Hi, I wrote a quick w3af XML output parser. If you could take a look and let me know what you think I would appreciate it. (Yes, it is written in Perl and uses XML::DOM) Had to make some assumptions on the structure of the XML, but will tweak it when more documentation is available. Works for all of the reports I have.
Here it is: http://handlers.dshield.org/adebeaupre/parsew3afxml2mysql.pl If anyone is interested I also have written parsers for nessus, nmap, nikto. burp, acunetix, and watcher. Cheers, Adrien On Wed, Nov 17, 2010 at 9:20 AM, Brad Causey <bradcau...@owasp.org> wrote: > Agree. > > DTD will offer the most flexibility, IMO. > > I'll work on a parser for the XML output. > > > -Brad Causey > CISSP, MCSE, C|EH, CIFI, CGSP > > http://www.owasp.org > -- > "Si vis pacem, para bellum" > -- > > > On Wed, Nov 17, 2010 at 6:41 AM, Adrien de Beaupre <adrie...@gmail.com> > wrote: >> >> Hi Andrés, >> >> I suppose what I really need is a document describing how the XML >> output is laid out. >> Elements, attributes... >> Makes it a wee bit easier to parse it! >> >> :) >> >> Otherwise I have to make too many assumptions, and we know that >> assumption is the mother of truly major screw ups. >> >> Cheers, >> Adrien de Beaupré >> >> On Wed, Nov 17, 2010 at 1:09 AM, Andres Riancho >> <andres.rian...@gmail.com> wrote: >> > Brad, Adrien, >> > >> > I'm exploring this enhancement right now and I see that there are >> > two options: >> > >> > - DTD >> > - XML Schema >> > >> > Which one do you guys *really* need? What are the advantages of >> > DTD over XML Schema? For me, xml schema seems to be the smarter >> > option, but I can't be missing important things as I've never really >> > used none of the options. >> > >> > Once we decide on that, do you know if there is some type of "XML >> > schema generator" that generates the schema based on sample xml files? >> > Yes, I'm really lazy :) >> > >> > Regards, >> > >> > On Tue, Nov 16, 2010 at 1:57 PM, Brad Causey <bradcau...@owasp.org> >> > wrote: >> >> I second this!! >> >> >> >> On 11/16/10, Adrien de Beaupre <adrie...@gmail.com> wrote: >> >>> I was wondering is a DTD was available for the W3AF XML output format? >> >>> Has anyone created a parser for this output? >> >>> >> >>> I didn't see the answer in the user guide or mailing list archive. >> >>> >> >>> W3AF user. >> >>> >> >>> Cheers, >> >>> Adrien de Beaupre >> >>> >> >>> >> >>> ------------------------------------------------------------------------------ >> >>> Beautiful is writing same markup. Internet Explorer 9 supports >> >>> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. >> >>> Spend less time writing and rewriting code and more time creating >> >>> great >> >>> experiences on the web. Be a part of the beta today >> >>> http://p.sf.net/sfu/msIE9-sfdev2dev >> >>> _______________________________________________ >> >>> W3af-users mailing list >> >>> W3af-users@lists.sourceforge.net >> >>> https://lists.sourceforge.net/lists/listinfo/w3af-users >> >>> >> >> >> >> -- >> >> Sent from my mobile device >> >> >> >> -Brad Causey >> >> CISSP, MCSE, C|EH, CIFI, CGSP >> >> >> >> http://www.owasp.org >> >> -- >> >> "Si vis pacem, para bellum" >> >> -- >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> Beautiful is writing same markup. Internet Explorer 9 supports >> >> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. >> >> Spend less time writing and rewriting code and more time creating >> >> great >> >> experiences on the web. Be a part of the beta today >> >> http://p.sf.net/sfu/msIE9-sfdev2dev >> >> _______________________________________________ >> >> W3af-users mailing list >> >> W3af-users@lists.sourceforge.net >> >> https://lists.sourceforge.net/lists/listinfo/w3af-users >> >> >> > >> > >> > >> > -- >> > Andrés Riancho >> > Director of Web Security at Rapid7 LLC >> > Founder at Bonsai Information Security >> > Project Leader at w3af >> > > > -- Cheers, Adrien de Beaupre SANS Internet Storm Center Handler --- Note: The SANS Handlers is a group of approximately 30 volunteer incident handlers. You may receive responses from other individuals on that list. Also, please direct all communication to handl...@sans.org, so that everyone is kept "in the loop. ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev _______________________________________________ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
