diff --git a/ReportToolz/config.php b/ReportToolz/config.php new file mode 100644 index 0000000..bdd99a0 --- /dev/null +++ b/ReportToolz/config.php @@ -0,0 +1,11 @@ + \ No newline at end of file diff --git a/ReportToolz/config.php b/ReportToolz/config.php new file mode 100644 index 0000000..bdd99a0 --- /dev/null +++ b/ReportToolz/config.php @@ -0,0 +1,11 @@ + \ No newline at end of file diff --git a/ReportToolz/floss.php b/ReportToolz/floss.php new file mode 100755 index 0000000..439bdb7 --- /dev/null +++ b/ReportToolz/floss.php @@ -0,0 +1,138 @@ +#!/usr/bin/php + "Shows help message", + "path|p=s" => "/path/to/jsons/" + ) +); + +$filter = new \Clapp\CommandArgumentFilter($definitions, $argv); + +if ($filter->getParam('h') === true || $argc < 2) { + echo "The JSON prettyfier\n\n"; + fwrite(STDERR, $definitions->getUsage()); + exit(0); +} + +if(!file_exists($vulnDB."/floss.csv")) + die("[!] floss.csv not found, is config.php correct?\n"); + +// create the CSV array +$csv = array(); +$file = fopen($vulnDB."/floss.csv", 'r'); +while (($result = fgetcsv($file)) !== false){ + $csv[] = $result; +} +fclose($file); + +// see if doc exists +if ($filter->getParam("path") == false) + die("[-] no path set\n"); + +// load vdb vulns +$vdbVulns = getDirContents($vulnDB); +foreach($vdbVulns as $h => $i){ // remove begining of vdb path (keeps clean) + $vdbVulns[$h] = str_replace($vulnDB, "", $i); +} +echo "VDB: ".sizeof($vdbVulns).", "; + +// get all vulns +$vuln = array(); +$files = glob($filter->getParam("path")."*.json"); +foreach($files as $finding){ + $vuln[]['orig'] = str_replace(".json", "", str_replace($filter->getParam("path"), "", $finding)); +} + +echo "Vulns: ".sizeof($vuln)."\n"; + +// check for existing +foreach($vuln as $key => $finding){ + foreach($vdbVulns as $issue){ + $title = substr($issue, strrpos($issue, '/') + 1); + if($finding['orig'].".json" == $title){ + $vuln[$key]['new'] = $issue; + //echo $finding['orig']." -> ".$issue."\n"; // DEBUG + } + } +} + +// check for pattern match in floss.csv +foreach($csv as $finding){ + foreach($vuln as $key => $issue){ + if(fnmatch($finding[0], $issue['orig'])){ + $vuln[$key]['new'] = $finding[1]; + //echo $issue['orig']." -> ".$finding[1]."\n"; // DEBUG + } + } +} + +//print_r($vuln); // DEBUG + +$flossFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/flossed"; +if(!file_exists($flossFolder."/")){ + mkdir($flossFolder."/"); + echo "[+] created directory $flossFolder/\n"; +} +$checkFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/to_check"; +if(!file_exists($checkFolder."/")){ + mkdir($checkFolder."/"); + echo "[+] created directory $checkFolder/\n"; +} + +$flossed = 0; +$flossArr = array(); +$fp = fopen($filter->getParam("path")."flossed/".date("d-m-Y_H-i-s").".log", "wb"); +foreach($vuln as $key => $finding){ + if(isset($finding['new'])){ + + $content = $finding['orig']." -> ".$finding['new']."\n"; // log changes + fwrite($fp,$content); + + rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."flossed/".$finding['orig'].".json"); + if($finding['new'] != "-del-"){ + $title = substr($finding['new'], strrpos($finding['new'], '/') + 1); + copy($vulnDB.$finding['new'], $filter->getParam("path").$title); + $flossArr[] = $finding['new']; + } + $flossed++; + }else{ + rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."to_check/".$finding['orig'].".json"); + } +} +fclose($fp); + +$flossedInto = sizeof(array_unique($flossArr)); +$left = sizeof($vuln)-$flossed; +echo "Flossed: ".