Fork: 0
0xRoM / DirtyScripts
Transfer to URL with SHA Find file
Newer
Older
DirtyScripts / ReportToolz / repgen.php
root on 14 Dec 2019 7 KB ptreport support
Raw Blame History 
  1. #!/usr/bin/php
  2. <?php
  3. //error_reporting(0);
  4.  
  5. /***
  6.  * Configuration options
  7.  */
  8. $template = "templates/odt/blank_template_v0.3.odt";
  9. $CHECKtemplate = "templates/odt/blank_template_check_v0.3.odt";
  10. $vulnTemplate = "templates/odt/vuln_template.xml";
  11.  
  12. /***
  13.  * Main program - Don't edit below
  14.  */
  15. echo "_____ _____ _____ Gen\n||_// ||==  ||_// \n|| \\  ||___ ||    \n\n";
  16.  
  17. foreach (glob("classes/*.php") as $filename)
  18.     include $filename;
  19.  
  20. $definitions = new \Clapp\CommandLineArgumentDefinition(
  21.     array(
  22.         "help|h"            => "Shows help message",
  23.         "path|p=s"          => "/path/to/configs/", // should contain config.json and all vuln.json files
  24.     )
  25. );
  26.  
  27. $filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
  28.  
  29. if ($filter->getParam('h') === true || $argc < 2) {
  30.     fwrite(STDERR, $definitions->getUsage());
  31.     exit(0);
  32. } 
  33.  
  34. // see if doc exists 
  35. if ($filter->getParam("path") == false)
  36. 	die("[-] no path set\n");
  37.  
  38. echo "[!] path: ".$filter->getParam("path")."\n";
  39. if(!is_dir($filter->getParam("path")))
  40. 	die("[-] no such folder! \n");
  41.  
  42. //get config file
  43. $config = json_decode(file_get_contents($filter->getParam("path")."config.conf")); 
  44. if(isset($config->checkRef) && trim($config->checkRef) <> ""){
  45.     $template = $CHECKtemplate; // if checkRefset use CHECK template
  46.     echo "[+] using CHECK template\n";
  47. }
  48.  
  49. // extract doc and get contents
  50. $rand = uniqid();
  51. mkdir("/tmp/$rand");
  52. if(unzipFolder($template, "/tmp/$rand/")) {
  53.     $source = file_get_contents("/tmp/$rand/content.xml");
  54.     echo "[+] doc extracted\n";
  55. } else {
  56. 	die("[-] unable to extract doc\n");
  57. }
  58. 	
  59.  
  60.  
  61. // add config into template
  62. $source = file_get_contents("/tmp/$rand/content.xml");
  63. foreach ($config as $key => $value) {
  64. 	$source = str_replace('{'.$key.'}', $value, $source);
  65. }
  66. file_put_contents("/tmp/$rand/content.xml", $source);
  67. echo "[+] added config values\n";
  68.  
  69. // get all vulns
  70. $vuln = array();
  71. $files = glob($filter->getParam("path")."*.json");
  72. foreach($files as $finding){
  73.     $vuln[] = $found = json_decode(file_get_contents($finding), true);
  74. }
  75.  
  76. echo "[+] sorting vulns by CVSS\n";
  77. usort($vuln, 'order_by_cvss');
  78. function order_by_cvss($a, $b) {
  79.     return $b['cvss_score'] > $a['cvss_score'] ? 1 : -1;
  80. }
  81.  
  82. if(empty($vuln))
  83.     echo "[-] no vulns found!\n";
  84.  
  85. // create vulns for odf
  86. $templateOrig = file_get_contents($vulnTemplate);
  87. $Serious = $High = $Medium = $Low = $Informational = ""; 
  88. foreach ($vuln as $singlevuln) {
  89. 	$templateSource = $templateOrig;
  90. 	$togo = $singlevuln['risk'];
  91. 	foreach ($singlevuln as $key => $value){
  92.         $value = str_replace("<", "&lt;", $value);
  93.         $value = str_replace(">", "&gt;", $value);
  94. 		$value = str_replace("\n", "</text:p><text:p text:style-name=\"Text_20_body\">", $value);
  95. 		$templateSource = str_replace('{'.$key.'}', $value, $templateSource);
  96. 	}
  97. 	$$togo .= $templateSource;
  98. 	echo "[+] added $togo: ".$singlevuln['title']."\n";
  99. }
  100.  
  101. // squash vulns into one bbig xml
  102. $value = "";
  103. if(!empty($Serious)){
  104. 	$value .= '<text:list  text:continue-numbering="true" text:style-name="Outline">
  105.     <text:list-item>
  106.         <text:list>
  107.             <text:list-item>
  108.                 <text:h text:outline-level="2">Serious Risk Vulnerabilities</text:h>
  109.             </text:list-item>
  110.         </text:list>
  111.     </text:list-item>
  112. </text:list>';
  113. 	$value .= $Serious;
  114. }
  115.  
