odle 0.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d1872753a818f50f6e296e552c725cbb501d6d8f
+  data.tar.gz: f0f76bb273a5a1e3c08d2ac28d3c0a4c5f4e5f18
+SHA512:
+  metadata.gz: 3883cb8a3cad9fc64f347e3a90ce95bbcf4ff587cf78a2e9fa7557cc96402dcc3448c4cdf5d83b40a278f85c23b188a28d472f045abc862827dcf22b925e2006
+  data.tar.gz: 818aeceb1ad25ca6ae1f5e274389414f9b68d14e5f1807c27f4c21bc7efc889109d89773136ca2ebe26d5f4d05136411407b4481de00b377b1024c2e96cb1cd2

data/bin/odle

@@ -0,0 +1,31 @@
+#!/usr/bin/env ruby
+
+require 'odle'
+
+# data flags are required
+flags = ARGV.shift
+
+unless flags 
+	puts "[!] A data type is required e.g.\n odle --burp \n\n Available types:"#+list_types()
+	exit(0)
+end
+
+# flags come in the form --type or --type,arg1=val1,arg2=val2
+if flags =~ /,/
+	# complicated flags, not implemented yet
+	all = flags.gsub("--","").split(",")
+
+	type = all[0]
+else
+	type = flags.gsub("--","")
+end
+
+if type.downcase == "burp"
+	puts Burp.new().parse(ARGF.read,"0")
+elsif type.downcase == "nessus"
+	puts Nessus.new().parse(ARGF.read,"0")
+elsif type.downcase == "msf"
+	puts Metasploit.new().parse(ARGF.read,"0")
+else
+	puts "[!] Unknown data type \n\n Available types:"#+list_types()
+end

data/lib/model/data.rb

@@ -0,0 +1,18 @@
+require 'json'
+
+class Host
+    attr_accessor :ip, :port
+end
+
+class Finding
+    attr_accessor :title,:id,:effort,:type,:dread_total,:overview,:poc,:remediation,:notes,:assessment_type,:references,:risk,:damage,:reproducability,:exploitability,:affected_users,:discoverability,:av,:ac,:au,:c,:i,:a,:e,:rl,:rc,:cdp,:td,:cr,:ir,:ar,:cvss_base,:cvss_impact,:cvss_exploitability,:cvss_temporal,:cvss_environmental,:cvss_modified_impact,:cvss_total,:ease,:c2_vs,:attack_vector,:attack_complexity,:privileges_required,:user_interaction,:scope_cvss,:confidentiality,:integrity,:availability,:exploit_maturity,:remeditation_level,:report_confidence,:confidentiality_requirement,:integrity_requirement,:availability_requirement,:mod_attack_vector,:mod_attack_complexity,:mod_privileges_required,:mod_user_interaction,:mod_scope,:mod_confidentiality,:mod_integrity,:mod_availability,:cvss_base_score,:cvss_impact_score,:cvss_mod_impact_score,:c3_vs,:severity,:likelihood,:severity_rationale,:likelihood_rationale,:affected_hosts
+
+    def to_hash
+        hash = {}
+        self.instance_variables.each do |var|
+        	#p var.to_s.gsub("@","")
+            hash[var.to_s.gsub("@","").gsub("\"","")] = self.instance_variable_get var
+        end
+        return hash
+    end
+end

data/lib/odle.rb

@@ -0,0 +1,11 @@
+require 'nokogiri'
+require 'json'
+
+module Odle
+	# load the parsers
+	Dir[File.join(File.dirname(__FILE__), "parsers", "*.rb")].each { |lib| require lib }
+
+	# load the data model
+	Dir[File.join(File.dirname(__FILE__), "model", "*.rb")].each { |lib| require lib }
+
+end

