Fork: 0
0xRoM / DirtyScripts
Transfer to URL with SHA Find file
Newer
Older
DirtyScripts / ReportToolz / ns2json.php
root on 27 Feb 2020 4 KB why so serious?!
Raw Blame History 
  1. #!/usr/bin/php
  2. <?php
  3. //error_reporting(0);
  4.  
  5. /***
  6.  * Main program - Don't edit below
  7.  */
  8. echo "            ______   _                  \n           (_____ \ (_)                 \n ____   ___  ____) ) _  ___  ___  ____  \n|  _ \ /___)/ ____/ | |/___)/ _ \|  _ \ \n| | | |___ | (_____ | |___ | |_| | | | |\n|_| |_(___/|_______)| (___/ \___/|_| |_|\n                  (__/     \n\n";
  9.  
  10. foreach (glob("classes/*.php") as $filename)
  11.     include $filename;
  12.  
  13. $definitions = new \Clapp\CommandLineArgumentDefinition(
  14.     array(
  15.         "help|h"            => "Shows help message",
  16.         "doc|d=s"           => "/path/to/doc.nessus to use",
  17.         "no-save|n"           => "Output only - Don't save JSON files",
  18.         "no-info|i"           => "Don't save \"informational\" issues (recommended)",
  19.     )
  20. );
  21.  
  22. $filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
  23.  
  24. if ($filter->getParam('h') === true || $argc < 2) {
  25. 	echo "Convert ptreport reprep output file to JSON files for repgen.php\n\n";
  26.     fwrite(STDERR, $definitions->getUsage());
  27.     exit(0);
  28. } 
  29.  
  30. // see if doc exists 
  31. if ($filter->getParam("doc") == false)
  32. 	die("[-] no doc set\n");
  33.  
  34. echo "[!] doc: ".$filter->getParam("doc")."\n";
  35. if(!file_exists($filter->getParam("doc")))
  36. 	die("[-] no such file! \n"); 
  37.  
  38.  
  39. $xmlfile = file_get_contents($filter->getParam("doc"));
  40. $nessus= simplexml_load_file($filter->getParam("doc"));
  41.  
  42. $resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";
  43. $vulnarray = array();
  44.  
  45. foreach ($nessus->Report[0]->ReportHost as $host) {
  46.     foreach ($host->ReportItem as $bug) {
  47.         //echo $bug->plugin_name ."\n";
  48.         $output = NULL;
  49.  
  50.         //mosty solen from: https://github.com/adamziaja/php/blob/master/nessus/nessus.php
  51.         $vulnarray[(string)$bug->plugin_name]['risk'] = (string)$bug->risk_factor;
  52.         if($bug->cvss_base_score <> ""){ $vulnarray[(string)$bug->plugin_name]['cvss_score'] = (string)$bug->cvss_base_score; }
  53.         if($bug->cvss_vector <> ""){ $vulnarray[(string)$bug->plugin_name]['cvss_vector'] = (string)$bug->cvss_vector; }
  54.         if($bug->cvss3_base_score <> ""){ $vulnarray[(string)$bug->plugin_name]['cvss3_score'] = (string)$bug->cvss3_base_score; }
  55.         if($bug->cvss3_vector <> ""){ $vulnarray[(string)$bug->plugin_name]['cvss3_vector'] = (string)$bug->cvss3_vector; }
  56.         if($bug->synopsis <> ""){ $vulnarray[(string)$bug->plugin_name]['description'] = (string)$bug->synopsis; }
  57.         if($bug->description <> ""){ $vulnarray[(string)$bug->plugin_name]['tech_description'] = (string)$bug->description; }
  58.         if($bug->solution <> ""){ $vulnarray[(string)$bug->plugin_name]['solution'] = (string)$bug->solution; }
  59.  
  60.     }
  61. }
  62.  
  63. foreach ($vulnarray as $key => $value) {
  64.  
  65.     $cvssS = "";
  66.     if(isset($value['cvss_score']) && $value['cvss_score'] <> "")
  67.         $cvssS = $value['cvss_score'];
  68.     if(isset($value['cvss3_score']) && $value['cvss3_score'] <> "")
  69.         $cvssS = $value['cvss3_score'];
  70.  
  71.     if ($value['risk'] == 'None') { $value['risk'] = "Info"; }
  72.  
  73.     $vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( @$key ) );
  74.     $jsonFile = '{
  75.         "title":'.json_encode(@$key).',
  76.         "remediation":"",
  77.         "cvss_score":'.json_encode($cvssS).',
  78.         "risk":'.json_encode(@$value['risk']).',
  79.         "impact":"High/Medium/Low",
  80.         "description":'.json_encode(@$value['description']).',
  81.         "tech_description":'.json_encode(@$value['tech_description']).',
  82.         "solution":'.json_encode(@$value['solution']).',
  83.         "cvss2_score":'.json_encode(@$value['cvss_score']).',
  84.         "cvss2_vector":'.json_encode(@$value['cvss_vector']).',
  85.         "cvss3_score":'.json_encode(@$value['cvss3_score']).',
  86.         "cvss3_vector":'.json_encode(@$value['cvss3_vector']).',
  87.         "owasp":"",
  88.         "tags":"",
  89.         "to_check":"checked"}';
  90.  
  91.         if($filter->getParam('no-save') === false){
  92.             file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile);
  93.             if($filter->getParam('no-info') === true && $value['risk'] == 'Info')
  94.                 unlink($resultsFolder.$vulnFileName.".json");
  95.         }
  96.  
  97.     $prefix = ($filter->getParam('no-save') === true)? "[!] Issue:" : ($filter->getParam('no-info') === true && $value['risk'] == 'Info')? "[-] Issue:" : "[+] Saving:";
  98.     echo "$prefix $key\n";
  99.     /*if ((string) $value['risk'] != 'None') {
  100.         echo "##########################\n";
  101.         echo "Title: ".@$key."\n";
  102.         echo "Impact: ".@$value['risk']."\n";
  103.         echo "CVSS2 score: ".@$value['cvss_score']." vector: ".@$value['cvss_vector']."\n";
  104.         echo "CVSS3 score: ".@$value['cvss3_score']." vector: ".@$value['cvss3_vector']."\n";
  105.         echo "Desc: ".@$value['description']."\n";
  106.         echo "Tech Desc: ".@$value['tech_description']."\n";
  107.         echo "Solution: ".@$value['solution']."\n";
  108.     }*/
  109. }
  110.  
  111. ?>
Buy Me A Coffee