shark1998
asked on
Rendering XML in HTML
OK...So I have an XML document that I would like to parse and represent in simple HTML format via AJAX. I have the structure already in place however I am having difficulty showing all sub-elements.
Basically, I have a Vulnerability scan output generated in XML from a Vulnerability scanner called Retina. The XML structure is fine and is structured such as:
- <scanJob>
- <hosts>
+ <host>
<ip>192.168.1.101</ip>
<netBIOSName>N/A</netBIOSN ame>
<dnsName>LAB-Quack1</dnsNa me>
<mac>N/A</mac>
<os>Windows Server 2003</os>
- <audit>
<rthID>1226</rthID>
<cve>N/A</cve>
<name>No Remote Registry Access Available</name>
<description>This alert is only to notify you that Retina was not able to access the remote system's registry. Without registry access, Retina will still be able to remotely audit for vulnerabilities, although having access to the remote registry does provide Retina with the ability to verify if specific security patches are installed.<BR><BR>By default the Retina scan engine runs as the SYSTEM user which has no access to the remote system's registry. To have Retina scan with the permissions required to access remote registries you'll need to add credentials to the scan. See "Managing Credentials" in the Retina users guide.</description>
<date>03/18/2009</date>
<risk>Information</risk>
<pciLevel>1 (Low)</pciLevel>
<cvssScore>N/A</cvssScore>
<fixInformation>Ensure that the system has remote registry capabilities enabled, and that you have administrative rights on the system.</fixInformation>
</audit>
- <audit>
<rthID>6799</rthID>
<cve>N/A</cve>
<name>Verify Microsoft Windows Password Complexity</name>
<description>This is an informational check. Manually check to ensure that password complexity requirements are enforced.</description>
<date>03/18/2009</date>
<risk>Information</risk>
<pciLevel>1 (Low)</pciLevel>
<cvssScore>N/A</cvssScore>
<fixInformation>This is an informational check. Manually check to ensure that password complexity requirements are enforced.</fixInformation>
</audit>
- <audit>
<rthID>6798</rthID>
<cve>N/A</cve>
<name>Verify Microsoft Windows Anonymous SID/Name Translation</name>
<description>This is an informational check. Manually check to ensure that Anonymous SID/Name Translation is disabled.</description>
<date>03/18/2009</date>
<risk>Information</risk>
<pciLevel>1 (Low)</pciLevel>
<cvssScore>N/A</cvssScore>
<fixInformation>This is an informational check. Manually check to ensure that Anonymous SID/Name Translation is disabled.</fixInformation>
</audit>
</host>
- <host>
<ip>192.168.1.102</ip>
<netBIOSName>N/A</netBIOSN ame>
<dnsName>LAB-Quack2</dnsNa me>
<mac>N/A</mac>
<os>Windows Server 2003</os>
- <audit>
<rthID>1226</rthID>
<cve>N/A</cve>
<name>No Remote Registry Access Available</name>
<description>This alert is only to notify you that Retina was not able to access the remote system's registry. Without registry access, Retina will still be able to remotely audit for vulnerabilities, although having access to the remote registry does provide Retina with the ability to verify if specific security patches are installed.<BR><BR>By default the Retina scan engine runs as the SYSTEM user which has no access to the remote system's registry. To have Retina scan with the permissions required to access remote registries you'll need to add credentials to the scan. See "Managing Credentials" in the Retina users guide.</description>
<date>03/18/2009</date>
<risk>Information</risk>
<pciLevel>1 (Low)</pciLevel>
<cvssScore>N/A</cvssScore>
<fixInformation>Ensure that the system has remote registry capabilities enabled, and that you have administrative rights on the system.</fixInformation>
</audit>
- <audit>
<rthID>6799</rthID>
<cve>N/A</cve>
<name>Verify Microsoft Windows Password Complexity</name>
<description>This is an informational check. Manually check to ensure that password complexity requirements are enforced.</description>
<date>03/18/2009</date>
<risk>Information</risk>
<pciLevel>1 (Low)</pciLevel>
<cvssScore>N/A</cvssScore>
<fixInformation>This is an informational check. Manually check to ensure that password complexity requirements are enforced.</fixInformation>
</audit>
- <audit>
<rthID>6798</rthID>
<cve>N/A</cve>
<name>Verify Microsoft Windows Anonymous SID/Name Translation</name>
<description>This is an informational check. Manually check to ensure that Anonymous SID/Name Translation is disabled.</description>
<date>03/18/2009</date>
<risk>Information</risk>
<pciLevel>1 (Low)</pciLevel>
<cvssScore>N/A</cvssScore>
<fixInformation>This is an informational check. Manually check to ensure that Anonymous SID/Name Translation is disabled.</fixInformation>
</audit>
</host>
- <host>
<ip>192.168.1.103</ip>
<netBIOSName>N/A</netBIOSN ame>
<dnsName>LAB-Quack3</dnsNa me>
<mac>N/A</mac>
<os>Windows Server 2003</os>
- <audit>
<rthID>1226</rthID>
<cve>N/A</cve>
<name>No Remote Registry Access Available</name>
<description>This alert is only to notify you that Retina was not able to access the remote system's registry. Without registry access, Retina will still be able to remotely audit for vulnerabilities, although having access to the remote registry does provide Retina with the ability to verify if specific security patches are installed.<BR><BR>By default the Retina scan engine runs as the SYSTEM user which has no access to the remote system's registry. To have Retina scan with the permissions required to access remote registries you'll need to add credentials to the scan. See "Managing Credentials" in the Retina users guide.</description>
<date>03/18/2009</date>
<risk>Information</risk>
<pciLevel>1 (Low)</pciLevel>
<cvssScore>N/A</cvssScore>
<fixInformation>Ensure that the system has remote registry capabilities enabled, and that you have administrative rights on the system.</fixInformation>
</audit>
- <audit>
<rthID>6799</rthID>
<cve>N/A</cve>
<name>Verify Microsoft Windows Password Complexity</name>
<description>This is an informational check. Manually check to ensure that password complexity requirements are enforced.</description>
<date>03/18/2009</date>
<risk>Information</risk>
<pciLevel>1 (Low)</pciLevel>
<cvssScore>N/A</cvssScore>
<fixInformation>This is an informational check. Manually check to ensure that password complexity requirements are enforced.</fixInformation>
</audit>
- <audit>
<rthID>6798</rthID>
<cve>N/A</cve>
<name>Verify Microsoft Windows Anonymous SID/Name Translation</name>
<description>This is an informational check. Manually check to ensure that Anonymous SID/Name Translation is disabled.</description>
<date>03/18/2009</date>
<risk>Information</risk>
<pciLevel>1 (Low)</pciLevel>
<cvssScore>N/A</cvssScore>
<fixInformation>This is an informational check. Manually check to ensure that Anonymous SID/Name Translation is disabled.</fixInformation>
</audit>
</host>
</hosts>
</scanJob>
What I have for the current method of rendering is in the code block below. The problem is that when it renders the HTML, only the first Audit Node(branch, whatever, I am really not sure what its called) is shown and not the additional "Audit" findings under that particular IP address. I am assuming that I need to add another Array, but since I got help with the code in the first place I am not really sure how to implement it. In the future though I would like the generated HTML to list by Vulnerability and group the individual IPs under that particular vulnerability.
Any help would be greatly appreciated. Also, please try not to make too many changes that are a drastic departure from what I already have and if you do can you describe it as much detail as possible. I sincerely appreciate it.
