207 lines
5.5 KiB
PHP
207 lines
5.5 KiB
PHP
<?php
|
|
/**
|
|
* File: nessus-plugin-to-database.php
|
|
* Author: Ryan Prather
|
|
* Purpose: Script to read .NASL files and import them to the database
|
|
* Created: Jan 15, 2017
|
|
*
|
|
* Copyright 2017-2018: Cyber Perspectives, LLC, All rights reserved
|
|
* Released under the Apache v2.0 License
|
|
*
|
|
* See license.txt for details
|
|
*
|
|
* Change Log:
|
|
* - Jan 15, 2017 - File created
|
|
* - Jan 31, 2017 - Competed testing, ready for prime time
|
|
* - Apr 5, 2017 - Delete file if error in parsing, check for TMP/nessus_plugins and LOG_PATH/nessus_plugins.log
|
|
* - Apr 29, 2018 - Updated to Monolog library and cleaned up script
|
|
*/
|
|
error_reporting(E_ALL);
|
|
|
|
include_once 'config.inc';
|
|
include_once "database.inc";
|
|
include_once "helper.inc";
|
|
include_once 'vendor/autoload.php';
|
|
|
|
use Monolog\Logger;
|
|
use Monolog\Handler\StreamHandler;
|
|
use Monolog\Formatter\LineFormatter;
|
|
|
|
$cmd = getopt("f:h::", ["help::", "debug::"]);
|
|
|
|
if (isset($cmd['h']) || isset($cmd['help']) || !isset($cmd['f'])) {
|
|
die(usage());
|
|
}
|
|
elseif (!file_exists($cmd['f'])) {
|
|
die("Could not find file specified {$cmd['f']}\n");
|
|
}
|
|
|
|
$log_level = Logger::ERROR;
|
|
switch (LOG_LEVEL) {
|
|
case E_WARNING:
|
|
$log_level = Logger::WARNING;
|
|
break;
|
|
case E_NOTICE:
|
|
$log_level = Logger::NOTICE;
|
|
break;
|
|
case E_DEBUG:
|
|
$log_level = Logger::DEBUG;
|
|
}
|
|
|
|
if (isset($cmd['debug']) && $cmd['debug']) {
|
|
$log_level = Logger::DEBUG;
|
|
}
|
|
|
|
$stream = new StreamHandler("php://output", $log_level);
|
|
$stream->setFormatter(new LineFormatter("%datetime% %level_name% %message%" . PHP_EOL, "H:i:s.u"));
|
|
|
|
$log = new Logger("nasl_plugin");
|
|
$log->pushHandler(new StreamHandler(LOG_PATH . "/nessus_plugins/{$cmd['f']}.log", $log_level));
|
|
$log->pushHandler($stream);
|
|
|
|
$db = new db();
|
|
$nasl = new nasl($cmd['f']);
|
|
$plugin_id = 0;
|
|
$file_date = null;
|
|
|
|
if (!isset($nasl->{'id'})) {
|
|
//unlink($cmd['f']);
|
|
$log->critical("No ID available");
|
|
die;
|
|
}
|
|
|
|
if (isset($cmd['debug'])) {
|
|
$log->debug("", [$nasl]);
|
|
}
|
|
|
|
$db->help->select("sagacity.nessus_plugins", ['plugin_id', 'file_date'], [
|
|
[
|
|
'field' => 'plugin_id',
|
|
'op' => '=',
|
|
'value' => $nasl->id
|
|
]
|
|
]);
|
|
|
|
if ($row = $db->help->execute()) {
|
|
$plugin_id = $row['plugin_id'];
|
|
$file_date = DateTime::createFromFormat("U", $row['file_date']);
|
|
}
|
|
|
|
if (($plugin_id && !is_a($file_date, "DateTime")) ||
|
|
(is_a($file_date, "DateTime") && isset($nasl->last_modification) && is_a($nasl->last_modification, "DateTime") &&
|
|
$file_date->format("U") < $nasl->last_modification->format("U"))) {
|
|
$log->info("Updating {$nasl->id}");
|
|
|
|
