diff --git a/ReportToolz/README.md b/ReportToolz/README.md index 1566129..49f29da 100644 --- a/ReportToolz/README.md +++ b/ReportToolz/README.md @@ -1,3 +1,5 @@ +# Report generation scripts + First copy templates/odt/config.conf to current work dir. Fill out fields in config.conf (company name, your name, contact, tel etc.) @@ -60,4 +62,30 @@ 5.2.3 |Wildcard SSL Certificate |Low |3.7 |Configuration |A6 Security Misconfiguration ``` -copy created csv tables into corresponding parts of report \ No newline at end of file +copy created csv tables into corresponding parts of report + +# Vulnerability DB script + +``` +╰» ./vdb.php -s xss +Ref | Title | Description +-------|--------------------------------------------------|---------------------------------------------------------------- +125 |Missing HTTP Security Headers |- description here - +151 |Reflected Cross-Site Scripting (XSS) |- description here - +152 |Stored Cross-Site Scripting (XSS) |- description here - + +╰» ./vdb.php -i 151 +151 - Reflected Cross-Site Scripting (XSS) +CVSS: -snip- Risk: -snip- OWASP: -snip- +CVSS2: -snip- +CVSS3: -snip- +Description: -snip- +Technical Description: -snip- +Soluton: -snip- +Impact: -snip- +Remediation: -snip- +Tags: reflected, xss, javascript, injection + +╰» ./vdb.php -i 151 -p /tmp +xss-reflected.json copied to /tmp/ +``` \ No newline at end of file diff --git a/ReportToolz/README.md b/ReportToolz/README.md index 1566129..49f29da 100644 --- a/ReportToolz/README.md +++ b/ReportToolz/README.md @@ -1,3 +1,5 @@ +# Report generation scripts + First copy templates/odt/config.conf to current work dir. Fill out fields in config.conf (company name, your name, contact, tel etc.) @@ -60,4 +62,30 @@ 5.2.3 |Wildcard SSL Certificate |Low |3.7 |Configuration |A6 Security Misconfiguration ``` -copy created csv tables into corresponding parts of report \ No newline at end of file +copy created csv tables into corresponding parts of report + +# Vulnerability DB script + +``` +╰» ./vdb.php -s xss +Ref | Title | Description +-------|--------------------------------------------------|---------------------------------------------------------------- +125 |Missing HTTP Security Headers |- description here - +151 |Reflected Cross-Site Scripting (XSS) |- description here - +152 |Stored Cross-Site Scripting (XSS) |- description here - + +╰» ./vdb.php -i 151 +151 - Reflected Cross-Site Scripting (XSS) +CVSS: -snip- Risk: -snip- OWASP: -snip- +CVSS2: -snip- +CVSS3: -snip- +Description: -snip- +Technical Description: -snip- +Soluton: -snip- +Impact: -snip- +Remediation: -snip- +Tags: reflected, xss, javascript, injection + +╰» ./vdb.php -i 151 -p /tmp +xss-reflected.json copied to /tmp/ +``` \ No newline at end of file diff --git a/ReportToolz/repgen.php b/ReportToolz/repgen.php index afc4424..b31ebf9 100755 --- a/ReportToolz/repgen.php +++ b/ReportToolz/repgen.php @@ -19,7 +19,7 @@ $definitions = new \Clapp\CommandLineArgumentDefinition( array( "help|h" => "Shows help message", - "path|p=s" => "/path/to/configs/", // should contain config.json and all vuln.json files + "path|p=s" => "/path/to/configs/", // should contain config.json and all vuln.json files ) ); @@ -65,12 +65,15 @@ $vuln[] = $found = json_decode(file_get_contents($finding), true); } -echo "[!] sorting vulns by CVSS\n"; +echo "[+] sorting vulns by CVSS\n"; usort($vuln, 'order_by_cvss'); function order_by_cvss($a, $b) { return $b['cvss_score'] > $a['cvss_score'] ? 1 : -1; } +if(empty($vuln)) + echo "[-] no vulns found!\n"; + // create vulns for odf $templateOrig = file_get_contents($vulnTemplate); $Serious = $High = $Medium = $Low = ""; diff --git a/ReportToolz/README.md b/ReportToolz/README.md index 1566129..49f29da 100644 --- a/ReportToolz/README.md +++ b/ReportToolz/README.md @@ -1,3 +1,5 @@ +# Report generation scripts + First copy templates/odt/config.conf to current work dir. Fill out fields in config.conf (company name, your name, contact, tel etc.) @@ -60,4 +62,30 @@ 5.2.3 |Wildcard SSL Certificate |Low |3.7 |Configuration |A6 Security Misconfiguration ``` -copy created csv tables into corresponding parts of report \ No newline at end of file +copy created csv tables into corresponding parts of report + +# Vulnerability DB script + +``` +╰» ./vdb.php -s xss +Ref | Title | Description +-------|--------------------------------------------------|---------------------------------------------------------------- +125 |Missing HTTP Security Headers |- description here - +151 |Reflected Cross-Site Scripting (XSS) |- description here - +152 |Stored Cross-Site Scripting (XSS) |- description here - + +╰» ./vdb.php -i 151 +151 - Reflected Cross-Site Scripting (XSS) +CVSS: -snip- Risk: -snip- OWASP: -snip- +CVSS2: -snip- +CVSS3: -snip- +Description: -snip- +Technical Description: -snip- +Soluton: -snip- +Impact: -snip- +Remediation: -snip- +Tags: reflected, xss, javascript, injection + +╰» ./vdb.php -i 151 -p /tmp +xss-reflected.json copied to /tmp/ +``` \ No newline at end of file diff --git a/ReportToolz/repgen.php b/ReportToolz/repgen.php index afc4424..b31ebf9 100755 --- a/ReportToolz/repgen.php +++ b/ReportToolz/repgen.php @@ -19,7 +19,7 @@ $definitions = new \Clapp\CommandLineArgumentDefinition( array( "help|h" => "Shows help message", - "path|p=s" => "/path/to/configs/", // should contain config.json and all vuln.json files + "path|p=s" => "/path/to/configs/", // should contain config.json and all vuln.json files ) ); @@ -65,12 +65,15 @@ $vuln[] = $found = json_decode(file_get_contents($finding), true); } -echo "[!] sorting vulns by CVSS\n"; +echo "[+] sorting vulns by CVSS\n"; usort($vuln, 'order_by_cvss'); function order_by_cvss($a, $b) { return $b['cvss_score'] > $a['cvss_score'] ? 1 : -1; } +if(empty($vuln)) + echo "[-] no vulns found!\n"; + // create vulns for odf $templateOrig = file_get_contents($vulnTemplate); $Serious = $High = $Medium = $Low = ""; diff --git a/ReportToolz/templates/issue/template.json b/ReportToolz/templates/issue/template.json index 0e6eaf1..b10cff4 100644 --- a/ReportToolz/templates/issue/template.json +++ b/ReportToolz/templates/issue/template.json @@ -1,11 +1,16 @@ { -"title": "", -"description":"", -"tech_description":"", -"impact":"", -"solution":"", -"remediation":"", -"cvss_score":"", -"risk":"", -"owasp":"" -} + "title": "", + "description":"", + "tech_description":"", + "impact":"", + "solution":"", + "remediation":"", + "cvss_score":"", + "cvss2_score": "", + "cvss2_vector": "", + "cvss3_score": "", + "cvss3_vector": "", + "risk":"", + "owasp":"", + "tags": "" +} \ No newline at end of file diff --git a/ReportToolz/README.md b/ReportToolz/README.md index 1566129..49f29da 100644 --- a/ReportToolz/README.md +++ b/ReportToolz/README.md @@ -1,3 +1,5 @@ +# Report generation scripts + First copy templates/odt/config.conf to current work dir. Fill out fields in config.conf (company name, your name, contact, tel etc.) @@ -60,4 +62,30 @@ 5.2.3 |Wildcard SSL Certificate |Low |3.7 |Configuration |A6 Security Misconfiguration ``` -copy created csv tables into corresponding parts of report \ No newline at end of file +copy created csv tables into corresponding parts of report + +# Vulnerability DB script + +``` +╰» ./vdb.php -s xss +Ref | Title | Description +-------|--------------------------------------------------|---------------------------------------------------------------- +125 |Missing HTTP Security Headers |- description here - +151 |Reflected Cross-Site Scripting (XSS) |- description here - +152 |Stored Cross-Site Scripting (XSS) |- description here - + +╰» ./vdb.php -i 151 +151 - Reflected Cross-Site Scripting (XSS) +CVSS: -snip- Risk: -snip- OWASP: -snip- +CVSS2: -snip- +CVSS3: -snip- +Description: -snip- +Technical Description: -snip- +Soluton: -snip- +Impact: -snip- +Remediation: -snip- +Tags: reflected, xss, javascript, injection + +╰» ./vdb.php -i 151 -p /tmp +xss-reflected.json copied to /tmp/ +``` \ No newline at end of file diff --git a/ReportToolz/repgen.php b/ReportToolz/repgen.php index afc4424..b31ebf9 100755 --- a/ReportToolz/repgen.php +++ b/ReportToolz/repgen.php @@ -19,7 +19,7 @@ $definitions = new \Clapp\CommandLineArgumentDefinition( array( "help|h" => "Shows help message", - "path|p=s" => "/path/to/configs/", // should contain config.json and all vuln.json files + "path|p=s" => "/path/to/configs/", // should contain config.json and all vuln.json files ) ); @@ -65,12 +65,15 @@ $vuln[] = $found = json_decode(file_get_contents($finding), true); } -echo "[!] sorting vulns by CVSS\n"; +echo "[+] sorting vulns by CVSS\n"; usort($vuln, 'order_by_cvss'); function order_by_cvss($a, $b) { return $b['cvss_score'] > $a['cvss_score'] ? 1 : -1; } +if(empty($vuln)) + echo "[-] no vulns found!\n"; + // create vulns for odf $templateOrig = file_get_contents($vulnTemplate); $Serious = $High = $Medium = $Low = ""; diff --git a/ReportToolz/templates/issue/template.json b/ReportToolz/templates/issue/template.json index 0e6eaf1..b10cff4 100644 --- a/ReportToolz/templates/issue/template.json +++ b/ReportToolz/templates/issue/template.json @@ -1,11 +1,16 @@ { -"title": "", -"description":"", -"tech_description":"", -"impact":"", -"solution":"", -"remediation":"", -"cvss_score":"", -"risk":"", -"owasp":"" -} + "title": "", + "description":"", + "tech_description":"", + "impact":"", + "solution":"", + "remediation":"", + "cvss_score":"", + "cvss2_score": "", + "cvss2_vector": "", + "cvss3_score": "", + "cvss3_vector": "", + "risk":"", + "owasp":"", + "tags": "" +} \ No newline at end of file diff --git a/ReportToolz/vdb.php b/ReportToolz/vdb.php new file mode 100755 index 0000000..3fc479a --- /dev/null +++ b/ReportToolz/vdb.php @@ -0,0 +1,137 @@ +#!/usr/bin/php + "Shows help message", + "search|s=s" => "search term", + "id|i=i" => "id of vuln to view details or copy (requires -p)", + "path|p=s" => "path to copy vuln to (requires -c)", + ) +); + +$filter = new \Clapp\CommandArgumentFilter($definitions, $argv); + +if ($filter->getParam('h') === true || $argc < 2) { + fwrite(STDERR, $definitions->getUsage()); + exit(0); +} + +// get all vulns +$vuln = recursiveScan($vulnDB); +$i = 1; +foreach($vuln as $key => $value){ + $vuln[$key]['count'] = $i; + $i++; +} + +// search for search term +if($filter->getParam("search") == true){ + #echo "[!] Searching: ".