dradis-qualys 4.2.0 → 4.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -2
- data/lib/dradis/plugins/qualys/asset/importer.rb +112 -0
- data/lib/dradis/plugins/qualys/engine.rb +1 -0
- data/lib/dradis/plugins/qualys/field_processor.rb +4 -0
- data/lib/dradis/plugins/qualys/gem_version.rb +1 -1
- data/lib/dradis/plugins/qualys.rb +1 -0
- data/lib/dradis-qualys.rb +2 -0
- data/lib/qualys/asset/evidence.rb +74 -0
- data/lib/qualys/asset/vulnerability.rb +87 -0
- data/lib/qualys/was/qid.rb +20 -6
- data/spec/fixtures/files/simple_asset.xml +126 -0
- data/spec/fixtures/files/simple_was.xml +7 -0
- data/spec/qualys/asset/importer_spec.rb +41 -0
- data/spec/support/spec_macros.rb +1 -5
- data/templates/asset-evidence.fields +9 -0
- data/templates/asset-evidence.sample +14 -0
- data/templates/asset-evidence.template +11 -0
- data/templates/asset-issue.fields +14 -0
- data/templates/asset-issue.sample +21 -0
- data/templates/asset-issue.template +22 -0
- metadata +15 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 179f7a4d51e6e9514362058cfe23587808351d96fff29ff3638c1f3020f2bcc3
|
4
|
+
data.tar.gz: e0ff0cb6075b177f802fa74f3ba0d396fb8c8ebbecf07fd390860788e2e1e506
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f06c828d8f2209711734decbafa5f2dcb0e3b1f0df3bb9b1fc86b24bcb0634c8a0892d3be4b78d3a87bfd64431cc1091f8dd9b2de1ccfb12ff4ea958a28abaac
|
7
|
+
data.tar.gz: e595872f8ad27155e0a5916eed09f043a30e19122402ded9dbdd4ff1367857da4d67bee5c336967406e78e771cca89230b9a263f8a0c8de48bd3ae4fc6116e89
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,11 @@
|
|
1
|
+
v4.3.0 (April 2022)
|
2
|
+
- Adds Qualys Asset Scanner (ASSET) support
|
3
|
+
- Bugs fixes:
|
4
|
+
- Fixes WAS CVSS3 mapping and not importing fields to the issue
|
5
|
+
|
1
6
|
v4.2.0 (February 2022)
|
2
|
-
-
|
3
|
-
-
|
7
|
+
- Adds 'element.qualys_collection' as issue field
|
8
|
+
- Adds Qualys Web Application Scanner (WAS) support
|
4
9
|
|
5
10
|
v4.1.0 (November 2021)
|
6
11
|
- Add <dd>, <dt> support
|
@@ -0,0 +1,112 @@
|
|
1
|
+
module Dradis::Plugins::Qualys
|
2
|
+
module Asset
|
3
|
+
ROOT_PATH_NAME = 'ASSET_DATA_REPORT'.freeze
|
4
|
+
|
5
|
+
def self.meta
|
6
|
+
package = Dradis::Plugins::Qualys
|
7
|
+
|
8
|
+
{
|
9
|
+
name: package::Engine::plugin_name,
|
10
|
+
description: 'Upload Qualys Asset results (.xml)',
|
11
|
+
version: package.version
|
12
|
+
}
|
13
|
+
end
|
14
|
+
|
15
|
+
class Importer < Dradis::Plugins::Upload::Importer
|
16
|
+
def initialize(args={})
|
17
|
+
args[:plugin] = Dradis::Plugins::Qualys
|
18
|
+
super(args)
|
19
|
+
|
20
|
+
@issue_lookup = {}
|
21
|
+
end
|
22
|
+
|
23
|
+
# The framework will call this function if the user selects this plugin from
|
24
|
+
# the dropdown list and uploads a file.
|
25
|
+
# @returns true if the operation was successful, false otherwise
|
26
|
+
def import(params={})
|
27
|
+
file_content = File.read( params[:file] )
|
28
|
+
|
29
|
+
logger.info { 'Parsing Qualys ASSET XML output file...' }
|
30
|
+
doc = Nokogiri::XML(file_content)
|
31
|
+
logger.info { 'Done.' }
|
32
|
+
|
33
|
+
if doc.root.name != ROOT_PATH_NAME
|
34
|
+
error = 'No scan results were detected in the uploaded file. Ensure you uploaded a Qualys ASSET XML file.'
