nexpose_sourcefire 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: cef7e30e1d14532223faf481eb8a33ca038386b8
+  data.tar.gz: ffa7de21150cdb104954baeef8b82740d16a41f2
+SHA512:
+  metadata.gz: 7c5004beb3f54df13b944185d0fdadbb2d124baaed03a757272cc07231e10f32c0c7a11257ec7ec73b80e67f9eaa2b5a8742b57245c8bf3c896c7467e9762987
+  data.tar.gz: 4fe6994e3c82719caa232f3712a85591d59f36a07fdb3ce3ad691901e7b0c4bd95a6be6de7e15f5cf11609c7a7ff94a838e504087a22de841a1e712ae78d5c27

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,13 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, or religion.
+
+Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. Project maintainers who do not follow the Code of Conduct may be removed from the project team.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers.
+
+This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.0.0, available at [http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/)

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in sourcefire.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 JJCassidy-R7
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,41 @@
+# SourcefireRuby
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/sourcefire_ruby`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'sourcefire_ruby'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install sourcefire_ruby
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/sourcefire_ruby. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](contributor-covenant.org) code of conduct.
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/bin/nexpose_sourcefire

@@ -0,0 +1,40 @@
+#!/usr/bin/env ruby
+require 'sourcefire_connector'
+require 'sourcefire/nx_logger'
+require 'sourcefire/version'
+require 'yaml'
+
+CONFIG_PATH =  File.join(File.dirname(__FILE__), '../lib/sourcefire/config/rapid7_sourcefire.config')
+
+# Obtain Nexpose settings from Environment Variables.
+configuration_settings = begin
+  YAML.load_file(CONFIG_PATH)
+rescue ArgumentError => e
+  raise "Could not parse YAML #{CONFIG_PATH} : #{e.message}"
+end
+
+raise 'Must configure nexpose settings before starting' if ENV['NEXPOSE_URL'].nil? || 
+														   ENV['NEXPOSE_USERNAME'].nil? || 
+														   ENV['NEXPOSE_PASSWORD'].nil?
+raise 'Must configure SourceFire settings before starting' if ENV['SOURCEFIRE_ADDR'].nil? || 
+                                                              ENV['SOURCEFIRE_PORT'].nil? ||
+                                                              ENV['SOURCEFIRE_PKCS12_PASSWORD'].nil?
+
+log = Sourcefire::NxLogger.instance
+log.setup_statistics_collection(Sourcefire::PRODUCT, Sourcefire::VENDOR, Sourcefire::VERSION)
+logging_enabled = configuration_settings[:options][:logging_enabled] || false
+log.setup_logging(logging_enabled, 
+				  configuration_settings[:options][:log_level])
+
+configuration_settings[:nexpose_address] = ENV['NEXPOSE_URL']
+configuration_settings[:nexpose_username] = ENV['NEXPOSE_USERNAME']
+configuration_settings[:nexpose_password] = ENV['NEXPOSE_PASSWORD']
+configuration_settings[:nexpose_port] = ENV['NEXPOSE_PORT']
+configuration_settings[:sourcefire_address] = ENV['SOURCEFIRE_ADDR']
+configuration_settings[:sourcefire_port] = ENV['SOURCEFIRE_PORT']
+configuration_settings[:sourcefire_pkcs12_password] = ENV['SOURCEFIRE_PKCS12_PASSWORD']
+
+# Initialize and start the integration
+r7sfc = Sourcefire::Rapid7SourceFireConnector.new
+r7sfc.setup(configuration_settings)
+r7sfc.start

data/lib/sourcefire/config/rapid7_sourcefire.config

@@ -0,0 +1,19 @@
+---
+# This configuration file defines all the particular options necessary to run the service.
+# Fields marked (M) are mandatory.
+#
+# Service options:
+:options:
+  # (M) Enables logging to the log directory.
+  :logging_enabled: true
+  # (M) Sets the log level threshold for output.
+  :log_level: info
+  # Filters to specific sites one per line, leave empty to generate for all sites.
+  :sites:
+  - '1'
+  # Determines if generated files (Nexpose CSV report and SourceFire ready CSV) should be kept after run is complete
+  :keep_csv: N
+  # Absolute location of the SourceFire pkcs12 file
+  :p12_location: '/an/absolute/location/file.pkcs12'
+  # Timeout in seconds. The number of seconds the GEM waits for a response from Nexpose before exiting.
+  :timeout: 10800

