STRLCPY/Sirius

Sirius 0.0.2-prealpha release.
Matthew Toussain committed 1 year ago

5a9e465e

1 parent f4cbf20f

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

■ ■ ■ ■ ■ ■

Engine/nmap.xml

1	-	<?xml version="1.0" encoding="UTF-8"?>
2	-	<!DOCTYPE nmaprun>
3	-	<?xml-stylesheet href="file:///opt/homebrew/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
4	-	<!-- Nmap 7.92 scan initiated Thu Mar 16 21:51:36 2023 as: nmap -T4 -sV -O --script=vuln,vulners -oX nmap.xml 192.168.86.33 -->
5	-	<nmaprun scanner="nmap" args="nmap -T4 -sV -O --script=vuln,vulners -oX nmap.xml 192.168.86.33" start="1679021496" startstr="Thu Mar 16 21:51:36 2023" version="7.92" xmloutputversion="1.05">
6	-	<scaninfo type="syn" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
7	-	<verbose level="0"/>
8	-	<debugging level="0"/>
9	-	<prescript><script id="broadcast-avahi-dos" output=" Discovered hosts: 224.0.0.251 After NULL UDP avahi packet DoS (CVE-2011-1002). Hosts are all up (not vulnerable). "/></prescript><hosthint><status state="up" reason="arp-response" reason_ttl="0"/>
10	-	<address addr="192.168.86.33" addrtype="ipv4"/>
11	-	<address addr="54:A0:50:70:AE:E0" addrtype="mac" vendor="Asustek Computer"/>
12	-	<hostnames>
13	-	</hostnames>
14	-	</hosthint>
15	-	<host starttime="1679021532" endtime="1679021611"><status state="up" reason="arp-response" reason_ttl="0"/>
16	-	<address addr="192.168.86.33" addrtype="ipv4"/>
17	-	<address addr="54:A0:50:70:AE:E0" addrtype="mac" vendor="Asustek Computer"/>
18	-	<hostnames>
19	-	<hostname name="sans-sec460.lan" type="PTR"/>
20	-	</hostnames>
21	-	<ports><extraports state="closed" count="995">
22	-	<extrareasons reason="reset" count="995" proto="tcp" ports="1,3-4,6-7,9,13,17,19-21,23-26,30,32-33,37,42-43,49,53,70,79,81-85,88-90,99-100,106,109-111,113,119,125,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-444,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
23	-	</extraports>
24	-	<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="128"/><service name="ssh" product="OpenSSH" version="for_Windows_8.0" extrainfo="protocol 2.0" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:for_windows_8.0</cpe></service></port>
25	-	<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="128"/><service name="http" product="nginx" version="1.13.5" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.13.5</cpe></service><script id="http-csrf" output="Couldn't find any CSRF vulnerabilities."/><script id="http-dombased-xss" output="Couldn't find any DOM based XSS."/><script id="http-server-header" output="nginx/1.13.5"><elem>nginx/1.13.5</elem>
26	-	</script><script id="http-vuln-cve2011-3192" output=" VULNERABLE: Apache byterange filter DoS State: VULNERABLE IDs: CVE:CVE-2011-3192 BID:49303 The Apache web server is vulnerable to a denial of service attack when numerous overlapping byte ranges are requested. Disclosure date: 2011-08-19 References: https://www.tenable.com/plugins/nessus/55976 https://seclists.org/fulldisclosure/2011/Aug/175 https://www.securityfocus.com/bid/49303 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 "><table key="CVE-2011-3192">
27	-	<elem key="title">Apache byterange filter DoS</elem>
28	-	<elem key="state">VULNERABLE</elem>
29	-	<table key="ids">
30	-	<elem>CVE:CVE-2011-3192</elem>
31	-	<elem>BID:49303</elem>
32	-	</table>
33	-	<table key="description">
34	-	<elem>The Apache web server is vulnerable to a denial of service attack when numerous overlapping byte ranges are requested.</elem>
35	-	</table>
36	-	<table key="dates">
37	-	<table key="disclosure">
38	-	<elem key="year">2011</elem>
39	-	<elem key="month">08</elem>
40	-	<elem key="day">19</elem>
41	-	</table>
42	-	</table>
