odle 0.0.7 → 0.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/bin/odle +8 -3
- data/lib/parsers/burp2.rb +55 -0
- data/lib/parsers/nmap.rb +2 -32
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 8ec265231c7271f7b1e1685f616ff8d84df67462d2f96df94d4be050a165d7fa
|
|
4
|
+
data.tar.gz: ff613eee0c2faf95d36ef25cf6a7dea86c14d81648764196fd804968147c883c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 80aa6244b1305f95aa43b4fd1c267b25912419a07c2c5c3907fe4d1e508a82e3e253590b396da7859bcb02da4a52a94f19889a11190a34a046b338ded7819aa9
|
|
7
|
+
data.tar.gz: 0eef156c23ef812135e788fd1c62c997968344a2d0d3ad3d4d3ba568fee57b5baf288be3df6843400865ffa5abe3e99a38fb8d263b2eb458b355a4a83b55d5bb
|
data/bin/odle
CHANGED
|
@@ -1,12 +1,15 @@
|
|
|
1
1
|
#!/usr/bin/env ruby
|
|
2
|
-
|
|
3
2
|
require 'odle'
|
|
4
3
|
|
|
4
|
+
def list_types()
|
|
5
|
+
return ["","--burp","--burp2","--nessus","--msf","--nmap"].join("\n")
|
|
6
|
+
end
|
|
7
|
+
|
|
5
8
|
# data flags are required
|
|
6
9
|
flags = ARGV.shift
|
|
7
10
|
|
|
8
11
|
unless flags
|
|
9
|
-
puts "[!] A data type is required e.g.\n odle --burp \n\n Available types:"
|
|
12
|
+
puts "[!] A data type is required e.g.\n cat MYDATA_FILE | odle --burp \n\n Available types:"+list_types()
|
|
10
13
|
exit(0)
|
|
11
14
|
end
|
|
12
15
|
|
|
@@ -22,6 +25,8 @@ end
|
|
|
22
25
|
|
|
23
26
|
if type.downcase == "burp"
|
|
24
27
|
puts Burp.new().parse(ARGF.read,"0")
|
|
28
|
+
elsif type.downcase == "burp2"
|
|
29
|
+
puts Burp2.new().parse(ARGF.read,"0")
|
|
25
30
|
elsif type.downcase == "nessus"
|
|
26
31
|
puts Nessus.new().parse(ARGF.read,"0")
|
|
27
32
|
elsif type.downcase == "msf"
|
|
@@ -29,5 +34,5 @@ elsif type.downcase == "msf"
|
|
|
29
34
|
elsif type.downcase == "nmap"
|
|
30
35
|
puts Nmap.new().parse(ARGF.read,"0")
|
|
31
36
|
else
|
|
32
|
-
puts "[!] Unknown data type \n\n Available types:"
|
|
37
|
+
puts "[!] Unknown data type \n\n Available types:"+list_types()
|
|
33
38
|
end
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
require 'json'
|
|
2
|
+
|
|
3
|
+
class Burp2
|
|
4
|
+
|
|
5
|
+
def parse(xml,threshold)
|
|
6
|
+
vulns = Hash.new
|
|
7
|
+
findings = Array.new
|
|
8
|
+
vulns["findings"] = []
|
|
9
|
+
|
|
10
|
+
doc = Nokogiri::XML(xml)
|
|
11
|
+
doc.css('//issues/issue').each do |issue|
|
|
12
|
+
if issue.css('severity').text
|
|
13
|
+
# create a temporary finding object
|
|
14
|
+
finding = Finding.new()
|
|
15
|
+
finding.title = issue.css('name').text.to_s()
|
|
16
|
+
finding.overview = issue.css('issueBackground').text.to_s()+issue.css('issueDetail').text.to_s()
|
|
17
|
+
finding.remediation = issue.css('remediationBackground').text.to_s()
|
|
18
|
+
|
|
19
|
+
if issue.css('severity').text == 'Low'
|
|
20
|
+
finding.risk = 1
|
|
21
|
+
elsif issue.css('severity').text == 'Medium'
|
|
22
|
+
finding.risk = 2
|
|
23
|
+
elsif issue.css('severity').text =='High'
|
|
24
|
+
finding.risk = 3
|
|
25
|
+
else
|
|
26
|
+
finding.risk = 1
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
|
|
30
|
+
finding.type = "Web Application"
|
|
31
|
+
|
|
32
|
+
findings << finding
|
|
33
|
+
|
|
34
|
+
host = issue.css('host').text
|
|
35
|
+
ip = issue.css('host').attr('ip')
|
|
36
|
+
id = issue.css('type').text
|
|
37
|
+
hostname = "#{host}"
|
|
38
|
+
|