data/lib/sourcefire/nexpose_helper.rb

@@ -0,0 +1,57 @@
+module Sourcefire
+ class ReportOps
+   require_relative 'nx_logger'
+   require_relative 'queries'
+   require 'nexpose'
+   require 'csv'
+   include Nexpose
+
+   # Logs in to Nexpose using the url, username and password.
+   def login(url=nil, username=nil, password=nil, timeout=nil, port=nil)
+     raise 'Nexpose connection must be set in environment variables.' if url.nil? || username.nil? || password.nil?
+     @log = Sourcefire::NxLogger.instance
+     @log.log_message('Setting up Nexpose connection...')
+     @timeout = timeout
+     @nsc = if port != nil 
+              Nexpose::Connection.new(url, username, password, port)
+            else
+              Nexpose::Connection.new(url, username, password) 
+            end
+     @nsc.login
+     @log.log_message('Nexpose connection established.')
+     @log.on_connect(url, port || 3780, @nsc.session_id, "{}")
+     @nsc
+   end
+
+   def site_id_listing
+     @log.log_message('Generating site ID list...')
+     site_ids = Array.new
+     @nsc.list_sites.each { |site| site_ids << site.id }
+     @log.log_message("Site ID list generation complete. Resulting list is <#{site_ids}>")
+     site_ids
+   end
+
+   def vulnerability_listing
+     @log.log_message('Generating vulnerability list...')
+     @nsc.list_vulns
+   end
+
+   def ad_hoc_report_request(query, site_ids, save_file, report_config = Nexpose::AdhocReportConfig.new(nil, 'sql'))
+     @log.log_message("Setting up Ad-Hoc query request. Sites to query are <#{site_ids}> and report results file is <#{save_file.path}>.")
+     report_config.add_filter('version', '1.1.0')
+     report_config.add_filter('query', query)
+     site_ids.each { |site_id| report_config.add_filter('site', site_id) }
+     @log.log_message('Sending query request to Nexpose...')
+     report_output = report_config.generate(@nsc, @timeout)
+     @log.log_message("Parsing report response and saving to file <#{save_file.path}>")
+     csv_output = CSV.parse(report_output.chomp,  headers: :first_row)
+     save_file.puts(csv_output)
+   end
+
+   def generate_sourcefire_nexpose_report(report_file, sites_to_query=nil)
+     sites_to_query = site_id_listing if sites_to_query.nil? || sites_to_query.empty?
+     @log.log_message("Generating report on the following sites #{sites_to_query}")
+     self.ad_hoc_report_request(Queries.sf_host_vuln_info, sites_to_query, report_file)
+   end
+ end
+end

