Custom XSLT example for scan result XML

File uploaded by Curtis Herrick on Oct 24, 2011
Version 1Show Document
  • View in full screen mode

Hello All,

  I thought I'd share a custom XSLT that can be used to transform and/or Filter Scan XML results.  It only is applicable to the Scan result DTD, but is a nifty example of what one can do.  Note, this XSLT has some nifty tricks in it that may be handy to keep in mind for other similar transforms on other schemas.


To try out this XSL, you can use many tools, but one free one that’s pretty easy to use is .  The DOS batch file content I’ve included below uses this tool.  (I won’t include actual input/output because it would have actual server / vuln info.)


     REM Create a c:\Qualys\Scans directory and save your scan XML there.
     REM Download and copy msxsl.exe to this dir, or put it where your machine will find it (refer to dos path command)

     msxsl.exe "C:\Qualys\Scans\ScanSource.xml" "C:\Qualys\Scans\ScanFilter.xsl" -o "C:\Qualys\Scans\output.html"


     c:\progra~1\intern~1\iExplore.exe  "C:\Qualys\Scans\output.html"


Idea:  If one were to use the API to schedule a report and retrieve XML, they could use XSLT like this to transform the result into whatever transformable format they prefer.  I posted a previous document here ( on how to make API calls using MS .Net.  Combine these two ideas and one could do interesting things.




- Curtis