Class: Nessus

Inherits:
Object
  • Object
show all
Defined in:
lib/parsers/nessus.rb

Instance Method Summary collapse

Instance Method Details

#parse(xml, threshold) ⇒ Object 



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/parsers/nessus.rb', line 5

def parse(xml,threshold)
  vulns = Hash.new
  findings = Array.new
  items = Array.new

  doc = Nokogiri::XML(xml)

  doc.css("//ReportHost").each do |hostnode|
    host = hostnode['name'] unless hostnode['name'].nil?
    host = " " unless host
    vulns[host] = []
    
    hostnode.css("ReportItem").each do |itemnode|

      if (itemnode["port"].to_s != "0" && itemnode["severity"] >= threshold)

        # create a temporary finding object
        finding = Finding.new()
        finding.title = itemnode['pluginName'].to_s()
        finding.poc = itemnode.css("description").to_s()
        finding.remediation = itemnode.css("solution").to_s()

        finding.cvss_total = itemnode.css("cvss3_base_score").to_s()
        finding.c3_vs=itemnode.css("cvss3_vector").to_s()
        finding.description = itemnode.css("synopsis").to_s()

        # can this be inherited from an import properly?
        finding.type = "Imported"
        finding.risk = itemnode["severity"]
        if itemnode.css("plugin_output")
          finding.notes = hostnode["name"]+" ("+itemnode["protocol"]+ " port " + itemnode["port"]+"):"+itemnode.css("plugin_output").to_s()
          finding.affected_hosts = hostnode["name"] + " [" + itemnode["port"] + "/" +itemnode["protocol"].upcase + "]" + "\n"
          finding.references = itemnode.css("cvss3_vector").to_s() + "\n" + itemnode.css("see_also").to_s 
        end

        finding.id = itemnode['pluginID'].to_s()

        vulns[host] << finding.to_hash
        items << itemnode['pluginID'].to_s()
      end
    end

#    vulns[host] = findings
    items = []
  end

  return vulns.to_json
end