Hi all, I'm in the process of writing a rather complex parser script to parse nessus output, can be anything from:
results|192.168.1|192.168.1.131|https (443/tcp)|10330|Security Note|A web server is running on this port through SSL\n to results|192.168.1|192.168.1.131|https (443/tcp)|10863|Security Note|Here is the SSLv2 server certificate:\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 53:53:e0:b9:00:01:00:00:00:0f\n Signature Algorithm: sha1WithRSAEncryption\n Issuer: DC=com, DC=reckson, CN=Reckson\n Validity\n Not Before: Jun 3 16:35:02 2005 GMT\n Not After : Jun 3 16:35:02 2007 GMT\n Subject: C=US, ST=xx, L=West, O=xx.com, OU=Westchester, CN=exchange-wc\n Subject Public Key Info:\n Public Key Algorithm: rsaEncryption\n RSA Public Key: (1024 bit)\n Modulus (1024 bit):\n 00:c8:52:d9:ea:e5:56:a8:aa:0c:87:a9:0e:4c:e0:\n 5f:34:73:5b:fd:72:63:e0:36:be:08:f0:a4:74:be:\n 1f:d3:32:d5:33:f9:f8:42:6a:59:f6:0b:36:52:cf:\n f9:d8:a4:e3:0a:3e:ee:2e:a0:ab:6b:16:49:9f:82:\n 3f:da:7d:3a:6e:f0:28:14:22:76:dc:db:91:27:d1:\n f0:07:69:80:a0:11:4f:12:ca:7a:1f:8c:cd:9f:9c:\n f3:96:b2:22:98:d4:4e:7a:a1:ed:0b:8a:ec:f0:32:\n ac:b4:cb:6e:63:8c:24:cf:ba:57:f1:09:e9:63:a2:\n 2b:49:1a:d8:93:7a:75:64:bb\n Exponent: 65537 (0x10001)\n X509v3 extensions:\n X509v3 Key Usage: \n Digital Signature, Key Encipherment\n S/MIME Capabilities: \n 050...*.H..\r......0...*.H..\r......0...+....0\n..*.H..\r..\n X509v3 Extended Key Usage: \n TLS Web Server Authentication\n X509v3 Subject Key Identifier: \n C8:0F:01:12:6F:42:4D:66:C1:DF:45:CC:B2:25:80:DD:13:67:B6:38\n X509v3 Authority Key Identifier: \n keyid:BA:3E:68:0D:89:15:36:32:80:F1:C1:89:07:ED:59:6C:79:04:4C:EF\n\n X509v3 CRL Distribution Points: \n URI:ldap:///CN=xx(1),CN=ExchangeNJ,CN=CDP,CN=Public%20Key%20Services,CN= Services,CN=Configuration,DC=xx,DC=com?certificateRevocationList?base?ob jectClass=cRLDistributionPoint\n URI:http://exchangenj.xx.com/CertEnroll/Reckson(1).crl\n\n Authority Information Access: \n CA Issuers - URI:ldap:///CN=xx,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Confi guration,DC=xx,DC=com?cACertificate?base?objectClass=certificationAuthor ity\n CA Issuers - URI:http://exchangenj.xx.com/CertEnroll/ExchangeNJ.xx.com_xx(1).crt\n\n 1.3.6.1.4.1.311.20.2: \n ...W.e.b.S.e.r.v.e.r\n Signature Algorithm: sha1WithRSAEncryption\n 25:15:50:ee:21:68:c0:21:32:e4:0b:f0:f2:3f:86:88:86:9b:\n 61:0c:ad:c9:d0:5f:e3:00:b5:d5:98:0e:24:c3:d0:69:ec:de:\n 49:5c:ee:03:11:55:35:ed:b6:61:72:2c:f2:47:bd:e5:d1:60:\n ce:56:9b:b4:a8:c8:8c:11:44:9a:06:c1:e0:6b:2f:41:59:a3:\n 6b:62:2a:a8:9c:0a:dc:10:6e:05:fb:73:83:1f:46:56:f7:c1:\n 6c:78:ae:6b:cc:13:09:1a:4f:3c:4b:a6:3a:76:fa:ff:7d:cb:\n 3e:56:bc:c5:a2:ea:89:09:fa:ec:56:73:0e:d9:f6:cb:27:06:\n e5:bf:49:8e:41:ab:39:e6:8a:e8:7d:5c:57:da:ea:4f:32:b0:\n ee:1f:7c:ca:0f:a0:b3:03:a5:4d:d6:5d:24:4e:f7:3b:be:76:\n 7b:59:50:9c:bf:35:80:6f:1e:cb:47:bf:e7:fa:28:0c:4f:35:\n 67:d9:bf:e7:ff:55:3e:74:0d:a7:1e:9e:01:9e:22:6b:69:ae:\n 9e:fd:a6:cd:4a:1e:5e:80:48:8c:25:cb:29:78:6c:60:43:86:\n 32:6a:cd:87:10:28:18:f9:c0:76:b0:ff:11:cb:70:16:60:86:\n 6b:b1:66:66:c6:97:c9:5d:45:b3:79:27:fb:f9:13:81:b0:a8:\n 30:34:84:6d\nHere is the list of available SSLv2 ciphers:\nRC4-MD5\nEXP-RC4-MD5\nRC2-CBC-MD5\nEXP-RC2-CBC-MD5\nDES-CBC-MD 5\nDES-CBC3-MD5\nThe SSLv2 server offers 4 strong ciphers, but also\n0 medium strength and 2 weak "export class" ciphers.