detector

package
v0.15.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 1, 2021 License: AGPL-3.0 Imports: 42 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ConvertToModels 

func ConvertToModels(es []*exploitmodels.Exploit) (exploits []models.Exploit)

ConvertToModels converts gost model to vuls model

func ConvertToModelsMsf 

func ConvertToModelsMsf(ms []*metasploitmodels.Metasploit) (modules []models.Metasploit)

ConvertToModelsMsf converts gost model to vuls model

func Detect 

func Detect(rs []models.ScanResult, dir string) ([]models.ScanResult, error)

Detect vulns and fill CVE detailed information

func DetectCpeURIsCves 

func DetectCpeURIsCves(r *models.ScanResult, cpeURIs []string, cnf config.GoCveDictConf, logOpts logging.LogOpts) error

DetectCpeURIsCves detects CVEs of given CPE-URIs

func DetectGitHubCves 

func DetectGitHubCves(r *models.ScanResult, githubConfs map[string]config.GitHubConf, ignoreDismissed bool) error

DetectGitHubCves fetches CVEs from GitHub Security Alerts

func DetectGitHubSecurityAlerts 

func DetectGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string, ignoreDismissed bool) (nCVEs int, err error)

DetectGitHubSecurityAlerts access to owner/repo on GitHub and fetch security alerts of the repository via GitHub API v4 GraphQL and then set to the given ScanResult. https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/

func DetectLibsCves 

func DetectLibsCves(r *models.ScanResult, cacheDir string, noProgress bool) (err error)

DetectLibsCves fills LibraryScanner information

func DetectPkgCves 

func DetectPkgCves(r *models.ScanResult, ovalCnf config.GovalDictConf, gostCnf config.GostConf) error

DetectPkgCves detects OS pkg cves pass 2 configs

func DetectWordPressCves 

func DetectWordPressCves(r *models.ScanResult, wpCnf config.WpScanConf) error

DetectWordPressCves detects CVEs of WordPress

func FillCvesWithNvdJvn 

func FillCvesWithNvdJvn(r *models.ScanResult, cnf config.GoCveDictConf, logOpts logging.LogOpts) (err error)

FillCvesWithNvdJvn fills CVE detail with NVD, JVN

func FillCweDict 

func FillCweDict(r *models.ScanResult)

FillCweDict fills CWE

func FillWithExploit 

func FillWithExploit(r *models.ScanResult, cnf config.ExploitConf) (nExploitCve int, err error)

FillWithExploit fills exploit information that has in Exploit

func FillWithMetasploit 

func FillWithMetasploit(r *models.ScanResult, cnf config.MetasploitConf) (nMetasploitCve int, err error)

FillWithMetasploit fills metasploit module information that has in module

func ListValidJSONDirs 

func ListValidJSONDirs(resultsDir string) (dirs []string, err error)

ListValidJSONDirs returns valid json directory as array Returned array is sorted so that recent directories are at the head

Types

type References 

type References struct {
	URL     []string `json:"url"`
	Cve     []string `json:"cve"`
	Secunia []string `json:"secunia"`
}

References is for wpscan json

type SecurityAlerts 

type SecurityAlerts struct {
	Data struct {
		Repository struct {
			URL                 string `json:"url"`
			VulnerabilityAlerts struct {
				PageInfo struct {
					EndCursor   string `json:"endCursor"`
					HasNextPage bool   `json:"hasNextPage"`
					StartCursor string `json:"startCursor"`
				} `json:"pageInfo"`
				Edges []struct {
					Node struct {
						ID                    string    `json:"id"`
						DismissReason         string    `json:"dismissReason"`
						DismissedAt           time.Time `json:"dismissedAt"`
						SecurityVulnerability struct {
							Package struct {
								Name      string `json:"name"`
								Ecosystem string `json:"ecosystem"`
							} `json:"package"`
							Severity               string `json:"severity"`
							VulnerableVersionRange string `json:"vulnerableVersionRange"`
							FirstPatchedVersion    struct {
								Identifier string `json:"identifier"`
							} `json:"firstPatchedVersion"`
						} `json:"securityVulnerability"`
						SecurityAdvisory struct {
							Description string    `json:"description"`
							GhsaID      string    `json:"ghsaId"`
							Permalink   string    `json:"permalink"`
							PublishedAt time.Time `json:"publishedAt"`
							Summary     string    `json:"summary"`
							UpdatedAt   time.Time `json:"updatedAt"`
							WithdrawnAt time.Time `json:"withdrawnAt"`
							Origin      string    `json:"origin"`
							Severity    string    `json:"severity"`
							References  []struct {
								URL string `json:"url"`
							} `json:"references"`
							Identifiers []struct {
								Type  string `json:"type"`
								Value string `json:"value"`
							} `json:"identifiers"`
						} `json:"securityAdvisory"`
					} `json:"node"`
				} `json:"edges"`
			} `json:"vulnerabilityAlerts"`
		} `json:"repository"`
	} `json:"data"`
}

SecurityAlerts has detected CVE-IDs, PackageNames, Refs

type WpCveInfo 

type WpCveInfo struct {
	ID         string     `json:"id"`
	Title      string     `json:"title"`
	CreatedAt  time.Time  `json:"created_at"`
	UpdatedAt  time.Time  `json:"updated_at"`
	VulnType   string     `json:"vuln_type"`
	References References `json:"references"`
	FixedIn    string     `json:"fixed_in"`
}

WpCveInfo is for wpscan json

type WpCveInfos 

type WpCveInfos struct {
	ReleaseDate  string `json:"release_date"`
	ChangelogURL string `json:"changelog_url"`
	// Status        string `json:"status"`
	LatestVersion string `json:"latest_version"`
	LastUpdated   string `json:"last_updated"`
	// Popular         bool        `json:"popular"`
	Vulnerabilities []WpCveInfo `json:"vulnerabilities"`
	Error           string      `json:"error"`
}

WpCveInfos is for wpscan json

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.