diff --git a/CHANGELOG/1.8.1/add_check_cwe_nuclei.md b/CHANGELOG/1.8.1/add_check_cwe_nuclei.md new file mode 100644 index 0000000..ff6b3fb --- /dev/null +++ b/CHANGELOG/1.8.1/add_check_cwe_nuclei.md @@ -0,0 +1 @@ +[FIX] Nuclei's plugin check if the cwe is null and add retrocompability for newer versions for wpscan plugin diff --git a/CHANGELOG/1.8.1/add_enrichment.md b/CHANGELOG/1.8.1/add_enrichment.md new file mode 100644 index 0000000..0d44d49 --- /dev/null +++ b/CHANGELOG/1.8.1/add_enrichment.md @@ -0,0 +1 @@ +[ADD] Add cvss2/3 and cwe to faraday_csv plugin diff --git a/CHANGELOG/1.8.1/add_severity.md b/CHANGELOG/1.8.1/add_severity.md new file mode 100644 index 0000000..4f508ea --- /dev/null +++ b/CHANGELOG/1.8.1/add_severity.md @@ -0,0 +1 @@ +[Add] Now nexpose_full plugin use severity from reports diff --git a/CHANGELOG/1.8.1/check_if_refs_is_empty.md b/CHANGELOG/1.8.1/check_if_refs_is_empty.md new file mode 100644 index 0000000..a9582c7 --- /dev/null +++ b/CHANGELOG/1.8.1/check_if_refs_is_empty.md @@ -0,0 +1 @@ +[FIX] Now plugins check if the ref is empty diff --git a/CHANGELOG/1.8.1/date.md b/CHANGELOG/1.8.1/date.md new file mode 100644 index 0000000..964cecd --- /dev/null +++ b/CHANGELOG/1.8.1/date.md @@ -0,0 +1 @@ +Nov 28th, 2022 diff --git a/CHANGELOG/current/date.md b/CHANGELOG/current/date.md deleted file mode 100644 index 7dc3755..0000000 --- a/CHANGELOG/current/date.md +++ /dev/null @@ -1 +0,0 @@ -Oct 26th, 2022 diff --git a/RELEASE.md b/RELEASE.md index 22cf2a3..a7b1c69 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,4 +1,11 @@ -1.8.0 [Oct 26th, 2022]: +1.8.1 [Nov 28th, 2022]: +--- + * [FIX] Nuclei's plugin check if the cwe is null and add retrocompability for newer versions for wpscan plugin + * [ADD] Add cvss2/3 and cwe to faraday_csv plugin + * [Add] Now nexpose_full plugin use severity from reports + * [FIX] Now plugins check if the ref is empty + +1.8.0: --- * [Add] Add invicti plugin * [Add] Add nessus_sc plugin diff --git a/faraday_plugins/__init__.py b/faraday_plugins/__init__.py index b280975..e8b6b09 100644 --- a/faraday_plugins/__init__.py +++ b/faraday_plugins/__init__.py @@ -1 +1 @@ -__version__ = '1.8.0' +__version__ = '1.8.1' diff --git a/faraday_plugins/plugins/plugin.py b/faraday_plugins/plugins/plugin.py index 4867777..39ffc06 100644 --- a/faraday_plugins/plugins/plugin.py +++ b/faraday_plugins/plugins/plugin.py @@ -426,13 +426,15 @@ """ Change reference struct from list of strings to a list of dicts with the form of {name, type} """ + if not ref: + return [] refs = [] - if ref: - for r in ref: - if isinstance(r, dict): - refs.append(r) - else: - refs.append({'name': r, 'type': 'other'}) + for r in ref: + if isinstance(r, dict): + refs.append(r) + else: + if r.strip(): + refs.append({'name': r.strip(), 'type': 'other'}) return refs def createAndAddVulnToHost(self, host_id, name, desc="", ref=None, diff --git a/faraday_plugins/plugins/repo/faraday_csv/plugin.py b/faraday_plugins/plugins/repo/faraday_csv/plugin.py index b413633..fb2945f 100644 --- a/faraday_plugins/plugins/repo/faraday_csv/plugin.py +++ b/faraday_plugins/plugins/repo/faraday_csv/plugin.py @@ -50,6 +50,11 @@ "custom_fields", "website", "path", + "cwe", + "cvss2_base_score", + "cvss2_vector_string", + "cvss3_base_score", + "cvss3_vector_string", "request", "response", "method", @@ -294,6 +299,16 @@ tags=item['service_tags'] ) if item['row_with_vuln']: + cvss2 = { + "base_score": item['cvss2_base_score'], + } + if item['cvss2_vector_string']: + cvss2["vector_string"]= item['cvss2_vector_string'] + cvss3 = { + "base_score": item['cvss3_base_score'], + } + if item['cvss3_vector_string']: + cvss3["vector_string"]= item['cvss3_vector_string'] if not item['web_vulnerability'] and not s_id: self.createAndAddVulnToHost( h_id, @@ -310,6 +325,9 @@ impact=item['impact'], policyviolations=item['policyviolations'], cve=item['cve'], + cwe=item['cwe'], + cvss2=cvss2, + cvss3=cvss3, custom_fields=item['custom_fields'], tags=item['tags'] ) @@ -330,6 +348,9 @@ impact=item['impact'], policyviolations=item['policyviolations'], cve=item['cve'], + cwe=item['cwe'], + cvss2=cvss2, + cvss3=cvss3, custom_fields=item['custom_fields'], tags=item['tags'] ) @@ -358,6 +379,9 @@ impact=item['impact'], policyviolations=item['policyviolations'], cve=item['cve'], + cwe=item['cwe'], + cvss2=cvss2, + cvss3=cvss3, status_code=item['status_code'] or None, custom_fields=item['custom_fields'], tags=item['tags'] diff --git a/faraday_plugins/plugins/repo/nexpose_full/plugin.py b/faraday_plugins/plugins/repo/nexpose_full/plugin.py index 18ba074..40c207f 100644 --- a/faraday_plugins/plugins/repo/nexpose_full/plugin.py +++ b/faraday_plugins/plugins/repo/nexpose_full/plugin.py @@ -40,6 +40,21 @@ self.items = self.get_items(tree, self.vulns) else: self.items = [] + + @staticmethod + def get_severity_from_report(score): + try: + if type(score) != float: + score = float(score) + + cvss_ranges = [(0.0, 3.4, 'med'), + (3.5, 7.4, 'high'), + (7.5, 10.1, 'critical')] + for (lower, upper, severity) in cvss_ranges: + if lower <= score < upper: + return severity + except ValueError: + return 'unclassified' @staticmethod def parse_xml(xml_output): @@ -143,7 +158,7 @@ 'name': vulnDef.get('title'), 'refs': [], 'resolution': "", - 'severity': "", + 'severity': self.get_severity_from_report(vulnDef.get('severity')), 'tags': list(), 'is_web': vid.startswith('http-'), 'risk': vulnDef.get('riskScore'), diff --git a/faraday_plugins/plugins/repo/nuclei/plugin.py b/faraday_plugins/plugins/repo/nuclei/plugin.py index e88f31c..bd729ae 100644 --- a/faraday_plugins/plugins/repo/nuclei/plugin.py +++ b/faraday_plugins/plugins/repo/nuclei/plugin.py @@ -97,11 +97,11 @@ if cve: cve = [x.upper() for x in cve] - # TODO CVSSv2, CVSSv3, CWE and CAPEC - #cvssv2 = vuln_dict['info'].get('classification', {}).get('cvss-score') - #cvssv3 = vuln_dict['info'].get('classification', {}).get('cvss-metrics') + vector_string = vuln_dict['info'].get('classification', {}).get('cvss-metrics') + cvss3 = {"vector_string": vector_string} if vector_string else None cwe = vuln_dict['info'].get('classification', {}).get('cwe-id', []) - cwe = [x.upper() for x in cwe] + if cwe: + cwe = [x.upper() for x in cwe] #capec = vuln_dict['info'].get('metadata', {}).get('capec', []) #if isinstance(capec, str): # capec = capec.upper().split(',') @@ -162,7 +162,8 @@ path=matched_data.path, data="\n".join(data), external_id=f"NUCLEI-{vuln_dict.get('template-id', '')}", - run_date=run_date + run_date=run_date, + cvss3=cvss3 ) def processCommandString(self, username, current_path, command_string): @@ -174,7 +175,7 @@ command_string) else: return re.sub(arg_match.group(1), - r"--json -irr -o %s" % self._output_file_path, + r" --json -irr -o %s" % self._output_file_path, command_string) def canParseCommandString(self, current_input): diff --git a/faraday_plugins/plugins/repo/wpscan/plugin.py b/faraday_plugins/plugins/repo/wpscan/plugin.py index 4ef763d..1c01efa 100644 --- a/faraday_plugins/plugins/repo/wpscan/plugin.py +++ b/faraday_plugins/plugins/repo/wpscan/plugin.py @@ -54,7 +54,8 @@ self.name = "WPscan" self.plugin_version = "0.2" self.version = "3.4.5" - self.json_keys = {"target_url", "effective_url", "interesting_findings"} + self.json_keys = [{"target_url", "effective_url", "interesting_findings"}, + {"target_url", "effective_url", "plugins"}] self._command_regex = re.compile(r'^(sudo wpscan|wpscan)\s+.*?') self._use_temp_file = True self._temp_file_extension = "json" @@ -74,16 +75,18 @@ for user, data in parser.json_data.get('users', {}).items(): self.createAndAddCredToService(host_id, service_id, user, "") main_theme = parser.json_data.get("main_theme", {}) - for vuln in main_theme.get("vulnerabilities", []): - wpvulndb = ",".join(vuln['references'].get('wpvulndb', [])) - self.createAndAddVulnWebToService(host_id, service_id, vuln['title'], ref=vuln['references'].get('url', []), - severity='unclassified', external_id=wpvulndb) + if main_theme: + for vuln in main_theme.get("vulnerabilities", []): + wpvulndb = ",".join(vuln['references'].get('wpvulndb', [])) + self.createAndAddVulnWebToService(host_id, service_id, vuln['title'], ref=vuln['references'].get('url', []), + severity='unclassified', external_id=wpvulndb) for plugin, plugin_data in parser.json_data.get("plugins", {}).items(): for vuln in plugin_data['vulnerabilities']: wpvulndb = ",".join(vuln['references'].get('wpvulndb', [])) + cve = ["CVE-"+ cve for cve in vuln['references'].get('cve')] if vuln['references'].get('cve') else [] self.createAndAddVulnWebToService(host_id, service_id, f"{plugin}: {vuln['title']}", ref=vuln['references'].get('url', []), - severity='unclassified', external_id=wpvulndb) + severity='unclassified', external_id=wpvulndb, cve=cve) for vuln in parser.json_data.get("interesting_findings", []): if vuln['to_s'].startswith('http'): vuln_name = f"{vuln['type']}: {vuln['to_s']}"