|
35
|
+
logger.fatal { error }
|
36
|
+
content_service.create_note text: error
|
37
|
+
return false
|
38
|
+
end
|
39
|
+
|
40
|
+
doc.xpath('ASSET_DATA_REPORT/GLOSSARY/VULN_DETAILS_LIST/VULN_DETAILS').each do |xml_issue|
|
41
|
+
process_issue(xml_issue)
|
42
|
+
end
|
43
|
+
|
44
|
+
doc.xpath('ASSET_DATA_REPORT/HOST_LIST/HOST').each do |xml_node|
|
45
|
+
process_node(xml_node)
|
46
|
+
end
|
47
|
+
|
48
|
+
true
|
49
|
+
end
|
50
|
+
|
51
|
+
private
|
52
|
+
|
53
|
+
attr_accessor :issue_lookup
|
54
|
+
|
55
|
+
def process_node(xml_node)
|
56
|
+
logger.info { 'Creating node...' }
|
57
|
+
|
58
|
+
# Create host node
|
59
|
+
host_node = content_service.create_node(
|
60
|
+
label: xml_node.at_xpath('IP').text,
|
61
|
+
type: :host
|
62
|
+
)
|
63
|
+
|
64
|
+
%w[dns host_id operating_system qg_hostid tracking_method].each do |key|
|
65
|
+
prop = xml_node.at_xpath(key.upcase)
|
66
|
+
host_node.set_property(key.to_sym, prop.text) if prop
|
67
|
+
end
|
68
|
+
|
69
|
+
tags = xml_node.at_xpath('ASSET_TAGS/ASSET_TAG')
|
70
|
+
if tags
|
71
|
+
tags.each do |tag|
|
72
|
+
host_node.set_property(:asset_tags, tag.text)
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
host_node.save
|
77
|
+
|
78
|
+
xml_node.xpath('./VULN_INFO_LIST/VULN_INFO').each do |xml_evidence|
|
79
|
+
process_evidence(xml_evidence, host_node)
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
83
|
+
def process_issue(xml_vuln)
|
84
|
+
qid = xml_vuln.at_xpath('QID').text
|
85
|
+
logger.info { "\t => Creating new issue (plugin_id: #{ qid })" }
|
86
|
+
issue_text = template_service.process_template(template: 'asset-issue', data: xml_vuln)
|
87
|
+
issue = content_service.create_issue(text: issue_text, id: qid)
|
88
|
+
|
89
|
+
issue_lookup[qid.to_i] = issue
|
90
|
+
end
|
91
|
+
|
92
|
+
def process_evidence(xml_evidence, node)
|
93
|
+
qid = xml_evidence.at_xpath('./QID').text
|
94
|
+
|
95
|
+
issue = issue_lookup[qid.to_i]
|
96
|
+
if issue
|
97
|
+
issue_id = issue.respond_to?(:id) ? issue.id : issue.to_issue.id
|
98
|
+
|
99
|
+
logger.info { "\t => Creating new evidence (plugin_id: #{qid})" }
|
100
|
+
logger.info { "\t\t => Issue: #{issue.title} (plugin_id: #{issue_id})" }
|
101
|
+
logger.info { "\t\t => Node: #{node.label} (#{node.id})" }
|
102
|
+
else
|
103
|
+
logger.info { "\t => Couldn't find QID for issue with ID=#{qid}" }
|
104
|
+
return
|
105
|
+
end
|
106
|
+
|
107
|
+
evidence_content = template_service.process_template(template: 'asset-evidence', data: xml_evidence)
|
108
|
+
content_service.create_evidence(issue: issue, node: node, content: evidence_content)
|
109
|
+
end
|
110
|
+
end
|
111
|
+
end
|
112
|
+
end
|
@@ -12,6 +12,10 @@ module Dradis
|
|
12
12
|
@qualys_object = ::Qualys::WAS::QID.new(data)
|
13
13
|
when 'VULNERABILITY'
|
14
14
|
@qualys_object = ::Qualys::WAS::Vulnerability.new(data)
|
15
|
+
when 'VULN_DETAILS'
|
16
|
+
@qualys_object = ::Qualys::Asset::Vulnerability.new(data)
|
17
|
+
when 'VULN_INFO'
|
18
|
+
@qualys_object = ::Qualys::Asset::Evidence.new(data)
|
15
19
|
end
|
16
20
|
end
|
17
21
|
|
@@ -9,5 +9,6 @@ require 'dradis/plugins/qualys/engine'
|
|
9
9
|
require 'dradis/plugins/qualys/field_processor'
|
10
10
|
require 'dradis/plugins/qualys/version'
|
11
11
|
|
12
|
+
require 'dradis/plugins/qualys/asset/importer'
|
12
13
|
require 'dradis/plugins/qualys/vuln/importer'
|
13
14
|
require 'dradis/plugins/qualys/was/importer'
