Pentest collab convert is a collection of scripts used to convert stuff from one penetration testing collaborative platform to another and facilitate the migration of solution
Prerequisites:
- probably any version of Ruby 2.X and 3.X
- kramdown gem
Usage:
ruby pwndoc2reconmap_vulns.rb 'pwndoc_vuln_file.yml' 'reconmap_vuln_file.json'Example:
ruby pwndoc2reconmap_vulns.rb '/tmp/vulnerabilities_pwndoc_20210815.yml' '/tmp/reconmap-data-test.json'Features:
- The fields
description,observationandremediationfrom PwnDoc will be converted from HTML to Markdown (as Reconmap used it) - The
cvssSeverityfield from PwnDoc will be used for theriskfield of Reconmap
Limitations:
- As there is no Multilingual vulnerability support yet in Reconmap (#50) but there is in PwnDoc, a workaround is used to create an instance of vulnerability per language. So if you have French (fr) + English (en) locales in PwnDoc then two vulnerabilities will be created in Reconmap and the lang will be prefixed to the title. Example:
[en] SQL injectionand[fr] Injection SQL. - The fields
priorityandremediationComplexityfrom PwnDoc will be lost since Reconmap doesn't support them yet (#51) - The fields
categoryandvulnTypefrom PwnDoc will be lost until some points about the import behavior of Reconmap are clarified (#52) - The
referencesfield from PwnDoc will be appended at the end of thesolutionfield of Reconmap since there is not yet areferencesfield on Reconmap (#51) - Vulnerabilities will be marked as status open and sub-status reported because of the Reconmap DB architecture (#54)
- Custom fields from PwnDoc will be lost since there is not yet the possibility to add custom fields on Reconmap (#51)
- The creator id for Reconmap will be set to
1(the default admin), if you want to change that modify thecreator_uidand maybecreator_full_name; I don't know how it behaves yet (#52)
Prerequisites:
- Ruby
Usage:
ruby vulnrepo2reconmap_vulns.rb 'vulns.json' 'reconmap_vuln_templates.json'