minvws · underdarknl · Sep 4, 2024 · Aug 30, 2024 · Sep 2, 2024 · Sep 3, 2024
@@ -1,7 +1,7 @@
 {
   "id": "adr-finding-types",
   "name": "ADR Finding Types",
-  "description": "Hydrate information of ADR finding types",
+  "description": "Hydrate information on API Design Rules (ADR) finding types for common design mistakes.",
   "consumes": [
     "ADRFindingType"
   ],

@@ -1,5 +1,7 @@
 {
   "id": "kat_adr_finding_types_normalize",
+  "name": "API Design Rules (ADR) Finding Types",
+  "description": "Parse API Design Rules (ADR) finding types.",
   "consumes": [
     "boefje/adr-finding-types"
   ],

@@ -1,7 +1,7 @@
 {
   "id": "adr-validator",
   "name": "API Design Rules validator",
-  "description": "Validate if an API conforms to the API Design Rules",
+  "description": "Validate if an API conforms to the API Design Rules (ADR).",
   "consumes": [
     "RESTAPI"
   ],

@@ -1,5 +1,7 @@
 {
   "id": "adr-validator-normalize",
+  "name": "API Design Rules validator",
+  "description": "TODO",
   "consumes": [
     "boefje/adr-validator"
   ],

@@ -1,5 +1,7 @@
 {
   "id": "kat_answer_parser",
+  "name": "Answer Parser",
+  "description": "Parses the answers from Config objects.",
   "consumes": [
     "answer"
   ],

@@ -1,7 +1,7 @@
 {
   "id": "binaryedge",
   "name": "BinaryEdge",
-  "description": "Use BinaryEdge to find open ports with vulnerabilities that are found on that port",
+  "description": "Use BinaryEdge to find open ports with vulnerabilities. Requires a BinaryEdge API key.",
   "consumes": [
     "IPAddressV4",
     "IPAddressV6"

@@ -1,5 +1,6 @@
 {
   "id": "kat_binaryedge_containers",
+  "name": "BinaryEdge containers",
   "consumes": [
     "boefje/binaryedge"
   ],

@@ -1,5 +1,6 @@
 {
   "id": "kat_binaryedge_databases",
+  "name": "BinaryEdge databases",
   "consumes": [
     "boefje/binaryedge"
   ],

@@ -1,5 +1,6 @@
 {
   "id": "kat_binaryedge_http_web",
+  "name": "BinaryEdge Websites",
   "consumes": [
     "boefje/binaryedge"
   ],

@@ -1,5 +1,6 @@
 {
   "id": "kat_binaryedge_message_queues",
+  "name": "BinaryEdge message queues",
   "consumes": [
     "boefje/binaryedge"
   ],

@@ -1,5 +1,6 @@
 {
   "id": "kat_binaryedge_protocols",
+  "name": "BinaryEdge protocols",
   "consumes": [
     "boefje/binaryedge"
   ],

@@ -1,5 +1,6 @@
 {
   "id": "kat_binaryedge_remote_desktop",
+  "name": "Binary Edge remote desktop",
   "consumes": [
     "boefje/binaryedge"
   ],

@@ -1,5 +1,6 @@
 {
   "id": "kat_binaryedge_service_identification",
+  "name": "BinaryEdge service identification",
   "consumes": [
     "boefje/binaryedge"
   ],

@@ -1,5 +1,6 @@
 {
   "id": "kat_binaryedge_services",
+  "name": "BinaryEdge services",
   "consumes": [
     "boefje/binaryedge"
   ],

@@ -1,7 +1,7 @@
 {
   "id": "kat_burpsuite_normalize",
   "name": "Burpsuite normalizer",
-  "description": "Parses Burpsuite XML output (reports). Check https://docs.openkat.nl on how to create the XML file.",
+  "description": "Parses Burpsuite XML output into findings. Check https://docs.openkat.nl/manual/normalizers.html#burp-suite on how to create the XML file.",
   "consumes": [
     "xml/burp-export"
   ],

@@ -1,5 +1,7 @@
 {
   "id": "calvin-normalize",
+  "name": "Calvin",
+  "description": "Produces applications and incidents for Calvin.",
   "consumes": [
     "boefje/calvin"
   ],

