dradis-nessus 3.20.0 → 4.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +41 -46
- data/CHANGELOG.template +12 -0
- data/dradis-nessus.gemspec +1 -1
- data/lib/dradis/plugins/nessus/gem_version.rb +2 -2
- data/lib/nessus/report_item.rb +11 -8
- data/templates/report_item.fields +34 -24
- data/templates/report_item.sample +10 -0
- metadata +9 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: aebe3e6ed4b8156efffada2d404edcff8bc09c4b6d4999653c88bad0c738bc5a
|
4
|
+
data.tar.gz: b41423466d39b56d9c184fa68829e146f2cbfc547f6e1b9058cbe9eb9666e2e3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 58f313a9e35f6a0644400c2c2a5bdc3c8a846ed09ab516333a732858ccefc22e42e706bf0350118c838551413a3dc5cc07e78eec855d8478080e6658ae8fe782
|
7
|
+
data.tar.gz: 85bf9c8c7113017e94acc771463bca8be8f9150410ab6ba8aabd16dacbc7a21817f5f6dafa1606ae2636125662811fa769425a8a126705c2c565ade880ffc6ac
|
data/CHANGELOG.md
CHANGED
@@ -1,64 +1,59 @@
|
|
1
|
-
|
1
|
+
v4.1.0 (November 2021)
|
2
|
+
- Add product_coverage & cvss3_impact_score as available Issue fields
|
2
3
|
|
3
|
-
|
4
|
+
v4.0.0 (July 2021)
|
5
|
+
- Add age_of_vuln, exploit_code_maturity, threat_intensity_last_28 threat_recency, & threat_sources_last_28 as available Issue fields
|
4
6
|
|
5
|
-
|
7
|
+
v3.22.0 (April 2021)
|
8
|
+
- Add report_item.cvss3_temporal_score & report_item.cvss3_temporal_vector as available fields
|
9
|
+
- Add report_item.vpr_score as an available field
|
6
10
|
|
7
|
-
|
11
|
+
v3.21.0 (February 2021)
|
12
|
+
- No changes
|
8
13
|
|
9
|
-
|
14
|
+
v3.20.0 (December 2020)
|
15
|
+
- No changes
|
10
16
|
|
11
|
-
|
17
|
+
v3.19.0 (September 2020)
|
18
|
+
- No changes
|
12
19
|
|
13
|
-
|
20
|
+
v3.18.0 (July 2020)
|
21
|
+
- No changes
|
14
22
|
|
15
|
-
|
23
|
+
v3.17.0 (May 2020)
|
24
|
+
- No changes
|
16
25
|
|
17
|
-
|
26
|
+
v3.16.0 (February 2020)
|
27
|
+
- No changes
|
18
28
|
|
19
|
-
|
29
|
+
v3.15.0 (November 2019)
|
30
|
+
- Fixed bullet points formatting to handle internal text column widths
|
20
31
|
|
21
|
-
|
32
|
+
v3.14.0 (August 2019)
|
33
|
+
- No changes
|
22
34
|
|
23
|
-
|
35
|
+
v3.13.0 (June 2019)
|
36
|
+
- No changes
|
24
37
|
|
25
|
-
|
38
|
+
v3.12.0 (March 2019)
|
39
|
+
- No changes
|
26
40
|
|
27
|
-
|
41
|
+
v3.11.0 (November 2018)
|
42
|
+
- No changes
|
28
43
|
|
29
|
-
|
44
|
+
v3.10.0 (August 2018)
|
45
|
+
- Make Issue Title available at the Evidence level
|
46
|
+
- Split services data into services and services_extra tables
|
47
|
+
- Update default configuration to match Welcome templates
|
30
48
|
|
31
|
-
|
49
|
+
v3.9.0 (January 2018)
|
50
|
+
- Correctly format bullet lists whether separated by 1 or 2 new lines
|
32
51
|
|
33
|
-
|
52
|
+
v3.8.0 (September 2017)
|
53
|
+
- Added CVSSv3 fields
|
34
54
|
|
35
|
-
|
55
|
+
v3.7.0 (July 2017)
|
56
|
+
- No changes
|
36
57
|
|
37
|
-
|
38
|
-
|
39
|
-
* No changes.
