dradis-netsparker 3.8.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,10 @@
1
+ require 'rubygems'
2
+ require 'bundler/setup'
3
+ require 'nokogiri'
4
+
5
+ require 'combustion'
6
+
7
+ Combustion.initialize!
8
+
9
+ RSpec.configure do |config|
10
+ end
@@ -0,0 +1,3 @@
1
+ evidence.rawrequest
2
+ evidence.rawresponse
3
+ evidence.url
@@ -0,0 +1,55 @@
1
+ <vulnerability confirmed="False">
2
+ <url>http://test.testlab.com:3000/</url>
3
+ <type>MissingXssProtectionHeader</type>
4
+ <severity>Information</severity>
5
+ <certainty>100</certainty>
6
+ ​<description><![CDATA[<p>Netsparker detected a missing <code>X-XSS-Protection</code> header which means that this website could be at risk of a Cross-site Scripting (XSS) attacks.</p>]]></description>
7
+ <remedy><![CDATA[<div>Add the X-XSS-Protection header with a value of "1; mode= block".<ul><li><pre class="code">X-XSS-Protection: 1; mode=block</pre></li></ul></div>]]></remedy>
8
+
9
+ <rawrequest><![CDATA[GET /javascripts/responsive.js HTTP/1.1
10
+ Host: test.testlab.com:3000
11
+ Cache-Control: no-cache
12
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
13
+ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
14
+ Accept-Language: en-us,en;q=0.5
15
+ X-Scanner: Netsparker
16
+ Cookie: _redmine_session=V2tvR3dUZ
17
+ Accept-Encoding: gzip, deflate
18
+
19
+ ]]></rawrequest>
20
+ <rawresponse><![CDATA[HTTP/1.1 200 OK
21
+ Server: WEBrick/1.3.1 (Ruby/2.3.0/2015-12-25)
22
+ Connection: Keep-Alive
23
+ Content-Length: 2002
24
+ Last-Modified: Sun, 19 Jun 2016 12:47:24 GMT
25
+ Content-Type: application/javascript
26
+ Date: Wed, 08 Feb 2017 20:49:45 GMT
27
+
28
+ // generic layout specific responsive stuff goes here
29
+
30
+ function openFlyout() {
31
+ $('html').addClass('flyout-is-active');
32
+ $('#wrapper2').on('click', function(e){
33
+ e.preventDefault();
34
+ e.stopPropagation();
35
+ closeFlyout();
36
+ });
37
+ }
38
+ ]]></rawresponse>
39
+ <extrainformation></extrainformation>
40
+
41
+ <proofs></proofs>
42
+
43
+
44
+ <classification>
45
+ <OWASP2013></OWASP2013>
46
+ <WASC></WASC>
47
+ <CWE></CWE>
48
+ <CAPEC></CAPEC>
49
+ <PCI31></PCI31>
50
+ <PCI32></PCI32>
51
+ <HIPAA>164.308(a)</HIPAA>
52
+ <OWASPPC>C9</OWASPPC>
53
+ </classification>
54
+
55
+ </vulnerability>
@@ -0,0 +1,8 @@
1
+ #[URL]#
2
+ %evidence.url%
3
+
4
+ #[Request]#
5
+ bc.. %evidence.rawrequest%
6
+
7
+ #[Response]#
8
+ bc.. %evidence.rawresponse%
@@ -0,0 +1,14 @@
1
+ issue.certainty
2
+ issue.classification_capec
3
+ issue.classification_cwe
4
+ issue.classification_hipaa
5
+ issue.classification_owasp2013
6
+ issue.classification_owasppc
7
+ issue.classification_pci31
8
+ issue.classification_pci32
9
+ issue.classification_wasc
10
+ issue.description
11
+ issue.remedy
12
+ issue.severity
13
+ issue.title
14
+ issue.type
@@ -0,0 +1,55 @@
1
+ <vulnerability confirmed="False">
2
+ <url>http://test.testlab.com:3000/</url>
3
+ <type>MissingXssProtectionHeader</type>
4
+ <severity>Information</severity>
5
+ <certainty>100</certainty>
6
+ ​<description><![CDATA[<p>Netsparker detected a missing <code>X-XSS-Protection</code> header which means that this website could be at risk of a Cross-site Scripting (XSS) attacks.</p>]]></description>
7
+ <remedy><![CDATA[<div>Add the X-XSS-Protection header with a value of "1; mode= block".<ul><li><pre class="code">X-XSS-Protection: 1; mode=block</pre></li></ul></div>]]></remedy>
8
+
9
+ <rawrequest><![CDATA[GET /javascripts/responsive.js HTTP/1.1
10
+ Host: test.testlab.com:3000
11
+ Cache-Control: no-cache
12
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
13
+ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
14
+ Accept-Language: en-us,en;q=0.5
15
+ X-Scanner: Netsparker
16
+ Cookie: _redmine_session=V2tvR3dUZ
17
+ Accept-Encoding: gzip, deflate
18
+
19
+ ]]></rawrequest>
20
+ <rawresponse><![CDATA[HTTP/1.1 200 OK
21
+ Server: WEBrick/1.3.1 (Ruby/2.3.0/2015-12-25)
22
+ Connection: Keep-Alive
23
+ Content-Length: 2002
24
+ Last-Modified: Sun, 19 Jun 2016 12:47:24 GMT
25
+ Content-Type: application/javascript
26
+ Date: Wed, 08 Feb 2017 20:49:45 GMT
27
+
28
+ // generic layout specific responsive stuff goes here
