Assembla home | Assembla project page

My Start Page

Context Navigation

source: trunk/plugins/nikto_report_html.plugin @ 702

Revision 702, 8.0 KB checked in by sullo, 18 months ago (diff)
Ticket 225: Template variables now have terminating hash to prevent collisions Note: incremented nxmlversion version to 1.2

Line
1	#VERSION,2.05
2	# $Id: nikto_reports.plugin 125 2009-07-20 21:59:00Z deity $
3	###############################################################################
4	# Copyright (C) 2007 CIRT, Inc.
5	#
6	# This program is free software; you can redistribute it and/or
7	# modify it under the terms of the GNU General Public License
8	# as published by the Free Software Foundation; version 2
9	# of the License only.
10	#
11	# This program is distributed in the hope that it will be useful,
12	# but WITHOUT ANY WARRANTY; without even the implied warranty of
13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	# GNU General Public License for more details.
15	#
16	# You should have received a copy of the GNU General Public License
17	# along with this program; if not, write to the Free Software
18	# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19	###############################################################################
20	# PURPOSE:
21	# Reporting
22	###############################################################################
23	sub nikto_report_html_init {
24	my $id = { name => "report_html",
25	full_name => "Report as HTML",
26	author => "Sullo/Jabra",
27	description => "Produces an HTML report.",
28	report_head => \&html_head,
29	report_summary => \&html_summary,
30	report_host_start => \&html_host_start,
31	report_host_end => \&html_host_end,
32	report_item => \&html_item,
33	report_close => \&html_close,
34	report_format => 'htm',
35	copyright => "2008 CIRT Inc."
36	};
37
38	# load up the templates now
39	html_open_templates();
40	return $id;
41	}
42	###############################################################################
43	sub html_head {
44	my ($file) = @_;
45
46	# Write header for html file, return file handle
47	open(OUT, ">>$file") \|\| die print STDERR "+ ERROR: Unable to open '$file' for write: $@\n";
48
49	my $html = html_change_vars($TEMPLATES{'htm_start'});
50	$html =~ s/\#NIKTODTD#/$CONFIGFILE{'NIKTODTD'}/;
51	print OUT "$html";
52
53	return OUT;
54	}
55	###############################################################################
56	sub html_close {
57	my ($handle, $mark) = @_;
58	my $html = html_change_vars($TEMPLATES{'htm_close'}, $mark);
59	print $handle "$html\n";
60
61	close($handle);
62	return;
63	}
64	###############################################################################
65	sub html_summary {
66	my ($handle, $mark) = @_;
67	my $html = html_change_vars($TEMPLATES{'htm_summary'}, $mark);
68	print $handle $html;
69
70	return;
71	}
72	###############################################################################
73	sub html_host_start {
74	my ($handle, $mark) = @_;
75	my $html = html_change_vars($TEMPLATES{'htm_host_head'}, $mark);
76	print $handle "$html\n";
77
78	return;
79	}
80	###############################################################################
81	sub html_host_end {
82	my ($handle, $mark) = @_;
83	my $html = html_change_vars($TEMPLATES{'htm_end'}, $mark);
84	print $handle "$html\n";
85
86	return;
87	}
88	###############################################################################
89	sub html_item {
90	my ($handle, $mark, $item) = @_;
91	my $html = html_change_vars($TEMPLATES{'htm_host_item'}, $mark, $item);
92	print $handle "$html\n";
93
94	return;
95	}
96	###############################################################################
97	sub html_open_templates {
98	foreach my $t (dirlist($CONFIGFILE{'TEMPLATEDIR'}, "htm.*")) {
99	open(T, "<$CONFIGFILE{'TEMPLATEDIR'}/$t");
100	my @TEMPLATE = <T>;
101	close(T);
102	my $T = join("", @TEMPLATE);
103	$t =~ s/\..*$//;
104	$TEMPLATES{$t} = $T;
105	}
106
107	return;
108	}
109	###############################################################################
