Newer
Older
DirtyScripts / ReportToolz / pt2json.php
  1. #!/usr/bin/php
  2. <?php
  3. //error_reporting(0);
  4.  
  5. /***
  6. * Main program - Don't edit below
  7. */
  8. echo " ______ _ \n _ (_____ \ (_) \n ____ _| |_ ____) ) _ ___ ___ ____ \n| _ (_ _)/ ____/ | |/___)/ _ \| _ \ \n| |_| || |_| (_____ | |___ | |_| | | | |\n| __/ \__)_______)| (___/ \___/|_| |_|\n|_| (__/ \n\n";
  9.  
  10. foreach (glob("classes/*.php") as $filename)
  11. include $filename;
  12.  
  13. $definitions = new \Clapp\CommandLineArgumentDefinition(
  14. array(
  15. "help|h" => "Shows help message",
  16. "doc|d=s" => "/path/to/doc.ptreport to use",
  17. "no-save|n" => "Output only - Don't save JSON files",
  18. )
  19. );
  20.  
  21. $filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
  22.  
  23. if ($filter->getParam('h') === true || $argc < 2) {
  24. echo "Convert ptreport reprep output file to JSON files for repgen.php\n\n";
  25. fwrite(STDERR, $definitions->getUsage());
  26. exit(0);
  27. }
  28.  
  29. // see if doc exists
  30. if ($filter->getParam("doc") == false)
  31. die("[-] no doc set\n");
  32.  
  33. echo "[!] doc: ".$filter->getParam("doc")."\n";
  34. if(!file_exists($filter->getParam("doc")))
  35. die("[-] no such file! \n");
  36.  
  37.  
  38. $xmlfile = file_get_contents($filter->getParam("doc"));
  39. $ob= simplexml_load_string($xmlfile);
  40. $json = json_encode($ob);
  41. $configData = json_decode($json, true);
  42.  
  43. $resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";
  44.  
  45. if( isset($configData['report_sections']['section'][0]['subsection'][0]['@attributes']['title'])){
  46. // multiple headings
  47. foreach( $configData['report_sections']['section'] as $key1 => $val1 ){
  48. //echo $key1." - ".$val1."\n";
  49. foreach ($val1['subsection'] as $key => $value) {
  50. if(isset($value['finding'] )){
  51. foreach($value['finding'] as $key2 => $value2){
  52. if(isset($value2['@attributes']['title']) && isset($value2['summary_description'])){
  53. if($filter->getParam('no-save') === true){
  54. echo "[+] issue: ".$value2['@attributes']['title']."\n";
  55. }else{
  56. echo "[+] creating json for: ".$value2['@attributes']['title']."\n";
  57. }
  58. $vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $value2['@attributes']['title']) );
  59.  
  60. if(isset($value2['cvss_vector']) && @strpos($value2['cvss_vector'], 'CVSS:3.0') === 0 ){
  61. $cvss3_score = $value2['cvss'];
  62. $cvss3_vector = $value2['cvss_vector'];
  63. }else{
  64. $cvss3_score = "";
  65. $cvss3_vector = "";
  66. }
  67.  
  68. $techD = "";
  69. foreach ($value2['section'] as $key => $value) {
  70. # code...
  71. $techD .= @base64_decode($value)."\n";
  72. }
  73. $cvssS = (isset($value2['cvss']))? $value2['cvss'] : "";
  74.  
  75. $sev = $value2['severity'];
  76. $sev = str_replace("serious", "Serious", $sev);
  77. $sev = str_replace("high", "High", $sev);
  78. $sev = str_replace("medium", "Medium", $sev);
  79. $sev = str_replace("low", "Low", $sev);
  80. $sev = str_replace("info", "Info", $sev);
  81.  
  82. $jsonFile = '{
  83. "title":'.json_encode($value2['@attributes']['title']).',
  84. "category":"",
  85. "remediation":'.json_encode(base64_decode($value2['remediation'])).',
  86. "cvss_score":'.json_encode($cvssS).',
  87. "risk":'.json_encode($sev).',
  88. "impact":"High/Medium/Low",
  89. "description":'.json_encode(base64_decode($value2['summary_description'])).',
  90. "tech_description":'.json_encode($techD).',
  91. "solution":'.json_encode(base64_decode($value2['summary_fix'])).',
  92. "cvss2_score":"",
  93. "cvss2_vector":"",
  94. "cvss3_score":'.json_encode($cvss3_score).',
  95. "cvss3_vector":'.json_encode($cvss3_vector).',
  96. "owasp":"",
  97. "tags":'.json_encode(base64_decode($value2['vuln_tags'])).',
  98. "to_check":"checked"}';
  99.  
  100. if($filter->getParam('no-save') === false){
  101. file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile);
  102. }
  103. }
  104. }
  105. }
  106.  
  107. }
  108. }
  109. // single heading
  110. }else{
  111. foreach ($configData['report_sections']['section']['subsection'] as $key => $value) {
  112. # code...
  113. //echo $value['title']."\n";
  114. //print_r($value);
  115. foreach($value['finding'] as $key2 => $value2){
  116.  
  117. if($filter->getParam('no-save') === true){
  118. echo "[+] issue: ".$value2['@attributes']['title']."\n";
  119. }else{
  120. echo "[+] creating json for: ".$value2['@attributes']['title']."\n";
  121. }
  122. $vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $value2['@attributes']['title']) );
  123.  
  124. if(isset($value2['cvss_vector']) && @strpos($value2['cvss_vector'], 'CVSS:3.0') === 0 ){
  125. $cvss3_score = $value2['cvss'];
  126. $cvss3_vector = $value2['cvss_vector'];
  127. }else{
  128. $cvss3_score = "";
  129. $cvss3_vector = "";
  130. }
  131.  
  132. $techD = "";
  133. foreach ($value2['section'] as $key => $value) {
  134. # code...
  135. $techD .= @base64_decode($value)."\n";
  136. }
  137. $cvssS = (isset($value2['cvss']))? $value2['cvss'] : "";
  138.  
  139. $sev = $value2['severity'];
  140. $sev = str_replace("serious", "Serious", $sev);
  141. $sev = str_replace("high", "High", $sev);
  142. $sev = str_replace("medium", "Medium", $sev);
  143. $sev = str_replace("low", "Low", $sev);
  144. $sev = str_replace("info", "Info", $sev);
  145.  
  146. $jsonFile = '{
  147. "title":'.json_encode($value2['@attributes']['title']).',
  148. "category":"",
  149. "remediation":'.json_encode(base64_decode($value2['remediation'])).',
  150. "cvss_score":'.json_encode($cvssS).',
  151. "risk":'.json_encode($sev).',
  152. "impact":"High/Medium/Low",
  153. "description":'.json_encode(base64_decode($value2['summary_description'])).',
  154. "tech_description":'.json_encode($techD).',
  155. "solution":'.json_encode(base64_decode($value2['summary_fix'])).',
  156. "cvss2_score":"",
  157. "cvss2_vector":"",
  158. "cvss3_score":'.json_encode($cvss3_score).',
  159. "cvss3_vector":'.json_encode($cvss3_vector).',
  160. "owasp":"",
  161. "tags":'.json_encode(base64_decode($value2['vuln_tags'])).',
  162. "to_check":"checked"}';
  163.  
  164. if($filter->getParam('no-save') === false){
  165. file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile);
  166. }
  167. }
  168. }
  169. }
Buy Me A Coffee