Link to home
Start Free TrialLog in
Avatar of shark1998
shark1998

asked on

Rendering XML in HTML

OK...So I have an XML document that I would like to parse and represent in simple HTML format via AJAX.  I have the structure already in place however I am having difficulty showing all sub-elements.  

Basically, I have a Vulnerability scan output generated in XML from a Vulnerability scanner called Retina.  The XML structure is fine and is structured such as:

- <scanJob>
- <hosts>
+ <host>
  <ip>192.168.1.101</ip>
  <netBIOSName>N/A</netBIOSName>
  <dnsName>LAB-Quack1</dnsName>
  <mac>N/A</mac>
  <os>Windows Server 2003</os>
- <audit>
  <rthID>1226</rthID>
  <cve>N/A</cve>
  <name>No Remote Registry Access Available</name>
  <description>This alert is only to notify you that Retina was not able to access the remote system's registry. Without registry access, Retina will still be able to remotely audit for vulnerabilities, although having access to the remote registry does provide Retina with the ability to verify if specific security patches are installed.<BR><BR>By default the Retina scan engine runs as the SYSTEM user which has no access to the remote system's registry. To have Retina scan with the permissions required to access remote registries you'll need to add credentials to the scan. See "Managing Credentials" in the Retina users guide.</description>
  <date>03/18/2009</date>
  <risk>Information</risk>
  <pciLevel>1 (Low)</pciLevel>
  <cvssScore>N/A</cvssScore>
  <fixInformation>Ensure that the system has remote registry capabilities enabled, and that you have administrative rights on the system.</fixInformation>
  </audit>
- <audit>
  <rthID>6799</rthID>
  <cve>N/A</cve>
  <name>Verify Microsoft Windows Password Complexity</name>
  <description>This is an informational check. Manually check to ensure that password complexity requirements are enforced.</description>
  <date>03/18/2009</date>
  <risk>Information</risk>
  <pciLevel>1 (Low)</pciLevel>
  <cvssScore>N/A</cvssScore>
  <fixInformation>This is an informational check. Manually check to ensure that password complexity requirements are enforced.</fixInformation>
  </audit>
- <audit>
  <rthID>6798</rthID>
  <cve>N/A</cve>
  <name>Verify Microsoft Windows Anonymous SID/Name Translation</name>
  <description>This is an informational check. Manually check to ensure that Anonymous SID/Name Translation is disabled.</description>
  <date>03/18/2009</date>
  <risk>Information</risk>
  <pciLevel>1 (Low)</pciLevel>
  <cvssScore>N/A</cvssScore>
  <fixInformation>This is an informational check. Manually check to ensure that Anonymous SID/Name Translation is disabled.</fixInformation>
  </audit>
  </host>
- <host>
  <ip>192.168.1.102</ip>
  <netBIOSName>N/A</netBIOSName>
  <dnsName>LAB-Quack2</dnsName>
  <mac>N/A</mac>
  <os>Windows Server 2003</os>
- <audit>
  <rthID>1226</rthID>
  <cve>N/A</cve>
  <name>No Remote Registry Access Available</name>
  <description>This alert is only to notify you that Retina was not able to access the remote system's registry. Without registry access, Retina will still be able to remotely audit for vulnerabilities, although having access to the remote registry does provide Retina with the ability to verify if specific security patches are installed.<BR><BR>By default the Retina scan engine runs as the SYSTEM user which has no access to the remote system's registry. To have Retina scan with the permissions required to access remote registries you'll need to add credentials to the scan. See "Managing Credentials" in the Retina users guide.</description>
  <date>03/18/2009</date>
  <risk>Information</risk>
  <pciLevel>1 (Low)</pciLevel>
  <cvssScore>N/A</cvssScore>
  <fixInformation>Ensure that the system has remote registry capabilities enabled, and that you have administrative rights on the system.</fixInformation>
  </audit>
- <audit>
  <rthID>6799</rthID>
  <cve>N/A</cve>
  <name>Verify Microsoft Windows Password Complexity</name>
  <description>This is an informational check. Manually check to ensure that password complexity requirements are enforced.</description>
  <date>03/18/2009</date>
  <risk>Information</risk>
  <pciLevel>1 (Low)</pciLevel>
  <cvssScore>N/A</cvssScore>
  <fixInformation>This is an informational check. Manually check to ensure that password complexity requirements are enforced.</fixInformation>
  </audit>
- <audit>
  <rthID>6798</rthID>
  <cve>N/A</cve>
  <name>Verify Microsoft Windows Anonymous SID/Name Translation</name>
  <description>This is an informational check. Manually check to ensure that Anonymous SID/Name Translation is disabled.</description>
  <date>03/18/2009</date>
  <risk>Information</risk>
  <pciLevel>1 (Low)</pciLevel>
  <cvssScore>N/A</cvssScore>
  <fixInformation>This is an informational check. Manually check to ensure that Anonymous SID/Name Translation is disabled.</fixInformation>
  </audit>
  </host>
- <host>
  <ip>192.168.1.103</ip>
  <netBIOSName>N/A</netBIOSName>
  <dnsName>LAB-Quack3</dnsName>
  <mac>N/A</mac>
  <os>Windows Server 2003</os>
- <audit>
  <rthID>1226</rthID>
  <cve>N/A</cve>
  <name>No Remote Registry Access Available</name>
  <description>This alert is only to notify you that Retina was not able to access the remote system's registry. Without registry access, Retina will still be able to remotely audit for vulnerabilities, although having access to the remote registry does provide Retina with the ability to verify if specific security patches are installed.<BR><BR>By default the Retina scan engine runs as the SYSTEM user which has no access to the remote system's registry. To have Retina scan with the permissions required to access remote registries you'll need to add credentials to the scan. See "Managing Credentials" in the Retina users guide.</description>
  <date>03/18/2009</date>
  <risk>Information</risk>
  <pciLevel>1 (Low)</pciLevel>
  <cvssScore>N/A</cvssScore>
  <fixInformation>Ensure that the system has remote registry capabilities enabled, and that you have administrative rights on the system.</fixInformation>
  </audit>
- <audit>
  <rthID>6799</rthID>
  <cve>N/A</cve>
  <name>Verify Microsoft Windows Password Complexity</name>
  <description>This is an informational check. Manually check to ensure that password complexity requirements are enforced.</description>
  <date>03/18/2009</date>
  <risk>Information</risk>
  <pciLevel>1 (Low)</pciLevel>
  <cvssScore>N/A</cvssScore>
  <fixInformation>This is an informational check. Manually check to ensure that password complexity requirements are enforced.</fixInformation>
  </audit>
- <audit>
  <rthID>6798</rthID>
  <cve>N/A</cve>
  <name>Verify Microsoft Windows Anonymous SID/Name Translation</name>
  <description>This is an informational check. Manually check to ensure that Anonymous SID/Name Translation is disabled.</description>
  <date>03/18/2009</date>
  <risk>Information</risk>
  <pciLevel>1 (Low)</pciLevel>
  <cvssScore>N/A</cvssScore>
  <fixInformation>This is an informational check. Manually check to ensure that Anonymous SID/Name Translation is disabled.</fixInformation>
  </audit>
  </host>
  </hosts>
  </scanJob>