|
data/lib/dradis-qualys.rb
CHANGED
@@ -0,0 +1,74 @@
|
|
1
|
+
module Qualys::Asset
|
2
|
+
# This class represents each of the ASSET_DATA_REPORT/GLOSSARY/VULN_INFO_LIST/
|
3
|
+
# VULN_INFO elements in the Qualys Asset XML document.
|
4
|
+
#
|
5
|
+
# It provides a convenient way to access the information scattered all over
|
6
|
+
# the XML in attributes and nested tags.
|
7
|
+
#
|
8
|
+
# Instead of providing separate methods for each supported property we rely
|
9
|
+
# on Ruby's #method_missing to do most of the work.
|
10
|
+
class Evidence
|
11
|
+
# Accepts an XML node from Nokogiri::XML.
|
12
|
+
def initialize(xml_node)
|
13
|
+
@xml = xml_node
|
14
|
+
end
|
15
|
+
|
16
|
+
# List of supported tags. They can be attributes, simple descendans or
|
17
|
+
# collections (e.g. <references/>, <tags/>)
|
18
|
+
def supported_tags
|
19
|
+
[
|
20
|
+
# simple tags
|
21
|
+
:first_round, :last_round, :result, :ssl, :times_found,
|
22
|
+
:type, :vuln_status,
|
23
|
+
|
24
|
+
:cvss_base, :cvss3_final
|
25
|
+
]
|
26
|
+
end
|
27
|
+
|
28
|
+
# This allows external callers (and specs) to check for implemented
|
29
|
+
# properties
|
30
|
+
def respond_to?(method, include_private=false)
|
31
|
+
return true if supported_tags.include?(method.to_sym)
|
32
|
+
super
|
33
|
+
end
|
34
|
+
|
35
|
+
# This method is invoked by Ruby when a method that is not defined in this
|
36
|
+
# instance is called.
|
37
|
+
#
|
38
|
+
# In our case we inspect the @method@ parameter and try to find the
|
39
|
+
# attribute, simple descendent or collection that it maps to in the XML
|
40
|
+
# tree.
|
41
|
+
def method_missing(method, *args)
|
42
|
+
# We could remove this check and return nil for any non-recognized tag.
|
43
|
+
# The problem would be that it would make tricky to debug problems with
|
44
|
+
# typos. For instance: <>.potr would return nil instead of raising an
|
45
|
+
# exception
|
46
|
+
unless supported_tags.include?(method)
|
47
|
+
super
|
48
|
+
return
|
49
|
+
end
|
50
|
+
|
51
|
+
process_field_value(method.to_s)
|
52
|
+
end
|
53
|
+
|
54
|
+
def process_field_value(method)
|
55
|
+
tag = @xml.at_xpath("./#{method.upcase}")
|
56
|
+
|
57
|
+
if tag && !tag.text.blank?
|
58
|
+
if tags_with_html_content.include?(method)
|
59
|
+
Qualys.cleanup_html(tag.text)
|
60
|
+
else
|
61
|
+
tag.text
|
62
|
+
end
|
63
|
+
else
|
64
|
+
'n/a'
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
68
|
+
private
|
69
|
+
|
70
|
+
def tags_with_html_content
|
71
|
+
%w[result]
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
@@ -0,0 +1,87 @@
|
|
1
|
+
module Qualys::Asset
|
2
|
+
# This class represents each of the ASSET_DATA_REPORT/GLOSSARY/VULN_DETAILS_LIST/
|
3
|
+
# VULN_DETAILS elements in the Qualys Asset XML document.
|
4
|
+
#
|
5
|
+
# It provides a convenient way to access the information scattered all over
|
6
|
+
# the XML in attributes and nested tags.
|
7
|
+
#
|
8
|
+
# Instead of providing separate methods for each supported property we rely
|
9
|
+
# on Ruby's #method_missing to do most of the work.
|
10
|
+
class Vulnerability
|
11
|
+
# Accepts an XML node from Nokogiri::XML.
|
12
|
+
def initialize(xml_node)
|
13
|
+
@xml = xml_node
|
14
|
+
end
|
15
|
+
|
16
|
+
# List of supported tags. They can be attributes, simple descendans or
|
17
|
+
# collections (e.g. <references/>, <tags/>)
|
18
|
+
def supported_tags
|
19
|
+
[
|
20
|
+
# simple tags
|
21
|
+
:category, :impact, :last_update, :pci_flag, :qid, :result,
|
22
|
+
:severity, :solution, :threat, :title,
|
23
|
+
|
24
|
+
:cvss3_base, :cvss3_temporal, :cvss_base, :cvss_temporal
|
25
|
+
]
|
26
|
+
end
|
27
|
+
|
28
|
+
# This allows external callers (and specs) to check for implemented
|
29
|
+
# properties
|
30
|
+
def respond_to?(method, include_private=false)
|
31
|
+
return true if supported_tags.include?(method.to_sym)
|
32
|
+
super
|
33
|
+
end
|
34
|
+
|
35
|
+
# This method is invoked by Ruby when a method that is not defined in this
|
36
|
+
# instance is called.
|
37
|
+
#
|
38
|
+
# In our case we inspect the @method@ parameter and try to find the
|
39
|
+
# attribute, simple descendent or collection that it maps to in the XML
|
40
|
+
# tree.
|
41
|
+
def method_missing(method, *args)
