Nmap script output not parsed.

Question

Nmap script output not parsed.

bjhijmans opened this issue 4 months ago · comments

Is your feature request related to a problem? Please describe

We're trying to import Nmap scans using the parser and we found that a bunch of data isn't being imported. Specifically, the outputs of scripts that are run on ports are not included in the findings, except for the vulners script.

Since we already create a finding for each port, and the scripts are run per port, I don't see a reason not to include at least the raw output of each script in that finding.

Describe the solution you'd like

This scan output https://github.com/DefectDojo/django-DefectDojo/blob/master/unittests/scans/nmap/issue4406.xml already has several scripts in it that are ignored, namely "fingerprint-strings" and "rpcinfo". I was asked specifically for data in "ssl-cert" and "smtp-commands".

I think the simplest solution is just to loop over all the scripts (except vulners) and add something like this to the description field:

**Script <scriptname>**

<raw script output>

I'm not picky about the formatting. It shouldn't be too hard to add that to the parser https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/tools/nmap/parser.py.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you have considered.

Additional context

Here's an example of a script output from the issue4406.xml file already in the project:

<port protocol="tcp" portid="111">
    <state state="open" reason="syn-ack" reason_ttl="64"/>
    <service name="rpcbind" version="2-4" extrainfo="RPC #100000" method="probed" conf="10"/>
    <script id="rpcinfo"
            output="&#xa;  program version    port/proto  service&#xa;  100000  2,3,4        111/tcp   rpcbind&#xa;  100000  2,3,4        111/udp   rpcbind&#xa;  100000  3,4          111/tcp6  rpcbind&#xa;  100000  3,4          111/udp6  rpcbind&#xa;">
        <table key="100000">
            <table key="tcp">
                <elem key="owner">superuser</elem>
                <elem key="port">111</elem>
                <elem key="addr">0.0.0.0</elem>
                <table key="version">
                    <elem>2</elem>
                    <elem>3</elem>
                    <elem>4</elem>
                </table>
            </table>
           
            ...

        </table>
    </script>
</port>

The formatted table data is complicated to import into markdown, but the output should be easy enough.

manuelsommer · Answer 1 · Sat Aug 10 2024 06:49:37 GMT+0800 (China Standard Time)

See PR @bjhijmans

bjhijmans · Answer 2 · Mon Aug 12 2024 15:38:05 GMT+0800 (China Standard Time)

Looks good. Thanks for the help @manuel-sommer 👍

manuelsommer · Answer 3 · Wed Aug 14 2024 03:18:02 GMT+0800 (China Standard Time)

This can be closed @mtesauro