dradis-netsparker 3.8.0

data/spec/spec_helper.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+require 'bundler/setup'
+require 'nokogiri'
+
+require 'combustion'
+
+Combustion.initialize!
+
+RSpec.configure do |config|
+end

data/templates/evidence.fields

@@ -0,0 +1,3 @@
+evidence.rawrequest
+evidence.rawresponse
+evidence.url

data/templates/evidence.sample

@@ -0,0 +1,55 @@
+<vulnerability confirmed="False">
+  <url>http://test.testlab.com:3000/</url>
+  <type>MissingXssProtectionHeader</type>
+  <severity>Information</severity>
+  <certainty>100</certainty>
+  ​<description><![CDATA[<p>Netsparker detected a missing <code>X-XSS-Protection</code> header which means that this website could be at risk of a Cross-site Scripting (XSS) attacks.</p>]]></description>
+  <remedy><![CDATA[<div>Add the X-XSS-Protection header with a value of "1; mode= block".<ul><li><pre class="code">X-XSS-Protection: 1; mode=block</pre></li></ul></div>]]></remedy>
+
+  <rawrequest><![CDATA[GET /javascripts/responsive.js HTTP/1.1
+Host: test.testlab.com:3000
+Cache-Control: no-cache
+Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
+Accept-Language: en-us,en;q=0.5
+X-Scanner: Netsparker
+Cookie: _redmine_session=V2tvR3dUZ
+Accept-Encoding: gzip, deflate
+
+]]></rawrequest>
+  <rawresponse><![CDATA[HTTP/1.1 200 OK
+Server: WEBrick/1.3.1 (Ruby/2.3.0/2015-12-25)
+Connection: Keep-Alive
+Content-Length: 2002
+Last-Modified: Sun, 19 Jun 2016 12:47:24 GMT
+Content-Type: application/javascript
+Date: Wed, 08 Feb 2017 20:49:45 GMT
+
+// generic layout specific responsive stuff goes here
+
+function openFlyout() {
+  $('html').addClass('flyout-is-active');
+  $('#wrapper2').on('click', function(e){
+    e.preventDefault();
+    e.stopPropagation();
+    closeFlyout();
+  });
+}
+]]></rawresponse>
+  <extrainformation></extrainformation>
+
+  <proofs></proofs>
+
+
+  <classification>
+    <OWASP2013></OWASP2013>
+    <WASC></WASC>
+    <CWE></CWE>
+    <CAPEC></CAPEC>
+    <PCI31></PCI31>
+    <PCI32></PCI32>
+    <HIPAA>164.308(a)</HIPAA>
+    <OWASPPC>C9</OWASPPC>
+  </classification>
+
+</vulnerability>

data/templates/evidence.template

@@ -0,0 +1,8 @@
+#[URL]#
+%evidence.url%
+
+#[Request]#
+bc.. %evidence.rawrequest%
+
+#[Response]#
+bc.. %evidence.rawresponse%

data/templates/issue.fields

@@ -0,0 +1,14 @@
+issue.certainty
+issue.classification_capec
+issue.classification_cwe
+issue.classification_hipaa
+issue.classification_owasp2013
+issue.classification_owasppc
+issue.classification_pci31
+issue.classification_pci32
+issue.classification_wasc
+issue.description
+issue.remedy
+issue.severity
+issue.title
+issue.type

