heimdall_tools 1.3.24 → 1.3.29
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +55 -1
- data/README.md +26 -1
- data/lib/data/nessus-plugins-nist-mapping.csv +108 -0
- data/lib/heimdall_tools.rb +1 -0
- data/lib/heimdall_tools/cli.rb +15 -0
- data/lib/heimdall_tools/fortify_mapper.rb +5 -1
- data/lib/heimdall_tools/hdf.rb +3 -1
- data/lib/heimdall_tools/help/nessus_mapper.md +9 -0
- data/lib/heimdall_tools/nessus_mapper.rb +228 -0
- metadata +7 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0bdd42d0d0a3eaa1fbfbab6c9acf883e76260c37e814a6abc0c35c7178701083
|
4
|
+
data.tar.gz: d59e77cf487492d9e54de6e09616e5bcb483e8df8199186a6766c42a26cef9f3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 86c9d5bfe1a69eede83b0a2dcfbaa26dac9a4f36f611c7c53cb1f42fbaec6a1ec68185bdde97e57423340e17e9a5cffcb87983cda034e27528ba40f509c5f0f4
|
7
|
+
data.tar.gz: 07a8768a11ee51cff04ee82dc5d5cdd521d16b7429fd8d960737c6e1110d046fabf866e766db141472e2669dfa1ae2c113abc4ade7109cf6c6d5925a8d46f352
|
data/CHANGELOG.md
CHANGED
@@ -2,7 +2,61 @@
|
|
2
2
|
|
3
3
|
## [Unreleased](https://github.com/mitre/heimdall_tools/tree/HEAD)
|
4
4
|
|
5
|
-
[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.
|
5
|
+
[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.28...HEAD)
|
6
|
+
|
7
|
+
**Merged pull requests:**
|
8
|
+
|
9
|
+
- Remove debug line [\#53](https://github.com/mitre/heimdall_tools/pull/53) ([rx294](https://github.com/rx294))
|
10
|
+
|
11
|
+
## [v1.3.28](https://github.com/mitre/heimdall_tools/tree/v1.3.28) (2020-05-28)
|
12
|
+
|
13
|
+
[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.27...v1.3.28)
|
14
|
+
|
15
|
+
**Closed issues:**
|
16
|
+
|
17
|
+
- Map 'Policy Compliance' entries for nessus\_mapper [\#49](https://github.com/mitre/heimdall_tools/issues/49)
|
18
|
+
|
19
|
+
**Merged pull requests:**
|
20
|
+
|
21
|
+
- Add code to translate Policy compliance results [\#51](https://github.com/mitre/heimdall_tools/pull/51) ([rx294](https://github.com/rx294))
|
22
|
+
|
23
|
+
## [v1.3.27](https://github.com/mitre/heimdall_tools/tree/v1.3.27) (2020-05-22)
|
24
|
+
|
25
|
+
[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.26...v1.3.27)
|
26
|
+
|
27
|
+
**Merged pull requests:**
|
28
|
+
|
29
|
+
- Updated the Dockerfile to run in an alpine ruby container [\#47](https://github.com/mitre/heimdall_tools/pull/47) ([jsa5593](https://github.com/jsa5593))
|
30
|
+
- Require a newer version of git-lite-version-bump for Windows support [\#46](https://github.com/mitre/heimdall_tools/pull/46) ([rbclark](https://github.com/rbclark))
|
31
|
+
|
32
|
+
## [v1.3.26](https://github.com/mitre/heimdall_tools/tree/v1.3.26) (2020-05-06)
|
33
|
+
|
34
|
+
[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.25...v1.3.26)
|
35
|
+
|
36
|
+
**Implemented enhancements:**
|
37
|
+
|
38
|
+
- Converter: Nessus Transform for Audit results and vulnerability scan results [\#29](https://github.com/mitre/heimdall_tools/issues/29)
|
39
|
+
|
40
|
+
**Merged pull requests:**
|
41
|
+
|
42
|
+
- Nessus Mapper [\#45](https://github.com/mitre/heimdall_tools/pull/45) ([rx294](https://github.com/rx294))
|
43
|
+
|
44
|
+
## [v1.3.25](https://github.com/mitre/heimdall_tools/tree/v1.3.25) (2020-04-16)
|
45
|
+
|
46
|
+
[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.24...v1.3.25)
|
47
|
+
|
48
|
+
**Closed issues:**
|
49
|
+
|
50
|
+
