def parseOutputString(self, output):
parser = NipperParser(output, debug=False)
for vuln in parser.vulns_first:
for device in vuln.affected_devices:
ip = resolve_hostname(device)
h_id = self.createAndAddHost(ip, hostnames = device)
self.createAndAddVulnToHost(h_id,
name = vuln.name,
desc = vuln.data,
severity = vuln.rating,
resolution = vuln.recommendation,
data = vuln.data,
ref = [],
policyviolations = []
)
for vuln in parser.vulns_audit:
if vuln.data:
ip = resolve_hostname(device)
h_id = self.createAndAddHost(ip, hostnames = vuln.device)
self.createAndAddVulnToHost(h_id,
name = vuln.name,
desc = vuln.data,
severity = '',
resolution = '',
data = vuln.data,
ref = vuln.refs
)
def parseOutputString(self, output):
"""
This method will discard the output the shell sends, it will read it
from the xml where it expects it to be present.
"""
parser = ArachniXmlParser(output)
# Check xml parsed ok...
if not parser.system:
return
self.hostname = self.getHostname(parser.system.url)
if parser.plugins.ip:
self.address = resolve_hostname(parser.plugins.ip)
else:
self.address = resolve_hostname(self.hostname)
# Create host and interface
host_id = self.createAndAddHost(self.address,
hostnames=[self.hostname])
# Create service
service_id = self.createAndAddServiceToHost(host_id,
self.protocol,
'tcp',
ports=[self.port],
status='open',
version='',
description='')
# Create issues.
for issue in parser.issues:
description = str(issue.description)
resol = str(issue.remedy_guidance)
references = issue.references
if issue.cwe != 'None':
references.append('CWE-' + str(issue.cwe))
if resol == 'None':
resol = ''
self.createAndAddVulnWebToService(host_id,
service_id,
name=issue.name,
desc=description,
resolution=resol,
ref=references,
severity=issue.severity,
website=self.hostname,
path=issue.url,
method=issue.method,
pname=issue.var,
params=issue.parameters,
request=issue.request,
response=issue.response)
return
def parseOutputString(self, output):
parser = NetsparkerXmlParser(output)
first = True
for i in parser.items:
if first:
ip = resolve_hostname(i.hostname)
h_id = self.createAndAddHost(ip, hostnames=[ip])
s_id = self.createAndAddServiceToHost(h_id, str(i.port),
protocol = str(i.protocol),
ports=[str(i.port)],
status="open")
first = False
if i.resolution is not None:
resolution = BeautifulSoup(i.resolution, "lxml").text
else:
resolution = ""
if i.desc is not None:
desc = BeautifulSoup(i.desc, "lxml").text
else:
desc = ""
if i.name_title is None:
name = i.name
else:
name = i.name_title
v_id = self.createAndAddVulnWebToService(h_id, s_id, name, ref=i.ref, website=i.hostname,
severity=i.severity, desc=desc, path=i.url, method=i.method,
request=i.request, response=i.response, resolution=resolution,
pname=i.param, data=i.data)
del parser
def parseOutputString(self, output):
parser = ReconngParser(output)
for host in parser.hosts:
h_id = self.createAndAddHost(
host['ip'],
hostnames=[host['host']]
)
self.host_mapper[host['host']] = h_id
for vuln in parser.vulns:
if vuln['host'] not in list(self.host_mapper.keys()):
ip = resolve_hostname(vuln['host'])
h_id = self.createAndAddHost(
ip,
hostnames=[vuln['host']]
)
self.host_mapper[vuln['host']] = h_id
else:
h_id = self.host_mapper[vuln['host']]
self.createAndAddVulnToHost(
name='Recon-ng found: ' + vuln['category'] + ' vulnerability',
desc='Found by module: ' + vuln['module'],
severity=vuln['severity'],
ref=[vuln['reference']],
host_id=h_id,
data=vuln['example']
)
def parseOutputString(self, output):
parser = NetsparkerCloudXmlParser(output)
first = True
