Pentest collab convert

Pentest collab convert is a collection of scripts used to convert stuff from one penetration testing collaborative platform to another and facilitate the migration of solution

PwnDoc to Reconmap

PwnDoc to Reconmap

Converting vulnerabilities

Prerequisites:

• probably any version of Ruby 2.X and 3.X
• kramdown gem

Usage:

ruby pwndoc2reconmap_vulns.rb 'pwndoc_vuln_file.yml' 'reconmap_vuln_file.json'

Example:

ruby pwndoc2reconmap_vulns.rb '/tmp/vulnerabilities_pwndoc_20210815.yml' '/tmp/reconmap-data-test.json'

Features:

• The fields description, observation and remediation from PwnDoc will be converted from HTML to Markdown (as Reconmap used it)
• The cvssSeverity field from PwnDoc will be used for the risk field of Reconmap

Limitations:

• As there is no Multilingual vulnerability support yet in Reconmap (#50) but there is in PwnDoc, a workaround is used to create an instance of vulnerability per language. So if you have French (fr) + English (en) locales in PwnDoc then two vulnerabilities will be created in Reconmap and the lang will be prefixed to the title. Example: [en] SQL injection and [fr] Injection SQL.
• The fields priority and remediationComplexity from PwnDoc will be lost since Reconmap doesn't support them yet (#51)
• The fields category and vulnType from PwnDoc will be lost until some points about the import behavior of Reconmap are clarified (#52)
• The references field from PwnDoc will be appended at the end of the solution field of Reconmap since there is not yet a references field on Reconmap (#51)
• Vulnerabilities will be marked as status open and sub-status reported because of the Reconmap DB architecture (#54)
• Custom fields from PwnDoc will be lost since there is not yet the possibility to add custom fields on Reconmap (#51)
• The creator id for Reconmap will be set to 1 (the default admin), if you want to change that modify the creator_uid and maybe creator_full_name; I don't know how it behaves yet (#52)

Vulnrepo to Reconmap

vulnrepo to Reconmap

Converting vulnerability templates

Prerequisites:

• Ruby

Usage:

ruby vulnrepo2reconmap_vulns.rb 'vulns.json' 'reconmap_vuln_templates.json'

Pwndoc-ng to Sysreptor

Pwndoc-ng to Sysreptor

Converting vulnerabilities

Prerequisites:

• probably any version of Ruby 2.X and 3.X
• kramdown gem

Usage:

ruby pwndoc-ng2sysreptor_vulns.rb pwndoc_vuln_file.yml export_folder

Example:

ruby pwndoc-ng2sysreptor_vulns.rb /tmp/vulnerabilities.yml sysreptor

Features:

• The fields description, observation and remediation from Pwndoc-ng will be converted from HTML to Markdown (as Sysreptor used it)
• JSON + .tar.gz individual file export
• Global .tar.gz for bulk import

Limitations:

• The fields priority and remediationComplexity from Pwndoc-ng will be lost
• The fields category from Pwndoc-ng will be added in tags in Sysreptor
• Mapping for en-US and fr-FR is hardcoded
• Status in arbitrarily set to in-progress
• I was using a custom field as Ref ID in Pwndoc-ng so I chose to import it in refid in Sysreptor
• The field description from Pwndoc-ng is mapped to summary in Sysreptor
• The field observation from Pwndoc-ng is mapped to description (technical description) in Sysreptor
• The field remediation from Pwndoc-ng is mapped to recommendation in Sysreptor
• The fields vulnType from Pwndoc-ng will be lost
• Other custom fields from Pwndoc-ng will be lost
• Other Sysreptor fields are left blank