What I have for the current method of rendering is in the code block below.  The problem is that when it renders the HTML, only the first Audit Node(branch, whatever, I am really not sure what its called) is shown and not the additional "Audit" findings under that particular IP address.  I am assuming that I need to add another Array, but since I got help with the code in the first place I am not really sure how to implement it.  In the future though I would like the generated HTML to list by Vulnerability and group the individual IPs under that particular vulnerability.

Any help would be greatly appreciated.  Also, please try not to make too many changes that are a drastic departure from what I already have and if you do can you describe it as much detail as possible.  I sincerely appreciate it.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<title>Untitled Document</title>
	<script type="text/javascript">
	    function _xml_loadDocument(path) {
	    	var xmlDoc;
			try { // IE
				xmlDoc = new ActiveXObject("Microsoft.XMLDOM");
			}
			catch (ex) {
				try { // Gecko
					xmlDoc = document.implementation.createDocument("","",null);
				}
				catch (ex) {
					alert('Your browser cannot handle this script');
				}
			}
			xmlDoc.async = false;
			xmlDoc.load(path);
			return xmlDoc;
		}
 
		
		//make the table
 
		function renderTableBody(parentElement) {
			var tableEl = parentElement.appendChild(document.createElement('TABLE'));
			tableEl.cellPadding = '10';
			tableEl.style.width = '100%';
 
			var tableBody = tableEl.appendChild(document.createElement('TBODY'));
 
			// Render header cells.
			var headerRow = tableBody.appendChild(document.createElement('TR'));
			headerRow.appendChild(document.createElement('TD')).innerHTML = 'IP';
			headerRow.appendChild(document.createElement('TD')).innerHTML = 'DNS Name';
			headerRow.appendChild(document.createElement('TD')).innerHTML = 'Operating System';			
			headerRow.appendChild(document.createElement('TD')).innerHTML = 'CVE';
			headerRow.appendChild(document.createElement('TD')).innerHTML = 'Vulnerability Name';
			headerRow.appendChild(document.createElement('TD')).innerHTML = 'Description';
			headerRow.appendChild(document.createElement('TD')).innerHTML = 'Risk';
			headerRow.appendChild(document.createElement('TD')).innerHTML = 'Solution';
			
 
			return tableBody;
		}
		function renderColumn(hostRow, host, name) {
			var lookupNode = host.getElementsByTagName(name)[0];
			if (lookupNode && lookupNode.childNodes[0]) {
				var nodeValue = lookupNode.childNodes[0].nodeValue;
				hostRow.appendChild(document.createElement('TD')).innerHTML = nodeValue;
			}
		}
		function renderhost(tableBody, host) {
			var hostRow = tableBody.appendChild(document.createElement('TR'));
			
