New upstream release.
Kali Janitor
2 years ago
0 | Adding support for running nuclei through command / faraday-cli |
0 | Sep 7th, 2021 |
0 | Fix missing references in nuclei |
0 | 1.5.3 [Sep 7th, 2021]: | |
1 | --- | |
2 | * Adding support for running nuclei through command / faraday-cli | |
3 | * Fix missing references in nuclei | |
4 | ||
0 | 5 | 1.5.2 [Aug 9th, 2021]: |
1 | 6 | --- |
2 | 7 | * add new structure acunetix |
0 | faraday-plugins (1.5.3-0kali1) UNRELEASED; urgency=low | |
1 | ||
2 | * New upstream release. | |
3 | ||
4 | -- Kali Janitor <[email protected]> Sat, 16 Oct 2021 23:22:46 -0000 | |
5 | ||
0 | 6 | faraday-plugins (1.5.2-0kali1) kali-dev; urgency=medium |
1 | 7 | |
2 | 8 | [ Kali Janitor ] |
31 | 31 | super().__init__(*arg, **kwargs) |
32 | 32 | self.id = "nuclei" |
33 | 33 | self.name = "Nuclei" |
34 | self.plugin_version = "1.0.0" | |
34 | self.plugin_version = "1.0.1" | |
35 | 35 | self.version = "2.3.8" |
36 | 36 | self.json_keys = {"matched", "templateID", "host"} |
37 | self._command_regex = re.compile(r'^(sudo nuclei|nuclei|\.\/nuclei|^.*?nuclei)\s+.*?') | |
38 | self.xml_arg_re = re.compile(r"^.*(-o\s*[^\s]+).*$") | |
39 | self._use_temp_file = True | |
40 | self._temp_file_extension = "json" | |
37 | 41 | |
38 | 42 | def parseOutputString(self, output, debug=False): |
39 | 43 | for vuln_json in filter(lambda x: x != '', output.split("\n")): |
76 | 80 | references = [references] |
77 | 81 | cwe = vuln_dict['info'].get('cwe', []) |
78 | 82 | capec = vuln_dict['info'].get('capec', []) |
79 | refs = list(set(reference + references + cwe + capec)).sort() | |
83 | refs = sorted(list(set(reference + references + cwe + capec))) | |
80 | 84 | tags = vuln_dict['info'].get('tags', '').split(',') |
81 | 85 | impact = vuln_dict['info'].get('impact') |
82 | 86 | resolution = vuln_dict['info'].get('resolution', '') |
116 | 120 | external_id=f"NUCLEI-{vuln_dict.get('templateID', '')}", |
117 | 121 | run_date=run_date |
118 | 122 | ) |
123 | ||
124 | def processCommandString(self, username, current_path, command_string): | |
125 | """ | |
126 | Adds the -oX parameter to get xml output to the command string that the | |
127 | user has set. | |
128 | """ | |
129 | super().processCommandString(username, current_path, command_string) | |
130 | arg_match = self.xml_arg_re.match(command_string) | |
131 | if arg_match is None: | |
132 | return re.sub(r"(^.*?nuclei)", | |
133 | r"\1 --json -irr -o %s" % self._output_file_path, | |
134 | command_string) | |
135 | else: | |
136 | return re.sub(arg_match.group(1), | |
137 | r"--json -irr -o %s" % self._output_file_path, | |
138 | command_string) | |
119 | 139 | |
120 | 140 | |
121 | 141 |
0 | 0 | import json |
1 | 1 | import os |
2 | 2 | import re |
3 | from tempfile import NamedTemporaryFile | |
3 | import pytest | |
4 | 4 | from click.testing import CliRunner |
5 | 5 | from faraday_plugins.commands import list_plugins, detect_command, process_command, detect_report, process_report |
6 | 6 | |
21 | 21 | assert result.output.strip() == "Failed to detect command: invalid_command" |
22 | 22 | |
23 | 23 | |
24 | @pytest.mark.skip(reason="issue with docker image") | |
24 | 25 | def test_detect_command(): |
25 | 26 | runner = CliRunner() |
26 | 27 | result = runner.invoke(detect_command, args=['ping -c 1 www.google.com']) |
28 | 29 | assert result.output.strip() == "Faraday Plugin: ping" |
29 | 30 | |
30 | 31 | |
32 | @pytest.mark.skip(reason="issue with docker image") | |
31 | 33 | def test_process_command(): |
32 | 34 | runner = CliRunner() |
33 | 35 | result = runner.invoke(process_command, args=['ping -c 1 www.google.com', '--summary']) |
34 | assert result.exit_code == 0 | |
36 | assert result.exit_code == 0, result.output | |
35 | 37 | summary = json.loads(result.output.strip()) |
36 | 38 | assert summary['hosts'] == 1 |
37 | 39 | |
38 | 40 | |
41 | @pytest.mark.skip(reason="issue with docker image") | |
39 | 42 | def test_process_command_ping(): |
40 | 43 | runner = CliRunner() |
41 | 44 | result = runner.invoke(process_command, args=['ping -c 1 www.google.com']) |
42 | assert result.exit_code == 0 | |
45 | assert result.exit_code == 0, result.output | |
43 | 46 | summary = json.loads(result.output.strip()) |
44 | 47 | |
45 | 48 | assert summary['command']["command"] == 'ping' |
46 | 49 | |
47 | 50 | |
51 | @pytest.mark.skip(reason="issue with docker image") | |
48 | 52 | def test_process_command_to_file(): |
49 | 53 | runner = CliRunner() |
50 | 54 | with runner.isolated_filesystem() as file_system: |
51 | 55 | output_file = os.path.join(file_system, "test.json") |
52 | 56 | result = runner.invoke(process_command, args=['ping -c 1 www.google.com', '-o', output_file]) |
53 | assert result.exit_code == 0 | |
57 | assert result.exit_code == 0, result.output | |
54 | 58 | assert os.path.isfile(output_file) |
55 | 59 | with open(output_file) as f: |
56 | 60 | vuln_json = json.load(f) |