So one of the major “issues” with the Nessus for Metasploit Plugin right now is that it does not handle large reports well. Not even the usual db_import_nessus handles large reports well and this is because it reads the entire file in one big blob then parses it.
The nexpose importer and the nmap importer both use REXML Stream Processors.
So tonight I copied the nmap_xml.rb file and am working on making it process Nessus v2 files. I am hoping that both the Nessus plugin, and the db_import will benefit from these changes.
I’ve been looking at it for a few days and kind of avoiding it because it’s difficult and is going to require large portions of my time fumbling through learning how the current one works enough to know how/what to modify.
Well turns out it’s simpler than I thought. In about an hour tonight I copied it, modified it, wrote some code to include it in the plugin and have the plugin send it data and got it parsing the hostname for each entry in a file.
[singlepic id=13 w=320 h=240 mode=web20 float=]
Now I just need to work out what to call at what time with what values to get the hosts, vulns and services in the DB. I know where that is in the code so I think this might not take me as long as I thought.
Harder will be making the right changes to db.rb to A) make it work, and B) still allow msf to function .. lol
Posted in Bananas, Security, Stuff, Technology, Things and tagged Auto, blob, Draft, nessus, nmap, small victories, stream processors by Zate with no comments yet.