Пример #1
0
 /// <summary>
 /// Creates new Retina Results object
 /// </summary>
 /// <param name="machineName"></param>
 /// <returns></returns>
 private Results NewRetinaResultsObject(string machineName)
 {
     Results textResults = new Results();
     textResults = new Results();
     textResults.machine = machineName;
     textResults.status = "Open";
     textResults.tool = "Retina";
     return textResults;
 }
Пример #2
0
        private void ParseStigViewer(object fileObject, string machineName, string fileName = "")
        {
            CHECKLIST stigScan = (CHECKLIST)fileObject;

            string title = stigScan.STIG_INFO.STIG_TITLE.ToString();
            string version = promptForm("STIG", "STIG Version", title);
            string stigId = machineName + title;

            if (!VIDs.STIGs.ContainsKey(stigId))
            {
                VIDs.STIGs.Add(stigId, version);
            }

            foreach (CHECKLISTVULN result in stigScan.VULN)
            {
                Results stigViewer = new Results();
                stigViewer.machine = machineName;
                stigViewer.tool = title;
                stigViewer.version = version;
                stigViewer.status = result.STATUS;
                stigViewer.findingDetails = result.FINDING_DETAILS.ToString();
                stigViewer.comments = result.COMMENTS.ToString();

                foreach (CHECKLISTVULNSTIG_DATA stigData in result.STIG_DATA)
                {
                    switch (stigData.VULN_ATTRIBUTE)
                    {
                        case "Vuln_Num":
                            stigViewer.vId = stigData.ATTRIBUTE_DATA.ToString();
                            break;
                        case "Severity":
                            stigViewer.category = GetSeverityCode(stigData.ATTRIBUTE_DATA.ToString());
                            break;
                        case "Rule_Title":
                            stigViewer.name = stigData.ATTRIBUTE_DATA.ToString();
                            break;
                        case "Vuln_Discuss":
                            stigViewer.description = stigData.ATTRIBUTE_DATA.ToString().Trim();
                            break;
                        case "IA_Controls":
                            stigViewer.iaControls = stigData.ATTRIBUTE_DATA.ToString();
                            break;
                        case "Fix_Text":
                            stigViewer.fix = stigData.ATTRIBUTE_DATA.ToString().Trim();
                            break;
                        case "Check_Content":
                            stigViewer.checkContent = stigData.ATTRIBUTE_DATA.ToString().Trim();
                            break;
                        //case "STIGRef":
                        //    stigViewer.version = version;
                        //   break;
                        case "Rule_Ver":
                            //stigViewer.iavm = stigData.ATTRIBUTE_DATA.ToString();
                            break;
                        default:
                            break;
                    }
                }
                resultsList.Add(stigViewer);
            }
            PARSE_RESULTS.stig++;
        }
Пример #3
0
 private void ParseRetina(object fileObject, string machineName, string fileName = "")
 {
     scanJob retinaScan = (scanJob)fileObject;
     if (string.IsNullOrWhiteSpace(VIDs.Retina))
         VIDs.Retina = promptForm("Retina", "Retina Version", fileName);
     foreach (scanJobHostsHostAudit result in retinaScan.hosts.host.audit)
     {
         Results retina = new Results();
         retina.machine = machineName;
         retina.tool = "Retina";
         retina.version = VIDs.Retina;
         retina.status = "Open";
         retina.vId = result.rthID.ToString();
         retina.name = result.name;
         retina.category = (string.IsNullOrWhiteSpace(result.sevCode)) ? result.risk : GetSeverityCode(result.sevCode);
         retina.description = result.description;
         retina.fix = result.fixInformation;
         retina.cve = result.cve;
         retina.iavm = result.iav;
         resultsList.Add(retina);
     }
     PARSE_RESULTS.retina++;
 }
Пример #4
0
        /// <summary>
        /// Parses the nessus file
        /// </summary>
        /// <param name="fileObject">file object</param>
        /// <param name="machineName">machine name</param>
        private void ParseNessus(object fileObject, string machineName, string fileName = "")
        {
            NessusClientData_v2 NessusScan = (NessusClientData_v2)fileObject;
            if (string.IsNullOrWhiteSpace(VIDs.Nessus))
                VIDs.Nessus = promptForm("Nessus", "Nessus Version", fileName);
            //string compliance = null;
            string userEnteredMachineName = "";