for i in parser.items:
if first:
ip = resolve_hostname(i.hostname)
h_id = self.createAndAddHost(ip, hostnames=[i.hostname])
s_id = self.createAndAddServiceToHost(h_id,
i.protocol,
ports=[i.port],
status="open")
first = False
v_id = self.createAndAddVulnWebToService(h_id,
s_id,
i.name,
ref=i.ref,
website=i.hostname,
severity=i.severity,
desc=i.desc,
path=i.url.path,
method=i.method,
request=i.request,
response=i.response,
resolution=i.resolution,
pname=i.param)
del parser
def parseOutputString(self, output):
# Find data path
data_path_search = re.search(r"in '(.*)\/'", output)
print(data_path_search)
if not data_path_search:
# No data path found
return True
# Parse "peepingtom.html" report and extract results
data_path = data_path_search.groups()[0]
html = open(path.join(self._path, data_path, "peepingtom.html")).read()
for url in re.findall(r'href=[\'"]?([^\'" >]+)', html):
if "://" in url:
url_parsed = urlparse(url)
address = resolve_hostname(url_parsed.netloc)
host = self.createAndAddHost(address)
service = self.createAndAddServiceToHost(host, "http", protocol="tcp", ports=[80])
self.createAndAddNoteToService(
host,
service,
'screenshot',
path.join(
self._path,
data_path_search.groups()[0],
"{}.png".format(url.replace(
"://", "").replace("/", "").replace(".", ""))
)
)
return True
def __init__(self, output):
lists = output.split("\n")
self.items = []
for line in lists:
mregex = re.search("WARN: ([\w\.]+) ([\w]+) ([\w\.]+):", line)
if mregex is not None:
item = {
'host': mregex.group(1),
'ip': mregex.group(3),
'type': mregex.group(2)}
self.items.append(item)
mregex = re.search(
"Getting zone transfer of ([\w\.]+) from ([\w\.]+)\.\.\.done\.",
line)
if mregex is not None:
ip = resolve_hostname(mregex.group(2))
item = {
'host': mregex.group(1),
'ip': ip,
'type': 'info'}
self.items.append(item)
def parseOutputString(self, output):
parser = W3afXmlParser(output)
ip = resolve_hostname(parser.host)
h_id = self.createAndAddHost(ip, hostnames=[parser.host])
s_id = self.createAndAddServiceToHost(h_id,
"http",
"tcp",
ports=[parser.port],
status="open")
for item in parser.items:
self.createAndAddVulnWebToService(h_id,
s_id,
item.name,
item.detail,
pname=item.param,
data=item.longdetail,
path=item.url,
website=parser.host,
severity=item.severity,
method=item.method,
request=item.req,
resolution=item.resolution,
ref=item.ref,
response=item.resp)
del parser
def getIP(self, host):
try:
ip = resolve_hostname(host)
except Exception:
pass
return ip
def resolveNS(self, item, items):
try:
item['hosts'][0] = item['ip']
item['ip'] = resolve_hostname(item['ip'])
except:
pass
return item
def parseOutputString(self, output, debug=False):
parser = NucleiJsonParser(output)
matched_list = []
matched_json = {}
for vuln in parser.list_to_vulns:
if vuln != '':
json_vuln = json.loads(vuln)
matched = json_vuln.get('matched', None)
if matched is not None:
url_parser = urlparse(matched)
url_scheme = f'{url_parser.scheme}://{url_parser.hostname}'
if url_scheme in matched_list:
matched_json[url_scheme].append(json_vuln)
else:
matched_list.append(url_scheme)
matched_json[url_scheme] = [json_vuln]
for url in matched_list:
url_data = urlparse(url)
url_name = url_data.hostname
url_protocol = url_data.scheme
ip = resolve_hostname(url_name)
host_id = self.createAndAddHost(name=ip, hostnames=[url_name])
port = 80
if url_parser.scheme == 'https':
port = 443
service_id = self.createAndAddServiceToHost(host_id,
name=url_parser.scheme,
ports=port,
protocol="tcp",
status='open',
version='',
description='')
for info_vuln in matched_json[url]:
