How export report in XML/CSV format

[wheelq]

I have checked archerysec-cli otuput, and because it does not provide accurate results (Under Zap Scans help section I could find --arachni command used to 'Launch Arachni Scan').

Hence my question here. How can I export scan results in XML and CSV format using archerysec-cli for:

• zap scan
• arachni
• burp
• nikto

[anandtiwarics]

Currently, some of the scanners report supports XML file and some of them JSON.

Below are some examples.

archerysec-cli -s http://127.0.0.1:8000 -u admin -p admin@123 --upload --file_type=XML --file=/Users/report\ sample/zap.xml --TARGET="SDFADF" --project_id=8b2ef34c-9ae0-4f43-99e4-2bfefb7b27c3  --scanner=zap_scan

archerysec-cli -s http://127.0.0.1:8000 -u admin -p admin@123 --upload --file_type=XML --file=/Users/report\ sample/burp_testhtml5.vulnweb.xml --TARGET="SDFADF" --project_id=8b2ef34c-9ae0-4f43-99e4-2bfefb7b27c3  --scanner=burp_scan

archerysec-cli -s http://127.0.0.1:8000 -u admin -p admin@123 --upload --file_type=XML --file=/Users/report\ sample/arachni.xml --TARGET="SDFADF" --project_id=8b2ef34c-9ae0-4f43-99e4-2bfefb7b27c3  --scanner=arachni

Note:

--scanner

• zap_scan (XML)
• burp_scan (XML)
• arachni (XML)
• netsparker(XML)
• webinspect(XML)
• banditscan (XML)
• dependencycheck (XML)
• findbugs (XML)
• clair (JSON)
• inspec (JSON)
• nikto (html)

[wheelq]

Thank you but

1.I was asking about EXPORT (How can I export scan results in XML and CSV...) NOT IMPORT.

2. Where can I find latest information about supported output formats of the reports? This is a bit confusing, as the GUI supports CSV, XML, PDF but I can't find those options when using CLI, and the information on the Github pages is outdated.

[Indrajeet1995]

Hey, I was trying to import XML scan reports following the commands that you have suggested above with changes in

• ip address
• password
• username

• project Id

  and also I pasted the report file in same directory that that I am running the terminal in. but unfortunately hit a blocker, so when I try to import a scan report I get this weird Output that says

"detail":"Authentication credentials were not provided."

can you give me some insight on what I may be doing wrong. Also it would really help if you update the archerysec-cli docs on the official webpage. For your reference my command looks something like this

archerysec-cli -s http://IP_address:port -u USERNAME -p PASSWORD --upload --file_type=XML --file=report.xml --TARGET="SDFADF" --project_id=abc123 --scanner=zap_scan

[mich4e1]

Hey, I was trying to import XML scan reports following the commands that you have suggested above with changes in

• ip address
• password
• username
• project Id

and also I pasted the report file in same directory that that I am running the terminal in. but unfortunately hit a blocker, so when I try to import a scan report I get this weird Output that says

"detail":"Authentication credentials were not provided."

can you give me some insight on what I may be doing wrong. Also it would really help if you update the archerysec-cli docs on the official webpage. For your reference my command looks something like this

archerysec-cli -s http://IP_address:port -u USERNAME -p PASSWORD --upload --file_type=XML --file=report.xml --TARGET="SDFADF" --project_id=abc123 --scanner=zap_scan

I have the same issue? Every request it is the same response: "detail":"Authentication credentials were not provided."

@Indrajeet1995 did you find a solution?

[mich4e1]

I found the solution.

The issue is improper usage of the Authorization header!!! The archerysec-cli is used: Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhb...

instead of: Authorization: JWT eyJ0eXAiOiJK....

Once I manually changed the header in the POST request - it works properly.

Also, changed the code here: ./lib/python3.8/site-packages/archerysec_cli/cli.py: headers = {'Authorization': 'Bearer ' + token}

to: ./lib/python3.8/site-packages/archerysec_cli/cli.py: headers = {'Authorization': 'JWT ' + token}