Fork: 0
0xRoM / DirtyScripts
Transfer to URL with SHA Find file
Newer
Older
DirtyScripts / ReportToolz / repgen.php
root on 27 Feb 2020 9 KB Tony is a informational tard
Raw Blame History 
  1. #!/usr/bin/php
  2. <?php
  3. //error_reporting(0);
  4.  
  5. /***
  6.  * Configuration options
  7.  */
  8. $template = "templates/odt/blank_template_v1.0.odt";
  9. //$CHECKtemplate = "templates/odt/blank_template_check_v0.4.odt";
  10. $vulnTemplate = "templates/odt/vuln_template_v0.2.xml";
  11.  
  12. /***
  13.  * Main program - Don't edit below
  14.  */
  15. echo "_____ _____ _____ Gen\n||_// ||==  ||_// \n|| \\  ||___ ||    \n\n";
  16.  
  17. foreach (glob("classes/*.php") as $filename)
  18.     include $filename;
  19.  
  20. $definitions = new \Clapp\CommandLineArgumentDefinition(
  21.     array(
  22.         "help|h"            => "Shows help message",
  23.         "path|p=s"          => "/path/to/configs/", // should contain config.json and all vuln.json files
  24.     )
  25. );
  26.  
  27. $filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
  28.  
  29. if ($filter->getParam('h') === true || $argc < 2) {
  30.     fwrite(STDERR, $definitions->getUsage());
  31.     exit(0);
  32. } 
  33.  
  34. // see if doc exists 
  35. if ($filter->getParam("path") == false)
  36. 	die("[-] no path set\n");
  37.  
  38. echo "[!] path: ".$filter->getParam("path")."\n";
  39. if(!is_dir($filter->getParam("path")))
  40. 	die("[-] no such folder! \n");
  41.  
  42. //get config file
  43. $config = json_decode(file_get_contents($filter->getParam("path")."config.conf")); 
  44.  
  45. // extract doc and get contents
  46. $rand = uniqid();
  47. mkdir("/tmp/$rand");
  48. if(unzipFolder($template, "/tmp/$rand/")) {
  49.     $source = file_get_contents("/tmp/$rand/content.xml");
  50.     echo "[+] doc extracted\n";
  51. } else {
  52. 	die("[-] unable to extract doc\n");
  53. }
  54. $source = file_get_contents("/tmp/$rand/content.xml");
  55. 	
  56. // add CHECK section into report if needed
  57. if(isset($config->checkRef) && trim($config->checkRef) <> ""){
  58.     $check_img = '<draw:frame draw:style-name="fr9" draw:name="FPCheckLogo" text:anchor-type="frame" svg:x="0cm" svg:y="5.879cm" svg:width="6.83cm" svg:height="2.628cm" draw:z-index="40">
  59.             <draw:image xlink:href="Pictures/10000000000004A3000001C98E2CC6AE1D6F811E.jpg" xlink:type="simple" xlink:show="embed" xlink:actuate="onLoad" loext:mime-type="image/jpeg"/>
  60.         </draw:frame>';
  61.     $check_section = '<text:p text:style-name="P26"/>
  62.         <text:p text:style-name="P26"/>
  63.         <text:p text:style-name="P26"/>
  64.         <text:p text:style-name="P26"/>
  65.         <text:p text:style-name="P26">
  66.             CHECK Ref: {checkRef}
  67.         </text:p>';
  68.     $source = str_replace('{check_img}', $check_img, $source);
  69.     $source = str_replace('{check_section}', $check_section, $source);
  70.     echo "[+] Added CHECK section\n";
  71. }else{
  72.     $check_section = '<text:p text:style-name="P26">
  73.             <text:bookmark-start text:name="__RefHeading___Toc72207_536000782"/>
  74.             <text:bookmark-end text:name="__RefHeading___Toc72207_536000782"/>
  75.         </text:p>';
  76.     $source = str_replace('{check_img}', "", $source);
  77.     $source = str_replace('{check_section}', $check_section, $source);
  78. }
  79.  
  80. // add config into template
  81. foreach ($config as $key => $value) {
  82. 	$source = str_replace('{'.$key.'}', $value, $source);
  83. }
  84. file_put_contents("/tmp/$rand/content.xml", $source);
  85. echo "[+] added config values\n";
  86.  