@@ -1,7 +1,7 @@
 {
   "id": "censys",
   "name": "Censys",
-  "description": "Use Censys to discover open ports, services and certificates",
+  "description": "Use Censys to discover open ports, services and certificates. Requires and API key.",
   "consumes": [
     "IPAddressV4",
     "IPAddressV6"

@@ -1,5 +1,6 @@
 {
   "id": "kat_censys_normalize",
+  "name": "Censys",
   "consumes": [
     "boefje/censys"
   ],

@@ -1,7 +1,7 @@
 {
   "id": "certificate-search",
   "name": "CRT",
-  "description": "Certificate search",
+  "description": "Searches for certificates and new hostnames in the transparency logs of crt.sh.",
   "consumes": [
     "DNSZone"
   ],

@@ -1,5 +1,7 @@
 {
   "id": "kat_crt_sh_normalize",
+  "name": "Certificate Transparency logs (crt.sh)",
+  "description": "Parses data from certificate transparency logs (crt.sh) into hostnames and X509 certificates.",
   "consumes": [
     "boefje/certificate-search"
   ],

@@ -1,7 +1,7 @@
 {
   "id": "CVE-2023-34039",
-  "name": "CVE_2023_34039",
-  "description": "Check to see if known keys are usable on VMware CVE-2023-34039",
+  "name": "CVE-2023-34039 - VMware Aria Operations",
+  "description": "Checks if there are static SSH keys present that can be used for remote code execution on VWware Aria Operations (CVE-2023-34039). This vulnerability can be used to bypass SSH authentication and gain access to the Aria Operations for Networks CLI.",
   "consumes": [
     "IPService"
   ],

@@ -1,7 +1,7 @@
 {
   "id": "CVE_2023_35078",
-  "name": "CVE_2023_35078",
-  "description": "Use NFIR script to find CVE-2023-35078",
+  "name": "CVE-2023-35078 - Ivanti EPMM",
+  "description": "Checks websites for the presents of the Ivanti EPMM interface and whether the interface is vulnerable to the remote unauthenticated API access vulnerability (CVE-2023-35078). Script contribution by NFIR.",
   "consumes": [
     "Website"
   ],

@@ -1,5 +1,7 @@
 {
   "id": "kat_CVE_2023_35078_normalize",
+  "name": "CVE-2023-35078 Ivanti EPMM",
+  "description": "Checks if the Ivanti EPMM website is vulnerable to CVE-2023-35078. Produces a finding if it is vulnerable.",
   "consumes": [
     "boefje/CVE_2023_35078"
   ],

@@ -1,9 +1,10 @@
 {
   "id": "kat_cve_2024_6387_normalize",
+  "name": "CVE-2024-6387 OpenSSH",
+  "description": "Checks the service banner for a race condition in OpenSSH server which can result in an unauthenticated remote attacker to trigger that some signals are handled in an unsafe manner (CVE-2024-6387). Requires the Service-Banner-boefje to be enabled.",
   "consumes": [
     "openkat/service-banner"
   ],
-  "description": "Checks service banner for CVE-2024-6387, enable service banner boefje to get the service banner",
   "produces": [
     "Finding",
     "CVEFindingType"

@@ -1,7 +1,7 @@
 {
   "id": "cve-finding-types",
   "name": "CVE Finding Types",
-  "description": "Hydrate information of CVE finding types from the CVE API",
+  "description": "Hydrate information of Common Vulnerabilities and Exposures (CVE) finding types from the CVE API",
   "consumes": [
     "CVEFindingType"
   ],

@@ -1,5 +1,7 @@
 {
   "id": "kat_cve_finding_types_normalize",
+  "name": "CVE finding types",
+  "description": "Parses CVE findings.",
   "consumes": [
     "boefje/cve-finding-types"
   ],

@@ -1,7 +1,7 @@
 {
   "id": "cwe-finding-types",
   "name": "CWE Finding Types",
-  "description": "Hydrate information of CWE finding types",
+  "description": "Hydrate information of Common Weakness Enumeration (CWE) finding types",
   "consumes": [
     "CWEFindingType"
   ],

@@ -1,5 +1,7 @@
 {
   "id": "kat_cwe_finding_types_normalize",
+  "name": "CWE finding",
+  "description": "Parses CWE findings.",
   "consumes": [
     "boefje/cwe-finding-types"
   ],

