heimdall_tools 1.3.24 → 1.3.29

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5d1e11d1521f5cb405e5900b4e799001c7351dc584b42e99ccf2d5fb0a84c361
4
- data.tar.gz: e68d4a5e7b90f4f1158c08d0c305f95f2d8fa57d3cae075879ec4a494b576202
3
+ metadata.gz: 0bdd42d0d0a3eaa1fbfbab6c9acf883e76260c37e814a6abc0c35c7178701083
4
+ data.tar.gz: d59e77cf487492d9e54de6e09616e5bcb483e8df8199186a6766c42a26cef9f3
5
5
  SHA512:
6
- metadata.gz: 4e14d8c4ad154009ff553d751b86d9d81b6de04169988ddc7ac2ac0d1f3bd1b43b9ce8dcbb2e18b7bb6c5720a3c4d300e14bad6b151d96242417586be304a0ac
7
- data.tar.gz: 9347a1672c14849d11538b72e60aa6aa4b4ee56aaecb6e9e387869be8e88197b499b4b358c29cf2d6389992721ba05e61bd2262b01ab4f78be072a6da2e07c16
6
+ metadata.gz: 86c9d5bfe1a69eede83b0a2dcfbaa26dac9a4f36f611c7c53cb1f42fbaec6a1ec68185bdde97e57423340e17e9a5cffcb87983cda034e27528ba40f509c5f0f4
7
+ data.tar.gz: 07a8768a11ee51cff04ee82dc5d5cdd521d16b7429fd8d960737c6e1110d046fabf866e766db141472e2669dfa1ae2c113abc4ade7109cf6c6d5925a8d46f352
@@ -2,7 +2,61 @@
2
2
 
3
3
  ## [Unreleased](https://github.com/mitre/heimdall_tools/tree/HEAD)
4
4
 
5
- [Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23...HEAD)
5
+ [Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.28...HEAD)
6
+
7
+ **Merged pull requests:**
8
+
9
+ - Remove debug line [\#53](https://github.com/mitre/heimdall_tools/pull/53) ([rx294](https://github.com/rx294))
10
+
11
+ ## [v1.3.28](https://github.com/mitre/heimdall_tools/tree/v1.3.28) (2020-05-28)
12
+
13
+ [Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.27...v1.3.28)
14
+
15
+ **Closed issues:**
16
+
17
+ - Map 'Policy Compliance' entries for nessus\_mapper [\#49](https://github.com/mitre/heimdall_tools/issues/49)
18
+
19
+ **Merged pull requests:**
20
+
21
+ - Add code to translate Policy compliance results [\#51](https://github.com/mitre/heimdall_tools/pull/51) ([rx294](https://github.com/rx294))
22
+
23
+ ## [v1.3.27](https://github.com/mitre/heimdall_tools/tree/v1.3.27) (2020-05-22)
24
+
25
+ [Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.26...v1.3.27)
26
+
27
+ **Merged pull requests:**
28
+
29
+ - Updated the Dockerfile to run in an alpine ruby container [\#47](https://github.com/mitre/heimdall_tools/pull/47) ([jsa5593](https://github.com/jsa5593))
30
+ - Require a newer version of git-lite-version-bump for Windows support [\#46](https://github.com/mitre/heimdall_tools/pull/46) ([rbclark](https://github.com/rbclark))
31
+
32
+ ## [v1.3.26](https://github.com/mitre/heimdall_tools/tree/v1.3.26) (2020-05-06)
33
+
34
+ [Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.25...v1.3.26)
35
+
36
+ **Implemented enhancements:**
37
+
38
+ - Converter: Nessus Transform for Audit results and vulnerability scan results [\#29](https://github.com/mitre/heimdall_tools/issues/29)
39
+
40
+ **Merged pull requests:**
41
+
42
+ - Nessus Mapper [\#45](https://github.com/mitre/heimdall_tools/pull/45) ([rx294](https://github.com/rx294))
43
+
44
+ ## [v1.3.25](https://github.com/mitre/heimdall_tools/tree/v1.3.25) (2020-04-16)
45
+
46
+ [Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.24...v1.3.25)
47
+
48
+ **Closed issues:**
49
+
50
+ - Add minimum required json fields to work heimdall server [\#5](https://github.com/mitre/heimdall_tools/issues/5)
51
+
52
+ **Merged pull requests:**
