faraday-plugins 1.22.0

Faraday plugins package

Install

pip install faraday-plugins

Commands

List Plugins

List all plugins and if its compatible with command or/and report

Optional params:

• -cpf / --custom-plugins-folder PATH: If given will also look for custom plugins on that path

faraday-plugins list-plugins

Test autodetect plugin from command

faraday-plugins detect-command "ping -c 4 www.google.com"

Faraday Plugin: ping

Test process command with plugin

Optional params:

• --plugin_id PLUGIN_ID: Dont detect the plugin, use this one
• -cpf / --custom-plugins-folder PATH: If given will also look for custom plugins on that path
• -dr / --dont-run: Dont run, just show the generated command
• -o / --output-file PATH: send json outout to file instead of stdout
• -sh / --show-output: show the output of the command

faraday-plugins process-command "ping -c4 www.google.com"
{
    "hosts": [
        {
            "ip": "216.58.202.36",
            "os": "unknown",
            "hostnames": [
                "www.google.com"
            ],
            "description": "",
            "mac": null,
            "credentials": [],
            "services": [],
            "vulnerabilities": [],
            "tags": []
        }
    ],
    "command": {
        "tool": "ping",
        "command": "ping",
        "params": "-c4 www.google.com",
        "user": "user",
        "hostname": "",
        "start_date": "2020-06-19T17:02:37.982293",
        "duration": 39309,
        "import_source": "shell"
    }
}

Test autodetect plugin from report

faraday-plugins detect-report /path/to/report.xml

Faraday Plugin: Nmap

Test report with plugin

Optional params:

• --plugin_id PLUGIN_ID: Dont detect the plugin, use this one
• -cpf / --custom-plugins-folder PATH: If given will also look for custom plugins on that path

faraday-plugins process-report /path/to/nmap_report.xml

{
    "hosts": [
        {
            "ip": "192.168.66.1",
            "os": "unknown",
            "hostnames": [],
            "description": "",
            "mac": "00:00:00:00:00:00",
            "credentials": [],
            "services": [
                {
                    "name": "domain",
                    "protocol": "tcp",
                    "port": 53,
                    "status": "open",
                    "version": "",
                    "description": "domain",
                    "credentials": [],
                    "vulnerabilities": [],
                    "tags": []
                },
                {
                    "name": "netbios-ssn",
                    "protocol": "tcp",
                    "port": 139,
                    "status": "open",
                    "version": "",
                    "description": "netbios-ssn",
                    "credentials": [],
                    "vulnerabilities": [],
                    "tags": []
                }
            ],
            "vulnerabilities": [],
            "tags": []
        }
    ],
    "command": {
        "tool": "Nmap",
        "command": "Nmap",
        "params": "/path/to/nmap_report.xml",
        "user": "user",
        "hostname": "",
        "start_date": "2020-06-19T17:22:11.608134",
        "duration": 1233,
        "import_source": "report"
    }
}

Plugin Logger

To use it you must call self.logger.debug("some message")

export PLUGIN_DEBUG=1
faraday-plugins proces-report /path/to/report.xml
2019-11-15 20:37:03,355 - faraday.faraday_plugins.plugins.manager - INFO [manager.py:113 - _load_plugins()]  Loading Native Plugins...
2019-11-15 20:37:03,465 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()]  Load Plugin [acunetix]
2019-11-15 20:37:03,495 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()]  Load Plugin [amap]
2019-11-15 20:37:03,549 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()]  Load Plugin [appscan]
2019-11-15 20:37:03,580 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()]  Load Plugin [arachni]
2019-11-15 20:37:03,613 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()]  Load Plugin [arp_scan]
2019-11-15 20:37:03,684 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()]  Load Plugin [beef]
2019-11-15 20:37:03,714 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()]  Load Plugin [brutexss]
2019-11-15 20:37:03,917 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()]  Load Plugin [burp]
2019-11-15 20:37:03,940 - faraday.faraday_plugins.plugins.manager - DEBUG [manager.py:123 - _load_plugins()]  Load Plugin [dig]
...

