nipper_parser 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 5eb54da76791f956afd5e6c7c845127c02bbb39b
+  data.tar.gz: 68702d1dd51b46f06b97d82bfb45940d5137dc0f
+SHA512:
+  metadata.gz: 3c1e8c381bf6ced1f2324841c17a3b3f6e873744914b902a0bf408e5d0ce3956b28f9b7a025396378f6f2729b826c6e298f7f1a55e6b41bce9e58803af0bc2f6
+  data.tar.gz: afa11d53d7ae2ca158ca347cd3279d893a64f1f3c5b852e0985bddc49c331999499e1249483e6c7e9ffeb495c68a551fad2fca6208ec0231462fc2c644665ba9

data/.gitignore

@@ -0,0 +1,13 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/.idea/
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.4.1
+before_install: gem install bundler -v 1.14.5

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in nipper_parser.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 KING SABRI
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,95 @@
+# NipperParser
+[![travis-cli](https://api.travis-ci.org/KINGSABRI/nipper_parser.svg)](https://travis-ci.org/KINGSABRI/nipper_parser/) 
+[![Code Climate](https://codeclimate.com/github/KINGSABRI/nipper_parser/badges/gpa.svg)](https://codeclimate.com/github/KINGSABRI/nipper_parser) 
+[![Codacy Badge](https://api.codacy.com/project/badge/Grade/8c81748967664cc5bb92147581fb6802)](https://www.codacy.com/app/king-sabri/attack-domain?utm_source=github.com&utm_medium=referral&utm_content=KINGSABRI/nipper_parser&utm_campaign=Badge_Grade)  
+[![inch-ci](https://inch-ci.org/github/KINGSABRI/nipper_parser.svg?branch=master)](https://inch-ci.org/github/KINGSABRI/nipper_parser)
+[![Gem Version](https://badge.fury.io/rb/nipper_parser.svg)](https://badge.fury.io/rb/nipper_parser)
+
+NipperParser gem is an unofficial parser for [Titania Nipper Studio](https://www.titania.com/products/nipper-studio) XML report.
+
+
+#### Nipper Modules/Sections
+
+| Modules / Sections     | Supported |
+|------------------------|-----------|
+| Information            |     x     |
+| Security Audit         |     x     |
+| Vulnerability Audit    |     x     |
+| CIS Benchmarks         |           |
+| STIG Compliance        |           |
+| SANS Policy Compliance |           |
+| PCI Audit              |           |
+| Filtering Complexity   |           |
+| Configuration Report   |           |
+| Raw Configuration      |           |
+| Raw Change Tracking    |           |
+| Appendix               |           |
+ 
+
+## Installation (not published yet)
+
+```ruby
+gem install nipper_parser
+```
+## Usage
+
+##### Report information
+```ruby
+require 'nipper_parser'
+nipper_parser = NipperParser::Config.open('network-devices.xml') 
+puts nipper_parser.information.title
+puts nipper_parser.information.author
+puts nipper_parser.information.date
+puts nipper_parser.information.devices 
+```
+##### Dealing with Security Audit 
+```ruby
+pp security_audit = nipper_parser.security_audit
+pp security_audit.findings
+finding = security_audit.findings[0]              # Play wit a finding
+pp finding.class
+pp finding.index
+pp finding.title
+pp finding.rating
+pp finding.ref
+pp finding.affected_devices
+pp finding.finding
+pp finding.impact
+pp finding.recommendation
+```
+
+##### Report Summaries 
+```ruby
+pp security_audit.introduction.class
+pp security_audit.introduction.title
+pp security_audit.introduction.date
+pp security_audit.introduction.security_issue_overview
+
+pp security_audit.conclusions.class
+pp security_audit.conclusions.per_device
+pp security_audit.conclusions.list_critical
+
+pp security_audit.recommendations.list
+
+pp security_audit.mitigation_classification.class
+pp security_audit.mitigation_classification.list_by.fixing[:involved]
+pp security_audit.mitigation_classification.list_by.fixing[:involved][0].rating[:rating]
+pp security_audit.mitigation_classification.list_by.rating[:high]
+pp security_audit.mitigation_classification.list_by.rating[:high][0].rating[:fix]
+pp security_audit.mitigation_classification.statistics.class
+pp security_audit.mitigation_classification.statistics.findings
+pp security_audit.mitigation_classification.statistics.report
+```
+Fore more comprehensive usage, please refer to [Parsers ReadMe](lib/nipper_parser/parsers/README.md)
+
+Download a dummy XML report to test the library from [**here**](https://gist.github.com/KINGSABRI/3dfcb821ea29f918f74c8e1979c5a71f).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/nipper_parser.
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "nipper_parser"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/nipper_parser.rb

