odle 0.0.6 → 0.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/odle +2 -0
- data/lib/parsers/nmap.rb +100 -0
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 303f5b0e063099a999a59f7c28a77bcc70f7ff52
|
|
4
|
+
data.tar.gz: 5a0db321f57ac8ac697a980f4df7195d5160f7b3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7f378dcf8b3e7a6cf7f61042621a5df8ecb1bd3ba20077d5ecc4654afd1220fb98fd8640c6ab9ad18b54149663097e286c220dfcd06a40de8f0d4503e356de01
|
|
7
|
+
data.tar.gz: 0cd5f2573e85ada175556629aded5886ea37fb7b12f3057687219b1bc6c2e99e27e40a7a7f2d7169c7bd79e0a2a5e714f1edfc3d94fdabc6693ebc5e6e5974a8
|
data/bin/odle
CHANGED
|
@@ -26,6 +26,8 @@ elsif type.downcase == "nessus"
|
|
|
26
26
|
puts Nessus.new().parse(ARGF.read,"0")
|
|
27
27
|
elsif type.downcase == "msf"
|
|
28
28
|
puts Metasploit.new().parse(ARGF.read,"0")
|
|
29
|
+
elsif type.downcase == "nmap"
|
|
30
|
+
puts Nmap.new().parse(ARGF.read,"0")
|
|
29
31
|
else
|
|
30
32
|
puts "[!] Unknown data type \n\n Available types:"#+list_types()
|
|
31
33
|
end
|
data/lib/parsers/nmap.rb
ADDED
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
require 'json'
|
|
2
|
+
|
|
3
|
+
class Nmap
|
|
4
|
+
|
|
5
|
+
def parse(xml,threshold)
|
|
6
|
+
vulns = Hash.new
|
|
7
|
+
findings = Array.new
|
|
8
|
+
items = Array.new
|
|
9
|
+
|
|
10
|
+
doc = Nokogiri::XML(xml)
|
|
11
|
+
|
|
12
|
+
#p doc
|
|
13
|
+
doc.css("//host").each do |hostnode|
|
|
14
|
+
address = hostnode.css("address")
|
|
15
|
+
host = address.attr("addr")
|
|
16
|
+
host = " " unless host
|
|
17
|
+
vulns[host] = []
|
|
18
|
+
affected_hosts = ""
|
|
19
|
+
|
|
20
|
+
hostnode.css("/hostnames").each do |hname|
|
|
21
|
+
hostname = hname.attr("hostname")
|
|
22
|
+
|
|
23
|
+
hname.traverse do |x|
|
|
24
|
+
if x.values[0]
|
|
25
|
+
if affected_hosts == ""
|
|
26
|
+
affected_hosts = x.values[0]
|
|
27
|
+
else
|
|
28
|
+
affected_hosts = affected_hosts + " " + x.values[0]
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
# finding is one per host
|
|
34
|
+
finding = Finding.new()
|
|
35
|
+
finding.affected_hosts = affected_hosts
|
|
36
|
+
vulns[host] << finding.to_hash
|
|
37
|
+
|
|
38
|
+
# finding is one per open port
|
|
39
|
+
hostnode.css("/ports/port").each do |port|
|
|
40
|
+
proto = port.attr("protocol")
|
|
41
|
+
portid = port.attr("portid")
|
|
42
|
+
state = port.css("/state").attr("state").value
|
|
43
|
+
service = port.css("/service").attr("name").value
|
|
44
|
+
|
|
45
|
+
# iterate the state
|
|
46
|
+
finding = Finding.new()
|
|
47
|
+
finding.affected_hosts = affected_hosts
|
|
48
|
+
|
|
49
|
+
if port.css("/script").size > 0
|
|
50
|
+
finding.title = "Script Result:"+port.css("/script").attr("id").value+" [#{state} #{portid} (#{service})]"
|
|
51
|
+
finding.overview = port.css("/script").attr("output").value
|
|
52
|
+
vulns[host] << finding.to_hash
|
|
53
|
+
else
|
|
54
|
+
if state == "open"
|
|
55
|
+
finding.title = "Open port [#{state} #{portid} (#{service})]"
|
|
56
|
+
vulns[host] << finding.to_hash
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
|
|
63
|
+
|
|
64
|
+
|
|
65
|
+
# check if findings done, otherwise one finding per 'host'
|
|
66
|
+
|
|
67
|
+
=begin
|
|
68
|
+
if (itemnode["port"].to_s != "0" && itemnode["severity"] >= threshold)
|
|
69
|
+
|
|
70
|
+
# create a temporary finding object
|
|
71
|
+
finding = Finding.new()
|
|
72
|
+
finding.title = itemnode['pluginName'].to_s()
|
|
73
|
+
finding.overview = itemnode.css("description").to_s()
|
|
74
|
+
finding.remediation = itemnode.css("solution").to_s()
|
|
75
|
+
|
|
76
|
+
# can this be inherited from an import properly?
|
|
77
|
+
finding.type = "Imported"
|
|
78
|
+
finding.risk = itemnode["severity"]
|
|
79
|
+
finding.affected_hosts = hostnode["name"]
|
|
80
|
+
if itemnode.css("plugin_output")
|
|
81
|
+
finding.notes = hostnode["name"]+" ("+itemnode["protocol"]+ " port " + itemnode["port"]+"):"+itemnode.css("plugin_output").to_s()
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
finding.references = itemnode.css("see_also").to_s
|
|
85
|
+
finding.id = itemnode['pluginID'].to_s()
|
|
86
|
+
|
|
87
|
+
vulns[host] << finding.to_hash
|
|
88
|
+
items << itemnode['pluginID'].to_s()
|
|
89
|
+
end
|
|
90
|
+
=end
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
# vulns[host] = findings
|
|
94
|
+
items = []
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
return vulns.to_json
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: odle
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Will Vandevanter
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-05-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: An easy to use security data parsing tool. Takes in data from different
|
|
14
14
|
tools and outputs standardized JSON.
|
|
@@ -24,6 +24,7 @@ files:
|
|
|
24
24
|
- lib/parsers/burp.rb
|
|
25
25
|
- lib/parsers/msfv5.rb
|
|
26
26
|
- lib/parsers/nessus.rb
|
|
27
|
+
- lib/parsers/nmap.rb
|
|
27
28
|
homepage: http://rubygems.org/gems/odle
|
|
28
29
|
licenses:
|
|
29
30
|
- BSD-3-Clause-Attribution
|