infobyte / faraday_plugins Goto Github PK
View Code? Open in Web Editor NEWSecurity tools report parsers for Faradaysec.com
Home Page: https://www.faradaysec.com/
License: GNU General Public License v3.0
Security tools report parsers for Faradaysec.com
Home Page: https://www.faradaysec.com/
License: GNU General Public License v3.0
I tried to export the nuclei results in several files and none of them were accepted by Faraday, I tried uploading directly via the GUI and Faraday-cli, but the file was not accepted. I tried using Json, JSONL, XML, and several standard outputs from Nuclei, does anyone know how I can pass information from Nuclei to Faraday?
Hi,
I tried to write a custom plugin for a tool and i was able to follow exactly from documentation : https://docs.faradaysec.com/Basic-plugin-development/
I tried testing it with the faraday-plugins process-report --custom-plugins-folder /home/faraday/.faraday/custom_plugins --plugin_id <plugin-id> /file.json
command and its working fine.
But when i try to update the server.ini with custom_plugins_folder option or update the faraday server with faraday-manage settings -a update reports
and give input to custom_plugins_folder to point at the custom plugins directory, the custom plugin isn't picked up at all. Can anyone help me with this issue.
Setup Ubuntu22.04 LTS
Faraday 5.0.0
faraday-cli 2.1.1
[apt](https://www.server-world.info/en/command/html/apt.html) -y install libopenscap8 bzip2
wget https://security-metadata.canonical.com/oval/com.ubuntu.$(lsb_release -cs).usn.oval.xml.bz2
bzip2 -d com.ubuntu.jammy.usn.oval.xml.bz2
oscap oval eval --results openscap_report.xml com.ubuntu.jammy.usn.oval.xml
now having a openscap .xml report I try to import it by using
faraday-cli tool report openscap_report.xml --plugin-id openscap
My faraday server responds with
EXCEPTION of type 'IndexError' occurred with message: list index out of range
the oscap result xml has the following layout
<?xml version="1.0" encoding="UTF-8"?>
<oval_results xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-results-5 oval-results-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd">
<generator>
<oval:product_name>cpe:/a:open-scap:oscap</oval:product_name>
<oval:product_version>1.2.17</oval:product_version>
<oval:schema_version>5.11.1</oval:schema_version>
<oval:timestamp>2024-01-04T14:47:47</oval:timestamp>
<terms_of_use xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5">Copyright (C) 2024 Canonical LTD. All rights reserved. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License version 3 for more details. You should have received a copy of the GNU General Public License version 3 along with this program. If not, see http://www.gnu.org/licenses/.</terms_of_use>
</generator>
<directives>
<definition_true reported="true" content="full"/>
<definition_false reported="true" content="full"/>
<definition_unknown reported="true" content="full"/>
<definition_error reported="true" content="full"/>
<definition_not_evaluated reported="true" content="full"/>
<definition_not_applicable reported="true" content="full"/>
</directives>
<oval_definitions xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:lin-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:win-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd">
<generator>
<oval:product_name>Canonical USN OVAL Generator</oval:product_name>
<oval:product_version>1</oval:product_version>
<oval:schema_version>5.11.1</oval:schema_version>
<oval:timestamp>2024-01-04T12:42:14</oval:timestamp>
