Skip to content
This repository was archived by the owner on Oct 14, 2020. It is now read-only.

Commit 495bd14

Browse files
sebiesebie
sebie
authored and
sebie
committed
Parser
1 parent 185e338 commit 495bd14

File tree

11 files changed

+387
-0
lines changed

11 files changed

+387
-0
lines changed

scanners/ncrack/parser/.dockerignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
node_modules/

scanners/ncrack/parser/.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
node_modules/

scanners/ncrack/parser/Dockerfile

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
ARG baseImageTag
2+
FROM node:12-alpine as build
3+
RUN mkdir -p /home/app
4+
WORKDIR /home/app
5+
COPY package.json package-lock.json ./
6+
RUN npm ci --production
7+
8+
FROM scbexperimental/parser-sdk-nodejs:${baseImageTag:-latest}
9+
WORKDIR /home/app/parser-wrapper/parser/
10+
COPY --from=build --chown=app:app /home/app/node_modules/ ./node_modules/
11+
COPY --chown=app:app ./parser.js ./parser.js

scanners/ncrack/parser/__testFiles__/ncrack_no_results.xml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!DOCTYPE ncrackrun>
3+
<!-- Ncrack 0.7 scan initiated Wed Dec 4 22:50:34 2019 as: ncrack -p ftp:3210 -oX /tmp/ncrack.xml scanme.nmap.org -->
4+
<ncrackrun scanner="ncrack" args="ncrack -p ftp:3210 -oX /tmp/ncrack.xml scanme.nmap.org" start="1575496234" startstr="Wed Dec 4 22:50:34 2019" version="0.7" xmloutputversion="1.00">
5+
<verbose level="0"/>
6+
<debugging level="0"/>
7+
<service starttime="1575496234" endtime="1575496234">
8+
<address addr="45.33.32.156" addrtype="ipv4"/>
9+
<port protocol="tcp" portid="3210" name="ftp"></port>
10+
</service>
11+
</ncrackrun>

scanners/ncrack/parser/__testFiles__/ncrack_two_services_no_results.xml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!DOCTYPE ncrackrun>
3+
<!-- Ncrack 0.7 scan initiated Wed Dec 11 17:44:38 2019 as: ncrack -p ssh,http -oX ncrackResults2.xml -vv -P passwords.txt -U usernames.txt scanme.nmap.org -->
4+
<ncrackrun scanner="ncrack" args="ncrack -p ssh,http -oX ncrackResults2.xml -vv -P passwords.txt -U usernames.txt scanme.nmap.org" start="1576082678" startstr="Wed Dec 11 17:44:38 2019" version="0.7" xmloutputversion="1.00">
5+
<verbose level="2"/>
6+
<debugging level="0"/>
7+
<service starttime="1576082678" endtime="1576082712">
8+
<address addr="45.33.32.156" addrtype="ipv4"/>
9+
<port protocol="tcp" portid="22" name="ssh"></port>
10+
</service>
11+
<service starttime="1576082678" endtime="1576082678">
12+
<address addr="45.33.32.156" addrtype="ipv4"/>
13+
<port protocol="tcp" portid="80" name="http"></port>
14+
</service>
15+
</ncrackrun>

scanners/ncrack/parser/__testFiles__/ncrack_two_services_with_results.xml

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!DOCTYPE ncrackrun>
3+
<!-- Ncrack 0.7 scan initiated Mon Jan 13 20:49:03 2020 as: ncrack -oX ncrackResults.xml -U usernames.txt -P passwords.txt -p ssh foo.juicy-ctf.dev 192.168.0.1 -->
4+
<ncrackrun scanner="ncrack" args="ncrack -oX ncrackResults.xml -U usernames.txt -P passwords.txt -p ssh foo.juicy-ctf.dev 192.168.0.1" start="1578944943" startstr="Mon Jan 13 20:49:03 2020" version="0.7" xmloutputversion="1.00">
5+
<verbose level="0"/>
6+
<debugging level="0"/>
7+
<service starttime="1578944943" endtime="1578944981">
8+
<address addr="192.168.0.2" addrtype="ipv4"/>
9+
<port protocol="tcp" portid="22" name="ssh"></port>
10+
<credentials username="root" password="55994bcdabd8b0b69d4cb32919"></credentials>
11+
</service>
12+
<service starttime="1578944943" endtime="1578944981">
13+
<address addr="192.168.0.1" addrtype="ipv4"/>
14+
<port protocol="tcp" portid="22" name="ssh"></port>
15+
<credentials username="root" password="2a4707625af87d8d4302ad226d"></credentials>
16+
</service>
17+
</ncrackrun>

