示例#1
0
        private void Helper_GetVulnerabilities(XmlDocument s, string ipadress)
        {
            //TODO
            //List<VULNERABILITYFOUND> list_vulnerabilyFound = new List<VULNERABILITYFOUND>() ;
            string  query = "/scan/results/hosts/host"; //Hardcoded
            XmlNode host;

            try
            {
                host = s.SelectNodes(query)[0];

                if (HelperHasChild(host, "protocol") != null)
                {
                    XmlNode protocol = HelperHasChild(host, "protocol");
                    if (HelperHasChild(protocol, "port") != null)
                    {
                        XmlNode port = HelperHasChild(protocol, "port");

                        VulnerabilityEndPoint VoIPScannerEndPoint = new VulnerabilityEndPoint();
                        VoIPScannerEndPoint.Port     = Convert.ToInt32(port.Attributes["id"].InnerText);
                        VoIPScannerEndPoint.Protocol = protocol.Attributes["name"].InnerText.Trim().ToUpper();
                        VoIPScannerEndPoint.IpAdress = m_target;
                        Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Getting new vulnerability from the current endPoint(IpAdress={0},Port={1},Protocol={2})", VoIPScannerEndPoint.IpAdress, VoIPScannerEndPoint.Port.ToString(), VoIPScannerEndPoint.Protocol));

                        if (HelperHasChild(port, "pwd") != null)
                        {
                            XmlNode pwd = HelperHasChild(port, "pwd");
                            foreach (XmlNode extension in pwd.ChildNodes)
                            {
                                VulnerabilityFound detail = new VulnerabilityFound();
                                detail.Description = string.Format("The {0} SIP user has {1} as password", extension.Attributes["name"].InnerText, extension.Attributes["password"].InnerText);
                                detail.InnerXml    = extension.OuterXml;

                                VulnerabilityPersistor.Persist(detail, VoIPScannerEndPoint, m_JobId, "voipscanner", m_model);
                            }
                            //FREE MEMORY
                            pwd = null;
                        }
                    }
                }

                //FREE MEMORY
                host = null;
                //list_vulnerabilyFound = null;
            }
            catch (Exception ex)
            {
                Utils.Helper_Trace("XORCISM PROVIDER VOIPSCANNER", string.Format("Error SelectNodes {0}:{1} {2}", query, ex.Message, ex.InnerException));
                //return;
            }
        }
示例#2
0
        private void Helper_GetVulnerabilities(XmlDocument s, string ipadress)
        {
            List <VulnerabilityFound> list_VulnerabilityFound;

            list_VulnerabilityFound = new List <VulnerabilityFound>();

            XmlNodeList portNodes;

            portNodes = s.SelectNodes("/openvas-report/results/result/ports/port"); //Hardcoded

            Utils.Helper_Trace("XORCISM PROVIDER OPENVAS", string.Format("There are {0} port nodes to process", portNodes.Count));

            foreach (XmlNode portNode in portNodes)
            {
                string protocol = portNode.Attributes["protocol"].Value.ToUpper();

                int port = -1;
                if (portNode.Attributes["portid"] != null)
                {
                    port = Convert.ToInt32(portNode.Attributes["portid"].Value);
                }

                Utils.Helper_Trace("XORCISM PROVIDER OPENVAS", string.Format("Processing port {0} protocol {1}", port, protocol));

                VulnerabilityEndPoint vulnerabilityEndPoint;
                vulnerabilityEndPoint          = new VulnerabilityEndPoint();
                vulnerabilityEndPoint.IpAdress = m_target;
                vulnerabilityEndPoint.Protocol = protocol;
                vulnerabilityEndPoint.Port     = port;

                XmlNode ServiceNode = portNode.SelectSingleNode("service");
                vulnerabilityEndPoint.Service = ServiceNode.Attributes["name"].Value.ToUpper();

                foreach (XmlNode informationNode in portNode.SelectNodes("information"))
                {
                    string severity = informationNode.SelectSingleNode("severity").InnerText;
                    //<severity>Log Message</severity>  : Information => should be ignored
                    //<severity>Security Note</severity>
                    //<severity>Security Warning</severity>
                    string nvtId = informationNode.SelectSingleNode("id").InnerText;

                    Utils.Helper_Trace("XORCISM PROVIDER OPENVAS", string.Format("   Handling nvtid {0}", nvtId));

                    XmlNode nvtNode;
                    nvtNode = s.SelectSingleNode("/openvas-report/nvts/nvt[@oid='" + nvtId + "']");

                    string title     = nvtNode.SelectSingleNode("name").InnerText;
                    string summary   = nvtNode.SelectSingleNode("summary").InnerText;
                    string risk      = nvtNode.SelectSingleNode("risk").InnerText;
                    string cve_Value = nvtNode.SelectSingleNode("cve_id").InnerText;
                    string bid_Value = nvtNode.SelectSingleNode("bugtraq_id").InnerText;

                    Utils.Helper_Trace("XORCISM PROVIDER OPENVAS", string.Format("      Title = [{0}]", title));
                    Utils.Helper_Trace("XORCISM PROVIDER OPENVAS", string.Format("      Summary = [{0}]", summary));
                    Utils.Helper_Trace("XORCISM PROVIDER OPENVAS", string.Format("      Risk    = [{0}]", risk));
                    Utils.Helper_Trace("XORCISM PROVIDER OPENVAS", string.Format("      CVE     = [{0}]", cve_Value));

                    VulnerabilityFound vulnerabilityFound;
                    vulnerabilityFound                     = new VulnerabilityFound();
                    vulnerabilityFound.InnerXml            = nvtNode.InnerXml;
                    vulnerabilityFound.Title               = title;
                    vulnerabilityFound.Description         = summary;
                    vulnerabilityFound.DetailedInformation = informationNode.SelectSingleNode("data").InnerText;
                    vulnerabilityFound.Consequence         = informationNode.SelectSingleNode("data").InnerText;
                    //TODO: regex parse     OWASP:OWASP-CM-006

                    //vulnerabilityFound.Severity     = risk;
                    //Risk Could be:
                    //None, Unknown, Informational, Low, Medium, High
                    switch (risk)
                    {
                    case "None":
                        vulnerabilityFound.Severity = "1";
                        break;

                    case "Unknown":
                        vulnerabilityFound.Severity = "1";
                        break;

                    case "Informational":
                        vulnerabilityFound.Severity = "2";
                        break;

                    case "Low":
                        vulnerabilityFound.Severity = "3";
                        break;

                    case "Medium":
                        vulnerabilityFound.Severity = "4";
                        break;

                    case "High":
                        vulnerabilityFound.Severity = "5";
                        break;
                    }

                    if (cve_Value.Trim().ToUpper() != "NOCVE")
                    {
                        string[] list_Cve_Value;
                        list_Cve_Value = cve_Value.Split(new char[] { ',' });

                        foreach (string cve in list_Cve_Value)
                        {
                            VulnerabilityFound.Item cve_Item;
                            cve_Item       = new VulnerabilityFound.Item();
                            cve_Item.ID    = "cve";
                            cve_Item.Value = cve;

                            vulnerabilityFound.ListItem.Add(cve_Item);
                        }
                    }

                    if (bid_Value.Trim().ToUpper() != "NOBID")
                    {
                        string[] list_bid_Value;
                        list_bid_Value = bid_Value.Split(new char[] { ',' });

                        foreach (string bid in list_bid_Value)
                        {
                            VulnerabilityFound.Reference bid_Reference;
                            bid_Reference        = new VulnerabilityFound.Reference();
                            bid_Reference.Source = "BID";
                            bid_Reference.Title  = bid;
                            bid_Reference.Url    = "http://www.securityfocus.com/bid/" + bid;

                            vulnerabilityFound.ListReference.Add(bid_Reference);
                        }
                    }

                    VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, m_jobId, "OpenVas", m_model);
                }
            }
        }
示例#3
0
        public void parse()
        {
            Assembly a;

            a = Assembly.GetExecutingAssembly();

            Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "Assembly location = " + a.Location);

            // ============================================
            // Parse the XML Document and populate the database
            // ============================================

            XmlDocument doc = new XmlDocument();

            doc.LoadXml(m_data);

            XORCISMEntities model;

            model = new XORCISMEntities();

            string query = "/NessusClientData_v2/Report";

            XmlNode report;

            report = doc.SelectSingleNode(query);

            Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("Found {0} hosts to parse", report.ChildNodes.Count));

            foreach (XmlNode reportHost in report.ChildNodes)
            {
                string ipAddress;
                ipAddress = reportHost.Attributes["name"].InnerText;

                Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("Handling host with IP {0}", ipAddress));

