Suggestion: Add all vulnerabilities from testssl output

[s3nn]

Hey, I was wondering if you are considering adding an option to parse all vulnerabilities from testssl output! I made a few changes to your script for my own personal use, if you want I can (try) and submit a pull request. However, I just wanted to know if there was a specific reason you don't already do this and rely on the hard-coded dictionary.

Thanks, awesome script btw!

[aress31]

Hi @s3nn,

Thanks for your feedback.

Indeed, there is a reason behind my choice of relying on a hard-coded dictionary for the vulnerabilities to parse. This is mainly due to the selection of findings I usually include into my pentest reports (I willingly ignore some testssl findings that I do not judge super relevant for my cases). This is also due, to my need of including the generated Excel tables within the pentest report (.docx) without having to change the page orientation.

In previous versions of the script, I had a -filter option which let the user decide of what vulnerability to parse but it was a bit heavy, therefore I decided that any change would be made by commenting (out) directly the source code.

Maybe this feature could be brought back with default (which would process my current choice of vulnerabilities) and all (which would process all vulnerabilties) values.

Kind regards,
Alex