Gray-0men
commented
8 months ago Noticing every vulnerability has the exact same "affected components" for each finding. Same hostname, port, and service
Closed Gray-0men closed 8 months ago
Gray-0men
commented
8 months ago Noticing every vulnerability has the exact same "affected components" for each finding. Same hostname, port, and service
aronmolnar
commented
8 months ago Thank you for reporting :) Fixed in main branch.
Until the next release, you can git clone the project and install it with pip install .
Noticing affected components on a Nessus import are not matching up with the vulnerability in Nessus. In my scenario this "ManageEngine ADAudit Plus < Build 7100 XSS" vulnerability that was found should have
expected Affected components: correct.hostname:8081 (www) correct.hostname:8444 (www)
instead I'm getting multiple other IP's even for services that aren't www actual Affected components: 192.168.x.x:1824 (www) 192.168.x.x:2910 (www) 192.168.x.x:2938 (www) 192.168.x.x:2939 (www) 192.168.x.x:443 (www) 192.168.x.x:80 (www) 192.168..x.x:8443 (www) 192.168..x.x:1433 (mssql) 192.168..x.x:1824 (www) 192.168..x.x:2910 (www) 192.168..x.x:2938 (www) 192.168..x.x:2939 (www) 192.168..x.x:443 (www) 192.168..x.x:8443 (www) incorrect.hostname.com:445 (cifs) CORRECT.HOSTNAME.com:8081 (www) <------- correct CORRECT.HOSTNAME.com:8444 (www) <------- correct incorrect.hostname.com:110 (pop3) incorrect.hostname.com:143 (imap) incorrect.hostname.com:1433 (mssql) incorrect.hostname.com:1514 (fujitsu-dtcns?) incorrect.hostname.com:1824 (www) incorrect.hostname.com:21 (ftp) incorrect.hostname.com:25 (smtp) incorrect.hostname.com:2910 (www) incorrect.hostname.com:2938 (www) incorrect.hostname.com:2939 (www) incorrect.hostname.com:3009 (pxc-ntfy?) incorrect.hostname.com:3128 (ndl-aas?) incorrect.hostname.com:3269 (ldap) incorrect.hostname.com:3389 (msrdp) ..etc etc