dradis-nessus 3.22.0 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/dradis-nessus.gemspec +1 -1
- data/lib/dradis/plugins/nessus/gem_version.rb +2 -2
- data/lib/nessus/report_item.rb +7 -6
- data/templates/report_item.fields +32 -26
- data/templates/report_item.sample +6 -0
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8daa3079a907770f6e96d8ed3a10201c06e38499946c4c41d67a15ecc9570952
|
|
4
|
+
data.tar.gz: c505dd8204f3965efbe3dd9cc516dda4085f3f5bcaaaa37281085b2884be6472
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bb1d2625988e6c72c86a2eb7d186f5d446713ff8c6cf53ef2a2fe22b294039dc59cf77a481d518b000effff4b8e390fe5d1bf8610c5a82488a33a9f6248bcbe3
|
|
7
|
+
data.tar.gz: 1ed3d69ab003f39d7093eef2895efe2f845efab8a799068655b676344ae7d074743b4fa376bae361407fb0dadef2528a7f1ec1d86fe205527423eae7c3e5ced7
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,12 @@
|
|
|
1
|
+
## Dradis Framework 4.0.0 (July, 2021) ##
|
|
2
|
+
|
|
3
|
+
* Add age_of_vuln, exploit_code_maturity, threat_intensity_last_28
|
|
4
|
+
threat_recency, & threat_sources_last_28 as available Issue fields.
|
|
5
|
+
|
|
1
6
|
## Dradis Framework 3.22 (April, 2021) ##
|
|
2
7
|
|
|
3
8
|
* Add report_item.cvss3_temporal_score & report_item.cvss3_temporal_vector as available fields.
|
|
9
|
+
* Add report_item.vpr_score as an available field.
|
|
4
10
|
|
|
5
11
|
## Dradis Framework 3.21 (February, 2021) ##
|
|
6
12
|
|
data/dradis-nessus.gemspec
CHANGED
|
@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
|
|
|
25
25
|
# versions of Rails (a sure recipe for disaster, I'm sure), which is needed
|
|
26
26
|
# until we bump Dradis Pro to 4.1.
|
|
27
27
|
# s.add_dependency 'rails', '~> 4.1.1'
|
|
28
|
-
spec.add_dependency 'dradis-plugins', '~>
|
|
28
|
+
spec.add_dependency 'dradis-plugins', '~> 4.0.0'
|
|
29
29
|
spec.add_dependency 'nokogiri'
|
|
30
30
|
|
|
31
31
|
spec.add_development_dependency 'bundler', '~> 1.6'
|
data/lib/nessus/report_item.rb
CHANGED
|
@@ -21,13 +21,14 @@ module Nessus
|
|
|
21
21
|
# attributes
|
|
22
22
|
:plugin_family, :plugin_id, :plugin_name, :port, :protocol, :svc_name, :severity,
|
|
23
23
|
# simple tags
|
|
24
|
-
:cvss3_base_score, :cvss3_temporal_score, :cvss3_temporal_vector,
|
|
25
|
-
:cvss_base_score, :cvss_temporal_score, :cvss_temporal_vector, :cvss_vector,
|
|
26
|
-
:description, :exploit_available, :
|
|
27
|
-
:exploitability_ease, :exploit_framework_metasploit,
|
|
24
|
+
:age_of_vuln, :cvss3_base_score, :cvss3_temporal_score, :cvss3_temporal_vector,
|
|
25
|
+
:cvss3_vector, :cvss_base_score, :cvss_temporal_score, :cvss_temporal_vector, :cvss_vector,
|
|
26
|
+
:description, :exploit_available, :exploit_code_maturity, :exploit_framework_canvas,
|
|
27
|
+
:exploit_framework_core, :exploitability_ease, :exploit_framework_metasploit,
|
|
28
28
|
:metasploit_name, :patch_publication_date, :plugin_modification_date, :plugin_output,
|
|
29
|
-
:plugin_publication_date, :plugin_version, :risk_factor,
|
|
30
|
-
:
|
|
29
|
+
:plugin_publication_date, :plugin_version, :risk_factor, :solution, :synopsis,
|
|
30
|
+
:threat_intensity_last_28, :threat_recency, :threat_sources_last_28, :vpr_score,
|
|
31
|
+
:vuln_publication_date,
|
|
31
32
|
# multiple tags
|
|
32
33
|
:bid_entries, :cve_entries, :see_also_entries, :xref_entries,
|
|
33
34
|
# compliance tags
|
|
@@ -1,35 +1,41 @@
|
|
|
1
|
-
report_item.
|
|
2
|
-
report_item.
|
|
3
|
-
report_item.
|
|
4
|
-
report_item.
|
|
5
|
-
report_item.
|
|
6
|
-
report_item.
|
|
7
|
-
report_item.
|
|
1
|
+
report_item.age_of_vuln
|
|
2
|
+
report_item.bid_entries
|
|
3
|
+
report_item.cve_entries
|
|
4
|
+
report_item.cvss3_base_score
|
|
5
|
+
report_item.cvss3_temporal_score
|
|
6
|
+
report_item.cvss3_temporal_vector
|
|
7
|
+
report_item.cvss3_vector
|
|
8
|
+
report_item.cvss_base_score
|
|
9
|
+
report_item.cvss_temporal_score
|
|
10
|
+
report_item.cvss_temporal_vector
|
|
11
|
+
report_item.cvss_vector
|
|
12
|
+
report_item.description
|
|
8
13
|
report_item.exploitability_ease
|
|
9
|
-
report_item.
