Newer
Older
DirtyScripts / ReportToolz / repgen.php
root on 3 Dec 2019 6 KB mucho fixo
  1. #!/usr/bin/php
  2. <?php
  3. //error_reporting(0);
  4.  
  5. /***
  6. * Configuration options
  7. */
  8. $template = "templates/odt/blank_template_v0.3.odt";
  9. $CHECKtemplate = "templates/odt/blank_template_check_v0.2.odt";
  10. $vulnTemplate = "templates/odt/vuln_template.xml";
  11.  
  12. /***
  13. * Main program - Don't edit below
  14. */
  15. echo "_____ _____ _____ Gen\n||_// ||== ||_// \n|| \\ ||___ || \n\n";
  16.  
  17. foreach (glob("classes/*.php") as $filename)
  18. include $filename;
  19.  
  20. $definitions = new \Clapp\CommandLineArgumentDefinition(
  21. array(
  22. "help|h" => "Shows help message",
  23. "path|p=s" => "/path/to/configs/", // should contain config.json and all vuln.json files
  24. )
  25. );
  26.  
  27. $filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
  28.  
  29. if ($filter->getParam('h') === true || $argc < 2) {
  30. fwrite(STDERR, $definitions->getUsage());
  31. exit(0);
  32. }
  33.  
  34. // see if doc exists
  35. if ($filter->getParam("path") == false)
  36. die("[-] no path set\n");
  37.  
  38. echo "[!] path: ".$filter->getParam("path")."\n";
  39. if(!is_dir($filter->getParam("path")))
  40. die("[-] no such folder! \n");
  41.  
  42. //get config file
  43. $config = json_decode(file_get_contents($filter->getParam("path")."config.conf"));
  44. if(isset($config->checkRef) && trim($config->checkRef) <> ""){
  45. $template = $CHECKtemplate; // if checkRefset use CHECK template
  46. echo "[+] using CHECK template\n";
  47. }
  48.  
  49. // extract doc and get contents
  50. $rand = uniqid();
  51. mkdir("/tmp/$rand");
  52. if(unzipFolder($template, "/tmp/$rand/")) {
  53. $source = file_get_contents("/tmp/$rand/content.xml");
  54. echo "[+] doc extracted\n";
  55. } else {
  56. die("[-] unable to extract doc\n");
  57. }
  58.  
  59.  
  60. // add config into template
  61. $source = file_get_contents("/tmp/$rand/content.xml");
  62. foreach ($config as $key => $value) {
  63. $source = str_replace('{'.$key.'}', $value, $source);
  64. }
  65. file_put_contents("/tmp/$rand/content.xml", $source);
  66. echo "[+] added config values\n";
  67.  
  68. // get all vulns
  69. $vuln = array();
  70. $files = glob($filter->getParam("path")."*.json");
  71. foreach($files as $finding){
  72. $vuln[] = $found = json_decode(file_get_contents($finding), true);
  73. }
  74.  
  75. echo "[+] sorting vulns by CVSS\n";
  76. usort($vuln, 'order_by_cvss');
  77. function order_by_cvss($a, $b) {
  78. return $b['cvss_score'] > $a['cvss_score'] ? 1 : -1;
  79. }
  80.  
  81. if(empty($vuln))
  82. echo "[-] no vulns found!\n";
  83.  
  84. // create vulns for odf
  85. $templateOrig = file_get_contents($vulnTemplate);
  86. $Serious = $High = $Medium = $Low = "";
  87. foreach ($vuln as $singlevuln) {
  88. $templateSource = $templateOrig;
  89. $togo = $singlevuln['risk'];
  90. foreach ($singlevuln as $key => $value){
  91. $value = str_replace("\n", "</text:p><text:p text:style-name=\"Text_20_body\">", $value);
  92. $templateSource = str_replace('{'.$key.'}', $value, $templateSource);
  93. }
  94. $$togo .= $templateSource;
  95. echo "[+] added $togo: ".$singlevuln['title']."\n";
  96. }
  97.  
  98. // squash vulns into one bbig xml
  99. $value = "";
  100. if(!empty($Serious)){
  101. $value .= '<text:list text:continue-numbering="true" text:style-name="Outline">
  102. <text:list-item>
  103. <text:list>
  104. <text:list-item>
  105. <text:h text:outline-level="2">Serious Risk Vulnerabilities</text:h>
  106. </text:list-item>
  107. </text:list>
  108. </text:list-item>
  109. </text:list>';
  110. $value .= $Serious;
  111. }
  112.  
