- #!/usr/bin/php
- <?php
- //error_reporting(0);
-
- /***
- * Main program - Don't edit below
- */
- echo " ______ _ \n _ (_____ \ (_) \n ____ _| |_ ____) ) _ ___ ___ ____ \n| _ (_ _)/ ____/ | |/___)/ _ \| _ \ \n| |_| || |_| (_____ | |___ | |_| | | | |\n| __/ \__)_______)| (___/ \___/|_| |_|\n|_| (__/ \n\n";
-
- foreach (glob("classes/*.php") as $filename)
- include $filename;
-
- $definitions = new \Clapp\CommandLineArgumentDefinition(
- array(
- "help|h" => "Shows help message",
- "doc|d=s" => "/path/to/doc.ptreport to use",
- "no-save|n" => "Output only - Don't save JSON files",
- )
- );
-
- $filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
-
- if ($filter->getParam('h') === true || $argc < 2) {
- echo "Convert ptreport reprep output file to JSON files for repgen.php\n\n";
- fwrite(STDERR, $definitions->getUsage());
- exit(0);
- }
-
- // see if doc exists
- if ($filter->getParam("doc") == false)
- die("[-] no doc set\n");
-
- echo "[!] doc: ".$filter->getParam("doc")."\n";
- if(!file_exists($filter->getParam("doc")))
- die("[-] no such file! \n");
-
-
- $xmlfile = file_get_contents($filter->getParam("doc"));
- $ob= simplexml_load_string($xmlfile);
- $json = json_encode($ob);
- $configData = json_decode($json, true);
-
- $resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";
-
- if( isset($configData['report_sections']['section'][0]['subsection'][0]['@attributes']['title'])){
- // multiple headings
- foreach( $configData['report_sections']['section'] as $key1 => $val1 ){
- //echo $key1." - ".$val1."\n";
- foreach ($val1['subsection'] as $key => $value) {
- if(isset($value['finding'] )){
- foreach($value['finding'] as $key2 => $value2){
- if(isset($value2['@attributes']['title']) && isset($value2['summary_description'])){
- if($filter->getParam('no-save') === true){
- echo "[+] issue: ".$value2['@attributes']['title']."\n";
- }else{
- echo "[+] creating json for: ".$value2['@attributes']['title']."\n";
- }
- $vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $value2['@attributes']['title']) );
-
- if(isset($value2['cvss_vector']) && @strpos($value2['cvss_vector'], 'CVSS:3.0') === 0 ){
- $cvss3_score = $value2['cvss'];
- $cvss3_vector = $value2['cvss_vector'];
- }else{
- $cvss3_score = "";
- $cvss3_vector = "";
- }
-
- $techD = "";
- foreach ($value2['section'] as $key => $value) {
- # code...
- $techD .= @base64_decode($value)."\n";
- }
- $cvssS = (isset($value2['cvss']))? $value2['cvss'] : "";
-
- $sev = $value2['severity'];
- $sev = str_replace("serious", "Serious", $sev);
- $sev = str_replace("high", "High", $sev);
- $sev = str_replace("medium", "Medium", $sev);
- $sev = str_replace("low", "Low", $sev);
- $sev = str_replace("info", "Info", $sev);
-
- $jsonFile = '{
- "title":'.json_encode($value2['@attributes']['title']).',
- "category":"",
- "remediation":'.json_encode(base64_decode($value2['remediation'])).',
- "cvss_score":'.json_encode($cvssS).',
- "risk":'.json_encode($sev).',
- "impact":"High/Medium/Low",
- "description":'.json_encode(base64_decode($value2['summary_description'])).',
- "tech_description":'.json_encode($techD).',
- "solution":'.json_encode(base64_decode($value2['summary_fix'])).',
- "cvss2_score":"",
- "cvss2_vector":"",
- "cvss3_score":'.json_encode($cvss3_score).',
- "cvss3_vector":'.json_encode($cvss3_vector).',
- "owasp":"",
- "tags":'.json_encode(base64_decode($value2['vuln_tags'])).',
- "to_check":"checked"}';
-
- if($filter->getParam('no-save') === false){
- file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile);
- }
- }
- }
- }
-
- }
- }
- // single heading
- }else{
- foreach ($configData['report_sections']['section']['subsection'] as $key => $value) {
- # code...
- //echo $value['title']."\n";
- //print_r($value);
- foreach($value['finding'] as $key2 => $value2){
-
- if($filter->getParam('no-save') === true){
- echo "[+] issue: ".$value2['@attributes']['title']."\n";
- }else{
- echo "[+] creating json for: ".$value2['@attributes']['title']."\n";
- }
- $vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $value2['@attributes']['title']) );
-
- if(isset($value2['cvss_vector']) && @strpos($value2['cvss_vector'], 'CVSS:3.0') === 0 ){
- $cvss3_score = $value2['cvss'];
- $cvss3_vector = $value2['cvss_vector'];
- }else{
- $cvss3_score = "";
- $cvss3_vector = "";
- }
-
- $techD = "";
- foreach ($value2['section'] as $key => $value) {
- # code...
- $techD .= @base64_decode($value)."\n";
- }
- $cvssS = (isset($value2['cvss']))? $value2['cvss'] : "";
-
- $sev = $value2['severity'];
- $sev = str_replace("serious", "Serious", $sev);
- $sev = str_replace("high", "High", $sev);
- $sev = str_replace("medium", "Medium", $sev);
- $sev = str_replace("low", "Low", $sev);
- $sev = str_replace("info", "Info", $sev);
-
- $jsonFile = '{
- "title":'.json_encode($value2['@attributes']['title']).',
- "category":"",
- "remediation":'.json_encode(base64_decode($value2['remediation'])).',
- "cvss_score":'.json_encode($cvssS).',
- "risk":'.json_encode($sev).',
- "impact":"High/Medium/Low",
- "description":'.json_encode(base64_decode($value2['summary_description'])).',
- "tech_description":'.json_encode($techD).',
- "solution":'.json_encode(base64_decode($value2['summary_fix'])).',
- "cvss2_score":"",
- "cvss2_vector":"",
- "cvss3_score":'.json_encode($cvss3_score).',
- "cvss3_vector":'.json_encode($cvss3_vector).',
- "owasp":"",
- "tags":'.json_encode(base64_decode($value2['vuln_tags'])).',
- "to_check":"checked"}';
-
- if($filter->getParam('no-save') === false){
- file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile);
- }
- }
-
- }
- }