From 81cad36a1df303b1ecda24c7f7bb44f44391255e Mon Sep 17 00:00:00 2001 From: Esteban Rodriguez Date: Sun, 3 Sep 2023 23:24:50 -0300 Subject: [PATCH 01/12] Creacion Windows defender --- .../plugins/repo/windows_defender/__init__.py | 7 ++ .../plugins/repo/windows_defender/plugin.py | 83 +++++++++++++++++++ 2 files changed, 90 insertions(+) create mode 100644 faraday_plugins/plugins/repo/windows_defender/__init__.py create mode 100644 faraday_plugins/plugins/repo/windows_defender/plugin.py diff --git a/faraday_plugins/plugins/repo/windows_defender/__init__.py b/faraday_plugins/plugins/repo/windows_defender/__init__.py new file mode 100644 index 00000000..625a6e25 --- /dev/null +++ b/faraday_plugins/plugins/repo/windows_defender/__init__.py @@ -0,0 +1,7 @@ +""" +Faraday Penetration Test IDE +Copyright (C) 2013 Infobyte LLC (http://www.infobytesec.com/) +See the file 'doc/LICENSE' for the license information + +""" + diff --git a/faraday_plugins/plugins/repo/windows_defender/plugin.py b/faraday_plugins/plugins/repo/windows_defender/plugin.py new file mode 100644 index 00000000..1d863112 --- /dev/null +++ b/faraday_plugins/plugins/repo/windows_defender/plugin.py @@ -0,0 +1,83 @@ +import json +from faraday_plugins.plugins.plugin import PluginJsonFormat + +__author__ = "Esteban Rodriguez" +__copyright__ = "Copyright (c) 2013, Infobyte LLC" +__credits__ = ["Esteban Rodriguez"] +__license__ = "" +__version__ = "1.0.0" +__maintainer__ = "Esteban Rodriguez" +__email__ = "erodriguez@infobytesec.com" +__status__ = "Development" + + +class WindowsDefenderJsonParser: + + def __init__(self, json_output): + self.data = json.loads(json_output) + + def parse(self): + result = [] + + for entry in self.data: + device_name = entry.get('DeviceName') + os_platform = entry.get('OSPlatform') + cve_id = entry.get('CveId') + severity = entry.get('VulnerabilitySeverityLevel') + + # Build the vulnerability description including all fields + description = f"Device Name: {device_name}\n" + description += f"OS Platform: {os_platform}\n" + description += f"CVE ID: {cve_id}\n" + description += f"Vulnerability Severity Level: {severity}\n" + + result.append({ + "host_info": { + "name": "Windows Host", + "os": os_platform, + "hostname": device_name + }, + "vulnerability": { + "name": cve_id, + "severity": severity, + "desc": description + } + }) + + return result + +class WindowsDefenderPlugin(PluginJsonFormat): + + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + self.id = "WindowsDefender_Json" + self.name = "Windows Defender Json" + self.plugin_version = "1.0" + self.version = "1.0" + self.json_keys = {'RbacGroupName'} + self.json_arg_re = None + self._temp_file_extension = json + + def parseOutputString(self, output): + parser = WindowsDefenderJsonParser(output) + parsed_data = parser.parse() + + for entry in parsed_data: + host_info = entry.get("host_info") + vulnerability = entry.get("vulnerability") + + host_id = self.createAndAddHost( + host_info.get("hostname"), + os=host_info.get("os"), + hostnames=[host_info.get("hostname")] + ) + + self.createAndAddVulnWebToHost( + host_id, + name=vulnerability.get("name"), + severity=vulnerability.get("severity"), + description=vulnerability.get("desc") + ) + +def createPlugin(*args, **kwargs): + return WindowsDefenderPlugin(*args, **kwargs) \ No newline at end of file From dcc6c3a810a1b2b5eb587aa5db4da164437773ad