search

hammackj / risu

Risu is Nessus parser, that converts the generated reports into a ActiveRecord database, this allows for easy report generation and vulnerability verification.
http://hammackj.github.io/risu
MIT License
63 stars 20 forks source link

SQL error when multiple OSs names are returned by Nessus for an host #109

Closed lucachr closed 4 years ago

lucachr commented 5 years ago

The latest versions of Nessus returns more than a single OS name when the tool is unsure about which one is installed on the tested host. Sometimes, the length of the string returned is longer than the 255 characters default limit set by ActiveRecord and an error is returned by Risu during the parsing of the Nessus file.

hammackj commented 5 years ago

Do you have a xml snip of the os line in question?

lucachr commented 5 years ago

Thank you for your fast reply! Here is the snippet:

<ReportHost name="x.x.x.x"><HostProperties>
...
<tag name="operating-system">Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows 8
Microsoft Windows Server 2012 R2
Microsoft Windows 10
Microsoft Windows Server 2016
Microsoft Windows Server 2019</tag>
<tag name="system-type">general-purpose</tag>
<tag name="cpe-0">cpe:/o:microsoft:windows_2003_server</tag>
<tag name="cpe-1">cpe:/o:microsoft:windows_vista</tag>
<tag name="cpe-2">cpe:/o:microsoft:windows_server_2008</tag>
<tag name="cpe-3">cpe:/o:microsoft:windows_7</tag>
<tag name="cpe-4">cpe:/o:microsoft:windows_server_2008:r2 -&gt; Microsoft Windows Server 2008 R2</tag>
<tag name="cpe-5">cpe:/o:microsoft:windows_server_2012</tag>
<tag name="cpe-6">cpe:/o:microsoft:windows_8</tag>
<tag name="cpe-7">cpe:/o:microsoft:windows_server_2012:r2</tag>
<tag name="cpe-8">cpe:/o:microsoft:windows_10</tag>
<tag name="cpe-9">cpe:/o:microsoft:windows_server_2016</tag>
<tag name="cpe-10">cpe:/o:microsoft:windows</tag>
<tag name="patch-summary-total-cves">15</tag>
<tag name="os">windows</tag>
<tag name="cpe">cpe:/o:microsoft:windows</tag>
...
</HostProperties>
...
<ReportItem port="0" svc_name="general" protocol="tcp" severity="0" pluginID="11936" pluginName="OS Identification" pluginFamily="General">
<agent>all</agent>
<description>Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.</description>
<fname>os_fingerprint.nasl</fname>
<plugin_modification_date>2019/01/10</plugin_modification_date>
<plugin_name>OS Identification</plugin_name>
<plugin_publication_date>2003/12/09</plugin_publication_date>
<plugin_type>combined</plugin_type>
<risk_factor>None</risk_factor>
<script_version>2.48</script_version>
<solution>n/a</solution>
<synopsis>It is possible to guess the remote operating system.</synopsis>
<plugin_output>
Remote operating system : Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows 8
Microsoft Windows Server 2012 R2
Microsoft Windows 10
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Confidence level : 70
Method : HTTP

The remote host is running one of these operating systems : 
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows 8
Microsoft Windows Server 2012 R2
Microsoft Windows 10
Microsoft Windows Server 2016
Microsoft Windows Server 2019</plugin_output>
</ReportItem>
...
<ReportItem port="0" svc_name="general" protocol="tcp" severity="0" pluginID="45590" pluginName="Common Platform Enumeration (CPE)" pluginFamily="General">
<agent>all</agent>
<description>By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host. 

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.</description>
<fname>cpe.nbin</fname>
<plugin_modification_date>2017/06/06</plugin_modification_date>
<plugin_name>Common Platform Enumeration (CPE)</plugin_name>
<plugin_publication_date>2010/04/21</plugin_publication_date>
<plugin_type>combined</plugin_type>
<risk_factor>None</risk_factor>
<script_version>$Revision: 1.81$</script_version>
<see_also>http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe</see_also>
<solution>n/a</solution>
<synopsis>It was possible to enumerate CPE names that matched on the remote system.</synopsis>
<plugin_output>
The remote operating system matched the following CPE&apos;s : 

  cpe:/o:microsoft:windows_2003_server
  cpe:/o:microsoft:windows_vista
  cpe:/o:microsoft:windows_server_2008
  cpe:/o:microsoft:windows_7
  cpe:/o:microsoft:windows_server_2008:r2 -&gt; Microsoft Windows Server 2008 R2
  cpe:/o:microsoft:windows_server_2012
  cpe:/o:microsoft:windows_8
  cpe:/o:microsoft:windows_server_2012:r2
  cpe:/o:microsoft:windows_10
  cpe:/o:microsoft:windows_server_2016
  cpe:/o:microsoft:windows
</plugin_output>
</ReportItem>
...
</ReportHost>
hammackj commented 5 years ago

I pushed a fix on the dev branch. Not sure when Ill push a new gem atm.