bqm 1.4.0 → 1.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/DOC.md +4 -0
- data/bin/bqm +37 -21
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1a14c962fd0bf2a8c456bf7b9ff5416036289f61a8d4030ed246a77b6115aec0
|
|
4
|
+
data.tar.gz: d9d0bf051756b2eba968cdb37945fd953db2746b646f6a9888c4100207979792
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2283d7f843cfec5c8de3cf92044a12ed3731474125c6fa70675476cbce028b6dc26d8bdfd6ceafd8dd940d2a33a7d763558834a7ecbc709ab72b1ebcba18dc0c
|
|
7
|
+
data.tar.gz: 5f22350ef473520e98f26facab2a7a583b07739f0aa03b9d0fb312199a696e074ae311191476883af12bd46b1bf2413e4c519dd997a257d9ddca52e022ce4222
|
data/DOC.md
ADDED
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
## Options
|
|
2
|
+
|
|
3
|
+
- `-i`, `--local-sets`: if several items are provided, they must be comma (`,`) separated. Items can be either a Bloodhound custom query file, a bqm or a folder. In case of a bqm query sets file (similar to `query-sets.json`) or a folder, bqm will try to parse all JSON files inside it, so the folder should not contain other types of JSON files.
|
|
4
|
+
- `--ignore-default`: ignore the default `query-sets.json`. It's useful for **offline** usage or if you don't want the default data sets.
|
data/bin/bqm
CHANGED
|
@@ -15,30 +15,40 @@ def find_dataset
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
# Merge remote sets defined in data/query-sets.json
|
|
18
|
-
def merge_remote(source)
|
|
18
|
+
def merge_remote(source, verbose: false)
|
|
19
19
|
sets = get_datasets(source)
|
|
20
20
|
queries = []
|
|
21
21
|
sets.each do |s|
|
|
22
22
|
customqueries = Net::HTTP.get(URI(s))
|
|
23
23
|
data = JSON.parse(customqueries)
|
|
24
24
|
queries += data['queries']
|
|
25
|
+
puts " [*] File merged: #{s}" if verbose
|
|
25
26
|
end
|
|
26
27
|
queries
|
|
27
28
|
end
|
|
28
29
|
|
|
29
30
|
# Merge local sets provided by the user
|
|
30
|
-
def merge_local(sources)
|
|
31
|
+
def merge_local(sources, verbose: false)
|
|
31
32
|
queries = []
|
|
32
33
|
sources.each do |source|
|
|
34
|
+
# If it's a file parse it
|
|
33
35
|
if File.file?(source) && File.readable?(source)
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
36
|
+
data = json_load(source)
|
|
37
|
+
if data['queries']
|
|
38
|
+
queries += data['queries']
|
|
39
|
+
elsif data['sets']
|
|
40
|
+
queries += merge_remote(source, verbose: verbose)
|
|
41
|
+
else
|
|
42
|
+
raise KeyError, "The file #{source} is neiter a Bloodhound custom query file nor a bqm query sets file"
|
|
38
43
|
end
|
|
39
|
-
|
|
44
|
+
puts " [*] File merged: #{source}" if verbose
|
|
45
|
+
# If it's a folder, retrieve all JSON files and assumes there are queries files
|
|
46
|
+
# Then recursive call for a normal file parsing
|
|
47
|
+
elsif File.directory?(source) && File.readable?(source)
|
|
48
|
+
qfiles = Dir.glob('*.json', base: source).map { |f| File.absolute_path(f, source) }
|
|
49
|
+
queries += merge_local(qfiles, verbose: verbose)
|
|
40
50
|
else
|
|
41
|
-
raise IOError, "The dataset file #{source} does not exist or is unreadable."
|
|
51
|
+
raise IOError, "The dataset file/directory #{source} does not exist or is unreadable."