data/lib/sourcefire/nx_logger.rb

@@ -0,0 +1,150 @@
+require 'fileutils'
+require 'json'
+require 'net/http'
+require 'singleton'
+
+module Sourcefire
+  class NxLogger
+    include Singleton
+    attr_accessor :options, :statistic_key, :product, :logger_file
+    LOG_PATH = "./logs/rapid7_%s.log"
+    KEY_FORMAT = "external.integration.%s"
+    PRODUCT_FORMAT = "%s_%s"
+
+    DEFAULT_LOG = 'integration'
+    PRODUCT_RANGE = 3..30
+    KEY_RANGE = 3..15
+
+    ENDPOINT = '/data/external/statistic/'
+
+    def initialize()
+      @logger_file = get_log_path product
+      setup_logging(true, 'info')
+    end
+
+    def setup_statistics_collection(vendor, product_name, gem_version)
+      #Remove illegal characters
+      vendor.to_s.gsub!('-', '_')
+      product_name.to_s.gsub!('-', '_')
+
+      begin
+        @statistic_key = get_statistic_key vendor
+        @product = get_product product_name, gem_version
+      rescue => e
+        #Continue
+      end
+    end
+
+    def setup_logging(enabled, log_level)
+      unless enabled || @log.nil?
+        log_message('Logging disabled.')
+        return
+      end
+      log_level ||= 'info'
+      @logger_file = get_log_path product
+
+      require 'logger'
+      directory = File.dirname(@logger_file)
+      FileUtils.mkdir_p(directory) unless File.directory?(directory)
+      io = IO.for_fd(IO.sysopen(@logger_file, 'a'))
+      io.autoclose = false
+      io.sync = true
+      @log = Logger.new(io, 'weekly')
+      @log.level = if log_level.casecmp('info') == 0 
+                     Logger::INFO 
+                   else
+                     Logger::DEBUG
+                   end
+      log_message("Logging enabled at level <#{log_level}>")
+    end
+
+    # Logs an info message
+    def log_message(message)
+      @log.info(message) unless @log.nil?
+    end
+
+    # Logs a debug message
+    def log_debug_message(message)
+      @log.debug(message) unless @log.nil?
+    end
+
+    # Logs an error message
+    def log_error_message(message)
+      @log.error(message) unless @log.nil?
+    end
+
+    # Logs a warn message
+    def log_warn_message(message)
+      @log.warn(message) unless @log.nil?
+    end
+
+    def log_stat_message(message)
+    end
+
+    def get_log_path(product)
+      product.downcase! unless product.nil?
+      File.join(File.dirname(__FILE__), LOG_PATH % (product || DEFAULT_LOG))
+    end
+
+    def get_statistic_key(vendor)
+      if vendor.nil? || vendor.length < KEY_RANGE.min
+        log_stat_message("Vendor length is below minimum of <#{KEY_RANGE}>")
+        return nil
+      end
+
+      KEY_FORMAT % vendor[0...KEY_RANGE.max].downcase
+    end
+
+    def get_product(product, version)
+      return nil if (product.nil? || version.nil?)
+      product = (PRODUCT_FORMAT % [product, version])[0...PRODUCT_RANGE.max]
+
+      if product.length < PRODUCT_RANGE.min
+        log_stat_message("Product length below minimum <#{PRODUCT_RANGE.min}>.")
+        return nil
+      end
+      product.downcase
+    end
+
+    def generate_payload(statistic_value='')
+      payload = {'statistic-key' => @statistic_key,
+                 'statistic-value' => statistic_value,
+                 'product' => @product}
+      JSON.generate(payload)
+    end
+
+    def send(nexpose_address, nexpose_port, session_id, payload)
+      header = {'Content-Type' => 'application/json',
+                'nexposeCCSessionID' => session_id,
+                'Cookie' => "nexposeCCSessionID=#{session_id}"}
+      req = Net::HTTP::Put.new(ENDPOINT, header)
+      req.body = payload
+      http_instance = Net::HTTP.new(nexpose_address, nexpose_port)
+      http_instance.use_ssl = true
+      http_instance.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      response = http_instance.start { |http| http.request(req) }
+      log_stat_message "Received code #{response.code} from Nexpose console."
+      log_stat_message "Received message #{response.msg} from Nexpose console."
+      log_stat_message 'Finished sending statistics data to Nexpose.'
+      response.code
+    end
+
+    def on_connect(nexpose_address, nexpose_port, session_id, value)
+      log_stat_message 'Sending statistics data to Nexpose'
+
+      if @product.nil? || @statistic_key.nil?
+        log_stat_message('Invalid product name and/or statistics key.')
+        log_stat_message('Statistics collection not enabled.')
+        return
+      end
+      
+      begin
+        payload = generate_payload value
+        send(nexpose_address, nexpose_port, session_id, payload)
+      rescue => e
+        #Let the program continue
+      end
+    end
+
+  end
+end

data/lib/sourcefire/p12_utils.rb

@@ -0,0 +1,67 @@
+require 'openssl'
+
+module Sourcefire
+  class PkcsOps
+    attr_accessor :key, :cert
+    @key
+    @cert
+   def extract_pkcs_12(pkcs_file, password = nil)
+      if password.nil? || password.empty?
+        p12 = OpenSSL::PKCS12.new(File.read(pkcs_file))
+      else
+        p12 = OpenSSL::PKCS12.new(File.read(pkcs_file), password)
+      end
+      @key = p12.key
+      @cert = p12.certificate
+    end
+
+    def key_to_file(file_name, strip_header_footer = false)
+      processed_key = strip_header_footer ? p12_data_to_split_string(@key) {|data| data.to_a[1..-2].join}  : @key
+      File.open(file_name, 'w') {|f| processed_key.nil? ? f.write('No Key Data!') : f.write(processed_key) }
+    end
+
+    def raw_cert_to_file(file_name, strip_header_footer = false)
+      processed_cert = strip_header_footer ? p12_data_to_split_string(@cert) {|data| data.to_a[1..-2].join} : @cert
+      File.open(file_name, 'w') {|f| processed_cert.nil? ? f.write('No Cert Data!') : f.write(processed_cert) }
+    end
+
+    def cert_pem_to_file(file_name, strip_header_footer = false)
+      processed_cert = strip_header_footer ? p12_data_to_split_string(@cert.to_pem) {|data| data.to_a[1..-2].join} : @cert
+      File.open(file_name, 'w') {|f| processed_cert.nil? ? f.write('No Cert Data!') : f.write(processed_cert) }
+    end
+
+    def cert_der_to_file(file_name, strip_header_footer = false)
+      processed_cert = strip_header_footer ? p12_data_to_split_string(@cert.to_der) {|data| data.to_a[1..-2].join} : @cert
+      File.open(file_name, 'w') {|f| processed_cert.nil? ? f.write('No Cert Data!') : f.write(processed_cert) }
+    end
+
+    def key(strip_header_footer = false)
+      processed_key = strip_header_footer ? p12_data_to_split_string(@key) {|data| data.to_a[1..-2].join}  : @key
+      processed_key.nil? ? 'No Key Data!' : processed_key
+    end
+
+    def raw_cert(strip_header_footer = false)
+      processed_cert = strip_header_footer ? p12_data_to_split_string(@cert) {|data| data.to_a[1..-2].join} : @cert
+      processed_cert.nil? ? 'No Cert Data!' : processed_cert
+    end
+
+    def cert_pem(strip_header_footer = false)
+      processed_cert = strip_header_footer ? p12_data_to_split_string(@cert.to_pem) {|data| data.to_a[1..-2].join} : @cert
+      processed_cert.nil? ? 'No Cert Data!' : processed_cert
+    end
+
+    def cert_der(strip_header_footer = false)
+      processed_cert = strip_header_footer ? p12_data_to_split_string(@cert.to_der) {|data| data.to_a[1..-2].join} : @cert
+      processed_cert.nil? ? 'No Cert Data!' : processed_cert
+    end
+
+    def cert_public_key(strip_header_footer = false)
+      strip_header_footer ? p12_data_to_split_string(@cert.public_key) {|data| data.to_a[1..-2].join} : @cert.public_key
+    end
+
+    private
+    def p12_data_to_split_string(data)
+      yield data.to_s.strip.lines
+    end
+  end
+end

data/lib/sourcefire/queries.rb

@@ -0,0 +1,15 @@
+module Sourcefire
+  module Queries
+    def self.sf_host_vuln_info(options = {})
+      "SELECT favi.asset_id as asset_id, da.ip_address, favi.port, favi.protocol_id, dv.title, dv.vulnerability_id, dv.nexpose_id, string_agg(DISTINCT '<' || dvr.source || ':' || dvr.reference,'>') || '>' as references, dv.severity_score, dv.pci_severity_score, round((dv.cvss_score)::numeric,1) as cvss_score, dv.cvss_vector
+		  FROM fact_vulnerability fa
+		  JOIN dim_vulnerability dv USING (vulnerability_id)
+		  LEFT OUTER JOIN dim_vulnerability_reference dvr USING (vulnerability_id)
+		  LEFT OUTER JOIN fact_asset_vulnerability_instance favi USING (vulnerability_id)
+		  LEFT OUTER JOIN dim_asset da USING (asset_id)
+		  WHERE affected_assets > 0
+		  GROUP BY  da.ip_address, dv.title, favi.port, dv.vulnerability_id, dv.severity, dv.pci_severity_score, dv.cvss_score, dv.cvss_vector, favi.asset_id, favi.protocol_id, dv.nexpose_id, dv.severity_score
+		  ORDER BY da.ip_address ASC"
+    end
+  end
+end

data/lib/sourcefire/version.rb

@@ -0,0 +1,5 @@
+module Sourcefire
+  PRODUCT = 'Sourcefire'
+  VENDOR = 'Sourcefire'
+  VERSION = "0.1.0"
+end

data/lib/sourcefire_connector.rb

@@ -0,0 +1,277 @@
+require_relative 'sourcefire/nx_logger'
+require_relative 'sourcefire/p12_utils'
+require_relative 'sourcefire/nexpose_helper'
+require 'openssl'
+require 'socket'
+require 'csv'
+
+module Sourcefire
+  class Rapid7SourceFireConnector
+
+    def setup(config_options)
+      @config = config_options
+      @log = Sourcefire::NxLogger.instance
+    end
+
+    def start
+      puts "Nexpose Report Processing Starting"
+
+      # Create a new Nexpose connection
+      nxro = Sourcefire::ReportOps.new
+      nxro.login(@config[:nexpose_address],@config[:nexpose_username],
+           @config[:nexpose_password], @config[:options][:timeout],
+           @config[:nexpose_port])
+      
+      #Generate the required data from Nexpose
+      time = Time.now.to_i
+      report_file = File.open("nexpose_report_#{time}.csv", 'w')
+      puts "Site ID: #{@config[:options][:sites].join(', ')}"
+      puts 'Generating report.'
+      nxro.generate_sourcefire_nexpose_report(report_file, @config[:options][:sites])
+      puts 'Report generation complete.'
+
+      #Process the Nexpose results.report("name:") { TESTS.times {  } }ort into SourceFire format
+      processed_report_file = File.open("processed_nexpose_report_#{time}.csv", 'w')
+      data_sets = process_nexpose_data(report_file, processed_report_file)
+
+      #Establish connection with Sourcefire
+      puts "Connecting to Sourcefire: #{@config[:sourcefire_address]}"
+      ssl_socket = connect_to_sourcefire
+
+      #Send the Data to SourceFire
+      send_processed_data(data_sets, ssl_socket)
+
+      #Cleanup
+      ssl_socket.close
+      if(@config[:options][:keep_csv] == 'N')
+        File.delete(processed_report_file)
+        File.delete(report_file)
+      end
+      @log.log_message('Finished processing. Exiting...')
+    end
+
+    def get_assets(report_file)
+      assets = []
+      current_asset = nil
+      current_ip = nil
+
+      CSV.foreach(report_file, headers: true) do |row|
+        if current_asset.nil?
+          current_asset = "AddHost,#{row['ip_address']}\n"
+          current_ip = row['ip_address']
+        end
+
+        if row['ip_address'] == current_ip
+          sf_csv = ""
+          sf_csv << "AddScanResult,#{row['ip_address']},\"NeXpose\",#{generate_vuln_id(row['nexpose_id'])},"
+          (row['port'].to_i == -1) ? sf_csv << ',' : sf_csv << "#{row['port']},"
+          (row['protocol_id'].to_i == -1) ? sf_csv << ',' : sf_csv << "#{row['protocol_id']},"
+          sf_csv << "\"#{row['title'].tr('"', "'")}\","
+          sf_csv << "\"NeXpose ID: #{row['nexpose_id'].tr('"', "'")}; References: #{row['references'] ? row['references'].scan(/<(.*?:.*?)>/).join(' ').downcase.tr('"', "'") : row['references']}; Severity: #{row['severity_score']}; PCI Severity: #{row['pci_severity_score']}; CVSS Score: #{row['cvss_score']}; CVSS Vector: (#{row['cvss_vector']})\","
+          row['references'].nil? ?
+            sf_csv << "\"cve_ids: \"," :
+            sf_csv << "\"cve_ids: #{row['references'].scan(/<CVE:(.*?)>/).join(' ').tr('"', "'")}\","
+          sf_csv << "\"bugtraq_ids: \"\n"
+          
+          current_asset += sf_csv
+          next
+        end  
+
+        #Next asset
+        assets << current_asset
+        current_asset = nil
+        current_asset_id = nil
+        redo
+      end
+      
+      assets << current_asset + "ScanFlush\n" unless current_asset.nil?
+      @log.log_message("Total of #{assets.count} assets")
+      assets
+    end
+
+    def process_nexpose_data(report_file, processed_report_file)
+      max_data_size = 524288
+
+      @log.log_message('Creating data sets')
+      header = "SetSource,NeXpose Scan Report\n"
+      footer = "ScanFlush"
+
+      puts 'Processing vulnerability list.'
+      assets = get_assets(report_file)
+
+      ssl_socket = connect_to_sourcefire
+      ssl_socket.write([2,4].pack('NN'))
+      ssl_socket.write([1].pack('N'))
+      msg_details = read_from_socket(ssl_socket)
+      if msg_details.kind_of?(Array)
+        @log.log_message("Got a message of type <#{msg_details[0]}> and size <#{msg_details[1]}>")
+        max_size = read_from_socket(ssl_socket, msg_details[1], msg_details[0])
+        @log.log_message("Max message length is <#{max_size}>")
+        max_data_size = max_size.first
+      end
+      ssl_socket.close
+
+      data_sets = []
+      current_data_set = nil
+
+      assets.each do |asset|
+        if data_sets[-1].nil?
+          data_sets << header.dup + asset
+        elsif (data_sets[-1].to_s + asset + footer).bytesize < max_data_size
+          data_sets[-1] += asset
+        else
+          data_sets << header.dup + asset
+        end
+      end
+
+      if data_sets.count == 0
+        @log.log_message("No data found. Returning <0> assets.")
+        return []
+      end
+
+      #mark the overall scan finish
+      data_sets[-1] = data_sets.last + footer
+
+      @log.log_message("Number of batches to submit: #{data_sets.count}")
+      puts 'Nexpose report processing complete.'
+      data_sets
+    end
+
+    def process_nexpose_data_alt(report_file, processed_report_file)
+      max_data_size = 524288
+
+      assets = get_assets(report_file)
+      header = "SetSource,NeXpose Scan Report\n"
+      footer = "ScanFlush"
+      assets[0] = header + assets.first
+      assets[-1] = assets.last + footer
+
+      assets
+    end
+
+    def generate_vuln_id(vuln_title)
+      vuln_id = ''
+      md5_title = Digest::MD5::hexdigest(vuln_title)
+      md5_title[0..7].chars.map { |ch|
+        if (ch != '0') && (ch.to_i == 0)
+          vuln_id += (ch.ord - 'a'.ord + 1).to_s
+        else
+          vuln_id +=ch
+        end
+      }
+      vuln_id
+    end
+
+    def connect_to_sourcefire()
+      @log.log_message('Establishing connection to SourceFire...')
+      p12_utils = Sourcefire::PkcsOps.new
+      p12_utils.extract_pkcs_12(@config[:options][:p12_location], @config[:sourcefire_pkcs12_password])
+
+      ctx = OpenSSL::SSL::SSLContext.new()
+      ctx.cert = p12_utils.cert
+      ctx.key = p12_utils.key
+
+      @log.log_message('Parsed cert and key from pkcs file. Creating socket...')
+      socket = TCPSocket.new(@config[:sourcefire_address],@config[:sourcefire_port])
+      @log.log_message('Socket connection established. Initiating SSL handshake...')
+      ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ctx)
+      ssl_socket.sync_close = true
+      ssl_socket.sync = true
+      ssl_socket.connect
+
+      @log.log_message('SSL connection established! Returning socket.')
+
+      ssl_socket
+    end
+    
+    def send_processed_data(data_sets, ssl_socket)
+      overall_data_size = 0
+
+      file = File.open("update_sets.csv", 'w')
+      data_sets.each { |data| file.puts(data) }
+      file.close
+
+      @log.log_message('Starting to transmit data to SourceFire...')
+
+      #Send the data
+      number_of_commands = 0
+      count = 0
+      response = ''
+      data_sets.each do |data|         
+        count += 1
+        
+        #Inform SourceFire of the type of data.
+        ssl_socket.write([2,4].pack('NN'))
+        ssl_socket.write([1].pack('N'))
+
+        #Send the data type and size
+        ssl_socket.write([3,data.bytesize].pack('NN'))
+
+        progress = "[#{((count-1)*100/Float(data_sets.count)).round(2)}%]"
