odle 0.0.6 → 0.0.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/bin/odle +2 -0
  3. data/lib/parsers/nmap.rb +100 -0
  4. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 948ef30d9f7dc55d450d33cab9843c0185e68791
4
- data.tar.gz: aabe677ecd8dd3409707769dbc9e59d7111eff6d
3
+ metadata.gz: 303f5b0e063099a999a59f7c28a77bcc70f7ff52
4
+ data.tar.gz: 5a0db321f57ac8ac697a980f4df7195d5160f7b3
5
5
  SHA512:
6
- metadata.gz: f10fb223677fbed605092b651f3f6f1df85a9ddae8ef88af69f15dc6d30437a0b27ad4212ee3b538981831942c271181b5063a37ed94cfecb4442986925e8c69
7
- data.tar.gz: 90d9a6a72eec331e2b61774dd762413514f0195b40fcba68c36289553c9a8f591ab869984c117773f1651cc31647ab816355a500a8cdccc0524113e0d37d4e5b
6
+ metadata.gz: 7f378dcf8b3e7a6cf7f61042621a5df8ecb1bd3ba20077d5ecc4654afd1220fb98fd8640c6ab9ad18b54149663097e286c220dfcd06a40de8f0d4503e356de01
7
+ data.tar.gz: 0cd5f2573e85ada175556629aded5886ea37fb7b12f3057687219b1bc6c2e99e27e40a7a7f2d7169c7bd79e0a2a5e714f1edfc3d94fdabc6693ebc5e6e5974a8
data/bin/odle CHANGED
@@ -26,6 +26,8 @@ elsif type.downcase == "nessus"
26
26
  puts Nessus.new().parse(ARGF.read,"0")
27
27
  elsif type.downcase == "msf"
28
28
  puts Metasploit.new().parse(ARGF.read,"0")
29
+ elsif type.downcase == "nmap"
30
+ puts Nmap.new().parse(ARGF.read,"0")
29
31
  else
30
32
  puts "[!] Unknown data type \n\n Available types:"#+list_types()
31
33
  end
data/lib/parsers/nmap.rb ADDED
@@ -0,0 +1,100 @@
1
+ require 'json'
2
+
3
+ class Nmap
4
+
5
+ def parse(xml,threshold)
6
+ vulns = Hash.new
7
+ findings = Array.new
8
+ items = Array.new
9
+
10
+ doc = Nokogiri::XML(xml)
11
+
12
+ #p doc
13
+ doc.css("//host").each do |hostnode|
14
+ address = hostnode.css("address")
15
+ host = address.attr("addr")
16
+ host = " " unless host
17
+ vulns[host] = []
18
+ affected_hosts = ""
19
+
20
+ hostnode.css("/hostnames").each do |hname|
21
+ hostname = hname.attr("hostname")
22
+
23
+ hname.traverse do |x|
24
+ if x.values[0]
25
+ if affected_hosts == ""
26
+ affected_hosts = x.values[0]
27
+ else
28
+ affected_hosts = affected_hosts + " " + x.values[0]
29
+ end
30
+ end
31
+ end
32
+
33
+ # finding is one per host
34
+ finding = Finding.new()
35
+ finding.affected_hosts = affected_hosts
36
+ vulns[host] << finding.to_hash
37
+
38
+ # finding is one per open port
39
+ hostnode.css("/ports/port").each do |port|
40
+ proto = port.attr("protocol")
41
+ portid = port.attr("portid")
42
+ state = port.css("/state").attr("state").value
43
+ service = port.css("/service").attr("name").value
44
+
45
+ # iterate the state
46
+ finding = Finding.new()
47
+ finding.affected_hosts = affected_hosts
48
+
49
+ if port.css("/script").size > 0
50
+ finding.title = "Script Result:"+port.css("/script").attr("id").value+" [#{state} #{portid} (#{service})]"
51
+ finding.overview = port.css("/script").attr("output").value
52
+ vulns[host] << finding.to_hash
53
+ else
54
+ if state == "open"
55
+ finding.title = "Open port [#{state} #{portid} (#{service})]"
56
+ vulns[host] << finding.to_hash
57
+ end
58
+ end
59
+
60
+ end
61
+
62
+
63
+
64
+
65
+ # check if findings done, otherwise one finding per 'host'
66
+
67
+ =begin
68
+ if (itemnode["port"].to_s != "0" && itemnode["severity"] >= threshold)
69
+
70
+ # create a temporary finding object
71
+ finding = Finding.new()
72
+ finding.title = itemnode['pluginName'].to_s()
73
+ finding.overview = itemnode.css("description").to_s()
74
+ finding.remediation = itemnode.css("solution").to_s()
75
+
76
+ # can this be inherited from an import properly?
77
+ finding.type = "Imported"
78
+ finding.risk = itemnode["severity"]
79
+ finding.affected_hosts = hostnode["name"]
80
+ if itemnode.css("plugin_output")
81
+ finding.notes = hostnode["name"]+" ("+itemnode["protocol"]+ " port " + itemnode["port"]+"):"+itemnode.css("plugin_output").to_s()
82
+ end
83
+
84
+ finding.references = itemnode.css("see_also").to_s
85
+ finding.id = itemnode['pluginID'].to_s()
86
+
87
+ vulns[host] << finding.to_hash
88
+ items << itemnode['pluginID'].to_s()
89
+ end
90
+ =end
91
+ end
92
+
93
+ # vulns[host] = findings
94
+ items = []
95
+ end
96
+
97
+ return vulns.to_json
98
+ end
99
+
100
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: odle
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.6
4
+ version: 0.0.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Will Vandevanter
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-04-26 00:00:00.000000000 Z
11
+ date: 2018-05-13 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: An easy to use security data parsing tool. Takes in data from different
14
14
  tools and outputs standardized JSON.
@@ -24,6 +24,7 @@ files:
24
24
  - lib/parsers/burp.rb
25
25
  - lib/parsers/msfv5.rb
26
26
  - lib/parsers/nessus.rb
27
+ - lib/parsers/nmap.rb
27
28
  homepage: http://rubygems.org/gems/odle
28
29
  licenses:
29
30
  - BSD-3-Clause-Attribution