@@ -0,0 +1,67 @@
+# lib = File.expand_path('..', __FILE__)
+# $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+require 'nokogiri'
+require 'nipper_parser/version'
+require 'nipper_parser/parsers/parser_utils'
+require 'nipper_parser/parsers/information'
+require 'nipper_parser/parsers/security_audit'
+
+module NipperParser
+
+  # Config opens nipper studio XML generated report and initially parses the XML file
+  #
+  # @example Basic usage
+  #   nipper_parser = NipperParser::Config.open('nipper-network-devices.xml')
+  #   pp nipper_parser.information.title
+  #   pp nipper_parser.information.author
+  #   pp nipper_parser.information.date
+  #   pp nipper_parser.security_audit
+  #   pp nipper_parser.security_audit.findings
+  #   pp nipper_parser.security_audit.findings[0]
+  #   pp nipper_parser.security_audit.findings[0].title
+  #   pp nipper_parser.security_audit.findings[0].impact
+  #   pp nipper_parser.security_audit.conclusions
+  #   pp nipper_parser.security_audit.conclusions.per_device
+  #   pp nipper_parser.security_audit.recommendations.list
+  #   pp nipper_parser.security_audit.mitigation_classification
+  #
+  # @param file [File]
+  # @attr_reader information [Information] object of Information parser
+  # @attr_reader security_audit [SecurityAudit] object of SecurityAudit parser
+  class Config
+    # create an alias for new method.
+    # just wanted to call open instead of #new method
+    class << self
+      alias_method :open, :new
+    end
+
+    attr_reader :information, :security_audit
+    def initialize(file)
+      config_parsed = Nokogiri::XML(File.open(file))
+      # instantiate all parsers
+      @information    = Information.new(config_parsed)
+      @security_audit = SecurityAudit.new(config_parsed)
+    end
+  end
+
+end
+
+
+
+if __FILE__ == $0
+  require 'pp'
+  nipper_parser = NipperParser::Config.open(ARGV[0])
+  pp nipper_parser.information.title
+  pp nipper_parser.information.author
+  pp nipper_parser.information.date
+  pp nipper_parser.security_audit
+  pp nipper_parser.security_audit.findings
+  pp nipper_parser.security_audit.findings[0].class
+  pp nipper_parser.security_audit.findings[0].title
+  pp nipper_parser.security_audit.findings[0].impact
+  pp nipper_parser.security_audit.conclusions
+  pp nipper_parser.security_audit.conclusions.per_device
+  pp nipper_parser.security_audit.recommendations.list
+  pp nipper_parser.security_audit.mitigation_classification
+end