110	sub html_change_vars {
111	my ($template, $mark, $item) = @_;
112	my %variables;
113	my $protocol = "http";
114	if ($mark->{'ssl'}) { $protocol .= "s"; }
115
116	$variables{"#TEMPL_HCTR#"} = $VARIABLES{'TEMPL_HCTR'};
117	$variables{"#TEMPL_END#"} = date_disp($mark->{'end_time'});
118	$variables{"#TEMPL_HOSTNAME#"} = simple_enc($mark->{'hostname'});
119	$variables{"#TEMPL_HOST_HEADER#"} = $mark->{'hostname'};
120	if (defined $mark->{'vhost'}) {
121	$variables{"#TEMPL_HOST_HEADER#"} = $mark->{'vhost'};
122	}
123	$variables{"#TEMPL_IP#"} = simple_enc($mark->{'ip'});
124	$variables{"#TEMPL_ITEMS_TESTED#"} = $COUNTERS{'total_checks'};
125	$variables{"#TEMPL_PORT#"} = $mark->{'port'};
126	$variables{"#TEMPL_NIKTO_VER#"} = $VARIABLES{'version'};
127	$variables{"#TEMPL_BANNER#"} = simple_enc($mark->{'banner'});
128	$variables{"#TEMPL_NIKTO_CLI#"} = $CLI{'all_options'};
129	$variables{"#TEMPL_CTR#"} = $COUNTERS{'total_checks'};
130	$variables{"#TEMPL_NIKTO_HOSTS_TESTED#"} = $COUNTERS{'hosts_completed'};
131	$variables{"#TEMPL_LINK_NAME#"} = "$protocol://$mark->{'hostname'}:$mark->{'port'}";
132	$variables{"#TEMPL_LINK_IP#"} = "$protocol://$mark->{'ip'}:$mark->{'port'}/";
133	$variables{"#TEMPL_ITEMS_FOUND#"} = $mark->{'total_vulns'};
134	$variables{"#TEMPL_SCAN_START#"} = localtime($COUNTERS{'scan_start'});
135	$variables{"#TEMPL_SCAN_END#"} = localtime($COUNTERS{'scan_end'});
136	$variables{"#TEMPL_SCAN_ELAPSED#"} = $COUNTERS{'scan_elapsed'} . " seconds";
137	$variables{"#TEMPL_STATISTICS#"} = "$COUNTERS{'total_checks'} items checked, $mark->{'total_errors'} errors, $mark->{'total_vulns'} findings";
138	$variables{"#TEMPL_START#"} = date_disp($mark->{'start_time'});
139	$variables{"#TEMPL_ELAPSED#"} = $mark->{'end_time'} - $mark->{'start_time'};
140
141	$variables{"#TEMPL_LINK_NAME#"} = "N/A";
142	if ($mark->{'hostname'} ne "") {
143	$variables{"#TEMPL_LINK_NAME#"} = "$protocol://$mark->{'hostname'}:$mark->{'port'}/";
144	}
145
146	# do now in case we return early
147	foreach my $var (keys %variables) {
148	$template =~ s/$var/$variables{$var}/g;
149	}
150
151	if ($item->{'uri'} eq '') { return $template }
152
153	$variables{"#ID#"} = $item->{'nikto_id'};
154
155	# OSVDB info
156	my $OSVDB = $item->{'osvdb'};
157	if ($OSVDB !~ /\d+/) { $OSVDB = 0; }
158	$OSVDB_LINK = "http://osvdb.org/$OSVDB";
159	$variables{"#TEMPL_OSVDB_LINK#"} = $OSVDB_LINK;
160	$variables{"#TEMPL_OSVDB#"} = $OSVDB;
161
162	# Scanner Messages Handling
163	$variables{"#TEMPL_SMMSG#"} = $item->{'message'};
164
165	# Positives Handling
166	if ($template =~ /\#TEMPL_MSG#/) {
167	my $msg = simple_enc($item->{'message'});
168
169	# Message & handling for customized html output
170	# 740000 = multiple index files -- linkify file names
171	if ($item->{'nikto_id'} == 740000) {
172	$item->{'message'} =~ /^(.: )(.)$/;
173	$msg = $1;
174	my @links;
175	foreach my $f (parse_csv($2)) { #@files) {
176	$f =~ s/\s//g;
177	next if $f eq '';
178	push(@links,
179	"<a href=\"$protocol://$mark->{'display_name'}:$mark->{'port'}/$f\">$f</a>");
180	}
181	$msg .= join(", ", @links);
182	}
183
184	$variables{"#TEMPL_URI#"} = simple_enc($item->{'uri'});
185	$variables{"#TEMPL_MSG#"} = $msg;
186	$variables{"#TEMPL_HTTP_METHOD#"} = $item->{'method'};
187	$variables{"#TEMPL_ITEM_IP_LINK#"} =
188	"$protocol://$variables{\"#TEMPL_IP#\"}:$mark->{'port'}$variables{\"#TEMPL_URI#\"}";
189	$variables{"#TEMPL_ITEM_NAME_LINK#"} = "";
190	if ($mark->{'hostname'} ne "") {
191	$variables{"#TEMPL_ITEM_NAME_LINK#"} =
192	"$protocol://$variables{\"#TEMPL_HOSTNAME#\"}:$mark->{'port'}$variables{\"#TEMPL_URI#\"}";
193	}
194
195	}
196
197	foreach my $var (keys %variables) {
198	$template =~ s/$var/$variables{$var}/g;
199	}
200
201	return $template;
202	}
203	###############################################################################
204	sub simple_enc {
205	my $var = $_[0] \|\| return;
206	$var =~ s/</</g;
207	$var =~ s/>/>/g;
208	$var =~ s/"/"/g;
209	return $var;
210	}
211
212	1;

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format