 
 
			renderColumn(hostRow, host, 'ip');
			renderColumn(hostRow, host, 'dnsName');
			renderColumn(hostRow, host, 'os');
			renderColumn(hostRow, host, 'cve');
			renderColumn(hostRow, host, 'name');
			renderColumn(hostRow, host, 'description');
			renderColumn(hostRow, host, 'risk');
			renderColumn(hostRow, host, 'fixInformation');
			
		}
 
		function renderXML(path, parentElement) {
			try {
				var xmlDoc = _xml_loadDocument(path);
				var tableBody = renderTableBody(parentElement || document.body);
 
				var xmlhosts = xmlDoc.getElementsByTagName("host");
				for (var i = 0; i < xmlhosts.length; ++i) {
					renderhost(tableBody, xmlhosts[i]);
				}
			}
			catch (ex) {
				alert('Your browser cannot handle this script');
			}
		}
	</script>
</head>
<body onload="renderXML('sampleRetina.xml');">
	
</body>
</html>

Open in new window

Avatar of webopius
webopius
Flag of United Kingdom of Great Britain and Northern Ireland image

Hi,

Try changing your renderhost() function to match the code snippet I've included. Sorry, had to change the code only a small bit!

I've formatting the host information with '..' to stop the same information being repeated for each <audit> line but you can easily remove this if you don't like it.

Best of luck with your project.
Adam
function renderhost(tableBody, host) {
		var xmlaudit = host.getElementsByTagName("audit");
		for (var i = 0; i < xmlaudit.length; ++i) {
					   
			var hostRow = tableBody.appendChild(document.createElement('TR'));
		
			if (i==0) {
				renderColumn(hostRow, host, 'ip');
				renderColumn(hostRow, host, 'dnsName');
				renderColumn(hostRow, host, 'os');
			} else {
			
				hostRow.appendChild(document.createElement('TD')).innerHTML = '..';
				hostRow.appendChild(document.createElement('TD')).innerHTML = '..';
				hostRow.appendChild(document.createElement('TD')).innerHTML = '..';
			}
			
			renderColumn(hostRow, xmlaudit[i], 'cve');
			renderColumn(hostRow, xmlaudit[i], 'name');
			renderColumn(hostRow, xmlaudit[i], 'description');
			renderColumn(hostRow, xmlaudit[i], 'risk');
			renderColumn(hostRow, xmlaudit[i], 'fixInformation');
			
		}
}

Open in new window

Avatar of sybe
sybe

You could also display it in an iframe with contenttype="text/xml". The browser wil do the rendering then. Makes things a lot easier for you.
Avatar of shark1998

ASKER

Webopius,

I liked your solution.  Now, is there a way to filter only the "Audits" with a "risk" rating of "High" and "Medium"?

I tried my hand at it but am missing something.  I added a variable for the riskRating and an "if" statement of "if (host.riskRating=='Medium' || 'High') {" but it doesn't seem to do the trick.  

Keep it up.  I am learning something here and am excited as hell.

function renderhost(tableBody, host) {
            var xmlaudit = host.getElementsByTagName('audit');
            var riskRating = host.getElementsByTagName('risk');
            if (host.riskRating=='Medium' || 'High') {
            for (var i = 0; i < xmlaudit.length; ++i) {
                                
                  var hostRow = tableBody.appendChild(document.createElement('TR'));
            
                  if (i==0) {
                        renderColumn(hostRow, host, 'ip');
                        renderColumn(hostRow, host, 'dnsName');
                        renderColumn(hostRow, host, 'os');
                        renderColumn(hostRow, host, 'cve');
                        renderColumn(hostRow, host, 'name');
                        renderColumn(hostRow, host, 'description');
                        renderColumn(hostRow, host, 'risk');
                        renderColumn(hostRow, host, 'fixInformation');
                  } else {
                  
                        hostRow.appendChild(document.createElement('TD')).innerHTML = ' ';
                        hostRow.appendChild(document.createElement('TD')).innerHTML = ' ';
                        hostRow.appendChild(document.createElement('TD')).innerHTML = ' ';
                        hostRow.appendChild(document.createElement('TD')).innerHTML = ' ';
                        hostRow.appendChild(document.createElement('TD')).innerHTML = ' ';
                        hostRow.appendChild(document.createElement('TD')).innerHTML = ' ';
                        hostRow.appendChild(document.createElement('TD')).innerHTML = ' ';
                        hostRow.appendChild(document.createElement('TD')).innerHTML = ' ';
                  }
                  
                  
                  
            }
            }
             }
ASKER CERTIFIED SOLUTION
Avatar of webopius
webopius
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Friggin awesome.  I will try it out later.  