53
+
54
+ - Make sure the fields we are looking for in Fortify exist before we parse the element [\#44](https://github.com/mitre/heimdall_tools/pull/44) ([rbclark](https://github.com/rbclark))
55
+ - Update actions to use ruby/setup-ruby [\#43](https://github.com/mitre/heimdall_tools/pull/43) ([Bialogs](https://github.com/Bialogs))
56
+
57
+ ## [v1.3.24](https://github.com/mitre/heimdall_tools/tree/v1.3.24) (2020-04-07)
58
+
59
+ [Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23...v1.3.24)
6
60
 
7
61
  **Implemented enhancements:**
8
62
 
data/README.md CHANGED
@@ -9,6 +9,7 @@ HeimdallTools supplies several methods to convert output from various tools to "
9
9
  - **fortify_mapper** - commercial static code analysis tool
10
10
  - **zap_mapper** - OWASP ZAP - open-source dynamic code analysis tool
11
11
  - **burpsuite_mapper** - commercial dynamic analysis tool
12
+ - **nessus_mapper** - commercial vulnerability scanner
12
13
 
13
14
  Ruby 2.4 or higher (check using "ruby -v")
14
15
 
@@ -53,6 +54,13 @@ Verify the installed version number:
53
54
  On the Command Line, `heimdall_tools help` will print a listing of all the command with a short description.
54
55
  For detailed help on any command, run `heimdall_tools help [COMMAND]`. Help can also be called with the `-h, --help` flags after any command, like `heimdall_tools fortify_mapper -h`.
55
56
 
57
+ For Docker usage, replace the `heimdall_tools` command with the correct Docker command below for your operating system:
58
+
59
+ - **On Linux and Mac:** `docker run -it -v$(pwd):/share mitre/heimdall_tools`
60
+ - **On Windows CMD:** `docker run -it -v%cd%:/share mitre/heimdall_tools`
61
+
62
+ Note that all of the above Docker commands will mount your current directory on the Docker container. Ensure that you have navigated to the directory you intend to convert files in before executing the command.
63
+
56
64
  ## sonarqube_mapper
57
65
 
58
66
  sonarqube_mapper pulls SonarQube results, for the specified project, from the API and outputs in HDF format Json to be viewed on Heimdall
@@ -113,13 +121,30 @@ burpsuite_mapper translates an BurpSuite Pro exported XML results file into HDF
113
121
  USAGE: heimdall_tools burpsuite_mapper [OPTIONS] -x <burpsuite-xml> -o <scan-results.json>
114
122
 
115
123
  FLAGS:
116
- -x --json <zap-json> : path to BurpSuitePro exported XML results file.
124
+ -x <burpsuite_xml> : path to BurpSuitePro exported XML results file.
117
125
  -o --output <scan-results> : path to output scan-results json.
118
126
  -V --verbose : verbose run [optional].
119
127
 
120
128
  example: heimdall_tools burpsuite_mapper -x burpsuite_results.xml -o scan_results.json
121
129
  ```
122
130
 
131
+ ## nessus_mapper
132
+
133
+ nessus_mapper translates a Nessus-exported XML results file into HDF format json to be viewable in Heimdall
134
+
135
+ Note: A separate HDF JSON file is generated for each host reported in the Nessus Report.
136
+
137
+ ```
138
+ USAGE: heimdall_tools nessus_mapper [OPTIONS] -x <nessus-results-xml> -o <hdf-file-prefix>
139
+
140
+ FLAGS:
141
+ -x <nessus-results-xml> : path to Nessus-exported XML results file.
142
+ -o --output_prefix <prefix> : path to output scan-results json.
143
+ -V --verbose : verbose run [optional].
