Adrien, On Fri, Nov 19, 2010 at 11:48 AM, Adrien de Beaupre <[email protected]> wrote: > Hi, > > I wrote a quick w3af XML output parser. > If you could take a look and let me know what you think I would appreciate it. > (Yes, it is written in Perl and uses XML::DOM) > Had to make some assumptions on the structure of the XML, but will tweak > it when more documentation is available. Works for all of the reports I have. > > Here it is: http://handlers.dshield.org/adebeaupre/parsew3afxml2mysql.pl
I added a new ticket to our roadmap. I'm still not sure WHEN its going to be done, but it should be finished before the end of this year. https://sourceforge.net/apps/trac/w3af/ticket/160478 If you guys have any comments on the implementation details, or any special requests about this feature, please feel free to add them to the ticket or comment about them here. Thanks! > If anyone is interested I also have written parsers for nessus, nmap, > nikto. burp, > acunetix, and watcher. > > Cheers, > Adrien > > On Wed, Nov 17, 2010 at 9:20 AM, Brad Causey <[email protected]> wrote: >> Agree. >> >> DTD will offer the most flexibility, IMO. >> >> I'll work on a parser for the XML output. >> >> >> -Brad Causey >> CISSP, MCSE, C|EH, CIFI, CGSP >> >> http://www.owasp.org >> -- >> "Si vis pacem, para bellum" >> -- >> >> >> On Wed, Nov 17, 2010 at 6:41 AM, Adrien de Beaupre <[email protected]> >> wrote: >>> >>> Hi Andrés, >>> >>> I suppose what I really need is a document describing how the XML >>> output is laid out. >>> Elements, attributes... >>> Makes it a wee bit easier to parse it! >>> >>> :) >>> >>> Otherwise I have to make too many assumptions, and we know that >>> assumption is the mother of truly major screw ups. >>> >>> Cheers, >>> Adrien de Beaupré >>> >>> On Wed, Nov 17, 2010 at 1:09 AM, Andres Riancho >>> <[email protected]> wrote: >>> > Brad, Adrien, >>> > >>> > I'm exploring this enhancement right now and I see that there are >>> > two options: >>> > >>> > - DTD >>> > - XML Schema >>> > >>> > Which one do you guys *really* need? What are the advantages of >>> > DTD over XML Schema? For me, xml schema seems to be the smarter >>> > option, but I can't be missing important things as I've never really >>> > used none of the options. >>> > >>> > Once we decide on that, do you know if there is some type of "XML >>> > schema generator" that generates the schema based on sample xml files? >>> > Yes, I'm really lazy :) >>> > >>> > Regards, >>> > >>> > On Tue, Nov 16, 2010 at 1:57 PM, Brad Causey <[email protected]> >>> > wrote: >>> >> I second this!! >>> >> >>> >> On 11/16/10, Adrien de Beaupre <[email protected]> wrote: >>> >>> I was wondering is a DTD was available for the W3AF XML output format? >>> >>> Has anyone created a parser for this output? >>> >>> >>> >>> I didn't see the answer in the user guide or mailing list archive. >>> >>> >>> >>> W3AF user. >>> >>> >>> >>> Cheers, >>> >>> Adrien de Beaupre >>> >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> Beautiful is writing same markup. Internet Explorer 9 supports >>> >>> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. >>> >>> Spend less time writing and rewriting code and more time creating >>> >>> great >>> >>> experiences on the web. Be a part of the beta today >>> >>> http://p.sf.net/sfu/msIE9-sfdev2dev >>> >>> _______________________________________________ >>> >>> W3af-users mailing list >>> >>> [email protected] >>> >>> https://lists.sourceforge.net/lists/listinfo/w3af-users >>> >>> >>> >> >>> >> -- >>> >> Sent from my mobile device >>> >> >>> >> -Brad Causey >>> >> CISSP, MCSE, C|EH, CIFI, CGSP >>> >> >>> >> http://www.owasp.org >>> >> -- >>> >> "Si vis pacem, para bellum" >>> >> -- >>> >> >>> >> >>> >> ------------------------------------------------------------------------------ >>> >> Beautiful is writing same markup. Internet Explorer 9 supports >>> >> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. >>> >> Spend less time writing and rewriting code and more time creating >>> >> great >>> >> experiences on the web. Be a part of the beta today >>> >> http://p.sf.net/sfu/msIE9-sfdev2dev >>> >> _______________________________________________ >>> >> W3af-users mailing list >>> >> [email protected] >>> >> https://lists.sourceforge.net/lists/listinfo/w3af-users >>> >> >>> > >>> > >>> > >>> > -- >>> > Andrés Riancho >>> > Director of Web Security at Rapid7 LLC >>> > Founder at Bonsai Information Security >>> > Project Leader at w3af >>> > >> >> > > > > -- > Cheers, > Adrien de Beaupre > SANS Internet Storm Center Handler > --- > Note: The SANS Handlers is a group of approximately 30 volunteer > incident handlers. You may receive responses from other individuals > on that list. Also, please direct all communication to > [email protected], so that everyone is kept "in the loop. > -- Andrés Riancho Director of Web Security at Rapid7 LLC Founder at Bonsai Information Security Project Leader at w3af ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