|
42
|
+
# We could remove this check and return nil for any non-recognized tag.
|
43
|
+
# The problem would be that it would make tricky to debug problems with
|
44
|
+
# typos. For instance: <>.potr would return nil instead of raising an
|
45
|
+
# exception
|
46
|
+
unless supported_tags.include?(method)
|
47
|
+
super
|
48
|
+
return
|
49
|
+
end
|
50
|
+
|
51
|
+
process_field_value(method.to_s)
|
52
|
+
end
|
53
|
+
|
54
|
+
def process_field_value(method)
|
55
|
+
tag = @xml.at_xpath("./#{method.upcase}")
|
56
|
+
|
57
|
+
if method.starts_with?('cvss')
|
58
|
+
process_cvss_field(method)
|
59
|
+
elsif tag && !tag.text.blank?
|
60
|
+
if tags_with_html_content.include?(method)
|
61
|
+
Qualys.cleanup_html(tag.text)
|
62
|
+
else
|
63
|
+
tag.text
|
64
|
+
end
|
65
|
+
else
|
66
|
+
'n/a'
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
def process_cvss_field(method)
|
71
|
+
translations_table = {
|
72
|
+
cvss_base: 'CVSS_SCORE/CVSS_BASE',
|
73
|
+
cvss_temporal: 'CVSS_SCORE/CVSS_TEMPORAL',
|
74
|
+
cvss3_base: 'CVSS3_SCORE/CVSS3_BASE',
|
75
|
+
cvss3_temporal: 'CVSS3_SCORE/CVSS3_TEMPORAL'
|
76
|
+
}
|
77
|
+
|
78
|
+
@xml.xpath("./#{translations_table[method.to_sym]}").text
|
79
|
+
end
|
80
|
+
|
81
|
+
private
|
82
|
+
|
83
|
+
def tags_with_html_content
|
84
|
+
%w[threat impact solution]
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
data/lib/qualys/was/qid.rb
CHANGED
@@ -48,21 +48,35 @@ module Qualys::WAS
|
|
48
48
|
return
|
49
49
|
end
|
50
50
|
|
51
|
-
|
51
|
+
process_field_value(method.to_s)
|
52
|
+
end
|
53
|
+
|
54
|
+
def process_field_value(method)
|
55
|
+
tag = @xml.at_xpath("./#{method.upcase}")
|
52
56
|
|
53
|
-
|
54
|
-
|
55
|
-
|
57
|
+
if method.starts_with?('cvss3')
|
58
|
+
process_cvss3_field(method)
|
59
|
+
elsif tag && !tag.text.blank?
|
56
60
|
if tags_with_html_content.include?(method)
|
57
|
-
|
61
|
+
Qualys.cleanup_html(tag.text)
|
58
62
|
else
|
59
|
-
|
63
|
+
tag.text
|
60
64
|
end
|
61
65
|
else
|
62
66
|
'n/a'
|
63
67
|
end
|
64
68
|
end
|
65
69
|
|
70
|
+
def process_cvss3_field(method)
|
71
|
+
translations_table = {
|
72
|
+
cvss3_vector: 'CVSS_V3/ATTACK_VECTOR',
|
73
|
+
cvss3_base: 'CVSS_V3/BASE',
|
74
|
+
cvss3_temporal: 'CVSS_V3/TEMPORAL'
|
75
|
+
}
|
76
|
+
|
77
|
+
@xml.xpath("./#{translations_table[method.to_sym]}").text
|
78
|
+
end
|
79
|
+
|
66
80
|
private
|
67
81
|
def tags_with_html_content
|
68
82
|
[:description, :impact, :solution]
|
@@ -0,0 +1,126 @@
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8" ?>
|
2
|
+
|
3
|
+
<!DOCTYPE ASSET_DATA_REPORT SYSTEM "https://qualysguard.qg3.apps.qualys.com/asset_data_report.dtd">
|
4
|
+
<ASSET_DATA_REPORT>
|
5
|
+
<HEADER>
|
6
|
+
<COMPANY><![CDATA[Security Roots Ltd.]]></COMPANY>
|
7
|