Basically, I have a Vulnerability scan output generated in XML from a Vulnerability scanner called Retina. The XML structure is fine and is structured such as:
- <scanJob>
- <hosts>
+ <host>
<ip>192.168.1.101</ip>
<netBIOSName>N/A</netBIOSN
<dnsName>LAB-Quack1</dnsNa
<mac>N/A</mac>
<os>Windows Server 2003</os>
- <audit>
<rthID>1226</rthID>
<cve>N/A</cve>
<name>No Remote Registry Access Available</name>
<description>This alert is only to notify you that Retina was not able to access the remote system's registry. Without registry access, Retina will still be able to remotely audit for vulnerabilities, although having access to the remote registry does provide Retina with the ability to verify if specific security patches are installed.<BR><BR>By default the Retina scan engine runs as the SYSTEM user which has no access to the remote system's registry. To have Retina scan with the permissions required to access remote registries you'll need to add credentials to the scan. See "Managing Credentials" in the Retina users guide.</description>
<date>03/18/2009</date>
<risk>Information</risk>
<pciLevel>1 (Low)</pciLevel>
<cvssScore>N/A</cvssScore>
<fixInformation>Ensure that the system has remote registry capabilities enabled, and that you have administrative rights on the system.</fixInformation>
</audit>
- <audit>
<rthID>6799</rthID>
<cve>N/A</cve>
<name>Verify Microsoft Windows Password Complexity</name>
<description>This is an informational check. Manually check to ensure that password complexity requirements are enforced.</description>
<date>03/18/2009</date>
<risk>Information</risk>
<pciLevel>1 (Low)</pciLevel>
<cvssScore>N/A</cvssScore>
<fixInformation>This is an informational check. Manually check to ensure that password complexity requirements are enforced.</fixInformation>
</audit>
- <audit>
<rthID>6798</rthID>
<cve>N/A</cve>
<name>Verify Microsoft Windows Anonymous SID/Name Translation</name>
<description>This is an informational check. Manually check to ensure that Anonymous SID/Name Translation is disabled.</description>
<date>03/18/2009</date>
<risk>Information</risk>
<pciLevel>1 (Low)</pciLevel>
<cvssScore>N/A</cvssScore>
<fixInformation>This is an informational check. Manually check to ensure that Anonymous SID/Name Translation is disabled.</fixInformation>
</audit>
</host>
- <host>
<ip>192.168.1.102</ip>
<netBIOSName>N/A</netBIOSN
<dnsName>LAB-Quack2</dnsNa
<mac>N/A</mac>
<os>Windows Server 2003</os>
- <audit>
<rthID>1226</rthID>
<cve>N/A</cve>
<name>No Remote Registry Access Available</name>
<description>This alert is only to notify you that Retina was not able to access the remote system's registry. Without registry access, Retina will still be able to remotely audit for vulnerabilities, although having access to the remote registry does provide Retina with the ability to verify if specific security patches are installed.<BR><BR>By default the Retina scan engine runs as the SYSTEM user which has no access to the remote system's registry. To have Retina scan with the permissions required to access remote registries you'll need to add credentials to the scan. See "Managing Credentials" in the Retina users guide.</description>
<date>03/18/2009</date>
<risk>Information</risk>
<pciLevel>1 (Low)</pciLevel>
<cvssScore>N/A</cvssScore>
<fixInformation>Ensure that the system has remote registry capabilities enabled, and that you have administrative rights on the system.</fixInformation>
</audit>
- <audit>
<rthID>6799</rthID>
<cve>N/A</cve>
<name>Verify Microsoft Windows Password Complexity</name>
<description>This is an informational check. Manually check to ensure that password complexity requirements are enforced.</description>
<date>03/18/2009</date>
<risk>Information</risk>
<pciLevel>1 (Low)</pciLevel>
<cvssScore>N/A</cvssScore>
<fixInformation>This is an informational check. Manually check to ensure that password complexity requirements are enforced.</fixInformation>
</audit>
- <audit>
<rthID>6798</rthID>
<cve>N/A</cve>
<name>Verify Microsoft Windows Anonymous SID/Name Translation</name>
<description>This is an informational check. Manually check to ensure that Anonymous SID/Name Translation is disabled.</description>
<date>03/18/2009</date>
<risk>Information</risk>
<pciLevel>1 (Low)</pciLevel>
<cvssScore>N/A</cvssScore>
<fixInformation>This is an informational check. Manually check to ensure that Anonymous SID/Name Translation is disabled.</fixInformation>
</audit>
</host>
- <host>
<ip>192.168.1.103</ip>
<netBIOSName>N/A</netBIOSN
<dnsName>LAB-Quack3</dnsNa
<mac>N/A</mac>
<os>Windows Server 2003</os>
- <audit>
<rthID>1226</rthID>
<cve>N/A</cve>
<name>No Remote Registry Access Available</name>
<description>This alert is only to notify you that Retina was not able to access the remote system's registry. Without registry access, Retina will still be able to remotely audit for vulnerabilities, although having access to the remote registry does provide Retina with the ability to verify if specific security patches are installed.<BR><BR>By default the Retina scan engine runs as the SYSTEM user which has no access to the remote system's registry. To have Retina scan with the permissions required to access remote registries you'll need to add credentials to the scan. See "Managing Credentials" in the Retina users guide.</description>
<date>03/18/2009</date>
<risk>Information</risk>
<pciLevel>1 (Low)</pciLevel>
<cvssScore>N/A</cvssScore>
<fixInformation>Ensure that the system has remote registry capabilities enabled, and that you have administrative rights on the system.</fixInformation>
</audit>
- <audit>
<rthID>6799</rthID>
<cve>N/A</cve>
<name>Verify Microsoft Windows Password Complexity</name>
<description>This is an informational check. Manually check to ensure that password complexity requirements are enforced.</description>
<date>03/18/2009</date>
<risk>Information</risk>
<pciLevel>1 (Low)</pciLevel>
<cvssScore>N/A</cvssScore>
<fixInformation>This is an informational check. Manually check to ensure that password complexity requirements are enforced.</fixInformation>
</audit>
- <audit>
<rthID>6798</rthID>
<cve>N/A</cve>
<name>Verify Microsoft Windows Anonymous SID/Name Translation</name>
<description>This is an informational check. Manually check to ensure that Anonymous SID/Name Translation is disabled.</description>
<date>03/18/2009</date>
<risk>Information</risk>
<pciLevel>1 (Low)</pciLevel>
<cvssScore>N/A</cvssScore>
<fixInformation>This is an informational check. Manually check to ensure that Anonymous SID/Name Translation is disabled.</fixInformation>
</audit>
</host>
</hosts>
</scanJob>
What I have for the current method of rendering is in the code block below. The problem is that when it renders the HTML, only the first Audit Node(branch, whatever, I am really not sure what its called) is shown and not the additional "Audit" findings under that particular IP address. I am assuming that I need to add another Array, but since I got help with the code in the first place I am not really sure how to implement it. In the future though I would like the generated HTML to list by Vulnerability and group the individual IPs under that particular vulnerability.