P.S.  Do you recommend any books or lessons on AJAX from which I can learn to do stuff like this?
I think in the main, the best technical books, including Ajax are from O'Reilly.
Adam
Webopius.com
I think in the main, the best technical books, including Ajax are from O'Reilly.

What I have for the current method of rendering is in the code block below.  It works great however I would like to add a few other options such as:

1)  Have the "ReportHostRow.appendChild(document.createElement('TD')).innerHTML = 'Nessus #';" row auto increment to look like "Nessus-1", "Nessus-2", etc.  I tried a for loop and it worked but only showed the selected rows with a severity level of "2" or "3".  I just want it to list 1, 2, 3, etc before it is filtered according to the severity level.  Is that possible?

2)  I would like to combine the 'pluginName' and 'data' elements of the XML into one cell for each row under the ReportHostRow. So that it would look so the titel (in XML document its 'pluginName') is bold and a space is below it for the Detailed Data (in XML document its 'data')

      <b>Windows Remote Desktop was found</b></br>      
       It may be possible to get access to the remote host. \n\nDescription :\n\nThe remote version of Remote Desktop  
       Protocol Server (Terminal\nService) is vulnerable to a man in the middle attack.


I got help with the code in the first place I am not really sure how to implement it.  Any help would be greatly appreciated.  Also, please try not to make too many changes that are a drastic departure from what I already have and if you do can you describe it as much detail as possible.  I sincerely appreciate it.


<NessusClientData>
<Report>
<ReportName>09/03/18 08:14:55 AM - Default scan policy</ReportName>
<ReportHost>
<HostName>192.168.1.101</HostName>
<startTime>Wed Mar 18 08:14:55 2009</startTime>
<stopTime>Wed Mar 18 10:23:47 2009</stopTime>
<netbios_name>Server1</netbios_name>
<mac_addr>(unknown)</mac_addr>
<dns_name>SERVER1.</dns_name>
<os_name>Microsoft Windows Server 2003, Enterprise Edition (English)</os_name>
<num_ports>16</num_ports>
<num_lo>57</num_lo>
<num_med>1</num_med>
<num_hi>0</num_hi>

<ReportItem>
<port>general/tcp</port>
<severity>1</severity>
<pluginID>10180</pluginID>
<pluginName>Ping the remote host</pluginName>
<data>The remote host is up\n</data>
</ReportItem>

<ReportItem>
<port>ms-wbt-server (3389/tcp)</port>
<severity>2</severity>
<pluginID>18405</pluginID>
<pluginName>Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability</pluginName>
<data>Synopsis :\n\nIt may be possible to get access to the remote host. \n\nDescription :\n\nThe remote version of Remote Desktop Protocol Server (Terminal\nService) is vulnerable to a man

in the middle attack. \n\nAn attacker may exploit this flaw to decrypt communications between\nclient and server and obtain sensitive information (passwords, ...). \n\nSolution :\n\nForce the use

of SSL as a transport layer for this service.\n\nSee also :\n\nhttp://www.oxid.it/downloads/rdp-gbu.pdf\nhttp://technet.microsoft.com/en-us/library/cc782610.aspx\n\nRisk factor :\n\nMedium /

CVSS Base Score : 5.1\n(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)\nCVE : CVE-2005-1794, CVE-2005-1794\nBID : 13818, 13818\n</data>
</ReportItem>

<ReportItem>
<port>ms-wbt-server (3389/tcp)</port>
<severity>3</severity>
<pluginID>30218</pluginID>
<pluginName>Terminal Services Encryption Level is not FIPS-140 compliant</pluginName>
<data>\nSynopsis :\n\nThe remote host is

not FIPS-140 compliant.\n\nDescription :\n\nThe remote host is running Terminal Services Server. The encryption settings\nused by the remote service is not FIPS-140 compliant.\n\nSolution

:\n\nChange RDP encryption level to :\n 4. FIPS Compliant\n\nRisk factor :\n\nLow / CVSS Base Score : 2.6 \n(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\nPlugin output :\nThe terminal services

encryption level is set to:\n2. Medium (Client Compatbile)\n</data>
</ReportItem>
<ReportItem>
<port>general/tcp</port>
<severity>1</severity>
<pluginID>10899</pluginID>
<pluginName>Users information : User has never logged in</pluginName>
<data>Synopsis :\n\nAt least one user has never logged in to his / her account. \n\nDescription :\n\nUsing the

supplied credentials, it is possible to list users who have\nnever logged into their accounts. \n\nSolution :\n\nDelete accounts that are not needed.\n\nRisk factor :\n\nNone\n\nPlugin output

:\n\nThe following user has never logged in :\n\n  - Guest\n\n</data>
</ReportItem>
<ReportItem>
<port>general/tcp</port>
<severity>1</severity>
<pluginID>10900</pluginID>
<pluginName>Users information : Passwords never expires</pluginName>
<data>Synopsis :\n\nAt least one user has a password that never expires. \n\nDescription :\n\nUsing the supplied

credentials, it is possible to list users whose\npasswords never expire. \n\nSolution :\n\nAllow / require users to change their passwords regularly. \n\nRisk factor :\n\nNone\n\nPlugin output

:\n\nThe following user has a password that never expires :\n\n  - Guest\n\n</data>
</ReportItem>
<ReportItem>
<port>general/tcp</port>
<severity>1</severity>
<pluginID>10897</pluginID>
<pluginName>Users information : disabled accounts</pluginName>
<data>Synopsis :\n\nAt least one user account has been disabled.\n\nDescription :\n\nUsing

the supplied credentials, it is possible to list user accounts\nthat have been disabled. \n\nSolution :\n\nDelete accounts that are no longer needed.\n\nRisk factor :\n\nNone\n\nPlugin output

:\n\nThe following user account has been disabled :\n\n  - Guest\n\n</data>
</ReportItem>
<ReportItem>
<port>prismiq-plugin (3650/tcp)</port>
<severity>1</severity>
<pluginID>22319</pluginID>
<pluginName>MSRPC Service Detection</pluginName>
<data>Synopsis :\n\nA DCE/RPC server is listening on the remote host. \n\nDescription :\n\nThe remote

host is running a Windows RPC service. This service\nreplies to the RPC Bind Request with a Bind Ack response.\n\nHowever it is not possible to determine the uuid of this service.\n\nRisk factor

:\n\nNone\n</data>
</ReportItem>
<ReportItem>
<port>microsoft-ds (445/tcp)</port>
<severity>1</severity>
<pluginID>17662</pluginID>
<pluginName>SMB Registry : Windows

2003 Server SP2</pluginName>
<data>\nSynopsis :\n\nThe remote system has the latest service pack installed.\n\nDescription :\n\nBy reading the registry key

HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\CSDVersion\nit was possible to determine the Service Pack version of the Windows 2003\nsystem.\n\nRisk factor

:\n\nNone\n\nPlugin output :\n\nThe remote Windows 2003 system has Service Pack 2 applied.\n\nCVE : CVE-1999-0662, CVE-2007-1537\nBID : 12969, 12972, 13008, 23025\n</data>
</ReportItem>
<ReportItem>
<port>microsoft-ds (445/tcp)</port>
<severity>1</severity>
<pluginID>20811</pluginID>
<pluginName>Software Enumeration (via

SMB)</pluginName>
<data>\nSynopsis :\n\nIt is possible to enumerate installed software.\n\nDescription :\n\nThis plugin lists software installed on the remote host by crawling\nthe registry

entries in :\nHKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\n\nSolution : \n\nRemove software that are not compliant with your company policy.\n\nRisk factor :

\n\nNone\n\nPlugin output :\n\nThe following software are installed on the remote host :\n\nHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)  [version 1]\nHotfix for Microsoft .NET

Framework 3.5 SP1 (KB958484)  [version 1]\nHotfix for Windows Server 2003 (KB915800-v9)  [version 9]\nHotfix for Windows Server 2003 (KB961118)  [version 1]\nHotfix for Windows XP

(KB954550-v5)  [version 5]\nIBM 32-bit Runtime Environment for Java 2, v5.0  [version 5.0]\nIBM Tivoli Monitoring  [version 621]\nIBM WebSphere Eclipse Platform V3.0  [version 3.0.1]\nIBM

WebSphere MQ  [version 6.0]\nMSXML 4.0 SP2 (KB954430)  [version 4.20.9870.0]\nMSXML 6 Service Pack 2 (KB954459)  [version 6.20.1099.0]\nMcAfee Agent  [version 4.0.0.1180]\nMcAfee

AntiSpyware Enterprise Module  [version 8.5.0.163]\nMcAfee VirusScan Enterprise  [version 8.6.0]\nMicrosoft .NET Framework 2.0 Service Pack 2  [version 2.2.30729]\nMicrosoft .NET Framework