- Add minimum required json fields to work heimdall server [\#5](https://github.com/mitre/heimdall_tools/issues/5)
|
51
|
+
|
52
|
+
**Merged pull requests:**
|
53
|
+
|
54
|
+
- Make sure the fields we are looking for in Fortify exist before we parse the element [\#44](https://github.com/mitre/heimdall_tools/pull/44) ([rbclark](https://github.com/rbclark))
|
55
|
+
- Update actions to use ruby/setup-ruby [\#43](https://github.com/mitre/heimdall_tools/pull/43) ([Bialogs](https://github.com/Bialogs))
|
56
|
+
|
57
|
+
## [v1.3.24](https://github.com/mitre/heimdall_tools/tree/v1.3.24) (2020-04-07)
|
58
|
+
|
59
|
+
[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23...v1.3.24)
|
6
60
|
|
7
61
|
**Implemented enhancements:**
|
8
62
|
|
data/README.md
CHANGED
@@ -9,6 +9,7 @@ HeimdallTools supplies several methods to convert output from various tools to "
|
|
9
9
|
- **fortify_mapper** - commercial static code analysis tool
|
10
10
|
- **zap_mapper** - OWASP ZAP - open-source dynamic code analysis tool
|
11
11
|
- **burpsuite_mapper** - commercial dynamic analysis tool
|
12
|
+
- **nessus_mapper** - commercial vulnerability scanner
|
12
13
|
|
13
14
|
Ruby 2.4 or higher (check using "ruby -v")
|
14
15
|
|
@@ -53,6 +54,13 @@ Verify the installed version number:
|
|
53
54
|
On the Command Line, `heimdall_tools help` will print a listing of all the command with a short description.
|
54
55
|
For detailed help on any command, run `heimdall_tools help [COMMAND]`. Help can also be called with the `-h, --help` flags after any command, like `heimdall_tools fortify_mapper -h`.
|
55
56
|
|
57
|
+
For Docker usage, replace the `heimdall_tools` command with the correct Docker command below for your operating system:
|
58
|
+
|
59
|
+
- **On Linux and Mac:** `docker run -it -v$(pwd):/share mitre/heimdall_tools`
|
60
|
+
- **On Windows CMD:** `docker run -it -v%cd%:/share mitre/heimdall_tools`
|
61
|
+
|
62
|
+
Note that all of the above Docker commands will mount your current directory on the Docker container. Ensure that you have navigated to the directory you intend to convert files in before executing the command.
|
63
|
+
|
56
64
|
## sonarqube_mapper
|
57
65
|
|
58
66
|
sonarqube_mapper pulls SonarQube results, for the specified project, from the API and outputs in HDF format Json to be viewed on Heimdall
|
@@ -113,13 +121,30 @@ burpsuite_mapper translates an BurpSuite Pro exported XML results file into HDF
|
|
113
121
|
USAGE: heimdall_tools burpsuite_mapper [OPTIONS] -x <burpsuite-xml> -o <scan-results.json>
|
114
122
|
|
115
123
|
FLAGS:
|
116
|
-
-x
|
124
|
+
-x <burpsuite_xml> : path to BurpSuitePro exported XML results file.
|
117
125
|
-o --output <scan-results> : path to output scan-results json.
|
118
126
|
-V --verbose : verbose run [optional].
|
119
127
|
|
120
128
|
example: heimdall_tools burpsuite_mapper -x burpsuite_results.xml -o scan_results.json
|
121
129
|
```
|
122
130
|
|
131
|
+
## nessus_mapper
|
132
|
+
|
133
|
+
nessus_mapper translates a Nessus-exported XML results file into HDF format json to be viewable in Heimdall
|
134
|
+
|
135
|
+
Note: A separate HDF JSON file is generated for each host reported in the Nessus Report.
|
136
|
+
|
137
|
+
```
|
138
|
+
USAGE: heimdall_tools nessus_mapper [OPTIONS] -x <nessus-results-xml> -o <hdf-file-prefix>
|
139
|
+
|
140
|
+
FLAGS:
|
141
|
+
-x <nessus-results-xml> : path to Nessus-exported XML results file.