Any help would be greatly appreciated. Also, please try not to make too many changes that are a drastic departure from what I already have and if you do can you describe it as much detail as possible. I sincerely appreciate it.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<script type="text/javascript">
function _xml_loadDocument(path) {
var xmlDoc;
try { // IE
xmlDoc = new ActiveXObject("Microsoft.XMLDOM");
}
catch (ex) {
try { // Gecko
xmlDoc = document.implementation.createDocument("","",null);
}
catch (ex) {
alert('Your browser cannot handle this script');
}
}
xmlDoc.async = false;
xmlDoc.load(path);
return xmlDoc;
}
//make the table
function renderTableBody(parentElement) {
var tableEl = parentElement.appendChild(document.createElement('TABLE'));
tableEl.cellPadding = '10';
tableEl.style.width = '100%';
var tableBody = tableEl.appendChild(document.createElement('TBODY'));
// Render header cells.
var headerRow = tableBody.appendChild(document.createElement('TR'));
headerRow.appendChild(document.createElement('TD')).innerHTML = 'IP';
headerRow.appendChild(document.createElement('TD')).innerHTML = 'DNS Name';
headerRow.appendChild(document.createElement('TD')).innerHTML = 'Operating System';
headerRow.appendChild(document.createElement('TD')).innerHTML = 'CVE';
headerRow.appendChild(document.createElement('TD')).innerHTML = 'Vulnerability Name';
headerRow.appendChild(document.createElement('TD')).innerHTML = 'Description';
headerRow.appendChild(document.createElement('TD')).innerHTML = 'Risk';
headerRow.appendChild(document.createElement('TD')).innerHTML = 'Solution';
return tableBody;
}
function renderColumn(hostRow, host, name) {
var lookupNode = host.getElementsByTagName(name)[0];
if (lookupNode && lookupNode.childNodes[0]) {
var nodeValue = lookupNode.childNodes[0].nodeValue;
hostRow.appendChild(document.createElement('TD')).innerHTML = nodeValue;
}
}
function renderhost(tableBody, host) {
var hostRow = tableBody.appendChild(document.createElement('TR'));
renderColumn(hostRow, host, 'ip');
renderColumn(hostRow, host, 'dnsName');
renderColumn(hostRow, host, 'os');
renderColumn(hostRow, host, 'cve');
renderColumn(hostRow, host, 'name');
renderColumn(hostRow, host, 'description');
renderColumn(hostRow, host, 'risk');
renderColumn(hostRow, host, 'fixInformation');
}
function renderXML(path, parentElement) {
try {
var xmlDoc = _xml_loadDocument(path);
var tableBody = renderTableBody(parentElement || document.body);
var xmlhosts = xmlDoc.getElementsByTagName("host");
for (var i = 0; i < xmlhosts.length; ++i) {
renderhost(tableBody, xmlhosts[i]);
}
}
catch (ex) {
alert('Your browser cannot handle this script');
}
}
</script>
</head>
<body onload="renderXML('sampleRetina.xml');">
</body>
</html>
You could also display it in an iframe with contenttype="text/xml". The browser wil do the rendering then. Makes things a lot easier for you.
ASKER
Webopius,
I liked your solution. Now, is there a way to filter only the "Audits" with a "risk" rating of "High" and "Medium"?
I tried my hand at it but am missing something. I added a variable for the riskRating and an "if" statement of "if (host.riskRating=='Medium' || 'High') {" but it doesn't seem to do the trick.
Keep it up. I am learning something here and am excited as hell.
function renderhost(tableBody, host) {
var xmlaudit = host.getElementsByTagName( 'audit');
var riskRating = host.getElementsByTagName( 'risk');
if (host.riskRating=='Medium' || 'High') {
for (var i = 0; i < xmlaudit.length; ++i) {
var hostRow = tableBody.appendChild(docu ment.creat eElement(' TR'));
if (i==0) {
renderColumn(hostRow, host, 'ip');
renderColumn(hostRow, host, 'dnsName');
renderColumn(hostRow, host, 'os');
renderColumn(hostRow, host, 'cve');
renderColumn(hostRow, host, 'name');
renderColumn(hostRow, host, 'description');
renderColumn(hostRow, host, 'risk');
renderColumn(hostRow, host, 'fixInformation');
} else {
hostRow.appendChild(docume nt.createE lement('TD ')).innerH TML = ' ';
hostRow.appendChild(docume nt.createE lement('TD ')).innerH TML = ' ';
hostRow.appendChild(docume nt.createE lement('TD ')).innerH TML = ' ';
hostRow.appendChild(docume nt.createE lement('TD ')).innerH TML = ' ';
hostRow.appendChild(docume nt.createE lement('TD ')).innerH TML = ' ';
hostRow.appendChild(docume nt.createE lement('TD ')).innerH TML = ' ';
hostRow.appendChild(docume nt.createE lement('TD ')).innerH TML = ' ';
hostRow.appendChild(docume nt.createE lement('TD ')).innerH TML = ' ';
}
}
}
}
I liked your solution. Now, is there a way to filter only the "Audits" with a "risk" rating of "High" and "Medium"?
I tried my hand at it but am missing something. I added a variable for the riskRating and an "if" statement of "if (host.riskRating=='Medium'
Keep it up. I am learning something here and am excited as hell.
function renderhost(tableBody, host) {
var xmlaudit = host.getElementsByTagName(
var riskRating = host.getElementsByTagName(
if (host.riskRating=='Medium'
for (var i = 0; i < xmlaudit.length; ++i) {
var hostRow = tableBody.appendChild(docu
if (i==0) {
renderColumn(hostRow, host, 'ip');
renderColumn(hostRow, host, 'dnsName');
renderColumn(hostRow, host, 'os');
renderColumn(hostRow, host, 'cve');
renderColumn(hostRow, host, 'name');
renderColumn(hostRow, host, 'description');
renderColumn(hostRow, host, 'risk');
renderColumn(hostRow, host, 'fixInformation');
} else {
hostRow.appendChild(docume
hostRow.appendChild(docume
hostRow.appendChild(docume
hostRow.appendChild(docume
hostRow.appendChild(docume
hostRow.appendChild(docume
hostRow.appendChild(docume
hostRow.appendChild(docume
}
}
}
}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Friggin awesome. I will try it out later.
P.S. Do you recommend any books or lessons on AJAX from which I can learn to do stuff like this?
P.S. Do you recommend any books or lessons on AJAX from which I can learn to do stuff like this?
I think in the main, the best technical books, including Ajax are from O'Reilly.
Adam
Webopius.com
Adam
Webopius.com
I think in the main, the best technical books, including Ajax are from O'Reilly.
ASKER
What I have for the current method of rendering is in the code block below. It works great however I would like to add a few other options such as:
1) Have the "ReportHostRow.appendChild (document. createElem ent('TD')) .innerHTML = 'Nessus #';" row auto increment to look like "Nessus-1", "Nessus-2", etc. I tried a for loop and it worked but only showed the selected rows with a severity level of "2" or "3". I just want it to list 1, 2, 3, etc before it is filtered according to the severity level. Is that possible?
2) I would like to combine the 'pluginName' and 'data' elements of the XML into one cell for each row under the ReportHostRow. So that it would look so the titel (in XML document its 'pluginName') is bold and a space is below it for the Detailed Data (in XML document its 'data')
<b>Windows Remote Desktop was found</b></br>
It may be possible to get access to the remote host. \n\nDescription :\n\nThe remote version of Remote Desktop
Protocol Server (Terminal\nService) is vulnerable to a man in the middle attack.
I got help with the code in the first place I am not really sure how to implement it. Any help would be greatly appreciated. Also, please try not to make too many changes that are a drastic departure from what I already have and if you do can you describe it as much detail as possible. I sincerely appreciate it.
<NessusClientData>
<Report>
<ReportName>09/03/18 08:14:55 AM - Default scan policy</ReportName>
<ReportHost>
<HostName>192.168.1.101</H ostName>
<startTime>Wed Mar 18 08:14:55 2009</startTime>
<stopTime>Wed Mar 18 10:23:47 2009</stopTime>
<netbios_name>Server1</net bios_name>
<mac_addr>(unknown)</mac_a ddr>
<dns_name>SERVER1.</dns_na me>
<os_name>Microsoft Windows Server 2003, Enterprise Edition (English)</os_name>
<num_ports>16</num_ports>
<num_lo>57</num_lo>
<num_med>1</num_med>
<num_hi>0</num_hi>
<ReportItem>
<port>general/tcp</port>
<severity>1</severity>
<pluginID>10180</pluginID>
<pluginName>Ping the remote host</pluginName>
<data>The remote host is up\n</data>
</ReportItem>
<ReportItem>
<port>ms-wbt-server (3389/tcp)</port>
<severity>2</severity>
<pluginID>18405</pluginID>
<pluginName>Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability</pluginName>
<data>Synopsis :\n\nIt may be possible to get access to the remote host. \n\nDescription :\n\nThe remote version of Remote Desktop Protocol Server (Terminal\nService) is vulnerable to a man
in the middle attack. \n\nAn attacker may exploit this flaw to decrypt communications between\nclient and server and obtain sensitive information (passwords, ...). \n\nSolution :\n\nForce the use
of SSL as a transport layer for this service.\n\nSee also :\n\nhttp://www.oxid.it/downloads/rdp-gbu.pdf\nhttp://technet.microsoft.com/en-us/library/cc782610.aspx\n\nRisk factor :\n\nMedium /
CVSS Base Score : 5.1\n(CVSS2#AV:N/AC:H/Au:N /C:P/I:P/A :P)\nCVE : CVE-2005-1794, CVE-2005-1794\nBID : 13818, 13818\n</data>
</ReportItem>
<ReportItem>
<port>ms-wbt-server (3389/tcp)</port>
<severity>3</severity>
<pluginID>30218</pluginID>
<pluginName>Terminal Services Encryption Level is not FIPS-140 compliant</pluginName>
<data>\nSynopsis :\n\nThe remote host is
not FIPS-140 compliant.\n\nDescription :\n\nThe remote host is running Terminal Services Server. The encryption settings\nused by the remote service is not FIPS-140 compliant.\n\nSolution
:\n\nChange RDP encryption level to :\n 4. FIPS Compliant\n\nRisk factor :\n\nLow / CVSS Base Score : 2.6 \n(CVSS2#AV:N/AC:H/Au:N/C: P/I:N/A:N) \n\nPlugin output :\nThe terminal services
encryption level is set to:\n2. Medium (Client Compatbile)\n</data>
</ReportItem>
<ReportItem>
<port>general/tcp</port>
<severity>1</severity>
<pluginID>10899</pluginID>
<pluginName>Users information : User has never logged in</pluginName>
<data>Synopsis :\n\nAt least one user has never logged in to his / her account. \n\nDescription :\n\nUsing the
supplied credentials, it is possible to list users who have\nnever logged into their accounts. \n\nSolution :\n\nDelete accounts that are not needed.\n\nRisk factor :\n\nNone\n\nPlugin output
:\n\nThe following user has never logged in :\n\n - Guest\n\n</data>
</ReportItem>
<ReportItem>
<port>general/tcp</port>
<severity>1</severity>
<pluginID>10900</pluginID>
<pluginName>Users information : Passwords never expires</pluginName>
<data>Synopsis :\n\nAt least one user has a password that never expires. \n\nDescription :\n\nUsing the supplied
credentials, it is possible to list users whose\npasswords never expire. \n\nSolution :\n\nAllow / require users to change their passwords regularly. \n\nRisk factor :\n\nNone\n\nPlugin output
:\n\nThe following user has a password that never expires :\n\n - Guest\n\n</data>
</ReportItem>
<ReportItem>
<port>general/tcp</port>
<severity>1</severity>
<pluginID>10897</pluginID>
<pluginName>Users information : disabled accounts</pluginName>
<data>Synopsis :\n\nAt least one user account has been disabled.\n\nDescription :\n\nUsing
the supplied credentials, it is possible to list user accounts\nthat have been disabled. \n\nSolution :\n\nDelete accounts that are no longer needed.\n\nRisk factor :\n\nNone\n\nPlugin output
:\n\nThe following user account has been disabled :\n\n - Guest\n\n</data>
</ReportItem>
<ReportItem>
<port>prismiq-plugin (3650/tcp)</port>
<severity>1</severity>
<pluginID>22319</pluginID>
<pluginName>MSRPC Service Detection</pluginName>
<data>Synopsis :\n\nA DCE/RPC server is listening on the remote host. \n\nDescription :\n\nThe remote
host is running a Windows RPC service. This service\nreplies to the RPC Bind Request with a Bind Ack response.\n\nHowever it is not possible to determine the uuid of this service.\n\nRisk factor
:\n\nNone\n</data>
</ReportItem>
<ReportItem>
<port>microsoft-ds (445/tcp)</port>
<severity>1</severity>
<pluginID>17662</pluginID>
<pluginName>SMB Registry : Windows
2003 Server SP2</pluginName>
<data>\nSynopsis :\n\nThe remote system has the latest service pack installed.\n\nDescription :\n\nBy reading the registry key
HKLM\\SOFTWARE\\Microsoft\ \Windows NT\\CurrentVersion\\CSDVer sion\nit was possible to determine the Service Pack version of the Windows 2003\nsystem.\n\nRisk factor
:\n\nNone\n\nPlugin output :\n\nThe remote Windows 2003 system has Service Pack 2 applied.\n\nCVE : CVE-1999-0662, CVE-2007-1537\nBID : 12969, 12972, 13008, 23025\n</data>
</ReportItem>
<ReportItem>
<port>microsoft-ds (445/tcp)</port>
<severity>1</severity>
<pluginID>20811</pluginID>
<pluginName>Software Enumeration (via
SMB)</pluginName>
<data>\nSynopsis :\n\nIt is possible to enumerate installed software.\n\nDescription :\n\nThis plugin lists software installed on the remote host by crawling\nthe registry
entries in :\nHKLM\\SOFTWARE\\Microso ft\\Window s\\Current Version\\U ninstall\n \nSolution : \n\nRemove software that are not compliant with your company policy.\n\nRisk factor :
\n\nNone\n\nPlugin output :\n\nThe following software are installed on the remote host :\n\nHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) [version 1]\nHotfix for Microsoft .NET
Framework 3.5 SP1 (KB958484) [version 1]\nHotfix for Windows Server 2003 (KB915800-v9) [version 9]\nHotfix for Windows Server 2003 (KB961118) [version 1]\nHotfix for Windows XP
(KB954550-v5) [version 5]\nIBM 32-bit Runtime Environment for Java 2, v5.0 [version 5.0]\nIBM Tivoli Monitoring [version 621]\nIBM WebSphere Eclipse Platform V3.0 [version 3.0.1]\nIBM
WebSphere MQ [version 6.0]\nMSXML 4.0 SP2 (KB954430) [version 4.20.9870.0]\nMSXML 6 Service Pack 2 (KB954459) [version 6.20.1099.0]\nMcAfee Agent [version 4.0.0.1180]\nMcAfee
AntiSpyware Enterprise Module [version 8.5.0.163]\nMcAfee VirusScan Enterprise [version 8.6.0]\nMicrosoft .NET Framework 2.0 Service Pack 2 [version 2.2.30729]\nMicrosoft .NET Framework
