bqm 1.2.0 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 28bbff6c42f4653702f6e091868d7b54e83b461c3501a5eeffd5d423a04445e2
-  data.tar.gz: dc65921e523353a6ab7ae6be055e901c9cb8d83c4fb1f2c7483e8029d2408903
+  metadata.gz: 4a7ea69f913278933cdcbae6a764b166d7990931ce1f68c1264f3c0127f548ad
+  data.tar.gz: 65a2b6a2aa1e78864e48671a2f8b5e4ce395fa0eaead13ce3098806cc6391ce9
 SHA512:
-  metadata.gz: 2fe4cc56dd34eed52c1d817867bad75399a4df798a66f87d897141441fee53418e3d1e3d33818efb97c49c928156db66ff0874215977ec6c1972d43b4d2e6a9e
-  data.tar.gz: 57b22d6b6724487fb7316b746c3fb6c3d0236de816a057cfafefb09e7321a80b27d5df77cd51b0f474a525ed62830486c7e1e478acaf7c5fdc4fd394478aecff
+  metadata.gz: be95aaeccf71fb47aac6179e3be127d5d456fc88e4f67b1798b46dfafcf24cba0220cc6c5569fba98acbd24b9ca2f6bde71adb2604e9b0d9e2e4afeb56bb743f
+  data.tar.gz: c752dc0e0d790b2b9e5337d5622cf05fd5d553558d7c3cb6654829ad54d8fb88157849e4d70c5a55589327c136dd2d442a857089d244923062953ba6b3a06f83

data/bin/bqm

@@ -14,7 +14,8 @@ def find_dataset
   raise IOError, "The dataset file #{source_file} does not exist or is unreadable."
 end
 
-def merge(source)
+# Merge remote sets defined in data/query-sets.json
+def merge_remote(source)
   sets = get_datasets(source)
   queries = []
   sets.each do |s|
@@ -25,6 +26,24 @@ def merge(source)
   queries
 end
 
+# Merge local sets provided by the user
+def merge_local(sources)
+  queries = []
+  sources.each do |source|
+    if File.file?(source) && File.readable?(source)
+      begin
+        data = JSON.load_file(source)
+      rescue NoMethodError # ruby 2.7 retro-compatibility
+        data = JSON.parse(File.read(source))
+      end
+      queries += data['queries']
+    else
+      raise IOError, "The dataset file #{source} does not exist or is unreadable."
+    end
+  end
+  queries
+end
+
 # Query class just for the sake of having custom comparison
 class BQMquery
   attr_accessor :data
@@ -59,7 +78,8 @@ def pretty_link(lst)
 end
 
 def get_datasets(source)
-  begin # ruby 3.0+
+  # ruby 3.0+
+  begin
     src = JSON.load_file(source)
   rescue NoMethodError # ruby 2.7 retro-compatibility
     src = JSON.parse(File.read(source))
@@ -71,14 +91,20 @@ if __FILE__ == $PROGRAM_NAME
   source = find_dataset
 
   require 'optparse'
-  options = {}
+  options = {
+    :'local-sets' => []
+  }
   OptionParser.new do |parser|
     parser.banner = 'Usage: bqm [options]'
 
     parser.on('-o', '--output-path PATH', 'Path where to store the query file')
     parser.on('-l', '--list', 'List available datasets')
+    parser.on('-i', '--local-sets FILE,...', Array, 'Local custom queries files') do |f|
+      options[:'local-sets'] += f
+    end
     parser.separator ''
     parser.separator 'Example: bqm -o ~/.config/bloodhound/customqueries.json'
+    parser.separator 'Example: bqm -o /tmp/customqueries.json -i /tmp/a.json,/tmp/b.json'
   end.parse!(into: options)
 
   out = options[:'output-path']
@@ -89,8 +115,28 @@ if __FILE__ == $PROGRAM_NAME
       puts l
     end
   elsif out
+    flags = {}
+    flags[:merge_actual] = false
+    if File.file?(out) && File.readable?(out)
+      puts "[+] The output path #{out} already exists"
+      puts '[?] Do you want to overwrite it? [y/n]'
+      if STDIN.gets.chomp == 'y'
+        puts '[?] What to do with the existing queries? (merge / discard) [m/d]'
+        flags[:merge_actual] = true if STDIN.gets.chomp == 'm'
+      else
+        exit
+      end
+    end
     puts '[+] Fetching and merging datasets'
-    data = merge(source)
+    data = merge_remote(source)
+    local_set = options[:'local-sets']
+    if local_set
+      data += merge_local(local_set)
+    end
+    if flags[:'merge_actual']
+      puts '[+] Merging your existing queries'
+      data += JSON.parse(File.read(out))['queries']
+    end
     puts '[+] Removing duplicates'
     queries = deduplicate(data).map(&:data)
 

data/data/query-sets.json

@@ -11,6 +11,7 @@
     "https://raw.githubusercontent.com/zeronetworks/BloodHound-Tools/main/CustomQueries/customqueries.json",
     "https://raw.githubusercontent.com/egypt/customqueries/master/customqueries.json",
     "https://raw.githubusercontent.com/trustedsec/CrackHound/main/customqueries.json",
-    "https://raw.githubusercontent.com/aress31/bloodhound-utils/main/customqueries.json"
+    "https://raw.githubusercontent.com/aress31/bloodhound-utils/main/customqueries.json",
+    "https://raw.githubusercontent.com/ThePorgs/Exegol-images/main/sources/bloodhound/customqueries.json"
   ]
 }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bqm
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.4.0
 platform: ruby
 authors:
 - Alexandre ZANNI
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-01-26 00:00:00.000000000 Z
+date: 2023-06-26 00:00:00.000000000 Z
 dependencies: []
 description: Deduplicate custom BloudHound queries from different datasets and merge
   them in one customqueries.json file.
@@ -26,6 +26,8 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/Acceis/bqm/issues
+  changelog_uri: https://github.com/Acceis/bqm/releases
+  documentation_uri: https://acceis.github.io/bqm/
   homepage_uri: https://github.com/Acceis/bqm
   source_code_uri: https://github.com/Acceis/bqm/
   rubygems_mfa_required: 'true'
@@ -40,7 +42,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.6.0
   - - "<"
     - !ruby/object:Gem::Version
-      version: '3.3'
+      version: '4.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="