Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenVAS parsing #18

Closed
Drunkenslav opened this issue Apr 22, 2022 · 7 comments
Closed

OpenVAS parsing #18

Drunkenslav opened this issue Apr 22, 2022 · 7 comments

Comments

@Drunkenslav
Copy link

Drunkenslav commented Apr 22, 2022
edited
Loading

Hello,

first off, great job on this project. I love it! I would just like a bit more information from OpenVAS XML to be parsed.

What's the problem this feature will solve?
Will help with user effectivity

Describe the solution you'd like
If more information would be parsed it would be great. Usually for each finding Openavas adds references and CVE (if applicable)

OpenVAS XML:

<refs>
    <ref id="CVE-2016-2183" type="cve">
    </ref>
    <ref id="CVE-2016-6329" type="cve">
    </ref>
    <ref id="CVE-2020-12872" type="cve">
    </ref>
    <ref id="https://bettercrypto.org/" type="url">
    </ref>
    <ref id="https://mozilla.github.io/server-side-tls/ssl-config-generator/" type="url">
    </ref>
    <ref id="https://sweet32.info/" type="url">

CVE's after being parsed could be hyperlinked - https://cve.mitre.org/cgi-bin/cvename.cgi?name=$CVENUM

The current parsing does give you only description and solution, but if you need more information, you need to google. But OpenVAS XML gives you nice references, so you would just click the link to get more information without wasting valuable time :)

Thanks
@aenima-x
Copy link
Contributor

@Drunkenslav can you add a full xml example?
change all the sensitive information.
Because in the file we have, we dont have those tags.
Can you tell me the Openvas version?

@Drunkenslav
Copy link
Author

It's thousands of lines so i pasted it here: https://pastebin.pl/view/60aea84e

Version of OpenaVAS GMP is the newest one: 21.4

@Drunkenslav
Copy link
Author

btw I dont want to ask too much but OpenVAS does not work with Critical severity (max is High). If it would be possible to parse CVSS 9.0 and above as Critical, that would be jjust awesome. But if not, its fine :)

@Drunkenslav
Copy link
Author

Hello any update on this please?

Or can specify which version of OpenVas you use so i can use that meanwhile?

Thank you!

@aenima-x
Copy link
Contributor

aenima-x commented Apr 28, 2022
edited
Loading

@Drunkenslav the "critical severity" issue will be on the next plugins release.

The CVE link, that will be in the v4 of the UI (the CVE on the manage will be a link to que CVE description)

@Drunkenslav
Copy link
Author

Awesome, thanks

@aenima-x
Copy link
Contributor

@Drunkenslav faraday-plugins 1.6.5 is out.
Try it and give us some feedback of the change
Thanks

@fedek fedek mentioned this issue Nov 10, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aenima-x @Drunkenslav