Merge branch 'master' into zap-integration-tests

J12934 · web-flow · commit 4e5b6654cf0d · 2020-09-23T12:58:20.000+02:00
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -211,6 +211,17 @@ jobs:
           tag_with_ref: true
           tag_with_sha: true
           build_args: baseImageTag=ci-local
+      - uses: docker/build-push-action@v1
+        name: "Build & Push wpscan Parser Image"
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          repository: scbexperimental/parser-wpscan
+          path: ./scanners/wpscan/parser/
+          tag_with_ref: true
+          tag_with_sha: true
+          build_args: baseImageTag=ci-local
+
   hookImages:
     name: "Build / Hooks"
     runs-on: ubuntu-latest
diff --git a/scanners/amass/examples/example.com/README.md b/scanners/amass/examples/example.com/README.md
@@ -2,8 +2,6 @@
 title: "example.com"
 ---
 
-<!-- end -->
-
 > ✍ **Page under construction.**
  
-the frontmatter requires the name of the scantarget as 'title'
+the frontmatter requires the name of the scantarget as 'title'
diff --git a/scanners/ncrack/examples/dummy-ssh/README.md b/scanners/ncrack/examples/dummy-ssh/README.md
@@ -2,11 +2,28 @@ In this example we execute an ncrack scan against the intentional vulnerable ssh
 
