diff --git a/ReportToolz/README.md b/ReportToolz/README.md index ef40c02..8be1255 100644 --- a/ReportToolz/README.md +++ b/ReportToolz/README.md @@ -161,3 +161,26 @@ [+] Saving: SSL Medium Strength Cipher Suites Supported (SWEET32) [-] Issue: SSL Cipher Block Chaining Cipher Suites Supported ``` + +# burp to JSON files +Convert Burp "report issues" XML file to JSON files for repgen.php + +``` +╰» php /opt/RossMarks/DirtyScripts/ReportToolz/bp2json.php -d /tmp/rpt/burp.xml + _ ______ _ +| | (_____ \ (_) +| | _ ____ ____) ) _ ___ ___ ____ +| || \| _ \/_____/ | |/___)/ _ \| _ \ +| |_) ) | | |______ | |___ | |_| | | | | +|____/| ||_(_______)| (___/ \___/|_| |_| + |_| (__/ + +[!] doc: /tmp/rpt/burp.xml +[=] 5 vulnerabilities identified +[+] creating file: /tmp/rpt/strict-transport-security-misconfiguration.json +[+] creating file: /tmp/rpt/password-field-with-autocomplete-enabled.json +[+] creating file: /tmp/rpt/lack-or-misconfiguration-of-security-header-s-.json +[+] creating file: /tmp/rpt/interesting-header-s-.json +[+] creating file: /tmp/rpt/software-version-numbers-revealed.json +[!] These are empty JSON files, remember to floss! +``` \ No newline at end of file diff --git a/ReportToolz/README.md b/ReportToolz/README.md index ef40c02..8be1255 100644 --- a/ReportToolz/README.md +++ b/ReportToolz/README.md @@ -161,3 +161,26 @@ [+] Saving: SSL Medium Strength Cipher Suites Supported (SWEET32) [-] Issue: SSL Cipher Block Chaining Cipher Suites Supported ``` + +# burp to JSON files +Convert Burp "report issues" XML file to JSON files for repgen.php + +``` +╰» php /opt/RossMarks/DirtyScripts/ReportToolz/bp2json.php -d /tmp/rpt/burp.xml + _ ______ _ +| | (_____ \ (_) +| | _ ____ ____) ) _ ___ ___ ____ +| || \| _ \/_____/ | |/___)/ _ \| _ \ +| |_) ) | | |______ | |___ | |_| | | | | +|____/| ||_(_______)| (___/ \___/|_| |_| + |_| (__/ + +[!] doc: /tmp/rpt/burp.xml +[=] 5 vulnerabilities identified +[+] creating file: /tmp/rpt/strict-transport-security-misconfiguration.json +[+] creating file: /tmp/rpt/password-field-with-autocomplete-enabled.json +[+] creating file: /tmp/rpt/lack-or-misconfiguration-of-security-header-s-.json +[+] creating file: /tmp/rpt/interesting-header-s-.json +[+] creating file: /tmp/rpt/software-version-numbers-revealed.json +[!] These are empty JSON files, remember to floss! +``` \ No newline at end of file diff --git a/ReportToolz/bp2json.php b/ReportToolz/bp2json.php new file mode 100644 index 0000000..12fcd7e --- /dev/null +++ b/ReportToolz/bp2json.php @@ -0,0 +1,67 @@ +#!/usr/bin/php + "Shows help message", + "doc|d=s" => "/path/to/burp.xml to use", + "no-save|n" => "Output only - Don't save JSON files", + ) +); + +$filter = new \Clapp\CommandArgumentFilter($definitions, $argv); + +if ($filter->getParam('h') === true || $argc < 2) { + echo "Convert burp \"report issues\" XML output file to JSON files for repgen.php\n\n"; + fwrite(STDERR, $definitions->getUsage()); + exit(0); +} + +// see if doc exists +if ($filter->getParam("doc") == false) + die("[-] no doc set\n"); + +echo "[!] doc: ".$filter->getParam("doc")."\n"; +if(!file_exists($filter->getParam("doc"))) + die("[-] no such file! \n"); + + +//$xmlfile = file_get_contents($filter->getParam("doc")); +$burp= simplexml_load_file($filter->getParam("doc")); + +$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/"; +$vulnarray = array(); + +foreach($burp as $issue => $details){ + $issue = (string)$details->name; + if(!in_array($issue, $vulnarray)){ + array_push($vulnarray, $issue); + } +} + +echo "[=] ".count($vulnarray)." vulnerabilities identified\n"; + +foreach($vulnarray as $issue){ + $newfilename = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $issue) ); + if($filter->getParam('no-save') === true){ + echo "[+] issue: ".$issue."\n"; + }else{ + echo "[+] creating file: ".$resultsFolder.$newfilename.".json\n"; + touch($resultsFolder.$newfilename.".json"); + } +} + +if($filter->getParam('no-save') !== true) + echo "[!] These are empty JSON files, remember to floss!\n"; + + +?> \ No newline at end of file