dradis-nessus 4.10.0 → 4.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/pull_request_template.md +12 -3
- data/CHANGELOG.md +7 -0
- data/README.md +3 -4
- data/lib/dradis/plugins/nessus/gem_version.rb +1 -1
- data/lib/dradis/plugins/nessus/importer.rb +3 -3
- data/lib/dradis/plugins/nessus/mapping.rb +102 -0
- data/lib/dradis/plugins/nessus.rb +1 -0
- metadata +8 -13
- data/templates/evidence.fields +0 -17
- data/templates/evidence.template +0 -5
- data/templates/report_host.fields +0 -8
- data/templates/report_host.template +0 -14
- data/templates/report_item.fields +0 -44
- data/templates/report_item.template +0 -20
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 89e36338a9a7b2d0791868394749b7ceda41c746374e18ca3262208b8901f801
|
|
4
|
+
data.tar.gz: '085692aa88ed591b56b6e7b4f47959db2aa3a81a4157da9b42ca27dd50115098'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6f11c491e50351cac07dc65fbfa06a96b20e73b4e1075dbccc1ef88356943a1d52847deac6a27c6e05bb50447d9f93d3d1e1ad886a0c90bdaca08a86d34b8acd
|
|
7
|
+
data.tar.gz: 161919167d9263c1c0782ea1317947e3a3f1f1d1a3748dcf9c3690b13a98524f9d7a62dddf9f87eb4c81f35125347b4a309810fcd35cd5429e4f77fefc68616a
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
Please review [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md) and remove this line.
|
|
2
|
+
|
|
1
3
|
### Summary
|
|
2
4
|
|
|
3
5
|
Provide a general description of the code changes in your pull
|
|
@@ -6,6 +8,11 @@ these bugs have open GitHub issues, be sure to tag them here as well,
|
|
|
6
8
|
to keep the conversation linked together.
|
|
7
9
|
|
|
8
10
|
|
|
11
|
+
### Testing Steps
|
|
12
|
+
|
|
13
|
+
Provide steps to test functionality, described in detail for someone not familiar with this part of the application / code base
|
|
14
|
+
|
|
15
|
+
|
|
9
16
|
### Other Information
|
|
10
17
|
|
|
11
18
|
If there's anything else that's important and relevant to your pull
|
|
@@ -26,11 +33,13 @@ products, we must have the copyright associated with the entire
|
|
|
26
33
|
codebase. Any code you create which is merged must be owned by us.
|
|
27
34
|
That's not us trying to be a jerks, that's just the way it works.
|
|
28
35
|
|
|
29
|
-
Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
|
|
30
|
-
file for the details.
|
|
31
|
-
|
|
32
36
|
You can delete this section, but the following sentence needs to
|
|
33
37
|
remain in the PR's description:
|
|
34
38
|
|
|
35
39
|
> I assign all rights, including copyright, to any future Dradis
|
|
36
40
|
> work by myself to Security Roots.
|
|
41
|
+
|
|
42
|
+
### Check List
|
|
43
|
+
|
|
44
|
+
- [ ] Added a CHANGELOG entry
|
|
45
|
+
- [ ] Added specs
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -8,17 +8,16 @@ The parser only supports version 2 of nessus xml format. Other formats (nbe, nsr
|
|
|
8
8
|
|
|
9
9
|
Also, the xml parser only extracts the results of a scan. It is not able to parse the scan policy itself which is also part of the xml file.
