secator 0.3.6__py3-none-any.whl → 0.4.0__py3-none-any.whl

secator/runners/workflow.py

@@ -1,6 +1,6 @@
 from secator.definitions import DEBUG
-from secator.exporters import CsvExporter, JsonExporter
 from secator.output_types import Target
+from secator.config import CONFIG
 from secator.runners._base import Runner
 from secator.runners.task import Task
 from secator.utils import merge_opts
@@ -8,10 +8,7 @@ from secator.utils import merge_opts
 
 class Workflow(Runner):
 
-	default_exporters = [
-		JsonExporter,
-		CsvExporter
-	]
+	default_exporters = CONFIG.workflows.exporters
 
 	@classmethod
 	def delay(cls, *args, **kwargs):
@@ -84,7 +81,7 @@ class Workflow(Runner):
 		"""Get tasks recursively as Celery chains / chords.
 
 		Args:
-			obj (secator.config.ConfigLoader): Config.
+			obj (secator.config.TemplateLoader): Config.
 			targets (list): List of targets.
 			workflow_opts (dict): Workflow options.
 			run_opts (dict): Run options.

secator/tasks/_categories.py

@@ -1,21 +1,20 @@
 import json
-import logging
 import os
 
 import requests
 from bs4 import BeautifulSoup
 from cpe import CPE
 
-from secator.definitions import (CIDR_RANGE, CONFIDENCE, CVSS_SCORE, DATA_FOLDER, DEFAULT_HTTP_WORDLIST,
-								 DEFAULT_SKIP_CVE_SEARCH, DELAY, DEPTH, DESCRIPTION, FILTER_CODES, FILTER_REGEX,
-								 FILTER_SIZE, FILTER_WORDS, FOLLOW_REDIRECT, HEADER, HOST, ID, MATCH_CODES, MATCH_REGEX,
-								 MATCH_SIZE, MATCH_WORDS, METHOD, NAME, PATH, PROVIDER, PROXY, RATE_LIMIT, REFERENCES,
-								 RETRIES, SEVERITY, TAGS, THREADS, TIMEOUT, URL, USER_AGENT, USERNAME, WORDLIST)
+from secator.definitions import (CIDR_RANGE, CVSS_SCORE, DELAY, DEPTH, DESCRIPTION, FILTER_CODES,
+								 FILTER_REGEX, FILTER_SIZE, FILTER_WORDS, FOLLOW_REDIRECT, HEADER, HOST, ID,
+								 MATCH_CODES, MATCH_REGEX, MATCH_SIZE, MATCH_WORDS, METHOD, NAME, PATH, PROVIDER, PROXY,
+								 RATE_LIMIT, REFERENCES, RETRIES, SEVERITY, TAGS, THREADS, TIMEOUT, URL, USER_AGENT,
+								 USERNAME, WORDLIST)
 from secator.output_types import Ip, Port, Subdomain, Tag, Url, UserAccount, Vulnerability
-from secator.rich import console
+from secator.config import CONFIG
 from secator.runners import Command
+from secator.utils import debug
 
-logger = logging.getLogger(__name__)
 
 OPTS = {
 	HEADER: {'type': str, 'help': 'Custom header to add to each request in the form "KEY1:VALUE1; KEY2:VALUE2"'},
@@ -37,7 +36,7 @@ OPTS = {
 	THREADS: {'type': int, 'help': 'Number of threads to run', 'default': 50},
 	TIMEOUT: {'type': int, 'help': 'Request timeout'},
 	USER_AGENT: {'type': str, 'short': 'ua', 'help': 'User agent, e.g "Mozilla Firefox 1.0"'},
-	WORDLIST: {'type': str, 'short': 'w', 'default': DEFAULT_HTTP_WORDLIST, 'help': 'Wordlist to use'}
+	WORDLIST: {'type': str, 'short': 'w', 'default': CONFIG.wordlists.defaults.http, 'help': 'Wordlist to use'}
 }
 
 OPTS_HTTP = [
@@ -121,7 +120,7 @@ class Vuln(Command):
 
