DeforaNetworks/pentext
DeforaNetworks/pentext
3
0
Fork 0
Code Releases Activity

Improved/simplified Quickscope, implemented mandays

Browse Source
This commit is contained in:
skyanth 2016-10-04 15:19:46 +02:00
parent d03bc63668
commit aa67a4e2b8
10 changed files with 123 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
xml/doc/examples/examplequickscope.xml
View File

@ -1,10 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<quickscope xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xml="http://www.w3.org/XML/1998/namespace">
<!-- Today's date -->
<version date="2016-10-01"/>
<!-- YYYY-MM-DD -->
xmlns:xml="http://www.w3.org/XML/1998/namespace"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="../dtd/quickscope.xsd">
<!-- COMPANY INFO -->
<xi:include href="client_info.xml"/>
@ -24,21 +24,22 @@
<target>target2.target.com</target>
</targets>
</meta>
<!-- Some information about any third parties involved with the software/service to be tested, if applicable.
If not applicable, delete the whole <third_party> element. If more parties are needed, add <third_party> elements -->
<!-- Do we need permission from third parties? Insert as many <third_party> elements as needed under this comment -->
<third_party>
<full_name>Third Party BV</full_name>
<short_name>Third Party</short_name>
<!-- Name of the person who will need to sign the waiver for this vendor -->
<waiver_rep>TP Waiver Rep</waiver_rep>
<address>Street 1</address>
<city>City</city>
<country>Netherlands</country>
<address>TP Street 123</address>
<city>TP City</city>
<country>TP Country</country>
</third_party>
<pentest_info>
<!-- How long would you like the test to be? (in days) -->
<days>6</days>
<!-- How many mandays (if you don't know, try days * number of assigned pentesters) -->
<mandays>12</mandays>
<!-- Service execution (Use one of the following values: time-boxed, subscription) -->
<nature>time-boxed</nature>
<!-- Testing type (Use one of the following values: crystal-box, black-box, grey-box) -->
@ -51,6 +52,8 @@
<delivery>TBD</delivery>
<!-- Do you need/want a code audit? (possible values: yes/no), only for pentest -->
<codeaudit perform="yes"/>
<!-- Is there an application that needs to be tested? Add an <application_name> element below. -->
<application_name>AppToTest</application_name>
<!-- rate (to be filled in by ROS ;) -->
<rate>40000</rate>

1
xml/dtd/common.xsd
View File

@ -109,6 +109,7 @@
<xs:element name="invoice_mail" type="emailAddress"/>
<xs:element name="duration" type="xs:nonNegativeInteger"/>
<xs:element name="mandays" type="xs:nonNegativeInteger"/>
<xs:element name="test_planning" type="xs:string"/>
<xs:element name="report_due" type="xs:string"/>
<xs:element name="nature" type="xs:string"/>

1
xml/dtd/offerte.xsd
View File

@ -67,6 +67,7 @@
<xs:complexType>
<xs:sequence>
<xs:element ref="duration"/>
<xs:element ref="mandays"/>
<xs:element ref="test_planning"/>
<xs:element ref="report_due"/>
<xs:element ref="nature"/>

78
xml/dtd/quickscope.xsd Normal file
View File

@ -0,0 +1,78 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xi="http://www.w3.org/2001/XInclude">
<xs:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd" />
<xs:import namespace="http://www.w3.org/2001/XInclude" schemaLocation="http://www.w3.org/2001/XInclude/XInclude.xsd"/>
<xs:include schemaLocation="common.xsd"/>
<xs:element name="quickscope">
<xs:complexType>
<xs:sequence>
<xs:element ref="client"/>
<xs:element ref="meta"/>
<xs:element ref="third_party" minOccurs="0"/>
<xs:element ref="pentest_info"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="meta">
<xs:complexType>
<xs:sequence>
<xs:element ref="offer_language"/>
<xs:element ref="offer_type"/>
<xs:element ref="requested_service"/>
<xs:element ref="targets"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="offer_language" type="xs:NCName"/>
<xs:element name="offer_type" type="xs:NCName"/>
<xs:element name="requested_service" type="xs:string"/>
<xs:element name="third_party">
<xs:complexType>
<xs:sequence>
<xs:element ref="full_name" minOccurs="1"/>
<xs:element ref="short_name"/>
<xs:element ref="waiver_rep"/>
<xs:element ref="address"/>
<xs:element ref="city"/>
<xs:element ref="country"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="pentest_info">
<xs:complexType>
<xs:sequence>
<xs:element ref="days"/>
<xs:element ref="mandays"/>
<xs:element ref="nature"/>
<xs:element ref="type"/>
<xs:element ref="planning"/>
<xs:element ref="delivery"/>
<xs:element ref="codeaudit"/>
<xs:element ref="application_name" minOccurs="0"/>
<xs:element ref="rate"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="days" type="xs:integer"/>
<xs:element name="mandays" type="xs:integer"/>
<xs:element name="planning" type="xs:NCName"/>
<xs:element name="delivery" type="xs:NCName"/>
<xs:element name="codeaudit">
<xs:complexType>
<xs:attribute name="perform" use="required" type="xs:NCName"/>
</xs:complexType>
</xs:element>
<xs:element name="application_name" type="xs:NCName"/>
<xs:element name="rate" type="xs:integer"/>
<xs:complexType name="block" mixed="true">
<xs:choice maxOccurs="unbounded">
<xs:group ref="inline-all"/>
<xs:group ref="placeholders"/>
</xs:choice>
<xs:attribute ref="xml:base"/>
</xs:complexType>
<xs:group name="placeholders">
<xs:choice/>
</xs:group>
</xs:schema>

6
xml/dtd/xsi.xsd
View File

@ -1,6 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xi="http://www.w3.org/2001/XInclude">
<xs:import schemaLocation="pentestreport.xsd"/>
<xs:import namespace="http://www.w3.org/2001/XInclude" schemaLocation="xi.xsd"/>
<xs:attribute name="noNamespaceSchemaLocation"/>
</xs:schema>

39
xml/source/quickscope.xml
View File

@ -1,10 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<quickscope xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xml="http://www.w3.org/XML/1998/namespace">
<!-- Today's date -->
<version date="2015-01-01"/>
<!-- YYYY-MM-DD -->
xmlns:xml="http://www.w3.org/XML/1998/namespace"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="../dtd/quickscope.xsd">
<!-- COMPANY INFO -->
<xi:include href="client_info.xml"/>
@ -16,29 +16,23 @@
<offer_type>pentest</offer_type>
<!-- Required service -->
<!-- Note: is only used when type is 'other', if offer_type is a specific type, service name will be taken from the localisation strings -->
<requested_service>penetration testing services</requested_service>
<!-- Which targets will need to be tested?
(one <target> element for each piece of software/service/server address/location...), delete/add as necessary -->
<requested_service>penetration testing services</requested_service>
<!-- Which targets will need to be tested?
(one <target> element for each piece of software/service/server address/location...), delete/add as necessary -->
<targets>
<target></target>
<target></target>
</targets>
</meta>
<!-- Some information about any third parties involved with the software/service to be tested, if applicable.
If not applicable, delete the whole <third_party> element. If more parties are needed, add <third_party> elements -->
<third_party>
<full_name></full_name>
<short_name></short_name>
<!-- Name of the person who will need to sign the waiver for this vendor -->
<waiver_rep></waiver_rep>
<address></address>
<city></city>
<country></country>
</third_party>
<!-- Do we need permission from third parties? Insert as many <third_party> elements as needed under this comment -->
<!-- INSERT OPTIONAL THIRD PARTIES HERE -->
<!-- ___________________________________ -->
<pentest_info>
<!-- How long would you like the test to be? (in days) -->
<days></days>
<days>0</days>
<!-- How many mandays (if you don't know, try days * number of assigned pentesters) -->
<mandays>0</mandays>
<!-- Service execution (Use one of the following values: time-boxed, subscription) -->
<nature>time-boxed</nature>
<!-- Testing type (Use one of the following values: crystal-box, black-box, grey-box) -->
@ -51,8 +45,11 @@
<delivery>TBD</delivery>
<!-- Do you need/want a code audit? (possible values: yes/no), only for pentest -->
<codeaudit perform="yes"/>
<!-- Is there an application that needs to be tested? Type its name below. If not, please DELETE <application_name> element -->
<application_name></application_name>
<!-- Is there an application that needs to be tested? Add an <application_name> element below. -->
<!-- INSERT OPTIONAL APPLICATION NAME HERE -->
<!-- ___________________________________ -->
<!-- rate (to be filled in by ROS ;) -->
<rate>0</rate>

2
xml/source/snippets/offerte/en/projectoverview.xml
View File

@ -16,7 +16,7 @@
<!-- snippet --><p><company_short/> will test for the presence of the
most common vulnerabilities, using both publicly available vulnerability
scanning tools and manual testing. <company_short/> shall perform a
<p_duration/>-day, <p_boxtype/>, intrusive test via the internet.</p>
<p_duration/>-day (<p_mandays/>-manday), <p_boxtype/>, intrusive test via the internet.</p>
<!-- snippet --> <!--Not Needed if Disclaimer is Included; Duplicate Text-->
<!--p>It is possible that in the course of the penetration

2
xml/source/snippets/offerte/nl/projectoverview.xml
View File

@ -15,7 +15,7 @@
<!-- snippet --><p><company_short/> zal testen op de aanwezigheid van de
meest voorkomende kwetsbaarheden, gebruik makend van zowel publiek beschikbare
scanning tools, als door handmatig testen. <company_short/> zal een grondige
<p_duration/>-daagse, <p_boxtype/> test uitvoeren via internet.</p>
<p_duration/>-daagse (<p_mandays/> mandagen), <p_boxtype/> test uitvoeren via internet.</p>
<section todo="yes">
<title>Scope</title>

6
xml/xslt/placeholders.xslt
View File

@ -147,6 +147,12 @@
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="p_mandays">
<xsl:param name="placeholderElement" select="/*/meta/pentestinfo/mandays"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="p_boxtype">
<xsl:param name="placeholderElement" select="/*/meta/pentestinfo/type"/>
<xsl:call-template name="checkPlaceholder">

4
xml/xslt/qs2offerte.xsl
View File

@ -75,6 +75,10 @@
<xsl:value-of select="/*/pentest_info/days"/>
</duration>
<xsl:comment>duration of pentest, in working days</xsl:comment>
<mandays>
<xsl:value-of select="/*/pentest_info/mandays"/>
</mandays>
<xsl:comment>duration of pentest, in mandays</xsl:comment>
<test_planning>
<xsl:value-of select="/*/pentest_info/planning"/>
</test_planning>