Import upstream version 1.5.3
Kali Janitor
2 years ago
| 0 | Adding support for running nuclei through command / faraday-cli |
| 0 | Sep 7th, 2021 |
| 0 | Fix missing references in nuclei |
| 0 | 1.5.3 [Sep 7th, 2021]: | |
| 1 | --- | |
| 2 | * Adding support for running nuclei through command / faraday-cli | |
| 3 | * Fix missing references in nuclei | |
| 4 | ||
| 0 | 5 | 1.5.2 [Aug 9th, 2021]: |
| 1 | 6 | --- |
| 2 | 7 | * add new structure acunetix |
| 31 | 31 | super().__init__(*arg, **kwargs) |
| 32 | 32 | self.id = "nuclei" |
| 33 | 33 | self.name = "Nuclei" |
| 34 | self.plugin_version = "1.0.0" | |
| 34 | self.plugin_version = "1.0.1" | |
| 35 | 35 | self.version = "2.3.8" |
| 36 | 36 | self.json_keys = {"matched", "templateID", "host"} |
| 37 | self._command_regex = re.compile(r'^(sudo nuclei|nuclei|\.\/nuclei|^.*?nuclei)\s+.*?') | |
| 38 | self.xml_arg_re = re.compile(r"^.*(-o\s*[^\s]+).*$") | |
| 39 | self._use_temp_file = True | |
| 40 | self._temp_file_extension = "json" | |
| 37 | 41 | |
| 38 | 42 | def parseOutputString(self, output, debug=False): |
| 39 | 43 | for vuln_json in filter(lambda x: x != '', output.split("\n")): |
| 76 | 80 | references = [references] |
| 77 | 81 | cwe = vuln_dict['info'].get('cwe', []) |
| 78 | 82 | capec = vuln_dict['info'].get('capec', []) |
| 79 | refs = list(set(reference + references + cwe + capec)).sort() | |
| 83 | refs = sorted(list(set(reference + references + cwe + capec))) | |
| 80 | 84 | tags = vuln_dict['info'].get('tags', '').split(',') |
| 81 | 85 | impact = vuln_dict['info'].get('impact') |
| 82 | 86 | resolution = vuln_dict['info'].get('resolution', '') |
| 116 | 120 | external_id=f"NUCLEI-{vuln_dict.get('templateID', '')}", |
| 117 | 121 | run_date=run_date |
| 118 | 122 | ) |
| 123 | ||
| 124 | def processCommandString(self, username, current_path, command_string): | |
| 125 | """ | |
| 126 | Adds the -oX parameter to get xml output to the command string that the | |
| 127 | user has set. | |
| 128 | """ | |
| 129 | super().processCommandString(username, current_path, command_string) | |
| 130 | arg_match = self.xml_arg_re.match(command_string) | |
| 131 | if arg_match is None: | |
| 132 | return re.sub(r"(^.*?nuclei)", | |
| 133 | r"\1 --json -irr -o %s" % self._output_file_path, | |
| 134 | command_string) | |
| 135 | else: | |
| 136 | return re.sub(arg_match.group(1), | |
| 137 | r"--json -irr -o %s" % self._output_file_path, | |
| 138 | command_string) | |
| 119 | 139 | |
| 120 | 140 | |
| 121 | 141 | |
| 0 | 0 | import json |
| 1 | 1 | import os |
| 2 | 2 | import re |
| 3 | from tempfile import NamedTemporaryFile | |
| 3 | import pytest | |
| 4 | 4 | from click.testing import CliRunner |
| 5 | 5 | from faraday_plugins.commands import list_plugins, detect_command, process_command, detect_report, process_report |
| 6 | 6 | |
| 21 | 21 | assert result.output.strip() == "Failed to detect command: invalid_command" |
| 22 | 22 | |
| 23 | 23 | |
| 24 | @pytest.mark.skip(reason="issue with docker image") | |
| 24 | 25 | def test_detect_command(): |
| 25 | 26 | runner = CliRunner() |
| 26 | 27 | result = runner.invoke(detect_command, args=['ping -c 1 www.google.com']) |
| 28 | 29 | assert result.output.strip() == "Faraday Plugin: ping" |
| 29 | 30 | |
| 30 | 31 | |
| 32 | @pytest.mark.skip(reason="issue with docker image") | |
| 31 | 33 | def test_process_command(): |
| 32 | 34 | runner = CliRunner() |
| 33 | 35 | result = runner.invoke(process_command, args=['ping -c 1 www.google.com', '--summary']) |
| 34 | assert result.exit_code == 0 | |
| 36 | assert result.exit_code == 0, result.output | |
| 35 | 37 | summary = json.loads(result.output.strip()) |
| 36 | 38 | assert summary['hosts'] == 1 |
| 37 | 39 | |
| 38 | 40 | |
| 41 | @pytest.mark.skip(reason="issue with docker image") | |
| 39 | 42 | def test_process_command_ping(): |
| 40 | 43 | runner = CliRunner() |
| 41 | 44 | result = runner.invoke(process_command, args=['ping -c 1 www.google.com']) |
| 42 | assert result.exit_code == 0 | |
| 45 | assert result.exit_code == 0, result.output | |
| 43 | 46 | summary = json.loads(result.output.strip()) |
| 44 | 47 | |
| 45 | 48 | assert summary['command']["command"] == 'ping' |
| 46 | 49 | |
| 47 | 50 | |
| 51 | @pytest.mark.skip(reason="issue with docker image") | |
| 48 | 52 | def test_process_command_to_file(): |
| 49 | 53 | runner = CliRunner() |
| 50 | 54 | with runner.isolated_filesystem() as file_system: |
| 51 | 55 | output_file = os.path.join(file_system, "test.json") |
| 52 | 56 | result = runner.invoke(process_command, args=['ping -c 1 www.google.com', '-o', output_file]) |
| 53 | assert result.exit_code == 0 | |
| 57 | assert result.exit_code == 0, result.output | |
| 54 | 58 | assert os.path.isfile(output_file) |
| 55 | 59 | with open(output_file) as f: |
| 56 | 60 | vuln_json = json.load(f) |