- [MOD] Updated the SSLyze JSON parser to support and correctly process scan results from SSLyze version 6. #349
- [FIX] Crowdstrike IP resolution for asset. #350
- [FIX] Corrected a hostname resolution issue that was causing traceback errors and malfunctioning of the plugin. This fix ensures proper hostname resolution and stabilizes plugin performance. #351
- [ADD] Added owasp dependency check. #100
- [ADD] Added gitleaks plugin. #342
- [FIX] Nessus plugin crashed when parsing tenableio reports without vulnerabilities, so a check for that was added. #341
- [FIX] Added validations for empty lines and multiple fields including lists. #343
- [MOD] Naabu reports changed their JSON structure, so new keys were added to detect the new report structure. #339
- [FIX] Fix key error when
packageVulnerabilityDetails
key was not in the file. #331 - [FIX] Addressed a bug where Burp plugin output would display null data in cases of encountering a malformed XML token from the report. #333
- [FIX] Previously, CSV files edited in tools like Mac Numbers would transform boolean values to uppercase. This issue has been addressed within the faraday_csv plugin, ensuring accurate comparison. #336
- [ADD] Add hotspots logic for sonarqube plugin #321
- [ADD] Add Snyk plugin. #314
- [MOD] Mod AWS Inspector's plugins. #322
- [ADD] Add faraday_json plugins. #324
- [ADD] Update prowler plugin to support the latest tool output format. Also rename the oldest plugin to prowler_legacy. #328
- [FIX] Filter \x00 in nuclei response. #323
- [ADD] Add PopEye's plugin. #303
- [ADD] Add Ping Castle's plugin. #304
- [ADD] Add Kubescape's plugin. #320
- [ADD] Add AWS Inspector's plugins. #322
- [ADD] Add Crowdstrike's plugin. #318
- [ADD] Extract response and request info in qualyswebapp's plugins. #307
- [ADD] Create Plugin for windows defender. #315
- [FIX] If severity id in an appscan item is greater than 4 set it to 4. #305
- [FIX] Update Naabu plugin for the latest version, Semgrep create a new service for each vuln, fix Arachni bug in case the report has no vulns. #306
- [ADD] Add Terrascan and TFSec plugins. #310
- [FIX] Use cvss_score to calculate severity in nessus plugin. #311
- [FIX] Fix Appscan's pluign. #302
- [ADD] Add Sarif plugin. #299
- [FIX] Change syhunt´s and trivy´s plugins to export cvss vector correctly #292
- [ADD] Add force flag to process-command to process the output of the command regardless of the exit code. #294
- [MOD] The accunetix plugin now search for CVSS and cvss #296
- [ADD] Add semgrep plugin. #297
- [FIX] Fix inviti's plugin, check remedial procedures before parsing it with b4f. #298
- [ADD] Add new acunetix360 plugin #293
- [ADD] Add new CIS plugin
- [FIX] Now all plugins check that service protocol is not empty
- [ADD] New pentera plugin and now json plugins can have filter_key to filter reports with that keys
- [MOD] Change table format for list-plugins to github
- [FIX] Nuclei's plugin check if the cwe is null and add retrocompability for newer versions for wpscan plugin
- [ADD] Add cvss2/3 and cwe to faraday_csv plugin
- [Add] Now nexpose_full plugin use severity from reports
- [FIX] Now plugins check if the ref is empty
- [Add] Add invicti plugin
- [Add] Add nessus_sc plugin
- [FIX] Remove cvss_vector from refs in nexpose_full
- Add new identifier_tag to nikto plugin
- [FIX] Now plugins check if ref field is already a dictionary
- [MOD] Improve grype plugin for dockers images and change report_belong_to method for json plugins to check if json_keys is a list, in that case iterate the list and try if any of them create a match.
- Add CWE to PluginBase. The plugins that have this implemented are the following: "Acunetix", "Acunetix_Json", "AppSpider", "Appscan", "Arachni", "Burp", "Checkmarx", "Metasploit", "Nessus", "Netsparker", "NetsparkerCloud", "Openvas", "QualysWebapp", "W3af", "Wapiti", "Zap", "Zap_Json", "nuclei", "nuclei_legacy"
- Now the nexts pluggins extracts cvss from reports:
- Acunetix
- Acunetix_Json
- Appscan
- Nessus
- Netsparker
- NexposeFull
- Nipper
- Nmap
- Openvas
- QualysWebapp
- Qualysguard
- Retina
- shodan
- whitesource
- Add arguments for add tags for vulns, services and host.
Add test for tags and ignore_info
- Add trivy's json plugin
- Add command support for the wpscan plugin
- [MOD] Now refs field is a list of dictionary with the format: {'name': string, 'type': string},
- Fix for acunetix_json when host is ip
- [FIX] - Asset duplicated on same file with multiple entries for Appscan_csv plugin.
- [FIX] Change import dateutil to from dateutil.parser import parse for compatibility issues with python 3.10
- [FIX] Add case for Netsparker plugins, when the url has a number inside a parenthesis.