 ### Install dummy-ssh
 
-Before executing the scan, make sure to have dummy-ssh installed:
+Before executing the scan, make sure to have dummy-ssh installed, and have the proper username & password lists:
 
 ```bash
-helm install dummy-ssh ./demo-apps/dummy-ssh/ --wait
-```
+# Create user & password list files, you can edit them later if you want
+echo "root\nadmin" > users.txt
+echo "THEPASSWORDYOUCREATED\n123456\npassword" > passwords.txt
 
+# Create a Kubernetes secret containing these files
+kubectl create secret generic --from-file users.txt --from-file passwords.txt ncrack-lists
 
+# Install dummy-ssh app. We'll use ncrack to enumerate its ssh username and password
+helm install dummy-ssh ./demo-apps/dummy-ssh/ --wait
 
+# Install the ncrack scanType and set mount the files from the ncrack-lists Kubernetes secret
+cat <<EOF | helm install ncrack ./scanners/ncrack --values -
+scannerJob:
+  extraVolumes:
+    - name: ncrack-lists
+      secret:
+        secretName: ncrack-lists
+  extraVolumeMounts:
+    - name: ncrack-lists
+      mountPath: "/ncrack/"
+EOF
+```
diff --git a/scanners/ncrack/examples/dummy-ssh/scan.yaml b/scanners/ncrack/examples/dummy-ssh/scan.yaml
@@ -5,8 +5,10 @@ metadata:
 spec:
   scanType: "ncrack"
   parameters:
+    # Enable verbose logging
     - -v
-    - --user=root,admin
-    - --pass=THEPASSWORDYOUCREATED,12345
+    - -U
+    - /ncrack/users.txt
+    - -P
+    - /ncrack/passwords.txt
     - ssh://dummy-ssh
-
diff --git a/scanners/ncrack/parser/.gitignore b/scanners/ncrack/parser/.gitignore
diff --git a/scanners/ncrack/templates/ncrack-scan-type.yaml b/scanners/ncrack/templates/ncrack-scan-type.yaml
@@ -21,3 +21,8 @@ spec:
               command: ["ncrack", "-oX", "/home/securecodebox/ncrack-results.xml"]
               resources:
                 {{- toYaml .Values.scannerJob.resources | nindent 16 }}
+              volumeMounts:
+                {{- toYaml .Values.scannerJob.extraVolumeMounts | nindent 16 }}
+          volumes:
+            {{- toYaml .Values.scannerJob.extraVolumes | nindent 12 }}
+
diff --git a/scanners/ncrack/values.yaml b/scanners/ncrack/values.yaml
@@ -6,3 +6,5 @@ parserImage:
 scannerJob:
   ttlSecondsAfterFinished: null
   resources: {}
+  extraVolumes: []
+  extraVolumeMounts: []
diff --git a/scanners/nmap/parser/.gitignore b/scanners/nmap/parser/.gitignore
diff --git a/scanners/wpscan/examples/old-wordpress/findings.yaml b/scanners/wpscan/examples/old-wordpress/findings.yaml
@@ -0,0 +1,101 @@
+[
+  {
+    "name": "WordPress Service",
+    "description": "WordPress Service Information",
+    "category": "WordPress Service",
+    "location": "http://old-wordpress.demo-apps.svc.cluster.local/",
+    "osi_layer": "APPLICATION",
+    "severity": "INFORMATIONAL",
+    "reference": {},
+    "confidence": 100,
+    "attributes": {
+      "ip_address": "10.99.82.140",
+      "wpscan_version": "3.8.7",
+      "wpscan_requests": 4777,
+      "wp_version": "4.0.31",
+      "wp_release_date": "2020-06-10",
+      "wp_release_status": "latest",
+      "wp_interesting_entries": [
+        "http://old-wordpress.demo-apps.svc.cluster.local/, Match: 'WordPress 4.0.31'"
+      ],
+      "wp_found_by": "Meta Generator (Passive Detection)",
+      "wp_confirmed_by": {
+        "Atom Generator (Aggressive Detection)": {
+          "confidence": 80,
+          "interesting_entries": [
+            "http://old-wordpress.demo-apps.svc.cluster.local/?feed=atom, <generator uri=\"https://wordpress.org/\" version=\"4.0.31\">WordPress</generator>"
+          ]
+        }
+      },
+      "wp_vulnerabilities": []
+    },
+    "id": "35e61c23-d525-4509-a024-d1aef37a1623"
+  },
+  {
+    "name": "WordPress finding 'headers'",
+    "description": "Headers",
+    "category": "WordPress headers",
+    "location": "http://old-wordpress.demo-apps.svc.cluster.local/",
+    "osi_layer": "APPLICATION",
+    "severity": "INFORMATIONAL",
+    "confidence": 100,
+    "reference": {},
+    "attributes": {
+      "wp_interesting_entries": [
+        "Server: nginx/1.7.7",
+        "X-Powered-By: PHP/5.4.34-0+deb7u1"
+      ],
+      "wp_found_by": "Headers (Passive Detection)",
+      "wp_confirmed_by": {}
+    },
+    "id": "ca074030-2e55-4a10-bf8f-039c1b8978d9"
+  },
+  {
+    "name": "WordPress finding 'xmlrpc'",
+    "description": "XML-RPC seems to be enabled: http://old-wordpress.demo-apps.svc.cluster.local/xmlrpc.php",
+    "category": "WordPress xmlrpc",
+    "location": "http://old-wordpress.demo-apps.svc.cluster.local/xmlrpc.php",
+    "osi_layer": "APPLICATION",
+    "severity": "INFORMATIONAL",
+    "confidence": 100,
+    "reference": {},
+    "attributes": {
+      "wp_interesting_entries": [],
+      "wp_found_by": "Direct Access (Aggressive Detection)",
+      "wp_confirmed_by": {}
+    },
+    "id": "9b521d88-4018-4069-971d-7a020eebab51"
+  },
+  {
+    "name": "WordPress finding 'readme'",
+    "description": "WordPress readme found: http://old-wordpress.demo-apps.svc.cluster.local/readme.html",
+    "category": "WordPress readme",
+    "location": "http://old-wordpress.demo-apps.svc.cluster.local/readme.html",
+    "osi_layer": "APPLICATION",
+    "severity": "INFORMATIONAL",
+    "confidence": 100,
+    "reference": {},
+    "attributes": {