|
|
10
10
|
|
|
11
|
-
The add-on requires Dradis 3.0 or
|
|
12
|
-
|
|
11
|
+
The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
|
|
13
12
|
|
|
14
13
|
## More information
|
|
15
14
|
|
|
16
|
-
See the Dradis Framework's [README.md](https://github.com/dradis/
|
|
15
|
+
See the Dradis Framework's [README.md](https://github.com/dradis/dradis-ce/blob/develop/README.md)
|
|
17
16
|
|
|
18
17
|
|
|
19
18
|
## Contributing
|
|
20
19
|
|
|
21
|
-
See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/
|
|
20
|
+
See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md)
|
|
22
21
|
|
|
23
22
|
|
|
24
23
|
## License
|
|
@@ -79,7 +79,7 @@ module Dradis::Plugins::Nessus
|
|
|
79
79
|
logger.info{ "\tHost: #{host_label}" }
|
|
80
80
|
|
|
81
81
|
# 2. Add host info note and host properties
|
|
82
|
-
host_note_text =
|
|
82
|
+
host_note_text = mapping_service.apply_mapping(source: 'report_host', data: xml_host)
|
|
83
83
|
content_service.create_note(text: host_note_text, node: host_node)
|
|
84
84
|
|
|
85
85
|
if host_node.respond_to?(:properties)
|
|
@@ -123,7 +123,7 @@ module Dradis::Plugins::Nessus
|
|
|
123
123
|
plugin_id = xml_report_item.attributes['pluginID'].value
|
|
124
124
|
logger.info{ "\t\t => Creating new issue (plugin_id: #{plugin_id})" }
|
|
125
125
|
|
|
126
|
-
issue_text =
|
|
126
|
+
issue_text = mapping_service.apply_mapping(source: 'report_item', data: xml_report_item)
|
|
127
127
|
|
|
128
128
|
issue = content_service.create_issue(text: issue_text, id: plugin_id)
|
|
129
129
|
|
|
@@ -133,7 +133,7 @@ module Dradis::Plugins::Nessus
|
|
|
133
133
|
port_info += xml_report_item.attributes['port'].value
|
|
134
134
|
|
|
135
135
|
logger.info{ "\t\t\t => Adding reference to this host" }
|
|
136
|
-
evidence_content =
|
|
136
|
+
evidence_content = mapping_service.apply_mapping(source: 'evidence', data: xml_report_item)
|
|
137
137
|
|
|
138
138
|
content_service.create_evidence(issue: issue, node: host_node, content: evidence_content)
|
|
139
139
|
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
module Dradis::Plugins::Nessus
|
|
2
|
+
module Mapping
|
|
3
|
+
DEFAULT_MAPPING = {
|
|
4
|
+
evidence: {
|
|
5
|
+
'Location' => '{{ nessus[evidence.protocol] }}/{{ nessus[evidence.port] }}',
|
|
6
|
+
'Output' => 'bc.. {{ nessus[evidence.plugin_output] }}'
|
|
7
|
+
},
|
|
8
|
+
report_host: {
|
|
9
|
+
'Title' => 'Nessus host summary',
|
|
10
|
+
'Host information' => "Name: {{ nessus[report_host.name] }}\nIP address: {{ nessus[report_host.ip] }}\nFQDN: {{ nessus[report_host.fqdn] }}\nOS: {{ nessus[report_host.operating_system] }}\nMac address: {{ nessus[report_host.mac_address] }}\nNetbios name: {{ nessus[report_host.netbios_name] }}",
|
|
11
|
+
'Scan information' => "Scan started: {{ nessus[report_host.scan_start_time] }}\nScan ended: {{ nessus[report_host.scan_stop_time] }}"
|
|
12
|
+
},
|
|
13
|
+
report_item: {
|
|
14
|
+
'Title' => '{{ nessus[report_item.plugin_name] }}',
|
|
15
|
+
'CVSSv3.BaseScore' => '{{ nessus[report_item.cvss3_base_score] }}',
|
|
16
|
+
'CVSSv3Vector' => '{{ nessus[report_item.cvss3_vector] }}',
|
|
17
|
+
'Type' => 'Internal',
|
|
18
|
+
'Description' => '{{ nessus[report_item.description] }}',
|
|
19
|
+
'Solution' => '{{ nessus[report_item.solution] }}',
|
|
20
|
+
'References' => '{{ nessus[report_item.see_also_entries] }}'
|
|
21
|
+
}
|
|
22
|
+
}.freeze
|
|
23
|
+
|
|
24
|
+
SOURCE_FIELDS = {
|
|
25
|
+
evidence: [
|
|
26
|
+
'compliance.cm_actual_value',
|
|
27
|
+
'compliance.cm_audit_file',
|
|
28
|
+
'compliance.cm_check_id',
|
|
29
|
+
'compliance.cm_check_name',
|
|
30
|
+
'compliance.cm_info',
|
|
31
|
+
'compliance.cm_output',
|
|
32
|
+
'compliance.cm_policy_value',
|
|
33
|
+
'compliance.cm_reference',
|
|
34
|
+
'compliance.cm_result',
|
|
35
|
+
'compliance.cm_see_also',
|
|
36
|
+
'compliance.cm_solution',
|
|
37
|
+
'evidence.plugin_output',
|
|
38
|
+
'evidence.port',
|
|
39
|
+
'evidence.protocol',
|
|
40
|
+
'evidence.svc_name',
|
|
41
|
+
'evidence.severity',
|
|
42
|
+
'report_item.plugin_name'
|
|
43
|
+
],
|
|
44
|
+
report_host: [
|
|
45
|
+
'report_host.name',
|
|
46
|
+
'report_host.ip',
|
|
47
|
+
'report_host.fqdn',
|
|
48
|
+
'report_host.operating_system',
|
|
49
|
+
'report_host.mac_address',
|
|
50
|
+
'report_host.netbios_name',
|
|
51
|
+
'report_host.scan_start_time',
|
|
52
|
+
'report_host.scan_stop_time'
|
|
53
|
+
],
|
|
54
|
+
report_item: [
|
|
55
|
+
'report_item.age_of_vuln',
|
|
56
|
+
'report_item.bid_entries',
|
|
57
|
+
'report_item.cve_entries',
|
|
58
|
+
'report_item.cvss3_base_score',
|
|
59
|
+
'report_item.cvss3_impact_score',
|
|
60
|
+
'report_item.cvss3_temporal_score',
|
|
61
|
+
'report_item.cvss3_temporal_vector',
|
|
62
|
+
'report_item.cvss3_vector',
|
|
63
|
+
'report_item.cvss_base_score',
|
|
64
|
+
'report_item.cvss_temporal_score',
|
|
65
|
+
'report_item.cvss_temporal_vector',
|
|
66
|
+
'report_item.cvss_vector',
|
|
67
|
+
'report_item.description',
|
|
68
|
+
'report_item.exploitability_ease',
|
|
69
|
+
'report_item.exploit_available',
|
|
70
|
+
'report_item.exploit_code_maturity',
|
|
71
|
+
'report_item.exploit_framework_canvas',
|
|
72
|
+
'report_item.exploit_framework_core',
|
|
73
|
+
'report_item.exploit_framework_metasploit',
|
|
74
|
+
'report_item.metasploit_name',
|
|
75
|
+
'report_item.patch_publication_date',
|
|
76
|
+
'report_item.plugin_family',
|
|
77
|
+
'report_item.plugin_id',
|
|
78
|
+
'report_item.plugin_modification_date',
|
|
79
|
+
'report_item.plugin_name',
|
|
80
|
+
'report_item.plugin_output',
|
|
81
|
+
'report_item.plugin_publication_date',
|
|
82
|
+
'report_item.plugin_type',
|
|
83
|
+
'report_item.plugin_version',
|
|
84
|
+
'report_item.port',
|
|
85
|
+
'report_item.product_coverage',
|
|
86
|
+
'report_item.protocol',
|
|
87
|
+
'report_item.risk_factor',
|
|
88
|
+
'report_item.see_also_entries',
|
|
89
|
+
'report_item.severity',
|
|
90
|
+
'report_item.solution',
|
|
91
|
+
'report_item.svc_name',
|
|
92
|
+
'report_item.synopsis',
|
|
93
|
+
'report_item.threat_intensity_last_28',
|
|
94
|
+
'report_item.threat_recency',
|
|
95
|
+
'report_item.threat_sources_last_28',
|
|
96
|
+
'report_item.vpr_score',
|
|
97
|
+
'report_item.vuln_publication_date',
|
|
98
|
+
'report_item.xref_entries'
|
|
99
|
+
]
|
|
100
|
+
}.freeze
|
|
101
|
+
end
|
|
102
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dradis-nessus
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.12.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel Martin
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-05-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dradis-plugins
|
|
@@ -96,7 +96,7 @@ dependencies:
|
|
|
96
96
|
version: 0.5.2
|
|
97
97
|
description: This add-on allows you to upload and parse output produced from Tenable's
|
|
98
98
|
Nessus Scanner into Dradis.
|
|
99
|
-
email:
|
|
99
|
+
email:
|
|
100
100
|
executables: []
|
|
101
101
|
extensions: []
|
|
102
102
|
extra_rdoc_files: []
|
|
@@ -119,6 +119,7 @@ files:
|
|
|
119
119
|
- lib/dradis/plugins/nessus/field_processor.rb
|
|
120
120
|
- lib/dradis/plugins/nessus/gem_version.rb
|
|
121
121
|
- lib/dradis/plugins/nessus/importer.rb
|
|
122
|
+
- lib/dradis/plugins/nessus/mapping.rb
|
|
122
123
|
- lib/dradis/plugins/nessus/version.rb
|
|
123
124
|
- lib/nessus/host.rb
|
|
124
125
|
- lib/nessus/report_item.rb
|
|
@@ -130,20 +131,14 @@ files:
|
|
|
130
131
|
- spec/fixtures/files/report_item-with-list.xml
|
|
131
132
|
- spec/nessus/host_spec.rb
|
|
132
133
|
- spec/spec_helper.rb
|
|
133
|
-
- templates/evidence.fields
|
|
134
134
|
- templates/evidence.sample
|
|
135
|
-
- templates/evidence.template
|
|
136
|
-
- templates/report_host.fields
|
|
137
135
|
- templates/report_host.sample
|
|
138
|
-
- templates/report_host.template
|
|
139
|
-
- templates/report_item.fields
|
|
140
136
|
- templates/report_item.sample
|
|
141
|
-
- templates/report_item.template
|
|
142
137
|
homepage: https://dradis.com/integrations/nessus.html
|
|
143
138
|
licenses:
|
|
144
139
|
- GPL-2
|
|
145
140
|
metadata: {}
|
|
146
|
-
post_install_message:
|
|
141
|
+
post_install_message:
|
|
147
142
|
rdoc_options: []
|
|
148
143
|
require_paths:
|
|
149
144
|
- lib
|
|
@@ -158,8 +153,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
158
153
|
- !ruby/object:Gem::Version
|
|
159
154
|
version: '0'
|
|
160
155
|
requirements: []
|
|
161
|
-
rubygems_version: 3.
|
|
162
|
-
signing_key:
|
|
156
|
+
rubygems_version: 3.5.6
|
|
157
|
+
signing_key:
|
|
163
158
|
specification_version: 4
|
|
164
159
|
summary: Nessus upload add-on for the Dradis Framework.
|
|
165
160
|
test_files:
|
data/templates/evidence.fields
DELETED
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
compliance.cm_actual_value
|
|
2
|
-
compliance.cm_audit_file
|
|
3
|
-
compliance.cm_check_id
|
|
4
|
-
compliance.cm_check_name
|
|
5
|
-
compliance.cm_info
|
|
6
|
-
compliance.cm_output
|
|
7
|
-
compliance.cm_policy_value
|
|
8
|
-
compliance.cm_reference
|
|
9
|
-
compliance.cm_result
|
|
10
|
-
compliance.cm_see_also
|
|
11
|
-
compliance.cm_solution
|
|
12
|
-
evidence.plugin_output
|
|
13
|
-
evidence.port
|
|
14
|
-
evidence.protocol
|
|
15
|
-
evidence.svc_name
|
|
16
|
-
evidence.severity
|
|
17
|
-
report_item.plugin_name
|
data/templates/evidence.template
DELETED
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
#[Title]#
|
|
2
|
-
Nessus host summary
|
|
3
|
-
|
|
4
|
-
#[Host information]#
|
|
5
|
-
Name: %report_host.name%
|
|
6
|
-
IP address: %report_host.ip%
|
|
7
|
-
FQDN: %report_host.fqdn%
|
|
8
|
-
OS: %report_host.operating_system%
|
|
9
|
-
Mac address: %report_host.mac_address%
|
|
10
|
-
Netbios name: %report_host.netbios_name%
|
|
11
|
-
|
|
12
|
-
#[Scan information]#
|
|
13
|
-
Scan started: %report_host.scan_start_time%
|
|
14
|
-
Scan ended: %report_host.scan_stop_time%
|
|
@@ -1,44 +0,0 @@
|
|
|
1
|
-
report_item.age_of_vuln
|
|
2
|
-
report_item.bid_entries
|
|
3
|
-
report_item.cve_entries
|
|
4
|
-
report_item.cvss3_base_score
|
|
5
|
-
report_item.cvss3_impact_score
|
|
6
|
-
report_item.cvss3_temporal_score
|
|
7
|
-
report_item.cvss3_temporal_vector
|
|
8
|
-
report_item.cvss3_vector
|
|
9
|
-
report_item.cvss_base_score
|
|
10
|
-
report_item.cvss_temporal_score
|
|
11
|
-
report_item.cvss_temporal_vector
|
|
12
|
-
report_item.cvss_vector
|
|
13
|
-
report_item.description
|
|
14
|
-
report_item.exploitability_ease
|
|
15
|
-
report_item.exploit_available
|
|
16
|
-
report_item.exploit_code_maturity
|
|
17
|
-
report_item.exploit_framework_canvas
|
|
18
|
-
report_item.exploit_framework_core
|
|
19
|
-
report_item.exploit_framework_metasploit
|
|
20
|
-
report_item.metasploit_name
|
|
21
|
-
report_item.patch_publication_date
|
|
22
|
-
report_item.plugin_family
|
|
23
|
-
report_item.plugin_id
|
|
24
|
-
report_item.plugin_modification_date
|
|
25
|
-
report_item.plugin_name
|
|
26
|
-
report_item.plugin_output
|
|
27
|
-
report_item.plugin_publication_date
|
|
28
|
-
report_item.plugin_type
|
|
29
|
-
report_item.plugin_version
|
|
30
|
-
report_item.port
|
|
31
|
-
report_item.product_coverage
|
|
32
|
-
report_item.protocol
|
|
33
|
-
report_item.risk_factor
|
|
34
|
-
report_item.see_also_entries
|
|
35
|
-
report_item.severity
|
|
36
|
-
report_item.solution
|
|
37
|
-
report_item.svc_name
|
|
38
|
-
report_item.synopsis
|
|
39
|
-
report_item.threat_intensity_last_28
|
|
40
|
-
report_item.threat_recency
|
|
41
|
-
report_item.threat_sources_last_28
|
|
42
|
-
report_item.vpr_score
|
|
43
|
-
report_item.vuln_publication_date
|
|
44
|
-
report_item.xref_entries
|
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
#[Title]#
|
|
2
|
-
%report_item.plugin_name%
|
|
3
|
-
|
|
4
|
-
#[CVSSv3.BaseScore]#
|
|
5
|
-
%report_item.cvss3_base_score%
|
|
6
|
-
|
|
7
|
-
#[CVSSv3Vector]#
|
|
8
|
-
%report_item.cvss3_vector%
|
|
9
|
-
|
|
10
|
-
#[Type]#
|
|
11
|
-
Internal
|
|
12
|
-
|
|
13
|
-
#[Description]#
|
|
14
|
-
%report_item.description%
|
|
15
|
-
|
|
16
|
-
#[Solution]#
|
|
17
|
-
%report_item.solution%
|
|
18
|
-
|
|
19
|
-
#[References]#
|
|
20
|
-
%report_item.see_also_entries%
|