|
40
|
-
|
41
|
-
## Dradis Framework 3.10 (August, 2018) ##
|
42
|
-
|
43
|
-
* Make Issue Title available at the Evidence level
|
44
|
-
|
45
|
-
* Update default configuration to match Welcome templates
|
46
|
-
|
47
|
-
* Split services data into services and services_extra tables
|
48
|
-
|
49
|
-
## Dradis Framework 3.9 (January, 2018) ##
|
50
|
-
|
51
|
-
* Correctly format bullet lists whether separated by
|
52
|
-
1 or 2 new lines
|
53
|
-
|
54
|
-
## Dradis Framework 3.8 (September, 2017) ##
|
55
|
-
|
56
|
-
* Added CVSSv3 fields.
|
57
|
-
|
58
|
-
## Dradis Framework 3.7 (July, 2017) ##
|
59
|
-
|
60
|
-
* No changes.
|
61
|
-
|
62
|
-
## Dradis Framework 3.6 (March, 2017) ##
|
63
|
-
|
64
|
-
* No changes.
|
58
|
+
v3.6.0 (March 2017)
|
59
|
+
- No changes
|
data/CHANGELOG.template
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
[v#.#.#] ([month] [YYYY])
|
2
|
+
- [future tense verb] [feature]
|
3
|
+
- Upgraded gems:
|
4
|
+
- [gem]
|
5
|
+
- Bugs fixes:
|
6
|
+
- [future tense verb] [bug fix]
|
7
|
+
- Bug tracker items:
|
8
|
+
- [item]
|
9
|
+
- Security Fixes:
|
10
|
+
- High: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
|
11
|
+
- Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
|
12
|
+
- Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
|
data/dradis-nessus.gemspec
CHANGED
@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
|
|
25
25
|
# versions of Rails (a sure recipe for disaster, I'm sure), which is needed
|
26
26
|
# until we bump Dradis Pro to 4.1.
|
27
27
|
# s.add_dependency 'rails', '~> 4.1.1'
|
28
|
-
spec.add_dependency 'dradis-plugins', '~>
|
28
|
+
spec.add_dependency 'dradis-plugins', '~> 4.0'
|
29
29
|
spec.add_dependency 'nokogiri'
|
30
30
|
|
31
31
|
spec.add_development_dependency 'bundler', '~> 1.6'
|
data/lib/nessus/report_item.rb
CHANGED
@@ -19,15 +19,17 @@ module Nessus
|
|
19
19
|
def supported_tags
|
20
20
|
[
|
21
21
|
# attributes
|
22
|
-
:
|
22
|
+
:plugin_family, :plugin_id, :plugin_name, :port, :protocol, :svc_name, :severity,
|
23
23
|
# simple tags
|
24
|
-
:
|
25
|
-
:
|
26
|
-
:
|
27
|
-
:
|
28
|
-
:
|
29
|
-
:
|
30
|
-
:
|
24
|
+
:age_of_vuln, :cvss3_base_score, :cvss3_temporal_score, :cvss3_temporal_vector,
|
25
|
+
:cvss3_vector, :cvss_base_score, :cvss3_impact_score, :cvss_temporal_score,
|
26
|
+
:cvss_temporal_vector, :cvss_vector, :description, :exploit_available,
|
27
|
+
:exploit_code_maturity, :exploit_framework_canvas, :exploit_framework_core,
|
28
|
+
:exploitability_ease, :exploit_framework_metasploit,:metasploit_name,
|
29
|
+
:patch_publication_date, :plugin_modification_date, :plugin_output,
|
30
|
+
:plugin_publication_date, :plugin_version, :product_coverage, :risk_factor,
|
31
|
+
:solution, :synopsis, :threat_intensity_last_28, :threat_recency,
|
32
|
+
:threat_sources_last_28, :vpr_score, :vuln_publication_date,
|
31
33
|
# multiple tags
|
32
34
|
:bid_entries, :cve_entries, :see_also_entries, :xref_entries,
|
33
35
|
# compliance tags
|
@@ -68,6 +70,7 @@ module Nessus
|
|
68
70
|
# @svc_name = xml.attributes["svc_name"]
|
69
71
|
# @protocol = xml.attributes["protocol"]
|
70
72
|
# @severity = xml.attributes["severity"]
|
73
|
+
:cvss3_impact_score => 'cvssV3_impactScore',
|
71
74
|
:plugin_id => 'pluginID',
|
72
75
|
:plugin_name => 'pluginName',
|
73
76
|
:plugin_family => 'pluginFamily'
|
@@ -1,33 +1,43 @@
|
|
1
|
-
report_item.
