odle 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/parsers/burp.rb +52 -48
- data/lib/parsers/msfv5.rb +16 -13
- data/lib/parsers/nessus.rb +8 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2207f62bcdb1e9e5fcc201eb5c4c1bf2462ff884
|
|
4
|
+
data.tar.gz: 34f78547767598a6574119515935f3b369193a7d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a50be8fd9c39e180bee936229b859f5a24cf35876af21188ae7981e1cded9f892b6d0d53ae2ea8ca57e4d9b0f018f5b2ec11c44321824c29cd9e167c8dc6d81f
|
|
7
|
+
data.tar.gz: b7127b79e980155ffe0cfb07753e80c24541fe00bc4d2f5c569a9217a899c219490620a09d7477b68cba823eccd9f2ade8aa0eb7cedfc7fe40839b79b4f60e17
|
data/lib/parsers/burp.rb
CHANGED
|
@@ -1,54 +1,58 @@
|
|
|
1
1
|
require 'json'
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
findings << finding
|
|
33
|
-
|
|
34
|
-
host = issue.css('host').text
|
|
35
|
-
ip = issue.css('host').attr('ip')
|
|
36
|
-
id = issue.css('type').text
|
|
37
|
-
hostname = "#{ip} #{host}"
|
|
38
|
-
|
|
39
|
-
finding.affected_hosts = "#{host} (#{ip})"
|
|
40
|
-
|
|
41
|
-
finding.id = id
|
|
42
|
-
if vulns[hostname]
|
|
43
|
-
vulns[hostname] << finding.to_hash
|
|
44
|
-
else
|
|
45
|
-
vulns[hostname] = []
|
|
46
|
-
vulns[hostname] << finding.to_hash
|
|
47
|
-
end
|
|
48
|
-
end
|
|
3
|
+
class Burp
|
|
4
|
+
|
|
5
|
+
def parse(xml)
|
|
6
|
+
parse(xml,0)
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def parse(xml,threshold)
|
|
10
|
+
vulns = Hash.new
|
|
11
|
+
findings = Array.new
|
|
12
|
+
vulns["findings"] = []
|
|
13
|
+
|
|
14
|
+
doc = Nokogiri::XML(xml)
|
|
15
|
+
doc.css('//issues/issue').each do |issue|
|
|
16
|
+
if issue.css('severity').text
|
|
17
|
+
# create a temporary finding object
|
|
18
|
+
finding = Finding.new()
|
|
19
|
+
finding.title = issue.css('name').text.to_s()
|
|
20
|
+
finding.overview = issue.css('issueBackground').text.to_s()+issue.css('issueDetail').text.to_s()
|
|
21
|
+
finding.remediation = issue.css('remediationBackground').text.to_s()
|
|
22
|
+
|
|
23
|
+
if issue.css('severity').text == 'Low'
|
|
24
|
+
finding.risk = 1
|
|
25
|
+
elsif issue.css('severity').text == 'Medium'
|
|
26
|
+
finding.risk = 2
|
|
27
|
+
elsif issue.css('severity').text =='High'
|
|
28
|
+
finding.risk = 3
|
|
29
|
+
else
|
|
30
|
+
finding.risk = 1
|
|
49
31
|
end
|
|
50
32
|
|
|
51
|
-
|
|
52
|
-
|
|
33
|
+
|
|
34
|
+
finding.type = "Web Application"
|
|
35
|
+
|
|
36
|
+
findings << finding
|
|
37
|
+
|
|
38
|
+
host = issue.css('host').text
|
|
39
|
+
ip = issue.css('host').attr('ip')
|
|
40
|
+
id = issue.css('type').text
|
|
41
|
+
hostname = "#{ip} #{host}"
|
|
42
|
+
|
|
43
|
+
finding.affected_hosts = "#{host} (#{ip})"
|
|
44
|
+
|
|
45
|
+
finding.id = id
|
|
46
|
+
if vulns[hostname]
|
|
47
|
+
vulns[hostname] << finding.to_hash
|
|
48
|
+
else
|
|
49
|
+
vulns[hostname] = []
|
|
50
|
+
vulns[hostname] << finding.to_hash
|
|
51
|
+
end
|
|
53
52
|
end
|
|
54
53
|
end
|
|
54
|
+
|
|
55
|
+
#vulns["findings"] = uniq_findings(findings)
|
|
56
|
+
return vulns.to_json
|
|
57
|
+
end
|
|
58
|
+
end
|
data/lib/parsers/msfv5.rb
CHANGED
|
@@ -2,25 +2,28 @@ require 'json'
|
|
|
2
2
|
|
|
3
3
|
class Metasploit
|
|
4
4
|
|
|
5
|
+
def parse(xml)
|
|
6
|
+
parse(xml,0)
|
|
7
|
+
end
|
|
8
|
+
|
|
5
9
|
def parse(xml,threshold)
|
|
6
10
|
vulns = Hash.new
|
|
7
11
|
vulns["findings"] = []
|
|
8
12
|
|
|
9
13
|
doc = Nokogiri::XML(xml)
|
|
10
14
|
doc.css('//hosts/host').each do |hostnode|
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
15
|
+
findings = Array.new
|
|
16
|
+
|
|
17
|
+
host = hostnode.css("/name").text.to_s
|
|
18
|
+
|
|
19
|
+
hostnode.css("/vulns/vuln").each do |issue|
|
|
20
|
+
# create a temporary finding object
|
|
21
|
+
finding = Finding.new()
|
|
22
|
+
finding.title = issue.css('name').text.to_s()
|
|
23
|
+
finding.overview = issue.css('info').text.to_s()
|
|
24
|
+
findings << finding.to_hash
|
|
25
|
+
end
|
|
26
|
+
vulns[host] = findings
|
|
24
27
|
end
|
|
25
28
|
|
|
26
29
|
#vulns["findings"] = uniq_findings(findings)
|
data/lib/parsers/nessus.rb
CHANGED
|
@@ -2,6 +2,10 @@ require 'json'
|
|
|
2
2
|
|
|
3
3
|
class Nessus
|
|
4
4
|
|
|
5
|
+
def parse(xml)
|
|
6
|
+
parse(xml,0)
|
|
7
|
+
end
|
|
8
|
+
|
|
5
9
|
def parse(xml,threshold)
|
|
6
10
|
vulns = Hash.new
|
|
7
11
|
findings = Array.new
|
|
@@ -10,10 +14,13 @@ class Nessus
|
|
|
10
14
|
doc = Nokogiri::XML(xml)
|
|
11
15
|
|
|
12
16
|
doc.css("//ReportHost").each do |hostnode|
|
|
17
|
+
|
|
13
18
|
if (hostnode["name"] != nil)
|
|
14
19
|
host = hostnode["name"]
|
|
15
20
|
end
|
|
21
|
+
|
|
16
22
|
hostnode.css("ReportItem").each do |itemnode|
|
|
23
|
+
|
|
17
24
|
if (itemnode["port"].to_s != "0" && itemnode["severity"] >= threshold)
|
|
18
25
|
|
|
19
26
|
# create a temporary finding object
|
|
@@ -38,7 +45,7 @@ class Nessus
|
|
|
38
45
|
end
|
|
39
46
|
end
|
|
40
47
|
|
|
41
|
-
#
|
|
48
|
+
# vulns[host] = findings
|
|
42
49
|
items = []
|
|
43
50
|
end
|
|
44
51
|
|