  87. // get all vulns
  88. $vuln = array();
  89. $files = glob($filter->getParam("path")."*.json");
  90. foreach($files as $finding){
  91.     $vuln[] = $found = json_decode(file_get_contents($finding), true);
  92. }
  93.  
  94. echo "[+] sorting vulns by CVSS\n";
  95. usort($vuln, 'order_by_cvss');
  96. function order_by_cvss($a, $b) {
  97.     return $b['cvss_score'] > $a['cvss_score'] ? 1 : -1;
  98. }
  99.  
  100. if(empty($vuln))
  101.     echo "[-] no vulns found!\n";
  102.  
  103. // create vulns for odf
  104. $templateOrig = file_get_contents($vulnTemplate);
  105. $Serious = $High = $Medium = $Low = $Informational = ""; 
  106. foreach ($vuln as $singlevuln) {
  107. 	$templateSource = $templateOrig;
  108. 	$togo = $singlevuln['risk'];
  109. 	foreach ($singlevuln as $key => $value){
  110.         $value = str_replace("<", "&lt;", $value);
  111.         $value = str_replace(">", "&gt;", $value);
  112. 		$value = str_replace("\n", "</text:p><text:p text:style-name=\"Text_20_body\">", $value);
  113. 		$templateSource = str_replace('{'.$key.'}', $value, $templateSource);
  114.         if($key == "risk"){
  115.             switch ($togo) {
  116.                 case 'Serious':
  117.                     $templateSource = str_replace('{risk_img}', '100000000000001C0000001C2B2344F988E3C014.png', $templateSource);
  118.                     break;
  119.                 case 'High':
  120.                     $templateSource = str_replace('{risk_img}', '100000000000001C0000001C478E326DAB1B0673.gif', $templateSource);
  121.                     break;
  122.                 case 'Medium':
  123.                     $templateSource = str_replace('{risk_img}', '100000000000001C0000001C08AD11DB0A5D02CD.png', $templateSource);
  124.                     break;
  125.                 case 'Low':
  126.                     $templateSource = str_replace('{risk_img}', '100000000000001C0000001C6CC3BB57AA64608B.gif', $templateSource);
  127.                     break;
  128.                 case 'Info':
  129.                     $templateSource = str_replace('{risk_img}', '100000000000001C0000001C7365C375D1750C0F.gif', $templateSource);
  130.                     break;
  131.             }
  132.         }
  133. 	}
  134.     
  135. 	$$togo .= $templateSource;
  136. 	echo "[+] added $togo: ".$singlevuln['title']."\n";
  137. }
  138.  
  139. // squash vulns into one bbig xml
  140. $value = "";
  141. if(!empty($Serious)){
  142. 	$value .= '<text:list text:continue-numbering="true" text:style-name="Outline">
  143.     <text:list-item>
  144.         <text:list>
  145.             <text:list-item>
  146.                 <text:h text:outline-level="2">Serious Risk Vulnerabilities</text:h>
  147.             </text:list-item>
  148.         </text:list>
  149.     </text:list-item>
  150. </text:list>';
  151. 	$value .= $Serious;
  152. }
  153.  
  154. if(!empty($High)){
  155. 	$value .= '<text:list text:continue-numbering="true" text:style-name="Outline">
  156.     <text:list-item>
  157.         <text:list>
  158.             <text:list-item>
  159.                 <text:h text:outline-level="2">High Risk Vulnerabilities</text:h>
  160.             </text:list-item>
  161.         </text:list>
  162.     </text:list-item>
  163. </text:list>';
  164. 	$value .= $High;
  165. }
  166. if(!empty($Medium)){
  167. 	$value .= '<text:list text:continue-numbering="true" text:style-name="Outline">
  168.     <text:list-item>
  169.         <text:list>
  170.             <text:list-item>
  171.                 <text:h text:outline-level="2">Medium Risk Vulnerabilities</text:h>
  172.             </text:list-item>
  173.         </text:list>
  174.     </text:list-item>
  175. </text:list>';
  176. 	$value .= $Medium;
  177. }
  178. if(!empty($Low)){
  179. 	$value .= '<text:list text:continue-numbering="true" text:style-name="Outline">
  180.     <text:list-item>
  181.         <text:list>
  182.             <text:list-item>
  183.                 <text:h text:outline-level="2">Low Risk Vulnerabilities</text:h>
  184.             </text:list-item>
  185.         </text:list>
  186.     </text:list-item>
  187. </text:list>';
  188. 	$value .= $Low;
  189. }
  190. if(!empty($Informational)){
  191.     $value .= '<text:list text:continue-numbering="true" text:style-name="Outline">
  192.     <text:list-item>
  193.         <text:list>
  194.             <text:list-item>
  195.                 <text:h text:outline-level="2">Informational Risk Vulnerabilities</text:h>
  196.             </text:list-item>
  197.         </text:list>
  198.     </text:list-item>
  199. </text:list>';
  200.     $value .= $Informational;
  201. }
  202. // add to template
  203. $source = file_get_contents("/tmp/$rand/content.xml");
  204. $source = str_replace('{vuln}', $value, $source);
  205. file_put_contents("/tmp/$rand/content.xml", $source);
  206.  
