Codebase list faraday-plugins / master RELEASE.md
master

Tree @master (Download .tar.gz)

RELEASE.md @masterview markup · raw · history · blame

1.8.1 [Nov 28th, 2022]:

  • [FIX] Nuclei's plugin check if the cwe is null and add retrocompability for newer versions for wpscan plugin
  • [ADD] Add cvss2/3 and cwe to faraday_csv plugin
  • [Add] Now nexpose_full plugin use severity from reports
  • [FIX] Now plugins check if the ref is empty

1.8.0:

  • [Add] Add invicti plugin
  • [Add] Add nessus_sc plugin
  • [FIX] Remove cvss_vector from refs in nexpose_full
  • Add new identifier_tag to nikto plugin
  • [FIX] Now plugins check if ref field is already a dictionary
  • [MOD] Improve grype plugin for dockers images and change report_belong_to method for json plugins to check if json_keys is a list, in that case iterate the list and try if any of them create a match.

1.7.0 [Sep 5th, 2022]:

  • Add CWE to PluginBase. The plugins that have this implemented are the following: "Acunetix", "Acunetix_Json", "AppSpider", "Appscan", "Arachni", "Burp", "Checkmarx", "Metasploit", "Nessus", "Netsparker", "NetsparkerCloud", "Openvas", "QualysWebapp", "W3af", "Wapiti", "Zap", "Zap_Json", "nuclei", "nuclei_legacy"

  • Now the nexts pluggins extracts cvss from reports:

  • Acunetix

  • Acunetix_Json
  • Appscan
  • Nessus
  • Netsparker
  • NexposeFull
  • Nipper
  • Nmap
  • Openvas
  • QualysWebapp
  • Qualysguard
  • Retina
  • shodan
  • whitesource
  • Add arguments for add tags for vulns, services and host.

Add test for tags and ignore_info * Add trivy's json plugin * Add command support for the wpscan plugin * [MOD] Now refs field is a list of dictionary with the format: {'name': string, 'type': string}, * Fix for acunetix_json when host is ip * [FIX] - Asset duplicated on same file with multiple entries for Appscan_csv plugin. * [FIX] Change import dateutil to from dateutil.parser import parse for compatibility issues with python 3.10 * [FIX] Add case for Netsparker plugins, when the url has a number inside a parenthesis. * Add args *kwargs to syhunt plugin * fix bug when grype report has no arifact/metadata * [MOD] Now prowler plugin returns CAF Epic as policy violation and remove [check#] from tittle

1.6.8 [Jul 25th, 2022]:

  • Add appscan csv
  • Now faraday_csv's plugin uses ignore_info parameter
  • Add syhunt plugin
  • Add cve and data fields to desc for avoid duplications
  • Now nuclei resolve hostname if the field ip is None

1.6.7 [Jun 2nd, 2022]:

  • Change hostname_restolution to dont_resolve_hostname for process-report and now test dosent resovle hostname
  • Now QualysWebApp's plugin will diferenciate vulns from differents urlpaths

1.6.6 [May 20th, 2022]:

  • Add hostname_resolution parameter within plugins
  • Fix openvas external ID

1.6.5 [Apr 28th, 2022]:

  • Now Openvas's plugin set severity to Critical when cvss >= 9.0

1.6.4 [Apr 21th, 2022]:

  • Add location as params in burp's plugin
  • Now the faraday_csv custom_fields regex match any no whitespace character.

1.6.3 [Apr 19th, 2022]:

  • Add Zap Json plugin.

1.6.2 [Apr 4th, 2022]:

  • Now Appscan plugin saves line and highlight of the vulns in desc and data

1.6.1 [Mar 18th, 2022]:

  • Add references tu burp plugin
  • Move item.detail from data to desc
  • update open status

1.6.0 [Feb 3rd, 2022]:

  • Add packaging to requierments in setup.py
  • Add severity to shodan's plugins using cvss
  • check if cve exist on cve-id field
  • Fix Fortify's plugin
  • Change qualysguard's plugin severity_dict to refer level 2 severities as low

1.5.10 [Jan 13th, 2022]:

  • support cve,cwe,cvss and metadata

1.5.9 [Dec 27th, 2021]:

  • Add cve in faraday_csv plugin
  • ADD Grype plugin

1.5.8 [Dec 13th, 2021]:

  • Add CVE to plugins
  • acunetix
  • appscan
  • burp
  • metasploit
  • nessus
  • netsparker
  • nexpose
  • nikto
  • nipper
  • nmap
  • openscap
  • qualysguard
  • retina
  • shodan
  • Add support for Sslyze 5.0 resports
  • Fix errors while creating hosts with wrong regex
  • ADD masscan support to nmap plugin
  • Fix bug in openvas plugin