            //foreach (NessusClientData_v2ReportReportHost host in NessusScan.Report.ReportHost)
            //{
                userEnteredMachineName = promptForm("Machine Name Prompt", "Enter machine name for IP " + NessusScan.Report.ReportHost.name);
                foreach (NessusClientData_v2ReportReportHostReportItem item in NessusScan.Report.ReportHost.ReportItem)
                {
                    Results nessus = new Results();
                    nessus.machine = userEnteredMachineName;
                    nessus.tool = "Nessus";
                    nessus.version = VIDs.Nessus;
                    nessus.iaControls = "N/A";
                    nessus.vId = item.pluginID.ToString();
                    /*compliance = getValByElementName(item, ItemsChoiceType.compliance).Trim().ToLower();

                    if (compliance != null && compliance.Equals("true"))
                    {
                        nessus.name = getValByElementName(item, ItemsChoiceType.compliancecheckname);
                        nessus.category = getValByElementName(item, ItemsChoiceType.complianceresult);
                        nessus.iaControls = getValByElementName(item, ItemsChoiceType.compliancereference);
                        nessus.description = getValByElementName(item, ItemsChoiceType.description);
                        nessus.findingDetails = getValByElementName(item, ItemsChoiceType.complianceactualvalue);

                        ComplianceReference compRef = ComplianceReference.MakeComplianceReference(nessus.iaControls);
                        if (compRef != null)
                        {
                            nessus.category = compRef.cat;
                            nessus.iaControls = string.Join(", ", compRef.iaControls);
                        }

                        //Set Status - nessus.status
                        switch (getValByElementName(item, ItemsChoiceType.complianceresult))
                        {
                            case "PASSED":
                                nessus.status = "NotAFinding";
                                break;
                            case "FAILED":
                                nessus.status = "Open";
                                break;
                            case "WARNING":
                                nessus.status = "Not_Reviewed";
                                break;
                            default:
                                nessus.status = "Not_Reviewed";
                                break;
                        }
                    }
                    else
                    {*/
                        nessus.status = "Open";
                        nessus.name = item.pluginName;
                        nessus.category = string.IsNullOrWhiteSpace(item.stig_severity) ? item.risk_factor : item.stig_severity;//nessusSeverity(item);
                        nessus.description = item.synopsis;//getValByElementName(item, ItemsChoiceType.synopsis);
                        nessus.fix = item.solution;//getValByElementName(item, ItemsChoiceType.solution);
                        /*StringBuilder sb = new StringBuilder("");
                        if (!object.ReferenceEquals(item.cve, null))
                        {
                            foreach (string value in item.cve)
                            {
                                sb.Append(value);
                                sb.Append(", ");
                            }
                        }*/
                        //sb.Remove(sb.Length - 3, 2);
                        nessus.cve = object.ReferenceEquals(item.cve, null) ? "" : string.Join(", ", item.cve);
                        //nessus.cve = sb.ToString();//getValByElementName(item, ItemsChoiceType.cve);
                        nessus.iavm = item.iava;//getValByElementName(item, ItemsChoiceType.iava);
                        nessus.findingDetails = item.plugin_output;//getValByElementName(item, ItemsChoiceType.plugin_output);
                    //}
                    resultsList.Add(nessus);
                }
            //}
                PARSE_RESULTS.nessus++;
        }
Пример #5
0
        /// <summary>
        /// Parses MBSA xml file
        /// </summary>
        /// <param name="fileObject">MBSA Datamodel</param>
        /// <param name="machineName">Machine name</param>
        private void ParseMbsaFile(object fileObject, string machineName, string fileName = "")
        {
            dynamic mbsaScan = null;
            string mbsaVersion;
            if (fileObject.GetType().Equals(typeof(SecScan)))
            {
                mbsaScan = (SecScan)fileObject;
                mbsaVersion = mbsaScan.HotfixDataVersion;
            }
            else
            {
                mbsaScan = (XMLOut)fileObject;
                mbsaVersion = mbsaScan.CatalogInfo.CreationDate;
            }