\nThe weak/medium ciphers may be chosen by an export-grade\nor badly configured client software. They only offer a \nlimited protection against a brute force attack\n\nSolution: disable those ciphers and upgrade your client\nsoftware if necessary.\nSee http://support.microsoft.com/default.aspx?scid=kb;en-us;216482\nor http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslciphersuite\nThis SSLv2 server also accepts SSLv3 connections.\nThis SSLv2 server also accepts TLSv1 connections.\n\n To make a long story short (to late), I have a mysql table with two columns; start and end dynamic content. "Start" marks the beginning of data specific to this host, and "end", it's opposite. The script looks like so. my $sth=$dbh->prepare('select startdyn,enddyn,dyndata from vulncode where dyndata=1 and ppsid=?'); $sth->execute($ppsid); @dynparsparts=$sth->fetchrow_array(); $sth->finish; That grabs the start and end markers for a particular problem. # Split dyndata out if applicable my $dyndatasnip; if($dynparsparts[2] == 1){ my $splito=$dynparsparts[0]; my $splitt=$dynparsparts[1]; In the example above $splito="certificate:" and $splitt="Solution" my @parts=split(/$splito/,$problem); The line above fails halfway through with the following error: Quantifier follows nothing in regex; marked by <-- HERE in m/* <-- HERE seems* to be / at ./import-nessus-scan.pl line 116. The remainder of the script is below if(defined($splitt) and $splitt ne ""){ my @st=split(/$splitt/,$parts[1]); $dyndatasnip=$st[0]; }else{ $dyndatasnip=$parts[1]; } } Meat of the question: How to I effectively split a large string using a variable that may be a phrase $largetext=" results|192.168.1|192.168.1.131|https (443/tcp)|10863|Security Note|Here is the SSLv2 server certificate:\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 53:53:e0:b9:00:01:00:00:00:0f\n Signature Algorithm: sha1WithRSAEncryption\n Issuer: DC=com, DC=reckson, CN=Reckson\n Validity\n Not Before: Jun 3 16:35:02 2005 GMT\n Not After : Jun 3 16:35:02 2007 GMT\n Subject: C=US, ST=xx, L=West, O=xx.com, OU=Westchester, CN=exchange-wc\n Subject Public Key Info:\n Public Key Algorithm: rsaEncryption\n RSA Public Key: (1024 bit)\n Modulus (1024 bit):\n 00:c8:52:d9:ea:e5:56:a8:aa:0c:87:a9:0e:4c:e0:\n 5f:34:73:5b:fd:72:63:e0:36:be:08:f0:a4:74:be:\n 1f:d3:32:d5:33:f9:f8:42:6a:59:f6:0b:36:52:cf:\n f9:d8:a4:e3:0a:3e:ee:2e:a0:ab:6b:16:49:9f:82:\n 3f:da:7d:3a:6e:f0:28:14:22:76:dc:db:91:27:d1:\n f0:07:69:80:a0:11:4f:12:ca:7a:1f:8c:cd:9f:9c:\n f3:96:b2:22:98:d4:4e:7a:a1:ed:0b:8a:ec:f0:32:\n ac:b4:cb:6e:63:8c:24:cf:ba:57:f1:09:e9:63:a2:\n 2b:49:1a:d8:93:7a:75:64:bb\n Exponent: 65537 (0x10001)\n X509v3 extensions:\n X509v3 Key Usage: \n Digital Signature, Key Encipherment\n S/MIME Capabilities: \n 050...