164 lines
5.6 KiB
Bash
Executable File
164 lines
5.6 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# handler_pentest - sets up a pentest repo with PenText based on a quote repo
|
|
#
|
|
# This script is part of the PenText framework
|
|
# https://pentext.org
|
|
#
|
|
# Copyright (C) 2016 Radically Open Security
|
|
# https://www.radicallyopensecurity.com
|
|
#
|
|
# Author(s): Peter Mosmans
|
|
# John Sinteur
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
|
|
VERSION=0.9
|
|
SAXON=/usr/local/bin/saxon/saxon9he.jar
|
|
TEMPLATEREPO=ssh://git@gitlab.local/peter/templates
|
|
|
|
# These variables should be set environment-specific
|
|
[ -z $GITLABCLI ] && GITLABCLI=gitlab
|
|
[ -z $GITSERVER ] && GITSERVER=gitlab.local
|
|
[ -z $NAMESPACE ] && NAMESPACE=ros
|
|
[ -z $NAMESPACEID ] && NAMESPACEID=1
|
|
[ -z $PENTEXTREPO ] && PENTEXTREPO=https://github.com/radicallyopensecurity/pentext
|
|
|
|
TEMPLOC=$(mktemp -d)
|
|
pentext=$(echo $PENTEXTREPO|awk -F '/' '{print $5}')
|
|
# Read standard 'command line' variables
|
|
[[ ! -z $1 ]] && REPO=$1
|
|
[[ ! -z $2 ]] && NAMESPACE=$2
|
|
[[ ! -z $3 ]] && PREVIOUS=$3
|
|
BRANCH=master
|
|
TARGET=quote
|
|
|
|
trap cleanup EXIT QUIT
|
|
|
|
# Make sure that the temporary files are always removed
|
|
cleanup() {
|
|
trap '' EXIT INT QUIT
|
|
# remove repo if not finished successfully
|
|
if [ -z $finished ] && [ ! -z $project_id ]; then
|
|
$GITLABCLI project delete --id $project_id
|
|
echo "[-] deleted project $project_id"
|
|
fi
|
|
[ -d $TEMPLOC ] && rm -rf $TEMPLOC &>/dev/null
|
|
exit
|
|
}
|
|
|
|
# As quote used to be called offerte or offer,
|
|
# this function retains backward compatibility - v0.2
|
|
backwards_compatible() {
|
|
if [[ $TARGET == "quote" ]] && [ ! -f $TARGET.xml ]; then
|
|
TARGET="offerte"
|
|
fi
|
|
}
|
|
|
|
# Clones repo using global (!) variables - v0.3
|
|
clone_repo() {
|
|
pushd $TEMPLOC 1>/dev/null
|
|
git clone --depth=1 -q ssh://git@${GITSERVER}/${NAMESPACE}/${REPO}.git &>/dev/null
|
|
if [ ! -d $TEMPLOC/$REPO ]; then
|
|
echo "[-] could not clone repo ${NAMESPACE}/${REPO}"
|
|
exit 1
|
|
else
|
|
cd $REPO
|
|
fi
|
|
}
|
|
|
|
# Preflight checks using global (!) variables
|
|
preflight_checks() {
|
|
if [ -z $REPO ]; then
|
|
echo "[-] repository name needed (without leading pen- or off-)"
|
|
exit
|
|
fi
|
|
if [ ! -f $SAXON ]; then
|
|
echo "[-] this script needs saxon ($SAXON)"
|
|
fi
|
|
}
|
|
|
|
setup_repo() {
|
|
project_id=$($GITLABCLI project create --name $REPO --namespace $NAMESPACEID --issues-enabled true --wiki-enabled true --snippets-enabled true --wall-enabled true --merge-requests-enabled true 2>/dev/null| awk '/id:/{print $2}')
|
|
if [ ! -z $project_id ]; then
|
|
echo "[+] successfully created gitlab project $REPO with id ${project_id}"
|
|