data/lib/nipper_parser/parsers/README.md

@@ -0,0 +1,239 @@
+# Nipper Parsers 
+This part contains all Nipper Studio Plugins/Sections that might be selected during the configuration audit. 
+Each parser is divided in a separate class and file.
+
+### General Report Information
+
+**General Report Information Contains:**
+- Introduction                  [implemented]
+- Report Conventions            [not yet implemented - PR is welcome]
+- Network Filtering Actions     [not yet implemented - PR is welcome]
+- Object Filter Types           [not yet implemented - PR is welcome]
+
+#### Usage
+
+```ruby
+require 'nipper_parser'
+nipper_parser = NipperParser::Config.open('network-devices.xml') 
+
+# - Introduction
+puts nipper_parser.information.title
+puts nipper_parser.information.author
+puts nipper_parser.information.date
+puts nipper_parser.information.devices 
+
+# - Report Conventions
+# - Network Filtering Actions
+# - Object Filter Types
+```
+
+### Security Audit
+Perform a "best practice" security audit that combines checks from many different sources including penetration testing
+experience. 
+
+**Security Audit Section Contains:**
+- Introduction                  [implemented]
+- Findings                      [implemented]
+- Conclusions                   [implemented]
+- Recommendations               [implemented]
+- Mitigation Classification     [implemented]
+
+#### Usage
+
+```ruby
+# - Introduction
+pp security_audit.introduction.class
+pp security_audit.introduction.title
+pp security_audit.introduction.date
+pp security_audit.introduction.security_issue_overview
+
+# - Findings
+pp security_audit = nipper_parser.security_audit
+pp security_audit.findings
+finding = security_audit.findings[0]              # Play wit a finding
+pp finding.class
+pp finding.index
+pp finding.title
+pp finding.rating
+pp finding.ref
+pp finding.affected_devices
+pp finding.finding
+pp finding.impact
+pp finding.recommendation
+
+# - Conclusions
+pp security_audit.conclusions.class
+pp security_audit.conclusions.per_device
+pp security_audit.conclusions.list_critical
+
+# - Recommendations
+pp security_audit.recommendations.list
+
+# - Mitigation Classification
+pp security_audit.mitigation_classification.class
+pp security_audit.mitigation_classification.list_by.fixing[:involved]
+pp security_audit.mitigation_classification.list_by.fixing[:involved][0].rating[:rating]
+pp security_audit.mitigation_classification.list_by.rating[:high]
+pp security_audit.mitigation_classification.list_by.rating[:high][0].rating[:fix]
+pp security_audit.mitigation_classification.statistics.class
+pp security_audit.mitigation_classification.statistics.findings
+pp security_audit.mitigation_classification.statistics.report
+```
+
+### Vulnerability Audit
+A report detailing publically known software vulnerabilities in the device firmware/software versions, including to
+manufacturer and third-party references.
+
+**Vulnerability Audit Section Contains:**
+- Introduction                  [not yet implemented - PR is welcome]
+- CVEs list                     [not yet implemented - PR is welcome]
+- Conclusions                   [not yet implemented - PR is welcome]
+- Recommendations               [not yet implemented - PR is welcome]
+
+#### Usage
+
+```ruby
+# - Introduction
+# - CVEs
+# - Conclusions
+# - Recommendations
+```
+
+### CIS Benchmarks
+A CIS Benchmarks audit using select profile. Note, support is currently limited to specific devices, any included in the
+report that are not supported will be ignored.
+
+**CIS Benchmarks Section Contains:**
+- Introduction                  [not yet implemented - PR is welcome]
+- Conclusions                   [not yet implemented - PR is welcome]
+
+#### Usage
+
+```ruby
+# - Introduction
+# - Conclusions
+```
+
+### STIG Compliance
+A DISA STIG compliance audit against specific STIG checklist.
+
+**STIG Compliance Section Contains:**
+- Introduction                  [not yet implemented - PR is welcome]
+- Compliance Observations list  [not yet implemented - PR is welcome]
+- Conclusions                   [not yet implemented - PR is welcome]
+- Recommendations               [not yet implemented - PR is welcome]
+
+#### Usage
+
+```ruby
+# - Introduction
+# - Observations
+# - Conclusions
+# - Recommendations
+```
+
+### SANS Policy Compliance
+A SANS policy compliance audit against specific SANS policy document.
+
+**SANS Policy Compliance Section Contains:**
+- Introduction                  [not yet implemented - PR is welcome]
+- Compliance Observations list  [not yet implemented - PR is welcome]
+
+#### Usage
+
+```ruby
+# - Introduction
+# - Observations
+# - Conclusions
+# - Recommendations
+```
+
+### PCI Audit
+An audit of Requirement and Security Assessment Procedures against PCI DSS 3.2.
+
+**PCI Audit Section Contains:**
+- Introduction                  [not yet implemented - PR is welcome]
+- Compliance Requirements list  [not yet implemented - PR is welcome]
+
+#### Usage
+
+```ruby
+# - Introduction
+# - Requirements
+```
+
+### Filtering Complexity 
+A report examining the network filtering rules and objects, highlighting unused objects, overlapping or contradictory rules, 
+group recursion and more.
+
+**Filtering Complexity Section Contains:**
+- Introduction                  [not yet implemented - PR is welcome]
+- Observations                  [not yet implemented - PR is welcome]
+
+#### Usage
+
+```ruby
+# - Introduction
+# - Observations
+```
+
+### Configuration Report
+A detailed report on how the device has been configured.
+
+**Configuration Report Section Contains:**
+- Introduction                  [not yet implemented - PR is welcome]
+- Devices Config Audit          [not yet implemented - PR is welcome]
+
+#### Usage
+
+```ruby
+# - Introduction
+# - Configuration
+```
+
+### Raw Configuration 
+The raw configuration reporting details the actual device configuration data(excluding directory-based configurations).
+
+**Raw Configuration  Section Contains:**
+- Introduction                  [not yet implemented - PR is welcome]
+- Devices configuration raw     [not yet implemented - PR is welcome]
+
+#### Usage
+
+```ruby
+# - Introduction
+# - configuration
+```
+
+### Raw Change Tracking
+The raw change tracking reporting will detail all the configuration lies that have changes since the previous report.
+
+**Raw Change Tracking Section Contains:**
+- Introduction                  [not yet implemented - PR is welcome]
+
+#### Usage
+
+```ruby
+# - Introduction
+```
+
+### Appendix 
+Appendix report section which can include a list of abbreviations, references and other information related to the report contents.
+
+**Appendix Section Contains:**
+- Introduction                  [not yet implemented - PR is welcome]
+- Logging Severity Levels       [not yet implemented - PR is welcome]
+- Common Time Zones             [not yet implemented - PR is welcome]
+- IP Protocols                  [not yet implemented - PR is welcome]
+- ICMP Types                    [not yet implemented - PR is welcome]
+- Abbreviations                 [not yet implemented - PR is welcome]
+- Nipper Studio Version         [not yet implemented - PR is welcome]
+ 
+
+#### Usage
+
+```ruby
+# - Introduction
+# - Requirements
+```
+

