Newer
Older
DirtyScripts / ReportToolz / pt2json.php
root on 16 Dec 2019 3 KB Tidying
  1. #!/usr/bin/php
  2. <?php
  3. //error_reporting(0);
  4.  
  5. /***
  6. * Main program - Don't edit below
  7. */
  8. echo " ______ _ \n _ (_____ \ (_) \n ____ _| |_ ____) ) _ ___ ___ ____ \n| _ (_ _)/ ____/ | |/___)/ _ \| _ \ \n| |_| || |_| (_____ | |___ | |_| | | | |\n| __/ \__)_______)| (___/ \___/|_| |_|\n|_| (__/ \n\n";
  9.  
  10. foreach (glob("classes/*.php") as $filename)
  11. include $filename;
  12.  
  13. $definitions = new \Clapp\CommandLineArgumentDefinition(
  14. array(
  15. "help|h" => "Shows help message",
  16. "doc|d=s" => "/path/to/doc.ptreport to use",
  17. "no-save|n" => "Output only - Don't save JSON files",
  18. )
  19. );
  20.  
  21. $filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
  22.  
  23. if ($filter->getParam('h') === true || $argc < 2) {
  24. echo "Convert ptreport reprep output file to JSON files for repgen.php\n\n";
  25. fwrite(STDERR, $definitions->getUsage());
  26. exit(0);
  27. }
  28.  
  29. // see if doc exists
  30. if ($filter->getParam("doc") == false)
  31. die("[-] no doc set\n");
  32.  
  33. echo "[!] doc: ".$filter->getParam("doc")."\n";
  34. if(!file_exists($filter->getParam("doc")))
  35. die("[-] no such file! \n");
  36.  
  37.  
  38. $xmlfile = file_get_contents($filter->getParam("doc"));
  39. $ob= simplexml_load_string($xmlfile);
  40. $json = json_encode($ob);
  41. $configData = json_decode($json, true);
  42.  
  43. $resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";
  44.  
  45. foreach ($configData['report_sections']['section']['subsection'] as $key => $value) {
  46. # code...
  47. //echo $value['title']."\n";
  48. //print_r($value);
  49. foreach($value['finding'] as $key2 => $value2){
  50. if($filter->getParam('no-save') === true){
  51. echo "[+] issue: ".$value2['@attributes']['title']."\n";
  52. }else{
  53. echo "[+] creating json for: ".$value2['@attributes']['title']."\n";
  54. }
  55. $vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $value2['@attributes']['title']) );
  56.  
  57. if(isset($value2['cvss_vector']) && @strpos($value2['cvss_vector'], 'CVSS:3.0') === 0 ){
  58. $cvss3_score = $value2['cvss'];
  59. $cvss3_vector = $value2['cvss_vector'];
  60. }else{
  61. $cvss3_score = "";
  62. $cvss3_vector = "";
  63. }
  64.  
  65. $techD = "";
  66. foreach ($value2['section'] as $key => $value) {
  67. # code...
  68. $techD .= @base64_decode($value)."\n";
  69. }
  70. $cvssS = (isset($value2['cvss']))? $value2['cvss'] : "";
  71.  
  72. $sev = $value2['severity'];
  73. $sev = str_replace("serious", "Serious", $sev);
  74. $sev = str_replace("high", "High", $sev);
  75. $sev = str_replace("medium", "Medium", $sev);
  76. $sev = str_replace("low", "Low", $sev);
  77. $sev = str_replace("info", "Informational", $sev);
  78.  
  79. $jsonFile = '{
  80. "title":'.json_encode($value2['@attributes']['title']).',
  81. "category":"",
  82. "remediation":'.json_encode(base64_decode($value2['remediation'])).',
  83. "cvss_score":'.json_encode($cvssS).',
  84. "risk":'.json_encode($sev).',
  85. "impact":"High/Medium/Low",
  86. "description":'.json_encode(base64_decode($value2['summary_description'])).',
  87. "tech_description":'.json_encode($techD).',
  88. "solution":'.json_encode(base64_decode($value2['summary_fix'])).',
  89. "cvss2_score":"",
  90. "cvss2_vector":"",
  91. "cvss3_score":'.json_encode($cvss3_score).',
  92. "cvss3_vector":'.json_encode($cvss3_vector).',
  93. "owasp":"",
  94. "tags":'.json_encode(base64_decode($value2['vuln_tags'])).',
  95. "to_check":"checked"}';
  96.  
  97. if($filter->getParam('no-save') === false){
  98. file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile);
  99. }
  100. }
  101. }
Buy Me A Coffee