Updates to the nessus parser. Closes rapid7#1715

git-svn-id: file:///home/svn/framework3/trunk@9211 4d416f70-5f16-0410-b530-b9f4589650da
ka1han · May 3, 2010 · df9ec8a · df9ec8a
1 parent 59a0277
commit df9ec8a
Showing 1 changed file with 45 additions and 6 deletions.
diff --git a/lib/msf/core/db.rb b/lib/msf/core/db.rb
@@ -1765,6 +1765,36 @@ def import_nessus_xml_v2(data, wspace=workspace)
 				addr = host.attribute("name").value
 			end
 
+			os = host.elements["HostProperties/tag[@name='operating-system']"]
+			if os
+				report_note(
+					:workspace => wspace,
+					:host => addr,
+					:type => 'host.os.nessus_fingerprint',
+					:data => {
+						:os => os.text.to_s.strip
+					}
+				)
+			end
+
+			hname = host.elements["HostProperties/tag[@name='host-fqdn']"]
+			if hname
+				report_host(
+					:workspace => wspace,
+					:host => addr,
+					:name => hname.text.to_s.strip
+				)
+			end
+
+			mac = host.elements["HostProperties/tag[@name='mac-address']"]
+			if mac
+				report_host(
+					:workspace => wspace,
+					:host => addr,
+					:mac  => mac.text.to_s.strip.upcase
+				)
+			end
+
 			host.elements.each('ReportItem') do |item|
 				nasl = item.attribute('pluginID').value
 				port = item.attribute('port').value
@@ -1964,7 +1994,8 @@ def handle_nessus(wspace, addr, port, nasl, severity, data)
 			:proto => proto,
 			:name => nss,
 			:data => data,
-			:refs => refs)
+			:refs => refs
+		)
 	end
 
 	#
@@ -1980,7 +2011,9 @@ def handle_nessus_v2(wspace,addr,port,proto,name,nasl,severity,description,cve,b
 			info[:name] = name
 		end
 
-		report_service(info)
+		if port.to_i != 0
+			report_service(info)
+		end
 
 		return if nasl == "0"
 
@@ -2002,14 +2035,20 @@ def handle_nessus_v2(wspace,addr,port,proto,name,nasl,severity,description,cve,b
 
 		nss = 'NSS-' + nasl
 
-		report_vuln(
+		vuln = {
 			:workspace => wspace,
 			:host => addr,
-			:port => port,
-			:proto => proto,
 			:name => nss,
 			:data => description ? description.text : "",
-			:refs => refs)
+			:refs => refs
+		}
+
+		if port.to_i != 0
+			vuln[:port]  = port
+			vuln[:proto] = proto
+		end
+
+		report_vuln(vuln)
 	end
 
 	#