fix: Fixed a typo in McAfee software detection.

Nessus 8.2 can accommodate invalid XML tags.  In plugin 86067, it now includes a tag <ssl/chain/sha-1>{data}</ssl/chain/sha-1>.  The forward slashes in the opening tag cause the PHP stream parser to barf.  I added a regex to remove tags with forward slashes in the tag that don't appear as the first character after the less than sign.  As a result, this will also remove <attachment> tag items because the <attachment> tag also includes a "type" attribute that contains the MIME type of the attachment file.  Not a big deal though because we are not using the attachments.  If we decide to grab those as well, we will have to change this regex to make it work.

config.inc

@@ -17,6 +17,7 @@
  *  - Jun 2, 2018 - Added new STIG_EXCLUSIONS constant to permanently exclude STIGs
  *  - Aug 28, 2018 - Updated constants for 1.3.3 release
  *  - Jan 15, 2019 - Updated constants for 1.3.4 release
+ *  - Jan 19, 2019 - Updated constants for 1.4.0 release
  */
 // @new
 /**
@@ -31,8 +32,8 @@ define('E_DEBUG', 65535);
 define('DOC_ROOT', '{DOC_ROOT}');
 define('PWD_FILE', '{PWD_FILE}');
 define('TMP', '{TMP_PATH}');
-define('VER', '1.3.4');
-define('REL_DATE', '2019-01-15');
+define('VER', '1.4.0');
+define('REL_DATE', '2019-12-31');
 define('LOG_LEVEL', '{E_ERROR}');
 define('LOG_PATH', '{LOG_PATH}');
 define('SALT', '{SALT}');

exec/parse_nessus.php

@@ -148,7 +148,8 @@ class nessus_parser extends scan_xml_parser
         "cpe:\/o:microsoft:windows_2003_server::sp([\d]).*" => "cpe:/o:microsoft:windows_2003_server:-:sp$1",
         "cpe:\/o:microsoft:windows_server_2008:r2::x64.*"   => "cpe:/o:microsoft:windows_server_2008:r2",
         "cpe:\/o:redhat:enterprise_linux:([\d]+)::.*"       => "cpe:/o:redhat:enterprise_linux:$1",
-        "cpe:\/o:sun:sunos:([\d]+)::x([\d]+).*"             => "cpe:/o:oracle:solaris:$1",
+        "cpe:\/o:sun:sunos:([\d]+)::.*"             		=> "cpe:/o:oracle:solaris:$1",
+        "cpe:\/o:vmware:esx_server.*" 						=> "cpe:/o:vmware:esxi:5.0",
         "cpe:\/o:centos:centos:([\d]+).*"                   => "cpe:/o:centos:centos:$1",
     ];
 

exec/parse_nmap.php

@@ -94,7 +94,13 @@ foreach ($lines as $line_num => $line) {
     $line = trim($line, "\t\n\r"); # chomp would be nice...
     $matches = [];
     if (!isset($filetype)) {
-        if (preg_match('/Starting|\-oN/', $line)) {
+        if (preg_match('/\.nmap/', $cmd['f'])) {
+            $filetype = "text";
+        }
+        elseif (preg_match('/\.gnmap/', $cmd['f'])) {
+            $filetype = "grep";
+        }
+        elseif (preg_match('/Starting|\-oN/', $line)) {
             $filetype = "text";
         }
         elseif (preg_match('/\-oG/', $line)) {

inc/xml_parser.inc

@@ -388,6 +388,8 @@ class scan_xml_parser
 
         $this->fh = fopen($this->file, "r");
         while ($data     = fread($this->fh, 4096)) {
+            $data = preg_replace("/\<[^\/]+\/[^\>]+\>[^\n]+\n/", "", $data);
+            
             try {
                 if (!xml_parse($this->parser, $data, feof($this->fh)) && !xml_get_error_code($this->parser)) {
                     $this->log->script_log(xml_error_string(xml_get_error_code($this->parser)), E_ERROR);
@@ -470,6 +472,11 @@ class scan_xml_parser
     }
 }
 
