nessana 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/nessana/version.rb +1 -1
  3. metadata +7 -36
  4. data/bin/nessana_old +0 -145
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 841b59ccd2b8e575f45f778d97a1b5c7b158c13fca2bf3bf554792ef25d931b7
4
- data.tar.gz: 056feefeef224de161623a01593d0620def012e44346ab9d5cdae79174d41e29
3
+ metadata.gz: ee396ef7c7de91a411465ca7cd27f2dd2ec0ae3ada00d65f2d7fd93bcf7231d1
4
+ data.tar.gz: f53065e4cd980ea6ea2da9127a87bede09ceaca1a7607df7f53323b4d090aa73
5
5
  SHA512:
6
- metadata.gz: 9b1d6e33a8fccc0a1b6685c5ee6f4d98ef24a1084bc7066138a851c700b886c422c79858cb80dc33eb45ae779ee50a2a09eb234e0eb683fd7ff78105addbaaed
7
- data.tar.gz: 2012a1a887a6b291c1b82636504104808335f6901beb7deca7ed3acf8dc38b220a39bc251df8b49ba6ec8e5d50eb693dada3e4e99343c02ff5885b9544f9c2e7
6
+ metadata.gz: 68b6913aa147d06ef5e1336fd8f694f148e2f67e58cf28b1e1e3690d7761fadbcb0addcd94fa21eafd4f7bbf4bd27f8047702451e65f434d59a66141d2b604ba
7
+ data.tar.gz: 0bcab82e1682510938fcaf5a69a4d3cffe2beba1af660c8417d81540dd464512dcaeaee0bf57d8e3918aba060f240a9e9c686fb190d82961ce1b9ff2cf94d808
@@ -1,3 +1,3 @@
1
1
  module Nessana
2
- VERSION = '0.1.0'.freeze
2
+ VERSION = '0.2.0'.freeze
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nessana
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Kristofer Rye <kristofer.rye@gmail.com>
@@ -10,20 +10,6 @@ bindir: bin
10
10
  cert_chain: []
11
11
  date: 2019-01-22 00:00:00.000000000 Z
12
12
  dependencies:
13
- - !ruby/object:Gem::Dependency
14
- name: asana
15
- requirement: !ruby/object:Gem::Requirement
16
- requirements:
17
- - - "~>"
18
- - !ruby/object:Gem::Version
19
- version: 0.6.3
20
- type: :runtime
21
- prerelease: false
22
- version_requirements: !ruby/object:Gem::Requirement
23
- requirements:
24
- - - "~>"
25
- - !ruby/object:Gem::Version
26
- version: 0.6.3
27
13
  - !ruby/object:Gem::Dependency
28
14
  name: fastcsv
29
15
  requirement: !ruby/object:Gem::Requirement
@@ -58,14 +44,14 @@ dependencies:
58
44
  requirements:
59
45
  - - "~>"
60
46
  - !ruby/object:Gem::Version
61
- version: 0.8.0
47
+ version: 0.9.0
62
48
  type: :runtime
63
49
  prerelease: false
64
50
  version_requirements: !ruby/object:Gem::Requirement
65
51
  requirements:
66
52
  - - "~>"
67
53
  - !ruby/object:Gem::Version
68
- version: 0.8.0
54
+ version: 0.9.0
69
55
  - !ruby/object:Gem::Dependency
70
56
  name: codecov
71
57
  requirement: !ruby/object:Gem::Requirement
@@ -80,20 +66,6 @@ dependencies:
80
66
  - - "~>"
81
67
  - !ruby/object:Gem::Version
82
68
  version: 0.1.14
83
- - !ruby/object:Gem::Dependency
84
- name: coveralls
85
- requirement: !ruby/object:Gem::Requirement
86
- requirements:
87
- - - "~>"
88
- - !ruby/object:Gem::Version
89
- version: 0.8.22
90
- type: :development
91
- prerelease: false
92
- version_requirements: !ruby/object:Gem::Requirement
93
- requirements:
94
- - - "~>"
95
- - !ruby/object:Gem::Version
96
- version: 0.8.22
97
69
  - !ruby/object:Gem::Dependency
98
70
  name: guard
99
71
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +100,14 @@ dependencies:
128
100
  requirements:
129
101
  - - "~>"
130
102
  - !ruby/object:Gem::Version
131
- version: 0.11.3
103
+ version: 0.12.2
132
104
  type: :development
133
105
  prerelease: false
134
106
  version_requirements: !ruby/object:Gem::Requirement
135
107
  requirements:
136
108
  - - "~>"
137
109
  - !ruby/object:Gem::Version
138
- version: 0.11.3
110
+ version: 0.12.2
139
111
  - !ruby/object:Gem::Dependency
140
112
  name: rspec
141
113
  requirement: !ruby/object:Gem::Requirement
@@ -206,7 +178,7 @@ dependencies:
206
178
  - - "~>"
207
179
  - !ruby/object:Gem::Version
208
180
  version: 0.16.1
209
- description: 'A Nessus dump parser and differ which can create Asana tasks.
