public void parse() { Assembly a; a = Assembly.GetExecutingAssembly(); Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "Assembly location = " + a.Location); // ============================================ // Parse the XML Document and populate the database // ============================================ XmlDocument doc = new XmlDocument(); doc.LoadXml(m_data); XORCISMEntities model; model = new XORCISMEntities(); string query = "/NessusClientData_v2/Report"; XmlNode report; report = doc.SelectSingleNode(query); Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("Found {0} hosts to parse", report.ChildNodes.Count)); foreach (XmlNode reportHost in report.ChildNodes) { string ipAddress; ipAddress = reportHost.Attributes["name"].InnerText; Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("Handling host with IP {0}", ipAddress)); // ============================================= // If necessary, create an asset in the database // ============================================= //TODO ipaddressIPv4 var myass = from ass in model.ASSET where ass.ipaddressIPv4 == ipAddress //&& ass.AccountID == m_AccountID select ass; ASSET asset = myass.FirstOrDefault(); if (asset == null) { Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "Creates a new entry in table ASSET for this IP"); asset = new ASSET(); //asset.AccountID = m_AccountID; asset.AssetName = ipAddress; asset.AssetDescription = ipAddress; //TODO ipaddressIPv4 asset.ipaddressIPv4 = ipAddress; asset.Enabled = true; //asset.JobID = m_JobId; model.ASSET.Add(asset); model.SaveChanges(); } else { Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "This IP already corresponds to an existing asset"); } Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "Creating ASSETINSESSION reference"); ASSETSESSION assinsess = new ASSETSESSION(); assinsess.AssetID = asset.AssetID; assinsess.SessionID = model.JOB.Single(x => x.JobID == m_JobId).SessionID; model.ASSETSESSION.Add(assinsess); model.SaveChanges(); Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "Update JOB with ASSETINSESSIONID"); JOB daJob = model.JOB.Single(x => x.JobID == m_JobId); daJob.AssetSessionID = assinsess.AssetSessionID; model.SaveChanges(); // ============================= // Handles every ReportItem tag // ============================= foreach (XmlNode n in reportHost.ChildNodes) { //Hardcoded if (n.Name.ToUpper() == "ReportItem".ToUpper() && n.ChildNodes != null && n.ChildNodes.Count > 0) { string protocol = n.Attributes["protocol"].InnerText.ToUpper(); int port = Convert.ToInt32(n.Attributes["port"].InnerText); //svc_name //pluginID //pluginName //pluginFamily //risk_factor VulnerabilityEndPoint vulnerabilityEndPoint = new VulnerabilityEndPoint(); vulnerabilityEndPoint.IpAdress = ipAddress; vulnerabilityEndPoint.Protocol = protocol; vulnerabilityEndPoint.Port = port; VulnerabilityFound vulnerabilityFound = new VulnerabilityFound(); vulnerabilityFound.ListItem = Helper_GetCVE(n); vulnerabilityFound.ListReference = Helper_GetREFERENCE(n); //TODO: Helper_GetCVE and Helper_GetREFERENCE could be mixed for only 1 parsing vulnerabilityFound.InnerXml = n.OuterXml; vulnerabilityFound.Description = HelperGetChildInnerText(n, "description"); vulnerabilityFound.Solution = HelperGetChildInnerText(n, "solution"); vulnerabilityFound.Title = HelperGetChildInnerText(n, "synopsis"); vulnerabilityFound.rawresponse = HelperGetChildInnerText(n, "plugin_output"); vulnerabilityFound.Result = HelperGetChildInnerText(n, "plugin_output"); vulnerabilityFound.Severity = n.Attributes["severity"].InnerText; //1 //vulnerabilityFound.Severity = HelperGetChildInnerText(n, "risk_factor"); //None Low if (HelperGetChildInnerText(n, "exploit_available") == "true") { vulnerabilityFound.Exploitable = true; } //exploitability_ease Exploits are available //exploit_framework_canvas //exploit_framework_metasploit //exploit_framework_core //metasploit_name //canvas_package //cvss_vector //cvss_temporal_score try { vulnerabilityFound.CVSSBaseScore = float.Parse(HelperGetChildInnerText(n, "cvss_base_score"), System.Globalization.CultureInfo.InvariantCulture); } catch (Exception ex) { Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("Error parsing CVSS_BASE : Exception = {0}", ex.Message)); Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("CVSS_BASE =", HelperGetChildInnerText(n, "cvss_base_score"))); } bool PatchUpgrade = false; string MSPatch = ""; string title; string Solution; //patch_publication_date if (HelperGetChildInnerText(n, "patch_publication_date") != "") { PatchUpgrade = true; } title = n.Attributes["pluginName"].InnerText; Regex objNaturalPattern = new Regex("MS[0-9][0-9]-[0-9][0-9][0-9]"); MSPatch = objNaturalPattern.Match(title).ToString(); if (MSPatch != "") { Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "MSPatch=" + MSPatch); PatchUpgrade = true; } //Hardcoded Solution = HelperGetChildInnerText(n, "solution"); if (Solution.Contains(" upgrade to ")) { PatchUpgrade = true; } if (Solution.Contains("Upgrade ")) { PatchUpgrade = true; } if (Solution.Contains("has released a set of patches")) { PatchUpgrade = true; } if (Solution.Contains("Apply the appropriate patch")) { PatchUpgrade = true; } //<patch_publication_date> vulnerabilityFound.PatchUpgrade = PatchUpgrade; vulnerabilityFound.MSPatch = MSPatch; // =========== // Persistance // =========== Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("Persistance [{0}] [{1}] [{2}]", protocol, port, Helper_ListCVEToString(vulnerabilityFound.ListItem))); int etat = VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, m_JobId, "nessus", model); if (etat == -1) { Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("CANNOT IMPORT THIS ASSET !!!! ")); } } } } // TODO // VulnerabilityPersistor.UpdateVulnerabilityJob(list_vulnerabilyFound,m_JobId,m_model); }
private void FuncThread() { XORCISMEntities context; context = new XORCISMEntities(); // Explicitly open the connection. //context.Connection.Open(); // ================= // Main polling loop // ================= try { while (true) //Infinite loop { // ============================================================================= // PHASE 0 : Look in table SESSION and let's see if there is something to cancel // ============================================================================= #region Phase0 //Utils.Helper_Trace("MANAGER ENGINE", "Looking for new session to cancel (those with status = 'ToCancel')"); string status; status = XCommon.STATUS.TOCANCEL.ToString(); XORCISMModel.SESSION cancelSession; cancelSession = context.SESSION.FirstOrDefault(s => s.Status == status); if (cancelSession != null) { // =============================== // Abort the Launch Session thread // =============================== if (m_ListRunningSessionThread.ContainsKey(cancelSession.SessionID) == true) { LaunchSessionThreadInfo info; info = m_ListRunningSessionThread[cancelSession.SessionID]; Thread musCanceledThread; musCanceledThread = info.Thread; musCanceledThread.Abort(cancelSession.SessionID.ToString()); // ============================== // Launch a Cancel Session thread // ============================== Utils.Helper_Trace("MANAGER ENGINE", string.Format("Launching cancel session thread (sessionID={0})", cancelSession.SessionID)); cancelSession.Status = XCommon.STATUS.CANCELLING.ToString(); context.SaveChanges(); ParameterizedThreadStart ts; ts = new ParameterizedThreadStart(FuncThreadCancelSession); Thread thread; thread = new Thread(ts); thread.Start(info); } else { //Canceling after Manager crash/reboot //Session is not in m_ListRunningSessionThread Utils.Helper_Trace("MANAGER ENGINE", string.Format("Session {0} must be canceled", cancelSession.SessionID)); //int accountID; //accountID = (int)model.USERACCOUNT.FirstOrDefault(o => o.UserID == session.UserID).AccountID; // ============================= // Cancel