                // =============================================
                // If necessary, create an asset in the database
                // =============================================
                //TODO  ipaddressIPv4
                var myass = from ass in model.ASSET
                            where ass.ipaddressIPv4 == ipAddress //&& ass.AccountID == m_AccountID
                            select ass;
                ASSET asset = myass.FirstOrDefault();

                if (asset == null)
                {
                    Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "Creates a new entry in table ASSET for this IP");

                    asset = new ASSET();
                    //asset.AccountID = m_AccountID;
                    asset.AssetName        = ipAddress;
                    asset.AssetDescription = ipAddress;
                    //TODO  ipaddressIPv4
                    asset.ipaddressIPv4 = ipAddress;
                    asset.Enabled       = true;
                    //asset.JobID = m_JobId;

                    model.ASSET.Add(asset);
                    model.SaveChanges();
                }
                else
                {
                    Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "This IP already corresponds to an existing asset");
                }

                Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "Creating ASSETINSESSION reference");
                ASSETSESSION assinsess = new ASSETSESSION();
                assinsess.AssetID   = asset.AssetID;
                assinsess.SessionID = model.JOB.Single(x => x.JobID == m_JobId).SessionID;
                model.ASSETSESSION.Add(assinsess);
                model.SaveChanges();

                Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "Update JOB with ASSETINSESSIONID");
                JOB daJob = model.JOB.Single(x => x.JobID == m_JobId);
                daJob.AssetSessionID = assinsess.AssetSessionID;
                model.SaveChanges();


                // =============================
                // Handles every ReportItem tag
                // =============================

                foreach (XmlNode n in reportHost.ChildNodes)
                {
                    //Hardcoded
                    if (n.Name.ToUpper() == "ReportItem".ToUpper() && n.ChildNodes != null && n.ChildNodes.Count > 0)
                    {
                        string protocol = n.Attributes["protocol"].InnerText.ToUpper();
                        int    port     = Convert.ToInt32(n.Attributes["port"].InnerText);
                        //svc_name
                        //pluginID
                        //pluginName
                        //pluginFamily
                        //risk_factor

                        VulnerabilityEndPoint vulnerabilityEndPoint = new VulnerabilityEndPoint();
                        vulnerabilityEndPoint.IpAdress = ipAddress;
                        vulnerabilityEndPoint.Protocol = protocol;
                        vulnerabilityEndPoint.Port     = port;

                        VulnerabilityFound vulnerabilityFound = new VulnerabilityFound();
                        vulnerabilityFound.ListItem      = Helper_GetCVE(n);
                        vulnerabilityFound.ListReference = Helper_GetREFERENCE(n);  //TODO: Helper_GetCVE and Helper_GetREFERENCE could be mixed for only 1 parsing
                        vulnerabilityFound.InnerXml      = n.OuterXml;
                        vulnerabilityFound.Description   = HelperGetChildInnerText(n, "description");
                        vulnerabilityFound.Solution      = HelperGetChildInnerText(n, "solution");
                        vulnerabilityFound.Title         = HelperGetChildInnerText(n, "synopsis");
                        vulnerabilityFound.rawresponse   = HelperGetChildInnerText(n, "plugin_output");
                        vulnerabilityFound.Result        = HelperGetChildInnerText(n, "plugin_output");
                        vulnerabilityFound.Severity      = n.Attributes["severity"].InnerText; //1
                        //vulnerabilityFound.Severity = HelperGetChildInnerText(n, "risk_factor");  //None  Low
                        if (HelperGetChildInnerText(n, "exploit_available") == "true")
                        {
                            vulnerabilityFound.Exploitable = true;
                        }
                        //exploitability_ease   Exploits are available
                        //exploit_framework_canvas
                        //exploit_framework_metasploit
                        //exploit_framework_core
                        //metasploit_name
                        //canvas_package

                        //cvss_vector
                        //cvss_temporal_score
                        try
                        {
                            vulnerabilityFound.CVSSBaseScore = float.Parse(HelperGetChildInnerText(n, "cvss_base_score"), System.Globalization.CultureInfo.InvariantCulture);
                        }
                        catch (Exception ex)
                        {
                            Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("Error parsing CVSS_BASE : Exception = {0}", ex.Message));
                            Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("CVSS_BASE =", HelperGetChildInnerText(n, "cvss_base_score")));
                        }

                        bool   PatchUpgrade = false;
                        string MSPatch      = "";
                        string title;
                        string Solution;
                        //patch_publication_date
                        if (HelperGetChildInnerText(n, "patch_publication_date") != "")
                        {
                            PatchUpgrade = true;
                        }
                        title = n.Attributes["pluginName"].InnerText;
                        Regex objNaturalPattern = new Regex("MS[0-9][0-9]-[0-9][0-9][0-9]");
                        MSPatch = objNaturalPattern.Match(title).ToString();
                        if (MSPatch != "")
                        {
                            Utils.Helper_Trace("XORCISM PROVIDER NESSUS", "MSPatch=" + MSPatch);
                            PatchUpgrade = true;
                        }

                        //Hardcoded
                        Solution = HelperGetChildInnerText(n, "solution");
                        if (Solution.Contains(" upgrade to "))
                        {
                            PatchUpgrade = true;
                        }
                        if (Solution.Contains("Upgrade "))
                        {
                            PatchUpgrade = true;
                        }
                        if (Solution.Contains("has released a set of patches"))
                        {
                            PatchUpgrade = true;
                        }
                        if (Solution.Contains("Apply the appropriate patch"))
                        {
                            PatchUpgrade = true;
                        }

                        //<patch_publication_date>

                        vulnerabilityFound.PatchUpgrade = PatchUpgrade;
                        vulnerabilityFound.MSPatch      = MSPatch;

                        // ===========
                        // Persistance
                        // ===========

                        Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("Persistance [{0}] [{1}] [{2}]", protocol, port, Helper_ListCVEToString(vulnerabilityFound.ListItem)));

                        int etat = VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, m_JobId, "nessus", model);
                        if (etat == -1)
                        {
                            Utils.Helper_Trace("XORCISM PROVIDER NESSUS", string.Format("CANNOT IMPORT THIS ASSET !!!! "));
                        }
                    }
                }
            }

            // TODO
            // VulnerabilityPersistor.UpdateVulnerabilityJob(list_vulnerabilyFound,m_JobId,m_model);
        }
示例#4
0
        public void parse()
        {
            Assembly a;

            a = Assembly.GetExecutingAssembly();

            Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "Assembly location = " + a.Location);

            // ===================================================
            // Parses the XML Document and populates the database
            // ===================================================

            //   Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "data = " + m_data);

            XmlDocument doc = new XmlDocument();

            //TODO: Input Validation (XML)
            doc.LoadXml(m_data);

            XORCISMEntities model;

            model = new XORCISMEntities();

            string query = "/netsparker/target";    //Hardcoded

            XmlNode report;

            report = doc.SelectSingleNode(query);

            string ipAddress = string.Empty;

            ipAddress = HelperGetChildInnerText(report, "url"); //Hardcoded
            if (ipAddress.Substring(ipAddress.Length - 1, 1) == "/")
            {
                ipAddress = ipAddress.Substring(0, ipAddress.Length - 1);
            }
            Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", string.Format("Handling host with IP {0}", ipAddress));

            // ===============================================
            // If necessary, creates an asset in the database
            // ===============================================

            //TODO  ipaddressIPv4
            var myass = from ass in model.ASSET
                        where ass.ipaddressIPv4 == ipAddress //&& ass.AccountID == m_AccountID
                        select ass;
            ASSET asset = myass.FirstOrDefault();

            if (asset == null)
            {
                Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "Creates a new entry in table ASSET for this IP");

                asset = new ASSET();
                //asset.AccountID = m_AccountID;
                asset.AssetName        = ipAddress;
                asset.AssetDescription = ipAddress;
                //TODO  ipaddressIPv4
                asset.ipaddressIPv4 = ipAddress;
                asset.Enabled       = true;
                //asset.JobID = m_JobId;

                model.ASSET.Add(asset);
                model.SaveChanges();
            }
            else
            {
                Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "This IP already corresponds to an existing asset");
            }

            Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "Creating ASSETINSESSION reference");
            ASSETSESSION assinsess = new ASSETSESSION();

            assinsess.AssetID   = asset.AssetID;
            assinsess.SessionID = model.JOB.Single(x => x.JobID == m_JobId).SessionID;
            model.ASSETSESSION.Add(assinsess);
            model.SaveChanges();

            Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "Update JOB with ASSETINSESSIONID");
            JOB daJob = model.JOB.Single(x => x.JobID == m_JobId);

            daJob.AssetSessionID = assinsess.AssetSessionID;
            model.SaveChanges();

            Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "VULNERABILITIES FOUND");
            query = "/netsparker";  //Hardcoded

            report = doc.SelectSingleNode(query);

            foreach (XmlNode n in report.ChildNodes)
            {
                //Hardcoded
                if (n.Name.ToUpper() == "vulnerability".ToUpper() && n.ChildNodes != null && n.ChildNodes.Count > 0)
                {
                    if (n.Attributes["confirmed"].InnerText == "True")
                    {
                        VulnerabilityEndPoint vulnerabilityEndPoint = new VulnerabilityEndPoint();
                        vulnerabilityEndPoint.IpAdress = ipAddress;
                        vulnerabilityEndPoint.Protocol = "TCP"; // "http";    //https ... A VOIR
                        vulnerabilityEndPoint.Port     = 80;    //443 ... A VOIR

                        VulnerabilityFound vulnerabilityFound = new VulnerabilityFound();
                        //vulnerabilityFound.ListItem = Helper_GetCVE(n);
                        vulnerabilityFound.InnerXml = n.OuterXml;
                        string url = HelperGetChildInnerText(n, "url");
                        vulnerabilityFound.Url = url;
                        if (url.ToLower().Contains("https://"))
                        {
                            vulnerabilityEndPoint.Port = 443;
                        }
                        Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", string.Format("Url: {0}", url));
                        //vulnerabilityFound.Type = HelperGetChildInnerText(n, "type");
                        vulnerabilityFound.Title       = HelperGetChildInnerText(n, "type");
                        vulnerabilityFound.Description = HelperGetChildInnerText(n, "type");

                        vulnerabilityFound.Severity = HelperGetChildInnerText(n, "severity");
                        Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", string.Format("Severity: {0}", HelperGetChildInnerText(n, "severity")));
                        vulnerabilityFound.VulnerableParameterType  = HelperGetChildInnerText(n, "vulnerableparametertype");
                        vulnerabilityFound.VulnerableParameter      = HelperGetChildInnerText(n, "vulnerableparameter");
                        vulnerabilityFound.VulnerableParameterValue = HelperGetChildInnerText(n, "vulnerableparametervalue");
                        //rawrequest
                        //rawresponse
                        //extrainformation
                        //  <info name="Found E-mails">[email protected]</info>
                        //  <info name="Identified Internal Path(s)">/var/www/webscantest/vulnsite/picshare/upload.pl</info>
                        vulnerabilityFound.Consequence = HelperGetChildInnerText(n, "extrainformation");

                        bool   PatchUpgrade = false;
                        string MSPatch      = "";

                        /*
                         * <classification>
                         *  <OWASP>A1</OWASP>
                         *  <WASC>19</WASC>
                         *  <CWE>89</CWE>
                         *  <CAPEC>66</CAPEC>
                         * </classification>
                         */
                        foreach (XmlNode classif in n.ChildNodes)
                        {
                            //Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "classif n.ChildNodes: " + classif.Name);
                            if (classif.Name.ToUpper() == "classification".ToUpper() && classif.ChildNodes != null && classif.ChildNodes.Count > 0)
                            {
                                Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "OWASP: " + HelperGetChildInnerText(classif, "OWASP"));
                                Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "WASC: " + HelperGetChildInnerText(classif, "WASC"));
                                Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "CWE: " + HelperGetChildInnerText(classif, "CWE"));
                                Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", "CAPEC: " + HelperGetChildInnerText(classif, "CAPEC"));
                            }
                        }


                        int etat = VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, m_JobId, "netsparker", model);
                        if (etat == -1)
                        {
                            Utils.Helper_Trace("XORCISM PROVIDER NETSPARKER", string.Format("CANNOT IMPORT THIS ASSET !!!! "));
                        }
                    }
                }
            }
        }
示例#5
0
        public void parse()
        {
            Assembly a;

            a = Assembly.GetExecutingAssembly();

            Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", "Assembly location = " + a.Location);

            // ============================================
            // Parse the Document and populate the database
            // ============================================

            XORCISMEntities model;

            model = new XORCISMEntities();



            string ipAddress;

            ipAddress = "";
            string protocol = "WWW";  //Hardcoded
            int    port     = 80;

            Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", string.Format("Handling host with IP {0}", ipAddress));

            // =============================================
            // If necessary, create an asset in the database
            // =============================================
            //TODO
            var myass = from ass in model.ASSET
                        where ass.ipaddressIPv4 == ipAddress //&& ass.AccountID == m_AccountID
                        select ass;
            ASSET asset = myass.FirstOrDefault();

            if (asset == null)
            {
                Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", "Creates a new entry in table ASSET for this IP");

                asset = new ASSET();
                //asset.AccountID = m_AccountID;
                asset.AssetName        = ipAddress;
                asset.AssetDescription = ipAddress;
                asset.ipaddressIPv4    = ipAddress;
                asset.Enabled          = true;
                //asset.JobID = m_JobId;

                model.ASSET.Add(asset);
                model.SaveChanges();
            }
            else
            {
                Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", "This IP already corresponds to an existing asset");
            }

            Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", "Creating ASSETINSESSION reference");
            ASSETSESSION assinsess = new ASSETSESSION();

            assinsess.AssetID   = asset.AssetID;
            assinsess.SessionID = model.JOB.Single(x => x.JobID == m_JobId).SessionID;
            model.ASSETSESSION.Add(assinsess);
            model.SaveChanges();

            Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", "Update JOB with ASSETINSESSIONID");
            JOB daJob = model.JOB.Single(x => x.JobID == m_JobId);

            daJob.AssetSessionID = assinsess.AssetSessionID;
            model.SaveChanges();


            //**************************
            StreamReader monStreamReader = new StreamReader("samples.js");  //Hardcoded
            string       curline         = monStreamReader.ReadLine();
            bool         issue_samples   = false;
            int          currentseverity = 0;
            string       curvulntype     = "";

            while (curline != null)
            {
                if (issue_samples)
                {
                    if (curline.Contains("'url':"))
                    {
                        Console.WriteLine(curvulntype);
                        Console.WriteLine(vulntypeSkipfish(curvulntype));
                        curline = curline.Trim();
                        char[]   splitter1 = { ',' };
                        string[] words1    = curline.Split(splitter1);
                        string   vulnurl   = words1[0].Replace("{ 'url': '", "");
                        vulnurl = vulnurl.Substring(0, vulnurl.Length - 1);
                        Console.WriteLine(vulnurl);
                        string vulnparam = words1[1].Replace("'extra': '", "");
                        vulnparam = vulnparam.Substring(0, vulnparam.Length - 1).Trim();
                        Console.WriteLine(vulnparam);
                        string vulninfodir = words1[2].Replace("'dir': '", "");
                        vulninfodir = vulninfodir.Replace("' } ]", "");
                        vulninfodir = vulninfodir.Replace("' }", "").Trim();
                        Console.WriteLine(vulninfodir);

                        if (currentseverity > 0)
                        {
                            VulnerabilityEndPoint vulnerabilityEndPoint = new VulnerabilityEndPoint();
                            vulnerabilityEndPoint.IpAdress = ipAddress;
                            vulnerabilityEndPoint.Protocol = protocol;
                            vulnerabilityEndPoint.Port     = port;

                            VulnerabilityFound vulnerabilityFound = new VulnerabilityFound();
                            //vulnerabilityFound.PatchUpgrade = PatchUpgrade;
                            //vulnerabilityFound.MSPatch = MSPatch;
                            vulnerabilityFound.Title    = vulntypeSkipfish(curvulntype);
                            vulnerabilityFound.Severity = currentseverity.ToString();
                            vulnerabilityFound.Url      = vulnurl;
                            //vulnerabilityFound.rawrequest=    vulninfodir+"/request.dat";
                            //vulnerabilityFound.rawresponse=   vulninfodir+"/response.dat";
                            vulnerabilityFound.Result = vulnparam;


                            // ===========
                            // Persistance
                            // ===========

                            Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", string.Format("Persistance [{0}] [{1}] [{2}]", protocol, port, Helper_ListCVEToString(vulnerabilityFound.ListItem)));

                            int etat = VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, m_JobId, "skipfish", model);
                            if (etat == -1)
                            {
                                Utils.Helper_Trace("XORCISM PROVIDER SkipfishImport", string.Format("CANNOT IMPORT THIS ASSET !!!! "));
                            }
                        }
                        else
                        {
                            //TODO

