Newer
Older
DirtyScripts / ReportToolz / pt2json.php
#!/usr/bin/php
<?php
//error_reporting(0);

/***
 * Main program - Don't edit below
 */
echo "            ______   _                  \n        _  (_____ \ (_)                 \n ____ _| |_  ____) ) _  ___  ___  ____  \n|  _ (_   _)/ ____/ | |/___)/ _ \|  _ \ \n| |_| || |_| (_____ | |___ | |_| | | | |\n|  __/  \__)_______)| (___/ \___/|_| |_|\n|_|               (__/                  \n\n";

foreach (glob("classes/*.php") as $filename)
    include $filename;

$definitions = new \Clapp\CommandLineArgumentDefinition(
    array(
        "help|h"            => "Shows help message",
        "doc|d=s"           => "/path/to/doc.ptreport to use",
        "no-save|n"           => "Output only - Don't save JSON files",
    )
);

$filter = new \Clapp\CommandArgumentFilter($definitions, $argv);

if ($filter->getParam('h') === true || $argc < 2) {
	echo "Convert ptreport reprep output file to JSON files for repgen.php\n\n";
    fwrite(STDERR, $definitions->getUsage());
    exit(0);
} 

// see if doc exists 
if ($filter->getParam("doc") == false)
	die("[-] no doc set\n");

echo "[!] doc: ".$filter->getParam("doc")."\n";
if(!file_exists($filter->getParam("doc")))
	die("[-] no such file! \n"); 


$xmlfile = file_get_contents($filter->getParam("doc"));
$ob= simplexml_load_string($xmlfile);
$json  = json_encode($ob);
$configData = json_decode($json, true);

//print_r($configData);
//file_put_contents('/mnt/hgfs/Pentest/pentests/2019/Remploy/test/array.x', print_r($configData, true));
$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";

foreach ($configData['report_sections']['section']['subsection'] as $key => $value) {
	# code...
	//echo $value['title']."\n";
	//print_r($value);
	foreach($value['finding'] as $key2 => $value2){
		if($filter->getParam('no-save') === true){
			echo "[+] issue: ".$value2['@attributes']['title']."\n";
		}else{
			echo "[+] creating json for: ".$value2['@attributes']['title']."\n";
		}
		$vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $value2['@attributes']['title']) );

		if(isset($value2['cvss_vector']) && @strpos($value2['cvss_vector'], 'CVSS:3.0') === 0 ){
			$cvss3_score = $value2['cvss'];
			$cvss3_vector = $value2['cvss_vector'];
		}else{
			$cvss3_score = "";
			$cvss3_vector = "";
		}

		$techD = "";
		foreach ($value2['section'] as $key => $value) {
			# code...
			$techD .= @base64_decode($value)."\n";
		}
		$cvssS = (isset($value2['cvss']))? $value2['cvss'] : "";

		$sev = $value2['severity'];
		$sev = str_replace("serious", "Serious", $sev);
		$sev = str_replace("high", "High", $sev);
		$sev = str_replace("medium", "Medium", $sev);
		$sev = str_replace("low", "Low", $sev);
		$sev = str_replace("info", "Informational", $sev);

		$jsonFile = '{
		"title":'.json_encode($value2['@attributes']['title']).',
		"category":"",
		"remediation":'.json_encode(base64_decode($value2['remediation'])).',
		"cvss_score":'.json_encode($cvssS).',
		"risk":'.json_encode($sev).',
		"impact":"High/Medium/Low",
		"description":'.json_encode(base64_decode($value2['summary_description'])).',
		"tech_description":'.json_encode($techD).',
		"solution":'.json_encode(base64_decode($value2['summary_fix'])).',
		"cvss2_score":"",
		"cvss2_vector":"",
		"cvss3_score":'.json_encode($cvss3_score).',
		"cvss3_vector":'.json_encode($cvss3_vector).',
		"owasp":"",
		"tags":'.json_encode(base64_decode($value2['vuln_tags'])).',
		"to_check":"checked"}';

		if($filter->getParam('no-save') === false){
			file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile);
		}
	}
	
}