dradis-acunetix 3.19.0 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 460b3c1ceb6bdabfd98a4c201242352e3d4d2252466fca932cb85e67bac00c3b
-  data.tar.gz: 895e6e8ef28b1369d552dd07f4b06200c4bfaaeae91e60b786cbc4c922d8ee6f
+  metadata.gz: bfa42f6354fa30d4c7beafbaca608ab3479c3f866a3a41d0266a16ea38617d42
+  data.tar.gz: f07275defd938ddd49b7595b30ccbdf9f2c79b152ecb848a62752783c86203b0
 SHA512:
-  metadata.gz: 447efa070247e883792093531015e2085b590c79ad7771e82de5406123b619bf96bffb60df4d9955444635906fcad1e1da2ecbcf3a8756bdbe2eb0ed670495aa
-  data.tar.gz: f5ab6d2a28675cd545db315ac0319d99592253dcb322b379d29dcdfb48043f787d4d2dc1474e08ecaebc4a29385c7b54db675d4c5349b6dbd9dd5e6cd1960957
+  metadata.gz: 6dc0f6f99156ef4976c28ddfecd79f51551dc0663283315b48ad793ec3c3623553e578361f938bb44b1da8f4e01de33e803666c541ab07470d0fa12190465350
+  data.tar.gz: 4df0712ee9f8b9e17cb734db996c0d60eebde6653837111f9edcde76f5b2a3cff6182d78c01de8ffbd43dceb517975d92caa9bd3da28c8bd846750a77a777eb5

data/CHANGELOG.md

@@ -1,3 +1,23 @@
+## Dradis Framework 4.0.0 (July, 2021) #
+
+*   Add support for Acunetix 360
+*   Make Request and Response fields available at the Evidence level
+
+## Dradis Framework 3.22 (April, 2021) #
+
+*   No changes
+
+
+## Dradis Framework 3.21 (February, 2021) #
+
+*   No changes
+
+
+## Dradis Framework 3.20 (December, 2020) #
+
+*   No changes
+
+
 ## Dradis Framework 3.19 (September, 2020) #
 
 *   No changes

data/dradis-acunetix.gemspec

@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
   # versions of Rails (a sure recipe for disaster, I'm sure), which is needed
   # until we bump Dradis Pro to 4.1.
   # s.add_dependency 'rails', '~> 4.1.1'
-  spec.add_dependency 'dradis-plugins', '~> 3.6'
+  spec.add_dependency 'dradis-plugins', '~> 4.0.0'
   spec.add_dependency 'nokogiri', '~> 1.3'
 
   spec.add_development_dependency 'bundler', '~> 1.6'

data/lib/acunetix/concerns/cleanup.rb

@@ -0,0 +1,77 @@
+module Acunetix
+  module Cleanup
+    private
+
+    # Convert HTML in the text to Textile format
+    def cleanup_html(source)
+      result = source.dup
+
+      format_table(result)
+
+      result.gsub!(/"/, '"')
+      result.gsub!(/&/, '&')
+      result.gsub!(/&lt;/, '<')
+      result.gsub!(/&gt;/, '>')
+
+      result.gsub!(/<b>(.*?)<\/b>/) { "*#{$1.strip}*" }
+      result.gsub!(/<br\/>/, "\n")
+      result.gsub!(/<div(.*?)>|<\/div>/, '')
+      result.gsub!(/<a.*?>(.*?)<\/a>/m, '\1')
+      result.gsub!(/<font.*?>(.*?)<\/font>/m, '\1')
+      result.gsub!(/<h2>(.*?)<\/h2>/) { "*#{$1.strip}*" }
+      result.gsub!(/<i>(.*?)<\/i>/, '\1')
+      result.gsub!(/<p.*?>(.*?)<\/p>/) { "p. #{$1.strip}\n" }
+      result.gsub!(/<code><pre.*?>(.*?)<\/pre><\/code>/m){|m| "\n\nbc.. #{$1.strip}\n\np.  \n" }
+      result.gsub!(/<code>(.*?)<\/code>/) { "\n\nbc. #{$1.strip}\n\n" }
+      result.gsub!(/<pre.*?>(.*?)<\/pre>/m){|m| "\n\nbc.. #{$1.strip}\n\np.  \n" }
+
+      result.gsub!(/<li.*?>([\s\S]*?)<\/li>/m){"\n* #{$1.strip}"}
+      result.gsub!(/<ul>([\s\S]*?)<\/ul>/m){ "#{$1.strip}\n" }
+      result.gsub!(/(<ul>)|(<\/ul>|(<ol>)|(<\/ol>))/, "\n")
+      result.gsub!(/<li>/, "\n* ")
+      result.gsub!(/<\/li>/, "\n")
+
+      result.gsub!(/<strong>(.*?)<\/strong>/) { "*#{$1.strip}*" }
+      result.gsub!(/<span.*?>(.*?)<\/span>/m){"#{$1.strip}\n"}
+
+      result
+    end
+
+    # Replace periods for commas as decimals
+    def cleanup_decimals(source)
+      result = source.dup
+      result.gsub!(/([0-9])\,([0-9])/, '\1.\2')
+      result
+    end
+
+    def format_table(str)
+      return unless str.include?('</table>')
+
+      str.gsub!(/<table.*?>[\s\S]*<\/table>/) do |table|
+        rows = ['']
+
+        table.scan(/<tr>[\s\S]*?<\/tr>/).each do |tr|
+          row = '|'
+
+          tr.scan(/<td.*?>[\s\S]*?<\/td>/).each do |data|
+            header = rows.empty? ? '_. ' : ''
+            row << "#{header}#{data.gsub(/<td.*?>|<\/td>/, '')}|"
+          end
+
+          rows << row
+        end
+
+        rows.join("\n")
+      end
+    end
+
+    # Some of the values have embedded HTML conent that we need to strip
+    def tags_with_html_content
+      [:details, :description, :detailed_information, :impact, :recommendation]
+    end
+
+    def tags_with_commas
+      [:cvss3_score, :cvss3_tempscore, :cvss3_envscore]
+    end
+  end
+end