144
+
145
+ example: heimdall_tools nessus_mapper -x nessus-results.xml -o test-env
146
+ ```
147
+
123
148
  ## version
124
149
 
125
150
  Prints out the gem version
@@ -0,0 +1,108 @@
1
+ pluginFamily,pluginID,NIST-ID,Rev
2
+ AIX Local Security Checks,*,SI-2|RA-5,4
3
+ Amazon Linux Local Security Checks,*,SI-2|RA-5,4
4
+ CentOS Local Security Checks,*,SI-2|RA-5,4
5
+ Debian Local Security Checks,*,SI-2|RA-5,4
6
+ F5 Networks Local Security Checks,*,SI-2|RA-5,4
7
+ Fedora Local Security Checks,*,SI-2|RA-5,4
8
+ FreeBSD Local Security Checks,*,SI-2|RA-5,4
9
+ Gentoo Local Security Checks,*,SI-2|RA-5,4
10
+ HP-UX Local Security Checks,*,SI-2|RA-5,4
11
+ Huawei Local Security Checks,*,SI-2|RA-5,4
12
+ Junos Local Security Checks,*,SI-2|RA-5,4
13
+ MacOS X Local Security Checks,*,SI-2|RA-5,4
14
+ Mandriva Local Security Checks,*,SI-2|RA-5,4
15
+ NewStart CGSL Local Security Checks,*,SI-2|RA-5,4
16
+ Oracle Linux Local Security Checks,*,SI-2|RA-5,4
17
+ OracleVM Local Security Checks,*,SI-2|RA-5,4
18
+ Palo Alto Local Security Checks,*,SI-2|RA-5,4
19
+ PhotonOS Local Security Checks,*,SI-2|RA-5,4
20
+ Red Hat Local Security Checks,*,SI-2|RA-5,4
21
+ Scientific Linux Local Security Checks,*,SI-2|RA-5,4
22
+ Slackware Local Security Checks,*,SI-2|RA-5,4
23
+ Solaris Local Security Checks,*,SI-2|RA-5,4
24
+ SuSE Local Security Checks,*,SI-2|RA-5,4
25
+ Ubuntu Local Security Checks,*,SI-2|RA-5,4
26
+ VMware ESX Local Security Checks,*,SI-2|RA-5,4
27
+ Virtuozzo Local Security Checks,*,SI-2|RA-5,4
28
+ Backdoors,,,
29
+ Brute force attacks,,,
30
+ CGI abuses,,,
31
+ CGI abuses : XSS,,,
32
+ CISCO,,,
33
+ DNS,,,
34
+ Databases,,,
35
+ Default Unix Accounts,,,
36
+ Denial of Service,,,
37
+ FTP,,,
38
+ Firewalls,56310,SC-7,4
39
+ Gain a shell remotely,,,
40
+ General,133964,AC-3(4),4
41
+ General,117530,UM-1,4
42
+ General,110483,CM-7,4
43
+ General,95928,AC-2,4
44
+ General,90191,CM-8,4
45
+ General,86420,CM-8,4
46
+ General,70544,AC-17(2)|SC-13,4
47
+ General,66334,SI-2|RA-5,4
48
+ General,64582,CM-8,4
49
+ General,57582,SC-12,4
50
+ General,57041,AC-17(2)|SC-13,4
51
+ General,56984,AC-17(2)|SC-13,4
52
+ General,56468,CM-8,4
53
+ General,55472,CM-8,4
54
+ General,54615,CM-8,4
55
+ General,51192,SC-12,4
56
+ General,45590,CM-8,4
57
+ General,45432,CM-8,4
58
+ General,45410,SC-12,4
59
+ General,39520,SI-2|RA-5,4
60
+ General,35351,CM-8,4
61
+ General,34098,CM-8,4
62
+ General,33276,CM-8,4
63
+ General,25220,SC-8,4
64
+ General,25203,CM-8,4
65
+ General,25202,CM-8,4
66
+ General,22869,CM-8,4
67
+ General,21643,AC-17(2)|SC-13,4
68
+ General,12053,CM-8,4
69
+ General,11936,CM-8,4
70
+ General,10881,AC-17(2)|SC-13,4
71
+ General,10863,SC-12,4
72
+ General,10287,CM-8,4
73
+ General,10114,CM-6,4
74
+ Misc.,118237,CM-8,4
75
+ Misc.,97993,CM-8,4
76
+ Misc.,90707,CM-8,4
77
+ Misc.,84821,AC-17(2)|SC-13,4
78
+ Misc.,83875,AC-17(2)|SC-13,4
79
+ Misc.,70657,AC-17(2)|SC-13,4
80
+ Misc.,58651,AC-17,4
81
+ Mobile Devices,,,
82
+ Netware,,,
83
+ Peer-To-Peer File Sharing,,,
84
+ Policy Compliance,,,
85
+ Port scanners,14272,CM-8,4
86
+ RPC,53335,CM-8,4
87
+ RPC,10223,CM-8,4
88
+ SCADA,,,
89
+ SMTP problems,,,
90
+ SNMP,,,
91
+ Service detection,121010,AC-17(2)|SC-13,4
92