data/templates/issue.sample

@@ -0,0 +1,55 @@
+<vulnerability confirmed="False">
+  <url>http://test.testlab.com:3000/</url>
+  <type>MissingXssProtectionHeader</type>
+  <severity>Information</severity>
+  <certainty>100</certainty>
+  ​<description><![CDATA[<p>Netsparker detected a missing <code>X-XSS-Protection</code> header which means that this website could be at risk of a Cross-site Scripting (XSS) attacks.</p>]]></description>
+  <remedy><![CDATA[<div>Add the X-XSS-Protection header with a value of "1; mode= block".<ul><li><pre class="code">X-XSS-Protection: 1; mode=block</pre></li></ul></div>]]></remedy>
+
+  <rawrequest><![CDATA[GET /javascripts/responsive.js HTTP/1.1
+Host: test.testlab.com:3000
+Cache-Control: no-cache
+Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
+Accept-Language: en-us,en;q=0.5
+X-Scanner: Netsparker
+Cookie: _redmine_session=V2tvR3dUZ
+Accept-Encoding: gzip, deflate
+
+]]></rawrequest>
+  <rawresponse><![CDATA[HTTP/1.1 200 OK
+Server: WEBrick/1.3.1 (Ruby/2.3.0/2015-12-25)
+Connection: Keep-Alive
+Content-Length: 2002
+Last-Modified: Sun, 19 Jun 2016 12:47:24 GMT
+Content-Type: application/javascript
+Date: Wed, 08 Feb 2017 20:49:45 GMT
+
+// generic layout specific responsive stuff goes here
+
+function openFlyout() {
+  $('html').addClass('flyout-is-active');
+  $('#wrapper2').on('click', function(e){
+    e.preventDefault();
+    e.stopPropagation();
+    closeFlyout();
+  });
+}
+]]></rawresponse>
+  <extrainformation></extrainformation>
+
+  <proofs></proofs>
+
+
+  <classification>
+    <OWASP2013></OWASP2013>
+    <WASC></WASC>
+    <CWE></CWE>
+    <CAPEC></CAPEC>
+    <PCI31></PCI31>
+    <PCI32></PCI32>
+    <HIPAA>164.308(a)</HIPAA>
+    <OWASPPC>C9</OWASPPC>
+  </classification>
+
+</vulnerability>

data/templates/issue.template

@@ -0,0 +1,15 @@
+#[Title]#
+%issue.title%
+
+#[Severity]#
+%issue.severity%
+
+#[Certainty]#
+%issue.certainty%
+
+#[Description]#
+%issue.description%
+
+#[Remedy]#
+%issue.remedy%
+

metadata

@@ -0,0 +1,162 @@
+--- !ruby/object:Gem::Specification
+name: dradis-netsparker
+version: !ruby/object:Gem::Version
+  version: 3.8.0
+platform: ruby
+authors:
+- Daniel Martin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-09-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dradis-plugins
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: combustion
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.2
+description: This add-on allows you to upload and parse output produced from Netsparker
+  Web Vulnerability Scanner into Dradis.
+email:
+- etd@nomejortu.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- CHANGELOG.md
+- CONTRIBUTING.md
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- dradis-netsparker.gemspec
+- lib/dradis-netsparker.rb
+- lib/dradis/plugins/netsparker.rb
+- lib/dradis/plugins/netsparker/engine.rb
+- lib/dradis/plugins/netsparker/field_processor.rb
+- lib/dradis/plugins/netsparker/gem_version.rb
+- lib/dradis/plugins/netsparker/importer.rb
+- lib/dradis/plugins/netsparker/version.rb
+- lib/netsparker/vulnerability.rb
+- lib/tasks/thorfile.rb
+- spec/dradis-netsparker_spec.rb
+- spec/fixtures/files/example-evidence.xml
+- spec/fixtures/files/example.xml
+- spec/fixtures/files/netsparker-localhost-demo.xml
+- spec/spec_helper.rb
+- templates/evidence.fields
+- templates/evidence.sample
+- templates/evidence.template
+- templates/issue.fields
+- templates/issue.sample
+- templates/issue.template
+homepage: http://dradisframework.org
+licenses:
+- GPL-2
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.8
+signing_key: 
+specification_version: 4
+summary: Netsparker add-on for the Dradis Framework.
+test_files:
+- spec/dradis-netsparker_spec.rb
+- spec/fixtures/files/example-evidence.xml
+- spec/fixtures/files/example.xml
+- spec/fixtures/files/netsparker-localhost-demo.xml
+- spec/spec_helper.rb