desc = f'{info_vuln.get("template", None)} - {info_vuln.get("author", None)}'
if info_vuln.get("author", None):
ref = [f"author: {info_vuln.get('author', None)}"]
else:
ref = None
self.createAndAddVulnWebToService(
host_id,
service_id,
name=info_vuln.get('template', ""),
desc=info_vuln.get('description',
info_vuln.get('name', None)),
ref=ref,
severity=info_vuln.get('severity', ""),
website=url,
request=info_vuln.get('request', None),
response=info_vuln.get('response', None),
method=info_vuln.get('type', None),
data=info_vuln.get('matcher_name',
info_vuln.get('name', None)),
external_id=info_vuln.get('template', ""))
def parseOutputString(self, output):
matches = re.findall("Name Server:\s*(.*)\s*", output)
if not matches:
matches = re.findall("nserver:\s*(.*)\s*", output)
if not matches:
ip = re.findall(r'[0-9]+(?:\.[0-9]+){3}', self.command_string)
if not ip:
url = self.command_string.replace('whois ', '')
ip = [resolve_hostname(url)]
matches_descr = re.findall("descr:\s*(.*)\s*", output)
matches_netname = re.findall("NetName:\s*(.*)\s*", output)
if not matches_netname:
matches_netname = re.findall("netname:\s*(.*)\s*", output)
matches_ref = re.findall("Ref:\s*(.*)\s*", output)
desc = ""
ref = []
os_name = "unknown"
for md in matches_descr:
desc = md.strip()
for mr in matches_ref:
ref.append(mr.strip())
for osname in matches_netname:
os_name = osname.strip()
self.createAndAddHost(ip[0],
os_name,
hostnames=[ref],
description=desc)
else:
for m in matches:
m = m.strip()
url = re.findall(r'https?://[^\s<>"]+|.[^\s<>"]+', str(m))
ip = resolve_hostname(url[0])
self.createAndAddHost(ip, hostnames=[m])
matches_domain = re.findall("Domain Name:\s*(.*)\s*", output)
for md in matches_domain:
md = md.strip()
ip = resolve_hostname(md)
self.createAndAddHost(ip, hostnames=[md])
return True
def parseOutputString(self, output):
"""
This method will discard the output the shell sends, it will read it
from the xml where it expects it to be present.
NOTE: if 'debug' is true then it is being run from a test case and the
output being sent is valid.
"""
if not os.path.isdir(self._output_file_path):
return False
p = SkipfishParser(self._output_file_path)
hostc = {}
for issue in p.issues:
for sample in issue["samples"]:
if not sample["url"] in hostc:
reg = re.search(
"(http|https|ftp)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&%\$\-]+)*@)*((25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[0-9])|localhost|([a-zA-Z0-9\-]+\.)*[a-zA-Z0-9\-]+\.(com|edu|gov|int|mil|net|org|biz|arpa|info|name|pro|aero|coop|museum|[a-zA-Z]{2}))[\:]*([0-9]+)*([/]*($|[a-zA-Z0-9\.\,\?\'\\\+&%\$#\=~_\-]+)).*?$",
sample["url"])
protocol = reg.group(1)
host = reg.group(4)
if reg.group(11) is not None:
port = reg.group(11)
else:
port = 443 if protocol == "https" else 80
ip = resolve_hostname(host)
h_id = self.createAndAddHost(ip, hostnames=[host])
s_id = self.createAndAddServiceToHost(h_id,
"http",
"tcp",
ports=[port],
status="open")
hostc[sample["url"]] = {
'h_id': h_id,
'ip': ip,
'port': port,
'host': host,
'protocol': protocol,
's_id': s_id
}
d = hostc[sample["url"]]
self.createAndAddVulnWebToService(
d['h_id'],
d['s_id'],
name=p.err_msg[str(issue["type"])],
desc="Extra: " + sample["extra"],
website=d['host'],
path=sample["url"],
severity=issue["severity"])
def resolveCNAME(self, item, items):
for i in items:
if (item['ip'] in i['hosts']):
item['ip'] = i['ip']
return item
try:
item['ip'] = resolve_hostname(item['ip'])
except:
pass
return item
def __init__(self, item_node):
self.node = item_node
