dradis-nexpose 4.10.0 → 4.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b11c2f3efeb75d866e704afc1654be7901c80233d4c25ecf3796170c6217dd12
-  data.tar.gz: 18e1f93496c8badc29df962c48a7285d56ad5a5b5d3e3faa366f63e001081178
+  metadata.gz: b5b342a73c3a4576df7bd68d24142393480c9abed09cd8f7a8c2f9aefe67339e
+  data.tar.gz: 4d24a2ed95a57a001e9f909740fd95067332065804d282598c2b86d31db6b644
 SHA512:
-  metadata.gz: bafe0d744722c9dfb00170857fea3bad6c5f8cd2fcc571867ac0bfb86639f0dc700ea58134ab6f05556aa750dd51072b506a411452f4c7b796955b331916b57f
-  data.tar.gz: 3dc33c2ba56abe1ba7ce2d715cb63826b51d140fa702be9543078a803b6a5a0665b582a695a7e24c933957e3e413b27e1cc6b8a2170b392ba8e44bc89231eeaa
+  metadata.gz: '0080d88c9b79f02f1a9610d85aa350f26e3c059fae144c15a1ccb66c6acf69e69e076063c2d7451915e9a625892f1fc9a519f099aed3e9577edfa4278cb24b5d'
+  data.tar.gz: 9231e9e9a60fe0b06316f024b0f089c76bda3c4bcb4000f0eb4079da893ee295daf59cfabe5f47b85b6f989f2e72b1f87ed988c499ccc64a880a29c9a52e8bbd

data/.github/pull_request_template.md

@@ -1,3 +1,5 @@
+Please review [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md) and remove this line.
+
 ### Summary
 
 Provide a general description of the code changes in your pull
@@ -6,6 +8,11 @@ these bugs have open GitHub issues, be sure to tag them here as well,
 to keep the conversation linked together.
 
 
+### Testing Steps
+
+Provide steps to test functionality, described in detail for someone not familiar with this part of the application / code base
+
+
 ### Other Information
 
 If there's anything else that's important and relevant to your pull
@@ -26,11 +33,13 @@ products, we must have the copyright associated with the entire
 codebase. Any code you create which is merged must be owned by us.
 That's not us trying to be a jerks, that's just the way it works.
 
-Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
-file for the details.
-
 You can delete this section, but the following sentence needs to
 remain in the PR's description:
 
 > I assign all rights, including copyright, to any future Dradis
 > work by myself to Security Roots.
+
+### Check List
+
+- [ ] Added a CHANGELOG entry
+- [ ] Added specs

data/CHANGELOG.md

@@ -1,3 +1,14 @@
+v4.12.0 (May 2024)
+ - Migrate integration to use Mappings Manager
+ - Update Dradis links in README
+
+v4.11.0 (January 2024)
+  - Add port/protocol to evidences
+  - Use the details in <os> as the OS node property
+  - Import `vulnerability.risk_score` as a new Issue field
+  - Allow multiple evidence with the same test id & node address
+  - Add support for tests that start with `ContainerBlockElement`
+
 v4.10.0 (September 2023)
   - Update gemspec links
 

data/README.md

@@ -6,17 +6,16 @@ The Nexpose add-on enables users to upload Nexpose XML files to create a structu
 
 This plugin supports both NeXpose-Simple and NeXpose-Full formats.
 
-The add-on requires [Dradis CE](https://dradisframework.org/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
-
+The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
 
 ## More information
 
-See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework/blob/master/README.md)
+See the Dradis Framework's [README.md](https://github.com/dradis/dradis-ce/blob/develop/README.md)
 
 
 ## Contributing
 
-See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
+See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md)
 
 
 ## License

data/lib/dradis/plugins/nexpose/formats/full.rb

@@ -1,5 +1,4 @@
 module Dradis::Plugins::Nexpose::Formats
-
   # This module knows how to parse Nexpose Ful XML format.
   module Full
     private
@@ -12,30 +11,29 @@ module Dradis::Plugins::Nexpose::Formats
 
