Assembla home | Assembla project page

My Start Page

Context Navigation

source: trunk/plugins/nikto_report_xml.plugin @ 702

Revision 702, 8.0 KB checked in by sullo, 18 months ago (diff)
Ticket 225: Template variables now have terminating hash to prevent collisions Note: incremented nxmlversion version to 1.2

Line
1	#VERSION,2.05
2	# $Id: nikto_reports.plugin 125 2009-07-20 21:59:00Z deity $
3	###############################################################################
4	# Copyright (C) 2007 CIRT, Inc.
5	#
6	# This program is free software; you can redistribute it and/or
7	# modify it under the terms of the GNU General Public License
8	# as published by the Free Software Foundation; version 2
9	# of the License only.
10	#
11	# This program is distributed in the hope that it will be useful,
12	# but WITHOUT ANY WARRANTY; without even the implied warranty of
13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	# GNU General Public License for more details.
15	#
16	# You should have received a copy of the GNU General Public License
17	# along with this program; if not, write to the Free Software
18	# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19	###############################################################################
20	# PURPOSE:
21	# Reporting
22	###############################################################################
23	sub nikto_report_xml_init {
24	my $id = { name => "report_xml",
25	full_name => "Report as XML",
26	author => "Sullo/Jabra",
27	description => "Produces an XML report.",
28	report_head => \&xml_head,
29	report_host_start => \&xml_host_start,
30	report_host_end => \&xml_host_end,
31	report_item => \&xml_item,
32	report_summary => \&xml_summary,
33	report_close => \&xml_close,
34	report_format => 'xml',
35	copyright => "2008 CIRT Inc."
36	};
37
38	# load up the templates now
39	xml_open_templates();
40	return $id;
41	}
42
43	sub xml_head {
44	my ($file) = @_;
45
46	# Write header for xml file, return file handle
47	open(OUT, ">>$file") \|\| die print STDERR "+ ERROR: Unable to open '$file' for write: $@\n";
48
49	my $xml = xml_change_vars($TEMPLATES{xml_start});
50	$xml =~ s/\#NIKTODTD#/$CONFIGFILE{NIKTODTD}/;
51	print OUT "$xml";
52
53	return OUT;
54	}
55	###############################################################################
56	sub xml_summary {
57	my ($handle, $mark) = @_;
58	my $xml = xml_change_vars($TEMPLATES{'xml_summary'}, $mark);
59	print $handle "$xml\n";
60
61	return;
62	}
63	###############################################################################
64	sub xml_close {
65	my ($handle, $mark) = @_;
66	my $xml = xml_change_vars($TEMPLATES{xml_close}, $mark);
67	print $handle $xml;
68
69	close($handle);
70	return;
71	}
72	###############################################################################
73	sub xml_host_start {
74	my ($handle, $mark) = @_;
75	my $xml = xml_change_vars($TEMPLATES{xml_host_head}, $mark);
76	print $handle "$xml\n";
77
78	return;
79	}
80	###############################################################################
81	sub xml_host_end {
82	my ($handle, $mark) = @_;
83	my $xml = xml_change_vars($TEMPLATES{xml_end}, $mark);
84	print $handle "$xml\n";
85
86	return;
87	}
88	###############################################################################
89	sub xml_item {
90	my ($handle, $mark, $item) = @_;
91	my $xml = xml_change_vars($TEMPLATES{xml_host_item}, $mark, $item);
92	print $handle "$xml\n";
93
94	return;
95	}
96	###############################################################################
97	sub xml_open_templates {
98	foreach my $t (dirlist($CONFIGFILE{TEMPLATEDIR}, "xml.*")) {
99	open(T, "<$CONFIGFILE{TEMPLATEDIR}/$t");
100	my @TEMPLATE = <T>;
101	close(T);
102	my $T = join("", @TEMPLATE);
103	$t =~ s/\..*$//;
104	$TEMPLATES{$t} = $T;
105	}
106
107	return;
108	}
109	###############################################################################
110	sub xml_change_vars {
111	my ($template, $mark, $item) = @_;
112	my %variables;
113	my $protocol = "http";
114	if ($mark->{ssl}) { $protocol .= "s"; }