3.0 Service Pack 2 [version 3.2.30729]\nMicrosoft .NET Framework 3.5 SP1 [version 3.5.30729]\nMicrosoft Internationalized Domain Names Mitigation APIs\nMicrosoft National Language Support
Downlevel APIs\nMicrosoft Silverlight [version 2.0.31005.0]\nSecurity Update for Windows Internet Explorer 7 (KB938127) [version 1]\nSecurity Update for Windows Internet Explorer 7
(KB958215) [version 1]\nSecurity Update for Windows Internet Explorer 7 (KB960714) [version 1]\nSecurity Update for Windows Internet Explorer 7 (KB961260) [version 1]\nSecurity Update for
Windows Media Player 6.4 (KB925398)\nSecurity Update for Windows Server 2003 (KB924667-v2) [version 2]\nSecurity Update for Windows Server 2003 (KB925902-v2) [version 2]\nSecurity
Update for Windows Server 2003 (KB926122) [version 1]\nSecurity Update for Windows Server 2003 (KB929123) [version 1]\nSecurity Update for Windows Server 2003 (KB930178) [version
1]\nSecurity Update for Windows Server 2003 (KB932168) [version 1]\nSecurity Update for Windows Server 2003 (KB933729) [version 1]\nSecurity Update for Windows Server 2003 (KB933854)
[version 1]\nSecurity Update for Windows Server 2003 (KB935839) [version 1]\nSecurity Update for Windows Server 2003 (KB935840) [version 1]\nSecurity Update for Windows Server 2003
(KB936782) [version 1]\nSecurity Update for Windows Server 2003 (KB938127) [version 1]\nSecurity Update for Windows Server 2003 (KB938464) [version 1]\nSecurity Update for Windows
Server 2003 (KB941569) [version 1]\nSecurity Update for Windows Server 2003 (KB943055) [version 1]\nSecurity Update for Windows Server 2003 (KB943460) [version 1]\nSecurity Update for
Windows Server 2003 (KB943485) [version 1]\nSecurity Update for Windows Server 2003 (KB944338-v2) [version 2]\nSecurity Update for Windows Server 2003 (KB944653) [version
1]\nSecurity Update for Windows Server 2003 (KB945553) [version 1]\nSecurity Update for Windows Server 2003 (KB946026) [version 1]\nSecurity Update for Windows Server 2003 (KB950762)
[version 1]\nSecurity Update for Windows Server 2003 (KB950974) [version 1]\nSecurity Update for Windows Server 2003 (KB951066) [version 1]\nSecurity Update for Windows Server 2003
(KB951698) [version 1]\nSecurity Update for Windows Server 2003 (KB951748) [version 1]\nSecurity Update for Windows Server 2003 (KB952069) [version 1]\nSecurity Update for Windows
Server 2003 (KB952954) [version 1]\nSecurity Update for Windows Server 2003 (KB954211) [version 1]\nSecurity Update for Windows Server 2003 (KB954600) [version 1]\nSecurity Update for
Windows Server 2003 (KB955069) [version 1]\nSecurity Update for Windows Server 2003 (KB956391) [version 1]\nSecurity Update for Windows Server 2003 (KB956802) [version 1]\nSecurity
Update for Windows Server 2003 (KB956803) [version 1]\nSecurity Update for Windows Server 2003 (KB956841) [version 1]\nSecurity Update for Windows Server 2003 (KB957095) [version
1]\nSecurity Update for Windows Server 2003 (KB957097) [version 1]\nSecurity Update for Windows Server 2003 (KB958215) [version 1]\nSecurity Update for Windows Server 2003 (KB958644)
[version 1]\nSecurity Update for Windows Server 2003 (KB958687) [version 1]\nSecurity Update for Windows Server 2003 (KB958690) [version 1]\nSecurity Update for Windows Server 2003
(KB960225) [version 1]\nSecurity Update for Windows Server 2003 (KB960715) [version 1]\nUpdate for Windows Server 2003 (KB925876) [version 2]\nUpdate for Windows Server 2003
(KB927891) [version 5]\nUpdate for Windows Server 2003 (KB936357) [version 1]\nUpdate for Windows Server 2003 (KB943729)\nUpdate for Windows Server 2003 (KB948496) [version
1]\nUpdate for Windows Server 2003 (KB955839) [version 1]\nUpdate for Windows Server 2003 (KB967715) [version 1]\nVMware Tools [version 3.1.2.7966]\nVeritas NetBackup Client [version
6.5.0]\nWindows Imaging Component [version 3.0.0.0]\nWindows Internet Explorer 7 [version 20070813.185237]\nWindows Presentation Foundation [version 3.0.6920.0]\nWindows Resource
Kit Tools - SubInAcl.exe [version 5.2.3790.1164]\nWindows Search 4.0 [version 04.00.6001.503]\nXML Paper Specification Shared Components Pack 1.0\n\n</data>
</ReportItem>
<ReportItem>
<port>microsoft-ds (445/tcp)</port>
<severity>3</severity>
<pluginID>11777</pluginID>
<pluginName>SMB share hosting copyrighted material</pluginName>
<data>\n\nSynopsis :\n\nThe remote host seems to contain material (movies/audio) infringing \ncopyright.\n\nDescriptio n :\n\nThis plugin displays a list of files which have been found on the
\nremote SMB shares.\n\nSome of these files may contain copyrighted materials, such as commercial\nmovies or music files. \n\nIf any of this file actually contains copyrighted material and
if\nthey are freely swapped around, your organization might be held liable\nfor copyright infringement by associations such as the RIAA or the MPAA.\n\nSolution :\n\nDelete the files infringing
copyright.\n\nRisk factor :\n\nNone\n\nPlugin output : \n\nHere is a list of files which have been found on the remote SMB shares.\nSome of these files may contain copyrighted materials, such as
commercial\nmovies or music files.\n\nIf any of this file actually contains copyrighted material and if\nthey are freely swapped around, your organization might be held liable\nfor copyright
infringement by associations such as the RIAA or the MPAA.\n\n + C$
:\n\n\\ibm\\webspheremq\\b in\\amqpdf 2b.avi\n\\ ibm\\websp heremq\\bi n\\amqpdb2 f.avi\n\\i bm\\websph eremq\\bin \\amqpcfrn .avi\n\\ib m\\websphe remq\\bin\ \amqpcf2b. avi\n\\ibm \\webspher e
mq\\bin\\amqpcb2f.avi\n\\e sbsoftware \\ibm\\wmq v6.0\\serv er\\msi\\b in\\amqpdf 2b.avi\n\\ esbsoftwar e\\ibm\\wm qv6.0\\ser ver\\msi\\ bin\\amqpd b2f.avi\n\ \esbsoftwa re\\ibm\\w mqv6.0\\se rver\\
msi\\bin\\amqpcfrn.avi\n\\ esbsoftwar e\\ibm\\wm qv6.0\\ser ver\\msi\\ bin\\amqpc f2b.avi\n\ \esbsoftwa re\\ibm\\w mqv6.0\\se rver\\msi\ \bin\\amqp cb2f.avi\n \n\n\n</da ta>
</ReportItem>
</ReportHost>
<ReportHost>
<HostName>192.168.1.100</H ostName>
<startTime>Wed Mar 18 11:34:26 2009</startTime>
<stopTime></stopTime>
<netbios_name>SERVER3</net bios_name>
<mac_addr>(unknown)</mac_a ddr>
<dns_name>(unknown)</dns_n ame>
<os_name>(unknown)</os_nam e>
<num_ports>0</num_ports>
<num_lo>0</num_lo>
<num_med>0</num_med>
<num_hi>0</num_hi>