the jobs on the agents // ============================= Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : CANCELSESSION : Cancelling jobs on agents", cancelSession.SessionID)); var jobs = from jc in context.JOB where jc.SessionID == cancelSession.SessionID select jc; foreach (JOB J in jobs.ToList()) { Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : CANCELSESSION : Handling job {1}", cancelSession.SessionID, J.JobID)); // ==================================== // Contact the agent and cancel the job // ==================================== Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : CANCELSESSION : Trying to contact the agent", cancelSession.SessionID)); try { ServiceReferenceAgent.Service1Client service; service = new ServiceReferenceAgent.Service1Client(); // TODO : // service.Endpoint.Address = bestAgent.IPAddress; service.CancelJob(J.JobID); Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : CANCELSESSION : The agent has been successfully contacted", cancelSession.SessionID)); } catch (Exception ex) { Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : CANCELSESSION : Error contacting the agent. Exception = {1} {2}", cancelSession.SessionID, ex.Message, ex.InnerException)); XCommon.Utils.Helper_SendEmail("*****@*****.**", "MANAGER ENGINE ERROR", "CANCELSESSION : Error contacting the agent. Exception =" + ex.Message + " " + ex.InnerException); //return; } } // ============================= // Update table SESSION (Status) // ============================= Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : CANCELSESSION : Updating status in table SESSION to CANCELED", cancelSession.SessionID)); try { cancelSession.Status = XCommon.STATUS.CANCELED.ToString(); cancelSession.DateEnd = DateTimeOffset.Now; context.SaveChanges(); } catch (Exception ex) { Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : CANCELSESSION : Error CANCELED. Exception = {1}", cancelSession.SessionID, ex.Message)); //return; } Utils.Helper_Trace("MANAGER ENGINE", string.Format("SESSION {0} : CANCELSESSION : Finished", cancelSession.SessionID)); } } #endregion Phase0 // ============================================================================= // PHASE 1 : Look in table SESSION and let's see if there is something to launch // ============================================================================= Utils.Helper_Trace("MANAGER ENGINE", "Looking for new session to start (status IDLE)"); //DO NOT COMMENT THIS LINE string Statut = XCommon.STATUS.IDLE.ToString(); var session = context.SESSION.FirstOrDefault(s => s.Status == Statut); if (session != null) { int sessionID; sessionID = session.SessionID; //Check if the Account and User are still valid USERACCOUNT user = null; user = context.USERACCOUNT.SingleOrDefault(o => o.UserID == session.UserID); if (user.ACCOUNT.ValidUntilDate != null && user.ACCOUNT.ValidUntilDate < DateTimeOffset.Now) { Utils.Helper_Trace("MANAGER ENGINE", string.Format("Account not valid for session {0}", sessionID)); Utils.Helper_Trace("MANAGER ENGINE", string.Format("Changing session (sessionID={0}) to CANCELED", sessionID)); session.Status = XCommon.STATUS.CANCELED.ToString(); context.SaveChanges(); } else { if (m_ListRunningSessionThread.ContainsKey(sessionID) == true) { Utils.Helper_Trace("MANAGER ENGINE", string.Format("Session {0} is supposed to be launched but a thread is already running for this session !", sessionID)); } else { // ======================= // Launch a session thread // ======================= Utils.Helper_Trace("MANAGER ENGINE", string.Format("Launching session (sessionID={0})", sessionID)); session.Status = XCommon.STATUS.RUNNING.ToString(); context.SaveChanges(); ParameterizedThreadStart managerThreadStart; managerThreadStart = new ParameterizedThreadStart(FuncThreadLaunchSession); Thread thread; thread = new Thread(managerThreadStart); LaunchSessionThreadInfo info; info = new LaunchSessionThreadInfo(sessionID, thread); thread.Start(info); // ======================== // Put it in the dictionary // ======================== m_ListRunningSessionThread.Add(sessionID, info); } } } // =================================================================================== // PHASE 2 : Look in table SESSIONCRON and let's see if we have to create new sessions // =================================================================================== Statut = XCommon.STATUS.IDLE.ToString(); var q = context.SESSIONCRON.Where(o => o.Status == Statut); foreach (SESSIONCRON sessionCron in q.ToList()) { if (sessionCron.DateEnd == null || sessionCron.DateEnd > DateTime.Now) { //Check if the Account and User are still valid USERACCOUNT user = null; user = context.USERACCOUNT.SingleOrDefault(o => o.UserID == sessionCron.UserID); if (user.ACCOUNT.ValidUntilDate != null && user.ACCOUNT.ValidUntilDate < DateTimeOffset.Now) { //Utils.Helper_Trace("MANAGER ENGINE", string.Format("Account not valid for entry {0} in table SESSIONCRON", sessionCron.SessionCronID)); } else { CrontabSchedule schedule; schedule = CrontabSchedule.Parse(sessionCron.CronExpression); DateTimeOffset start = DateTimeOffset.Now; DateTimeOffset end = start + TimeSpan.FromDays(2 * 360); var occurrence = schedule.GetNextOccurrences(start, end).GetEnumerator(); occurrence.MoveNext(); // Utils.Helper_Trace("MANAGER ENGINE", "SessionCron "+sessionCron.SessionCronID+" Next occurrence=" + occurrence.Current.DayOfWeek.ToString() + " " + occurrence.Current.Day.ToString() + "/" + occurrence.Current.Month.ToString() + "/" + occurrence.Current.Year.ToString() + " " + occurrence.Current.Hour.ToString() + "H" + occurrence.Current.Minute.ToString() + ":" + occurrence.Current.Second.ToString()); TimeSpan ts; ts = occurrence.Current - start; if (ts.TotalSeconds <= 5.0) { Utils.Helper_Trace("MANAGER ENGINE", string.Format("Cron expression for entry {0} in table SESSIONCRON has triggered an execution", sessionCron.SessionCronID)); // ================================ // Extract and parse the parameters // ================================ Dictionary <string, object> dicoParameters; try { MemoryStream ms; ms = new MemoryStream(sessionCron.Parameters); BinaryFormatter bf; bf = new BinaryFormatter(); dicoParameters = (Dictionary <string, object>)bf.Deserialize(ms); } catch (Exception e) { Utils.Helper_Trace("MANAGER SERVICE", string.Format("Exception while deserializing parameters : {0}", e.Message)); return; } int[] tabAssetID = null; if (dicoParameters["ASSETS"] != null) { tabAssetID = (int[])dicoParameters["ASSETS"]; } // ================================ // Add a new entry in table SESSION // ================================ Utils.Helper_Trace("MANAGER ENGINE", string.Format("Adding an entry in table SESSION")); SESSION tmpSession = new SESSION(); //xxx try { tmpSession.UserID = sessionCron.UserID; tmpSession.Status = XCommon.STATUS.IDLE.ToString(); tmpSession.ServiceCategoryID = sessionCron.ServiceCategoryID; tmpSession.DateStart = DateTimeOffset.Now; tmpSession.DateEnd = null; tmpSession.Parameters = sessionCron.Parameters; tmpSession.SessionCronID = sessionCron.SessionCronID; context.SESSION.Add(tmpSession); context.SaveChanges(); //xxx } catch (Exception ex) { //xxx Utils.Helper_Trace("MANAGER ENGINE", string.Format("Error adding entry in table SESSION : Exception = {0} - {1}", ex.Message, ex.InnerException.Message)); throw ex; } Utils.Helper_Trace("MANAGER ENGINE", string.Format("SessionID = {0}", tmpSession.SessionID)); // ============================================ // Add several entries in table ASSETSESSION // ============================================ if (tabAssetID != null) { Utils.Helper_Trace("MANAGER ENGINE", string.Format("Adding {0} entries in table ASSETSESSION", tabAssetID.Count())); try { foreach (int assetID in tabAssetID) { ASSETSESSION tmpAinS = new ASSETSESSION(); tmpAinS.SESSION = tmpSession; tmpAinS.AssetID = assetID; context.ASSETSESSION.Add(tmpAinS); } context.SaveChanges(); } catch (Exception ex) { Utils.Helper_Trace("MANAGER ENGINE", string.Format("Error adding entries in table ASSETSESSION : Exception = {0}", ex.Message)); throw ex; } } } } } } // ===== // Sleep // ===== Thread.Sleep(5000); //Hardcoded } } catch (ThreadAbortException exThreadAbort) { //int SessionId; //SessionId=Convert.ToInt32((string)exThreadAbort.ExceptionState); //XORCISMModel.SESSION musBeCanceledSession; //musBeCanceledSession=context.SESSION.SingleOrDefault(s => s.SessionID == SessionId); //if (musBeCanceledSession != null) //{ // musBeCanceledSession.Status = XCommon.STATUS.TOCANCEL.ToString(); // context.SaveChanges(); //} Utils.Helper_Trace("MANAGER ENGINE", string.Format("ThreadError in main polling loop : Exception = {0}", exThreadAbort.Message)); //HARDCODED XCommon.Utils.Helper_SendEmail("*****@*****.**", "ThreadError in XManager", "MyException = " + exThreadAbort.Message + " " + exThreadAbort.InnerException); return; } catch (Exception ex) { Utils.Helper_Trace("MANAGER ENGINE", string.Format("Error in main polling loop : Exception = {0} {1}", ex.Message, ex.InnerException)); //HARDCODED XCommon.Utils.Helper_SendEmail("*****@*****.**", "Error in XManager", "MyException = " + ex.Message + " " + ex.InnerException); return; } }
public void parse() { Assembly a; a = Assembly.GetExecutingAssembly(); Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "Assembly location = " + a.Location); // =================================================== // Parses the XML Document and populates the database // =================================================== // Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "data = " + m_data); XmlDocument doc = new XmlDocument(); //TODO: Input Validation (XML) doc.LoadXml(m_data); XORCISMEntities model; model = new XORCISMEntities(); string query = "/netsparker/target"; //Hardcoded XmlNode report; report = doc.SelectSingleNode(query); string ipAddress = string.Empty; ipAddress = HelperGetChildInnerText(report, "url"); //Hardcoded if (ipAddress.Substring(ipAddress.Length - 1, 1) == "/") { ipAddress = ipAddress.Substring(0, ipAddress.Length - 1); } Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", string.Format("Handling host with IP {0}", ipAddress)); // =============================================== // If necessary, creates an asset in the database // =============================================== //TODO ipaddressIPv4 var myass = from ass in model.ASSET where ass.ipaddressIPv4 == ipAddress //&& ass.AccountID == m_AccountID select ass; ASSET asset = myass.FirstOrDefault(); if (asset == null) { Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "Creates a new entry in table ASSET for this IP"); asset = new ASSET(); //asset.AccountID = m_AccountID; asset.AssetName = ipAddress; asset.AssetDescription = ipAddress; //TODO ipaddressIPv4 asset.ipaddressIPv4 = ipAddress; asset.Enabled = true; //asset.JobID = m_JobId; model.ASSET.Add(asset); model.SaveChanges(); } else { Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "This IP already corresponds to an existing asset"); } Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "Creating ASSETINSESSION reference"); ASSETSESSION assinsess = new ASSETSESSION(); assinsess.AssetID = asset.AssetID; assinsess.SessionID = model.JOB.Single(x => x.JobID == m_JobId).SessionID; model.ASSETSESSION.Add(assinsess); model.SaveChanges(); Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "Update JOB with ASSETINSESSIONID"); JOB daJob = model.JOB.Single(x => x.JobID == m_JobId); daJob.AssetSessionID = assinsess.AssetSessionID; model.SaveChanges(); Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "VULNERABILITIES FOUND"); query = "/netsparker"; //Hardcoded report = doc.SelectSingleNode(query); foreach (XmlNode n in report.ChildNodes) { //Hardcoded if (n.Name.ToUpper() == "vulnerability".ToUpper() && n.ChildNodes != null && n.ChildNodes.Count > 0) { if (n.Attributes["confirmed"].InnerText == "True") { VulnerabilityEndPoint vulnerabilityEndPoint = new VulnerabilityEndPoint(); vulnerabilityEndPoint.IpAdress = ipAddress; vulnerabilityEndPoint.Protocol = "TCP"; // "http"; //https ... A VOIR vulnerabilityEndPoint.Port = 80; //443 ... A VOIR VulnerabilityFound vulnerabilityFound = new VulnerabilityFound(); //vulnerabilityFound.ListItem = Helper_GetCVE(n); vulnerabilityFound.InnerXml = n.OuterXml; string url = HelperGetChildInnerText(n, "url"); vulnerabilityFound.Url = url; if (url.ToLower().Contains("https://")) { vulnerabilityEndPoint.Port = 443; } Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", string.Format("Url: {0}", url)); //vulnerabilityFound.Type = HelperGetChildInnerText(n, "type"); vulnerabilityFound.Title = HelperGetChildInnerText(n, "type"); vulnerabilityFound.Description = HelperGetChildInnerText(n, "type"); vulnerabilityFound.Severity = HelperGetChildInnerText(n, "severity"); Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", string.Format("Severity: {0}", HelperGetChildInnerText(n, "severity"))); vulnerabilityFound.VulnerableParameterType = HelperGetChildInnerText(n, "vulnerableparametertype"); vulnerabilityFound.VulnerableParameter = HelperGetChildInnerText(n, "vulnerableparameter"); vulnerabilityFound.VulnerableParameterValue = HelperGetChildInnerText(n, "vulnerableparametervalue"); //rawrequest //rawresponse //extrainformation // <info name="Found E-mails">[email protected]</info> // <info name="Identified Internal Path(s)">/var/www/webscantest/vulnsite/picshare/upload.pl</info> vulnerabilityFound.Consequence = HelperGetChildInnerText(n, "extrainformation"); bool PatchUpgrade = false; string MSPatch = ""; /* * <classification> * <OWASP>A1</OWASP> * <WASC>19</WASC> * <CWE>89</CWE> * <CAPEC>66</CAPEC> * </classification> */ foreach (XmlNode classif in n.ChildNodes) { //Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "classif n.ChildNodes: " + classif.Name); if (classif.Name.ToUpper() == "classification".ToUpper() && classif.ChildNodes != null && classif.ChildNodes.Count > 0) { Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "OWASP: " + HelperGetChildInnerText(classif, "OWASP")); Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "WASC: " + HelperGetChildInnerText(classif, "WASC")); Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "CWE: " + HelperGetChildInnerText(classif, "CWE")); Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "CAPEC: " + HelperGetChildInnerText(classif, "CAPEC")); } } int etat = VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, m_JobId, "netsparker", model); if (etat == -1) { Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", string.Format("CANNOT IMPORT THIS ASSET !!!! ")); } } } } }
public void parse() { Assembly a; a = Assembly.GetExecutingAssembly(); Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", "Assembly location = " + a.Location); // ============================================ // Parse the Document and populate the database // ============================================ XORCISMEntities model; model = new XORCISMEntities(); string ipAddress; ipAddress = ""; string protocol = "WWW"; //Hardcoded int port = 80; Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", string.Format("Handling host with IP {0}", ipAddress)); // ============================================= // If necessary, create an asset in the database // ============================================= //TODO var myass = from ass in model.ASSET where ass.ipaddressIPv4 == ipAddress //&& ass.AccountID == m_AccountID select ass; ASSET asset = myass.FirstOrDefault(); if (asset == null) { Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", "Creates a new entry in table ASSET for this IP"); asset = new ASSET(); //asset.AccountID = m_AccountID; asset.AssetName = ipAddress; asset.AssetDescription = ipAddress; asset.ipaddressIPv4 = ipAddress; asset.Enabled = true; //asset.JobID = m_JobId; model.ASSET.Add(asset); model.SaveChanges(); } else { Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", "This IP already corresponds to an existing asset"); } Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", "Creating ASSETINSESSION reference"); ASSETSESSION assinsess = new ASSETSESSION(); assinsess.AssetID = asset.AssetID; assinsess.SessionID = model.JOB.Single(x => x.JobID == m_JobId).SessionID; model.ASSETSESSION.Add(assinsess); model.SaveChanges(); Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", "Update JOB with ASSETINSESSIONID"); JOB daJob = model.JOB.Single(x => x.JobID == m_JobId); daJob.AssetSessionID = assinsess.AssetSessionID; model.SaveChanges(); //************************** StreamReader monStreamReader = new StreamReader("samples.js"); //Hardcoded string curline = monStreamReader.ReadLine(); bool issue_samples = false; int currentseverity = 0; string curvulntype = ""; while (curline != null) { if (issue_samples) { if (curline.Contains("'url':")) { Console.WriteLine(curvulntype); Console.WriteLine(vulntypeSkipfish(curvulntype)); curline = curline.Trim(); char[] splitter1 = { ',' }; string[] words1 = curline.Split(splitter1); string vulnurl = words1[0].Replace("{ 'url': '", ""); vulnurl = vulnurl.Substring(0, vulnurl.Length - 1); Console.WriteLine(vulnurl); string vulnparam = words1[1].Replace("'extra': '", ""); vulnparam = vulnparam.Substring(0, vulnparam.Length - 1).Trim(); Console.WriteLine(vulnparam); string vulninfodir = words1[2].Replace("'dir': '", ""); vulninfodir = vulninfodir.Replace("' } ]", ""); vulninfodir = vulninfodir.Replace("' }", "").Trim(); Console.WriteLine(vulninfodir); if (currentseverity > 0) { VulnerabilityEndPoint vulnerabilityEndPoint = new VulnerabilityEndPoint(); vulnerabilityEndPoint.IpAdress = ipAddress; vulnerabilityEndPoint.Protocol = protocol; vulnerabilityEndPoint.Port = port; VulnerabilityFound vulnerabilityFound = new VulnerabilityFound(); //vulnerabilityFound.PatchUpgrade = PatchUpgrade; //vulnerabilityFound.MSPatch = MSPatch; vulnerabilityFound.Title = vulntypeSkipfish(curvulntype); vulnerabilityFound.Severity = currentseverity.ToString(); vulnerabilityFound.Url = vulnurl; //vulnerabilityFound.rawrequest= vulninfodir+"/request.dat"; //vulnerabilityFound.rawresponse= vulninfodir+"/response.dat"; vulnerabilityFound.Result = vulnparam; // =========== // Persistance // =========== Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", string.Format("Persistance [{0}] [{1}] [{2}]", protocol, port, Helper_ListCVEToString(vulnerabilityFound.ListItem))); int etat = VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, m_JobId, "skipfish", model); if (etat == -1) { Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", string.Format("CANNOT IMPORT THIS ASSET !!!! ")); } } else { //TODO /* * //severity=0 * INFORMATION myinfo = new INFORMATION(); * myinfo.Title = vulntypeSkipfish(curvulntype); * myinfo.Severity = currentseverity.ToString(); * myinfo.Url = vulnurl; * //myinfo.rawrequest= vulninfodir+"/request.dat"; * //myinfo.rawresponse= vulninfodir+"/response.dat"; * myinfo.Result = vulnparam; * myinfo.JobID = m_JobId; * * model.AddToINFORMATION(myinfo); * model.SaveChanges(); */ } } } if (curline.Contains("'severity': 4")) { currentseverity = 4; char[] splitter1 = { ',' }; string[] words1 = curline.Split(splitter1); curvulntype = words1[1].Replace(" 'type': ", ""); } if (curline.Contains("'severity': 3")) { currentseverity = 3; char[] splitter1 = { ',' }; string[] words1 = curline.Split(splitter1); curvulntype = words1[1].Replace(" 'type': ", ""); } if (curline.Contains("'severity': 2")) { currentseverity = 2; char[] splitter1 = { ',' }; string[] words1 = curline.Split(splitter1); curvulntype = words1[1].Replace(" 'type': ", ""); } if (curline.Contains("'severity': 1")) { currentseverity = 1; char[] splitter1 = { ',' }; string[] words1 = curline.Split(splitter1); curvulntype = words1[1].Replace(" 'type': ", ""); } if (curline.Contains("'severity': 0")) { currentseverity = 0; char[] splitter1 = { ',' }; string[] words1 = curline.Split(splitter1); curvulntype = words1[1].Replace(" 'type': ", ""); } //Where am I? if (curline.Contains("var issue_samples")) { issue_samples = true; /* * ligne = ligne.Trim(); * char[] splitter1 = { ' ' }; * string[] words1 = ligne.Split(splitter1); * * cmd1 = "./msfcli " + words1[0].Trim() + " T"; */ } curline = monStreamReader.ReadLine(); } monStreamReader.Close(); // A VOIR // VulnerabilityPersistor.UpdateVulnerabilityJob(list_vulnerabilyFound,m_JobId,m_model); }
//public CompositeType GetDataUsingDataContract(CompositeType composite) //{ // if (composite == null) // { // throw new ArgumentNullException("composite"); // } // if (composite.BoolValue) // { // composite.StringValue += "Suffix"; // } // return composite; //} public int CreateSession(int serviceCategoryID, Guid userID, byte[] parameters, Decimal PeasCount, Decimal PeasValue) { //Where Magic happens Utils.Helper_Trace("MANAGER SERVICE", "Entering CreateSession()"); Utils.Helper_Trace("MANAGER SERVICE", string.Format("ServiceCategoryID = {0}", serviceCategoryID)); Utils.Helper_Trace("MANAGER SERVICE", string.Format("UserID = {0}", userID.ToString())); Dictionary<string, object> dicoParameters; try { MemoryStream ms; ms = new MemoryStream(parameters); BinaryFormatter bf; bf = new BinaryFormatter(); dicoParameters = (Dictionary<string, object>)bf.Deserialize(ms); } catch (Exception e) { Utils.Helper_Trace("MANAGER SERVICE", string.Format("Exception while deserializing parameters : {0}", e.Message)); return -1; } Utils.Helper_Trace("MANAGER SERVICE", string.Format("Size of parameters = {0} bytes", parameters.Length)); int[] tabAssetID = null; int MaxPages; string FileName = string.Empty; string nmapAddress = string.Empty; string cronExpression = string.Empty; string sip = string.Empty; string extrange = string.Empty; string policy = string.Empty; string strategie = string.Empty; switch (serviceCategoryID) //TODO Hardcoded { case 1: // Vulnerability Assessment tabAssetID = (int[])dicoParameters["ASSETS"]; cronExpression = (string)dicoParameters["CRONEXPRESSION"]; policy = (string)dicoParameters["POLICY"]; strategie = (string)dicoParameters["STRATEGY"]; Utils.Helper_Trace("MANAGER SERVICE", string.Format("Number of assets = {0}", tabAssetID.Length)); Utils.Helper_Trace("MANAGER SERVICE", string.Format("Cron Expression = {0}", cronExpression)); break; case 2: //WAS (Web Application Scanning) tabAssetID = (int[])dicoParameters["ASSETS"]; cronExpression = (string)dicoParameters["CRONEXPRESSION"]; policy = (string)dicoParameters["POLICY"]; strategie = (string)dicoParameters["STRATEGY"]; Utils.Helper_Trace("MANAGER SERVICE", string.Format("Number of assets = {0}", tabAssetID.Length)); Utils.Helper_Trace("MANAGER SERVICE", string.Format("Cron Expression = {0}", cronExpression)); break; case 3: Utils.Helper_Trace("MANAGER SERVICE", "NO parameters defined in XManagerService Service1.cs for service category 3"); break; case 4: //PCI DSS tabAssetID = (int[])dicoParameters["ASSETS"]; cronExpression = (string)dicoParameters["CRONEXPRESSION"]; policy = "PCI DSS"; strategie = "Compliance PCI DSS"; //(string)dicoParameters["STRATEGY"]; Utils.Helper_Trace("MANAGER SERVICE", string.Format("Number of assets = {0}", tabAssetID.Length)); Utils.Helper_Trace("MANAGER SERVICE", string.Format("Cron Expression = {0}", cronExpression)); break; case 5: Utils.Helper_Trace("MANAGER SERVICE", "NO parameters defined in XManagerService Service1.cs for service category 5"); break; case 6: // VOIP Scanner tabAssetID = (int[])dicoParameters["ASSETS"]; sip = (string)dicoParameters["SIP"]; extrange = (string)dicoParameters["EXTRANGE"]; Utils.Helper_Trace("MANAGER SERVICE", string.Format("Number of assets = {0}", tabAssetID.Length)); break; case 7: // Web Anti-malware Monitoring tabAssetID = (int[])dicoParameters["ASSETS"]; cronExpression = (string)dicoParameters["CRONEXPRESSION"]; MaxPages = (int)dicoParameters["MaxPages"]; Utils.Helper_Trace("MANAGER SERVICE", string.Format("Service Malware Monitoring:Number of assets = {0}", tabAssetID.Length)); Utils.Helper_Trace("MANAGER SERVICE", string.Format("Cron Expression = {0}", cronExpression)); Utils.Helper_Trace("MANAGER SERVICE", string.Format("Service Malware Monitoring:MaxPages = {0}", MaxPages)); break; case 8: // Web Site Monitoring tabAssetID = (int[])dicoParameters["ASSETS"]; Utils.Helper_Trace("MANAGER SERVICE", string.Format("Number of assets = {0}", tabAssetID.Length)); break; case 9: Utils.Helper_Trace("MANAGER SERVICE", "NO parameters defined in XManagerService Service1.cs for service category 9"); break; case 10: // Discovery nmapAddress = (string)dicoParameters["TARGET"]; Utils.Helper_Trace("MANAGER SERVICE", string.Format("Target = {0}", nmapAddress)); break; case 11: case 12: case 13: // Import case 14: case 15: FileName = (string)dicoParameters["FILENAME"]; Utils.Helper_Trace("MANAGER SERVICE", string.Format("Import File : Filename = {0}", FileName)); break; case 16: //Information Gathering (OSINT) tabAssetID = (int[])dicoParameters["ASSETS"]; cronExpression = (string)dicoParameters["CRONEXPRESSION"]; policy = (string)dicoParameters["POLICY"]; strategie = (string)dicoParameters["STRATEGY"]; Utils.Helper_Trace("MANAGER SERVICE", string.Format("Number of assets = {0}", tabAssetID.Length)); Utils.Helper_Trace("MANAGER SERVICE", string.Format("Cron Expression = {0}", cronExpression)); break; } XORCISMEntities context = new XORCISMEntities(); // =============================================== // Add a new entry in table SESSION or SESSIONCRON // =============================================== int id; if (cronExpression == "") { // ================================ // Add a new entry in table SESSION // ================================ Utils.Helper_Trace("MANAGER SERVICE", string.Format("Adding an entry in table SESSION")); SESSION tmpSession = new SESSION(); //Price try { tmpSession.UserID = userID; tmpSession.Status = XCommon.STATUS.IDLE.ToString(); tmpSession.ServiceCategoryID = serviceCategoryID; tmpSession.DateEnd = null; tmpSession.DateStart = DateTimeOffset.Now; tmpSession.Parameters = parameters; //Price context.SESSION.Add(tmpSession); context.SaveChanges(); //Price } catch (Exception ex) { /* USER user; user = context.USERS.SingleOrDefault(u => u.UserId == userID); ACCOUNT userAccount; userAccount = context.USERACCOUNT.SingleOrDefault(o => o.UserID == user.UserId).ACCOUNT; //Price */ Utils.Helper_Trace("MANAGER SERVICE", string.Format("Error adding entry in table SESSION : Exception = {0} - {1}", ex.Message, ex.InnerException.Message)); throw ex; } Utils.Helper_Trace("MANAGER SERVICE", string.Format("SessionID = {0}", tmpSession.SessionID)); //Random random = new Random(); try { // tmpSession.SessionID = tmpSession.SessionID + random.Next(20, 200); // context.SaveChanges(); } catch (Exception ex) { Utils.Helper_Trace("MANAGER SERVICE", string.Format("Error random SESSION : Exception = {0} - {1}", ex.Message, ex.InnerException.Message)); } Utils.Helper_Trace("MANAGER SERVICE", string.Format("NewRandomSessionID = {0}", tmpSession.SessionID)); id = tmpSession.SessionID; // ============================================ // Add several entries in table ASSETSESSION // ============================================ if (tabAssetID != null) { Utils.Helper_Trace("MANAGER SERVICE", string.Format("Adding {0} entries in table ASSETSESSION", tabAssetID.Count())); try { foreach (int assetID in tabAssetID) { ASSETSESSION tmpAinS = new ASSETSESSION(); tmpAinS.SESSION = tmpSession; tmpAinS.AssetID = assetID; context.ASSETSESSION.Add(tmpAinS); } context.SaveChanges(); } catch (Exception ex) { Utils.Helper_Trace("MANAGER SERVICE", string.Format("Error adding entries in table ASSETSESSION : Exception = {0}", ex.Message)); throw ex; } } } else { Utils.Helper_Trace("MANAGER SERVICE", string.Format("Adding an entry in table SESSIONCRON")); SESSIONCRON tmpSessionCron = new SESSIONCRON(); //Price try { tmpSessionCron.UserID = userID; tmpSessionCron.CronExpression = cronExpression; tmpSessionCron.Parameters = parameters; tmpSessionCron.Status = XCommon.STATUS.IDLE.ToString(); tmpSessionCron.ServiceCategoryID = serviceCategoryID; tmpSessionCron.DateStart = DateTimeOffset.Now; //TODO Non il faut que ce soit les dates de start/end du cron A VOIR TODO tmpSessionCron.DateEnd = null; //Price context.SESSIONCRON.Add(tmpSessionCron); context.SaveChanges(); } catch (Exception ex) { Utils.Helper_Trace("MANAGER SERVICE", string.Format("Error adding entry in table SESSIONCRON : Exception = {0} - {1}", ex.Message, ex.InnerException.Message)); throw ex; } Utils.Helper_Trace("MANAGER SERVICE", string.Format("SessionCronID = {0}", tmpSessionCron.SessionCronID)); id = tmpSessionCron.SessionCronID; } Utils.Helper_Trace("MANAGER SERVICE", "Leaving CreateSession()"); // Finished return id; }
public void parse() { Assembly a; a = Assembly.GetExecutingAssembly(); Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", "Assembly location = " + a.Location); // ============================================ // Parse the XML Document and populate the database // ============================================ // Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", "data = " + m_data); XmlDocument doc = new XmlDocument(); doc.LoadXml(m_data); XORCISMEntities model; model = new XORCISMEntities(); string query = "/ScanGroup/Scan"; //Hardcoded XmlNode report; report = doc.SelectSingleNode(query); string ipAddress = string.Empty; ipAddress = HelperGetChildInnerText(report, "StartURL"); //Hardcoded if (ipAddress.Substring(ipAddress.Length - 1, 1) == "/") { ipAddress = ipAddress.Substring(0, ipAddress.Length - 1); } Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", string.Format("Handling host with IP {0}", ipAddress)); // =============================================== // If necessary, creates an asset in the database // =============================================== //TODO var myass = from ass in model.ASSET where ass.ipaddressIPv4 == ipAddress //&& ass.AccountID == m_AccountID select ass; ASSET asset = myass.FirstOrDefault(); if (asset == null) { Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", "Creates a new entry in table ASSET for this IP"); asset = new ASSET(); //asset.AccountID = m_AccountID; asset.AssetName = ipAddress; asset.AssetDescription = ipAddress; asset.ipaddressIPv4 = ipAddress; asset.Enabled = true; //asset.JobID = m_JobId; model.ASSET.Add(asset); model.SaveChanges(); } else { Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", "This IP already corresponds to an existing asset"); } Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", "Creating ASSETINSESSION reference"); ASSETSESSION assinsess = new ASSETSESSION(); assinsess.AssetID = asset.AssetID; assinsess.SessionID = model.JOB.Single(x => x.JobID == m_JobId).SessionID; model.ASSETSESSION.Add(assinsess); model.SaveChanges(); Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", "Update JOB with ASSETINSESSIONID"); JOB daJob = model.JOB.Single(x => x.JobID == m_JobId); daJob.AssetSessionID = assinsess.AssetSessionID; model.SaveChanges(); Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", "VULNERABILITIES FOUND"); query = "/ScanGroup/Scan/ReportItems"; report = doc.SelectSingleNode(query); foreach (XmlNode n in report.ChildNodes) { if (n.Name.ToUpper() == "ReportItem".ToUpper() && n.ChildNodes != null && n.ChildNodes.Count > 0) { //TODOs HARDCODED VulnerabilityEndPoint vulnerabilityEndPoint = new VulnerabilityEndPoint(); vulnerabilityEndPoint.IpAdress = ipAddress; vulnerabilityEndPoint.Protocol = "TCP"; // "http"; //https ... A VOIR vulnerabilityEndPoint.Port = 80; //443 ... A VOIR VulnerabilityFound vulnerabilityFound = new VulnerabilityFound(); //vulnerabilityFound.ListItem = Helper_GetCVE(n); vulnerabilityFound.InnerXml = n.OuterXml; //To eliminate VULNERABILITY (Value) duplicates: /* * string pattern = @"ReportItem id=""\d\d?