<terms_of_use xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5">Copyright (C) 2024 Canonical LTD. All rights reserved. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License version 3 for more details. You should have received a copy of the GNU General Public License version 3 along with this program. If not, see http://www.gnu.org/licenses/.</terms_of_use>
</generator>
<definitions>
<definition id="oval:com.ubuntu.jammy:def:991000000" version="1" class="patch">
<metadata>
<title>LSN-0099-1 -- Kernel Live Patch Security Notice</title>
<affected family="unix">
<platform>Ubuntu 22.04 LTS</platform>
</affected>
<reference source="USN" ref_id="LSN-0099-1" ref_url="https://ubuntu.com/security/notices/LSN-0099-1"/>
<reference source="CVE" ref_id="CVE-2023-42752" ref_url="https://ubuntu.com/security/CVE-2023-42752"/>
<reference source="CVE" ref_id="CVE-2023-3777" ref_url="https://ubuntu.com/security/CVE-2023-3777"/>
<reference source="CVE" ref_id="CVE-2023-3609" ref_url="https://ubuntu.com/security/CVE-2023-3609"/>
<reference source="CVE" ref_id="CVE-2023-42753" ref_url="https://ubuntu.com/security/CVE-2023-42753"/>
<reference source="CVE" ref_id="CVE-2023-4623" ref_url="https://ubuntu.com/security/CVE-2023-4623"/>
<reference source="CVE" ref_id="CVE-2023-3567" ref_url="https://ubuntu.com/security/CVE-2023-3567"/>
<reference source="CVE" ref_id="CVE-2023-40283" ref_url="https://ubuntu.com/security/CVE-2023-40283"/>
<reference source="CVE" ref_id="CVE-2023-5197" ref_url="https://ubuntu.com/security/CVE-2023-5197"/>
<reference source="CVE" ref_id="CVE-2023-3776" ref_url="https://ubuntu.com/security/CVE-2023-3776"/>
<reference source="CVE" ref_id="CVE-2023-4622" ref_url="https://ubuntu.com/security/CVE-2023-4622"/>
<reference source="CVE" ref_id="CVE-2023-4004" ref_url="https://ubuntu.com/security/CVE-2023-4004"/>
<reference source="CVE" ref_id="CVE-2023-34319" ref_url="https://ubuntu.com/security/CVE-2023-34319"/>
<reference source="CVE" ref_id="CVE-2022-3643" ref_url="https://ubuntu.com/security/CVE-2022-3643"/>
<reference source="CVE" ref_id="CVE-2023-31436" ref_url="https://ubuntu.com/security/CVE-2023-31436"/>
<description>...</description>
<advisory xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" from="[email protected]">
<severity>High</severity>
<issued date="2023-11-28"/>
<cve href="https://ubuntu.com/security/CVE-2023-42752" priority="high" public="20231013" cvss_score="5.5" cvss_vector="CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" cvss_severity="medium" usns="6439-1,6440-1,6441-1,6442-1,6443-1,6444-1,6445-1,6446-1,6440-2,6439-2,6441-2,6444-2,6445-2,6446-2,6440-3,6446-3,6441-3,6460-1,6466-1">CVE-2023-42752</cve>
<cve href="https://ubuntu.com/security/CVE-2023-3777" priority="high" public="20230803" cvss_score="7.8" cvss_vector="CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" cvss_severity="high" usns="6315-1,6316-1,6318-1,6321-1,6325-1,6328-1,6330-1,6332-1,6348-1,6385-1">CVE-2023-3777</cve>
<cve href="https://ubuntu.com/security/CVE-2023-3609" priority="high" public="20230721" cvss_score="7.8" cvss_vector="CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" cvss_severity="high" usns="6285-1,6315-1,6317-1,6318-1,6321-1,6324-1,6325-1,6328-1,6329-1,6330-1,6331-1,6332-1,6346-1,6348-1,6357-1,6385-1,6397-1">CVE-2023-3609</cve>
<cve href="https://ubuntu.com/security/CVE-2023-42753" priority="high" public="20230925" cvss_score="7.8" cvss_vector="CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" cvss_severity="high" usns="6415-1,6439-1,6440-1,6441-1,6442-1,6444-1,6445-1,6446-1,6440-2,6439-2,6441-2,6444-2,6445-2,6446-2,6440-3,6446-3,6441-3,6466-1">CVE-2023-42753</cve>