+/**
+ * XML Stream Parser class
+ * 
+ * @author Ryan Prather
+ */
 class basic_xml_parser
 {
 
@@ -489,6 +496,12 @@ class basic_xml_parser
     var $skip        = false;
     var $previous    = null;
 
+    /**
+     * Constructor
+     * 
+     * @param mixed $obj_in
+     * @param string $xml_fname
+     */
     function __construct($obj_in, $xml_fname)
     {
         $this->parser = xml_parser_create();
@@ -509,11 +522,13 @@ class basic_xml_parser
         $this->last_time   = microtime(true);
     }
 
-    function __destruct()
-    {
-
-    }
-
+    /**
+     * Method called when parsing the opening element
+     * 
+     * @param mixed $parser
+     * @param string $name
+     * @param array $attrs
+     */
     function startElement($parser, $name, $attrs)
     {
         $this->stack[] = str_replace("-", "_", str_replace(":", "_", $name));
@@ -539,6 +554,12 @@ class basic_xml_parser
         }
     }
 
+    /**
+     * Method called when parsing the ending element
+     * 
+     * @param mixed $parser
+     * @param string $name
+     */
     function stopElement($parser, $name)
     {
         if (method_exists($this->obj, implode("_", $this->stack) . "_end")) {
@@ -559,6 +580,12 @@ class basic_xml_parser
         array_pop($this->stack);
     }
 
+    /**
+     * Method to parse the element contents
+     * 
+     * @param mixed $parser
+     * @param string $data
+     */
     function characterData($parser, $data)
     {
         if (method_exists($this->obj, implode("_", $this->stack) . "_data") && !$this->skip) {
@@ -576,10 +603,15 @@ class basic_xml_parser
         }
     }
 
+    /**
+     * Method to start reading the file and parsing it
+     */
     function parse()
     {
         $fh   = fopen($this->file, "r");
         while ($data = fread($fh, 4096)) {
+            $data = preg_replace("/\<[^\/]+\/[^\>]+\>[^\n]+\n/", "", $data);
+            
             if (!xml_parse($this->parser, $data, feof($fh)) && !xml_get_error_code($this->parser)) {
                 print_r($this->stack);
                 $this->log->script_log(xml_error_string(xml_get_error_code($this->parser)), E_WARNING);
@@ -589,6 +621,12 @@ class basic_xml_parser
         xml_parser_free($this->parser);
     }
 
+    /**
+     * Method to output a log entry if the difference between previous call and current is more than 3 seconds
+     * 
+     * @param string $msg
+     * @param string $function
+     */
     function time_log_diff($msg, $function = null)
     {
         if (is_null($function)) {

install-dev.bat

@@ -1,101 +0,0 @@
-@echo off
-
- REM File: install-dev.bat
- REM Author: Ryan Prather, Jeff Odegard
- REM Purpose: Windows / XAMPP Installation Script
- REM Created: Jan 5, 2015
-
- REM Portions Copyright 2016-2019: Cyber Perspective, All rights reserved
- REM Released under the Apache v2.0 License
-
- REM Portions Copyright (c) 2012-2015, Salient Federal Solutions
- REM Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
- REM Released under Modified BSD License
-
- REM See license.txt for details
-
- REM Change Log:
- REM - Jan 5, 2015 - File created
- REM - Sep 1, 2016 - Copyright updated, added comments and file header
- REM - Oct 7, 2016 - Copying Windows / XAMPP config.xml
- REM - Nov 14, 2016 - Converted xcopy for config file to copy
- REM - Nov 18, 2016 - Changed file moves to copies, removed deleting existing *.cgi & *.pl script in the CGI_PATH and deleting CONF folder
- REM - Dec 12, 2016 - Removed pthreads library because it is no longer needed.
- REM				  Rename existing Apache, MySQL/mariaDB, and PHP config files to .old before copying hardened files.
- REM - Dec 13, 2016 - Fixed syntax of the rename command
- REM - Dec 19, 2016 - Fixed copy syntax for config.xml file
- REM - Jan 30, 2017 - Fixed error with copy of config-xampp-win.xml to config.xml where it required full path
- REM - Apr 5, 2017 - Added mkdir for \xampp\php\logs directory (not included when installed)
- REM - Jun 27, 2017 - Removed copy cgi-bin contents
- REM - Sep 19, 2018 - Deleting unnecessary C:\xampp\htdocs folder.
- REM - Oct 3, 2018 - Redirected deletion of htdocs folder to nul
- REM - Nov 27, 2018 - Added php-dev.ini to conf folder and added prompts to allow for development installation
- REM - Jan 10, 2019 - broke out the dev installation from install.bat and streamlined the installation process.
-
-@echo The Sagacity dev configuration installs and enables php xdebug used for troubleshooting and development work.  
-echo.
-@echo NOTE: The dev configuration will *noticably* impact Sagacity's performance.
-@echo       *** For a production environment, please use install.bat instead! ***
-@echo.
-
-@echo For your dev installation we also recommend installing QCacheGrindWin from
-@echo.
-@echo       https://sourceforge.net/projects/qcachegrindwin/
-@echo.
-
-set /p dev="Do you want to install the dev configuration? (y/N) "
-set result=0
-if "%dev%"=="Y" (set result=1)
-if "%dev%"=="y" (set result=1)
-if "%dev%"=="Yes" (set result=1)
-if "%dev%"=="YES" (set result=1)
-if "%dev%"=="yes" (set result=1)
-
-if "%result%"=="0" (
-	@echo Dev installation aborted.
-	@echo Please use install.bat for a production installation.
-	exit
-)
-
-@echo    - Create PHP log folder
-mkdir c:\xampp\php\logs
-
-@echo    - Copy Apache, MySQL/mariaDB, and PHP configuration files
-@echo    - Renaming the original config files to *.old.
-
-rename c:\xampp\mysql\bin\my.ini my.ini.old
-copy c:\xampp\www\conf\my.ini c:\xampp\mysql\bin\
-
-@echo    - Installing MySQL service
-c:\xampp\mysql\bin\mysqld --install mysql --defaults-file="c:\xampp\mysql\bin\my.ini"
-net start mysql
-
-rename c:\xampp\apache\conf\httpd.conf httpd.conf.old
-copy c:\xampp\www\conf\httpd.conf c:\xampp\apache\conf
-rename c:\xampp\apache\conf\extra\httpd-ssl.conf httpd-ssl.conf.old
-copy c:\xampp\www\conf\httpd-ssl.conf c:\xampp\apache\conf\extra
-rename c:\xampp\apache\conf\extra\httpd-xampp.conf httpd-xampp.conf.old
-copy c:\xampp\www\conf\httpd-xampp.conf c:\xampp\apache\conf\extra
-rename c:\xampp\php\php.ini php.ini.old
-
-copy c:\xampp\www\conf\php-dev.ini c:\xampp\php\php.ini
-copy c:\xampp\www\conf\php_xdebug-2.6.0-7.2-vc15.dll c:\xampp\php\ext\php_xdebug-2.6.0-7.2-vc15.dll
-
-@echo    - Deleting unnecessary C:\xampp\htdocs folder.
-del /F /S /Q c:\xampp\htdocs 1>nul
-
-@echo    - Installing Apache service
-c:\xampp\apache\bin\httpd -k install
-net start apache2.4
-
-@echo.
-@echo Thank you for installing Sagacity.  We want to know what you think!
-@echo Please contact us at https://www.cyberperspectives.com/contact_us
-@echo.
-@echo If you like this tool, please tell a friend or co-worker!
-@echo.
-
-set /p browser="Press enter to continue setup with http://localhost/setup.php"
-
-start http://localhost
-