\d?"""; * string s = Regex.Replace(n.OuterXml, pattern, "ReportItem id=\"0\""); * vulnerabilityFound.InnerXml = s; */ string url = HelperGetChildInnerText(n, "Affects"); //Server vulnerabilityFound.Url = url; if (url.ToLower().Contains("https://")) { vulnerabilityEndPoint.Port = 443; } Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", string.Format("Url: {0}", url)); vulnerabilityFound.Type = HelperGetChildInnerText(n, "Type"); if (HelperGetChildInnerText(n, "IsFalsePositive") == "False") { vulnerabilityFound.IsFalsePositive = false; } else { vulnerabilityFound.IsFalsePositive = true; } vulnerabilityFound.Title = HelperGetChildInnerText(n, "Name"); //ModuleName //Affects vulnerabilityFound.Description = HelperGetChildInnerText(n, "Description"); //Extract the CVEs List <VulnerabilityFound.Item> ListCVEs = new List <VulnerabilityFound.Item>(); //MatchCollection matches = Regex.Matches(HelperGetChildInnerText(n, "Description"), "CVE-[0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9]"); MatchCollection matches = Regex.Matches(HelperGetChildInnerText(n, "Description"), @"CVE-(19|20)\d\d-(0\d{3}|[1-9]\d{3,})"); //myRegexCVE //https://cve.mitre.org/cve/identifiers/tech-guidance.html foreach (Match match in matches) { Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", string.Format("CVE: {0}", match.Groups[1].Value)); VulnerabilityFound.Item item; item = new VulnerabilityFound.Item(); item.ID = "cve"; item.Value = match.Groups[1].Value; ListCVEs.Add(item); } string mySeverity = HelperGetChildInnerText(n, "Severity"); switch (mySeverity) { //HARDCODED case "high": mySeverity = "High"; break; case "medium": mySeverity = "Medium"; break; case "low": mySeverity = "Low"; break; //case "info" } vulnerabilityFound.Severity = mySeverity; Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", string.Format("Severity: {0}", mySeverity)); string DetailsAnalysis = HelperGetChildInnerText(n, "Details"); if (DetailsAnalysis.Contains("URL encoded GET")) { vulnerabilityFound.VulnerableParameterType = "GET"; //should be Querystring for Netsparker var regex = new Regex(@"URL encoded GET input <b><font color=""dark"">(.*?)</font></b>"); var match = regex.Match(DetailsAnalysis); if (match.Success) { Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", string.Format("VulnerableParameter: {0}", match.Groups[1].Value)); vulnerabilityFound.VulnerableParameter = match.Groups[1].Value; regex = new Regex(@"was set to <b><font color=""dark"">(.*?)</font></b>"); match = regex.Match(DetailsAnalysis); if (match.Success) { Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", string.Format("VulnerableParameterValue: {0}", match.Groups[1].Value)); vulnerabilityFound.VulnerableParameterValue = match.Groups[1].Value; } } } if (DetailsAnalysis.Contains("URL encoded POST")) { vulnerabilityFound.VulnerableParameterType = "POST"; //should be Post for Netsparker var regex = new Regex(@"URL encoded POST input <b><font color=""dark"">(.*?)</font></b>"); var match = regex.Match(DetailsAnalysis); if (match.Success) { Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", string.Format("VulnerableParameter: {0}", match.Groups[1].Value)); vulnerabilityFound.VulnerableParameter = match.Groups[1].Value; regex = new Regex(@"was set to <b><font color=""dark"">(.*?)</font></b>"); match = regex.Match(DetailsAnalysis); if (match.Success) { Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", string.Format("VulnerableParameterValue: {0}", match.Groups[1].Value)); vulnerabilityFound.VulnerableParameterValue = match.Groups[1].Value; } } } //vulnerabilityFound.VulnerableParameterType = HelperGetChildInnerText(n, "vulnerableparametertype"); //vulnerabilityFound.VulnerableParameter = HelperGetChildInnerText(n, "vulnerableparameter"); //in <Details>: //URL encoded GET input <b><font color="dark">id</font></b> was set to <b><font color="dark">4-2+2*3-6</font></b> //URL encoded GET input <b><font color="dark">id</font></b> was set to <b><font color="dark">1'</font></b><br/>Error message found: <pre wrap="virtual"><font color="blue">supplied argument is not a valid MySQL result</font></pre> //URL encoded POST input <b><font color="dark">name</font></b> was set to <b><font color="dark">'"()&%1<ScRiPt >prompt(983150)</ScRiPt></font></b> //vulnerabilityFound.VulnerableParameterValue = HelperGetChildInnerText(n, "vulnerableparametervalue"); List <VulnerabilityFound.Reference> ListReferences = new List <VulnerabilityFound.Reference>(); foreach (XmlNode nchild in n.ChildNodes) { if (nchild.Name.ToUpper() == "TechnicalDetails".ToUpper() && nchild.ChildNodes != null && nchild.ChildNodes.Count > 0) { //rawrequest vulnerabilityFound.rawrequest = HelperGetChildInnerText(nchild, "Request"); //rawresponse vulnerabilityFound.rawresponse = HelperGetChildInnerText(nchild, "Response"); } if (nchild.Name.ToUpper() == "References".ToUpper() && nchild.ChildNodes != null && nchild.ChildNodes.Count > 0) { foreach (XmlNode reference in nchild) { /* * REFERENCE myReference = new REFERENCE(); * myReference.Source = HelperGetChildInnerText(reference, "Database"); * myReference.Url = HelperGetChildInnerText(reference, "URL"); * * model.AddToREFERENCE(myReference); */ VulnerabilityFound.Reference refvuln = new VulnerabilityFound.Reference(); refvuln.Title = HelperGetChildInnerText(reference, "Database"); string refurl = HelperGetChildInnerText(reference, "URL").ToLower(); refvuln.Url = refurl; refvuln.Source = HelperGetChildInnerText(reference, "Database"); //Try to harmonise the Source with the other imports (ie: exploits) //HARDCODED //TODO: Use a Common Function if (refurl.Contains("/bugtraq/")) { refvuln.Source = "BUGTRAQ"; } if (refurl.Contains("marc.theaimsgroup.com/?l=bugtraq")) { refvuln.Source = "BUGTRAQ"; } if (refurl.Contains("securityfocus.com/bid")) { refvuln.Source = "BID"; } if (refurl.Contains("osvdb.org/")) { refvuln.Source = "OSVDB"; } if (refurl.Contains("xforce.iss.net/")) { refvuln.Source = "XF"; } if (refurl.Contains("www.iss.net/")) { refvuln.Source = "XF"; } if (refurl.Contains("www.ciac.org/")) { refvuln.Source = "CIAC"; } if (refurl.Contains("ciac.llnl.gov/")) { refvuln.Source = "CIAC"; } if (refurl.Contains("www.cert.org/")) { refvuln.Source = "CERT"; } if (refurl.Contains("sunsolve.sun.org/")) { refvuln.Source = "SUN"; } if (refurl.Contains("sunsolve.sun.com/")) { refvuln.Source = "SUN"; } if (refurl.Contains("patches.sgi.com/")) { refvuln.Source = "SGI"; } if (refurl.Contains("microsoft.com/default.aspx?scid=kb")) { refvuln.Source = "MSKB"; } if (refurl.Contains("ftp.sco.com/")) { refvuln.Source = "SCO"; } if (refurl.Contains("www.trustix.org/")) { refvuln.Source = "TRUSTIX"; } if (refurl.Contains("ftp.freebsd.org/")) { refvuln.Source = "FREEBSD"; } if (refurl.Contains("www.secunia.com/")) { refvuln.Source = "SECUNIA"; } if (refurl.Contains("www.vupen.com/")) { refvuln.Source = "VUPEN"; } if (refurl.Contains("www.securitytracker.com/")) { refvuln.Source = "SECTRACK"; } if (refurl.Contains("www.redhat.com/")) { refvuln.Source = "REDHAT"; } if (refurl.Contains("www.exploit-db.com/")) { refvuln.Source = "EXPLOIT-DB"; } if (refurl.Contains("www.milw0rm.com/")) { refvuln.Source = "MILW0RM"; } if (refurl.Contains("www.microsoft.com/")) { refvuln.Source = "MS"; } if (refurl.Contains("seclists.org/fulldisclosure")) { refvuln.Source = "FULLDISC"; } ListReferences.Add(refvuln); } } } vulnerabilityFound.ListReference = ListReferences; vulnerabilityFound.ListItem = ListCVEs; vulnerabilityFound.Result = HelperGetChildInnerText(n, "Details"); vulnerabilityFound.Consequence = HelperGetChildInnerText(n, "Impact"); vulnerabilityFound.Solution = HelperGetChildInnerText(n, "Recommendation"); //DetailedInformation vulnerabilityFound.DetailedInformation = HelperGetChildInnerText(n, "DetailedInformation"); //TODO bool PatchUpgrade = false; string MSPatch = ""; int etat = VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, m_JobId, "acunetix", model); if (etat == -1) { Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", string.Format("CANNOT IMPORT THIS ASSET !!!! ")); } } } }
