Assembla home | Assembla project page

My Start Page

Context Navigation

source: trunk/plugins/nikto_report_html.plugin @ 268

Revision 268, 7.9 KB checked in by sullo, 3 years ago (diff)
Removed http_eol global -- it's set in LW automagically Code cleanups

Line
1	#VERSION,2.02
2	# $Id: nikto_reports.plugin 125 2009-07-20 21:59:00Z deity $
3	###############################################################################
4	# Copyright (C) 2007 CIRT, Inc.
5	#
6	# This program is free software; you can redistribute it and/or
7	# modify it under the terms of the GNU General Public License
8	# as published by the Free Software Foundation; version 2
9	# of the License only.
10	#
11	# This program is distributed in the hope that it will be useful,
12	# but WITHOUT ANY WARRANTY; without even the implied warranty of
13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	# GNU General Public License for more details.
15	#
16	# You should have received a copy of the GNU General Public License
17	# along with this program; if not, write to the Free Software
18	# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19	###############################################################################
20	# PURPOSE:
21	# Reporting
22	###############################################################################
23	sub nikto_report_html_init
24	{
25	my $id =
26	{
27	name => "report_html",
28	full_name => "Report as HTML",
29	author => "Sullo/Jabra",
30	description => "Produces an HTML report.",
31	report_head => \&html_head,
32	report_host_start => \&html_host_start,
33	report_host_end => \&html_host_end,
34	report_item => \&html_item,
35	report_close => \&html_close,
36	report_format => 'htm',
37	copyright => "2008 CIRT Inc."
38	};
39	# load up the templates now
40	html_open_templates();
41	return $id;
42	}
43
44	sub html_head
45	{
46	my ($file) = @_;
47	# Write header for html file, return file handle
48	open(OUT, ">>$file") \|\| die print STDERR "+ ERROR: Unable to open '$file' for write: $@\n";
49
50	my $html = html_change_vars($TEMPLATES{htm_start});
51	$html =~ s/\#NIKTODTD/$NIKTOCONFIG{NIKTODTD}/;
52	print OUT "$html";
53
54	return OUT;
55	}
56	###############################################################################
57	sub html_close
58	{
59	my ($handle,$mark) = @_;
60	my $html = html_change_vars($TEMPLATES{htm_close},$mark);
61	print $handle "$html\n";
62
63	close($handle);
64	return;
65	}
66	###############################################################################
67	sub html_host_start
68	{
69	my ($handle, $mark) = @_;
70	my $html = html_change_vars($TEMPLATES{htm_host_head},$mark);
71	print $handle "$html\n";
72
73	return;
74	}
75	###############################################################################
76	sub html_host_end
77	{
78	my ($handle, $mark) = @_;
79	my $html = html_change_vars($TEMPLATES{htm_end},$mark);
80	print $handle "$html\n";
81
82	return;
83	}
84	###############################################################################
85	sub html_item
86	{
87	my ($handle, $mark, $item) = @_;
88	my $html = html_change_vars($TEMPLATES{htm_host_item},$mark,$item);
89	print $handle "$html\n";
90
91	return;
92	}
93	###############################################################################
94	sub html_open_templates
95	{
96	my @ts = dirlist($NIKTOCONFIG{TEMPLATEDIR});
97	my $have_cirt = 0;
98	foreach my $t (@ts)
99	{
100	open(T, "<$NIKTOCONFIG{TEMPLATEDIR}/$t");
101	my @TEMPLATE = <T>;
102	close(T);
103	my $T = join("", @TEMPLATE);
104	$t =~ s/\..*$//;
105
106	# :-)
107	if ($T =~ /\s?20[0-9]{2}\s?CIRT, Inc/i) { $have_cirt = 1; }
108
109	$TEMPLATES{$t} = $T;
110	}
111
112	if (!$have_cirt)
113	{
114	print "\nIt looks like you may have removed the Nikto copyright from the reports. Please remember that this program is copyrighted, takes a lot of work to maintain, and is completely free for non-commercial use.\n\nIf this message has been a mistake, please notify sullo\@cirt.net.\n\n";
115	}
116
117	return;
