Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
from datetime import datetime
from typing import Any, Dict, List
from contrib.descriptions import VulnDescriptionProvider
from contrib.internal_types import ScanResult
from contrib.report_builders import ReportBuilder
__all__ = ['MarkdownReportBuilder']
class MarkdownReportBuilder(ReportBuilder):
def __init__(self, description_provider: VulnDescriptionProvider):
self.description_provider = description_provider
self._buffer = ''
def init_report(self, start_date: str, nmap_command: str):
self._append_line(self.header)
self._append_line('## {date:%B %d, %Y}'.format(date=datetime.utcnow()))
self._append_line('### **Summary**')
self._append_line('Flan Scan ran a network vulnerability scan with the following Nmap command on {date}'
.format(date=start_date))
self._append_line('`{command}`'.format(command=nmap_command))
def build(self) -> Any:
return self._buffer
def add_vulnerable_section(self):
self._append_line('### Services with vulnerabilities')
def add_non_vulnerable_section(self):
self._append_line('### Services with no *known* vulnerabilities')
def add_vulnerable_services(self, scan_results: Dict[str, ScanResult]):
for i, pair in enumerate(scan_results.items(), start=1):
app_name, report = pair # type: str, ScanResult
self._append_service(i, app_name)
num_vulns = len(report.vulns)
for v in report.vulns:
description = self.description_provider.get_description(v.name, v.vuln_type)
self._append_line('- [**{name}** {severity} ({severity_num})]({link} "{title}")'
.format(name=v.name, severity=v.severity_str, severity_num=v.severity,
link=description.url, title=v.name), spaces=4)
self._append_line('```text', separators=1, spaces=6)
self._append_line(description.text, separators=1, spaces=6)
self._append_line('```', spaces=6)
self._append_line('The above {num} vulnerabilities apply to these network locations'.format(num=num_vulns),
spaces=4)
self._append_line('```text', separators=1, spaces=4)
for addr, ports in report.locations.items():
self._append_location(addr, ports, spaces=4)
self._append_line('```', spaces=4)
def add_non_vulnerable_services(self, scan_results: Dict[str, ScanResult]):
for i, pair in enumerate(scan_results.items(), start=1):
app_name, report = pair # type: str, ScanResult
self._append_service(i, app_name)
for addr, ports in report.locations.items():
self._append_location(addr, ports, spaces=4)
self._append('\n')
def initialize_section(self):
pass
def add_ips_section(self):
self._append_line('### List of IPs Scanned')
def add_ip_address(self, ip: str):
self._append_line('- {ip}'.format(ip=ip), separators=1)
def finalize(self):
pass
@property
def header(self) -> Any:
return '# Flan scan report'
def _append(self, text: str, spaces: int = 0):
if spaces:
self._buffer += ' ' * spaces
self._buffer += text
def _append_line(self, text: str, separators: int = 2, spaces: int = 0):
self._append(text, spaces)
self._append('\n' * separators)
def _append_service(self, index: int, name: str, spaces: int = 0):
self._append_line('{index}. **{service}**'.format(index=index, service=name.strip()), spaces=spaces,
separators=1)
def _append_location(self, address: str, ports: List[str], spaces: int):
self._append_line('- {address} Ports: {ports}'.format(address=address, ports=', '.join(ports)), spaces=spaces,
separators=1)