  207. // create report and tidying
  208. $repOutName = $config->ref.".3 ".$config->client ." ". $config->title1;
  209. zipFolder("/tmp/$rand", $filter->getParam("path").$repOutName.".odt");
  210. echo "[=] generated report: ".$filter->getParam("path").$repOutName.".odt\n";
  211. delTree("/tmp/$rand");
  212. echo "[+] temp files removed\n";
  213.  
  214. function unzipFolder($zipInputFile, $outputFolder) {
  215.     $zip = new ZipArchive;
  216.     $res = $zip->open($zipInputFile);
  217.     if ($res === true) {
  218.         $zip->extractTo($outputFolder);
  219.         $zip->close();
  220.         return true;
  221.     }
  222.     else {
  223.         return false;
  224.     }
  225. }
  226.  
  227. function XML2Array(SimpleXMLElement $parent){
  228.     $array = array();
  229.  
  230.     foreach ($parent as $name => $element) {
  231.         ($node = & $array[$name])
  232.             && (1 === count($node) ? $node = array($node) : 1)
  233.             && $node = & $node[];
  234.  
  235.         $node = $element->count() ? XML2Array($element) : trim($element);
  236.     }
  237.  
  238.     return $array;
  239. }
  240.  
  241. function delTree($dir){ 
  242.     $files = array_diff(scandir($dir), array('.', '..')); 
  243.  
  244.     foreach ($files as $file) { 
  245.         (is_dir("$dir/$file")) ? delTree("$dir/$file") : unlink("$dir/$file"); 
  246.     }
  247.  
  248.     return rmdir($dir); 
  249. } 
  250.  
  251. function zipFolder($inputFolder, $zipOutputFile) {
  252.     if (!extension_loaded('zip') || !file_exists($inputFolder)) {
  253.         return false;
  254.     }
  255.  
  256.     $zip = new ZipArchive();
  257.     if (!$zip->open($zipOutputFile, ZIPARCHIVE::CREATE)) {
  258.         return false;
  259.     }
  260.  
  261.     $inputFolder = str_replace('\\', "/", realpath($inputFolder));
  262.  
  263.     if (is_dir($inputFolder) === true) {
  264.         $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($inputFolder), RecursiveIteratorIterator::SELF_FIRST);
  265.  
  266.         foreach ($files as $file) {
  267.             $file = str_replace('\\', "/", $file);
  268.  
  269.             if (in_array(substr($file, strrpos($file, '/')+1), array('.', '..'))) {
  270.                 continue;
  271.             }
  272.  
  273.             $file = realpath($file);
  274.  
  275.             if (is_dir($file) === true) {
  276.                 $dirName = str_replace($inputFolder."/", '', $file."/");
  277.                 $zip->addEmptyDir($dirName);
  278.             }
  279.             else if (is_file($file) === true) {
  280.                 $fileName = str_replace($inputFolder."/", '', $file);
  281.                 $zip->addFromString($fileName, file_get_contents($file));
  282.             }
  283.         }
  284.     }
  285.     else if (is_file($inputFolder) === true) {
  286.         $zip->addFromString(basename($inputFolder), file_get_contents($inputFolder));
  287.     }
  288.  
  289.     return $zip->close();
  290. }
  291.  
  292. ?>
Buy Me A Coffee