#!/usr/bin/php <?php //error_reporting(0); /*** * Main program - Don't edit below */ echo " ______ _ \n _ (_____ \ (_) \n ____ _| |_ ____) ) _ ___ ___ ____ \n| _ (_ _)/ ____/ | |/___)/ _ \| _ \ \n| |_| || |_| (_____ | |___ | |_| | | | |\n| __/ \__)_______)| (___/ \___/|_| |_|\n|_| (__/ \n\n"; foreach (glob("classes/*.php") as $filename) include $filename; $definitions = new \Clapp\CommandLineArgumentDefinition( array( "help|h" => "Shows help message", "doc|d=s" => "/path/to/doc.ptreport to use", "no-save|n" => "Output only - Don't save JSON files", ) ); $filter = new \Clapp\CommandArgumentFilter($definitions, $argv); if ($filter->getParam('h') === true || $argc < 2) { echo "Convert ptreport reprep output file to JSON files for repgen.php\n\n"; fwrite(STDERR, $definitions->getUsage()); exit(0); } // see if doc exists if ($filter->getParam("doc") == false) die("[-] no doc set\n"); echo "[!] doc: ".$filter->getParam("doc")."\n"; if(!file_exists($filter->getParam("doc"))) die("[-] no such file! \n"); $xmlfile = file_get_contents($filter->getParam("doc")); $ob= simplexml_load_string($xmlfile); $json = json_encode($ob); $configData = json_decode($json, true); $resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/"; if( isset($configData['report_sections']['section'][0]['subsection'][0]['@attributes']['title'])){ // multiple headings foreach( $configData['report_sections']['section'] as $key1 => $val1 ){ //echo $key1." - ".$val1."\n"; foreach ($val1['subsection'] as $key => $value) { if(isset($value['finding'] )){ foreach($value['finding'] as $key2 => $value2){ if(isset($value2['@attributes']['title']) && isset($value2['summary_description'])){ if($filter->getParam('no-save') === true){ echo "[+] issue: ".$value2['@attributes']['title']."\n"; }else{ echo "[+] creating json for: ".$value2['@attributes']['title']."\n"; } $vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $value2['@attributes']['title']) ); if(isset($value2['cvss_vector']) && @strpos($value2['cvss_vector'], 'CVSS:3.0') === 0 ){ $cvss3_score = $value2['cvss']; $cvss3_vector = $value2['cvss_vector']; }else{ $cvss3_score = ""; $cvss3_vector = ""; } $techD = ""; foreach ($value2['section'] as $key => $value) { # code... $techD .= @base64_decode($value)."\n"; } $cvssS = (isset($value2['cvss']))? $value2['cvss'] : ""; $sev = $value2['severity']; $sev = str_replace("serious", "Serious", $sev); $sev = str_replace("high", "High", $sev); $sev = str_replace("medium", "Medium", $sev); $sev = str_replace("low", "Low", $sev); $sev = str_replace("info", "Info", $sev); $jsonFile = '{ "title":'.json_encode($value2['@attributes']['title']).', "category":"", "remediation":'.json_encode(base64_decode($value2['remediation'])).', "cvss_score":'.json_encode($cvssS).', "risk":'.json_encode($sev).', "impact":"High/Medium/Low", "description":'.json_encode(base64_decode($value2['summary_description'])).', "tech_description":'.json_encode($techD).', "solution":'.json_encode(base64_decode($value2['summary_fix'])).', "cvss2_score":"", "cvss2_vector":"", "cvss3_score":'.json_encode($cvss3_score).', "cvss3_vector":'.json_encode($cvss3_vector).', "owasp":"", "tags":'.json_encode(base64_decode($value2['vuln_tags'])).', "to_check":"checked"}'; if($filter->getParam('no-save') === false){ file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile); } } } } } } // single heading }else{ foreach ($configData['report_sections']['section']['subsection'] as $key => $value) { # code... //echo $value['title']."\n"; //print_r($value); foreach($value['finding'] as $key2 => $value2){ if($filter->getParam('no-save') === true){ echo "[+] issue: ".$value2['@attributes']['title']."\n"; }else{ echo "[+] creating json for: ".$value2['@attributes']['title']."\n"; } $vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $value2['@attributes']['title']) ); if(isset($value2['cvss_vector']) && @strpos($value2['cvss_vector'], 'CVSS:3.0') === 0 ){ $cvss3_score = $value2['cvss']; $cvss3_vector = $value2['cvss_vector']; }else{ $cvss3_score = ""; $cvss3_vector = ""; } $techD = ""; foreach ($value2['section'] as $key => $value) { # code... $techD .= @base64_decode($value)."\n"; } $cvssS = (isset($value2['cvss']))? $value2['cvss'] : ""; $sev = $value2['severity']; $sev = str_replace("serious", "Serious", $sev); $sev = str_replace("high", "High", $sev); $sev = str_replace("medium", "Medium", $sev); $sev = str_replace("low", "Low", $sev); $sev = str_replace("info", "Info", $sev); $jsonFile = '{ "title":'.json_encode($value2['@attributes']['title']).', "category":"", "remediation":'.json_encode(base64_decode($value2['remediation'])).', "cvss_score":'.json_encode($cvssS).', "risk":'.json_encode($sev).', "impact":"High/Medium/Low", "description":'.json_encode(base64_decode($value2['summary_description'])).', "tech_description":'.json_encode($techD).', "solution":'.json_encode(base64_decode($value2['summary_fix'])).', "cvss2_score":"", "cvss2_vector":"", "cvss3_score":'.json_encode($cvss3_score).', "cvss3_vector":'.json_encode($cvss3_vector).', "owasp":"", "tags":'.json_encode(base64_decode($value2['vuln_tags'])).', "to_check":"checked"}'; if($filter->getParam('no-save') === false){ file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile); } } } }