Fork: 0
0xRoM / DirtyScripts
Browse code
minor fixes and initial floss script
master
1 parent 9a5295e commit e9f7de58c6072f354e0386408e007bcef3a73c26
root authored on 13 May 2020
Patch
Unified Split
Showing 5 changed files
View
11
ReportToolz/config.php 0 → 100644
<?php
// path to vdb
$vulnDB = "/opt/RossMarks/vdb/";
// path to scripts repgen, vdp, floss etc..
$vdbPath = "/opt/RossMarks/DirtyScripts/ReportToolz/";
 
// repgen templates
$template = "templates/odt/blank_template_v1.1.odt";
//$CHECKtemplate = "templates/odt/blank_template_check_v0.4.odt";
$vulnTemplate = "templates/odt/vuln_template_v0.2.xml";
?>
View
139
ReportToolz/floss.php 0 → 100755
#!/usr/bin/php
<?php
//error_reporting(0);
include('config.php');
 
/***
* Main program - Don't edit below
*/
echo "·▄▄▄▄▄▌ .▄▄ · .▄▄ · \n▐▄▄·██• ▪ ▐█ ▀. ▐█ ▀. \n██▪ ██▪ ▄█▀▄ ▄▀▀▀█▄▄▀▀▀█▄\n██▌.▐█▌▐▌▐█▌.▐▌▐█▄▪▐█▐█▄▪▐█\n▀▀▀ .▀▀▀ ▀█▄▀▪ ▀▀▀▀ ▀▀▀▀ \n";
 
foreach (glob("classes/*.php") as $filename)
include $filename;
 
$definitions = new \Clapp\CommandLineArgumentDefinition(
array(
"help|h" => "Shows help message",
"path|p=s" => "/path/to/jsons/"
)
);
 
$filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
 
if ($filter->getParam('h') === true || $argc < 2) {
echo "The JSON prettyfier\n\n";
fwrite(STDERR, $definitions->getUsage());
exit(0);
}
 
if(!file_exists($vulnDB."/floss.csv"))
die("[!] floss.csv not found, is config.php correct?\n");
 
// create the CSV array
$csv = array();
$file = fopen($vulnDB."/floss.csv", 'r');
while (($result = fgetcsv($file)) !== false){
$csv[] = $result;
}
fclose($file);
 
// see if doc exists
if ($filter->getParam("path") == false)
die("[-] no path set\n");
 
// load vdb vulns
$vdbVulns = getDirContents($vulnDB);
foreach($vdbVulns as $h => $i){ // remove begining of vdb path (keeps clean)
$vdbVulns[$h] = str_replace($vulnDB, "", $i);
}
echo "VDB: ".sizeof($vdbVulns).", ";
 
// get all vulns
$vuln = array();
$files = glob($filter->getParam("path")."*.json");
foreach($files as $finding){
$vuln[]['orig'] = str_replace(".json", "", str_replace($filter->getParam("path"), "", $finding));
}
 
echo "Vulns: ".sizeof($vuln)."\n";
 
// check for existing
foreach($vuln as $key => $finding){
foreach($vdbVulns as $issue){
$title = substr($issue, strrpos($issue, '/') + 1);
if($finding['orig'].".json" == $title){
$vuln[$key]['new'] = $issue;
//echo $finding['orig']." -> ".$issue."\n"; // DEBUG
}
}
}
 
// check for pattern match in floss.csv
foreach($csv as $finding){
foreach($vuln as $key => $issue){
if(fnmatch($finding[0], $issue['orig'])){
$vuln[$key]['new'] = $finding[1];
//echo $issue['orig']." -> ".$finding[1]."\n"; // DEBUG
}
}
}
 
//print_r($vuln); // DEBUG
 
$flossFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/flossed";
if(!file_exists($flossFolder."/")){
mkdir($flossFolder."/");
echo "[+] created directory $flossFolder/\n";
}
$checkFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/to_check";
if(!file_exists($checkFolder."/")){
mkdir($checkFolder."/");
echo "[+] created directory $checkFolder/\n";
}
 
$flossed = 0;
$flossArr = array();
$fp = fopen($filter->getParam("path")."flossed/".date("d-m-Y_H-i-s").".log", "wb");
foreach($vuln as $key => $finding){
if(isset($finding['new'])){
 
$content = $finding['orig']." -> ".$finding['new']."\n"; // log changes
fwrite($fp,$content);
 
rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."flossed/".$finding['orig'].".json");
if($finding['new'] != "-del-"){
$title = substr($finding['new'], strrpos($finding['new'], '/') + 1);
copy($vulnDB.$finding['new'], $filter->getParam("path").$title);
$flossArr[] = $finding['new'];
}
$flossed++;
}else{
rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."to_check/".$finding['orig'].".json");
}
}
fclose($fp);
 
$flossedInto = sizeof(array_unique($flossArr));
$left = sizeof($vuln)-$flossed;
echo "Flossed: ".$flossed." -> ".$flossedInto."\n";
echo "To Check: ".$left."\n";
echo "________________________________________________
| |
|Please (on VDB) either add a rule to floss.csv |
|or create a new vulnerability for each .json |
|in /to_check to help the team and make |
|reporting easier for everyone! |
|_______________________________________________|\n";
 
 
function getDirContents($path) {
$rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path));
 
$files = array();
foreach ($rii as $file)
if (!$file->isDir())
$files[] = $file->getPathname();
 
return $files;
}
View
2
■■■
 ReportToolz/pt2json.php
$ob= simplexml_load_string($xmlfile);
$json = json_encode($ob);
$configData = json_decode($json, true);
 
//$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";
$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";
 
if( isset($configData['report_sections']['section'][0]['subsection'][0]['@attributes']['title'])){
// multiple headings
foreach( $configData['report_sections']['section'] as $key1 => $val1 ){
View
14
ReportToolz/repgen.php
#!/usr/bin/php
<?php
//error_reporting(0);
 
/***
* Configuration options
*/
$template = "templates/odt/blank_template_v1.1.odt";
//$CHECKtemplate = "templates/odt/blank_template_check_v0.4.odt";
$vulnTemplate = "templates/odt/vuln_template_v0.2.xml";
include('config.php');
 
/***
* Main program - Don't edit below
*/
View
12
ReportToolz/vdb.php
#!/usr/bin/php
<?php
//error_reporting(0);
 
/***
* Configuration options
*/
$vulnDB = "/opt/RossMarks/vdb/";
$vdbPath = "/opt/RossMarks/DirtyScripts/ReportToolz/";
include('config.php');
 
/***
* Main program - Don't edit below
*/
Buy Me A Coffee