dradis-nessus 4.0.0 → 4.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +45 -58
- data/CHANGELOG.template +12 -0
- data/dradis-nessus.gemspec +1 -1
- data/lib/dradis/plugins/nessus/gem_version.rb +1 -1
- data/lib/nessus/report_item.rb +9 -7
- data/templates/report_item.fields +2 -0
- data/templates/report_item.sample +2 -0
- metadata +5 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f2a9e89cf9a8ef05122253d401914f89b8eaa5b00f0871584e919798a59639d5
|
4
|
+
data.tar.gz: 4cbfac3c01c5a3b613ad7ba94a320bb500037a30a8ba9cdfebe628fb99a36d8b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b40b4974b16cacebd911c716af671178d7b8da821e8af7b43178ac664be17848df7a965a1c4fad8477a2060d38f17faa59b4ae665c4fc00633cfc30e010408f0
|
7
|
+
data.tar.gz: e34ecb83feb08a9b045a34319d4c45fbfd9fbb2e017e1d18dca208742ccf1cc3bee340101117073080e662082745507513e1279dad8d46b90d3eac8a24338b5d
|
data/CHANGELOG.md
CHANGED
@@ -1,78 +1,65 @@
|
|
1
|
-
|
1
|
+
v4.3.0 (April 2022)
|
2
|
+
- No changes
|
2
3
|
|
3
|
-
|
4
|
-
|
4
|
+
v4.2.0 (February 2022)
|
5
|
+
- No changes
|
5
6
|
|
6
|
-
|
7
|
+
v4.1.0 (November 2021)
|
8
|
+
- Add product_coverage & cvss3_impact_score as available Issue fields
|
7
9
|
|
8
|
-
|
9
|
-
|
10
|
+
v4.0.0 (July 2021)
|
11
|
+
- Add age_of_vuln, exploit_code_maturity, threat_intensity_last_28 threat_recency, & threat_sources_last_28 as available Issue fields
|
10
12
|
|
11
|
-
|
13
|
+
v3.22.0 (April 2021)
|
14
|
+
- Add report_item.cvss3_temporal_score & report_item.cvss3_temporal_vector as available fields
|
15
|
+
- Add report_item.vpr_score as an available field
|
12
16
|
|
13
|
-
|
17
|
+
v3.21.0 (February 2021)
|
18
|
+
- No changes
|
14
19
|
|
15
|
-
|
20
|
+
v3.20.0 (December 2020)
|
21
|
+
- No changes
|
16
22
|
|
17
|
-
|
23
|
+
v3.19.0 (September 2020)
|
24
|
+
- No changes
|
18
25
|
|
19
|
-
|
26
|
+
v3.18.0 (July 2020)
|
27
|
+
- No changes
|
20
28
|
|
21
|
-
|
29
|
+
v3.17.0 (May 2020)
|
30
|
+
- No changes
|
22
31
|
|
23
|
-
|
32
|
+
v3.16.0 (February 2020)
|
33
|
+
- No changes
|
24
34
|
|
25
|
-
|
35
|
+
v3.15.0 (November 2019)
|
36
|
+
- Fixed bullet points formatting to handle internal text column widths
|
26
37
|
|
27
|
-
|
38
|
+
v3.14.0 (August 2019)
|
39
|
+
- No changes
|
28
40
|
|
29
|
-
|
41
|
+
v3.13.0 (June 2019)
|
42
|
+
- No changes
|
30
43
|
|
31
|
-
|
44
|
+
v3.12.0 (March 2019)
|
45
|
+
- No changes
|
32
46
|
|
33
|
-
|
47
|
+
v3.11.0 (November 2018)
|
48
|
+
- No changes
|
34
49
|
|
35
|
-
|
50
|
+
v3.10.0 (August 2018)
|
51
|
+
- Make Issue Title available at the Evidence level
|
52
|
+
- Split services data into services and services_extra tables
|
53
|
+
- Update default configuration to match Welcome templates
|
36
54
|
|
37
|
-
|
55
|
+
v3.9.0 (January 2018)
|
56
|
+
- Correctly format bullet lists whether separated by 1 or 2 new lines
|
38
57
|
|
39
|
-
|
58
|
+
v3.8.0 (September 2017)
|
59
|
+
- Added CVSSv3 fields
|
40
60
|
|
41
|
-
|
61
|
+
v3.7.0 (July 2017)
|
62
|
+
- No changes
|
42
63
|
|
43
|
-
|
44
|
-
|
45
|
-
* No changes.
|
46
|
-
|
47
|
-
## Dradis Framework 3.12 (March, 2019) ##
|
48
|
-
|
49
|
-
* No changes.
|
50
|
-
|
51
|
-
## Dradis Framework 3.11 (November, 2018) ##
|
52
|
-
|
53
|
-
* No changes.
|
54
|
-
|
55
|
-
## Dradis Framework 3.10 (August, 2018) ##
|
56
|
-
|
57
|
-
* Make Issue Title available at the Evidence level
|
58
|
-
|
59
|
-
* Update default configuration to match Welcome templates
|
60
|
-
|
61
|
-
* Split services data into services and services_extra tables
|
62
|
-
|
63
|
-
## Dradis Framework 3.9 (January, 2018) ##
|
64
|
-
|
65
|
-
* Correctly format bullet lists whether separated by
|
66
|
-
1 or 2 new lines
|
67
|
-
|
68
|
-
## Dradis Framework 3.8 (September, 2017) ##
|
69
|
-
|
70
|
-
* Added CVSSv3 fields.
|
71
|
-
|
72
|
-
## Dradis Framework 3.7 (July, 2017) ##
|
73
|
-
|
74
|
-
* No changes.
|
75
|
-
|
76
|
-
## Dradis Framework 3.6 (March, 2017) ##
|
77
|
-
|
78
|
-
* No changes.
|
64
|
+
v3.6.0 (March 2017)
|
65
|
+
- No changes
|
data/CHANGELOG.template
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
[v#.#.#] ([month] [YYYY])
|
2
|
+
- [future tense verb] [feature]
|
3
|
+
- Upgraded gems:
|
4
|
+
- [gem]
|
5
|
+
- Bugs fixes:
|
6
|
+
- [future tense verb] [bug fix]
|
7
|
+
- Bug tracker items:
|
8
|
+
- [item]
|
9
|
+
- Security Fixes:
|
10
|
+
- High: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
|
11
|
+
- Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
|
12
|
+
- Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
|
data/dradis-nessus.gemspec
CHANGED
@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
|
|
25
25
|
# versions of Rails (a sure recipe for disaster, I'm sure), which is needed
|
26
26
|
# until we bump Dradis Pro to 4.1.
|
27
27
|
# s.add_dependency 'rails', '~> 4.1.1'
|
28
|
-
spec.add_dependency 'dradis-plugins', '~> 4.0
|
28
|
+
spec.add_dependency 'dradis-plugins', '~> 4.0'
|
29
29
|
spec.add_dependency 'nokogiri'
|
30
30
|
|
31
31
|
spec.add_development_dependency 'bundler', '~> 1.6'
|
data/lib/nessus/report_item.rb
CHANGED
@@ -22,13 +22,14 @@ module Nessus
|
|
22
22
|
:plugin_family, :plugin_id, :plugin_name, :port, :protocol, :svc_name, :severity,
|
23
23
|
# simple tags
|
24
24
|
:age_of_vuln, :cvss3_base_score, :cvss3_temporal_score, :cvss3_temporal_vector,
|
25
|
-
:cvss3_vector, :cvss_base_score, :
|
26
|
-
:
|
27
|
-
:
|
28
|
-
:
|
29
|
-
:
|
30
|
-
:
|
31
|
-
:
|
25
|
+
:cvss3_vector, :cvss_base_score, :cvss3_impact_score, :cvss_temporal_score,
|
26
|
+
:cvss_temporal_vector, :cvss_vector, :description, :exploit_available,
|
27
|
+
:exploit_code_maturity, :exploit_framework_canvas, :exploit_framework_core,
|
28
|
+
:exploitability_ease, :exploit_framework_metasploit,:metasploit_name,
|
29
|
+
:patch_publication_date, :plugin_modification_date, :plugin_output,
|
30
|
+
:plugin_publication_date, :plugin_version, :product_coverage, :risk_factor,
|
31
|
+
:solution, :synopsis, :threat_intensity_last_28, :threat_recency,
|
32
|
+
:threat_sources_last_28, :vpr_score, :vuln_publication_date,
|
32
33
|
# multiple tags
|
33
34
|
:bid_entries, :cve_entries, :see_also_entries, :xref_entries,
|
34
35
|
# compliance tags
|
@@ -69,6 +70,7 @@ module Nessus
|
|
69
70
|
# @svc_name = xml.attributes["svc_name"]
|
70
71
|
# @protocol = xml.attributes["protocol"]
|
71
72
|
# @severity = xml.attributes["severity"]
|
73
|
+
:cvss3_impact_score => 'cvssV3_impactScore',
|
72
74
|
:plugin_id => 'pluginID',
|
73
75
|
:plugin_name => 'pluginName',
|
74
76
|
:plugin_family => 'pluginFamily'
|
@@ -2,6 +2,7 @@ report_item.age_of_vuln
|
|
2
2
|
report_item.bid_entries
|
3
3
|
report_item.cve_entries
|
4
4
|
report_item.cvss3_base_score
|
5
|
+
report_item.cvss3_impact_score
|
5
6
|
report_item.cvss3_temporal_score
|
6
7
|
report_item.cvss3_temporal_vector
|
7
8
|
report_item.cvss3_vector
|
@@ -26,6 +27,7 @@ report_item.plugin_output
|
|
26
27
|
report_item.plugin_publication_date
|
27
28
|
report_item.plugin_version
|
28
29
|
report_item.port
|
30
|
+
report_item.product_coverage
|
29
31
|
report_item.protocol
|
30
32
|
report_item.risk_factor
|
31
33
|
report_item.see_also_entries
|
@@ -28,6 +28,7 @@ If safe checks are enabled, this may be a false positive since it is based on th
|
|
28
28
|
<cvss3_temporal_score>6.8</cvss3_temporal_score>
|
29
29
|
<cvss3_temporal_vector>CVSS:3.0/E:U/RL:O/RC:C</cvss3_temporal_vector>
|
30
30
|
<cvss3_vector>CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N</cvss3_vector>
|
31
|
+
<cvssV3_impactScore>5.9</cvssV3_impactScore>
|
31
32
|
<cvss_vector>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P</cvss_vector>
|
32
33
|
<synopsis>The remote web server is vulnerable to a remote code execution attack.</synopsis>
|
33
34
|
<threat_intensity_last_28>Very Low</threat_intensity_last_28>
|
@@ -41,6 +42,7 @@ If safe checks are enabled, this may be a false positive since it is based on th
|
|
41
42
|
<plugin_modification_date>2011/03/08</plugin_modification_date>
|
42
43
|
<cvss_base_score>7.5</cvss_base_score>
|
43
44
|
<vpr_score>6.7</vpr_score>
|
45
|
+
<product_coverage>Low</product_coverage>
|
44
46
|
<canvas_package>CANVAS</canvas_package>
|
45
47
|
<cve>CVE-2002-0392</cve>
|
46
48
|
<bid>5033</bid>
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dradis-nessus
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Daniel Martin
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-04-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dradis-plugins
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 4.0
|
19
|
+
version: '4.0'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 4.0
|
26
|
+
version: '4.0'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: nokogiri
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -107,6 +107,7 @@ files:
|
|
107
107
|
- ".gitignore"
|
108
108
|
- ".rspec"
|
109
109
|
- CHANGELOG.md
|
110
|
+
- CHANGELOG.template
|
110
111
|
- CONTRIBUTING.md
|
111
112
|
- Gemfile
|
112
113
|
- LICENSE
|