Scan report is now in HTML

Number of vulenrabilitis, ports open and CVEs are now returned as result
2026-04-29 07:29:32 +00:00 · 2023-08-03 10:36:24 +02:00 · 2023-08-03 10:36:24 +02:00 · 40804f3c45
commit 40804f3c45
parent ae228af133
4 changed files with 57 additions and 17 deletions
--- a/scripts/lua/modules/vulnerability_scan/vs_utils.lua
+++ b/scripts/lua/modules/vulnerability_scan/vs_utils.lua
@ -71,8 +71,10 @@ end
 -- ##############################################

 -- remove the first/last few lines that contain nmap information that change at each scan
-function vs_utils.cleanup_nmap_result(scan_result)
+function vs_utils.cleanup_nmap_result(scan_result, scan_type)
   scan_result = scan_result:gsub("|", "")
+   scan_result = scan_result:gsub("^_", "")
+   scan_result = scan_result:gsub("_$", "")
   
   scan_result = lines(scan_result)
   
@ -83,17 +85,47 @@ function vs_utils.cleanup_nmap_result(scan_result)
   for i=1,3 do 
      table.remove(scan_result, #scan_result)
   end
-   
-   scan_result = table.concat(scan_result, "\n")

-   return(scan_result)
+   local num_open_ports = 0
+   local num_vulnerabilities = 0
+   local cve = {}
+   local scan_out = {}
+   
+   for _,l in pairs(scan_result) do
+      local t = string.find(l, "/tcp open") or 0
+      local u = string.find(l, "/udp open") or 0
+      
+      if((t > 0) or (u > 0)) then
+	 num_open_ports = num_open_ports + 1
+      end
+
+      if(string.sub(l, 1, 2) == " [") then
+	 local c = string.split(string.sub(l,3), "]")
+	 
+	 if(scan_type == "cve") then
+	    l = '[<A HREF="https://vulners.com/openvas/OPENVAS:'..c[1]..'">'..c[1]..'</A>]'..c[2]
+	 elseif(scan_type == "openvas") then
+	    l = '[<A HREF="https://nvd.nist.gov/vuln/detail/'..c[1]..'">'..c[1]..'</A>]'..c[2]
+	 end
+	 
+	 table.insert(cve, c[1])
+	 num_vulnerabilities = num_vulnerabilities + 1
+      end
+
+      table.insert(scan_out, l)
+   end
+
+   scan_result = table.concat(scan_out, "\n")
+
+   return scan_result, num_open_ports, num_vulnerabilities, cve
 end

 -- **********************************************************

 -- Function to save host configuration
 function vs_utils.save_host_to_scan(scan_type, host, scan_result, last_scan_time, last_duration,
-				    is_ok_last_scan, ports, scan_frequency, num_open_ports,num_vulnerabilities_found)
+				    is_ok_last_scan, ports, scan_frequency, num_open_ports,
+				    num_vulnerabilities_found, cve)
   local saved_hosts_string = ntop.getCache(host_to_scan_key)
   local saved_hosts = {}
   
@ -117,14 +149,17 @@ function vs_utils.save_host_to_scan(scan_type, host, scan_result, last_scan_time
      scan_type = scan_type,
      ports = ports,
      num_open_ports = num_open_ports,
-      num_vulnerabilities_found = num_vulnerabilities_found
+      num_vulnerabilities_found = num_vulnerabilities_found,
+      cve = cve,
   }

   if last_scan_time or last_duration then
      local time_formatted = format_utils.formatPastEpochShort(last_scan_time)
+      
      if last_duration <= 0 then
         last_duration = 1
      end
+      
      last_duration = secondsToTime(last_duration)
      new_item.last_scan = {
 	 epoch = last_scan_time,
@ -262,9 +297,10 @@ end
 -- Function to exec single host scan
 function vs_utils.scan_host(scan_type, host, ports)
   local scan_module = vs_utils.load_module(scan_type)
-   local result,duration,scan_result,num_open_ports,num_vulnerabilities_found = scan_module:scan_host(host, ports)
+   local result,duration,scan_result,num_open_ports,num_vulnerabilities_found, cve = scan_module:scan_host(host, ports)

-   vs_utils.save_host_to_scan(scan_type, host, result, now, duration, scan_result, ports, num_open_ports,num_vulnerabilities_found)
+   vs_utils.save_host_to_scan(scan_type, host, result, now, duration, scan_result,
+			      ports, num_open_ports, num_vulnerabilities_found, cve)

   return true
 end