data/lib/acunetix/report_item.rb

@@ -8,6 +8,8 @@ module Acunetix
   # Instead of providing separate methods for each supported property we rely
   # on Ruby's #method_missing to do most of the work.
   class ReportItem
+    include Cleanup
+
     attr_accessor :xml
 
     # Accepts an XML node from Nokogiri::XML.
@@ -113,37 +115,6 @@ module Acunetix
 
     private
 
-    def cleanup_html(source)
-      result = source.dup
-      result.gsub!(/"/, '"')
-      result.gsub!(/&/, '&')
-      result.gsub!(/&lt;/, '<')
-      result.gsub!(/&gt;/, '>')
-
-      result.gsub!(/<b>(.*?)<\/b>/) { "*#{$1.strip}*" }
-      result.gsub!(/<br\/>/, "\n")
-      result.gsub!(/<font.*?>(.*?)<\/font>/m, '\1')
-      result.gsub!(/<h2>(.*?)<\/h2>/) { "*#{$1.strip}*" }
-      result.gsub!(/<i>(.*?)<\/i>/, '\1')
-      result.gsub!(/<p>(.*?)<\/p>/, '\1')
-      result.gsub!(/<code><pre.*?>(.*?)<\/pre><\/code>/m){|m| "\n\nbc.. #{$1.strip}\n\np.  \n" }
-      result.gsub!(/<pre.*?>(.*?)<\/pre>/m){|m| "\n\nbc.. #{$1.strip}\n\np.  \n" }
-      result.gsub!(/<ul>(.*?)<\/ul>/m){"#{$1.strip}\n"}
-
-      result.gsub!(/<li>(.*?)<\/li>/){"\n* #{$1.strip}"}
-
-      result.gsub!(/<strong>(.*?)<\/strong>/) { "*#{$1.strip}*" }
-      result.gsub!(/<span.*?>(.*?)<\/span>/m){"#{$1.strip}\n"} 
-
-      result
-    end
-
-    def cleanup_decimals(source)
-      result = source.dup
-      result.gsub!(/([0-9])\,([0-9])/, '\1.\2')
-      result
-    end
-
     def references_list
       references = ''
       xml.xpath('./References/Reference').each do |xml_reference|
@@ -154,15 +125,5 @@ module Acunetix
       end
       references
     end
-
-    # Some of the values have embedded HTML conent that we need to strip
-    def tags_with_html_content
-      [:details, :description, :detailed_information, :impact, :recommendation]
-    end
-
-    def tags_with_commas
-      [:cvss3_score, :cvss3_tempscore, :cvss3_envscore]
-    end
-
   end
 end

