Wapiti

Parser

synopsis:Specialized ptp.libptp.parser.AbstractParser classes for the tool Wapiti.
class ptp.tools.wapiti.parser.WapitiXMLParser(pathname='./', filename='*.xml', **kwargs)[source]

Wapiti XML specialized parser.

__tool__ = 'wapiti'
__format__ = 'xml'
__version__ = '^\\D*(2\\.3(\\.[0-9]+)?)$'
classmethod is_mine(pathname, filename='*.xml', light=True, first=True)[source]

Check if it can handle the report file.

Parameters:
  • pathname (str) – Path to the report directory.
  • filename (str) – Regex matching the report file.
  • light (bool) – True to only parse the ranking of the findings from the report.
  • first (bool) – Only process first file (True) or each file that matched (False).
Raises:
  • IOError – when the report file cannot be found.
  • OSError – when the report file cannot be found.
Returns:

True if it supports the report, False otherwise.

Return type:

bool

parse_metadata()[source]

Parse the metadata of the report.

Raises:NotSupportedVersionError – if it does not support the version of this report.
Returns:The metadata of the report.
Return type:dict
parse_report()[source]

Parse the results of the report.

Returns:List of dicts where each one represents a discovery.
Return type:list
class ptp.tools.wapiti.parser.Wapiti221XMLParser(pathname='./', filename='*.xml', **kwargs)[source]

Wapiti XML specialized parser.

__tool__ = 'wapiti'

str – Name of the tool.

__format__ = 'xml'

str – Format of Wapiti reports it supports.

__version__ = '2\\.2(\\.[0-9]+)?'

list – Wapiti versions it supports.

classmethod is_mine(pathname, filename='*.xml', light=True, first=True)[source]

Check if it is a supported Wapiti report.

Parameters:
  • pathname (str) – Path to the report directory.
  • filename (str) – Regex matching the report file.
  • light (bool) – True to only parse the ranking of the findings from the report.
  • first (bool) – Only process first file (True) or each file that matched (False).
Returns:

True if it supports the report, False otherwise.

Return type:

bool

parse_metadata()[source]

Parse the metadata of the report.

Raises:NotSupportedVersionError – if it does not support the version of this report.
Returns:The metadata of the report.
Return type:dict
parse_report()[source]

Parse the results of the report.

Returns:List of dicts where each one represents a discovery.
Return type:list

Signatures

synopsis:Wapiti does not provide ranking for the vulnerabilities it has found. This file tries to define a ranking for every vulnerability Wapiti might find.
ptp.tools.wapiti.signatures.SIGNATURES = {'SQL Injection': 4, 'Blind SQL Injection': 4, 'Command execution': 4, 'Cross Site Scripting': 4, 'Htaccess Bypass': 3, 'CRLF Injection': 3, 'CRLF': 3, 'File Handling': 2, 'Resource consumption': 2, 'Backup file': 1, 'Potentially dangerous file': 1, 'Internal Server Error': 1}
Data:dict of the categories with their rank.