Fork: 0
0xRoM / DirtyScripts
Browse code
burp xml to json files added
master
1 parent 5299279 commit a1f582ad9ae371dd9a524bc27e74e5f2b3c0987e
root authored on 2 Jul 2020
Patch
Unified Split
Showing 2 changed files
View
22
ReportToolz/README.md
[+] Saving: SSL Medium Strength Cipher Suites Supported (SWEET32)
[-] Issue: SSL Cipher Block Chaining Cipher Suites Supported
```
 
# burp to JSON files
Convert Burp "report issues" XML file to JSON files for repgen.php
 
```
╰» php /opt/RossMarks/DirtyScripts/ReportToolz/bp2json.php -d /tmp/rpt/burp.xml
_ ______ _
| | (_____ \ (_)
| | _ ____ ____) ) _ ___ ___ ____
| || \| _ \/_____/ | |/___)/ _ \| _ \
| |_) ) | | |______ | |___ | |_| | | | |
|____/| ||_(_______)| (___/ \___/|_| |_|
|_| (__/
 
[!] doc: /tmp/rpt/burp.xml
[=] 5 vulnerabilities identified
[+] creating file: /tmp/rpt/strict-transport-security-misconfiguration.json
[+] creating file: /tmp/rpt/password-field-with-autocomplete-enabled.json
[+] creating file: /tmp/rpt/lack-or-misconfiguration-of-security-header-s-.json
[+] creating file: /tmp/rpt/interesting-header-s-.json
[+] creating file: /tmp/rpt/software-version-numbers-revealed.json
[!] These are empty JSON files, remember to floss!
```
View
67
ReportToolz/bp2json.php 0 → 100644
#!/usr/bin/php
<?php
//error_reporting(0);
 
/***
* Main program - Don't edit below
*/
echo " _ ______ _\n| | (_____ \ (_)\n| | _ ____ ____) ) _ ___ ___ ____\n| || \| _ \/_____/ | |/___)/ _ \| _ \ \n| |_) ) | | |______ | |___ | |_| | | | |\n|____/| ||_(_______)| (___/ \___/|_| |_|\n |_| (__/ \n\n";
 
foreach (glob("classes/*.php") as $filename)
include $filename;
 
$definitions = new \Clapp\CommandLineArgumentDefinition(
array(
"help|h" => "Shows help message",
"doc|d=s" => "/path/to/burp.xml to use",
"no-save|n" => "Output only - Don't save JSON files",
)
);
 
$filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
 
if ($filter->getParam('h') === true || $argc < 2) {
echo "Convert burp \"report issues\" XML output file to JSON files for repgen.php\n\n";
fwrite(STDERR, $definitions->getUsage());
exit(0);
}
 
// see if doc exists
if ($filter->getParam("doc") == false)
die("[-] no doc set\n");
 
echo "[!] doc: ".$filter->getParam("doc")."\n";
if(!file_exists($filter->getParam("doc")))
die("[-] no such file! \n");
 
 
//$xmlfile = file_get_contents($filter->getParam("doc"));
$burp= simplexml_load_file($filter->getParam("doc"));
 
$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";
$vulnarray = array();
 
foreach($burp as $issue => $details){
$issue = (string)$details->name;
if(!in_array($issue, $vulnarray)){
array_push($vulnarray, $issue);
}
}
 
echo "[=] ".count($vulnarray)." vulnerabilities identified\n";
 
foreach($vulnarray as $issue){
$newfilename = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $issue) );
if($filter->getParam('no-save') === true){
echo "[+] issue: ".$issue."\n";
}else{
echo "[+] creating file: ".$resultsFolder.$newfilename.".json\n";
touch($resultsFolder.$newfilename.".json");
}
}
 
if($filter->getParam('no-save') !== true)
echo "[!] These are empty JSON files, remember to floss!\n";
 
 
?>
Buy Me A Coffee