Hi, any chance to support that?
https://oasis-open.github.io/csaf-documentation/

it is a JSON based standard
https://github.com/oasis-tcs/csaf/blob/master/csaf_2.0/json_schema/csaf_json_schema.json

hi @kac89 , with the recently change the report has issues this is a example of generate report

© Generated by VULNRΞPO

with an empty login and password."],"severity":"High","ref":"CVE-1999-0519\nhttp://xforce.iss.net/xforce/xfdb/2\nhttp://seclab.cs.ucdavis.edu/projects/testing/vulner/38.html\n","cvss":"7.5","cve":"","tags":[],"bounty":[],"date":"2023-04-17"},{"title":["PHP < 7.3.27, 7.4.x < 7.4.15, 8.0.x < 8.0.2 NULL Deference Vulnerability (Feb 2021) - Windows"],"poc":"443/tcp\n\n10.0.0.15","files":[],"desc":["Installed version: 5.6.40\nFixed version: 7.3.27\nInstallation\npath / port: 443/tcp"],"severity":"High","ref":"CVE-2021-21702\nhttps://www.php.net/ChangeLog-7.php#7.3.27\nhttps://www.php.net/ChangeLog-7.php#7.4.15\nhttps://www.php.net/ChangeLog-8.php#8.0.2\nWID-SEC-2022-2113\nCB-K21/0124\nDFN-CERT-2022-2639\nDFN-CERT-2022-2638\nDFN-CERT-2022-0904\nDFN-CERT-2021-2373\nDFN-CERT-2021-1645\nDFN-CERT-2021-1509\nDFN-CERT-2021-1453\nDFN-CERT-2021-0556\nDFN-CERT-2021-0380\nDFN-CERT-2021-0246\n","cvss":"7.5","cve":"","tags":[],"bounty":[],"date":"2023-04-17"},{"title":["PHP < 7.2.32, 7.3 < 7.3.20, 7.4 < 7.4.8 libcurl Vulnerability - May20 (Windows)"],"poc":"443/tcp\n\n10.0.0.15","files":[],"desc":["Installed version: 5.6.40\nFixed version: 7.2.32\nInstallation\npath / port: 443/tcp"],"severity":"High","ref":"CVE-2020-8169\nhttps://www.php.net/ChangeLog-7.php#7.2.32\nhttps://www.php.net/ChangeLog-7.php#7.3.20\nhttps://www.php.net/ChangeLog-7.php#7.4.8\nCB-K20/0684\nCB-K20/0619\nDFN-CERT-2021-1329\nDFN-CERT-2021-0807\nDFN-CERT-2021-0663\nDFN-CERT-2020-1347\n","cvss":"7.5","cve":"","tags":[],"bounty":[],"date":"2023-04-17"},{"title":["SSL/TLS: Report Vulnerable Cipher Suites for HTTPS"],"poc":"443/tcp\n\n192.168.15.248","files":[],"desc":["'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol:\n\nTLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)\nTLS_DH_anon_WITH_3DES_EDE_CBC_SHA (SWEET32)\nTLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)\nTLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (SWEET32)\nTLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)"],"severity":"High","ref":"CVE-2016-2183\nCVE-2016-6329\nCVE-2020-12872\nhttps://bettercrypto.org/\nhttps://mozilla.github.io/server-side-tls/ssl-config-generator/\nhttps://sweet32.info/\nWID-SEC-2022-2226\nWID-SEC-2022-1955\nCB-K21/1094\nCB-K20/1023\nCB-K20/0321\nCB-K20/0314\nCB-K20/0157\nCB-K19/0618\nCB-K19/0615\nCB-K18/0296\nCB-K17/1980\nCB-K17/1871\nCB-K17/1803\nCB-K17/1753\nCB-K17/1750\nCB-K17/1709\nCB