dradis-nessus 3.9.0 → 3.10.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f5a26164e4e89109aff04195bdc6218ace8a40d8
-  data.tar.gz: 9d0e464e9a5cf1e000f87daf4b3c53f018809a1f
+  metadata.gz: e724a469ebf71f485df13e013f41cc67d9f329cf
+  data.tar.gz: 9c95b111224fc286b48637b91dafae1ce45fd41d
 SHA512:
-  metadata.gz: 4ac029c3eb7a48a192379823bff9ea740b2b8c9444818f0ad25b9ba9cb30ac69099e444318792232d5dce39608367da5749939a73c6e058cd52fa3712754468c
-  data.tar.gz: 61c584a97e8c982bd37f26f0ea0ba0f14269808991091ecb2eebfcde6c87c15157fba5fb0f3f344e17ccb589b168f524eb810dbb7674383fffe7ae7b176c7ac0
+  metadata.gz: b29d468f669f2067ff8fd75f6aad94a8f591fbcce1cd2bad3fcf418095777e52931efe81a8d58aed5d0ac9dd5696430c459d72d11bdf734ed092ddddf394250d
+  data.tar.gz: ef747f21f3d79c178b23c6492c7d951db6877759a7dbde8da588e7d878013dd0cb89eb939a42e4a1ba7d563f0b5d9216121f8b1bf509c3ee1db90cc2d0d88a40

data/CHANGELOG.md

@@ -1,3 +1,11 @@
+## Dradis Framework 3.10 (August, 2018) ##
+
+*   Make Issue Title available at the Evidence level
+
+*   Update default configuration to match Welcome templates
+
+*   Split services data into services and services_extra tables
+
 ## Dradis Framework 3.9 (January, 2018) ##
 
 *   Correctly format bullet lists whether separated by

data/lib/dradis/plugins/nessus/gem_version.rb

@@ -8,8 +8,8 @@ module Dradis
 
       module VERSION
         MAJOR = 3
-        MINOR = 9
-        TINY = 0
+        MINOR = 10
+        TINY = 1
         PRE = nil
 
         STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")

data/lib/dradis/plugins/nessus/importer.rb

@@ -41,8 +41,6 @@ module Dradis::Plugins::Nessus
     # Internal: Parses the specific "Nessus SYN Scanner" and similar plugin into
     # Dradis node properties.
     #
-    # xml_host        - The Nokogiri XML node representing the parent host for
-    #                   this issue.
     # host_node       - The Dradis Node that represents the host in the project.
     # xml_report_item - The Nokogiri XML node representing the Service Detection
     #                   <ReportItem> tag.
@@ -52,20 +50,12 @@ module Dradis::Plugins::Nessus
     # Plugins processed using this method:
     #   - [11219] Nessus SYN Scanner
     #   - [34220] Netstat Portscanner (WMI)
-    def process_nessus_syn_scanner(xml_host, host_node, xml_report_item)
-      port     = xml_report_item['port'].to_i
-      protocol = xml_report_item['protocol']
-      logger.info{ "\t\t\t => Creating new service: #{protocol}/#{port}" }
-
-      host_node.set_property(:services, {
-        port:     port,
-        protocol: protocol,
-        state:    'open',
-        name:     xml_report_item['svc_name'],
-        x_nessus: xml_report_item.at_xpath('./plugin_output').try(:text)
-      })
-
-      host_node.save
+    def process_nessus_syn_scanner(host_node, xml_report_item)
+      process_service(
+        host_node,
+        xml_report_item,
+        { 'syn-scanner' => xml_report_item.at_xpath('./plugin_output').try(:text)}
+      )
     end
 
     # Internal: Process each /NessusClientData_v2/Report/ReportHost creating a
@@ -105,9 +95,9 @@ module Dradis::Plugins::Nessus
         case xml_report_item.attributes['pluginID'].value
         when '0'
         when '11219', '34220' # Nessus SYN scanner, Netstat Portscanner (WMI)
-          process_nessus_syn_scanner(xml_host, host_node, xml_report_item)
+          process_nessus_syn_scanner(host_node, xml_report_item)
         when '22964' # Service Detection
-          process_service_detection(xml_host, host_node, xml_report_item)
+          process_service_detection(host_node, xml_report_item)
         else
           process_report_item(xml_host, host_node, xml_report_item)
         end
@@ -150,26 +140,36 @@ module Dradis::Plugins::Nessus
     # Internal: Parses the specific "Service Detection" plugin into Dradis node
     # properties.
     #
-    # xml_host        - The Nokogiri XML node representing the parent host for
-    #                   this issue.
     # host_node       - The Dradis Node that represents the host in the project.
     # xml_report_item - The Nokogiri XML node representing the Service Detection
     #                   <ReportItem> tag.
     #
     # Returns nothing.
     #
-    def process_service_detection(xml_host, host_node, xml_report_item)
+    def process_service_detection(host_node, xml_report_item)
+      output = xml_report_item.at_xpath('./plugin_output').try(:text) || xml_report_item.at_xpath('./description').try(:text)
+      process_service(
+        host_node,
+        xml_report_item,
+        { 'service-detection' => output }
+      )
+    end
+
+    def process_service(host_node, xml_report_item, service_extra)
+      name     = xml_report_item['svc_name']
       port     = xml_report_item['port'].to_i
       protocol = xml_report_item['protocol']
-      logger.info{ "\t\t => Creating new service: #{protocol}/#{port}" }
-
-      host_node.set_property(:services, {
-        port:     port,
-        protocol: protocol,
-        state:    'open',
-        name:     xml_report_item['svc_name'],
-        x_nessus: xml_report_item.at_xpath('./description').text
-      })
+      logger.info { "\t\t => Creating new service: #{protocol}/#{port}" }
+
+      host_node.set_service(
+        service_extra.merge({
+          name: name,
+          port: port,
+          protocol: protocol,
+          state: :open,
+          source: :nessus
+        })
+      )
 
       host_node.save
     end

data/spec/dradis/plugins/nessus/importer_spec.rb

@@ -28,7 +28,8 @@ describe Dradis::Plugins::Nessus::Importer do
     # Nodes, Issues, etc
     allow(@content_service).to receive(:create_node) do |args|
       obj = OpenStruct.new(args)
-      obj.define_singleton_method(:set_property) { |_, __| }
+      obj.define_singleton_method(:set_property) { |*| }
+      obj.define_singleton_method(:set_service) { |*| }
       obj
     end
     allow(@content_service).to receive(:create_note) do |args|

data/templates/evidence.fields

@@ -14,3 +14,4 @@ evidence.port
 evidence.protocol
 evidence.svc_name
 evidence.severity
+report_item.plugin_name

data/templates/evidence.template

@@ -1,8 +1,5 @@
-#[Port]#
-%evidence.port%
-
-#[Severity]#
-%evidence.severity%
+#[Location]#
+%evidence.protocol%/%evidence.port%
 
 #[Output]#
-bc.. %evidence.plugin_output%
+bc.. %evidence.plugin_output%

data/templates/report_item.template

@@ -1,29 +1,20 @@
 #[Title]#
 %report_item.plugin_name%
 
+#[CVSSv3.BaseScore]#
+%report_item.cvss3_base_score%
+
+#[CVSSv3Vector]#
+%report_item.cvss3_vector%
+
+#[Type]#
+Internal
+
 #[Description]#
 %report_item.description%
 
 #[Solution]#
 %report_item.solution%
 
-#[Exploit information]#
-%report_item.exploitability_ease%
-Canvas Framework: %report_item.exploit_framework_canvas%
-Core Impact: %report_item.exploit_framework_core%
-Metasploit:%report_item.exploit_framework_metasploit%
-
-#[Buqtrack Entries]#
-%report_item.bid_entries%
-
-#[CVE Entries]#
-%report_item.cve_entries%
-
-#[XREF Entries]#
-%report_item.xref_entries%
-
-#[See also]#
-%report_item.see_also_entries%
-
-#[PluginID]#
-%report_item.plugin_id%
+#[References]#
+%report_item.see_also_entries%

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-nessus
 version: !ruby/object:Gem::Version
-  version: 3.9.0
+  version: 3.10.1
 platform: ruby
 authors:
 - Daniel Martin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-01-08 00:00:00.000000000 Z
+date: 2018-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -157,7 +157,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.6.8
 signing_key: 
 specification_version: 4
 summary: Nessus upload add-on for the Dradis Framework.