|
|
42
52
|
end
|
|
43
53
|
end
|
|
44
54
|
queries
|
|
@@ -78,13 +88,18 @@ def pretty_link(lst)
|
|
|
78
88
|
end
|
|
79
89
|
|
|
80
90
|
def get_datasets(source)
|
|
91
|
+
src = json_load(source)
|
|
92
|
+
src['sets']
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
def json_load(file)
|
|
81
96
|
# ruby 3.0+
|
|
82
97
|
begin
|
|
83
|
-
src = JSON.load_file(
|
|
98
|
+
src = JSON.load_file(file)
|
|
84
99
|
rescue NoMethodError # ruby 2.7 retro-compatibility
|
|
85
|
-
src = JSON.parse(File.read(
|
|
100
|
+
src = JSON.parse(File.read(file))
|
|
86
101
|
end
|
|
87
|
-
src
|
|
102
|
+
src
|
|
88
103
|
end
|
|
89
104
|
|
|
90
105
|
if __FILE__ == $PROGRAM_NAME
|
|
@@ -92,19 +107,21 @@ if __FILE__ == $PROGRAM_NAME
|
|
|
92
107
|
|
|
93
108
|
require 'optparse'
|
|
94
109
|
options = {
|
|
95
|
-
|
|
110
|
+
'local-sets': []
|
|
96
111
|
}
|
|
97
112
|
OptionParser.new do |parser|
|
|
98
113
|
parser.banner = 'Usage: bqm [options]'
|
|
99
114
|
|
|
100
115
|
parser.on('-o', '--output-path PATH', 'Path where to store the query file')
|
|
101
116
|
parser.on('-l', '--list', 'List available datasets')
|
|
102
|
-
parser.on('-i', '--local-sets FILE,...', Array, 'Local custom queries files') do |f|
|
|
117
|
+
parser.on('-i', '--local-sets FILE,DIRECTORY,...', Array, 'Local custom queries files/directories') do |f|
|
|
103
118
|
options[:'local-sets'] += f
|
|
104
119
|
end
|
|
120
|
+
parser.on('--ignore-default', 'Ignore the default query-sets.json')
|
|
121
|
+
parser.on('-v', '--verbose', 'Display the name of the merged files/sets')
|
|
105
122
|
parser.separator ''
|
|
106
123
|
parser.separator 'Example: bqm -o ~/.config/bloodhound/customqueries.json'
|
|
107
|
-
parser.separator 'Example: bqm -o /tmp/customqueries.json -i /tmp/a.json,/
|
|
124
|
+
parser.separator 'Example: bqm -o /tmp/customqueries.json -i /tmp/a.json,/home/user/folder'
|
|
108
125
|
end.parse!(into: options)
|
|
109
126
|
|
|
110
127
|
out = options[:'output-path']
|
|
@@ -120,20 +137,19 @@ if __FILE__ == $PROGRAM_NAME
|
|
|
120
137
|
if File.file?(out) && File.readable?(out)
|
|
121
138
|
puts "[+] The output path #{out} already exists"
|
|
122
139
|
puts '[?] Do you want to overwrite it? [y/n]'
|
|
123
|
-
if
|
|
140
|
+
if $stdin.gets.chomp == 'y'
|
|
124
141
|
puts '[?] What to do with the existing queries? (merge / discard) [m/d]'
|
|
125
|
-
flags[:merge_actual] = true if
|
|
142
|
+
flags[:merge_actual] = true if $stdin.gets.chomp == 'm'
|
|
126
143
|
else
|
|
127
144
|
exit
|
|
128
145
|
end
|
|
129
146
|
end
|
|
130
147
|
puts '[+] Fetching and merging datasets'
|
|
131
|
-
data =
|
|
148
|
+
data = []
|
|
149
|
+
data = merge_remote(source, verbose: options[:verbose]) unless options[:'ignore-default']
|
|
132
150
|
local_set = options[:'local-sets']
|
|
133
|
-
if local_set
|
|
134
|
-
|
|
135
|
-
end
|
|
136
|
-
if flags[:'merge_actual']
|
|
151
|
+
data += merge_local(local_set, verbose: options[:verbose]) if local_set
|
|
152
|
+
if flags[:merge_actual]
|
|
137
153
|
puts '[+] Merging your existing queries'
|
|
138
154
|
data += JSON.parse(File.read(out))['queries']
|
|
139
155
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bqm
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexandre ZANNI
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-06-
|
|
11
|
+
date: 2023-06-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: Deduplicate custom BloudHound queries from different datasets and merge
|
|
14
14
|
them in one customqueries.json file.
|
|
@@ -18,6 +18,7 @@ executables:
|
|
|
18
18
|
extensions: []
|
|
19
19
|
extra_rdoc_files: []
|
|
20
20
|
files:
|
|
21
|
+
- DOC.md
|
|
21
22
|
- LICENSE
|
|
22
23
|
- bin/bqm
|
|
23
24
|
- data/query-sets.json
|