|
2
|
-
report_item.
|
3
|
-
report_item.
|
4
|
-
report_item.
|
5
|
-
report_item.
|
6
|
-
report_item.
|
7
|
-
report_item.
|
1
|
+
report_item.age_of_vuln
|
2
|
+
report_item.bid_entries
|
3
|
+
report_item.cve_entries
|
4
|
+
report_item.cvss3_base_score
|
5
|
+
report_item.cvss3_impact_score
|
6
|
+
report_item.cvss3_temporal_score
|
7
|
+
report_item.cvss3_temporal_vector
|
8
|
+
report_item.cvss3_vector
|
9
|
+
report_item.cvss_base_score
|
10
|
+
report_item.cvss_temporal_score
|
11
|
+
report_item.cvss_temporal_vector
|
12
|
+
report_item.cvss_vector
|
13
|
+
report_item.description
|
8
14
|
report_item.exploitability_ease
|
9
|
-
report_item.
|
15
|
+
report_item.exploit_available
|
16
|
+
report_item.exploit_code_maturity
|
10
17
|
report_item.exploit_framework_canvas
|
11
|
-
report_item.exploit_framework_metasploit
|
12
18
|
report_item.exploit_framework_core
|
13
|
-
report_item.
|
14
|
-
report_item.risk_factor
|
15
|
-
report_item.description
|
16
|
-
report_item.plugin_publication_date
|
19
|
+
report_item.exploit_framework_metasploit
|
17
20
|
report_item.metasploit_name
|
18
|
-
report_item.cvss_vector
|
19
|
-
report_item.cvss3_vector
|
20
|
-
report_item.cvss_temporal_vector
|
21
|
-
report_item.cvss_temporal_score
|
22
|
-
report_item.cvss_base_score
|
23
|
-
report_item.cvss3_base_score
|
24
|
-
report_item.synopsis
|
25
|
-
report_item.exploit_available
|
26
21
|
report_item.patch_publication_date
|
22
|
+
report_item.plugin_family
|
23
|
+
report_item.plugin_id
|
27
24
|
report_item.plugin_modification_date
|
25
|
+
report_item.plugin_name
|
28
26
|
report_item.plugin_output
|
27
|
+
report_item.plugin_publication_date
|
29
28
|
report_item.plugin_version
|
30
|
-
report_item.
|
31
|
-
report_item.
|
29
|
+
report_item.port
|
30
|
+
report_item.product_coverage
|
31
|
+
report_item.protocol
|
32
|
+
report_item.risk_factor
|
32
33
|
report_item.see_also_entries
|
33
|
-
report_item.