$flossed." -> ".$flossedInto."\n"; +echo "To Check: ".$left."\n"; +echo "________________________________________________ +| | +|Please (on VDB) either add a rule to floss.csv | +|or create a new vulnerability for each .json | +|in /to_check to help the team and make | +|reporting easier for everyone! | +|_______________________________________________|\n"; + + +function getDirContents($path) { + $rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path)); + + $files = array(); + foreach ($rii as $file) + if (!$file->isDir()) + $files[] = $file->getPathname(); + + return $files; +} diff --git a/ReportToolz/config.php b/ReportToolz/config.php new file mode 100644 index 0000000..bdd99a0 --- /dev/null +++ b/ReportToolz/config.php @@ -0,0 +1,11 @@ + \ No newline at end of file diff --git a/ReportToolz/floss.php b/ReportToolz/floss.php new file mode 100755 index 0000000..439bdb7 --- /dev/null +++ b/ReportToolz/floss.php @@ -0,0 +1,138 @@ +#!/usr/bin/php + "Shows help message", + "path|p=s" => "/path/to/jsons/" + ) +); + +$filter = new \Clapp\CommandArgumentFilter($definitions, $argv); + +if ($filter->getParam('h') === true || $argc < 2) { + echo "The JSON prettyfier\n\n"; + fwrite(STDERR, $definitions->getUsage()); + exit(0); +} + +if(!file_exists($vulnDB."/floss.csv")) + die("[!] floss.csv not found, is config.php correct?\n"); + +// create the CSV array +$csv = array(); +$file = fopen($vulnDB."/floss.csv", 'r'); +while (($result = fgetcsv($file)) !== false){ + $csv[] = $result; +} +fclose($file); + +// see if doc exists +if ($filter->getParam("path") == false) + die("[-] no path set\n"); + +// load vdb vulns +$vdbVulns = getDirContents($vulnDB); +foreach($vdbVulns as $h => $i){ // remove begining of vdb path (keeps clean) + $vdbVulns[$h] = str_replace($vulnDB, "", $i); +} +echo "VDB: ".sizeof($vdbVulns).", "; + +// get all vulns +$vuln = array(); +$files = glob($filter->getParam("path")."*.json"); +foreach($files as $finding){ + $vuln[]['orig'] = str_replace(".json", "", str_replace($filter->getParam("path"), "", $finding)); +} + +echo "Vulns: ".sizeof($vuln)."\n"; + +// check for existing +foreach($vuln as $key => $finding){ + foreach($vdbVulns as $issue){ + $title = substr($issue, strrpos($issue, '/') + 1); + if($finding['orig'].".json" == $title){ + $vuln[$key]['new'] = $issue; + //echo $finding['orig']." -> ".$issue."\n"; // DEBUG + } + } +} + +// check for pattern match in floss.csv +foreach($csv as $finding){ + foreach($vuln as $key => $issue){ + if(fnmatch($finding[0], $issue['orig'])){ + $vuln[$key]['new'] = $finding[1]; + //echo $issue['orig']." -> ".$finding[1]."\n"; // DEBUG + } + } +} + +//print_r($vuln); // DEBUG + +$flossFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/flossed"; +if(!file_exists($flossFolder."/")){ + mkdir($flossFolder."/"); + echo "[+] created directory $flossFolder/\n"; +} +$checkFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/to_check"; +if(!file_exists($checkFolder."/")){ + mkdir($checkFolder."/"); + echo "[+] created directory $checkFolder/\n"; +} + +$flossed = 0; +$flossArr = array(); +$fp = fopen($filter->getParam("path")."flossed/".date("d-m-Y_H-i-s").".log", "wb"); +foreach($vuln as $key => $finding){ + if(isset($finding['new'])){ + + $content = $finding['orig']." -> ".$finding['new']."\n"; // log changes + fwrite($fp,$content); + + rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."flossed/".$finding['orig'].".json"); + if($finding['new'] != "-del-"){ + $title = substr($finding['new'], strrpos($finding['new'], '/') + 1); + copy($vulnDB.$finding['new'], $filter->getParam("path").$title); + $flossArr[] = $finding['new']; + } + $flossed++; + }else{ + rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."to_check/".$finding['orig'].".json"); + } +} +fclose($fp); + +$flossedInto = sizeof(array_unique($flossArr)); +$left = sizeof($vuln)-$flossed; +echo "Flossed: ".$flossed." -> ".$flossedInto."\n"; +echo "To Check: ".$left."\n"; +echo "________________________________________________ +| | +|Please (on VDB) either add a rule to floss.csv | +|or create a new vulnerability for each .json | +|in /to_check to help the team and make | +|reporting easier for everyone! | +|_______________________________________________|\n"; + + +function getDirContents($path) { + $rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path)); + + $files = array(); + foreach ($rii as $file) + if (!$file->isDir()) + $files[] = $file->getPathname(); + + return $files; +} diff --git a/ReportToolz/pt2json.php b/ReportToolz/pt2json.php index bd8d5e7..8954e6f 100755 --- a/ReportToolz/pt2json.php +++ b/ReportToolz/pt2json.php @@ -40,7 +40,7 @@ $json = json_encode($ob); $configData = json_decode($json, true); -//$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/"; +$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/"; if( isset($configData['report_sections']['section'][0]['subsection'][0]['@attributes']['title'])){ // multiple headings diff --git a/ReportToolz/config.php b/ReportToolz/config.php new file mode 100644 index 0000000..bdd99a0 --- /dev/null +++ b/ReportToolz/config.php @@ -0,0 +1,11 @@ + \ No newline at end of file diff --git a/ReportToolz/floss.php b/ReportToolz/floss.php new file mode 100755 index 0000000..439bdb7 --- /dev/null +++ b/ReportToolz/floss.php @@ -0,0 +1,138 @@ +#!/usr/bin/php + "Shows help message", + "path|p=s" => "/path/to/jsons/" + ) +); + +$filter = new \Clapp\CommandArgumentFilter($definitions, $argv); + +if ($filter->getParam('h') === true || $argc < 2) { + echo "The JSON prettyfier\n\n"; + fwrite(STDERR, $definitions->getUsage()); + exit(0); +} + +if(!file_exists($vulnDB."/floss.csv")) + die("[!] floss.csv not found, is config.php correct?\n"); + +// create the CSV array +$csv = array(); +$file = fopen($vulnDB."/floss.csv", 'r'); +while (($result = fgetcsv($file)) !== false){ + $csv[] = $result; +} +fclose($file); + +// see if doc exists +if ($filter->getParam("path") == false) + die("[-] no path set\n"); + +// load vdb vulns +$vdbVulns = getDirContents($vulnDB); +foreach($vdbVulns as $h => $i){ // remove begining of vdb path (keeps clean) + $vdbVulns[$h] = str_replace($vulnDB, "", $i); +} +echo "VDB: ".sizeof($vdbVulns).", "; + +// get all vulns +$vuln = array(); +$files = glob($filter->getParam("path")."*.json"); +foreach($files as $finding){ + $vuln[]['orig'] = str_replace(".json", "", str_replace($filter->getParam("path"), "", $finding)); +} + +echo "Vulns: ".sizeof($vuln)."\n"; + +// check for existing +foreach($vuln as $key => $finding){ + foreach($vdbVulns as $issue){ + $title = substr($issue, strrpos($issue, '/') + 1); + if($finding['orig'].".json" == $title){ + $vuln[$key]['new'] = $issue; + //echo $finding['orig']." -> ".$issue."\n"; // DEBUG + } + } +} + +// check for pattern match in floss.csv +foreach($csv as $finding){ + foreach($vuln as $key => $issue){ + if(fnmatch($finding[0], $issue['orig'])){ + $vuln[$key]['new'] = $finding[1]; + //echo $issue['orig']." -> ".