Codebase list faraday-plugins / upstream/1.5.5
Import upstream version 1.5.5 Kali Janitor 2 years ago
13 changed file(s) with 71 addition(s) and 25 deletion(s). Raw diff Collapse all Expand all
+1
-0
CHANGELOG/1.5.3/command_support_nuclei.md less more
0 Adding support for running nuclei through command / faraday-cli
+1
-0
CHANGELOG/1.5.3/date.md less more
0 Sep 7th, 2021
+1
-0
CHANGELOG/1.5.3/fix_mising_references.md less more
0 Fix missing references in nuclei
+1
-0
CHANGELOG/1.5.4/date.md less more
0 Oct 19th, 2021
+1
-0
CHANGELOG/1.5.4/nuclei_updates.md less more
0 Update nuclei parser
+1
-0
CHANGELOG/1.5.5/date.md less more
0 Oct 21st, 2021
+1
-0
CHANGELOG/1.5.5/merge_from_github.md less more
0 Merge PR from github
+8
-10
README.md less more
55
66 ## Commands
77
8 > List Plugins
8 ### List Plugins
99
1010 List all plugins and if its compatible with command or/and report
1111
1717 faraday-plugins list-plugins
1818 ```
1919
20 > Test autodetect plugin from command
20 ### Test autodetect plugin from command
2121
2222 ```shell script
2323 faraday-plugins detect-command "ping -c 4 www.google.com"
2525 Faraday Plugin: ping
2626 ```
2727
28 > Test process command with plugin
28 ### Test process command with plugin
2929
3030 Optional params:
3131
6666 }
6767 ```
6868
69 > Test autodetect plugin from report
69 ### Test autodetect plugin from report
7070
7171 ```shell script
7272 faraday-plugins detect-report /path/to/report.xml
7474 Faraday Plugin: Nmap
7575 ```
7676
77
78 > Test report with plugin
77 ### Test report with plugin
7978
8079 Optional params:
8180
135134 }
136135 ```
137136
138 > Plugin Logger
137 ## Plugin Logger
139138
140 To use it you must call ```self.logger.debug("some message")```
139 To use it you must call `self.logger.debug("some message")`
141140
142141 ```shell script
143142 export PLUGIN_DEBUG=1
155154 ...
156155 ```
157156
158
159 > More documentation here https://github.com/infobyte/faraday/wiki/Basic-plugin-development
157 More documentation here https://github.com/infobyte/faraday/wiki/Basic-plugin-development
+13
-0
RELEASE.md less more
0 1.5.5 [Oct 21st, 2021]:
1 ---
2 * Merge PR from github
3
4 1.5.4 [Oct 19th, 2021]:
5 ---
6 * Update nuclei parser
7
8 1.5.3 [Sep 7th, 2021]:
9 ---
10 * Adding support for running nuclei through command / faraday-cli
11 * Fix missing references in nuclei
12
013 1.5.2 [Aug 9th, 2021]:
114 ---
215 * add new structure acunetix
+1
-1
faraday_plugins/__init__.py less more
0 __version__ = '1.5.2'
0 __version__ = '1.5.5'
+1
-1
faraday_plugins/plugins/plugin.py less more
273273 command that it's going to be executed.
274274 """
275275 self._current_path = current_path
276 if command_string.startswith("sudo"):
276 if command_string.startswith(("sudo","python","python3")):
277277 params = " ".join(command_string.split()[2:])
278278 else:
279279 params = " ".join(command_string.split()[1:])
+33
-9
faraday_plugins/plugins/repo/nuclei/plugin.py less more
3131 super().__init__(*arg, **kwargs)
3232 self.id = "nuclei"
3333 self.name = "Nuclei"
34 self.plugin_version = "1.0.0"
34 self.plugin_version = "1.0.1"
3535 self.version = "2.3.8"
3636 self.json_keys = {"matched", "templateID", "host"}
37 self._command_regex = re.compile(r'^(sudo nuclei|nuclei|\.\/nuclei|^.*?nuclei)\s+.*?')