43	-	<elem key="disclosure">2011-08-19</elem>
44	-	<table key="refs">
45	-	<elem>https://www.tenable.com/plugins/nessus/55976</elem>
46	-	<elem>https://seclists.org/fulldisclosure/2011/Aug/175</elem>
47	-	<elem>https://www.securityfocus.com/bid/49303</elem>
48	-	<elem>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192</elem>
49	-	</table>
50	-	</table>
51	-	</script><script id="http-stored-xss" output="Couldn't find any stored XSS vulnerabilities."/></port>
52	-	<port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="128"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
53	-	<port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="128"/><service name="netbios-ssn" product="Microsoft Windows netbios-ssn" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
54	-	<port protocol="tcp" portid="445"><state state="open" reason="syn-ack" reason_ttl="128"/><service name="microsoft-ds" product="Microsoft Windows 7 - 10 microsoft-ds" extrainfo="workgroup: WORKGROUP" hostname="SANS-SEC460" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
55	-	</ports>
56	-	<os><portused state="open" proto="tcp" portid="22"/>
57	-	<portused state="closed" proto="tcp" portid="1"/>
58	-	<portused state="closed" proto="udp" portid="34367"/>
59	-	<osmatch name="Microsoft Windows 10 1507 - 1607" accuracy="100" line="69497">
60	-	<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="10" accuracy="100"><cpe>cpe:/o:microsoft:windows_10</cpe></osclass>
61	-	</osmatch>
62	-	</os>
63	-	<uptime seconds="614551" lastboot="Thu Mar 9 18:11:00 2023"/>
64	-	<distance value="1"/>
65	-	<tcpsequence index="250" difficulty="Good luck!" values="10DF7179,D3717665,BC0EC2A5,9AFA091D,D14D10FA,F2827789"/>
66	-	<ipidsequence class="Incremental" values="6BF3,6BF4,6BF6,6BF7,6BF8,6BF9"/>
67	-	<tcptssequence class="1000HZ" values="24A030FA,24A03158,24A031BF,24A03226,24A0328E,24A032F7"/>
68	-	<hostscript><script id="smb-vuln-ms10-054" output="false">false</script><script id="smb-vuln-ms17-010" output=" VULNERABLE: Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010) State: VULNERABLE IDs: CVE:CVE-2017-0143 Risk factor: HIGH A critical remote code execution vulnerability exists in Microsoft SMBv1 servers (ms17-010). Disclosure date: 2017-03-14 References: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143 "><table key="CVE-2017-0143">
69	-	<elem key="title">Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010)</elem>
70	-	<elem key="state">VULNERABLE</elem>
71	-	<table key="ids">
72	-	<elem>CVE:CVE-2017-0143</elem>
73	-	</table>
74	-	<table key="description">
75	-	<elem>A critical remote code execution vulnerability exists in Microsoft SMBv1 servers (ms17-010). </elem>
76	-	</table>
77	-	<table key="dates">
78	-	<table key="disclosure">
79	-	<elem key="year">2017</elem>
80	-	<elem key="month">03</elem>
81	-	<elem key="day">14</elem>
82	-	</table>
83	-	</table>
84	-	<elem key="disclosure">2017-03-14</elem>
85	-	<table key="refs">
86	-	<elem>https://technet.microsoft.com/en-us/library/security/ms17-010.aspx</elem>
87	-	<elem>https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/</elem>
88	-	<elem>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143</elem>
89	-	</table>
90	-	</table>
91	-	</script><script id="samba-vuln-cve-2012-1182" output="NT_STATUS_ACCESS_DENIED">false</script><script id="smb-vuln-ms10-061" output="NT_STATUS_ACCESS_DENIED">false</script></hostscript><times srtt="7338" rttvar="995" to="100000"/>
92	-	</host>
93	-	<runstats><finished time="1679021611" timestr="Thu Mar 16 21:53:31 2023" summary="Nmap done at Thu Mar 16 21:53:31 2023; 1 IP address (1 host up) scanned in 115.20 seconds" elapsed="115.20" exit="success"/><hosts up="1" down="0" total="1"/>
94	-	</runstats>
95	-	</nmaprun>
96	-