$finding[1]."\n"; // DEBUG + } + } +} + +//print_r($vuln); // DEBUG + +$flossFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/flossed"; +if(!file_exists($flossFolder."/")){ + mkdir($flossFolder."/"); + echo "[+] created directory $flossFolder/\n"; +} +$checkFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/to_check"; +if(!file_exists($checkFolder."/")){ + mkdir($checkFolder."/"); + echo "[+] created directory $checkFolder/\n"; +} + +$flossed = 0; +$flossArr = array(); +$fp = fopen($filter->getParam("path")."flossed/".date("d-m-Y_H-i-s").".log", "wb"); +foreach($vuln as $key => $finding){ + if(isset($finding['new'])){ + + $content = $finding['orig']." -> ".$finding['new']."\n"; // log changes + fwrite($fp,$content); + + rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."flossed/".$finding['orig'].".json"); + if($finding['new'] != "-del-"){ + $title = substr($finding['new'], strrpos($finding['new'], '/') + 1); + copy($vulnDB.$finding['new'], $filter->getParam("path").$title); + $flossArr[] = $finding['new']; + } + $flossed++; + }else{ + rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."to_check/".$finding['orig'].".json"); + } +} +fclose($fp); + +$flossedInto = sizeof(array_unique($flossArr)); +$left = sizeof($vuln)-$flossed; +echo "Flossed: ".$flossed." -> ".$flossedInto."\n"; +echo "To Check: ".$left."\n"; +echo "________________________________________________ +| | +|Please (on VDB) either add a rule to floss.csv | +|or create a new vulnerability for each .json | +|in /to_check to help the team and make | +|reporting easier for everyone! | +|_______________________________________________|\n"; + + +function getDirContents($path) { + $rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path)); + + $files = array(); + foreach ($rii as $file) + if (!$file->isDir()) + $files[] = $file->getPathname(); + + return $files; +} diff --git a/ReportToolz/pt2json.php b/ReportToolz/pt2json.php index bd8d5e7..8954e6f 100755 --- a/ReportToolz/pt2json.php +++ b/ReportToolz/pt2json.php @@ -40,7 +40,7 @@ $json = json_encode($ob); $configData = json_decode($json, true); -//$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/"; +$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/"; if( isset($configData['report_sections']['section'][0]['subsection'][0]['@attributes']['title'])){ // multiple headings diff --git a/ReportToolz/repgen.php b/ReportToolz/repgen.php index 6e33ea7..29b2049 100755 --- a/ReportToolz/repgen.php +++ b/ReportToolz/repgen.php @@ -1,13 +1,7 @@ #!/usr/bin/php \ No newline at end of file diff --git a/ReportToolz/floss.php b/ReportToolz/floss.php new file mode 100755 index 0000000..439bdb7 --- /dev/null +++ b/ReportToolz/floss.php @@ -0,0 +1,138 @@ +#!/usr/bin/php + "Shows help message", + "path|p=s" => "/path/to/jsons/" + ) +); + +$filter = new \Clapp\CommandArgumentFilter($definitions, $argv); + +if ($filter->getParam('h') === true || $argc < 2) { + echo "The JSON prettyfier\n\n"; + fwrite(STDERR, $definitions->getUsage()); + exit(0); +} + +if(!file_exists($vulnDB."/floss.csv")) + die("[!] floss.csv not found, is config.php correct?\n"); + +// create the CSV array +$csv = array(); +$file = fopen($vulnDB."/floss.csv", 'r'); +while (($result = fgetcsv($file)) !== false){ + $csv[] = $result; +} +fclose($file); + +// see if doc exists +if ($filter->getParam("path") == false) + die("[-] no path set\n"); + +// load vdb vulns +$vdbVulns = getDirContents($vulnDB); +foreach($vdbVulns as $h => $i){ // remove begining of vdb path (keeps clean) + $vdbVulns[$h] = str_replace($vulnDB, "", $i); +} +echo "VDB: ".sizeof($vdbVulns).", "; + +// get all vulns +$vuln = array(); +$files = glob($filter->getParam("path")."*.json"); +foreach($files as $finding){ + $vuln[]['orig'] = str_replace(".json", "", str_replace($filter->getParam("path"), "", $finding)); +} + +echo "Vulns: ".sizeof($vuln)."\n"; + +// check for existing +foreach($vuln as $key => $finding){ + foreach($vdbVulns as $issue){ + $title = substr($issue, strrpos($issue, '/') + 1); + if($finding['orig'].".json" == $title){ + $vuln[$key]['new'] = $issue; + //echo $finding['orig']." -> ".$issue."\n"; // DEBUG + } + } +} + +// check for pattern match in floss.csv +foreach($csv as $finding){ + foreach($vuln as $key => $issue){ + if(fnmatch($finding[0], $issue['orig'])){ + $vuln[$key]['new'] = $finding[1]; + //echo $issue['orig']." -> ".$finding[1]."\n"; // DEBUG + } + } +} + +//print_r($vuln); // DEBUG + +$flossFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/flossed"; +if(!file_exists($flossFolder."/")){ + mkdir($flossFolder."/"); + echo "[+] created directory $flossFolder/\n"; +} +$checkFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/to_check"; +if(!file_exists($checkFolder."/")){ + mkdir($checkFolder."/"); + echo "[+] created directory $checkFolder/\n"; +} + +$flossed = 0; +$flossArr = array(); +$fp = fopen($filter->getParam("path")."flossed/".date("d-m-Y_H-i-s").".log", "wb"); +foreach($vuln as $key => $finding){ + if(isset($finding['new'])){ + + $content = $finding['orig']." -> ".$finding['new']."\n"; // log changes + fwrite($fp,$content); + + rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."flossed/".$finding['orig'].".json"); + if($finding['new'] != "-del-"){ + $title = substr($finding['new'], strrpos($finding['new'], '/') + 1); + copy($vulnDB.$finding['new'], $filter->getParam("path").$title); + $flossArr[] = $finding['new']; + } + $flossed++; + }else{ + rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."to_check/".$finding['orig'].".json"); + } +} +fclose($fp); + +$flossedInto = sizeof(array_unique($flossArr)); +$left = sizeof($vuln)-$flossed; +echo "Flossed: ".$flossed." -> ".$flossedInto."\n"; +echo "To Check: ".$left."\n"; +echo "________________________________________________ +| | +|Please (on VDB) either add a rule to floss.csv | +|or create a new vulnerability for each .json | +|in /to_check to help the team and make | +|reporting easier for everyone! | +|_______________________________________________|\n"; + + +function getDirContents($path) { + $rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path)); + + $files = array(); + foreach ($rii as $file) + if (!$file->isDir()) + $files[] = $file->getPathname(); + + return $files; +} diff --git a/ReportToolz/pt2json.php b/ReportToolz/pt2json.php index bd8d5e7..8954e6f 100755 --- a/ReportToolz/pt2json.php +++ b/ReportToolz/pt2json.php @@ -40,7 +40,7 @@ $json = json_encode($ob); $configData = json_decode($json, true); -//$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/"; +$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/"; if( isset($configData['report_sections']['section'][0]['subsection'][0]['@attributes']['title'])){ // multiple headings diff --git a/ReportToolz/repgen.php b/ReportToolz/repgen.php index 6e33ea7..29b2049 100755 --- a/ReportToolz/repgen.php +++ b/ReportToolz/repgen.php @@ -1,13 +1,7 @@ #!/usr/bin/php