$filter->getParam("search")."\n"; + + + echo" +Ref | Title | Description +-------|--------------------------------------------------|----------------------------------------------------------------\n"; + + + foreach ($vuln as $key => $value) { + $flag = 0; + if (strpos($vuln[$key]['title'], $filter->getParam("search")) == true){ $flag = 1; } + if (strpos($vuln[$key]['description'], $filter->getParam("search")) == true){ $flag = 1; } + if (strpos($vuln[$key]['tech_description'], $filter->getParam("search")) == true){ $flag = 1; } + if (strpos($vuln[$key]['impact'], $filter->getParam("search")) == true){ $flag = 1; } + if (strpos($vuln[$key]['solution'], $filter->getParam("search")) == true){ $flag = 1; } + if (strpos($vuln[$key]['tags'], $filter->getParam("search")) == true){ $flag = 1; } + if($flag == 1){ // found search term + $ref = str_pad($vuln[$key]['count'], 7); + $title = str_pad($vuln[$key]['title'], 50); + $desc = trim(preg_replace('/\s\s+/', ' ', $vuln[$key]['tech_description'])); + $desc = str_pad( $desc, 61); + + echo substr($ref, 0, 7); echo "|"; + echo substr($title, 0, 50); echo "|"; + echo substr($desc, 0, 61); echo "\n"; + } + } + echo "\n"; +} + +if($filter->getParam("id") == true){ + $id = $filter->getParam("id"); + foreach ($vuln as $key => $value) { + if($vuln[$key]['count'] == $id){ + $chosenVuln = $vuln[$key]; + $path = $key; + break; + } + } + + echo "\033[1m\033[4m".$chosenVuln['count']." - ".$chosenVuln['title']."\033[0m\n"; + echo "\033[1mCVSS:\033[0m ".$chosenVuln['cvss_score']." "; + echo "\033[1mRisk:\033[0m ".$chosenVuln['risk']." "; + echo "\033[1mOWASP:\033[0m ".$chosenVuln['owasp']."\n"; + echo "\033[1mCVSS2:\033[0m ".$chosenVuln['cvss2_score']." ".$chosenVuln['cvss2_vector']."\n"; + echo "\033[1mCVSS3:\033[0m ".$chosenVuln['cvss3_score']." ".$chosenVuln['cvss3_vector']."\n"; + echo "\033[1mDescription:\033[0m ".$chosenVuln['description']."\n"; + echo "\033[1mTechnical Description:\033[0m ".$chosenVuln['tech_description']."\n"; + echo "\033[1mSoluton:\033[0m ".$chosenVuln['solution']."\n"; + echo "\033[1mImpact: \033[0m".$chosenVuln['impact']."\n"; + echo "\033[1mRemediation:\033[0m ".$chosenVuln['remediation']."\n"; + echo "\033[1mTags:\033[0m ".$chosenVuln['tags']."\n"; + + if($filter->getParam("path") == true){ + $resultsFolder = add_ending_slash($filter->getParam("path")); + if(file_exists($resultsFolder)){ + if(!file_exists($resultsFolder.basename($path))){ + system("cp $path $resultsFolder".basename($path)); + echo "\n\033[0;92m\033[1m".basename($path)." copied to $resultsFolder\033[0m\n"; + }else{ + echo "\n\033[0;31m\033[1m".basename($path)." already in $resultsFolder\033[0m\n"; + } + }else{ + echo "\n\033[0;31m\033[1m$resultsFolder does not exist!\033[0m\n"; + } + } +} + +function recursiveScan($dir) { + global $vuln; + $tree = glob(rtrim($dir, '/') . '/*'); + if (is_array($tree)) { + foreach($tree as $file) { + if (is_dir($file)) { + #echo "dir - ".$file . "\n"; + recursiveScan($file); + } elseif (is_file($file)) { + //echo $file . "\n"; + //$vuln[] = "test"; + if(substr($file, -5) == '.json'){ + $vuln[$file] = json_decode(file_get_contents($file), true); + } + + } + } + } + return $vuln; +} +function add_ending_slash( $path ){ + if ( substr( $path, ( 0 - ( int ) strlen( "/" ) ) ) !== "/" ){ $path .= "/"; } + return $path; +} +?> \ No newline at end of file