|
142
|
+
-o --output_prefix <prefix> : path to output scan-results json.
|
143
|
+
-V --verbose : verbose run [optional].
|
144
|
+
|
145
|
+
example: heimdall_tools nessus_mapper -x nessus-results.xml -o test-env
|
146
|
+
```
|
147
|
+
|
123
148
|
## version
|
124
149
|
|
125
150
|
Prints out the gem version
|
@@ -0,0 +1,108 @@
|
|
1
|
+
pluginFamily,pluginID,NIST-ID,Rev
|
2
|
+
AIX Local Security Checks,*,SI-2|RA-5,4
|
3
|
+
Amazon Linux Local Security Checks,*,SI-2|RA-5,4
|
4
|
+
CentOS Local Security Checks,*,SI-2|RA-5,4
|
5
|
+
Debian Local Security Checks,*,SI-2|RA-5,4
|
6
|
+
F5 Networks Local Security Checks,*,SI-2|RA-5,4
|
7
|
+
Fedora Local Security Checks,*,SI-2|RA-5,4
|
8
|
+
FreeBSD Local Security Checks,*,SI-2|RA-5,4
|
9
|
+
Gentoo Local Security Checks,*,SI-2|RA-5,4
|
10
|
+
HP-UX Local Security Checks,*,SI-2|RA-5,4
|
11
|
+
Huawei Local Security Checks,*,SI-2|RA-5,4
|
12
|
+
Junos Local Security Checks,*,SI-2|RA-5,4
|
13
|
+
MacOS X Local Security Checks,*,SI-2|RA-5,4
|
14
|
+
Mandriva Local Security Checks,*,SI-2|RA-5,4
|
15
|
+
NewStart CGSL Local Security Checks,*,SI-2|RA-5,4
|
16
|
+
Oracle Linux Local Security Checks,*,SI-2|RA-5,4
|
17
|
+
OracleVM Local Security Checks,*,SI-2|RA-5,4
|
18
|
+
Palo Alto Local Security Checks,*,SI-2|RA-5,4
|
19
|
+
PhotonOS Local Security Checks,*,SI-2|RA-5,4
|
20
|
+
Red Hat Local Security Checks,*,SI-2|RA-5,4
|
21
|
+
Scientific Linux Local Security Checks,*,SI-2|RA-5,4
|
22
|
+
Slackware Local Security Checks,*,SI-2|RA-5,4
|
23
|
+
Solaris Local Security Checks,*,SI-2|RA-5,4
|
24
|
+
SuSE Local Security Checks,*,SI-2|RA-5,4
|
25
|
+
Ubuntu Local Security Checks,*,SI-2|RA-5,4
|
26
|
+
VMware ESX Local Security Checks,*,SI-2|RA-5,4
|
27
|
+
Virtuozzo Local Security Checks,*,SI-2|RA-5,4
|
28
|
+
Backdoors,,,
|
29
|
+
Brute force attacks,,,
|
30
|
+
CGI abuses,,,
|
31
|
+
CGI abuses : XSS,,,
|
32
|
+
CISCO,,,
|
33
|
+
DNS,,,
|
34
|
+
Databases,,,
|
35
|
+
Default Unix Accounts,,,
|
36
|
+
Denial of Service,,,
|
37
|
+
FTP,,,
|
38
|
+
Firewalls,56310,SC-7,4
|
39
|
+
Gain a shell remotely,,,
|
40
|
+
General,133964,AC-3(4),4
|
41
|
+
General,117530,UM-1,4
|
42
|
+
General,110483,CM-7,4
|
43
|
+
General,95928,AC-2,4
|
44
|
+
General,90191,CM-8,4
|
45
|
+
General,86420,CM-8,4
|
46
|
+
General,70544,AC-17(2)|SC-13,4
|
47
|
+
General,66334,SI-2|RA-5,4
|
48
|
+
General,64582,CM-8,4
|
49
|
+
General,57582,SC-12,4
|
50
|
+
General,57041,AC-17(2)|SC-13,4
|
51
|
+
General,56984,AC-17(2)|SC-13,4
|
52
|
+
General,56468,CM-8,4
|
53
|
+
General,55472,CM-8,4
|
54
|
+
General,54615,CM-8,4
|
55
|
+
General,51192,SC-12,4
|
56
|
+
General,45590,CM-8,4
|
57
|
+
General,45432,CM-8,4
|
58
|
+
General,45410,SC-12,4
|
59
|
+
General,39520,SI-2|RA-5,4
|
60
|
+