       # First, extract scans
       scan_node = content_service.create_node(label: 'Nexpose Scan Summary')
-      logger.info{ "\tProcessing scan summary" }
+      logger.info { "\tProcessing scan summary" }
 
       doc.xpath('//scans/scan').each do |xml_scan|
-        note_text = template_service.process_template(template: 'full_scan', data: xml_scan)
+        note_text = mapping_service.apply_mapping(source: 'full_scan', data: xml_scan)
         content_service.create_note(node: scan_node, text: note_text)
       end
 
-
       # Second, we parse the nodes
       doc.xpath('//nodes/node').each do |xml_node|
         nexpose_node = Nexpose::Node.new(xml_node)
 
         host_node = content_service.create_node(label: nexpose_node.address, type: :host)
-        logger.info{ "\tProcessing host: #{nexpose_node.address}" }
+        logger.info { "\tProcessing host: #{nexpose_node.address}" }
 
         # add the summary note for this host
-        note_text = template_service.process_template(template: 'full_node', data: nexpose_node)
+        note_text = mapping_service.apply_mapping(source: 'full_node', data: nexpose_node)
         content_service.create_note(node: host_node, text: note_text)
 
         if host_node.respond_to?(:properties)
-          logger.info{ "\tAdding host properties to #{nexpose_node.address}"}
+          logger.info { "\tAdding host properties to #{nexpose_node.address}" }
           host_node.set_property(:ip, nexpose_node.address)
           host_node.set_property(:hostname, nexpose_node.names)
-          host_node.set_property(:os, nexpose_node.software)
+          host_node.set_property(:os, nexpose_node.fingerprints)
           host_node.set_property(:risk_score, nexpose_node.risk_score)
           host_node.save
         end
@@ -54,21 +52,22 @@ module Dradis::Plugins::Nexpose::Formats
           # See:
           #   http://stackoverflow.com/questions/1625446/problem-with-upper-case-and-lower-case-xpath-functions-in-selenium-ide/1625859#1625859
           xml_vuln = doc.xpath("//VulnerabilityDefinitions/vulnerability[translate(@id,'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='#{test_id}']").first
-          xml_vuln.add_child("<hosts/>") unless xml_vuln.last_element_child.name == "hosts"
+          xml_vuln.add_child('<hosts/>') unless xml_vuln.last_element_child.name == 'hosts'
 
           if xml_vuln.xpath("./hosts/host[text()='#{nexpose_node.address}']").empty?
             xml_vuln.last_element_child.add_child("<host>#{nexpose_node.address}</host>")
           end
 
-          evidence[test_id][nexpose_node.address] = node_test
+          evidence[test_id][nexpose_node.address] ||= []
+          evidence[test_id][nexpose_node.address] << node_test
         end
 
         nexpose_node.endpoints.each do |endpoint|
           # endpoint_node = content_service.create_node(label: endpoint.label, parent: host_node)
-          logger.info{ "\t\tEndpoint: #{endpoint.label}" }
+          logger.info { "\t\tEndpoint: #{endpoint.label}" }
 
           if host_node.respond_to?(:properties)
-            logger.info{ "\t\tAdding to Services table" }
+            logger.info { "\t\tAdding to Services table" }
             host_node.set_service(
               port: endpoint.port.to_i,
               protocol: endpoint.protocol,
@@ -84,7 +83,7 @@ module Dradis::Plugins::Nexpose::Formats
           endpoint.services.each do |service|
 
             # add the summary note for this service
-            note_text = template_service.process_template(template: 'full_service', data: service)
+            note_text = mapping_service.apply_mapping(source: 'full_service', data: service)
             # content_service.create_note(node: endpoint_node, text: note_text)
             content_service.create_note(node: host_node, text: note_text)
 
@@ -102,13 +101,14 @@ module Dradis::Plugins::Nexpose::Formats
               #   http://stackoverflow.com/questions/1625446/problem-with-upper-case-and-lower-case-xpath-functions-in-selenium-ide/1625859#1625859
               #
               xml_vuln = doc.xpath("//VulnerabilityDefinitions/vulnerability[translate(@id,'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='#{test_id}']").first
-              xml_vuln.add_child("<hosts/>") unless xml_vuln.last_element_child.name == "hosts"
+              xml_vuln.add_child('<hosts/>') unless xml_vuln.last_element_child.name == 'hosts'
 
               if xml_vuln.xpath("./hosts/host[text()='#{nexpose_node.address}']").empty?
                 xml_vuln.last_element_child.add_child("<host>#{nexpose_node.address}</host>")
               end
 
