The Fortify parser has been made to facilitate faster reporting during penetration testing exercises. This helps the pentesters focus more on the testing aspect of their projects and reduces the cumbersome and repetitive task of making customized client reports.
This python script simply takes XML report generated by Fortify as command line argument.
- Security Risk
- Severity
- Description
- Source File Name
- Source File Path
- Source Line Number
- Sink File Name
- Sink File Path
- Sink Line Number
- Remarks
The extracted information is then sorted based on severity, with most critical issues listed on top and the lower risk issues listed at the bottom.
The tool runs on python 3.7.x installation.
Required Module: xlsxwriter
The same can be installed by using pip:
pip install xlsxwriter
If both python 2.x and 3.x are installed, then:
pip3 install xlsxwriter
Run the following command:
python Fortify_parser.py <xml file name>
If both python 2.x and 3.x are installed:
python3 Fortify_parser.py <xml file name>
NOTE: The below screenshot is just for demonstration purpose, showing the sorted output with color codes expressing levels of severity.