self.url = self.get_url(item_node)
if self.url.hostname is not None:
self.ip = resolve_hostname(self.url.hostname)
else:
self.ip = '0.0.0.0'
self.hostname = self.url.hostname
self.port = self.get_port(self.url)
self.scheme = self.url.scheme
self.vulns = self.get_vulns(item_node)
def __init__(self, item_node):
self.node = item_node
self.host = self.node.get('host')
self.ip = resolve_hostname(self.host)
self.port = self.node.get('port')
self.items = []
for alert in self.node.findall('alerts/alertitem'):
self.items.append(Item(alert))
def parseOutputString(self, output):
host_info = re.search(r"Connected to (.+)\.", output)
hostname = host_info.group(1)
ip_address = resolve_hostname(hostname)
if host_info is not None:
h_id = self.createAndAddHost(ip_address, hostnames=[hostname])
s_id = self.createAndAddServiceToHost(h_id,
self._port,
"tcp",
ports=[self._port],
status="open")
return True
def __init__(self, output, goohost_scantype):
self.items = []
lines = list(filter(None, output.split('\n')))
for line in lines:
if goohost_scantype == 'ip':
data = line.split()
item = {'host': data[0], 'ip': data[1]}
self.add_host_info_to_items(item['ip'], item['host'])
elif goohost_scantype == 'host':
data = line.strip()
item = {'host': data, 'ip': resolve_hostname(data)}
self.add_host_info_to_items(item['ip'], item['host'])
else:
item = {'data': line}
def parseOutputString(self, output):
host_info = re.search(r"Connected to (.+)\.", output)
banner = re.search("220?([\w\W]+)$", output)
if re.search("Connection timed out",
output) is None and host_info is not None:
hostname = host_info.group(1)
ip_address = resolve_hostname(hostname)
self._version = banner.groups(0) if banner else ""
h_id = self.createAndAddHost(ip_address, hostnames=[hostname])
s_id = self.createAndAddServiceToHost(h_id,
"ftp",
"tcp",
ports=[self._port],
status="open")
return True
def __init__(self, xml_output):
self.srv = {
'ftp': '21',
'http': '80',
'imap': '143',
'mssql': '1433',
'mysql': '3306',
'ncp': '524',
'nntp': '119',
'pcanywhere': '5631',
'pop3': '110',
'postgres': '5432',
'rexec': '512',
'rlogin': '******',
'rsh': '514',
'smbnt': 'smbnt',
'smtp': '25',
'smtp-vrfy': 'smtp-vrfy',
'snmp': '161',
'ssh': '22',
'svn': '3690',
'telnet': '23',
'vmauthd': 'vmauthd',
'vnc': '5900',
'web-form': 'web-form',
'wrapper': 'wrapper'
}
lines = xml_output.splitlines()
self.items = []
for line in lines:
reg = re.search(
"ACCOUNT FOUND: \[([^$]+)\] Host: ([^$]+) User: ([^$]+) Password: ([^$]+) \[SUCCESS\]",
line)
if reg:
item = {
'service': reg.group(1),
'host': reg.group(2),
'user': reg.group(3),
'pass': reg.group(4)
}
item['ip'] = resolve_hostname(item['host'])
item['port'] = self.srv[item['service']]
self.items.append(item)
def __init__(self, item_node):
self.node = item_node
url_data = self.get_url(self.node)
self.protocol = url_data.scheme
if url_data.hostname:
self.host = url_data.hostname
else:
self.host = None
# Use the port in the URL if it is defined, or 80 or 443 by default
self.port = url_data.port or (443 if url_data.scheme == "https" else 80)
self.ip = resolve_hostname(self.host)
self.os = self.get_text_from_subnode('Os')
self.banner = self.get_text_from_subnode('Banner')
self.items = []
for alert in self.node.findall('ReportItems/ReportItem'):
self.items.append(Item(alert))
def parseOutputString(self, output):
"""
This method will discard the output the shell sends, it will read it from
the xml where it expects it to be present.
NOTE: if 'debug' is true then it is being run from a test case and the
output being sent is valid.