data/lib/nipper_parser/parsers/information.rb

@@ -0,0 +1,65 @@
+module NipperParser
+  class Information
+    # include ParserUtils
+
+    # Information parses the 'Information' part
+    #
+    # @example Basic Usage
+    #   require 'nokogiri'
+    #   require 'pp'
+    #   config = Nokogiri::XML open(ARGV[0])
+    #   pp information.title
+    #   pp information.author
+    #   pp information.date
+    #   pp information.version
+    #   pp information.devices
+    # 
+    # @param config [Nokogiri::XML] parsed XML
+    # @attr_reader config [Nokogiri::XML] parsed XML object
+    # @attr_reader title [Sting] report title
+    # @attr_reader author [Sting] report author
+    # @attr_reader date [Sting] report generation date
+    # @attr_reader version [Sting] Nipper Studio version
+    # @attr_reader the tested devices
+    attr_reader :config, :title, :author, :date, :version, :devices
+
+    # @config The configuration [File]
+    def initialize(config)
+      @config  = config.xpath('//information')[0]
+      @title   = @config.elements[0].text
+      @author  = @config.elements[1].text
+      @date    = @config.elements[2].text
+      @version = @config.elements[3].elements[3].text
+      @devices = parse_devices
+    end
+
+    # parse_devices parse first devices list of the report
+    # @return [Array<Hash{Symbol => String}>]
+    def parse_devices
+      @config.xpath('devices')[0].elements.map do |device|
+        {
+            name: device.attributes['name'].text,
+            type: device.attributes['type'].text,
+            os:   device.attributes['os'].text
+        }
+      end
+    end
+
+  end
+end
+
+
+
+if __FILE__ == $0
+  require 'nokogiri'
+  require_relative 'parser_utils'
+  require 'pp'
+  config = Nokogiri::XML open(ARGV[0])
+  information = NipperParser::Information.new(config)
+  pp information.title
+  pp information.author
+  pp information.date
+  pp information.version
+  pp information.devices
+  pp information.devices[0].name
+end

data/lib/nipper_parser/parsers/parser_utils.rb

@@ -0,0 +1,40 @@
+module NipperParser
+
+  # ParserUtils is a helper module for parsers' quick and dirty operations.
+  module ParserUtils
+    
+    # generate_table parses the table elements
+    # @param elements [Nokogiri::XML::Element]
+    # @return [Hash]
+    def generate_table(elements)
+      headers = elements[0].elements.map{|header| header.text.downcase.tr(' ', '_').to_sym}
+      body    = elements[1].elements.map{|e1| e1.elements.map{|e2| e2.text}}
+
+      body.map{|element| headers.zip(element).to_h}
+    end
+
+    # risk_table parses risk elements
+    # @param elements [Nokogiri::XML::Element]
+    # @return [Hash]
+    def rating_table(elements)
+     {
+          elements[0].name.to_sym => elements[0].text,
+          elements[1].name.to_sym => elements[1].text,
+          elements[2].name.to_sym => elements[2].text,
+          elements[3].name.to_sym => elements[3].text
+      }
+    end
+
+    Attribute = Struct.new(:index, :title, :ref)
+    # @param attr [Nokogiri::XML::Element] attributes
+    # @return [Hash<Attribute>]
+    def attributes(attr)
+      Attribute.new(
+          attr.attributes['index'].text,
+          attr.attributes['title'].text,
+          attr.attributes['ref'].text
+      )
+    end
+
+  end
+end