</ReportHost>
<ReportHost>
<HostName>192.168.1.103</H ostName>
<startTime>Wed Mar 18 09:58:08 2009</startTime>
<stopTime></stopTime>
<netbios_name>Server2</net bios_name>
<mac_addr>(unknown)</mac_a ddr>
<dns_name>(unknown)</dns_n ame>
<os_name>(unknown)</os_nam e>
<num_ports>14</num_ports>
<num_lo>18</num_lo>
<num_med>1</num_med>
<num_hi>0</num_hi>
<ReportItem>
<port>general/tcp</port>
<severity>3</severity>
<pluginID>10180</pluginID>
<pluginName>Ping the remote host</pluginName>
<data>The remote host is up\n</data>
</ReportItem>
<ReportItem>
<port>netbios-ssn (139/tcp)</port>
<severity>1</severity>
<pluginID>11011</pluginID>
<pluginName>SMB Detection</pluginName>
<data>\nSynopsis :\n\nA file / print sharing service is listening on the remote host. \n\nDescription :\n\nThe remote service understands the CIFS (Common Internet File System)\nor Server
Message Block (SMB) protocol, used to provide shared access\nto files, printers, etc between nodes on a network. \n\nRisk factor : \n\nNone\n\nPlugin output :\n\nAn SMB server is running on
this port.\n\n</data>
</ReportItem>
</ReportHost>
</Report>
</NessusClientData>
1) Have the "ReportHostRow.appendChild
2) I would like to combine the 'pluginName' and 'data' elements of the XML into one cell for each row under the ReportHostRow. So that it would look so the titel (in XML document its 'pluginName') is bold and a space is below it for the Detailed Data (in XML document its 'data')
<b>Windows Remote Desktop was found</b></br>
It may be possible to get access to the remote host. \n\nDescription :\n\nThe remote version of Remote Desktop
Protocol Server (Terminal\nService) is vulnerable to a man in the middle attack.
I got help with the code in the first place I am not really sure how to implement it. Any help would be greatly appreciated. Also, please try not to make too many changes that are a drastic departure from what I already have and if you do can you describe it as much detail as possible. I sincerely appreciate it.
<NessusClientData>
<Report>
<ReportName>09/03/18 08:14:55 AM - Default scan policy</ReportName>
<ReportHost>
<HostName>192.168.1.101</H
<startTime>Wed Mar 18 08:14:55 2009</startTime>
<stopTime>Wed Mar 18 10:23:47 2009</stopTime>
<netbios_name>Server1</net
<mac_addr>(unknown)</mac_a
<dns_name>SERVER1.</dns_na
<os_name>Microsoft Windows Server 2003, Enterprise Edition (English)</os_name>
<num_ports>16</num_ports>
<num_lo>57</num_lo>
<num_med>1</num_med>
<num_hi>0</num_hi>
<ReportItem>
<port>general/tcp</port>
<severity>1</severity>
<pluginID>10180</pluginID>
<pluginName>Ping the remote host</pluginName>
<data>The remote host is up\n</data>
</ReportItem>
<ReportItem>
<port>ms-wbt-server (3389/tcp)</port>
<severity>2</severity>
<pluginID>18405</pluginID>
<pluginName>Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability</pluginName>
<data>Synopsis :\n\nIt may be possible to get access to the remote host. \n\nDescription :\n\nThe remote version of Remote Desktop Protocol Server (Terminal\nService) is vulnerable to a man
in the middle attack. \n\nAn attacker may exploit this flaw to decrypt communications between\nclient and server and obtain sensitive information (passwords, ...). \n\nSolution :\n\nForce the use
of SSL as a transport layer for this service.\n\nSee also :\n\nhttp://www.oxid.it/downloads/rdp-gbu.pdf\nhttp://technet.microsoft.com/en-us/library/cc782610.aspx\n\nRisk factor :\n\nMedium /
CVSS Base Score : 5.1\n(CVSS2#AV:N/AC:H/Au:N
</ReportItem>
<ReportItem>
<port>ms-wbt-server (3389/tcp)</port>
<severity>3</severity>
<pluginID>30218</pluginID>
<pluginName>Terminal Services Encryption Level is not FIPS-140 compliant</pluginName>
<data>\nSynopsis :\n\nThe remote host is
not FIPS-140 compliant.\n\nDescription :\n\nThe remote host is running Terminal Services Server. The encryption settings\nused by the remote service is not FIPS-140 compliant.\n\nSolution
:\n\nChange RDP encryption level to :\n 4. FIPS Compliant\n\nRisk factor :\n\nLow / CVSS Base Score : 2.6 \n(CVSS2#AV:N/AC:H/Au:N/C:
encryption level is set to:\n2. Medium (Client Compatbile)\n</data>
</ReportItem>
<ReportItem>
<port>general/tcp</port>
<severity>1</severity>
<pluginID>10899</pluginID>
<pluginName>Users information : User has never logged in</pluginName>
<data>Synopsis :\n\nAt least one user has never logged in to his / her account. \n\nDescription :\n\nUsing the
supplied credentials, it is possible to list users who have\nnever logged into their accounts. \n\nSolution :\n\nDelete accounts that are not needed.\n\nRisk factor :\n\nNone\n\nPlugin output
:\n\nThe following user has never logged in :\n\n - Guest\n\n</data>
</ReportItem>
<ReportItem>
<port>general/tcp</port>
<severity>1</severity>
<pluginID>10900</pluginID>
<pluginName>Users information : Passwords never expires</pluginName>
<data>Synopsis :\n\nAt least one user has a password that never expires. \n\nDescription :\n\nUsing the supplied
credentials, it is possible to list users whose\npasswords never expire. \n\nSolution :\n\nAllow / require users to change their passwords regularly. \n\nRisk factor :\n\nNone\n\nPlugin output
:\n\nThe following user has a password that never expires :\n\n - Guest\n\n</data>
</ReportItem>
<ReportItem>
<port>general/tcp</port>
<severity>1</severity>
<pluginID>10897</pluginID>
<pluginName>Users information : disabled accounts</pluginName>
<data>Synopsis :\n\nAt least one user account has been disabled.\n\nDescription :\n\nUsing
the supplied credentials, it is possible to list user accounts\nthat have been disabled. \n\nSolution :\n\nDelete accounts that are no longer needed.\n\nRisk factor :\n\nNone\n\nPlugin output
:\n\nThe following user account has been disabled :\n\n - Guest\n\n</data>
</ReportItem>
<ReportItem>
<port>prismiq-plugin (3650/tcp)</port>
<severity>1</severity>
<pluginID>22319</pluginID>
<pluginName>MSRPC Service Detection</pluginName>
<data>Synopsis :\n\nA DCE/RPC server is listening on the remote host. \n\nDescription :\n\nThe remote
host is running a Windows RPC service. This service\nreplies to the RPC Bind Request with a Bind Ack response.\n\nHowever it is not possible to determine the uuid of this service.\n\nRisk factor
:\n\nNone\n</data>
</ReportItem>
<ReportItem>
<port>microsoft-ds (445/tcp)</port>
<severity>1</severity>
<pluginID>17662</pluginID>
<pluginName>SMB Registry : Windows
