XML Report support

core/reports.py

@@ -1,5 +1,6 @@
 import csv
 import jinja2
+import xml.etree.ElementTree as xml
 
 from core.redis import rds
 from core.utils import Utils
@@ -28,7 +29,6 @@ def generate_csv(data):
 
   return filename
 
-
 def generate_html(vulns, conf):
   vuln_count = {0:0, 1:0, 2:0, 3:0, 4:0}
   filename = 'report-{}-{}.html'.format(utils.generate_uuid(), utils.get_date())
@@ -56,7 +56,6 @@ def generate_html(vulns, conf):
 
   return filename
 
-
 def generate_txt(vulns):
   filename = 'report-{}-{}.txt'.format(utils.generate_uuid(), utils.get_date())
   data = ''
@@ -71,4 +70,41 @@ def generate_txt(vulns):
 
   return filename
 
-
+def generate_xml(vulns):
+  filename = 'report-{}-{}.xml'.format(utils.generate_uuid(), utils.get_date())
+  root = xml.Element("Vulnerabilities")
+  for key, value in vulns.items():
+    vuln_element = xml.Element(key)
+    root.append(vuln_element)
+
+    ip = xml.SubElement(vuln_element, "ip")
+    ip.text =  value['ip']
+
+    port = xml.SubElement(vuln_element, "port")
+    port.text = str(value['port'])
+
+    domain = xml.SubElement(vuln_element, "domain")
+    domain.text = value['domain']
+
+    sev = xml.SubElement(vuln_element, "severity")
+    sev.text = utils.sev_to_human(value['rule_sev'])
+
+    description = xml.SubElement(vuln_element, "description")
+    description.text = value['rule_desc']
+
+
+    confirm = xml.SubElement(vuln_element, "confirm")
+    confirm.text = value['rule_confirm']
+
+    details = xml.SubElement(vuln_element, "details")
+    details.text = value['rule_details']
+
+    mitigation = xml.SubElement(vuln_element, "mitigation")
+    mitigation.text = value['rule_mitigation']
+
+  data = xml.tostring(root)
+  f = open('reports/' + filename, "w")
+  f.write(data.decode('utf-8'))
+  f.close()
+
+  return filename

templates/documentation.html

@@ -265,7 +265,8 @@ <h4 id="reports">Reports</h4>
                           <li>TXT</li>
                           <li>CSV</li>
                         </ul>
-                        If you want to obtain the results of your assessment via the API, use the endpoint <a href="http://127.0.0.1:8080/documentation#get_status">/api/scan/status</a>
+                        <p>All the reports are saved on disk at <b>/opt/nerve/reports</b> if you need to go back in time and fetch historical reports.</p>
+                        <p>If you want to obtain the results of your assessment via the API, use the endpoint <a href="http://127.0.0.1:8080/documentation#get_status">/api/scan/status</a></p>
 
                         <hr>
                         <h4 id="notifications">Notifications</h4>

templates/reports.html

@@ -62,35 +62,42 @@
                     <div class="page-title">
                         <h3>Reports</h3>
                     </div>
+                    <p><medium>Below you can download your latest assessment report in various formats.</medium></p>
                     <div class="row">
-                      <div class="col-md-4">
+                      <div class="col-md-3">
+
                         <div class="card">
                             <div class="card-header"><b>Detailed Report (HTML)</b></div>
                             <div class="card-body">
-                                <p class="card-title">Report for the auditors</p>
                                 <center><a href="/download/report_html"><img src="static/img/report.png" width="150px" height="150px"/></a></center>
                             </div>
 
                         </div>
                     </div>
-                    <div class="col-md-4">
+                    <div class="col-md-3">
                         <div class="card">
                             <div class="card-header"><b>Raw Report (TXT)</b></div>
                             <div class="card-body">
-                                <p class="card-title">Report for the minimalists </p>
                                 <center><a href="/download/report_txt"><img src="static/img/report_txt.png" width="150px" height="150px"/></a></center>
                             </div>  
                         </div>
                     </div>
-                    <div class="col-md-4">
+                    <div class="col-md-3">
                       <div class="card">
                           <div class="card-header"><b>Raw Report (CSV)</b></div>
                           <div class="card-body">
-                              <p class="card-title">Report for the nerds</p>
                               <center><a href="/download/report_csv"><img src="static/img/report_csv.png" width="150px" height="150px"/></a></center>
                           </div>
                       </div>
                   </div>  
+                  <div class="col-md-3">
+                    <div class="card">
+                        <div class="card-header"><b>Raw Report (XML)</b></div>
+                        <div class="card-body">
+                            <center><a href="/download/report_xml"><img src="static/img/report_xml.png" width="150px" height="150px"/></a></center>
+                        </div>
+                    </div>
+                </div>  
                 </div>
                 </div>
             </div>

views/view_download.py

@@ -6,7 +6,8 @@
 from core.reports import (
   generate_html, 
   generate_csv, 
-  generate_txt
+  generate_txt,
+  generate_xml
 )
 
 from flask import (
@@ -62,3 +63,11 @@ def view_download(file):
                                       as_attachment=True,
                                       cache_timeout=0)
       return response
+
+    elif file == 'report_xml':
+      report_file = generate_xml(data)
+      response = send_from_directory(directory='reports', 
+                                      filename=report_file,
+                                      as_attachment=True,
+                                      cache_timeout=0)
+      return response