public XmlDocument GenerateNessusXML(ParseResults parsedResults, string filename) { XmlDocument doc = new XmlDocument(); XmlNode nessus = doc.CreateNode(XmlNodeType.Element, "NessusClientData_v2", null); XmlNode report = doc.CreateNode(XmlNodeType.Element, "Report", null); XmlNode reportName = doc.CreateAttribute("name"); reportName.Value = "NCC Group Import"; report.Attributes.SetNamedItem(reportName); doc.AppendChild(nessus); nessus.AppendChild(report); // for each host foreach (var host in parsedResults.Hosts) { XmlNode reportHost = doc.CreateNode(XmlNodeType.Element, "ReportHost", null); XmlNode hostProps = doc.CreateNode(XmlNodeType.Element, "HostProperties", null); XmlNode tag1 = doc.CreateNode(XmlNodeType.Element, "tag", null); XmlNode tag2 = doc.CreateNode(XmlNodeType.Element, "tag", null); XmlNode nameHost = doc.CreateAttribute("name"); XmlNode nameRDNS = doc.CreateAttribute("host-rdns"); XmlNode nameIP = doc.CreateAttribute("host-ip"); nameHost.Value = host.Name; reportHost.Attributes.SetNamedItem(nameHost); tag1.Attributes.SetNamedItem(nameRDNS); tag2.Attributes.SetNamedItem(nameIP); tag1.InnerText = host.Name; tag2.InnerText = host.Properties.IPv4; report.AppendChild(reportHost); reportHost.AppendChild(hostProps); hostProps.AppendChild(tag1); hostProps.AppendChild(tag2); foreach (var vuln in host.Items) { XmlNode reportItem = doc.CreateNode(XmlNodeType.Element, "ReportItem", null); XmlNode port = doc.CreateAttribute("port"); XmlNode protocol = doc.CreateAttribute("protocol"); XmlNode severity = doc.CreateAttribute("severity"); XmlNode pluginID = doc.CreateAttribute("pluginID"); XmlNode pluginName = doc.CreateAttribute("pluginName"); port.Value = vuln.Port; protocol.Value = vuln.Protocol; severity.Value = GetNessusSeverityValue(vuln.RiskRating); pluginID.Value = vuln.Ref; pluginName.Value = vuln.Title; reportItem.Attributes.SetNamedItem(port); reportItem.Attributes.SetNamedItem(protocol); reportItem.Attributes.SetNamedItem(severity); reportItem.Attributes.SetNamedItem(pluginID); reportItem.Attributes.SetNamedItem(pluginName); XmlNode description = doc.CreateNode(XmlNodeType.Element, "description", null); XmlNode plugin_name = doc.CreateNode(XmlNodeType.Element, "plugin_name", null); XmlNode risk_factor = doc.CreateNode(XmlNodeType.Element, "risk_factor", null); XmlNode solution = doc.CreateNode(XmlNodeType.Element, "solution", null); description.InnerText = vuln.Description; plugin_name.InnerText = vuln.Title; risk_factor.InnerText = vuln.RiskRating; solution.InnerText = vuln.Recommendation; reportItem.AppendChild(description); reportItem.AppendChild(plugin_name); reportItem.AppendChild(risk_factor); reportItem.AppendChild(solution); reportHost.AppendChild(reportItem); } } return(doc); }
public ParseResults Run() { var parseResults = new ParseResults(); parseResults.Hosts = new List <ParseResultsHost>(); var element = XElement.Load(path); var report = element.Element("Hosts"); // // Iterate through Host items in VulnXML // foreach (var host in report.Elements("Host")) { var parseHost = new ParseResultsHost(); parseHost.Items = new List <ParseResultsVuln>(); // This will break when dnsname is not found - so will not populate custom Affected Hosts issues parseHost.Name = (string)host.Attribute("ipv4"); if (string.IsNullOrEmpty(parseHost.Name)) { parseHost.Name = (string)host.Attribute("name"); } // For each vuln assigned to host foreach (var item in host.Elements("Vuln")) { // For each port assigned to vuln in host var vulnid = (string)item.Attribute("ID"); var ports = item.Element("Ports"); foreach (var port in ports.Elements("Port")) { var parseResultsVuln = new ParseResultsVuln(); parseResultsVuln.ID = (string)item.Attribute("ID"); parseResultsVuln.Port = (string)port.Attribute("Protocol"); parseResultsVuln.Protocol = (string)port; // Now need to find and complete rest of each vuln settings var vulns = element.Element("Vulns"); foreach (var vuln in vulns.Elements("Vuln")) { if ((string)vuln.Attribute("ID") == vulnid) { parseResultsVuln.Group = (string)vuln.Attribute("Group"); parseResultsVuln.Title = (string)vuln.Element("Title"); parseResultsVuln.Ref = (string)vuln.Element("Ref"); parseResultsVuln.Description = (string)vuln.Element("Description"); parseResultsVuln.Recommendation = (string)vuln.Element("Recommendation"); parseResultsVuln.References = "//" + Environment.NewLine + "//"; parseResultsVuln.RiskRating = (string)vuln.Element("CVSS").Element("OverallScore"); parseResultsVuln.ReferenceID = (string)vuln.Element("Reference"); } } parseHost.Items.Add(parseResultsVuln); } } var parseResultsHostProperties = new ParseResultsHostProperties(); parseResultsHostProperties.DnsName = (string)host.Attribute("dnsname"); parseResultsHostProperties.IPv4 = (string)host.Attribute("ipv4"); parseHost.Properties = parseResultsHostProperties; if (!string.IsNullOrEmpty(parseHost.Name)) { parseResults.Hosts.Add(parseHost); } } return(parseResults); }