Mon Sep 17 00:00:00 2001 From: Esteban Rodriguez Date: Sun, 3 Sep 2023 23:36:29 -0300 Subject: [PATCH 02/12] Creacion Windows defender --- CHANGELOG/1.13.0/315.md | 1 + faraday_plugins/plugins/repo/windows_defender/plugin.py | 9 +++------ 2 files changed, 4 insertions(+), 6 deletions(-) create mode 100644 CHANGELOG/1.13.0/315.md diff --git a/CHANGELOG/1.13.0/315.md b/CHANGELOG/1.13.0/315.md new file mode 100644 index 00000000..fa663b7c --- /dev/null +++ b/CHANGELOG/1.13.0/315.md @@ -0,0 +1 @@ +[ADD] Create Plugin for windows defender diff --git a/faraday_plugins/plugins/repo/windows_defender/plugin.py b/faraday_plugins/plugins/repo/windows_defender/plugin.py index 1d863112..061d59a8 100644 --- a/faraday_plugins/plugins/repo/windows_defender/plugin.py +++ b/faraday_plugins/plugins/repo/windows_defender/plugin.py @@ -55,8 +55,6 @@ def __init__(self, *args, **kwargs): self.plugin_version = "1.0" self.version = "1.0" self.json_keys = {'RbacGroupName'} - self.json_arg_re = None - self._temp_file_extension = json def parseOutputString(self, output): parser = WindowsDefenderJsonParser(output) @@ -72,12 +70,11 @@ def parseOutputString(self, output): hostnames=[host_info.get("hostname")] ) - self.createAndAddVulnWebToHost( - host_id, + self.createAndAddVulnToHost(host_id, name=vulnerability.get("name"), severity=vulnerability.get("severity"), - description=vulnerability.get("desc") + desc=vulnerability.get("desc") ) def createPlugin(*args, **kwargs): - return WindowsDefenderPlugin(*args, **kwargs) \ No newline at end of file + return WindowsDefenderPlugin(*args, **kwargs) From b7811fe4f9d8e7a55c5d57b09247f166e5172da5 Mon Sep 17 00:00:00 2001 From: Esteban Rodriguez Date: Sun, 3 Sep 2023 23:57:50 -0300 Subject: [PATCH 03/12] Creacion Windows defender --- CHANGELOG/1.13.0/315.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG/1.13.0/315.md b/CHANGELOG/1.13.0/315.md index fa663b7c..9dc61e62 100644 --- a/CHANGELOG/1.13.0/315.md +++ b/CHANGELOG/1.13.0/315.md @@ -1 +1 @@ -[ADD] Create Plugin for windows defender +[ADD] Create Plugin for windows defender #315 From 156358396b1a66bf865820116102f04fdb466f28 Mon Sep 17 00:00:00 2001 From: Esteban Rodriguez Date: Mon, 4 Sep 2023 00:29:54 -0300 Subject: [PATCH 04/12] Creacion Windows defender --- .../plugins/repo/windows_defender/plugin.py | 113 ++++++++---------- 1 file changed, 47 insertions(+), 66 deletions(-) diff --git a/faraday_plugins/plugins/repo/windows_defender/plugin.py b/faraday_plugins/plugins/repo/windows_defender/plugin.py index 061d59a8..590df2c6 100644 --- a/faraday_plugins/plugins/repo/windows_defender/plugin.py +++ b/faraday_plugins/plugins/repo/windows_defender/plugin.py @@ -1,80 +1,61 @@ import json from faraday_plugins.plugins.plugin import PluginJsonFormat -__author__ = "Esteban Rodriguez" -__copyright__ = "Copyright (c) 2013, Infobyte LLC" -__credits__ = ["Esteban Rodriguez"] -__license__ = "" -__version__ = "1.0.0" -__maintainer__ = "Esteban Rodriguez" -__email__ = "erodriguez@infobytesec.com" -__status__ = "Development" - - -class WindowsDefenderJsonParser: - - def __init__(self, json_output): - self.data = json.loads(json_output) - - def parse(self): - result = [] - - for entry in self.data: - device_name = entry.get('DeviceName') - os_platform = entry.get('OSPlatform') - cve_id = entry.get('CveId') - severity = entry.get('VulnerabilitySeverityLevel') - - # Build