diff --git a/Makefile b/Makefile index cfd1d30..715913c 100644 --- a/Makefile +++ b/Makefile @@ -12,4 +12,7 @@ html : docker run --name $(container_name) -v "$(CURDIR)/shared:/shared:Z" -e format=html flan_scan json : - docker run --name $(container_name) -v "$(CURDIR)/shared:/shared:Z" -e format=json flan_scan \ No newline at end of file + docker run --name $(container_name) -v "$(CURDIR)/shared:/shared:Z" -e format=json flan_scan + +csv : + docker run --name $(container_name) -v "$(CURDIR)/shared:/shared:Z" -e format=csv flan_scan \ No newline at end of file diff --git a/README.md b/README.md index cb9eaa5..f32a972 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ By default flan creates Latex reports, to get other formats run: ``` $ make html ``` -Additional supported formats are *md* (markdown), *html* and *json*. +Additional supported formats are *md* (markdown), *html*, *csv*, and *json*. When the scan finishes you will find the reports summarizing the scan in `shared/reports`. You can also see the raw XML output from Nmap in `shared/xml_files`. diff --git a/csv_report_builder.py b/csv_report_builder.py new file mode 100644 index 0000000..27c36db --- /dev/null +++ b/csv_report_builder.py @@ -0,0 +1,34 @@ +import csv +from typing import Any, Dict + +from contrib.descriptions import VulnDescriptionProvider +from contrib.internal_types import ScanResult +from contrib.report_builders import ReportBuilder + +class CSVReportBuilder(ReportBuilder): + def __init__(self, description_provider: VulnDescriptionProvider): + self.description_provider = description_provider + self._buffer = '' + + def build(self) -> Any: + return self._buffer + pass + + def add_vulnerable_services(self, scan_results: Dict[str, ScanResult]): + with open('tempcsv.csv', "w+") as csvfile: + wr = csv.writer(csvfile, dialect='excel') + for app_name, result in scan_results.items(): + for vulnResult in result.vulns: + for addr, ports in result.locations.items(): + description = self.description_provider.get_description(vulnResult.name, vulnResult.vuln_type) + csvRow = [addr, ports, app_name, vulnResult.name, description.text, vulnResult.severity, vulnResult.severity_str, description.url] + wr.writerow(csvRow) + with open('tempcsv.csv', "r+") as csvfile: + reader = csv.reader(csvfile, delimiter=' ', quotechar='|', skipinitialspace=True) + data = [] + VulnData = 'IP, Port, Title, CVE,Description,Risk Score,Severity,References\n' + for row in reader: + data = ' '.join(row) + VulnData = VulnData + data + '\n' + self._buffer = VulnData + return self._buffer \ No newline at end of file diff --git a/output_report.py b/output_report.py index 42ecc54..cd3550a 100644 --- a/output_report.py +++ b/output_report.py @@ -8,6 +8,7 @@ from contrib.parsers import FlanXmlParser from contrib.report_builders import ReportBuilder, LatexReportBuilder, MarkdownReportBuilder, JinjaHtmlReportBuilder, \ JsonReportBuilder +from contrib.report_builders.csv_report_builder import CSVReportBuilder def create_report(parser: FlanXmlParser, builder: ReportBuilder, nmap_command: str, start_date: str, output_writer: IO, @@ -48,7 +49,8 @@ def create_report_builder(report_type: str) -> ReportBuilder: 'tex': lambda p: LatexReportBuilder(p), 'md': lambda p: MarkdownReportBuilder(p), 'html': lambda p: JinjaHtmlReportBuilder(p), - 'json': lambda p: JsonReportBuilder(p) + 'json': lambda p: JsonReportBuilder(p), + 'csv': lambda p: CSVReportBuilder(p) } if report_type not in builder_map: