From 844e0b85414b3a7489230fa95b7dae3f0eb5c4e0 Mon Sep 17 00:00:00 2001 From: Luc Kolen Date: Mon, 12 Apr 2021 16:01:26 +0200 Subject: [PATCH 1/3] Added tunnel variable to attribute list in nmap parser --- scanners/nmap/parser/parser.js | 1 + 1 file changed, 1 insertion(+) diff --git a/scanners/nmap/parser/parser.js b/scanners/nmap/parser/parser.js index 91019e0aa2..e53d533b50 100644 --- a/scanners/nmap/parser/parser.js +++ b/scanners/nmap/parser/parser.js @@ -36,6 +36,7 @@ function transformToFindings(hosts) { serviceProduct: openPort.serviceProduct || null, serviceVersion: openPort.serviceVersion || null, scripts: openPort.scriptOutputs || null, + tunnel: openPort.tunnel || null, }, }; }); From 2e2f5dbd28a9d3a504aa72526951f410a7bd03e5 Mon Sep 17 00:00:00 2001 From: Luc Kolen Date: Mon, 12 Apr 2021 16:41:39 +0200 Subject: [PATCH 2/3] Updated sslyze CascadingRules --- scanners/sslyze/cascading-rules/ftps.yaml | 4 ++++ scanners/sslyze/cascading-rules/https.yaml | 5 +++-- scanners/sslyze/cascading-rules/ldaps.yaml | 4 ++++ scanners/sslyze/cascading-rules/mail.yaml | 15 +++++++++++++++ 4 files changed, 26 insertions(+), 2 deletions(-) diff --git a/scanners/sslyze/cascading-rules/ftps.yaml b/scanners/sslyze/cascading-rules/ftps.yaml index 2e8964ed6a..ebda8a8663 100644 --- a/scanners/sslyze/cascading-rules/ftps.yaml +++ b/scanners/sslyze/cascading-rules/ftps.yaml @@ -12,6 +12,10 @@ spec: attributes: port: 990 state: open + - category: "Open Port" + attributes: + service: "ftps" + state: open scanSpec: scanType: "sslyze" parameters: ["--regular", "{{$.hostOrIP}}:{{attributes.port}}"] diff --git a/scanners/sslyze/cascading-rules/https.yaml b/scanners/sslyze/cascading-rules/https.yaml index ad7755a684..879925e661 100644 --- a/scanners/sslyze/cascading-rules/https.yaml +++ b/scanners/sslyze/cascading-rules/https.yaml @@ -26,8 +26,9 @@ spec: state: open - category: "Open Port" attributes: - service: "ssl/http" - state: open + service: "http" + tunnel: "ssl" + state: "open" scanSpec: scanType: "sslyze" parameters: ["--regular", "{{$.hostOrIP}}:{{attributes.port}}"] diff --git a/scanners/sslyze/cascading-rules/ldaps.yaml b/scanners/sslyze/cascading-rules/ldaps.yaml index 091f93c107..790adaddbf 100644 --- a/scanners/sslyze/cascading-rules/ldaps.yaml +++ b/scanners/sslyze/cascading-rules/ldaps.yaml @@ -12,6 +12,10 @@ spec: attributes: port: 636 state: open + - category: "Open Port" + attributes: + service: "ldapssl" + state: open scanSpec: scanType: "sslyze" parameters: ["--regular", "{{$.hostOrIP}}:{{attributes.port}}"] diff --git a/scanners/sslyze/cascading-rules/mail.yaml b/scanners/sslyze/cascading-rules/mail.yaml index 33905d0dde..eb0f1c72e3 100644 --- a/scanners/sslyze/cascading-rules/mail.yaml +++ b/scanners/sslyze/cascading-rules/mail.yaml @@ -16,6 +16,11 @@ spec: attributes: service: "smtps" state: open + - category: "Open Port" + attributes: + service: "smtp" + tunnel: "ssl" + state: open scanSpec: scanType: "sslyze" parameters: ["--regular", "{{$.hostOrIP}}:{{attributes.port}}"] @@ -38,6 +43,11 @@ spec: attributes: service: "pop3s" state: open + - category: "Open Port" + attributes: + service: "pop3" + tunnel: "ssl" + state: open scanSpec: scanType: "sslyze" parameters: ["--regular", "{{$.hostOrIP}}:{{attributes.port}}"] @@ -60,6 +70,11 @@ spec: attributes: service: "imaps" state: open + - category: "Open Port" + attributes: + service: "imap" + tunnel: "ssl" + state: open scanSpec: scanType: "sslyze" parameters: ["--regular", "{{$.hostOrIP}}:{{attributes.port}}"] From 4cbdc9b71c1d11f19f50c682e0c4832e3d0662bb Mon Sep 17 00:00:00 2001 From: Luc Kolen Date: Mon, 12 Apr 2021 16:58:30 +0200 Subject: [PATCH 3/3] Added ftp via ssl tunnel to sslyze rules --- scanners/sslyze/cascading-rules/ftps.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scanners/sslyze/cascading-rules/ftps.yaml b/scanners/sslyze/cascading-rules/ftps.yaml index ebda8a8663..a203bbfc50 100644 --- a/scanners/sslyze/cascading-rules/ftps.yaml +++ b/scanners/sslyze/cascading-rules/ftps.yaml @@ -16,6 +16,11 @@ spec: attributes: service: "ftps" state: open + - category: "Open Port" + attributes: + service: "ftp" + tunnel: "ssl" + state: open scanSpec: scanType: "sslyze" parameters: ["--regular", "{{$.hostOrIP}}:{{attributes.port}}"]