#!/usr/bin/php <?php //error_reporting(0); /*** * Main program - Don't edit below */ echo " ______ _ \n (_____ \ (_) \n ____ ___ ____) ) _ ___ ___ ____ \n| _ \ /___)/ ____/ | |/___)/ _ \| _ \ \n| | | |___ | (_____ | |___ | |_| | | | |\n|_| |_(___/|_______)| (___/ \___/|_| |_|\n (__/ \n\n"; foreach (glob("classes/*.php") as $filename) include $filename; $definitions = new \Clapp\CommandLineArgumentDefinition( array( "help|h" => "Shows help message", "doc|d=s" => "/path/to/doc.nessus to use", "no-save|n" => "Output only - Don't save JSON files", "no-info|i" => "Don't save \"informational\" issues (recommended)", ) ); $filter = new \Clapp\CommandArgumentFilter($definitions, $argv); if ($filter->getParam('h') === true || $argc < 2) { echo "Convert ptreport reprep output file to JSON files for repgen.php\n\n"; fwrite(STDERR, $definitions->getUsage()); exit(0); } // see if doc exists if ($filter->getParam("doc") == false) die("[-] no doc set\n"); echo "[!] doc: ".$filter->getParam("doc")."\n"; if(!file_exists($filter->getParam("doc"))) die("[-] no such file! \n"); $xmlfile = file_get_contents($filter->getParam("doc")); $nessus= simplexml_load_file($filter->getParam("doc")); $resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/"; $vulnarray = array(); foreach ($nessus->Report[0]->ReportHost as $host) { foreach ($host->ReportItem as $bug) { //echo $bug->plugin_name ."\n"; $output = NULL; //mosty solen from: https://github.com/adamziaja/php/blob/master/nessus/nessus.php $vulnarray[(string)$bug->plugin_name]['risk'] = (string)$bug->risk_factor; if($bug->cvss_base_score <> ""){ $vulnarray[(string)$bug->plugin_name]['cvss_score'] = (string)$bug->cvss_base_score; } if($bug->cvss_vector <> ""){ $vulnarray[(string)$bug->plugin_name]['cvss_vector'] = (string)$bug->cvss_vector; } if($bug->cvss3_base_score <> ""){ $vulnarray[(string)$bug->plugin_name]['cvss3_score'] = (string)$bug->cvss3_base_score; } if($bug->cvss3_vector <> ""){ $vulnarray[(string)$bug->plugin_name]['cvss3_vector'] = (string)$bug->cvss3_vector; } if($bug->synopsis <> ""){ $vulnarray[(string)$bug->plugin_name]['description'] = (string)$bug->synopsis; } if($bug->description <> ""){ $vulnarray[(string)$bug->plugin_name]['tech_description'] = (string)$bug->description; } if($bug->solution <> ""){ $vulnarray[(string)$bug->plugin_name]['solution'] = (string)$bug->solution; } } } foreach ($vulnarray as $key => $value) { $cvssS = ""; if(isset($value['cvss_score']) && $value['cvss_score'] <> "") $cvssS = $value['cvss_score']; if(isset($value['cvss3_score']) && $value['cvss3_score'] <> "") $cvssS = $value['cvss3_score']; if ($value['risk'] == 'None') { $value['risk'] = "Informational"; } $vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( @$key ) ); $jsonFile = '{ "title":'.json_encode(@$key).', "remediation":"", "cvss_score":'.json_encode($cvssS).', "risk":'.json_encode(@$value['risk']).', "impact":"High/Medium/Low", "description":'.json_encode(@$value['description']).', "tech_description":'.json_encode(@$value['tech_description']).', "solution":'.json_encode(@$value['solution']).', "cvss2_score":'.json_encode(@$value['cvss_score']).', "cvss2_vector":'.json_encode(@$value['cvss_vector']).', "cvss3_score":'.json_encode(@$value['cvss3_score']).', "cvss3_vector":'.json_encode(@$value['cvss3_vector']).', "owasp":"", "tags":"", "to_check":"checked"}'; if($filter->getParam('no-save') === false){ file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile); if($filter->getParam('no-info') === true && $value['risk'] == 'Informational') unlink($resultsFolder.$vulnFileName.".json"); } $prefix = ($filter->getParam('no-save') === true)? "[!] Issue:" : ($filter->getParam('no-info') === true && $value['risk'] == 'Informational')? "[-] Issue:" : "[+] Saving:"; echo "$prefix $key\n"; /*if ((string) $value['risk'] != 'None') { echo "##########################\n"; echo "Title: ".@$key."\n"; echo "Impact: ".@$value['risk']."\n"; echo "CVSS2 score: ".@$value['cvss_score']." vector: ".@$value['cvss_vector']."\n"; echo "CVSS3 score: ".@$value['cvss3_score']." vector: ".@$value['cvss3_vector']."\n"; echo "Desc: ".@$value['description']."\n"; echo "Tech Desc: ".@$value['tech_description']."\n"; echo "Solution: ".@$value['solution']."\n"; }*/ } ?>