-K17/1558\nCB-K17/1273\nCB-K17/1202\nCB-K17/1196\nCB-K17/1055\nCB-K17/1026\nCB-K17/0939\nCB-K17/0917\nCB-K17/0915\nCB-K17/0877\nCB-K17/0796\nCB-K17/0724\nCB-K17/0661\nCB-K17/0657\nCB-K17/0582\nCB-K17/0581\nCB-K17/0506\nCB-K17/0504\nCB-K17/0467\nCB-K17/0345\nCB-K17/0098\nCB-K17/0089\nCB-K17/0086\nCB-K17/0082\nCB-K16/1837\nCB-K16/1830\nCB-K16/1635\nCB-K16/1630\nCB-K16/1624\nCB-K16/1622\nCB-K16/1500\nCB-K16/1465\nCB-K16/1307\nCB-K16/1296\nDFN-CERT-2021-1618\nDFN-CERT-2021-0775\nDFN-CERT-2021-0770\nDFN-CERT-2021-0274\nDFN-CERT-2020-2141\nDFN-CERT-2020-0368\nDFN-CERT-2019-1455\nDFN-CERT-2019-0068\nDFN-CERT-2018-1296\nDFN-CERT-2018-0323\nDFN-CERT-2017-2070\nDFN-CERT-2017-1954\nDFN-CERT-2017-1885\nDFN-CERT-2017-1831\nDFN-CERT-2017-1821\nDFN-CERT-2017-1785\nDFN-CERT-2017-1626\nDFN-CERT-2017-1326\nDFN-CERT-2017-1239\nDFN-CERT-2017-1238\nDFN-CERT-2017-1090\nDFN-CERT-2017-1060\nDFN-CERT-2017-0968\nDFN-CERT-2017-0947\nDFN-CERT-2017-0946\nDFN-CERT-2017-0904\nDFN-CERT-2017-0816\nDFN-CERT-2017-0746\nDFN-CERT-2017-0677\nDFN-CERT-2017-0675\nDFN-CERT-2017-0611\nDFN-CERT-2017-0609\nDFN-CERT-2017-0522\nDFN-CERT-2017-0519\nDFN-CERT-2017-0482\nDFN-CERT-2017-0351\nDFN-CERT-2017-0090\nDFN-CERT-2017-0089\nDFN-CERT-2017-0088\nDFN-CERT-2017-0086\nDFN-CERT-2016-1943\nDFN-CERT-2016-1937\nDFN-CERT-2016-1732\nDFN-CERT-2016-1726\nDFN-CERT-2016-1715\nDFN-CERT-2016-1714\nDFN-CERT-2016-1588\nDFN-CERT-2016-1555\nDFN-CERT-2016-1391\nDFN-CERT-2016-1378\n","cvss":"7.5","cve":"","tags":[],"bounty":[],"date":"2023-04-17"},{"title":["PHP < 7.2.30, 7.3 < 7.3.17, 7.4 < 7.4.5 DoS Vulnerability - Apr20 (Windows)"],"poc":"443/tcp\n\n10.0.0.15","files":[],"desc":["Installed version: 5.6.40\nFixed version: 7.2.30\nInstallation\npath / port: 443/tcp"],"severity":"High","ref":"CVE-2020-7067\nhttps://www.php.net/ChangeLog-7.php#7.2.30\nhttps://www.php.net/ChangeLog-7.php#7.3.17\nhttps://www.php.net/ChangeLog-7.php#7.4.5\nCB-K20/1199\nCB-K20/0336\nDFN-CERT-2020-1438\nDFN-CERT-2020-0851\nDFN-CERT-2020-0751\n","cvss":"7.5","cve":"","tags":[],"bounty":[],"date":"2023-04-17"},{"title":["SSH Brute Force Logins With Default Credentials Reporting"],"poc":"22/tcp\n\n10.0.0.4","files":[],"desc":["It was possible to login with the following credentials :\n\nadmin:admin"],"severity":"High","ref":"CVE-1999-0501\nCVE-1999-0502\nCVE-1999-0507\nCVE-1999-0508\n","cvss":"7.5","cve":"","tags":[],"bounty":[],"date":"2023-04-17"},{"title":["Riello NetMan 204 Default Credentials (SSH)"],"poc":"22/tcp\n\n10.0.0.4","files":[],"desc":["It was possible to login as user 'admin' with password 'admin' and to execute 'cat /etc/passwd'.

Not sure if this was just my not being familiar with Angular or not, but got this after a fresh clone during the build.