data/lib/nipper_parser/parsers/pci_audit.rb

@@ -0,0 +1,5 @@
+module NipperParser
+  class PCIAudit
+    #TODO
+  end
+end

data/lib/nipper_parser/parsers/sans_compliance.rb

@@ -0,0 +1,5 @@
+module NipperParser
+  class SANSCompliance
+    #TODO
+  end
+end

data/lib/nipper_parser/parsers/security_audit.rb

@@ -0,0 +1,323 @@
+require 'date'
+require_relative 'parser_utils'
+module NipperParser
+
+  # SecurityAudit parses the 'Security Audit' part including all it's sections.
+  #   Security Audit part contains the following sections:
+  #     - introduction
+  #     - findings
+  #     - Conclusions
+  #     - Recommendations
+  #     - Mitigation Classification
+  #
+  # @example Basic Usage
+  #   require 'nokogiri'
+  #   require 'pp'
+  #   config = Nokogiri::XML open(ARGV[0])
+  #   security_audit = NipperParser::SecurityAudit.new(config)
+  #   pp security_audit.introduction.class
+  #   pp security_audit.introduction.index
+  #   pp security_audit.introduction.title
+  #   pp security_audit.introduction.devices
+  # @example Dealing with findings
+  #   finding = security_audit.findings[0]
+  #   pp finding.class
+  #   pp finding.index
+  #   pp finding.title
+  #   pp finding.ref
+  #   pp finding.affected_devices
+  #   pp finding.finding
+  #   pp finding.impact
+  #   pp finding.recommendation
+  # @example Dealing with report summaries
+  #   pp security_audit.conclusions.class
+  #   pp security_audit.conclusions.per_device
+  #   pp security_audit.conclusions.list_critical
+  #   pp security_audit.recommendations.class
+  #   pp security_audit.recommendations.list
+  #   pp security_audit.mitigation_classification.class
+  #   pp security_audit.mitigation_classification.list_by.fixing[:involved]
+  #   pp security_audit.mitigation_classification.list_by.fixing[:involved][0].rating[:rating]
+  #   pp security_audit.mitigation_classification.list_by.rating[:high]
+  #   pp security_audit.mitigation_classification.list_by.rating[:high][0].rating[:fix]
+  #   pp security_audit.mitigation_classification.statistics.class
+  #   pp security_audit.mitigation_classification.statistics.critical
+  #   pp security_audit.mitigation_classification.statistics.quick
+  #   pp security_audit.mitigation_classification.statistics.report
+  #
+  # @param config [Nokogiri::XML] parsed XML
+  # @attr_reader title the report title
+  # @attr_reader config a parsed XML [Nokogiri::XML] object
+  class SecurityAudit
+    include ParserUtils
+
+    # Skeleton for SecurityAudit parts
+
+    Introduction = Struct.new(
+        # introduction's index
+        :index,
+        :title, :ref, :date, :devices,
+        :security_issue_overview, :rating
+    )
+    Finding = Struct.new(
+        :index, :title, :ref,
+        :affected_devices, :rating,
+        :finding, :impact, :ease, :recommendation
+    )
+    Conclusion = Struct.new(
+        :index, :title, :ref,
+        :per_device, :per_rating,
+        :list_critical, :list_high,
+        :list_medium, :list_low, :list_info
+    )
+    Recommendations = Struct.new(
+        :index, :title, :ref,
+        :list
+    )
+    MitigationClassification = Struct.new(
+        :index, :title, :ref,
+        :list_by, :statistics
+    )
+    ListBy = Struct.new(
+         :fixing,
+         :rating, :all
+    )
+    Statistics = Struct.new(
+         :findings,
+         :critical,
+         :high,
+         :medium,
+         :low,
+         :informational,
+         :quick,
+         :planned,
+         :involved,
+         :report
+    )
+
+    attr_reader :config, :title
+    # @param config [Nokogiri::XML::Document]
+    def initialize(config)
+      @config = config.xpath("//report/part[@ref='SECURITYAUDIT']")[0].elements
+      @title  = @config[0].elements[1].attributes['title'].text
+      introduction
+      findings
+    end
+
+    # Introduction of the Security Audit report
+    def introduction
+      intro = @config[0]
+      index     = attributes(intro).index
