dradis-nessus 3.22.0 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ca05cc1e6b8552ce82dcc4165a30d7b2132a354a77d3cafe99a2badfdfa925a8
-  data.tar.gz: 8974a0991b48dc28a66c1b933a46fe433fdcc4083f9ea8b98afa5cf4bbe16043
+  metadata.gz: 8daa3079a907770f6e96d8ed3a10201c06e38499946c4c41d67a15ecc9570952
+  data.tar.gz: c505dd8204f3965efbe3dd9cc516dda4085f3f5bcaaaa37281085b2884be6472
 SHA512:
-  metadata.gz: 4d53a36906127b9be8631daeea80a17c2701a576ba843fd2913401ca0e03ccc013742ab5c7803c772e3e153d221f3bcaa5114bd78c49289aa83ac0e1ac527036
-  data.tar.gz: 2b03091a16ed3f7bcc9759b838c551d4e7c4f89c09d60e298d587471f64b200ff183cd9b63f91ef98545034726821b5ef00cc89412014c7fe51958a7868b54cd
+  metadata.gz: bb1d2625988e6c72c86a2eb7d186f5d446713ff8c6cf53ef2a2fe22b294039dc59cf77a481d518b000effff4b8e390fe5d1bf8610c5a82488a33a9f6248bcbe3
+  data.tar.gz: 1ed3d69ab003f39d7093eef2895efe2f845efab8a799068655b676344ae7d074743b4fa376bae361407fb0dadef2528a7f1ec1d86fe205527423eae7c3e5ced7

data/CHANGELOG.md

@@ -1,6 +1,12 @@
+## Dradis Framework 4.0.0 (July, 2021) ##
+
+*   Add age_of_vuln, exploit_code_maturity, threat_intensity_last_28
+    threat_recency, & threat_sources_last_28 as available Issue fields.
+
 ## Dradis Framework 3.22 (April, 2021) ##
 
 *   Add report_item.cvss3_temporal_score & report_item.cvss3_temporal_vector as available fields.
+*   Add report_item.vpr_score as an available field.
 
 ## Dradis Framework 3.21 (February, 2021) ##
 

data/dradis-nessus.gemspec

@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
   # versions of Rails (a sure recipe for disaster, I'm sure), which is needed
   # until we bump Dradis Pro to 4.1.
   # s.add_dependency 'rails', '~> 4.1.1'
-  spec.add_dependency 'dradis-plugins', '~> 3.6'
+  spec.add_dependency 'dradis-plugins', '~> 4.0.0'
   spec.add_dependency 'nokogiri'
 
   spec.add_development_dependency 'bundler', '~> 1.6'

data/lib/dradis/plugins/nessus/gem_version.rb

@@ -7,8 +7,8 @@ module Dradis
       end
 
       module VERSION
-        MAJOR = 3
-        MINOR = 22
+        MAJOR = 4
+        MINOR = 0
         TINY = 0
         PRE = nil
 

data/lib/nessus/report_item.rb

@@ -21,13 +21,14 @@ module Nessus
         # attributes
         :plugin_family, :plugin_id, :plugin_name, :port, :protocol, :svc_name, :severity, 
         # simple tags
-        :cvss3_base_score, :cvss3_temporal_score, :cvss3_temporal_vector, :cvss3_vector,
-        :cvss_base_score, :cvss_temporal_score, :cvss_temporal_vector, :cvss_vector,
-        :description, :exploit_available, :exploit_framework_canvas, :exploit_framework_core,
-        :exploitability_ease, :exploit_framework_metasploit,
+        :age_of_vuln, :cvss3_base_score, :cvss3_temporal_score, :cvss3_temporal_vector, 
+        :cvss3_vector, :cvss_base_score, :cvss_temporal_score, :cvss_temporal_vector, :cvss_vector,
+        :description, :exploit_available, :exploit_code_maturity, :exploit_framework_canvas, 
+        :exploit_framework_core, :exploitability_ease, :exploit_framework_metasploit,
         :metasploit_name, :patch_publication_date, :plugin_modification_date, :plugin_output,
-        :plugin_publication_date, :plugin_version, :risk_factor,
-        :solution, :synopsis, :vuln_publication_date,
+        :plugin_publication_date, :plugin_version, :risk_factor, :solution, :synopsis, 
+        :threat_intensity_last_28, :threat_recency, :threat_sources_last_28, :vpr_score, 
+        :vuln_publication_date,
         # multiple tags
         :bid_entries, :cve_entries, :see_also_entries, :xref_entries,
         # compliance tags