General,35351,CM-8,4
|
61
|
+
General,34098,CM-8,4
|
62
|
+
General,33276,CM-8,4
|
63
|
+
General,25220,SC-8,4
|
64
|
+
General,25203,CM-8,4
|
65
|
+
General,25202,CM-8,4
|
66
|
+
General,22869,CM-8,4
|
67
|
+
General,21643,AC-17(2)|SC-13,4
|
68
|
+
General,12053,CM-8,4
|
69
|
+
General,11936,CM-8,4
|
70
|
+
General,10881,AC-17(2)|SC-13,4
|
71
|
+
General,10863,SC-12,4
|
72
|
+
General,10287,CM-8,4
|
73
|
+
General,10114,CM-6,4
|
74
|
+
Misc.,118237,CM-8,4
|
75
|
+
Misc.,97993,CM-8,4
|
76
|
+
Misc.,90707,CM-8,4
|
77
|
+
Misc.,84821,AC-17(2)|SC-13,4
|
78
|
+
Misc.,83875,AC-17(2)|SC-13,4
|
79
|
+
Misc.,70657,AC-17(2)|SC-13,4
|
80
|
+
Misc.,58651,AC-17,4
|
81
|
+
Mobile Devices,,,
|
82
|
+
Netware,,,
|
83
|
+
Peer-To-Peer File Sharing,,,
|
84
|
+
Policy Compliance,,,
|
85
|
+
Port scanners,14272,CM-8,4
|
86
|
+
RPC,53335,CM-8,4
|
87
|
+
RPC,10223,CM-8,4
|
88
|
+
SCADA,,,
|
89
|
+
SMTP problems,,,
|
90
|
+
SNMP,,,
|
91
|
+
Service detection,121010,AC-17(2)|SC-13,4
|
92
|
+
Service detection,104743,AC-17(2)|SC-13,4
|
93
|
+
Service detection,25221,CM-8,4
|
94
|
+
Service detection,22964,CM-8,4
|
95
|
+
Service detection,11111,CM-8,4
|
96
|
+
Service detection,10884,AU-8(1),4
|
97
|
+
Service detection,10267,AC-17(2),4
|
98
|
+
Settings,117887,UM-1,4
|
99
|
+
Settings,110095,UM-1,4
|
100
|
+
Settings,19506,UM-1,4
|
101
|
+
Web Servers,85805,SC-8|SC-13,4
|
102
|
+
Web Servers,84502,AC-17(2)|SC-13,4
|
103
|
+
Web Servers,43111,CM-8,4
|
104
|
+
Web Servers,24260,CM-8,4
|
105
|
+
Web Servers,10107,CM-8,4
|
106
|
+
Windows,,,
|
107
|
+
Windows : Microsoft Bulletins,,,
|
108
|
+
Windows : User management,,,
|
data/lib/heimdall_tools.rb
CHANGED
data/lib/heimdall_tools/cli.rb
CHANGED
@@ -45,6 +45,21 @@ module HeimdallTools
|
|
45
45
|
File.write(options[:output], hdf)
|
46
46
|
end
|
47
47
|
|
48
|
+
desc 'nessus_mapper', 'nessus_mapper translates nessus xml report to HDF format Json be viewed on Heimdall'
|
49
|
+
long_desc Help.text(:nessus_mapper)
|
50
|
+
option :xml, required: true, aliases: '-x'
|
51
|
+
option :output_prefix, required: true, aliases: '-o'
|
52
|
+
option :verbose, type: :boolean, aliases: '-V'
|
53
|
+
def nessus_mapper
|
54
|
+
hdfs = HeimdallTools::NessusMapper.new(File.read(options[:xml])).to_hdf
|
55
|
+
|
56
|
+
hdfs.keys.each do | host |
|
57
|
+
File.write("#{options[:output_prefix]}-#{host}.json", hdfs[host])
|
58
|
+
puts "HDF Generated: #{options[:output_prefix]}-#{host}.json"
|
59
|
+
end
|
60
|
+
|
61
|
+
end
|
62
|
+
|
48
63
|
desc 'version', 'prints version'
|
49
64
|
def version
|
50
65
|
puts VERSION
|
@@ -43,7 +43,11 @@ module HeimdallTools
|
|
43
43
|
traces.each do |trace|
|
44
44
|
entries = trace['Primary']['Entry']
|
45
45
|
entries = [entries] unless entries.is_a?(Array)
