search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.33k stars 14.02k forks source link

Can't import XML report from OpenVAS #7903

Closed guarisma closed 4 years ago

guarisma commented 7 years ago

Steps to reproduce

How'd you do it?

  1. I run msf > db_import ./metasploitable3/report-b1ebe60c-577e-4cdb-8ead-4d09e6474835.xml report-b1ebe60c-577e-4cdb-8ead-4d09e6474835.xml.txt

Expected behavior

What should happen? No errors, and vulns table populated with vulnerabilities found.

Current behavior

[*] Importing 'OpenVAS XML' data
[-] Error while running command db_import: undefined method `split' for nil:NilClass

Call stack:
/usr/share/metasploit-framework/lib/rex/parser/openvas_nokogiri.rb:100:in `end_element'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/nokogiri-1.7.0.1/lib/nokogiri/xml/sax/document.rb:127:in `end_element_namespace'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/nokogiri-1.7.0.1/lib/nokogiri/xml/sax/parser.rb:112:in `parse_with'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/nokogiri-1.7.0.1/lib/nokogiri/xml/sax/parser.rb:112:in `parse_memory'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/nokogiri-1.7.0.1/lib/nokogiri/xml/sax/parser.rb:84:in `parse'
/usr/share/metasploit-framework/lib/msf/core/db_manager/import/open_vas.rb:11:in `import_openvas_new_xml'
/usr/share/metasploit-framework/lib/msf/core/db_manager/import.rb:95:in `import'
/usr/share/metasploit-framework/lib/msf/core/db_manager/import.rb:151:in `import_file'
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:1720:in `block (3 levels) in cmd_db_import'
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:1713:in `each'
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:1713:in `block (2 levels) in cmd_db_import'
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:1707:in `each'
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:1707:in `block in cmd_db_import'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activerecord-4.2.7.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:292:in `with_connection'
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:1702:in `cmd_db_import'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:430:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:392:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:386:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:386:in `run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:205:in `run'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'

System stuff

Metasploit version

msf > version Framework: 4.13.12-dev Console : 4.13.12-dev

I installed Metasploit with:

OS

Kali Linux

pbarry-r7 commented 7 years ago

It appears the formatting of port name+number+protocol in this XML file differs from what the importing code currently expects. Specifically, MSF is expecting to parse each < port > element contents as name (number/protocol) (e.g. https (443/tcp)), but this XML that MSF is having issues importing has < port > contents listed as number/protocol (IANA: name) (e.g. 80/tcp (IANA: www-http)). The sadness happens when MSF tries to parse the protocol value by doing to split on the '(' and then another split on the following '/' (which doesn't exist in this XML).

I'm wondering if OpenVAS updated their XML formatting, and how many other things (outside of the < port > contents) will also need fixing...

pbarry-r7 commented 7 years ago

From perusing the web and the OpenVAS svn repo, it does appear the XML format changed. I think we can update the db_import code to check the \<report format_id="XXX"> value and parse based on that, will pull the thread...

awkwardusername commented 5 years ago

any update on this? I've been trying to do the ff:

openvas_report_import d8af2e03-ef64-4f8c-97d2-aa1cc141b631 a994b278-1f62-11e1-96ac-406186ea4fc5

but result was

[*] Importing report to database.
[-] Error while running command openvas_report_import: Problem generating DB Import: undefined method `import' for #<Metasploit::Framework::DataService::RemoteHTTPDataService:0x0000000008968540>
Did you mean?  import_file. See log for more details.

Call stack:
/opt/metasploit-framework/embedded/framework/lib/metasploit/framework/data_service/proxy/core.rb:174:in `log_error'
/opt/metasploit-framework/embedded/framework/lib/metasploit/framework/data_service/proxy/db_import_data_proxy.rb:9:in `rescue in import'
/opt/metasploit-framework/embedded/framework/lib/metasploit/framework/data_service/proxy/db_import_data_proxy.rb:2:in `import'
/opt/metasploit-framework/embedded/framework/plugins/openvas.rb:528:in `cmd_openvas_report_import'
/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:522:in `run_command'
/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:473:in `block in run_single'
/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:467:in `each'
/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:467:in `run_single'
/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/shell.rb:151:in `run'
/opt/metasploit-framework/embedded/framework/lib/metasploit/framework/command/console.rb:48:in `start'
/opt/metasploit-framework/embedded/framework/lib/metasploit/framework/command/base.rb:82:in `start'
/opt/metasploit-framework/bin/../embedded/framework/msfconsole:49:in `<main>'

Version

msf5 > version
Framework: 5.0.19-dev-
Console  : 5.0.19-dev-

Any ideas?

bcoles commented 4 years ago

Was this ever fixed? If so, it appear to be broken again.

msf5 > db_import /root/Downloads/report-7bee224c-b15f-433d-9a59-aab0442a5434.xml
[-] Failed to import /root/Downloads/report-7bee224c-b15f-433d-9a59-aab0442a5434.xml: Could not automatically determine file type
bcoles commented 4 years ago

@awkwardusername openvas_report_import usage is:

msf5 > openvas_report_import
[*] Usage: openvas_report_import <report_id> <format_id>
[*] Only the NBE and XML formats are supported for importing.

You can list reports with openvas_report_list.

To import reports d8af2e03-ef64-4f8c-97d2-aa1cc141b631 and a994b278-1f62-11e1-96ac-406186ea4fc5 you would do:

openvas_report_import d8af2e03-ef64-4f8c-97d2-aa1cc141b631 XML
openvas_report_import a994b278-1f62-11e1-96ac-406186ea4fc5 XML
bcoles commented 4 years ago

Fixed in #12812