data/lib/acunetix/vulnerability.rb

@@ -0,0 +1,110 @@
+module Acunetix
+  class Vulnerability
+    include Cleanup
+
+    attr_accessor :xml
+
+    # Accepts an XML node from Nokogiri::XML.
+    def initialize(xml_node)
+      @xml = xml_node
+    end
+
+    def supported_tags
+      [
+        # Vulnerability fields
+        :capec, :certainty, :confirmed, :cvss31_base, :cvss31_environmental,
+        :cvss31_temporal, :cvss31_vector, :cvss_base, :cvss_environmental,
+        :cvss_temporal, :cvss_vector, :cwe, :description, :exploitation_skills,
+        :external_references, :hipaa, :impact, :iso27001, :name, :owasp,
+        :owasppc, :pci32, :remedial_actions, :remedial_procedure,
+        :remedy_references, :severity, :state, :type, :url, :wasc,
+
+        # Evidence fields
+        :http_request, :http_request_method,
+        :http_response, :http_response_status_code, :http_response_duration
+      ]
+    end
+
+    # This allows external callers (and specs) to check for implemented
+    # properties
+    def respond_to?(method, include_private=false)
+      return true if supported_tags.include?(method.to_sym)
+      super
+    end
+
+    # This method is invoked by Ruby when a method that is not defined in this
+    # instance is called.
+    #
+    # In our case we inspect the @method@ parameter and try to find the
+    # attribute, simple descendent or collection that it maps to in the XML
+    # tree.
+    def method_missing(method, *args)
+      # We could remove this check and return nil for any non-recognized tag.
+      # The problem would be that it would make tricky to debug problems with
+      # typos. For instance: <>.potr would return nil instead of raising an
+      # exception
+      unless supported_tags.include?(method)
+        super
+        return
+      end
+
+      translations_table = vulnerability_table.merge(evidence_table)
+
+      method_name = translations_table.fetch(method, method.to_s.dasherize)
+
+      # then we try the children tags
+      tag = xml.at_xpath("./#{method_name}")
+      if tag && !tag.text.blank?
+        if tags_with_html_content.include?(method)
+          return cleanup_html(tag.text)
+        else
+          return tag.text
+        end
+      else
+        'n/a'
+      end
+
+      # nothing found
+      return nil
+    end
+
+    private
+
+    # Define a hash to get the actual XPATH operator we will use to
+    # find the field value, given a field name.
+    def vulnerability_table
+      owasp_fields = [
+        :owasp, :wasc, :cwe, :capec, :pci32, :hipaa, :owasppc, :iso27001
+      ]
+      vulnerability_table = {
+        cvss_vector: 'cvss/vector',
+        cvss_base: 'cvss/score/type[. = "Base"]/following::value',
+        cvss_temporal: 'cvss/score/type[. = "Temporal"]/following::value',
+        cvss_environmental: 'cvss/score/type[. = "Environmental"]/following::value',
+        cvss31_vector: 'cvss31/vector',
+        cvss31_base: 'cvss31/score/type[. = "Base"]/following::value',
+        cvss31_temporal: 'cvss31/score/type[. = "Temporal"]/following::value',
+        cvss31_environmental: 'cvss31/score/type[. = "Environmental"]/following::value',
+      }
+
+      vulnerability_table.merge! Hash[owasp_fields.map { |field| [field, field.to_s] }]
+
+      # Append the 'classifications' parent to each translated field name
+      vulnerability_table.each do |_, value|
+        value.replace("classification/#{value}")
+      end
+
+      vulnerability_table
+    end
+
+    def evidence_table
+      {
+        http_request: 'http-request/content',
+        http_request_method: 'http-request/method',
+        http_response: 'http-response/content',
+        http_response_status_code: 'http-response/status-code',
+        http_response_duration: 'http-response/duration'
+      }
+    end
+  end
+end

data/lib/dradis-acunetix.rb

@@ -5,5 +5,7 @@ require 'dradis-plugins'
 require 'dradis/plugins/acunetix'
 
 # load supporting Acunetix classes
+require 'acunetix/concerns/cleanup'
 require 'acunetix/report_item'
-require 'acunetix/scan'
+require 'acunetix/scan'
+require 'acunetix/vulnerability'

data/lib/dradis/plugins/acunetix/field_processor.rb

@@ -4,11 +4,15 @@ module Dradis::Plugins::Acunetix
   class FieldProcessor < Dradis::Plugins::Upload::FieldProcessor
 
     def post_initialize(args={})
-      if data.name == "Scan"
-        @acunetix_object = ::Acunetix::Scan.new(data)
-      else
-        @acunetix_object = ::Acunetix::ReportItem.new(data)
-      end
+      @acunetix_object =
+        case data.name
+        when 'Scan'
+          ::Acunetix::Scan.new(data)
+        when 'vulnerability'
+          ::Acunetix::Vulnerability.new(data)
+        else
+          ::Acunetix::ReportItem.new(data)
+        end
     end
 
     def value(args={})

data/lib/dradis/plugins/acunetix/formats/acunetix360.rb

@@ -0,0 +1,51 @@
+module Dradis::Plugins::Acunetix::Formats
+  module Acunetix360
+
+    private
+
+    def process_acunetix360
+      process_target_node
+      process_acunetix360_vulnerabilities
+    end
+
+    def process_target_node
+      target_xml = xml.at_xpath('//acunetix-360/target')
+      @scan_node = content_service.create_node(
+        label: target_xml.at_xpath('url').text,
+        type: :host
+      )
+
+      logger.info { "Creating target node: #{scan_node.label}" }
+
+      if scan_node.respond_to?(:properties)
+        scan_node.set_property(:scan_id, target_xml.at_xpath('scan-id').text)
+        scan_node.set_property(:initiated, target_xml.at_xpath('initiated').text)
+        scan_node.set_property(:duration, target_xml.at_xpath('duration').text)
+      end
+    end
+
+    def process_acunetix360_vulnerabilities
+      logger.info { 'Creating issues from Acunetix360 vulnerabilities.' }
+
+      xml.xpath('//acunetix-360/vulnerabilities/vulnerability').each do |vuln_xml|
+        issue_text = template_service.process_template(
+          template: 'vulnerability_360',
+          data: vuln_xml
+        )
+
+        type = vuln_xml.at_xpath('type').text
+
+        logger.info { "\t\t => Creating new issue: #{type}" }
+        issue = content_service.create_issue(text: issue_text, id: type)
+
+        evidence_text = template_service.process_template(
+          template: 'evidence_360',
+          data: vuln_xml
+        )
+
+        logger.info { "\t\t => Creating new evidence" }
+        content_service.create_evidence(issue: issue, node: scan_node, content: evidence_text)
+      end
+    end
+  end
+end

