Custom Reporting API

I’ll try to write a new tip or tutorial every week in here. Let’s start with Netsparker’s custom reporting API.

How does it work?

During the startup of Netsparker, it scans for C# code files (*.cs) in the "ReportTemplates" directory located under Netsparker's installation directory. Every identified file will be visible in the "Reporting" menu as a custom report.

Scripting Language

Netsparker’s scripting language is C#. Even if you haven’t code in C# before, it shouldn’t be a problem. It’s pretty easy to make simple changes.

Here is a sample custom report:

<%@ Assembly Name="MSL.Project" %>
<%@ Assembly Name="MSL.Interfaces" %>
<%@ Assembly Name="MSL.Shared" %>
<%@ Import NameSpace="FM.Dilemma" %>
<%@ Import NameSpace="System.Collections" %>
<%@ Import NameSpace="System.Collections.Generic" %>
<%@ Import NameSpace="System.Security" %>
<%@ Argument Name="vulns" Type="Array" %>
<%@ Argument Name="settings" Type="ScanSettings" %>
<?xml version="1.0" encoding="utf-8" ?>
<netsparker generated="<%=DateTime.Now.ToString()%>">

    <target>
        <url><%=SecurityElement.Escape(settings.Uri.ToString())%></url>
    </target>

<%
foreach(Vulnerability vuln in vulns){
%>
    <vulnerability confirmed="<%=vuln.Confirmed.ToString()%>">
        <url><%=SecurityElement.Escape(vuln.RequestUri.ToString())%></url>
        <type><%=vuln.Type%></type>
        <severity><%=vuln.ExtendedType.Severity.ToString()%></severity>
        <vulnerableparametertype><%=SecurityElement.Escape(vuln.UriManager.AttackParameter.Type.ToString())%></vulnerableparametertype>
        <vulnerableparameter><%=SecurityElement.Escape(vuln.UriManager.AttackParameter.Name)%></vulnerableparameter>
        <vulnerableparametervalue><%=SecurityElement.Escape(vuln.UriManager.AttackParameter.Value)%></vulnerableparametervalue>

        <rawrequest><%=SecurityElement.Escape(vuln.RawRequest)%></rawrequest>
        <rawresponse><%=SecurityElement.Escape(vuln.RawResponse)%></rawresponse>

        <extrainformation>
        <%
            foreach(KeyValuePair<string, CustomField> cField in vuln.CustomFields){
        %>
            <info name="<%=cField.Key%>"><%=SecurityElement.Escape(cField.Value.Value)%></info>
        <%
            }
        %>
        </extrainformation>
    </vulnerability>

<%
}
%>
</netsparker>

This will generate an XML file which includes:

• All vulnerabilities
• Vulnerable Parameter and type (GET/POST)
• Vulnerability Details
• Confirmation Status
• Extra exploitation data
• Scan time
• Vulnerability severity etc...

You can add more details into the reports or customise them as much as you want.

Documentation

You can find MSDN style API documentation under the “ReportTemplates” directory, in the file “NetsparkerReportingAPI.chm”.

Defining the extension of the report

Name of the “.cs” file will be visible under the “Reporting“menu and when user click to it, generated report will use the extension from the custom report file name.

For example:

• “Vulnerabilities List (XML).xml.cs “ - File extension will be “xml”
• “Vulnerabilities List (XML).html.cs” - File extension will be “html”

Testing the code

You don’t need to restart Netsparker every time you change the source code of your report. After Netsparker adds it to the report menu once all you need to do is run it again. If it fails to compile it’ll let you know with an error message.

Sample Code

A sample report ships with Netsparker called “Vulnerabilities List (XML).xml.cs” which is a simple report which generates an XML report with all identified vulnerabilities.

Support

If you need any help just send us an email or give us a ring, we’ll be happy to help you out.

Security

The reporting engine runs with current user’s privileges. So don’t run the report unless you trust the author of the custom report code.