-              evidence[test_id][nexpose_node.address] = service_test
+              evidence[test_id][nexpose_node.address] ||= []
+              evidence[test_id][nexpose_node.address] << service_test
             end
           end
         end
@@ -118,42 +118,43 @@ module Dradis::Plugins::Nexpose::Formats
       end
 
       # Third, parse vulnerability definitions
-      logger.info{ "\tProcessing issue definitions:" }
+      logger.info { "\tProcessing issue definitions:" }
 
       doc.xpath('//VulnerabilityDefinitions/vulnerability').each do |xml_vulnerability|
         id = xml_vulnerability['id'].downcase
         # if @vuln_list.include?(id)
-          issue_text = template_service.process_template(
-            template: 'full_vulnerability',
-            data: xml_vulnerability
-          )
-
-          # retrieve hosts affected by this issue (injected in step 2)
-          #
-          # There is no need for the below as Issues are linked to hosts via the
-          # corresponding Evidence instance
-          #
-          # note_text << "\n\n#[host]#\n"
-          # note_text << xml_vulnerability.xpath('./hosts/host').collect(&:text).join("\n")
-          # note_text << "\n\n"
-
-          # 3.1 create the Issue
-          issue = content_service.create_issue(text: issue_text, id: id)
-          logger.info{ "\tIssue: #{issue.fields ? issue.fields['Title'] : id}" }
-
-
-          # 3.2 associate with the nodes via Evidence.
-          #   TODO: there is room for improvement here by providing proper Evidence content
-          xml_vulnerability.xpath('./hosts/host').collect(&:text).each do |host_name|
-            # if the node exists, this just returns it
-            host_node = content_service.create_node(label: host_name, type: :host)
-
-            evidence_content = template_service.process_template(
-              template: 'full_evidence',
-              data: evidence[id][host_name]
+        issue_text = mapping_service.apply_mapping(
+          source: 'full_vulnerability',
+          data: xml_vulnerability
+        )
+
+        # retrieve hosts affected by this issue (injected in step 2)
+        #
+        # There is no need for the below as Issues are linked to hosts via the
+        # corresponding Evidence instance
+        #
+        # note_text << "\n\n#[host]#\n"
+        # note_text << xml_vulnerability.xpath('./hosts/host').collect(&:text).join("\n")
+        # note_text << "\n\n"
+
+        # 3.1 create the Issue
+        issue = content_service.create_issue(text: issue_text, id: id)
+        logger.info { "\tIssue: #{issue.fields ? issue.fields['Title'] : id}" }
+
+        # 3.2 associate with the nodes via Evidence.
+        #   TODO: there is room for improvement here by providing proper Evidence content
+        xml_vulnerability.xpath('./hosts/host').map(&:text).each do |host_name|
+          # if the node exists, this just returns it
+          host_node = content_service.create_node(label: host_name, type: :host)
+
+          evidence[id][host_name].each do |evidence|
+            evidence_content = mapping_service.apply_mapping(
+              source: 'full_evidence',
+              data: evidence
             )
             content_service.create_evidence(content: evidence_content, issue: issue, node: host_node)
           end
+        end
 
         # end
       end

data/lib/dradis/plugins/nexpose/formats/simple.rb

@@ -26,7 +26,7 @@ module Dradis::Plugins::Nexpose::Formats
           port_node = content_service.create_node(label: port_label, parent: host_node)
 
           findings.each do |id, finding|
-            port_text = template_service.process_template(template: 'simple_port', data: {id: id, finding: finding})
+            port_text = mapping_service.apply_mapping(source: 'simple_port', data: {id: id, finding: finding})
             port_text << "\n#[host]#\n#{host['address']}\n\n"
             content_service.create_note node: port_node, text: port_text
           end

data/lib/dradis/plugins/nexpose/gem_version.rb

@@ -8,11 +8,11 @@ module Dradis
 
       module VERSION
         MAJOR = 4
-        MINOR = 10
+        MINOR = 12
         TINY = 0
         PRE = nil
 
