diff --git a/core/reports.py b/core/reports.py index e59d6c1..01c4d14 100644 --- a/core/reports.py +++ b/core/reports.py @@ -1,5 +1,6 @@ import csv import jinja2 +import xml.etree.ElementTree as xml from core.redis import rds from core.utils import Utils @@ -28,7 +29,6 @@ def generate_csv(data): return filename - def generate_html(vulns, conf): vuln_count = {0:0, 1:0, 2:0, 3:0, 4:0} filename = 'report-{}-{}.html'.format(utils.generate_uuid(), utils.get_date()) @@ -56,7 +56,6 @@ def generate_html(vulns, conf): return filename - def generate_txt(vulns): filename = 'report-{}-{}.txt'.format(utils.generate_uuid(), utils.get_date()) data = '' @@ -71,4 +70,41 @@ def generate_txt(vulns): return filename - \ No newline at end of file +def generate_xml(vulns): + filename = 'report-{}-{}.xml'.format(utils.generate_uuid(), utils.get_date()) + root = xml.Element("Vulnerabilities") + for key, value in vulns.items(): + vuln_element = xml.Element(key) + root.append(vuln_element) + + ip = xml.SubElement(vuln_element, "ip") + ip.text = value['ip'] + + port = xml.SubElement(vuln_element, "port") + port.text = str(value['port']) + + domain = xml.SubElement(vuln_element, "domain") + domain.text = value['domain'] + + sev = xml.SubElement(vuln_element, "severity") + sev.text = utils.sev_to_human(value['rule_sev']) + + description = xml.SubElement(vuln_element, "description") + description.text = value['rule_desc'] + + + confirm = xml.SubElement(vuln_element, "confirm") + confirm.text = value['rule_confirm'] + + details = xml.SubElement(vuln_element, "details") + details.text = value['rule_details'] + + mitigation = xml.SubElement(vuln_element, "mitigation") + mitigation.text = value['rule_mitigation'] + + data = xml.tostring(root) + f = open('reports/' + filename, "w") + f.write(data.decode('utf-8')) + f.close() + + return filename \ No newline at end of file diff --git a/static/img/report_xml.png b/static/img/report_xml.png new file mode 100644 index 0000000..cd503b0 Binary files /dev/null and b/static/img/report_xml.png differ diff --git a/templates/documentation.html b/templates/documentation.html index 0835a6e..6d2b121 100644 --- a/templates/documentation.html +++ b/templates/documentation.html @@ -265,7 +265,8 @@

Reports

  • TXT
  • CSV
    • - If you want to obtain the results of your assessment via the API, use the endpoint /api/scan/status +

    All the reports are saved on disk at /opt/nerve/reports if you need to go back in time and fetch historical reports.

    +

    If you want to obtain the results of your assessment via the API, use the endpoint /api/scan/status

    Notifications

    diff --git a/templates/reports.html b/templates/reports.html index 2881e72..a917115 100644 --- a/templates/reports.html +++ b/templates/reports.html @@ -62,35 +62,42 @@

    Reports

    +

    Below you can download your latest assessment report in various formats.

    -
    +
    +
    Detailed Report (HTML)
    -

    Report for the auditors

    -
    +
    Raw Report (TXT)
    -

    Report for the minimalists

    -
    +
    Raw Report (CSV)
    -

    Report for the nerds

    +
    +
    +
    Raw Report (XML)
    +
    +
    +
    +
    +
    diff --git a/views/view_download.py b/views/view_download.py index b402c6c..b3d3d7f 100644 --- a/views/view_download.py +++ b/views/view_download.py @@ -6,7 +6,8 @@ from core.reports import ( generate_html, generate_csv, - generate_txt + generate_txt, + generate_xml ) from flask import ( @@ -62,3 +63,11 @@ def view_download(file): as_attachment=True, cache_timeout=0) return response + + elif file == 'report_xml': + report_file = generate_xml(data) + response = send_from_directory(directory='reports', + filename=report_file, + as_attachment=True, + cache_timeout=0) + return response