search

infobyte / faraday_plugins

Security tools report parsers for Faradaysec.com
https://www.faradaysec.com/
GNU General Public License v3.0
47 stars 17 forks source link

Issue with custom_plugins_folder #20

Closed adithyanaresh closed 1 year ago

adithyanaresh commented 1 year ago

Hi,

I tried to write a custom plugin for a tool and i was able to follow exactly from documentation : https://docs.faradaysec.com/Basic-plugin-development/

I tried testing it with the faraday-plugins process-report --custom-plugins-folder /home/faraday/.faraday/custom_plugins --plugin_id <plugin-id> /file.json command and its working fine.

But when i try to update the server.ini with custom_plugins_folder option or update the faraday server with faraday-manage settings -a update reports and give input to custom_plugins_folder to point at the custom plugins directory, the custom plugin isn't picked up at all. Can anyone help me with this issue.

ezk06eer commented 1 year ago

Hi @adithyanaresh , the custom plugins folder can be setup using faraday-manage, but it needs a restart of the app to pick up the changes.

Try-it out and let us know.

Cheers!

adithyanaresh commented 1 year ago

Thank you for the response @ezk06eer : I did try that but it still doesnt show up in the available list of plugins and everytime i need to use —custom-plugins-folder option to parse the report and invoke the plugin. I dont get to parse it in the UI directly. Is creating the PR to plugins the only option to see it by default in list-plugins command ??

aenima-x commented 1 year ago

@adithyanaresh Here is a full tested example

Create the plugin in the folder

vagrant@ubuntu-focal:~/.faraday/custom_plugins$ pwd
/home/vagrant/.faraday/custom_plugins
vagrant@ubuntu-focal:~/.faraday/custom_plugins$ ls -l
total 4
drwxrwxr-x 3 vagrant vagrant 4096 Sep 23 13:40 example
vagrant@ubuntu-focal:~/.faraday/custom_plugins$ ls -l example/
total 8
-rw-rw-r-- 1 vagrant vagrant    0 Dec 14  2021 __init__.py
drwxrwxr-x 2 vagrant vagrant 4096 Dec 14  2021 __pycache__
-rw-rw-r-- 1 vagrant vagrant 1993 Sep 23 13:40 plugin.py

Configure the custom plugins folder with faraday-manage

vagrant@ubuntu-focal:~/.faraday/custom_plugins$ faraday-manage settings -a update reports
Update settings for: reports
2022-09-23T13:41:20+0000 - faraday.server.app - INFO {MainThread} [pid:1582] [app.py:562 - create_app()]  Using redis storage for sessions: host=localhost port=6379 db=0
2022-09-23T13:41:20+0000 - faraday.server.app - INFO {MainThread} [pid:1582] [app.py:586 - create_app()]  Sessions identifier: sessions_
/home/vagrant/.venv/faraday/lib/python3.8/site-packages/flask_limiter/extension.py:317: UserWarning: Using the in-memory storage for tracking rate limits as no storage was explicitly specified. This is not recommended for production use. See: https://flask-limiter.readthedocs.io#configuring-a-storage-backend for documentation about configuring the storage backend.
  warnings.warn(
2022-09-23T13:41:20+0000 - faraday.integrations.base - INFO {MainThread} [pid:1582] [base.py:48 - __init__()]  Loading integration [whd]
2022-09-23T13:41:20+0000 - faraday.integrations.base - INFO {MainThread} [pid:1582] [base.py:48 - __init__()]  Loading integration [gitlab]
2022-09-23T13:41:20+0000 - faraday.integrations.base - INFO {MainThread} [pid:1582] [base.py:48 - __init__()]  Loading integration [servicenow]
2022-09-23T13:41:20+0000 - faraday.integrations.base - INFO {MainThread} [pid:1582] [base.py:48 - __init__()]  Loading integration [jira]
custom_plugins_folder []: /home/vagrant/.faraday/custom_plugins
Do you confirm your changes on reports?
----------------------
custom_plugins_folder: /home/vagrant/.faraday/custom_plugins
 [Y/n]: y
Updated!!

Restart faraday to load the configuration and import the report image

The only thing please check you plugin becase I found out that the documentation its not updated. Here is the fixed example

from urllib.parse import urlparse
from faraday_plugins.plugins.plugin import PluginXMLFormat
import xml.etree.ElementTree as ET

class ExampleToolXmlParser:

    def __init__(self, xml_output):
        self.vulns = self.parse_xml(xml_output)

    def parse_xml(self, xml_output):
        vulns = []
        tree = ET.fromstring(xml_output)
        items = tree.iterfind('details/item')
        for item in items:
            ip = item.get('ip')
            os = item.get('os')
            uri = item.find('uri').text
            url = urlparse(uri)
            hostname = [url.netloc]
            path = url.path
            if url.scheme == 'https':
                port = 443
            else:
                port = 80
            issue = item.find('issue')
            severity = issue.get('severity')
            issue_text = issue.text
            vuln = {'ip': ip, 'uri': uri, 'os': os,
                    'hostname': hostname, 'port': port, 'path': path,
                    'issue_text': issue_text, 'severity': severity}
            vulns.append(vuln)
        return vulns

class ExampleToolPlugin(PluginXMLFormat):
    def __init__(self, *arg, **kwargs):
        super().__init__(*arg, **kwargs)
        self.identifier_tag = "example_tool"
        self.id = "example_tool"
        self.name = "Name of the tool"
        self.plugin_version = "0.0.1"

    def parseOutputString(self, output, debug=False):
        parser = ExampleToolXmlParser(output)
        for vuln in parser.vulns:
            h_id = self.createAndAddHost(vuln['ip'], vuln['os'], hostnames=vuln['hostname'])
            s_id = self.createAndAddServiceToHost(h_id, 'webserver', protocol='tcp', ports=vuln['port'])
            v_id = self.createAndAddVulnWebToService(h_id, s_id, vuln['issue_text'], severity=vuln['severity'],
                                                    path=vuln['path'])

def createPlugin(*args, **kwargs):
    return ExampleToolPlugin(*args, **kwargs)

The lines that were wrong are this

def createPlugin(*args, **kwargs):
    return ExampleToolPlugin(*args, **kwargs)

And this

    def __init__(self, *arg, **kwargs):
        super().__init__(*arg, **kwargs)
aenima-x commented 1 year ago

I will close it, because it is working. If you have more questions just post it here

adithyanaresh commented 1 year ago

Thanks for the detail explanation @aenima-x : I tried all possible ways of installation to get it to working. I even made the changes to DEFAULT_CUSTOM_PLUGINS_FOLDER = "/home/faraday/.faraday/custom_plugins" in reports.py to have it hardcoded, but with no luck. image This is the server response on the tool, plugin is validated but file is not being mapped to plugin somehow. Could you please help me here. image

aenima-x commented 1 year ago

For what I see in the logs the problem is not with the configuration in faraday, but with the plugin itself. If you test it with faraday-plugins process-report it works ok? Do you want to send me the plugin and the file?