#!/usr/bin/php
<?php
//error_reporting(0);
/***
* Configuration options
*/
$vulnDB = "/opt/RossMarks/vdb/";
/***
* Main program - Don't edit below
*/
#echo " +-+-+-+-+-+-+\n |V|u|l|n|D|B|\n +-+-+-+-+-+-+\n\n";
foreach (glob("classes/*.php") as $filename)
include $filename;
$definitions = new \Clapp\CommandLineArgumentDefinition(
array(
"help|h" => "Shows help message",
"search|s=s" => "search term",
"id|i=i" => "id of vuln to view details or copy (requires -p)",
"path|p=s" => "path to copy vuln to (requires -c)",
)
);
$filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
if ($filter->getParam('h') === true || $argc < 2) {
fwrite(STDERR, $definitions->getUsage());
exit(0);
}
// get all vulns
$vuln = recursiveScan($vulnDB);
$i = 1;
foreach($vuln as $key => $value){
$vuln[$key]['count'] = $i;
$i++;
}
// search for search term
if($filter->getParam("search") == true){
#echo "[!] Searching: ".$filter->getParam("search")."\n";
echo"
Ref | Title | Description
-------|--------------------------------------------------|----------------------------------------------------------------\n";
foreach ($vuln as $key => $value) {
$flag = 0;
if (strpos($vuln[$key]['title'], $filter->getParam("search")) == true){ $flag = 1; }
if (strpos($vuln[$key]['description'], $filter->getParam("search")) == true){ $flag = 1; }
if (strpos($vuln[$key]['tech_description'], $filter->getParam("search")) == true){ $flag = 1; }
if (strpos($vuln[$key]['impact'], $filter->getParam("search")) == true){ $flag = 1; }
if (strpos($vuln[$key]['solution'], $filter->getParam("search")) == true){ $flag = 1; }
if (strpos($vuln[$key]['tags'], $filter->getParam("search")) == true){ $flag = 1; }
if($flag == 1){ // found search term
$ref = str_pad($vuln[$key]['count'], 7);
$title = str_pad($vuln[$key]['title'], 50);
$desc = trim(preg_replace('/\s\s+/', ' ', $vuln[$key]['tech_description']));
$desc = str_pad( $desc, 61);
echo substr($ref, 0, 7); echo "|";
echo substr($title, 0, 50); echo "|";
echo substr($desc, 0, 61); echo "\n";
}
}
echo "\n";
}
if($filter->getParam("id") == true){
$id = $filter->getParam("id");
foreach ($vuln as $key => $value) {
if($vuln[$key]['count'] == $id){
$chosenVuln = $vuln[$key];
$path = $key;
break;
}
}
echo "\033[1m\033[4m".$chosenVuln['count']." - ".$chosenVuln['title']."\033[0m\n";
echo "\033[1mCVSS:\033[0m ".$chosenVuln['cvss_score']." ";
echo "\033[1mRisk:\033[0m ".$chosenVuln['risk']." ";
echo "\033[1mOWASP:\033[0m ".$chosenVuln['owasp']."\n";
echo "\033[1mCVSS2:\033[0m ".$chosenVuln['cvss2_score']." ".$chosenVuln['cvss2_vector']."\n";
echo "\033[1mCVSS3:\033[0m ".$chosenVuln['cvss3_score']." ".$chosenVuln['cvss3_vector']."\n";
echo "\033[1mDescription:\033[0m ".$chosenVuln['description']."\n";
echo "\033[1mTechnical Description:\033[0m ".$chosenVuln['tech_description']."\n";
echo "\033[1mSoluton:\033[0m ".$chosenVuln['solution']."\n";
echo "\033[1mImpact: \033[0m".$chosenVuln['impact']."\n";
echo "\033[1mRemediation:\033[0m ".$chosenVuln['remediation']."\n";
echo "\033[1mTags:\033[0m ".$chosenVuln['tags']."\n";
if($filter->getParam("path") == true){
$resultsFolder = add_ending_slash($filter->getParam("path"));
if(file_exists($resultsFolder)){
if(!file_exists($resultsFolder.basename($path))){
system("cp $path $resultsFolder".basename($path));
echo "\n\033[0;92m\033[1m".basename($path)." copied to $resultsFolder\033[0m\n";
}else{
echo "\n\033[0;31m\033[1m".basename($path)." already in $resultsFolder\033[0m\n";
}
}else{
echo "\n\033[0;31m\033[1m$resultsFolder does not exist!\033[0m\n";
}
}
}
function recursiveScan($dir) {
global $vuln;
$tree = glob(rtrim($dir, '/') . '/*');
if (is_array($tree)) {
foreach($tree as $file) {
if (is_dir($file)) {
#echo "dir - ".$file . "\n";
recursiveScan($file);
} elseif (is_file($file)) {
//echo $file . "\n";
//$vuln[] = "test";
if(substr($file, -5) == '.json'){
$vuln[$file] = json_decode(file_get_contents($file), true);
}
}
}
}
return $vuln;
}
function add_ending_slash( $path ){
if ( substr( $path, ( 0 - ( int ) strlen( "/" ) ) ) !== "/" ){ $path .= "/"; }
return $path;
}
?>
root