-        STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
+        STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
       end
     end
   end

data/lib/dradis/plugins/nexpose/mapping.rb

@@ -0,0 +1,101 @@
+module Dradis::Plugins::Nexpose
+  module Mapping
+    DEFAULT_MAPPING = {
+      full_evidence: {
+        'ID' => '{{ nexpose[evidence.id] }}',
+        'Status' => '{{ nexpose[evidence.status] }}',
+        'Content' => '{{ nexpose[evidence.content] }}'
+      },
+      full_node: {
+        'Title' => '{{ nexpose[node.address] }}',
+        'Hostname' => '{{ nexpose[node.site_name] }}',
+        'Details' => "Status: {{ nexpose[node.status] }}\nDevice id: {{ nexpose[node.device_id] }}\nHW address: {{ nexpose[node.hardware_address] }}",
+        'Names' => '{{ nexpose[node.names] }}',
+        'Software' => '{{ nexpose[node.software] }}'
+      },
+      full_scan: {
+        'Title' => '{{ nexpose[scan.name] }} ({{ nexpose[scan.scan_id] }})',
+        'Timing' => "Start time: {{ nexpose[scan.start_time] }}\nEnd time: {{ nexpose[scan.end_time] }}",
+        'Status' => '{{ nexpose[scan.status] }}'
+      },
+      full_service: {
+        'Title' => 'Service name: {{ nexpose[service.name] }}',
+        'Fingerprinting' => '{{ nexpose[service.fingerprints] }}',
+        'Configuration' => '{{ nexpose[service.configurations] }}',
+        'Tests' => '{{ nexpose[service.tests] }}'
+      },
+      full_vulnerability: {
+        'Title' => '{{ nexpose[vulnerability.title] }}',
+        'Nexpose Id' => '{{ nexpose[vulnerability.nexpose_id] }}',
+        'Severity' => '{{ nexpose[vulnerability.severity] }}',
+        'PCI Severity' => '{{ nexpose[vulnerability.pci_severity] }}',
+        'CVSS Score' => '{{ nexpose[vulnerability.cvss_score] }}',
+        'CVSS Vector' => '{{ nexpose[vulnerability.cvss_vector] }}',
+        'Published' => '{{ nexpose[vulnerability.published] }}',
+        'Description' => '{{ nexpose[vulnerability.description] }}',
+        'Solution' => '{{ nexpose[vulnerability.solution] }}',
+        'References' => '{{ nexpose[vulnerability.references] }}',
+        'Tags' => '{{ nexpose[vulnerability.tags] }}'
+      },
+      simple_port: {
+        'Id' => '{{ nexpose[port.id] }}',
+        'References' => '{{ nexpose[port.finding] }}'
+      }
+    }.freeze
+
+    SOURCE_FIELDS = {
+      full_evidence: [
+        'evidence.id',
+        'evidence.status',
+        'evidence.content',
+        'evidence.port',
+        'evidence.protocol'
+      ],
+      full_node: [
+        'node.address',
+        'node.device_id',
+        'node.fingerprints',
+        'node.hardware_address',
+        'node.names',
+        'node.tests',
+        'node.risk_score',
+        'node.site_name',
+        'node.status',
+        'node.software'
+      ],
+      full_scan: [
+        'scan.end_time',
+        'scan.name',
+        'scan.scan_id',
+        'scan.start_time',
+        'scan.status'
+      ],
+      full_service: [
+        'service.configurations',
+        'service.fingerprints',
+        'service.name',
+        'service.tests'
+      ],
+      full_vulnerability: [
+        'vulnerability.added',
+        'vulnerability.cvss_score',
+        'vulnerability.cvss_vector',
+        'vulnerability.description',
+        'vulnerability.modified',
+        'vulnerability.nexpose_id',
+        'vulnerability.pci_severity',
+        'vulnerability.published',
+        'vulnerability.risk_score',
+        'vulnerability.references',
+        'vulnerability.severity',
+        'vulnerability.solution',
+        'vulnerability.tags',
+        'vulnerability.title'
+      ],
+      simple_port: [
+        'port.finding',
+        'port.id'
+      ]
+    }.freeze
+  end
+end

