Newer
Older
DirtyScripts / ReportToolz / pt2json.php
root on 31 Jan 2020 5 KB fix for multiple headings
#!/usr/bin/php
<?php
//error_reporting(0);

/***
 * Main program - Don't edit below
 */
echo "            ______   _                  \n        _  (_____ \ (_)                 \n ____ _| |_  ____) ) _  ___  ___  ____  \n|  _ (_   _)/ ____/ | |/___)/ _ \|  _ \ \n| |_| || |_| (_____ | |___ | |_| | | | |\n|  __/  \__)_______)| (___/ \___/|_| |_|\n|_|               (__/                  \n\n";

foreach (glob("classes/*.php") as $filename)
    include $filename;

$definitions = new \Clapp\CommandLineArgumentDefinition(
    array(
        "help|h"            => "Shows help message",
        "doc|d=s"           => "/path/to/doc.ptreport to use",
        "no-save|n"           => "Output only - Don't save JSON files",
    )
);

$filter = new \Clapp\CommandArgumentFilter($definitions, $argv);

if ($filter->getParam('h') === true || $argc < 2) {
	echo "Convert ptreport reprep output file to JSON files for repgen.php\n\n";
    fwrite(STDERR, $definitions->getUsage());
    exit(0);
} 

// see if doc exists 
if ($filter->getParam("doc") == false)
	die("[-] no doc set\n");

echo "[!] doc: ".$filter->getParam("doc")."\n";
if(!file_exists($filter->getParam("doc")))
	die("[-] no such file! \n"); 


$xmlfile = file_get_contents($filter->getParam("doc"));
$ob= simplexml_load_string($xmlfile);
$json  = json_encode($ob);
$configData = json_decode($json, true);

//$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";

if( isset($configData['report_sections']['section'][0]['subsection'][0]['@attributes']['title'])){
	// multiple headings
	foreach( $configData['report_sections']['section'] as $key1 => $val1 ){
		//echo $key1." - ".$val1."\n";
		foreach ($val1['subsection'] as $key => $value) {
			if(isset($value['finding'] )){
				foreach($value['finding'] as $key2 => $value2){
					if(isset($value2['@attributes']['title']) && isset($value2['summary_description'])){
						if($filter->getParam('no-save') === true){
							echo "[+] issue: ".$value2['@attributes']['title']."\n";
						}else{
							echo "[+] creating json for: ".$value2['@attributes']['title']."\n";
						}
						$vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $value2['@attributes']['title']) );

						if(isset($value2['cvss_vector']) && @strpos($value2['cvss_vector'], 'CVSS:3.0') === 0 ){
							$cvss3_score = $value2['cvss'];
							$cvss3_vector = $value2['cvss_vector'];
						}else{
							$cvss3_score = "";
							$cvss3_vector = "";
						}

						$techD = "";
						foreach ($value2['section'] as $key => $value) {
							# code...
							$techD .= @base64_decode($value)."\n";
						}
						$cvssS = (isset($value2['cvss']))? $value2['cvss'] : "";

						$sev = $value2['severity'];
						$sev = str_replace("serious", "Serious", $sev);
						$sev = str_replace("high", "High", $sev);
						$sev = str_replace("medium", "Medium", $sev);
						$sev = str_replace("low", "Low", $sev);
						$sev = str_replace("info", "Informational", $sev);

						$jsonFile = '{
						"title":'.json_encode($value2['@attributes']['title']).',
						"category":"",
						"remediation":'.json_encode(base64_decode($value2['remediation'])).',
						"cvss_score":'.json_encode($cvssS).',
						"risk":'.json_encode($sev).',
						"impact":"High/Medium/Low",
						"description":'.json_encode(base64_decode($value2['summary_description'])).',
						"tech_description":'.json_encode($techD).',
						"solution":'.json_encode(base64_decode($value2['summary_fix'])).',
						"cvss2_score":"",
						"cvss2_vector":"",
						"cvss3_score":'.json_encode($cvss3_score).',
						"cvss3_vector":'.json_encode($cvss3_vector).',
						"owasp":"",
						"tags":'.json_encode(base64_decode($value2['vuln_tags'])).',
						"to_check":"checked"}';

						if($filter->getParam('no-save') === false){
							file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile);
						}
					}
				}
			}

		}
	}
	// single heading
}else{
	foreach ($configData['report_sections']['section']['subsection'] as $key => $value) {
		# code...
		//echo $value['title']."\n";
		//print_r($value);
		foreach($value['finding'] as $key2 => $value2){

			if($filter->getParam('no-save') === true){
				echo "[+] issue: ".$value2['@attributes']['title']."\n";
			}else{
				echo "[+] creating json for: ".$value2['@attributes']['title']."\n";
			}
			$vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $value2['@attributes']['title']) );

			if(isset($value2['cvss_vector']) && @strpos($value2['cvss_vector'], 'CVSS:3.0') === 0 ){
				$cvss3_score = $value2['cvss'];
				$cvss3_vector = $value2['cvss_vector'];
			}else{
				$cvss3_score = "";
				$cvss3_vector = "";
			}

			$techD = "";
			foreach ($value2['section'] as $key => $value) {
				# code...
				$techD .= @base64_decode($value)."\n";
			}
			$cvssS = (isset($value2['cvss']))? $value2['cvss'] : "";

			$sev = $value2['severity'];
			$sev = str_replace("serious", "Serious", $sev);
			$sev = str_replace("high", "High", $sev);
			$sev = str_replace("medium", "Medium", $sev);
			$sev = str_replace("low", "Low", $sev);
			$sev = str_replace("info", "Informational", $sev);

			$jsonFile = '{
			"title":'.json_encode($value2['@attributes']['title']).',
			"category":"",
			"remediation":'.json_encode(base64_decode($value2['remediation'])).',
			"cvss_score":'.json_encode($cvssS).',
			"risk":'.json_encode($sev).',
			"impact":"High/Medium/Low",
			"description":'.json_encode(base64_decode($value2['summary_description'])).',
			"tech_description":'.json_encode($techD).',
			"solution":'.json_encode(base64_decode($value2['summary_fix'])).',
			"cvss2_score":"",
			"cvss2_vector":"",
			"cvss3_score":'.json_encode($cvss3_score).',
			"cvss3_vector":'.json_encode($cvss3_vector).',
			"owasp":"",
			"tags":'.json_encode(base64_decode($value2['vuln_tags'])).',
			"to_check":"checked"}';

			if($filter->getParam('no-save') === false){
				file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile);
			}
		}
		
	}
}