$ ng build
ERROR in The Angular Compiler requires TypeScript >=3.4.0 and <3.6.0 but 3.9.5 was found instead.

I just checked for which version was specified and back revd TypeScript to 3.5.3 and everything compiled and ran great, but figured you might want to be aware.

$ cat yarn.lock
....
[email protected]:
  version "3.5.3"
  resolved ...
  integrity ...

typescript@^3.4.5:
  version "3.9.5"
  resolved ...
  integrity ...
....

I wrote a report & downloaded it, when I saw HTML file the code was broken;

(basic/default starting template was present & not broken)

And the report itself executes the javascript alert I used in an issue;

(this is when i reloaded, but same goes when opened for first time)

I presume that happened because of something I wrote in an issue (inside a code block);

This could be potentially harmful, as if someone trust our report and opens it that has malicious payload in it - they could be infected

I think filtering all inputs (as string) could solve the issue :)
Thank you!!

Hi , recently try upload a openvas format xml but keep in Please Wait for more than a hour ago
attach a example of xml

https://send.bitwarden.com/#1UYVrGZH3kuqP6_nAQMn3A/CNQgOrAtZBiRKC4SNRpkFw

Regards.

Hey,
First I'd like to say that this is a cool project!
I just played around with it a little and was wondering a couple of things/noticed a few quirks:

• Would be lovely to have an actual share button to the latest release as a .pdf or rendered .html version of the report as attaching a plain text/html file to an email is not always conform to a bug reporting workflow (at least from my experience)
• I don't quite seem to understand how attachments work. You can add files and sometimes (at least for me) they show up as a note in report, but currently there is no way to download/view the attachments right from the report? That would be very helpful!
  • Also as for this You can easily attach any file you want to. Screenshot, movie or scanner output in txt. I'd much rather prefer a downloadable file as I would not wanna bloat a report both in content and size by attaching multiple >1k LoC stack traces or even binary samples.
• Native export as a .pdf would be also very helpful.
• Is a setup with SSL/TLS support on the roadmap?
• An online collab feature (share a link/ID to a report with a colleague and have a go at it) would be hella useful, but for this to happen I assume the storage must be shifted from local browser DB to a persistent and accessible network storage?

This sounds like a lot of nagging but as you already have a solid base for report generation I was wondering what you think about these features.

Cheers

Hi,

I have containerized the application (to suit my needs) but am wondering where the app stores reports on disk?

Thanks!

Hi, i had a problem when i try to run serve in difference host, example i want to run with 192.168.1.100 address: ng serve --host 192.168.1.100, it's successfully listening on, but when i access it on browser it's not running at all. Also i have modify host in /node_modules/@angular/cli/lib/config/schema.json (with 0.0.0.0 address), but didn't fix. Can u guide me to solve this issue? Thanks. 😃

is possible merge reports from multiple sources can be summarized, for example, by IP, so that we can see all incidents by IP address and not by independent incident or by title and all computers with equal vulnerability are summarized

this proyect is amazing tool!!

I can not install it. I already installed angular cli, angular and node but it does not work ng serves

Hi,
nice project here!
how would it be to add Markdown rendering (instead of pure HTML) for instance in the scope entry,
that would be super useful to render a table via Markdown like:

IP   | hostname | role | comments
------|--------------|-------|---------------
127.0.0.1 | locahost.localdomain | nothing and all | client asked to test this one with care
255.255.255.255 | N/A | nothing | this is a crash & test you can go do whatever you want on it

and it would look like:

Hey;
I'm not able to create a new report!

I have tried creating several times but its says Your reports list is empty.

I also create a profile still the same!!!

We've tried NMAP files of all kinds - new, old, simple scans and more complex. None will import, as each throws the following type error. No problems importing NESSUS and Burp files, both import perfectly.

core.js:6456 ERROR TypeError: Cannot read property '0' of undefined
at dialog-import.component.ts:645
at Array.map ()
at DialogImportComponent.parseNmap (dialog-import.component.ts:636)
at FileReader.fileReader.onload (dialog-import.component.ts:615)
at ZoneDelegate.invoke (zone.js:372)
at Object.onInvoke (core.js:28674)
at ZoneDelegate.invoke (zone.js:371)
at Zone.runGuarded (zone.js:144)
at FileReader. (zone.js:128)

Few fields related to Issues are not reflecting into the HTML report. The CVE number and CVSS score are not getting printed in the report. Also, I want to have Issue Remediation field for all the issues reported. Can you pls check and help in this regard? It would be nice if you can also provide some information on how to customize the reports. My Overall experience is good with this tool. Just want a few addition of features.