+      title     = attributes(intro).title
+      reference = attributes(intro).ref.to_i
+      date      = Date.parse(intro.elements[0].text).to_s
+      devices   = generate_table(intro.elements[1].elements)
+      security_issue_overview = {}
+      intro.elements[2].elements[1..4].map do |issue|
+        security_issue_overview[issue['title']] = issue.text
+      end
+      rating    = generate_table(intro.elements[3].elements[2].elements[1].elements)
+
+      Introduction.new(
+          index, title, reference, date, devices,
+          security_issue_overview, rating
+      )
+    end
+
+    # Parse findings from given configurations
+    # @return [Array<Finding>]
+    def findings
+      findings = @config.to_a.clone
+      findings.shift  # pop first item, the introduction
+      findings.pop(3) # pop last 3 item, conclusion, recommendations, Mitigation Classification
+
+      @findings = findings.map do |finding|
+        Finding.new(
+            attributes(finding).index.to_f,
+            attributes(finding).title,
+            attributes(finding).ref,
+            finding.elements[0].elements[0].elements.map(&:attributes),            # affected_devices
+            rating_table(finding.elements[0].elements[1].elements),        # Rating table
+            finding.elements[2].elements.first(2).map(&:text).join("\n"),         # finding
+            finding.elements[3].elements.text,                                     # impact
+            finding.elements[4].elements.text,                                     # ease
+            finding.elements[5].elements.text                                      # recommendation
+        )
+      end
+    end
+
+    # Conclusions
+    def conclusions
+      conc = @config.search("section[@ref='SECURITY.CONCLUSIONS']")[0]
+      index     = attributes(conc).index.to_f
+      title     = attributes(conc).title
+      reference = attributes(conc).ref
+      per_device = generate_table(conc.elements[1].elements)
+      per_rating = {
+          critical: conc.elements[3].elements.map(&:text),
+          high:     conc.elements[5].elements.map(&:text),
+          medium:   conc.elements[7].elements.map(&:text),
+          low:      conc.elements[9].elements.map(&:text),
+          info:     conc.elements[11].elements.map(&:text)
+      }
+
+      Conclusion.new(
+          index, title, reference, per_device, per_rating,
+          per_rating[:critical], per_rating[:high],
+          per_rating[:medium], per_rating[:low], per_rating[:info],
+      )
+    end
+
+    # Recommendations
+    def recommendations
+      recom = @config.search("section[@ref='SECURITY.RECOMMENDATIONS']")[0]
+      index     = attributes(recom).index.to_f
+      title     = attributes(recom).title
+      reference = attributes(recom).ref
+      list      = generate_table(recom.elements[1].elements)
+
+      Recommendations.new(
+          index, title, reference,
+          list
+      )
+    end
+
+    def mitigation_classification
+      @mitigation = @config.search("section[@ref='SECURITY.MITIGATIONS']")[0]  # @config[-1]
+
+      index     = attributes(@mitigation).index
+      title     = attributes(@mitigation).title
+      reference = attributes(@mitigation).ref
+      MitigationClassification.new(
+          index, title, reference,
+          list_by,
+          statistics
+      )
+
+    end
+
+    private
+    # list_by list different type of mitigation, by fixing type, and by rating type.
+    #
+    # @example:
+    #   list_by.fixing              # @return [Hash]
+    #   list_by.fixing[:quick]      # @return [Array<Findings>]
+    #   list_by.rating              # @return [Hash]
+    #   list_by.rating[:critical]   # @return [Array<Findings>]
+    #   list_by.all                 # @return [Hash]
+    #
+    # @return [ListBy]
+    def list_by
+      @fixing_lists = @mitigation.search('list')
+      _by_fixing  = by_fixing   # @see by_fixing
+      _by_rating  = by_rating   # @see by_rating
+      fixing      = {quick: _by_fixing[0], planned: _by_fixing[1], involved: _by_fixing[2]}
+      rating      = {critical: _by_rating[:critical], high: _by_rating[:high],
+                     medium: _by_rating[:medium], low: _by_rating[:low],
+                     informational: _by_rating[:informational]}
+      _by_all     = {fixing: fixing, rating: rating}
+
+      ListBy.new(
+        _by_all[:fixing],
+        _by_all[:rating],
+        _by_all
+      )
+    end
+
+    # finding_objects maps finding listitems text with the findings object
+    def by_fixing
+      findings = @findings.dup
+      @fixing_lists.map do |_class|
+        _class.search('listitem').map do |item|
+          # if 'finding' reference = item mentioned index (extracted from text 'See section' ),
+          # then return the finding object
+          findings.select{|finding| finding.index == item.text.match(/\d+\.\d+/).to_s.to_f}[0]
+        end
+      end
+    end
+
+    # search in all finding by rating
+    def by_rating
+      findings = @findings.dup
+      rating = {critical: nil, high: nil, medium: nil, low: nil, informational: nil}
+      rating.keys.each do |rate|
+        rating[rate] = findings.select {|finding| finding.rating[:rating].downcase == rate.to_s}
+      end
+
+      rating
+    end
+
+    # mitigation statistics regarding to number of:
+    #  - findings
+    #  - findings by rating
+    #  - findings by fixing
+    # @return [Statistics]
+    def statistics
+      findings = @findings.size
+      ratings = {critical: nil, high: nil, medium: nil, low: nil, informational: nil}
+      ratings.keys.each do |rating|
+        ratings[rating] = {total: list_by.rating[rating].size,
+                           perce: ( (list_by.rating[rating].size/@findings.size.to_f) * 100.0 ).round(2)}
+      end
+      fixing = {quick: nil, involved: nil, planned: nil}
+      fixing.keys.each do |fix|
+        fixing[fix] = {total: list_by.fixing[fix].size,
+                       perce: ( (list_by.fixing[fix].size/@findings.size.to_f) * 100.0 ).round(2)}
+      end
+      report   = {ratings: ratings, fixing: fixing}
+      Statistics.new(
+          findings,
+          ratings[:critical],
+          ratings[:high],
+          ratings[:medium],
+          ratings[:low],
+          ratings[:informational],
+          fixing[:quick],
+          fixing[:involved],
+          fixing[:planned],
+          report
+      )
+    end
+  end
+end
+
+
+
+if __FILE__ == $0
+  require 'nokogiri'
+  require 'pp'
+  require_relative 'parser_utils'
+  config = Nokogiri::XML open(ARGV[0])
+  security_audit = NipperParser::SecurityAudit.new(config)
+  pp security_audit.introduction.class
+  pp security_audit.introduction.index
+  pp security_audit.introduction.title
+  pp security_audit.introduction.rating
+  pp security_audit.introduction.security_issue_overview
+  pp security_audit.introduction.ref
+  pp security_audit.introduction.devices
+  finding = security_audit.findings[0]
+  pp finding.class
+  pp finding.index
+  pp finding.title
+  pp finding.rating
+  pp finding.ref
+  pp finding.affected_devices
+  pp finding.finding
+  pp finding.impact
+  pp finding.recommendation
+  pp security_audit.introduction
+  pp security_audit.conclusions.class
+  pp security_audit.conclusions.per_device
+  pp security_audit.conclusions.list_critical
+  pp security_audit.recommendations.class
+  pp security_audit.recommendations.list
+  pp security_audit.mitigation_classification.class
+  pp security_audit.mitigation_classification.list_by.fixing[:involved]
+  pp security_audit.mitigation_classification.list_by.fixing[:involved][0].rating[:rating]
+  pp security_audit.mitigation_classification.list_by.rating[:high]
+  pp security_audit.mitigation_classification.list_by.rating[:high][0].rating[:fix]
+  pp security_audit.mitigation_classification.statistics.class
+  pp security_audit.mitigation_classification.statistics.findings
+  pp security_audit.mitigation_classification.statistics.report
+end

