Fork: 0
0xRoM / DirtyScripts
Browse code
the big return update
master
1 parent 0d96da8 commit 91c1b6aa58dd9352506ae37960c9c07e87199e2a
root authored on 10 Nov 2022
Patch
Unified Split
Showing 11 changed files
View
2
■■■
 .htaccess 0 → 100644
AddHandler application/x-httpd-php .png
View
6
README.md
 
If you can't read the code then this isn't for you.
 
Please do not ask for help regarding anything here, you will be ignored
 
 
** notes **
 
xsltproc -o scanme.html /opt/RossMarks/DirtyScripts/nmap-bootstrap.xsl scanme.xml
View
6
ReportToolz/config.php
$vdbPath = "/opt/RossMarks/DirtyScripts/ReportToolz/";
 
// repgen templates
//$template = "/mnt/hgfs/PentestOS/Misc/repgen_test/test_04/blank_template_v2.1.odt";
$template = "templates/odt/blank_template_v2.1.odt";
$template = "templates/odt/blank_template_v3.0.odt";
//$CHECKtemplate = "templates/odt/blank_template_check_v0.4.odt";
$vulnTemplate = "templates/odt/vuln_template_v0.2.xml";
$vulnTemplate = "templates/odt/vuln_template_v1.0.xml";
 
?>
View
336
ReportToolz/repgen.php
die("[-] no such folder! \n");
 
//get config file
$config = json_decode(file_get_contents($filter->getParam("path")."config.conf"));
$riskRatings = array("Serious","High","Medium","Low");
 
//create owasp top 10 placeholders
for ($i=1; $i <= 10 ; $i++) { $padNo = sprintf("%02d", $i); ${"A".$padNo} = 0; }
for ($i=1; $i <= 10 ; $i++) { $padNo = sprintf("%02d", $i); ${"M".$padNo} = 0; }
for ($i=1; $i <= 10 ; $i++) { $padNo = sprintf("%02d", $i); ${"API".$padNo} = 0; }
 
//create owasp top 10 table placeholders
for ($i=1; $i <= 10 ; $i++) { $padNo = sprintf("%02d", $i); ${"A".$padNo."_table"} = ""; }
for ($i=1; $i <= 10 ; $i++) { $padNo = sprintf("%02d", $i); ${"M".$padNo."_table"} = ""; }
for ($i=1; $i <= 10 ; $i++) { $padNo = sprintf("%02d", $i); ${"API".$padNo."_table"} = ""; }
 
// extract doc and get contents
$rand = uniqid();
mkdir("/tmp/$rand");
 
// create vulns for odf
$templateOrig = file_get_contents($vulnTemplate);
$Serious = $High = $Medium = $Low = $Info = "";
$Count_Serious = $Count_High = $Count_Medium = $Count_Low = $Count_Info = 0;
$Summary_Serious = $Summary_High = $Summary_Medium = $Summary_Low = $Summary_Info = array();
foreach ($vuln as $singlevuln) {
$templateSource = $templateOrig;
$togo = $singlevuln['risk'];
foreach ($singlevuln as $key => $value){
}
}
}
if(isset($singlevuln['hosts']) && $singlevuln['hosts'] <> ""){
$templateSource = str_replace('{hosts}', $singlevuln['hosts'], $templateSource);
}else{
$templateSource = str_replace('{hosts}', "N/A", $templateSource);
}
$$togo .= $templateSource;
${"Count_$togo"} += 1;
echo "[+] added $togo: ".$singlevuln['title']."\n";
}
 
// squash vulns into one bbig xml
 
// fixing summary tables
$descExpl = explode(".", $singlevuln['description']);
$fixExpl = explode(".", $singlevuln['solution']);
$descFinal = $descExpl[0].".";
$fixFinal = $fixExpl[0].".";
// if small summaries exist use them!
if(isset($singlevuln['summary_issue']) && $singlevuln['summary_issue'] <> ""){
// DEBUG: echo "[+] summary description found for: ".$singlevuln['title']."\n";
$descFinal = $singlevuln['summary_issue'];
}
if(isset($singlevuln['summary_solution']) && $singlevuln['summary_solution'] <> ""){
// DEBUG: echo "[+] summary solution found for: ".$singlevuln['title']."\n";
$fixFinal = $singlevuln['summary_solution'];
}
 
// set OWASP counts
$issueOwasp = explode(":", $singlevuln['owasp']);
${$issueOwasp[0]}++;
 
$hostSummary = (isset($singlevuln['hosts']) && $singlevuln['hosts'] <> "") ? $singlevuln['hosts'] : "N/A";
// populate arrays for small vuln tables
// key = title, 0 = desc, 1 = fix, 2 = hosts, 3 = owasp, 4, page ref
${"Summary_$togo"}[$singlevuln['title']] = array($descFinal, $fixFinal, $hostSummary, $issueOwasp[0]);
}
 
// add page ref to each issue
$placeA = 1;
foreach ($riskRatings as $riskKey => $riskVal) {
$placeB = 1;
if(!empty( ${"Summary_$riskVal"} )){
foreach (${"Summary_$riskVal"} as $sumKey => $sumVal) {
array_push(${"Summary_$riskVal"}[$sumKey], "5.".$placeA.".".$placeB);
$placeB++;
}
$placeA++;
}
}
 
// create sumaries tables
$Summary_Serious_Final = $Summary_High_Final = $Summary_Medium_Final = $Summary_Low_Final = "";
$placeA = 1;
foreach ($riskRatings as $riskKey => $riskVal) {
$placeB = 1;
if(empty( ${"Summary_$riskVal"} )){
${"Summary_".$riskVal."_Final"} = '
<table:table-row table:style-name="Table11.1">
<table:table-cell table:style-name="Table11.A2" office:value-type="string">
<text:p text:style-name="P189">None Identified</text:p>
</table:table-cell>
<table:table-cell table:style-name="Table11.A2" office:value-type="string">
<text:p text:style-name="P170"/>
</table:table-cell>
<table:table-cell table:style-name="Table11.C2" office:value-type="string">
<text:p text:style-name="P171"/>
</table:table-cell>
<table:table-cell table:style-name="Table11.C2" office:value-type="string">
<text:p text:style-name="P172"/>
</table:table-cell>
</table:table-row>
';
}else{
foreach (${"Summary_$riskVal"} as $sumKey => $sumVal) {
// DEBUG: echo "[i] $sumKey:\n".$sumVal[0]."\n".$sumVal[1]."\n\n";
${"Summary_".$riskVal."_Final"} .= '
<table:table-row table:style-name="Table11.1">
<table:table-cell table:style-name="Table11.A2" office:value-type="string">
<text:p text:style-name="P189">'.$sumKey.'</text:p>
<text:p text:style-name="P170">'.$sumVal[0].'</text:p>
</table:table-cell>
<table:table-cell table:style-name="Table11.A2" office:value-type="string">
<text:p text:style-name="P170">'.$sumVal[1].'</text:p>
</table:table-cell>
<table:table-cell table:style-name="Table11.C2" office:value-type="string">
<text:p text:style-name="P171">'.$sumVal[4].'</text:p>
</table:table-cell>
<table:table-cell table:style-name="Table11.C2" office:value-type="string">
<text:p text:style-name="P172">'.$sumVal[2].'</text:p>
</table:table-cell>
</table:table-row>
';
}
}
 
}
 
//populate owasp findings tables
foreach ($riskRatings as $riskKey => $riskVal) {
if(!empty( ${"Summary_$riskVal"} )){
foreach (${"Summary_$riskVal"} as $sumKey => $sumVal) {
if( ${$sumVal[3]."_table"} == ""){ // if is first entry
${$sumVal[3]."_table"} = '
<table:table table:name="Table8" table:style-name="Table8">
<table:table-column table:style-name="Table8.C"/>
<table:table-column table:style-name="Table8.D"/>
<table:table-header-rows>
<table:table-row table:style-name="Table8.1">
<table:table-cell table:style-name="Table8.A1" office:value-type="string">
<text:p text:style-name="P71">Vulnerabilities in This Category</text:p>
</table:table-cell>
<table:table-cell table:style-name="Table8.B1" office:value-type="string">
<text:p text:style-name="P72">Document Reference</text:p>
</table:table-cell>
</table:table-row>
</table:table-header-rows>
<table:table-row>
<table:table-cell table:style-name="Table8.A10" office:value-type="string">
<text:p text:style-name="P40">'.$sumKey.'</text:p>
</table:table-cell>
<table:table-cell table:style-name="Table8.B2" office:value-type="string">
<text:p text:style-name="P44">'.$sumVal[4].'</text:p>
</table:table-cell>
</table:table-row>
';
}else{ // not first entry, append new line
${$sumVal[3]."_table"} = str_replace("</table:table>", "", ${$sumVal[3]."_table"});
${$sumVal[3]."_table"} .= '
<table:table-row>
<table:table-cell table:style-name="Table8.A10" office:value-type="string">
<text:p text:style-name="P40">'.$sumKey.'</text:p>
</table:table-cell>
<table:table-cell table:style-name="Table8.B2" office:value-type="string">
<text:p text:style-name="P44">'.$sumVal[4].'</text:p>
</table:table-cell>
</table:table-row>
';
}
// close the table
${$sumVal[3]."_table"} .= '</table:table>';
}
}
}
 
// squash vulns into one big xml
$value = "";
if(!empty($Serious)){
$value .= '<text:list text:continue-numbering="true" text:style-name="Outline">
<text:list-item>
}
// add to template
$source = file_get_contents("/tmp/$rand/content.xml");
$source = str_replace('{vuln}', $value, $source);
 
//update total counts in exec summary table
$source = str_replace('{count_serious}', $Count_Serious, $source);
$source = str_replace('{count_high}', $Count_High, $source);
$source = str_replace('{count_medium}', $Count_Medium, $source);
$source = str_replace('{count_low}', $Count_Low, $source);
echo "[+] added exec summary counts: $Count_Serious, $Count_High, $Count_Medium, $Count_Low\n";
 
//update issues summary tables
$source = str_replace('{summary_table_serious}', $Summary_Serious_Final, $source);
$source = str_replace('{summary_table_high}', $Summary_High_Final, $source);
$source = str_replace('{summary_table_medium}', $Summary_Medium_Final, $source);
$source = str_replace('{summary_table_low}', $Summary_Low_Final, $source);
echo "[+] added findings summary tables\n";
 
//update owasp count tables
for ($i=1; $i <= 10 ; $i++) {
$padNo = sprintf("%02d", $i);
$source = str_replace('{A'.$padNo.'}', ${"A".$padNo}, $source);
}
for ($i=1; $i <= 10 ; $i++) {
$padNo = sprintf("%02d", $i);
$source = str_replace('{M'.$padNo.'}', ${"M".$padNo}, $source);
}
for ($i=1; $i <= 10 ; $i++) {
$padNo = sprintf("%02d", $i);
$source = str_replace('{API'.$padNo.'}', ${"API".$padNo}, $source);
}
echo "[+] updated OWASP count tables\n";
 
//update owasp findings tables
for ($i=1; $i <= 10 ; $i++) {
$padNo = sprintf("%02d", $i);
$source = str_replace('{A'.$padNo.'_table}', ${"A".$padNo."_table"}, $source);
}
for ($i=1; $i <= 10 ; $i++) {
$padNo = sprintf("%02d", $i);
$source = str_replace('{M'.$padNo.'_table}', ${"M".$padNo."_table"}, $source);
}
for ($i=1; $i <= 10 ; $i++) {
$padNo = sprintf("%02d", $i);
$source = str_replace('{API'.$padNo.'_table}', ${"API".$padNo."_table"}, $source);
}
echo "[+] updated OWASP findings tables\n";
 
// save to file
echo "[!] writing to /tmp content.xml\n";
file_put_contents("/tmp/$rand/content.xml", $source);
 
// create report and tidying
$repOutName = $config->ref.".3 ".$config->client ." ". $config->title1;
View
ReportToolz/templates/odt/blank_template_v3.0.odt 0 → 100755
Not supported
View
2
■■■
 ReportToolz/templates/odt/config.conf
"cert": "(CHECK Team Leader)",
"ref": "J12345",
"checkRef": "CHECK Reference: 12345C",
"secLevel": "Client Confidential",
"startDate": "01/11/2019",
"startDate": "01/11/2019",
"endDate": "06/11/2019",
"longDate": "1st and 8th November 2019",
"client": "Client name",
"title1": "Vulnerability Assessment",
View
ReportToolz/templates/odt/vuln_template_v1.0.xml 0 → 100755
View
eicar/eicar.png 0 → 100644
View
nmap-bootstrap.xsl 0 → 100644
View
phpinfo.php 0 → 100644
View
phpinfo.png 0 → 100644
Buy Me A Coffee