the vulnerability description including all fields - description = f"Device Name: {device_name}\n" - description += f"OS Platform: {os_platform}\n" - description += f"CVE ID: {cve_id}\n" - description += f"Vulnerability Severity Level: {severity}\n" - - result.append({ - "host_info": { - "name": "Windows Host", - "os": os_platform, - "hostname": device_name - }, - "vulnerability": { - "name": cve_id, - "severity": severity, - "desc": description - } - }) - - return result - class WindowsDefenderPlugin(PluginJsonFormat): def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) - self.id = "WindowsDefender_Json" + self.id = "WindowsDefender_JSON" self.name = "Windows Defender Json" self.plugin_version = "1.0" self.version = "1.0" - self.json_keys = {'RbacGroupName'} + self.json_keys = {'LastSeenTimestamp' , 'SecurityUpdateAvailable'} # Define the relevant JSON keys here + self._command_regex = None + self.json_arg_re = None + self._use_temp_file = False + self._temp_file_extension = None def parseOutputString(self, output): - parser = WindowsDefenderJsonParser(output) - parsed_data = parser.parse() - - for entry in parsed_data: - host_info = entry.get("host_info") - vulnerability = entry.get("vulnerability") - - host_id = self.createAndAddHost( - host_info.get("hostname"), - os=host_info.get("os"), - hostnames=[host_info.get("hostname")] - ) - - self.createAndAddVulnToHost(host_id, - name=vulnerability.get("name"), - severity=vulnerability.get("severity"), - desc=vulnerability.get("desc") - ) + try: + data_list = output.strip().split('\n') # Split the input into lines + + for json_str in data_list: + data = json.loads(json_str, object_hook=dict) # Force conversion to a dictionary + + device_name = data.get('DeviceName', 'Unknown') + os_platform = data.get('OSPlatform', 'Unknown') + cve_id = data.get('CveId', 'Unknown') + severity = data.get('VulnerabilitySeverityLevel', 'Unknown') + DeviceId = data.get('DeviceId', 'Unknown') + key_value_pairs = "\n".join([f"{key}: {value}" for key, value in data.items()]) + + + # Build the vulnerability description including all fields + description = f"Device Name: {device_name}\n " + description += f"OS Platform: {os_platform}\n " + description += f"CVE ID: {cve_id}\n " + description += f"Vulnerability Severity Level: {severity}\n " + description += f"Device ID: {severity}\n " + description += key_value_pairs + + + host_id = self.createAndAddHost( + name=device_name, + os=os_platform, + hostnames=[device_name] + ) + + self.createAndAddVulnToHost( + host_id, + name=cve_id, + severity=severity, + desc=description + ) + + except json.JSONDecodeError as e: + self.logger.error(f"Error decoding JSON data: {str(e)}") + except Exception as e: + self.logger.error(f"Error parsing JSON data: {str(e)}") def createPlugin(*args, **kwargs): - return WindowsDefenderPlugin(*args, **kwargs) + return WindowsDefenderPlugin(*args, **kwargs) \ No newline at end of file From 2113d310df3d289ef34cdc39189597737e8d50c7 Mon Sep 17 00:00:00 2001 From: Esteban Rodriguez Date: Mon, 4 Sep 2023 07:12:43 -0300 Subject: [PATCH 05/12] correccion de nombres, sigue sin identificar el file, el file no se puede reconocer con plugin manager porque es un json con jsons adentro --- .../plugins/repo/windows_defender/plugin.