Example #1
0
function generate_results($output)
{
    global $user, $border, $report_id, $sid, $scantime, $scansubmit, $scantype, $fp, $nfp, $output, $filterip, $query_risk, $dbconn, $treport, $ipl, $key, $query_byuser, $arruser;
    $dbconn->SetFetchMode(ADODB_FETCH_BOTH);
    if ($report_id != '') {
        $query = "SELECT sid FROM vuln_nessus_latest_reports WHERE 1=1" . ($report_id != "all" ? " AND report_id={$report_id}" : "") . " {$query_byuser}";
        //echo $query;
        $result = $dbconn->execute($query);
        while (!$result->EOF) {
            $sid = $result->fields['sid'];
            $sids[] = $sid;
            $result->MoveNext();
        }
        $sid = implode(",", $sids);
    } else {
        if ($scansubmit != '' && $treport != "latest") {
            $query = "SELECT r.report_id, r.sid FROM vuln_nessus_reports r,vuln_jobs j WHERE r.report_id=j.report_id AND j.scan_SUBMIT='{$scansubmit}'" . (empty($arruser) ? "" : " AND r.username in ({$user}) ");
            //print_r($arruser);
            $result = $dbconn->execute($query);
            while (!$result->EOF) {
                $report_id = $result->fields['report_id'];
                $sid = $result->fields['sid'];
                $ids[] = $report_id;
                $result->MoveNext();
            }
            $report_id = implode(",", $ids);
        } else {
            $query = "SELECT report_id, sid FROM " . ($treport == "latest" ? "vuln_nessus_latest_reports" : "vuln_nessus_reports") . " WHERE " . ($treport == "" ? "scantime='{$scantime}'" : "report_key={$key}") . "\n                 AND scantype='{$scantype}' {$query_byuser} LIMIT 1";
            $result = $dbconn->execute($query);
            $report_id = $result->fields['report_id'];
            $sid = $result->fields['sid'];
        }
    }
    $ip = $_SERVER['REMOTE_ADDR'];
    switch ($output) {
        case "full":
            echo reportsummary();
            echo vulnbreakdown();
            echo hostsummary();
            echo origdetails();
            break;
        case "detailed":
            echo reportsummary();
            break;
        case "summary":
            echo reportsummary();
            echo vulnbreakdown();
            echo hostsummary();
            break;
        case "printable":
            $border = 0;
            echo reportsummary();
            echo vulnbreakdown();
            echo hostsummary();
            echo vulndetails();
            break;
        case "min":
            $query_risk = "AND risk <= '3' ";
            echo reportsummary();
            echo vulnbreakdown();
            echo hostsummary();
            echo vulndetails();
            break;
        case "optimized":
            echo reportsummary();
            echo vulnbreakdown();
            echo hostsummary();
            echo vulndetails();
            break;
        default:
            echo reportsummary();
            echo vulnbreakdown();
            echo hostsummary();
            echo origdetails();
            break;
    }
    echo "";
}
Example #2
0
function generate_results($output)
{
    global $user, $border, $report_id, $sid, $scantime, $scansubmit, $scantype, $fp, $nfp, $output, $filterip, $query_risk, $dbconn, $treport, $ipl, $key, $query_byuser, $arruser;
    $ip = $_SERVER['REMOTE_ADDR'];
    logAccess(strtoupper($output) . " HTML REPORT [ {$report_id} ] ACCESSED");
    echo "";
    switch ($output) {
        case "full":
            echo vulnbreakdown();
            echo hostsummary();
            echo origdetails();
            break;
        case "summary":
            echo "" . vulnbreakdown();
            echo "" . hostsummary();
            break;
        case "printable":
            $border = 0;
            echo "" . vulnbreakdown();
            echo "" . hostsummary();
            echo "" . vulndetails();
            break;
        case "min":
            $query_risk = "AND risk <= '3' ";
            echo "" . vulnbreakdown();
            echo "" . hostsummary();
            echo "" . vulndetails();
            break;
        case "optimized":
            echo "" . vulnbreakdown();