                            /*
                             * //severity=0
                             * INFORMATION myinfo = new INFORMATION();
                             * myinfo.Title = vulntypeSkipfish(curvulntype);
                             * myinfo.Severity = currentseverity.ToString();
                             * myinfo.Url = vulnurl;
                             * //myinfo.rawrequest=    vulninfodir+"/request.dat";
                             * //myinfo.rawresponse=   vulninfodir+"/response.dat";
                             * myinfo.Result = vulnparam;
                             * myinfo.JobID = m_JobId;
                             *
                             * model.AddToINFORMATION(myinfo);
                             * model.SaveChanges();
                             */
                        }
                    }
                }

                if (curline.Contains("'severity': 4"))
                {
                    currentseverity = 4;
                    char[]   splitter1 = { ',' };
                    string[] words1    = curline.Split(splitter1);
                    curvulntype = words1[1].Replace(" 'type': ", "");
                }
                if (curline.Contains("'severity': 3"))
                {
                    currentseverity = 3;
                    char[]   splitter1 = { ',' };
                    string[] words1    = curline.Split(splitter1);
                    curvulntype = words1[1].Replace(" 'type': ", "");
                }
                if (curline.Contains("'severity': 2"))
                {
                    currentseverity = 2;
                    char[]   splitter1 = { ',' };
                    string[] words1    = curline.Split(splitter1);
                    curvulntype = words1[1].Replace(" 'type': ", "");
                }
                if (curline.Contains("'severity': 1"))
                {
                    currentseverity = 1;
                    char[]   splitter1 = { ',' };
                    string[] words1    = curline.Split(splitter1);
                    curvulntype = words1[1].Replace(" 'type': ", "");
                }
                if (curline.Contains("'severity': 0"))
                {
                    currentseverity = 0;
                    char[]   splitter1 = { ',' };
                    string[] words1    = curline.Split(splitter1);
                    curvulntype = words1[1].Replace(" 'type': ", "");
                }
                //Where am I?
                if (curline.Contains("var issue_samples"))
                {
                    issue_samples = true;

                    /*
                     * ligne = ligne.Trim();
                     * char[] splitter1 = { ' ' };
                     * string[] words1 = ligne.Split(splitter1);
                     *
                     * cmd1 = "./msfcli " + words1[0].Trim() + " T";
                     */
                }
                curline = monStreamReader.ReadLine();
            }

            monStreamReader.Close();



            // A VOIR
            // VulnerabilityPersistor.UpdateVulnerabilityJob(list_vulnerabilyFound,m_JobId,m_model);
        }
示例#6
0
        /* @default : port = "80"
         * @default : strategy | tunning ="x"
         */
        public void Run(string target, int jobID, string policy, string strategy)
        {
            Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", "Entering Run()");
            Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("Target = {0} , JobID = {1} , Policy = {2}, Strategy = {3}", target, jobID, policy, strategy));
            string          targetmodified = target.ToLower().Replace("https://", "").Replace("http://", "");
            XORCISMEntities model          = new XORCISMEntities();

            /* On initialise une var */
            //SandcatParser sandcatParser = null;
            string   file = "";
            Assembly a;

            a    = Assembly.GetExecutingAssembly();
            file = string.Format("sandcat_{0}_{1}", DateTime.Now.Ticks, this.GetHashCode());
            Process process = new Process();

            try
            {
                //sandcatParser = new SandcatParser(target, jobID, policy, strategy);

                Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", "SANDCAT Assembly location = " + a.Location);

                Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("JobID: {0} Results will be stored in directory [{1}]", jobID, file));

                string program;
                program = Path.GetDirectoryName(a.Location) + "\\sandcatmini-4.2.5.0\\SandcatCS.exe";   //HARDCODED

                Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("Using sandcat at '{0}'", program));

                process.StartInfo.UseShellExecute = true;

                try
                {
                    process.StartInfo.FileName               = program;
                    process.StartInfo.Arguments              = " " + targetmodified + " -sn " + file; //HARDCODED
                    process.StartInfo.UseShellExecute        = false;
                    process.StartInfo.RedirectStandardOutput = true;
                    process.StartInfo.RedirectStandardError  = false;
                    process.StartInfo.CreateNoWindow         = true;
                    // process.EnableRaisingEvents = true;
                    // process.Exited += new EventHandler(Process_Exited);
                    process.Start();
                    // Process.Start(vProgram,vIAnnotationLocal.Folder + vIAnnotationLocal.EntryPoint);
                }
                catch (Win32Exception vException)
                {
                    if (vException.NativeErrorCode == ERROR_FILE_NOT_FOUND)
                    {
                        Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("ERROR_FILE_NOT_FOUND : Exception = {0}", vException.Message));
                        //return null;
                    }
                    else if (vException.NativeErrorCode == ERROR_ACCESS_DENIED)
                    {
                        Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("ERROR_ACCESS_DENIED : Exception = {0}", vException.Message));
                        //return null;
                    }
                }
                catch (Exception ex)
                {
                    Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", "JobID:" + jobID + "Exception RunningSandcat = " + ex.Message + " " + ex.InnerException);
                }

                Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("sandcat is running"));
            }
            catch (Exception ex)
            {
                Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", "JobID:" + jobID + "Exception SandcatParser = " + ex.Message + " " + ex.InnerException);
            }

            try
            {
                Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("Waiting for sandcat to finish"));

                process.WaitForExit(1800000);    //3 hours
            }
            catch (Exception vException)
            {
                Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("TimeException = {0}", vException.Message));
                //return null;
            }

            Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", "sandcat has finished");
            StreamReader SR        = process.StandardOutput;
            string       strOutput = SR.ReadToEnd();

            Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("Output: " + strOutput));

            //demo.testfire.net [80]_Vulns.log
            string resultfile;

            resultfile = Path.Combine(Path.GetDirectoryName(a.Location), "\\sandcatmini-4.2.5.0\\Rep\\" + file + "\\" + targetmodified + " [80]_Vulns.log");    //HARDCODED

            /*
             * "vname=search.aspx XSS",vpars=txtSearch,vlns=,vrisk=Medium,vpath=http://demo.testfire.net/search.aspx?txtSearch=[script]alert('Vulnerable')[/script],vstat=200,"f=Application Vuln.xrm"
             * "vname=comment.aspx XSS",vpars=name,vlns=,vrisk=Medium,"vpath=http://demo.testfire.net/comment.aspx?cfile=comments.txt&name=[script]alert('Vulnerable')[/script]&email_addr=&subject=Sandcat&comments=&submit= Submit&reset= Clear Form",vstat=200,"f=Application Vuln (2).xrm"
             * "vname=login.aspx XSS",vpars=uid,vlns=,vrisk=Medium,vpath=http://demo.testfire.net/bank/login.aspx?uid=[script]alert(document.cookie)[/script]&passw=&btnSubmit=Login,vstat=200,"f=Application Vuln (3).xrm"
             * "vname=default.aspx Directory Traversal",vpars=content,vlns=,vrisk=High,vpath=http://demo.testfire.net/default.aspx?content=../../../../../../../../boot.ini%00inside_contact.htm,vstat=200,"f=Application Vuln (4).xrm"
             */


            try
            {
                StreamReader myfilereader = new StreamReader(resultfile);
                string       ligne        = myfilereader.ReadLine();
                while (ligne != null)
                {
                    Console.WriteLine(ligne);

                    VulnerabilityFound    vulnerabilityFound    = new VulnerabilityFound();
                    VulnerabilityEndPoint vulnerabilityEndPoint = new VulnerabilityEndPoint();

                    vulnerabilityFound.InnerXml = ligne;

                    vulnerabilityEndPoint.IpAdress = target;
                    vulnerabilityEndPoint.Port     = 80;    //TODO: à voir
                    vulnerabilityEndPoint.Protocol = "TCP"; //HARDCODED
                    vulnerabilityEndPoint.Service  = "WWW";

                    string[] arInfo   = new string[7];
                    char[]   splitter = { ',' };
                    arInfo = ligne.Split(splitter);
                    for (int x = 0; x < arInfo.Length; x++)
                    {
                        if (arInfo[x].Contains("vname"))
                        {
                            vulnerabilityFound.Title = arInfo[x].Replace("vname=", "").Replace("\"", "");
                        }
                        else
                        {
                            if (arInfo[x].Contains("vpars"))
                            {
                                vulnerabilityFound.VulnerableParameter = arInfo[x].Replace("vpars=", "").Replace("\"", "");
                            }
                            else
                            {
                                if (arInfo[x].Contains("vrisk"))
                                {
                                    vulnerabilityFound.Severity = arInfo[x].Replace("vrisk=", "").Replace("\"", "");
                                }
                                else
                                {
                                    if (arInfo[x].Contains("vpath"))
                                    {
                                        vulnerabilityFound.Url = arInfo[x].Replace("vpath=", "").Replace("\"", "");
                                    }
                                }
                            }
                        }
                    }
                    VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, jobID, "sandcat", model);

                    ligne = myfilereader.ReadLine();
                }
                myfilereader.Close();
            }
            catch (Exception ex)
            {
                Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", "JobID:" + jobID + "Exception SandcatReader = " + ex.Message + " " + ex.InnerException + " " + resultfile);
            }


            string status = XCommon.STATUS.FINISHED.ToString();

