#!/usr/bin/php <?php //error_reporting(0); include('config.php'); /*** * Main program - Don't edit below */ #echo " +-+-+-+-+-+-+\n |V|u|l|n|D|B|\n +-+-+-+-+-+-+\n\n"; foreach (glob($vdbPath."classes/*.php") as $filename) include $filename; $definitions = new \Clapp\CommandLineArgumentDefinition( array( "help|h" => "Shows help message", "search|s=s" => "search term", "id|i=i" => "id of vuln to view details or copy (requires -p)", "path|p=s" => "path to copy vuln to (requires -i)", ) ); $filter = new \Clapp\CommandArgumentFilter($definitions, $argv); if ($filter->getParam('h') === true || $argc < 2) { fwrite(STDERR, $definitions->getUsage()); exit(0); } // get all vulns $vuln = recursiveScan($vulnDB); $i = 1; foreach($vuln as $key => $value){ $vuln[$key]['count'] = $i; $i++; } // search for search term if($filter->getParam("search") == true){ #echo "[!] Searching: ".$filter->getParam("search")."\n"; echo" Ref | Title | Description -------|--------------------------------------------------|----------------------------------------------------------------\n"; foreach ($vuln as $key => $value) { $flag = 0; if (strpos(strtolower($vuln[$key]['title']), strtolower($filter->getParam("search"))) == true){ $flag = 1; } if (strpos(strtolower($vuln[$key]['description']), strtolower($filter->getParam("search"))) == true){ $flag = 1; } if (strpos(strtolower($vuln[$key]['tech_description']), strtolower($filter->getParam("search"))) == true){ $flag = 1; } if (strpos(strtolower($vuln[$key]['impact']), strtolower($filter->getParam("search"))) == true){ $flag = 1; } if (strpos(strtolower($vuln[$key]['solution']), strtolower($filter->getParam("search"))) == true){ $flag = 1; } if (strpos(strtolower($vuln[$key]['tags']), strtolower($filter->getParam("search"))) == true){ $flag = 1; } if($flag == 1){ // found search term $ref = str_pad($vuln[$key]['count'], 7); $title = str_pad($vuln[$key]['title'], 50); $desc = trim(preg_replace('/\s\s+/', ' ', $vuln[$key]['tech_description'])); $desc = str_pad( $desc, 61); echo substr($ref, 0, 7); echo "|"; echo substr($title, 0, 50); echo "|"; echo substr($desc, 0, 61); echo "\n"; } } echo "\n"; } if($filter->getParam("id") == true){ $id = $filter->getParam("id"); foreach ($vuln as $key => $value) { if($vuln[$key]['count'] == $id){ $chosenVuln = $vuln[$key]; $path = $key; break; } } echo "\033[1m\033[4m".$chosenVuln['count']." - ".$chosenVuln['title']."\033[0m\n"; echo "\033[1mCVSS:\033[0m ".$chosenVuln['cvss_score']." "; echo "\033[1mRisk:\033[0m ".$chosenVuln['risk']." "; echo "\033[1mOWASP:\033[0m ".$chosenVuln['owasp']."\n"; echo "\033[1mCVSS2:\033[0m ".$chosenVuln['cvss2_score']." ".$chosenVuln['cvss2_vector']."\n"; echo "\033[1mCVSS3:\033[0m ".$chosenVuln['cvss3_score']." ".$chosenVuln['cvss3_vector']."\n"; echo "\033[1mDescription:\033[0m ".$chosenVuln['description']."\n"; echo "\033[1mTechnical Description:\033[0m ".$chosenVuln['tech_description']."\n"; echo "\033[1mSoluton:\033[0m ".$chosenVuln['solution']."\n"; echo "\033[1mImpact: \033[0m".$chosenVuln['impact']."\n"; echo "\033[1mRemediation:\033[0m ".$chosenVuln['remediation']."\n"; echo "\033[1mTags:\033[0m ".$chosenVuln['tags']."\n"; if($filter->getParam("path") == true){ $resultsFolder = add_ending_slash($filter->getParam("path")); if(file_exists($resultsFolder)){ if(!file_exists($resultsFolder.basename($path))){ system("cp $path $resultsFolder".basename($path)); echo "\n\033[0;92m\033[1m".basename($path)." copied to $resultsFolder\033[0m\n"; }else{ echo "\n\033[0;31m\033[1m".basename($path)." already in $resultsFolder\033[0m\n"; } }else{ echo "\n\033[0;31m\033[1m$resultsFolder does not exist!\033[0m\n"; } } } function recursiveScan($dir) { global $vuln; $tree = glob(rtrim($dir, '/') . '/*'); if (is_array($tree)) { foreach($tree as $file) { if (is_dir($file)) { #echo "dir - ".$file . "\n"; recursiveScan($file); } elseif (is_file($file)) { //echo $file . "\n"; //$vuln[] = "test"; if(substr($file, -5) == '.json'){ $vuln[$file] = json_decode(file_get_contents($file), true); } } } } return $vuln; } function add_ending_slash( $path ){ if ( substr( $path, ( 0 - ( int ) strlen( "/" ) ) ) !== "/" ){ $path .= "/"; } return $path; } ?>