From 7484ed2d4f8af5dcbc77c134a1610a5c9fe7912a Mon Sep 17 00:00:00 2001 From: cw Date: Wed, 21 Jul 2021 09:49:43 +0200 Subject: [PATCH 1/3] updated nessus plugin with http or https check to get rid of "www" name in faraday --- .../plugins/repo/nessus/checksvc.py | 24 +++++++++++++++++++ faraday_plugins/plugins/repo/nessus/plugin.py | 13 +++++++--- 2 files changed, 34 insertions(+), 3 deletions(-) create mode 100644 faraday_plugins/plugins/repo/nessus/checksvc.py diff --git a/faraday_plugins/plugins/repo/nessus/checksvc.py b/faraday_plugins/plugins/repo/nessus/checksvc.py new file mode 100644 index 00000000..c4aa7a5d --- /dev/null +++ b/faraday_plugins/plugins/repo/nessus/checksvc.py @@ -0,0 +1,24 @@ +import http.client +import ssl + +def is_https(target): + try: + ctx = ssl._create_unverified_context() + ctx.set_ciphers('DEFAULT@SECLEVEL=0') + conn = http.client.HTTPSConnection(target, context=ctx, timeout=4) + headers = {'User-Agent': 'Mozilla/4.0 (compatible; MSIE5.01; Windows NT)'} + conn.request(method="GET", url="/", headers=headers) + var = conn.getresponse() + return True + except: + return False + +def is_http(target): + try: + conn = http.client.HTTPConnection(target, timeout=4) + headers = {'User-Agent': 'Mozilla/4.0 (compatible; MSIE5.01; Windows NT)'} + conn.request(method="GET", url="/", headers=headers) + var = conn.getresponse() + return True + except: + return False diff --git a/faraday_plugins/plugins/repo/nessus/plugin.py b/faraday_plugins/plugins/repo/nessus/plugin.py index 4ae331b4..02d84884 100644 --- a/faraday_plugins/plugins/repo/nessus/plugin.py +++ b/faraday_plugins/plugins/repo/nessus/plugin.py @@ -20,7 +20,7 @@ __status__ = "Development" from faraday_plugins.plugins.repo.nessus.DTO import ReportHost, Report, ReportItem - +from faraday_plugins.plugins.repo.nessus import checksvc class NessusParser: """ @@ -154,7 +154,14 @@ def parseOutputString(self, output): if not vulnerability_name: continue item_name = item.svc_name_attr - + #check if service is http or https: + if not item_name == 'general' and item.protocol_attr == 'tcp': + target = host.name + ":" + item.port_attr + if checksvc.is_https(target): + item_name = 'https' + elif checksvc.is_http(target): + item_name = 'http' + #End check _main_data = self.map_item( host_id, run_date, vulnerability_name, item) @@ -166,7 +173,7 @@ def parseOutputString(self, output): _main_data["service_id"] = self.createAndAddServiceToHost( host_id, name=item_name, protocol=item.protocol_attr, ports=item.port_attr) - if item_name == 'www' or item_name == 'http': + if item_name == 'www' or item_name == 'http' or item_name == 'https': _main_data.update({"website": website}) self.createAndAddVulnWebToService(**_main_data) else: From 89c6db2c4a48daef80785c1c8b81fc64b73b3f95 Mon Sep 17 00:00:00 2001 From: cw Date: Wed, 21 Jul 2021 13:07:50 +0200 Subject: [PATCH 2/3] updated nuclei plugin to enable "resolution" field --- faraday_plugins/plugins/repo/nuclei/plugin.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/faraday_plugins/plugins/repo/nuclei/plugin.py b/faraday_plugins/plugins/repo/nuclei/plugin.py index e11dbc2b..fa78901d 100644 --- a/faraday_plugins/plugins/repo/nuclei/plugin.py +++ b/faraday_plugins/plugins/repo/nuclei/plugin.py @@ -74,6 +74,10 @@ def parseOutputString(self, output, debug=False): run_date = vuln_dict.get('timestamp') if run_date: run_date = dateutil.parser.parse(run_date) + if vuln_dict["info"].get('resolution'): + vuln_resolution = vuln_dict["info"].get('resolution') + else: + vuln_resolution = "" self.createAndAddVulnWebToService( host_id, service_id, @@ -81,6 +85,7 @@ def parseOutputString(self, output, debug=False): desc=vuln_dict["info"].get("description", name), ref=references, severity=vuln_dict["info"].get('severity'), + resolution=vuln_resolution, website=host, request=request, response=vuln_dict.get('response', ''), @@ -99,4 +104,3 @@ def parseOutputString(self, output, debug=False): def createPlugin(ignore_info=False): return NucleiPlugin(ignore_info=ignore_info) - From 171a2840f1a37e607068b4ebf99ec6eb28b99418 Mon Sep 17 00:00:00 2001 From: ChriZzn <25209291+ChriZzn@users.noreply.github.com> Date: Thu, 22 Jul 2021 16:41:20 +0200 Subject: [PATCH 3/3] updateing nuclei plugin to allow (nuclei)dns plugin import --- faraday_plugins/plugins/repo/nuclei/plugin.py | 96 ++++++++++++------- 1 file changed, 59 insertions(+), 37 deletions(-) diff --git a/faraday_plugins/plugins/repo/nuclei/plugin.py b/faraday_plugins/plugins/repo/nuclei/plugin.py index fa78901d..0cea91bd 100644 --- a/faraday_plugins/plugins/repo/nuclei/plugin.py +++ b/faraday_plugins/plugins/repo/nuclei/plugin.py @@ -38,26 +38,34 @@ def __init__(self, *arg, **kwargs): def parseOutputString(self, output, debug=False): for vuln_json in filter(lambda x: x != '', output.split("\n")): vuln_dict = json.loads(vuln_json) - host = vuln_dict.get('host') - url_data = urlparse(host) - ip = vuln_dict.get("ip", resolve_hostname(url_data.hostname)) + if vuln_dict.get('type') == "dns": + #sepcial handling if only a domain was provided + hostname = vuln_dict.get('host') + ip = resolve_hostname(hostname) + url_data = False + else: + host = vuln_dict.get('host') + url_data = urlparse(host) + hostname = url_data.hostname + ip = vuln_dict.get("ip", resolve_hostname(url_data.hostname)) host_id = self.createAndAddHost( name=ip, - hostnames=[url_data.hostname]) - port = url_data.port - if not port: - if url_data.scheme == 'https': - port = 443 - else: - port = 80 - service_id = self.createAndAddServiceToHost( - host_id, - name=url_data.scheme, - ports=port, - protocol="tcp", - status='open', - version='', - description='web server') + hostnames=[hostname]) + if url_data: + port = url_data.port + if not port: + if url_data.scheme == 'https': + port = 443 + else: + port = 80 + service_id = self.createAndAddServiceToHost( + host_id, + name=url_data.scheme, + ports=port, + protocol="tcp", + status='open', + version='', + description='web server') matched = vuln_dict.get('matched') matched_data = urlparse(matched) references = [f"author: {vuln_dict['info'].get('author', '')}"] @@ -78,25 +86,38 @@ def parseOutputString(self, output, debug=False): vuln_resolution = vuln_dict["info"].get('resolution') else: vuln_resolution = "" - self.createAndAddVulnWebToService( - host_id, - service_id, - name=name, - desc=vuln_dict["info"].get("description", name), - ref=references, - severity=vuln_dict["info"].get('severity'), - resolution=vuln_resolution, - website=host, - request=request, - response=vuln_dict.get('response', ''), - method=method, - query=matched_data.query, - params=matched_data.params, - path=matched_data.path, - data="\n".join(data), - external_id=f"NUCLEI-{vuln_dict.get('templateID', '')}", - run_date=run_date - ) + if url_data: + self.createAndAddVulnWebToService( + host_id, + service_id, + name=name, + desc=vuln_dict["info"].get("description", name), + ref=references, + severity=vuln_dict["info"].get('severity'), + resolution=vuln_resolution, + website=host, + request=request, + response=vuln_dict.get('response', ''), + method=method, + query=matched_data.query, + params=matched_data.params, + path=matched_data.path, + data="\n".join(data), + external_id=f"NUCLEI-{vuln_dict.get('templateID', '')}", + run_date=run_date + ) + else: + self.createAndAddVulnToHost( + host_id, + name=name, + desc=vuln_dict["info"].get("description", name), + ref=references, + severity=vuln_dict["info"].get('severity'), + resolution=vuln_resolution, + data="\n".join(data), + external_id=f"NUCLEI-{vuln_dict.get('templateID', '')}", + run_date=run_date + ) @@ -104,3 +125,4 @@ def parseOutputString(self, output, debug=False): def createPlugin(ignore_info=False): return NucleiPlugin(ignore_info=ignore_info) +