Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Ability to execute Nmap Scripting Engine(NSE) scripts, translate tool to spanish and option to schedule scans. #23

Open
wants to merge 51 commits into
base: master
Choose a base branch
from

Conversation

TomasTorresB
Copy link

Some new additions to the project with 3 goals in mind: Allow use of Nmap scripts with the tool(with help of python-nmap), translate tool to spanish and add an option for scheduling scans in the future.

The major hurdle in achieving the first goal was the lack of fields of NSE scripts in comparison with the base scripts of Nerve. Most info is not needed for the scans but in order to run the scripts some major changed were done. First the introduction of new severity levels: 'potential' and 'undefined'. 'Potential' is used when the NSE script output is not clear if it is a vulnerability or not, thus leaving the judgement to the user. 'Undefined' is used when the NSE scripts metadata doesn't specify the severity of the script. And in the case of other less important fields(like the description), the information is omitted if not provided by the script.

When adding new scripts in NSE format to the tool some changes to the code must be done in order to use the tool features to its full potential. More details are specified in the documentation.

Regarding the translations, most of the work is done by flask babel library.

Lastly, scheduled scans are implemented using a redis list. Where scans are ordered by date and only the first/next one is accessed by the different components of the tool.

New features list:

  • Allow execution of Nmap Scripting Engine(NSE) scripts.
  • Option for using custom parameters when executing NSE script.
  • Introduce new script category for potential vulnerabilities.
  • Introduce new severity level 'undefined'.
  • Translate tool to spanish(except scripts).
  • Add new option for scheduling scans.
  • Add new scripts in 'nse' folder.
  • Allow execution of external scripts by path.
  • Documentation for new features and spanish support.

Some other minor changes are not detailed here, like new buttons, navbar changes, etc.

TomasTorresB and others added 30 commits March 11, 2022 16:15
…nslate 'welcome' template to spanish. Create navbar as template.
Fix report generation
Fix get metadata of extra scripts.
Add colors for 'Undefined' and 'Potential' severity levels.
Fix quickstart
Add 'Undefined' and 'Potential' vulns to topology.
Change API scan to use next scan.
Add check for metadata info format.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

1 participant