|
46
|
-
|
46
|
+
# This is just regular array access, it is just written in a manner that allows us
|
47
|
+
# to use Ruby's safe navigation operator. We rely on
|
48
|
+
# entry['Node']['SourceLocation']['snippet'] to exist on all of our entries, so if any
|
49
|
+
# of those are empty we reject that element.
|
50
|
+
entries = entries.reject { |x| x&.[]('Node')&.[]('SourceLocation')&.[]('snippet').nil? }
|
47
51
|
entries.each do |entry|
|
48
52
|
findings << process_entry(entry)
|
49
53
|
end
|
data/lib/heimdall_tools/hdf.rb
CHANGED
@@ -28,12 +28,14 @@ module HeimdallTools
|
|
28
28
|
depends: NA_ARRAY,
|
29
29
|
groups: NA_ARRAY,
|
30
30
|
status: 'loaded',
|
31
|
-
controls: NA_TAG
|
31
|
+
controls: NA_TAG,
|
32
|
+
target_id: NA_TAG)
|
32
33
|
|
33
34
|
@results_json = {}
|
34
35
|
@results_json['platform'] = {}
|
35
36
|
@results_json['platform']['name'] = 'Heimdall Tools'
|
36
37
|
@results_json['platform']['release'] = HeimdallTools::VERSION
|
38
|
+
@results_json['platform']['target_id'] = target_id.to_s
|
37
39
|
@results_json['version'] = HeimdallTools::VERSION
|
38
40
|
|
39
41
|
@results_json['statistics'] = {}
|
@@ -0,0 +1,9 @@
|
|
1
|
+
nessus_mapper translates an Nessus exported XML results file into HDF format json to be viewable in Heimdall
|
2
|
+
|
3
|
+
The current iteration maps all plugin families except 'Policy Compliance'
|
4
|
+
|
5
|
+
A separate HDF JSON is generated for each host reported in the Nessus Report.
|
6
|
+
|
7
|
+
Examples:
|
8
|
+
|
9
|
+
heimdall_tools nessus_mapper -x nessus_results.xml -o file-prefix
|
@@ -0,0 +1,228 @@
|
|
1
|
+
require 'json'
|
2
|
+
require 'csv'
|
3
|
+
require 'heimdall_tools/hdf'
|
4
|
+
require 'utilities/xml_to_hash'
|
5
|
+
|
6
|
+
RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
|
7
|
+
|
8
|
+
NESSUS_PLUGINS_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'nessus-plugins-nist-mapping.csv')
|
9
|
+
|
10
|
+
IMPACT_MAPPING = {
|
11
|
+
Info: 0.0,
|
12
|
+
Low: 0.3,
|
13
|
+
Medium: 0.5,
|
14
|
+
High: 0.7,
|
15
|
+
Critical: 0.9,
|
16
|
+
}.freeze
|
17
|
+
|
18
|
+
DEFAULT_NIST_TAG = ["unmapped"].freeze
|
19
|
+
|
20
|
+
# Nessus results file 800-53 refs does not contain Nist rev version. Using this default
|
21
|
+
# version in that case
|
22
|
+
DEFAULT_NIST_REV = 'Rev_4'.freeze
|
23
|
+
|
24
|
+
NA_PLUGIN_OUTPUT = "This Nessus Plugin does not provide output message.".freeze
|
25
|
+
|
26
|
+
# rubocop:disable Metrics/AbcSize
|
27
|
+
|
28
|
+
module HeimdallTools
|
29
|
+
class NessusMapper
|
30
|
+
def initialize(nessus_xml, verbose = false)
|
31
|
+
@nessus_xml = nessus_xml
|
32
|
+
@verbose = verbose
|
33
|
+
|
34
|
+
begin
|
35
|
+
@cwe_nist_mapping = parse_mapper
|
36
|
+
@data = xml_to_hash(nessus_xml)
|
37
|
+
@reports = extract_report
|
38
|
+
@scaninfo = extract_scaninfo
|
39
|
+
rescue StandardError => e
|
40
|
+
raise "Invalid Nessus XML file provided Exception: #{e}"
|
41
|
+
end
|
42
|
+
|
43
|
+
end
|
44
|
+
|
45
|
+
def extract_report
|
46
|
+
begin
|
47
|
+
# When there are multiple hosts in the nessus report ReportHost field is an array
|
