Fix nmap plugins handing of "NOT VULNERABLE" tag

infobyte / faraday_plugins

Security tools report parsers for Faradaysec.com

https://www.faradaysec.com/

GNU General Public License v3.0

47 stars 17 forks source link

Fix nmap plugins handing of "NOT VULNERABLE" tag #2

Closed ignis-sec closed 4 years ago

ignis-sec commented 4 years ago

Currently, nmap plugin does not handle vulnerability script scan results correctly, because it is setting a severity of "high" depending on this line:

plugin.py:514

if re.search(r"VULNERABLE", desc):
    severity = "high"

This line matches following tags:

VULNERABLE
LIKELY VULNERABLE
NOT VULNERABLE

Added a negative lookbehind for "NOT".

plugin.py:514

if re.search(r"(?<!NOT )VULNERABLE", desc):

Following is an example of false positive high's set by the plugin.

llazzaro commented 4 years ago

Merged! Thanks for the Pull Request.