dradis-nessus 3.21.0 → 4.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +43 -49
- data/CHANGELOG.template +12 -0
- data/dradis-nessus.gemspec +1 -1
- data/lib/dradis/plugins/nessus/gem_version.rb +2 -2
- data/lib/nessus/report_item.rb +11 -8
- data/templates/report_item.fields +34 -24
- data/templates/report_item.sample +10 -0
- metadata +9 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 39e68f750e4e6f16e4b203440d84bcf981794d2835c74349eb8bf4e383a059ee
|
|
4
|
+
data.tar.gz: 3302fca0e112a5be6bae321bdf7d6bb666469a1f44a44b8d9da7722c443363a1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 45476d65333d912cca4636f6e737669bd4950bf00d7767c7e108fc8a746e192aecae105e68c779419bc771b469404cbd8492e610a1159cb4e32a4f8b294373f5
|
|
7
|
+
data.tar.gz: 145f623c1d58cff49d95a3cc2b78844d0d863fc7395d19b41cd530456cf22d23a0d5d9d893b67c1fe7dea4ad72e64d8dec85859d07c53cb21f312d9da97617e6
|
data/CHANGELOG.md
CHANGED
|
@@ -1,68 +1,62 @@
|
|
|
1
|
-
|
|
1
|
+
v4.2.0 (February 2022)
|
|
2
|
+
- No changes
|
|
2
3
|
|
|
3
|
-
|
|
4
|
+
v4.1.0 (November 2021)
|
|
5
|
+
- Add product_coverage & cvss3_impact_score as available Issue fields
|
|
4
6
|
|
|
5
|
-
|
|
7
|
+
v4.0.0 (July 2021)
|
|
8
|
+
- Add age_of_vuln, exploit_code_maturity, threat_intensity_last_28 threat_recency, & threat_sources_last_28 as available Issue fields
|
|
6
9
|
|
|
7
|
-
|
|
10
|
+
v3.22.0 (April 2021)
|
|
11
|
+
- Add report_item.cvss3_temporal_score & report_item.cvss3_temporal_vector as available fields
|
|
12
|
+
- Add report_item.vpr_score as an available field
|
|
8
13
|
|
|
9
|
-
|
|
14
|
+
v3.21.0 (February 2021)
|
|
15
|
+
- No changes
|
|
10
16
|
|
|
11
|
-
|
|
17
|
+
v3.20.0 (December 2020)
|
|
18
|
+
- No changes
|
|
12
19
|
|
|
13
|
-
|
|
20
|
+
v3.19.0 (September 2020)
|
|
21
|
+
- No changes
|
|
14
22
|
|
|
15
|
-
|
|
23
|
+
v3.18.0 (July 2020)
|
|
24
|
+
- No changes
|
|
16
25
|
|
|
17
|
-
|
|
26
|
+
v3.17.0 (May 2020)
|
|
27
|
+
- No changes
|
|
18
28
|
|
|
19
|
-
|
|
29
|
+
v3.16.0 (February 2020)
|
|
30
|
+
- No changes
|
|
20
31
|
|
|
21
|
-
|
|
32
|
+
v3.15.0 (November 2019)
|
|
33
|
+
- Fixed bullet points formatting to handle internal text column widths
|
|
22
34
|
|
|
23
|
-
|
|
35
|
+
v3.14.0 (August 2019)
|
|
36
|
+
- No changes
|
|
24
37
|
|
|
25
|
-
|
|
38
|
+
v3.13.0 (June 2019)
|
|
39
|
+
- No changes
|
|
26
40
|
|
|
27
|
-
|
|
41
|
+
v3.12.0 (March 2019)
|
|
42
|
+
- No changes
|
|
28
43
|
|
|
29
|
-
|
|
44
|
+
v3.11.0 (November 2018)
|
|
45
|
+
- No changes
|
|
30
46
|
|
|
31
|
-
|
|
47
|
+
v3.10.0 (August 2018)
|
|
48
|
+
- Make Issue Title available at the Evidence level
|
|
49
|
+
- Split services data into services and services_extra tables
|
|
50
|
+
- Update default configuration to match Welcome templates
|
|
32
51
|
|
|
33
|
-
|
|
52
|
+
v3.9.0 (January 2018)
|
|
53
|
+
- Correctly format bullet lists whether separated by 1 or 2 new lines
|
|
34
54
|
|
|
35
|
-
|
|
55
|
+
v3.8.0 (September 2017)
|
|
56
|
+
- Added CVSSv3 fields
|
|
36
57
|
|
|
37
|
-
|
|
58
|
+
v3.7.0 (July 2017)
|
|
59
|
+
- No changes
|
|
38
60
|
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
## Dradis Framework 3.11 (November, 2018) ##
|
|
42
|
-
|
|
43
|
-
* No changes.
|
|
44
|
-
|
|
45
|
-
## Dradis Framework 3.10 (August, 2018) ##
|
|
46
|
-
|
|
47
|
-
* Make Issue Title available at the Evidence level
|
|
48
|
-
|
|
49
|
-
* Update default configuration to match Welcome templates
|
|
50
|
-
|
|
51
|
-
* Split services data into services and services_extra tables
|
|
52
|
-
|
|
53
|
-
## Dradis Framework 3.9 (January, 2018) ##
|
|
54
|
-
|
|
55
|
-
* Correctly format bullet lists whether separated by
|
|
56
|
-
1 or 2 new lines
|
|
57
|
-
|
|
58
|
-
## Dradis Framework 3.8 (September, 2017) ##
|
|
59
|
-
|
|
60
|
-
* Added CVSSv3 fields.
|
|
61
|
-
|
|
62
|
-
## Dradis Framework 3.7 (July, 2017) ##
|
|
63
|
-
|
|
64
|
-
* No changes.
|
|
65
|
-
|
|
66
|
-
## Dradis Framework 3.6 (March, 2017) ##
|
|
67
|
-
|
|
68
|
-
* No changes.
|
|
61
|
+
v3.6.0 (March 2017)
|
|
62
|
+
- No changes
|
data/CHANGELOG.template
ADDED
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
[v#.#.#] ([month] [YYYY])
|
|
2
|
+
- [future tense verb] [feature]
|
|
3
|
+
- Upgraded gems:
|
|
4
|
+
- [gem]
|
|
5
|
+
- Bugs fixes:
|
|
6
|
+
- [future tense verb] [bug fix]
|
|
7
|
+
- Bug tracker items:
|
|
8
|
+
- [item]
|
|
9
|
+
- Security Fixes:
|
|
10
|
+
- High: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
|
|
11
|
+
- Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
|
|
12
|
+
- Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
|
data/dradis-nessus.gemspec
CHANGED
|
@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
|
|
|
25
25
|
# versions of Rails (a sure recipe for disaster, I'm sure), which is needed
|
|
26
26
|
# until we bump Dradis Pro to 4.1.
|
|
27
27
|
# s.add_dependency 'rails', '~> 4.1.1'
|
|
28
|
-
spec.add_dependency 'dradis-plugins', '~>
|
|
28
|
+
spec.add_dependency 'dradis-plugins', '~> 4.0'
|
|
29
29
|
spec.add_dependency 'nokogiri'
|
|
30
30
|
|
|
31
31
|
spec.add_development_dependency 'bundler', '~> 1.6'
|
data/lib/nessus/report_item.rb
CHANGED
|
@@ -19,15 +19,17 @@ module Nessus
|
|
|
19
19
|
def supported_tags
|
|
20
20
|
[
|
|
21
21
|
# attributes
|
|
22
|
-
:
|
|
22
|
+
:plugin_family, :plugin_id, :plugin_name, :port, :protocol, :svc_name, :severity,
|
|
23
23
|
# simple tags
|
|
24
|
-
:
|
|
25
|
-
:
|
|
26
|
-
:
|
|
27
|
-
:
|
|
28
|
-
:
|
|
29
|
-
:
|
|
30
|
-
:
|
|
24
|
+
:age_of_vuln, :cvss3_base_score, :cvss3_temporal_score, :cvss3_temporal_vector,
|
|
25
|
+
:cvss3_vector, :cvss_base_score, :cvss3_impact_score, :cvss_temporal_score,
|
|
26
|
+
:cvss_temporal_vector, :cvss_vector, :description, :exploit_available,
|
|
27
|
+
:exploit_code_maturity, :exploit_framework_canvas, :exploit_framework_core,
|
|
28
|
+
:exploitability_ease, :exploit_framework_metasploit,:metasploit_name,
|
|
29
|
+
:patch_publication_date, :plugin_modification_date, :plugin_output,
|
|
30
|
+
:plugin_publication_date, :plugin_version, :product_coverage, :risk_factor,
|
|
31
|
+
:solution, :synopsis, :threat_intensity_last_28, :threat_recency,
|
|
32
|
+
:threat_sources_last_28, :vpr_score, :vuln_publication_date,
|
|
31
33
|
# multiple tags
|
|
32
34
|
:bid_entries, :cve_entries, :see_also_entries, :xref_entries,
|
|
33
35
|
# compliance tags
|
|
@@ -68,6 +70,7 @@ module Nessus
|
|
|
68
70
|
# @svc_name = xml.attributes["svc_name"]
|
|
69
71
|
# @protocol = xml.attributes["protocol"]
|
|
70
72
|
# @severity = xml.attributes["severity"]
|
|
73
|
+
:cvss3_impact_score => 'cvssV3_impactScore',
|
|
71
74
|
:plugin_id => 'pluginID',
|
|
72
75
|
:plugin_name => 'pluginName',
|
|
73
76
|
:plugin_family => 'pluginFamily'
|
|
@@ -1,33 +1,43 @@
|
|
|
1
|
-
report_item.
|
|
2
|
-
report_item.
|
|
3
|
-
report_item.
|
|
4
|
-
report_item.
|
|
5
|
-
report_item.
|
|
6
|
-
report_item.
|
|
7
|
-
report_item.
|
|
1
|
+
report_item.age_of_vuln
|
|
2
|
+
report_item.bid_entries
|
|
3
|
+
report_item.cve_entries
|
|
4
|
+
report_item.cvss3_base_score
|
|
5
|
+
report_item.cvss3_impact_score
|
|
6
|
+
report_item.cvss3_temporal_score
|
|
7
|
+
report_item.cvss3_temporal_vector
|
|
8
|
+
report_item.cvss3_vector
|
|
9
|
+
report_item.cvss_base_score
|
|
10
|
+
report_item.cvss_temporal_score
|
|
11
|
+
report_item.cvss_temporal_vector
|
|
12
|
+
report_item.cvss_vector
|
|
13
|
+
report_item.description
|
|
8
14
|
report_item.exploitability_ease
|
|
9
|
-
report_item.
|
|
15
|
+
report_item.exploit_available
|
|
16
|
+
report_item.exploit_code_maturity
|
|
10
17
|
report_item.exploit_framework_canvas
|
|
11
|
-
report_item.exploit_framework_metasploit
|
|
12
18
|
report_item.exploit_framework_core
|
|
13
|
-
report_item.
|
|
14
|
-
report_item.risk_factor
|
|
15
|
-
report_item.description
|
|
16
|
-
report_item.plugin_publication_date
|
|
19
|
+
report_item.exploit_framework_metasploit
|
|
17
20
|
report_item.metasploit_name
|
|
18
|
-
report_item.cvss_vector
|
|
19
|
-
report_item.cvss3_vector
|
|
20
|
-
report_item.cvss_temporal_vector
|
|
21
|
-
report_item.cvss_temporal_score
|
|
22
|
-
report_item.cvss_base_score
|
|
23
|
-
report_item.cvss3_base_score
|
|
24
|
-
report_item.synopsis
|
|
25
|
-
report_item.exploit_available
|
|
26
21
|
report_item.patch_publication_date
|
|
22
|
+
report_item.plugin_family
|
|
23
|
+
report_item.plugin_id
|
|
27
24
|
report_item.plugin_modification_date
|
|
25
|
+
report_item.plugin_name
|
|
28
26
|
report_item.plugin_output
|
|
27
|
+
report_item.plugin_publication_date
|
|
29
28
|
report_item.plugin_version
|
|
30
|
-
report_item.
|
|
31
|
-
report_item.
|
|
29
|
+
report_item.port
|
|
30
|
+
report_item.product_coverage
|
|
31
|
+
report_item.protocol
|
|
32
|
+
report_item.risk_factor
|
|
32
33
|
report_item.see_also_entries
|
|
33
|
-
report_item.
|
|
34
|
+
report_item.severity
|
|
35
|
+
report_item.solution
|
|
36
|
+
report_item.svc_name
|
|
37
|
+
report_item.synopsis
|
|
38
|
+
report_item.threat_intensity_last_28
|
|
39
|
+
report_item.threat_recency
|
|
40
|
+
report_item.threat_sources_last_28
|
|
41
|
+
report_item.vpr_score
|
|
42
|
+
report_item.vuln_publication_date
|
|
43
|
+
report_item.xref_entries
|
|
@@ -7,6 +7,7 @@
|
|
|
7
7
|
pluginName="Apache Chunked Encoding Remote Overflow"
|
|
8
8
|
pluginFamily="Web Servers">
|
|
9
9
|
|
|
10
|
+
<age_of_vuln>730 days +</age_of_vuln>
|
|
10
11
|
<exploitability_ease>Exploits are available</exploitability_ease>
|
|
11
12
|
<vuln_publication_date>2002/06/19</vuln_publication_date>
|
|
12
13
|
<exploit_framework_canvas>true</exploit_framework_canvas>
|
|
@@ -24,15 +25,24 @@ If safe checks are enabled, this may be a false positive since it is based on th
|
|
|
24
25
|
<plugin_publication_date>2002/06/17</plugin_publication_date>
|
|
25
26
|
<metasploit_name>Apache Win32 Chunked Encoding</metasploit_name>
|
|
26
27
|
<cvss3_base_score>3.7</cvss3_base_score>
|
|
28
|
+
<cvss3_temporal_score>6.8</cvss3_temporal_score>
|
|
29
|
+
<cvss3_temporal_vector>CVSS:3.0/E:U/RL:O/RC:C</cvss3_temporal_vector>
|
|
27
30
|
<cvss3_vector>CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N</cvss3_vector>
|
|
31
|
+
<cvssV3_impactScore>5.9</cvssV3_impactScore>
|
|
28
32
|
<cvss_vector>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P</cvss_vector>
|
|
29
33
|
<synopsis>The remote web server is vulnerable to a remote code execution attack.</synopsis>
|
|
34
|
+
<threat_intensity_last_28>Very Low</threat_intensity_last_28>
|
|
35
|
+
<threat_recency>> 365 days</threat_recency>
|
|
36
|
+
<threat_sources_last_28>No recorded events</threat_sources_last_28>
|
|
30
37
|
<plugin_type>remote</plugin_type>
|
|
31
38
|
<see_also>http://httpd.apache.org/info/security_bulletin_20020617.txt</see_also>
|
|
32
39
|
<see_also>http://httpd.apache.org/info/security_bulletin_20020620.txt</see_also>
|
|
33
40
|
<exploit_available>true</exploit_available>
|
|
41
|
+
<exploit_code_maturity>Unproven</exploit_code_maturity>
|
|
34
42
|
<plugin_modification_date>2011/03/08</plugin_modification_date>
|
|
35
43
|
<cvss_base_score>7.5</cvss_base_score>
|
|
44
|
+
<vpr_score>6.7</vpr_score>
|
|
45
|
+
<product_coverage>Low</product_coverage>
|
|
36
46
|
<canvas_package>CANVAS</canvas_package>
|
|
37
47
|
<cve>CVE-2002-0392</cve>
|
|
38
48
|
<bid>5033</bid>
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dradis-nessus
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 4.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel Martin
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-02-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dradis-plugins
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '
|
|
19
|
+
version: '4.0'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '
|
|
26
|
+
version: '4.0'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: nokogiri
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -107,6 +107,7 @@ files:
|
|
|
107
107
|
- ".gitignore"
|
|
108
108
|
- ".rspec"
|
|
109
109
|
- CHANGELOG.md
|
|
110
|
+
- CHANGELOG.template
|
|
110
111
|
- CONTRIBUTING.md
|
|
111
112
|
- Gemfile
|
|
112
113
|
- LICENSE
|
|
@@ -143,7 +144,7 @@ homepage: http://dradisframework.org
|
|
|
143
144
|
licenses:
|
|
144
145
|
- GPL-2
|
|
145
146
|
metadata: {}
|
|
146
|
-
post_install_message:
|
|
147
|
+
post_install_message:
|
|
147
148
|
rdoc_options: []
|
|
148
149
|
require_paths:
|
|
149
150
|
- lib
|
|
@@ -158,8 +159,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
158
159
|
- !ruby/object:Gem::Version
|
|
159
160
|
version: '0'
|
|
160
161
|
requirements: []
|
|
161
|
-
rubygems_version: 3.
|
|
162
|
-
signing_key:
|
|
162
|
+
rubygems_version: 3.1.4
|
|
163
|
+
signing_key:
|
|
163
164
|
specification_version: 4
|
|
164
165
|
summary: Nessus upload add-on for the Dradis Framework.
|
|
165
166
|
test_files:
|