29
+
30
+ function openFlyout() {
31
+ $('html').addClass('flyout-is-active');
32
+ $('#wrapper2').on('click', function(e){
33
+ e.preventDefault();
34
+ e.stopPropagation();
35
+ closeFlyout();
36
+ });
37
+ }
38
+ ]]></rawresponse>
39
+ <extrainformation></extrainformation>
40
+
41
+ <proofs></proofs>
42
+
43
+
44
+ <classification>
45
+ <OWASP2013></OWASP2013>
46
+ <WASC></WASC>
47
+ <CWE></CWE>
48
+ <CAPEC></CAPEC>
49
+ <PCI31></PCI31>
50
+ <PCI32></PCI32>
51
+ <HIPAA>164.308(a)</HIPAA>
52
+ <OWASPPC>C9</OWASPPC>
53
+ </classification>
54
+
55
+ </vulnerability>
@@ -0,0 +1,15 @@
1
+ #[Title]#
2
+ %issue.title%
3
+
4
+ #[Severity]#
5
+ %issue.severity%
6
+
7
+ #[Certainty]#
8
+ %issue.certainty%
9
+
10
+ #[Description]#
11
+ %issue.description%
12
+
13
+ #[Remedy]#
14
+ %issue.remedy%
15
+
metadata ADDED
@@ -0,0 +1,162 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: dradis-netsparker
3
+ version: !ruby/object:Gem::Version
4
+ version: 3.8.0
5
+ platform: ruby
6
+ authors:
7
+ - Daniel Martin
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2017-09-27 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: dradis-plugins
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '3.2'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '3.2'
27
+ - !ruby/object:Gem::Dependency
28
+ name: nokogiri
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.3'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.3'
41
+ - !ruby/object:Gem::Dependency
42
+ name: bundler
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '1.6'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '1.6'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rake
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '10.0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '10.0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rspec-rails
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: combustion
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: 0.5.2
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: 0.5.2
97
+ description: This add-on allows you to upload and parse output produced from Netsparker
98
+ Web Vulnerability Scanner into Dradis.
99
+ email:
100
+ - etd@nomejortu.com
101
+ executables: []
102
+ extensions: []
103
+ extra_rdoc_files: []
104
+ files:
105
+ - ".gitignore"
106
+ - CHANGELOG.md
107
+ - CONTRIBUTING.md
108
+ - Gemfile
109
+ - LICENSE
110
+ - README.md
111
+ - Rakefile
112
+ - dradis-netsparker.gemspec
113
+ - lib/dradis-netsparker.rb
114
+ - lib/dradis/plugins/netsparker.rb
115
+ - lib/dradis/plugins/netsparker/engine.rb
116
+ - lib/dradis/plugins/netsparker/field_processor.rb
117
+ - lib/dradis/plugins/netsparker/gem_version.rb
118
+ - lib/dradis/plugins/netsparker/importer.rb
119
+ - lib/dradis/plugins/netsparker/version.rb
120
+ - lib/netsparker/vulnerability.rb
121
+ - lib/tasks/thorfile.rb
122
+ - spec/dradis-netsparker_spec.rb
123
+ - spec/fixtures/files/example-evidence.xml
124
+ - spec/fixtures/files/example.xml
125
+ - spec/fixtures/files/netsparker-localhost-demo.xml
126
+ - spec/spec_helper.rb
127
+ - templates/evidence.fields
128
+ - templates/evidence.sample
129
+ - templates/evidence.template
130
+ - templates/issue.fields
131
+ - templates/issue.sample
132
+ - templates/issue.template
133
+ homepage: http://dradisframework.org
134
+ licenses:
135
+ - GPL-2
136
+ metadata: {}
137
+ post_install_message:
138
+ rdoc_options: []
139
+ require_paths:
140
+ - lib
141
+ required_ruby_version: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - ">="
144
+ - !ruby/object:Gem::Version
145
+ version: '0'
146
+ required_rubygems_version: !ruby/object:Gem::Requirement
147
+ requirements:
148
+ - - ">="
149
+ - !ruby/object:Gem::Version
150
+ version: '0'
151
+ requirements: []
152
+ rubyforge_project:
153
+ rubygems_version: 2.6.8
154
+ signing_key:
155
+ specification_version: 4
156
+ summary: Netsparker add-on for the Dradis Framework.
157
+ test_files:
158
+ - spec/dradis-netsparker_spec.rb
159
+ - spec/fixtures/files/example-evidence.xml
160
+ - spec/fixtures/files/example.xml
161
+ - spec/fixtures/files/netsparker-localhost-demo.xml
162
+ - spec/spec_helper.rb