* feature: exclude certain ports from being scanned
* ruff fixes
* handling exception for vulnerablility modules
* not relying on try and except
* updated documentation, changed flag
* test case for module file
* update test
* mocking the database calls, that's probably the issue
* removed breaking test for now
* coderabbit suggested change, minor code refactoring
* ruff fixes
---------
Signed-off-by: Achintya Jai <153343775+pUrGe12@users.noreply.github.com>
1. Change the date format from d/m/Y to Y-m-d (e.g. 2004-08-28)
2. In the return/output of ssl_certificate_scan in SSL library please add certificate "subject" and "issuer" so these could be logged
3. Rename ssl_version module to ssl_weak_version
4. Change ssl_expired_certificate module to return expired certs only ( do not count expiring_soon certs - it is not a vulnerability!)
5. Create a separate ssl_expiring_certificate module in modules/scan (remember 'expiring soon' is not a vulnerability, so we need to make this a 'scan' module)
6. Rename ssl_signed_certificate module to ssl_certificate_weak_signature and remove the self-signed check from it
7. Create a separate ssl_self_signed_certificate module in modules/vuln
Next in nettacker/core/lib/ssl.py
in class SslLibrary(BaseLibrary): you have ssl_certificate_scan and ssl_version_and_cipher_scan methods.
There is a common code in these two methods so these could be refactored to remove the repetition. Please refactor/improve this.
In ssl_version_and_cipher_scan also please add add to the output /return certificate "subject" ,"issuer" and an expiry date.
This way if a user scans they network using IP addresses and some servers will come up with weak SSL versions/ciphers it will be easier for user to identify the servers using the certificate subject/issuer
James
Achintya Jai
Captain-T2004
Arkadii Yakovets