            // =================================================
            // Change the status of the job to FINISHED or ERROR
            // =================================================

            /*
             * if (sandcatParser.Parse() == false)
             * {
             *  status = XCommon.STATUS.ERROR.ToString();
             *  Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("Updating job {0} status to ERROR", jobID));
             *  XCommon.Utils.Helper_SendEmail("*****@*****.**", "Sandcat ERROR", "Sandcat ERROR for job:" + jobID);
             * }
             * else
             * {
             *  Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", string.Format("Updating job {0} status to FINISHED", jobID));
             * }
             */
            try
            {
                var Q = from j in model.JOB
                        where j.JobID == jobID
                        select j;

                JOB myJob = Q.FirstOrDefault();
                myJob.Status  = status;
                myJob.DateEnd = DateTimeOffset.Now;
                //image
                System.Text.UTF8Encoding encoding = new System.Text.UTF8Encoding();
                myJob.XmlResult = encoding.GetBytes(m_data);
                model.SaveChanges();
                //FREE MEMORY
                model.Dispose();
                //    sandcatParser = null;
            }
            catch (Exception ex)
            {
                Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", "JobID:" + jobID + "Exception UpdateJob = " + ex.Message + " " + ex.InnerException);
            }

            Utils.Helper_Trace("XORCISM PROVIDER SANDCAT", "JobID:" + jobID + "Leaving Run()");
        }
示例#7
0
        public void parse()
        {
            Assembly a;

            a = Assembly.GetExecutingAssembly();

            Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", "Assembly location = " + a.Location);

            // ============================================
            // Parse the XML Document and populate the database
            // ============================================

            //   Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", "data = " + m_data);

            XmlDocument doc = new XmlDocument();

            doc.LoadXml(m_data);

            XORCISMEntities model;

            model = new XORCISMEntities();

            string query = "/ScanGroup/Scan";   //Hardcoded

            XmlNode report;

            report = doc.SelectSingleNode(query);

            string ipAddress = string.Empty;

            ipAddress = HelperGetChildInnerText(report, "StartURL");    //Hardcoded
            if (ipAddress.Substring(ipAddress.Length - 1, 1) == "/")
            {
                ipAddress = ipAddress.Substring(0, ipAddress.Length - 1);
            }
            Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", string.Format("Handling host with IP {0}", ipAddress));

            // ===============================================
            // If necessary, creates an asset in the database
            // ===============================================
            //TODO
            var myass = from ass in model.ASSET
                        where ass.ipaddressIPv4 == ipAddress //&& ass.AccountID == m_AccountID
                        select ass;
            ASSET asset = myass.FirstOrDefault();

            if (asset == null)
            {
                Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", "Creates a new entry in table ASSET for this IP");

                asset = new ASSET();
                //asset.AccountID = m_AccountID;
                asset.AssetName        = ipAddress;
                asset.AssetDescription = ipAddress;
                asset.ipaddressIPv4    = ipAddress;
                asset.Enabled          = true;
                //asset.JobID = m_JobId;

                model.ASSET.Add(asset);
                model.SaveChanges();
            }
            else
            {
                Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", "This IP already corresponds to an existing asset");
            }

            Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", "Creating ASSETINSESSION reference");
            ASSETSESSION assinsess = new ASSETSESSION();

            assinsess.AssetID   = asset.AssetID;
            assinsess.SessionID = model.JOB.Single(x => x.JobID == m_JobId).SessionID;
            model.ASSETSESSION.Add(assinsess);
            model.SaveChanges();

            Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", "Update JOB with ASSETINSESSIONID");
            JOB daJob = model.JOB.Single(x => x.JobID == m_JobId);

            daJob.AssetSessionID = assinsess.AssetSessionID;
            model.SaveChanges();

            Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", "VULNERABILITIES FOUND");
            query = "/ScanGroup/Scan/ReportItems";

            report = doc.SelectSingleNode(query);

            foreach (XmlNode n in report.ChildNodes)
            {
                if (n.Name.ToUpper() == "ReportItem".ToUpper() && n.ChildNodes != null && n.ChildNodes.Count > 0)
                {
                    //TODOs HARDCODED
                    VulnerabilityEndPoint vulnerabilityEndPoint = new VulnerabilityEndPoint();
                    vulnerabilityEndPoint.IpAdress = ipAddress;
                    vulnerabilityEndPoint.Protocol = "TCP"; // "http";    //https ... A VOIR
                    vulnerabilityEndPoint.Port     = 80;    //443 ... A VOIR

                    VulnerabilityFound vulnerabilityFound = new VulnerabilityFound();
                    //vulnerabilityFound.ListItem = Helper_GetCVE(n);

                    vulnerabilityFound.InnerXml = n.OuterXml;
                    //To eliminate VULNERABILITY (Value) duplicates:

                    /*
                     * string pattern = @"ReportItem id=""\d\d?\d?""";
                     * string s = Regex.Replace(n.OuterXml, pattern, "ReportItem id=\"0\"");
                     * vulnerabilityFound.InnerXml = s;
                     */
                    string url = HelperGetChildInnerText(n, "Affects");     //Server
                    vulnerabilityFound.Url = url;
                    if (url.ToLower().Contains("https://"))
                    {
                        vulnerabilityEndPoint.Port = 443;
                    }
                    Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", string.Format("Url: {0}", url));
                    vulnerabilityFound.Type = HelperGetChildInnerText(n, "Type");
                    if (HelperGetChildInnerText(n, "IsFalsePositive") == "False")
                    {
                        vulnerabilityFound.IsFalsePositive = false;
                    }
                    else
                    {
                        vulnerabilityFound.IsFalsePositive = true;
                    }
                    vulnerabilityFound.Title = HelperGetChildInnerText(n, "Name");
                    //ModuleName
                    //Affects
                    vulnerabilityFound.Description = HelperGetChildInnerText(n, "Description");
                    //Extract the CVEs
                    List <VulnerabilityFound.Item> ListCVEs = new List <VulnerabilityFound.Item>();
                    //MatchCollection matches = Regex.Matches(HelperGetChildInnerText(n, "Description"), "CVE-[0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9]");
                    MatchCollection matches = Regex.Matches(HelperGetChildInnerText(n, "Description"), @"CVE-(19|20)\d\d-(0\d{3}|[1-9]\d{3,})");            //myRegexCVE
                    //https://cve.mitre.org/cve/identifiers/tech-guidance.html

                    foreach (Match match in matches)
                    {
                        Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", string.Format("CVE: {0}", match.Groups[1].Value));
                        VulnerabilityFound.Item item;
                        item       = new VulnerabilityFound.Item();
                        item.ID    = "cve";
                        item.Value = match.Groups[1].Value;
                        ListCVEs.Add(item);
                    }

                    string mySeverity = HelperGetChildInnerText(n, "Severity");
                    switch (mySeverity)
                    {
                    //HARDCODED
                    case "high":
                        mySeverity = "High";
                        break;

                    case "medium":
                        mySeverity = "Medium";
                        break;

                    case "low":
                        mySeverity = "Low";
                        break;
                        //case "info"
                    }