 	@staticmethod
 	def lookup_local_cve(cve_id):
-		cve_path = f'{DATA_FOLDER}/cves/{cve_id}.json'
+		cve_path = f'{CONFIG.dirs.data}/cves/{cve_id}.json'
 		if os.path.exists(cve_path):
 			with open(cve_path, 'r') as f:
 				return json.load(f)
@@ -131,13 +130,54 @@ class Vuln(Command):
 	# def lookup_exploitdb(exploit_id):
 	# 	print('looking up exploit')
 	# 	try:
-	# 		cve_info = requests.get(f'https://exploit-db.com/exploits/{exploit_id}', timeout=5).content
-	# 		print(cve_info)
-	# 	except Exception:
+	# 		resp = requests.get(f'https://exploit-db.com/exploits/{exploit_id}', timeout=5)
+	#		resp.raise_for_status()
+	#		content = resp.content
+	# 	except requests.RequestException as e:
+	#		debug(f'Failed remote query for {exploit_id} ({str(e)}).', sub='cve')
 	# 		logger.error(f'Could not fetch exploit info for exploit {exploit_id}. Skipping.')
 	# 		return None
 	# 	return cve_info
 
+	@staticmethod
+	def create_cpe_string(product_name, version):
+		"""
+		Generate a CPE string for a given product and version.
+
+		Args:
+			product_name (str): The name of the product.
+			version (str): The version of the product.
+
+		Returns:
+			str: A CPE string formatted according to the CPE 2.3 specification.
+		"""
+		cpe_version = "2.3"  # CPE Specification version
+		part = "a"           # 'a' for application
+		vendor = product_name.lower()  # Vendor name, using product name
+		product = product_name.lower()  # Product name
+		version = version  # Product version
+		cpe_string = f"cpe:{cpe_version}:{part}:{vendor}:{product}:{version}:*:*:*:*:*:*:*"
+		return cpe_string
+
+	@staticmethod
+	def match_cpes(fs1, fs2):
+		"""Check if two CPEs match. Partial matches consisting of <vendor>:<product>:<version> are considered a match.
+
+		Args:
+			fs1 (str): Format string 1.
+			fs2 (str): Format string 2.
+
+		Returns:
+			bool: True if the two CPEs match, False otherwise.
+		"""
+		if fs1 == fs2:
+			return True
+		split_fs1 = fs1.split(':')
+		split_fs2 = fs2.split(':')
+		tup1 = split_fs1[3], split_fs1[4], split_fs1[5]
+		tup2 = split_fs2[3], split_fs2[4], split_fs2[5]
+		return tup1 == tup2
+
 	@staticmethod
 	def lookup_cve(cve_id, cpes=[]):
 		"""Search for a CVE in local db or using cve.circl.lu and return vulnerability data.
@@ -150,18 +190,21 @@ class Vuln(Command):
 			dict: vulnerability data.
 		"""
 		cve_info = Vuln.lookup_local_cve(cve_id)
+
+		# Online CVE lookup
 		if not cve_info:
-			if DEFAULT_SKIP_CVE_SEARCH:
-				logger.debug(f'{cve_id} not found locally, and DEFAULT_SKIP_CVE_SEARCH is set: ignoring online search.')
+			if CONFIG.runners.skip_cve_search:
+				debug(f'Skip remote query for {cve_id} since config.runners.skip_cve_search is set.', sub='cve')
+				return None
+			if CONFIG.offline_mode:
+				debug(f'Skip remote query for {cve_id} since config.offline_mode is set.', sub='cve')
 				return None
-			# logger.debug(f'{cve_id} not found locally. Use `secator install cves` to install CVEs locally.')
 			try:
-				cve_info = requests.get(f'https://cve.circl.lu/api/cve/{cve_id}', timeout=5).json()
-				if not cve_info:
-					console.print(f'Could not fetch CVE info for cve {cve_id}. Skipping.', highlight=False)
-					return None
-			except Exception:
-				console.print(f'Could not fetch CVE info for cve {cve_id}. Skipping.', highlight=False)
+				resp = requests.get(f'https://cve.circl.lu/api/cve/{cve_id}', timeout=5)
+				resp.raise_for_status()
+				cve_info = resp.json()
+			except requests.RequestException as e:
+				debug(f'Failed remote query for {cve_id} ({str(e)}).', sub='cve')
 				return None
 
