Tree @master (Download .tar.gz)
RELEASE.md @master — view markup · raw · history · blame
1.8.1 [Nov 28th, 2022]:
- [FIX] Nuclei's plugin check if the cwe is null and add retrocompability for newer versions for wpscan plugin
- [ADD] Add cvss2/3 and cwe to faraday_csv plugin
- [Add] Now nexpose_full plugin use severity from reports
- [FIX] Now plugins check if the ref is empty
1.8.0:
- [Add] Add invicti plugin
- [Add] Add nessus_sc plugin
- [FIX] Remove cvss_vector from refs in nexpose_full
- Add new identifier_tag to nikto plugin
- [FIX] Now plugins check if ref field is already a dictionary
- [MOD] Improve grype plugin for dockers images and change report_belong_to method for json plugins to check if json_keys is a list, in that case iterate the list and try if any of them create a match.
1.7.0 [Sep 5th, 2022]:
- Add CWE to PluginBase. The plugins that have this implemented are the following: "Acunetix", "Acunetix_Json", "AppSpider", "Appscan", "Arachni", "Burp", "Checkmarx", "Metasploit", "Nessus", "Netsparker", "NetsparkerCloud", "Openvas", "QualysWebapp", "W3af", "Wapiti", "Zap", "Zap_Json", "nuclei", "nuclei_legacy"
-
Now the nexts pluggins extracts cvss from reports:
-
Acunetix
- Acunetix_Json
- Appscan
- Nessus
- Netsparker
- NexposeFull
- Nipper
- Nmap
- Openvas
- QualysWebapp
- Qualysguard
- Retina
- shodan
- whitesource
- Add arguments for add tags for vulns, services and host.
Add test for tags and ignore_info * Add trivy's json plugin * Add command support for the wpscan plugin * [MOD] Now refs field is a list of dictionary with the format: {'name': string, 'type': string}, * Fix for acunetix_json when host is ip * [FIX] - Asset duplicated on same file with multiple entries for Appscan_csv plugin. * [FIX] Change import dateutil to from dateutil.parser import parse for compatibility issues with python 3.10 * [FIX] Add case for Netsparker plugins, when the url has a number inside a parenthesis. * Add args *kwargs to syhunt plugin * fix bug when grype report has no arifact/metadata * [MOD] Now prowler plugin returns CAF Epic as policy violation and remove [check#] from tittle
1.6.8 [Jul 25th, 2022]:
- Add appscan csv
- Now faraday_csv's plugin uses ignore_info parameter
- Add syhunt plugin
- Add cve and data fields to desc for avoid duplications
- Now nuclei resolve hostname if the field ip is None
1.6.7 [Jun 2nd, 2022]:
- Change hostname_restolution to dont_resolve_hostname for process-report and now test dosent resovle hostname
- Now QualysWebApp's plugin will diferenciate vulns from differents urlpaths
1.6.6 [May 20th, 2022]:
- Add hostname_resolution parameter within plugins
- Fix openvas external ID
1.6.5 [Apr 28th, 2022]:
- Now Openvas's plugin set severity to Critical when cvss >= 9.0
1.6.4 [Apr 21th, 2022]:
- Add location as params in burp's plugin
- Now the faraday_csv custom_fields regex match any no whitespace character.
1.6.3 [Apr 19th, 2022]:
- Add Zap Json plugin.