"""
parser = HydraParser(output)
hosts = defaultdict(list)
service = ''
port = ''
for item in parser.items:
service = item['plugin']
port = item['port']
hosts[item['ip']].append([item['login'], item['password']])
for k, v in hosts.items():
ip = resolve_hostname(k)
if ip != k:
hostnames = [k]
else:
hostnames = None
h_id = self.createAndAddHost(ip, hostnames=hostnames)
s_id = self.createAndAddServiceToHost(h_id,
service,
ports=[port],
protocol="tcp",
status="open")
for cred in v:
self.createAndAddCredToService(h_id, s_id, cred[0], cred[1])
self.createAndAddVulnToService(
h_id,
s_id,
"Weak Credentials",
"[hydra found the following credentials]\nuser:%s\npass:%s"
% (cred[0], cred[1]),
severity="high")
del parser
def parse_json(self, contents):
try:
data = json.loads(contents)
except ValueError:
self.logger.error(
'Error parsing report. Make sure the file has valid '
'JSON', 'ERROR')
return
for (base_url, items) in data.items():
base_split = urlparse.urlsplit(base_url)
ip = resolve_hostname(base_split.hostname)
h_id = self.createAndAddHost(ip, hostnames=[base_split.hostname])
s_id = self.createAndAddServiceToHost(h_id,
base_split.scheme,
'tcp', [base_split.port],
status="open")
for item in items:
self.parse_found_url(base_url, h_id, s_id, item)
def get_host(self, server_location):
port = server_location.get('port', None)
hostname = server_location.get('hostname', None)
ip = server_location.get('ip_address', resolve_hostname(hostname))
if port != 443:
url = f"https://{hostname}:{port}"
else:
url = f"https://{hostname}"
json_host = {
"name": 'https',
"ip": ip,
"hostname": hostname,
"port": port,
"protocol": 'tcp',
"url": url
}
return json_host
def parseOutputString(self, output):
parametro = []
lineas = output.split("\n")
aux = 0
for linea in lineas:
if not linea:
continue
linea = linea.lower()
if ((linea.find("target:") > 0)):
url = re.findall('(?:[-\w.]|(?:%[\da-fA-F]{2}))+', linea)
address = resolve_hostname(url[3])
host_id = self.createAndAddHost(address, hostnames=url[3])
if ((linea.find("method") > 0)):
list_a = re.findall("\w+", linea)
metodo = list_a[1]
if ((linea.find("query string:") > 0)):
lista_parametros = linea.split('=')
aux = len(lista_parametros)
if ((linea.find("param:") > 0)):
list2 = re.findall("\w+", linea)
parametro.append(list2[1])
service_id = self.createAndAddServiceToHost(host_id,
self.protocol,
'tcp',
ports=['80'],
status='Open',
version="",
description="")
if aux != 0:
self.createAndAddVulnWebToService(host_id,
service_id,
name="xss",
desc="XSS",
ref='',
severity='med',
website=url[0],
path='',
method=metodo,
pname='',
params=''.join(parametro),
request='',
response='')
def parseOutputString(self, output):
parser = AppScanParser(output)
scan_type = parser.scan_type
if scan_type == 'DAST':
for issue in parser.issues:
host = issue.pop("host")
port = issue.pop("port")
service_name = issue.pop("service_name")
ip = resolve_hostname(host)
host_os = issue.pop("os")
host_id = self.createAndAddHost(ip, hostnames=host, os=host_os)
service_id = self.createAndAddServiceToHost(host_id, service_name, ports=port)
self.createAndAddVulnWebToService(host_id=host_id, service_id=service_id, **issue)
elif scan_type == 'SAST':
for issue in parser.issues:
source_file = issue.pop('source_file')
host_id = self.createAndAddHost(source_file)
self.createAndAddVulnToHost(host_id=host_id, **issue)
def parseOutputString(self, output):
lineas = output.split("\n")
parametro = []
found_vuln = False
for linea in lineas:
if linea.find("is available! Good!") > 0:
url = re.findall('(?:[-\w.]|(?:%[\da-fA-F]{2}))+', linea)[0]
port = 80
if urlparse(url).scheme == 'https':
port = 443
netloc_splitted = urlparse(url).netloc.split(':')
if len(netloc_splitted) > 1:
port = netloc_splitted[1]
if linea.find("Vulnerable") > 0 and "No" not in linea:
vuln_list = re.findall("\w+", linea)
if vuln_list[2] == "Vulnerable":
parametro.append(vuln_list[1])
found_vuln = len(parametro) > 0
address = resolve_hostname(url)
host_id = self.createAndAddHost(url, hostnames=[url])
service_id = self.createAndAddServiceToHost(host_id,
self.protocol,
'tcp',
ports=[port],
status='Open',
version="",
description="")
if found_vuln:
self.createAndAddVulnWebToService(host_id,
service_id,
name="xss",
desc="XSS",
ref='',
severity='med',
website=url,
path='',
method='',
pname='',
params=''.join(parametro),
request='',
response='')