■ ■ ■ ■ ■ ■

Engine/nmaptest.go

1	-	package main
2	-
3	-	import (
4	-	"encoding/xml"
5	-	"fmt"
6	-	"io/ioutil"
7	-	"os"
8	-
9	-	"github.com/lair-framework/go-nmap"
10	-	)
11	-
12	-	type Service struct {
13	-	// Define the Service struct fields
14	-	}
15	-
16	-	type SiriusAgent struct {
17	-	// Define the SiriusAgent struct fields
18	-	}
19	-
20	-	type SVDBHost struct {
21	-	OS string `json:"os"`
22	-	OSVersion string `json:"osversion"`
23	-	IP string `json:"ip"`
24	-	Hostname string `json:"hostname"`
25	-	Services []Service `json:"services"`
26	-	CVE []string `json:"cve"`
27	-	CPE []string `json:"cpe"`
28	-	Agent SiriusAgent `json:"agent"`
29	-	}
30	-
31	-	func main() {
32	-	if len(os.Args) != 2 {
33	-	fmt.Println("Usage: go run main.go <nmap_xml_file>")
34	-	os.Exit(1)
35	-	}
36	-
37	-	filePath := os.Args[1]
38	-	svdbHost, err := parseNmapXML(filePath)
39	-	if err != nil {
40	-	fmt.Printf("Error: %v\n", err)
41	-	os.Exit(1)
42	-	}
43	-
44	-	// Use the svdbHost as needed
45	-	fmt.Printf("%+v\n", svdbHost)
46	-	}
47	-
48	-	func parseNmapXML(filePath string) (*SVDBHost, error) {
49	-	data, err := ioutil.ReadFile(filePath)
50	-	if err != nil {
51	-	return nil, fmt.Errorf("unable to read file: %v", err)
52	-	}
53	-
54	-	var nmapRun nmap.NmapRun
55	-	if err := xml.Unmarshal(data, &nmapRun); err != nil {
56	-	return nil, fmt.Errorf("unable to unmarshal XML data: %v", err)
57	-	}
58	-
59	-	if len(nmapRun.Hosts) == 0 {
60	-	return nil, fmt.Errorf("no hosts found in the nmap XML data")
61	-	}
62	-
63	-	host := nmapRun.Hosts[0]
64	-	var ip string
65	-	for _, address := range host.Addresses {
66	-	if address.AddrType == "ipv4" \|\| address.AddrType == "ipv6" {
67	-	ip = address.Addr
68	-	break
69	-	}
70	-	}
71	-
72	-	var osName, osVersion string
73	-	if len(host.Os.OsMatches) > 0 {
74	-	osMatch := host.Os.OsMatches[0]
75	-	osName = osMatch.Name
76	-	osVersion = osMatch.OsClasses[0].OsGen
77	-	}
78	-
79	-	svdbHost := &SVDBHost{
80	-	IP: ip,
81	-	Hostname: host.Hostnames[0].Name,
82	-	OS: osName,
83	-	OSVersion: osVersion,
84	-	}
85	-
86	-	// Parse the services, CPEs, CVEs, and agent data as needed
87	-	// and fill in the corresponding fields in the SVDBHost struct
88	-
89	-	return svdbHost, nil
90	-	}
91	-

Sirius 0.0.2-prealpha release.