48
|
+
# When there is only one host in the nessus report ReportHost field is a hash
|
49
|
+
# Array() converts ReportHost to array in case there is only one host
|
50
|
+
reports = @data['NessusClientData_v2']['Report']['ReportHost']
|
51
|
+
reports.kind_of?(Array) ? reports : [reports]
|
52
|
+
rescue StandardError => e
|
53
|
+
raise "Invalid Nessus XML file provided Exception: #{e}"
|
54
|
+
end
|
55
|
+
end
|
56
|
+
def parse_refs(refs, key)
|
57
|
+
refs.split(',').map { |x| x.split('|')[1] if x.include?(key) }.compact
|
58
|
+
end
|
59
|
+
|
60
|
+
def extract_scaninfo
|
61
|
+
begin
|
62
|
+
policy = @data['NessusClientData_v2']['Policy']
|
63
|
+
info = {}
|
64
|
+
|
65
|
+
info['policyName'] = policy['policyName']
|
66
|
+
info['version'] = policy['Preferences']['ServerPreferences']['preference'].select {|x| x['name'].eql? 'sc_version'}.first['value']
|
67
|
+
info
|
68
|
+
rescue StandardError => e
|
69
|
+
raise "Invalid Nessus XML file provided Exception: #{e}"
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
def extract_timestamp(report)
|
74
|
+
begin
|
75
|
+
timestamp = report['HostProperties']['tag'].select {|x| x['name'].eql? 'HOST_START'}.first['text']
|
76
|
+
rescue StandardError => e
|
77
|
+
raise "Invalid Nessus XML file provided Exception: #{e}"
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
def format_desc(issue)
|
82
|
+
desc = ''
|
83
|
+
desc += "Plugin Family: #{issue['pluginFamily']}; "
|
84
|
+
desc += "Port: #{issue['port']}; "
|
85
|
+
desc += "Protocol: #{issue['protocol']};"
|
86
|
+
desc
|
87
|
+
end
|
88
|
+
|
89
|
+
def finding(issue, timestamp)
|
90
|
+
finding = {}
|
91
|
+
# if compliance-result field, this is a policy compliance result entry
|
92
|
+
# nessus policy compliance result provides a pass/fail data
|
93
|
+
# For non policy compliance results are defaulted to failed
|
94
|
+
if issue['compliance-result']
|
95
|
+
finding['status'] = issue['compliance-result'].eql?('PASSED') ? 'passed' : 'failed'
|
96
|
+
else
|
97
|
+
finding['status'] = 'failed'
|
98
|
+
end
|
99
|
+
|
100
|
+
if issue['description']
|
101
|
+
finding['code_desc'] = issue['description'].to_s || NA_PLUGIN_OUTPUT
|
102
|
+
else
|
103
|
+
finding['code_desc'] = issue['plugin_output'] || NA_PLUGIN_OUTPUT
|
104
|
+
end
|
105
|
+
finding['run_time'] = NA_FLOAT
|
106
|
+
finding['start_time'] = timestamp
|
107
|
+
[finding]
|
108
|
+
end
|
109
|
+
|
110
|
+
def nist_tag(pluginfamily, pluginid)
|
111
|
+
entries = @cwe_nist_mapping.select { |x| (x[:pluginfamily].eql?(pluginfamily) && (x[:pluginid].eql?('*') || x[:pluginid].eql?(pluginid.to_i)) ) }
|
112
|
+
tags = entries.map { |x| [x[:nistid].split('|'), "Rev_#{x[:rev]}"] }
|
113
|
+
tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
|
114
|
+
end
|
115
|
+
|
116
|
+
def impact(severity)
|
117
|
+
# Map CAT levels and Plugin severity to HDF impact levels
|
118
|
+
case severity
|
119
|
+
when "0"
|
120
|
+
IMPACT_MAPPING[:Info]
|
121
|
+
when "1","III"
|
122
|
+
IMPACT_MAPPING[:Low]
|
123
|
+
