def _init_report(self):
self.report_gen = get_report_generator_instance(self.report_generator_type.lower())
self.report_gen.set_report_info(
self.target_url,
self.target_scope,
gmtime(),
WAPITI_VERSION
)
for vul in vulnerabilities:
self.report_gen.add_vulnerability_type(
vul.NAME,
vul.DESCRIPTION,
vul.SOLUTION,
flatten_references(vul.REFERENCES)
)
for anomaly in anomalies:
self.report_gen.add_anomaly_type(
anomaly.NAME,
anomaly.DESCRIPTION,
anomaly.SOLUTION,
flatten_references(anomaly.REFERENCES)
)
for additional in additionals:
self.report_gen.add_additional_type(
additional.NAME,
additional.DESCRIPTION,
additional.SOLUTION,
flatten_references(additional.REFERENCES)
)
def test_reports():
for report_format, report_class in GENERATORS.items():
report_gen = report_class()
report_gen.set_report_info("http://perdu.com", "folder", gmtime(),
"WAPITI_VERSION")
for vul in vulnerabilities:
report_gen.add_vulnerability_type(
vul.NAME, vul.DESCRIPTION, vul.SOLUTION,
flatten_references(vul.REFERENCES))
for anomaly in anomalies:
report_gen.add_anomaly_type(anomaly.NAME, anomaly.DESCRIPTION,
anomaly.SOLUTION,
flatten_references(anomaly.REFERENCES))
for additional in additionals:
report_gen.add_additional_type(
additional.NAME, additional.DESCRIPTION, additional.SOLUTION,
flatten_references(additional.REFERENCES))
if report_format == "html":
temp_obj = tempfile.TemporaryDirectory()
else:
temp_obj = tempfile.NamedTemporaryFile(delete=False)
output = temp_obj.name
print("Using report type '{}'".format(report_format))
request = Request("http://perdu.com/riri?foo=bar")
report_gen.add_vulnerability(category=_("Cross Site Scripting"),
level=1,
request=request,
parameter="foo",
info="This is dope",
module="xss")
request = Request("http://perdu.com/fifi?foo=bar")
report_gen.add_anomaly(category=_("Internal Server Error"),
level=2,
request=request,
parameter="foo",
info="This is the way",
module="xss")
request = Request("http://perdu.com/?foo=bar")
report_gen.add_additional(category=_("Fingerprint web technology"),
level=3,
request=request,
parameter="foo",
info="loulou",
module="wapp")
report_gen.generate_report(output)
if report_format == "html":
output = report_gen.final_path
with open(output) as fd:
report = fd.read()
assert "riri" in report
assert "fifi" in report
assert "loulou" in report
def test_reports():
for report_format, report_class in GENERATORS.items():
report_gen = report_class()
report_gen.set_report_info(
"http://perdu.com", "folder", gmtime(), "WAPITI_VERSION", {
"method": "post",
"url": "http://testphp.vulnweb.com/login.php",
"logged_in": True,
"form": {
"login_field": "uname",
"password_field": "pass"
}
}, 123456)
for vul in vulnerabilities:
report_gen.add_vulnerability_type(
vul.NAME, vul.DESCRIPTION, vul.SOLUTION,
flatten_references(vul.REFERENCES))
for anomaly in anomalies:
report_gen.add_anomaly_type(anomaly.NAME, anomaly.DESCRIPTION,
anomaly.SOLUTION,
flatten_references(anomaly.REFERENCES))
for additional in additionals:
report_gen.add_additional_type(
additional.NAME, additional.DESCRIPTION, additional.SOLUTION,
flatten_references(additional.REFERENCES))
if report_format == "html":
temp_obj = tempfile.TemporaryDirectory()
else:
temp_obj = tempfile.NamedTemporaryFile(delete=False)
output = temp_obj.name
print("Using report type '{}'".format(report_format))
request = Request("http://perdu.com/riri?foo=bar")
report_gen.add_vulnerability(
category=_("Reflected Cross Site Scripting"),
level=1,
request=request,
parameter="foo",
info="This is dope",
module="xss")
request = Request("http://perdu.com/fifi?foo=bar")
report_gen.add_anomaly(category=_("Internal Server Error"),
level=2,
request=request,
parameter="foo",
info="This is the way",
module="xss")
request = Request("http://perdu.com/?foo=bar")
report_gen.add_additional(category=_("Fingerprint web technology"),
level=3,
request=request,
parameter="foo",
info="loulou",
module="wapp")
report_gen.generate_report(output)
if report_format == "html":
output = report_gen.final_path
with open(output) as fd:
report = fd.read()
assert "riri" in report
assert "fifi" in report
assert "loulou" in report
assert "http://testphp.vulnweb.com/login.php" in report
assert "uname" in report
assert "pass" in report
# the csv report only contains vulnerabilities without the info section
if report_format != "csv":
assert "123456" in report