data/lib/parsers/burp.rb

@@ -0,0 +1,54 @@
+require 'json'
+
+    class Burp
+
+      def parse(xml,threshold)
+        vulns = Hash.new
+        findings = Array.new
+        vulns["findings"] = []
+
+        doc = Nokogiri::XML(xml)
+        doc.css('//issues/issue').each do |issue|
+            if issue.css('severity').text
+                # create a temporary finding object
+                finding = Finding.new()
+                finding.title = issue.css('name').text.to_s()
+                finding.overview = issue.css('issueBackground').text.to_s()+issue.css('issueDetail').text.to_s()
+                finding.remediation = issue.css('remediationBackground').text.to_s()
+
+                if issue.css('severity').text == 'Low'
+                    finding.risk = 1
+                elsif issue.css('severity').text == 'Medium'
+                    finding.risk = 2
+                elsif issue.css('severity').text =='High'
+                    finding.risk = 3
+                else
+                    finding.risk = 1
+                end
+
+        
+                finding.type = "Web Application"
+
+                findings << finding
+
+                host = issue.css('host').text
+                ip = issue.css('host').attr('ip')
+                id = issue.css('type').text
+                hostname = "#{ip} #{host}"
+
+                finding.affected_hosts = "#{host} (#{ip})"
+
+                finding.id = id
+                if vulns[hostname]
+                    vulns[hostname] << finding.to_hash
+                else
+                    vulns[hostname] = []
+                    vulns[hostname] << finding.to_hash
+                end
+            end
+        end
+
+        #vulns["findings"] = uniq_findings(findings)
+        return vulns.to_json
+      end
+    end

data/lib/parsers/msfv5.rb

@@ -0,0 +1,30 @@
+require 'json'
+
+class Metasploit
+
+  def parse(xml,threshold)
+    vulns = Hash.new
+    vulns["findings"] = []
+
+    doc = Nokogiri::XML(xml)
+    doc.css('//hosts/host').each do |hostnode|
+        findings = Array.new
+
+        host = hostnode.css("/name").text.to_s
+
+        hostnode.css("/vulns/vuln").each do |issue|
+          # create a temporary finding object
+            finding = Finding.new()
+            finding.title = issue.css('name').text.to_s()
+            finding.overview = issue.css('info').text.to_s()
+            findings << finding.to_hash
+        end
+        vulns[host] = findings
+
+    end
+
+    #vulns["findings"] = uniq_findings(findings)
+    return vulns.to_json
+  end
+
+end

data/lib/parsers/nessus.rb

@@ -0,0 +1,48 @@
+require 'json'
+
+class Nessus
+
+  def parse(xml,threshold)
+    vulns = Hash.new
+    findings = Array.new
+    items = Array.new
+
+    doc = Nokogiri::XML(xml)
+
+    doc.css("//ReportHost").each do |hostnode|
+      if (hostnode["name"] != nil)
+        host = hostnode["name"]
+      end
+      hostnode.css("ReportItem").each do |itemnode|
+        if (itemnode["port"].to_s != "0" && itemnode["severity"] >= threshold)
+
+          # create a temporary finding object
+          finding = Finding.new()
+          finding.title = itemnode['pluginName'].to_s()
+          finding.overview = itemnode.css("description").to_s()
+          finding.remediation = itemnode.css("solution").to_s()
+
+          # can this be inherited from an import properly?
+          finding.type = "Imported"
+          finding.risk = itemnode["severity"]
+          finding.affected_hosts = hostnode["name"]
+          if itemnode.css("plugin_output")
+            finding.notes = hostnode["name"]+" ("+itemnode["protocol"]+ " port " + itemnode["port"]+"):"+itemnode.css("plugin_output").to_s()
+          end
+
+          finding.references = itemnode.css("see_also").to_s
+          finding.id = itemnode['pluginID'].to_s()
+
+          vulns[hostname] << finding.to_hash
+          items << itemnode['pluginID'].to_s()
+        end
+      end
+
+#      vulns[host] = findings
+      items = []
+    end
+
+    return vulns.to_json
+  end
+
+end

metadata

@@ -0,0 +1,53 @@
+--- !ruby/object:Gem::Specification
+name: odle
+version: !ruby/object:Gem::Version
+  version: 0.0.0
+platform: ruby
+authors:
+- Will Vandevanter
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-04-24 00:00:00.000000000 Z
+dependencies: []
+description: An easy to use security data parsing tool. Takes in data from different
+  tools and outputs standardized JSON.
+email: will@silentrobots.com
+executables:
+- odle
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/odle
+- lib/model/data.rb
+- lib/odle.rb
+- lib/parsers/burp.rb
+- lib/parsers/msfv5.rb
+- lib/parsers/nessus.rb
+homepage: http://rubygems.org/gems/odle
+licenses:
+- BSD-3-Clause-Attribution
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+- lib/parsers
+- lib/model
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.12
+signing_key: 
+specification_version: 4
+summary: odle
+test_files: []