Skip to content

Collection of scripts used to convert stuff from one penetration testing collaborative platform to another and facilitate the migration of solution

License

Notifications You must be signed in to change notification settings

noraj/Pentest-collab-convert

Repository files navigation

Pentest collab convert

GitHub license

Pentest collab convert is a collection of scripts used to convert stuff from one penetration testing collaborative platform to another and facilitate the migration of solution

PwnDoc to Reconmap

PwnDoc to Reconmap

Converting vulnerabilities

Prerequisites:

  • probably any version of Ruby 2.X and 3.X
  • kramdown gem

Usage:

ruby pwndoc2reconmap_vulns.rb 'pwndoc_vuln_file.yml' 'reconmap_vuln_file.json'

Example:

ruby pwndoc2reconmap_vulns.rb '/tmp/vulnerabilities_pwndoc_20210815.yml' '/tmp/reconmap-data-test.json'

Features:

  • The fields description, observation and remediation from PwnDoc will be converted from HTML to Markdown (as Reconmap used it)
  • The cvssSeverity field from PwnDoc will be used for the risk field of Reconmap

Limitations:

  • As there is no Multilingual vulnerability support yet in Reconmap (#50) but there is in PwnDoc, a workaround is used to create an instance of vulnerability per language. So if you have French (fr) + English (en) locales in PwnDoc then two vulnerabilities will be created in Reconmap and the lang will be prefixed to the title. Example: [en] SQL injection and [fr] Injection SQL.
  • The fields priority and remediationComplexity from PwnDoc will be lost since Reconmap doesn't support them yet (#51)
  • The fields category and vulnType from PwnDoc will be lost until some points about the import behavior of Reconmap are clarified (#52)
  • The references field from PwnDoc will be appended at the end of the solution field of Reconmap since there is not yet a references field on Reconmap (#51)
  • Vulnerabilities will be marked as status open and sub-status reported because of the Reconmap DB architecture (#54)
  • Custom fields from PwnDoc will be lost since there is not yet the possibility to add custom fields on Reconmap (#51)
  • The creator id for Reconmap will be set to 1 (the default admin), if you want to change that modify the creator_uid and maybe creator_full_name; I don't know how it behaves yet (#52)

Vulnrepo to Reconmap

vulnrepo to Reconmap

Converting vulnerability templates

Prerequisites:

  • Ruby

Usage:

ruby vulnrepo2reconmap_vulns.rb 'vulns.json' 'reconmap_vuln_templates.json'

Pwndoc-ng to Sysreptor

Pwndoc-ng to Sysreptor

Converting vulnerabilities

Prerequisites:

  • probably any version of Ruby 2.X and 3.X
  • kramdown gem

Usage:

ruby pwndoc-ng2sysreptor_vulns.rb pwndoc_vuln_file.yml export_folder

Example:

ruby pwndoc-ng2sysreptor_vulns.rb /tmp/vulnerabilities.yml sysreptor

Features:

  • The fields description, observation and remediation from Pwndoc-ng will be converted from HTML to Markdown (as Sysreptor used it)
  • JSON + .tar.gz individual file export
  • Global .tar.gz for bulk import

Limitations:

  • The fields priority and remediationComplexity from Pwndoc-ng will be lost
  • The fields category from Pwndoc-ng will be added in tags in Sysreptor
  • Mapping for en-US and fr-FR is hardcoded
  • Status in arbitrarily set to in-progress
  • I was using a custom field as Ref ID in Pwndoc-ng so I chose to import it in refid in Sysreptor
  • The field description from Pwndoc-ng is mapped to summary in Sysreptor
  • The field observation from Pwndoc-ng is mapped to description (technical description) in Sysreptor
  • The field remediation from Pwndoc-ng is mapped to recommendation in Sysreptor
  • The fields vulnType from Pwndoc-ng will be lost
  • Other custom fields from Pwndoc-ng will be lost
  • Other Sysreptor fields are left blank

About

Collection of scripts used to convert stuff from one penetration testing collaborative platform to another and facilitate the migration of solution

Topics

Resources

License

Stars

Watchers

Forks