From a08a2a6ae1c59303aedc2c75425adbcca29a7d84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20Zaj=C4=85c?= Date: Mon, 21 Oct 2024 14:39:28 +0200 Subject: [PATCH 1/4] Fixing export, piggyback: more Nuclei translations --- artemis/reporting/export/main.py | 4 ++-- .../modules/nuclei/translations/nuclei_messages/pl_PL.py | 4 ++++ artemis/reporting/severity.py | 1 + 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/artemis/reporting/export/main.py b/artemis/reporting/export/main.py index cb84806ec..72cd41abe 100644 --- a/artemis/reporting/export/main.py +++ b/artemis/reporting/export/main.py @@ -198,7 +198,7 @@ def export_cli( help="Allows you to filter by the tag you provided when adding targets to be scanned. Only vulnerabilities " "from targets with this tag will be exported.", ), - language: Language = typer.Option(Language.en_US.value, help="Output report language (e.g. pl_PL or en_US)."), # type: ignore + language: str = typer.Option(Language.en_US.value, help="Output report language (e.g. pl_PL or en_US)."), # type: ignore custom_template_arguments: Optional[str] = typer.Option( "", help="Custom template arguments in the form of name1=value1,name2=value2,... - the original templates " @@ -222,7 +222,7 @@ def export_cli( return export( previous_reports_directory=previous_reports_directory, tag=tag, - language=language, + language=Language(language), custom_template_arguments=custom_template_arguments_parsed, silent=silent, verbose=verbose, diff --git a/artemis/reporting/modules/nuclei/translations/nuclei_messages/pl_PL.py b/artemis/reporting/modules/nuclei/translations/nuclei_messages/pl_PL.py index 618b5940c..46855d02b 100644 --- a/artemis/reporting/modules/nuclei/translations/nuclei_messages/pl_PL.py +++ b/artemis/reporting/modules/nuclei/translations/nuclei_messages/pl_PL.py @@ -252,6 +252,7 @@ + UPDATE_HINT, "Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.": "Narzędzie Adminer w wersji poniżej 4.7.9 zawiera podatność Server-Side Request Forgery. Może to umożliwić atakującemu komunikację z usługami w sieci wewnętrznej, a w niektórych konfiguracjach również uzyskanie nieuprawnionego dostępu do systemu." + UPDATE_HINT, + "[no description] http/fuzzing/ssrf-via-proxy.yaml": "Wykryto Server-Side Request Forgery. Może to umożliwić atakującemu komunikację z usługami w sieci wewnętrznej, a w niektórych konfiguracjach również uzyskanie nieuprawnionego dostępu do systemu.", "WordPress Fusion Builder plugin before 3.6.2 is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. An attacker can potentially interact with hosts on the server's local network, bypass firewalls, and access control measures.": "Wtyczka WordPress o nazwie Fusion Builder w wersji poniżej 3.6.2 zawiera podatność Server-Side Request Forgery. Może to umożliwić atakującemu komunikację z usługami w sieci wewnętrznej, a w niektórych konfiguracjach również uzyskanie nieuprawnionego dostępu do systemu." + WORDPRESS_UPDATE_HINT, "WordPress Metform plugin through 2.1.3 is susceptible to information disclosure due to improper access control in the ~/core/forms/action.php file. An attacker can view all API keys and secrets of integrated third-party APIs such as that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more.": "Wtyczka WordPress o nazwie Metform w wersjach do 2.1.3 umożliwia atakującemu pobranie kluczy API usług takich jak PayPal, Stripe, Mailchimp, Hubspot, HelpScout czy reCAPTCHA." @@ -998,6 +999,8 @@ "Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in ThemePunch OHG Essential Grid plugin <= 3.1.0 versions.": "Wtyczka WordPress o nazwie ThemePunch OHG Essential Grid w wersji do 3.1.0 włącznie zawiera podatność " + REFLECTED_XSS_DESCRIPTION + WORDPRESS_UPDATE_HINT, + "[no description] http/exposures/logs/action-controller-exception.yaml": "Wykryto dziennik zdarzeń Action