|
34
|
+
report_item.severity
|
35
|
+
report_item.solution
|
36
|
+
report_item.svc_name
|
37
|
+
report_item.synopsis
|
38
|
+
report_item.threat_intensity_last_28
|
39
|
+
report_item.threat_recency
|
40
|
+
report_item.threat_sources_last_28
|
41
|
+
report_item.vpr_score
|
42
|
+
report_item.vuln_publication_date
|
43
|
+
report_item.xref_entries
|
@@ -7,6 +7,7 @@
|
|
7
7
|
pluginName="Apache Chunked Encoding Remote Overflow"
|
8
8
|
pluginFamily="Web Servers">
|
9
9
|
|
10
|
+
<age_of_vuln>730 days +</age_of_vuln>
|
10
11
|
<exploitability_ease>Exploits are available</exploitability_ease>
|
11
12
|
<vuln_publication_date>2002/06/19</vuln_publication_date>
|
12
13
|
<exploit_framework_canvas>true</exploit_framework_canvas>
|
@@ -24,15 +25,24 @@ If safe checks are enabled, this may be a false positive since it is based on th
|
|
24
25
|
<plugin_publication_date>2002/06/17</plugin_publication_date>
|
25
26
|
<metasploit_name>Apache Win32 Chunked Encoding</metasploit_name>
|
26
27
|
<cvss3_base_score>3.7</cvss3_base_score>
|
28
|
+
<cvss3_temporal_score>6.8</cvss3_temporal_score>
|
29
|
+
<cvss3_temporal_vector>CVSS:3.0/E:U/RL:O/RC:C</cvss3_temporal_vector>
|
27
30
|
<cvss3_vector>CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N</cvss3_vector>
|
31
|
+
<cvssV3_impactScore>5.9</cvssV3_impactScore>
|
28
32
|
<cvss_vector>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P</cvss_vector>
|
29
33
|
<synopsis>The remote web server is vulnerable to a remote code execution attack.</synopsis>
|
34
|
+
<threat_intensity_last_28>Very Low</threat_intensity_last_28>
|
35
|
+
<threat_recency>> 365 days</threat_recency>
|
36
|
+
<threat_sources_last_28>No recorded events</threat_sources_last_28>
|
30
37
|
<plugin_type>remote</plugin_type>
|
31
38
|
<see_also>http://httpd.apache.org/info/security_bulletin_20020617.txt</see_also>
|
32
39
|
<see_also>http://httpd.apache.org/info/security_bulletin_20020620.txt</see_also>
|
33
40
|
<exploit_available>true</exploit_available>
|
41
|
+
<exploit_code_maturity>Unproven</exploit_code_maturity>
|
34
42
|
<plugin_modification_date>2011/03/08</plugin_modification_date>
|
35
43
|
<cvss_base_score>7.5</cvss_base_score>
|
44
|
+
<vpr_score>6.7</vpr_score>
|
45
|
+
<product_coverage>Low</product_coverage>
|
36
46
|
<canvas_package>CANVAS</canvas_package>
|
37
47
|
<cve>CVE-2002-0392</cve>
|
38
48
|
<bid>5033</bid>
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dradis-nessus
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 4.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Daniel Martin
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-11-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dradis-plugins
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '
|
19
|
+
version: '4.0'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '
|
26
|
+
version: '4.0'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: nokogiri
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -107,6 +107,7 @@ files:
|
|
107
107
|
- ".gitignore"
|
108
108
|
- ".rspec"
|
109
109
|
- CHANGELOG.md
|
110
|
+
- CHANGELOG.template
|
110
111
|
- CONTRIBUTING.md
|
111
112
|
- Gemfile
|
112
113
|
- LICENSE
|
@@ -143,7 +144,7 @@ homepage: http://dradisframework.org
|
|
143
144
|
licenses:
|
144
145
|
- GPL-2
|
145
146
|
metadata: {}
|
146
|
-
post_install_message:
|
147
|
+
post_install_message:
|
147
148
|
rdoc_options: []
|
148
149
|
require_paths:
|
149
150
|
- lib
|
@@ -158,8 +159,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
158
159
|
- !ruby/object:Gem::Version
|
159
160
|
version: '0'
|
160
161
|
requirements: []
|
161
|
-
rubygems_version: 3.
|
162
|
-
signing_key:
|
162
|
+
rubygems_version: 3.1.6
|
163
|
+
signing_key:
|
163
164
|
specification_version: 4
|
164
165
|
summary: Nessus upload add-on for the Dradis Framework.
|
165
166
|
test_files:
|