Cyberdefense/VulnWhisperer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

renamed and cleaned columns

Browse Source
This commit is contained in:
nate
2021-08-03 16:39:24 -05:00
parent 61539afa4d
commit ff5f4cb331
2 changed files with 39 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
vulnwhisp/frameworks/qualys_web.py
View File

@ -196,12 +196,11 @@ class qualysScanReport:
"Info#1", "CVSS V3 Base", "CVSS V3 Temporal", "CVSS V3 Attack Vector", "Info#1", "CVSS V3 Base", "CVSS V3 Temporal", "CVSS V3 Attack Vector",
"Request Body #1" "Request Body #1"
] ]
WEB_SCAN_VULN_BLOCK = [CATEGORIES[0]] + WEB_SCAN_BLOCK WEB_SCAN_VULN_BLOCK = [CATEGORIES[0]] + WEB_SCAN_BLOCK
WEB_SCAN_VULN_HEADER = WEB_SCAN_VULN_BLOCK
WEB_SCAN_SENSITIVE_BLOCK = [CATEGORIES[1]] + WEB_SCAN_BLOCK WEB_SCAN_SENSITIVE_BLOCK = [CATEGORIES[1]] + WEB_SCAN_BLOCK
WEB_SCAN_SENSITIVE_HEADER = WEB_SCAN_SENSITIVE_BLOCK
WEB_SCAN_HEADER = ["Vulnerability Category"] + WEB_SCAN_BLOCK
WEB_SCAN_INFO_BLOCK = [ WEB_SCAN_INFO_BLOCK = [
"INFORMATION_GATHERED", "ID", "Detection ID", "QID", "Results", "Detection Date", "INFORMATION_GATHERED", "ID", "Detection ID", "QID", "Results", "Detection Date",
@ -210,7 +209,7 @@ class qualysScanReport:
] ]
WEB_SCAN_INFO_HEADER = [ WEB_SCAN_INFO_HEADER = [
"Vulnerability Category", "ID", "Detection ID", "QID", "Results", "Detection Date", "Vulnerability Category", "ID", "Detection ID", "QID", "Results", "Last Time Detected",
"Unique ID", "Flags", "Protocol", "Virtual Host", "IP", "Port", "Result", "Unique ID", "Flags", "Protocol", "Virtual Host", "IP", "Port", "Result",
"Info#1" "Info#1"
] ]
@ -259,21 +258,20 @@ class qualysScanReport:
self.downloaded_file = None self.downloaded_file = None
def grab_sections(self, report): def grab_sections(self, report):
all_dataframes = [] return {
dict_tracker = {
'WEB_SCAN_VULN_BLOCK': pd.DataFrame( 'WEB_SCAN_VULN_BLOCK': pd.DataFrame(
self.utils.grab_section( self.utils.grab_section(
report, report,
self.WEB_SCAN_VULN_BLOCK, self.WEB_SCAN_VULN_BLOCK,
end=[self.WEB_SCAN_SENSITIVE_BLOCK, self.WEB_SCAN_INFO_BLOCK], end=[self.WEB_SCAN_SENSITIVE_BLOCK, self.WEB_SCAN_INFO_BLOCK],
pop_last=True), pop_last=True),
columns=self.WEB_SCAN_VULN_HEADER), columns=self.WEB_SCAN_HEADER),
'WEB_SCAN_SENSITIVE_BLOCK': pd.DataFrame( 'WEB_SCAN_SENSITIVE_BLOCK': pd.DataFrame(
self.utils.grab_section(report, self.utils.grab_section(report,
self.WEB_SCAN_SENSITIVE_BLOCK, self.WEB_SCAN_SENSITIVE_BLOCK,
end=[self.WEB_SCAN_INFO_BLOCK, self.WEB_SCAN_SENSITIVE_BLOCK], end=[self.WEB_SCAN_INFO_BLOCK, self.WEB_SCAN_SENSITIVE_BLOCK],
pop_last=True), pop_last=True),
columns=self.WEB_SCAN_SENSITIVE_HEADER), columns=self.WEB_SCAN_HEADER),
'WEB_SCAN_INFO_BLOCK': pd.DataFrame( 'WEB_SCAN_INFO_BLOCK': pd.DataFrame(
self.utils.grab_section( self.utils.grab_section(
report, report,
@ -321,10 +319,6 @@ class qualysScanReport:
self.CATEGORY_HEADER), self.CATEGORY_HEADER),
columns=self.CATEGORY_HEADER) columns=self.CATEGORY_HEADER)
} }
all_dataframes.append(dict_tracker)
return all_dataframes
def data_normalizer(self, dataframes): def data_normalizer(self, dataframes):
""" """
@ -332,12 +326,21 @@ class qualysScanReport:
:param dataframes: :param dataframes:
:return: :return:
""" """
df_dict = dataframes[0] df_dict = dataframes
merged_df = pd.concat([df_dict['WEB_SCAN_VULN_BLOCK'], df_dict['WEB_SCAN_SENSITIVE_BLOCK'], merged_df = pd.concat([
df_dict['WEB_SCAN_INFO_BLOCK']], axis=0, df_dict['WEB_SCAN_VULN_BLOCK'],
ignore_index=False) df_dict['WEB_SCAN_SENSITIVE_BLOCK'],
merged_df = pd.merge(merged_df, df_dict['QID_HEADER'], left_on='QID', df_dict['WEB_SCAN_INFO_BLOCK']
right_on='Id') ], axis=0, ignore_index=False)
merged_df = pd.merge(
merged_df,
df_dict['QID_HEADER'].drop(
#these columns always seem to be the same as what we're merging into
['CVSS V3 Attack Vector', 'CVSS V3 Base', 'CVSS V3 Temporal'],
axis=1),
left_on='QID', right_on='Id'
)
if 'Content' not in merged_df: if 'Content' not in merged_df:
merged_df['Content'] = '' merged_df['Content'] = ''
@ -354,8 +357,11 @@ class qualysScanReport:
merged_df = merged_df.assign(**df_dict['SCAN_META'].to_dict(orient='records')[0]) merged_df = merged_df.assign(**df_dict['SCAN_META'].to_dict(orient='records')[0])
merged_df = pd.merge(merged_df, df_dict['CATEGORY_HEADER'], how='left', left_on=['Category', 'Severity Level'], merged_df = pd.merge(
right_on=['Category', 'Severity'], suffixes=('Severity', 'CatSev')) merged_df, df_dict['CATEGORY_HEADER'],
how='left', left_on=['Category', 'Severity Level'],
right_on=['Category', 'Severity'], suffixes=('Severity', 'CatSev')
)
merged_df = merged_df.replace('N/A', '').fillna('') merged_df = merged_df.replace('N/A', '').fillna('')