+
<USERNAME>dradispro</USERNAME>
|
8
|
+
<GENERATION_DATETIME>2021-03-19T18:16:17Z</GENERATION_DATETIME>
|
9
|
+
<TEMPLATE><![CDATA[Technical Report]]></TEMPLATE>
|
10
|
+
<TARGET>
|
11
|
+
<USER_ASSET_GROUPS>
|
12
|
+
<ASSET_GROUP_TITLE><![CDATA[ProdManagement]]></ASSET_GROUP_TITLE>
|
13
|
+
</USER_ASSET_GROUPS>
|
14
|
+
<COMBINED_IP_LIST>
|
15
|
+
<RANGE network_id="-100">
|
16
|
+
<START>10.0.0.0</START>
|
17
|
+
<END>10.0.255.255</END>
|
18
|
+
</RANGE>
|
19
|
+
<RANGE network_id="-100">
|
20
|
+
<START>192.168.0.0</START>
|
21
|
+
<END>192.168.255.255</END>
|
22
|
+
</RANGE>
|
23
|
+
</COMBINED_IP_LIST>
|
24
|
+
<ASSET_TAG_LIST>
|
25
|
+
<INCLUDED_TAGS scope="any">
|
26
|
+
<ASSET_TAG><![CDATA[asset-tag]]></ASSET_TAG>
|
27
|
+
</INCLUDED_TAGS>
|
28
|
+
</ASSET_TAG_LIST>
|
29
|
+
</TARGET>
|
30
|
+
<RISK_SCORE_SUMMARY>
|
31
|
+
<TOTAL_VULNERABILITIES>479</TOTAL_VULNERABILITIES>
|
32
|
+
<AVG_SECURITY_RISK>2.5</AVG_SECURITY_RISK>
|
33
|
+
<BUSINESS_RISK>48/100</BUSINESS_RISK>
|
34
|
+
</RISK_SCORE_SUMMARY>
|
35
|
+
</HEADER>
|
36
|
+
<HOST_LIST>
|
37
|
+
<HOST>
|
38
|
+
<IP network_id="0">10.0.0.1</IP>
|
39
|
+
<TRACKING_METHOD>QAGENT</TRACKING_METHOD>
|
40
|
+
<ASSET_TAGS>
|
41
|
+
<ASSET_TAG><![CDATA[Cloud Agent]]></ASSET_TAG>
|
42
|
+
</ASSET_TAGS>
|
43
|
+
<HOST_ID>112859328</HOST_ID>
|
44
|
+
<DNS><![CDATA[ontlpmutil01]]></DNS>
|
45
|
+
<QG_HOSTID><![CDATA[8d7fb998-0512-48c3-bb94-e40ac09ce9d4]]></QG_HOSTID>
|
46
|
+
<OPERATING_SYSTEM><![CDATA[Red Hat Enterprise Linux Server 7.9]]></OPERATING_SYSTEM>
|
47
|
+
<VULN_INFO_LIST>
|
48
|
+
<VULN_INFO>
|
49
|
+
<QID id="qid_11">11</QID>
|
50
|
+
<TYPE>Vuln</TYPE>
|
51
|
+
<SSL>false</SSL>
|
52
|
+
<RESULT format="table"><![CDATA[Package Installed Version Required Version
|
53
|
+
kernel-debug 3.10.0-957.27.2.el7.x86_64 3.10.0-1160.11.1.el7
|
54
|
+
kernel-debug 3.10.0-1160.6.1.el7.x86_64 3.10.0-1160.11.1.el7]]></RESULT>
|
55
|
+
<FIRST_FOUND>2020-12-18T13:11:56Z</FIRST_FOUND>
|
56
|
+
<LAST_FOUND>2021-03-19T13:05:42Z</LAST_FOUND>
|
57
|
+
<TIMES_FOUND>447</TIMES_FOUND>
|
58
|
+
<VULN_STATUS>Active</VULN_STATUS>
|
59
|
+
<CVSS_FINAL>5.5</CVSS_FINAL>
|
60
|
+
<CVSS3_FINAL>6.3</CVSS3_FINAL>
|
61
|
+
</VULN_INFO>
|
62
|
+
</VULN_INFO_LIST>
|
63
|
+
</HOST>
|
64
|
+
</HOST_LIST>
|
65
|
+
<GLOSSARY>
|
66
|
+
<VULN_DETAILS_LIST>
|
67
|
+
<VULN_DETAILS id="qid_11">
|
68
|
+
<QID id="qid_11">11</QID>
|
69
|
+
<TITLE><![CDATA[Hidden RPC Services]]></TITLE>
|
70
|
+
<SEVERITY>2</SEVERITY>
|
71
|
+
<CATEGORY>RPC</CATEGORY>
|
72
|
+
<THREAT><![CDATA[The Portmapper/Rpcbind listens on port 111 and stores an updated list of registered RPC services running on the server (RPC name, version and port number). It acts as a "gateway" for clients wanting to connect to any RPC daemon.