1.5.7 [Nov 19th, 2021]:

  • FIX extrainfo of netsparker plugin
  • Add nuclei_legacy plugin

1.5.6 [Nov 10th, 2021]:

  • FIX issue with acunetix plugin

  • FIX typo in nikto plugin

1.5.5 [Oct 21st, 2021]:

  • Merge PR from github

1.5.4 [Oct 19th, 2021]:

  • Update nuclei parser

1.5.3 [Sep 7th, 2021]:

  • Adding support for running nuclei through command / faraday-cli
  • Fix missing references in nuclei

1.5.2 [Aug 9th, 2021]:

  • add new structure acunetix

1.5.1 [Jul 27th, 2021]:

  • cwe, capec, references, tags, impact, resolution, easeofresolution
  • add os openvas
  • [FIX] Fix improt of CSV with big fields
  • Fix sslyze json bug with port
  • Only show report name in command data

1.5.0 [Jun 28th, 2021]:

  • Add Nipper Plugin
  • add shodan plugin
  • fix acunetix url parser
  • FIX netsparker multi-host
  • Add vuln details for Certificate Mismatch and move unique details to data, now vulns can be grupped
  • ADD more data to plugins arachni and w3af
  • Use run_date in UTC
  • ADD cvss_base, cpe, threat, severity into references

1.4.6 [May 14th, 2021]:

    • add attribute "command" for the pluggins of each command
  • adding test in test_command
  • change some regex in self._command_regex
  • [FIX] add hostnames if host is already cached
  • Add Naabu plugin
  • Add Sonarqube plugin
  • Add version and change list_plugins style
  • FIX unused import, innecesary list compression and unused variables
  • FIX metasploit report when the web-site-id is null
  • Fix port stats in nmap
  • fixup ssylze sacar unknown de version=
  • ADD remedy into resolution
  • Support for nuclei 2.3.0
  • ADD cve, cvss3_base_score, cvss3_vector, exploit_available when import nessus and change the structure of external_id to NESSUS-XXX
  • ADD more data like attack, params, uri, method, WASC, CWE and format externail_id

1.4.5 [Apr 15th, 2021]:

  • Add Bandit plugin
  • Use background for description and detail for data en Burp plugin.
  • Rewrite Appscan Plugin
  • Parse Nmap vulners script data

1.4.4 [Mar 30th, 2021]:

  • Faraday CSV Plugin do not consider ignore_info

1.4.3 [Mar 17th, 2021]:

  • Add Ignore information vulnerabilities option

1.4.2 [Mar 10th, 2021]:

  • Fix bug with sslyze output file
  • FIX change id sslyze for JSON/XML

1.4.1 [Feb 26th, 2021]:

  • ADD microsoft baseline security analyzer plugin
  • ADD nextnet plugin
  • ADD openscap plugin
  • FIX old versions of Nessus plugins bugs

1.4.0 [Dec 23rd, 2020]:

  • Update the fields of the nuclei output used to create a vuln

1.4.0b2 [Dec 15th, 2020]:

  • Fix nuclei plugin bug when url is None

1.4.0b1 [Dec 14th, 2020]:

  • Add new plugin base class, for multi line json
  • New ncrack plugin
  • New nuclei plugin
  • New sslyze json plugin
  • New WhatWeb plugin
  • Fix missing ip in some arachni reports
  • Fix change name vuln in Netsparker plugin
  • Fix whois plugin, command whois IP not parse data
  • Change the way we detect json reports when they are lists of dictionaries

1.3.0 [Sep 2nd, 2020]:

  • ADD plugin AppSpider
  • Add tests to faraday-plugins cli
  • add a default value to plugin_version
  • Add --output-file parameter to faraday-plugins process command
  • Add plugins prowler
  • Add plugins ssl labs
  • Add support for tenable io
  • delete old deprecated methods
  • Bug fix: Arachni Plugin 'NoneType' object has no attribute 'find'
  • Bug fix: Openvas Plugin - Import xml from OpenVas doesnt work
  • Bug fix: QualysWebApp Plugin, error in get info OPERATING_SYSTEM
  • Fix Hydra plugin to resolve ip address
  • Fix Nessus mod severity HIGH for Low
  • Bug Fix: Detect plugins AWS Prowler
  • Fix broken xml on nmap plugin
  • Add new rdpscan plugin
  • UPDATE xml report to appscan
  • Update Readme
  • Fix how ZAP genereate vulns