Added 'target' parameter to output.

2146d3ee · Zitnik, Anze · c779c12e · 2146d3ee · 2146d3ee · 2146d3ee
Commit 2146d3ee authored 5 years ago by Zitnik, Anze
--- a/MANIFEST
+++ b/MANIFEST
-VERSION=v1.4.2
+VERSION=v1.4.3
 SERVICE=vat-genscan

--- a/wiser-wcs-reports/nmap.py
+++ b/wiser-wcs-reports/nmap.py
@@ -33,12 +33,14 @@ class WiserNmapVulnerability(WiserVulnerability):
 			               _safe_get(report_port['service'], '@version'), _safe_get(report_port['service'], '@extrainfo'),
 			               _safe_get(report_port['service'], '@ostype'))
 		vuln.desc = re.sub('\\(\\)', '', vuln.desc).strip()
+		vuln.target = address
 		return vuln

 	@staticmethod
 	def from_host(address, state):
 		vuln = WiserNmapVulnerability()
 		vuln.short_desc = "Host %s appears to be %s." % (address, state)
+		vuln.target = address
 		return vuln



--- a/wiser-wcs-reports/w3af.py
+++ b/wiser-wcs-reports/w3af.py
 from wiser import WiserReport, WiserVulnerability
 import re
 from collections import OrderedDict
+from urllib.parse import urlparse


 class WiserW3afVulnerability(WiserVulnerability):
@@ -29,6 +30,14 @@ class WiserW3afVulnerability(WiserVulnerability):
 							self.wascid = re.sub('[\[\]]', '', alert['@id'])
 		self.source_pentest="W3af"
 		self.set_wiser_risk_level()
+		if '@url' in alert and alert['@url'] and alert['@url'] != "None":
+			try:
+				self.target = urlparse(alert['@url']).netloc
+				if len(self.target.split(':')) > 1:
+					self.target = self.target.split(':')[0]
+			except:
+				pass
+

 	def set_wiser_risk_level(self):
 		if self.risk_level == "Information":

--- a/wiser-wcs-reports/wiser-wcs.cfg
+++ b/wiser-wcs-reports/wiser-wcs.cfg
 [cscan_config]
-cscan_output=/service/cscan/output
-zap=True
-w3af=True
+cscan_output=/service/cscan/output/
--- a/wiser-wcs-reports/wiser.py
+++ b/wiser-wcs-reports/wiser.py
@@ -28,6 +28,8 @@ class WiserVulnerability(IterMixin):
 	wascid = dict()
 	"""  Source pen_test  """
 	source_pentest = dict()
+	"""  Target IP / domain  """
+	target = dict()

 	def __init__(self):
 		pass

--- a/wiser-wcs-reports/zap.py
+++ b/wiser-wcs-reports/zap.py
 from wiser import WiserReport, WiserVulnerability
 import re
+from urllib.parse import urlparse


 class WiserZapVulnerability(WiserVulnerability):
@@ -21,6 +22,16 @@ class WiserZapVulnerability(WiserVulnerability):
 		if 'wascid' in alert:
 			self.wascid = alert['wascid']['$']
 		self.source_pentest="OWASP ZAP"
+		try:
+			if type(alert['instances']['instance'])==list:
+				t = self._pretty(alert['instances']['instance'][0]['uri']['$'])
+			else:
+				t = self._pretty(alert['instances']['instance']['uri']['$'])
+			self.target = urlparse(t).netloc
+			if len(self.target.split(':')) > 1:
+				self.target = self.target.split(':')[0]
+		except:
+			pass
 		self.set_wiser_risk_level()

 	def set_wiser_risk_level(self):