Newer
Older
DirtyScripts / ReportToolz / pt2json.php
  1. #!/usr/bin/php
  2. <?php
  3. //error_reporting(0);
  4.  
  5. /***
  6. * Main program - Don't edit below
  7. */
  8. echo " ______ _ \n _ (_____ \ (_) \n ____ _| |_ ____) ) _ ___ ___ ____ \n| _ (_ _)/ ____/ | |/___)/ _ \| _ \ \n| |_| || |_| (_____ | |___ | |_| | | | |\n| __/ \__)_______)| (___/ \___/|_| |_|\n|_| (__/ \n\n";
  9.  
  10. foreach (glob("classes/*.php") as $filename)
  11. include $filename;
  12.  
  13. $definitions = new \Clapp\CommandLineArgumentDefinition(
  14. array(
  15. "help|h" => "Shows help message",
  16. "doc|d=s" => "/path/to/doc.ptreport to use",
  17. "no-save|n" => "Output only - Don't save JSON files",
  18. )
  19. );
  20.  
  21. $filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
  22.  
  23. if ($filter->getParam('h') === true || $argc < 2) {
  24. echo "Convert ptreport reprep output file to JSON files for repgen.php\n\n";
  25. fwrite(STDERR, $definitions->getUsage());
  26. exit(0);
  27. }
  28.  
  29. // see if doc exists
  30. if ($filter->getParam("doc") == false)
  31. die("[-] no doc set\n");
  32.  
  33. echo "[!] doc: ".$filter->getParam("doc")."\n";
  34. if(!file_exists($filter->getParam("doc")))
  35. die("[-] no such file! \n");
  36.  
  37.  
  38. $xmlfile = file_get_contents($filter->getParam("doc"));
  39. $ob= simplexml_load_string($xmlfile);
  40. $json = json_encode($ob);
  41. $configData = json_decode($json, true);
  42.  
  43. //print_r($configData);
  44. //file_put_contents('/mnt/hgfs/Pentest/pentests/2019/Remploy/test/array.x', print_r($configData, true));
  45. $resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";
  46.  
  47. foreach ($configData['report_sections']['section']['subsection'] as $key => $value) {
  48. # code...
  49. //echo $value['title']."\n";
  50. //print_r($value);
  51. foreach($value['finding'] as $key2 => $value2){
  52. if($filter->getParam('no-save') === true){
  53. echo "[+] issue: ".$value2['@attributes']['title']."\n";
  54. }else{
  55. echo "[+] creating json for: ".$value2['@attributes']['title']."\n";
  56. }
  57. $vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $value2['@attributes']['title']) );
  58.  
  59. if(isset($value2['cvss_vector']) && @strpos($value2['cvss_vector'], 'CVSS:3.0') === 0 ){
  60. $cvss3_score = $value2['cvss'];
  61. $cvss3_vector = $value2['cvss_vector'];
  62. }else{
  63. $cvss3_score = "";
  64. $cvss3_vector = "";
  65. }
  66.  
  67. $techD = "";
  68. foreach ($value2['section'] as $key => $value) {
  69. # code...
  70. $techD .= @base64_decode($value)."\n";
  71. }
  72. $cvssS = (isset($value2['cvss']))? $value2['cvss'] : "";
  73.  
  74. $sev = $value2['severity'];
  75. $sev = str_replace("serious", "Serious", $sev);
  76. $sev = str_replace("high", "High", $sev);
  77. $sev = str_replace("medium", "Medium", $sev);
  78. $sev = str_replace("low", "Low", $sev);
  79. $sev = str_replace("info", "Informational", $sev);
  80.  
  81. $jsonFile = '{
  82. "title":'.json_encode($value2['@attributes']['title']).',
  83. "category":"",
  84. "remediation":'.json_encode(base64_decode($value2['remediation'])).',
  85. "cvss_score":'.json_encode($cvssS).',
  86. "risk":'.json_encode($sev).',
  87. "impact":"High/Medium/Low",
  88. "description":'.json_encode(base64_decode($value2['summary_description'])).',
  89. "tech_description":'.json_encode($techD).',
  90. "solution":'.json_encode(base64_decode($value2['summary_fix'])).',
  91. "cvss2_score":"",
  92. "cvss2_vector":"",
  93. "cvss3_score":'.json_encode($cvss3_score).',
  94. "cvss3_vector":'.json_encode($cvss3_vector).',
  95. "owasp":"",
  96. "tags":'.json_encode(base64_decode($value2['vuln_tags'])).',
  97. "to_check":"checked"}';
  98.  
  99. if($filter->getParam('no-save') === false){
  100. file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile);
  101. }
  102. }
  103. }
Buy Me A Coffee