|
39
|
+
finding.affected_hosts = "#{host} (#{ip})"
|
|
40
|
+
|
|
41
|
+
finding.id = id
|
|
42
|
+
if vulns[hostname]
|
|
43
|
+
vulns[hostname] << finding.to_hash
|
|
44
|
+
else
|
|
45
|
+
vulns[hostname] = []
|
|
46
|
+
vulns[hostname] << finding.to_hash
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
#vulns["findings"] = uniq_findings(findings)
|
|
52
|
+
return vulns.to_json
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
end
|
data/lib/parsers/nmap.rb
CHANGED
|
@@ -46,8 +46,9 @@ class Nmap
|
|
|
46
46
|
finding = Finding.new()
|
|
47
47
|
finding.affected_hosts = affected_hosts
|
|
48
48
|
|
|
49
|
+
# if a script was run, grab the results
|
|
49
50
|
if port.css("/script").size > 0
|
|
50
|
-
finding.title = "Script
|
|
51
|
+
finding.title = "Script Scan:"+port.css("/script").attr("id").value+" [#{state} #{portid} (#{service})]"
|
|
51
52
|
finding.overview = port.css("/script").attr("output").value
|
|
52
53
|
vulns[host] << finding.to_hash
|
|
53
54
|
else
|
|
@@ -58,39 +59,8 @@ class Nmap
|
|
|
58
59
|
end
|
|
59
60
|
|
|
60
61
|
end
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
# check if findings done, otherwise one finding per 'host'
|
|
66
|
-
|
|
67
|
-
=begin
|
|
68
|
-
if (itemnode["port"].to_s != "0" && itemnode["severity"] >= threshold)
|
|
69
|
-
|
|
70
|
-
# create a temporary finding object
|
|
71
|
-
finding = Finding.new()
|
|
72
|
-
finding.title = itemnode['pluginName'].to_s()
|
|
73
|
-
finding.overview = itemnode.css("description").to_s()
|
|
74
|
-
finding.remediation = itemnode.css("solution").to_s()
|
|
75
|
-
|
|
76
|
-
# can this be inherited from an import properly?
|
|
77
|
-
finding.type = "Imported"
|
|
78
|
-
finding.risk = itemnode["severity"]
|
|
79
|
-
finding.affected_hosts = hostnode["name"]
|
|
80
|
-
if itemnode.css("plugin_output")
|
|
81
|
-
finding.notes = hostnode["name"]+" ("+itemnode["protocol"]+ " port " + itemnode["port"]+"):"+itemnode.css("plugin_output").to_s()
|
|
82
|
-
end
|
|
83
|
-
|
|
84
|
-
finding.references = itemnode.css("see_also").to_s
|
|
85
|
-
finding.id = itemnode['pluginID'].to_s()
|
|
86
|
-
|
|
87
|
-
vulns[host] << finding.to_hash
|
|
88
|
-
items << itemnode['pluginID'].to_s()
|
|
89
|
-
end
|
|
90
|
-
=end
|
|
91
62
|
end
|
|
92
63
|
|
|
93
|
-
# vulns[host] = findings
|
|
94
64
|
items = []
|
|
95
65
|
end
|
|
96
66
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: odle
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Will Vandevanter
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-10-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: An easy to use security data parsing tool. Takes in data from different
|
|
14
14
|
tools and outputs standardized JSON.
|
|
@@ -22,6 +22,7 @@ files:
|
|
|
22
22
|
- lib/model/data.rb
|
|
23
23
|
- lib/odle.rb
|
|
24
24
|
- lib/parsers/burp.rb
|
|
25
|
+
- lib/parsers/burp2.rb
|
|
25
26
|
- lib/parsers/msfv5.rb
|
|
26
27
|
- lib/parsers/nessus.rb
|
|
27
28
|
- lib/parsers/nmap.rb
|
|
@@ -47,7 +48,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
47
48
|
version: '0'
|
|
48
49
|
requirements: []
|
|
49
50
|
rubyforge_project:
|
|
50
|
-
rubygems_version: 2.
|
|
51
|
+
rubygems_version: 2.7.7
|
|
51
52
|
signing_key:
|
|
52
53
|
specification_version: 4
|
|
53
54
|
summary: odle
|