+      "wp_interesting_entries": [],
+      "wp_found_by": "Direct Access (Aggressive Detection)",
+      "wp_confirmed_by": {}
+    },
+    "id": "7160e807-b6bb-4994-9477-22cac8e2f549"
+  },
+  {
+    "name": "WordPress finding 'wp_cron'",
+    "description": "The external WP-Cron seems to be enabled: http://old-wordpress.demo-apps.svc.cluster.local/wp-cron.php",
+    "category": "WordPress wp_cron",
+    "location": "http://old-wordpress.demo-apps.svc.cluster.local/wp-cron.php",
+    "osi_layer": "APPLICATION",
+    "severity": "INFORMATIONAL",
+    "confidence": 60,
+    "reference": {},
+    "attributes": {
+      "wp_interesting_entries": [],
+      "wp_found_by": "Direct Access (Aggressive Detection)",
+      "wp_confirmed_by": {}
+    },
+    "id": "828bf907-da73-4076-994b-a46652b1f972"
+  }
+]
diff --git a/scanners/wpscan/examples/old-wordpress/scan.yaml b/scanners/wpscan/examples/old-wordpress/scan.yaml
@@ -0,0 +1,13 @@
+apiVersion: "execution.experimental.securecodebox.io/v1"
+kind: Scan
+metadata:
+  name: "wpscan-old-wordpress-internal"
+spec:
+  scanType: "wpscan"
+  parameters:
+    - "--url"
+    - old-wordpress.demo-apps.svc.cluster.local
+    - "-e"
+    - "vp"
+    - "--plugins-detection"
+    - "mixed"
diff --git a/scanners/wpscan/examples/old-wordpress/wpscan-results.json b/scanners/wpscan/examples/old-wordpress/wpscan-results.json
@@ -0,0 +1,134 @@
+{
+  "banner": {
+    "description": "WordPress Security Scanner by the WPScan Team",
+    "version": "3.8.7",
+    "authors": [
+      "@_WPScan_",
+      "@ethicalhack3r",
+      "@erwan_lr",
+      "@firefart"
+    ],
+    "sponsor": "Sponsored by Automattic - https://automattic.com/"
+  },
+  "start_time": 1600682567,
+  "start_memory": 42774528,
+  "target_url": "http://old-wordpress.demo-apps.svc.cluster.local/",
+  "target_ip": "10.99.82.140",
+  "effective_url": "http://old-wordpress.demo-apps.svc.cluster.local/",
+  "interesting_findings": [
+    {
+      "url": "http://old-wordpress.demo-apps.svc.cluster.local/",
+      "to_s": "Headers",
+      "type": "headers",
+      "found_by": "Headers (Passive Detection)",
+      "confidence": 100,
+      "confirmed_by": {
+
+      },
+      "references": {
+
+      },
+      "interesting_entries": [
+        "Server: nginx/1.7.7",
+        "X-Powered-By: PHP/5.4.34-0+deb7u1"
+      ]
+    },
+    {
+      "url": "http://old-wordpress.demo-apps.svc.cluster.local/xmlrpc.php",
+      "to_s": "XML-RPC seems to be enabled: http://old-wordpress.demo-apps.svc.cluster.local/xmlrpc.php",
+      "type": "xmlrpc",
+      "found_by": "Direct Access (Aggressive Detection)",
+      "confidence": 100,
+      "confirmed_by": {
+
+      },
+      "references": {
+        "url": [
+          "http://codex.wordpress.org/XML-RPC_Pingback_API"
+        ],
+        "metasploit": [
+          "auxiliary/scanner/http/wordpress_ghost_scanner",
+          "auxiliary/dos/http/wordpress_xmlrpc_dos",
+          "auxiliary/scanner/http/wordpress_xmlrpc_login",
+          "auxiliary/scanner/http/wordpress_pingback_access"
+        ]
+      },
+      "interesting_entries": [
+
+      ]
+    },
+    {
+      "url": "http://old-wordpress.demo-apps.svc.cluster.local/readme.html",
+      "to_s": "WordPress readme found: http://old-wordpress.demo-apps.svc.cluster.local/readme.html",
+      "type": "readme",
+      "found_by": "Direct Access (Aggressive Detection)",
+      "confidence": 100,
+      "confirmed_by": {
+
+      },
+      "references": {
+
+      },
+      "interesting_entries": [
+
+      ]
+    },
+    {
+      "url": "http://old-wordpress.demo-apps.svc.cluster.local/wp-cron.php",
+      "to_s": "The external WP-Cron seems to be enabled: http://old-wordpress.demo-apps.svc.cluster.local/wp-cron.php",
+      "type": "wp_cron",
+      "found_by": "Direct Access (Aggressive Detection)",
+      "confidence": 60,
+      "confirmed_by": {
+
+      },
+      "references": {
+        "url": [
+          "https://www.iplocation.net/defend-wordpress-from-ddos",
+          "https://github.com/wpscanteam/wpscan/issues/1299"
+        ]
+      },
+      "interesting_entries": [
+
+      ]
+    }
+  ],
+  "version": {
+    "number": "4.0.31",
+    "release_date": "2020-06-10",
+    "status": "latest",
+    "found_by": "Meta Generator (Passive Detection)",
+    "confidence": 100,
+    "interesting_entries": [
+      "http://old-wordpress.demo-apps.svc.cluster.local/, Match: 'WordPress 4.0.31'"
+    ],
+    "confirmed_by": {
+      "Atom Generator (Aggressive Detection)": {
+        "confidence": 80,
+        "interesting_entries": [
+          "http://old-wordpress.demo-apps.svc.cluster.local/?feed=atom, <generator uri=\"https://wordpress.org/\" version=\"4.0.31\">WordPress</generator>"
+        ]
+      }
+    },
+    "vulnerabilities": [
+
+    ]
+  },
+  "main_theme": null,
+  "plugins": {
+
+  },
+  "vuln_api": {
+    "error": "No WPVulnDB API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up"
+  },
+  "stop_time": 1600682792,
+  "elapsed": 225,
+  "requests_done": 4777,
+  "cached_requests": 4,
+  "data_sent": 1459447,
+  "data_sent_humanised": "1.392 MB",
+  "data_received": 18563423,
+  "data_received_humanised": "17.703 MB",
+  "used_memory": 299765760,
+  "used_memory_humanised": "285.879 MB"
+}
