search

intruxxer / zaproxy

Automatically exported from code.google.com/p/zaproxy
0 stars 0 forks source link

XML Report Enhancement Suggesstions #139

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Some other changes/enhancements to the XML report I was thinking of are as 
follows:

I would change the XML document root to something like the following:
<OWASPZAPReport version="1.1.0b" generated="Fri, 17 Dec 2010 09:08:16">
- Definitely add the current version of ZAP. 

If multiple sites have been tested during the same session I would
break out the results into two separate sections:
<scan site="http://www.site1.org">
</scan>
<scan site="https://www.site2.org">
</scan>

I would also add all of the plugins to the report:
<plugin number="2" name="Obsolete file" enabled="1">
<plugin number="1" name="Directory browsing" enabled="0">

As well add the current ZAP config to the report (from config.xml)

Add all of the URLs that were browsed manually, along with parameters.
<browsed>
<url>http://testsite.local</url>
<param/>
<otherinfo/>
</browsed

Add all of the URLs discovered by the spider.
<spider>
<url>http://testsite.local/images/<url>
<param/>
<otherinfo/>
</spider>

Add all of the URLs discovered by Dirbuster, and which list was used.
<dirbuster list="directory-list-1.0.txt">
<url>http://testsite.local/images/<url>
<param/>
<otherinfo/>
</dirbuster>

Add ports discovered by the portscanner.
<portscanner>
<port protocol="tcp" number="80" status="open">
</port>
</portscanner>

Cheers,
Adrien

Original issue reported on code.google.com by adrie...@gmail.com on 28 Jun 2011 at 12:11

GoogleCodeExporter commented 9 years ago 
The new API does allow you to see all of the sites, but not the other really 
useful things you've suggested.
I'd like to extend the API to cover pretty much everything ZAP provides, but it 
would also be great to be able to generate a report where the user can select 
exactly what the report contains.

Psiinon

Original comment by psii...@gmail.com on 28 Jun 2011 at 8:26

GoogleCodeExporter commented 9 years ago 
Added Issue 268 to cover the parts of this request me can implement prior to 
1.4 :)

Original comment by psii...@gmail.com on 24 Jan 2012 at 9:07