Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/noraj/pentest-collab-convert

Collection of scripts used to convert stuff from one penetration testing collaborative platform to another and facilitate the migration of solution
https://github.com/noraj/pentest-collab-convert

collaboration-platform pentest pentest-scripts

Last synced: about 2 months ago
JSON representation

Collection of scripts used to convert stuff from one penetration testing collaborative platform to another and facilitate the migration of solution

Awesome Lists containing this project

README 

        
# Pentest collab convert



[![GitHub license](https://img.shields.io/github/license/noraj/Pentest-collab-convert)](https://github.com/noraj/Pentest-collab-convert/blob/master/LICENSE)



> Pentest collab convert is a collection of scripts used to convert stuff from one penetration testing collaborative platform to another and facilitate the migration of solution



## PwnDoc to Reconmap



[PwnDoc][pwndoc] to [Reconmap][reconmap]



### Converting vulnerabilities



Prerequisites:



- probably any version of Ruby 2.X and 3.X

- [kramdown](https://rubygems.org/gems/kramdown/) gem



Usage:



```shell

ruby pwndoc2reconmap_vulns.rb 'pwndoc_vuln_file.yml' 'reconmap_vuln_file.json'

```



Example:



```shell

ruby pwndoc2reconmap_vulns.rb '/tmp/vulnerabilities_pwndoc_20210815.yml' '/tmp/reconmap-data-test.json'

```



Features:



- The fields `description`, `observation` and `remediation` from PwnDoc will be converted from HTML to Markdown (as Reconmap used it)

- The `cvssSeverity` field from PwnDoc will be used for the `risk` field of Reconmap



Limitations:



- As there is no _Multilingual vulnerability_ support yet in Reconmap ([#50][reconmap-50]) but there is in PwnDoc, a workaround is used to create an instance of vulnerability per language. So if you have French (fr) + English (en) locales in PwnDoc then two vulnerabilities will be created in Reconmap and the lang will be prefixed to the title. Example: `[en] SQL injection` and `[fr] Injection SQL`.

- The fields `priority` and `remediationComplexity` from PwnDoc will be lost since Reconmap doesn't support them yet ([#51][reconmap-51])

- The fields `category` and `vulnType` from PwnDoc will be lost until some points about the import behavior of Reconmap are clarified ([#52][reconmap-52])

- The `references` field from PwnDoc will be appended at the end of the `solution` field of Reconmap since there is not yet a `references` field on Reconmap ([#51][reconmap-51])

- Vulnerabilities will be marked as status open and sub-status reported because of the Reconmap DB architecture ([#54][reconmap-54])

- Custom fields from PwnDoc will be lost since there is not yet the possibility to add custom fields on Reconmap ([#51][reconmap-51])

- The creator id for Reconmap will be set to `1` (the default admin), if you want to change that modify the `creator_uid` and maybe `creator_full_name`; I don't know how it behaves yet ([#52][reconmap-52])



## Vulnrepo to Reconmap



[vulnrepo][vulnrepo] to [Reconmap][reconmap]



### Converting vulnerability templates



Prerequisites:



- Ruby



Usage:



```shell

ruby vulnrepo2reconmap_vulns.rb 'vulns.json' 'reconmap_vuln_templates.json'

```



## Pwndoc-ng to Sysreptor



[Pwndoc-ng][pwndoc-ng] to [Sysreptor][sysreptor]



### Converting vulnerabilities



Prerequisites:



- probably any version of Ruby 2.X and 3.X

- [kramdown](https://rubygems.org/gems/kramdown/) gem



Usage:



```shell

ruby pwndoc-ng2sysreptor_vulns.rb pwndoc_vuln_file.yml export_folder

```



Example:



```shell

ruby pwndoc-ng2sysreptor_vulns.rb /tmp/vulnerabilities.yml sysreptor

```



Features:



- The fields `description`, `observation` and `remediation` from Pwndoc-ng will be converted from HTML to Markdown (as Sysreptor used it)

- JSON + `.tar.gz` individual file export

- Global `.tar.gz` for bulk import



Limitations:



- The fields `priority` and `remediationComplexity` from Pwndoc-ng will be lost

- The fields `category` from Pwndoc-ng will be added in `tags` in Sysreptor

- Mapping for en-US and fr-FR is hardcoded

- Status in arbitrarily set to `in-progress`

- I was using a custom field as Ref ID in Pwndoc-ng so I chose to import it in `refid` in Sysreptor

- The field `description` from Pwndoc-ng is mapped to `summary` in Sysreptor

- The field `observation` from Pwndoc-ng is mapped to `description` (technical description) in Sysreptor

- The field `remediation` from Pwndoc-ng is mapped to `recommendation` in Sysreptor

- The fields `vulnType` from Pwndoc-ng will be lost

- Other custom fields from Pwndoc-ng will be lost

- Other Sysreptor fields are left blank



[pwndoc]:https://github.com/pwndoc

[pwndoc-ng]:https://github.com/pwndoc-ng

[reconmap]:https://github.com/reconmap

[reconmap-50]:https://github.com/reconmap/reconmap/issues/50

[reconmap-51]:https://github.com/reconmap/reconmap/issues/51

[reconmap-52]:https://github.com/reconmap/reconmap/issues/52#issuecomment-899048105

[reconmap-54]:https://github.com/reconmap/reconmap/issues/54

[sysreptor]:https://github.com/Syslifters/sysreptor

[vulnrepo]:https://github.com/kac89/vulnrepo/