Fork: 0
0xRoM / DirtyScripts
Download ZIP 27 commits
Transfer to URL with SHA
DirtyScripts / ReportToolz /
latest commit 7a5b792524
root authored on 18 Dec 2019
..
classes added some stuff 4 years ago
templates updated template and documentation 4 years ago
README.md updated template and documentation 4 years ago
ns2json.php Tidying 4 years ago
pt2json.php Tidying 4 years ago
rep2.php added some stuff 4 years ago
repgen.php updated template and documentation 4 years ago
vdb.php cant remember 4 years ago
README.md

Report generation scripts

Requirements: 

First copy templates/odt/config.conf to current work dir.  

Fill out fields in config.conf (company name, your name, contact, tel etc.)

As pentesting copy vulnerability.json for each issue found to current work dir  

End of test generate report:

╰» ./repgen.php -p "/mnt/hgfs/Pentest/pentests/2019/Company/" _ _ _ Gen ||// ||== ||// || \ ||___ ||

[!] path: /mnt/hgfs/Pentest/pentests/2019/Company/ [+] doc extracted [+] added config values [!] sorting vulns by CVSS [+] added Low: Software Version Numbers Disclosed [+] added Low: Verbose Error Reporting Enabled [+] added Medium: Mising Security Headers [+] added Medium: Insescure SSL Certificate Detected [+] added Medium: Missing Cookie Attributes [+] added Medium: jQuery Vulnerabilities [+] added Low: Wildcard SSL Certificate [=] generated report: /mnt/hgfs/Pentest/pentests/2019/Company/repgen.odt [+] temp files removed

Tidy up a little, drop in your evidence for each issue etc.

Create all of the tables from that report:

╰» ./rep2.php -d "/mnt/hgfs/Pentest/pentests/2019/Company/repgen.odt" _ _ _ 2 ||// ||== ||// || \ ||___ ||

[!] doc: /mnt/hgfs/Pentest/pentests/2019/Company/repgen.odt [+] doc extracted [=] fonts found: 23 [+] vulnerabilities identified [+] temp files removed [+] created directory /mnt/hgfs/Pentest/pentests/2019/Company/rep2/ [+] medium issues: /mnt/hgfs/Pentest/pentests/2019/Company/rep2/findings_medium.csv [+] low issues: /mnt/hgfs/Pentest/pentests/2019/Company/rep2/findings_low.csv [+] all issues: /mnt/hgfs/Pentest/pentests/2019/Company/rep2/findings_all.csv [+] remediation table: /mnt/hgfs/Pentest/pentests/2019/Company/rep2/remediation.csv [+] OWASP table: /mnt/hgfs/Pentest/pentests/2019/Company/rep2/owasp.csv [=] Serious = 0, High = 0, Medium = 4, Low = 3

Ref Title Risk CVSS Remediation OWASP
5.1.1 Missing Security Headers Medium 5.1 Configuration A6 Security Misconfiguration
5.1.2 Insecure SSL Certificate Detected Medium 4.8 Configuration A6 Security Misconfiguration
5.1.3 Missing Cookie Attributes Medium 4.7 Configuration A6 Security Misconfiguration
5.1.4 jQuery Vulnerabilities Medium 4.3 Configuration A9 Components with Known Vulne
5.2.1 Software Version Numbers Disclosed Low 5.3 Configuration A6 Security Misconfiguration
5.2.2 Verbose Error Reporting Enabled Low 5.3 Configuration A6 Security Misconfiguration
5.2.3 Wildcard SSL Certificate Low 3.7 Configuration A6 Security Misconfiguration 
copy created csv tables into corresponding parts of report

# Vulnerability DB script

╰» ./vdb.php -s xss Ref | Title | Description -------|--------------------------------------------------|---------------------------------------------------------------- 125 |Missing HTTP Security Headers |- description here - 151 |Reflected Cross-Site Scripting (XSS) |- description here - 152 |Stored Cross-Site Scripting (XSS) |- description here -

╰» ./vdb.php -i 151 151 - Reflected Cross-Site Scripting (XSS) CVSS: -snip- Risk: -snip- OWASP: -snip- CVSS2: -snip- CVSS3: -snip- Description: -snip- Technical Description: -snip- Soluton: -snip- Impact: -snip- Remediation: -snip- Tags: reflected, xss, javascript, injection

╰» ./vdb.php -i 151 -p /tmp xss-reflected.json copied to /tmp/

# ptreport to JSON files
Convert ptreport reprep output file to JSON files for repgen.php

╰» ./pt2json.php -d /mnt/hgfs/Pentest/pentests/2019/Company/report/Company-9ajgty.ptreport 

        ______   _                  
    _  (_____ \ (_)

| | ) ) __ _ __
| ( )/ __/ | |/)/ | \ | || || || (_ | | | || | | | | | / _)__)| (/ \/|| || |_| (__/

[!] doc: /mnt/hgfs/Pentest/pentests/2019/Company/report/Company-9ajgty.ptreport [+] creating json for: SSL/TLS 64-bit Block Size Cipher Suites [+] creating json for: TLS Version 1.0 Protocol in use [+] creating json for: Untrustworthy Server Certificate Chain [+] creating json for: Missing or Permissive HTTP Content-Security-Policy Header [+] creating json for: Missing or Permissive X-Frame-Options HTTP Response Header [+] creating json for: No HTTP Strict Transport Security

# nessus to JSON files
Convert .nessus output file to JSON files for repgen.php

╰» ./ns2json.php -d /mnt/hgfs/Pentest/pentests/2019/Company/report/Company-9ajgty.nessus -i 

        ______   _                  
       (_____ \ (_)

_ _) ) _ _ __
| \ /__)/ _/ | |/)/ | \ | | | | | (__ | | | || | | | | || |(_/|___)| (/ \/|| || (__/

[!] doc: /mnt/hgfs/Pentest/pentests/2019/Company/report/Company-9ajgty.nessus [-] Issue: Nessus Scan Information [-] Issue: Host Fully Qualified Domain Name (FQDN) Resolution [-] Issue: IPSEC Internet Key Exchange (IKE) Version 2 Detection [-] Issue: IPSEC Internet Key Exchange (IKE) Version 1 Detection [-] Issue: Common Platform Enumeration (CPE) [+] Saving: SSL Medium Strength Cipher Suites Supported (SWEET32) [-] Issue: SSL Cipher Block Chaining Cipher Suites Supported ```