13
vulnwhisp/vulnwhisp.py
View File

@ -530,10 +530,14 @@ class vulnWhispererQualys(vulnWhispererBase):
'Ajax Request ID': 'ajax_request_id', 'Ajax Request ID': 'ajax_request_id',
'Authentication': 'authentication', 'Authentication': 'authentication',
'CVSS Base': 'cvss', 'CVSS Base': 'cvss',
'CVSS V3 Attack Vector': 'cvss_v3_attack_vector',
'CVSS V3 Base': 'cvss_v3_base',
'CVSS V3 Temporal': 'cvss_v3_temporal',
'CVSS Temporal': 'cvss_temporal', 'CVSS Temporal': 'cvss_temporal',
'CWE': 'cwe', 'CWE': 'cwe',
'Category': 'category', 'Category': 'category',
'Content': 'content', 'Content': 'content',
'Custom Attributes': 'custom_attributes',
'DescriptionSeverity': 'severity_description', 'DescriptionSeverity': 'severity_description',
'DescriptionCatSev': 'category_description', 'DescriptionCatSev': 'category_description',
'Detection ID': 'detection_id', 'Detection ID': 'detection_id',
@ -549,15 +553,19 @@ class vulnWhispererQualys(vulnWhispererBase):
'Ignore User': 'ignore_user', 'Ignore User': 'ignore_user',
'Ignored': 'ignored', 'Ignored': 'ignored',
'Impact': 'impact', 'Impact': 'impact',
'Info#1': 'info_1',
'Last Time Detected': 'last_time_detected', 'Last Time Detected': 'last_time_detected',
'Last Time Tested': 'last_time_tested', 'Last Time Tested': 'last_time_tested',
'Level': 'level', 'Level': 'level',
'OWASP': 'owasp', 'OWASP': 'owasp',
'Operating System': 'operating_system', 'Operating System': 'operating_system',
'Owner': 'owner', 'Owner': 'owner',
'Param': 'param', 'Param/Cookie': 'param',
'Payload #1': 'payload_1', 'Payload #1': 'payload_1',
'Port': 'port',
'Protocol': 'protocol',
'QID': 'plugin_id', 'QID': 'plugin_id',
'Request Body #1': 'request_body_1',
'Request Headers #1': 'request_headers_1', 'Request Headers #1': 'request_headers_1',
'Request Method #1': 'request_method_1', 'Request Method #1': 'request_method_1',
'Request URL #1': 'request_url_1', 'Request URL #1': 'request_url_1',
@ -566,11 +574,14 @@ class vulnWhispererQualys(vulnWhispererBase):
'Severity': 'risk', 'Severity': 'risk',
'Severity Level': 'security_level', 'Severity Level': 'security_level',
'Solution': 'solution', 'Solution': 'solution',
'Tags': 'tags',
'Times Detected': 'times_detected', 'Times Detected': 'times_detected',
'Title': 'plugin_name', 'Title': 'plugin_name',
'URL': 'url', 'URL': 'url',
'Unique ID': 'unique_id',
'Url': 'uri', 'Url': 'uri',
'Vulnerability Category': 'vulnerability_category', 'Vulnerability Category': 'vulnerability_category',
'Virtual Host': 'virutal_host',
'WASC': 'wasc', 'WASC': 'wasc',
'Web Application Name': 'web_application_name'} 'Web Application Name': 'web_application_name'}