From 4c2f88a184c54d4b2850b7e22d9b0e15e107515b Mon Sep 17 00:00:00 2001
From: kazet <krzysztof.zajac@cert.pl>
Date: Mon, 2 Dec 2024 15:11:28 +0100
Subject: [PATCH] WordPress plugin version check, Nuclei translations, Nuclei
 blocklisting (#1423)

---
 artemis/config.py                                             | 3 +++
 artemis/modules/wordpress_plugins.py                          | 1 +
 .../modules/nuclei/translations/nuclei_messages/pl_PL.py      | 4 ++++
 3 files changed, 8 insertions(+)

diff --git a/artemis/config.py b/artemis/config.py
index df58bc666..325fc05be 100644
--- a/artemis/config.py
+++ b/artemis/config.py
@@ -422,6 +422,7 @@ class Nuclei:
                         "http/exposed-panels/pulse-secure-version.yaml",
                         "http/exposed-panels/cisco/cisco-anyconnect-vpn.yaml",
                         "http/exposed-panels/openvpn-connect.yaml",
+                        "http/exposed-panels/ivanti-csa-panel.yaml",
                         "http/exposed-panels/ivanti-connect-secure-panel.yaml",
                         "http/exposed-panels/softether-vpn-panel.yaml",
                         "http/exposed-panels/cas-login.yaml",
@@ -531,6 +532,8 @@ class Nuclei:
                         "http/fuzzing/xff-403-bypass.yaml",
                         # Not that severe to spam people
                         "javascript/cves/2023/CVE-2023-48795.yaml",
+                        # We already check for Gitlab
+                        "http/exposed-panels/ghe-encrypt-saml.yaml",
                     ]
                 ),
                 cast=decouple.Csv(str),
diff --git a/artemis/modules/wordpress_plugins.py b/artemis/modules/wordpress_plugins.py
index 5822d4910..5a0a27c5c 100644
--- a/artemis/modules/wordpress_plugins.py
+++ b/artemis/modules/wordpress_plugins.py
@@ -55,6 +55,7 @@
 ]
 PLUGINS_BAD_VERSION_IN_README = [
     "blocks-animation",
+    "cf7-styler-for-divi",
     "coming-soon",
     "delete-all-comments-of-website",
     "disable-remove-google-fonts",
diff --git a/artemis/reporting/modules/nuclei/translations/nuclei_messages/pl_PL.py b/artemis/reporting/modules/nuclei/translations/nuclei_messages/pl_PL.py
index c47f38fb4..e8e761b6b 100644
--- a/artemis/reporting/modules/nuclei/translations/nuclei_messages/pl_PL.py
+++ b/artemis/reporting/modules/nuclei/translations/nuclei_messages/pl_PL.py
@@ -1547,4 +1547,8 @@
     'Identifies "Logon Error Message" in the SAP Internet Communication Framework which returns a 404 status code.': "Wykryto stronę systemu SAP.",
     "RStudio Sign In panel was detected.": "Wykryto panel logowania RStudio.",
     "Usermin panel was discovered.": "Wykryto panel Usermin.",
+    "VMware Workspace ONE UEM Airwatch Self-Service Portal (SSP) login panel was detected.": "Wykryto panel logowania VMware Workspace ONE UEM Airwatch Self-Service Portal (SSP)",
+    "Cyberpanel login panel was detected.": "Wykryto panel logowania systemu Cyberpanel.",
+    "Thruk Monitoring panel was detected.": "Wykryto panel Thruk Monitoring.",
+    "FreeScout panel was discovered.": "Wykryto panel FreeScout.",
 }