                    vulnerabilityFound.Severity = mySeverity;
                    Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", string.Format("Severity: {0}", mySeverity));
                    string DetailsAnalysis = HelperGetChildInnerText(n, "Details");
                    if (DetailsAnalysis.Contains("URL encoded GET"))
                    {
                        vulnerabilityFound.VulnerableParameterType = "GET";         //should be Querystring for Netsparker
                        var regex = new Regex(@"URL encoded GET input <b><font color=""dark"">(.*?)</font></b>");
                        var match = regex.Match(DetailsAnalysis);
                        if (match.Success)
                        {
                            Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", string.Format("VulnerableParameter: {0}", match.Groups[1].Value));
                            vulnerabilityFound.VulnerableParameter = match.Groups[1].Value;
                            regex = new Regex(@"was set to <b><font color=""dark"">(.*?)</font></b>");
                            match = regex.Match(DetailsAnalysis);
                            if (match.Success)
                            {
                                Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", string.Format("VulnerableParameterValue: {0}", match.Groups[1].Value));
                                vulnerabilityFound.VulnerableParameterValue = match.Groups[1].Value;
                            }
                        }
                    }
                    if (DetailsAnalysis.Contains("URL encoded POST"))
                    {
                        vulnerabilityFound.VulnerableParameterType = "POST";         //should be Post for Netsparker
                        var regex = new Regex(@"URL encoded POST input <b><font color=""dark"">(.*?)</font></b>");
                        var match = regex.Match(DetailsAnalysis);
                        if (match.Success)
                        {
                            Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", string.Format("VulnerableParameter: {0}", match.Groups[1].Value));
                            vulnerabilityFound.VulnerableParameter = match.Groups[1].Value;
                            regex = new Regex(@"was set to <b><font color=""dark"">(.*?)</font></b>");
                            match = regex.Match(DetailsAnalysis);
                            if (match.Success)
                            {
                                Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", string.Format("VulnerableParameterValue: {0}", match.Groups[1].Value));
                                vulnerabilityFound.VulnerableParameterValue = match.Groups[1].Value;
                            }
                        }
                    }
                    //vulnerabilityFound.VulnerableParameterType = HelperGetChildInnerText(n, "vulnerableparametertype");
                    //vulnerabilityFound.VulnerableParameter = HelperGetChildInnerText(n, "vulnerableparameter");
                    //in <Details>:
                    //URL encoded GET input <b><font color="dark">id</font></b> was set to <b><font color="dark">4-2+2*3-6</font></b>
                    //URL encoded GET input <b><font color="dark">id</font></b> was set to <b><font color="dark">1'</font></b><br/>Error message found: <pre wrap="virtual"><font color="blue">supplied argument is not a valid MySQL result</font></pre>
                    //URL encoded POST input <b><font color="dark">name</font></b> was set to <b><font color="dark">'&quot;()&amp;%1&lt;ScRiPt &gt;prompt(983150)&lt;/ScRiPt&gt;</font></b>
                    //vulnerabilityFound.VulnerableParameterValue = HelperGetChildInnerText(n, "vulnerableparametervalue");

                    List <VulnerabilityFound.Reference> ListReferences = new List <VulnerabilityFound.Reference>();
                    foreach (XmlNode nchild in n.ChildNodes)
                    {
                        if (nchild.Name.ToUpper() == "TechnicalDetails".ToUpper() && nchild.ChildNodes != null && nchild.ChildNodes.Count > 0)
                        {
                            //rawrequest
                            vulnerabilityFound.rawrequest = HelperGetChildInnerText(nchild, "Request");
                            //rawresponse
                            vulnerabilityFound.rawresponse = HelperGetChildInnerText(nchild, "Response");
                        }
                        if (nchild.Name.ToUpper() == "References".ToUpper() && nchild.ChildNodes != null && nchild.ChildNodes.Count > 0)
                        {
                            foreach (XmlNode reference in nchild)
                            {
                                /*
                                 * REFERENCE myReference = new REFERENCE();
                                 * myReference.Source = HelperGetChildInnerText(reference, "Database");
                                 * myReference.Url = HelperGetChildInnerText(reference, "URL");
                                 *
                                 * model.AddToREFERENCE(myReference);
                                 */

                                VulnerabilityFound.Reference refvuln = new VulnerabilityFound.Reference();
                                refvuln.Title = HelperGetChildInnerText(reference, "Database");
                                string refurl = HelperGetChildInnerText(reference, "URL").ToLower();
                                refvuln.Url    = refurl;
                                refvuln.Source = HelperGetChildInnerText(reference, "Database");
                                //Try to harmonise the Source with the other imports (ie: exploits)
                                //HARDCODED
                                //TODO: Use a Common Function
                                if (refurl.Contains("/bugtraq/"))
                                {
                                    refvuln.Source = "BUGTRAQ";
                                }
                                if (refurl.Contains("marc.theaimsgroup.com/?l=bugtraq"))
                                {
                                    refvuln.Source = "BUGTRAQ";
                                }
                                if (refurl.Contains("securityfocus.com/bid"))
                                {
                                    refvuln.Source = "BID";
                                }
                                if (refurl.Contains("osvdb.org/"))
                                {
                                    refvuln.Source = "OSVDB";
                                }
                                if (refurl.Contains("xforce.iss.net/"))
                                {
                                    refvuln.Source = "XF";
                                }
                                if (refurl.Contains("www.iss.net/"))
                                {
                                    refvuln.Source = "XF";
                                }
                                if (refurl.Contains("www.ciac.org/"))
                                {
                                    refvuln.Source = "CIAC";
                                }
                                if (refurl.Contains("ciac.llnl.gov/"))
                                {
                                    refvuln.Source = "CIAC";
                                }
                                if (refurl.Contains("www.cert.org/"))
                                {
                                    refvuln.Source = "CERT";
                                }
                                if (refurl.Contains("sunsolve.sun.org/"))
                                {
                                    refvuln.Source = "SUN";
                                }
                                if (refurl.Contains("sunsolve.sun.com/"))
                                {
                                    refvuln.Source = "SUN";
                                }
                                if (refurl.Contains("patches.sgi.com/"))
                                {
                                    refvuln.Source = "SGI";
                                }
                                if (refurl.Contains("microsoft.com/default.aspx?scid=kb"))
                                {
                                    refvuln.Source = "MSKB";
                                }
                                if (refurl.Contains("ftp.sco.com/"))
                                {
                                    refvuln.Source = "SCO";
                                }
                                if (refurl.Contains("www.trustix.org/"))
                                {
                                    refvuln.Source = "TRUSTIX";
                                }
                                if (refurl.Contains("ftp.freebsd.org/"))
                                {
                                    refvuln.Source = "FREEBSD";
                                }
                                if (refurl.Contains("www.secunia.com/"))
                                {
                                    refvuln.Source = "SECUNIA";
                                }
                                if (refurl.Contains("www.vupen.com/"))
                                {
                                    refvuln.Source = "VUPEN";
                                }
                                if (refurl.Contains("www.securitytracker.com/"))
                                {
                                    refvuln.Source = "SECTRACK";
                                }
                                if (refurl.Contains("www.redhat.com/"))
                                {
                                    refvuln.Source = "REDHAT";
                                }
                                if (refurl.Contains("www.exploit-db.com/"))
                                {
                                    refvuln.Source = "EXPLOIT-DB";
                                }
                                if (refurl.Contains("www.milw0rm.com/"))
                                {
                                    refvuln.Source = "MILW0RM";
                                }
                                if (refurl.Contains("www.microsoft.com/"))
                                {
                                    refvuln.Source = "MS";
                                }
                                if (refurl.Contains("seclists.org/fulldisclosure"))
                                {
                                    refvuln.Source = "FULLDISC";
                                }
                                ListReferences.Add(refvuln);
                            }
                        }
                    }
                    vulnerabilityFound.ListReference = ListReferences;
                    vulnerabilityFound.ListItem      = ListCVEs;
                    vulnerabilityFound.Result        = HelperGetChildInnerText(n, "Details");
                    vulnerabilityFound.Consequence   = HelperGetChildInnerText(n, "Impact");
                    vulnerabilityFound.Solution      = HelperGetChildInnerText(n, "Recommendation");
                    //DetailedInformation
                    vulnerabilityFound.DetailedInformation = HelperGetChildInnerText(n, "DetailedInformation");

                    //TODO
                    bool   PatchUpgrade = false;
                    string MSPatch      = "";


                    int etat = VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, m_JobId, "acunetix", model);
                    if (etat == -1)
                    {
                        Utils.Helper_Trace("XORCISM PROVIDER ACUNETIX", string.Format("CANNOT IMPORT THIS ASSET !!!! "));
                    }
                }
            }
        }
示例#8
0
            public void parse()
            {
                Assembly a;
                a = Assembly.GetExecutingAssembly();

                Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "Assembly location = " + a.Location);

                XmlDocument doc = new XmlDocument();

                #region HackCenzic
                /*
                string filename;
                filename = @"C:\Cenzic_webscan.xml";             //Hardcoded

                doc.Load(filename);

                Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("HackFile should be located at : " + filename));
                */
                #endregion

                // ============================================
                // Parse the XML Document and populate the database
                // ============================================

                string protocol = string.Empty;
                //int port = -1;
                string service = string.Empty;
                //bool PatchUpgrade = false;
                //string title;
                //string MSPatch = "";
                //string Solution;

                m_data = m_data.Replace("Configurable format #", "Configurable");   //Hardcoded
                Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("m_data = {0}", m_data));
                try
                {
                    Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "Loading the XML document");

                    doc.LoadXml(m_data);

                }
                catch (Exception ex)
                {
                    Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Exception = {0} / {1}", ex.Message, ex.InnerException == null ? "" : ex.InnerException.Message));
                }