+ Service detection,104743,AC-17(2)|SC-13,4
93
+ Service detection,25221,CM-8,4
94
+ Service detection,22964,CM-8,4
95
+ Service detection,11111,CM-8,4
96
+ Service detection,10884,AU-8(1),4
97
+ Service detection,10267,AC-17(2),4
98
+ Settings,117887,UM-1,4
99
+ Settings,110095,UM-1,4
100
+ Settings,19506,UM-1,4
101
+ Web Servers,85805,SC-8|SC-13,4
102
+ Web Servers,84502,AC-17(2)|SC-13,4
103
+ Web Servers,43111,CM-8,4
104
+ Web Servers,24260,CM-8,4
105
+ Web Servers,10107,CM-8,4
106
+ Windows,,,
107
+ Windows : Microsoft Bulletins,,,
108
+ Windows : User management,,,
@@ -9,4 +9,5 @@ module HeimdallTools
9
9
  autoload :ZapMapper, 'heimdall_tools/zap_mapper'
10
10
  autoload :SonarQubeMapper, 'heimdall_tools/sonarqube_mapper'
11
11
  autoload :BurpSuiteMapper, 'heimdall_tools/burpsuite_mapper'
12
+ autoload :NessusMapper, 'heimdall_tools/nessus_mapper'
12
13
  end
@@ -45,6 +45,21 @@ module HeimdallTools
45
45
  File.write(options[:output], hdf)
46
46
  end
47
47
 
48
+ desc 'nessus_mapper', 'nessus_mapper translates nessus xml report to HDF format Json be viewed on Heimdall'
49
+ long_desc Help.text(:nessus_mapper)
50
+ option :xml, required: true, aliases: '-x'
51
+ option :output_prefix, required: true, aliases: '-o'
52
+ option :verbose, type: :boolean, aliases: '-V'
53
+ def nessus_mapper
54
+ hdfs = HeimdallTools::NessusMapper.new(File.read(options[:xml])).to_hdf
55
+
56
+ hdfs.keys.each do | host |
57
+ File.write("#{options[:output_prefix]}-#{host}.json", hdfs[host])
58
+ puts "HDF Generated: #{options[:output_prefix]}-#{host}.json"
59
+ end
60
+
61
+ end
62
+
48
63
  desc 'version', 'prints version'
49
64
  def version
50
65
  puts VERSION
@@ -43,7 +43,11 @@ module HeimdallTools
43
43
  traces.each do |trace|
44
44
  entries = trace['Primary']['Entry']
45
45
  entries = [entries] unless entries.is_a?(Array)
46
- entries = entries.reject { |x| x['Node'].nil? }
46
+ # This is just regular array access, it is just written in a manner that allows us
47
+ # to use Ruby's safe navigation operator. We rely on
48
+ # entry['Node']['SourceLocation']['snippet'] to exist on all of our entries, so if any
49
+ # of those are empty we reject that element.
50
+ entries = entries.reject { |x| x&.[]('Node')&.[]('SourceLocation')&.[]('snippet').nil? }
47
51
  entries.each do |entry|
48
52
  findings << process_entry(entry)
49
53
  end
@@ -28,12 +28,14 @@ module HeimdallTools
28
28
  depends: NA_ARRAY,
29
29
  groups: NA_ARRAY,
30
30
  status: 'loaded',
31
- controls: NA_TAG)
31
+ controls: NA_TAG,
32
+ target_id: NA_TAG)
32
33
 
33
34
  @results_json = {}
34
35
  @results_json['platform'] = {}
35
36
  @results_json['platform']['name'] = 'Heimdall Tools'
36
37
  @results_json['platform']['release'] = HeimdallTools::VERSION
38
+ @results_json['platform']['target_id'] = target_id.to_s
37
39
  @results_json['version'] = HeimdallTools::VERSION
38
40
 
39
41
  @results_json['statistics'] = {}
@@ -0,0 +1,9 @@
1
+ nessus_mapper translates an Nessus exported XML results file into HDF format json to be viewable in Heimdall
2
+
3
+ The current iteration maps all plugin families except 'Policy Compliance'
4
+
5
+ A separate HDF JSON is generated for each host reported in the Nessus Report.
