From 91279589a584df156111e37911f72788b082d728 Mon Sep 17 00:00:00 2001 From: GMartinez1995 Date: Fri, 8 Sep 2023 15:42:00 -0300 Subject: [PATCH] add crowdstrike plugin --- CHANGELOG/current/318.md | 1 + .../plugins/repo/crowdstrike/__init__.py | 6 ++ .../plugins/repo/crowdstrike/plugin.py | 84 +++++++++++++++++++ 3 files changed, 91 insertions(+) create mode 100644 CHANGELOG/current/318.md create mode 100644 faraday_plugins/plugins/repo/crowdstrike/__init__.py create mode 100644 faraday_plugins/plugins/repo/crowdstrike/plugin.py diff --git a/CHANGELOG/current/318.md b/CHANGELOG/current/318.md new file mode 100644 index 00000000..c577ca66 --- /dev/null +++ b/CHANGELOG/current/318.md @@ -0,0 +1 @@ +[ADD] Add Crowdstrike's plugin. #318 diff --git a/faraday_plugins/plugins/repo/crowdstrike/__init__.py b/faraday_plugins/plugins/repo/crowdstrike/__init__.py new file mode 100644 index 00000000..98901a0b --- /dev/null +++ b/faraday_plugins/plugins/repo/crowdstrike/__init__.py @@ -0,0 +1,6 @@ +""" +Faraday Penetration Test IDE +Copyright (C) 2013 Infobyte LLC (http://www.infobytesec.com/) +See the file 'doc/LICENSE' for the license information + +""" diff --git a/faraday_plugins/plugins/repo/crowdstrike/plugin.py b/faraday_plugins/plugins/repo/crowdstrike/plugin.py new file mode 100644 index 00000000..c5acac46 --- /dev/null +++ b/faraday_plugins/plugins/repo/crowdstrike/plugin.py @@ -0,0 +1,84 @@ +""" +Faraday Penetration Test IDE +Copyright (C) 2013 Infobyte LLC (http://www.infobytesec.com/) +See the file 'doc/LICENSE' for the license information + +""" +from urllib.parse import urlsplit +import ipaddress + +from lxml import etree + +from faraday_plugins.plugins.plugin import PluginJsonFormat +from faraday_plugins.plugins.repo.acunetix.DTO import Acunetix, Scan +from json import loads + +__author__ = "Gonzalo Martinez" +__copyright__ = "Copyright (c) 2013, Infobyte LLC" +__credits__ = ["Gonzalo Martinez"] +__version__ = "1.0.0" +__maintainer__ = "Gonzalo Martinez" +__email__ = "gmarintez@faradaysec.com" +__status__ = "Development" + + +class Crowdstrike(PluginJsonFormat): + + def __init__(self, *arg, **kwargs): + super().__init__(*arg, **kwargs) + self.id = "Crowdstrike_Json" + self.name = "Crowdstrike JSON Output Plugin" + self.plugin_version = "1" + self.version = "1" + self.json_keys = {'host_id', 'host_type'} + self.framework_version = "1.0.0" + self._temp_file_extension = "json" + + def parseOutputString(self, output): + parser = loads(output) + for site in parser: + site_name = site.get('site_name') + hostname = site.get('hostname') + host_tags = site.get('host_tags') + os_version = site.get('os_version') + host_id = self.createAndAddHost( + name=site_name, + os=os_version, + hostnames=hostname, + tags=host_tags + ) + cve = site.get('cve_id') + severity = site.get('severity').lower() + cvss_vector = site.get('vector') + references = [site.get('references')] + vuln = site.get('cve_description') + remedations = [] + for rr in site.get('recommended_remediations', []): + remedations.append(rr.get('detail')) + cvss3 = {} + cvss2 = {} + if float(site.get('cvss_version', '0')) > 2: + cvss3['vector_string'] = cvss_vector + else: + cvss2['vector_string'] = cvss_vector + evaluation_logic = '' + for evaluation in site.get('evaluation_logic', []): + result = [] + for item in evaluation.get('items', []): + result.append(item.get('comparison_result')) + evaluation_logic += f'Evalutaion: {evaluation.get("title")}\n\tResults: {" ".join(result)}\n' + self.createAndAddVulnToHost( + host_id=host_id, + name=vuln[:50], + desc=vuln, + severity=severity, + cve=cve, + cvss3=cvss3, + cvss2=cvss2, + ref=references, + data=evaluation_logic + ) + + +def createPlugin(*args, **kwargs): + return Crowdstrike(*args, **kwargs)