data/lib/dradis/plugins/acunetix/formats/standard.rb

@@ -0,0 +1,58 @@
+module Dradis::Plugins::Acunetix::Formats
+  module Standard
+
+    private
+
+    def process_standard
+      xml.xpath('/ScanGroup/Scan').each do |xml_scan|
+        process_scan(xml_scan)
+      end
+    end
+
+    def process_scan(xml_scan)
+      url = xml_scan.at_xpath('./StartURL').text()
+      start_url = URI::parse(url).host || url # urls wo/ protocol returned nil
+
+      self.scan_node = content_service.create_node(label: start_url, type: :host)
+      logger.info{ "\tScan start URL: #{start_url}" }
+
+      # Define Node properties
+      if scan_node.respond_to?(:properties)
+        scan_node.set_property(:short_name, xml_scan.at_xpath('./ShortName').text() )
+        scan_node.set_property(:start_url, start_url)
+        scan_node.set_property(:start_time, xml_scan.at_xpath('./StartTime').text() )
+        scan_node.set_property(:finish_time, xml_scan.at_xpath('./FinishTime').text() )
+        scan_node.set_property(:scan_time, xml_scan.at_xpath('./ScanTime').text() )
+        scan_node.set_property(:aborted, xml_scan.at_xpath('./Aborted').text() )
+        scan_node.set_property(:responsive, xml_scan.at_xpath('./Responsive').text() )
+        scan_node.set_property(:banner, xml_scan.at_xpath('./Banner').text() )
+        scan_node.set_property(:os, xml_scan.at_xpath('./Os').text() )
+        scan_node.set_property(:web_server, xml_scan.at_xpath('./WebServer').text() )
+        scan_node.set_property(:technologies, xml_scan.at_xpath('./Technologies').text() )
+        scan_node.save
+      end
+
+      scan_note = template_service.process_template(template: 'scan', data: xml_scan)
+      content_service.create_note text: scan_note, node: scan_node
+
+      xml_scan.xpath('./ReportItems/ReportItem').each do |xml_report_item|
+        process_report_item(xml_report_item)
+      end
+    end
+
+    def process_report_item(xml_report_item)
+      plugin_id = "%s/%s" % [
+                              xml_report_item.at_xpath('./ModuleName').text(),
+                              xml_report_item.at_xpath('./Name').text()
+                            ]
+      logger.info { "\t\t => Creating new issue (plugin_id: #{plugin_id})" }
+
+      issue_text = template_service.process_template(template: 'report_item', data: xml_report_item)
+      issue = content_service.create_issue(text: issue_text, id: plugin_id)
+
+      logger.info { "\t\t => Creating new evidence" }
+      evidence_content = template_service.process_template(template: 'evidence', data: xml_report_item)
+      content_service.create_evidence(issue: issue, node: scan_node, content: evidence_content)
+    end
+  end
+end

data/lib/dradis/plugins/acunetix/gem_version.rb

@@ -7,8 +7,8 @@ module Dradis
       end
 
       module VERSION
-        MAJOR = 3
-        MINOR = 19
+        MAJOR = 4
+        MINOR = 0
         TINY = 0
         PRE = nil
 

data/lib/dradis/plugins/acunetix/importer.rb

@@ -1,5 +1,12 @@
+require 'dradis/plugins/acunetix/formats/standard'
+require 'dradis/plugins/acunetix/formats/acunetix360'
+
 module Dradis::Plugins::Acunetix
   class Importer < Dradis::Plugins::Upload::Importer
+    include Dradis::Plugins::Acunetix::Formats::Standard
+    include Dradis::Plugins::Acunetix::Formats::Acunetix360
+
+    attr_accessor :scan_node, :xml
 
     # The framework will call this function if the user selects this plugin from
     # the dropdown list and uploads a file.
@@ -8,71 +15,25 @@ module Dradis::Plugins::Acunetix
       file_content    = File.read( params.fetch(:file) )
 
       logger.info{'Parsing Acunetix output file...'}
-      @doc = Nokogiri::XML( file_content )
+      @xml = Nokogiri::XML( file_content )
       logger.info{'Done.'}
 