<cve href="https://ubuntu.com/security/CVE-2023-4623" priority="high" public="20230906" cvss_score="7.8" cvss_vector="CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" cvss_severity="high" usns="6415-1,6439-1,6440-1,6441-1,6442-1,6444-1,6445-1,6446-1,6440-2,6439-2,6441-2,6444-2,6445-2,6446-2,6440-3,6446-3,6441-3,6460-1,6466-1">CVE-2023-4623</cve>
<cve href="https://ubuntu.com/security/CVE-2023-3567" priority="high" public="20230724" cvss_score="7.1" cvss_vector="CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" cvss_severity="high" usns="6309-1,6327-1,6341-1">CVE-2023-3567</cve>
<cve href="https://ubuntu.com/security/CVE-2023-40283" priority="high" public="20230814" cvss_score="7.8" cvss_vector="CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" cvss_severity="high" usns="6343-1,6383-1,6385-1,6386-1,6387-1,6388-1,6396-1,6387-2,6386-2,6386-3,6396-2,6396-3,6466-1">CVE-2023-40283</cve>
<cve href="https://ubuntu.com/security/CVE-2023-5197" priority="medium" public="20230927" cvss_score="6.6" cvss_vector="CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" cvss_severity="medium" usns="6443-1,6444-1,6445-1,6446-1,6444-2,6445-2,6446-2,6446-3,6454-1,6454-2,6466-1,6454-3,6454-4,6479-1">CVE-2023-5197</cve>
<cve href="https://ubuntu.com/security/CVE-2023-3776" priority="high" public="20230721" cvss_score="7.8" cvss_vector="CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" cvss_severity="high" usns="6285-1,6309-1,6315-1,6317-1,6318-1,6321-1,6324-1,6325-1,6327-1,6328-1,6329-1,6330-1,6331-1,6332-1,6341-1,6342-1,6346-1,6348-1,6342-2,6357-1,6385-1,6397-1">CVE-2023-3776</cve>
<cve href="https://ubuntu.com/security/CVE-2023-4622" priority="high" public="20230906" cvss_score="7.0" cvss_vector="CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" cvss_severity="high" usns="6415-1,6439-1,6440-1,6441-1,6442-1,6444-1,6445-1,6446-1,6440-2,6439-2,6441-2,6444-2,6445-2,6446-2,6440-3,6446-3,6441-3,6466-1">CVE-2023-4622</cve>
<cve href="https://ubuntu.com/security/CVE-2023-4004" priority="high" public="20230731" cvss_score="7.8" cvss_vector="CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" cvss_severity="high" usns="6315-1,6316-1,6318-1,6321-1,6325-1,6328-1,6330-1,6332-1,6348-1,6385-1,6442-1">CVE-2023-4004</cve>
<cve href="https://ubuntu.com/security/CVE-2023-34319" priority="medium" public="20230809" cvss_score="7.8" cvss_vector="CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" cvss_severity="high" usns="6343-1,6439-1,6440-1,6441-1,6442-1,6444-1,6445-1,6446-1,6440-2,6439-2,6441-2,6444-2,6445-2,6446-2,6440-3,6446-3,6441-3,6466-1">CVE-2023-34319</cve>
<cve href="https://ubuntu.com/security/CVE-2022-3643" priority="medium" public="20221207" cvss_score="6.5" cvss_vector="CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" cvss_severity="medium" usns="5794-1,5802-1,5803-1,5804-1,5804-2,5808-1,5813-1,5814-1,5829-1,5830-1,5831-1,5832-1,5860-1,5861-1,5863-1,5875-1,5877-1,5879-1,5918-1">CVE-2022-3643</cve>
<cve href="https://ubuntu.com/security/CVE-2023-31436" priority="high" public="20230428" cvss_score="7.8" cvss_vector="CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" cvss_severity="high" usns="6127-1,6130-1,6131-1,6132-1,6135-1,6149-1,6150-1,6162-1,6173-1,6175-1,6186-1,6222-1,6256-1,6385-1,6460-1">CVE-2023-31436</cve>
</advisory>
</metadata>
<criteria>
<extend_definition definition_ref="oval:com.ubuntu.jammy:def:100" applicability_check="true" comment="Ubuntu 22.04 LTS (jammy) is installed."/>
<criteria operator="OR">
<criteria>
<criterion test_ref="oval:com.ubuntu.jammy:tst:9910000001" comment="Long Term Support"/>
<criterion test_ref="oval:com.ubuntu.jammy:tst:9910000000" comment="Long Term Support"/>
</criteria>
</criteria>
</criteria>
</definition>
...