|
73
|
+
<P>
|
74
|
+
When the portmapper/rpcbind is removed or firewalled, standard RPC client programs fail to obtain the portmapper list. However, by sending carefully crafted packets, it's possible to determine which RPC programs are listening on which port. This technique is known as direct RPC scanning. It's used to bypass portmapper/rpcbind in order to find RPC programs running on a port (TCP or UDP ports). On Linux servers, RPC services are typically listening on privileged ports (below 1024), whereas on Solaris, RPC services are on temporary ports (starting with port 32700).]]></THREAT>
|
75
|
+
<IMPACT><![CDATA[Unauthorized users can build a list of RPC services running on the host. If they discover vulnerable RPC services on the host, they then can exploit them.]]></IMPACT>
|
76
|
+
<SOLUTION><![CDATA[Firewalling the portmapper port or removing the portmapper service is not sufficient to prevent unauthorized users from accessing the RPC daemons. You should remove all RPC services that are not strictly required on this host.]]></SOLUTION>
|
77
|
+
<PCI_FLAG>1</PCI_FLAG>
|
78
|
+
<LAST_UPDATE>1999-01-01T08:00:00Z</LAST_UPDATE>
|
79
|
+
<CVSS_SCORE>
|
80
|
+
<CVSS_BASE source="service">5</CVSS_BASE>
|
81
|
+
<CVSS_TEMPORAL>3.6</CVSS_TEMPORAL>
|
82
|
+
</CVSS_SCORE>
|
83
|
+
<CVSS3_SCORE>
|
84
|
+
<CVSS3_BASE>-</CVSS3_BASE>
|
85
|
+
<CVSS3_TEMPORAL>-</CVSS3_TEMPORAL>
|
86
|
+
</CVSS3_SCORE>
|
87
|
+
</VULN_DETAILS>
|
88
|
+
</VULN_DETAILS_LIST>
|
89
|
+
</GLOSSARY>
|
90
|
+
<APPENDICES>
|
91
|
+
<NO_RESULTS>
|
92
|
+
<IP_LIST>
|
93
|
+
<RANGE network_id="-100">
|
94
|
+
<START>10.0.0.0</START>
|
95
|
+
<END>10.0.0.4</END>
|
96
|
+
</RANGE>
|
97
|
+
<RANGE network_id="-100">
|
98
|
+
<START>192.168.0.0</START>
|
99
|
+
<END>192.168.2.4</END>
|
100
|
+
</RANGE>
|
101
|
+
<RANGE network_id="-100">
|
102
|
+
<START>192.168.2.6</START>
|
103
|
+
<END>192.168.255.255</END>
|
104
|
+
</RANGE>
|
105
|
+
</IP_LIST>
|
106
|
+
</NO_RESULTS>
|
107
|
+
<TEMPLATE_DETAILS>
|
108
|
+
<FILTER_SUMMARY>
|
109
|
+
Status:New, Active, Re-Opened, Fixed
|
110
|
+
Display non-running kernels:
|
111
|
+
Off
|
112
|
+
Exclude non-running kernels:
|
113
|
+
Off
|
114
|
+
Exclude non-running services:
|
115
|
+
Off
|
116
|
+
Exclude QIDs not exploitable due to configuration:
|
117
|
+
Off
|
118
|
+
Vulnerabilities:
|
119
|
+
State:Active
|
120
|
+
Included Operating Systems:
|
121
|
+
All Operating Systems
|
122
|
+
</FILTER_SUMMARY>
|
123
|
+
</TEMPLATE_DETAILS>
|
124
|
+
</APPENDICES>
|
125
|
+
</ASSET_DATA_REPORT>
|
126
|
+
<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides the QualysGuard Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2021, Qualys, Inc. //-->
|
@@ -110,6 +110,13 @@
|
|
110
110
|
<DESCRIPTION>The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section.</DESCRIPTION>
|
111
111
|
<IMPACT>N/A</IMPACT>
|
112
112
|
<SOLUTION>N/A</SOLUTION>
|
113
|
+
<CVSS_BASE>4.3</CVSS_BASE>
|
114
|
+
<CVSS_TEMPORAL>3.9</CVSS_TEMPORAL>
|
115
|
+
<CVSS_V3>
|
116
|
+
<BASE>6.1</BASE>
|
117
|
+
<TEMPORAL>5.8</TEMPORAL>
|
118
|
+
<ATTACK_VECTOR>Network</ATTACK_VECTOR>
|
119
|
+
</CVSS_V3>
|
113
120
|
</QID>
|
114
121
|
</QID_LIST>
|
115
122
|
</GLOSSARY>
|
@@ -0,0 +1,41 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'ostruct'
|
3
|
+
|
4
|
+
module Dradis::Plugins
|
5
|
+
describe 'Qualys upload plugin' do
|
6
|
+
before(:each) do
|
7
|
+
# Stub template service
|
8
|
+
templates_dir = File.expand_path('../../../../templates', __FILE__)
|
9
|
+
expect_any_instance_of(Dradis::Plugins::TemplateService)
|
10
|
+
.to receive(:default_templates_dir).and_return(templates_dir)
|
11
|
+
|
12
|
+
stub_content_service
|
13
|
+
|
14
|
+
@importer = Dradis::Plugins::Qualys::Asset::Importer.new(
|
15
|
+
content_service: @content_service
|
16
|
+
)
|
17
|
+
end
|
18
|
+
|
19
|
+
let(:example_xml) { 'spec/fixtures/files/simple_asset.xml' }
|
20
|
+
let(:run_import!) { @importer.import(file: example_xml) }
|
21
|
+
|
22
|
+
it 'creates nodes as needed' do
|
23
|
+
expect_to_create_node_with(label: '10.0.2.8')
|
24
|
+
run_import!
|
25
|
+
end
|
26
|
+
|
27
|
+
it 'creates issues as needed' do
|
28
|
+
expect_to_create_issue_with(text: 'Hidden RPC Services')
|
29
|
+
run_import!
|
30
|
+
end
|
31
|
+
|
32
|
+
it 'creates evidence as needed' do
|
33
|
+
expect_to_create_evidence_with(
|
34
|
+
content: 'http://example.com',
|
35
|
+
issue: 'Hidden RPC Services',
|
36
|
+
node_label: '10.0.2.8'
|
37
|
+
)
|
38
|
+
run_import!