scanners/ncrack/parser/__testFiles__/ncrack_with_results.xml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!DOCTYPE ncrackrun>
3+
<!-- Ncrack 0.7 scan initiated Wed Dec 4 22:54:53 2019 as: ncrack -&#45;user root -&#45;pass aaf076d4fe7cfb63fd1628df91 -oX /tmp/ncrack2.xml ssh://192.168.0.1 -->
4+
<ncrackrun scanner="ncrack" args="ncrack -&#45;user root -&#45;pass aaf076d4fe7cfb63fd1628df91 -oX /tmp/ncrack2.xml ssh://192.168.0.1" start="1575496493" startstr="Wed Dec 4 22:54:53 2019" version="0.7" xmloutputversion="1.00">
5+
<verbose level="0"/>
6+
<debugging level="0"/>
7+
<service starttime="1575496493" endtime="1575496494">
8+
<address addr="192.168.0.1" addrtype="ipv4"/>
9+
<port protocol="tcp" portid="22" name="ssh"></port>
10+
<credentials username="root" password="aaf076d4fe7cfb63fd1628df91"></credentials>
11+
</service>
12+
</ncrackrun>

scanners/ncrack/parser/package-lock.json

Lines changed: 153 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

scanners/ncrack/parser/package.json

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
{
2+
"name": "ncrack-parser",
3+
"version": "1.0.0",
4+
"description": "Parses result files for the type: 'ncrack-xml'",
5+
"main": "",
6+
"scripts": {},
7+
"keywords": [],
8+
"author": "iteratec GmbH",
9+
"license": "Apache-2.0",
10+
"dependencies": {
11+
"xml2js": "^0.4.22"
12+
},
13+
"devDependencies": {}
14+
}

scanners/ncrack/parser/parser.js

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
const xml2js = require('xml2js');
2+
3+
async function parse(fileContent) {
4+
const { ncrackrun } = await transformXML(fileContent);
5+
const findings = transformToFindings(ncrackrun);
6+
return findings;
7+
}
8+
9+
function transformToFindings(ncrackrun) {
10+
const portFindings = ncrackrun.service.flatMap(({ address, port, credentials = [] }) => {
11+
const { addr: ipAddress } = address[0]['$'];
12+
const { protocol, portid, name: portName } = port[0]['$'];
13+
14+
return credentials.map(credential => {
15+
const { username, password } = credential['$'];
16+
17+
return {
18+
name: `Credentials for Service ${portName}://${ipAddress}:${portid} discovered via bruteforce.`,
19+
description: '',
20+
category: 'Discovered Credentials',
21+
location: `${portName}://${ipAddress}:${portid}`,
22+
osi_layer: 'APPLICATION',
23+
severity: 'HIGH',
24+
attributes: {
25+
port: portid,
26+
ip_address: ipAddress,
27+
protocol: protocol,
28+
service: portName,
29+
username,
30+
password,
31+
},
32+
};
33+
});
34+
});
35+
36+
return portFindings;
37+
}
38+
39+
function transformXML(fileContent) {
40+
return new Promise((resolve, reject) => {
41+
xml2js.parseString(fileContent, (err, xmlInput) => {
42+
if (err) {
43+
reject(new Error('Error converting XML to JSON in xml2js: ' + err));
44+
} else {
45+
resolve(xmlInput);
46+
}
47+
});
48+
});
49+
}
50+
51+
module.exports.parse = parse;

0 commit comments

Comments
 (0)