3.0 Service Pack 2  [version 3.2.30729]\nMicrosoft .NET Framework 3.5 SP1  [version 3.5.30729]\nMicrosoft Internationalized Domain Names Mitigation APIs\nMicrosoft National Language Support

Downlevel APIs\nMicrosoft Silverlight  [version 2.0.31005.0]\nSecurity Update for Windows Internet Explorer 7 (KB938127)  [version 1]\nSecurity Update for Windows Internet Explorer 7

(KB958215)  [version 1]\nSecurity Update for Windows Internet Explorer 7 (KB960714)  [version 1]\nSecurity Update for Windows Internet Explorer 7 (KB961260)  [version 1]\nSecurity Update for

Windows Media Player 6.4 (KB925398)\nSecurity Update for Windows Server 2003 (KB924667-v2)  [version 2]\nSecurity Update for Windows Server 2003 (KB925902-v2)  [version 2]\nSecurity

Update for Windows Server 2003 (KB926122)  [version 1]\nSecurity Update for Windows Server 2003 (KB929123)  [version 1]\nSecurity Update for Windows Server 2003 (KB930178)  [version

1]\nSecurity Update for Windows Server 2003 (KB932168)  [version 1]\nSecurity Update for Windows Server 2003 (KB933729)  [version 1]\nSecurity Update for Windows Server 2003 (KB933854)  

[version 1]\nSecurity Update for Windows Server 2003 (KB935839)  [version 1]\nSecurity Update for Windows Server 2003 (KB935840)  [version 1]\nSecurity Update for Windows Server 2003

(KB936782)  [version 1]\nSecurity Update for Windows Server 2003 (KB938127)  [version 1]\nSecurity Update for Windows Server 2003 (KB938464)  [version 1]\nSecurity Update for Windows

Server 2003 (KB941569)  [version 1]\nSecurity Update for Windows Server 2003 (KB943055)  [version 1]\nSecurity Update for Windows Server 2003 (KB943460)  [version 1]\nSecurity Update for

Windows Server 2003 (KB943485)  [version 1]\nSecurity Update for Windows Server 2003 (KB944338-v2)  [version 2]\nSecurity Update for Windows Server 2003 (KB944653)  [version

1]\nSecurity Update for Windows Server 2003 (KB945553)  [version 1]\nSecurity Update for Windows Server 2003 (KB946026)  [version 1]\nSecurity Update for Windows Server 2003 (KB950762)  

[version 1]\nSecurity Update for Windows Server 2003 (KB950974)  [version 1]\nSecurity Update for Windows Server 2003 (KB951066)  [version 1]\nSecurity Update for Windows Server 2003

(KB951698)  [version 1]\nSecurity Update for Windows Server 2003 (KB951748)  [version 1]\nSecurity Update for Windows Server 2003 (KB952069)  [version 1]\nSecurity Update for Windows

Server 2003 (KB952954)  [version 1]\nSecurity Update for Windows Server 2003 (KB954211)  [version 1]\nSecurity Update for Windows Server 2003 (KB954600)  [version 1]\nSecurity Update for

Windows Server 2003 (KB955069)  [version 1]\nSecurity Update for Windows Server 2003 (KB956391)  [version 1]\nSecurity Update for Windows Server 2003 (KB956802)  [version 1]\nSecurity

Update for Windows Server 2003 (KB956803)  [version 1]\nSecurity Update for Windows Server 2003 (KB956841)  [version 1]\nSecurity Update for Windows Server 2003 (KB957095)  [version

1]\nSecurity Update for Windows Server 2003 (KB957097)  [version 1]\nSecurity Update for Windows Server 2003 (KB958215)  [version 1]\nSecurity Update for Windows Server 2003 (KB958644)  

[version 1]\nSecurity Update for Windows Server 2003 (KB958687)  [version 1]\nSecurity Update for Windows Server 2003 (KB958690)  [version 1]\nSecurity Update for Windows Server 2003

(KB960225)  [version 1]\nSecurity Update for Windows Server 2003 (KB960715)  [version 1]\nUpdate for Windows Server 2003 (KB925876)  [version 2]\nUpdate for Windows Server 2003

(KB927891)  [version 5]\nUpdate for Windows Server 2003 (KB936357)  [version 1]\nUpdate for Windows Server 2003 (KB943729)\nUpdate for Windows Server 2003 (KB948496)  [version

1]\nUpdate for Windows Server 2003 (KB955839)  [version 1]\nUpdate for Windows Server 2003 (KB967715)  [version 1]\nVMware Tools  [version 3.1.2.7966]\nVeritas NetBackup Client  [version

