$description = $row["description"];
$severity = $row["severity"];
$remoteValue = $row["remoteValue"];
$policyValue = $row["policyValue"];
$itemType = $row["custom_item_type"];
echo "<br></br>";
echo "<table width=\"850px\">";
echo "<tr><td colspan=\"2\" class=\"left\"><pre>" . $description . "</pre></td></tr>";
echo "<tr><td class=\"left\"><p>Policy Value</p></td><td class=\"left\"><p>Remote Value</p></td></tr>";
echo "<tr><td class=\"right\" valign=\"top\">" . nl2br($policyValue) . "</td><td class=\"right\" valign=\"top\">" . nl2br($remoteValue) . "</td></tr>";
echo "</table>";
echo "<table width=\"850px\">";
echo "<tr><td class=\"top\"><p>IP Address</p></td><td class=\"top\"><p>MAC</p></td><td class=\"top\"><p>FQDN</p></td><td class=\"top\"><p>NetBIOS</p></td><td class=\"top\"><p>OS</p></td>";
$host_sql = "SELECT\n\t\t\t\t\tnessus_compliance_results.host_name,\n\t\t\t\t\tnessus_tags.ip_addr,\n\t\t\t\t\tnessus_tags.mac_addr,\n\t\t\t\t\tnessus_tags.fqdn,\n\t\t\t\t\tnessus_tags.netbios,\n\t\t\t\t\tnessus_tags.operating_system\n\t\t\t\tFROM\n\t\t\t\t\tnessus_compliance_results\n\t\t\t\tINNER JOIN nessus_tags ON nessus_compliance_results.tagID = nessus_tags.tagID\n\t\t\t\tINNER JOIN nessus_temp_hosts ON nessus_temp_hosts.host_name = nessus_compliance_results.host_name\n\t\t\t\tINNER JOIN nessus_audit_file ON nessus_compliance_results.description = nessus_audit_file.description\n\t\t\t\tINNER JOIN nessus_temp_itemType ON nessus_audit_file.custom_item_type = nessus_temp_itemType.custom_item_type\n\t\t\t\tWHERE\n\t\t\t\t\tnessus_compliance_results.agency = '{$agency}' AND\n\t\t\t\t\tnessus_compliance_results.report_name = '{$report_name}' AND\n\t\t\t\t\tnessus_compliance_results.severity = '3' AND\n\t\t\t\t\tnessus_audit_file.custom_item_type = '{$itemType}' AND\n\t\t\t\t\tnessus_compliance_results.description = '{$description}' AND\n\t\t\t\t\tnessus_compliance_results.remoteValue = '{$remoteValue}' AND\n\t\t\t\t\tnessus_compliance_results.policyValue = '{$policyValue}'\n\t\t\t\t";
$host_result = $db->query($host_sql);
ifError($host_result);
while ($host_row = $host_result->fetchRow(DB_FETCHMODE_ASSOC)) {
$host_name = $host_row["host_name"];
$ip_addr = $host_row["ip_addr"];
$mac_addr = $host_row["mac_addr"];
$fqdn = $host_row["fqdn"];
$netbios = $host_row["netbios"];
$operating_system = $host_row["operating_system"];
?>
<tr>
<td class="right"><p><?php
if ($ip_addr == "") {
echo "{$host_name}";
} else {
echo "{$ip_addr}";
}
$sql = "CREATE temporary TABLE nessus_temp_severity (severity VARCHAR(255))";
$result = $db->query($sql);
ifError($result);
foreach ($sArray as $s) {
$sql = "INSERT INTO nessus_temp_severity (severity) VALUES ('{$s}')";
$result = $db->query($sql);
ifError($result);
}
date_default_timezone_set('UTC');
$myDir = "/var/www/projectRF/nessus/csvfiles/";
$myFileName = $agency . "_" . date('mdYHis') . ".csv";
$myFile = $myDir . $myFileName;
$fh = fopen($myFile, 'w') or die("can't open {$myFile} for writing. Please check folder permissions.");
$sql = "SELECT \n\t\t\tnessus_compliance_results.host_name,\n\t\t\tnessus_compliance_results.ip_addr,\n\t\t\tnessus_compliance_results.mac_addr,\n\t\t\tnessus_compliance_results.fqdn,\n\t\t\tnessus_compliance_results.netbios,\n\t\t\tnessus_compliance_results.operating_system,\n\t\t\tnessus_compliance_results.host_start,\n\t\t\tnessus_compliance_results.host_end,\n\t\t\tnessus_compliance_results.pluginID,\n\t\t\tnessus_compliance_results.pluginName,\n\t\t\tnessus_compliance_results.severity,\n\t\t\tnessus_compliance_results.description,\n\t\t\tnessus_audit_file.check_type,\n\t\t\tnessus_audit_file