From 19beafe009a90337ed33e039392c3265a87f40de Mon Sep 17 00:00:00 2001 From: root Date: Thu, 23 Apr 2015 12:04:02 +0500 Subject: [PATCH 1/2] scan_export_status patch for issue 5217 --- lib/nessus/nessus-xmlrpc.rb | 7 +---- plugins/nessus.rb | 53 +++++++++++++++++++++++++------------ 2 files changed, 37 insertions(+), 23 deletions(-) diff --git a/lib/nessus/nessus-xmlrpc.rb b/lib/nessus/nessus-xmlrpc.rb index 58e48e15c0..075e951b00 100644 --- a/lib/nessus/nessus-xmlrpc.rb +++ b/lib/nessus/nessus-xmlrpc.rb @@ -181,12 +181,7 @@ module Nessus request = Net::HTTP::Get.new("/scans/#{scan_id}/export/#{file_id}/status") request.add_field("X-Cookie", @token) res = @connection.request(request) - if res.code == "200" - return "ready" - else - res = JSON.parse(res.body) - return res - end + return res.code, JSON.parse(res.body) end def policy_delete(policy_id) diff --git a/plugins/nessus.rb b/plugins/nessus.rb index 426ec5b939..63af13f2b4 100644 --- a/plugins/nessus.rb +++ b/plugins/nessus.rb @@ -4,20 +4,21 @@ require 'rex/parser/nessus_xml' module Msf - PLUGIN_NAME = 'Nessus' - PLUGIN_DESCRIPTION = 'Nessus Bridge for Metasploit' - class Plugin::Nessus < Msf::Plugin def name - PLUGIN_NAME + "Nessus" + end + + def desc + "Nessus Bridge for Metasploit" end class ConsoleCommandDispatcher include Msf::Ui::Console::CommandDispatcher def name - PLUGIN_NAME + "Nessus" end def xindex @@ -450,7 +451,7 @@ module Msf print_status("Returns a list of information about the scan or policy templates..") return end - if type.in?(['scan', 'policy']) + if type.downcase.in?(['scan', 'policy']) list=@n.list_template(type) else print_error("Only scan and policy are valid templates") @@ -1183,7 +1184,7 @@ module Msf when 2 scan_id = args[0] category = args[1] - if category.in?(['info', 'hosts', 'vulnerabilities', 'history']) + if category.downcase.in?(['info', 'hosts', 'vulnerabilities', 'history']) category = args[1] else print_error("Invalid category. The available categories are info, hosts, vulnerabilities, and history") @@ -1274,9 +1275,13 @@ module Msf file_id = export["file"] print_good("The export file ID for scan ID #{scan_id} is #{file_id}") print_status("Checking export status...") - status = @n.scan_export_status(scan_id, file_id) - if status == "ready" - print_good("The status of scan ID #{scan_id} export is ready") + code, body = @n.scan_export_status(scan_id, file_id) + if code == "200" + if body =~ /ready/ + print_good("The status of scan ID #{scan_id} export is ready") + else + print_status("Scan result not ready for download. Please check again after a few seconds") + end else print_error("There was some problem in exporting the scan. The error message is #{status}") end @@ -1301,12 +1306,7 @@ module Msf when 2 scan_id = args[0] file_id = args[1] - status = @n.scan_export_status(scan_id, file_id) - if status == "ready" - print_status("The status of scan ID #{scan_id} export is ready") - else - print_error("There was some problem in exporting the scan. The error message is #{status}") - end + check_export_status(scan_id, file_id) else print_status("Usage: ") print_status("nessus_scan_export_status ") @@ -1314,6 +1314,25 @@ module Msf end end + def check_export_status(scan_id, file_id, attempt = 0) + code, body = @n.scan_export_status(scan_id, file_id) + if code == "200" + if body.to_s =~ /ready/ + print_status("The status of scan ID #{scan_id} export is ready") + else + if attempt < 3 + print_status("Scan result not ready for download. Checking again...") + select(nil, nil, nil, 1) + attempt = attempt + 1 + print_error("Current value of attempt is #{attempt}") + check_export_status(scan_id, file_id, attempt) + end + end + else + print_error("There was some problem in exporting the scan. The error message is #{body}") + end + end + def cmd_nessus_plugin_list(*args) if args[0] == "-h" print_status("nessus_plugin_list ") @@ -1668,7 +1687,7 @@ module Msf def initialize(framework, opts) super add_console_dispatcher(ConsoleCommandDispatcher) - print_status(PLUGIN_DESCRIPTION) + print_status("Nessus Bridge for Metasploit") print_status("Type %bldnessus_help%clr for a command listing") end From 624adbaaca3cf863672362f007a82840e45e081b Mon Sep 17 00:00:00 2001 From: root Date: Thu, 23 Apr 2015 12:07:59 +0500 Subject: [PATCH 2/2] Consistent downcase comparison --- plugins/nessus.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/nessus.rb b/plugins/nessus.rb index 63af13f2b4..a5e90444cd 100644 --- a/plugins/nessus.rb +++ b/plugins/nessus.rb @@ -1261,7 +1261,7 @@ module Msf case args.length when 2 scan_id = args[0] - format = args[1].downcase + format = args[1] else print_status("Usage: ") print_status("nessus_scan_export ") @@ -1269,7 +1269,7 @@ module Msf print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs") return end - if format.in?(['nessus','html','pdf','csv','db']) + if format.downcase.in?(['nessus','html','pdf','csv','db']) export = @n.scan_export(scan_id, format) if export["file"] file_id = export["file"]