data/lib/dradis/plugins/nexpose.rb

@@ -8,4 +8,5 @@ end
 require 'dradis/plugins/nexpose/engine'
 require 'dradis/plugins/nexpose/field_processor'
 require 'dradis/plugins/nexpose/importer'
+require 'dradis/plugins/nexpose/mapping'
 require 'dradis/plugins/nexpose/version'

data/lib/nexpose/endpoint.rb

@@ -8,7 +8,6 @@ module Nexpose
   # Instead of providing separate methods for each supported property we rely
   # on Ruby's #method_missing to do most of the work.
   class Endpoint
-
     # Accepts an XML node from Nokogiri::XML.
     def initialize(xml_node)
       @xml = xml_node
@@ -39,13 +38,14 @@ module Nexpose
     # Each of the services associated with this endpoint. Returns an array of
     # Nexpose::Service objects
     def services
-      @xml.xpath('./services/service').collect { |xml_service| Service.new(xml_service) }
+      @xml.xpath('./services/service').map do |xml_service|
+        Service.new(xml_service, endpoint: { port: port, protocol: protocol })
+      end
     end
 
-
     # This allows external callers (and specs) to check for implemented
     # properties
-    def respond_to?(method, include_private=false)
+    def respond_to?(method, include_private = false)
       return true if supported_tags.include?(method.to_sym)
       super
     end
@@ -57,7 +57,6 @@ module Nexpose
     # attribute, simple descendent or collection that it maps to in the XML
     # tree.
     def method_missing(method, *args)
-
       # We could remove this check and return nil for any non-recognized tag.
       # The problem would be that it would make tricky to debug problems with
       # typos. For instance: <>.potr would return nil instead of raising an
@@ -69,8 +68,7 @@ module Nexpose
 
       # First we try the attributes. In Ruby we use snake_case, but in XML
       # CamelCase is used for some attributes
-      translations_table = {
-      }
+      translations_table = {}
 
       method_name = translations_table.fetch(method, method.to_s)
       return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)

data/lib/nexpose/node.rb

@@ -43,10 +43,9 @@ module Nexpose
       @xml.xpath('./endpoints/endpoint').collect { |xml_endpoint| Endpoint.new(xml_endpoint) }
     end
 
-
     # This allows external callers (and specs) to check for implemented
     # properties
-    def respond_to?(method, include_private=false)
+    def respond_to?(method, include_private = false)
       return true if supported_tags.include?(method.to_sym)
       super
     end
@@ -58,7 +57,6 @@ module Nexpose
     # attribute, simple descendent or collection that it maps to in the XML
     # tree.
     def method_missing(method, *args)
-
       # We could remove this check and return nil for any non-recognized tag.
       # The problem would be that it would make tricky to debug problems with
       # typos. For instance: <>.potr would return nil instead of raising an
@@ -84,7 +82,7 @@ module Nexpose
 
       # Finally the enumerations: names
       if method_name == 'names'
-        @xml.xpath("./names/name").collect(&:text)
+        @xml.xpath('./names/name').collect(&:text)
 
       elsif ['fingerprints', 'software'].include?(method_name)
 
@@ -93,14 +91,10 @@ module Nexpose
           'software' => './software/fingerprint'
         }[method_name]
 
-        @xml.xpath(xpath_selector).collect do |xml_os|
-          Hash[
-            xml_os.attributes.collect do |name, xml_attribute|
-              next if name == 'arch'
-              [name.sub(/-/,'_').to_sym, xml_attribute.value]
-            end
-          ]
-        end
+        xml_os = @xml.at_xpath(xpath_selector)
+        return '' if xml_os.nil?
+
+        xml_os.attributes['product'].value
       else
         # nothing found, the tag is valid but not present in this ReportItem
         return nil

data/lib/nexpose/service.rb

@@ -8,9 +8,15 @@ module Nexpose
   # Instead of providing separate methods for each supported property we rely
   # on Ruby's #method_missing to do most of the work.
   class Service
+    attr_accessor :endpoint, :xml
+
     # Accepts an XML node from Nokogiri::XML.
-    def initialize(xml_node)
+    #
+    # endpoint - If the Service is instantiated from the Endpoint class (e.g.
+    # from <endpoint><services>...) , it will have access to the parent data.
+    def initialize(xml_node, endpoint: nil)
       @xml = xml_node
+      @endpoint = endpoint
     end
 
