Codebase list faraday-plugins / master RELEASE.md
master

Tree @master (Download .tar.gz)

RELEASE.md @master 

6dcde8e
 
 
 
 
 
 
 
e02d6cf
 
 
 
 
 
 
 
 
 
e12636f
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
d6de2a9
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
f093230
 
d6de2a9
f093230
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
6f8a9c0
 
 
f093230
6f8a9c0
 
 
 
 
 
 
 
 
 
 
 
 
 
 
0e52bfd
 
 
 
 
 
 
 
 
 
 
 
c35f9ad
 
 
 
 
 
 
 
 
 
 
b71dc44
 
c35f9ad
 
 
b71dc44
 
 
 
c35f9ad
 
 
 
b71dc44
 
 
 
 
 
cbba26c
 
 
 
 
 
 
f002ddf
 
cbba26c
f002ddf
 
 
 
 
 
 
 
 
 
49ffab5
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
1.8.1 [Nov 28th, 2022]:
---
 * [FIX] Nuclei's plugin check if the cwe is null and add retrocompability for newer versions for wpscan plugin
 * [ADD] Add cvss2/3 and cwe to faraday_csv plugin
 * [Add] Now nexpose_full plugin use severity from reports
 * [FIX] Now plugins check if the ref is empty

1.8.0:
---
 * [Add] Add invicti plugin
 * [Add] Add nessus_sc plugin
 * [FIX] Remove cvss_vector from refs in nexpose_full
 * Add new identifier_tag to nikto plugin
 * [FIX] Now plugins check if ref field is already a dictionary
 * [MOD] Improve grype plugin for dockers images and change report_belong_to method for
json plugins to check if json_keys is a list, in that case iterate the list and try if
any of them create a match.

1.7.0 [Sep 5th, 2022]:
---
 * Add CWE to PluginBase. The plugins that have this implemented are the following:
"Acunetix",
"Acunetix_Json",
"AppSpider",
"Appscan",
"Arachni",
"Burp",
"Checkmarx",
"Metasploit",
"Nessus",
"Netsparker",
"NetsparkerCloud",
"Openvas",
"QualysWebapp",
"W3af",
"Wapiti",
"Zap",
"Zap_Json",
"nuclei",
"nuclei_legacy"
 * Now the nexts pluggins extracts cvss from reports:

- Acunetix
- Acunetix_Json
- Appscan
- Nessus
- Netsparker
- NexposeFull
- Nipper
- Nmap
- Openvas
- QualysWebapp
- Qualysguard
- Retina
- shodan
- whitesource
 * Add arguments for add tags for vulns, services and host.

Add test for tags and ignore_info
 * Add trivy's json plugin
 * Add command support for the wpscan plugin
 * [MOD] Now refs field is a list of dictionary with the format:
    {'name': string, 'type': string},
 * Fix for acunetix_json when host is ip
 * [FIX] - Asset duplicated on same file with multiple entries for Appscan_csv plugin.
 * [FIX] Change import dateutil to from dateutil.parser import parse
for compatibility issues with python 3.10
 * [FIX] Add case for Netsparker plugins, when the url has a number inside a parenthesis.
 * Add *args **kwargs to syhunt plugin
 * fix bug when grype report has no arifact/metadata
 * [MOD] Now prowler plugin returns CAF Epic as policy violation and
remove [check#] from tittle

1.6.8 [Jul 25th, 2022]:
---
 * Add appscan csv
 * Now faraday_csv's plugin uses ignore_info parameter
 * Add syhunt plugin
 * Add cve and data fields to desc for avoid duplications
 * Now nuclei resolve hostname if the field ip is None

1.6.7 [Jun 2nd, 2022]:
---
 * Change hostname_restolution to dont_resolve_hostname for process-report and now test dosent resovle hostname
 * Now QualysWebApp's plugin will diferenciate vulns from differents urlpaths

1.6.6 [May 20th, 2022]:
---
 * Add hostname_resolution parameter within plugins
 * Fix openvas external ID

1.6.5 [Apr 28th, 2022]:
---
 * Now Openvas's plugin set severity to Critical when cvss >= 9.0

1.6.4 [Apr 21th, 2022]:
---
 * Add location as params in burp's plugin
 * Now the faraday_csv custom_fields regex match any no whitespace character.

1.6.3 [Apr 19th, 2022]:
---
 * Add Zap Json plugin.

