Fork: 0
0xRoM / DirtyScripts
Transfer to URL with SHA Find file
Newer
Older
DirtyScripts / ReportToolz / floss.php
root on 13 May 2020 4 KB improved getDirContents()
Raw Blame History 
  1. #!/usr/bin/php
  2. <?php
  3. //error_reporting(0);
  4. include('config.php');
  5.  
  6. /***
  7.  * Main program - Don't edit below
  8.  */
  9. echo "·▄▄▄▄▄▌        .▄▄ · .▄▄ · \n▐▄▄·██•  ▪     ▐█ ▀. ▐█ ▀. \n██▪ ██▪   ▄█▀▄ ▄▀▀▀█▄▄▀▀▀█▄\n██▌.▐█▌▐▌▐█▌.▐▌▐█▄▪▐█▐█▄▪▐█\n▀▀▀ .▀▀▀  ▀█▄▀▪ ▀▀▀▀  ▀▀▀▀ \n";
  10.  
  11. foreach (glob("classes/*.php") as $filename)
  12.     include $filename;
  13.  
  14. $definitions = new \Clapp\CommandLineArgumentDefinition(
  15.     array(
  16.         "help|h"            => "Shows help message",
  17.         "path|p=s"          => "/path/to/jsons/"
  18.     )
  19. );
  20.  
  21. $filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
  22.  
  23. if ($filter->getParam('h') === true || $argc < 2) {
  24. 	echo "The JSON prettyfier\n\n";
  25.     fwrite(STDERR, $definitions->getUsage());
  26.     exit(0);
  27. } 
  28.  
  29. if(!file_exists($vulnDB."/floss.csv"))
  30.     die("[!] floss.csv not found, is config.php correct?\n");
  31.  
  32. // create the CSV array
  33. $csv = array();
  34. $file = fopen($vulnDB."/floss.csv", 'r');
  35. while (($result = fgetcsv($file)) !== false){
  36.     $csv[] = $result;
  37. }
  38. fclose($file);
  39.  
  40. // see if doc exists 
  41. if ($filter->getParam("path") == false)
  42. 	die("[-] no path set\n");
  43.  
  44. // load vdb vulns
  45. $vdbVulns = getDirContents($vulnDB, '/\.json$/');
  46. foreach($vdbVulns as $h => $i){ // remove begining of vdb path (keeps clean)
  47.     $vdbVulns[$h] = str_replace($vulnDB, "", $i);
  48. }
  49. echo "VDB: ".sizeof($vdbVulns).", ";
  50.  
  51. // get all vulns
  52. $vuln = array();
  53. $files = glob($filter->getParam("path")."*.json");
  54. foreach($files as $finding){
  55.     $vuln[]['orig'] = str_replace(".json", "", str_replace($filter->getParam("path"), "", $finding));
  56. }
  57.  
  58. echo "Vulns: ".sizeof($vuln)."\n";
  59.  
  60. // check for existing
  61. foreach($vuln as $key => $finding){
  62.     foreach($vdbVulns as $issue){
  63.         $title = substr($issue, strrpos($issue, '/') + 1);
  64.         if($finding['orig'].".json" == $title){
  65.             $vuln[$key]['new'] = $issue;
  66.             //echo $finding['orig']." -> ".$issue."\n"; // DEBUG
  67.         }
  68.     }
  69. }
  70.  
  71. // check for pattern match in floss.csv
  72. foreach($csv as $finding){
  73.     foreach($vuln as $key => $issue){
  74.         if(fnmatch($finding[0], $issue['orig'])){
  75.             $vuln[$key]['new'] = $finding[1];
  76.             //echo $issue['orig']." -> ".$finding[1]."\n"; // DEBUG
  77.         }
  78.     }
  79. }
  80.  
  81. //print_r($vuln); // DEBUG
  82.  
  83. $flossFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/flossed";
  84. if(!file_exists($flossFolder."/")){
  85.     mkdir($flossFolder."/");
  86.     echo "[+] created directory $flossFolder/\n";
  87. }
  88. $checkFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/to_check";
  89. if(!file_exists($checkFolder."/")){
  90.     mkdir($checkFolder."/");
  91.     echo "[+] created directory $checkFolder/\n";
  92. }
  93.  
  94. $flossed = 0;
  95. $flossArr = array();
  96. $fp = fopen($filter->getParam("path")."flossed/".date("d-m-Y_H-i-s").".log", "wb");
  97. foreach($vuln as $key => $finding){
  98.     if(isset($finding['new'])){
  99.  
  100.         $content = $finding['orig']." -> ".$finding['new']."\n"; // log changes
  101.         fwrite($fp,$content);
  102.  
  103.         rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."flossed/".$finding['orig'].".json");
  104.         if($finding['new'] != "-del-"){
  105.             $title = substr($finding['new'], strrpos($finding['new'], '/') + 1);
  106.             copy($vulnDB.$finding['new'], $filter->getParam("path").$title);
  107.             $flossArr[] = $finding['new'];
  108.         }
  109.         $flossed++;
  110.     }else{
  111.         rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."to_check/".$finding['orig'].".json");
  112.     }
  113. }
  114. fclose($fp);
  115.  
  116. $flossedInto = sizeof(array_unique($flossArr));
  117. $left = sizeof($vuln)-$flossed;
  118. echo "Flossed: ".$flossed." -> ".$flossedInto."\n";
  119. echo "To Check: ".$left."\n";
  120. echo "________________________________________________
  121. |                                               |
  122. |Please (on VDB) either add a rule to floss.csv |
  123. |or create a new vulnerability for each .json   |
  124. |in /to_check to help the team and make         |
  125. |reporting easier for everyone!                 |
  126. |_______________________________________________|\n";
  127.  
  128.  
  129. function getDirContents($dir, $filter = '', &$results = array()) {
  130.     $files = scandir($dir);
  131.  
  132.     foreach($files as $key => $value){
  133.         $path = realpath($dir.DIRECTORY_SEPARATOR.$value); 
  134.  
  135.         if(!is_dir($path)) {
  136.             if(empty($filter) || preg_match($filter, $path)) $results[] = $path;
  137.         } elseif($value != "." && $value != "..") {
  138.             getDirContents($path, $filter, $results);
  139.         }
  140.     }
  141.  
  142.     return $results;
  143. }
Buy Me A Coffee