Skip to content
/ pwndoc-ng-database Public

Collaborative vulnerability database for Pentesting & Pwndoc-Ng

12 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pwndoc-ng/pwndoc-ng-database

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits

Reports

Reports

 
 

Vulnerabilities

Vulnerabilities

 
 

OWASP_WSTG_ASVS_en.json

OWASP_WSTG_ASVS_en.json

 
 

OWASP_WSTG_ASVS_es.json

OWASP_WSTG_ASVS_es.json

 
 

README.md

README.md

 
 

automatic_merge.side

automatic_merge.side

 
 

parse_wstg.py

parse_wstg.py

 
 

Repository files navigation

Pwndoc-NG Database

This repository contain vulnerabilities databases for pwndoc-ng and custom templates.

Vulnerabilities

preview_automatic_merge.mp4

If you want to pre-populate your pwndoc-ng with vulnerabilities:

  1. The vulnerabilities are taken from the spreadsheet from https://github.com/JulianGR/OWASP_WSTG_ASVS
  2. To import them,
    1. Create 'es' and 'en' locales. They have to be exactly that, otherwise pwndoc-ng won't recognize the vulns.
    2. Use the two .json files and go to Custom data > Import
  3. To merge them automatically, just like in the video, donwload the Selenium extension in your browser. NOTE: for me, it worked only in Firefox (https://addons.mozilla.org/es/firefox/addon/selenium-ide/), NOT in Chrome or Opera.
  4. Open the script and click "Run all test"
  5. Success

For developers

Parsing script

If you are an user and want to import vulns, you don't have to use the script. However, if you want more control over what you import, there are a few considerations:

  • If you want a different locale, change the main:
# main([NAME OF THE SPREADSHEET FILE], [NAME OF THE SHEET], [LOCALE], [CATEGORY OF VULNS])
  • The script is very much customized to parse the spreadsheet. For example, the spreadsheet is converted to markdown so that when vulns appear with format in pwndoc-ng. If there are future changes to the spreadsheet, I will make the script compatible. More languages are going to be added with time (pull request them =D )
  • If you want to add custom fields to vulnerabilities, you have to first export in .yaml vulnerabilites that you created by hand with the parameter, then figure out which ID they have, then paste and uncomment the "custom field section" in the script

Selenium script

  • Right now, the loop is executed 118 times since there are exactly 118 vulnerabilities in the spreadsheet. Again, if there are future changes to the spreadsheet, I will make the script compatible. More languages are going to be added with time (pull request them =D )
  • This method of automatic merging works because, while the ordering in the "Vulnerabilities" view is alphabetical, the ordering in the merge pop-up is not alphabetical.

About

Collaborative vulnerability database for Pentesting & Pwndoc-Ng

Resources

Readme
Activity
Custom properties

Stars

12 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages