diff --git a/ReportToolz/README.md b/ReportToolz/README.md index 49f29da..9dd8a0c 100644 --- a/ReportToolz/README.md +++ b/ReportToolz/README.md @@ -88,4 +88,27 @@ ╰» ./vdb.php -i 151 -p /tmp xss-reflected.json copied to /tmp/ -``` \ No newline at end of file +``` + +# ptreport to JSON files +Convert ptreport reprep output file to JSON files for repgen.php + +``` +╰» ./pt2json.php -d /mnt/hgfs/Pentest/pentests/2019/Company/report/Company-9ajgty.ptreport + ______ _ + _ (_____ \ (_) + ____ _| |_ ____) ) _ ___ ___ ____ +| _ (_ _)/ ____/ | |/___)/ _ \| _ \ +| |_| || |_| (_____ | |___ | |_| | | | | +| __/ \__)_______)| (___/ \___/|_| |_| +|_| (__/ + +[!] doc: /mnt/hgfs/Pentest/pentests/2019/Company/report/Company-9ajgty.ptreport +[+] creating json for: SSL/TLS 64-bit Block Size Cipher Suites +[+] creating json for: TLS Version 1.0 Protocol in use +[+] creating json for: Untrustworthy Server Certificate Chain +[+] creating json for: Missing or Permissive HTTP Content-Security-Policy Header +[+] creating json for: Missing or Permissive X-Frame-Options HTTP Response Header +[+] creating json for: No HTTP Strict Transport Security + +``` diff --git a/ReportToolz/README.md b/ReportToolz/README.md index 49f29da..9dd8a0c 100644 --- a/ReportToolz/README.md +++ b/ReportToolz/README.md @@ -88,4 +88,27 @@ ╰» ./vdb.php -i 151 -p /tmp xss-reflected.json copied to /tmp/ -``` \ No newline at end of file +``` + +# ptreport to JSON files +Convert ptreport reprep output file to JSON files for repgen.php + +``` +╰» ./pt2json.php -d /mnt/hgfs/Pentest/pentests/2019/Company/report/Company-9ajgty.ptreport + ______ _ + _ (_____ \ (_) + ____ _| |_ ____) ) _ ___ ___ ____ +| _ (_ _)/ ____/ | |/___)/ _ \| _ \ +| |_| || |_| (_____ | |___ | |_| | | | | +| __/ \__)_______)| (___/ \___/|_| |_| +|_| (__/ + +[!] doc: /mnt/hgfs/Pentest/pentests/2019/Company/report/Company-9ajgty.ptreport +[+] creating json for: SSL/TLS 64-bit Block Size Cipher Suites +[+] creating json for: TLS Version 1.0 Protocol in use +[+] creating json for: Untrustworthy Server Certificate Chain +[+] creating json for: Missing or Permissive HTTP Content-Security-Policy Header +[+] creating json for: Missing or Permissive X-Frame-Options HTTP Response Header +[+] creating json for: No HTTP Strict Transport Security + +``` diff --git a/ReportToolz/pt2json.php b/ReportToolz/pt2json.php new file mode 100755 index 0000000..f40ca32 --- /dev/null +++ b/ReportToolz/pt2json.php @@ -0,0 +1,98 @@ +#!/usr/bin/php + "Shows help message", + "doc|d=s" => "/path/to/doc.ptreport to use", + ) +); + +$filter = new \Clapp\CommandArgumentFilter($definitions, $argv); + +if ($filter->getParam('h') === true || $argc < 2) { + echo "Convert ptreport reprep output file to JSON files for repgen.php\n\n"; + fwrite(STDERR, $definitions->getUsage()); + exit(0); +} + +// see if doc exists +if ($filter->getParam("doc") == false) + die("[-] no doc set\n"); + +echo "[!] doc: ".$filter->getParam("doc")."\n"; +if(!file_exists($filter->getParam("doc"))) + die("[-] no such file! \n"); + + +$xmlfile = file_get_contents($filter->getParam("doc")); +$ob= simplexml_load_string($xmlfile); +$json = json_encode($ob); +$configData = json_decode($json, true); + +//print_r($configData); +//file_put_contents('/mnt/hgfs/Pentest/pentests/2019/Remploy/test/array.x', print_r($configData, true)); +$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/"; + +foreach ($configData['report_sections']['section']['subsection'] as $key => $value) { + # code... + //echo $value['title']."\n"; + //print_r($value); + foreach($value['finding'] as $key2 => $value2){ + echo "[+] creating json for: ".$value2['@attributes']['title']."\n"; + $vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $value2['@attributes']['title']) ); + + if(isset($value2['cvss_vector']) && @strpos($value2['cvss_vector'], 'CVSS:3.0') === 0 ){ + $cvss3_score = $value2['cvss']; + $cvss3_vector = $value2['cvss_vector']; + }else{ + $cvss3_score = ""; + $cvss3_vector = ""; + } + + $techD = ""; + foreach ($value2['section'] as $key => $value) { + # code... + $techD .= @base64_decode($value)."\n"; + } + $cvssS = (isset($value2['cvss']))? $value2['cvss'] : ""; + + $sev = $value2['severity']; + $sev = str_replace("serious", "Serious", $sev); + $sev = str_replace("high", "High", $sev); + $sev = str_replace("medium", "Medium", $sev); + $sev = str_replace("low", "Low", $sev); + $sev = str_replace("info", "Informational", $sev); + + $jsonFile = '{ + "title":'.json_encode($value2['@attributes']['title']).', + "category":"", + "remediation":'.json_encode(base64_decode($value2['remediation'])).', + "cvss_score":'.json_encode($cvssS).', + "risk":'.json_encode($sev).', + "impact":"High/Medium/Low", + "description":'.json_encode(base64_decode($value2['summary_description'])).', + "tech_description":'.json_encode($techD).', + "solution":'.json_encode(base64_decode($value2['summary_fix'])).', + "cvss2_score":"", + "cvss2_vector":"", + "cvss3_score":'.json_encode($cvss3_score).', + "cvss3_vector":'.json_encode($cvss3_vector).', + "owasp":"", + "tags":'.json_encode(base64_decode($value2['vuln_tags'])).', + "to_check":"checked"}'; + + + file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile); + } + +} \ No newline at end of file diff --git a/ReportToolz/README.md b/ReportToolz/README.md index 49f29da..9dd8a0c 100644 --- a/ReportToolz/README.md +++ b/ReportToolz/README.md @@ -88,4 +88,27 @@ ╰» ./vdb.php -i 151 -p /tmp xss-reflected.json copied to /tmp/ -``` \ No newline at end of file +``` + +# ptreport to JSON files +Convert ptreport reprep output file to JSON files for repgen.php + +``` +╰» ./pt2json.php -d /mnt/hgfs/Pentest/pentests/2019/Company/report/Company-9ajgty.ptreport + ______ _ + _ (_____ \ (_) + ____ _| |_ ____) ) _ ___ ___ ____ +| _ (_ _)/ ____/ | |/___)/ _ \| _ \ +| |_| || |_| (_____ | |___ | |_| | | | | +| __/ \__)_______)| (___/ \___/|_| |_| +|_| (__/ + +[!] doc: /mnt/hgfs/Pentest/pentests/2019/Company/report/Company-9ajgty.ptreport +[+] creating json for: SSL/TLS 64-bit Block Size Cipher Suites +[+] creating json for: TLS Version 1.0 Protocol in use +[+] creating json for: Untrustworthy Server Certificate Chain +[+] creating json for: Missing or Permissive HTTP Content-Security-Policy Header +[+] creating json for: Missing or Permissive X-Frame-Options HTTP Response Header +[+] creating json for: No HTTP Strict Transport Security + +``` diff --git a/ReportToolz/pt2json.php b/ReportToolz/pt2json.php new file mode 100755 index 0000000..f40ca32 --- /dev/null +++ b/ReportToolz/pt2json.php @@ -0,0 +1,98 @@ +#!/usr/bin/php + "Shows help message", + "doc|d=s" => "/path/to/doc.ptreport to use", + ) +); + +$filter = new \Clapp\CommandArgumentFilter($definitions, $argv); + +if ($filter->getParam('h') === true || $argc < 2) { + echo "Convert ptreport reprep output file to JSON files for repgen.php\n\n"; + fwrite(STDERR, $definitions->getUsage()); + exit(0); +} + +// see if doc exists +if ($filter->getParam("doc") == false) + die("[-] no doc set\n"); + +echo "[!] doc: ".$filter->getParam("doc")."\n"; +if(!file_exists($filter->getParam("doc"))) + die("[-] no such file! \n"); + + +$xmlfile = file_get_contents($filter->getParam("doc")); +$ob= simplexml_load_string($xmlfile); +$json = json_encode($ob); +$configData = json_decode($json, true); + +//print_r($configData); +//file_put_contents('/mnt/hgfs/Pentest/pentests/2019/Remploy/test/array.x', print_r($configData, true)); +$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/"; + +foreach ($configData['report_sections']['section']['subsection'] as $key => $value) { + # code... + //echo $value['title']."\n"; + //print_r($value); + foreach($value['finding'] as $key2 => $value2){ + echo "[+] creating json for: ".$value2['@attributes']['title']."\n"; + $vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $value2['@attributes']['title']) ); + + if(isset($value2['cvss_vector']) && @strpos($value2['cvss_vector'], 'CVSS:3.0') === 0 ){ + $cvss3_score = $value2['cvss']; + $cvss3_vector = $value2['cvss_vector']; + }else{ + $cvss3_score = ""; + $cvss3_vector = ""; + } + + $techD = ""; + foreach ($value2['section'] as $key => $value) { + # code... + $techD .= @base64_decode($value)."\n"; + } + $cvssS = (isset($value2['cvss']))? $value2['cvss'] : ""; + + $sev = $value2['severity']; + $sev = str_replace("serious", "Serious", $sev); + $sev = str_replace("high", "High", $sev); + $sev = str_replace("medium", "Medium", $sev); + $sev = str_replace("low", "Low", $sev); + $sev = str_replace("info", "Informational", $sev); + + $jsonFile = '{ + "title":'.json_encode($value2['@attributes']['title']).', + "category":"", + "remediation":'.json_encode(base64_decode($value2['remediation'])).', + "cvss_score":'.json_encode($cvssS).', + "risk":'.json_encode($sev).', + "impact":"High/Medium/Low", + "description":'.json_encode(base64_decode($value2['summary_description'])).', + "tech_description":'.json_encode($techD).', + "solution":'.json_encode(base64_decode($value2['summary_fix'])).', + "cvss2_score":"", + "cvss2_vector":"", + "cvss3_score":'.json_encode($cvss3_score).', + "cvss3_vector":'.json_encode($cvss3_vector).', + "owasp":"", + "tags":'.json_encode(base64_decode($value2['vuln_tags'])).', + "to_check":"checked"}'; + + + file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile); + } + +} \ No newline at end of file diff --git a/ReportToolz/repgen.php b/ReportToolz/repgen.php index f06bc4a..18ca33a 100755 --- a/ReportToolz/repgen.php +++ b/ReportToolz/repgen.php @@ -84,7 +84,7 @@ // create vulns for odf $templateOrig = file_get_contents($vulnTemplate); -$Serious = $High = $Medium = $Low = ""; +$Serious = $High = $Medium = $Low = $Informational = ""; foreach ($vuln as $singlevuln) { $templateSource = $templateOrig; $togo = $singlevuln['risk']; @@ -149,6 +149,18 @@ '; $value .= $Low; } +if(!empty($Informational)){ + $value .= ' + + + + Informational Risk Vulnerabilities + + + +'; + $value .= $Informational; +} // add to template $source = file_get_contents("/tmp/$rand/content.xml"); $source = str_replace('{vuln}', $value, $source);