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/faraday_plugins/plugins/repo/windows_defender/plugin.py b/faraday_plugins/plugins/repo/windows_defender/plugin.py index 590df2c6..d3e3aa81 100644 --- a/faraday_plugins/plugins/repo/windows_defender/plugin.py +++ b/faraday_plugins/plugins/repo/windows_defender/plugin.py @@ -27,7 +27,10 @@ def parseOutputString(self, output): cve_id = data.get('CveId', 'Unknown') severity = data.get('VulnerabilitySeverityLevel', 'Unknown') DeviceId = data.get('DeviceId', 'Unknown') - key_value_pairs = "\n".join([f"{key}: {value}" for key, value in data.items()]) + SoftwareName = data.get('SoftwareName', 'Unknown') + SoftwareVendor = data.get('SoftwareVendor', 'Unknown') + + key_value_pairs = "\n".join([f"{key}: {value}\n" for key, value in data.items()]) # Build the vulnerability description including all fields @@ -36,7 +39,7 @@ def parseOutputString(self, output): description += f"CVE ID: {cve_id}\n " description += f"Vulnerability Severity Level: {severity}\n " description += f"Device ID: {severity}\n " - description += key_value_pairs + description += f"Device ID: {key_value_pairs}\n " host_id = self.createAndAddHost( @@ -47,7 +50,8 @@ def parseOutputString(self, output): self.createAndAddVulnToHost( host_id, - name=cve_id, + name= f"{SoftwareName} {SoftwareVendor} Vulnerable", + cve=cve_id, severity=severity, desc=description ) From f22973536951f8e6d36591a34ae882fbee1a74ab Mon Sep 17 00:00:00 2001 From: Esteban Rodriguez Date: Mon, 4 Sep 2023 10:01:48 -0300 Subject: [PATCH 06/12] correccion mulyiline --- .../plugins/repo/windows_defender/plugin.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/faraday_plugins/plugins/repo/windows_defender/plugin.py b/faraday_plugins/plugins/repo/windows_defender/plugin.py index d3e3aa81..125c1c04 100644 --- a/faraday_plugins/plugins/repo/windows_defender/plugin.py +++ b/faraday_plugins/plugins/repo/windows_defender/plugin.py @@ -1,7 +1,7 @@ import json -from faraday_plugins.plugins.plugin import PluginJsonFormat +from faraday_plugins.plugins.plugin import PluginMultiLineJsonFormat -class WindowsDefenderPlugin(PluginJsonFormat): +class WindowsDefenderPlugin(PluginMultiLineJsonFormat): def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) @@ -10,10 +10,9 @@ def __init__(self, *args, **kwargs): self.plugin_version = "1.0" self.version = "1.0" self.json_keys = {'LastSeenTimestamp' , 'SecurityUpdateAvailable'} # Define the relevant JSON keys here - self._command_regex = None - self.json_arg_re = None - self._use_temp_file = False - self._temp_file_extension = None + + + def parseOutputString(self, output): try: From 8eefdf7f61b16443f76469bc8ec8accaccec1787 Mon Sep 17 00:00:00 2001 From: Esteban Rodriguez Date: Mon, 4 Sep 2023 11:37:01 -0300 Subject: [PATCH 07/12] correccion cve en details --- faraday_plugins/plugins/repo/windows_defender/plugin.py | 1 - 1 file changed, 1 deletion(-) diff --git a/faraday_plugins/plugins/repo/windows_defender/plugin.py b/faraday_plugins/plugins/repo/windows_defender/plugin.py index 125c1c04..8f98afed 100644 --- a/faraday_plugins/plugins/repo/windows_defender/plugin.py +++ b/faraday_plugins/plugins/repo/windows_defender/plugin.py @@ -35,7 +35,6 @@ def parseOutputString(self, output): # Build the vulnerability description including all fields description = f"Device Name: {device_name}\n " description += f"OS Platform: {os_platform}\n " - description += f"CVE ID: {cve_id}\n " description += f"Vulnerability