-      if @doc.xpath('/ScanGroup/Scan').empty?
+      if xml.xpath('/ScanGroup/Scan').present?
+        logger.info { 'Standard Acunetix import detected.' }
+        process_standard
+
+        return true
+      elsif xml.xpath('//acunetix-360').present?
+        logger.info { 'Acunetix360 import detected.' }
+        process_acunetix360
+
+        return true
+      else
         error = "No scan results were detected in the uploaded file (/ScanGroup/Scan). Ensure you uploaded an Acunetix XML report."
         logger.fatal{ error }
         content_service.create_note text: error
         return false
       end
-
-      @doc.xpath('/ScanGroup/Scan').each do |xml_scan|
-        process_scan(xml_scan)
-      end
-
-      return true
     end # /import
-
-
-    private
-    attr_accessor :scan_node
-
-    def process_scan(xml_scan)
-      url = xml_scan.at_xpath('./StartURL').text()
-      start_url = URI::parse(url).host || url # urls wo/ protocol returned nil
-
-      self.scan_node = content_service.create_node(label: start_url, type: :host)
-      logger.info{ "\tScan start URL: #{start_url}" }
-
-      # Define Node properties
-      if scan_node.respond_to?(:properties)
-        scan_node.set_property(:short_name, xml_scan.at_xpath('./ShortName').text() )
-        scan_node.set_property(:start_url, start_url)
-        scan_node.set_property(:start_time, xml_scan.at_xpath('./StartTime').text() )
-        scan_node.set_property(:finish_time, xml_scan.at_xpath('./FinishTime').text() )
-        scan_node.set_property(:scan_time, xml_scan.at_xpath('./ScanTime').text() )
-        scan_node.set_property(:aborted, xml_scan.at_xpath('./Aborted').text() )
-        scan_node.set_property(:responsive, xml_scan.at_xpath('./Responsive').text() )
-        scan_node.set_property(:banner, xml_scan.at_xpath('./Banner').text() )
-        scan_node.set_property(:os, xml_scan.at_xpath('./Os').text() )
-        scan_node.set_property(:web_server, xml_scan.at_xpath('./WebServer').text() )
-        scan_node.set_property(:technologies, xml_scan.at_xpath('./Technologies').text() )
-        scan_node.save
-      end
-
-      scan_note = template_service.process_template(template: 'scan', data: xml_scan)
-      content_service.create_note text: scan_note, node: scan_node
-
-      xml_scan.xpath('./ReportItems/ReportItem').each do |xml_report_item|
-        process_report_item(xml_report_item)
-      end
-    end
-
-    def process_report_item(xml_report_item)
-      plugin_id = "%s/%s" % [
-                              xml_report_item.at_xpath('./ModuleName').text(),
-                              xml_report_item.at_xpath('./Name').text()
-                            ]
-      logger.info{ "\t\t => Creating new issue (plugin_id: #{plugin_id})" }
-
-      issue_text = template_service.process_template(template: 'report_item', data: xml_report_item)
-      issue = content_service.create_issue(text: issue_text, id: plugin_id)
-
-      logger.info{ "\t\t => Creating new evidence" }
-      evidence_content = template_service.process_template(template: 'evidence', data: xml_report_item)
-      content_service.create_evidence(issue: issue, node: scan_node, content: evidence_content)
-    end
   end
 end

data/templates/evidence.fields

@@ -5,3 +5,5 @@ evidence.aop_source_file
 evidence.aop_source_line
 evidence.aop_additional
 evidence.is_false_positive
+evidence.request
+evidence.response

data/templates/evidence.sample

@@ -9,4 +9,24 @@
   <AOP_SourceLine>0</AOP_SourceLine>
   <AOP_Additional><![CDATA[]]></AOP_Additional>
   <IsFalsePositive><![CDATA[False]]></IsFalsePositive>
-</ReportItem>
+  <TechnicalDetails>
+    <Request><![CDATA[GET /hpp/params.php?p=1'%22()%26%25&lt;ScRiPt%20&gt;prompt(951846)&lt;/ScRiPt&gt;&amp;pp=1 HTTP/1.1
+Referer: http://testphp.vulnweb.com:80/
+Host: testphp.vulnweb.com
+Connection: Keep-alive
+Accept-Encoding: gzip,deflate
+User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
+Accept: */*
+
+]]></Request>
+    <Response><![CDATA[HTTP/1.1 200 OK
+Server: nginx/1.4.1
+Date: Tue, 07 Oct 2014 17:30:28 GMT
+Content-Type: text/html
+Connection: keep-alive
+X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
+Original-Content-Encoding: gzip
+Content-Length: 40
+]]></Response>
+  </TechnicalDetails>
+</ReportItem>

data/templates/evidence_360.fields

@@ -0,0 +1,5 @@
+evidence_360.http_request
+evidence_360.http_request_method
+evidence_360.http_response
+evidence_360.http_response_status_code
+evidence_360.http_response_duration

