Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added the tunnel variable from the nmap results to be used in CascadingRules. #369

Merged
merged 5 commits into from
Apr 19, 2021
Merged

Added the tunnel variable from the nmap results to be used in CascadingRules. #369

merged 5 commits into from
Apr 19, 2021

Conversation

luckolen
Copy link
Contributor

Description

NMAP reports the tunnel detected in the service when showing the normal result:

$ nmap -p 993 imap.gmail.com -sV -Pn
[...]
PORT    STATE SERVICE  VERSION
993/tcp open  ssl/imap Google Gmail imapd (b9mb63645759edy)
[...]

SecureCodeBox makes use of the XML output, this is shown by the -oX parameter:

$ nmap -p 993 imap.gmail.com -oX - -sV -Pn
[...]
<port protocol="tcp" portid="993"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="imap" product="Google Gmail imapd" extrainfo="b3mb57267033edq" tunnel="ssl" method="probed" conf="10"/></port>
[...]

The NMAP XML results report the service name as imap and the tunnel as ssl.

The SecureCodeBox NMAP parser does read this tunnel value

secureCodeBox/scanners/nmap/parser/parser.js

Line 279 in 1f26c9f

const tunnel = get(portItem, ["service",0,"$","tunnel"]);

However this value is later ignored in the portFindings variable

secureCodeBox/scanners/nmap/parser/parser.js

Lines 13 to 61 in 1f26c9f

const portFindings = hosts.flatMap(({ openPorts = [], ...hostInfo }) => {
if(openPorts === null){
return [];
}
return openPorts.map(openPort => {
return {
name: openPort.service,
description: `Port ${openPort.port} is ${openPort.state} using ${openPort.protocol} protocol.`,
category: 'Open Port',
location: `${openPort.protocol}://${hostInfo.ip}:${openPort.port}`,
osi_layer: 'NETWORK',
severity: 'INFORMATIONAL',
attributes: {
port: openPort.port,
state: openPort.state,
ip_address: hostInfo.ip,
mac_address: hostInfo.mac,
protocol: openPort.protocol,
hostname: hostInfo.hostname,
method: openPort.method,
operating_system: hostInfo.osNmap,
service: openPort.service,
serviceProduct: openPort.serviceProduct || null,
serviceVersion: openPort.serviceVersion || null,
scripts: openPort.scriptOutputs || null,
},
};
});
});
const hostFindings = hosts.map(({ hostname, ip, osNmap }) => {
return {
name: `Host: ${hostname}`,
category: 'Host',
description: 'Found a host',
location: hostname,
severity: 'INFORMATIONAL',
osi_layer: 'NETWORK',
attributes: {
ip_address: ip,
hostname: hostname,
operating_system: osNmap,
},
};
});
return [...portFindings, ...hostFindings, ...scriptFindings];
}

As a result this tunnel value was unable to be used for CascadingRules. This is fixed by this update and as an example the CascadingRules used for SSLYZE have been updated.

Checklist

  • Test your changes as thoroughly as possible before you commit them. Preferably, automate your test by unit/integration tests.
  • Make sure npm test runs for the whole project.
  • Make codeclimate checks happy

@rseedorff rseedorff added the scanner Implement or update a security scanner label Apr 12, 2021
@rseedorff rseedorff added this to In Progress in secureCodeBox v2 via automation Apr 12, 2021
@rseedorff rseedorff added this to the v2.7.0 milestone Apr 12, 2021
@rseedorff
Copy link
Member

Hi @luckolen 👋,

thx for your PR - looks great 🤗 We will review your contribution in the next days.

luckolen pushed a commit to luckolen/secureCodeBox that referenced this pull request Apr 15, 2021
@luckolen-secura
Fixed wildcard handling & made use of new wildcard capabilities in Ca…
92e6254 
…scadingRules for sslyze

