Fork: 0
0xRoM / DirtyScripts
Transfer to URL with SHA Find file
Newer
Older
DirtyScripts / ReportToolz / repgen.php
root on 16 Nov 2019 6 KB vdb.php added
Raw Blame History 
  1. #!/usr/bin/php
  2. <?php
  3. //error_reporting(0);
  4.  
  5. /***
  6.  * Configuration options
  7.  */
  8. $template = "templates/odt/blank_template.odt";
  9. $vulnTemplate = "templates/odt/vuln_template.xml";
  10.  
  11. /***
  12.  * Main program - Don't edit below
  13.  */
  14. echo "_____ _____ _____ Gen\n||_// ||==  ||_// \n|| \\  ||___ ||    \n\n";
  15.  
  16. foreach (glob("classes/*.php") as $filename)
  17.     include $filename;
  18.  
  19. $definitions = new \Clapp\CommandLineArgumentDefinition(
  20.     array(
  21.         "help|h"            => "Shows help message",
  22.         "path|p=s"          => "/path/to/configs/", // should contain config.json and all vuln.json files
  23.     )
  24. );
  25.  
  26. $filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
  27.  
  28. if ($filter->getParam('h') === true || $argc < 2) {
  29.     fwrite(STDERR, $definitions->getUsage());
  30.     exit(0);
  31. } 
  32.  
  33. // see if doc exists 
  34. if ($filter->getParam("path") == false)
  35. 	die("[-] no path set\n");
  36.  
  37. echo "[!] path: ".$filter->getParam("path")."\n";
  38. if(!is_dir($filter->getParam("path")))
  39. 	die("[-] no such folder! \n");
  40.  
  41. // extract doc and get contents
  42. $rand = uniqid();
  43. mkdir("/tmp/$rand");
  44. if(unzipFolder($template, "/tmp/$rand/")) {
  45.     $source = file_get_contents("/tmp/$rand/content.xml");
  46.     echo "[+] doc extracted\n";
  47. } else {
  48. 	die("[-] unable to extract doc\n");
  49. }
  50. 	
  51. $config = json_decode(file_get_contents($filter->getParam("path")."config.conf"));
  52.  
  53. // add config into template
  54. $source = file_get_contents("/tmp/$rand/content.xml");
  55. foreach ($config as $key => $value) {
  56. 	$source = str_replace('{'.$key.'}', $value, $source);
  57. }
  58. file_put_contents("/tmp/$rand/content.xml", $source);
  59. echo "[+] added config values\n";
  60.  
  61. // get all vulns
  62. $vuln = array();
  63. $files = glob($filter->getParam("path")."*.json");
  64. foreach($files as $finding){
  65.     $vuln[] = $found = json_decode(file_get_contents($finding), true);
  66. }
  67.  
  68. echo "[+] sorting vulns by CVSS\n";
  69. usort($vuln, 'order_by_cvss');
  70. function order_by_cvss($a, $b) {
  71.     return $b['cvss_score'] > $a['cvss_score'] ? 1 : -1;
  72. }
  73.  
  74. if(empty($vuln))
  75.     echo "[-] no vulns found!\n";
  76.  
  77. // create vulns for odf
  78. $templateOrig = file_get_contents($vulnTemplate);
  79. $Serious = $High = $Medium = $Low = ""; 
  80. foreach ($vuln as $singlevuln) {
  81. 	$templateSource = $templateOrig;
  82. 	$togo = $singlevuln['risk'];
  83. 	foreach ($singlevuln as $key => $value){
  84. 		$value = str_replace("\n", "</text:p><text:p text:style-name=\"P173\">", $value);
  85. 		$templateSource = str_replace('{'.$key.'}', $value, $templateSource);
  86. 	}
  87. 	$$togo .= $templateSource;
  88. 	echo "[+] added $togo: ".$singlevuln['title']."\n";
  89. }
  90.  
  91. // squash vulns into one bbig xml
  92. $value = "";
  93. if(!empty($Serious)){
  94. 	$value .= '<text:list xml:id="list215514604433265" text:continue-numbering="true" text:style-name="Outline">
  95.     <text:list-item>
  96.         <text:list>
  97.             <text:list-item>
  98.                 <text:h text:style-name="P156" text:outline-level="2">Serious Risk Vulnerabilities</text:h>
  99.             </text:list-item>
  100.         </text:list>
  101.     </text:list-item>
  102. </text:list>';
  103. 	$value .= $Serious;
  104. }
  105.  
