Comments (6)
Hi @adithyanaresh , the custom plugins folder can be setup using faraday-manage, but it needs a restart of the app to pick up the changes.
Try-it out and let us know.
Cheers!
from faraday_plugins.
Thank you for the response @ezk06eer : I did try that but it still doesnt show up in the available list of plugins and everytime i need to use —custom-plugins-folder
option to parse the report and invoke the plugin. I dont get to parse it in the UI directly. Is creating the PR to plugins the only option to see it by default in list-plugins
command ??
from faraday_plugins.
@adithyanaresh Here is a full tested example
Create the plugin in the folder
vagrant@ubuntu-focal:~/.faraday/custom_plugins$ pwd
/home/vagrant/.faraday/custom_plugins
vagrant@ubuntu-focal:~/.faraday/custom_plugins$ ls -l
total 4
drwxrwxr-x 3 vagrant vagrant 4096 Sep 23 13:40 example
vagrant@ubuntu-focal:~/.faraday/custom_plugins$ ls -l example/
total 8
-rw-rw-r-- 1 vagrant vagrant 0 Dec 14 2021 __init__.py
drwxrwxr-x 2 vagrant vagrant 4096 Dec 14 2021 __pycache__
-rw-rw-r-- 1 vagrant vagrant 1993 Sep 23 13:40 plugin.py
Configure the custom plugins folder with faraday-manage
vagrant@ubuntu-focal:~/.faraday/custom_plugins$ faraday-manage settings -a update reports
Update settings for: reports
2022-09-23T13:41:20+0000 - faraday.server.app - INFO {MainThread} [pid:1582] [app.py:562 - create_app()] Using redis storage for sessions: host=localhost port=6379 db=0
2022-09-23T13:41:20+0000 - faraday.server.app - INFO {MainThread} [pid:1582] [app.py:586 - create_app()] Sessions identifier: sessions_
/home/vagrant/.venv/faraday/lib/python3.8/site-packages/flask_limiter/extension.py:317: UserWarning: Using the in-memory storage for tracking rate limits as no storage was explicitly specified. This is not recommended for production use. See: https://flask-limiter.readthedocs.io#configuring-a-storage-backend for documentation about configuring the storage backend.
warnings.warn(
2022-09-23T13:41:20+0000 - faraday.integrations.base - INFO {MainThread} [pid:1582] [base.py:48 - __init__()] Loading integration [whd]
2022-09-23T13:41:20+0000 - faraday.integrations.base - INFO {MainThread} [pid:1582] [base.py:48 - __init__()] Loading integration [gitlab]
2022-09-23T13:41:20+0000 - faraday.integrations.base - INFO {MainThread} [pid:1582] [base.py:48 - __init__()] Loading integration [servicenow]
2022-09-23T13:41:20+0000 - faraday.integrations.base - INFO {MainThread} [pid:1582] [base.py:48 - __init__()] Loading integration [jira]
custom_plugins_folder []: /home/vagrant/.faraday/custom_plugins
Do you confirm your changes on reports?
----------------------
custom_plugins_folder: /home/vagrant/.faraday/custom_plugins
[Y/n]: y
Updated!!
Restart faraday to load the configuration and import the report
The only thing please check you plugin becase I found out that the documentation its not updated.
Here is the fixed example
from urllib.parse import urlparse
from faraday_plugins.plugins.plugin import PluginXMLFormat
import xml.etree.ElementTree as ET
class ExampleToolXmlParser:
def __init__(self, xml_output):
self.vulns = self.parse_xml(xml_output)
def parse_xml(self, xml_output):
vulns = []
tree = ET.fromstring(xml_output)
items = tree.iterfind('details/item')
for item in items:
ip = item.get('ip')
os = item.get('os')
uri = item.find('uri').text
url = urlparse(uri)
hostname = [url.netloc]
path = url.path
if url.scheme == 'https':
port = 443
else:
port = 80
issue = item.find('issue')
severity = issue.get('severity')
issue_text = issue.text
vuln = {'ip': ip, 'uri': uri, 'os': os,
'hostname': hostname, 'port': port, 'path': path,
'issue_text': issue_text, 'severity': severity}
vulns.append(vuln)
return vulns
class ExampleToolPlugin(PluginXMLFormat):
def __init__(self, *arg, **kwargs):
super().__init__(*arg, **kwargs)
self.identifier_tag = "example_tool"
self.id = "example_tool"
self.name = "Name of the tool"
self.plugin_version = "0.0.1"
def parseOutputString(self, output, debug=False):
parser = ExampleToolXmlParser(output)
for vuln in parser.vulns:
h_id = self.createAndAddHost(vuln['ip'], vuln['os'], hostnames=vuln['hostname'])
s_id = self.createAndAddServiceToHost(h_id, 'webserver', protocol='tcp', ports=vuln['port'])
v_id = self.createAndAddVulnWebToService(h_id, s_id, vuln['issue_text'], severity=vuln['severity'],
path=vuln['path'])
def createPlugin(*args, **kwargs):
return ExampleToolPlugin(*args, **kwargs)
The lines that were wrong are this
def createPlugin(*args, **kwargs):
return ExampleToolPlugin(*args, **kwargs)
And this
def __init__(self, *arg, **kwargs):
super().__init__(*arg, **kwargs)
from faraday_plugins.
I will close it, because it is working.
If you have more questions just post it here
from faraday_plugins.
Thanks for the detail explanation @aenima-x : I tried all possible ways of installation to get it to working. I even made the changes to DEFAULT_CUSTOM_PLUGINS_FOLDER = "/home/faraday/.faraday/custom_plugins"
in reports.py to have it hardcoded, but with no luck.
This is the server response on the tool, plugin is validated but file is not being mapped to plugin somehow. Could you please help me here.
from faraday_plugins.
For what I see in the logs the problem is not with the configuration in faraday, but with the plugin itself.
If you test it with faraday-plugins process-report
it works ok?
Do you want to send me the plugin and the file?
from faraday_plugins.
Related Issues (16)
- Fortify plugin: UnboundLocalError: local variable 'step' referenced before assignment HOT 1
- Burp REST API plugin HOT 2
- Nikto Plugin - Typo HOT 3
- Spyse Plugin HOT 3
- Missing dependency for Nuclei plugin HOT 2
- OpenVAS parsing HOT 7
- SAINT HOT 1
- a
- Add Defender for Endpoint Vulnerability as Source / Plugin HOT 4
- Add TFSec and Terrascan as Plugin HOT 2
- I can't send Nuclei's output to Faraday HOT 5
- tool report openscap not working HOT 1
- 资产收集 HOT 1
- nmap importing error HOT 2
- Nuclei plugin doesn't report to faraday HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from faraday_plugins.