def parseOutputString(self, output):
parser = WebInspectParser(output)
vulns = parser.parse()
for vuln in vulns:
host_id = self.createAndAddHost(vuln.get("Host").get("name"))
service_id = self.createAndAddServiceToHost(
host_id,
vuln.get("Service").get("name"),
protocol=vuln.get("Service").get("name"),
ports=[vuln.get("Service").get("port")])
self.createAndAddVulnWebToService(
host_id,
service_id,
vuln.get("Vuln").get("name"),
website=get_vulnweb_url_fields(
vuln.get("Vuln").get("website")).get("website"),
path=get_vulnweb_url_fields(
vuln.get("Vuln").get("website")).get("path"),
query=get_vulnweb_url_fields(
vuln.get("Vuln").get("website")).get("query"),
method=vuln.get("Vuln").get("method"),
request=vuln.get("Vuln").get("request"),
ref=list(filter(None,
vuln.get("Vuln").get("reference"))),
response=vuln.get("Vuln").get("response"),
desc=cleanhtml(vuln.get("Vuln").get("description")),
resolution=cleanhtml(vuln.get("Vuln").get("resolution")),
severity=parser.parse_severity(
vuln.get("Vuln").get("severity")))
def parseOutputString(self, output):
"""
This method will discard the output the shell sends, it will read it from
the xml where it expects it to be present.
NOTE: if 'debug' is true then it is being run from a test case and the
output being sent is valid.
"""
parser = NiktoXmlParser(output)
for host in parser.hosts:
h_id = self.createAndAddHost(host.targetip,
hostnames=[host.targethostname])
s_id = self.createAndAddServiceToHost(h_id,
"http",
"tcp",
ports=[host.port],
status="open")
for item in host.items:
self.createAndAddVulnWebToService(
h_id,
s_id,
name=item.desc,
ref=item.osvdbid,
method=item.method,
params=', '.join(item.params),
**plugins_utils.get_vulnweb_url_fields(item.namelink))
del parser
def parse_found_url(self, base_url, h_id, s_id, item):
if self.should_ignore_403 and item['status'] == 403:
return
url = urlparse.urlsplit(urlparse.urljoin(base_url, item['path']))
response = "HTTP/1.1 {} {}\nContent-Length: {}".format(
item['status'], status_codes.get(item['status'], 'unknown'),
item['content-length'])
redirect = item.get('redirect')
if redirect is not None:
response += '\nLocation: {}'.format(redirect)
self.createAndAddVulnWebToService(
h_id,
s_id,
name='Path found: {} ({})'.format(item['path'], item['status']),
desc="Dirsearch tool found the following URL: {}".format(
url.geturl()),
severity="info",
method='GET',
response=response,
**get_vulnweb_url_fields(url.geturl()))