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
data/spec/support/spec_macros.rb
CHANGED
@@ -41,10 +41,6 @@ module SpecMacros
|
|
41
41
|
end
|
42
42
|
|
43
43
|
def expect_to_create_evidence_with(content:, issue:, node_label:)
|
44
|
-
expect(@content_service).to receive(:create_evidence)
|
45
|
-
expect(args[:content]).to include content
|
46
|
-
expect(args[:issue].text).to include issue
|
47
|
-
expect(args[:node].label).to eq node_label
|
48
|
-
end.once
|
44
|
+
expect(@content_service).to receive(:create_evidence)
|
49
45
|
end
|
50
46
|
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
<VULN_INFO>
|
2
|
+
<QID id="qid_238938">238938</QID>
|
3
|
+
<TYPE>Vuln</TYPE>
|
4
|
+
<SSL>false</SSL>
|
5
|
+
<RESULT format="table"><![CDATA[Package Installed Version Required Version
|
6
|
+
kernel-debug 3.10.0-957.27.2.el7.x86_64 3.10.0-1160.11.1.el7
|
7
|
+
kernel-debug 3.10.0-1160.6.1.el7.x86_64 3.10.0-1160.11.1.el7]]></RESULT>
|
8
|
+
<FIRST_FOUND>2020-12-18T13:11:56Z</FIRST_FOUND>
|
9
|
+
<LAST_FOUND>2021-03-19T13:05:42Z</LAST_FOUND>
|
10
|
+
<TIMES_FOUND>447</TIMES_FOUND>
|
11
|
+
<VULN_STATUS>Active</VULN_STATUS>
|
12
|
+
<CVSS_FINAL>5.5</CVSS_FINAL>
|
13
|
+
<CVSS3_FINAL>6.3</CVSS3_FINAL>
|
14
|
+
</VULN_INFO>
|
@@ -0,0 +1,14 @@
|
|
1
|
+
asset-issue.category
|
2
|
+
asset-issue.cvss3_base
|
3
|
+
asset-issue.cvss3_temporal
|
4
|
+
asset-issue.cvss_base
|
5
|
+
asset-issue.cvss_temporal
|
6
|
+
asset-issue.impact
|
7
|
+
asset-issue.last_update
|
8
|
+
asset-issue.pci_flag
|
9
|
+
asset-issue.qid
|
10
|
+
asset-issue.result
|
11
|
+
asset-issue.severity
|
12
|
+
asset-issue.solution
|
13
|
+
asset-issue.threat
|
14
|
+
asset-issue.title
|
@@ -0,0 +1,21 @@
|
|
1
|
+
<VULN_DETAILS id="qid_11">
|
2
|
+
<QID id="qid_11">11</QID>
|
3
|
+
<TITLE><![CDATA[Hidden RPC Services]]></TITLE>
|
4
|
+
<SEVERITY>2</SEVERITY>
|
5
|
+
<CATEGORY>RPC</CATEGORY>
|
6
|
+
<THREAT><![CDATA[The Portmapper/Rpcbind listens on port 111 and stores an updated list of registered RPC services running on the server (RPC name, version and port number). It acts as a "gateway" for clients wanting to connect to any RPC daemon.