This also makes use of the tunnel variable added in PR secureCodeBox#369
@J12934 J12934 merged commit c37be37 into secureCodeBox:main Apr 19, 2021
secureCodeBox v2 automation moved this from In Progress to Done Apr 19, 2021
@luckolen luckolen deleted the nmap-parser-tunnel branch April 22, 2021 14:17
@J12934 J12934 moved this from Done to counter in secureCodeBox v2 Apr 23, 2021
@rseedorff rseedorff added the enhancement New feature or request label May 12, 2021
secureCodeBoxBot added a commit that referenced this pull request Nov 18, 2021
@secureCodeBoxBot
Upgrading kubeaudit from v0.14.2 to v0.15.0
d040210 
Signed-off-by: secureCodeBoxBot <securecodebox@iteratec.com>
## Release changes :
## Summary
 
 CODE_OF_CONDUCT.md CONTRIBUTING.md CONTRIBUTORS.md DCO LICENSE LICENSES Makefile README.md SECURITY.md UPGRADING.md Vagrantfile auto-discovery bin common.mk demo-targets docs hook-sdk hooks hooks.mk lurker operator package-lock.json package-lock.json.license package.json package.json.license parser-sdk scanners scanners.mk sdk.mk tests Adds support for `Job` resources - thank you @superbrothers for this contribution!
 CODE_OF_CONDUCT.md CONTRIBUTING.md CONTRIBUTORS.md DCO LICENSE LICENSES Makefile README.md SECURITY.md UPGRADING.md Vagrantfile auto-discovery bin common.mk demo-targets docs hook-sdk hooks hooks.mk lurker operator package-lock.json package-lock.json.license package.json package.json.license parser-sdk scanners scanners.mk sdk.mk tests Adds option to disable colour output when using `pretty` formatting (package only)
 CODE_OF_CONDUCT.md CONTRIBUTING.md CONTRIBUTORS.md DCO LICENSE LICENSES Makefile README.md SECURITY.md UPGRADING.md Vagrantfile auto-discovery bin common.mk demo-targets docs hook-sdk hooks hooks.mk lurker operator package-lock.json package-lock.json.license package.json package.json.license parser-sdk scanners scanners.mk sdk.mk tests Enabled Dependabot and updates dependencies
 
 ## Changelog
 
 b68cabd Update version to 0.15.0 (#372)
 7f54326 Bump github.com/jetstack/cert-manager from 1.6.0 to 1.6.1 (#371)
 9cdecb3 Bump k8s.io/apiextensions-apiserver from 0.22.2 to 0.22.3 (#368)
 6cc7a75 Add support for kind Job (#370)
 0ef3005 Bump github.com/jetstack/cert-manager from 1.5.4 to 1.6.0 (#365)
 e5c797a Bump k8s.io/apimachinery from 0.22.2 to 0.22.3 (#369)
 d597928 Bump k8s.io/apiextensions-apiserver from 0.21.3 to 0.22.2 (#362)
 79cce8c Remove wip probot (#364)
 700c39f Bump github.com/jetstack/cert-manager from 1.4.1 to 1.5.4 (#363)
 fe44171 Fix dependabot (#358)
 374a428 Support parsing for server specs (#356)
 50c618b Add Support for Services (#353)
 7b57f85 Update dependencies and add dependabot (#354)
 2d8282c Make k8s and override packages public (#351)
 47c31d5 Add option to disable printing results in color (#350)
 ca64457 Remove deprecated mountds auditor (#349)
 863e367 Remove example dependency on internal packages (#348)
 
 
 ## Docker images
 
 - `docker pull shopify/kubeaudit:latest`
 - `docker pull shopify/kubeaudit:0.15.0`
 - `docker pull shopify/kubeaudit:v0.15`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@J12934 J12934 J12934 approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request scanner Implement or update a security scanner
Projects
No open projects
secureCodeBox v2
counter
Milestone
v2.7.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@luckolen @rseedorff @J12934 @luckolen-secura