118	}
119	###############################################################################
120	sub html_change_vars
121	{
122	my ($template, $mark, $item) = @_;
123	my %variables;
124	my $protocol = "http";
125	if ($mark->{ssl}) { $protocol .= "s"; }
126
127	$variables{"#TEMPL_HCTR"} = $NIKTO{TEMPL_HCTR};
128	$variables{"#TEMPL_END"} = date_disp($mark->{end_time});
129	$variables{"#TEMPL_HOSTNAME"} = simple_enc($mark->{hostname});
130	$variables{"#TEMPL_HOST_HEADER"} = $mark->{hostname};
131	if (defined $mark->{vhost})
132	{
133	$variables{"#TEMPL_HOST_HEADER"} = $mark->{vhost};
134	}
135	$variables{"#TEMPL_IP"} = simple_enc($mark->{ip});
136	$variables{"#TEMPL_ITEMS_TESTED"} = $mark->{total_checks};
137	$variables{"#TEMPL_PORT"} = $mark->{port};
138	$variables{"#TEMPL_START"} = date_disp($mark->{start_time});
139	$variables{"#TEMPL_NIKTO_VER"} = $NIKTO{version};
140	$variables{"#TEMPL_BANNER"} = simple_enc($mark->{banner});
141	$variables{"#TEMPL_NIKTO_CLI"} = $CLI{'all_options'};
142	$variables{"#TEMPL_CTR"} = $mark->{total_checks};
143	$variables{"#TEMPL_NIKTO_HOSTS_TESTED"} = $COUNTERS{hosts_total};
144	$variables{"#TEMPL_ELAPSED"} = $mark->{end_time}-$mark->{start_time};
145	$variables{"#TEMPL_LINK_NAME"} = "$protocol://$mark->{hostname}:$mark->{port}";
146	$variables{"#TEMPL_LINK_IP"} = "$protocol://$mark->{ip}:$mark->{port}/";
147	$variables{"#TEMPL_ITEMS_FOUND"} = $mark->{total_vulns};
148
149	$variables{"#TEMPL_LINK_NAME"} = "N/A";
150	if ($mark->{hostname} ne "")
151	{
152	$variables{"#TEMPL_LINK_NAME"} = "$protocol://$mark->{hostname}:$mark->{port}/";
153	}
154
155	foreach my $var (keys %variables)
156	{
157	$template =~ s/$var/$variables{$var}/g;
158	}
159
160	# Scanner Messages Handling
161	if ($template =~ /\#TEMPL_SMMSG/)
162	{
163	my $template_orig = $template;
164	my $template_final = "";
165
166	if ($item->{uri} ne '') { next; }
167	my $OSVDB = $item->{osvdb};
168	if ($OSVDB !~ /\d+/) { $OSVDB = 0; }
169	$OSVDB_LINK = "http://osvdb.org/$OSVDB";
170	$template =~ s/\#TEMPL_SMMSG/$item->{message}/;
171	$template =~ s/\#TEMPL_OSVDB_LINK/$OSVDB_LINK/;
172	$template =~ s/\#TEMPL_OSVDB/$OSVDB/;
173	$template =~ s/\#ID/$item->{nikto_id}/;
174	$template_final .= $template;
175	$template = $template_orig;
176	$template = "$template_final\n";
177	}
178
179	# Positives Handling
180	if ($template =~ /\#TEMPL_MSG/)
181	{
182	my $template_orig = $template;
183	my $template_final = "";
184	if ($item->{uri} eq '') { next; }
185	foreach my $uri (split(' ',$item->{uri}))
186	{
187	$item->{uri} = simple_enc($item->{uri});
188	$variables{"#TEMPL_URI"} = $uri;
189	$variables{"#TEMPL_MSG"} = $item->{message};
190	$variables{"#TEMPL_HTTP_METHOD"} = $item->{method};
191
192	$variables{"#TEMPL_ITEM_IP_LINK"} = "$protocol://$variables{\"#TEMPL_IP\"}:$mark->{port}$variables{\"#TEMPL_URI\"}";
193	$variables{"#TEMPL_ITEM_NAME_LINK"} = "";
194	if ($mark->{hostname} ne "")
195	{
196	$variables{"#TEMPL_ITEM_NAME_LINK"} = "$protocol://$variables{\"#TEMPL_HOSTNAME\"}:$mark->{port}$variables{\"#TEMPL_URI\"}";
197	}
198
199	$OSVDB = "";
200	$OSVDB_LINK = "";
201	foreach my $o (split(/ /, $item->{osvdb}))
202	{
203	if ($o eq "")
204	{
205	$o = "0";
206	}
207
208	$OSVDB .= "$o";
209	$OSVDB_LINK .= "http://osvdb.org/$o";
210	}
211
212	$template =~ s/\#TEMPL_OSVDB_LINK/$OSVDB_LINK/;
213	$template =~ s/\#TEMPL_OSVDB/$OSVDB/;
214	$template =~ s/\#ID/$item->{nikto_id}/;
215
216	foreach my $var (keys %variables) { $template =~ s/$var/$variables{$var}/g; }
217	$template_final .= $template;
218	$template = $template_orig;
219	}
220	$template = "$template_final\n";
221	}
222	return $template;
223	}
224	###############################################################################
225	sub simple_enc
226	{
227	my $var = $_[0] \|\| return;
228	$var =~ s/</</g;
229	$var =~ s/>/>/g;
230	$var =~ s/"/"/g;
231	return $var;
232	}
233
234	sub nikto_reports { } # so core doesn't freak
235
236	1;

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format