 		# Match the CPE string against the affected products CPE FS strings from the CVE data if a CPE was passed.
@@ -177,14 +220,15 @@ class Vuln(Command):
 				cpe_fs = cpe_obj.as_fs()
 				# cpe_version = cpe_obj.get_version()[0]
 				vulnerable_fs = cve_info['vulnerable_product']
-				# logger.debug(f'Matching CPE {cpe} against {len(vulnerable_fs)} vulnerable products for {cve_id}')
 				for fs in vulnerable_fs:
-					if fs == cpe_fs:
-						# logger.debug(f'Found matching CPE FS {cpe_fs} ! The CPE is vulnerable to CVE {cve_id}')
+					# debug(f'{cve_id}: Testing {cpe_fs} against {fs}', sub='cve')  # for hardcore debugging
+					if Vuln.match_cpes(cpe_fs, fs):
+						debug(f'{cve_id}: CPE match found for {cpe}.', sub='cve')
 						cpe_match = True
 						tags.append('cpe-match')
-			if not cpe_match:
-				return None
+						break
+				if not cpe_match:
+					debug(f'{cve_id}: no CPE match found for {cpe}.', sub='cve')
 
 		# Parse CVE id and CVSS
 		name = id = cve_info['id']
@@ -223,17 +267,9 @@ class Vuln(Command):
 		# Set vulnerability severity based on CVSS score
 		severity = None
 		if cvss:
-			if cvss < 4:
-				severity = 'low'
-			elif cvss < 7:
-				severity = 'medium'
-			elif cvss < 9:
-				severity = 'high'
-			else:
-				severity = 'critical'
+			severity = Vuln.cvss_to_severity(cvss)
 
 		# Set confidence
-		confidence = 'low' if not cpe_match else 'high'
 		vuln = {
 			ID: id,
 			NAME: name,
@@ -243,7 +279,6 @@ class Vuln(Command):
 			TAGS: tags,
 			REFERENCES: [f'https://cve.circl.lu/cve/{id}'] + references,
 			DESCRIPTION: description,
-			CONFIDENCE: confidence
 		}
 		return vuln
 
@@ -257,17 +292,33 @@ class Vuln(Command):
 		Returns:
 			dict: vulnerability data.
 		"""
-		reference = f'https://github.com/advisories/{ghsa_id}'
-		response = requests.get(reference)
-		soup = BeautifulSoup(response.text, 'lxml')
+		try:
+			resp = requests.get(f'https://github.com/advisories/{ghsa_id}', timeout=5)
+			resp.raise_for_status()
+		except requests.RequestException as e:
+			debug(f'Failed remote query for {ghsa_id} ({str(e)}).', sub='cve')
+			return None
+		soup = BeautifulSoup(resp.text, 'lxml')
 		sidebar_items = soup.find_all('div', {'class': 'discussion-sidebar-item'})
 		cve_id = sidebar_items[2].find('div').text.strip()
-		data = Vuln.lookup_cve(cve_id)
-		if data:
-			data[TAGS].append('ghsa')
-			return data
+		vuln = Vuln.lookup_cve(cve_id)
+		if vuln:
+			vuln[TAGS].append('ghsa')
+			return vuln
 		return None
 
+	@staticmethod
+	def cvss_to_severity(cvss):
+		if cvss < 4:
+			severity = 'low'
+		elif cvss < 7:
+			severity = 'medium'
+		elif cvss < 9:
+			severity = 'high'
+		else:
+			severity = 'critical'
+		return severity
+
 
 class VulnHttp(Vuln):
 	input_type = HOST

secator/tasks/dnsxbrute.py

@@ -1,5 +1,6 @@
 from secator.decorators import task
-from secator.definitions import (DEFAULT_DNS_WORDLIST, DOMAIN, HOST, RATE_LIMIT, RETRIES, THREADS, WORDLIST, EXTRA_DATA)
+from secator.definitions import (DOMAIN, HOST, RATE_LIMIT, RETRIES, THREADS, WORDLIST, EXTRA_DATA)
+from secator.config import CONFIG
 from secator.output_types import Subdomain
 from secator.tasks._categories import ReconDns
 
@@ -17,7 +18,7 @@ class dnsxbrute(ReconDns):
         THREADS: 'threads',
     }
     opts = {
-        WORDLIST: {'type': str, 'short': 'w', 'default': DEFAULT_DNS_WORDLIST, 'help': 'Wordlist'},
+        WORDLIST: {'type': str, 'short': 'w', 'default': CONFIG.wordlists.defaults.dns, 'help': 'Wordlist'},
         'trace': {'is_flag': True, 'default': False, 'help': 'Perform dns tracing'},
     }
     output_map = {

