From 2146d3ee73b95e29b8d8a364a1d56d261ffa8aeb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?An=C5=BEe=20=C5=BDitnik?= <anze.zitnik@xlab.si>
Date: Tue, 28 Apr 2020 22:22:52 +0200
Subject: [PATCH] Added 'target' parameter to output.

---
 MANIFEST                        |  2 +-
 wiser-wcs-reports/nmap.py       |  2 ++
 wiser-wcs-reports/w3af.py       |  9 +++++++++
 wiser-wcs-reports/wiser-wcs.cfg |  4 +---
 wiser-wcs-reports/wiser.py      |  2 ++
 wiser-wcs-reports/zap.py        | 11 +++++++++++
 6 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/MANIFEST b/MANIFEST
index dbab44d..d6cae1d 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -1,3 +1,3 @@
-VERSION=v1.4.2
+VERSION=v1.4.3
 SERVICE=vat-genscan
 
diff --git a/wiser-wcs-reports/nmap.py b/wiser-wcs-reports/nmap.py
index 690c3bb..e3d97f3 100644
--- a/wiser-wcs-reports/nmap.py
+++ b/wiser-wcs-reports/nmap.py
@@ -33,12 +33,14 @@ class WiserNmapVulnerability(WiserVulnerability):
 			               _safe_get(report_port['service'], '@version'), _safe_get(report_port['service'], '@extrainfo'),
 			               _safe_get(report_port['service'], '@ostype'))
 		vuln.desc = re.sub('\\(\\)', '', vuln.desc).strip()
+		vuln.target = address
 		return vuln
 
 	@staticmethod
 	def from_host(address, state):
 		vuln = WiserNmapVulnerability()
 		vuln.short_desc = "Host %s appears to be %s." % (address, state)
+		vuln.target = address
 		return vuln
 
 
diff --git a/wiser-wcs-reports/w3af.py b/wiser-wcs-reports/w3af.py
index 19dce38..dec7d1a 100644
--- a/wiser-wcs-reports/w3af.py
+++ b/wiser-wcs-reports/w3af.py
@@ -1,6 +1,7 @@
 from wiser import WiserReport, WiserVulnerability
 import re
 from collections import OrderedDict
+from urllib.parse import urlparse
 
 
 class WiserW3afVulnerability(WiserVulnerability):
@@ -29,6 +30,14 @@ class WiserW3afVulnerability(WiserVulnerability):
 							self.wascid = re.sub('[\[\]]', '', alert['@id'])
 		self.source_pentest="W3af"
 		self.set_wiser_risk_level()
+		if '@url' in alert and alert['@url'] and alert['@url'] != "None":
+			try:
+				self.target = urlparse(alert['@url']).netloc
+				if len(self.target.split(':')) > 1:
+					self.target = self.target.split(':')[0]
+			except:
+				pass
+
 
 	def set_wiser_risk_level(self):
 		if self.risk_level == "Information":
diff --git a/wiser-wcs-reports/wiser-wcs.cfg b/wiser-wcs-reports/wiser-wcs.cfg
index 3ca62f0..62428c6 100644
--- a/wiser-wcs-reports/wiser-wcs.cfg
+++ b/wiser-wcs-reports/wiser-wcs.cfg
@@ -1,4 +1,2 @@
 [cscan_config]
-cscan_output=/service/cscan/output
-zap=True
-w3af=True
+cscan_output=/service/cscan/output/
diff --git a/wiser-wcs-reports/wiser.py b/wiser-wcs-reports/wiser.py
index 02ae024..9562831 100644
--- a/wiser-wcs-reports/wiser.py
+++ b/wiser-wcs-reports/wiser.py
@@ -28,6 +28,8 @@ class WiserVulnerability(IterMixin):
 	wascid = dict()
 	"""  Source pen_test  """
 	source_pentest = dict()
+	"""  Target IP / domain  """
+	target = dict()
 
 	def __init__(self):
 		pass
diff --git a/wiser-wcs-reports/zap.py b/wiser-wcs-reports/zap.py
index 32e23f1..f3e9418 100644
--- a/wiser-wcs-reports/zap.py
+++ b/wiser-wcs-reports/zap.py
@@ -1,5 +1,6 @@
 from wiser import WiserReport, WiserVulnerability
 import re
+from urllib.parse import urlparse
 
 
 class WiserZapVulnerability(WiserVulnerability):
@@ -21,6 +22,16 @@ class WiserZapVulnerability(WiserVulnerability):
 		if 'wascid' in alert:
 			self.wascid = alert['wascid']['$']
 		self.source_pentest="OWASP ZAP"
+		try:
+			if type(alert['instances']['instance'])==list:
+				t = self._pretty(alert['instances']['instance'][0]['uri']['$'])
+			else:
+				t = self._pretty(alert['instances']['instance']['uri']['$'])
+			self.target = urlparse(t).netloc
+			if len(self.target.split(':')) > 1:
+				self.target = self.target.split(':')[0]
+		except:
+			pass
 		self.set_wiser_risk_level()
 
 	def set_wiser_risk_level(self):
-- 
GitLab