when "2","II"
|
124
|
+
IMPACT_MAPPING[:Medium]
|
125
|
+
when "3","I"
|
126
|
+
IMPACT_MAPPING[:High]
|
127
|
+
when "4"
|
128
|
+
IMPACT_MAPPING[:Critical]
|
129
|
+
else
|
130
|
+
-1
|
131
|
+
end
|
132
|
+
end
|
133
|
+
|
134
|
+
def parse_mapper
|
135
|
+
csv_data = CSV.read(NESSUS_PLUGINS_NIST_MAPPING_FILE, { encoding: 'UTF-8',
|
136
|
+
headers: true,
|
137
|
+
header_converters: :symbol,
|
138
|
+
converters: :all })
|
139
|
+
csv_data.map(&:to_hash)
|
140
|
+
end
|
141
|
+
|
142
|
+
def desc_tags(data, label)
|
143
|
+
{ "data": data || NA_STRING, "label": label || NA_STRING }
|
144
|
+
end
|
145
|
+
|
146
|
+
# Nessus report could have multiple issue entries for multiple findings of same issue type.
|
147
|
+
# The meta data is identical across entries
|
148
|
+
# method collapse_duplicates return unique controls with applicable findings collapsed into it.
|
149
|
+
def collapse_duplicates(controls)
|
150
|
+
unique_controls = []
|
151
|
+
|
152
|
+
controls.map { |x| x['id'] }.uniq.each do |id|
|
153
|
+
collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
|
154
|
+
unique_control = controls.find { |x| x['id'].eql?(id) }
|
155
|
+
unique_control['results'] = collapsed_results.flatten
|
156
|
+
unique_controls << unique_control
|
157
|
+
end
|
158
|
+
unique_controls
|
159
|
+
end
|
160
|
+
|
161
|
+
def to_hdf
|
162
|
+
host_results = {}
|
163
|
+
@reports.each do | report|
|
164
|
+
controls = []
|
165
|
+
report['ReportItem'].each do | item |
|
166
|
+
@item = {}
|
167
|
+
@item['tags'] = {}
|
168
|
+
@item['descriptions'] = []
|
169
|
+
@item['refs'] = NA_ARRAY
|
170
|
+
@item['source_location'] = NA_HASH
|
171
|
+
|
172
|
+
# Nessus results field set are different for 'Policy Compliance' plug-in family vs other plug-in families
|
173
|
+
# Following if conditions capture compliance* if it exists else it will default to plugin* fields
|
174
|
+
# Current version covers STIG based 'Policy Compliance' results
|
175
|
+
# TODO Cover cases for 'Policy Compliance' results based on CIS
|
176
|
+
if item['compliance-reference']
|
177
|
+
@item['id'] = parse_refs(item['compliance-reference'],'Vuln-ID').join.to_s
|
178
|
+
else
|
179
|
+
@item['id'] = item['pluginID'].to_s
|
180
|
+
end
|
181
|
+
if item['compliance-check-name']
|
182
|
+
@item['title'] = item['compliance-check-name'].to_s
|
183
|
+
else
|
184
|
+
@item['title'] = item['pluginName'].to_s
|
185
|
+
end
|
186
|
+
if item['compliance-info']
|
187
|
+
@item['desc'] = item['compliance-info'].to_s
|
188
|
+
else
|
189
|
+
@item['desc'] = format_desc(item).to_s
|
190
|
+
end
|
191
|
+
if item['compliance-reference']
|
192
|
+
@item['impact'] = impact(parse_refs(item['compliance-reference'],'CAT').join.to_s)
|
193
|
+
else
|
194
|
+
@item['impact'] = impact(item['severity'])
|
195
|
+
end
|
196
|
+
if item['compliance-reference']
|
197
|
+
# TODO: Cover cases where 800-53 refs are not provided in nessus `compliance-reference` field
|
198
|
+
@item['tags']['nist'] = parse_refs(item['compliance-reference'],'800-53') << DEFAULT_NIST_REV
|
199
|
+
else