secator/tasks/ffuf.py

@@ -7,7 +7,7 @@ from secator.definitions import (AUTO_CALIBRATION, CONTENT_LENGTH,
 								 MATCH_WORDS, METHOD, OPT_NOT_SUPPORTED,
 								 PERCENT, PROXY, RATE_LIMIT, RETRIES,
 								 STATUS_CODE, THREADS, TIME, TIMEOUT,
-								 USER_AGENT, WORDLIST, WORDLISTS_FOLDER)
+								 USER_AGENT, WORDLIST)
 from secator.output_types import Progress, Url
 from secator.serializers import JSONSerializer, RegexSerializer
 from secator.tasks._categories import HttpFuzzer
@@ -70,7 +70,7 @@ class ffuf(HttpFuzzer):
 		},
 	}
 	encoding = 'ansi'
-	install_cmd = f'go install -v github.com/ffuf/ffuf@latest && sudo git clone https://github.com/danielmiessler/SecLists {WORDLISTS_FOLDER}/seclists || true'  # noqa: E501
+	install_cmd = 'go install -v github.com/ffuf/ffuf@latest'
 	install_github_handle = 'ffuf/ffuf'
 	proxychains = False
 	proxy_socks5 = True

secator/tasks/httpx.py

@@ -1,14 +1,14 @@
 import os
 
 from secator.decorators import task
-from secator.definitions import (DEFAULT_HTTPX_FLAGS,
-								 DEFAULT_STORE_HTTP_RESPONSES, DELAY, DEPTH,
+from secator.definitions import (DEFAULT_HTTPX_FLAGS, DELAY, DEPTH,
 								 FILTER_CODES, FILTER_REGEX, FILTER_SIZE,
 								 FILTER_WORDS, FOLLOW_REDIRECT, HEADER,
 								 MATCH_CODES, MATCH_REGEX, MATCH_SIZE,
 								 MATCH_WORDS, METHOD, OPT_NOT_SUPPORTED, PROXY,
 								 RATE_LIMIT, RETRIES, THREADS,
 								 TIMEOUT, URL, USER_AGENT)
+from secator.config import CONFIG
 from secator.tasks._categories import Http
 from secator.utils import sanitize_url
 
@@ -71,7 +71,7 @@ class httpx(Http):
 		debug_resp = self.get_opt_value('debug_resp')
 		if debug_resp:
 			self.cmd = self.cmd.replace('-silent', '')
-		if DEFAULT_STORE_HTTP_RESPONSES:
+		if CONFIG.http.store_responses:
 			self.output_response_path = f'{self.reports_folder}/response'
 			self.output_screenshot_path = f'{self.reports_folder}/screenshot'
 			os.makedirs(self.output_response_path, exist_ok=True)
@@ -98,7 +98,7 @@ class httpx(Http):
 
 	@staticmethod
 	def on_end(self):
-		if DEFAULT_STORE_HTTP_RESPONSES:
+		if CONFIG.http.store_responses:
 			if os.path.exists(self.output_response_path + '/index.txt'):
 				os.remove(self.output_response_path + '/index.txt')
 			if os.path.exists(self.output_screenshot_path + '/index.txt'):

secator/tasks/katana.py

@@ -4,7 +4,7 @@ from urllib.parse import urlparse
 
 from secator.decorators import task
 from secator.definitions import (CONTENT_TYPE, DEFAULT_KATANA_FLAGS,
-								 DEFAULT_STORE_HTTP_RESPONSES, DELAY, DEPTH,
+								 DELAY, DEPTH,
 								 FILTER_CODES, FILTER_REGEX, FILTER_SIZE,
 								 FILTER_WORDS, FOLLOW_REDIRECT, HEADER, HOST,
 								 MATCH_CODES, MATCH_REGEX, MATCH_SIZE,
@@ -12,6 +12,7 @@ from secator.definitions import (CONTENT_TYPE, DEFAULT_KATANA_FLAGS,
 								 RATE_LIMIT, RETRIES, STATUS_CODE,
 								 STORED_RESPONSE_PATH, TECH,
 								 THREADS, TIME, TIMEOUT, URL, USER_AGENT, WEBSERVER, CONTENT_LENGTH)
+from secator.config import CONFIG
 from secator.output_types import Url, Tag
 from secator.tasks._categories import HttpCrawler
 
@@ -106,14 +107,14 @@ class katana(HttpCrawler):
 		debug_resp = self.get_opt_value('debug_resp')
 		if debug_resp:
 			self.cmd = self.cmd.replace('-silent', '')
-		if DEFAULT_STORE_HTTP_RESPONSES:
+		if CONFIG.http.store_responses:
 			self.cmd += f' -sr -srd {self.reports_folder}'
 