                XORCISMEntities model;
                model = new XORCISMEntities();

                string query = "/AssessmentRunData/SmartAttacks/SmartAttacksData";  //Hardcoded

                XmlNodeList report;
                report = null;
                try
                {
                    report = doc.SelectNodes(query);
                }
                catch (Exception ex)
                {
                    Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Error SelectNodes({0}) : Exception = {1}", query, ex.Message));
                    return;
                }

                //We should retrieve the target for an import
                string m_target = string.Empty;
                string patterntoken = "<Url>(.*?)</Url>";
                MatchCollection matchesurl = Regex.Matches(m_data, patterntoken);
                foreach (Match match in matchesurl)
                {
                    m_target = match.Value.Replace("<Url>", "").Replace("</Url>", "");
                    //Console.WriteLine(mytoken);
                    Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "target: " + m_target);
                }

                int myPort = 80;
                if (m_target.Contains("https://"))
                {
                    myPort = 443;
                }
                //Check if we have a custom port, ex: http://10.20.30.40:8080/test
                string strTargetTest = m_target;
                strTargetTest = strTargetTest.Replace("http://", "");
                strTargetTest = strTargetTest.Replace("https://", "");
                try
                {
                    if (strTargetTest.Contains(":"))
                    {
                        char[] splitter = { ':' };
                        string[] strSplit = strTargetTest.Split(splitter);
                        strTargetTest = strSplit[1];
                        if (strTargetTest.Contains("/"))
                        {
                            strSplit = strTargetTest.Split(new Char[] { '/' });
                            strTargetTest = strSplit[0];
                        }
                        try
                        {
                            myPort = Convert.ToInt32(strTargetTest);
                        }
                        catch (FormatException e)
                        {
                            Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", strTargetTest + " is not a sequence of digits.");
                        }
                        Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Custom Port:{0}", strTargetTest));
                    }
                    else
                    {
                        if (strTargetTest.Contains("/"))
                        {
                            string[] strSplit = strTargetTest.Split(new Char[] { '/' });
                            strTargetTest = strSplit[0];
                            if (m_target.Contains("https://"))
                            {
                                m_target = "https://" + strTargetTest;
                            }
                            if (m_target.Contains("http://"))
                            {
                                m_target = "http://" + strTargetTest;
                            }
                        }
                    }
                }
                catch (Exception ex)
                {
                    Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Error in strTargetTest : Exception = {0}", ex.Message));
                }

                Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "the m_target=" + m_target);

                // ===============================================
                // If necessary, creates an asset in the database
                // ===============================================
                //TODO
                var myass = from ass in model.ASSET
                            where ass.ipaddressIPv4 == m_target //&& ass.AccountID == m_AccountID
                            select ass;
                ASSET asset = myass.FirstOrDefault();

                if (asset == null)
                {
                    Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "Creates a new entry in table ASSET for this IP");

                    asset = new ASSET();
                    //asset.AccountID = m_AccountID;
                    asset.AssetName = m_target;
                    asset.AssetDescription = m_target;
                    asset.ipaddressIPv4 = m_target;
                    asset.Enabled = true;
                    //asset.JobID = m_jobId;

                    model.ASSET.Add(asset);
                    model.SaveChanges();
                }
                else
                {
                    Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "This IP already corresponds to an existing asset");
                }

                int m_assetId = asset.AssetID;
                int m_sessionId = (int)model.JOB.Single(x => x.JobID == m_jobId).SessionID;

                Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "Creating ASSETINSESSION reference");
                ASSETSESSION assinsess = new ASSETSESSION();
                assinsess.AssetID = asset.AssetID;
                assinsess.SessionID = m_sessionId;  // model.JOB.Single(x => x.JobID == m_jobId).SessionID;
                model.ASSETSESSION.Add(assinsess);
                model.SaveChanges();

                Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "Update JOB with ASSETINSESSIONID");
                JOB daJob = model.JOB.Single(x => x.JobID == m_jobId);
                daJob.AssetSessionID = assinsess.AssetSessionID;
                model.SaveChanges();

                VulnerabilityEndPoint vulnerabilityEndPoint = new VulnerabilityEndPoint();
                vulnerabilityEndPoint.IpAdress = m_target;
                vulnerabilityEndPoint.Protocol = "TCP"; // "http";
                vulnerabilityEndPoint.Port = myPort;
                vulnerabilityEndPoint.Service = "WWW";

                int myEndpointID = 0;
                var testEndpoint = from e in model.ENDPOINT
                                   where e.AssetID == m_assetId && e.SessionID == m_sessionId
                                   select e;
                if (testEndpoint.Count() == 0)
                {
                    ENDPOINT newEndpoint = new ENDPOINT();
                    newEndpoint.AssetID = m_assetId;
                    newEndpoint.SessionID = m_sessionId;
                    newEndpoint.ProtocolName = "TCP"; // "http";
                    newEndpoint.PortNumber = myPort;
                    newEndpoint.Service = "WWW";
                    model.ENDPOINT.Add(newEndpoint);
                    model.SaveChanges();
                    myEndpointID = newEndpoint.EndPointID;
                }
                else
                {
                    myEndpointID = testEndpoint.FirstOrDefault().EndPointID;
                }
                Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("myEndpointID:{0}", myEndpointID));

                Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("JobID:" + m_jobId + " Found {0} SmartAttacks to parse", report.Count));

                foreach (XmlNode reportHost in report)
                {
                    // ==================================
                    // Handle every SmartAttacksData tag
                    // ==================================

                    string myInnerXml = string.Empty;
                    string myTitle = string.Empty;
                    string myDescription = string.Empty;
                    string myConsequence = string.Empty;
                    string myResult = string.Empty;
                    string mySolution = string.Empty;

                    string myCVE = string.Empty;
                    MatchCollection myCVEs;
                    string myPCI = string.Empty;
                    string myMessage = string.Empty;

                    foreach (XmlNode n in reportHost.ChildNodes)
                    {
                        //SmartAttackInfo
                        //ReportItems
                        XmlNodeList Childs = n.ChildNodes;

                        Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Coucou 1"));
                        try
                        {
                            if (n.Name == "SmartAttackInfo")
                            {
                                myInnerXml = n.OuterXml;
                                myTitle = HelperGetChildInnerText(n, "SmartAttackName");
                                Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("JobID:" + m_jobId + " Found SmartAttackName:{0}", myTitle));
                                Regex myRegex = new Regex("PCI [0-9].[0-9].[0-9]");

                                myPCI = myRegex.Match(myTitle).ToString();
                                if (myPCI != "")
                                {
                                    Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "PCI=" + myPCI);
                                }

                                //Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("myInnerXml:{0}", myInnerXml));
                                //Hardcoded
                                myDescription = HelperGetChildInnerText(n, "Description");
                                myConsequence = HelperGetChildInnerText(n, "HowItWorks");
                                myResult = HelperGetChildInnerText(n, "Impact");
                                mySolution = HelperGetChildInnerText(n, "Remediation");
                            }
                        }
                        catch (Exception ex)
                        {
                            Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("JobID:" + m_jobId + " Error in SmartAttackInfo : Exception = {0}", ex.Message));
                        }
                        if (n.Name == "ReportItems")
                        {
                            Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Coucou 2"));
                            foreach (XmlNode x in n.ChildNodes)
                            {
                                //HARDCODED
                                //ReportItem
                                foreach (XmlNode ReportItem in x.ChildNodes)
                                {
                                    myMessage = "";
                                    if (ReportItem.Name == "ReportItemType")
                                    {
                                        //Pass
                                        if (ReportItem.InnerText == "Information")
                                        {
                                            try
                                            {
                                                //TODO
                                                /*
                                                Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Information"));
                                                INFORMATION newInformation = new INFORMATION();
                                                //newInformation.InnerXml
                                                newInformation.Title = myTitle;
                                                newInformation.Description = myDescription;
                                                newInformation.Consequence = myConsequence;
                                                newInformation.Result = myResult;
                                                newInformation.Solution = mySolution;
                                                newInformation.Severity = HelperGetChildInnerText(x, "Severity");
                                                newInformation.HarmScore = int.Parse(HelperGetChildInnerText(x, "HarmScore"));
                                                myMessage = HelperGetChildInnerText(x, "Message");
                                                newInformation.Message = myMessage;
                                                //TODO A FAIRE
                                                //Matching avec les références
                                                //http://www.securityfocus.com/bid/43140/info
                                                //http://www.securityfocus.com/bid/43140/solution
                                                newInformation.Url = HelperGetChildInnerText(x, "Url");
                                                newInformation.rawrequest = HelperGetChildInnerText(x, "HttpRequest");
                                                newInformation.rawresponse = HelperGetChildInnerText(x, "HttpResponse");
                                                if (myPCI != "")
                                                {
                                                    newInformation.PCI_FLAG = true;
                                                }
                                                newInformation.JobID = m_jobId;
                                                newInformation.EndPointID = myEndpointID;
                                                model.AddToINFORMATION(newInformation);
                                                model.SaveChanges();
                                                */
                                            }
                                            catch (Exception ex)
                                            {
                                                Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("JobID:" + m_jobId + " Error in Information : Exception = {0}. {1}", ex.Message, ex.InnerException));
                                            }
                                        }
                                        if (ReportItem.InnerText == "Warning")
                                        {
                                            try
                                            {
                                                Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Warning"));
                                                VulnerabilityFound vulnerabilityFound = new VulnerabilityFound();
                                                vulnerabilityFound.InnerXml = myInnerXml;
                                                vulnerabilityFound.Title = myTitle;
                                                Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Adding SmartAttackName:{0}", myTitle));
                                                vulnerabilityFound.Description = myDescription;
                                                vulnerabilityFound.Consequence = myConsequence;
                                                vulnerabilityFound.Result = myResult;
                                                vulnerabilityFound.Solution = mySolution;

                                                if (myPCI != "")
                                                {
                                                    vulnerabilityFound.PCI_FLAG = true;
                                                }

                                                //ReportItemCreateDate
                                                vulnerabilityFound.Severity = HelperGetChildInnerText(x, "Severity");
                                                //Low, Medium, High
                                                //Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("WARNING Severity:{0}", HelperGetChildInnerText(x, "Severity")));
                                                vulnerabilityFound.HarmScore = int.Parse(HelperGetChildInnerText(x, "HarmScore"));
                                                //Count
                                                myMessage=HelperGetChildInnerText(x, "Message");
                                                //vulnerabilityFound.Message = myMessage; //not exact because same VULNERABILITY will have various Messages
                                                vulnerabilityFound.rawresponse = myMessage;

                                                    //Regex objNaturalPattern = new Regex("CVE-[0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9]");
                                                    Regex myRegexCVE = new Regex(@"CVE-(19|20)\d\d-(0\d{3}|[1-9]\d{3,})");  //TODO: Update this?
                                                    //https://cve.mitre.org/cve/identifiers/tech-guidance.html
                                                    /*
                                                    myCVE = objNaturalPattern.Match(myMessage).ToString();
                                                    if (myCVE != "")
                                                    {
                                                        Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "CVE=" + myCVE);
                                                    }
                                                    */
                                                    List<VulnerabilityFound.Item> l;
                                                    l = new List<VulnerabilityFound.Item>();
                                                    myCVEs = myRegexCVE.Matches(myMessage);
                                                    foreach (Match match in myCVEs)
                                                    {
                                                        foreach (Capture capture in match.Captures)
                                                        {
                                                            Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Index={0}, CVE={1}", capture.Index, capture.Value));
                                                            VulnerabilityFound.Item item;
                                                            item = new VulnerabilityFound.Item();
                                                            item.Value = capture.Value;
                                                            item.ID = "cve";
                                                            l.Add(item);
                                                        }
                                                    }
                                                    vulnerabilityFound.ListItem = l;

                                                vulnerabilityFound.Url = HelperGetChildInnerText(x, "Url");
                                                Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Url={0}", HelperGetChildInnerText(x, "Url")));
                                                vulnerabilityFound.rawrequest = HelperGetChildInnerText(x, "HttpRequest");
                                                //vulnerabilityFound.rawresponse = HelperGetChildInnerText(x, "HttpResponse");
                                                //StructuredData

                                                //*** Compliances? voir en bas
                                                //http://www.cenzic.com/downloads/Cenzic_CWE.pdf
                                                int VulnID = VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, m_jobId, "cenzic", model);
                                            }
                                            catch (Exception ex)
                                            {
                                                Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("JobID:" + m_jobId + " Error in Warning : Exception = {0}. {1}", ex.Message, ex.InnerException));
                                            }
                                        }
                                        if (ReportItem.InnerText == "Vulnerable")
                                        {
                                            try
                                            {
                                                Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Vulnerable"));
                                                VulnerabilityFound vulnerabilityFound = new VulnerabilityFound();
                                                vulnerabilityFound.InnerXml = myInnerXml;
                                                vulnerabilityFound.Title = myTitle;
                                                Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Adding SmartAttackName:{0}", myTitle));
                                                vulnerabilityFound.Description = myDescription;
                                                vulnerabilityFound.Consequence = myConsequence;
                                                vulnerabilityFound.Result = myResult;
                                                vulnerabilityFound.Solution = mySolution;

                                                //ReportItemCreateDate
                                                vulnerabilityFound.Severity = HelperGetChildInnerText(x, "Severity");
                                                //Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("VULNERABLE Severity:{0}", HelperGetChildInnerText(x, "Severity")));
                                                vulnerabilityFound.HarmScore = int.Parse(HelperGetChildInnerText(x, "HarmScore"));
                                                //Count
                                                myMessage = HelperGetChildInnerText(x, "Message");
                                                //vulnerabilityFound.Message = myMessage;
                                                vulnerabilityFound.rawresponse = myMessage;

                                                    //Regex objNaturalPattern = new Regex("CVE-[0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9]");
                                                Regex myRegexCVE = new Regex(@"CVE-(19|20)\d\d-(0\d{3}|[1-9]\d{3,})");
                                                //https://cve.mitre.org/cve/identifiers/tech-guidance.html
                                                    /*
                                                    myCVE = objNaturalPattern.Match(myMessage).ToString();
                                                    if (myCVE != "")
                                                    {
                                                        Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "CVE=" + myCVE);
                                                    }
                                                    */

                                                    List<VulnerabilityFound.Item> l;
                                                    l = new List<VulnerabilityFound.Item>();
                                                    myCVEs = myRegexCVE.Matches(myMessage);
                                                    foreach (Match match in myCVEs)
                                                    {
                                                        foreach (Capture capture in match.Captures)
                                                        {
                                                            Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Index={0}, CVE={1}", capture.Index, capture.Value));
                                                            VulnerabilityFound.Item item;
                                                            item = new VulnerabilityFound.Item();
                                                            item.Value = capture.Value;
                                                            item.ID = "cve";
                                                            l.Add(item);
                                                        }
                                                    }
                                                    vulnerabilityFound.ListItem = l;

                                                vulnerabilityFound.Url = HelperGetChildInnerText(x, "Url");
                                                Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Url={0}", HelperGetChildInnerText(x, "Url")));
                                                vulnerabilityFound.rawrequest = HelperGetChildInnerText(x, "HttpRequest");
                                                //vulnerabilityFound.rawresponse = HelperGetChildInnerText(x, "HttpResponse");
                                                //StructuredData

                                                if (myPCI != "")
                                                {
                                                    //TODO
                                                    /*
                                                    vulnerabilityFound.PCI_FLAG = true;
                                                    int VulnID = VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, m_jobId, "cenzic", model);

                                                    List<int> myIds = new List<int>();
                                                    var id = from o in model.COMPLIANCECATEG
                                                             where o.Title == myTitle &&
                                                             o.COMPLIANCE.Title == "PCIDSS"
                                                             select o.ComplianceCategID;
                                                    int Id = id.FirstOrDefault();

                                                    myIds.Add(Id);

                                                    List<int> Compliances = new List<int>();
                                                    Compliances = myIds;
                                                    Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Vulnerability persisted , VulnID = {0} & Compliance count = {1}", VulnID, Compliances.Count));
                                                    var V = from tmpVuln in model.VULNERABILITYFOUND
                                                            where tmpVuln.VulnerabilityFoundID == VulnID
                                                            select tmpVuln;

                                                    VULNERABILITYFOUND VF = V.FirstOrDefault();

                                                    foreach (int i in Compliances)
                                                    {
                                                        Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Categorie Compliance => ", i));
                                                        var C = from Comp in model.COMPLIANCECATEG
                                                                where Comp.ComplianceCategID == i
                                                                select Comp;

                                                        COMPLIANCECATEG myCompliance = new COMPLIANCECATEG();
                                                        myCompliance = C.FirstOrDefault();

                                                        VF.COMPLIANCECATEG.Add(myCompliance);

                                                        model.SaveChanges();
                                                        Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", "Mapping Compliance-Vulnerability Added");
                                                    }
                                                    */
                                                }
                                                else
                                                {
                                                    int VulnID = VulnerabilityPersistor.Persist(vulnerabilityFound, vulnerabilityEndPoint, m_jobId, "cenzic", model);
                                                }
                                            }
                                            catch (Exception ex)
                                            {
                                                Utils.Helper_Trace("XORCISM PROVIDER Cenzic Import", string.Format("Error in Vulnerable : Exception = {0}. {1}", ex.Message, ex.InnerException));
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }