Add Ability to execute Nmap Scripting Engine(NSE) scripts, translate tool to spanish and option to schedule scans. #23
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ut format on vulnerabilities front.
… confirm is found on script.
…s related to script by name matching.
…nslate 'welcome' template to spanish. Create navbar as template.
Fix report generation Fix get metadata of extra scripts. Add colors for 'Undefined' and 'Potential' severity levels. Fix quickstart Add 'Undefined' and 'Potential' vulns to topology. Change API scan to use next scan. Add check for metadata info format.
…e scans. Fix bug mark scripts as potential. Add ssh-log4shell NSE script.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some new additions to the project with 3 goals in mind: Allow use of Nmap scripts with the tool(with help of python-nmap), translate tool to spanish and add an option for scheduling scans in the future.
The major hurdle in achieving the first goal was the lack of fields of NSE scripts in comparison with the base scripts of Nerve. Most info is not needed for the scans but in order to run the scripts some major changed were done. First the introduction of new severity levels: 'potential' and 'undefined'. 'Potential' is used when the NSE script output is not clear if it is a vulnerability or not, thus leaving the judgement to the user. 'Undefined' is used when the NSE scripts metadata doesn't specify the severity of the script. And in the case of other less important fields(like the description), the information is omitted if not provided by the script.
When adding new scripts in NSE format to the tool some changes to the code must be done in order to use the tool features to its full potential. More details are specified in the documentation.
Regarding the translations, most of the work is done by flask babel library.
Lastly, scheduled scans are implemented using a redis list. Where scans are ordered by date and only the first/next one is accessed by the different components of the tool.
New features list:
Some other minor changes are not detailed here, like new buttons, navbar changes, etc.