     # List of supported tags. They can be attributes, simple descendans or
@@ -29,15 +35,18 @@ module Nexpose
 
     # Convert each ./test/test entry into a simple hash
     def tests(*args)
-      @xml.xpath('./tests/test').map do |xml_test|
+      xml.xpath('./tests/test').map do |xml_test|
+        # Inject evidence with data from the node
+        xml_test['port'] = endpoint[:port]
+        xml_test['protocol'] = endpoint[:protocol]
+
         Nexpose::Test.new(xml_test)
       end
     end
 
-
     # This allows external callers (and specs) to check for implemented
     # properties
-    def respond_to?(method, include_private=false)
+    def respond_to?(method, include_private = false)
       return true if supported_tags.include?(method.to_sym)
       super
     end
@@ -49,7 +58,6 @@ module Nexpose
     # attribute, simple descendent or collection that it maps to in the XML
     # tree.
     def method_missing(method, *args)
-
       # We could remove this check and return nil for any non-recognized tag.
       # The problem would be that it would make tricky to debug problems with
       # typos. For instance: <>.potr would return nil instead of raising an
@@ -61,11 +69,10 @@ module Nexpose
 
       # First we try the attributes. In Ruby we use snake_case, but in XML
       # CamelCase is used for some attributes
-      translations_table = {
-      }
+      translations_table = {}
 
       method_name = translations_table.fetch(method, method.to_s)
-      return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
+      return xml.attributes[method_name].value if xml.attributes.key?(method_name)
 
       # Finally the enumerations: references, tags
       if ['fingerprints', 'configurations'].include?(method_name)
@@ -74,11 +81,11 @@ module Nexpose
           'configurations' => './configuration/config'
         }[method_name]
 
-        @xml.xpath(xpath_selector).collect do |xml_item|
-          {:text => xml_item.text}.merge(
+        xml.xpath(xpath_selector).collect do |xml_item|
+          { text: xml_item.text }.merge(
             Hash[
               xml_item.attributes.collect do |name, xml_attribute|
-                [name.sub(/-/,'_').to_sym, xml_attribute.value]
+                [name.sub(/-/, '_').to_sym, xml_attribute.value]
               end
             ]
           )

data/lib/nexpose/test.rb

@@ -2,13 +2,20 @@ module Nexpose
   class Test
     def self.new(xml_node)
       content =
-        if xml_node.at_xpath('./Paragraph')
-          xml_node.
-            at_xpath('./Paragraph').
-            text.
-            split("\n").
-            collect(&:strip).
-            reject { |line| line.empty? }.join("\n")
+        # get first Paragraph or ContainerBlockElement that's a direct child of <test>
+        if xml = xml_node.at_xpath('./Paragraph | ./ContainerBlockElement')
+          # get all nested paragraph elements
+          nested_paragraphs = xml.xpath('.//Paragraph')
+
+          content = nested_paragraphs.children.map do |node|
+            case node.name
+            when 'text'
+              node.text.strip
+            when 'URLLink'
+              node['LinkURL']
+            end
+          end.compact
+          content.map(&:strip).reject(&:empty?).join("\n")
         else
           'n/a'
         end
@@ -16,7 +23,9 @@ module Nexpose
       {
         id: xml_node.attributes['id'],
         status: xml_node.attributes['status'],
-        content: content
+        content: content,
+        port: xml_node.attributes['port'],
+        protocol: xml_node.attributes['protocol']
       }
     end
   end

data/lib/nexpose/vulnerability.rb

@@ -20,8 +20,8 @@ module Nexpose
     def supported_tags
       [
         # attributes
-        :nexpose_id, :title, :severity, :pci_severity, :cvss_score, :cvss_vector,
-        :published, :added, :modified,
+        :added, :cvss_score, :cvss_vector, :modified, :nexpose_id, :pci_severity, 
+        :published, :risk_score, :severity, :title,
 
         # simple tags
         :description, :solution,
@@ -64,6 +64,7 @@ module Nexpose
       translations_table = {
         :nexpose_id => 'id',
         :pci_severity => 'pciSeverity',
+        :risk_score => 'riskScore',
         :cvss_score => 'cvssScore',
         :cvss_vector =>'cvssVector'
       }