dradis-nessus 3.3.0

data/spec/fixtures/files/host-01.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0" ?>
+<NessusClientData_v2>
+<Report name="RSpec-01">
+  <ReportHost name="10.0.0.1">
+    <HostProperties>
+      <tag name="HOST_END">Tue Aug  9 09:59:24 2011</tag>
+      <tag name="HOST_START">Tue Aug  9 09:50:18 2011</tag>
+    </HostProperties>
+    <ReportItem
+      port="0"
+      svc_name="general"
+      protocol="udp"
+      severity="1"
+      pluginID="10287"
+      pluginName="Traceroute Information"
+      pluginFamily="General">
+    </ReportIem>
+  </ReportHost>
+</Report>
+</NessusClientData_v2>

data/spec/fixtures/files/report_item-with-list.xml

@@ -0,0 +1,45 @@
+<?xml version="1.0"?>
+<ReportItem port="80" svc_name="www" protocol="tcp" severity="2" pluginID="68915" pluginName="Apache 2.2.x &lt; 2.2.25 Multiple Vulnerabilities" pluginFamily="Web Servers">
+  <bid>59826</bid>
+  <bid>61129</bid>
+  <cpe>cpe:/a:apache:http_server</cpe>
+  <cve>CVE-2013-1862</cve>
+  <cve>CVE-2013-1896</cve>
+  <cvss_base_score>5.1</cvss_base_score>
+  <cvss_temporal_score>4.4</cvss_temporal_score>
+  <cvss_temporal_vector>CVSS2#E:ND/RL:OF/RC:C</cvss_temporal_vector>
+  <cvss_vector>CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P</cvss_vector>
+  <description>According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.25. It is, therefore, potentially affected by the following vulnerabilities :
+
+  - A flaw exists in the 'RewriteLog' function where it     fails to sanitize escape sequences from being written     to log files, making it potentially vulnerable to     arbitrary command execution. (CVE-2013-1862)
+
+  - A denial of service vulnerability exists relating to     the 'mod_dav' module as it relates to MERGE requests.
+    (CVE-2013-1896)
+
+Note that Nessus did not actually test for these issues, but instead has relied on the version in the server's banner.</description>
+  <exploit_available>false</exploit_available>
+  <exploitability_ease>No known exploits are available</exploitability_ease>
+  <fname>apache_2_2_25.nasl</fname>
+  <osvdb>93366</osvdb>
+  <osvdb>95498</osvdb>
+  <patch_publication_date>2013/07/10</patch_publication_date>
+  <plugin_modification_date>2015/10/19</plugin_modification_date>
+  <plugin_name>Apache 2.2.x &lt; 2.2.25 Multiple Vulnerabilities</plugin_name>
+  <plugin_publication_date>2013/07/16</plugin_publication_date>
+  <plugin_type>remote</plugin_type>
+  <risk_factor>Medium</risk_factor>
+  <script_version>$Revision: 1.14 $</script_version>
+  <see_also>https://archive.apache.org/dist/httpd/CHANGES_2.2.25
+http://httpd.apache.org/security/vulnerabilities_22.html
+http://www.nessus.org/u?f050c342</see_also>
+  <solution>Upgrade to Apache version 2.2.25 or later. Alternatively, ensure that the affected modules are not in use.</solution>
+  <synopsis>The remote web server may be affected by multiple cross-site scripting vulnerabilities.</synopsis>
+  <vuln_publication_date>2013/05/13</vuln_publication_date>
+  <xref>OSVDB:93366</xref>
+  <xref>OSVDB:95498</xref>
+  <plugin_output>
+  Version source    : Server: Apache/2.2.20
+  Installed version : 2.2.20
+  Fixed version     : 2.2.25
+</plugin_output>
+</ReportItem>

data/spec/nessus/host_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe Nessus::Host do
+  let(:host1_xml) { File.expand_path('../../fixtures/files/host-01.xml', __FILE__) }
+
+  # These are the properties we need to support:
+  # host.name                 The name given at scan time, usually an IP address
+  # host.ip                   The ip address of the host
+  # host.fqdn                 The full qualified domain name of the host
+  # host.operating_system     The OS of the system if detected
+  # host.mac_address          The mac address if the scanned system was on the same subnet
+  # host.netbios_name         The netbios name of the system
+  # host.scan_start_time      The date/time the scan started
+  # host.scan_stop_time       The date/time the scan ended
+  it 'Nessus::Host responds to all the expected fields' do
+    doc = Nokogiri::XML(File.read(host1_xml))
+    host = Nessus::Host.new( doc.xpath('/NessusClientData_v2/Report/ReportHost').first )
+    expect(host.name).to eq('10.0.0.1')
+    expect(host.scan_start_time).to eq('Tue Aug  9 09:50:18 2011')
+  end
+
+  pending 'Nessus::Host should provide access to each of its ReportItems'
+end

data/spec/spec_helper.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+require 'bundler/setup'
+require 'nokogiri'
+
+require 'combustion'
+
+Combustion.initialize!
+
+RSpec.configure do |config|
+end

data/templates/evidence.fields

@@ -0,0 +1,16 @@
+compliance.cm_actual_value
+compliance.cm_audit_file
+compliance.cm_check_id
+compliance.cm_check_name
+compliance.cm_info
+compliance.cm_output
+compliance.cm_policy_value
+compliance.cm_reference
+compliance.cm_result
+compliance.cm_see_also
+compliance.cm_solution
+evidence.plugin_output
+evidence.port
+evidence.protocol
+evidence.svc_name
+evidence.severity

data/templates/evidence.sample

@@ -0,0 +1,53 @@
+<ReportItem
+  xmlns:cm="http://www.nessus.org/cm"
+  port="80"
+  svc_name="www"
+  protocol="tcp"
+  severity="3"
+  pluginID="11030"
+  pluginName="Apache Chunked Encoding Remote Overflow"
+  pluginFamily="Web Servers">
+
+  <exploitability_ease>Exploits are available</exploitability_ease>
+  <vuln_publication_date>2002/06/19</vuln_publication_date>
+  <exploit_framework_canvas>true</exploit_framework_canvas>
+  <exploit_framework_metasploit>true</exploit_framework_metasploit>
+  <cvss_temporal_vector>CVSS2#E:F/RL:OF/RC:C</cvss_temporal_vector>
+  <exploit_framework_core>true</exploit_framework_core>
+  <solution>Upgrade to Apache web server version 1.3.26 or 2.0.39 or newer.</solution>
+  <cvss_temporal_score>6.2</cvss_temporal_score>
+  <risk_factor>High</risk_factor>
+  <description>The remote Apache web server is affected by the Apache web server chunk handling vulnerability.
+
+If safe checks are enabled, this may be a false positive since it is based on the version of Apache. Although unpatched Apache versions
+1.2.2 and above, 1.3 through 1.3.24, and 2.0 through 2.0.36 are affected, the remote server may be running a patched version of Apache.</description>
+
+  <plugin_publication_date>2002/06/17</plugin_publication_date>
+  <metasploit_name>Apache Win32 Chunked Encoding</metasploit_name>
+  <cvss_vector>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P</cvss_vector>
+  <synopsis>The remote web server is vulnerable to a remote code execution attack.</synopsis>
+  <plugin_type>remote</plugin_type>
+  <see_also>http://httpd.apache.org/info/security_bulletin_20020617.txt</see_also>
+  <see_also>http://httpd.apache.org/info/security_bulletin_20020620.txt</see_also>
+  <exploit_available>true</exploit_available>
+  <plugin_modification_date>2011/03/08</plugin_modification_date>
+  <cvss_base_score>7.5</cvss_base_score>
+  <canvas_package>CANVAS</canvas_package>
+  <cve>CVE-2002-0392</cve>
+  <bid>5033</bid>
+  <xref>IAVA:2002-a-0003</xref>
+  <xref>OSVDB:838</xref>
+  <plugin_version>$Revision: 1.45 $</plugin_version>
+  <plugin_output>Fake output (for Plugin Manager testing purposes)</plugin_output>
+
+  <cm:compliance-actual-value>0</cm:compliance-actual-value>
+  <cm:compliance-audit-file>CIS_MS_Windows_8_Level_1_v1.0.0.audit</cm:compliance-audit-file>
+  <cm:compliance-check-id>1aca1416734d72f4352467605412ee96</cm:compliance-check-id>
+  <cm:compliance-check-name>1.1.1.1 Set &apos;Account lockout threshold&apos; to &apos;5 invalid logon attempt(s)&apos;</cm:compliance-check-name>
+  <cm:compliance-info>This policy setting determines the number of failed logon attempts before a lock occurs.</cm:compliance-info>
+  <cm:compliance-policy-value>5</cm:compliance-policy-value>
+  <cm:compliance-reference>PCI|8.5.13,CCE|CCE-21671-3,Level|1S,800-53|AC-1</cm:compliance-reference>
+  <cm:compliance-result>FAILED</cm:compliance-result>
+  <cm:compliance-see-also>https://benchmarks.cisecurity.org/tools2/windows/CIS_Microsoft_Windows_8_Benchmark_v1.0.0.pdf</cm:compliance-see-also>
+  <cm:compliance-solution>Make sure &apos;Account lockout threshold&apos; is set to 5 invalid attempts.</cm:compliance-solution>
+</ReportItem>

data/templates/evidence.template

@@ -0,0 +1,8 @@
+#[Port]#
+%evidence.port%
+
+#[Severity]#
+%evidence.severity%
+
+#[Output]#
+bc.. %evidence.plugin_output%

data/templates/report_host.fields

@@ -0,0 +1,8 @@
+report_host.name
+report_host.ip
+report_host.fqdn
+report_host.operating_system
+report_host.mac_address
+report_host.netbios_name
+report_host.scan_start_time
+report_host.scan_stop_time

data/templates/report_host.sample

@@ -0,0 +1,12 @@
+<ReportHost name="10.0.0.1">
+  <HostProperties>
+    <tag name="host-ip">10.0.0.1</tag>
+    <tag name="host-fqdn">dc1.localdomain</tag>
+    <tag name="operating-system">Windows Server 2008</tag>
+    <tag name="mac-address">00:01:02:03:04:05</tag>
+    <tag name="netbios-name">DC1</tag>
+    <tag name="HOST_END">Tue Aug  9 09:59:24 2011</tag>
+    <tag name="HOST_START">Tue Aug  9 09:50:18 2011</tag>
+  </HostProperties>
+  <ReportItem/>
+</ReportHost>

data/templates/report_host.template

@@ -0,0 +1,14 @@
+#[Title]#
+Nessus host summary
+
+#[Host information]#
+Name: %report_host.name%
+IP address: %report_host.ip%
+FQDN: %report_host.fqdn%
+OS: %report_host.operating_system%
+Mac address: %report_host.mac_address%
+Netbios name: %report_host.netbios_name%
+
+#[Scan information]#
+Scan started: %report_host.scan_start_time%
+Scan ended: %report_host.scan_stop_time%

data/templates/report_item.fields

@@ -0,0 +1,31 @@
+report_item.port
+report_item.svc_name
+report_item.protocol
+report_item.severity
+report_item.plugin_id
+report_item.plugin_name
+report_item.plugin_family
+report_item.exploitability_ease
+report_item.vuln_publication_date
+report_item.exploit_framework_canvas
+report_item.exploit_framework_metasploit
+report_item.exploit_framework_core
+report_item.solution
+report_item.risk_factor
+report_item.description
+report_item.plugin_publication_date
+report_item.metasploit_name
+report_item.cvss_vector
+report_item.cvss_temporal_vector
+report_item.cvss_temporal_score
+report_item.cvss_base_score
+report_item.synopsis
+report_item.exploit_available
+report_item.patch_publication_date
+report_item.plugin_modification_date
+report_item.plugin_output
+report_item.plugin_version
+report_item.bid_entries
+report_item.cve_entries
+report_item.see_also_entries
+report_item.xref_entries

data/templates/report_item.sample

@@ -0,0 +1,41 @@
+<ReportItem
+  port="80"
+  svc_name="www"
+  protocol="tcp"
+  severity="3"
+  pluginID="11030"
+  pluginName="Apache Chunked Encoding Remote Overflow"
+  pluginFamily="Web Servers">
+
+  <exploitability_ease>Exploits are available</exploitability_ease>
+  <vuln_publication_date>2002/06/19</vuln_publication_date>
+  <exploit_framework_canvas>true</exploit_framework_canvas>
+  <exploit_framework_metasploit>true</exploit_framework_metasploit>
+  <cvss_temporal_vector>CVSS2#E:F/RL:OF/RC:C</cvss_temporal_vector>
+  <exploit_framework_core>true</exploit_framework_core>
+  <solution>Upgrade to Apache web server version 1.3.26 or 2.0.39 or newer.</solution>
+  <cvss_temporal_score>6.2</cvss_temporal_score>
+  <risk_factor>High</risk_factor>
+  <description>The remote Apache web server is affected by the Apache web server chunk handling vulnerability.
+
+If safe checks are enabled, this may be a false positive since it is based on the version of Apache. Although unpatched Apache versions
+1.2.2 and above, 1.3 through 1.3.24, and 2.0 through 2.0.36 are affected, the remote server may be running a patched version of Apache.</description>
+
+  <plugin_publication_date>2002/06/17</plugin_publication_date>
+  <metasploit_name>Apache Win32 Chunked Encoding</metasploit_name>
+  <cvss_vector>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P</cvss_vector>
+  <synopsis>The remote web server is vulnerable to a remote code execution attack.</synopsis>
+  <plugin_type>remote</plugin_type>
+  <see_also>http://httpd.apache.org/info/security_bulletin_20020617.txt</see_also>
+  <see_also>http://httpd.apache.org/info/security_bulletin_20020620.txt</see_also>
+  <exploit_available>true</exploit_available>
+  <plugin_modification_date>2011/03/08</plugin_modification_date>
+  <cvss_base_score>7.5</cvss_base_score>
+  <canvas_package>CANVAS</canvas_package>
+  <cve>CVE-2002-0392</cve>
+  <bid>5033</bid>
+  <xref>IAVA:2002-a-0003</xref>
+  <xref>OSVDB:838</xref>
+  <plugin_version>$Revision: 1.45 $</plugin_version>
+  <plugin_output>Fake output (for Plugin Manager testing purposes)</plugin_output>
+</ReportItem>

data/templates/report_item.template

@@ -0,0 +1,29 @@
+#[Title]#
+%report_item.plugin_name%
+
+#[Description]#
+%report_item.description%
+
+#[Solution]#
+%report_item.solution%
+
+#[Exploit information]#
+%report_item.exploitability_ease%
+Canvas Framework: %report_item.exploit_framework_canvas%
+Core Impact: %report_item.exploit_framework_core%
+Metasploit:%report_item.exploit_framework_metasploit%
+
+#[Buqtrack Entries]#
+%report_item.bid_entries%
+
+#[CVE Entries]#
+%report_item.cve_entries%
+
+#[XREF Entries]#
+%report_item.xref_entries%
+
+#[See also]#
+%report_item.see_also_entries%
+
+#[PluginID]#
+%report_item.plugin_id%

metadata

@@ -0,0 +1,170 @@
+--- !ruby/object:Gem::Specification
+name: dradis-nessus
+version: !ruby/object:Gem::Version
+  version: 3.3.0
+platform: ruby
+authors:
+- Daniel Martin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-11-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dradis-plugins
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: combustion
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.2
+description: This add-on allows you to upload and parse output produced from Tenable's
+  Nessus Scanner into Dradis.
+email:
+- etd@nomejortu.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- CONTRIBUTING.md
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- dradis-nessus.gemspec
+- lib/dradis-nessus.rb
+- lib/dradis/plugins/nessus.rb
+- lib/dradis/plugins/nessus/engine.rb
+- lib/dradis/plugins/nessus/field_processor.rb
+- lib/dradis/plugins/nessus/gem_version.rb
+- lib/dradis/plugins/nessus/importer.rb
+- lib/dradis/plugins/nessus/version.rb
+- lib/nessus/host.rb
+- lib/nessus/report_item.rb
+- lib/tasks/thorfile.rb
+- spec/dradis/plugins/nessus/field_processor_spec.rb
+- spec/dradis/plugins/nessus/importer_spec.rb
+- spec/fixtures/files/example_v2.nessus
+- spec/fixtures/files/host-01.xml
+- spec/fixtures/files/report_item-with-list.xml
+- spec/nessus/host_spec.rb
+- spec/spec_helper.rb
+- templates/evidence.fields
+- templates/evidence.sample
+- templates/evidence.template
+- templates/report_host.fields
+- templates/report_host.sample
+- templates/report_host.template
+- templates/report_item.fields
+- templates/report_item.sample
+- templates/report_item.template
+homepage: http://dradisframework.org
+licenses:
+- GPL-2
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.3
+signing_key: 
+specification_version: 4
+summary: Nessus upload add-on for the Dradis Framework.
+test_files:
+- spec/dradis/plugins/nessus/field_processor_spec.rb
+- spec/dradis/plugins/nessus/importer_spec.rb
+- spec/fixtures/files/example_v2.nessus
+- spec/fixtures/files/host-01.xml
+- spec/fixtures/files/report_item-with-list.xml
+- spec/nessus/host_spec.rb
+- spec/spec_helper.rb