It would be great Microsoft Defender for Endpoint can used as data source of software vulnerabilities.
What about SAINT vulneabilities Scanner? It's one of the best ;)
Wondering if there is a plugin to process spyse data.
Does the nuclei plugin actually work ? Looks like it load the command using faraday-cli nuclei -u url
but no data are returned to faraday GUI
Traceback (most recent call last):
File "/Users/lcubo/.pyenv/versions/3.7.2/lib/python3.7/runpy.py", line 193, in _run_module_as_main
"__main__", mod_spec)
File "/Users/lcubo/.pyenv/versions/3.7.2/lib/python3.7/runpy.py", line 85, in _run_code
exec(code, run_globals)
File "/Users/lcubo/workspace/faraday-plugins/faraday_plugins/__main__.py", line 66, in <module>
cli()
File "/Users/lcubo/.pyenv/versions/faradaypy3/lib/python3.7/site-packages/Click-7.0-py3.7.egg/click/core.py", line 764, in __call__
return self.main(*args, **kwargs)
File "/Users/lcubo/.pyenv/versions/faradaypy3/lib/python3.7/site-packages/Click-7.0-py3.7.egg/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/Users/lcubo/.pyenv/versions/faradaypy3/lib/python3.7/site-packages/Click-7.0-py3.7.egg/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/Users/lcubo/.pyenv/versions/faradaypy3/lib/python3.7/site-packages/Click-7.0-py3.7.egg/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/Users/lcubo/.pyenv/versions/faradaypy3/lib/python3.7/site-packages/Click-7.0-py3.7.egg/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/Users/lcubo/workspace/faraday-plugins/faraday_plugins/__main__.py", line 44, in process
plugin.processReport(report_file)
File "/Users/lcubo/workspace/faraday-plugins/faraday_plugins/plugins/plugin.py", line 173, in processReport
self._parse_filename(filepath)
File "/Users/lcubo/workspace/faraday-plugins/faraday_plugins/plugins/plugin.py", line 169, in _parse_filename
self.parseOutputString(output.read())
File "/Users/lcubo/workspace/faraday-plugins/faraday_plugins/plugins/repo/fortify/plugin.py", line 78, in parseOutputString
fp = FortifyParser(output)
File "/Users/lcubo/workspace/faraday-plugins/faraday_plugins/plugins/repo/fortify/plugin.py", line 104, in __init__
self._extract_vulns()
File "/Users/lcubo/workspace/faraday-plugins/faraday_plugins/plugins/repo/fortify/plugin.py", line 283, in _extract_vulns
self._process_webinspect()
File "/Users/lcubo/workspace/faraday-plugins/faraday_plugins/plugins/repo/fortify/plugin.py", line 247, in _process_webinspect
service_data['name'] = step.Url.text
UnboundLocalError: local variable 'step' referenced before assignment
Hello,
first off, great job on this project. I love it! I would just like a bit more information from OpenVAS XML to be parsed.
What's the problem this feature will solve?
Will help with user effectivity
Describe the solution you'd like
If more information would be parsed it would be great. Usually for each finding Openavas adds references and CVE (if applicable)
OpenVAS XML:
<refs>
<ref id="CVE-2016-2183" type="cve">
</ref>
<ref id="CVE-2016-6329" type="cve">
</ref>
<ref id="CVE-2020-12872" type="cve">
</ref>
<ref id="https://bettercrypto.org/" type="url">
</ref>
<ref id="https://mozilla.github.io/server-side-tls/ssl-config-generator/" type="url">
</ref>
<ref id="https://sweet32.info/" type="url">
CVE's after being parsed could be hyperlinked - https://cve.mitre.org/cgi-bin/cvename.cgi?name=$CVENUM
The current parsing does give you only description and solution, but if you need more information, you need to google. But OpenVAS XML gives you nice references, so you would just click the link to get more information without wasting valuable time :)
Thanks
Hi, i'm a Terraform developer and i would like to include in my pipeline TFSec and Terrascan.
I would like to use faraday too as a vulnerability manager.
