CLI support reorganised and tested on Linux

Author: hvqzao

LINUX-INSTALL.md

@@ -0,0 +1,41 @@
+```
+# setup ve directory
+cd ~/x/w
+git clone https://github.com/hvqzao/ve
+
+# configure ve
+./ve -P 2.7.13
+# <-- press [Enter] to confirm build settings
+
+cat >.ve <<EOF
+PY="py-2.7.13"
+VE_BIN="bin"
+EOF
+
+# enable ve
+. ./ve
+
+# pip update
+pip install --upgrade pip
+
+# get report-ng
+git clone https://github.com/hvqzao/report-ng
+
+# meet report-ng requirements
+pip install cx_freeze==4.3.3
+pip install lxml==3.3.5
+# no wxpython
+pip install pillow
+pip install pyaml
+pip install beautifulsoup==3.2.1
+
+cd report-ng
+```
+
+# NOT TESTED:
+#
+# http://stackoverflow.com/questions/32284938/how-to-properly-install-wxpython
+# https://wiki.wxpython.org/How%20to%20install%20wxPython#Installing_wxPython-Phoenix_using_pip
+#
+# pip install --upgrade --trusted-host wxpython.org --pre -f http://wxpython.org/Phoenix/snapshot-builds/ wxPython_Phoenix 
+