public void parse() { Assembly a; a = Assembly.GetExecutingAssembly(); Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "Assembly location = " + a.Location); XmlDocument doc = new XmlDocument(); #region HackCenzic /* string filename; filename = @"C:\Cenzic_webscan.xml"; //Hardcoded doc.Load(filename); Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("HackFile should be located at : " + filename)); */ #endregion // ============================================ // Parse the XML Document and populate the database // ============================================ string protocol = string.Empty; //int port = -1; string service = string.Empty; //bool PatchUpgrade = false; //string title; //string MSPatch = ""; //string Solution; m_data = m_data.Replace("Configurable format #", "Configurable"); //Hardcoded Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("m_data = {0}", m_data)); try { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "Loading the XML document"); doc.LoadXml(m_data); } catch (Exception ex) { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Exception = {0} / {1}", ex.Message, ex.InnerException == null ? "" : ex.InnerException.Message)); } XORCISMEntities model; model = new XORCISMEntities(); string query = "/AssessmentRunData/SmartAttacks/SmartAttacksData"; //Hardcoded XmlNodeList report; report = null; try { report = doc.SelectNodes(query); } catch (Exception ex) { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Error SelectNodes({0}) : Exception = {1}", query, ex.Message)); return; } //We should retrieve the target for an import string m_target = string.Empty; string patterntoken = "<Url>(.*?)</Url>"; MatchCollection matchesurl = Regex.Matches(m_data, patterntoken); foreach (Match match in matchesurl) { m_target = match.Value.Replace("<Url>", "").Replace("</Url>", ""); //Console.WriteLine(mytoken); Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "target: " + m_target); } int myPort = 80; if (m_target.Contains("https://")) { myPort = 443; } //Check if we have a custom port, ex: http://10.20.30.40:8080/test string strTargetTest = m_target; strTargetTest = strTargetTest.Replace("http://", ""); strTargetTest = strTargetTest.Replace("https://", ""); try { if (strTargetTest.Contains(":")) { char[] splitter = { ':' }; string[] strSplit = strTargetTest.Split(splitter); strTargetTest = strSplit[1]; if (strTargetTest.Contains("/")) { strSplit = strTargetTest.Split(new Char[] { '/' }); strTargetTest = strSplit[0]; } try { myPort = Convert.ToInt32(strTargetTest); } catch (FormatException e) { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", strTargetTest + " is not a sequence of digits."); } Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Custom Port:{0}", strTargetTest)); } else { if (strTargetTest.Contains("/")) { string[] strSplit = strTargetTest.Split(new Char[] { '/' }); strTargetTest = strSplit[0]; if (m_target.Contains("https://")) { m_target = "https://" + strTargetTest; } if (m_target.Contains("http://")) { m_target = "http://" + strTargetTest; } } } } catch (Exception ex) { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Error in strTargetTest : Exception = {0}", ex.Message)); } Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "the m_target=" + m_target); // =============================================== // If necessary, creates an asset in the database // =============================================== //TODO var myass = from ass in model.ASSET where ass.ipaddressIPv4 == m_target //&& ass.AccountID == m_AccountID select ass; ASSET asset = myass.FirstOrDefault(); if (asset == null) { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "Creates a new entry in table ASSET for this IP"); asset = new ASSET(); //asset.AccountID = m_AccountID; asset.AssetName = m_target; asset.AssetDescription = m_target; asset.ipaddressIPv4 = m_target; asset.Enabled = true; //asset.JobID = m_jobId; model.ASSET.Add(asset); model.SaveChanges(); } else { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "This IP already corresponds to an existing asset"); } int m_assetId = asset.AssetID; int m_sessionId = (int)model.JOB.Single(x => x.JobID == m_jobId).SessionID; Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "Creating ASSETINSESSION reference"); ASSETSESSION assinsess = new ASSETSESSION(); assinsess.AssetID = asset.AssetID; assinsess.SessionID = m_sessionId; // model.JOB.Single(x => x.JobID == m_jobId).SessionID; model.ASSETSESSION.Add(assinsess); model.SaveChanges(); Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "Update JOB with ASSETINSESSIONID"); JOB daJob = model.JOB.Single(x => x.JobID == m_jobId); daJob.AssetSessionID = assinsess.AssetSessionID; model.SaveChanges(); VulnerabilityEndPoint vulnerabilityEndPoint = new VulnerabilityEndPoint(); vulnerabilityEndPoint.IpAdress = m_target; vulnerabilityEndPoint.Protocol = "TCP"; // "http"; vulnerabilityEndPoint.Port = myPort; vulnerabilityEndPoint.Service = "WWW"; int myEndpointID = 0; var testEndpoint = from e in model.ENDPOINT where e.AssetID == m_assetId && e.SessionID == m_sessionId select e; if (testEndpoint.Count() == 0) { ENDPOINT newEndpoint = new ENDPOINT(); newEndpoint.AssetID = m_assetId; newEndpoint.SessionID = m_sessionId; newEndpoint.ProtocolName = "TCP"; // "http"; newEndpoint.PortNumber = myPort; newEndpoint.Service = "WWW"; model.ENDPOINT.Add(newEndpoint); model.SaveChanges(); myEndpointID = newEndpoint.EndPointID; } else { myEndpointID = testEndpoint.FirstOrDefault().EndPointID; } Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("myEndpointID:{0}", myEndpointID)); Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("JobID:" + m_jobId + " Found {0} SmartAttacks to parse", report.Count)); foreach (XmlNode reportHost in report) { // ================================== // Handle every SmartAttacksData tag // ================================== string myInnerXml = string.Empty; string myTitle = string.Empty; string myDescription = string.Empty; string myConsequence = string.Empty; string myResult = string.Empty; string mySolution = string.Empty; string myCVE = string.Empty; MatchCollection myCVEs; string myPCI = string.Empty; string myMessage = string.Empty; foreach (XmlNode n in reportHost.ChildNodes) { //SmartAttackInfo //ReportItems XmlNodeList Childs = n.ChildNodes; Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Coucou 1")); try { if (n.Name == "SmartAttackInfo") { myInnerXml = n.OuterXml; myTitle = HelperGetChildInnerText(n, "SmartAttackName"); Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("JobID:" + m_jobId + " Found SmartAttackName:{0}", myTitle)); Regex myRegex = new Regex("PCI [0-9].[0-9].