public XmlDocument GenerateNessusXML(ParseResults parsedResults, string filename)
{
XmlDocument doc = new XmlDocument();
XmlNode nessus = doc.CreateNode(XmlNodeType.Element, "NessusClientData_v2", null);
XmlNode report = doc.CreateNode(XmlNodeType.Element, "Report", null);
XmlNode reportName = doc.CreateAttribute("name");
reportName.Value = "NCC Group Import";
report.Attributes.SetNamedItem(reportName);
doc.AppendChild(nessus);
nessus.AppendChild(report);
// for each host
foreach (var host in parsedResults.Hosts)
{
XmlNode reportHost = doc.CreateNode(XmlNodeType.Element, "ReportHost", null);
XmlNode hostProps = doc.CreateNode(XmlNodeType.Element, "HostProperties", null);
XmlNode tag1 = doc.CreateNode(XmlNodeType.Element, "tag", null);
XmlNode tag2 = doc.CreateNode(XmlNodeType.Element, "tag", null);
XmlNode nameHost = doc.CreateAttribute("name");
XmlNode nameRDNS = doc.CreateAttribute("host-rdns");
XmlNode nameIP = doc.CreateAttribute("host-ip");
nameHost.Value = host.Name;
reportHost.Attributes.SetNamedItem(nameHost);
tag1.Attributes.SetNamedItem(nameRDNS);
tag2.Attributes.SetNamedItem(nameIP);
tag1.InnerText = host.Name;
tag2.InnerText = host.Properties.IPv4;
report.AppendChild(reportHost);
reportHost.AppendChild(hostProps);
hostProps.AppendChild(tag1);
hostProps.AppendChild(tag2);
foreach (var vuln in host.Items)
{
XmlNode reportItem = doc.CreateNode(XmlNodeType.Element, "ReportItem", null);
XmlNode port = doc.CreateAttribute("port");
XmlNode protocol = doc.CreateAttribute("protocol");
XmlNode severity = doc.CreateAttribute("severity");
XmlNode pluginID = doc.CreateAttribute("pluginID");
XmlNode pluginName = doc.CreateAttribute("pluginName");
port.Value = vuln.Port;
protocol.Value = vuln.Protocol;
severity.Value = GetNessusSeverityValue(vuln.RiskRating);
pluginID.Value = vuln.Ref;
pluginName.Value = vuln.Title;
reportItem.Attributes.SetNamedItem(port);
reportItem.Attributes.SetNamedItem(protocol);
reportItem.Attributes.SetNamedItem(severity);
reportItem.Attributes.SetNamedItem(pluginID);
reportItem.Attributes.SetNamedItem(pluginName);
XmlNode description = doc.CreateNode(XmlNodeType.Element, "description", null);
XmlNode plugin_name = doc.CreateNode(XmlNodeType.Element, "plugin_name", null);
XmlNode risk_factor = doc.CreateNode(XmlNodeType.Element, "risk_factor", null);
XmlNode solution = doc.CreateNode(XmlNodeType.Element, "solution", null);
description.InnerText = vuln.Description;
plugin_name.InnerText = vuln.Title;
risk_factor.InnerText = vuln.RiskRating;
solution.InnerText = vuln.Recommendation;
reportItem.AppendChild(description);
reportItem.AppendChild(plugin_name);
reportItem.AppendChild(risk_factor);
reportItem.AppendChild(solution);
reportHost.AppendChild(reportItem);
}
}
return(doc);
}
public ParseResults Run()
{
var parseResults = new ParseResults();
parseResults.Hosts = new List <ParseResultsHost>();
var element = XElement.Load(path);
var report = element.Element("Hosts");
//
// Iterate through Host items in VulnXML
//
foreach (var host in report.Elements("Host"))
{
var parseHost = new ParseResultsHost();
parseHost.Items = new List <ParseResultsVuln>();
// This will break when dnsname is not found - so will not populate custom Affected Hosts issues
parseHost.Name = (string)host.Attribute("ipv4");
if (string.IsNullOrEmpty(parseHost.Name))
{
parseHost.Name = (string)host.Attribute("name");
}
// For each vuln assigned to host
foreach (var item in host.Elements("Vuln"))
{
// For each port assigned to vuln in host
var vulnid = (string)item.Attribute("ID");
var ports = item.Element("Ports");
foreach (var port in ports.Elements("Port"))
{
var parseResultsVuln = new ParseResultsVuln();
parseResultsVuln.ID = (string)item.Attribute("ID");
parseResultsVuln.Port = (string)port.Attribute("Protocol");
parseResultsVuln.Protocol = (string)port;
// Now need to find and complete rest of each vuln settings
var vulns = element.Element("Vulns");
foreach (var vuln in vulns.Elements("Vuln"))
{
if ((string)vuln.Attribute("ID") == vulnid)
{
parseResultsVuln.Group = (string)vuln.Attribute("Group");
parseResultsVuln.Title = (string)vuln.Element("Title");
parseResultsVuln.Ref = (string)vuln.Element("Ref");
parseResultsVuln.Description = (string)vuln.Element("Description");
parseResultsVuln.Recommendation = (string)vuln.Element("Recommendation");
parseResultsVuln.References = "//" + Environment.NewLine + "//";
parseResultsVuln.RiskRating = (string)vuln.Element("CVSS").Element("OverallScore");
parseResultsVuln.ReferenceID = (string)vuln.Element("Reference");
}
}
parseHost.Items.Add(parseResultsVuln);
}
}
var parseResultsHostProperties = new ParseResultsHostProperties();
parseResultsHostProperties.DnsName = (string)host.Attribute("dnsname");
parseResultsHostProperties.IPv4 = (string)host.Attribute("ipv4");
parseHost.Properties = parseResultsHostProperties;
if (!string.IsNullOrEmpty(parseHost.Name))
{
parseResults.Hosts.Add(parseHost);
}
}
return(parseResults);
}