First of all great work guys, I hope you are doing well.
I have to say that this is by far the best and simplest reporting software ive seen in a while.
a few things that could make the project better in my oppinion would be,

• The ability to add custom fields in the issues tab
• The ability to customize the report
• The ability to set the size of the logo in the report so it doesnt take whole width of the report
• The ability to remove the social and website links from the report but leaving the name and email
• The ability to save presets like use dark theme for the report, dont show researcher etc.

Thank you for all you hardwork and hope you keep up the good work.

Hello,
Awesome tool to generate the report with no fuzz of backend.

However, i would like to suggest an improvement for adding a .docx report download which come handy in customizing it.

Agreed .txt is available but a lot of styling could not be done.
came across this https://www.npmjs.com/package/html-to-docx , but wasnt sure if would fit it.
It would be great to see this feature landing in tool's dashboard.

Thanks.

I'd really like to be able to provide styling to my POC and description. I see that the scope has markdown capabilities but not the description or POC?

It would also be really cool if we had an editor similar to what you have on Github and support syntax highlighting for HTTP requests or code snippets.

Hi,

I have built the application using the ng build --base-href <my base href> --prod and after installing the application in my proper base-href everything appears to work except the vuln-list. Upon clicking the Vuln-List link, it just loads forever, an upon entering findings, no matching vulns are found.

I suspect this is a pathing issue where vulns.json located in the /assets directory is not being parsed. Also, when attempting to add a custom issue, the add button does not work.

Any suggestions on proper build flags that might fix this? Or is this a deeper JS issue that needs to be fixed?

I also wanted to say that this is great work so far. I've tried many open source vulnerability management projects but I really like this one because of the clean interface and workflow. It's simple, effective and doesn't making documenting issues found a hassle, which too many projects do.

Thanks, and keep up the good work.

Stop working when try upload a file XML from NMAP

I am having a hell of a time installing both with docker-compose and ng. Currently on Ubuntu 22.0.4 but also tried Kali. Any advice for an easier install is appreciated!

ng errors consist of : Error: Can't resolve '~material-design-icons/iconfont/material-icons.css' in '/home and also HookWebpackError: Module build failed (from ./node_modules/css-loader/dist/cjs.js):
Error: Can't resolve '~material-design-icons/iconfont/material-icons.css' in '/home