[0-9]"); myPCI = myRegex.Match(myTitle).ToString(); if (myPCI != "") { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "PCI=" + myPCI); } //Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("myInnerXml:{0}", myInnerXml)); //Hardcoded myDescription = HelperGetChildInnerText(n, "Description"); myConsequence = HelperGetChildInnerText(n, "HowItWorks"); myResult = HelperGetChildInnerText(n, "Impact"); mySolution = HelperGetChildInnerText(n, "Remediation"); } } catch (Exception ex) { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("JobID:" + m_jobId + " Error in SmartAttackInfo : Exception = {0}", ex.Message)); } if (n.Name == "ReportItems") { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Coucou 2")); foreach (XmlNode x in n.ChildNodes) { //HARDCODED //ReportItem foreach (XmlNode ReportItem in x.ChildNodes) { myMessage = ""; if (ReportItem.Name == "ReportItemType") { //Pass if (ReportItem.InnerText == "Information") { try { //TODO /* Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Information")); INFORMATION newInformation = new INFORMATION(); //newInformation.InnerXml newInformation.Title = myTitle; newInformation.Description = myDescription; newInformation.Consequence = myConsequence; newInformation.Result = myResult; newInformation.Solution = mySolution; newInformation.Severity = HelperGetChildInnerText(x, "Severity"); newInformation.HarmScore = int.Parse(HelperGetChildInnerText(x, "HarmScore")); myMessage = HelperGetChildInnerText(x, "Message"); newInformation.Message = myMessage; //TODO A FAIRE //Matching avec les références //http://www.securityfocus.com/bid/43140/info //http://www.securityfocus.com/bid/43140/solution newInformation.Url = HelperGetChildInnerText(x, "Url"); newInformation.rawrequest = HelperGetChildInnerText(x, "HttpRequest"); newInformation.rawresponse = HelperGetChildInnerText(x, "HttpResponse"); if (myPCI != "") { newInformation.PCI_FLAG = true; } newInformation.JobID = m_jobId; newInformation.EndPointID = myEndpointID; model.AddToINFORMATION(newInformation); model.SaveChanges(); */ } catch (Exception ex) { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("JobID:" + m_jobId + " Error in Information : Exception = {0}. {1}", ex.Message, ex.InnerException)); } } if (ReportItem.InnerText == "Warning") { try { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Warning")); VulnerabilityFound vulnerabilityFound = new VulnerabilityFound(); vulnerabilityFound.InnerXml = myInnerXml; vulnerabilityFound.Title = myTitle; Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Adding SmartAttackName:{0}", myTitle)); vulnerabilityFound.Description = myDescription; vulnerabilityFound.Consequence = myConsequence; vulnerabilityFound.Result = myResult; vulnerabilityFound.Solution = mySolution; if (myPCI != "") { vulnerabilityFound.PCI_FLAG = true; } //ReportItemCreateDate vulnerabilityFound.Severity = HelperGetChildInnerText(x, "Severity"); //Low, Medium, High //Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("WARNING Severity:{0}", HelperGetChildInnerText(x, "Severity"))); vulnerabilityFound.HarmScore = int.Parse(HelperGetChildInnerText(x, "HarmScore")); //Count myMessage=HelperGetChildInnerText(x, "Message"); //vulnerabilityFound.Message = myMessage; //not exact because same VULNERABILITY will have various Messages vulnerabilityFound.rawresponse = myMessage; //Regex objNaturalPattern = new Regex("CVE-[0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9]"); Regex myRegexCVE = new Regex(@"CVE-(19|20)\d\d-(0\d{3}|[1-9]\d{3,})"); //TODO: Update this? //https://cve.mitre.org/cve/identifiers/tech-guidance.html /* myCVE = objNaturalPattern.Match(myMessage).ToString(); if (myCVE != "") { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "CVE=" + myCVE); } */ List<VulnerabilityFound.Item> l; l = new List<VulnerabilityFound.Item>(); myCVEs = myRegexCVE.Matches(myMessage); foreach (Match match in myCVEs) { foreach (Capture capture in match.Captures) { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Index={0}, CVE={1}", capture.Index, capture.Value)); VulnerabilityFound.Item item; item = new VulnerabilityFound.Item(); item.Value = capture.Value; item.ID = "cve"; l.Add(item); } } vulnerabilityFound.ListItem = l; vulnerabilityFound.Url = HelperGetChildInnerText(x, "Url"); Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Url={0}", HelperGetChildInnerText(x, "Url"))); vulnerabilityFound.rawrequest = HelperGetChildInnerText(x, "HttpRequest"); //vulnerabilityFound.rawresponse = HelperGetChildInnerText(x, "HttpResponse"); //StructuredData //*** Compliances? voir en bas //http://www.cenzic.com/downloads/Cenzic_CWE.pdf int VulnID = VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, m_jobId, "cenzic", model); } catch (Exception ex) { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("JobID:" + m_jobId + " Error in Warning : Exception = {0}. {1}", ex.Message, ex.InnerException)); } } if (ReportItem.InnerText == "Vulnerable") { try { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Vulnerable")); VulnerabilityFound vulnerabilityFound = new VulnerabilityFound(); vulnerabilityFound.InnerXml = myInnerXml; vulnerabilityFound.Title = myTitle; Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Adding SmartAttackName:{0}", myTitle)); vulnerabilityFound.Description = myDescription; vulnerabilityFound.Consequence = myConsequence; vulnerabilityFound.Result = myResult; vulnerabilityFound.Solution = mySolution; //ReportItemCreateDate vulnerabilityFound.Severity = HelperGetChildInnerText(x, "Severity"); //Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("VULNERABLE Severity:{0}", HelperGetChildInnerText(x, "Severity"))); vulnerabilityFound.HarmScore = int.Parse(HelperGetChildInnerText(x, "HarmScore")); //Count myMessage = HelperGetChildInnerText(x, "Message"); //vulnerabilityFound.Message = myMessage; vulnerabilityFound.rawresponse = myMessage; //Regex objNaturalPattern = new Regex("CVE-[0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9]"); Regex myRegexCVE = new Regex(@"CVE-(19|20)\d\d-(0\d{3}|[1-9]\d{3,})"); //https://cve.mitre.org/cve/identifiers/tech-guidance.html /* myCVE = objNaturalPattern.Match(myMessage).ToString(); if (myCVE != "") { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "CVE=" + myCVE); } */ List<VulnerabilityFound.Item> l; l = new List<VulnerabilityFound.Item>(); myCVEs = myRegexCVE.Matches(myMessage); foreach (Match match in myCVEs) { foreach (Capture capture in match.Captures) { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Index={0}, CVE={1}", capture.Index, capture.Value)); VulnerabilityFound.Item item; item = new VulnerabilityFound.Item(); item.Value = capture.Value; item.ID = "cve"; l.Add(item); } } vulnerabilityFound.ListItem = l; vulnerabilityFound.Url = HelperGetChildInnerText(x, "Url"); Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Url={0}", HelperGetChildInnerText(x, "Url"))); vulnerabilityFound.rawrequest = HelperGetChildInnerText(x, "HttpRequest"); //vulnerabilityFound.rawresponse = HelperGetChildInnerText(x, "HttpResponse"); //StructuredData if (myPCI != "") { //TODO /* vulnerabilityFound.PCI_FLAG = true; int VulnID = VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, m_jobId, "cenzic", model); List<int> myIds = new List<int>(); var id = from o in model.COMPLIANCECATEG where o.Title == myTitle && o.COMPLIANCE.Title == "PCIDSS" select o.ComplianceCategID; int Id = id.FirstOrDefault(); myIds.Add(Id); List<int> Compliances = new List<int>(); Compliances = myIds; Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Vulnerability persisted , VulnID = {0} & Compliance count = {1}", VulnID, Compliances.Count)); var V = from tmpVuln in model.VULNERABILITYFOUND where tmpVuln.VulnerabilityFoundID == VulnID select tmpVuln; VULNERABILITYFOUND VF = V.FirstOrDefault(); foreach (int i in Compliances) { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Categorie Compliance => ", i)); var C = from Comp in model.COMPLIANCECATEG where Comp.ComplianceCategID == i select Comp; COMPLIANCECATEG myCompliance = new COMPLIANCECATEG(); myCompliance = C.FirstOrDefault(); VF.COMPLIANCECATEG.Add(myCompliance); model.SaveChanges(); Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "Mapping Compliance-Vulnerability Added"); } */ } else { int VulnID = VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, m_jobId, "cenzic", model); } } catch (Exception ex) { Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Error in Vulnerable : Exception = {0}. {1}", ex.Message, ex.InnerException)); } } } } } } } } }