$db->help->update("sagacity.nessus_plugins", [
|
|
'file_name' => basename($cmd['f']),
|
|
'file_date' => (is_a($file_date, "DateTime") ? $file_date->format("U") : filemtime($cmd['f']))], [
|
|
[
|
|
'field' => 'plugin_id',
|
|
'op' => '=',
|
|
'value' => $nasl->id
|
|
]
|
|
]);
|
|
if (!isset($cmd['debug'])) {
|
|
if (!$db->help->execute()) {
|
|
throw(new Exception("Failed to update the plugin {$nasl->id}", E_WARNING));
|
|
}
|
|
}
|
|
}
|
|
elseif (!$plugin_id) {
|
|
$log->info("Inserting {$nasl->id}");
|
|
|
|
$params = [
|
|
'plugin_id' => $nasl->id,
|
|
'oid' => isset($nasl->oid) ? $nasl->oid : null,
|
|
'name' => isset($nasl->name) ? $nasl->name : null,
|
|
'copyright' => isset($nasl->copyright) ? $nasl->copyright : null,
|
|
'version' => isset($nasl->rev) ? $nasl->rev : null,
|
|
'file_name' => basename($cmd['f']),
|
|
'file_date' => isset($nasl->last_modification) && is_a($nasl->last_modification, "DateTime") ?
|
|
$nasl->last_modification->format("U") : null
|
|
];
|
|
|
|
$db->help->insert("sagacity.nessus_plugins", $params, true);
|
|
if (!isset($cmd['debug'])) {
|
|
if (!$db->help->execute()) {
|
|
throw(new Exception("Failed to insert a new plugin {$nasl->id}", E_WARNING));
|
|
}
|
|
}
|
|
}
|
|
else {
|
|
$log->info("No changes to plugin {$nasl->id}");
|
|
}
|
|
|
|
$params = [];
|
|
if (isset($nasl->ref)) {
|
|
foreach ($nasl->ref as $key => $refs) {
|
|
if (is_array($refs)) {
|
|
foreach ($refs as $ref) {
|
|
$params[] = [
|
|
$nasl->id,
|
|
$key,
|
|
$ref
|
|
];
|
|
}
|
|
}
|
|
else {
|
|
$params[] = [
|
|
$nasl->id,
|
|
$key,
|
|
$refs
|
|
];
|
|
}
|
|
}
|
|
}
|
|
|
|
unset($nasl->ref);
|
|
unset($nasl->oid);
|
|
unset($nasl->name);
|
|
unset($nasl->copyright);
|
|
unset($nasl->rev);
|
|
unset($nasl->last_modification);
|
|
|
|
foreach ((array) $nasl as $field => $val) {
|
|
if (($field == 'id') || (is_array($val) && count($val) > 1)) {
|
|
continue;
|
|
}
|
|
elseif (is_array($val) && count($val) == 1 && isset($val[0])) {
|
|
$val = $val[0];
|
|
}
|
|
$params[] = [
|
|
$nasl->id,
|
|
$field,
|
|
$val
|
|
];
|
|
}
|
|
|
|
if (count($params)) {
|
|
$db->help->extended_insert("sagacity.nessus_meta", [
|
|
'plugin_id', 'type', 'val'
|
|
], $params, true);
|
|
}
|
|
|
|
if (!isset($cmd['debug'])) {
|
|
$db->help->execute();
|
|
}
|
|
else {
|
|
print $db->help->sql . PHP_EOL;
|
|
}
|
|
|
|
|
|
function usage()
|
|
{
|
|
print <<<EOL
|
|
Purpose: This script is for reading NASL files and adding them to the database
|
|
|
|
Usage: php nessus-plugin-to-database.php -f={NASL file to parse} [--debug]
|
|
|
|
NOTE: This will create a file for any CVE's not found in the database. An update of CVE's should be done first.
|
|
|
|
-f={NASL file} The .nasl file to parse
|
|
|
|
--debug This will output what was parsed by the script and NOT add anything to the database
|
|
|
|
EOL;
|
|
}
|