data/templates/report_item.fields

@@ -1,35 +1,41 @@
-report_item.port
-report_item.svc_name
-report_item.protocol
-report_item.severity
-report_item.plugin_id
-report_item.plugin_name
-report_item.plugin_family
+report_item.age_of_vuln
+report_item.bid_entries
+report_item.cve_entries
+report_item.cvss3_base_score
+report_item.cvss3_temporal_score
+report_item.cvss3_temporal_vector
+report_item.cvss3_vector
+report_item.cvss_base_score
+report_item.cvss_temporal_score
+report_item.cvss_temporal_vector
+report_item.cvss_vector
+report_item.description
 report_item.exploitability_ease
-report_item.vuln_publication_date
+report_item.exploit_available
+report_item.exploit_code_maturity
 report_item.exploit_framework_canvas
-report_item.exploit_framework_metasploit
 report_item.exploit_framework_core
-report_item.solution
-report_item.risk_factor
-report_item.description
-report_item.plugin_publication_date
+report_item.exploit_framework_metasploit
 report_item.metasploit_name
-report_item.cvss_vector
-report_item.cvss3_vector
-report_item.cvss_temporal_vector
-report_item.cvss3_temporal_vector
-report_item.cvss_temporal_score
-report_item.cvss3_temporal_score
-report_item.cvss_base_score
-report_item.cvss3_base_score
-report_item.synopsis
-report_item.exploit_available
 report_item.patch_publication_date
+report_item.plugin_family
+report_item.plugin_id
 report_item.plugin_modification_date
+report_item.plugin_name
 report_item.plugin_output
+report_item.plugin_publication_date
 report_item.plugin_version
-report_item.bid_entries
-report_item.cve_entries
+report_item.port
+report_item.protocol
+report_item.risk_factor
 report_item.see_also_entries
-report_item.xref_entries
+report_item.severity
+report_item.solution
+report_item.svc_name
+report_item.synopsis
+report_item.threat_intensity_last_28
+report_item.threat_recency
+report_item.threat_sources_last_28
+report_item.vpr_score
+report_item.vuln_publication_date
+report_item.xref_entries

data/templates/report_item.sample

@@ -7,6 +7,7 @@
   pluginName="Apache Chunked Encoding Remote Overflow"
   pluginFamily="Web Servers">
 
+  <age_of_vuln>730 days +</age_of_vuln>
   <exploitability_ease>Exploits are available</exploitability_ease>
   <vuln_publication_date>2002/06/19</vuln_publication_date>
   <exploit_framework_canvas>true</exploit_framework_canvas>
@@ -29,12 +30,17 @@ If safe checks are enabled, this may be a false positive since it is based on th
   <cvss3_vector>CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N</cvss3_vector>
   <cvss_vector>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P</cvss_vector>
   <synopsis>The remote web server is vulnerable to a remote code execution attack.</synopsis>
+  <threat_intensity_last_28>Very Low</threat_intensity_last_28>
+  <threat_recency>&gt; 365 days</threat_recency>
+  <threat_sources_last_28>No recorded events</threat_sources_last_28>
   <plugin_type>remote</plugin_type>
   <see_also>http://httpd.apache.org/info/security_bulletin_20020617.txt</see_also>
   <see_also>http://httpd.apache.org/info/security_bulletin_20020620.txt</see_also>
   <exploit_available>true</exploit_available>
+  <exploit_code_maturity>Unproven</exploit_code_maturity>
   <plugin_modification_date>2011/03/08</plugin_modification_date>
   <cvss_base_score>7.5</cvss_base_score>
+  <vpr_score>6.7</vpr_score>
   <canvas_package>CANVAS</canvas_package>
   <cve>CVE-2002-0392</cve>
   <bid>5033</bid>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-nessus
 version: !ruby/object:Gem::Version
-  version: 3.22.0
+  version: 4.0.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-02 00:00:00.000000000 Z
+date: 2021-08-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: 4.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
@@ -158,7 +158,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Nessus upload add-on for the Dradis Framework.