More documentation here https://docs.faradaysec.com/Basic-plugin-development/

1.22.0 [Jan 30th, 2025]:

• [ADD] Added support for cvss4 in faraday cvs. #355
• [FIX] Fixed description and CI Bandit update. #361

1.21.0 [Jan 6th, 2025]:

• [ADD] Added Saint CSV report processor. #353

1.20.0 [Nov 21st, 2024]:

• [FIX] Duplicate detection vulnerability in the Burp plugin. #354

1.19.1 [Sep 20th, 2024]:

• [MOD] Updated the SSLyze JSON parser to support and correctly process scan results from SSLyze version 6. #349
• [FIX] Crowdstrike IP resolution for asset. #350
• [FIX] Corrected a hostname resolution issue that was causing traceback errors and malfunctioning of the plugin. This fix ensures proper hostname resolution and stabilizes plugin performance. #351

1.19.0 [Aug 23rd, 2024]:

• [ADD] Added owasp dependency check. #100
• [ADD] Added gitleaks plugin. #342
• [FIX] Nessus plugin crashed when parsing tenableio reports without vulnerabilities, so a check for that was added. #341

1.18.2 [Jul 24th, 2024]:

• [FIX] Added validations for empty lines and multiple fields including lists. #343

1.18.1 [Jul 11th, 2024]:

• [MOD] Naabu reports changed their JSON structure, so new keys were added to detect the new report structure. #339

1.18.0 [May 22th, 2024]:

• [FIX] Fix key error when packageVulnerabilityDetails key was not in the file. #331
• [FIX] Addressed a bug where Burp plugin output would display null data in cases of encountering a malformed XML token from the report. #333
• [FIX] Previously, CSV files edited in tools like Mac Numbers would transform boolean values to uppercase. This issue has been addressed within the faraday_csv plugin, ensuring accurate comparison. #336

1.17.0 [Mar 12th, 2024]:

• [ADD] Add hotspots logic for sonarqube plugin #321

1.16.0 [Feb 8th, 2024]:

• [ADD] Add Snyk plugin. #314
• [MOD] Mod AWS Inspector's plugins. #322
• [ADD] Add faraday_json plugins. #324
• [ADD] Update prowler plugin to support the latest tool output format. Also rename the oldest plugin to prowler_legacy. #328

1.15.1 [Dec 22th, 2023]:

• [FIX] Filter \x00 in nuclei response. #323

1.15.0 [Dec 12th, 2023]:

• [ADD] Add PopEye's plugin. #303
• [ADD] Add Ping Castle's plugin. #304
• [ADD] Add Kubescape's plugin. #320
• [ADD] Add AWS Inspector's plugins. #322

1.14.0 [Oct 10th, 2023]:

• [ADD] Add Crowdstrike's plugin. #318

1.13.2 [Sep 6th, 2023]:

• [ADD] Extract response and request info in qualyswebapp's plugins. #307
• [ADD] Create Plugin for windows defender. #315

1.13.0 [Aug 24th, 2023]:

• [FIX] If severity id in an appscan item is greater than 4 set it to 4. #305
• [FIX] Update Naabu plugin for the latest version, Semgrep create a new service for each vuln, fix Arachni bug in case the report has no vulns. #306
• [ADD] Add Terrascan and TFSec plugins. #310
• [FIX] Use cvss_score to calculate severity in nessus plugin. #311

1.12.1 [July 7th, 2023]:

• [FIX] Fix Appscan's pluign. #302

1.12.0 [May 24th, 2023]:

• [ADD] Add Sarif plugin. #299

1.11.0 [Apr 3rd, 2023]:

• [FIX] Change syhunt´s and trivy´s plugins to export cvss vector correctly #292
• [ADD] Add force flag to process-command to process the output of the command regardless of the exit code. #294
• [MOD] The accunetix plugin now search for CVSS and cvss #296
• [ADD] Add semgrep plugin. #297
• [FIX] Fix inviti's plugin, check remedial procedures before parsing it with b4f. #298

1.10.0 [Jan 31th, 2023]:

• [ADD] Add new acunetix360 plugin #293

1.9.1 [Jan 3rd, 2023]:

• [ADD] Add new CIS plugin

1.9.0 [Dic 15th, 2022]:

• [FIX] Now all plugins check that service protocol is not empty
• [ADD] New pentera plugin and now json plugins can have filter_key to filter reports with that keys
• [MOD] Change table format for list-plugins to github

1.8.1 [Nov 28th, 2022]:

• [FIX] Nuclei's plugin check if the cwe is null and add retrocompability for newer versions for wpscan plugin
• [ADD] Add cvss2/3 and cwe to faraday_csv plugin
• [Add] Now nexpose_full plugin use severity from reports
• [FIX] Now plugins check if the ref is empty

1.8.0:

• [Add] Add invicti plugin
• [Add] Add nessus_sc plugin
• [FIX] Remove cvss_vector from refs in nexpose_full
• Add new identifier_tag to nikto plugin
• [FIX] Now plugins check if ref field is already a dictionary
• [MOD] Improve grype plugin for dockers images and change report_belong_to method for json plugins to check if json_keys is a list, in that case iterate the list and try if any of them create a match.

1.7.0 [Sep 5th, 2022]:

• Add CWE to PluginBase. The plugins that have this implemented are the following: "Acunetix", "Acunetix_Json", "AppSpider", "Appscan", "Arachni", "Burp", "Checkmarx", "Metasploit", "Nessus", "Netsparker", "NetsparkerCloud", "Openvas", "QualysWebapp", "W3af", "Wapiti", "Zap", "Zap_Json", "nuclei", "nuclei_legacy"
• Now the nexts pluggins extracts cvss from reports:

• Acunetix
• Acunetix_Json
• Appscan
• Nessus
• Netsparker
• NexposeFull
• Nipper
• Nmap
• Openvas
• QualysWebapp
• Qualysguard
• Retina
• shodan
• whitesource

• Add arguments for add tags for vulns, services and host.

Add test for tags and ignore_info

• Add trivy's json plugin
• Add command support for the wpscan plugin
• [MOD] Now refs field is a list of dictionary with the format: {'name': string, 'type': string},
• Fix for acunetix_json when host is ip
• [FIX] - Asset duplicated on same file with multiple entries for Appscan_csv plugin.
• [FIX] Change import dateutil to from dateutil.parser import parse for compatibility issues with python 3.10
• [FIX] Add case for Netsparker plugins, when the url has a number inside a parenthesis.
• Add *args **kwargs to syhunt plugin
• fix bug when grype report has no arifact/metadata
• [MOD] Now prowler plugin returns CAF Epic as policy violation and remove [check#] from tittle

1.6.8 [Jul 25th, 2022]:

• Add appscan csv
• Now faraday_csv's plugin uses ignore_info parameter
• Add syhunt plugin
• Add cve and data fields to desc for avoid duplications
• Now nuclei resolve hostname if the field ip is None

1.6.7 [Jun 2nd, 2022]:

• Change hostname_restolution to dont_resolve_hostname for process-report and now test dosent resovle hostname
• Now QualysWebApp's plugin will diferenciate vulns from differents urlpaths

1.6.6 [May 20th, 2022]:

• Add hostname_resolution parameter within plugins
• Fix openvas external ID

1.6.5 [Apr 28th, 2022]:

• Now Openvas's plugin set severity to Critical when cvss >= 9.0

1.6.4 [Apr 21th, 2022]:

• Add location as params in burp's plugin
• Now the faraday_csv custom_fields regex match any no whitespace character.

1.6.3 [Apr 19th, 2022]:

• Add Zap Json plugin.

1.6.2 [Apr 4th, 2022]:

• Now Appscan plugin saves line and highlight of the vulns in desc and data

1.6.1 [Mar 18th, 2022]:

• Add references tu burp plugin
• Move item.detail from data to desc
• update open status

1.6.0 [Feb 3rd, 2022]:

• Add packaging to requierments in setup.py
• Add severity to shodan's plugins using cvss
• check if cve exist on cve-id field
• Fix Fortify's plugin
• Change qualysguard's plugin severity_dict to refer level 2 severities as low

1.5.10 [Jan 13th, 2022]:

• support cve,cwe,cvss and metadata

1.5.9 [Dec 27th, 2021]:

• Add cve in faraday_csv plugin
• ADD Grype plugin

1.5.8 [Dec 13th, 2021]:

• Add CVE to plugins

• acunetix
• appscan
• burp
• metasploit
• nessus
• netsparker
• nexpose
• nikto
• nipper
• nmap
• openscap
• qualysguard
• retina
• shodan

• Add support for Sslyze 5.0 resports
• Fix errors while creating hosts with wrong regex
• ADD masscan support to nmap plugin
• Fix bug in openvas plugin