1.6.2 [Apr 4th, 2022]:
- Now Appscan plugin saves line and highlight of the vulns in desc and data
1.6.1 [Mar 18th, 2022]:
- Add references tu burp plugin
- Move item.detail from data to desc
- update open status
1.6.0 [Feb 3rd, 2022]:
- Add packaging to requierments in setup.py
- Add severity to shodan's plugins using cvss
- check if cve exist on cve-id field
- Fix Fortify's plugin
- Change qualysguard's plugin severity_dict to refer level 2 severities as low
1.5.10 [Jan 13th, 2022]:
- support cve,cwe,cvss and metadata
1.5.9 [Dec 27th, 2021]:
- Add cve in faraday_csv plugin
- ADD Grype plugin
1.5.8 [Dec 13th, 2021]:
- Add CVE to plugins
- acunetix
- appscan
- burp
- metasploit
- nessus
- netsparker
- nexpose
- nikto
- nipper
- nmap
- openscap
- qualysguard
- retina
- shodan
- Add support for Sslyze 5.0 resports
- Fix errors while creating hosts with wrong regex
- ADD masscan support to nmap plugin
- Fix bug in openvas plugin
1.5.7 [Nov 19th, 2021]:
- FIX extrainfo of netsparker plugin
- Add nuclei_legacy plugin
1.5.6 [Nov 10th, 2021]:
-
FIX issue with acunetix plugin
-
FIX typo in nikto plugin
1.5.5 [Oct 21st, 2021]:
- Merge PR from github
1.5.4 [Oct 19th, 2021]:
- Update nuclei parser
1.5.3 [Sep 7th, 2021]:
- Adding support for running nuclei through command / faraday-cli
- Fix missing references in nuclei
1.5.2 [Aug 9th, 2021]:
- add new structure acunetix
1.5.1 [Jul 27th, 2021]:
- cwe, capec, references, tags, impact, resolution, easeofresolution
- add os openvas
- [FIX] Fix improt of CSV with big fields
- Fix sslyze json bug with port
- Only show report name in command data
1.5.0 [Jun 28th, 2021]:
- Add Nipper Plugin
- add shodan plugin
- fix acunetix url parser
- FIX netsparker multi-host
- Add vuln details for Certificate Mismatch and move unique details to data, now vulns can be grupped
- ADD more data to plugins arachni and w3af
- Use run_date in UTC
- ADD cvss_base, cpe, threat, severity into references
1.4.6 [May 14th, 2021]:
-
- add attribute "command" for the pluggins of each command
- adding test in test_command
- change some regex in self._command_regex
- [FIX] add hostnames if host is already cached
- Add Naabu plugin
- Add Sonarqube plugin
- Add version and change list_plugins style
- FIX unused import, innecesary list compression and unused variables
- FIX metasploit report when the web-site-id is null
- Fix port stats in nmap
- fixup ssylze sacar unknown de version=
- ADD remedy into resolution
- Support for nuclei 2.3.0
- ADD cve, cvss3_base_score, cvss3_vector, exploit_available when import nessus and change the structure of external_id to NESSUS-XXX
- ADD more data like attack, params, uri, method, WASC, CWE and format externail_id
1.4.5 [Apr 15th, 2021]:
- Add Bandit plugin
- Use background for description and detail for data en Burp plugin.
- Rewrite Appscan Plugin
- Parse Nmap vulners script data
1.4.4 [Mar 30th, 2021]:
- Faraday CSV Plugin do not consider ignore_info
1.4.3 [Mar 17th, 2021]:
- Add Ignore information vulnerabilities option
1.4.2 [Mar 10th, 2021]:
- Fix bug with sslyze output file
- FIX change id sslyze for JSON/XML
1.4.1 [Feb 26th, 2021]:
- ADD microsoft baseline security analyzer plugin
- ADD nextnet plugin
- ADD openscap plugin
- FIX old versions of Nessus plugins bugs
1.4.0 [Dec 23rd, 2020]:
- Update the fields of the nuclei output used to create a vuln
1.4.0b2 [Dec 15th, 2020]:
- Fix nuclei plugin bug when url is None
1.4.0b1 [Dec 14th, 2020]:
- Add new plugin base class, for multi line json
- New ncrack plugin
- New nuclei plugin
- New sslyze json plugin
- New WhatWeb plugin
- Fix missing ip in some arachni reports
- Fix change name vuln in Netsparker plugin
- Fix whois plugin, command whois IP not parse data
- Change the way we detect json reports when they are lists of dictionaries
1.3.0 [Sep 2nd, 2020]:
- ADD plugin AppSpider
- Add tests to faraday-plugins cli
- add a default value to plugin_version
- Add --output-file parameter to faraday-plugins process command
- Add plugins prowler
- Add plugins ssl labs
- Add support for tenable io
- delete old deprecated methods
- Bug fix: Arachni Plugin 'NoneType' object has no attribute 'find'
- Bug fix: Openvas Plugin - Import xml from OpenVas doesnt work
- Bug fix: QualysWebApp Plugin, error in get info OPERATING_SYSTEM
- Fix Hydra plugin to resolve ip address
- Fix Nessus mod severity HIGH for Low
- Bug Fix: Detect plugins AWS Prowler
- Fix broken xml on nmap plugin
- Add new rdpscan plugin
- UPDATE xml report to appscan
- Update Readme
- Fix how ZAP genereate vulns