 	@staticmethod
 	def on_item(self, item):
 		if not isinstance(item, Url):
 			return item
-		if DEFAULT_STORE_HTTP_RESPONSES and os.path.exists(item.stored_response_path):
+		if CONFIG.http.store_responses and os.path.exists(item.stored_response_path):
 			with open(item.stored_response_path, 'r', encoding='latin-1') as fin:
 				data = fin.read().splitlines(True)
 				first_line = data[0]
@@ -125,5 +126,5 @@ class katana(HttpCrawler):
 
 	@staticmethod
 	def on_end(self):
-		if DEFAULT_STORE_HTTP_RESPONSES and os.path.exists(self.reports_folder + '/index.txt'):
+		if CONFIG.http.store_responses and os.path.exists(self.reports_folder + '/index.txt'):
 			os.remove(self.reports_folder + '/index.txt')

secator/tasks/msfconsole.py

@@ -5,9 +5,8 @@ import logging
 from rich.panel import Panel
 
 from secator.decorators import task
-from secator.definitions import (DELAY, FOLLOW_REDIRECT, HEADER, HOST,
-							   OPT_NOT_SUPPORTED, PROXY, RATE_LIMIT, RETRIES,
-							   DATA_FOLDER, THREADS, TIMEOUT, USER_AGENT)
+from secator.definitions import (DELAY, FOLLOW_REDIRECT, HEADER, HOST, OPT_NOT_SUPPORTED, PROXY, RATE_LIMIT, RETRIES,
+								 THREADS, TIMEOUT, USER_AGENT)
 from secator.tasks._categories import VulnMulti
 from secator.utils import get_file_timestamp
 
@@ -84,7 +83,7 @@ class msfconsole(VulnMulti):
 
 			# Make a copy and replace vars inside by env vars passed on the CLI
 			timestr = get_file_timestamp()
-			out_path = f'{DATA_FOLDER}/msfconsole_{timestr}.rc'
+			out_path = f'{self.reports_folder}/.inputs/msfconsole_{timestr}.rc'
 			logger.debug(
 				f'Writing formatted resource script to new temp file {out_path}'
 			)

secator/tasks/nmap.py

@@ -4,16 +4,19 @@ import re
 
 import xmltodict
 
+from secator.config import CONFIG
 from secator.decorators import task
 from secator.definitions import (CONFIDENCE, CVSS_SCORE, DELAY,
 								 DESCRIPTION, EXTRA_DATA, FOLLOW_REDIRECT,
 								 HEADER, HOST, ID, IP, MATCHED_AT, NAME,
 								 OPT_NOT_SUPPORTED, OUTPUT_PATH, PORT, PORTS, PROVIDER,
 								 PROXY, RATE_LIMIT, REFERENCE, REFERENCES,
-								 RETRIES, SCRIPT, SERVICE_NAME, STATE, TAGS,
-								 THREADS, TIMEOUT, USER_AGENT)
+								 RETRIES, SCRIPT, SERVICE_NAME, SEVERITY, STATE, TAGS,
+								 THREADS, TIMEOUT, TOP_PORTS, USER_AGENT)
 from secator.output_types import Exploit, Port, Vulnerability
+from secator.rich import console
 from secator.tasks._categories import VulnMulti
+from secator.utils import debug
 
 logger = logging.getLogger(__name__)
 
@@ -28,11 +31,12 @@ class nmap(VulnMulti):
 	opt_prefix = '--'
 	output_types = [Port, Vulnerability, Exploit]
 	opts = {
-		PORTS: {'type': str, 'help': 'Ports to scan', 'short': 'p'},
+		PORTS: {'type': str, 'short': 'p', 'help': 'Ports to scan'},
+		TOP_PORTS: {'type': int, 'short': 'tp', 'help': 'Top ports to scan [full, 100, 1000]'},
 		SCRIPT: {'type': str, 'default': 'vulners', 'help': 'NSE scripts'},
 		# 'tcp_connect': {'type': bool, 'short': 'sT', 'default': False, 'help': 'TCP Connect scan'},
 		'tcp_syn_stealth': {'is_flag': True, 'short': 'sS', 'default': False, 'help': 'TCP SYN Stealth'},
-		'output_path': {'type': str, 'short': 'oX', 'default': None, 'help': 'Output XML file path'}
+		'output_path': {'type': str, 'short': 'oX', 'default': None, 'help': 'Output XML file path'},
 	}
 	opt_key_map = {
 		HEADER: OPT_NOT_SUPPORTED,
@@ -114,20 +118,18 @@ class nmapData(dict):
 