2003 Server SP2</pluginName>
<data>\nSynopsis :\n\nThe remote system has the latest service pack installed.\n\nDescription :\n\nBy reading the registry key
HKLM\\SOFTWARE\\Microsoft\
:\n\nNone\n\nPlugin output :\n\nThe remote Windows 2003 system has Service Pack 2 applied.\n\nCVE : CVE-1999-0662, CVE-2007-1537\nBID : 12969, 12972, 13008, 23025\n</data>
</ReportItem>
<ReportItem>
<port>microsoft-ds (445/tcp)</port>
<severity>1</severity>
<pluginID>20811</pluginID>
<pluginName>Software Enumeration (via
SMB)</pluginName>
<data>\nSynopsis :\n\nIt is possible to enumerate installed software.\n\nDescription :\n\nThis plugin lists software installed on the remote host by crawling\nthe registry
entries in :\nHKLM\\SOFTWARE\\Microso
\n\nNone\n\nPlugin output :\n\nThe following software are installed on the remote host :\n\nHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) [version 1]\nHotfix for Microsoft .NET
Framework 3.5 SP1 (KB958484) [version 1]\nHotfix for Windows Server 2003 (KB915800-v9) [version 9]\nHotfix for Windows Server 2003 (KB961118) [version 1]\nHotfix for Windows XP
(KB954550-v5) [version 5]\nIBM 32-bit Runtime Environment for Java 2, v5.0 [version 5.0]\nIBM Tivoli Monitoring [version 621]\nIBM WebSphere Eclipse Platform V3.0 [version 3.0.1]\nIBM
WebSphere MQ [version 6.0]\nMSXML 4.0 SP2 (KB954430) [version 4.20.9870.0]\nMSXML 6 Service Pack 2 (KB954459) [version 6.20.1099.0]\nMcAfee Agent [version 4.0.0.1180]\nMcAfee
AntiSpyware Enterprise Module [version 8.5.0.163]\nMcAfee VirusScan Enterprise [version 8.6.0]\nMicrosoft .NET Framework 2.0 Service Pack 2 [version 2.2.30729]\nMicrosoft .NET Framework
3.0 Service Pack 2 [version 3.2.30729]\nMicrosoft .NET Framework 3.5 SP1 [version 3.5.30729]\nMicrosoft Internationalized Domain Names Mitigation APIs\nMicrosoft National Language Support
Downlevel APIs\nMicrosoft Silverlight [version 2.0.31005.0]\nSecurity Update for Windows Internet Explorer 7 (KB938127) [version 1]\nSecurity Update for Windows Internet Explorer 7
(KB958215) [version 1]\nSecurity Update for Windows Internet Explorer 7 (KB960714) [version 1]\nSecurity Update for Windows Internet Explorer 7 (KB961260) [version 1]\nSecurity Update for
Windows Media Player 6.4 (KB925398)\nSecurity Update for Windows Server 2003 (KB924667-v2) [version 2]\nSecurity Update for Windows Server 2003 (KB925902-v2) [version 2]\nSecurity
Update for Windows Server 2003 (KB926122) [version 1]\nSecurity Update for Windows Server 2003 (KB929123) [version 1]\nSecurity Update for Windows Server 2003 (KB930178) [version
1]\nSecurity Update for Windows Server 2003 (KB932168) [version 1]\nSecurity Update for Windows Server 2003 (KB933729) [version 1]\nSecurity Update for Windows Server 2003 (KB933854)
[version 1]\nSecurity Update for Windows Server 2003 (KB935839) [version 1]\nSecurity Update for Windows Server 2003 (KB935840) [version 1]\nSecurity Update for Windows Server 2003
(KB936782) [version 1]\nSecurity Update for Windows Server 2003 (KB938127) [version 1]\nSecurity Update for Windows Server 2003 (KB938464) [version 1]\nSecurity Update for Windows
Server 2003 (KB941569) [version 1]\nSecurity Update for Windows Server 2003 (KB943055) [version 1]\nSecurity Update for Windows Server 2003 (KB943460) [version 1]\nSecurity Update for
Windows Server 2003 (KB943485) [version 1]\nSecurity Update for Windows Server 2003 (KB944338-v2) [version 2]\nSecurity Update for Windows Server 2003 (KB944653) [version
1]\nSecurity Update for Windows Server 2003 (KB945553) [version 1]\nSecurity Update for Windows Server 2003 (KB946026) [version 1]\nSecurity Update for Windows Server 2003 (KB950762)
[version 1]\nSecurity Update for Windows Server 2003 (KB950974) [version 1]\nSecurity Update for Windows Server 2003 (KB951066) [version 1]\nSecurity Update for Windows Server 2003
(KB951698) [version 1]\nSecurity Update for Windows Server 2003 (KB951748) [version 1]\nSecurity Update for Windows Server 2003 (KB952069) [version 1]\nSecurity Update for Windows
Server 2003 (KB952954) [version 1]\nSecurity Update for Windows Server 2003 (KB954211) [version 1]\nSecurity Update for Windows Server 2003 (KB954600) [version 1]\nSecurity Update for
Windows Server 2003 (KB955069) [version 1]\nSecurity Update for Windows Server 2003 (KB956391) [version 1]\nSecurity Update for Windows Server 2003 (KB956802) [version 1]\nSecurity
Update for Windows Server 2003 (KB956803) [version 1]\nSecurity Update for Windows Server 2003 (KB956841) [version 1]\nSecurity Update for Windows Server 2003 (KB957095) [version
1]\nSecurity Update for Windows Server 2003 (KB957097) [version 1]\nSecurity Update for Windows Server 2003 (KB958215) [version 1]\nSecurity Update for Windows Server 2003 (KB958644)
[version 1]\nSecurity Update for Windows Server 2003 (KB958687) [version 1]\nSecurity Update for Windows Server 2003 (KB958690) [version 1]\nSecurity Update for Windows Server 2003
(KB960225) [version 1]\nSecurity Update for Windows Server 2003 (KB960715) [version 1]\nUpdate for Windows Server 2003 (KB925876) [version 2]\nUpdate for Windows Server 2003
(KB927891) [version 5]\nUpdate for Windows Server 2003 (KB936357) [version 1]\nUpdate for Windows Server 2003 (KB943729)\nUpdate for Windows Server 2003 (KB948496) [version
1]\nUpdate for Windows Server 2003 (KB955839) [version 1]\nUpdate for Windows Server 2003 (KB967715) [version 1]\nVMware Tools [version 3.1.2.7966]\nVeritas NetBackup Client [version
6.5.0]\nWindows Imaging Component [version 3.0.0.0]\nWindows Internet Explorer 7 [version 20070813.185237]\nWindows Presentation Foundation [version 3.0.6920.0]\nWindows Resource
Kit Tools - SubInAcl.exe [version 5.2.3790.1164]\nWindows Search 4.0 [version 04.00.6001.503]\nXML Paper Specification Shared Components Pack 1.0\n\n</data>
</ReportItem>
<ReportItem>
<port>microsoft-ds (445/tcp)</port>
<severity>3</severity>
<pluginID>11777</pluginID>
<pluginName>SMB share hosting copyrighted material</pluginName>
<data>\n\nSynopsis :\n\nThe remote host seems to contain material (movies/audio) infringing \ncopyright.\n\nDescriptio
\nremote SMB shares.\n\nSome of these files may contain copyrighted materials, such as commercial\nmovies or music files. \n\nIf any of this file actually contains copyrighted material and
if\nthey are freely swapped around, your organization might be held liable\nfor copyright infringement by associations such as the RIAA or the MPAA.\n\nSolution :\n\nDelete the files infringing
copyright.\n\nRisk factor :\n\nNone\n\nPlugin output : \n\nHere is a list of files which have been found on the remote SMB shares.\nSome of these files may contain copyrighted materials, such as
commercial\nmovies or music files.\n\nIf any of this file actually contains copyrighted material and if\nthey are freely swapped around, your organization might be held liable\nfor copyright
infringement by associations such as the RIAA or the MPAA.\n\n + C$
:\n\n\\ibm\\webspheremq\\b
mq\\bin\\amqpcb2f.avi\n\\e
msi\\bin\\amqpcfrn.avi\n\\
</ReportItem>
</ReportHost>
<ReportHost>
<HostName>192.168.1.100</H
<startTime>Wed Mar 18 11:34:26 2009</startTime>
<stopTime></stopTime>
<netbios_name>SERVER3</net
<mac_addr>(unknown)</mac_a
<dns_name>(unknown)</dns_n
<os_name>(unknown)</os_nam
<num_ports>0</num_ports>
<num_lo>0</num_lo>
<num_med>0</num_med>
<num_hi>0</num_hi>
</ReportHost>
<ReportHost>
<HostName>192.168.1.103</H
<startTime>Wed Mar 18 09:58:08 2009</startTime>
<stopTime></stopTime>
<netbios_name>Server2</net
<mac_addr>(unknown)</mac_a
<dns_name>(unknown)</dns_n
<os_name>(unknown)</os_nam
<num_ports>14</num_ports>
<num_lo>18</num_lo>
<num_med>1</num_med>
<num_hi>0</num_hi>
<ReportItem>
<port>general/tcp</port>
<severity>3</severity>
<pluginID>10180</pluginID>
<pluginName>Ping the remote host</pluginName>
<data>The remote host is up\n</data>
</ReportItem>
<ReportItem>
<port>netbios-ssn (139/tcp)</port>
<severity>1</severity>
<pluginID>11011</pluginID>
<pluginName>SMB Detection</pluginName>
<data>\nSynopsis :\n\nA file / print sharing service is listening on the remote host. \n\nDescription :\n\nThe remote service understands the CIFS (Common Internet File System)\nor Server
Message Block (SMB) protocol, used to provide shared access\nto files, printers, etc between nodes on a network. \n\nRisk factor : \n\nNone\n\nPlugin output :\n\nAn SMB server is running on
this port.\n\n</data>
</ReportItem>
</ReportHost>
</Report>
</NessusClientData>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<script type="text/javascript">
function _xml_loadDocument(path) {
var xmlDoc;
try { // IE
xmlDoc = new ActiveXObject("Microsoft.XMLDOM");
}
catch (ex) {
try { // Gecko
xmlDoc = document.implementation.createDocument("","",null);
}
catch (ex) {
alert('Your browser cannot handle this scrHostNamet');
}
}
xmlDoc.async = false;
xmlDoc.load(path);
return xmlDoc;
}
//make the table
function renderTableBody(parentElement) {
var tableEl = parentElement.appendChild(document.createElement('TABLE'));
tableEl.cellPadding = '5';
tableEl.style.textAlign = "left";
var tableBody = tableEl.appendChild(document.createElement('TBODY'));
// Render header cells.
var headerRow = tableBody.appendChild(document.createElement('TR'));
headerRow.appendChild(document.createElement('TD')).innerHTML = 'Finding Number';
headerRow.appendChild(document.createElement('TD')).innerHTML = 'NIST 800-53 / DHS Control Severity';
headerRow.appendChild(document.createElement('TD')).innerHTML = 'Machine Name';
headerRow.appendChild(document.createElement('TD')).innerHTML = 'IP Address';
headerRow.appendChild(document.createElement('TD')).innerHTML = 'Severity';
headerRow.appendChild(document.createElement('TD')).innerHTML = 'Finding (pluginname + Data)';
headerRow.appendChild(document.createElement('TD')).innerHTML = 'Details';
//headerRow.appendChild(document.createElement('TD')).innerHTML = 'Details\n'.replace(/\n/g,'TEST');
//headerRow.appendChild(td).style.color='red').innerHTML= 'Details';
//redColor.style.color = "red";
return tableBody;
}
function renderColumn(ReportHostRow, ReportHost, name) {
var lookupNode = ReportHost.getElementsByTagName(name)[0];
if (lookupNode && lookupNode.childNodes[0]) {
var nodeValue = lookupNode.childNodes[0].nodeValue;
ReportHostRow.appendChild(document.createElement('TD')).innerHTML = nodeValue;
}
}
function renderReportHost(tableBody, ReportHost) {
// Get all the 'ReportItem' elements within the ReportHost
var xmlReportItem = ReportHost.getElementsByTagName("ReportItem");
// Go through each one
var heading = false;
for (var i = 0; i < xmlReportItem.length; ++i) {
// Determine the severity level of this ReportItem item
var severitylevel = xmlReportItem[i].getElementsByTagName('severity')[0].childNodes[0].nodeValue;
// We only care about Medium or High
if ((severitylevel == '2') || (severitylevel == '3')) {
var ReportHostRow = tableBody.appendChild(document.createElement('TR'));
// If we haven't shown the ReportHost details already, show them
if (heading==false) {
heading = true;
ReportHostRow.appendChild(document.createElement('TD')).innerHTML = 'Nessus #';
ReportHostRow.appendChild(document.createElement('TD')).innerHTML = 'SI-2';
//DNS Name
renderColumn(ReportHostRow, ReportHost, 'netbios_name');
//IP Address
renderColumn(ReportHostRow, ReportHost, 'HostName');
} else {
// Otherwise, show blank fields for ReportHost details as they are shown above this row
ReportHostRow.appendChild(document.createElement('TD')).innerHTML = ' ';
ReportHostRow.appendChild(document.createElement('TD')).innerHTML = ' ';
ReportHostRow.appendChild(document.createElement('TD')).innerHTML = ' ';
ReportHostRow.appendChild(document.createElement('TD')).innerHTML = ' ';
}
// Now show the ReportItem results...
renderColumn(ReportHostRow, xmlReportItem[i], 'severity');
renderColumn(ReportHostRow, xmlReportItem[i], 'pluginName');
renderColumn(ReportHostRow, xmlReportItem[i], 'data');
}
}
}
function renderXML(path, parentElement) {
try {
var xmlDoc = _xml_loadDocument(path);
var tableBody = renderTableBody(parentElement || document.body);
var xmlReportHosts = xmlDoc.getElementsByTagName("ReportHost");
for (var i = 0; i < xmlReportHosts.length; ++i) {
renderReportHost(tableBody, xmlReportHosts[i]);
}
}
catch (ex) {
alert('Your browser cannot handle this scrHostNamet');
}
}
</script>
</head>
<body onload="renderXML('NessusSmall.xml');">
</body>
</html>
Try changing your renderhost() function to match the code snippet I've included. Sorry, had to change the code only a small bit!
I've formatting the host information with '..' to stop the same information being repeated for each <audit> line but you can easily remove this if you don't like it.
Best of luck with your project.
Adam
Open in new window