38 self.xml_arg_re = re.compile(r"^.*(-o\s*[^\s]+).*$")
39 self._use_temp_file = True
40 self._temp_file_extension = "json"
3741
3842 def parseOutputString(self, output, debug=False):
3943 for vuln_json in filter(lambda x: x != '', output.split("\n")):
6165 matched = vuln_dict.get('matched')
6266 matched_data = urlparse(matched)
6367 reference = vuln_dict["info"].get('reference', [])
64 if reference:
68 if not reference:
69 reference = []
70 else:
6571 if isinstance(reference, str):
6672 if re.match('^- ', reference):
67 reference = list(filter(None, [re.sub('^- ','', elem) for elem in reference.split('\n')]))
73 reference = list(filter(None, [re.sub('^- ', '', elem) for elem in reference.split('\n')]))
6874 else:
6975 reference = [reference]
7076 references = vuln_dict["info"].get('references', [])
7177 if references:
7278 if isinstance(references, str):
7379 if re.match('^- ', references):
74 references = list(filter(None, [re.sub('^- ','', elem) for elem in references.split('\n')]))
80 references = list(filter(None, [re.sub('^- ', '', elem) for elem in references.split('\n')]))
7581 else:
7682 references = [references]
83 else:
84 references = []
7785 cwe = vuln_dict['info'].get('cwe', [])
7886 capec = vuln_dict['info'].get('capec', [])
79 refs = list(set(reference + references + cwe + capec)).sort()
80 tags = vuln_dict['info'].get('tags', '').split(',')
87 refs = sorted(list(set(reference + references + cwe + capec)))
88 tags = vuln_dict['info'].get('tags', [])
89 if isinstance(tags, str):
90 tags = tags.split(',')
8191 impact = vuln_dict['info'].get('impact')
8292 resolution = vuln_dict['info'].get('resolution', '')
8393 easeofresolution = vuln_dict['info'].get('easeofresolution')
8797 else:
8898 method = ""
8999 data = [f"Matched: {vuln_dict.get('matched')}",
90 f"Tags: {vuln_dict['info'].get('tags')}",
100 f"Tags: {vuln_dict['info'].get('tags', '')}",
91101 f"Template ID: {vuln_dict['templateID']}"]
92102
93103 name = vuln_dict["info"].get("name")
116126 external_id=f"NUCLEI-{vuln_dict.get('templateID', '')}",
117127 run_date=run_date
118128 )
119
120
129
130 def processCommandString(self, username, current_path, command_string):
131 """
132 Adds the -oX parameter to get xml output to the command string that the
133 user has set.
134 """
135 super().processCommandString(username, current_path, command_string)
136 arg_match = self.xml_arg_re.match(command_string)
137 if arg_match is None:
138 return re.sub(r"(^.*?nuclei)",
139 r"\1 --json -irr -o %s" % self._output_file_path,
140 command_string)
141 else:
142 return re.sub(arg_match.group(1),
143 r"--json -irr -o %s" % self._output_file_path,
144 command_string)
121145
122146
123147 def createPlugin(ignore_info=False):
+8
-4
tests/test_cli.py less more
00 import json
11 import os
22 import re
3 from tempfile import NamedTemporaryFile
3 import pytest
44 from click.testing import CliRunner
55 from faraday_plugins.commands import list_plugins, detect_command, process_command, detect_report, process_report
66
2121 assert result.output.strip() == "Failed to detect command: invalid_command"
2222
2323
24 @pytest.mark.skip(reason="issue with docker image")
2425 def test_detect_command():
2526 runner = CliRunner()
2627 result = runner.invoke(detect_command, args=['ping -c 1 www.google.com'])
2829 assert result.output.strip() == "Faraday Plugin: ping"
2930
3031
32 @pytest.mark.skip(reason="issue with docker image")
3133 def test_process_command():
3234 runner = CliRunner()
3335 result = runner.invoke(process_command, args=['ping -c 1 www.google.com', '--summary'])
34 assert result.exit_code == 0
36 assert result.exit_code == 0, result.output
3537 summary = json.loads(result.output.strip())
3638 assert summary['hosts'] == 1
3739
3840
41 @pytest.mark.skip(reason="issue with docker image")
3942 def test_process_command_ping():
4043 runner = CliRunner()
4144 result = runner.invoke(process_command, args=['ping -c 1 www.google.com'])
42 assert result.exit_code == 0
45 assert result.exit_code == 0, result.output
4346 summary = json.loads(result.output.strip())
4447
4548 assert summary['command']["command"] == 'ping'
4649
4750
51 @pytest.mark.skip(reason="issue with docker image")
4852 def test_process_command_to_file():
4953 runner = CliRunner()
5054 with runner.isolated_filesystem() as file_system:
5155 output_file = os.path.join(file_system, "test.json")
5256 result = runner.invoke(process_command, args=['ping -c 1 www.google.com', '-o', output_file])
53 assert result.exit_code == 0
57 assert result.exit_code == 0, result.output
5458 assert os.path.isfile(output_file)
5559 with open(output_file) as f:
5660 vuln_json = json.load(f)