Vulnerability Database #38

noraj · 2021-05-26T17:37:33Z

Actual behavior

Vulnerabilities are linked to a project and are either created manually from scratch or imported from tools integration.

Expected behavior

Having a vulnerability database like in PwnDoc (best implementation I saw).

Dradis, Ghostwriter, PwnDoc, WriteHat, etc. many collaborative penetration test reporting platforms have that, sometimes under a different name like issue library etc.

The idea is that you can save generic vulnerabilities since description and recommendation will always be the same or will require very few changes, you link the same resources, have the same title etc. So when you do a new pentest you can import a vulnerability in your audit/project an just have to change very few things and add your observations, details and proof and re-use most of the rest. And so saving a lot of time and not re-writing the same vulns at each new pentest.

Screenshots from PwnDoc

You can browse your vulnerability DB alone

Or add a vuln from your vuln DB into an audit

Feedback

Reconmap seems the most completed project, there is already a large panel of features, it's well maintained, It's own of the rare project using markdown for vulnerabilities description (most are using plaintext or HTML), there is a fair amount of tools integration, a CLI tool, backup capacity, etc. Looks just awesome 🤩

The Vulnerability Database seems the only missing major feature.

santiagolizardo · 2021-05-28T05:42:25Z

Hi @noraj ; Thanks for your amazingly well reported issue/feature request. I took some time yesterday to address it and is now available to see at https://demo.reconmap.org
Essentially what I have done was to replicate the project templates for vulnerabilities, so that you can have a list of vulnerabilities templates that could be cloned and added to projects.
Hope you like it! :)

santiagolizardo · 2021-05-28T08:09:04Z

Closing this now, feel free to open new issues if you have additional ideas on how to make this tool better.

noraj · 2021-05-28T08:21:53Z

Wow amazing I wasn't expecting the feature to be implemented so fast.

So actually the workflow to create a vuln template is:

Create a vulnerability
Mark it as template
Save

And to add a vuln in your project from a template:

Browse to the vuln template library page https://demo.reconmap.org/vulnerabilities/templates
Choose a vuln and click Clone and edit
Uncheck Is template?
Select a project and affected target
Save

I have several suggestions.

And to add a vuln in your project from a template

The workflow mentioned above feels a bit unnatural and cumbersome. Ideally there would be two workflows:

From the project

Next to Add vulnerability add a button Import vulnerability from template vith a view allowing to search through the vuln templates and tick checkbox to select one or several vulnerabilities from there to import to the project.

From the vulnerability template list

Add an edit button to just edit the template
Rename the clone and edit button to Add to project that send you to a view where there is just a project and target to choose and save, and after saving that send you to the vuln instance in your project where you are free to edit the vulnerability. If it's too much work an easier option would be to rename the clone and edit button to Add to project where Is template? is unchecked by default and hidden.

Template

At the vulnerability template list (https://demo.reconmap.org/vulnerabilities/templates) having a create button (same as create vulnerability but with Is template? already checked. So you don't have to go to the vulnerability list, click create , check the box and can stay on the template page and just click create.

Search

There is no search bar specific to the vulnerability list or vulnerability template list but the global one.

The global search bar is very nice but the issue are:

You don't know if the results are vulnerabilities from a project or a vulnerability template
When having the same vuln added to several project, the project is not displayed so you have identical result rows

I suggest adding a project column display the project the vulnerability belong too and display Template if it's a template.

Removing a vulnerability from a project

From the project vulnerability view there is no remove button

One have to go to the global vulnerability list (https://demo.reconmap.org/vulnerabilities), find it there and delete it.

It would be nice to have the ability to remove it directly from the project too.

noraj · 2021-05-28T08:22:57Z

PS: let me know if you want I create separate issues for each feedback for better tracking or if it's ok to have all 4 here since they are related.

santiagolizardo · 2021-05-28T08:35:10Z

You have done it again @noraj ! Great feedback :)
It all makes sense and luckily nothing of the above is difficult to implement. I'll get this done over the next couple of days 👍🏼

noraj · 2021-05-28T08:54:02Z

The project if very promising, I'll start to write a script to convert PwnDoc vulnerability database (YAML) to ReconMap format that is importable. When done I'll share it with you. I may plan to install ReconMap for my personal need and I'm looking forward to contribute to the project more in the future (especially some tool importer plugins).

blockanz · 2021-07-15T00:47:51Z

The project if very promising, I'll start to write a script to convert PwnDoc vulnerability database (YAML) to ReconMap format that is importable. When done I'll share it with you. I may plan to install ReconMap for my personal need and I'm looking forward to contribute to the project more in the future (especially some tool importer plugins).

Did this work ever get completed? I'd be keen to test and try it if so.

noraj · 2021-07-16T07:40:52Z

Did this work ever get completed? I'd be keen to test and try it if so.

I did not started it yet. I'll let you know.

cbk914 · 2021-07-28T13:27:31Z

The demo site is not working, there's some way to import the report templates and the vulnerabilities from Github into the Reconmap WUI?

noraj · 2021-08-04T16:33:32Z

Checklist #38 (comment)

add a vuln in your project from a template
Template
Search
Removing a vulnerability from a project

santiagolizardo · 2021-08-05T18:22:41Z

One can be removed from the list ;)

Remove a vulnerability from a project

santiagolizardo · 2021-08-05T20:05:34Z

Another one to mark as completed. Search now makes a distinction between results and result templates.

Hope this is useful @noraj

noraj · 2021-08-06T09:06:44Z

Another one to mark as completed. Search now makes a distinction between results and result templates.

Yeah and it also display the project when there is several projects with the same vuln :)

stale · 2021-09-05T09:31:25Z