data/lib/nipper_parser/parsers/stig_compliance.rb

@@ -0,0 +1,5 @@
+module NipperParser
+  class STIGCompliance
+    #TODO
+  end
+end

data/lib/nipper_parser/parsers/vulnerabilty_audit.rb

@@ -0,0 +1,102 @@
+module NipperParser
+
+  # VulnerabilityAudit parse the 'Vulnerability Audit' part.
+  #   Vulnerability Audit part contains the following sections:
+  #     - introduction
+  #     - CVEs
+  #     - Conclusions
+  #     - Recommendations
+  #
+  #
+  #
+  #
+  class VulnerabilityAudit
+    include ParserUtils
+
+    # Skeleton for SecurityAudit parts
+    Introduction = Struct.new(
+        :index, :title, :ref, :date, :devices,
+        :security_issue_overview, :rating
+    )
+    CVE = Struct.new(
+        :index, :title, :ref,
+        :rating, :summary, :affected_devices,
+        :vendor_sec_advisories, :references
+    )
+    Conclusion = Struct.new(
+        :index, :title, :ref,
+        :per_device, :per_rating,
+        :list_critical, :list_high,
+        :list_medium, :list_low, :list_info
+    )
+    Recommendations = Struct.new(
+        :index, :title, :ref,
+        :list
+    )
+
+    attr_reader :config, :title
+
+    def initialize(config)
+      @config = config.xpath("//report/part[@ref='VULNAUDIT']")[0].elements
+      @title  = @config[0].elements[1].attributes['title'].text
+    end
+
+    # CVEs
+    def cves
+      cves = @config.to_a.clone
+      cves.shift  # pop first item, the introduction
+      cves.pop(2) # pop last 2 item, conclusion, recommendations
+
+      cves.map do |cve|
+        CVE.new(
+            attributes(cve).index,
+            attributes(cve).title,
+            attributes(cve).ref,
+            cve.elements[0],                                            # FIXME
+            cve.elements[1].elements.text,                      # summary
+            cve.elements[2].elements[1].elements.map(&:text),   # affect_devices
+            cve.elements[3].elements[1].elements.map(&:text),   # vendor_sec_advisories
+            cve.elements[4].elements[1].elements.map(&:text),   # references
+        )
+      end
+
+    end
+
+    # Conclusions
+    def conclusions
+      conc = @config[-2]
+      index     = attributes(conc).index
+      title     = attributes(conc).title
+      reference = attributes(conc).ref
+      per_device = generate_table(conc.elements[1].elements)
+      per_rating = {
+          critical: conc.elements[3].elements.map(&:text),
+          high:     conc.elements[5].elements.map(&:text),
+          medium:   conc.elements[7].elements.map(&:text),
+          low:      conc.elements[9].elements.map(&:text),
+          info:     conc.elements[11].elements.map(&:text)
+      }
+
+      Conclusion.new(
+          index, title, reference, per_device, per_rating,
+          per_rating[:critical], per_rating[:high],
+          per_rating[:medium], per_rating[:low], per_rating[:info],
+      )
+    end
+
+    # Recommendations
+    def recommendations
+      recom = @config[-1]
+      index     = attributes(recom).index
+      title     = attributes(recom).title
+      reference = attributes(recom).ref
+      list      = generate_table(recom.elements[1].elements)
+
+      Recommendations.new(
+          index, title, reference,
+          list
+      )
+    end
+
+  end
+end

data/lib/nipper_parser/version.rb

@@ -0,0 +1,3 @@
+module NipperParser
+  VERSION = '1.0.0'
+end

data/nipper_parser.gemspec

@@ -0,0 +1,29 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'nipper_parser/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "nipper_parser"
+  spec.version       = NipperParser::VERSION
+  spec.authors       = ["KING SABRI"]
+  spec.email         = ["king.sabri@gmail.com"]
+
+  spec.summary       = %q{Unofficial parser for Titania Nipper Studio XML report.}
+  spec.description   = spec.summary
+  spec.homepage      = "https://github.com/KINGSABRI/nipper_parser"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.required_ruby_version = '>= 2.3.0'
+
+  spec.add_dependency "nokogiri", ">= 1.8.0"
+  spec.add_development_dependency "bundler", "~> 1.14"
+  spec.add_development_dependency "rake", "~> 10.0"
+end

metadata

@@ -0,0 +1,107 @@
+--- !ruby/object:Gem::Specification
+name: nipper_parser
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- KING SABRI
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-08-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.8.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.8.0
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.14'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.14'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: Unofficial parser for Titania Nipper Studio XML report.
+email:
+- king.sabri@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/nipper_parser.rb
+- lib/nipper_parser/parsers/README.md
+- lib/nipper_parser/parsers/cis_compliance.rb
+- lib/nipper_parser/parsers/information.rb
+- lib/nipper_parser/parsers/parser_utils.rb
+- lib/nipper_parser/parsers/pci_audit.rb
+- lib/nipper_parser/parsers/sans_compliance.rb
+- lib/nipper_parser/parsers/security_audit.rb
+- lib/nipper_parser/parsers/stig_compliance.rb
+- lib/nipper_parser/parsers/vulnerabilty_audit.rb
+- lib/nipper_parser/version.rb
+- nipper_parser.gemspec
+homepage: https://github.com/KINGSABRI/nipper_parser
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.11
+signing_key: 
+specification_version: 4
+summary: Unofficial parser for Titania Nipper Studio XML report.
+test_files: []