Controller.", + "Detection of SAP NetWeaver ABAP Webserver /public/info page": "Wykryto stronę z informacjami systemu SAP NetWeaver ABAP Webserver.", "An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.": "Memcached w wersji 1.4.31 i wcześniejszych zawiera podatność umożliwiającą potencjalnie atakującemu zdalne wykonanie kodu." + RCE_EFFECT_DESCRIPTION + UPDATE_HINT, @@ -1514,4 +1517,5 @@ "Slurm HPC Dashboard was detected.": "Wykryto panel Slurm HPC.", "http/exposed-panels/gitlab-explore.yaml": "Wykryto system GitLab.", "Micro Focus Enterprise Server Admin panel was detected.": "Wykryto panel Micro Focus Enterprise Server.", + "The presence of SAML-based authentication on GitLab instances. SAML is commonly used for Single Sign-On (SSO) integrations, which allows users to authenticate with GitLab using an external Identity Provider (IdP).": "Wykryto panel GitLab SAML.", } diff --git a/artemis/reporting/severity.py b/artemis/reporting/severity.py index 55a52b326..b6c9d272a 100644 --- a/artemis/reporting/severity.py +++ b/artemis/reporting/severity.py @@ -84,6 +84,7 @@ def get_severity(report: Any) -> Severity: "info": Severity.LOW, "low": Severity.LOW, "medium": Severity.MEDIUM, + "unknown": Severity.MEDIUM, "high": Severity.HIGH, "critical": Severity.HIGH, } From e9ff58b7c273e455353a48779979a7577258f8bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20Zaj=C4=85c?= Date: Mon, 21 Oct 2024 14:42:18 +0200 Subject: [PATCH 2/4] . --- .../modules/nuclei/translations/nuclei_messages/pl_PL.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/artemis/reporting/modules/nuclei/translations/nuclei_messages/pl_PL.py b/artemis/reporting/modules/nuclei/translations/nuclei_messages/pl_PL.py index 46855d02b..0d336c09b 100644 --- a/artemis/reporting/modules/nuclei/translations/nuclei_messages/pl_PL.py +++ b/artemis/reporting/modules/nuclei/translations/nuclei_messages/pl_PL.py @@ -252,7 +252,7 @@ + UPDATE_HINT, "Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.": "Narzędzie Adminer w wersji poniżej 4.7.9 zawiera podatność Server-Side Request Forgery. Może to umożliwić atakującemu komunikację z usługami w sieci wewnętrznej, a w niektórych konfiguracjach również uzyskanie nieuprawnionego dostępu do systemu." + UPDATE_HINT, - "[no description] http/fuzzing/ssrf-via-proxy.yaml": "Wykryto Server-Side Request Forgery. Może to umożliwić atakującemu komunikację z usługami w sieci wewnętrznej, a w niektórych konfiguracjach również uzyskanie nieuprawnionego dostępu do systemu.", + "[no description] http/fuzzing/ssrf-via-proxy.yaml": "Wykryto podatność Server-Side Request Forgery. Może ona umożliwić atakującemu komunikację z usługami w sieci wewnętrznej, a w niektórych konfiguracjach również uzyskanie nieuprawnionego dostępu do systemu.", "WordPress Fusion Builder plugin before 3.6.2 is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. An attacker can potentially interact with hosts on the server's local network, bypass firewalls, and access control measures.": "Wtyczka WordPress o nazwie Fusion Builder w wersji poniżej 3.6.2 zawiera podatność Server-Side Request Forgery. Może to umożliwić atakującemu komunikację z usługami w sieci wewnętrznej, a w niektórych konfiguracjach również uzyskanie nieuprawnionego dostępu do systemu." + WORDPRESS_UPDATE_HINT, "WordPress Metform plugin through 2.1.3 is susceptible to information disclosure due to improper access control in the ~/core/forms/action.php file. An attacker can view all API keys and secrets of integrated third-party APIs such as that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more.": "Wtyczka WordPress o nazwie Metform w wersjach do 2.1.3 umożliwia atakującemu pobranie kluczy API usług takich jak PayPal, Stripe, Mailchimp, Hubspot, HelpScout czy reCAPTCHA." From 7cbb064fd661b4e04be0fa9c59dd5145e6aa78cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20Zaj=C4=85c?= Date: Mon, 21 Oct 2024 21:18:27 +0200 Subject: [PATCH 3/4] load risk, lang --- artemis/modules/dalfox.py | 2 ++ artemis/reporting/export/export_data.py | 4 ++++ artemis/reporting/export/main.py | 4 +++- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/artemis/modules/dalfox.py b/artemis/modules/dalfox.py index 043addbff..893df199e 100644 --- a/artemis/modules/dalfox.py +++ b/artemis/modules/dalfox.py @@ -9,12 +9,14 @@ from karton.core import Task +from artemis import load_risk_class from artemis.binds import Service, TaskStatus, TaskType from artemis.config import Config from artemis.module_base import ArtemisBase from artemis.task_utils import get_target_url +@load_risk_class.load_risk_class(load_risk_class.LoadRiskClass.MEDIUM) class DalFox(ArtemisBase): """ Running the Dalfox tool to scan for XSS vulnerabilities.""" diff --git a/artemis/reporting/export/export_data.py b/artemis/reporting/export/export_data.py index 568106da7..bc3e714e5 100644 --- a/artemis/reporting/export/export_data.py +++ b/artemis/reporting/export/export_data.py @@ -3,6 +3,7 @@ from typing import Dict, List, Optional from artemis.domains import is_domain +from artemis.reporting.base.language import Language from artemis.reporting.base.report import Report from artemis.reporting.base.report_type import ReportType from artemis.reporting.base.reporters import get_all_reporters @@ -23,6 +24,7 @@ class SingleTopLevelTargetExportData: class ExportData: timestamp: datetime.datetime tag: Optional[str] + language: Language scanned_top_level_targets: List[str] scanned_targets: List[str] messages: Dict[str, SingleTopLevelTargetExportData] @@ -32,6 +34,7 @@ class ExportData: def build_export_data( previous_reports: List[Report], tag: Optional[str], + language: Language, db: DataLoader, custom_template_arguments_parsed: Dict[str, str], timestamp: datetime.datetime, @@ -80,6 +83,7 @@ def build_export_data( return ExportData( timestamp=timestamp, tag=tag, + language=language, scanned_top_level_targets=list(db.scanned_top_level_targets), scanned_targets=list(db.scanned_targets), messages=message_data, diff --git a/artemis/reporting/export/main.py b/artemis/reporting/export/main.py index 72cd41abe..29283c4af 100644 --- a/artemis/reporting/export/main.py +++ b/artemis/reporting/export/main.py @@ -151,7 +151,9 @@ def export( db = DB() export_db_connector = DataLoader(db, blocklist, language, tag, silent) timestamp = datetime.datetime.now() - export_data = build_export_data(previous_reports, tag, export_db_connector, custom_template_arguments, timestamp) + export_data = build_export_data( + previous_reports, tag, language, export_db_connector, custom_template_arguments, timestamp + ) date_str = timestamp.isoformat() output_dir = OUTPUT_LOCATION / str(tag) / date_str os.makedirs(output_dir) From db15605af192c76f42a9c7ee74811ecef37d6fc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20Zaj=C4=85c?= Date: Mon, 21 Oct 2024 21:21:25 +0200 Subject: [PATCH 4/4] . --- artemis/reporting/export/export_data.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/artemis/reporting/export/export_data.py b/artemis/reporting/export/export_data.py index bc3e714e5..3a34ceca2 100644 --- a/artemis/reporting/export/export_data.py +++ b/artemis/reporting/export/export_data.py @@ -24,7 +24,7 @@ class SingleTopLevelTargetExportData: class ExportData: timestamp: datetime.datetime tag: Optional[str] - language: Language + language: str scanned_top_level_targets: List[str] scanned_targets: List[str] messages: Dict[str, SingleTopLevelTargetExportData] @@ -83,7 +83,7 @@ def build_export_data( return ExportData( timestamp=timestamp, tag=tag, - language=language, + language=language.value, scanned_top_level_targets=list(db.scanned_top_level_targets), scanned_targets=list(db.scanned_targets), messages=message_data,