odle 0.0.6 → 0.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/odle +2 -0
- data/lib/parsers/nmap.rb +100 -0
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 303f5b0e063099a999a59f7c28a77bcc70f7ff52
|
4
|
+
data.tar.gz: 5a0db321f57ac8ac697a980f4df7195d5160f7b3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7f378dcf8b3e7a6cf7f61042621a5df8ecb1bd3ba20077d5ecc4654afd1220fb98fd8640c6ab9ad18b54149663097e286c220dfcd06a40de8f0d4503e356de01
|
7
|
+
data.tar.gz: 0cd5f2573e85ada175556629aded5886ea37fb7b12f3057687219b1bc6c2e99e27e40a7a7f2d7169c7bd79e0a2a5e714f1edfc3d94fdabc6693ebc5e6e5974a8
|
data/bin/odle
CHANGED
@@ -26,6 +26,8 @@ elsif type.downcase == "nessus"
|
|
26
26
|
puts Nessus.new().parse(ARGF.read,"0")
|
27
27
|
elsif type.downcase == "msf"
|
28
28
|
puts Metasploit.new().parse(ARGF.read,"0")
|
29
|
+
elsif type.downcase == "nmap"
|
30
|
+
puts Nmap.new().parse(ARGF.read,"0")
|
29
31
|
else
|
30
32
|
puts "[!] Unknown data type \n\n Available types:"#+list_types()
|
31
33
|
end
|
data/lib/parsers/nmap.rb
ADDED
@@ -0,0 +1,100 @@
|
|
1
|
+
require 'json'
|
2
|
+
|
3
|
+
class Nmap
|
4
|
+
|
5
|
+
def parse(xml,threshold)
|
6
|
+
vulns = Hash.new
|
7
|
+
findings = Array.new
|
8
|
+
items = Array.new
|
9
|
+
|
10
|
+
doc = Nokogiri::XML(xml)
|
11
|
+
|
12
|
+
#p doc
|
13
|
+
doc.css("//host").each do |hostnode|
|
14
|
+
address = hostnode.css("address")
|
15
|
+
host = address.attr("addr")
|
16
|
+
host = " " unless host
|
17
|
+
vulns[host] = []
|
18
|
+
affected_hosts = ""
|
19
|
+
|
20
|
+
hostnode.css("/hostnames").each do |hname|
|
21
|
+
hostname = hname.attr("hostname")
|
22
|
+
|
23
|
+
hname.traverse do |x|
|
24
|
+
if x.values[0]
|
25
|
+
if affected_hosts == ""
|
26
|
+
affected_hosts = x.values[0]
|
27
|
+
else
|
28
|
+
affected_hosts = affected_hosts + " " + x.values[0]
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
# finding is one per host
|
34
|
+
finding = Finding.new()
|
35
|
+
finding.affected_hosts = affected_hosts
|
36
|
+
vulns[host] << finding.to_hash
|
37
|
+
|
38
|
+
# finding is one per open port
|
39
|
+
hostnode.css("/ports/port").each do |port|
|
40
|
+
proto = port.attr("protocol")
|
41
|
+
portid = port.attr("portid")
|
42
|
+
state = port.css("/state").attr("state").value
|
43
|
+
service = port.css("/service").attr("name").value
|
44
|
+
|
45
|
+
# iterate the state
|
46
|
+
finding = Finding.new()
|
47
|
+
finding.affected_hosts = affected_hosts
|
48
|
+
|
49
|
+
if port.css("/script").size > 0
|
50
|
+
finding.title = "Script Result:"+port.css("/script").attr("id").value+" [#{state} #{portid} (#{service})]"
|
51
|
+
finding.overview = port.css("/script").attr("output").value
|
52
|
+
vulns[host] << finding.to_hash
|
53
|
+
else
|
54
|
+
if state == "open"
|
55
|
+
finding.title = "Open port [#{state} #{portid} (#{service})]"
|
56
|
+
vulns[host] << finding.to_hash
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
end
|
61
|
+
|
62
|
+
|
63
|
+
|
64
|
+
|
65
|
+
# check if findings done, otherwise one finding per 'host'
|
66
|
+
|
67
|
+
=begin
|
68
|
+
if (itemnode["port"].to_s != "0" && itemnode["severity"] >= threshold)
|
69
|
+
|
70
|
+
# create a temporary finding object
|
71
|
+
finding = Finding.new()
|
72
|
+
finding.title = itemnode['pluginName'].to_s()
|
73
|
+
finding.overview = itemnode.css("description").to_s()
|
74
|
+
finding.remediation = itemnode.css("solution").to_s()
|
75
|
+
|
76
|
+
# can this be inherited from an import properly?
|
77
|
+
finding.type = "Imported"
|
78
|
+
finding.risk = itemnode["severity"]
|
79
|
+
finding.affected_hosts = hostnode["name"]
|
80
|
+
if itemnode.css("plugin_output")
|
81
|
+
finding.notes = hostnode["name"]+" ("+itemnode["protocol"]+ " port " + itemnode["port"]+"):"+itemnode.css("plugin_output").to_s()
|
82
|
+
end
|
83
|
+
|
84
|
+
finding.references = itemnode.css("see_also").to_s
|
85
|
+
finding.id = itemnode['pluginID'].to_s()
|
86
|
+
|
87
|
+
vulns[host] << finding.to_hash
|
88
|
+
items << itemnode['pluginID'].to_s()
|
89
|
+
end
|
90
|
+
=end
|
91
|
+
end
|
92
|
+
|
93
|
+
# vulns[host] = findings
|
94
|
+
items = []
|
95
|
+
end
|
96
|
+
|
97
|
+
return vulns.to_json
|
98
|
+
end
|
99
|
+
|
100
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: odle
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Will Vandevanter
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-05-13 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: An easy to use security data parsing tool. Takes in data from different
|
14
14
|
tools and outputs standardized JSON.
|
@@ -24,6 +24,7 @@ files:
|
|
24
24
|
- lib/parsers/burp.rb
|
25
25
|
- lib/parsers/msfv5.rb
|
26
26
|
- lib/parsers/nessus.rb
|
27
|
+
- lib/parsers/nmap.rb
|
27
28
|
homepage: http://rubygems.org/gems/odle
|
28
29
|
licenses:
|
29
30
|
- BSD-3-Clause-Attribution
|