181
+ description: 'A fast Nessus dump parser and differ.
210
182
 
211
183
  '
212
184
  email:
@@ -217,7 +189,6 @@ extra_rdoc_files: []
217
189
  files:
218
190
  - README.md
219
191
  - bin/nessana
220
- - bin/nessana_old
221
192
  - lib/nessana.rb
222
193
  - lib/nessana/detection.rb
223
194
  - lib/nessana/dump.rb
@@ -248,5 +219,5 @@ requirements: []
248
219
  rubygems_version: 3.0.2
249
220
  signing_key:
250
221
  specification_version: 4
251
- summary: A Nessus dump parser and Asana task creator
222
+ summary: A Nessus dump parser and differ
252
223
  test_files: []
@@ -1,145 +0,0 @@
1
- #!/usr/bin/env ruby
2
-
3
- require 'asana'
4
- require 'csv'
5
- require 'json'
6
- require 'logger'
7
- require 'pp'
8
- require 'pry'
9
- require 'ruby-prof'
10
- require 'ruby-prof-flamegraph'
11
- require 'yaml'
12
-
13
- require 'nessana/vulnerability'
14
- require 'nessana/vulnerability_list'
15
-
16
- result = RubyProf.profile do
17
-
18
- $logger = Logger.new(STDOUT)
19
- $logger.level = Logger::DEBUG
20
-
21
- $file_contents = open('secrets.yml', 'rb') do |io|
22
- io.read
23
- end
24
-
25
- $asana_access_token = YAML.load($file_contents)['ASANA_PAT']
26
-
27
- $client = Asana::Client.new do |c|
28
- c.authentication :access_token, $asana_access_token
29
- end
30
-
31
- workspace = $client.workspaces.find_all.select do |workspace|
32
- workspace.name == 'stolaf.org'
33
- end.first
34
-
35
- project = $client.projects.find_all(workspace: workspace.id).select do |project|
36
- project.name == '[Sys] Security'
37
- end.first
38
-
39
- tag = $client.tags.find_all(workspace: workspace.id).select do |tag|
40
- tag.name == 'Automated [Nessana]'
41
- end.first
42
-
43
- pp project.sections
44
-
45
- tasks = $client.tasks.find_by_tag(tag: tag.id).map do |flat_task|
46
- $logger.debug "Fetching task with id=#{flat_task.id}"
47
- $client.tasks.find_by_id(flat_task.id).to_h
48
- end.select do |task_hash|
49
- !task_hash["completed"]
50
- end
51
-
52
- pp tasks
53
-
54
- end
55
-
56
- printer = RubyProf::FlameGraphPrinter.new(result)
57
- printer.print(STDERR, {})
58
-
59
- __END__
60
-
61
- output = nil
62
-
63
- result = RubyProf.profile do
64
- vulnerabilities = VulnerabilityList.from_csv(ARGV[0])
65
-
66
- $vulnerabilities = vulnerabilities.filter_risks.filter_not_accessible
67
-
68
- # vuln_plugin_mapping = $vulnerabilities.each_with_object({}) do |vuln, hash|
69
- # cve_string = vuln.cve ? " (#{vuln.cve})" : ""
70
- # puts "Adding entry for #{vuln.plugin_id}#{cve_string} on host #{vuln.host}:#{vuln.port} (#{vuln.protocol})"