  106. if(!empty($High)){
  107. 	$value .= '<text:list xml:id="list215514604433265" text:continue-numbering="true" text:style-name="Outline">
  108.     <text:list-item>
  109.         <text:list>
  110.             <text:list-item>
  111.                 <text:h text:style-name="P156" text:outline-level="2">High Risk Vulnerabilities</text:h>
  112.             </text:list-item>
  113.         </text:list>
  114.     </text:list-item>
  115. </text:list>';
  116. 	$value .= $High;
  117. }
  118. if(!empty($Medium)){
  119. 	$value .= '<text:list xml:id="list215514604433265" text:continue-numbering="true" text:style-name="Outline">
  120.     <text:list-item>
  121.         <text:list>
  122.             <text:list-item>
  123.                 <text:h text:style-name="P156" text:outline-level="2">Medium Risk Vulnerabilities</text:h>
  124.             </text:list-item>
  125.         </text:list>
  126.     </text:list-item>
  127. </text:list>';
  128. 	$value .= $Medium;
  129. }
  130. if(!empty($Low)){
  131. 	$value .= '<text:list xml:id="list215514604433265" text:continue-numbering="true" text:style-name="Outline">
  132.     <text:list-item>
  133.         <text:list>
  134.             <text:list-item>
  135.                 <text:h text:style-name="P156" text:outline-level="2">Low Risk Vulnerabilities</text:h>
  136.             </text:list-item>
  137.         </text:list>
  138.     </text:list-item>
  139. </text:list>';
  140. 	$value .= $Low;
  141. }
  142. // add to template
  143. $source = file_get_contents("/tmp/$rand/content.xml");
  144. $source = str_replace('{vuln}', $value, $source);
  145. file_put_contents("/tmp/$rand/content.xml", $source);
  146.  
  147. // create report and tidying
  148. zipFolder("/tmp/$rand", $filter->getParam("path")."repgen.odt");
  149. echo "[=] generated report: ".$filter->getParam("path")."repgen.odt\n";
  150. delTree("/tmp/$rand");
  151. echo "[+] temp files removed\n";
  152.  
  153. function unzipFolder($zipInputFile, $outputFolder) {
  154.     $zip = new ZipArchive;
  155.     $res = $zip->open($zipInputFile);
  156.     if ($res === true) {
  157.         $zip->extractTo($outputFolder);
  158.         $zip->close();
  159.         return true;
  160.     }
  161.     else {
  162.         return false;
  163.     }
  164. }
  165.  
  166. function XML2Array(SimpleXMLElement $parent){
  167.     $array = array();
  168.  
  169.     foreach ($parent as $name => $element) {
  170.         ($node = & $array[$name])
  171.             && (1 === count($node) ? $node = array($node) : 1)
  172.             && $node = & $node[];
  173.  
  174.         $node = $element->count() ? XML2Array($element) : trim($element);
  175.     }
  176.  
  177.     return $array;
  178. }
  179.  
  180. function delTree($dir){ 
  181.     $files = array_diff(scandir($dir), array('.', '..')); 
  182.  
  183.     foreach ($files as $file) { 
  184.         (is_dir("$dir/$file")) ? delTree("$dir/$file") : unlink("$dir/$file"); 
  185.     }
  186.  
  187.     return rmdir($dir); 
  188. } 
  189.  
  190. function zipFolder($inputFolder, $zipOutputFile) {
  191.     if (!extension_loaded('zip') || !file_exists($inputFolder)) {
  192.         return false;
  193.     }
  194.  
  195.     $zip = new ZipArchive();
  196.     if (!$zip->open($zipOutputFile, ZIPARCHIVE::CREATE)) {
  197.         return false;
  198.     }
  199.  
  200.     $inputFolder = str_replace('\\', "/", realpath($inputFolder));
  201.  
  202.     if (is_dir($inputFolder) === true) {
  203.         $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($inputFolder), RecursiveIteratorIterator::SELF_FIRST);
  204.  
  205.         foreach ($files as $file) {
  206.             $file = str_replace('\\', "/", $file);
  207.  
  208.             if (in_array(substr($file, strrpos($file, '/')+1), array('.', '..'))) {
  209.                 continue;
  210.             }
  211.  
  212.             $file = realpath($file);
  213.  
  214.             if (is_dir($file) === true) {
  215.                 $dirName = str_replace($inputFolder."/", '', $file."/");
  216.                 $zip->addEmptyDir($dirName);
  217.             }
  218.             else if (is_file($file) === true) {
  219.                 $fileName = str_replace($inputFolder."/", '', $file);
  220.                 $zip->addFromString($fileName, file_get_contents($file));
  221.             }
  222.         }
  223.     }
  224.     else if (is_file($inputFolder) === true) {
  225.         $zip->addFromString(basename($inputFolder), file_get_contents($inputFolder));
  226.     }
  227.  
  228.     return $zip->close();
  229. }
  230.  
  231. ?>
Buy Me A Coffee