  113. if(!empty($High)){
  114. $value .= '<text:list text:continue-numbering="true" text:style-name="Outline">
  115. <text:list-item>
  116. <text:list>
  117. <text:list-item>
  118. <text:h text:outline-level="2">High Risk Vulnerabilities</text:h>
  119. </text:list-item>
  120. </text:list>
  121. </text:list-item>
  122. </text:list>';
  123. $value .= $High;
  124. }
  125. if(!empty($Medium)){
  126. $value .= '<text:list text:continue-numbering="true" text:style-name="Outline">
  127. <text:list-item>
  128. <text:list>
  129. <text:list-item>
  130. <text:h text:outline-level="2">Medium Risk Vulnerabilities</text:h>
  131. </text:list-item>
  132. </text:list>
  133. </text:list-item>
  134. </text:list>';
  135. $value .= $Medium;
  136. }
  137. if(!empty($Low)){
  138. $value .= '<text:list text:continue-numbering="true" text:style-name="Outline">
  139. <text:list-item>
  140. <text:list>
  141. <text:list-item>
  142. <text:h text:outline-level="2">Low Risk Vulnerabilities</text:h>
  143. </text:list-item>
  144. </text:list>
  145. </text:list-item>
  146. </text:list>';
  147. $value .= $Low;
  148. }
  149. // add to template
  150. $source = file_get_contents("/tmp/$rand/content.xml");
  151. $source = str_replace('{vuln}', $value, $source);
  152. file_put_contents("/tmp/$rand/content.xml", $source);
  153.  
  154. // create report and tidying
  155. zipFolder("/tmp/$rand", $filter->getParam("path")."repgen.odt");
  156. echo "[=] generated report: ".$filter->getParam("path")."repgen.odt\n";
  157. delTree("/tmp/$rand");
  158. echo "[+] temp files removed\n";
  159.  
  160. function unzipFolder($zipInputFile, $outputFolder) {
  161. $zip = new ZipArchive;
  162. $res = $zip->open($zipInputFile);
  163. if ($res === true) {
  164. $zip->extractTo($outputFolder);
  165. $zip->close();
  166. return true;
  167. }
  168. else {
  169. return false;
  170. }
  171. }
  172.  
  173. function XML2Array(SimpleXMLElement $parent){
  174. $array = array();
  175.  
  176. foreach ($parent as $name => $element) {
  177. ($node = & $array[$name])
  178. && (1 === count($node) ? $node = array($node) : 1)
  179. && $node = & $node[];
  180.  
  181. $node = $element->count() ? XML2Array($element) : trim($element);
  182. }
  183.  
  184. return $array;
  185. }
  186.  
  187. function delTree($dir){
  188. $files = array_diff(scandir($dir), array('.', '..'));
  189.  
  190. foreach ($files as $file) {
  191. (is_dir("$dir/$file")) ? delTree("$dir/$file") : unlink("$dir/$file");
  192. }
  193.  
  194. return rmdir($dir);
  195. }
  196.  
  197. function zipFolder($inputFolder, $zipOutputFile) {
  198. if (!extension_loaded('zip') || !file_exists($inputFolder)) {
  199. return false;
  200. }
  201.  
  202. $zip = new ZipArchive();
  203. if (!$zip->open($zipOutputFile, ZIPARCHIVE::CREATE)) {
  204. return false;
  205. }
  206.  
  207. $inputFolder = str_replace('\\', "/", realpath($inputFolder));
  208.  
  209. if (is_dir($inputFolder) === true) {
  210. $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($inputFolder), RecursiveIteratorIterator::SELF_FIRST);
  211.  
  212. foreach ($files as $file) {
  213. $file = str_replace('\\', "/", $file);
  214.  
  215. if (in_array(substr($file, strrpos($file, '/')+1), array('.', '..'))) {
  216. continue;
  217. }
  218.  
  219. $file = realpath($file);
  220.  
  221. if (is_dir($file) === true) {
  222. $dirName = str_replace($inputFolder."/", '', $file."/");
  223. $zip->addEmptyDir($dirName);
  224. }
  225. else if (is_file($file) === true) {
  226. $fileName = str_replace($inputFolder."/", '', $file);
  227. $zip->addFromString($fileName, file_get_contents($file));
  228. }
  229. }
  230. }
  231. else if (is_file($inputFolder) === true) {
  232. $zip->addFromString(basename($inputFolder), file_get_contents($inputFolder));
  233. }
  234.  
  235. return $zip->close();
  236. }
  237.  
  238. ?>
Buy Me A Coffee