  116. if(!empty($High)){
  117. 	$value .= '<text:list text:continue-numbering="true" text:style-name="Outline">
  118.     <text:list-item>
  119.         <text:list>
  120.             <text:list-item>
  121.                 <text:h text:outline-level="2">High Risk Vulnerabilities</text:h>
  122.             </text:list-item>
  123.         </text:list>
  124.     </text:list-item>
  125. </text:list>';
  126. 	$value .= $High;
  127. }
  128. if(!empty($Medium)){
  129. 	$value .= '<text:list text:continue-numbering="true" text:style-name="Outline">
  130.     <text:list-item>
  131.         <text:list>
  132.             <text:list-item>
  133.                 <text:h text:outline-level="2">Medium Risk Vulnerabilities</text:h>
  134.             </text:list-item>
  135.         </text:list>
  136.     </text:list-item>
  137. </text:list>';
  138. 	$value .= $Medium;
  139. }
  140. if(!empty($Low)){
  141. 	$value .= '<text:list text:continue-numbering="true" text:style-name="Outline">
  142.     <text:list-item>
  143.         <text:list>
  144.             <text:list-item>
  145.                 <text:h text:outline-level="2">Low Risk Vulnerabilities</text:h>
  146.             </text:list-item>
  147.         </text:list>
  148.     </text:list-item>
  149. </text:list>';
  150. 	$value .= $Low;
  151. }
  152. if(!empty($Informational)){
  153.     $value .= '<text:list text:continue-numbering="true" text:style-name="Outline">
  154.     <text:list-item>
  155.         <text:list>
  156.             <text:list-item>
  157.                 <text:h text:outline-level="2">Informational Risk Vulnerabilities</text:h>
  158.             </text:list-item>
  159.         </text:list>
  160.     </text:list-item>
  161. </text:list>';
  162.     $value .= $Informational;
  163. }
  164. // add to template
  165. $source = file_get_contents("/tmp/$rand/content.xml");
  166. $source = str_replace('{vuln}', $value, $source);
  167. file_put_contents("/tmp/$rand/content.xml", $source);
  168.  
  169. // create report and tidying
  170. zipFolder("/tmp/$rand", $filter->getParam("path")."repgen.odt");
  171. echo "[=] generated report: ".$filter->getParam("path")."repgen.odt\n";
  172. delTree("/tmp/$rand");
  173. echo "[+] temp files removed\n";
  174.  
  175. function unzipFolder($zipInputFile, $outputFolder) {
  176.     $zip = new ZipArchive;
  177.     $res = $zip->open($zipInputFile);
  178.     if ($res === true) {
  179.         $zip->extractTo($outputFolder);
  180.         $zip->close();
  181.         return true;
  182.     }
  183.     else {
  184.         return false;
  185.     }
  186. }
  187.  
  188. function XML2Array(SimpleXMLElement $parent){
  189.     $array = array();
  190.  
  191.     foreach ($parent as $name => $element) {
  192.         ($node = & $array[$name])
  193.             && (1 === count($node) ? $node = array($node) : 1)
  194.             && $node = & $node[];
  195.  
  196.         $node = $element->count() ? XML2Array($element) : trim($element);
  197.     }
  198.  
  199.     return $array;
  200. }
  201.  
  202. function delTree($dir){ 
  203.     $files = array_diff(scandir($dir), array('.', '..')); 
  204.  
  205.     foreach ($files as $file) { 
  206.         (is_dir("$dir/$file")) ? delTree("$dir/$file") : unlink("$dir/$file"); 
  207.     }
  208.  
  209.     return rmdir($dir); 
  210. } 
  211.  
  212. function zipFolder($inputFolder, $zipOutputFile) {
  213.     if (!extension_loaded('zip') || !file_exists($inputFolder)) {
  214.         return false;
  215.     }
  216.  
  217.     $zip = new ZipArchive();
  218.     if (!$zip->open($zipOutputFile, ZIPARCHIVE::CREATE)) {
  219.         return false;
  220.     }
  221.  
  222.     $inputFolder = str_replace('\\', "/", realpath($inputFolder));
  223.  
  224.     if (is_dir($inputFolder) === true) {
  225.         $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($inputFolder), RecursiveIteratorIterator::SELF_FIRST);
  226.  
  227.         foreach ($files as $file) {
  228.             $file = str_replace('\\', "/", $file);
  229.  
  230.             if (in_array(substr($file, strrpos($file, '/')+1), array('.', '..'))) {
  231.                 continue;
  232.             }
  233.  
  234.             $file = realpath($file);
  235.  
  236.             if (is_dir($file) === true) {
  237.                 $dirName = str_replace($inputFolder."/", '', $file."/");
  238.                 $zip->addEmptyDir($dirName);
  239.             }
  240.             else if (is_file($file) === true) {
  241.                 $fileName = str_replace($inputFolder."/", '', $file);
  242.                 $zip->addFromString($fileName, file_get_contents($file));
  243.             }
  244.         }
  245.     }
  246.     else if (is_file($inputFolder) === true) {
  247.         $zip->addFromString(basename($inputFolder), file_get_contents($inputFolder));
  248.     }
  249.  
  250.     return $zip->close();
  251. }
  252.  
  253. ?>
Buy Me A Coffee