.custom_item_type,\n\t\t\tnessus_audit_file.value_type,\n\t\t\tnessus_audit_file.value_data,\n\t\t\tnessus_audit_file.service_name,\n\t\t\tnessus_audit_file.svc_option,\n\t\t\tnessus_audit_file.acl_option,\n\t\t\tnessus_audit_file.file,\n\t\t\tnessus_audit_file.reg_key,\n\t\t\tnessus_audit_file.reg_item,\n\t\t\tnessus_compliance_results.plugin_output,\n\t\t\tnessus_compliance_results.remoteValue,\n\t\t\tnessus_compliance_results.policyValue,\n\t\t\tnessus_compliance_results.complianceError\n\t\tFROM\n\t\t\tnessus_compliance_results\n\t\tINNER JOIN nessus_temp_hosts ON nessus_temp_hosts.host_name = nessus_compliance_results.host_name\n\t\tINNER JOIN nessus_audit_file ON nessus_compliance_results.description = nessus_audit_file.description\n\t\tINNER JOIN nessus_temp_itemType ON nessus_audit_file.custom_item_type = nessus_temp_itemType.custom_item_type\n\t\tINNER JOIN nessus_temp_severity ON nessus_temp_severity.severity = nessus_compliance_results.severity\n\t\tWHERE\n\t\t\tnessus_compliance_results.agency = '{$agency}' AND\n\t\t\tnessus_compliance_results.report_name = '{$report_name}' AND\n\t\t\tnessus_compliance_results.scan_start = '{$scan_start}' AND\n\t\t\tnessus_compliance_results.scan_end = '{$scan_end}'\n\t\t";
$result =& $db->getAll($sql, array(), DB_FETCHMODE_ASSOC);
ifError($result);
fwrite($fh, "\"Agency\",\"Scan Start\",\"Scan End\",\"Report Name\",\"Hostname\",\"IP Address\",\"MAC Address\",\"FQDN\",\"NetBIOS\",\"OS\",\"Host Start\",\"Host End\",\"pluginID\",\"Plugin Name\",\"Severity\",\"Description\",\"Check Type\",\"Check Details\",\"Value Type\",\"Value Data\",\"Service Name\",\"SVC Option\",\"ACL Option\",\"File\",\"Reg Key\",\"Reg Item\",\"Plugin Output\",\"Remote Value\",\"Policy Value\",\"Compliance Error\"");
fwrite($fh, "\n");
foreach ($result as $row) {
$host_name = $row["host_name"];
$ip_addr = $row["ip_addr"];
$mac_addr = $row["mac_addr"];
$fqdn = $row["fqdn"];
$netbios = $row["netbios"];
$operating_system = $row["operating_system"];
$host_start = $row["host_start"];
$host_end = $row["host_end"];
$pluginID = $row["pluginID"];
$pluginName = $row["pluginName"];
$severity = $row["severity"];
$description = addslashes($row["description"]);
include '../main/config.php';
require_once 'DB.php';
$db = DB::connect("mysql://{$dbuser}:{$dbpass}@{$dbhost}/{$dbname}");
$agency_temp = explode(":", $_POST["agency"]);
$agency = $agency_temp[0];
$XmlReport_Name = $agency_temp[1];
$agency_sql = "SELECT DISTINCT AppScan_IssueTypes.agency, AppScan_IssueTypes.XmlReport_Name FROM AppScan_IssueTypes";
$agency_result = $db->query($agency_sql);
ifError($threat_result);
if ($agency != "") {
$url_sql = "SELECT DISTINCT AppScan_Issues.Url, AppScan_Issues.XmlReport_Name, AppScan_Issues.agency FROM AppScan_Issues WHERE AppScan_Issues.XmlReport_Name = '{$XmlReport_Name}' AND AppScan_Issues.agency = '{$agency}' ORDER BY AppScan_Issues.Url ASC";
$url_result = $db->query($url_sql);
ifError($url_result);
$threat_sql = "SELECT DISTINCT AppScan_IssueTypes.agency, AppScan_IssueTypes.XmlReport_Name, AppScan_IssueTypes.threatClassification_name FROM AppScan_IssueTypes WHERE AppScan_IssueTypes.agency = '{$agency}' AND AppScan_IssueTypes.XmlReport_Name = '{$XmlReport_Name}' ORDER BY AppScan_IssueTypes.Severity ASC";
$threat_result = $db->query($threat_sql);
ifError($threat_result);
}
//end if
?>
<HTML>
<head>
<title>CREATE APPSCAN REPORT</title>
<script>
function selectAll(selectBox,selectAll) {
// have we been passed an ID
if (typeof selectBox == "string") {
selectBox = document.getElementById(selectBox);
}
// is the select box a multiple select box?
