📜Reporting

Lotus is giving you one simple way to report/save the output of your script, you have two types

  • General information

  • Vuln report

  • CVE report

General information

every time you run a script lotus would expect a list of findings in your report, it means you can include many finidings in the same report and the script as well so first you've to set the report information and after that call a global Lua Class called Reports

Report TypeDescriptionReports FunctionPrint Function

VULN

This report for known vulnerabilities such as XSS, SQL, which does not require a special path or parameter to be detected

Reports:addVulnReport

print_vuln_report

CVE

This report is for custom CVESs that require one or two custom paths/parameters to be detected

Reports:addCveReport

print_cve_report

Vuln Report

local function send_report(url,parameter,payload,matching_txt)
    VulnReport:setName("Template Injection") -- vulnerability name
    VulnReport:setDescription("https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server_Side_Template_Injection") -- simple description
    VulnReport:setRisk("high") -- vulnerability risk
    VulnReport:setUrl(url) -- Vulnrable URL
    VulnReport:setParam(parameter) -- Vulnrable Parameter
    VulnReport:setAttack(payload) -- Used Payload
    VulnReport:setEvidence(matching_txt) -- Matched Text
    print_vuln_report(VulnReport) -- Print The Current Value of the report to the CLI
    Reports:addVulnReport(VulnReport) -- Save the current value of the Class to the script report list
end

function main() 
    -- SOME LOGIC
    send_report("http://hello.com/?name=%7B%7B2%2A2%7D%7D","name","%7B%7B2%2A2%7D%7D","4")
end

CVE Report

in CVE report you can add many Matchers like if you have a CVE that detect a vulnrablite based on the response header and body soo you have to include that in the report, to fix that you can use CveReport:addMatcher function to add whatever you want based on the Match ID

The Match ID is allocating for custom part of the response

Match IDMatch Type

1

Full Response

2

Response Headers

3

Response Body

4

Status Code

5

General (anything)

  • Full Response

CveReport:addMatcher("<h1>Hi</h1>",1)

  • Response Headers

CveReport:addMatcher("Content-Type: text/html",2)

  • Response Body

CveReport:addMatcher("<h1>H1</h1>",3)

  • Response Status

CveReport:addMatcher("301",4)

  • General (Request or Response)

CveReport:addMatcher("IDK WHERE I FOUND THAT HONESTLY",5)

when you can the send_report function all matches that you added will be mentioned the in report, if you want to clear the matchers for example adding a new finding in the same script you can use CveReport:clearMatcher() to clear the matching list

local function send_report(url)
    CveReport:setName("CVE-2020-11450") -- CVE Name
    CveReport:setDescription("MicroStrategy Web 10.4 is susceptible to information disclosure. The JVM configuration, CPU architecture, installation folder, and other information are exposed through /MicroStrategyWS/happyaxis.jsp. An attacker can use this vulnerability to learn more about the application environment and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.") -- Description
    CveReport:setRisk("high") -- Risk
    CveReport:setUrl(url)  -- URL
    Reports:addCveReport(CveReport) -- Save The Current value of CveReport to report list
    print_cve_report(CveReport) -- Print CVE report to CLI
    CveReport:clearMatcher() -- Clear the matching List
end

function main() 
    -- Some Logic 
    CveReport:addMatcher('url: xss://"-alert(document.domain)',3)  -- 3 = response body
    CveReport:addMatcher('text/html',2)  -- 2 = response headers
    CveReport:addMatcher("200",4)  -- 4 = response status
    send_report("http://target.com/wp-content/plugins/embed-swagger/swagger-iframe.php?url=xss://%22-alert(document.domain)-%22")
end
PreviousText MatchingNextLogging

Last updated