Absent Member.
Absent Member.
11686 views

Command line report generation

It seems that although I can invoke scans from the DOS command line, I cannot use the command line to generate reports from previous scans.  Is there a non-GUI workaround for this?  Have I missed something?  It seems like it would be a very useful feature.  Thanks.


Benny


 

0 Likes
4 Replies
Micro Focus Expert
Micro Focus Expert

Benny;


You are correct, the CLI function of WI.EXE is only meant for producing new scans.  There are additional options that can be used to generate Reports and/or Exports of that assessment upon its completion, but there is no way to simply run a Report or Export from the CLI.


As a test I attempted to run the following Report-only commands, testing the -n {scan name} and the -i {ScanID} options, and received an error indicating I must be scanning something.


++++++++++++++++


C:\Program Files\HP\HP WebInspect>wi.exe -n "Sample Scan" -r "Executive Summary" -f "C:\temp\" -y Standard -gp


MUST specify url (-u) or settings file (-s) or both


C:\Program Files\HP\HP WebInspect>wi.exe -i 1a6053a8-c45e-4985-ab87-59cb410ee6fd.mdf -r "Executive Summary" -f "C:\temp\" -y Standard -gp


MUST specify url (-u) or settings file (-s) or both


C:\Program Files\HP\HP WebInspect>
++++++++++++++++


To generate Reports, you must invoke the "Generate a Report" link found on the Start Page tab or use the "Report" button found in the toolbar.  This will open a listing of the available scans currently stored in your database(s) and you continue the report wizard from there.


To generate Exports, you must open the desired scan on-screen and invoke the File menu > Export option.


 


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
Absent Member.
Absent Member.

So, why does the wi.exe have the parameter "-e {filepath} export scan in full XML format" ?

0 Likes
Micro Focus Expert
Micro Focus Expert

Lincoln_Cheng;

 

Color me surprised!, but I had never thought those Export and Report options worked unless one were also running a live scan.  Thanks for the refresher!

 

I reviewed this in WebInspect 10.40 and found that you are correct, I can generate Exports and Reports from the CLI provided I have the ScanID.  At present, the ScanID can only be found and Copied from the scan's Scan Log report or from the Scan Log pane found at the bottom of the scan's UI.  The ScanId can be found in the Manage Scans UI (customize your Columns), but that does not offer a Copy option for ease, just reading (and re-typing).

 

I also discovered that we can even Resume a scan from the CLI. using "-ir {scanid}".   I do not know precisely when that appeared, but I found it way back in the WI 8.0 CLI but not in the WI 7.0 CLI.  I just had it stuck in my head that such scans had to b Resumed from the WebInspect UI, so I must apologize for my earlier response.

 

 

 

Below are the tests I ran today.  I have attached a text document of the CLI command options found in the current WebInspect 10.40 release.

 

 

Export to Full Export XML format:

============================

C:\Program Files\HP\HP WebInspect>wi.exe -ix 63f703e9-6c96-41d6-a7d6-144b2d778cba -eb C:\temp\testfullexport.xml
-----------------------------------------------------------------
Exporting ScanID='63f703e9-6c96-41d6-a7d6-144b2d778cba' to 'C:\temp\testfullexport.xml' ...
Export SUCCEEDED
-----------------------------------------------------------------

scan exited normally

C:\Program Files\HP\HP WebInspect>dir c:\temp\testf*
 Volume in drive C is PC COE
 Volume Serial Number is 30E8-1E88

 Directory of c:\temp

08/28/2015  01:43 PM        23,528,530 testfullexport.xml
               1 File(s)     23,528,530 bytes
               0 Dir(s)  349,791,322,112 bytes free

============================

 

Report run, including both the Executive Summary and Vulnerability Summary templates in a single PDF:

============================

C:\Program Files\HP\HP WebInspect>wi.exe -ix 63f703e9-6c96-41d6-a7d6-144b2d778cba -r executive summary;vulnerability -gp -f C:\temp\reporttest.pdf -y Standard


Generating report(s)...
Report run started
Report run finished
Report(s) successfully generated
-----------------------------------------------------------------
scan exited normally

 

C:\Program Files\HP\HP WebInspect>

============================


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
Absent Member.
Absent Member.

You can run the export command the same time as you run the scan command:

WI.exe -u http://zero.webappsecurity.com/ -ps 1 -r Aggregate -y Standard -n "creds" -f \WI_scan.pdf -eb WI_xmlscan.xml -gp

This produces a pdf of the scan as well as exporting it to an xml.

This means you don't have to manually find and type the scan id. 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.