Skipfish¶
Parser¶
synopsis: | Specialized ptp.libptp.parser.AbstractParser classes for the tool Skipfish. |
---|
-
class
ptp.tools.skipfish.parser.
SkipfishJSParser
(pathname, light=False)[source]¶ Skipfish JS specialized parser.
-
__tool__
= 'skipfish'¶
-
__format__
= 'js'¶
-
__version__
= '2\\.10b'¶
-
_parse_report_full
(dir_list)[source]¶ Parse HTTP requests from directories listed in the samples.js file.
From all the directories, it reads request.dat and response.dat file and return a list of dict resquests and responses.
-
classmethod
handle_file
(metadatafile, reportfile)[source]¶ Process the two report files of the Skipfish report.
Parameters: Raises: - TypeError – if the files have not the right extension.
- OSError – if an error occurs when reading the files.
- IOError – if an error occurs when reading the files.
Returns: Both metadata and report files’ contents.
Return type: tuple
-
classmethod
is_mine
(pathname, light=False)[source]¶ Check if it can handle the report file.
Parameters: Raises: - IOError – when the report file cannot be found.
- OSError – when the report file cannot be found.
Returns: True if it supports the report, False otherwise.
Return type:
-
parse_metadata
()[source]¶ Retrieve the metadata of the report.
Raises: NotSupportedVersionError
– if it does not support this version of the report.Returns: Dictionary containing the metadatas. Return type: dict
Note
In skipfish the metadata are saved into the summary.js file as follow:
var sf_version = version<string>; var scan_date = date<'Ddd Mmm d hh:mm:ss yyyy'>; var scan_seed = scan seed<integer> var scan_ms = elapsed time in ms<integer>;
-
parse_report
()[source]¶ Retrieve the results from the report.
Raises: ReportNotFoundError
– if the report file was not found.Returns: List of dicts where each one represents a discovery. Return type: list
Note
Example of retrieved data after conversion (i.e. raw_report) using the module
ast
:[{ 'severity': 3, 'type': 40402, 'samples': [ { 'url': 'http://demo.testfire.net/bank/login.aspx', 'extra': 'SQL syntax string', 'sid': '21010', 'dir': '_i2/0' }, { 'url': 'http://demo.testfire.net/bank/login.aspx', 'extra': 'SQL syntax string', 'sid': '21010', 'dir': '_i2/1' }, { 'url': 'http://demo.testfire.net/subscribe.aspx', 'extra': 'SQL syntax string', 'sid': '21010', 'dir': '_i2/2' } ] },]
-