"""
Faraday Penetration Test IDE
Copyright (C) 2015 Infobyte LLC (http://www.infobytesec.com/)
See the file 'doc/LICENSE' for the license information
"""
from faraday_plugins.plugins.plugin import PluginByExtension
import re
from datetime import datetime
__author__ = "Blas Moyano"
__copyright__ = "Copyright (c) 2020, Infobyte LLC"
__credits__ = ["Blas Moyano"]
__license__ = ""
__version__ = "1.0.0"
__maintainer__ = "Blas Moyano"
__status__ = "Development"
class MbsaParser:
def __init__(self, log_output):
self.computer_name = re.search('(Computer name:) (.*[A-Z])', log_output)
self.ip = re.search(r'(IP address:) ([0-9]+(?:\.[0-9]+){3})', log_output)
self.scan_date = re.search('(Scan date:) (.*[0-9])', log_output)
self.issues = re.findall(r'Issue: .*', log_output)
self.score = re.findall(r'Score: .*', log_output)
self.result = re.findall(r'Result: .*', log_output)
class MbsaPlugin(PluginByExtension):
def __init__(self, *arg, **kwargs):
super().__init__(*arg, **kwargs)
self.id = "MBSA"
self.name = "Microsoft Baseline Security Analyzer"
self.plugin_version = "1.0.1"
self.version = "MBSA 1.0"
self.framework_version = "1.0.0"
self.extension = ".log"
def parseOutputString(self, output):
parser = MbsaParser(output)
detail = ''
i = 0
issues_top = len(parser.issues)
ip = '0.0.0.0'
hostname = []
run_date = None
if parser.ip is not None:
ip = parser.ip.group(2)
if parser.computer_name is not None:
hostname.append(parser.computer_name.group(2))
if parser.scan_date is not None:
run_date = datetime.strptime(parser.scan_date.group(2), '%Y/%m/%d %H:%M')
host_id = self.createAndAddHost(
ip,
'Windows',
hostnames=hostname)
for issue in parser.issues:
test = re.search(parser.issues[i], output)
if i+1 != issues_top:
test_issue = re.search(parser.issues[i+1], output)
else:
end = None
try:
start = test.end()
end = test_issue.start()
except:
start = None
if start is not None:
if end is None:
result_info = output[start:]
else:
result_info = output[start:end]
result_info.rstrip('\n')
result_info = result_info.replace(parser.score[i], '')
result_info = result_info.replace(parser.result[i], '')
result_info = result_info.strip()
if result_info:
detail = re.search('(Detail:)', result_info)
if not None:
detail = result_info
result_info = parser.result[i]
else:
detail = ''
result_info = parser.result[i]
score = parser.score[i].replace('Score: ', '').strip()
if score != 'Check passed':
if score == 'Best practice' or score == 'Unable to scan':
severity = "info"
elif score == 'Check failed (non-critical)':
severity = 'med'
elif score == 'Check failed':
severity = 'high'
else:
severity = 'info'
self.createAndAddVulnToHost(
host_id,
issue.replace('Issue: ', '').strip(),
desc=result_info.replace('Result: ', '').strip(),
ref=None,
severity=severity,
data=detail,
run_date=run_date
)
i += 1
def createPlugin(*args, **kwargs):
return MbsaPlugin(*args, **kwargs)