Giter VIP home page Giter VIP logo

Comments (6)

ezk06eer avatar ezk06eer commented on June 9, 2024

Hi @adithyanaresh , the custom plugins folder can be setup using faraday-manage, but it needs a restart of the app to pick up the changes.

Try-it out and let us know.

Cheers!

from faraday_plugins.

adithyanaresh avatar adithyanaresh commented on June 9, 2024

Thank you for the response @ezk06eer : I did try that but it still doesnt show up in the available list of plugins and everytime i need to use —custom-plugins-folder option to parse the report and invoke the plugin. I dont get to parse it in the UI directly. Is creating the PR to plugins the only option to see it by default in list-plugins command ??

from faraday_plugins.

aenima-x avatar aenima-x commented on June 9, 2024

@adithyanaresh Here is a full tested example

Create the plugin in the folder

vagrant@ubuntu-focal:~/.faraday/custom_plugins$ pwd
/home/vagrant/.faraday/custom_plugins
vagrant@ubuntu-focal:~/.faraday/custom_plugins$ ls -l
total 4
drwxrwxr-x 3 vagrant vagrant 4096 Sep 23 13:40 example
vagrant@ubuntu-focal:~/.faraday/custom_plugins$ ls -l example/
total 8
-rw-rw-r-- 1 vagrant vagrant    0 Dec 14  2021 __init__.py
drwxrwxr-x 2 vagrant vagrant 4096 Dec 14  2021 __pycache__
-rw-rw-r-- 1 vagrant vagrant 1993 Sep 23 13:40 plugin.py

Configure the custom plugins folder with faraday-manage

vagrant@ubuntu-focal:~/.faraday/custom_plugins$ faraday-manage settings -a update reports
Update settings for: reports
2022-09-23T13:41:20+0000 - faraday.server.app - INFO {MainThread} [pid:1582] [app.py:562 - create_app()]  Using redis storage for sessions: host=localhost port=6379 db=0
2022-09-23T13:41:20+0000 - faraday.server.app - INFO {MainThread} [pid:1582] [app.py:586 - create_app()]  Sessions identifier: sessions_
/home/vagrant/.venv/faraday/lib/python3.8/site-packages/flask_limiter/extension.py:317: UserWarning: Using the in-memory storage for tracking rate limits as no storage was explicitly specified. This is not recommended for production use. See: https://flask-limiter.readthedocs.io#configuring-a-storage-backend for documentation about configuring the storage backend.
  warnings.warn(
2022-09-23T13:41:20+0000 - faraday.integrations.base - INFO {MainThread} [pid:1582] [base.py:48 - __init__()]  Loading integration [whd]
2022-09-23T13:41:20+0000 - faraday.integrations.base - INFO {MainThread} [pid:1582] [base.py:48 - __init__()]  Loading integration [gitlab]
2022-09-23T13:41:20+0000 - faraday.integrations.base - INFO {MainThread} [pid:1582] [base.py:48 - __init__()]  Loading integration [servicenow]
2022-09-23T13:41:20+0000 - faraday.integrations.base - INFO {MainThread} [pid:1582] [base.py:48 - __init__()]  Loading integration [jira]
custom_plugins_folder []: /home/vagrant/.faraday/custom_plugins
Do you confirm your changes on reports?
----------------------
custom_plugins_folder: /home/vagrant/.faraday/custom_plugins
 [Y/n]: y
Updated!!

Restart faraday to load the configuration and import the report
image

The only thing please check you plugin becase I found out that the documentation its not updated.
Here is the fixed example

from urllib.parse import urlparse
from faraday_plugins.plugins.plugin import PluginXMLFormat
import xml.etree.ElementTree as ET

class ExampleToolXmlParser:

    def __init__(self, xml_output):
        self.vulns = self.parse_xml(xml_output)

    def parse_xml(self, xml_output):
        vulns = []
        tree = ET.fromstring(xml_output)
        items = tree.iterfind('details/item')
        for item in items:
            ip = item.get('ip')
            os = item.get('os')
            uri = item.find('uri').text
            url = urlparse(uri)
            hostname = [url.netloc]
            path = url.path
            if url.scheme == 'https':
                port = 443
            else:
                port = 80
            issue = item.find('issue')
            severity = issue.get('severity')
            issue_text = issue.text
            vuln = {'ip': ip, 'uri': uri, 'os': os,
                    'hostname': hostname, 'port': port, 'path': path,
                    'issue_text': issue_text, 'severity': severity}
            vulns.append(vuln)
        return vulns


class ExampleToolPlugin(PluginXMLFormat):
    def __init__(self, *arg, **kwargs):
        super().__init__(*arg, **kwargs)
        self.identifier_tag = "example_tool"
        self.id = "example_tool"
        self.name = "Name of the tool"
        self.plugin_version = "0.0.1"

    def parseOutputString(self, output, debug=False):
        parser = ExampleToolXmlParser(output)
        for vuln in parser.vulns:
            h_id = self.createAndAddHost(vuln['ip'], vuln['os'], hostnames=vuln['hostname'])
            s_id = self.createAndAddServiceToHost(h_id, 'webserver', protocol='tcp', ports=vuln['port'])
            v_id = self.createAndAddVulnWebToService(h_id, s_id, vuln['issue_text'], severity=vuln['severity'],
                                                    path=vuln['path'])

def createPlugin(*args, **kwargs):
    return ExampleToolPlugin(*args, **kwargs)

The lines that were wrong are this

def createPlugin(*args, **kwargs):
    return ExampleToolPlugin(*args, **kwargs)

And this

    def __init__(self, *arg, **kwargs):
        super().__init__(*arg, **kwargs)

from faraday_plugins.

aenima-x avatar aenima-x commented on June 9, 2024

I will close it, because it is working.
If you have more questions just post it here

from faraday_plugins.

adithyanaresh avatar adithyanaresh commented on June 9, 2024

Thanks for the detail explanation @aenima-x : I tried all possible ways of installation to get it to working. I even made the changes to DEFAULT_CUSTOM_PLUGINS_FOLDER = "/home/faraday/.faraday/custom_plugins" in reports.py to have it hardcoded, but with no luck.
image
This is the server response on the tool, plugin is validated but file is not being mapped to plugin somehow. Could you please help me here.
image

from faraday_plugins.

aenima-x avatar aenima-x commented on June 9, 2024

For what I see in the logs the problem is not with the configuration in faraday, but with the plugin itself.
If you test it with faraday-plugins process-report it works ok?
Do you want to send me the plugin and the file?

from faraday_plugins.

Related Issues (16)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.