Is it possible to add these two plugins?
I will attach two .json output generated from TFSec and Terrascan.
I installed faraday-plugins with pip via python 3.7, but it seems to be failing with nuclei. I added the packaging module and it now works, but I assume this means you need to add the dependency in the requirements. This is the output showing nuclei failing:
$ faraday-plugins list-plugins
Cant load plugin module: nuclei [No module named 'packaging']
Cant load plugin module: nuclei_legacy [No module named 'packaging']
Faraday Plugins v1.5.10
Available Plugins :
Name ID Command Report
Good afternoon, it looks like there is a typo on the Nikto plugin preventing it from working. On line 231 you are defining the regex with the variable "self.xml_alrg_re" however on line 320 when you call it, you're using "self.xml_arg_re" seems the l was either added on line 231 or accidently removed on line 320. Thanks!
I'm aware of the burp extender and burp plugin using xml report. With version 2.0 of burp scanner, there is a basic REST API server.
Is it possible to parse the output of this api to feed faraday ?
More a enhancement request.
Hello.
After running faraday-server
and faraday-client
I'm trying to import results from simple nmap scan:
nmap -Pn -n -oX 1.xml -p 445 10.0.0.64
I make import as:
cp 1.xml ~/.faraday/report/test/
After that I obtain the following error:
2020-11-21T22:35:59+0500 - faraday_client.managers.reports_managers - INFO {ReportManagerThread} [reports_managers.py:99 - sendReport()] The file is /home/soier/.faraday/report/test/1.xml, nmap
2020-11-21T22:35:59+0500 - faraday_client.plugins.controller - INFO {ReportManagerThread} [controller.py:256 - processReport()] Processing report with plugin nmap
2020-11-21T22:35:59+0500 - faraday_client.managers.reports_managers - ERROR {ReportManagerThread} [reports_managers.py:140 - run()] An exception was captured while saving reports
Traceback (most recent call last):
File "/usr/local/lib/python3.7/dist-packages/faraday_client-1.0.0-py3.7.egg/faraday_client/managers/reports_managers.py", line 136, in run
self.syncReports()
File "/usr/local/lib/python3.7/dist-packages/faraday_client-1.0.0-py3.7.egg/faraday_client/managers/reports_managers.py", line 162, in syncReports
if self.processor.processReport(filename) is False:
File "/usr/local/lib/python3.7/dist-packages/faraday_client-1.0.0-py3.7.egg/faraday_client/managers/reports_managers.py", line 95, in processReport
return self.sendReport(plugin.id.lower(), filename)
File "/usr/local/lib/python3.7/dist-packages/faraday_client-1.0.0-py3.7.egg/faraday_client/managers/reports_managers.py", line 100, in sendReport
command_id = self.plugin_controller.processReport(plugin_id, filename, ws_name=self.ws_name)
File "/usr/local/lib/python3.7/dist-packages/faraday_client-1.0.0-py3.7.egg/faraday_client/plugins/controller.py", line 259, in processReport
self.processOutput(plugin, output.read(), cmd_info, True)
File "/usr/local/lib/python3.7/dist-packages/faraday_client-1.0.0-py3.7.egg/faraday_client/plugins/controller.py", line 125, in processOutput
plugin.processOutput(output.decode('utf8'))
File "/usr/local/lib/python3.7/dist-packages/faraday_plugins/plugins/plugin.py", line 283, in processOutput
self.parseOutputString(command_output)
File "/usr/local/lib/python3.7/dist-packages/faraday_plugins/plugins/repo/nmap/plugin.py", line 459, in parseOutputString
parser = NmapXmlParser(output)
File "/usr/local/lib/python3.7/dist-packages/faraday_plugins/plugins/repo/nmap/plugin.py", line 42, in __init__
tree = self.parse_xml(xml_output)
File "/usr/local/lib/python3.7/dist-packages/faraday_plugins/plugins/repo/nmap/plugin.py", line 61, in parse_xml
return etree.parse(BytesIO(xml_output), magical_parser)
TypeError: a bytes-like object is required, not 'str'
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.