Newer
Older
DirtyScripts / ReportToolz / ns2json.php
root on 27 Feb 2020 4 KB nessus sux
#!/usr/bin/php
<?php
//error_reporting(0);

/***
 * Main program - Don't edit below
 */
echo "            ______   _                  \n           (_____ \ (_)                 \n ____   ___  ____) ) _  ___  ___  ____  \n|  _ \ /___)/ ____/ | |/___)/ _ \|  _ \ \n| | | |___ | (_____ | |___ | |_| | | | |\n|_| |_(___/|_______)| (___/ \___/|_| |_|\n                  (__/     \n\n";

foreach (glob("classes/*.php") as $filename)
    include $filename;

$definitions = new \Clapp\CommandLineArgumentDefinition(
    array(
        "help|h"            => "Shows help message",
        "doc|d=s"           => "/path/to/doc.nessus to use",
        "no-save|n"           => "Output only - Don't save JSON files",
        "no-info|i"           => "Don't save \"informational\" issues (recommended)",
    )
);

$filter = new \Clapp\CommandArgumentFilter($definitions, $argv);

if ($filter->getParam('h') === true || $argc < 2) {
	echo "Convert ptreport reprep output file to JSON files for repgen.php\n\n";
    fwrite(STDERR, $definitions->getUsage());
    exit(0);
} 

// see if doc exists 
if ($filter->getParam("doc") == false)
	die("[-] no doc set\n");

echo "[!] doc: ".$filter->getParam("doc")."\n";
if(!file_exists($filter->getParam("doc")))
	die("[-] no such file! \n"); 


$xmlfile = file_get_contents($filter->getParam("doc"));
$nessus= simplexml_load_file($filter->getParam("doc"));

$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";
$vulnarray = array();

foreach ($nessus->Report[0]->ReportHost as $host) {
    foreach ($host->ReportItem as $bug) {
        //echo $bug->plugin_name ."\n";
        $output = NULL;

        //mosty solen from: https://github.com/adamziaja/php/blob/master/nessus/nessus.php
        $vulnarray[(string)$bug->plugin_name]['risk'] = (string)$bug->risk_factor;
        if($bug->cvss_base_score <> ""){ $vulnarray[(string)$bug->plugin_name]['cvss_score'] = (string)$bug->cvss_base_score; }
        if($bug->cvss_vector <> ""){ $vulnarray[(string)$bug->plugin_name]['cvss_vector'] = (string)$bug->cvss_vector; }
        if($bug->cvss3_base_score <> ""){ $vulnarray[(string)$bug->plugin_name]['cvss3_score'] = (string)$bug->cvss3_base_score; }
        if($bug->cvss3_vector <> ""){ $vulnarray[(string)$bug->plugin_name]['cvss3_vector'] = (string)$bug->cvss3_vector; }
        if($bug->synopsis <> ""){ $vulnarray[(string)$bug->plugin_name]['description'] = (string)$bug->synopsis; }
        if($bug->description <> ""){ $vulnarray[(string)$bug->plugin_name]['tech_description'] = (string)$bug->description; }
        if($bug->solution <> ""){ $vulnarray[(string)$bug->plugin_name]['solution'] = (string)$bug->solution; }

    }
}

foreach ($vulnarray as $key => $value) {

    $cvssS = "";
    if(isset($value['cvss_score']) && $value['cvss_score'] <> "")
        $cvssS = $value['cvss_score'];
    if(isset($value['cvss3_score']) && $value['cvss3_score'] <> "")
        $cvssS = $value['cvss3_score'];

    if ($value['risk'] == 'None') { $value['risk'] = "Info"; }

    $vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( @$key ) );
    $jsonFile = '{
        "title":'.json_encode(@$key).',
        "remediation":"",
        "cvss_score":'.json_encode($cvssS).',
        "risk":'.json_encode(@$value['risk']).',
        "impact":"High/Medium/Low",
        "description":'.json_encode(@$value['description']).',
        "tech_description":'.json_encode(@$value['tech_description']).',
        "solution":'.json_encode(@$value['solution']).',
        "cvss2_score":'.json_encode(@$value['cvss_score']).',
        "cvss2_vector":'.json_encode(@$value['cvss_vector']).',
        "cvss3_score":'.json_encode(@$value['cvss3_score']).',
        "cvss3_vector":'.json_encode(@$value['cvss3_vector']).',
        "owasp":"",
        "tags":"",
        "to_check":"checked"}';

        if($filter->getParam('no-save') === false){
            file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile);
            if($filter->getParam('no-info') === true && $value['risk'] == 'Informational')
                unlink($resultsFolder.$vulnFileName.".json");
        }

    $prefix = ($filter->getParam('no-save') === true)? "[!] Issue:" : ($filter->getParam('no-info') === true && $value['risk'] == 'Informational')? "[-] Issue:" : "[+] Saving:";
    echo "$prefix $key\n";
    /*if ((string) $value['risk'] != 'None') {
        echo "##########################\n";
        echo "Title: ".@$key."\n";
        echo "Impact: ".@$value['risk']."\n";
        echo "CVSS2 score: ".@$value['cvss_score']." vector: ".@$value['cvss_vector']."\n";
        echo "CVSS3 score: ".@$value['cvss3_score']." vector: ".@$value['cvss3_vector']."\n";
        echo "Desc: ".@$value['description']."\n";
        echo "Tech Desc: ".@$value['tech_description']."\n";
        echo "Solution: ".@$value['solution']."\n";
    }*/
}

?>