Severity Level: {severity}\n " description += f"Device ID: {severity}\n " description += f"Device ID: {key_value_pairs}\n " From fa5fd596fe26b6a572f2218b117398192745394b Mon Sep 17 00:00:00 2001 From: Esteban Rodriguez Date: Mon, 4 Sep 2023 13:22:54 -0300 Subject: [PATCH 08/12] Ultimas correcciones --- .../plugins/repo/windows_defender/plugin.py | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/faraday_plugins/plugins/repo/windows_defender/plugin.py b/faraday_plugins/plugins/repo/windows_defender/plugin.py index 8f98afed..20e7c3a9 100644 --- a/faraday_plugins/plugins/repo/windows_defender/plugin.py +++ b/faraday_plugins/plugins/repo/windows_defender/plugin.py @@ -1,6 +1,8 @@ +""" Create plugin for windows defender""" import json from faraday_plugins.plugins.plugin import PluginMultiLineJsonFormat + class WindowsDefenderPlugin(PluginMultiLineJsonFormat): def __init__(self, *args, **kwargs): @@ -9,7 +11,7 @@ def __init__(self, *args, **kwargs): self.name = "Windows Defender Json" self.plugin_version = "1.0" self.version = "1.0" - self.json_keys = {'LastSeenTimestamp' , 'SecurityUpdateAvailable'} # Define the relevant JSON keys here + self.json_keys = {'LastSeenTimestamp' , 'SecurityUpdateAvailable'} @@ -25,19 +27,20 @@ def parseOutputString(self, output): os_platform = data.get('OSPlatform', 'Unknown') cve_id = data.get('CveId', 'Unknown') severity = data.get('VulnerabilitySeverityLevel', 'Unknown') - DeviceId = data.get('DeviceId', 'Unknown') - SoftwareName = data.get('SoftwareName', 'Unknown') - SoftwareVendor = data.get('SoftwareVendor', 'Unknown') + device_id = data.get('DeviceId', 'Unknown') + software_name = data.get('SoftwareName', 'Unknown') + software_vendor = data.get('SoftwareVendor', 'Unknown') key_value_pairs = "\n".join([f"{key}: {value}\n" for key, value in data.items()]) # Build the vulnerability description including all fields description = f"Device Name: {device_name}\n " + description += f"Device ID: {device_id}\n " description += f"OS Platform: {os_platform}\n " description += f"Vulnerability Severity Level: {severity}\n " - description += f"Device ID: {severity}\n " - description += f"Device ID: {key_value_pairs}\n " + description += f"Severity: {severity}\n " + description += f"Misc Data of the vulnerability: {key_value_pairs}\n " host_id = self.createAndAddHost( @@ -48,7 +51,7 @@ def parseOutputString(self, output): self.createAndAddVulnToHost( host_id, - name= f"{SoftwareName} {SoftwareVendor} Vulnerable", + name= f"{software_name} {software_vendor} Vulnerable", cve=cve_id, severity=severity, desc=description @@ -56,8 +59,7 @@ def parseOutputString(self, output): except json.JSONDecodeError as e: self.logger.error(f"Error decoding JSON data: {str(e)}") - except Exception as e: - self.logger.error(f"Error parsing JSON data: {str(e)}") + def createPlugin(*args, **kwargs): - return WindowsDefenderPlugin(*args, **kwargs) \ No newline at end of file + return WindowsDefenderPlugin(*args, **kwargs) From 321313431a2d17fb11592f57b79f5f04b56fb51b Mon Sep 17 00:00:00 2001 From: GMartinez1995 Date: Mon, 4 Sep 2023 16:29:08 -0300 Subject: [PATCH 09/12] minor fixes --- .../plugins/repo/windows_defender/plugin.py | 81 ++++++++----------- 1 file changed, 34 insertions(+), 47 deletions(-) diff --git a/faraday_plugins/plugins/repo/windows_defender/plugin.py b/faraday_plugins/plugins/repo/windows_defender/plugin.py index 20e7c3a9..0ae50208 100644 --- a/faraday_plugins/plugins/repo/windows_defender/plugin.py +++ b/faraday_plugins/plugins/repo/windows_defender/plugin.py @@ -7,59 +7,46 @@ class WindowsDefenderPlugin(PluginMultiLineJsonFormat): def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) - self.id = "WindowsDefender_JSON" - self.name = "Windows Defender Json" + self.id = "WindowsDefender_JSONL" + self.name = "Windows Defender Jsonl" self.plugin_version = "1.0" self.version = "1.0" self.json_keys = {'LastSeenTimestamp' , 'SecurityUpdateAvailable'} - - def parseOutputString(self, output): - try: - data_list = output.strip().split('\n') # Split the input into lines - - for json_str in data_list: - data = json.loads(json_str, object_hook=dict) # Force conversion to a dictionary - - device_name = data.get('DeviceName', 'Unknown') - os_platform = data.get('OSPlatform', 'Unknown') - cve_id = data.get('CveId', 'Unknown') - severity = data.get('VulnerabilitySeverityLevel', 'Unknown') - device_id = data.get('DeviceId', 'Unknown') - software_name = data.get('SoftwareName', 'Unknown') - software_vendor = data.get('SoftwareVendor', 'Unknown') - - key_value_pairs = "\n".join([f"{key}: {value}\n" for key, value in data.items()]) - - - # Build the vulnerability description including all fields - description = f"Device Name: {device_name}\n " - description += f"Device ID: {device_id}\n " - description += f"OS Platform: {os_platform}\n " - description += f"Vulnerability Severity Level: {severity}\n " - description += f"Severity: {severity}\n " - description += f"Misc Data of the vulnerability: {key_value_pairs}\n " - - - host_id = self.createAndAddHost( - name=device_name, - os=os_platform, - hostnames=[device_name] - ) - - self.createAndAddVulnToHost( - host_id, - name= f"{software_name} {software_vendor} Vulnerable", - cve=cve_id, - severity=severity, - desc=description - ) - - except json.JSONDecodeError as e: - self.logger.error(f"Error decoding JSON data: {str(e)}") - + for json_str in filter(lambda x: x != '', output.split("\n")): + data = json.loads(json_str) + + device_name = data.pop('DeviceName', 'Unknown') + os_platform = data.pop('OSPlatform', 'Unknown') + cve_id = data.pop('CveId', 'Unknown') + severity = data.pop('VulnerabilitySeverityLevel', 'Unknown') + device_id = data.pop('DeviceId', 'Unknown') + software_name = data.pop('SoftwareName', 'Unknown') + software_vendor = data.pop('SoftwareVendor', 'Unknown') + data.pop('CvssScore') + key_value_pairs = "\n".join([f"{key}: {value}" for key, value in data.items()]) + + # Build the vulnerability description including all fields + description = f"Device Name: {device_name}\n "\ + f"Device ID: {device_id}\n "\ + f"OS Platform: {os_platform}\n "\ + f"Misc Data of the vulnerability: {key_value_pairs}\n " + + host_id = self.createAndAddHost( + name=device_name, + os=os_platform, + hostnames=[device_name] + ) + + self.createAndAddVulnToHost( + host_id, + name= f"{software_name} {software_vendor} Vulnerable", + cve=cve_id, + severity=severity, + desc=description + ) def createPlugin(*args, **kwargs): return WindowsDefenderPlugin(*args, **kwargs) From 1ebabf20e6af1df06d4558af5bfa7728f9ea7ed4 Mon Sep 17 00:00:00 2001 From: GMartinez1995 Date: Mon, 4 Sep 2023 16:30:19 -0300 Subject: [PATCH 10/12] minor fix --- faraday_plugins/plugins/repo/windows_defender/plugin.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/faraday_plugins/plugins/repo/windows_defender/plugin.py b/faraday_plugins/plugins/repo/windows_defender/plugin.py index 0ae50208..adea0f9b 100644 --- a/faraday_plugins/plugins/repo/windows_defender/plugin.py +++ b/faraday_plugins/plugins/repo/windows_defender/plugin.py @@ -26,13 +26,13 @@ def parseOutputString(self, output): software_name = data.pop('SoftwareName', 'Unknown') software_vendor = data.pop('SoftwareVendor', 'Unknown') data.pop('CvssScore') - key_value_pairs = "\n".join([f"{key}: {value}" for key, value in data.items()]) + data_info = "\n".join([f"{key}: {value}" for key, value in data.items()]) # Build the vulnerability description including all fields description = f"Device Name: {device_name}\n "\ f"Device ID: {device_id}\n "\ f"OS Platform: {os_platform}\n "\ - f"Misc Data of the vulnerability: {key_value_pairs}\n " + host_id = self.createAndAddHost( name=device_name, @@ -45,7 +45,8 @@ def parseOutputString(self, output): name= f"{software_name} {software_vendor} Vulnerable", cve=cve_id, severity=severity, - desc=description + desc=description, + data=data_info ) def createPlugin(*args, **kwargs): From 9b3eaa0e12d48f089a9ea64df4e03ada7efe8e1a Mon Sep 17 00:00:00 2001 From: GMartinez1995 Date: Tue, 5 Sep 2023 10:40:09 -0300 Subject: [PATCH 11/12] add cve to desc --- faraday_plugins/plugins/repo/windows_defender/plugin.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/faraday_plugins/plugins/repo/windows_defender/plugin.py b/faraday_plugins/plugins/repo/windows_defender/plugin.py index adea0f9b..d2167ba4 100644 --- a/faraday_plugins/plugins/repo/windows_defender/plugin.py +++ b/faraday_plugins/plugins/repo/windows_defender/plugin.py @@ -26,12 +26,14 @@ def parseOutputString(self, output): software_name = data.pop('SoftwareName', 'Unknown') software_vendor = data.pop('SoftwareVendor', 'Unknown') data.pop('CvssScore') - data_info = "\n".join([f"{key}: {value}" for key, value in data.items()]) # Build the vulnerability description including all fields + # purposely injecte CVE in desc to bypass the cache description = f"Device Name: {device_name}\n "\ f"Device ID: {device_id}\n "\ - f"OS Platform: {os_platform}\n "\ + f"OS Platform: {os_platform}\n" \ + f"CVE: {cve_id}" + data_info = "\n".join([f"{key}: {value}" for key, value in data.items()]) host_id = self.createAndAddHost( From aeb2c60a7b1bcfcfb58f891ffb9150c322d89a82 Mon Sep 17 00:00:00 2001 From: Esteban Rodriguez Date: Tue, 5 Sep 2023 15:37:56 -0300 Subject: [PATCH 12/12] Device Name puede ser vacio, lo completamos con DeviceID enese caso, pero si no esta ninguno de los dos lo dejamos en unknown --- faraday_plugins/plugins/repo/windows_defender/plugin.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/faraday_plugins/plugins/repo/windows_defender/plugin.py b/faraday_plugins/plugins/repo/windows_defender/plugin.py index d2167ba4..95eb3b9a 100644 --- a/faraday_plugins/plugins/repo/windows_defender/plugin.py +++ b/faraday_plugins/plugins/repo/windows_defender/plugin.py @@ -19,6 +19,8 @@ def parseOutputString(self, output): data = json.loads(json_str) device_name = data.pop('DeviceName', 'Unknown') + if device_name == "Unknown": + device_name = data.pop('DeviceId', 'Unknown') os_platform = data.pop('OSPlatform', 'Unknown') cve_id = data.pop('CveId', 'Unknown') severity = data.pop('VulnerabilitySeverityLevel', 'Unknown')