            echo "" . hostsummary();
            echo "" . vulndetails();
            break;
        default:
            echo "" . vulnbreakdown();
            echo "" . hostsummary();
            echo "" . origdetails();
            break;
    }
    echo "";
}
Example #3
0
function generate_results($output)
{
    global $user, $border, $report_id, $sid, $scantime, $scansubmit, $scantype, $fp, $nfp, $output, $filterip, $query_risk, $dbconn, $treport, $ipl, $key, $query_byuser, $arruser;
    if ($report_id != "") {
        $query = "SELECT sid FROM vuln_nessus_latest_reports WHERE 1=1" . ($report_id != "all" ? " AND report_id={$report_id}" : "") . " {$query_byuser}";
        //echo $query;
        $result = $dbconn->execute($query);
        while (!$result->EOF) {
            list($sid) = $result->fields;
            $sids[] = $sid;
            $result->MoveNext();
        }
        $sid = implode(",", $sids);
    } else {
        if ($scansubmit != "" && $treport != "latest") {
            $query = "SELECT r.report_id, r.sid FROM vuln_nessus_reports r,vuln_jobs j WHERE r.report_id=j.report_id AND j.scan_SUBMIT='{$scansubmit}'" . (in_array("admin", $arruser) ? "" : " AND r.username in ('{$user}') ");
            //print_r($arruser);
            $result = $dbconn->execute($query);
            while (!$result->EOF) {
                list($report_id, $sid) = $result->fields;
                $ids[] = $report_id;
                $result->MoveNext();
            }
            $report_id = implode(",", $ids);
        } else {
            $query = "SELECT report_id, sid FROM " . ($treport == "latest" ? "vuln_nessus_latest_reports" : "vuln_nessus_reports") . " WHERE " . ($treport == "" ? "scantime='{$scantime}'" : "report_key={$key}") . "\n                 AND scantype='{$scantype}' {$query_byuser} LIMIT 1";
            //echo $query;
            $result = $dbconn->execute($query);
            list($report_id, $sid) = $result->fields;
        }
    }
    //echo $query;
    //echo "sid=$sid<br>";
    //echo "report_id=$report_id<br>";
    $ip = $_SERVER['REMOTE_ADDR'];
    logAccess(strtoupper($output) . " HTML REPORT [ {$report_id} ] ACCESSED");
    echo "";
    //var_dump($output);
    switch ($output) {
        case "full":
            //echo "navbar-".navbar($output)."\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n";
            //echo "reportsummary-".reportsummary()."\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n";
            echo "" . reportsummary();
            //echo "".navbar($output);
            echo "" . vulnbreakdown();
            echo "" . hostsummary();
            echo "" . origdetails();
            break;
        case "detailed":
            echo "" . reportsummary();
            //navbar ( $output );
            #echo "". detailedresults();
            break;
        case "summary":
            echo "" . reportsummary();
            //navbar ( $output );
            echo "" . vulnbreakdown();
            echo "" . hostsummary();
            break;
        case "printable":
            $border = 0;
            echo "" . reportsummary();
            //navbar ( $output );
            echo "" . vulnbreakdown();
            #echo "". atrisksummary();
            echo "" . hostsummary();
            echo "" . vulndetails();
            break;
        case "min":
            #$border=0;
            $query_risk = "AND risk <= '3' ";
            echo "" . reportsummary();
            //navbar ( $output );
            echo "" . vulnbreakdown();
            #echo "". atrisksummary();
            echo "" . hostsummary();
            echo "" . vulndetails();
            break;
        case "optimized":
            echo "" . reportsummary();
            //navbar ( $output );
            echo "" . vulnbreakdown();
            echo "" . hostsummary();
            echo "" . vulndetails();
            break;
        default:
            echo "" . reportsummary();
            //navbar ( $output );
            echo "" . vulnbreakdown();
            echo "" . hostsummary();
            echo "" . origdetails();
            break;
    }
    echo "";
}