Class: Dradis::Plugins::Nikto::Importer

Inherits:
Upload::Importer
  • Object
show all
Defined in:
lib/dradis/plugins/nikto/importer.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.templatesObject 



3
4
5
 
# File 'lib/dradis/plugins/nikto/importer.rb', line 3

def self.templates
  { evidence: 'evidence', issue: 'item' }
end

Instance Method Details

#import(params = {}) ⇒ Object

The framework will call this function if the user selects this plugin from the dropdown list and uploads a file.



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'lib/dradis/plugins/nikto/importer.rb', line 10

def import(params={})
  file_content = File.read( params[:file] )
  file_name = File.basename( params[:file] )

  # Hack because the Nikto file isn't correctly formatted yet
  # https://trac.assembla.com/Nikto_2/ticket/229
  xml_arr = file_content.split("\n")
  xml_arr[2,0] = "<nikto>"
  xml_arr << "</nikto>"
  xml = xml_arr.join

  logger.info{ 'Parsing Nikto output...' }
  doc = Nokogiri::XML(xml)
  logger.info{ 'Done.' }

  if doc.xpath('//niktoscan/scandetails').empty?
    error = "No scan results were detected in the uploaded file (/nikto/niktoscan/scandetails). Ensure you uploaded a Nikto XML report."
    logger.fatal{ error }
    content_service.create_note text: error
    return false
  end

  doc.xpath('//niktoscan/scandetails').each do |xml_scan|
    host_label = xml_scan['targetip']

    # Hack to include the file name in the xml
    # so we can use it in the template
    xml_scan['filename'] = file_name

    # Scan details
    logger.info{ 'Adding ' + host_label }
    host_node = content_service.create_node(label: host_label, type: :host)
    scan_text = mapping_service.apply_mapping(source: 'scan', data: xml_scan)
    content_service.create_note(
      text: scan_text,
      node: host_node)

    # Add Node properties
    if host_node.respond_to?(:properties)
      host_node.set_property(:hostname, xml_scan['hostheader'])
      host_node.set_property(:ip, xml_scan['targetip'])
      host_node.set_property(:os, xml_scan['targetbanner'])
      host_node.save
    end

    # Check for SSL cert tag and add that data in as well
    unless xml_scan.at_xpath("ssl").nil?
      xml_ssl = xml_scan.at_xpath("ssl")
      ssl_text = mapping_service.apply_mapping(source: 'ssl', data: xml_ssl)
      content_service.create_note(
        text: ssl_text,
        node: host_node)
    end

    # Items
    xml_scan.xpath("item").each do |xml_item|
      plugin_id = xml_item.has_attribute?("id") ? xml_item["id"] : "Unknown"
      item_text = mapping_service.apply_mapping(source: 'item', data: xml_item)
      logger.info{ 'Creating Issue ID' + plugin_id }
      issue = content_service.create_issue(text: item_text, id: plugin_id)

      logger.info{ "\t\t => Creating new evidence" }
      evidence_content = mapping_service.apply_mapping(source: 'evidence', data: xml_item)
      content_service.create_evidence(issue: issue, node: host_node, content: evidence_content)
    end
  end

  logger.info("All Done!")
end