6.5.0]\nWindows Imaging Component  [version 3.0.0.0]\nWindows Internet Explorer 7  [version 20070813.185237]\nWindows Presentation Foundation  [version 3.0.6920.0]\nWindows Resource

Kit Tools - SubInAcl.exe  [version 5.2.3790.1164]\nWindows Search 4.0  [version 04.00.6001.503]\nXML Paper Specification Shared Components Pack 1.0\n\n</data>
</ReportItem>
<ReportItem>
<port>microsoft-ds (445/tcp)</port>
<severity>3</severity>
<pluginID>11777</pluginID>
<pluginName>SMB share hosting copyrighted material</pluginName>
<data>\n\nSynopsis :\n\nThe remote host seems to contain material (movies/audio) infringing \ncopyright.\n\nDescription :\n\nThis plugin displays a list of files which have been found on the

\nremote SMB shares.\n\nSome of these files may contain copyrighted materials, such as commercial\nmovies or music files. \n\nIf any of this file actually contains copyrighted material and

if\nthey are freely swapped around, your organization might be held liable\nfor copyright infringement by associations such as the RIAA or the MPAA.\n\nSolution :\n\nDelete the files infringing

copyright.\n\nRisk factor :\n\nNone\n\nPlugin output : \n\nHere is a list of files which have been found on the remote SMB shares.\nSome of these files may contain copyrighted materials, such as

commercial\nmovies or music files.\n\nIf any of this file actually contains copyrighted material and if\nthey are freely swapped around, your organization might be held liable\nfor copyright

infringement by associations such as the RIAA or the MPAA.\n\n + C$

:\n\n\\ibm\\webspheremq\\bin\\amqpdf2b.avi\n\\ibm\\webspheremq\\bin\\amqpdb2f.avi\n\\ibm\\webspheremq\\bin\\amqpcfrn.avi\n\\ibm\\webspheremq\\bin\\amqpcf2b.avi\n\\ibm\\websphere

mq\\bin\\amqpcb2f.avi\n\\esbsoftware\\ibm\\wmqv6.0\\server\\msi\\bin\\amqpdf2b.avi\n\\esbsoftware\\ibm\\wmqv6.0\\server\\msi\\bin\\amqpdb2f.avi\n\\esbsoftware\\ibm\\wmqv6.0\\server\\

msi\\bin\\amqpcfrn.avi\n\\esbsoftware\\ibm\\wmqv6.0\\server\\msi\\bin\\amqpcf2b.avi\n\\esbsoftware\\ibm\\wmqv6.0\\server\\msi\\bin\\amqpcb2f.avi\n\n\n\n</data>

</ReportItem>

</ReportHost>
<ReportHost>
<HostName>192.168.1.100</HostName>
<startTime>Wed Mar 18 11:34:26 2009</startTime>
<stopTime></stopTime>
<netbios_name>SERVER3</netbios_name>
<mac_addr>(unknown)</mac_addr>
<dns_name>(unknown)</dns_name>
<os_name>(unknown)</os_name>
<num_ports>0</num_ports>
<num_lo>0</num_lo>
<num_med>0</num_med>
<num_hi>0</num_hi>
</ReportHost>

<ReportHost>
<HostName>192.168.1.103</HostName>
<startTime>Wed Mar 18 09:58:08 2009</startTime>
<stopTime></stopTime>
<netbios_name>Server2</netbios_name>
<mac_addr>(unknown)</mac_addr>
<dns_name>(unknown)</dns_name>
<os_name>(unknown)</os_name>
<num_ports>14</num_ports>
<num_lo>18</num_lo>
<num_med>1</num_med>
<num_hi>0</num_hi>
<ReportItem>
<port>general/tcp</port>
<severity>3</severity>
<pluginID>10180</pluginID>
<pluginName>Ping the remote host</pluginName>
<data>The remote host is up\n</data>
</ReportItem>
<ReportItem>
<port>netbios-ssn (139/tcp)</port>
<severity>1</severity>
<pluginID>11011</pluginID>
<pluginName>SMB Detection</pluginName>
<data>\nSynopsis :\n\nA file / print sharing service is listening on the remote host. \n\nDescription :\n\nThe remote service understands the CIFS (Common Internet File System)\nor Server

Message Block (SMB) protocol, used to provide shared access\nto files, printers, etc between nodes on a network. \n\nRisk factor : \n\nNone\n\nPlugin output :\n\nAn SMB server is running on

this port.\n\n</data>
</ReportItem>
</ReportHost>
</Report>
</NessusClientData>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<title>Untitled Document</title>
	<script type="text/javascript">
	    function _xml_loadDocument(path) {
	    	var xmlDoc;
			try { // IE
				xmlDoc = new ActiveXObject("Microsoft.XMLDOM");
			}
			catch (ex) {
				try { // Gecko
					xmlDoc = document.implementation.createDocument("","",null);
				}
				catch (ex) {
					alert('Your browser cannot handle this scrHostNamet');
				}
			}
			xmlDoc.async = false;
			xmlDoc.load(path);
			return xmlDoc;
		}
 
