Ross Marks

Fork: 0
0xRoM / DirtyScripts
Find file
Newer
Older
DirtyScripts / ReportToolz / pt2json.php
root on 14 Dec 2019 3 KB ability to just display findings
Raw Blame History
#!/usr/bin/php
<?php
//error_reporting(0);
 
/***
 * Main program - Don't edit below
 */
echo "            ______   _                  \n        _  (_____ \ (_)                 \n ____ _| |_  ____) ) _  ___  ___  ____  \n|  _ (_   _)/ ____/ | |/___)/ _ \|  _ \ \n| |_| || |_| (_____ | |___ | |_| | | | |\n|  __/  \__)_______)| (___/ \___/|_| |_|\n|_|               (__/                  \n\n";
 
foreach (glob("classes/*.php") as $filename)
    include $filename;
 
$definitions = new \Clapp\CommandLineArgumentDefinition(
    array(
        "help|h"            => "Shows help message",
        "doc|d=s"           => "/path/to/doc.ptreport to use",
        "no-save|n"           => "Output only - Don't save JSON files",
    )
);
 
$filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
 
if ($filter->getParam('h') === true || $argc < 2) {
	echo "Convert ptreport reprep output file to JSON files for repgen.php\n\n";
    fwrite(STDERR, $definitions->getUsage());
    exit(0);
} 
 
// see if doc exists 
if ($filter->getParam("doc") == false)
	die("[-] no doc set\n");
 
echo "[!] doc: ".$filter->getParam("doc")."\n";
if(!file_exists($filter->getParam("doc")))
	die("[-] no such file! \n"); 
 
 
$xmlfile = file_get_contents($filter->getParam("doc"));
$ob= simplexml_load_string($xmlfile);
$json  = json_encode($ob);
$configData = json_decode($json, true);
 
//print_r($configData);
//file_put_contents('/mnt/hgfs/Pentest/pentests/2019/Remploy/test/array.x', print_r($configData, true));
$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";
 
foreach ($configData['report_sections']['section']['subsection'] as $key => $value) {
	# code...
	//echo $value['title']."\n";
	//print_r($value);
	foreach($value['finding'] as $key2 => $value2){
		if($filter->getParam('no-save') === true){
			echo "[+] issue: ".$value2['@attributes']['title']."\n";
		}else{
			echo "[+] creating json for: ".$value2['@attributes']['title']."\n";
		}
		$vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $value2['@attributes']['title']) );
 
		if(isset($value2['cvss_vector']) && @strpos($value2['cvss_vector'], 'CVSS:3.0') === 0 ){
			$cvss3_score = $value2['cvss'];
			$cvss3_vector = $value2['cvss_vector'];
		}else{
			$cvss3_score = "";
			$cvss3_vector = "";
		}
 
		$techD = "";
		foreach ($value2['section'] as $key => $value) {
			# code...
			$techD .= @base64_decode($value)."\n";
		}
		$cvssS = (isset($value2['cvss']))? $value2['cvss'] : "";
 
		$sev = $value2['severity'];
		$sev = str_replace("serious", "Serious", $sev);
		$sev = str_replace("high", "High", $sev);
		$sev = str_replace("medium", "Medium", $sev);
		$sev = str_replace("low", "Low", $sev);
		$sev = str_replace("info", "Informational", $sev);
 
		$jsonFile = '{
		"title":'.json_encode($value2['@attributes']['title']).',
		"category":"",
		"remediation":'.json_encode(base64_decode($value2['remediation'])).',
		"cvss_score":'.json_encode($cvssS).',
		"risk":'.json_encode($sev).',
		"impact":"High/Medium/Low",
		"description":'.json_encode(base64_decode($value2['summary_description'])).',
		"tech_description":'.json_encode($techD).',
		"solution":'.json_encode(base64_decode($value2['summary_fix'])).',
		"cvss2_score":"",
		"cvss2_vector":"",
		"cvss3_score":'.json_encode($cvss3_score).',
		"cvss3_vector":'.json_encode($cvss3_vector).',
		"owasp":"",
		"tags":'.json_encode(base64_decode($value2['vuln_tags'])).',
		"to_check":"checked"}';
 
		if($filter->getParam('no-save') === false){
			file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile);
		}
	}
	
}