71
- # hash[vuln.plugin_id] ||= []
72
- # hash[vuln.plugin_id].push vuln
73
- # end
74
-
75
- vulns_by_plugin = $vulnerabilities.each_with_object({}) do |vuln, hash|
76
- hash[vuln.plugin_id] ||= []
77
- hash[vuln.plugin_id] << vuln
78
- end
79
-
80
- reports = vulns_by_plugin.map do |plugin_id, vulns|
81
- uniqued_titles = vulns.map do |vuln|
82
- vuln.name
83
- end.uniq
84
-
85
- uniqued_cves = vulns.map do |vuln|
86
- vuln.cve
87
- end.uniq
88
-
89
- uniqued_cvsss = vulns.map do |vuln|
90
- vuln.cvss
91
- end.uniq
92
-
93
- uniqued_risks = vulns.map do |vuln|
94
- vuln.risk
95
- end.uniq
96
-
97
- throw "Plugin #{plugin_id} produced #{uniqued_titles.count} != 1 unique titles!" unless uniqued_titles.count == 1
98
- throw "Plugin #{plugin_id} produced #{uniqued_cvsss.count} != 1 unique CVSS's!" unless uniqued_cvsss.count == 1
99
- throw "Plugin #{plugin_id} produced #{uniqued_risks.count} != 1 unique risks!" unless uniqued_risks.count == 1
100
-
101
- uniqued_hosts = vulns.map do |vuln|
102
- vuln.readable_host
103
- end.uniq
104
-
105
- uniqued_synopses = vulns.map do |vuln|
106
- vuln.synopsis
107
- end.uniq
108
-
109
- throw "More than one unique synopsis given?" unless uniqued_synopses.count == 1
110
-
111
- uniqued_descriptions = vulns.map do |vuln|
112
- vuln.description
113
- end.uniq
114
-
115
- throw "More than one unique description given?" unless uniqued_descriptions.count == 1
116
-
117
- uniqued_solutions = vulns.map do |vuln|
118
- vuln.solution
119
- end.uniq
120
-
121
- throw "More than one unique solution given?" unless uniqued_solutions.count == 1
122
-
123
- {
124
- cvss: uniqued_cvsss.first,
125
- title: "[Nessus #{plugin_id}] #{uniqued_titles.join(', ')}",
126
- body: "CVE: #{uniqued_cves.first || 'N/A'}\nCVSS: #{uniqued_cvsss.first || 'N/A'}\nRisk: #{uniqued_risks.first || 'N/A'}\n\nSYNOPSIS\n\n#{uniqued_synopses.first}\n\nDESCRIPTION\n\n#{uniqued_descriptions.first.join("\n\n")}\n\nSOLUTION\n\n#{uniqued_solutions.first.join("\n\n")}\n\nThis issue was detected on #{uniqued_hosts.count} hosts: #{uniqued_hosts.join(', ')}",
127
- hosts: uniqued_hosts
128
- }
129
- end
130
-
131
- output = reports.sort do |report_a, report_b|
132
- report_b[:cvss] <=> report_a[:cvss]
133
- end.map do |report|
134
- [report[:title], report[:body]]
135
- end.to_a
136
- end
137
-
138
- printer = RubyProf::GraphPrinter.new(result)
139
- printer.print(STDOUT, {})
140
-
141
- CSV.open(ARGV[1], 'wb') do |csv|
142
- output.each do |row|
143
- csv << row
144
- end
145
- end