6
+
7
+ Examples:
8
+
9
+ heimdall_tools nessus_mapper -x nessus_results.xml -o file-prefix
@@ -0,0 +1,228 @@
1
+ require 'json'
2
+ require 'csv'
3
+ require 'heimdall_tools/hdf'
4
+ require 'utilities/xml_to_hash'
5
+
6
+ RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
7
+
8
+ NESSUS_PLUGINS_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'nessus-plugins-nist-mapping.csv')
9
+
10
+ IMPACT_MAPPING = {
11
+ Info: 0.0,
12
+ Low: 0.3,
13
+ Medium: 0.5,
14
+ High: 0.7,
15
+ Critical: 0.9,
16
+ }.freeze
17
+
18
+ DEFAULT_NIST_TAG = ["unmapped"].freeze
19
+
20
+ # Nessus results file 800-53 refs does not contain Nist rev version. Using this default
21
+ # version in that case
22
+ DEFAULT_NIST_REV = 'Rev_4'.freeze
23
+
24
+ NA_PLUGIN_OUTPUT = "This Nessus Plugin does not provide output message.".freeze
25
+
26
+ # rubocop:disable Metrics/AbcSize
27
+
28
+ module HeimdallTools
29
+ class NessusMapper
30
+ def initialize(nessus_xml, verbose = false)
31
+ @nessus_xml = nessus_xml
32
+ @verbose = verbose
33
+
34
+ begin
35
+ @cwe_nist_mapping = parse_mapper
36
+ @data = xml_to_hash(nessus_xml)
37
+ @reports = extract_report
38
+ @scaninfo = extract_scaninfo
39
+ rescue StandardError => e
40
+ raise "Invalid Nessus XML file provided Exception: #{e}"
41
+ end
42
+
43
+ end
44
+
45
+ def extract_report
46
+ begin
47
+ # When there are multiple hosts in the nessus report ReportHost field is an array
48
+ # When there is only one host in the nessus report ReportHost field is a hash
49
+ # Array() converts ReportHost to array in case there is only one host
50
+ reports = @data['NessusClientData_v2']['Report']['ReportHost']
51
+ reports.kind_of?(Array) ? reports : [reports]
52
+ rescue StandardError => e
53
+ raise "Invalid Nessus XML file provided Exception: #{e}"
54
+ end
55
+ end
56
+ def parse_refs(refs, key)
57
+ refs.split(',').map { |x| x.split('|')[1] if x.include?(key) }.compact
58
+ end
59
+
60
+ def extract_scaninfo
61
+ begin
62
+ policy = @data['NessusClientData_v2']['Policy']
63
+ info = {}
64
+
65
+ info['policyName'] = policy['policyName']
66
+ info['version'] = policy['Preferences']['ServerPreferences']['preference'].select {|x| x['name'].eql? 'sc_version'}.first['value']
67
+ info
68
+ rescue StandardError => e
69
+ raise "Invalid Nessus XML file provided Exception: #{e}"
70
+ end
71
+ end
72
+
73
+ def extract_timestamp(report)
74
+ begin
75
+ timestamp = report['HostProperties']['tag'].select {|x| x['name'].eql? 'HOST_START'}.first['text']
76
+ rescue StandardError => e
77
+ raise "Invalid Nessus XML file provided Exception: #{e}"
78
+ end
79
+ end
80
+
81
+ def format_desc(issue)
82
+ desc = ''
83
+ desc += "Plugin Family: #{issue['pluginFamily']}; "
84
+ desc += "Port: #{issue['port']}; "
85
+ desc += "Protocol: #{issue['protocol']};"
86
+ desc
87
+ end
88
+
89
+ def finding(issue, timestamp)
90
+ finding = {}
91
+ # if compliance-result field, this is a policy compliance result entry
92
+ # nessus policy compliance result provides a pass/fail data
93
+ # For non policy compliance results are defaulted to failed
94
+ if issue['compliance-result']
95
+ finding['status'] = issue['compliance-result'].eql?('PASSED') ? 'passed' : 'failed'
96
+ else
97
+ finding['status'] = 'failed'
98
