Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Severity" field addition to JSON output #323

Closed
HarryJohnAsir opened this issue Dec 14, 2021 · 6 comments
Closed

"Severity" field addition to JSON output #323

HarryJohnAsir opened this issue Dec 14, 2021 · 6 comments
Assignees
@hahwul
Labels
develope Feature request
Milestone
v2.6.3

Comments

@HarryJohnAsir
Copy link

It would be really helpful if we could have "Severity" added to the JSON output.

Based on the issue severity, Severity field can have value as below.

  1. Info
  2. Low
  3. Medium
  4. Major
  5. Critical

Reference: JSON Output additions #261
@hahwul
Copy link
Owner

hahwul commented Dec 16, 2021

@HarryJohnAsir
Thank you for your opinion!
Dalfox is mostly for checking XSS, so I'm not sure if I can set and include the Severity, but I'll give it a try :D

@hahwul
Copy link
Owner

hahwul commented Dec 16, 2021

In order to simplify and output Severity, I would like to mark it as Low/Medium/High by referring to the OWASP Risk Rating and CVSSv3.

Severity Attribute
Low - BuiltIn-Grep
Medium - XSS (Reflected payload)
- BAV-CRLF
- BAV-SQLi (SQL Error)
- BAV-OpenRedirect
High * XSS (Verified payload)
- BAV-SSTI

Dalfox's severity (not fixed yet.)

In fact, XSS is not reported critically in CVSS, etc. In particular, I think there is a limitation in the risk grade because the a scanner cannot create an Exploit chain.

@hahwul hahwul added this to the v2.6.3 milestone Dec 16, 2021
@hahwul hahwul self-assigned this Dec 16, 2021
@HarryJohnAsir
Copy link
Author

Thank you.

@hahwul
Copy link
Owner

hahwul commented Dec 17, 2021

Test

Screenshot_20211217_222402

hahwul added a commit that referenced this issue Dec 17, 2021
@hahwul
(#323) Add severity in PoC Object
4f725b7 
Signed-off-by: hahwul <[email protected]>
@hahwul
Copy link
Owner

hahwul commented Dec 17, 2021

@HarryJohnAsir
Close the issue by adding the function. It's going to be released on v2.6.3. If there's nothing special, I think it'll be released this weekend!

Thank you :D

@hahwul hahwul closed this as completed Dec 17, 2021
hahwul added a commit that referenced this issue Dec 17, 2021
@hahwul
Update docs (#323)
0210156
@HarryJohnAsir
Copy link
Author

Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hahwul hahwul

Labels
develope Feature request
Projects
None yet
Milestone
v2.6.3
Development

No branches or pull requests
2 participants
@hahwul @HarryJohnAsir