data/templates/evidence_360.sample

@@ -0,0 +1,114 @@
+<vulnerability>
+  <http-request>
+              <method>GET</method>
+                <parameters>
+                    <parameter name="param1" type="UrlRewrite" value="&amp;apos;))&amp;#32;WAITFOR&amp;#32;DELAY&amp;#32;&amp;apos;0:0:25&amp;apos;--" vulnerable="vulnerable" />
+                </parameters>
+              <content><![CDATA[GET /blog/%27))%20WAITFOR%20DELAY%20%270%3a0%3a25%27--/ HTTP/1.1
+  Host: aspnet.testsparker.com
+  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
+  Accept-Encoding: gzip, deflate
+  Accept-Language: en-us,en;q=0.5
+  Cache-Control: no-cache
+  Cookie: ASP.NET_SessionId=44lomqqluxhcl2e4yxvrmxsq; TestCookie=Hello
+  Referer: http://aspnet.testsparker.com/Blogs.aspx
+  User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
+  X-Scanner: Acunetix 360
+
+  ]]></content>
+            </http-request>
+              <http-response>
+                <status-code>404</status-code>
+                <duration>25024.4049</duration>
+                <content><![CDATA[HTTP/1.1 404 Not Found
+  Server: Microsoft-IIS/8.5
+  X-Powered-By: ASP.NET
+  X-AspNet-Version: 4.0.30319
+  Content-Length: 3084
+  Content-Type: text/html; charset=utf-8
+  Date: Tue, 16 Jun 2020 13:15:01 GMT
+  Cache-Control: private
+
+
+
+  <!DOCTYPE html>
+
+  <html xmlns="http://www.w3.org/1999/xhtml">
+  <head><meta http-equiv="content-type" content="text/html; charset=UTF-8" /><meta charset="utf-8" /><title>
+    Bitcoin Web Site
+  </title><meta name="generator" content="Bootply" /><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /><link href="//maxcdn.bootstrapcdn.com/bootstrap/3.0.3/css/bootstrap.min.css" rel="stylesheet" /><link href="/statics/style.css" rel="stylesheet" />
+      <!--[if lt IE 9]>
+          <script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script>
+      <![endif]-->
+  </head>
+  <body>
+      <div id="resetbar">
+          This website is automatically reset at every midnight (00:00 - UTC).
+      </div>
+      <form method="post" action="" id="form1">
+  <div class="aspNetHidden">
+  <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJLTIzMTExOTgyZGSsxJXO6Juz0H9WnmLaZ/ANH9shOpBmzSi1EHH6egImZA==" />
+  </div>
+
+  <div class="aspNetHidden">
+
+    <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="5C9CE5AE" />
+  </div>
+          <div class="navbar navbar-default">
+              <div class="container">
+                  
+                      <a class="navbar-brand">Bitcoin Web Site</a>
+                      <ul class="nav navbar-nav">
+                          <li><a href="/Default.aspx">Home</a></li>
+                          <li><a href="/Blogs.aspx">Blog</a></li>
+                          <li><a href="/Shop.aspx">Shop</a></li>
+                          <li><a href="/Converter.aspx">Converter & Pricings</a></li>
+                          <li><a href="/Request.aspx?r=/statics/download/">Demo</a></li>
+                          <li><a href="/Help.aspx">Help</a></li>
+                          <li><a href="/Contact.aspx">Contact</a></li>
+                          <li><a href="/administrator/Login.aspx">Login</a></li>
+                      </ul>
+                  
+              </div>
+          </div>
+          <div class="container">
+              <div>
+                  <!-- contentTop -->
+                  
+              </div>
+              <div class="row">
+                  <!-- contentCenterMenu -->
+                  
+      
+
+  <h1>
+      <span id="contentCenterMenu_blogSQLInjection_lblSubject"></span>
+  </h1>
+  <p>
+      <span id="contentCenterMenu_blogSQLInjection_lblDate" style="font-style:italic;"></span>
+  </p>
+  <p>
+      <span id="contentCenterMenu_blogSQLInjection_lblContent"></span>
+  </p>
+
+
+              </div>
+              <hr />
+          </div>
+          <!-- /container -->
+          <!-- script references -->
+          <div id="footer">
+              <div class="container">
+                  
+
+                  <p class="muted credit"><a href="/redirect.aspx?site=bitcoin.org" target="_blank" rel="noopener noreferrer">Bitcoin Foundation.</a></p>
+              </div>
+          </div>
+          <script src="//ajax.googleapis.com/ajax/libs/jquery/2.0.2/jquery.min.js"></script>
+          <script src="//maxcdn.bootstrapcdn.com/bootstrap/3.0.3/js/bootstrap.min.js"></script>
+      </form>
+  </body>
+  </html>
+  ]]></content>
+  </http-response>
+</vulnerability>

data/templates/evidence_360.template

@@ -0,0 +1,5 @@
+#[HTTP Request]#
+%evidence_360.http_request%
+
+#[HTTP Response]#
+%evidence_360.http_response%