+ end
99
+
100
+ if issue['description']
101
+ finding['code_desc'] = issue['description'].to_s || NA_PLUGIN_OUTPUT
102
+ else
103
+ finding['code_desc'] = issue['plugin_output'] || NA_PLUGIN_OUTPUT
104
+ end
105
+ finding['run_time'] = NA_FLOAT
106
+ finding['start_time'] = timestamp
107
+ [finding]
108
+ end
109
+
110
+ def nist_tag(pluginfamily, pluginid)
111
+ entries = @cwe_nist_mapping.select { |x| (x[:pluginfamily].eql?(pluginfamily) && (x[:pluginid].eql?('*') || x[:pluginid].eql?(pluginid.to_i)) ) }
112
+ tags = entries.map { |x| [x[:nistid].split('|'), "Rev_#{x[:rev]}"] }
113
+ tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
114
+ end
115
+
116
+ def impact(severity)
117
+ # Map CAT levels and Plugin severity to HDF impact levels
118
+ case severity
119
+ when "0"
120
+ IMPACT_MAPPING[:Info]
121
+ when "1","III"
122
+ IMPACT_MAPPING[:Low]
123
+ when "2","II"
124
+ IMPACT_MAPPING[:Medium]
125
+ when "3","I"
126
+ IMPACT_MAPPING[:High]
127
+ when "4"
128
+ IMPACT_MAPPING[:Critical]
129
+ else
130
+ -1
131
+ end
132
+ end
133
+
134
+ def parse_mapper
135
+ csv_data = CSV.read(NESSUS_PLUGINS_NIST_MAPPING_FILE, { encoding: 'UTF-8',
136
+ headers: true,
137
+ header_converters: :symbol,
138
+ converters: :all })
139
+ csv_data.map(&:to_hash)
140
+ end
141
+
142
+ def desc_tags(data, label)
143
+ { "data": data || NA_STRING, "label": label || NA_STRING }
144
+ end
145
+
146
+ # Nessus report could have multiple issue entries for multiple findings of same issue type.
147
+ # The meta data is identical across entries
148
+ # method collapse_duplicates return unique controls with applicable findings collapsed into it.
149
+ def collapse_duplicates(controls)
150
+ unique_controls = []
151
+
152
+ controls.map { |x| x['id'] }.uniq.each do |id|
153
+ collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
154
+ unique_control = controls.find { |x| x['id'].eql?(id) }
155
+ unique_control['results'] = collapsed_results.flatten
156
+ unique_controls << unique_control
157
+ end
158
+ unique_controls
159
+ end
160
+
161
+ def to_hdf
162
+ host_results = {}
163
+ @reports.each do | report|
164
+ controls = []
165
+ report['ReportItem'].each do | item |
166
+ @item = {}
167
+ @item['tags'] = {}
168
+ @item['descriptions'] = []
169
+ @item['refs'] = NA_ARRAY
170
+ @item['source_location'] = NA_HASH
171
+
172
+ # Nessus results field set are different for 'Policy Compliance' plug-in family vs other plug-in families
173
+ # Following if conditions capture compliance* if it exists else it will default to plugin* fields
174
+ # Current version covers STIG based 'Policy Compliance' results
175
+ # TODO Cover cases for 'Policy Compliance' results based on CIS
176
+ if item['compliance-reference']
177
+ @item['id'] = parse_refs(item['compliance-reference'],'Vuln-ID').join.to_s
178
+ else
179
+ @item['id'] = item['pluginID'].to_s
180
+ end
181
+ if item['compliance-check-name']
182
+ @item['title'] = item['compliance-check-name'].to_s
183
+ else
184
+ @item['title'] = item['pluginName'].to_s
185
+ end
186
+ if item['compliance-info']
187
+ @item['desc'] = item['compliance-info'].to_s
188
+ else
189
+ @item['desc'] = format_desc(item).to_s
190
+ end
191
+ if item['compliance-reference']
192
