dradis-nessus 3.22.0 → 4.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/dradis-nessus.gemspec +1 -1
- data/lib/dradis/plugins/nessus/gem_version.rb +2 -2
- data/lib/nessus/report_item.rb +7 -6
- data/templates/report_item.fields +32 -26
- data/templates/report_item.sample +6 -0
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8daa3079a907770f6e96d8ed3a10201c06e38499946c4c41d67a15ecc9570952
|
4
|
+
data.tar.gz: c505dd8204f3965efbe3dd9cc516dda4085f3f5bcaaaa37281085b2884be6472
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bb1d2625988e6c72c86a2eb7d186f5d446713ff8c6cf53ef2a2fe22b294039dc59cf77a481d518b000effff4b8e390fe5d1bf8610c5a82488a33a9f6248bcbe3
|
7
|
+
data.tar.gz: 1ed3d69ab003f39d7093eef2895efe2f845efab8a799068655b676344ae7d074743b4fa376bae361407fb0dadef2528a7f1ec1d86fe205527423eae7c3e5ced7
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,12 @@
|
|
1
|
+
## Dradis Framework 4.0.0 (July, 2021) ##
|
2
|
+
|
3
|
+
* Add age_of_vuln, exploit_code_maturity, threat_intensity_last_28
|
4
|
+
threat_recency, & threat_sources_last_28 as available Issue fields.
|
5
|
+
|
1
6
|
## Dradis Framework 3.22 (April, 2021) ##
|
2
7
|
|
3
8
|
* Add report_item.cvss3_temporal_score & report_item.cvss3_temporal_vector as available fields.
|
9
|
+
* Add report_item.vpr_score as an available field.
|
4
10
|
|
5
11
|
## Dradis Framework 3.21 (February, 2021) ##
|
6
12
|
|
data/dradis-nessus.gemspec
CHANGED
@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
|
|
25
25
|
# versions of Rails (a sure recipe for disaster, I'm sure), which is needed
|
26
26
|
# until we bump Dradis Pro to 4.1.
|
27
27
|
# s.add_dependency 'rails', '~> 4.1.1'
|
28
|
-
spec.add_dependency 'dradis-plugins', '~>
|
28
|
+
spec.add_dependency 'dradis-plugins', '~> 4.0.0'
|
29
29
|
spec.add_dependency 'nokogiri'
|
30
30
|
|
31
31
|
spec.add_development_dependency 'bundler', '~> 1.6'
|
data/lib/nessus/report_item.rb
CHANGED
@@ -21,13 +21,14 @@ module Nessus
|
|
21
21
|
# attributes
|
22
22
|
:plugin_family, :plugin_id, :plugin_name, :port, :protocol, :svc_name, :severity,
|
23
23
|
# simple tags
|
24
|
-
:cvss3_base_score, :cvss3_temporal_score, :cvss3_temporal_vector,
|
25
|
-
:cvss_base_score, :cvss_temporal_score, :cvss_temporal_vector, :cvss_vector,
|
26
|
-
:description, :exploit_available, :
|
27
|
-
:exploitability_ease, :exploit_framework_metasploit,
|
24
|
+
:age_of_vuln, :cvss3_base_score, :cvss3_temporal_score, :cvss3_temporal_vector,
|
25
|
+
:cvss3_vector, :cvss_base_score, :cvss_temporal_score, :cvss_temporal_vector, :cvss_vector,
|
26
|
+
:description, :exploit_available, :exploit_code_maturity, :exploit_framework_canvas,
|
27
|
+
:exploit_framework_core, :exploitability_ease, :exploit_framework_metasploit,
|
28
28
|
:metasploit_name, :patch_publication_date, :plugin_modification_date, :plugin_output,
|
29
|
-
:plugin_publication_date, :plugin_version, :risk_factor,
|
30
|
-
:
|
29
|
+
:plugin_publication_date, :plugin_version, :risk_factor, :solution, :synopsis,
|
30
|
+
:threat_intensity_last_28, :threat_recency, :threat_sources_last_28, :vpr_score,
|
31
|
+
:vuln_publication_date,
|
31
32
|
# multiple tags
|
32
33
|
:bid_entries, :cve_entries, :see_also_entries, :xref_entries,
|
33
34
|
# compliance tags
|
@@ -1,35 +1,41 @@
|
|
1
|
-
report_item.
|
2
|
-
report_item.
|
3
|
-
report_item.
|
4
|
-
report_item.
|
5
|
-
report_item.
|
6
|
-
report_item.
|
7
|
-
report_item.
|
1
|
+
report_item.age_of_vuln
|
2
|
+
report_item.bid_entries
|
3
|
+
report_item.cve_entries
|
4
|
+
report_item.cvss3_base_score
|
5
|
+
report_item.cvss3_temporal_score
|
6
|
+
report_item.cvss3_temporal_vector
|
7
|
+
report_item.cvss3_vector
|
8
|
+
report_item.cvss_base_score
|
9
|
+
report_item.cvss_temporal_score
|
10
|
+
report_item.cvss_temporal_vector
|
11
|
+
report_item.cvss_vector
|
12
|
+
report_item.description
|
8
13
|
report_item.exploitability_ease
|
9
|
-
report_item.
|
14
|
+
report_item.exploit_available
|
15
|
+
report_item.exploit_code_maturity
|
10
16
|
report_item.exploit_framework_canvas
|
11
|
-
report_item.exploit_framework_metasploit
|
12
17
|
report_item.exploit_framework_core
|
13
|
-
report_item.
|
14
|
-
report_item.risk_factor
|
15
|
-
report_item.description
|
16
|
-
report_item.plugin_publication_date
|
18
|
+
report_item.exploit_framework_metasploit
|
17
19
|
report_item.metasploit_name
|
18
|
-
report_item.cvss_vector
|
19
|
-
report_item.cvss3_vector
|
20
|
-
report_item.cvss_temporal_vector
|
21
|
-
report_item.cvss3_temporal_vector
|
22
|
-
report_item.cvss_temporal_score
|
23
|
-
report_item.cvss3_temporal_score
|
24
|
-
report_item.cvss_base_score
|
25
|
-
report_item.cvss3_base_score
|
26
|
-
report_item.synopsis
|
27
|
-
report_item.exploit_available
|
28
20
|
report_item.patch_publication_date
|
21
|
+
report_item.plugin_family
|
22
|
+
report_item.plugin_id
|
29
23
|
report_item.plugin_modification_date
|
24
|
+
report_item.plugin_name
|
30
25
|
report_item.plugin_output
|
26
|
+
report_item.plugin_publication_date
|
31
27
|
report_item.plugin_version
|
32
|
-
report_item.
|
33
|
-
report_item.
|
28
|
+
report_item.port
|
29
|
+
report_item.protocol
|
30
|
+
report_item.risk_factor
|
34
31
|
report_item.see_also_entries
|
35
|
-
report_item.
|
32
|
+
report_item.severity
|
33
|
+
report_item.solution
|
34
|
+
report_item.svc_name
|
35
|
+
report_item.synopsis
|
36
|
+
report_item.threat_intensity_last_28
|
37
|
+
report_item.threat_recency
|
38
|
+
report_item.threat_sources_last_28
|
39
|
+
report_item.vpr_score
|
40
|
+
report_item.vuln_publication_date
|
41
|
+
report_item.xref_entries
|
@@ -7,6 +7,7 @@
|
|
7
7
|
pluginName="Apache Chunked Encoding Remote Overflow"
|
8
8
|
pluginFamily="Web Servers">
|
9
9
|
|
10
|
+
<age_of_vuln>730 days +</age_of_vuln>
|
10
11
|
<exploitability_ease>Exploits are available</exploitability_ease>
|
11
12
|
<vuln_publication_date>2002/06/19</vuln_publication_date>
|
12
13
|
<exploit_framework_canvas>true</exploit_framework_canvas>
|
@@ -29,12 +30,17 @@ If safe checks are enabled, this may be a false positive since it is based on th
|
|
29
30
|
<cvss3_vector>CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N</cvss3_vector>
|
30
31
|
<cvss_vector>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P</cvss_vector>
|
31
32
|
<synopsis>The remote web server is vulnerable to a remote code execution attack.</synopsis>
|
33
|
+
<threat_intensity_last_28>Very Low</threat_intensity_last_28>
|
34
|
+
<threat_recency>> 365 days</threat_recency>
|
35
|
+
<threat_sources_last_28>No recorded events</threat_sources_last_28>
|
32
36
|
<plugin_type>remote</plugin_type>
|
33
37
|
<see_also>http://httpd.apache.org/info/security_bulletin_20020617.txt</see_also>
|
34
38
|
<see_also>http://httpd.apache.org/info/security_bulletin_20020620.txt</see_also>
|
35
39
|
<exploit_available>true</exploit_available>
|
40
|
+
<exploit_code_maturity>Unproven</exploit_code_maturity>
|
36
41
|
<plugin_modification_date>2011/03/08</plugin_modification_date>
|
37
42
|
<cvss_base_score>7.5</cvss_base_score>
|
43
|
+
<vpr_score>6.7</vpr_score>
|
38
44
|
<canvas_package>CANVAS</canvas_package>
|
39
45
|
<cve>CVE-2002-0392</cve>
|
40
46
|
<bid>5033</bid>
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dradis-nessus
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 4.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Daniel Martin
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-08-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dradis-plugins
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
19
|
+
version: 4.0.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version:
|
26
|
+
version: 4.0.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: nokogiri
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -158,7 +158,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
158
158
|
- !ruby/object:Gem::Version
|
159
159
|
version: '0'
|
160
160
|
requirements: []
|
161
|
-
rubygems_version: 3.1.
|
161
|
+
rubygems_version: 3.1.4
|
162
162
|
signing_key:
|
163
163
|
specification_version: 4
|
164
164
|
summary: Nessus upload add-on for the Dradis Framework.
|