$GITLABCLI project-label create --project-id ${project_id} --name documentation --color "#0000FF" &>/dev/null
|
|
$GITLABCLI project-label create --project-id ${project_id} --name finding --color "#00c800" &>/dev/null
|
|
$GITLABCLI project-label create --project-id ${project_id} --name lead --color "#e4d700" &>/dev/null
|
|
$GITLABCLI project-label create --project-id ${project_id} --name non-finding --color "#c80000" &>/dev/null
|
|
$GITLABCLI project-label create --project-id ${project_id} --name future-work --color "#f8b7b2" &>/dev/null
|
|
$GITLABCLI project-issue create --project-id ${project_id} --description "Please drop all your positive/negative comments here, so that we can keep on improving our processes. It is important that we learn from <b>what</b>. No need for namecalling, <b>who</b> is unimportant <br /> <h2>Thumbs up</h2> <h2>Improvement</h2><h2>Not project related</h2><h2>Project related</h2>" --title "Retrospective: add your feedback HERE" &> /dev/null
|
|
else
|
|
echo "[-] could not create repo $NAMESPACE/$REPO"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
# Add standard templates using global (!) variables - v0.2
|
|
add_templates() {
|
|
[ -d $TEMPLOC/$pentext ] && rm -rf $TEMPLOC/$pentext &>/dev/null
|
|
pushd $TEMPLOC 1>/dev/null && git clone --depth=1 $PENTEXTREPO &>/dev/null && popd 1>/dev/null
|
|
|
|
if [ ! -d $TEMPLOC/$pentext ]; then
|
|
echo "[-] could not clone (and therefore add) pentext repo $TEMPLATEREPO"
|
|
exit 1
|
|
else
|
|
clone_repo
|
|
# copy the framework
|
|
cp -r $TEMPLOC/$pentext/xml/* .
|
|
# remove the docs
|
|
rm -r doc &>/dev/null
|
|
fi
|
|
}
|
|
|
|
grab_offer() {
|
|
pushd source &>/dev/null
|
|
backwards_compatible
|
|
if [ ! -f $TARGET.xml ]; then
|
|
echo "[-] could not find $TARGET.xml"
|
|
exit
|
|
fi
|
|
cp client_info.xml $TEMPLOC/client_info.xml &> /dev/null
|
|
cp $TARGET.xml $TEMPLOC/quote.xml &> /dev/null
|
|
}
|
|
|
|
convert_report() {
|
|
cp $TEMPLOC/quote.xml source/quote.xml &> /dev/null
|
|
cp $TEMPLOC/client_info.xml source/client_info.xml &> /dev/null
|
|
pushd source &>/dev/null
|
|
java -jar $SAXON -s:quote.xml -xsl:../xslt/off2rep.xsl -o:report.xml
|
|
if [ ! -f report.xml ]; then
|
|
echo "[-] hmmm... failed to convert quote into report.xml"
|
|
exit 1
|
|
fi
|
|
popd &>/dev/null
|
|
mkdir -p findings/ &>/dev/null
|
|
mkdir -p non-findings/ &>/dev/null
|
|
}
|
|
|
|
add_to_repo() {
|
|
git add * &>/dev/null
|
|
git commit -q -m "Initialized pentest repository with PenText using ChatOps" &> /dev/null
|
|
git push -q > /dev/null
|
|
}
|
|
|
|
preflight_checks
|
|
echo "startpentest v${VERSION} - Ready for some ACTION?"
|
|
ORIGREPO=$REPO
|
|
REPO=off-$ORIGREPO
|
|
[[ ! -z $PREVIOUS ]] && $REPO=$PREVIOUS
|
|
clone_repo
|
|
grab_offer
|
|
REPO=pen-${ORIGREPO}
|
|
setup_repo
|
|
add_templates
|
|
convert_report
|
|
add_to_repo
|
|
|
|
echo "[+] listo!"
|
|
finished=true
|