search

DefectDojo / django-DefectDojo

DevSecOps, ASPM, Vulnerability Management. All on one platform.
https://defectdojo.com
BSD 3-Clause "New" or "Revised" License
3.68k stars 1.55k forks source link

Add nmap-vulners scripts scan result #1886

Closed AlexanderTyutin closed 3 years ago

AlexanderTyutin commented 4 years ago

nmap-vulners scripts nmap-vulners is very convenient script to scan for vulnerabilities (https://github.com/vulnersCom/nmap-vulners)

Sample File

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.60 scan initiated Mon Feb 17 10:07:25 2020 as: nmap -sV -p22 -&#45;script=vulners/vulners.nse -oX 192_168_0_1.xml 192.168.0.1 -->
<nmaprun scanner="nmap" args="nmap -sV -p22 -&#45;script=vulners/vulners.nse -oX 192_168_0_1.xml 192.168.0.1" start="1581930445" startstr="Mon Feb 17 10:07:25 2020" version="7.60" xmloutputversion="1.04">
<scaninfo type="connect" protocol="tcp" numservices="1" services="5022"/>
<verbose level="0"/>
<debugging level="0"/>
<host starttime="1581930450" endtime="1581930455"><status state="up" reason="syn-ack" reason_ttl="0"/>
<address addr="192.168.0.1" addrtype="ipv4"/>
<hostnames>
</hostnames>
<ports><port protocol="tcp" portid="5022"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="7.4" extrainfo="protocol 2.0" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:7.4</cpe></service><script id="vulners" output="&#xa;  cpe:/a:openbsd:openssh:7.4: &#xa;    &#x9;CVE-2018-15919&#x9;5.0&#x9;https://vulners.com/cve/CVE-2018-15919&#xa;    &#x9;CVE-2017-15906&#x9;5.0&#x9;https://vulners.com/cve/CVE-2017-15906"><table key="cpe:/a:openbsd:openssh:7.4">
<table>
<elem key="cvss">5.0</elem>
<elem key="id">CVE-2018-15919</elem>
<elem key="is_exploit">false</elem>
<elem key="type">cve</elem>
</table>
<table>
<elem key="cvss">5.0</elem>
<elem key="id">CVE-2017-15906</elem>
<elem key="is_exploit">false</elem>
<elem key="type">cve</elem>
</table>
</table>
</script></port>
</ports>
<times srtt="45869" rttvar="48374" to="239365"/>
</host>
<runstats><finished time="1581930455" timestr="Mon Feb 17 10:07:35 2020" elapsed="12.18" summary="Nmap done at Mon Feb 17 10:07:35 2020; 1 IP address (1 host up) scanned in 12.18 seconds" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>
AlexanderTyutin commented 4 years ago

Is there any documentation or guidelines about the process of creating new scan import? As I'm planning to deploy it in my environment I would like to try add some types of scanner results...

NRGLine4Sec commented 4 years ago

I'm not sure if it can help you but there is the nmap's parser here.

AlexanderTyutin commented 4 years ago

@NRGLine4Sec thanks! @aaronweaver Maybe you will assign this issue to me? I'd like try to make this contribution :)

madchap commented 4 years ago

You sure can contribute. I can assign this to you if you want.

Please make your PR against the dev branch.

Thanks.

AlexanderTyutin commented 4 years ago

@madchap Maybe I should to make the PR https://github.com/DefectDojo/django-DefectDojo/pull/1880 against the dev branch too?

madchap commented 4 years ago

All PRs go to dev, as instructed in the template.

valentijnscholten commented 4 years ago

Here are two closed PRs that added new parsers in the past. It's quite easy to add one! https://github.com/DefectDojo/django-DefectDojo/pull/1115 https://github.com/DefectDojo/django-DefectDojo/pull/1375

AlexanderTyutin commented 4 years ago

Will try on this weekend! Thanks!

NRGLine4Sec commented 4 years ago

maybe this parser can help you too.

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

NRGLine4Sec commented 4 years ago

Hi @AlexanderTyutin, are you working on this ?

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

NRGLine4Sec commented 4 years ago

Any update on this issue ?

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

NRGLine4Sec commented 3 years ago

unstale

damiencarol commented 3 years ago

@NRGLine4Sec @AlexanderTyutin made another import tests on last version 1.12.0. Closing this one as the import works fine.

valentijnscholten commented 3 years ago

@damiencarol not sure what the solution was here? I don't think we an namp-vulners parser yet, which was requested here?

damiencarol commented 3 years ago

@valentijnscholten the reports generated with nmap-vulners scripts are not different from our Nmap parser. I made the test this morning on the last version with the report provided. The only thing we can do is develop an addon for our parser that maps the metadata added by this script in the Nmap parser. I can work on this if needed. Tell me and re-open the issue if you think we should do the modification.

damiencarol commented 3 years ago

@NRGLine4Sec @AlexanderTyutin merged to dev, will be part of 1.13.0