1.6.2 [Apr 4th, 2022]:
---
 * Now Appscan plugin saves line and highlight of the vulns in desc and data

1.6.1 [Mar 18th, 2022]:
---
 * Add references tu burp plugin
 * Move item.detail from data to desc
 * update open status

1.6.0 [Feb 3rd, 2022]:
---
 * Add packaging to requierments in setup.py
 * Add severity to shodan's plugins using cvss
 * check if cve exist on cve-id field
 * Fix Fortify's plugin
 * Change qualysguard's plugin severity_dict to refer level 2 severities as low

1.5.10 [Jan 13th, 2022]:
---
 * support cve,cwe,cvss and metadata

1.5.9 [Dec 27th, 2021]:
---
 * Add cve in faraday_csv plugin
 * ADD Grype plugin

1.5.8 [Dec 13th, 2021]:
---
 * Add CVE to plugins
- acunetix
- appscan
- burp
- metasploit
- nessus
- netsparker
- nexpose
- nikto
- nipper
- nmap
- openscap
- qualysguard
- retina
- shodan
 * Add support for Sslyze 5.0 resports
 * Fix errors while creating hosts with wrong regex
 * ADD masscan support to nmap plugin
 * Fix bug in openvas plugin

1.5.7 [Nov 19th, 2021]:
---
 * FIX extrainfo of netsparker plugin
 * Add nuclei_legacy plugin

1.5.6 [Nov 10th, 2021]:
---
 * FIX issue with acunetix plugin

 * FIX typo in nikto plugin

1.5.5 [Oct 21st, 2021]:
---
 * Merge PR from github

1.5.4 [Oct 19th, 2021]:
---
 * Update nuclei parser

1.5.3 [Sep 7th, 2021]:
---
 * Adding support for running nuclei through command / faraday-cli 
 * Fix missing references in nuclei

1.5.2 [Aug 9th, 2021]:
---
 * add new structure acunetix 

1.5.1 [Jul 27th, 2021]:
---
 * cwe, capec, references, tags, impact, resolution, easeofresolution
 * add os openvas
 * [FIX] Fix improt of CSV with big fields
 * Fix sslyze json bug with port
 * Only show report name in command data

1.5.0 [Jun 28th, 2021]:
---
 * Add Nipper Plugin
 * add shodan plugin
 * fix acunetix url parser
 * FIX netsparker multi-host
 * Add vuln details for Certificate Mismatch and move unique details to data, now vulns can be grupped
 * ADD more data to plugins arachni and w3af
 * Use run_date in UTC
 * ADD cvss_base, cpe, threat, severity into references

1.4.6 [May 14th, 2021]:
---
 * - add attribute "command" for the pluggins of each command
- adding test in test_command
- change some regex in self._command_regex
 * [FIX] add hostnames if host is already cached
 * Add Naabu plugin
 * Add Sonarqube plugin
 * Add version and change list_plugins style
 * FIX unused import, innecesary list compression and unused variables
 * FIX metasploit report when the web-site-id is null
 * Fix port stats in nmap
 * fixup ssylze
sacar unknown de version=
 * ADD remedy into resolution
 * Support for nuclei 2.3.0
 * ADD cve, cvss3_base_score, cvss3_vector, exploit_available when import nessus and change the structure of external_id to NESSUS-XXX
 * ADD more data like attack, params, uri, method, WASC, CWE and format externail_id

1.4.5 [Apr 15th, 2021]:
---
 * Add Bandit plugin
 * Use background for description and detail for data en Burp plugin.
 * Rewrite Appscan Plugin
 * Parse Nmap vulners script data

1.4.4 [Mar 30th, 2021]:
---
 * Faraday CSV Plugin do not consider ignore_info

1.4.3 [Mar 17th, 2021]:
---
 * Add Ignore information vulnerabilities option

1.4.2 [Mar 10th, 2021]:
---
 * Fix bug with sslyze output file
 * FIX change id sslyze for JSON/XML

1.4.1 [Feb 26th, 2021]:
---
 * ADD microsoft baseline security analyzer plugin
 * ADD nextnet plugin
 * ADD openscap plugin 
 * FIX old versions of Nessus plugins bugs

1.4.0 [Dec 23rd, 2020]:
---
 * Update the fields of the nuclei output used to create a vuln

1.4.0b2 [Dec 15th, 2020]:
---
 * Fix nuclei plugin bug when url is None

1.4.0b1 [Dec 14th, 2020]:
---
 * Add new plugin base class, for multi line json
 * New ncrack plugin 
 * New nuclei plugin
 * New sslyze json plugin
 * New WhatWeb plugin
 * Fix missing ip in some arachni reports
 * Fix change name vuln in Netsparker plugin
 * Fix whois plugin, command whois IP not parse data
 * Change the way we detect json reports when they are lists of dictionaries

1.3.0 [Sep 2nd, 2020]:
---
 * ADD plugin AppSpider
 * Add tests to faraday-plugins cli
 * add a default value to plugin_version
 * Add --output-file parameter to faraday-plugins process command
 * Add plugins prowler
 * Add plugins ssl labs
 * Add support for tenable io
 * delete old deprecated methods
 * Bug fix: Arachni Plugin 'NoneType' object has no attribute 'find'
 * Bug fix: Openvas Plugin - Import xml from OpenVas doesnt work
 * Bug fix: QualysWebApp Plugin, error in get info OPERATING_SYSTEM
 * Fix Hydra plugin to resolve ip address
 * Fix Nessus mod severity HIGH for Low 
 * Bug Fix: Detect plugins AWS Prowler
 * Fix broken xml on nmap plugin
 * Add new rdpscan plugin
 * UPDATE xml report to appscan
 * Update Readme
 * Fix how ZAP genereate vulns