115
116	$variables{"#TEMPL_HCTR#"} = $VARIABLES{'TEMPL_HCTR'};
117	$variables{"#TEMPL_END#"} = date_disp($mark->{'end_time'});
118	$variables{"#TEMPL_HOSTNAME#"} = hex_enc($mark->{'hostname'});
119	$variables{"#TEMPL_HOST_HEADER#"} = $mark->{'hostname'};
120	if (defined $mark->{vhost}) {
121	$variables{"#TEMPL_HOST_HEADER#"} = $mark->{'vhost'};
122	}
123
124	$variables{"#TEMPL_SSL_INFO#"} = "";
125	if (defined $mark->{'ssl_cipher'}) {
126	$variables{"#TEMPL_SSL_INFO#"} =
127	"<ssl ciphers=\"$mark->{ssl_cipher}\" issuers=\"$mark->{ssl_cert_issuer}\" info=\"$mark->{ssl_cert_subject}\" />";
128	}
129
130	$variables{"#TEMPL_IP#"} = simple_enc($mark->{'ip'});
131	$variables{"#TEMPL_ITEMS_TESTED#"} = $COUNTERS{total_checks};
132	$variables{"#TEMPL_PORT#"} = $mark->{'port'};
133	$variables{"#TEMPL_START#"} = date_disp($mark->{'start_time'});
134	$variables{"#TEMPL_END#"} = date_disp($mark->{'end_time'});
135	$variables{"#TEMPL_NIKTO_VER#"} = $VARIABLES{'version'};
136	$variables{"#TEMPL_BANNER#"} = hex_enc($mark->{'banner'});
137	$variables{"#TEMPL_NIKTO_CLI#"} = $CLI{'all_options'};
138	$variables{"#TEMPL_CTR#"} = $COUNTERS{'total_checks'};
139	$variables{"#TEMPL_NIKTO_HOSTS_TESTED#"} = $COUNTERS{'hosts_completed'};
140	$variables{"#TEMPL_ELAPSED#"} = $mark->{'end_time'} - $mark->{'start_time'};
141	$variables{"#TEMPL_LINK_NAME#"} = "$protocol://$mark->{'hostname'}:$mark->{'port'}";
142	$variables{"#TEMPL_LINK_IP#"} = "$protocol://$mark->{'ip'}:$mark->{'port'}/";
143	$variables{"#TEMPL_ITEMS_FOUND#"} = $mark->{'total_vulns'};
144	$variables{"#TEMPL_SCAN_START#"} = localtime($COUNTERS{'scan_start'});
145	$variables{"#TEMPL_SCAN_END#"} = localtime($COUNTERS{'scan_end'});
146	$variables{"#TEMPL_SCAN_ELAPSED#"} = $COUNTERS{'scan_elapsed'} . " seconds";
147	$variables{"#TEMPL_ERRORS#"} = $mark->{'total_errors'};
148
149	$variables{"#TEMPL_LINK_NAME#"} = "N/A";
150	if ($mark->{hostname} ne "") {
151	$variables{"#TEMPL_LINK_NAME#"} = "$protocol://$mark->{hostname}:$mark->{port}/";
152	}
153
154	# do now in case we return early
155	foreach my $var (keys %variables) {
156	$template =~ s/$var/$variables{$var}/g;
157	}
158
159	if ($item->{'uri'} eq '') { return $template; }
160
161	$variables{"#ID#"} = $item->{'nikto_id'};
162
163	# OSVDB info
164	my $OSVDB = $item->{'osvdb'};
165	if ($OSVDB !~ /\d+/) { $OSVDB = 0; }
166	$OSVDB_LINK = "http://osvdb.org/$OSVDB";
167	$variables{"#TEMPL_OSVDB_LINK#"} = $OSVDB_LINK;
168	$variables{"#TEMPL_OSVDB#"} = $OSVDB;
169
170	# Scanner Messages Handling
171	$variables{"#TEMPL_SMMSG#"} = $item->{'message'};
172
173	# Positives Handling
174	if ($template =~ /\#TEMPL_MSG#/) {
175	$variables{"#TEMPL_URI#"} = simple_enc($item->{'uri'});
176	$variables{"#TEMPL_MSG#"} = $item->{'message'};
177	$variables{"#TEMPL_HTTP_METHOD#"} = $item->{'method'};
178
179	$variables{"#TEMPL_ITEM_IP_LINK#"} =
180	"$protocol://$variables{\"#TEMPL_IP#\"}:$mark->{port}$variables{\"#TEMPL_URI#\"}";
181	$variables{"#TEMPL_ITEM_NAME_LINK#"} = "";
182	if ($mark->{'hostname'} ne "") {
183	$variables{"#TEMPL_ITEM_NAME_LINK#"} =
184	"$protocol://$variables{\"#TEMPL_HOSTNAME#\"}:$mark->{port}$variables{\"#TEMPL_URI#\"}";
185	}
186	}
187
188	foreach my $var (keys %variables) { $template =~ s/$var/$variables{$var}/g; }
189
190	return $template;
191	}
192	###############################################################################
193	sub hex_enc {
194	my $invar = $_[0] \|\| return;
195	my $outvar;
196	foreach my $c (split(//, $invar)) {
197	my $n = ord($c);
198	if (($n > 127) \|\| ($n < 32) \|\| ($n == 38) \|\| ($n == 60) \|\| ($n == 62) \| ($n == 34)) {
199	$outvar .= sprintf '%#x', $n;
200	}
201	else { $outvar .= $c; }
202	}
203	return $outvar;
204	}
205	###############################################################################
206	sub simple_enc {
207	my $var = $_[0] \|\| return;
208	$var =~ s/</</g;
209	$var =~ s/>/>/g;
210	$var =~ s/"/"/g;
211	return $var;
212	}
213
214	sub nikto_reports { } # so core doesn't freak
215
216	1;

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format