- Add *args **kwargs to syhunt plugin
- fix bug when grype report has no arifact/metadata
- [MOD] Now prowler plugin returns CAF Epic as policy violation and remove [check#] from tittle
- Add appscan csv
- Now faraday_csv's plugin uses ignore_info parameter
- Add syhunt plugin
- Add cve and data fields to desc for avoid duplications
- Now nuclei resolve hostname if the field ip is None
- Change hostname_restolution to dont_resolve_hostname for process-report and now test dosent resovle hostname
- Now QualysWebApp's plugin will diferenciate vulns from differents urlpaths
- Add hostname_resolution parameter within plugins
- Fix openvas external ID
- Now Openvas's plugin set severity to Critical when cvss >= 9.0
- Add location as params in burp's plugin
- Now the faraday_csv custom_fields regex match any no whitespace character.
- Add Zap Json plugin.
- Now Appscan plugin saves line and highlight of the vulns in desc and data
- Add references tu burp plugin
- Move item.detail from data to desc
- update open status
- Add packaging to requierments in setup.py
- Add severity to shodan's plugins using cvss
- check if cve exist on cve-id field
- Fix Fortify's plugin
- Change qualysguard's plugin severity_dict to refer level 2 severities as low
- support cve,cwe,cvss and metadata
- Add cve in faraday_csv plugin
- ADD Grype plugin
- Add CVE to plugins
- acunetix
- appscan
- burp
- metasploit
- nessus
- netsparker
- nexpose
- nikto
- nipper
- nmap
- openscap
- qualysguard
- retina
- shodan
- Add support for Sslyze 5.0 resports
- Fix errors while creating hosts with wrong regex
- ADD masscan support to nmap plugin
- Fix bug in openvas plugin
- FIX extrainfo of netsparker plugin
- Add nuclei_legacy plugin
-
FIX issue with acunetix plugin
-
FIX typo in nikto plugin
- Merge PR from github
- Update nuclei parser
- Adding support for running nuclei through command / faraday-cli
- Fix missing references in nuclei
- add new structure acunetix
- cwe, capec, references, tags, impact, resolution, easeofresolution
- add os openvas
- [FIX] Fix improt of CSV with big fields
- Fix sslyze json bug with port
- Only show report name in command data
- Add Nipper Plugin
- add shodan plugin
- fix acunetix url parser
- FIX netsparker multi-host
- Add vuln details for Certificate Mismatch and move unique details to data, now vulns can be grupped
- ADD more data to plugins arachni and w3af
- Use run_date in UTC
- ADD cvss_base, cpe, threat, severity into references
-
- add attribute "command" for the pluggins of each command
- adding test in test_command
- change some regex in self._command_regex
- [FIX] add hostnames if host is already cached
- Add Naabu plugin
- Add Sonarqube plugin
- Add version and change list_plugins style
- FIX unused import, innecesary list compression and unused variables
- FIX metasploit report when the web-site-id is null
- Fix port stats in nmap
- fixup ssylze sacar unknown de version=
- ADD remedy into resolution
- Support for nuclei 2.3.0
- ADD cve, cvss3_base_score, cvss3_vector, exploit_available when import nessus and change the structure of external_id to NESSUS-XXX
- ADD more data like attack, params, uri, method, WASC, CWE and format externail_id
- Add Bandit plugin
- Use background for description and detail for data en Burp plugin.
- Rewrite Appscan Plugin
- Parse Nmap vulners script data
- Faraday CSV Plugin do not consider ignore_info
- Add Ignore information vulnerabilities option
- Fix bug with sslyze output file
- FIX change id sslyze for JSON/XML
- ADD microsoft baseline security analyzer plugin
- ADD nextnet plugin
- ADD openscap plugin
- FIX old versions of Nessus plugins bugs
- Update the fields of the nuclei output used to create a vuln
- Fix nuclei plugin bug when url is None
- Add new plugin base class, for multi line json
- New ncrack plugin
- New nuclei plugin
- New sslyze json plugin
- New WhatWeb plugin
- Fix missing ip in some arachni reports
- Fix change name vuln in Netsparker plugin
- Fix whois plugin, command whois IP not parse data
- Change the way we detect json reports when they are lists of dictionaries
- ADD plugin AppSpider
- Add tests to faraday-plugins cli
- add a default value to plugin_version
- Add --output-file parameter to faraday-plugins process command
- Add plugins prowler
- Add plugins ssl labs
- Add support for tenable io
- delete old deprecated methods
- Bug fix: Arachni Plugin 'NoneType' object has no attribute 'find'
- Bug fix: Openvas Plugin - Import xml from OpenVas doesnt work
- Bug fix: QualysWebApp Plugin, error in get info OPERATING_SYSTEM
- Fix Hydra plugin to resolve ip address
- Fix Nessus mod severity HIGH for Low
- Bug Fix: Detect plugins AWS Prowler
- Fix broken xml on nmap plugin
- Add new rdpscan plugin
- UPDATE xml report to appscan
- Update Readme
- Fix how ZAP genereate vulns