|
|
14
|
+
report_item.exploit_available
|
|
15
|
+
report_item.exploit_code_maturity
|
|
10
16
|
report_item.exploit_framework_canvas
|
|
11
|
-
report_item.exploit_framework_metasploit
|
|
12
17
|
report_item.exploit_framework_core
|
|
13
|
-
report_item.
|
|
14
|
-
report_item.risk_factor
|
|
15
|
-
report_item.description
|
|
16
|
-
report_item.plugin_publication_date
|
|
18
|
+
report_item.exploit_framework_metasploit
|
|
17
19
|
report_item.metasploit_name
|
|
18
|
-
report_item.cvss_vector
|
|
19
|
-
report_item.cvss3_vector
|
|
20
|
-
report_item.cvss_temporal_vector
|
|
21
|
-
report_item.cvss3_temporal_vector
|
|
22
|
-
report_item.cvss_temporal_score
|
|
23
|
-
report_item.cvss3_temporal_score
|
|
24
|
-
report_item.cvss_base_score
|
|
25
|
-
report_item.cvss3_base_score
|
|
26
|
-
report_item.synopsis
|
|
27
|
-
report_item.exploit_available
|
|
28
20
|
report_item.patch_publication_date
|
|
21
|
+
report_item.plugin_family
|
|
22
|
+
report_item.plugin_id
|
|
29
23
|
report_item.plugin_modification_date
|
|
24
|
+
report_item.plugin_name
|
|
30
25
|
report_item.plugin_output
|
|
26
|
+
report_item.plugin_publication_date
|
|
31
27
|
report_item.plugin_version
|
|
32
|
-
report_item.
|
|
33
|
-
report_item.
|
|
28
|
+
report_item.port
|
|
29
|
+
report_item.protocol
|
|
30
|
+
report_item.risk_factor
|
|
34
31
|
report_item.see_also_entries
|
|
35
|
-
report_item.
|
|
32
|
+
report_item.severity
|
|
33
|
+
report_item.solution
|
|
34
|
+
report_item.svc_name
|
|
35
|
+
report_item.synopsis
|
|
36
|
+
report_item.threat_intensity_last_28
|
|
37
|
+
report_item.threat_recency
|
|
38
|
+
report_item.threat_sources_last_28
|
|
39
|
+
report_item.vpr_score
|
|
40
|
+
report_item.vuln_publication_date
|
|
41
|
+
report_item.xref_entries
|
|
@@ -7,6 +7,7 @@
|
|
|
7
7
|
pluginName="Apache Chunked Encoding Remote Overflow"
|
|
8
8
|
pluginFamily="Web Servers">
|
|
9
9
|
|
|
10
|
+
<age_of_vuln>730 days +</age_of_vuln>
|
|
10
11
|
<exploitability_ease>Exploits are available</exploitability_ease>
|
|
11
12
|
<vuln_publication_date>2002/06/19</vuln_publication_date>
|
|
12
13
|
<exploit_framework_canvas>true</exploit_framework_canvas>
|
|
@@ -29,12 +30,17 @@ If safe checks are enabled, this may be a false positive since it is based on th
|
|
|
29
30
|
<cvss3_vector>CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N</cvss3_vector>
|
|
30
31
|
<cvss_vector>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P</cvss_vector>
|
|
31
32
|
<synopsis>The remote web server is vulnerable to a remote code execution attack.</synopsis>
|
|
33
|
+
<threat_intensity_last_28>Very Low</threat_intensity_last_28>
|
|
34
|
+
<threat_recency>> 365 days</threat_recency>
|
|
35
|
+
<threat_sources_last_28>No recorded events</threat_sources_last_28>
|
|
32
36
|
<plugin_type>remote</plugin_type>
|
|
33
37
|
<see_also>http://httpd.apache.org/info/security_bulletin_20020617.txt</see_also>
|
|
34
38
|
<see_also>http://httpd.apache.org/info/security_bulletin_20020620.txt</see_also>
|
|
35
39
|
<exploit_available>true</exploit_available>
|
|
40
|
+
<exploit_code_maturity>Unproven</exploit_code_maturity>
|
|
36
41
|
<plugin_modification_date>2011/03/08</plugin_modification_date>
|
|
37
42
|
<cvss_base_score>7.5</cvss_base_score>
|
|
43
|
+
<vpr_score>6.7</vpr_score>
|
|
38
44
|
<canvas_package>CANVAS</canvas_package>
|
|
39
45
|
<cve>CVE-2002-0392</cve>
|
|
40
46
|
<bid>5033</bid>
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dradis-nessus
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 4.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel Martin
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-08-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dradis-plugins
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: 4.0.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: 4.0.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: nokogiri
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -158,7 +158,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
158
158
|
- !ruby/object:Gem::Version
|
|
159
159
|
version: '0'
|
|
160
160
|
requirements: []
|
|
161
|
-
rubygems_version: 3.1.
|
|
161
|
+
rubygems_version: 3.1.4
|
|
162
162
|
signing_key:
|
|
163
163
|
specification_version: 4
|
|
164
164
|
summary: Nessus upload add-on for the Dradis Framework.
|