		//make the table
 
		function renderTableBody(parentElement) {
			var tableEl = parentElement.appendChild(document.createElement('TABLE'));
			tableEl.cellPadding = '5';
			tableEl.style.textAlign = "left";
 
			var tableBody = tableEl.appendChild(document.createElement('TBODY'));
 
			// Render header cells.
					
			var headerRow = tableBody.appendChild(document.createElement('TR'));
			headerRow.appendChild(document.createElement('TD')).innerHTML = 'Finding Number';
			headerRow.appendChild(document.createElement('TD')).innerHTML  = 'NIST 800-53 / DHS Control Severity';
			headerRow.appendChild(document.createElement('TD')).innerHTML  = 'Machine Name';
			headerRow.appendChild(document.createElement('TD')).innerHTML = 'IP Address';		
			headerRow.appendChild(document.createElement('TD')).innerHTML = 'Severity';			
			headerRow.appendChild(document.createElement('TD')).innerHTML = 'Finding (pluginname + Data)';
			headerRow.appendChild(document.createElement('TD')).innerHTML = 'Details';
			//headerRow.appendChild(document.createElement('TD')).innerHTML = 'Details\n'.replace(/\n/g,'TEST');
			//headerRow.appendChild(td).style.color='red').innerHTML= 'Details';
 			//redColor.style.color = "red";		
 
 
			return tableBody;
		}
		
		function renderColumn(ReportHostRow, ReportHost, name) {
			var lookupNode = ReportHost.getElementsByTagName(name)[0];
			if (lookupNode && lookupNode.childNodes[0]) {
				var nodeValue = lookupNode.childNodes[0].nodeValue;
				ReportHostRow.appendChild(document.createElement('TD')).innerHTML = nodeValue;
			}
		}
		
	
	
	function renderReportHost(tableBody, ReportHost) {
		// Get all the 'ReportItem' elements within the ReportHost
		var xmlReportItem = ReportHost.getElementsByTagName("ReportItem");
		
		// Go through each one
		var heading = false;
		for (var i = 0; i < xmlReportItem.length; ++i) {
			 
	   	// Determine the severity level of this ReportItem item   
	   	var severitylevel = xmlReportItem[i].getElementsByTagName('severity')[0].childNodes[0].nodeValue;
	  	
		 // We only care about Medium or High
	  	 if ((severitylevel == '2') || (severitylevel == '3')) {
		var ReportHostRow = tableBody.appendChild(document.createElement('TR'));
			
		// If we haven't shown the ReportHost details already, show them
		if (heading==false) {
			heading = true;
			ReportHostRow.appendChild(document.createElement('TD')).innerHTML = 'Nessus #';	
			ReportHostRow.appendChild(document.createElement('TD')).innerHTML = 'SI-2';
			//DNS Name
			renderColumn(ReportHostRow, ReportHost, 'netbios_name');
			//IP Address
			renderColumn(ReportHostRow, ReportHost, 'HostName');
 
			
		} else {
		// Otherwise, show blank fields for ReportHost details as they are shown above this row
					ReportHostRow.appendChild(document.createElement('TD')).innerHTML = ' ';
					ReportHostRow.appendChild(document.createElement('TD')).innerHTML = ' ';
					ReportHostRow.appendChild(document.createElement('TD')).innerHTML = ' ';
					ReportHostRow.appendChild(document.createElement('TD')).innerHTML = ' ';
					
				}
				
			// Now show the ReportItem results...
			renderColumn(ReportHostRow, xmlReportItem[i], 'severity');
			renderColumn(ReportHostRow, xmlReportItem[i], 'pluginName');
			renderColumn(ReportHostRow, xmlReportItem[i], 'data');
			
			
				}
			}
		}
 
		function renderXML(path, parentElement) {
			try {
				var xmlDoc = _xml_loadDocument(path);
				var tableBody = renderTableBody(parentElement || document.body);
 				var xmlReportHosts = xmlDoc.getElementsByTagName("ReportHost");
				for (var i = 0; i < xmlReportHosts.length; ++i) {
					renderReportHost(tableBody, xmlReportHosts[i]);
				}
			}
			catch (ex) {
				alert('Your browser cannot handle this scrHostNamet');
			}
		}
	</script>
</head>
<body onload="renderXML('NessusSmall.xml');">
	
</body>
</html>

Open in new window