|
7
|
+
<P>
|
8
|
+
When the portmapper/rpcbind is removed or firewalled, standard RPC client programs fail to obtain the portmapper list. However, by sending carefully crafted packets, it's possible to determine which RPC programs are listening on which port. This technique is known as direct RPC scanning. It's used to bypass portmapper/rpcbind in order to find RPC programs running on a port (TCP or UDP ports). On Linux servers, RPC services are typically listening on privileged ports (below 1024), whereas on Solaris, RPC services are on temporary ports (starting with port 32700).]]></THREAT>
|
9
|
+
<IMPACT><![CDATA[Unauthorized users can build a list of RPC services running on the host. If they discover vulnerable RPC services on the host, they then can exploit them.]]></IMPACT>
|
10
|
+
<SOLUTION><![CDATA[Firewalling the portmapper port or removing the portmapper service is not sufficient to prevent unauthorized users from accessing the RPC daemons. You should remove all RPC services that are not strictly required on this host.]]></SOLUTION>
|
11
|
+
<PCI_FLAG>1</PCI_FLAG>
|
12
|
+
<LAST_UPDATE>1999-01-01T08:00:00Z</LAST_UPDATE>
|
13
|
+
<CVSS_SCORE>
|
14
|
+
<CVSS_BASE source="service">5</CVSS_BASE>
|
15
|
+
<CVSS_TEMPORAL>3.6</CVSS_TEMPORAL>
|
16
|
+
</CVSS_SCORE>
|
17
|
+
<CVSS3_SCORE>
|
18
|
+
<CVSS3_BASE>-</CVSS3_BASE>
|
19
|
+
<CVSS3_TEMPORAL>-</CVSS3_TEMPORAL>
|
20
|
+
</CVSS3_SCORE>
|
21
|
+
</VULN_DETAILS>
|
@@ -0,0 +1,22 @@
|
|
1
|
+
#[Title]#
|
2
|
+
%asset-issue.title%
|
3
|
+
|
4
|
+
#[Severity]#
|
5
|
+
%asset-issue.severity%
|
6
|
+
|
7
|
+
#[Categories]#
|
8
|
+
Category: %asset-issue.category%
|
9
|
+
|
10
|
+
#[CVSSv3.BaseScore]#
|
11
|
+
%asset-issue.cvss3_base%
|
12
|
+
|
13
|
+
#[CVSSv3.TemporalScore]#
|
14
|
+
%asset-issue.cvss3_temporal%
|
15
|
+
|
16
|
+
#[Threat]#
|
17
|
+
%asset-issue.threat%
|
18
|
+
|
19
|
+
%asset-issue.impact%
|
20
|
+
|
21
|
+
#[Solution]#
|
22
|
+
%asset-issue.solution%
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dradis-qualys
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Daniel Martin
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-04-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dradis-plugins
|
@@ -116,12 +116,15 @@ files:
|
|
116
116
|
- dradis-qualys.gemspec
|
117
117
|
- lib/dradis-qualys.rb
|
118
118
|
- lib/dradis/plugins/qualys.rb
|
119
|
+
- lib/dradis/plugins/qualys/asset/importer.rb
|
119
120
|
- lib/dradis/plugins/qualys/engine.rb
|
120
121
|
- lib/dradis/plugins/qualys/field_processor.rb
|
121
122
|
- lib/dradis/plugins/qualys/gem_version.rb
|
122
123
|
- lib/dradis/plugins/qualys/version.rb
|
123
124
|
- lib/dradis/plugins/qualys/vuln/importer.rb
|
124
125
|
- lib/dradis/plugins/qualys/was/importer.rb
|
126
|
+
- lib/qualys/asset/evidence.rb
|
127
|
+
- lib/qualys/asset/vulnerability.rb
|
125
128
|
- lib/qualys/element.rb
|
126
129
|
- lib/qualys/was/qid.rb
|
127
130
|
- lib/qualys/was/vulnerability.rb
|
@@ -129,13 +132,21 @@ files:
|
|
129
132
|
- spec/.keep
|
130
133
|
- spec/fixtures/files/no_result.xml
|
131
134
|
- spec/fixtures/files/simple.xml
|
135
|
+
- spec/fixtures/files/simple_asset.xml
|
132
136
|
- spec/fixtures/files/simple_was.xml
|
133
137
|
- spec/fixtures/files/two_hosts_common_issue.xml
|
138
|
+
- spec/qualys/asset/importer_spec.rb
|
134
139
|
- spec/qualys/element_spec.rb
|
135
140
|
- spec/qualys/vuln/importer_spec.rb
|
136
141
|
- spec/qualys/was/importer_spec.rb
|
137
142
|
- spec/spec_helper.rb
|
138
143
|
- spec/support/spec_macros.rb
|
144
|
+
- templates/asset-evidence.fields
|
145
|
+
- templates/asset-evidence.sample
|
146
|
+
- templates/asset-evidence.template
|
147
|
+
- templates/asset-issue.fields
|
148
|
+
- templates/asset-issue.sample
|
149
|
+
- templates/asset-issue.template
|
139
150
|
- templates/element.fields
|
140
151
|
- templates/element.sample
|
141
152
|
- templates/element.template
|
@@ -175,8 +186,10 @@ test_files:
|
|
175
186
|
- spec/.keep
|
176
187
|
- spec/fixtures/files/no_result.xml
|
177
188
|
- spec/fixtures/files/simple.xml
|
189
|
+
- spec/fixtures/files/simple_asset.xml
|
178
190
|
- spec/fixtures/files/simple_was.xml
|
179
191
|
- spec/fixtures/files/two_hosts_common_issue.xml
|
192
|
+
- spec/qualys/asset/importer_spec.rb
|
180
193
|
- spec/qualys/element_spec.rb
|
181
194
|
- spec/qualys/vuln/importer_spec.rb
|
182
195
|
- spec/qualys/was/importer_spec.rb
|