 				# Get extra data
 				extra_data = self._get_extra_data(port)
+				service_name = extra_data['service_name']
+				version_exact = extra_data.get('version_exact', False)
+				conf = extra_data.get('confidence')
+				if not version_exact:
+					console.print(
+						f'[bold orange1]nmap could not identify an exact version for {service_name} '
+						f'(detection confidence is {conf}): do not blindy trust the results ![/]'
+					)
 
 				# Grab CPEs
 				cpes = extra_data.get('cpe', [])
 
-				# Grab service name
-				service_name = ''
-				if 'product' in extra_data:
-					service_name = extra_data['product']
-				elif 'name' in extra_data:
-					service_name = extra_data['name']
-				if 'version' in extra_data:
-					version = extra_data['version']
-					service_name += f'/{version}'
-
 				# Get script output
 				scripts = self._get_scripts(port)
 
@@ -160,10 +162,17 @@ class nmapData(dict):
 						EXTRA_DATA: extra_data,
 					}
 					if not func:
-						# logger.debug(f'Script output parser for "{script_id}" is not supported YET.')
+						debug(f'Script output parser for "{script_id}" is not supported YET.', sub='cve')
 						continue
 					for vuln in func(output, cpes=cpes):
 						vuln.update(metadata)
+						confidence = 'low'
+						if 'cpe-match' in vuln[TAGS]:
+							confidence = 'high' if version_exact else 'medium'
+						vuln[CONFIDENCE] = confidence
+						if (CONFIG.runners.skip_cve_low_confidence and vuln[CONFIDENCE] == 'low'):
+							debug(f'{vuln[ID]}: ignored (low confidence).', sub='cve')
+							continue
 						yield vuln
 
 	#---------------------#
@@ -198,40 +207,74 @@ class nmapData(dict):
 		return host_cfg.get('address', {}).get('@addr', None)
 
 	def _get_extra_data(self, port_cfg):
-		extra_datas = {
+		extra_data = {
 			k.lstrip('@'): v
 			for k, v in port_cfg.get('service', {}).items()
 		}
 
 		# Strip product / version strings
-		if 'product' in extra_datas:
-			extra_datas['product'] = extra_datas['product'].lower()
-
-		if 'version' in extra_datas:
-			version_split = extra_datas['version'].split(' ')
-			version = None
+		if 'product' in extra_data:
+			extra_data['product'] = extra_data['product'].lower()
+
+		# Get version and post-process it
+		version = None
+		if 'version' in extra_data:
+			vsplit = extra_data['version'].split(' ')
+			version_exact = True
 			os = None
-			if len(version_split) == 3:
-				version, os, extra_version = tuple(version_split)
+			if len(vsplit) == 3:
+				version, os, extra_version = tuple(vsplit)
+				if os == 'or' and extra_version == 'later':
+					version_exact = False
+					os = None
 				version = f'{version}-{extra_version}'
-			elif len(version_split) == 2:
-				version, os = tuple(version_split)
-			elif len(version_split) == 1:
-				version = version_split[0]
+			elif len(vsplit) == 2:
+				version, os = tuple(vsplit)
+			elif len(vsplit) == 1:
+				version = vsplit[0]
 			else:
-				version = extra_datas['version']
+				version = extra_data['version']
 			if os:
-				extra_datas['os'] = os
+				extra_data['os'] = os
+			if version:
+				extra_data['version'] = version
+			extra_data['version_exact'] = version_exact
+
+		# Grap service name
+		product = extra_data.get('name', None) or extra_data.get('product', None)
+		if product:
+			service_name = product
 			if version:
-				extra_datas['version'] = version
+				service_name += f'/{version}'
+			extra_data['service_name'] = service_name
 
