From 2146d3ee73b95e29b8d8a364a1d56d261ffa8aeb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?An=C5=BEe=20=C5=BDitnik?= <anze.zitnik@xlab.si> Date: Tue, 28 Apr 2020 22:22:52 +0200 Subject: [PATCH] Added 'target' parameter to output. --- MANIFEST | 2 +- wiser-wcs-reports/nmap.py | 2 ++ wiser-wcs-reports/w3af.py | 9 +++++++++ wiser-wcs-reports/wiser-wcs.cfg | 4 +--- wiser-wcs-reports/wiser.py | 2 ++ wiser-wcs-reports/zap.py | 11 +++++++++++ 6 files changed, 26 insertions(+), 4 deletions(-) diff --git a/MANIFEST b/MANIFEST index dbab44d..d6cae1d 100644 --- a/MANIFEST +++ b/MANIFEST @@ -1,3 +1,3 @@ -VERSION=v1.4.2 +VERSION=v1.4.3 SERVICE=vat-genscan diff --git a/wiser-wcs-reports/nmap.py b/wiser-wcs-reports/nmap.py index 690c3bb..e3d97f3 100644 --- a/wiser-wcs-reports/nmap.py +++ b/wiser-wcs-reports/nmap.py @@ -33,12 +33,14 @@ class WiserNmapVulnerability(WiserVulnerability): _safe_get(report_port['service'], '@version'), _safe_get(report_port['service'], '@extrainfo'), _safe_get(report_port['service'], '@ostype')) vuln.desc = re.sub('\\(\\)', '', vuln.desc).strip() + vuln.target = address return vuln @staticmethod def from_host(address, state): vuln = WiserNmapVulnerability() vuln.short_desc = "Host %s appears to be %s." % (address, state) + vuln.target = address return vuln diff --git a/wiser-wcs-reports/w3af.py b/wiser-wcs-reports/w3af.py index 19dce38..dec7d1a 100644 --- a/wiser-wcs-reports/w3af.py +++ b/wiser-wcs-reports/w3af.py @@ -1,6 +1,7 @@ from wiser import WiserReport, WiserVulnerability import re from collections import OrderedDict +from urllib.parse import urlparse class WiserW3afVulnerability(WiserVulnerability): @@ -29,6 +30,14 @@ class WiserW3afVulnerability(WiserVulnerability): self.wascid = re.sub('[\[\]]', '', alert['@id']) self.source_pentest="W3af" self.set_wiser_risk_level() + if '@url' in alert and alert['@url'] and alert['@url'] != "None": + try: + self.target = urlparse(alert['@url']).netloc + if len(self.target.split(':')) > 1: + self.target = self.target.split(':')[0] + except: + pass + def set_wiser_risk_level(self): if self.risk_level == "Information": diff --git a/wiser-wcs-reports/wiser-wcs.cfg b/wiser-wcs-reports/wiser-wcs.cfg index 3ca62f0..62428c6 100644 --- a/wiser-wcs-reports/wiser-wcs.cfg +++ b/wiser-wcs-reports/wiser-wcs.cfg @@ -1,4 +1,2 @@ [cscan_config] -cscan_output=/service/cscan/output -zap=True -w3af=True +cscan_output=/service/cscan/output/ diff --git a/wiser-wcs-reports/wiser.py b/wiser-wcs-reports/wiser.py index 02ae024..9562831 100644 --- a/wiser-wcs-reports/wiser.py +++ b/wiser-wcs-reports/wiser.py @@ -28,6 +28,8 @@ class WiserVulnerability(IterMixin): wascid = dict() """ Source pen_test """ source_pentest = dict() + """ Target IP / domain """ + target = dict() def __init__(self): pass diff --git a/wiser-wcs-reports/zap.py b/wiser-wcs-reports/zap.py index 32e23f1..f3e9418 100644 --- a/wiser-wcs-reports/zap.py +++ b/wiser-wcs-reports/zap.py @@ -1,5 +1,6 @@ from wiser import WiserReport, WiserVulnerability import re +from urllib.parse import urlparse class WiserZapVulnerability(WiserVulnerability): @@ -21,6 +22,16 @@ class WiserZapVulnerability(WiserVulnerability): if 'wascid' in alert: self.wascid = alert['wascid']['$'] self.source_pentest="OWASP ZAP" + try: + if type(alert['instances']['instance'])==list: + t = self._pretty(alert['instances']['instance'][0]['uri']['$']) + else: + t = self._pretty(alert['instances']['instance']['uri']['$']) + self.target = urlparse(t).netloc + if len(self.target.split(':')) > 1: + self.target = self.target.split(':')[0] + except: + pass self.set_wiser_risk_level() def set_wiser_risk_level(self): -- GitLab