Lotus is giving you one simple way to report/save the output of your script, you have two types
General information
Vuln report
CVE report
General information
every time you run a script lotus would expect a list of findings in your report, it means you can include many finidings in the same report and the script as well so first you've to set the report information and after that call a global Lua Class called Reports
Report Type
Description
Reports Function
Print Function
VULN
This report for known vulnerabilities such as XSS, SQL, which does not require a special path or parameter to be detected
Reports:addVulnReport
print_vuln_report
CVE
This report is for custom CVESs that require one or two custom paths/parameters to be detected
Reports:addCveReport
print_cve_report
Vuln Report
localfunctionsend_report(url,parameter,payload,matching_txt) VulnReport:setName("Template Injection") -- vulnerability name VulnReport:setDescription("https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server_Side_Template_Injection") -- simple description
VulnReport:setRisk("high") -- vulnerability risk VulnReport:setUrl(url) -- Vulnrable URL VulnReport:setParam(parameter) -- Vulnrable Parameter VulnReport:setAttack(payload) -- Used Payload VulnReport:setEvidence(matching_txt) -- Matched Textprint_vuln_report(VulnReport) -- Print The Current Value of the report to the CLI Reports:addVulnReport(VulnReport) -- Save the current value of the Class to the script report listendfunctionmain() -- SOME LOGICsend_report("http://hello.com/?name=%7B%7B2%2A2%7D%7D","name","%7B%7B2%2A2%7D%7D","4")end
CVE Report
in CVE report you can add many Matchers like if you have a CVE that detect a vulnrablite based on the response header and body soo you have to include that in the report, to fix that you can use CveReport:addMatcher function to add whatever you want based on the Match ID
The Match ID is allocating for custom part of the response
Match ID
Match Type
1
Full Response
2
Response Headers
3
Response Body
4
Status Code
5
General (anything)
Full Response
CveReport:addMatcher("<h1>Hi</h1>",1)
Response Headers
CveReport:addMatcher("Content-Type: text/html",2)
Response Body
CveReport:addMatcher("<h1>H1</h1>",3)
Response Status
CveReport:addMatcher("301",4)
General (Request or Response)
CveReport:addMatcher("IDK WHERE I FOUND THAT HONESTLY",5)
when you can the send_report function all matches that you added will be mentioned the in report, if you want to clear the matchers for example adding a new finding in the same script you can use CveReport:clearMatcher() to clear the matching list
localfunctionsend_report(url) CveReport:setName("CVE-2020-11450") -- CVE Name CveReport:setDescription("MicroStrategy Web 10.4 is susceptible to information disclosure. The JVM configuration, CPU architecture, installation folder, and other information are exposed through /MicroStrategyWS/happyaxis.jsp. An attacker can use this vulnerability to learn more about the application environment and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.") -- Description
CveReport:setRisk("high") -- Risk CveReport:setUrl(url) -- URL Reports:addCveReport(CveReport) -- Save The Current value of CveReport to report listprint_cve_report(CveReport) -- Print CVE report to CLI CveReport:clearMatcher() -- Clear the matching Listendfunctionmain() -- Some Logic CveReport:addMatcher('url: xss://"-alert(document.domain)',3) -- 3 = response body CveReport:addMatcher('text/html',2) -- 2 = response headers CveReport:addMatcher("200",4) -- 4 = response status send_report("http://target.com/wp-content/plugins/embed-swagger/swagger-iframe.php?url=xss://%22-alert(document.domain)-%22")
end