Nmap script output not parsed.
bjhijmans opened this issue · comments
Is your feature request related to a problem? Please describe
We're trying to import Nmap scans using the parser and we found that a bunch of data isn't being imported. Specifically, the outputs of scripts that are run on ports are not included in the findings, except for the vulners script.
Since we already create a finding for each port, and the scripts are run per port, I don't see a reason not to include at least the raw output of each script in that finding.
Describe the solution you'd like
This scan output https://github.com/DefectDojo/django-DefectDojo/blob/master/unittests/scans/nmap/issue4406.xml already has several scripts in it that are ignored, namely "fingerprint-strings" and "rpcinfo". I was asked specifically for data in "ssl-cert" and "smtp-commands".
I think the simplest solution is just to loop over all the scripts (except vulners) and add something like this to the description field:
**Script <scriptname>**
<raw script output>
I'm not picky about the formatting. It shouldn't be too hard to add that to the parser https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/tools/nmap/parser.py.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you have considered.
Additional context
Here's an example of a script output from the issue4406.xml file already in the project:
<port protocol="tcp" portid="111">
<state state="open" reason="syn-ack" reason_ttl="64"/>
<service name="rpcbind" version="2-4" extrainfo="RPC #100000" method="probed" conf="10"/>
<script id="rpcinfo"
output="
 program version port/proto service
 100000 2,3,4 111/tcp rpcbind
 100000 2,3,4 111/udp rpcbind
 100000 3,4 111/tcp6 rpcbind
 100000 3,4 111/udp6 rpcbind
">
<table key="100000">
<table key="tcp">
<elem key="owner">superuser</elem>
<elem key="port">111</elem>
<elem key="addr">0.0.0.0</elem>
<table key="version">
<elem>2</elem>
<elem>3</elem>
<elem>4</elem>
</table>
</table>
...
</table>
</script>
</port>
The formatted table data is complicated to import into markdown, but the output should be easy enough.
See PR @bjhijmans
Looks good. Thanks for the help @manuel-sommer 👍
This can be closed @mtesauro