data/templates/vulnerability_360.fields

@@ -0,0 +1,30 @@
+vulnerability_360.name
+vulnerability_360.type
+vulnerability_360.url
+vulnerability_360.description
+vulnerability_360.impact
+vulnerability_360.remedial_actions
+vulnerability_360.exploitation_skills
+vulnerability_360.remedial_procedure
+vulnerability_360.remedy_references
+vulnerability_360.external_references
+vulnerability_360.severity
+vulnerability_360.certainty
+vulnerability_360.confirmed
+vulnerability_360.state
+vulnerability_360.owasp
+vulnerability_360.wasc
+vulnerability_360.cwe
+vulnerability_360.capec
+vulnerability_360.pci32
+vulnerability_360.hipaa
+vulnerability_360.owasppc
+vulnerability_360.iso27001
+vulnerability_360.cvss_vector
+vulnerability_360.cvss_base
+vulnerability_360.cvss_temporal
+vulnerability_360.cvss_environmental
+vulnerability_360.cvss31_vector
+vulnerability_360.cvss31_base
+vulnerability_360.cvss31_temporal
+vulnerability_360.cvss31_environmental

data/templates/vulnerability_360.sample

@@ -0,0 +1,90 @@
+<vulnerability>
+  <LookupId>d202b64e-8451-407c-3680-abdc02f0038f</LookupId>
+  <url>http://aspnet.testsparker.com/blog/%27))%20WAITFOR%20DELAY%20%270%3a0%3a25%27--/</url>
+  <type>ConfirmedBlindSqlInjection</type>
+  <name>Blind SQL Injection</name>
+  <severity>Critical</severity>
+  <certainty>100</certainty>
+  <confirmed>True</confirmed>
+  <state>Present</state>
+  <FirstSeenDate>6/16/2020 1:41:23 PM +00:00</FirstSeenDate>
+  <LastSeenDate>6/16/2020 1:41:23 PM +00:00</LastSeenDate>
+  <classification>
+    <owasp>A1</owasp>
+    <wasc>19</wasc>
+    <cwe>89</cwe>
+    <capec>66</capec>
+    <pci32>6.5.1</pci32>
+    <hipaa>164.306(a), 164.308(a)</hipaa>
+    <owasppc></owasppc>
+    <iso27001>A.14.2.5</iso27001>
+
+
+      <cvss>
+        <vector>CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N</vector>
+
+        <score>
+          <type>Base</type>
+          <value>8.6</value>
+          <severity>High</severity>
+        </score>
+        <score>
+          <type>Temporal</type>
+          <value>8.6</value>
+          <severity>High</severity>
+        </score>
+        <score>
+          <type>Environmental</type>
+          <value>8.6</value>
+          <severity>High</severity>
+        </score>
+
+      </cvss>
+
+
+
+      <cvss31>
+        <vector>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N</vector>
+
+        <score>
+          <type>Base</type>
+          <value>8.6</value>
+          <severity>High</severity>
+        </score>
+        <score>
+          <type>Temporal</type>
+          <value>8.6</value>
+          <severity>High</severity>
+        </score>
+        <score>
+          <type>Environmental</type>
+          <value>8.6</value>
+          <severity>High</severity>
+        </score>
+
+      </cvss31>
+  </classification>
+
+  <description><![CDATA[<p>Acunetix 360 identified a Blind SQL Injection, which occurs when data input by a user is interpreted as an SQL command rather than as normal data by the backend database.</p>
+<p>This is an extremely common vulnerability and its successful exploitation can have critical implications.</p>
+<p>Acunetix 360 <strong>confirmed</strong> the vulnerability by executing a test SQL query on the backend database. In these tests, SQL injection was not obvious, but the different responses from the page based on the injection test allowed us to identify and confirm the SQL injection.</p>]]></description>
+  <impact><![CDATA[<div>Depending on the backend database, the database connection settings, and the operating system, an attacker can mount one or more of the following attacks successfully:
+<ul>
+<li>Reading, updating and deleting arbitrary data or tables from the database</li>
+<li>Executing commands on the underlying operating system</li>
+</ul>
+</div>]]></impact>
+  <remedial-actions><![CDATA[<div>
+<ol>
+<li>See the remedy for solution.</li>
+<li>If you are not using a database access layer (DAL), consider using one. This will help you centralize the issue. You can also use ORM (<em>object relational mapping</em>). Most of the ORM systems use only parameterized queries and this can solve the whole SQL injection problem.</li>
+<li>Locate the all dynamically generated SQL queries and convert them to parameterized queries. <em>(If you decide to use a DAL/ORM, change all legacy code to use these new libraries.)</em></li>
+<li>Use your weblogs and application logs to see if there were any previous but undetected attacks to this resource.</li>
+</ol>
+</div>]]></remedial-actions>
+  <exploitation-skills><![CDATA[<div>There are numerous freely available tools to exploit SQL injection vulnerabilities. This is a complex area with many dependencies; however, it should be noted that the numerous resources available in this area have raised both attacker awareness of the issues and their ability to discover and leverage them. SQL injection is one of the most common web application vulnerabilities.</div>]]></exploitation-skills>
+  <remedial-procedure><![CDATA[<div>A robust method for mitigating the threat of SQL injection-based vulnerabilities is to use parameterized queries (<em>prepared statements</em>). Almost all modern languages provide built-in libraries for this. Wherever possible, do not create dynamic SQL queries or SQL queries with string concatenation.</div>]]></remedial-procedure>
+  <remedy-references><![CDATA[<div><ul><li><a target='_blank' href='https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet'><i class='icon-external-link'></i>SQL injection Prevention Cheat Sheet</a></li><li><a target='_blank' href='http://bobby-tables.com'><i class='icon-external-link'></i>A guide to preventing SQL injection</a></li></ul></div>]]></remedy-references>
+  <external-references><![CDATA[<div><ul><li><a target='_blank' href='https://www.owasp.org/index.php/Blind_SQL_Injection'><i class='icon-external-link'></i>Blind SQL Injection</a></li><li><a target='_blank' href='https://www.acunetix.com/blog/web-security/sql-injection-cheat-sheet/#BlindSQLInjections'><i class='icon-external-link'></i>SQL Injection Cheat Sheet[#Blind]</a></li><li><a target='_blank' href='https://www.owasp.org/index.php/SQL_injection'><i class='icon-external-link'></i>OWASP SQL injection</a></li><li><a target='_blank' href='https://www.acunetix.com/blog/web-security/sql-injection-vulnerability/'><i class='icon-external-link'></i>SQL Injection Vulnerability</a></li></ul></div>]]></external-references>
+  <proof-of-concept></proof-of-concept>
+</vulnerability>