docker-compose errors:
Step 5/10 : RUN npm i --force
---> Running in 8d0fc96aa30f
npm WARN using --force Recommended protections disabled.
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @angular/[email protected]
npm WARN Found: @angular/[email protected]
npm WARN node_modules/@angular/cdk
npm WARN @angular/cdk@"^15.1.0" from the root project
npm WARN 1 more (@angular/material)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @angular/cdk@"^14.0.0" from @angular/[email protected]
npm WARN node_modules/@angular/flex-layout
npm WARN @angular/flex-layout@"^14.0.0-beta.40" from the root project
npm WARN
npm WARN Conflicting peer dependency: @angular/[email protected]
npm WARN node_modules/@angular/cdk
npm WARN peer @angular/cdk@"^14.0.0" from @angular/[email protected]
npm WARN node_modules/@angular/flex-layout
npm WARN @angular/flex-layout@"^14.0.0-beta.40" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @angular/[email protected]
npm WARN Found: @angular/[email protected]
npm WARN node_modules/@angular/common
npm WARN @angular/common@"^15.1.0" from the root project
npm WARN 7 more (@angular/cdk, @angular/forms, @angular/material, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @angular/common@"^14.0.0" from @angular/[email protected]
npm WARN node_modules/@angular/flex-layout
npm WARN @angular/flex-layout@"^14.0.0-beta.40" from the root project
npm WARN
npm WARN Conflicting peer dependency: @angular/[email protected]
npm WARN node_modules/@angular/common
npm WARN peer @angular/common@"^14.0.0" from @angular/[email protected]
npm WARN node_modules/@angular/flex-layout
npm WARN @angular/flex-layout@"^14.0.0-beta.40" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @angular/[email protected]
npm WARN Found: @angular/[email protected]
npm WARN node_modules/@angular/core
npm WARN @angular/core@"^15.1.0" from the root project
npm WARN 10 more (@angular/animations, @angular/cdk, @angular/common, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @angular/core@"^14.0.0" from @angular/[email protected]
npm WARN node_modules/@angular/flex-layout
npm WARN @angular/flex-layout@"^14.0.0-beta.40" from the root project
npm WARN
npm WARN Conflicting peer dependency: @angular/[email protected]
npm WARN node_modules/@angular/core
npm WARN peer @angular/core@"^14.0.0" from @angular/[email protected]
npm WARN node_modules/@angular/flex-layout
npm WARN @angular/flex-layout@"^14.0.0-beta.40" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @angular/[email protected]
npm WARN Found: @angular/[email protected]
npm WARN node_modules/@angular/platform-browser
npm WARN @angular/platform-browser@"^15.1.0" from the root project
npm WARN 4 more (@angular/forms, @angular/material, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @angular/platform-browser@"^14.0.0" from @angular/[email protected]
npm WARN node_modules/@angular/flex-layout
npm WARN @angular/flex-layout@"^14.0.0-beta.40" from the root project
npm WARN
npm WARN Conflicting peer dependency: @angular/[email protected]
npm WARN node_modules/@angular/platform-browser
npm WARN peer @angular/platform-browser@"^14.0.0" from @angular/[email protected]
npm WARN node_modules/@angular/flex-layout
npm WARN @angular/flex-layout@"^14.0.0-beta.40" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/jasmine-core
npm WARN dev jasmine-core@"~3.7.1" from the root project
npm WARN 1 more (karma-jasmine)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer jasmine-core@">=3.8" from [email protected]
npm WARN node_modules/karma-jasmine-html-reporter
npm WARN dev karma-jasmine-html-reporter@"^1.7.0" from the root project
npm WARN
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/jasmine-core
npm WARN peer jasmine-core@">=3.8" from [email protected]
npm WARN node_modules/karma-jasmine-html-reporter
npm WARN dev karma-jasmine-html-reporter@"^1.7.0" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/rxjs
npm WARN rxjs@"^7.8.0" from the root project
npm WARN 8 more (@angular/cdk, @angular/common, @angular/core, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer rxjs@"^6.3.3" from [email protected]
npm WARN node_modules/ng2-charts
npm WARN ng2-charts@"^2.4.3" from the root project
npm WARN
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/rxjs
npm WARN peer rxjs@"^6.3.3" from [email protected]
npm WARN node_modules/ng2-charts
npm WARN ng2-charts@"^2.4.3" from the root project

./src/styles.scss - Error: Module build failed (from ./node_modules/css-loader/dist/cjs.js):
Error: Can't resolve '~material-design-icons/iconfont/material-icons.css' in '/app/src'

./src/styles.scss?ngGlobalStyle - Error: Module build failed (from ./node_modules/mini-css-extract-plugin/dist/loader.js):
HookWebpackError: Module build failed (from ./node_modules/css-loader/dist/cjs.js):
Error: Can't resolve '~material-design-icons/iconfont/material-icons.css' in '/app/src'

@kac89 Taking a deeper look into the back-end code I was wondering if you would be open to implementing a mongodb hosted somewhere to enter vulnerabilities via that way instead of the vulns.json file? Hence the application can pull from that remote or local mongodb? Leaving room for scalability?

However, this might require an a"Admin" interface to enter vulns from the UI into the database.

Thanks,
Chevon

Hi, there it would be great to add all the OWASP Mobile TOP 10 vulnerability issues to the vulns.json file. If you can create a development branch I can take that on and submit a pull request for it.

https://owasp.org/www-project-mobile-top-10/

I would love to contribute some time to this project. It has a lot of potential.