* sarif fully done, dd.json little left
* This is good to go now
* pre-commit fixes
* updated
* removing redundancy and less i/o operations
* ruff fixes
* fixed tests for Path.open
* rabbit suggestions
* added relevant documentation
* slight change in doc
* removing empty files that were added by mistake
* updated datatime format according to coderabbit's suggestions
* feature: exclude certain ports from being scanned
* ruff fixes
* handling exception for vulnerablility modules
* not relying on try and except
* updated documentation, changed flag
* test case for module file
* update test
* mocking the database calls, that's probably the issue
* removed breaking test for now
* coderabbit suggested change, minor code refactoring
* ruff fixes
---------
Signed-off-by: Achintya Jai <153343775+pUrGe12@users.noreply.github.com>
* [feature] add custom headers for http requests via CLI. Removes sensitive info before logging in the database
* better help message
* input validation - coderabbit changes
* ruff fixes
* allow for header chaining with multiple -H flags and for complex headers involving comma separated values
* test case for http.py that include using headers. Added pytest-asyncio for the same
* ruff fixes
* formatting changes suggested by coderabbit
* docs update
* correct usage and en.yaml file
* Update dependencies in poetry.lock and pyproject.toml for new packages
* feat: add SMB brute force module
* feat: add unit tests for SMB brute force module
* ran make pre-commit
---------
Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
* adding default loop policy for asyncio
* added custom wordlist functionality
* lint fix
* bug fixes
* added break after first detection to exit for loop
* removed custom read from brute scans because its already implemented there
* updated according to suggested changes
* cleared old code
* fixed lint
* made requested changes
* made suggested changes
* lint fix
* changed user_wordlist to read_from_file
The issue caused the program to erroneously run a regex pattern on HTML content instead of the request data. This was because the port number wasn't displayed in the HTML's body content. The commit rectifies this problem, ensuring that regex operates on the correct data.
1. changed the date format from "%Y/%m/%d" to "%Y-%m-%d" to make it ANSI and ISO 8601 compliant.
2. Changed the issuer and subject to issuer_str and subject_str which are formatted string from the x509 objects.
3. Added subject to ssl_expired_certificate_vuln and ssl_expiring_certificate_scan modules
1. Change the date format from d/m/Y to Y-m-d (e.g. 2004-08-28)
2. In the return/output of ssl_certificate_scan in SSL library please add certificate "subject" and "issuer" so these could be logged
3. Rename ssl_version module to ssl_weak_version
4. Change ssl_expired_certificate module to return expired certs only ( do not count expiring_soon certs - it is not a vulnerability!)
5. Create a separate ssl_expiring_certificate module in modules/scan (remember 'expiring soon' is not a vulnerability, so we need to make this a 'scan' module)
6. Rename ssl_signed_certificate module to ssl_certificate_weak_signature and remove the self-signed check from it
7. Create a separate ssl_self_signed_certificate module in modules/vuln
Next in nettacker/core/lib/ssl.py
in class SslLibrary(BaseLibrary): you have ssl_certificate_scan and ssl_version_and_cipher_scan methods.
There is a common code in these two methods so these could be refactored to remove the repetition. Please refactor/improve this.
In ssl_version_and_cipher_scan also please add add to the output /return certificate "subject" ,"issuer" and an expiry date.
This way if a user scans they network using IP addresses and some servers will come up with weak SSL versions/ciphers it will be easier for user to identify the servers using the certificate subject/issuer
James
einsibjarni
Achintya Jai
Packet Phantom
dyp4r
tanaydin sirin
Arkadii Yakovets
Sam Stepanyan
Arkadii Yakovets
Captain-T2004