Scribd
Upload
182 views

Nmap + Openfisma

The document describes an OpenFISMA plugin for importing network scan data from Nmap XML files. It allows assets and products discovered during Nmap scans to be imported into the OpenFISMA system. The plugin parses the Nmap XML file, maps the fields such as IP addresses, ports and service versions to OpenFISMA asset and product objects, and either creates new objects or links to existing ones. It also includes sample XML format and mapping rules, as well as user stories for testing the import functionality.

Uploaded by

Alvaro
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
182 views

Nmap + Openfisma

The document describes an OpenFISMA plugin for importing network scan data from Nmap XML files. It allows assets and products discovered during Nmap scans to be imported into the OpenFISMA system. The plugin parses the Nmap XML file, maps the fields such as IP addresses, ports and service versions to OpenFISMA asset and product objects, and either creates new objects or links to existing ones. It also includes sample XML format and mapping rules, as well as user stories for testing the import functionality.

Uploaded by

Alvaro
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

OpenFISMA System Inventory: Import Plugin for Nmap

Josh Boyd

[email protected]

July 15, 2010

c (c) 2009 Endeavor Systems, Inc., http://opensma.org/content/license


1 Functional Specication
1.1 Background
The Nmap import plugin takes an Nmap XML le and creates appropriate assets and
products in OpenFISMA.

1.2 Links
Vendor Website1

1.3 XML Format

Field Description Example


host Container for scanned host <host>...</host>
status Status of scanned host <status state="down"
reason="no-response"/>
address IP of scanned host <address addr="192.168.0.1"
addrtype="ipv4" />
port Port information of scanned host <port protocol="tcp"
portid="21">...</port>
state State of port <state state="open" reason="syn-ack"
reason_ttl="0"/>
service Service information for port <service name="ssh" product="OpenSSH"
version="5.1p1 Debian 5ubuntu1"
extrainfo="protocol 2.0" ostype="Linux"i
method="probed" conf="10" />

1
2. TECHNICAL SPECIFICATION 2

Physical Name Logical Name Mapping Rule


asset Asset Check to see if a corresponding asset already
exists by comparing the Network, IP Address,
and Port of this asset to all existing assets. If
the asset exists, then do not modify it and do
not create a new one.
asset.networkId Network Specied by user immediately before uploading
the le.
asset.addressIp Asset IP Address Parse the IP Address from the le <address>
attribute.
asset.addressPort Asset Port Parse the port from the le <port> attibute.
asset.createdTs Creation Timestamp System date
asset.source Source Constant: `SCAN'
product Product Check to see if a corresponding product already
exists by comparing the vendor, name, version
of the product to all existing products. If the
product exists, then do not modify it and do
not create a new one.
product.name Name Parse the name from the le <service> at-
tribute, using product + version if available,
and name if not.
product.version Version Parse the version from the le's <version> at-
tribute, if available.

1.4 Mapping Rules

2 Technical Specication
OFJ-62

2.1 Classes
• What classes will be added, modied, deleted or involved?
 Fisma_Import_Factory
 Fisma_Import_Abstract
 Fisma_Import_Nmap

2.2 Test cases


User stories
1. If the user does not select a le to import from, the plugin should return an error
message.
1 http://nmap.org/
2 http://jira.opensma.org/browse/OFJ-6
2. TECHNICAL SPECIFICATION 3

2. If the user uploads a le in an invalid format to import from, the plugin should return
an error message.
3. If the user uploads a valid le, the plugin should import and return a success message.
4. If the user uploads a valid le which has assets or products that already exist in the
database, the duplicates will be suppressed.
5. If the user does not select a system to import into, the plugin should return an error
message.
6. If the user does not select a network to import into, the plugin should return an error
message.
7. If the user does not have the appropriate permissions to import assets or products,
the plugin should return an error message.

You might also like