data/templates/vulnerability_360.template

@@ -0,0 +1,74 @@
+#[Title]#
+%vulnerability_360.name%
+
+#[Type]#
+%vulnerability_360.type%
+
+#[URL]#
+%vulnerability_360.url%
+
+#[Severity]#
+%vulnerability_360.severity%
+
+#[Description]#
+%vulnerability_360.description%
+
+#[Impact]#
+%vulnerability_360.impact%
+
+#[Certainty]#
+%vulnerability_360.certainty%
+
+#[Confirmed]#
+%vulnerability_360.confirmed%
+
+#[State]#
+%vulnerability_360.state%
+
+#[OWASP]#
+%vulnerability_360.owasp%
+
+#[WASC]#
+%vulnerability_360.wasc%
+
+#[CWE]#
+%vulnerability_360.cwe%
+
+#[CAPEC]#
+%vulnerability_360.capec%
+
+#[PCI32]#
+%vulnerability_360.pci32%
+
+#[HIPAA]#
+%vulnerability_360.hipaa%
+
+#[OWASPPC]#
+%vulnerability_360.owasppc%
+
+#[ISO27001]#
+%vulnerability_360.iso27001%
+
+#[CVSSVector]#
+%vulnerability_360.cvss_vector%
+
+#[CVSSBase]#
+%vulnerability_360.cvss_base%
+
+#[CVSSTemporal]#
+%vulnerability_360.cvss_temporal%
+
+#[CVSSEnvironmental]#
+%vulnerability_360.cvss_environmental%
+
+#[CVSS3Vector]#
+%vulnerability_360.cvss31_vector%
+
+#[CVSS3Base]#
+%vulnerability_360.cvss31_base%
+
+#[CVSS3Temporal]#
+%vulnerability_360.cvss31_temporal%
+
+#[CVSS3Environmental]#
+%vulnerability_360.cvss31_environmental%

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-acunetix
 version: !ruby/object:Gem::Version
-  version: 3.19.0
+  version: 4.0.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-04 00:00:00.000000000 Z
+date: 2021-08-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: 4.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
@@ -113,12 +113,16 @@ files:
 - README.md
 - Rakefile
 - dradis-acunetix.gemspec
+- lib/acunetix/concerns/cleanup.rb
 - lib/acunetix/report_item.rb
 - lib/acunetix/scan.rb
+- lib/acunetix/vulnerability.rb
 - lib/dradis-acunetix.rb
 - lib/dradis/plugins/acunetix.rb
 - lib/dradis/plugins/acunetix/engine.rb
 - lib/dradis/plugins/acunetix/field_processor.rb
+- lib/dradis/plugins/acunetix/formats/acunetix360.rb
+- lib/dradis/plugins/acunetix/formats/standard.rb
 - lib/dradis/plugins/acunetix/gem_version.rb
 - lib/dradis/plugins/acunetix/importer.rb
 - lib/dradis/plugins/acunetix/version.rb
@@ -133,12 +137,18 @@ files:
 - templates/evidence.fields
 - templates/evidence.sample
 - templates/evidence.template
+- templates/evidence_360.fields
+- templates/evidence_360.sample
+- templates/evidence_360.template
 - templates/report_item.fields
 - templates/report_item.sample
 - templates/report_item.template
 - templates/scan.fields
 - templates/scan.sample
 - templates/scan.template
+- templates/vulnerability_360.fields
+- templates/vulnerability_360.sample
+- templates/vulnerability_360.template
 homepage: http://dradisframework.org
 licenses:
 - GPL-2
@@ -158,7 +168,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Acunetix add-on for the Dradis Framework.