|
200
|
+
@item['tags']['nist'] = nist_tag(item['pluginFamily'],item['pluginID'])
|
201
|
+
end
|
202
|
+
if item['compliance-solution']
|
203
|
+
# TODO: Cover cases where 800-53 refs are not provided in nessus `compliance-reference` field
|
204
|
+
@item['tags']['nist'] = parse_refs(item['compliance-reference'],'800-53') << DEFAULT_NIST_REV
|
205
|
+
else
|
206
|
+
@item['tags']['nist'] = nist_tag(item['pluginFamily'],item['pluginID'])
|
207
|
+
end
|
208
|
+
if item['compliance-solution']
|
209
|
+
@item['descriptions'] << desc_tags(item['compliance-solution'], 'check')
|
210
|
+
end
|
211
|
+
|
212
|
+
@item['code'] = ''
|
213
|
+
@item['results'] = finding(item, extract_timestamp(report))
|
214
|
+
controls << @item
|
215
|
+
end
|
216
|
+
controls = collapse_duplicates(controls)
|
217
|
+
results = HeimdallDataFormat.new(profile_name: "Nessus #{@scaninfo['policyName']}",
|
218
|
+
version: @scaninfo['version'],
|
219
|
+
title: "Nessus #{@scaninfo['policyName']}",
|
220
|
+
summary: "Nessus #{@scaninfo['policyName']}",
|
221
|
+
controls: controls,
|
222
|
+
target_id: report['name'])
|
223
|
+
host_results[report['name']] = results.to_hdf
|
224
|
+
end
|
225
|
+
host_results
|
226
|
+
end
|
227
|
+
end
|
228
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: heimdall_tools
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.3.
|
4
|
+
version: 1.3.29
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Robert Thew
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: exe
|
12
12
|
cert_chain: []
|
13
|
-
date: 2020-
|
13
|
+
date: 2020-05-28 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: nokogiri
|
@@ -116,14 +116,14 @@ dependencies:
|
|
116
116
|
requirements:
|
117
117
|
- - ">="
|
118
118
|
- !ruby/object:Gem::Version
|
119
|
-
version:
|
119
|
+
version: 0.17.2
|
120
120
|
type: :runtime
|
121
121
|
prerelease: false
|
122
122
|
version_requirements: !ruby/object:Gem::Requirement
|
123
123
|
requirements:
|
124
124
|
- - ">="
|
125
125
|
- !ruby/object:Gem::Version
|
126
|
-
version:
|
126
|
+
version: 0.17.2
|
127
127
|
- !ruby/object:Gem::Dependency
|
128
128
|
name: bundler
|
129
129
|
requirement: !ruby/object:Gem::Requirement
|
@@ -211,6 +211,7 @@ files:
|
|
211
211
|
- exe/heimdall_tools
|
212
212
|
- lib/data/cwe-nist-mapping.csv
|
213
213
|
- lib/data/gitkeep
|
214
|
+
- lib/data/nessus-plugins-nist-mapping.csv
|
214
215
|
- lib/data/owasp-nist-mapping.csv
|
215
216
|
- lib/heimdall_tools.rb
|
216
217
|
- lib/heimdall_tools/burpsuite_mapper.rb
|
@@ -221,8 +222,10 @@ files:
|
|
221
222
|
- lib/heimdall_tools/help.rb
|
222
223
|
- lib/heimdall_tools/help/burpsuite_mapper.md
|
223
224
|
- lib/heimdall_tools/help/fortify_mapper.md
|
225
|
+
- lib/heimdall_tools/help/nessus_mapper.md
|
224
226
|
- lib/heimdall_tools/help/sonarqube_mapper.md
|
225
227
|
- lib/heimdall_tools/help/zap_mapper.md
|
228
|
+
- lib/heimdall_tools/nessus_mapper.rb
|
226
229
|
- lib/heimdall_tools/sonarqube_mapper.rb
|
227
230
|
- lib/heimdall_tools/version.rb
|
228
231
|
- lib/heimdall_tools/zap_mapper.rb
|