cloudflare · infosecwatchman · Apr 22, 2020 · Apr 22, 2020 · Apr 22, 2020 · Apr 22, 2020
diff --git a/Makefile b/Makefile
@@ -12,4 +12,7 @@ html :
 	docker run --name $(container_name) -v "$(CURDIR)/shared:/shared:Z" -e format=html flan_scan
 
 json :
-	docker run --name $(container_name) -v "$(CURDIR)/shared:/shared:Z" -e format=json flan_scan
+	docker run --name $(container_name) -v "$(CURDIR)/shared:/shared:Z" -e format=json flan_scan
+
+csv :
+	docker run --name $(container_name) -v "$(CURDIR)/shared:/shared:Z" -e format=csv flan_scan
diff --git a/README.md b/README.md
@@ -29,7 +29,7 @@ By default flan creates Latex reports, to get other formats run:
 ```
 $ make html
 ```
-Additional supported formats are *md* (markdown), *html* and *json*.
+Additional supported formats are *md* (markdown), *html*, *csv*, and *json*.
 
 When the scan finishes you will find the reports summarizing the scan in `shared/reports`. You can also see the raw XML output from Nmap in `shared/xml_files`.
 

diff --git a/csv_report_builder.py b/csv_report_builder.py
@@ -0,0 +1,34 @@
+import csv
+from typing import Any, Dict
+
+from contrib.descriptions import VulnDescriptionProvider
+from contrib.internal_types import ScanResult
+from contrib.report_builders import ReportBuilder
+
+class CSVReportBuilder(ReportBuilder):
+    def __init__(self, description_provider: VulnDescriptionProvider):
+        self.description_provider = description_provider
+        self._buffer = ''
+
+    def build(self) -> Any:
+        return self._buffer
+        pass
+
+    def add_vulnerable_services(self, scan_results: Dict[str, ScanResult]):
+        with open('tempcsv.csv', "w+") as csvfile:
+            wr = csv.writer(csvfile, dialect='excel')
+            for app_name, result in scan_results.items():
+                for vulnResult in result.vulns:
+                    for addr, ports in result.locations.items():
+                        description = self.description_provider.get_description(vulnResult.name, vulnResult.vuln_type)
+                        csvRow = [addr, ports, app_name, vulnResult.name, description.text, vulnResult.severity, vulnResult.severity_str, description.url]
+                        wr.writerow(csvRow)
+        with open('tempcsv.csv', "r+") as csvfile:
+            reader = csv.reader(csvfile, delimiter=' ', quotechar='|', skipinitialspace=True)
+            data = []
+            VulnData = 'IP, Port, Title, CVE,Description,Risk Score,Severity,References\n'
+            for row in reader:
+                data = ' '.join(row)
+                VulnData = VulnData + data + '\n'
+        self._buffer = VulnData
+        return self._buffer
diff --git a/output_report.py b/output_report.py
@@ -8,6 +8,7 @@
 from contrib.parsers import FlanXmlParser
 from contrib.report_builders import ReportBuilder, LatexReportBuilder, MarkdownReportBuilder, JinjaHtmlReportBuilder, \
     JsonReportBuilder
+from contrib.report_builders.csv_report_builder import CSVReportBuilder
 
 
 def create_report(parser: FlanXmlParser, builder: ReportBuilder, nmap_command: str, start_date: str, output_writer: IO,
@@ -48,7 +49,8 @@ def create_report_builder(report_type: str) -> ReportBuilder:
         'tex': lambda p: LatexReportBuilder(p),
         'md': lambda p: MarkdownReportBuilder(p),
         'html': lambda p: JinjaHtmlReportBuilder(p),
-        'json': lambda p: JsonReportBuilder(p)
+        'json': lambda p: JsonReportBuilder(p),
+        'csv': lambda p: CSVReportBuilder(p)
     }
 
     if report_type not in builder_map: