forked from dancollins84/dbsec
-
Notifications
You must be signed in to change notification settings - Fork 0
/
master_parse.py
executable file
·219 lines (179 loc) · 8.21 KB
/
master_parse.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
#! usr/bin/env python
# Import Statements
import sys
from lxml import etree
# Invoke script by passing nmap .xml file and Nessus .nessus file. Ex., 'python dbsec_parser.py scan.xml scan.nessus'
def main (nmap_filepath, nessus_filepath):
nmap_tree = etree.parse(nmap_filepath)
nessus_tree = etree.parse(nessus_filepath)
scan_data_tag = etree.Element("scan_data") # root xml tag
# The following code parses the nmap data and creates the discovery xml for the discovery table
discovery_tag = etree.SubElement(scan_data_tag, "discovery")
disc_id = 0
for host in nmap_tree.xpath("host"):
for address in host.xpath("address"):
if address.attrib.get("addrtype") == "ipv4":
addr_value = address.attrib.get("addr")
for status in host.xpath("status"):
if status.attrib.get("state") == "up":
for ports in host.xpath("ports"):
for port in ports.xpath("port"):
for state in port.xpath("state"):
if state.attrib.get("state") != "filtered":
port_value = port.attrib.get("portid")
protocol_value = port.attrib.get("protocol")
state_value = state.attrib.get("state")
for service in port.xpath("service"):
service_name = service.attrib.get("name")
disc_host_tag = etree.SubElement(discovery_tag, "disc_host")
disc_id_tag = etree.SubElement(disc_host_tag, "disc_id")
disc_id_tag.text = str(disc_id)
disc_id += 1
disc_host_ip_tag = etree.SubElement(disc_host_tag, "host_ip")
disc_host_ip_tag.text = addr_value
port_num_tag = etree.SubElement(disc_host_tag, "port_num")
port_num_tag.text = port_value
protocol_tag = etree.SubElement(disc_host_tag, "protocol")
protocol_tag.text = protocol_value
state_tag = etree.SubElement(disc_host_tag, "port_state")
state_tag.text = state_value
service_tag = etree.SubElement(disc_host_tag, "service")
service_tag.text = service_name
# The following code parses the nessus file and creates the hosts xml for the hosts table
hosts_tag = etree.SubElement(scan_data_tag, "hosts")
host_ip_value = ''
host_name_value = ''
host_os_value = ''
host_mac_value = ''
for Report in nessus_tree.xpath("Report"):
for ReportHost in Report.xpath("ReportHost"):
for HostProperties in ReportHost.xpath("HostProperties"):
for tag in HostProperties.xpath("tag"):
if tag.attrib.get("name") == "host-ip":
host_ip_value = tag.text
if tag.attrib.get("name") == "host-fqdn":
host_name_value = tag.text
if tag.attrib.get("name") == "operating-system":
host_os_value = tag.text
if tag.attrib.get("name") == "mac-address":
host_mac_value = tag.text
host_tag = etree.SubElement(hosts_tag, "host")
host_ip_tag = etree.SubElement(host_tag, "host_ip")
host_ip_tag.text = host_ip_value
host_name_tag = etree.SubElement(host_tag, "host_name")
host_name_tag.text = host_name_value
host_os_tag = etree.SubElement(host_tag, "host_os")
host_os_tag.text = host_os_value
host_mac_tag = etree.SubElement(host_tag, "mac_address")
host_mac_tag.text = host_mac_value
host_ip_value = ''
host_name_value = ''
host_os_value = ''
host_mac_value = ''
# The following code parses the nessus file and creates the software xml for the software table
software_tag = etree.SubElement(scan_data_tag, "software")
software_id = 0
for Report in nessus_tree.xpath("Report"):
for ReportHost in Report.xpath("ReportHost"):
for HostProperties in ReportHost.xpath("HostProperties"):
for tag in HostProperties.xpath("tag"):
if tag.attrib.get("name") == "host-ip":
host_ip_tag_value = tag.text
for tag in HostProperties.xpath("tag"):
if tag.attrib.get("name").startswith("cpe"):
tag_value = tag.text
cpe_newline_split = tag_value.split("\n")
for elem in cpe_newline_split:
cpe_colon_split = elem.split(":")
cpe_colon_split[0] = host_ip_tag_value
for i in range (1, 6):
if i > len(cpe_colon_split):
cpe_colon_split.append("")
cpe_tag = etree.SubElement(software_tag, "cpe")
software_id_tag = etree.SubElement(cpe_tag, "software_id")
software_id_tag.text = str(software_id)
software_id += 1
host_ip_tag = etree.SubElement(cpe_tag, "host_ip")
host_ip_tag.text = cpe_colon_split[0]
part_tag = etree.SubElement(cpe_tag, "part")
part_tag.text = cpe_colon_split[1]
vendor_tag = etree.SubElement(cpe_tag, "vendor")
vendor_tag.text = cpe_colon_split[2]
product_tag = etree.SubElement(cpe_tag, "product")
product_tag.text = cpe_colon_split[3]
version_tag = etree.SubElement(cpe_tag, "version")
version_tag.text = cpe_colon_split[4]
# The following code parses the nessus file and creates the vulnerabilities xml for the vulnerabilities table
vulns_tag = etree.SubElement(scan_data_tag, "vulnerabilities")
vuln_id = 0
for Report in nessus_tree.xpath("Report"):
for ReportHost in Report.xpath("ReportHost"):
severity_tag_value = ''
plugin_tag_value = ''
plugin_family_tag_value = ''
vunl_name_tag_value = ''
desc_tag_value = ''
plugin_date_tag_value = ''
cvss_base_tag_value = ''
cvss_temp_tag_value = ''
exploitable_tag_value = ''
for HostProperties in ReportHost.xpath("HostProperties"):
for tag in HostProperties.xpath("tag"):
if tag.attrib.get("name") == "host-ip":
vuln_host_ip_tag_value = tag.text
for ReportItem in ReportHost.xpath("ReportItem"):
severity_tag_value = ReportItem.attrib.get("severity")
plugin_tag_value = ReportItem.attrib.get("pluginID")
plugin_family_tag_value = ReportItem.attrib.get("pluginFamily")
vuln_name_tag_value = ReportItem.attrib.get("pluginName")
for description in ReportItem.xpath("description"):
desc_tag_value = description.text
for plugin_publication_date in ReportItem.xpath("plugin_publication_date"):
plugin_date_tag_value = plugin_publication_date.text
for cvss_base in ReportItem.xpath("cvss_base_score"):
cvss_base_tag_value = cvss_base.text
for cvss_temp in ReportItem.xpath("cvss_temporal_score"):
cvss_temp_tag_value = cvss_temp.text
for exploitable in ReportItem.xpath("exploit_available"):
exploitable_tag_value = exploitable.text
vuln_tag = etree.SubElement(vulns_tag, "vulnerability")
vuln_id_tag = etree.SubElement(vuln_tag, "vuln_id")
vuln_id_tag.text = str(vuln_id)
vuln_id += 1
vuln_host_ip_tag = etree.SubElement(vuln_tag, "host_ip")
vuln_host_ip_tag.text = vuln_host_ip_tag_value
severity_tag = etree.SubElement(vuln_tag, "severity")
severity_tag.text = severity_tag_value
vuln_name_tag = etree.SubElement(vuln_tag, "vuln_name")
vuln_name_tag.text = vuln_name_tag_value
desc_tag = etree.SubElement(vuln_tag, "desc")
desc_tag.text = desc_tag_value
plugin_tag = etree.SubElement(vuln_tag, "plugin")
plugin_tag.text = plugin_tag_value
plugin_family_tag = etree.SubElement(vuln_tag, "plugin_family")
plugin_family_tag.text = plugin_family_tag_value
cvss_base_tag = etree.SubElement(vuln_tag, "cvss_base")
cvss_base_tag.text = cvss_base_tag_value
cvss_temp_tag = etree.SubElement(vuln_tag, "cvss_temp")
cvss_temp_tag.text = cvss_temp_tag_value
exploitable_tag = etree.SubElement(vuln_tag, "exploitable")
exploitable_tag.text = exploitable_tag_value
# The following code parses the nessus file and creates the cve xml for the cve table
cves_tag = etree.SubElement(scan_data_tag, "CVEs")
cve_id = 0
for Report in nessus_tree.xpath("Report"):
for ReportHost in Report.xpath("ReportHost"):
for ReportItem in ReportHost.xpath("ReportItem"):
cve_plugin_tag_value = ReportItem.attrib.get("pluginID")
for cve in ReportItem.xpath("cve"):
cve_tag = etree.SubElement(cves_tag, "cve")
cve_id_tag = etree.SubElement(cve_tag, "cve_id")
cve_id_tag.text = str(cve_id)
cve_id += 1
cve_plugin_tag = etree.SubElement(cve_tag, "plugin")
cve_plugin_tag.text = cve_plugin_tag_value
cve_tag = etree.SubElement(cve_tag, "cve_num")
cve_tag.text = cve.text
print(etree.tostring(scan_data_tag, pretty_print=True)) #print to console
if __name__ == "__main__":
main(sys.argv[1], sys.argv[2])