dradis-nessus 3.9.0 → 3.10.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/lib/dradis/plugins/nessus/gem_version.rb +2 -2
- data/lib/dradis/plugins/nessus/importer.rb +30 -30
- data/spec/dradis/plugins/nessus/importer_spec.rb +2 -1
- data/templates/evidence.fields +1 -0
- data/templates/evidence.template +3 -6
- data/templates/report_item.template +11 -20
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e724a469ebf71f485df13e013f41cc67d9f329cf
|
|
4
|
+
data.tar.gz: 9c95b111224fc286b48637b91dafae1ce45fd41d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b29d468f669f2067ff8fd75f6aad94a8f591fbcce1cd2bad3fcf418095777e52931efe81a8d58aed5d0ac9dd5696430c459d72d11bdf734ed092ddddf394250d
|
|
7
|
+
data.tar.gz: ef747f21f3d79c178b23c6492c7d951db6877759a7dbde8da588e7d878013dd0cb89eb939a42e4a1ba7d563f0b5d9216121f8b1bf509c3ee1db90cc2d0d88a40
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
## Dradis Framework 3.10 (August, 2018) ##
|
|
2
|
+
|
|
3
|
+
* Make Issue Title available at the Evidence level
|
|
4
|
+
|
|
5
|
+
* Update default configuration to match Welcome templates
|
|
6
|
+
|
|
7
|
+
* Split services data into services and services_extra tables
|
|
8
|
+
|
|
1
9
|
## Dradis Framework 3.9 (January, 2018) ##
|
|
2
10
|
|
|
3
11
|
* Correctly format bullet lists whether separated by
|
|
@@ -41,8 +41,6 @@ module Dradis::Plugins::Nessus
|
|
|
41
41
|
# Internal: Parses the specific "Nessus SYN Scanner" and similar plugin into
|
|
42
42
|
# Dradis node properties.
|
|
43
43
|
#
|
|
44
|
-
# xml_host - The Nokogiri XML node representing the parent host for
|
|
45
|
-
# this issue.
|
|
46
44
|
# host_node - The Dradis Node that represents the host in the project.
|
|
47
45
|
# xml_report_item - The Nokogiri XML node representing the Service Detection
|
|
48
46
|
# <ReportItem> tag.
|
|
@@ -52,20 +50,12 @@ module Dradis::Plugins::Nessus
|
|
|
52
50
|
# Plugins processed using this method:
|
|
53
51
|
# - [11219] Nessus SYN Scanner
|
|
54
52
|
# - [34220] Netstat Portscanner (WMI)
|
|
55
|
-
def process_nessus_syn_scanner(
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
port: port,
|
|
62
|
-
protocol: protocol,
|
|
63
|
-
state: 'open',
|
|
64
|
-
name: xml_report_item['svc_name'],
|
|
65
|
-
x_nessus: xml_report_item.at_xpath('./plugin_output').try(:text)
|
|
66
|
-
})
|
|
67
|
-
|
|
68
|
-
host_node.save
|
|
53
|
+
def process_nessus_syn_scanner(host_node, xml_report_item)
|
|
54
|
+
process_service(
|
|
55
|
+
host_node,
|
|
56
|
+
xml_report_item,
|
|
57
|
+
{ 'syn-scanner' => xml_report_item.at_xpath('./plugin_output').try(:text)}
|
|
58
|
+
)
|
|
69
59
|
end
|
|
70
60
|
|
|
71
61
|
# Internal: Process each /NessusClientData_v2/Report/ReportHost creating a
|
|
@@ -105,9 +95,9 @@ module Dradis::Plugins::Nessus
|
|
|
105
95
|
case xml_report_item.attributes['pluginID'].value
|
|
106
96
|
when '0'
|
|
107
97
|
when '11219', '34220' # Nessus SYN scanner, Netstat Portscanner (WMI)
|
|
108
|
-
process_nessus_syn_scanner(
|
|
98
|
+
process_nessus_syn_scanner(host_node, xml_report_item)
|
|
109
99
|
when '22964' # Service Detection
|
|
110
|
-
process_service_detection(
|
|
100
|
+
process_service_detection(host_node, xml_report_item)
|
|
111
101
|
else
|
|
112
102
|
process_report_item(xml_host, host_node, xml_report_item)
|
|
113
103
|
end
|
|
@@ -150,26 +140,36 @@ module Dradis::Plugins::Nessus
|
|
|
150
140
|
# Internal: Parses the specific "Service Detection" plugin into Dradis node
|
|
151
141
|
# properties.
|
|
152
142
|
#
|
|
153
|
-
# xml_host - The Nokogiri XML node representing the parent host for
|
|
154
|
-
# this issue.
|
|
155
143
|
# host_node - The Dradis Node that represents the host in the project.
|
|
156
144
|
# xml_report_item - The Nokogiri XML node representing the Service Detection
|
|
157
145
|
# <ReportItem> tag.
|
|
158
146
|
#
|
|
159
147
|
# Returns nothing.
|
|
160
148
|
#
|
|
161
|
-
def process_service_detection(
|
|
149
|
+
def process_service_detection(host_node, xml_report_item)
|
|
150
|
+
output = xml_report_item.at_xpath('./plugin_output').try(:text) || xml_report_item.at_xpath('./description').try(:text)
|
|
151
|
+
process_service(
|
|
152
|
+
host_node,
|
|
153
|
+
xml_report_item,
|
|
154
|
+
{ 'service-detection' => output }
|
|
155
|
+
)
|
|
156
|
+
end
|
|
157
|
+
|
|
158
|
+
def process_service(host_node, xml_report_item, service_extra)
|
|
159
|
+
name = xml_report_item['svc_name']
|
|
162
160
|
port = xml_report_item['port'].to_i
|
|
163
161
|
protocol = xml_report_item['protocol']
|
|
164
|
-
logger.info{ "\t\t => Creating new service: #{protocol}/#{port}" }
|
|
165
|
-
|
|
166
|
-
host_node.
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
162
|
+
logger.info { "\t\t => Creating new service: #{protocol}/#{port}" }
|
|
163
|
+
|
|
164
|
+
host_node.set_service(
|
|
165
|
+
service_extra.merge({
|
|
166
|
+
name: name,
|
|
167
|
+
port: port,
|
|
168
|
+
protocol: protocol,
|
|
169
|
+
state: :open,
|
|
170
|
+
source: :nessus
|
|
171
|
+
})
|
|
172
|
+
)
|
|
173
173
|
|
|
174
174
|
host_node.save
|
|
175
175
|
end
|
|
@@ -28,7 +28,8 @@ describe Dradis::Plugins::Nessus::Importer do
|
|
|
28
28
|
# Nodes, Issues, etc
|
|
29
29
|
allow(@content_service).to receive(:create_node) do |args|
|
|
30
30
|
obj = OpenStruct.new(args)
|
|
31
|
-
obj.define_singleton_method(:set_property) {
|
|
31
|
+
obj.define_singleton_method(:set_property) { |*| }
|
|
32
|
+
obj.define_singleton_method(:set_service) { |*| }
|
|
32
33
|
obj
|
|
33
34
|
end
|
|
34
35
|
allow(@content_service).to receive(:create_note) do |args|
|
data/templates/evidence.fields
CHANGED
data/templates/evidence.template
CHANGED
|
@@ -1,29 +1,20 @@
|
|
|
1
1
|
#[Title]#
|
|
2
2
|
%report_item.plugin_name%
|
|
3
3
|
|
|
4
|
+
#[CVSSv3.BaseScore]#
|
|
5
|
+
%report_item.cvss3_base_score%
|
|
6
|
+
|
|
7
|
+
#[CVSSv3Vector]#
|
|
8
|
+
%report_item.cvss3_vector%
|
|
9
|
+
|
|
10
|
+
#[Type]#
|
|
11
|
+
Internal
|
|
12
|
+
|
|
4
13
|
#[Description]#
|
|
5
14
|
%report_item.description%
|
|
6
15
|
|
|
7
16
|
#[Solution]#
|
|
8
17
|
%report_item.solution%
|
|
9
18
|
|
|
10
|
-
#[
|
|
11
|
-
%report_item.
|
|
12
|
-
Canvas Framework: %report_item.exploit_framework_canvas%
|
|
13
|
-
Core Impact: %report_item.exploit_framework_core%
|
|
14
|
-
Metasploit:%report_item.exploit_framework_metasploit%
|
|
15
|
-
|
|
16
|
-
#[Buqtrack Entries]#
|
|
17
|
-
%report_item.bid_entries%
|
|
18
|
-
|
|
19
|
-
#[CVE Entries]#
|
|
20
|
-
%report_item.cve_entries%
|
|
21
|
-
|
|
22
|
-
#[XREF Entries]#
|
|
23
|
-
%report_item.xref_entries%
|
|
24
|
-
|
|
25
|
-
#[See also]#
|
|
26
|
-
%report_item.see_also_entries%
|
|
27
|
-
|
|
28
|
-
#[PluginID]#
|
|
29
|
-
%report_item.plugin_id%
|
|
19
|
+
#[References]#
|
|
20
|
+
%report_item.see_also_entries%
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dradis-nessus
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.10.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel Martin
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-08-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dradis-plugins
|
|
@@ -157,7 +157,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
157
157
|
version: '0'
|
|
158
158
|
requirements: []
|
|
159
159
|
rubyforge_project:
|
|
160
|
-
rubygems_version: 2.
|
|
160
|
+
rubygems_version: 2.6.8
|
|
161
161
|
signing_key:
|
|
162
162
|
specification_version: 4
|
|
163
163
|
summary: Nessus upload add-on for the Dradis Framework.
|