odle 0.0.7 → 0.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 303f5b0e063099a999a59f7c28a77bcc70f7ff52
-  data.tar.gz: 5a0db321f57ac8ac697a980f4df7195d5160f7b3
+SHA256:
+  metadata.gz: 8ec265231c7271f7b1e1685f616ff8d84df67462d2f96df94d4be050a165d7fa
+  data.tar.gz: ff613eee0c2faf95d36ef25cf6a7dea86c14d81648764196fd804968147c883c
 SHA512:
-  metadata.gz: 7f378dcf8b3e7a6cf7f61042621a5df8ecb1bd3ba20077d5ecc4654afd1220fb98fd8640c6ab9ad18b54149663097e286c220dfcd06a40de8f0d4503e356de01
-  data.tar.gz: 0cd5f2573e85ada175556629aded5886ea37fb7b12f3057687219b1bc6c2e99e27e40a7a7f2d7169c7bd79e0a2a5e714f1edfc3d94fdabc6693ebc5e6e5974a8
+  metadata.gz: 80aa6244b1305f95aa43b4fd1c267b25912419a07c2c5c3907fe4d1e508a82e3e253590b396da7859bcb02da4a52a94f19889a11190a34a046b338ded7819aa9
+  data.tar.gz: 0eef156c23ef812135e788fd1c62c997968344a2d0d3ad3d4d3ba568fee57b5baf288be3df6843400865ffa5abe3e99a38fb8d263b2eb458b355a4a83b55d5bb

data/bin/odle

@@ -1,12 +1,15 @@
 #!/usr/bin/env ruby
-
 require 'odle'
 
+def list_types()
+	return ["","--burp","--burp2","--nessus","--msf","--nmap"].join("\n")
+end
+
 # data flags are required
 flags = ARGV.shift
 
 unless flags 
-	puts "[!] A data type is required e.g.\n odle --burp \n\n Available types:"#+list_types()
+	puts "[!] A data type is required e.g.\n cat MYDATA_FILE | odle --burp \n\n Available types:"+list_types()
 	exit(0)
 end
 
@@ -22,6 +25,8 @@ end
 
 if type.downcase == "burp"
 	puts Burp.new().parse(ARGF.read,"0")
+elsif type.downcase == "burp2"
+	puts Burp2.new().parse(ARGF.read,"0")
 elsif type.downcase == "nessus"
 	puts Nessus.new().parse(ARGF.read,"0")
 elsif type.downcase == "msf"
@@ -29,5 +34,5 @@ elsif type.downcase == "msf"
 elsif type.downcase == "nmap"
 	puts Nmap.new().parse(ARGF.read,"0")
 else
-	puts "[!] Unknown data type \n\n Available types:"#+list_types()
+	puts "[!] Unknown data type \n\n Available types:"+list_types()
 end

data/lib/parsers/burp2.rb

@@ -0,0 +1,55 @@
+require 'json'
+
+  class Burp2
+    
+    def parse(xml,threshold)
+    vulns = Hash.new
+    findings = Array.new
+    vulns["findings"] = []
+
+    doc = Nokogiri::XML(xml)
+    doc.css('//issues/issue').each do |issue|
+      if issue.css('severity').text
+        # create a temporary finding object
+        finding = Finding.new()
+        finding.title = issue.css('name').text.to_s()
+        finding.overview = issue.css('issueBackground').text.to_s()+issue.css('issueDetail').text.to_s()
+        finding.remediation = issue.css('remediationBackground').text.to_s()
+
+        if issue.css('severity').text == 'Low'
+          finding.risk = 1
+        elsif issue.css('severity').text == 'Medium'
+          finding.risk = 2
+        elsif issue.css('severity').text =='High'
+          finding.risk = 3
+        else
+          finding.risk = 1
+        end
+
+    
+        finding.type = "Web Application"
+
+        findings << finding
+
+        host = issue.css('host').text
+        ip = issue.css('host').attr('ip')
+        id = issue.css('type').text
+        hostname = "#{host}"
+
+        finding.affected_hosts = "#{host} (#{ip})"
+
+        finding.id = id
+        if vulns[hostname]
+          vulns[hostname] << finding.to_hash
+        else
+          vulns[hostname] = []
+          vulns[hostname] << finding.to_hash
+        end
+      end
+    end
+
+    #vulns["findings"] = uniq_findings(findings)
+    return vulns.to_json
+    end
+
+  end

data/lib/parsers/nmap.rb

@@ -46,8 +46,9 @@ class Nmap
         finding = Finding.new()
         finding.affected_hosts = affected_hosts
 
+        # if a script was run, grab the results
         if port.css("/script").size > 0 
-          finding.title = "Script Result:"+port.css("/script").attr("id").value+" [#{state} #{portid} (#{service})]"
+          finding.title = "Script Scan:"+port.css("/script").attr("id").value+" [#{state} #{portid} (#{service})]"
           finding.overview = port.css("/script").attr("output").value
           vulns[host] << finding.to_hash                
         else
@@ -58,39 +59,8 @@ class Nmap
         end
 
       end
-
-
-
-
-      # check if findings done, otherwise one finding per 'host'
-
-=begin    
-        if (itemnode["port"].to_s != "0" && itemnode["severity"] >= threshold)
-
-          # create a temporary finding object
-          finding = Finding.new()
-          finding.title = itemnode['pluginName'].to_s()
-          finding.overview = itemnode.css("description").to_s()
-          finding.remediation = itemnode.css("solution").to_s()
-
-          # can this be inherited from an import properly?
-          finding.type = "Imported"
-          finding.risk = itemnode["severity"]
-          finding.affected_hosts = hostnode["name"]
-          if itemnode.css("plugin_output")
-            finding.notes = hostnode["name"]+" ("+itemnode["protocol"]+ " port " + itemnode["port"]+"):"+itemnode.css("plugin_output").to_s()
-          end
-
-          finding.references = itemnode.css("see_also").to_s
-          finding.id = itemnode['pluginID'].to_s()
-
-          vulns[host] << finding.to_hash
-          items << itemnode['pluginID'].to_s()
-        end
-=end
       end
 
-#      vulns[host] = findings
       items = []
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: odle
 version: !ruby/object:Gem::Version
-  version: 0.0.7
+  version: 0.0.8
 platform: ruby
 authors:
 - Will Vandevanter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-05-13 00:00:00.000000000 Z
+date: 2018-10-23 00:00:00.000000000 Z
 dependencies: []
 description: An easy to use security data parsing tool. Takes in data from different
   tools and outputs standardized JSON.
@@ -22,6 +22,7 @@ files:
 - lib/model/data.rb
 - lib/odle.rb
 - lib/parsers/burp.rb
+- lib/parsers/burp2.rb
 - lib/parsers/msfv5.rb
 - lib/parsers/nessus.rb
 - lib/parsers/nmap.rb
@@ -47,7 +48,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.12
+rubygems_version: 2.7.7
 signing_key: 
 specification_version: 4
 summary: odle