            /*if (string.IsNullOrWhiteSpace(VIDs.MBSA))
                VIDs.MBSA = promptForm("MBSA", "MBSA Version");*/
            foreach (var check in mbsaScan.Check)
            {
                // the XMLOut Schema may have check elements with no detail elements
                if (Object.ReferenceEquals(check.Detail, null)) continue;
                foreach (var data in check.Detail)
                {
                    if (data.IsInstalled == false)
                    {
                        Results mbsa = new Results();
                        mbsa.machine = machineName;
                        mbsa.tool = "MBSA";
                        mbsa.version = mbsaVersion;
                        mbsa.status = "Open";
                        mbsa.vId = "KB" + data.KBID.ToString();
                        mbsa.name = data.Title;
                        mbsa.category = data.Severity.ToString();
                        resultsList.Add(mbsa);
                    }
                }
            }
            PARSE_RESULTS.mbsa++;
        }
Пример #6
0
        /// <summary>
        /// Gets the Nessus severity if NOT a compliance check
        /// </summary>
        /// <param name="item">Reporting item</param>
        /// <returns></returns>
        /*private string nessusSeverity(NessusClientData_v2ReportReportHostReportItem item)
        {
            string returnVal = string.Empty;
            try
            {
                returnVal = getValByElementName(item, item.stig_severity);
                if (string.IsNullOrWhiteSpace(returnVal))
                {
                    returnVal = getValByElementName(item, ItemsChoiceType.risk_factor);
                    if (returnVal.Trim().ToLower().Equals("none"))
                        returnVal = "Info";
                }
            }
            catch (Exception ex)
            {
                returnVal = "Unkown";
            }
            return returnVal;
        }*/
        /// <summary>
        /// Parses MBSA text file and adds entries to a list of Results objects
        /// </summary>
        /// <param name="file"></param>
        /// <param name="machineName"></param>
        private void ParseMbsaFile(string file, string machineName)
        {
            //  return;
            string line;
            string[] lineSplit;
            string[] kbSplit;
            string catalogSyncDate = "";

            /*if (string.IsNullOrWhiteSpace(VIDs.MBSA))
                VIDs.MBSA = promptForm("MBSA", "MBSA Version");*/

            try
            {
                System.IO.StreamReader parser = new System.IO.StreamReader(file);
                while ((line = parser.ReadLine()) != null)
                {
                    if (line.Contains("Catalog synchronization date:"))
                    {
                        // lineSplit = line.Split(':');
                        //textResults.version = lineSplit[1];

                        line = line.Replace("Catalog synchronization date:", "");
                        catalogSyncDate = line;
                    }

                    if (line.Contains("Missing"))
                    {

                        Results textResults = new Results();
                        //Split Line by '|'
                        lineSplit = line.Split('|');
                        //Split line to grab KB number e.g.(KB1234)
                        kbSplit = lineSplit[3].Split('(');
                        textResults.vId = kbSplit[1].Substring(0, kbSplit[1].Length - 2);
                        textResults.name = kbSplit[0].ToString().Trim();
                        textResults.machine = machineName;
                        textResults.tool = "MBSA";
                        textResults.category = lineSplit[4].ToString().Trim();
                        textResults.status = "Open";
                        textResults.version = catalogSyncDate;

                        resultsList.Add(textResults);
                    }
                    continue;
                }
                PARSE_RESULTS.mbsa++;
            }
            catch (Exception ex)
            {

            }
        }