

I should see a new node about my xml file.

Actual behavior

i use command below:

➜  dradis-ce git:(master) ✗ bundle exec thor dradis:plugins:metasploit:upload ~/xxdir/mysql.xml 
Loaded add-ons:
    acunetix - Processes Acunetix XML format
    api - Dradis REST HTTP API
    brakeman - Processes Brakeman JSON output, use: brakeman -f json -o results.json
    burp - Processes Burp Scanner XML output
    csv - Export results in CSV format
    cvss - Provides a CVSS score calculator under /calculators/cvss
    dread - Provides a DREAD score calculator under /calculators/dread
    html_export - Generate advanced HTML reports
    metasploit - Processes Metasploit XML output, use: db_export
    nessus - Processes Nessus XML v2 format (.nessus)
    netsparker - Processes Netsparker XML format
    nexpose - Processes Nexpose XML format
    nikto - Processes Nikto output
    nmap - Processes Nmap output
    nto_spider - Processes NTOSpider reports
    open_vas - Processes OpenVAS XML v6 or v7 format
    projects - Save and restore project information
    qualys - Processes Qualys output
    zap - Processes ZAP XML format
I, [2018-04-28T19:20:33.431024 #884]  INFO -- : Parsing Metasploit output from /root/xxdir/mysql.xml...
I, [2018-04-28T19:20:33.637450 #884]  INFO -- : Done.

After then , when I log in the dradis , I cannot see any node was created... what's wrong??

System configuration

Dradis version: Dradis CE v3.9.0 Ruby version: ruby 2.3.1p112 OS version: ubuntu 16.04``

rachkor commented 6 years ago

@Mod233 I'm Rachael with the Dradis support team. Is redis running on your local system? https://dradisframework.com/ce/documentation/install_git.html

If so, what happens when you let the upload run for a little while in the command line? It should either complete as expected with a worker process completed message or error out with a nice informative stack trace. Keep me posted and we'll get this sorted out!

Mod233 commented 6 years ago

@rachkor thanks for your help. I try to upload some other xml files exported by nmap. And I succeed finding the new node I created.So, I guess the redis runs well. And I want to ask one more question:

  1. Can Dradis-ce uploads xml files by web ? I try to upload the same xml file created by nmap, but dradis says, cannot recognize the file. But if I use cli command ,it works...
rachkor commented 6 years ago

@Mod233 Dradis does! Are the webapp uploads not working for all files or just a specific file? I'm actually going to ask you to open up a thread in our forum if possible for this one: http://discuss.dradisframework.org/. We'll help you get this sorted!