search

varchashva / vPrioritizer

vPrioritizer enables us to understand the contextualized risk (vPRisk) on asset-vulnerability relationship level across the organization, for teams to make more informed decision about what (vulnerability/ties) they should remediate (or can afford not to) and on which (asset/s)
GNU General Public License v3.0
69 stars 10 forks source link

Error uploading Nessus file #5

Closed blockanz closed 3 years ago

blockanz commented 4 years ago

In the demo you gave at Blackhat, I seem to remember you showed that a Nessus file could be uploaded. When I try to do this I get the following error:

image

blockanz commented 4 years ago

I get a similar error if I try and upload an export from nessus in CSV format

image

varchashva commented 4 years ago

@blockanz - I think I understand what's the problem, let me dig into this. thanks for feedback.

blockanz commented 4 years ago

No problem. Let me know when you think you have a fix and I'll do further testing.

thirdbyte commented 4 years ago

I can confirm to this issue. Uploading a CSV results into this error.

Cyberstro commented 4 years ago

I can confirm the same error with Nexpose XML

blockanz commented 4 years ago

@varchashva Any updates on this? I'm keen to have a good play with the tool and offer suggestions/help for improving.

varchashva commented 4 years ago

hi @blockanz @Cyberstro @thirdbyte

I have fixed this issue in my local environment. However before committing fix in GH, I need your help. Can you please paste the "header (first row)" only of uploaded CSV file?

It will help me in coding an effective fix. Appreciate the support!

varchashva commented 4 years ago

hi @blockanz @Cyberstro @thirdbyte - just wondering if you got a chance to look into this request. thanks in advance!

blockanz commented 4 years ago

@varchashva Apologies. Got stuck on other stuff. Here is the data you requested. It's from an export of Nessus to CSV.

Plugin ID,CVE,CVSS,Risk,Host,Protocol,Port,Name,Synopsis,Description,Solution,See Also,Plugin Output "19506","","","None","127.0.0.1","tcp","0","Nessus Scan Information","This plugin displays information about the Nessus scan.","This plugin displays, for each tested host, information about the scan itself :

Nessus version : 8.9.1 Plugin feed version : 202003171920 Scanner edition used : Nessus Scan type : Normal Scan policy used : Advanced Dynamic Scan Scanner IP : 127.0.0.1 Thorough tests : no Experimental tests : no Paranoia level : 2 Report verbosity : 2 Safe checks : yes Optimize the test : yes Credentialed checks : no Patch management checks : None CGI scanning : enabled Web application tests : disabled Max hosts : 30 Max checks : 5 Recv timeout : 5 Backports : None Allow post-scan editing: Yes Scan Start Date : 2020/3/18 12:47 New Zealand Standard Time Scan duration : 483 sec " "134421","CVE-2020-0796","10.0","Critical","127.0.0.1","tcp","445","Microsoft Windows SMBv3 Compression RCE (ADV200005)(CVE-2020-0796)(Remote)","The remote Windows host is using a vulnerable version of SMB.","A remote code execution vulnerability exists in Microsoft Server Message Block 3.1.1 (SMBv3) protocol due to how it handles a maliciously crafted compressed data packet. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands.

Note, the plugin checks if SMB 3.1.1 with compression is enabled. It does not currently verify the vulnerability itself.","Microsoft has provided additional details and guidance in the ADV200005 advisory.","http://www.nessus.org/u?736703d3","Nessus was able to detect SMB 3.1.1 with compression enabled using a specially crafted packet. "

blockanz commented 3 years ago

@varchashva Any update on the next release?

varchashva commented 3 years ago

hi @blockanz @Cyberstro @thirdbyte

Have implemented the fix on v1.0 - supported upload of CSV scan files. Please check and do let me know for any query.

If you are using Docker version, just re-run the docker-compose up --build with latest docker-compose file

Thanks!

blockanz commented 3 years ago

What are the plans for Nessus, Nexpose, OpenVas etc.? Will these follow shortly?

blockanz commented 3 years ago

@varchashva Okay, testing has not proven so successful. Uploaded a CSV exported from Nessus and get the following: image

varchashva commented 3 years ago

What are the plans for Nessus, Nexpose, OpenVas etc.? Will these follow shortly?

As of today, it supports upload of Nessus, Nexpose, QualysGuard csv scan results.

varchashva commented 3 years ago

@varchashva Okay, testing has not proven so successful. Uploaded a CSV exported from Nessus and get the following: image

It seems to be issue of particular text available in scan result. I have uploaded multiple scan results as part of quality testing but didn't come across such issue.

@blockanz - Can you please upload another scan result and/or Is it possible for you to share scan results via email or any other medium you feel comfortable (pls sanitise all sensitive data first)? thanks!

blockanz commented 3 years ago

Happy to.share via email.

Whats the best address to use?

Regards

Get Outlook for Androidhttps://aka.ms/ghei36

From: Pramod Rana notifications@github.com Sent: Saturday, October 10, 2020 8:30:37 PM To: varchashva/vPrioritizer vPrioritizer@noreply.github.com Cc: blockanz paul.flatt@outer-orbit.com; Mention mention@noreply.github.com Subject: Re: [varchashva/vPrioritizer] Error uploading Nessus file (#5)

@varchashvahttps://github.com/varchashva Okay, testing has not proven so successful. Uploaded a CSV exported from Nessus and get the following: [image]https://user-images.githubusercontent.com/22645955/94864672-d6c97880-0498-11eb-8a15-01b4cbd13485.png

It seems to be issue of particular text available in scan result. I have uploaded multiple scan results as part of quality testing but didn't come across such issue.

@blockanzhttps://github.com/blockanz - Can you please upload another scan result and/or Is it possible for you to share scan results via email or any other medium you feel comfortable (pls sanitise all sensitive data first)? thanks!

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/varchashva/vPrioritizer/issues/5#issuecomment-706504299, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AFMYZQZKBWRWXPXF7PULSCTSKAER3ANCNFSM4Q2MIGCA.

varchashva commented 3 years ago

Happy to.share via email. Whats the best address to use?

@blockanz - it would be varchashva@gmail.com

blockanz commented 3 years ago

Happy to.share via email. Whats the best address to use?

@blockanz - it would be varchashva@gmail.com

Email just sent. Many thanks.

varchashva commented 3 years ago

@blockanz - fix has been released for this issue, please check and let me know how it goes. really appreciate your support!