infobyte · ChriZzn · Jul 21, 2021 · Jul 21, 2021 · Jul 22, 2021
diff --git a/faraday_plugins/plugins/repo/nessus/checksvc.py b/faraday_plugins/plugins/repo/nessus/checksvc.py
@@ -0,0 +1,24 @@
+import http.client
+import ssl
+
+def is_https(target):
+    try:
+        ctx = ssl._create_unverified_context()
+        ctx.set_ciphers('DEFAULT@SECLEVEL=0')
+        conn = http.client.HTTPSConnection(target, context=ctx, timeout=4)
+        headers = {'User-Agent': 'Mozilla/4.0 (compatible; MSIE5.01; Windows NT)'}
+        conn.request(method="GET", url="/", headers=headers)
+        var = conn.getresponse()
+        return True
+    except:
+        return False
+
+def is_http(target):
+    try:
+        conn = http.client.HTTPConnection(target, timeout=4)
+        headers = {'User-Agent': 'Mozilla/4.0 (compatible; MSIE5.01; Windows NT)'}
+        conn.request(method="GET", url="/", headers=headers)
+        var = conn.getresponse()
+        return True
+    except:
+        return False
diff --git a/faraday_plugins/plugins/repo/nessus/plugin.py b/faraday_plugins/plugins/repo/nessus/plugin.py
@@ -20,7 +20,7 @@
 __status__ = "Development"
 
 from faraday_plugins.plugins.repo.nessus.DTO import ReportHost, Report, ReportItem
-
+from faraday_plugins.plugins.repo.nessus import checksvc
 
 class NessusParser:
     """
@@ -154,7 +154,14 @@ def parseOutputString(self, output):
                     if not vulnerability_name:
                         continue
                     item_name = item.svc_name_attr
-
+                    #check if service is http or https:
+                    if not item_name == 'general' and item.protocol_attr == 'tcp':
+                        target = host.name + ":" + item.port_attr
+                        if checksvc.is_https(target):
+                            item_name = 'https'
+                        elif checksvc.is_http(target):
+                            item_name = 'http'
+                    #End check
                     _main_data = self.map_item(
                         host_id, run_date, vulnerability_name, item)
 
@@ -166,7 +173,7 @@ def parseOutputString(self, output):
                         _main_data["service_id"] = self.createAndAddServiceToHost(
                             host_id, name=item_name, protocol=item.protocol_attr,
                             ports=item.port_attr)
-                        if item_name == 'www' or item_name == 'http':
+                        if item_name == 'www' or item_name == 'http' or item_name == 'https':
                             _main_data.update({"website": website})
                             self.createAndAddVulnWebToService(**_main_data)
                         else:

diff --git a/faraday_plugins/plugins/repo/nuclei/plugin.py b/faraday_plugins/plugins/repo/nuclei/plugin.py
@@ -38,26 +38,34 @@ def __init__(self, *arg, **kwargs):
     def parseOutputString(self, output, debug=False):
         for vuln_json in filter(lambda x: x != '', output.split("\n")):
             vuln_dict = json.loads(vuln_json)
-            host = vuln_dict.get('host')
-            url_data = urlparse(host)
-            ip = vuln_dict.get("ip", resolve_hostname(url_data.hostname))
+            if vuln_dict.get('type') == "dns":
+                #sepcial handling if only a domain was provided
+                hostname = vuln_dict.get('host')
+                ip = resolve_hostname(hostname)
+                url_data = False
+            else:
+                host = vuln_dict.get('host')
+                url_data = urlparse(host)
+                hostname = url_data.hostname
+                ip = vuln_dict.get("ip", resolve_hostname(url_data.hostname))
             host_id = self.createAndAddHost(
                 name=ip,
-                hostnames=[url_data.hostname])
-            port = url_data.port
-            if not port:
-                if url_data.scheme == 'https':
-                    port = 443
-                else:
-                    port = 80
-            service_id = self.createAndAddServiceToHost(
-                host_id,
-                name=url_data.scheme,
-                ports=port,
-                protocol="tcp",
-                status='open',
-                version='',
-                description='web server')
+                hostnames=[hostname])
+            if url_data:
+                port = url_data.port
+                if not port:
+                    if url_data.scheme == 'https':
+                        port = 443
+                    else:
+                        port = 80
+                service_id = self.createAndAddServiceToHost(
+                    host_id,
+                    name=url_data.scheme,
+                    ports=port,
+                    protocol="tcp",
+                    status='open',
+                    version='',
+                    description='web server')
             matched = vuln_dict.get('matched')
             matched_data = urlparse(matched)
             references = [f"author: {vuln_dict['info'].get('author', '')}"]
@@ -74,24 +82,42 @@ def parseOutputString(self, output, debug=False):
             run_date = vuln_dict.get('timestamp')
             if run_date:
                 run_date = dateutil.parser.parse(run_date)
-            self.createAndAddVulnWebToService(
-                host_id,
-                service_id,
-                name=name,
-                desc=vuln_dict["info"].get("description", name),
-                ref=references,
-                severity=vuln_dict["info"].get('severity'),
-                website=host,
-                request=request,
-                response=vuln_dict.get('response', ''),
-                method=method,
-                query=matched_data.query,
-                params=matched_data.params,
-                path=matched_data.path,
-                data="\n".join(data),
-                external_id=f"NUCLEI-{vuln_dict.get('templateID', '')}",
-                run_date=run_date
-            )
+            if vuln_dict["info"].get('resolution'):
+                vuln_resolution = vuln_dict["info"].get('resolution')
+            else:
+                vuln_resolution = ""
+            if url_data:
+                self.createAndAddVulnWebToService(
+                    host_id,
+                    service_id,
+                    name=name,
+                    desc=vuln_dict["info"].get("description", name),
+                    ref=references,
+                    severity=vuln_dict["info"].get('severity'),
+                    resolution=vuln_resolution,
+                    website=host,
+                    request=request,
+                    response=vuln_dict.get('response', ''),
+                    method=method,
+                    query=matched_data.query,
+                    params=matched_data.params,
+                    path=matched_data.path,
+                    data="\n".join(data),
+                    external_id=f"NUCLEI-{vuln_dict.get('templateID', '')}",
+                    run_date=run_date
+                )
+            else:
+                self.createAndAddVulnToHost(
+                    host_id,
+                    name=name,
+                    desc=vuln_dict["info"].get("description", name),
+                    ref=references,
+                    severity=vuln_dict["info"].get('severity'),
+                    resolution=vuln_resolution,
+                    data="\n".join(data),
+                    external_id=f"NUCLEI-{vuln_dict.get('templateID', '')}",
+                    run_date=run_date
+                )