1.5.7 [Nov 19th, 2021]:

• FIX extrainfo of netsparker plugin
• Add nuclei_legacy plugin

1.5.6 [Nov 10th, 2021]:

• FIX issue with acunetix plugin

• FIX typo in nikto plugin

1.5.5 [Oct 21st, 2021]:

• Merge PR from github

1.5.4 [Oct 19th, 2021]:

• Update nuclei parser

1.5.3 [Sep 7th, 2021]:

• Adding support for running nuclei through command / faraday-cli
• Fix missing references in nuclei

1.5.2 [Aug 9th, 2021]:

• add new structure acunetix

1.5.1 [Jul 27th, 2021]:

• cwe, capec, references, tags, impact, resolution, easeofresolution
• add os openvas
• [FIX] Fix improt of CSV with big fields
• Fix sslyze json bug with port
• Only show report name in command data

1.5.0 [Jun 28th, 2021]:

• Add Nipper Plugin
• add shodan plugin
• fix acunetix url parser
• FIX netsparker multi-host
• Add vuln details for Certificate Mismatch and move unique details to data, now vulns can be grupped
• ADD more data to plugins arachni and w3af
• Use run_date in UTC
• ADD cvss_base, cpe, threat, severity into references

1.4.6 [May 14th, 2021]:

• • add attribute "command" for the pluggins of each command

• adding test in test_command
• change some regex in self._command_regex

• [FIX] add hostnames if host is already cached
• Add Naabu plugin
• Add Sonarqube plugin
• Add version and change list_plugins style
• FIX unused import, innecesary list compression and unused variables
• FIX metasploit report when the web-site-id is null
• Fix port stats in nmap
• fixup ssylze sacar unknown de version=
• ADD remedy into resolution
• Support for nuclei 2.3.0
• ADD cve, cvss3_base_score, cvss3_vector, exploit_available when import nessus and change the structure of external_id to NESSUS-XXX
• ADD more data like attack, params, uri, method, WASC, CWE and format externail_id

1.4.5 [Apr 15th, 2021]:

• Add Bandit plugin
• Use background for description and detail for data en Burp plugin.
• Rewrite Appscan Plugin
• Parse Nmap vulners script data

1.4.4 [Mar 30th, 2021]:

• Faraday CSV Plugin do not consider ignore_info

1.4.3 [Mar 17th, 2021]:

• Add Ignore information vulnerabilities option

1.4.2 [Mar 10th, 2021]:

• Fix bug with sslyze output file
• FIX change id sslyze for JSON/XML

1.4.1 [Feb 26th, 2021]:

• ADD microsoft baseline security analyzer plugin
• ADD nextnet plugin
• ADD openscap plugin
• FIX old versions of Nessus plugins bugs

1.4.0 [Dec 23rd, 2020]:

• Update the fields of the nuclei output used to create a vuln

1.4.0b2 [Dec 15th, 2020]:

• Fix nuclei plugin bug when url is None

1.4.0b1 [Dec 14th, 2020]:

• Add new plugin base class, for multi line json
• New ncrack plugin
• New nuclei plugin
• New sslyze json plugin
• New WhatWeb plugin
• Fix missing ip in some arachni reports
• Fix change name vuln in Netsparker plugin
• Fix whois plugin, command whois IP not parse data
• Change the way we detect json reports when they are lists of dictionaries

1.3.0 [Sep 2nd, 2020]:

• ADD plugin AppSpider
• Add tests to faraday-plugins cli
• add a default value to plugin_version
• Add --output-file parameter to faraday-plugins process command
• Add plugins prowler
• Add plugins ssl labs
• Add support for tenable io
• delete old deprecated methods
• Bug fix: Arachni Plugin 'NoneType' object has no attribute 'find'
• Bug fix: Openvas Plugin - Import xml from OpenVas doesnt work
• Bug fix: QualysWebApp Plugin, error in get info OPERATING_SYSTEM
• Fix Hydra plugin to resolve ip address
• Fix Nessus mod severity HIGH for Low
• Bug Fix: Detect plugins AWS Prowler
• Fix broken xml on nmap plugin
• Add new rdpscan plugin
• UPDATE xml report to appscan
• Update Readme
• Fix how ZAP genereate vulns