}
for ($x = 0; $x < count($portsArray); $x++) {
$delete_sql = "DELETE FROM nmap_ports_xml WHERE nmap_ports_xml.id = '{$portsArray[$x]}'";
$delete_result = $db->query($delete_sql);
ifError($delete_result);
}
for ($x = 0; $x < count($nseArray); $x++) {
$delete_sql = "DELETE FROM nmap_nse_xml WHERE nmap_nse_xml.id = '{$nseArray[$x]}'";
$delete_result = $db->query($delete_sql);
ifError($delete_result);
}
}
}
$agency_sql = "SELECT DISTINCT\n\t\t\t\t\tnmap_runstats_xml.agency,\n\t\t\t\t\tnmap_runstats_xml.filename,\n\t\t\t\t\tnmap_runstats_xml.nmaprun_start,\n\t\t\t\t\tnmap_runstats_xml.finished_time\n\t\t\t\tFROM\n\t\t\t\t\tnmap_runstats_xml\n\t\t\t\t";
$agency_result = $db->query($agency_sql);
ifError($plugin_result);
?>
<HTML>
<head>
<title>DELETE NMAP VULNERABILITY REPORTS</title>
<script>
function selectAll(selectBox,selectAll) {
// have we been passed an ID
if (typeof selectBox == "string") {
selectBox = document.getElementById(selectBox);
}
// is the select box a multiple select box?
if (selectBox.type == "select-multiple") {
for (var i = 0; i < selectBox.options.length; i++) {
date_default_timezone_set('UTC');
$myDir = "csvfiles/";
$myFileName = $agency . "_" . date('mdYHis') . ".csv";
$myFile = $myDir . $myFileName;
$fh = fopen($myFile, 'w') or die("can't open {$myFile} for writing. Please check folder permissions for the csvfiles folder.");
$severities = array("High", "Medium", "Low", "Informational");
$distinct_vulns = array();
$total_vulns = array();
$sql = "SELECT DISTINCT\n\t\t\tAppScan_IssueTypes.threatClassification_name,\n\t\t\tAppScan_Issues.Url,\n\t\t\tAppScan_Issues.Difference\n\t\tFROM\n\t\t\tappscan_tmp_url\n\t\tINNER JOIN AppScan_Issues ON appscan_tmp_url.Url = AppScan_Issues.Url\n\t\tINNER JOIN AppScan_IssueTypes ON AppScan_IssueTypes.IssueType_ID = AppScan_Issues.Issue_IssueTypeID\n\t\tINNER JOIN appscan_tmp_severity ON appscan_tmp_severity.severity = AppScan_IssueTypes.Severity\n\t\tINNER JOIN appscan_tmp_threat ON appscan_tmp_threat.threatClassification_name = AppScan_IssueTypes.threatClassification_name\n\t\tWHERE AppScan_IssueTypes.Severity = ?\n\t\tORDER BY\n\t\t\tAppScan_IssueTypes.Severity_number DESC,\n\t\t\tAppScan_IssueTypes.threatClassification_name ASC,\n\t\t\tAppScan_Issues.Url ASC\n\t\t";
fwrite($fh, "\"Severity\",\"Threat Classification\",\"URL\",\"Parameter\"");
fwrite($fh, "\n");
foreach ($severities as $severity) {
$flipped_data =& $db->getAll($sql, array("{$severity}"), DB_FETCHMODE_ORDERED | DB_FETCHMODE_FLIPPED);
ifError($data);
$data =& $db->getAll($sql, array("{$severity}"), DB_FETCHMODE_ASSOC);
ifError($data);
$threats = array_unique($flipped_data[0]);
$threat_count = array_count_values($flipped_data[0]);
$total_urls_array = array();
$distinct_vulns[$severity] = count($threats);
$total_vulns[$severity] = array_sum($threat_count);
foreach ($threats as $t) {