def parseOutputString(self, output):
try:
parser = CobaltParser(output)
except:
print("Error parser output")
return None
for row in parser.rows:
url = row['BrowserUrl']
if not url:
continue
url_data = urlparse(url)
scheme = url_data.scheme
port = url_data.port
try:
run_date = dateutil.parser.parse(row['CreatedAt'])
except:
run_date = None
if url_data.port is None:
if scheme == 'https':
port = 443
elif scheme == 'http':
port = 80
else:
port = url_data.port
name = resolve_hostname(url_data.netloc)
references = []
if row['RefKey']:
references.append(row['RefKey'])
if row['ResearcherUrl']:
references.append(row['ResearcherUrl'])
references.append(row['ReportUrl'])
request = row['HttpRequest'] if row['HttpRequest'] else row['BrowserUrl']
h_id = self.createAndAddHost(name=name, hostnames=[url_data.netloc])
s_id = self.createAndAddServiceToHost(h_id, scheme, "tcp", ports=port, status="open")
self.createAndAddVulnWebToService(h_id, s_id, name=row['Title'], desc=row['Description'],
ref=references, resolution=row['SuggestedFix'],
website=url_data.netloc, request=request,
pname=url_data.params, category=row['Type'], path=url_data.path,
data=row['StepsToReproduce'], external_id=row['Tag'], run_date=run_date)
def getIpAndId(self, node):
# Find node ID and maltego entity
node_id = node.get("id")
entity = node.find(
"{http://graphml.graphdrawing.org/xmlns}data/"
"{http://maltego.paterva.com/xml/mtgx}MaltegoEntity")
# Check if is IPv4Address
if entity.get("type") not in ("maltego.IPv4Address", "maltego.Domain", "maltego.Website"):
return None
# Get IP value
value = entity.find(
"{http://maltego.paterva.com/xml/mtgx}Properties/"
"{http://maltego.paterva.com/xml/mtgx}Property/"
"{http://maltego.paterva.com/xml/mtgx}Value")
if entity.get("type") in ("maltego.Domain", "maltego.Website"):
ip = resolve_hostname(value.text)
hostname = value.text
else:
ip = value.text
hostname = None
return {"node_id": node_id, "ip": ip, "hostname": hostname}
def parseOutputString(self, output, debug=False):
for vuln_json in filter(lambda x: x != '', output.split("\n")):
vuln_dict = json.loads(vuln_json)
host = vuln_dict.get('host')
url_data = urlparse(host)
ip = vuln_dict.get("ip", resolve_hostname(url_data.hostname))
host_id = self.createAndAddHost(
name=ip,
hostnames=[url_data.hostname])
port = url_data.port
if not port:
if url_data.scheme == 'https':
port = 443
else:
port = 80
service_id = self.createAndAddServiceToHost(
host_id,
name=url_data.scheme,
ports=port,
protocol="tcp",
status='open',
version='',
description='web server')
matched = vuln_dict.get('matched')
matched_data = urlparse(matched)
reference = vuln_dict["info"].get('reference', [])
if reference:
if isinstance(reference, str):
if re.match('^- ', reference):
reference = list(filter(None, [re.sub('^- ','', elem) for elem in reference.split('\n')]))
else:
reference = [reference]
references = vuln_dict["info"].get('references', [])
if references:
if isinstance(references, str):
if re.match('^- ', references):
references = list(filter(None, [re.sub('^- ','', elem) for elem in references.split('\n')]))
else:
references = [references]
cwe = vuln_dict['info'].get('cwe', [])
capec = vuln_dict['info'].get('capec', [])
refs = list(set(reference + references + cwe + capec)).sort()
tags = vuln_dict['info'].get('tags', '').split(',')
impact = vuln_dict['info'].get('impact')
resolution = vuln_dict['info'].get('resolution', '')
easeofresolution = vuln_dict['info'].get('easeofresolution')
request = vuln_dict.get('request', '')
if request:
method = request.split(" ")[0]
else:
method = ""
data = [f"Matched: {vuln_dict.get('matched')}",
f"Tags: {vuln_dict['info'].get('tags')}",
f"Template ID: {vuln_dict['templateID']}"]
name = vuln_dict["info"].get("name")
run_date = vuln_dict.get('timestamp')
if run_date:
run_date = dateutil.parser.parse(run_date)
self.createAndAddVulnWebToService(
host_id,
service_id,
name=name,
desc=vuln_dict["info"].get("description", name),
ref=refs,
severity=vuln_dict["info"].get('severity'),
tags=tags,
impact=impact,
resolution=resolution,
easeofresolution=easeofresolution,
website=host,
request=request,
response=vuln_dict.get('response', ''),
method=method,
query=matched_data.query,
params=matched_data.params,
path=matched_data.path,
data="\n".join(data),
external_id=f"NUCLEI-{vuln_dict.get('templateID', '')}",
run_date=run_date
)