+ @item['impact'] = impact(parse_refs(item['compliance-reference'],'CAT').join.to_s)
193
+ else
194
+ @item['impact'] = impact(item['severity'])
195
+ end
196
+ if item['compliance-reference']
197
+ # TODO: Cover cases where 800-53 refs are not provided in nessus `compliance-reference` field
198
+ @item['tags']['nist'] = parse_refs(item['compliance-reference'],'800-53') << DEFAULT_NIST_REV
199
+ else
200
+ @item['tags']['nist'] = nist_tag(item['pluginFamily'],item['pluginID'])
201
+ end
202
+ if item['compliance-solution']
203
+ # TODO: Cover cases where 800-53 refs are not provided in nessus `compliance-reference` field
204
+ @item['tags']['nist'] = parse_refs(item['compliance-reference'],'800-53') << DEFAULT_NIST_REV
205
+ else
206
+ @item['tags']['nist'] = nist_tag(item['pluginFamily'],item['pluginID'])
207
+ end
208
+ if item['compliance-solution']
209
+ @item['descriptions'] << desc_tags(item['compliance-solution'], 'check')
210
+ end
211
+
212
+ @item['code'] = ''
213
+ @item['results'] = finding(item, extract_timestamp(report))
214
+ controls << @item
215
+ end
216
+ controls = collapse_duplicates(controls)
217
+ results = HeimdallDataFormat.new(profile_name: "Nessus #{@scaninfo['policyName']}",
218
+ version: @scaninfo['version'],
219
+ title: "Nessus #{@scaninfo['policyName']}",
220
+ summary: "Nessus #{@scaninfo['policyName']}",
221
+ controls: controls,
222
+ target_id: report['name'])
223
+ host_results[report['name']] = results.to_hdf
224
+ end
225
+ host_results
226
+ end
227
+ end
228
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: heimdall_tools
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.24
4
+ version: 1.3.29
5
5
  platform: ruby
6
6
  authors:
7
7
  - Robert Thew
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: exe
12
12
  cert_chain: []
13
- date: 2020-04-07 00:00:00.000000000 Z
13
+ date: 2020-05-28 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: nokogiri
@@ -116,14 +116,14 @@ dependencies:
116
116
  requirements:
117
117
  - - ">="
118
118
  - !ruby/object:Gem::Version
119
- version: '0.17'
119
+ version: 0.17.2
120
120
  type: :runtime
121
121
  prerelease: false
122
122
  version_requirements: !ruby/object:Gem::Requirement
123
123
  requirements:
124
124
  - - ">="
125
125
  - !ruby/object:Gem::Version
126
- version: '0.17'
126
+ version: 0.17.2
127
127
  - !ruby/object:Gem::Dependency
128
128
  name: bundler
129
129
  requirement: !ruby/object:Gem::Requirement
@@ -211,6 +211,7 @@ files:
211
211
  - exe/heimdall_tools
212
212
  - lib/data/cwe-nist-mapping.csv
213
213
  - lib/data/gitkeep
214
+ - lib/data/nessus-plugins-nist-mapping.csv
214
215
  - lib/data/owasp-nist-mapping.csv
215
216
  - lib/heimdall_tools.rb
216
217
  - lib/heimdall_tools/burpsuite_mapper.rb
@@ -221,8 +222,10 @@ files:
221
222
  - lib/heimdall_tools/help.rb
222
223
  - lib/heimdall_tools/help/burpsuite_mapper.md
223
224
  - lib/heimdall_tools/help/fortify_mapper.md
225
+ - lib/heimdall_tools/help/nessus_mapper.md
224
226
  - lib/heimdall_tools/help/sonarqube_mapper.md
225
227
  - lib/heimdall_tools/help/zap_mapper.md
228
+ - lib/heimdall_tools/nessus_mapper.rb
226
229
  - lib/heimdall_tools/sonarqube_mapper.rb
227
230
  - lib/heimdall_tools/version.rb
228
231
  - lib/heimdall_tools/zap_mapper.rb