for ($i = 0; $i < count($data); $i++) {
if ($data[$i]["threatClassification_name"] == $t) {
$difference_temp1 = explode('->', $data[$i]["Difference"]);
$difference_temp2 = explode('=', $difference_temp1[1]);
$parameter = ltrim(empty($difference_temp2[0]) ? "NOPARAM" : $difference_temp2[0]);
$threat = $data[$i]["threatClassification_name"];
$url = $data[$i]["Url"];
$total_urls_array[] = $url;
fwrite($fh, "\"{$severity}\",\"{$threat}\",\"{$url}\",\"{$parameter}\"");
$sql = "CREATE temporary TABLE appscan_tmp_severity (severity VARCHAR(255))";
$result = $db->query($sql);
ifError($result);
foreach ($sArray as $s) {
$sql = "INSERT INTO appscan_tmp_severity (severity) VALUES ('{$s}')";
$result = $db->query($sql);
ifError($result);
}
date_default_timezone_set('UTC');
$myDir = "csvfiles/";
$myFileName = $agency . "_" . date('mdYHis') . ".csv";
$myFile = $myDir . $myFileName;
$fh = fopen($myFile, 'w') or die("can't open {$myFile} for writing. Please check folder permissions for the csvfiles folder.");
$sql = "SELECT\n\t\t\tAppScan_Issues.agency,\n\t\t\tAppScan_Issues.XmlReport_Name,\n\t\t\tAppScan_IssueTypes.advisory_name,\n\t\t\tAppScan_IssueTypes.threatClassification_name,\n\t\t\tAppScan_IssueTypes.Severity,\n\t\t\tAppScan_Issues.Url,\n\t\t\tAppScan_Issues.Difference,\n\t\t\tAppScan_Issues.OriginalHttpTraffic,\n\t\t\tAppScan_Issues.Validation_String,\n\t\t\tAppScan_Issues.Reasoning\n\t\tFROM\n\t\t\tappscan_tmp_url\n\t\tINNER JOIN AppScan_Issues ON appscan_tmp_url.Url = AppScan_Issues.Url\n\t\tINNER JOIN AppScan_IssueTypes ON AppScan_IssueTypes.IssueType_ID = AppScan_Issues.Issue_IssueTypeID\n\t\tINNER JOIN appscan_tmp_severity ON appscan_tmp_severity.severity = AppScan_IssueTypes.Severity\n\t\tINNER JOIN appscan_tmp_threat ON appscan_tmp_threat.threatClassification_name = AppScan_IssueTypes.threatClassification_name\n\t\tORDER BY\n\t\t\tAppScan_IssueTypes.Severity ASC,\n\t\t\tAppScan_IssueTypes.threatClassification_name ASC,\n\t\t\tAppScan_IssueTypes.advisory_name ASC,\n\t\t\tAppScan_Issues.Url ASC\n\t\t";
$results = $db->query($sql);
ifError($results);
fwrite($fh, "\"Threat Classification\",\"Advisory Name\",\"Severity\",\"Scanner\",\"URL\",\"Parameter\",\"Validation String\"");
fwrite($fh, "\n");
while ($row = $results->fetchRow(DB_FETCHMODE_ASSOC)) {
$advisory_name = $row["advisory_name"];
$threatClassification_name = $row["threatClassification_name"];
$severity = $row["Severity"];
$url = $row["Url"];
$difference_temp1 = split('->', $row["Difference"]);
$difference_temp2 = split('=', $difference_temp1[1]);
$parameter = $difference_temp2[0];
$validation_string = $row["Validation_String"];
$reasoning = $row["Reasoning"];
fwrite($fh, "\"{$threatClassification_name}\",\"{$advisory_name}\",\"{$severity}\",\"AppScan\",\"{$url}\",\"{$parameter}\",\"{$validation_string}\"");
fwrite($fh, "\n");
}
