def _init_report(self): self.report_gen = get_report_generator_instance(self.report_generator_type.lower()) self.report_gen.set_report_info( self.target_url, self.target_scope, gmtime(), WAPITI_VERSION ) for vul in vulnerabilities: self.report_gen.add_vulnerability_type( vul.NAME, vul.DESCRIPTION, vul.SOLUTION, flatten_references(vul.REFERENCES) ) for anomaly in anomalies: self.report_gen.add_anomaly_type( anomaly.NAME, anomaly.DESCRIPTION, anomaly.SOLUTION, flatten_references(anomaly.REFERENCES) ) for additional in additionals: self.report_gen.add_additional_type( additional.NAME, additional.DESCRIPTION, additional.SOLUTION, flatten_references(additional.REFERENCES) )
def test_reports(): for report_format, report_class in GENERATORS.items(): report_gen = report_class() report_gen.set_report_info("http://perdu.com", "folder", gmtime(), "WAPITI_VERSION") for vul in vulnerabilities: report_gen.add_vulnerability_type( vul.NAME, vul.DESCRIPTION, vul.SOLUTION, flatten_references(vul.REFERENCES)) for anomaly in anomalies: report_gen.add_anomaly_type(anomaly.NAME, anomaly.DESCRIPTION, anomaly.SOLUTION, flatten_references(anomaly.REFERENCES)) for additional in additionals: report_gen.add_additional_type( additional.NAME, additional.DESCRIPTION, additional.SOLUTION, flatten_references(additional.REFERENCES)) if report_format == "html": temp_obj = tempfile.TemporaryDirectory() else: temp_obj = tempfile.NamedTemporaryFile(delete=False) output = temp_obj.name print("Using report type '{}'".format(report_format)) request = Request("http://perdu.com/riri?foo=bar") report_gen.add_vulnerability(category=_("Cross Site Scripting"), level=1, request=request, parameter="foo", info="This is dope", module="xss") request = Request("http://perdu.com/fifi?foo=bar") report_gen.add_anomaly(category=_("Internal Server Error"), level=2, request=request, parameter="foo", info="This is the way", module="xss") request = Request("http://perdu.com/?foo=bar") report_gen.add_additional(category=_("Fingerprint web technology"), level=3, request=request, parameter="foo", info="loulou", module="wapp") report_gen.generate_report(output) if report_format == "html": output = report_gen.final_path with open(output) as fd: report = fd.read() assert "riri" in report assert "fifi" in report assert "loulou" in report
def test_reports(): for report_format, report_class in GENERATORS.items(): report_gen = report_class() report_gen.set_report_info( "http://perdu.com", "folder", gmtime(), "WAPITI_VERSION", { "method": "post", "url": "http://testphp.vulnweb.com/login.php", "logged_in": True, "form": { "login_field": "uname", "password_field": "pass" } }, 123456) for vul in vulnerabilities: report_gen.add_vulnerability_type( vul.NAME, vul.DESCRIPTION, vul.SOLUTION, flatten_references(vul.REFERENCES)) for anomaly in anomalies: report_gen.add_anomaly_type(anomaly.NAME, anomaly.DESCRIPTION, anomaly.SOLUTION, flatten_references(anomaly.REFERENCES)) for additional in additionals: report_gen.add_additional_type( additional.NAME, additional.DESCRIPTION, additional.SOLUTION, flatten_references(additional.REFERENCES)) if report_format == "html": temp_obj = tempfile.TemporaryDirectory() else: temp_obj = tempfile.NamedTemporaryFile(delete=False) output = temp_obj.name print("Using report type '{}'".format(report_format)) request = Request("http://perdu.com/riri?foo=bar") report_gen.add_vulnerability( category=_("Reflected Cross Site Scripting"), level=1, request=request, parameter="foo", info="This is dope", module="xss") request = Request("http://perdu.com/fifi?foo=bar") report_gen.add_anomaly(category=_("Internal Server Error"), level=2, request=request, parameter="foo", info="This is the way", module="xss") request = Request("http://perdu.com/?foo=bar") report_gen.add_additional(category=_("Fingerprint web technology"), level=3, request=request, parameter="foo", info="loulou", module="wapp") report_gen.generate_report(output) if report_format == "html": output = report_gen.final_path with open(output) as fd: report = fd.read() assert "riri" in report assert "fifi" in report assert "loulou" in report assert "http://testphp.vulnweb.com/login.php" in report assert "uname" in report assert "pass" in report # the csv report only contains vulnerabilities without the info section if report_format != "csv": assert "123456" in report