 		# Grab CPEs
-		cpes = extra_datas.get('cpe', [])
+		cpes = extra_data.get('cpe', [])
 		if not isinstance(cpes, list):
 			cpes = [cpes]
-			extra_datas['cpe'] = cpes
+			extra_data['cpe'] = cpes
+		debug(f'Found CPEs: {",".join(cpes)}', sub='cve')
+
+		# Grab confidence
+		conf = int(extra_data.get('conf', 0))
+		if conf > 7:
+			confidence = 'high'
+		elif conf > 4:
+			confidence = 'medium'
+		else:
+			confidence = 'low'
+		extra_data['confidence'] = confidence
+
+		# Build custom CPE
+		if product and version:
+			vsplit = version.split('-')
+			version_cpe = vsplit[0] if not version_exact else version
+			cpe = VulnMulti.create_cpe_string(product, version_cpe)
+			if cpe not in cpes:
+				cpes.append(cpe)
+				debug(f'Added new CPE from identified product and version: {cpe}', sub='cve')
 
-		return extra_datas
+		return extra_data
 
 	def _get_scripts(self, port_cfg):
 		scripts = port_cfg.get('script', [])
@@ -276,23 +319,23 @@ class nmapData(dict):
 				TAGS: [vuln_id, provider_name]
 			}
 			if provider_name == 'MITRE CVE':
-				vuln_data = VulnMulti.lookup_cve(vuln['id'], cpes=cpes)
-				if vuln_data:
-					vuln.update(vuln_data)
+				data = VulnMulti.lookup_cve(vuln['id'], cpes=cpes)
+				if data:
+					vuln.update(data)
 				yield vuln
 			else:
-				# logger.debug(f'Vulscan provider {provider_name} is not supported YET.')
+				debug(f'Vulscan provider {provider_name} is not supported YET.', sub='cve')
 				continue
 
 	def _parse_vulners_output(self, out, **kwargs):
-		cpes = []
+		cpes = kwargs.get('cpes', [])
 		provider_name = 'vulners'
 		for line in out.splitlines():
 			if not line:
 				continue
 			line = line.strip()
 			if line.startswith('cpe:'):
-				cpes.append(line)
+				cpes.append(line.rstrip(':'))
 				continue
 			elems = tuple(line.split('\t'))
 			vuln = {}
@@ -307,7 +350,8 @@ class nmapData(dict):
 					NAME: name,
 					PROVIDER: provider_name,
 					REFERENCE: reference_url,
-					'_type': 'exploit'
+					'_type': 'exploit',
+					TAGS: [exploit_id, provider_name]
 					# CVSS_SCORE: cvss_score,
 					# CONFIDENCE: 'low'
 				}
@@ -319,23 +363,26 @@ class nmapData(dict):
 
 			elif len(elems) == 3:  # vuln
 				vuln_id, vuln_cvss, reference_url = tuple(line.split('\t'))
+				vuln_cvss = float(vuln_cvss)
+				vuln_id = vuln_id.split(':')[-1]
 				vuln_type = vuln_id.split('-')[0]
 				vuln = {
 					ID: vuln_id,
 					NAME: vuln_id,
 					PROVIDER: provider_name,
 					CVSS_SCORE: vuln_cvss,
+					SEVERITY: VulnMulti.cvss_to_severity(vuln_cvss),
 					REFERENCES: [reference_url],
-					TAGS: [],
+					TAGS: [vuln_id, provider_name],
 					CONFIDENCE: 'low'
 				}
-				if vuln_type == 'CVE':
+				if vuln_type == 'CVE' or vuln_type == 'PRION:CVE':
 					vuln[TAGS].append('cve')
-					vuln_data = VulnMulti.lookup_cve(vuln_id, cpes=cpes)
-					if vuln_data:
-						vuln.update(vuln_data)
+					data = VulnMulti.lookup_cve(vuln_id, cpes=cpes)
+					if data:
+						vuln.update(data)
 					yield vuln
 				else:
-					logger.debug(f'Vulners parser for "{vuln_type}" is not implemented YET.')
+					debug(f'Vulners parser for "{vuln_type}" is not implemented YET.', sub='cve')
 			else:
-				logger.error(f'Unrecognized vulners output: {elems}')
+				debug(f'Unrecognized vulners output: {elems}', sub='cve')

secator/tasks/nuclei.py

@@ -85,8 +85,12 @@ class nuclei(VulnMulti):
 	def extra_data_extractor(item):
 		data = {}
 		data['data'] = item.get('extracted-results', [])
+		data['type'] = item.get('type', '')
 		data['template_id'] = item['template-id']
 		data['template_url'] = item.get('template-url', '')
+		for k, v in item.get('meta', {}).items():
+			data['data'].append(f'{k}: {v}')
+		data['metadata'] = item.get('metadata', {})
 		return data
 
 	@staticmethod