Add CVSS

[Simon-Davies]

Is it possible to add CVSS to the tool? It would be really useful. Thanks in advance.

[chrismaddalena]

Yes, we are looking into options for adding custom fields to findings, which could include CVSS scores and other such things. I have also been contacted by someone who shared they added a CVSS calculator (presumably something like https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator). I don't have details on that yet, but a few things are in the works that should help those who use some sort of scoring system for findings.

[Simon-Davies]

Thanks mate

[BetaMaxHeadroom]

I don't know if this helps at all. But, there is a project that currently leverages the CVSSv3 calculator https://github.com/pwndoc/pwndoc

I don't know enough about programming to know if this is something that you can leverage somehow. I hope it can be somewhat useful.

[Serizao]

Hello,

Do you know more about the integration of these features (adding custom fields and adding a cvss calculator)?

[Simon-Davies]

@chrismaddalena Any updates on adding CVSS?

Thanks in advance.

[chrismaddalena]

@Simon-Davies It's taken me some time to circle back on things like this since November, so this is a late reply. In the meantime, there is a PR for adding CVSS scores (https://github.com/GhostManager/Ghostwriter/pull/189). I haven't reviewed it yet, but you could try that to see if it meets your needs. If so, let me know, or tell me what is missing.

We don't use CVSS or DREAD, so I don't have a clear idea of what would make this feature good vs. just OK.