@@ -1,7 +1,7 @@
 {
   "id": "dicom",
   "name": "DICOM",
-  "description": "Find exposed DICOM servers.",
+  "description": "Find exposed DICOM servers. DICOM servers are used to process medical imaging information.",
   "consumes": [
     "IPAddressV4",
     "IPAddressV6"

@@ -1,5 +1,7 @@
 {
   "id": "kat_dicom_normalize",
+  "name": "DICOM servers",
+  "description": "Parses DICOM output into findings and identified software.",
   "consumes": [
     "boefje/dicom"
   ],

@@ -1,7 +1,7 @@
 {
   "id": "dns-records",
-  "name": "DnsRecords",
-  "description": "Fetch the DNS record(s) of a hostname",
+  "name": "DNS records",
+  "description": "Fetch the DNS record(s) of a hostname.",
   "consumes": [
     "Hostname"
   ],

@@ -1,5 +1,7 @@
 {
   "id": "kat_dns_normalize",
+  "name": "DNS records",
+  "description": "Parses the DNS records.",
   "consumes": [
     "boefje/dns-records"
   ],

@@ -1,6 +1,6 @@
 {
   "id": "dns-zone",
-  "name": "DnsZone",
+  "name": "DNS zone",
   "description": "Fetch the parent DNS zone of a DNS zone",
   "consumes": [
     "DNSZone"

@@ -1,5 +1,7 @@
 {
   "id": "kat_dns_zone_normalize",
+  "name": "DNS zone",
+  "description": "Parses the parent DNS zone into new hostnames and DNS zones.",
   "consumes": [
     "boefje/dns-zone"
   ],

@@ -1,6 +1,6 @@
 {
   "id": "dns-sec",
-  "name": "Dnssec",
+  "name": "DNSSEC",
   "description": "Validates DNSSec of a hostname",
   "consumes": [
     "Hostname"

@@ -1,5 +1,7 @@
 {
   "id": "kat_dnssec_normalize",
+  "name": "DNS records",
+  "description": "Parses DNSSEC data into findings.",
   "consumes": [
     "boefje/dns-sec"
   ],

@@ -1,7 +1,7 @@
 {
   "id": "external_db",
-  "name": "External Database",
-  "description": "Fetch hostnames and IP addresses/netblocks from an external database with API. See `description.md` for more information.",
+  "name": "External database host fetcher",
+  "description": "Fetch hostnames and IP addresses/netblocks from an external database with API. See `description.md` for more information. Useful if you have a large network.",
   "consumes": [
     "Network"
   ],

@@ -1,5 +1,7 @@
 {
   "id": "kat_external_db_normalize",
+  "name": "External database hosts fetcher",
+  "description": "Parse data the fetched host data from the external database into hostnames and IP-addresses.",
   "consumes": [
     "boefje/external_db"
   ],

@@ -1,9 +1,9 @@
 {
   "id": "fierce",
   "name": "Fierce",
-  "description": "Use a Fierce scan to find subdomains (with their ip)",
+  "description": "Perform DNS reconnaissance using Fierce, to help locate non-contiguous IP space and hostnames against specified hostnames. No exploitation is performed.",
   "consumes": [
     "Hostname"
   ],
-  "scan_level": 3
+  "scan_level": 1
 }
@@ -1,5 +1,7 @@
 {
   "id": "kat_fierce_normalize",
+  "name": "Fierce",
+  "description": "Parse the DNS reconnaissance data from Fierce into hostnames and/or IP addresses.",
   "consumes": [
     "boefje/fierce"
   ],

@@ -1,5 +1,6 @@
 {
   "id": "kat_generic_finding_normalize",
+  "name": "Finding types",
   "consumes": [
     "openkat/finding"
   ],

@@ -1,7 +1,7 @@
 {
   "id": "green-hosting",
   "name": "GreenHosting",
-  "description": "Use the Green Web Foundation Partner API to check whether the website is hosted on a green server. Meaning it runs on renewable energy and/or offsets its carbon footprint",
+  "description": "Use the Green Web Foundation Partner API to check whether the website is hosted on a green server. Meaning it runs on renewable energy and/or offsets its carbon footprint. Does not require an API key.",
   "consumes": [
     "Website"
   ],

@@ -1,5 +1,6 @@
 {
   "id": "kat_green_hosting_normalize",
+  "description": "Parses the Green Hosting output into findings.",
   "consumes": [
     "boefje/green-hosting"
   ],