*.H..\r......0...*.H..\r......0...+....0\n..*.H..\r..\n X509v3 Extended Key Usage: \n TLS Web Server Authentication\n X509v3 Subject Key Identifier: \n C8:0F:01:12:6F:42:4D:66:C1:DF:45:CC:B2:25:80:DD:13:67:B6:38\n X509v3 Authority Key Identifier: \n keyid:BA:3E:68:0D:89:15:36:32:80:F1:C1:89:07:ED:59:6C:79:04:4C:EF\n\n X509v3 CRL Distribution Points: \n URI:ldap:///CN=xx(1),CN=ExchangeNJ,CN=CDP,CN=Public%20Key%20Services,CN= Services,CN=Configuration,DC=xx,DC=com?certificateRevocationList?base?ob jectClass=cRLDistributionPoint\n URI:http://exchangenj.xx.com/CertEnroll/Reckson(1).crl\n\n Authority Information Access: \n CA Issuers - URI:ldap:///CN=xx,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Confi guration,DC=xx,DC=com?cACertificate?base?objectClass=certificationAuthor ity\n CA Issuers - URI:http://exchangenj.xx.com/CertEnroll/ExchangeNJ.xx.com_xx(1).crt\n\n 1.3.6.1.4.1.311.20.2: \n ...W.e.b.S.e.r.v.e.r\n Signature Algorithm: sha1WithRSAEncryption\n 25:15:50:ee:21:68:c0:21:32:e4:0b:f0:f2:3f:86:88:86:9b:\n 61:0c:ad:c9:d0:5f:e3:00:b5:d5:98:0e:24:c3:d0:69:ec:de:\n 49:5c:ee:03:11:55:35:ed:b6:61:72:2c:f2:47:bd:e5:d1:60:\n ce:56:9b:b4:a8:c8:8c:11:44:9a:06:c1:e0:6b:2f:41:59:a3:\n 6b:62:2a:a8:9c:0a:dc:10:6e:05:fb:73:83:1f:46:56:f7:c1:\n 6c:78:ae:6b:cc:13:09:1a:4f:3c:4b:a6:3a:76:fa:ff:7d:cb:\n 3e:56:bc:c5:a2:ea:89:09:fa:ec:56:73:0e:d9:f6:cb:27:06:\n e5:bf:49:8e:41:ab:39:e6:8a:e8:7d:5c:57:da:ea:4f:32:b0:\n ee:1f:7c:ca:0f:a0:b3:03:a5:4d:d6:5d:24:4e:f7:3b:be:76:\n 7b:59:50:9c:bf:35:80:6f:1e:cb:47:bf:e7:fa:28:0c:4f:35:\n 67:d9:bf:e7:ff:55:3e:74:0d:a7:1e:9e:01:9e:22:6b:69:ae:\n 9e:fd:a6:cd:4a:1e:5e:80:48:8c:25:cb:29:78:6c:60:43:86:\n 32:6a:cd:87:10:28:18:f9:c0:76:b0:ff:11:cb:70:16:60:86:\n 6b:b1:66:66:c6:97:c9:5d:45:b3:79:27:fb:f9:13:81:b0:a8:\n 30:34:84:6d\nHere is the list of available SSLv2 ciphers:\nRC4-MD5\nEXP-RC4-MD5\nRC2-CBC-MD5\nEXP-RC2-CBC-MD5\nDES-CBC-MD 5\nDES-CBC3-MD5\nThe SSLv2 server offers 4 strong ciphers, but also\n0 medium strength and 2 weak "export class" ciphers.\nThe weak/medium ciphers may be chosen by an export-grade\nor badly configured client software. They only offer a \nlimited protection against a brute force attack\n\nSolution: disable those ciphers and upgrade your client\nsoftware if necessary.\nSee http://support.microsoft.com/default.aspx?scid=kb;en-us;216482\nor http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslciphersuite\nThis SSLv2 server also accepts SSLv3 connections.\nThis SSLv2 server also accepts TLSv1 connections.\n\n"; $regphrase="server certificate:"; @parts=split(/$regphrase/, $largetext); -Mike -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