+        message_log = "Sending #{count.to_s.rjust(3, ' ')}/#{data_sets.count} #{progress}: Sending #{data.bytesize} bytes to socket."
+        @log.log_message(message_log)
+        print "\r#{message_log}"
+        print 
+        
+        ssl_socket.write(data)
+        ssl_socket.flush
+        msg_details = read_from_socket(ssl_socket)
+        
+        if msg_details.kind_of?(Array)
+          @log.log_message("Got a message of type <#{msg_details[0]}> and size <#{msg_details[1]}>")
+          response = read_from_socket(ssl_socket, msg_details[1], msg_details[0])
+          @log.log_message("Message is <#{response}>")
+        end
+
+        #get the response
+        msg_details = read_from_socket(ssl_socket)
+        response = ''
+        if msg_details.kind_of?(Array)
+          @log.log_message("Got a message of type <#{msg_details[0]}> and size <#{msg_details[1]}>")
+          response = read_from_socket(ssl_socket, msg_details[1], msg_details[0])
+          @log.log_message("Message is <#{response}>")
+          response = response.kind_of?(Array) ? response.first : response.to_s
+          current_number_of_commands = response.to_s.scan(/\d+/).first.to_s.to_i
+          number_of_commands += current_number_of_commands
+          if current_number_of_commands > 0
+            @log.log_message("Sent #{current_number_of_commands} commands for latest batch to Sourcefire console.")
+          end
+        end
+      end
+      
+      print "\rSent #{data_sets.count.to_s.rjust(3, ' ')}/#{data_sets.count} [100%]#{' '*40}"
+      @log.log_message("Sent #{number_of_commands} commands total to Sourcefire console.")
+      @log.log_message('Data transmission complete.')
+      puts "\nProcessing complete."
+      response
+    end
+
+    def read_from_socket(ssl_socket, read_size=nil, msg_type = nil)
+      readable = IO.select([ssl_socket], nil, nil, 10)
+      if readable.nil?
+        @log.log_message('No response from server.') 
+        return 
+      end
+      readable[0].each do |socket|
+        next unless socket == ssl_socket
+
+        if read_size.nil?
+          data = ssl_socket.read_nonblock(10_000)
+          type = data[0..3].unpack('N')
+          read_size = data[4..7].unpack('N')
+          return [type[0],read_size[0]]
+        end
+
+        begin
+          data = ssl_socket.read_nonblock(read_size)
+          return data.unpack('N') if msg_type == 1
+          return data
+        rescue IO::WaitReadable
+          @log.log_message("Waiting for data of length <#{read_size}>")
+          IO.select([ssl_socket], nil, nil, 10)
+          retry
+        end
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,102 @@
+--- !ruby/object:Gem::Specification
+name: nexpose_sourcefire
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- JJ Cassidy
+- David Valente
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-12-11 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: nexpose
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+description: This GEM allows enables the importing of Nexpose host and vulnerability
+  data into SourceFire
+email:
+- integrations_support@rapid7.com
+executables:
+- nexpose_sourcefire
+extensions: []
+extra_rdoc_files: []
+files:
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/nexpose_sourcefire
+- lib/sourcefire/config/rapid7_sourcefire.config
+- lib/sourcefire/nexpose_helper.rb
+- lib/sourcefire/nx_logger.rb
+- lib/sourcefire/p12_utils.rb
+- lib/sourcefire/queries.rb
+- lib/sourcefire/version.rb
+- lib/sourcefire_connector.rb
+homepage: http://www.rapid7.com
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '1.9'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.3
+signing_key: 
+specification_version: 4
+summary: Nexpose SourceFire Integration GEM
+test_files: []