README.md

@@ -59,6 +59,12 @@ of report-files. Application currently supports one set of switches:
 -r report-file
 ```
 
+Example use:
+
+```
+python report-ng.py -t examples/example-2-scan-report-template.xml -c examples/example-2-content.yaml -k examples/example-2-kb.yaml -s examples/example-2-scan-export-Burp.xml -r examples/\!.xml
+```
+
 ## Word Template Preparation
 
 This application was tested with Office 2010 Word documents saved with
@@ -232,7 +238,7 @@ Scan Details (Full) with XML Export Format. For Burp use Report Selected
 Issues, select XML and pick Base64-encode requests and responses.
 
 At the time of writing, everything works smoothly with HP WebInspect 10.50,
-BurpSuite Pro 1.7.03 and Microsoft Office 2013. No modifications were
+BurpSuite Pro 1.7.19 and Microsoft Office 2013. No modifications were
 necessary.
 
 ## License

cxfreeze.cmd

@@ -5,3 +5,6 @@
 - Name: ASP.NET Application Level-Trace Log
   Severity: High
   TestersComment: Less wise words here.
+- Name: Cross-site scripting (reflected)
+  Severity: High 
+  TestersComment: <html><b><redwhite>A</redwhite></b> <red>B</red> <yellow>C</yellow>.</html>

examples/example-2-kb.yaml

@@ -1,5 +1,5 @@
 # report-ng
-# Copyright (c) 2015 Marcin Woloszyn (@hvqzao)
+# Copyright (c) 2014-2017 Marcin Woloszyn (@hvqzao)
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -16,7 +16,11 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
 
-from src.gui import GUI
-
 if __name__ == '__main__':
-    GUI()
+    import sys
+    if len(sys.argv) > 1:
+        from src.cli import CLI
+        CLI()
+    else:
+        from src.gui import GUI
+        GUI()

report-ng.py

@@ -1,5 +1,5 @@
 # report-ng
-# Copyright (c) 2015 Marcin Woloszyn (@hvqzao)
+# Copyright (c) 2014-2015 Marcin Woloszyn (@hvqzao)
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License

src/__init__.py

@@ -1,5 +1,5 @@
 # report-ng
-# Copyright (c) 2015 Marcin Woloszyn (@hvqzao)
+# Copyright (c) 2014-2015 Marcin Woloszyn (@hvqzao)
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License

src/burp.py

@@ -0,0 +1,81 @@
+# report-ng
+# Copyright (c) 2015-2017 Marcin Woloszyn (@hvqzao)
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+
+import sys
+
+from report import Report
+from scan import Scan
+from version import Version
+
+class CLI(Version):
+
+    def __init__(self):
+
+        #def flagged (key):
+        #    return key in sys.argv
+
+        def value (key):
+            if key in sys.argv:
+                index = sys.argv.index(key)
+                if len(sys.argv) > index + 1:
+                    return sys.argv[index + 1]
+            return None
+
+        def is_yaml (filename):
+            ext = '.yaml'
+            return filename[-len(ext):] == ext
+
+        template_file = value('-t')
+        content_file = value('-c')
+        kb_file = value('-k')
+        scan_file = value('-s')
+        report_file = value('-r')
+
+        if template_file and report_file:
+            report = Report()
+            report.template_load_xml(template_file)
+            if content_file:
+                if is_yaml(content_file):
+                    report.content_load_yaml(content_file)
+                else:
+                    report.content_load_json(content_file)
+            if kb_file:
+                if is_yaml(kb_file):
+                    report.kb_load_yaml(kb_file)
+                else:
+                    report.kb_load_json(kb_file)
+            if scan_file:
+                report.scan = Scan(scan_file)
+            report.xml_apply_meta()
+            report.save_report_xml(report_file)
+            print 'Report saved.'
+        else:
+            print 'Usage: '
+            print
+            print '    ' + self.title + '.exe -t template-file [-c content-file] [-k kb-file] [-s scan-file] -r report-file'
+            print '        generate report'
+            print
+            print '    ' + self.title + '.exe [--help]'
+            print '        display usage and exit'
+
+
+if __name__ == '__main__':
+    #sys.argv += ['--help']
+    #sys.argv += ['-t','aaa']
+    #sys.argv = [sys.argv[0], '-t', 'asdad']
+    CLI()

src/cli.py

@@ -1,5 +1,5 @@
 # report-ng
-# Copyright (c) 2017 Marcin Woloszyn (@hvqzao)
+# Copyright (c) 2014-2017 Marcin Woloszyn (@hvqzao)
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -926,71 +926,6 @@ def __init__(self, parent, content='', *args, **kwargs):
             self.CenterOnScreen()
             self.Show()
 
-    def CLI(self):
-        self.__CLI(application=self)
-
-    class __CLI(wx.Frame):
-
-        # application
-
-        def __init__(self, application=None, *args, **kwargs):
-            self.application = application
-            wx.Frame.__init__(self, None, *args, **kwargs)
-            self.Bind(wx.EVT_CLOSE, lambda x: self.Destroy())
-            #self.Show()
-            import sys
-
-            def val (key):
-                if key in sys.argv:
-                    return sys.argv[sys.argv.index('-t')+1]
-                else:
-                    return None
-
-            def is_yaml (filename):
-                ext = '.yaml'
-                return filename[-len(ext):] == ext
-
-            template_file = val('-t')
-            content_file = val('-c')
-            kb_file = val('-k')
-            scan_file = val('-s')
-            report_file = val('-r')
-
-            if template_file and report_file:
-                report = Report()
-                report.template_load_xml(template_file)
-                if content_file:
-                    if is_yaml(content_file):
-                        report.content_load_yaml(content_file)
-                    else:
-                        report.content_load_json(content_file)
-                if kb_file:
-                    if is_yaml(kb_file):
-                        report.kb_load_yaml(kb_file)
-                    else:
-                        report.kb_load_json(kb_file)
-                if scan_file:
-                    report.scan = Scan(scan_file)
-                report.xml_apply_meta(vulnparam_highlighting=self.menu_view_v.IsChecked(), truncation=self.menu_view_i.IsChecked())
-                report.save_report_xml(report_file)
-            else:
-                print 'Usage: '
-                print
-                print '    '+self.application.title+'.exe'
-                print '        start GUI application'
-                print
-                print '    '+self.application.title+'.exe -t template-file [-c content-file] [-k kb-file] [-s scan-file] -r report-file'
-                print '        generate report'
-                print
-                print '    '+self.application.title+'.exe [any other arguments]'
-                print '        display usage and exit'
-
-            self.Close()
-
-        def Destroy(self):
-            #print 'destroying CLI'
-            super(wx.Frame, self).Destroy()
-
     # GUI class
 
     def __init__(self):
@@ -999,12 +934,7 @@ def __init__(self):
         wx_app = wx.App(redirect=True) # redirect in wxpython 3.0 defaults to False
         #self.TextWindow(None, title='asdasd', content='bsdsdasd')
         import sys
-        #sys.argv = [sys.argv[0], '--help']
-        #sys.argv = [sys.argv[0], '-t', 'asdad']
-        if len(sys.argv) > 1:
-            self.CLI()
-        else:
-            self.MainWindow()
+        self.MainWindow()
         wx_app.MainLoop()
 
 

src/gui.py

@@ -1,5 +1,5 @@
 # report-ng
-# Copyright (c) 2015 Marcin Woloszyn (@hvqzao)
+# Copyright (c) 2014-2015 Marcin Woloszyn (@hvqzao)
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License