8000 Added the tunnel variable from the nmap results to be used in CascadingRules. by luckolen · Pull Request #369 · secureCodeBox/secureCodeBox · GitHub
[go: up one dir, main page]
Skip to content

Added the tunnel variable from the nmap results to be used in CascadingRules. #369

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
J12934 merged 5 commits into from
Apr 19, 2021
Merged

Added the tunnel variable from the nmap results to be used in CascadingRules. #369

J12934 merged 5 commits into from
Apr 19, 2021

Conversation

@luckolen
Copy link
Contributor
@luckolen luckolen commented Apr 12, 2021

Description

NMAP reports the tunnel detected in the service when showing the normal result:

$ nmap -p 993 imap.gmail.com -sV -Pn
[...]
PORT    STATE SERVICE  VERSION
993/tcp open  ssl/imap Google Gmail imapd (b9mb63645759edy)
[...]

SecureCodeBox makes use of the XML output, this is shown by the -oX parameter:

$ nmap -p 993 imap.gmail.com -oX - -sV -Pn
[...]
<port protocol="tcp" portid="993"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="imap" product="Google Gmail imapd" extrainfo="b3mb57267033edq" tunnel="ssl" method="probed" conf="10"/></port>
[...]

The NMAP XML results report the service name as imap and the tunnel as ssl.

The SecureCodeBox NMAP parser does read this tunnel value

secureCodeBox/scanners/nmap/parser/parser.js

Line 279 in 1f26c9f

const tunnel = get(portItem, ["service",0,"$","tunnel"]);

However this value is later ignored in the portFindings variable

secureCodeBox/scanners/nmap/parser/parser.js

Lines 13 to 61 in 1f26c9f

const portFindings = hosts.flatMap(({ openPorts = [], ...hostInfo }) => {
if(openPorts === null){
return [];
}
return openPorts.map(openPort => {
return {
name: openPort.service,
description: `Port ${openPort.port} is ${openPort.state} using ${openPort.protocol} protocol.`,
category: 'Open Port',
location: `${openPort.protocol}://${hostInfo.ip}:${openPort.port}`,
osi_layer: 'NETWORK',
severity: 'INFORMATIONAL',
attributes: {
port: openPort.port,
state: openPort.state,
ip_address: hostInfo.ip,
mac_address: hostInfo.mac,
protocol: openPort.protocol,
hostname: hostInfo.hostname,
method: openPort.method,
operating_system: hostInfo.osNmap,
service: openPort.service,
serviceProduct: openPort.serviceProduct || null,
serviceVersion: openPort.serviceVersion || null,
scripts: openPort.scriptOutputs || null,
},
};
});
});
const hostFindings = hosts.map(({ hostname, ip, osNmap }) => {
return {
name: `Host: ${hostname}`,
category: 'Host',
description: 'Found a host',
location: hostname,
severity: 'INFORMATIONAL',
osi_layer: 'NETWORK',
attributes: {
ip_address: ip,
hostname: hostname,
operating_system: osNmap,
},
};
});
return [...portFindings, ...hostFindings, ...scriptFindings];
}

As a result this tunnel value was unable to be used for CascadingRules. This is fixed by this update and as an example the CascadingRules used for SSLYZE have been updated.

Checklist

  • Test yo 10000 ur changes as thoroughly as possible before you commit them. Preferably, automate your test by unit/integration tests.
  • Make sure npm test runs for the whole project.
  • Make codeclimate checks happy

@rfelber rfelber added the scanner Implement or update a security scanner label Apr 12, 2021
@rfelber rfelber added this to the v2.7.0 milestone Apr 12, 2021
@rfelber
Copy link
Member
rfelber commented Apr 13, 2021

Hi @luckolen 👋,

thx for your PR - looks great 🤗 We will review your contribution in the next days.

@J12934 J12934 merged commit c37be37 into secureCodeBox:main Apr 19, 2021
@luckolen luckolen deleted the nmap-parser-tunnel branch April 22, 2021 14:17
@rfelber rfelber added the enhancement New feature or request label May 12, 2021
secureCodeBoxBot added a commit that referenced this pull request Nov 18, 2021
@secureCodeBoxBot
Upgrading kubeaudit from v0.14.2 to v0.15.0
d040210 
Signed-off-by: secureCodeBoxBot <securecodebox@iteratec.com>
## Release changes :
## Summary
 
 CODE_OF_CONDUCT.md CONTRIBUTING.md CONTRIBUTORS.md DCO LICENSE LICENSES Makefile README.md SECURITY.md UPGRADING.md Vagrantfile auto-discovery bin common.mk demo-targets docs hook-sdk hooks hooks.mk lurker operator package-lock.json package-lock.json.license package.json package.json.license parser-sdk scanners scanners.mk sdk.mk tests Adds support for `Job` resources - thank you @superbrothers for this contribution!
 CODE_OF_CONDUCT.md CONTRIBUTING.md CONTRIBUTORS.md DCO LICENSE LICENSES Makefile README.md SECURITY.md UPGRADING.md Vagrantfile auto-discovery bin common.mk demo-targets docs hook-sdk hooks hooks.mk lurker operator package-lock.json package-lock.json.license package.json package.json.license parser-sdk scanners scanners.mk sdk.mk tests Adds option to disable colour output when using `pretty` formatting (package only)
 CODE_OF_CONDUCT.md CONTRIBUTING.md CONTRIBUTORS.md DCO LICENSE LICENSES Makefile README.md SECURITY.md UPGRADING.md Vagrantfile auto-discovery bin common.mk demo-targets docs hook-sdk hooks hooks.mk lurker operator package-lock.json package-lock.json.license package.json package.json.license parser-sdk scanners scanners.mk sdk.mk tests Enabled Dependabot and updates dependencies
 
 ## Changelog
 
 b68cabd Update version to 0.15.0 (#372)
 7f54326 Bump github.com/jetstack/cert-manager from 1.6.0 to 1.6.1 (#371)
 9cdecb3 Bump k8s.io/apiextensions-apiserver from 0.22.2 to 0.22.3 (#368)
 6cc7a75 Add support for kind Job (#370)
 0ef3005 Bump github.com/jetstack/cert-manager from 1.5.4 to 1.6.0 (#365)
 e5c797a Bump k8s.io/apimachinery from 0.22.2 to 0.22.3 (#369)
 d597928 Bump k8s.io/apiextensions-apiserver from 0.21.3 to 0.22.2 (#362)
 79cce8c Remove wip probot (#364)
 700c39f Bump github.com/jetstack/cert-manager from 1.4.1 to 1.5.4 (#363)
 fe44171 Fix dependabot (#358)
 374a428 Support parsing for server specs (#356)
 50c618b Add Support for Services (#353)
 7b57f85 Update dependencies and add dependabot (#354)
 2d8282c Make k8s and override packages public (#351)
 47c31d5 Add option to disable printing results in color (#350)
 ca64457 Remove deprecated mountds auditor (#349)
 863e367 Remove example dependency on internal packages (#348)
 
 
 ## Docker images
 
 - `docker pull shopify/kubeaudit:latest`
 - `docker pull shopify/kubeaudit:0.15.0`
 - `docker pull shopify/kubeaudit:v0.15`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@J12934 J12934 J12934 approved these changes

Assignees

No one assigned

Labels

enhancement New feature or request scanner Implement or update a security scanner

Projects

None yet

Milestone

v2.7.0

Development

Successfully merging this pull request may close these issues.

4 participants

@luckolen @rfelber @J12934 @luckolen-secura
0