ptreport support
1 parent 43c2613 commit 85a19a9c65d27ec94debc84e9d2fc0ecb60555e3
root authored on 14 Dec 2019
Showing 3 changed files
View
24
ReportToolz/README.md
 
╰» ./vdb.php -i 151 -p /tmp
xss-reflected.json copied to /tmp/
```
 
# ptreport to JSON files
Convert ptreport reprep output file to JSON files for repgen.php
 
```
╰» ./pt2json.php -d /mnt/hgfs/Pentest/pentests/2019/Company/report/Company-9ajgty.ptreport
______ _
_ (_____ \ (_)
____ _| |_ ____) ) _ ___ ___ ____
| _ (_ _)/ ____/ | |/___)/ _ \| _ \
| |_| || |_| (_____ | |___ | |_| | | | |
| __/ \__)_______)| (___/ \___/|_| |_|
|_| (__/
 
[!] doc: /mnt/hgfs/Pentest/pentests/2019/Company/report/Company-9ajgty.ptreport
[+] creating json for: SSL/TLS 64-bit Block Size Cipher Suites
[+] creating json for: TLS Version 1.0 Protocol in use
[+] creating json for: Untrustworthy Server Certificate Chain
[+] creating json for: Missing or Permissive HTTP Content-Security-Policy Header
[+] creating json for: Missing or Permissive X-Frame-Options HTTP Response Header
[+] creating json for: No HTTP Strict Transport Security
 
```
View
98
ReportToolz/pt2json.php 0 → 100755
#!/usr/bin/php
<?php
//error_reporting(0);
 
/***
* Main program - Don't edit below
*/
echo " ______ _ \n _ (_____ \ (_) \n ____ _| |_ ____) ) _ ___ ___ ____ \n| _ (_ _)/ ____/ | |/___)/ _ \| _ \ \n| |_| || |_| (_____ | |___ | |_| | | | |\n| __/ \__)_______)| (___/ \___/|_| |_|\n|_| (__/ \n\n";
 
foreach (glob("classes/*.php") as $filename)
include $filename;
 
$definitions = new \Clapp\CommandLineArgumentDefinition(
array(
"help|h" => "Shows help message",
"doc|d=s" => "/path/to/doc.ptreport to use",
)
);
 
$filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
 
if ($filter->getParam('h') === true || $argc < 2) {
echo "Convert ptreport reprep output file to JSON files for repgen.php\n\n";
fwrite(STDERR, $definitions->getUsage());
exit(0);
}
 
// see if doc exists
if ($filter->getParam("doc") == false)
die("[-] no doc set\n");
 
echo "[!] doc: ".$filter->getParam("doc")."\n";
if(!file_exists($filter->getParam("doc")))
die("[-] no such file! \n");
 
 
$xmlfile = file_get_contents($filter->getParam("doc"));
$ob= simplexml_load_string($xmlfile);
$json = json_encode($ob);
$configData = json_decode($json, true);
 
//print_r($configData);
//file_put_contents('/mnt/hgfs/Pentest/pentests/2019/Remploy/test/array.x', print_r($configData, true));
$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";
 
foreach ($configData['report_sections']['section']['subsection'] as $key => $value) {
# code...
//echo $value['title']."\n";
//print_r($value);
foreach($value['finding'] as $key2 => $value2){
echo "[+] creating json for: ".$value2['@attributes']['title']."\n";
$vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $value2['@attributes']['title']) );
 
if(isset($value2['cvss_vector']) && @strpos($value2['cvss_vector'], 'CVSS:3.0') === 0 ){
$cvss3_score = $value2['cvss'];
$cvss3_vector = $value2['cvss_vector'];
}else{
$cvss3_score = "";
$cvss3_vector = "";
}
 
$techD = "";
foreach ($value2['section'] as $key => $value) {
# code...
$techD .= @base64_decode($value)."\n";
}
$cvssS = (isset($value2['cvss']))? $value2['cvss'] : "";
 
$sev = $value2['severity'];
$sev = str_replace("serious", "Serious", $sev);
$sev = str_replace("high", "High", $sev);
$sev = str_replace("medium", "Medium", $sev);
$sev = str_replace("low", "Low", $sev);
$sev = str_replace("info", "Informational", $sev);
 
$jsonFile = '{
"title":'.json_encode($value2['@attributes']['title']).',
"category":"",
"remediation":'.json_encode(base64_decode($value2['remediation'])).',
"cvss_score":'.json_encode($cvssS).',
"risk":'.json_encode($sev).',
"impact":"High/Medium/Low",
"description":'.json_encode(base64_decode($value2['summary_description'])).',
"tech_description":'.json_encode($techD).',
"solution":'.json_encode(base64_decode($value2['summary_fix'])).',
"cvss2_score":"",
"cvss2_vector":"",
"cvss3_score":'.json_encode($cvss3_score).',
"cvss3_vector":'.json_encode($cvss3_vector).',
"owasp":"",
"tags":'.json_encode(base64_decode($value2['vuln_tags'])).',
"to_check":"checked"}';
 
file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile);
}
}
View
14
ReportToolz/repgen.php
echo "[-] no vulns found!\n";
 
// create vulns for odf
$templateOrig = file_get_contents($vulnTemplate);
$Serious = $High = $Medium = $Low = "";
$Serious = $High = $Medium = $Low = $Informational = "";
foreach ($vuln as $singlevuln) {
$templateSource = $templateOrig;
$togo = $singlevuln['risk'];
foreach ($singlevuln as $key => $value){
</text:list-item>
</text:list>';
$value .= $Low;
}
if(!empty($Informational)){
$value .= '<text:list text:continue-numbering="true" text:style-name="Outline">
<text:list-item>
<text:list>
<text:list-item>
<text:h text:outline-level="2">Informational Risk Vulnerabilities</text:h>
</text:list-item>
</text:list>
</text:list-item>
</text:list>';
$value .= $Informational;
}
// add to template
$source = file_get_contents("/tmp/$rand/content.xml");
$source = str_replace('{vuln}', $value, $source);
file_put_contents("/tmp/$rand/content.xml", $source);
Buy Me A Coffee