offrep 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: eafbd69d3335c844f4f092a004cf12caeaffbbb8
+  data.tar.gz: ac7d89b6a74d82d472f5f6acfc2a7f25063cbe59
+SHA512:
+  metadata.gz: b651ac2f4433b01092763914e57dcc56f39ff50a038016986314be98b97bb7bdf79d450954a55e57486ae461e568e0c8913ebc05e861480083be3708549fa3a5
+  data.tar.gz: 3508a2edc4c13a1db66fa9ff201d9f6190197a9991cb243e2db9bae11f9e5a3053b474c4aa66d7402d161acfe42fb92091673320fcb385e172148ad0b7dd8bed

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.3.0
+before_install: gem install bundler -v 1.12.5

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,49 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, and in the interest of
+fostering an open and welcoming community, we pledge to respect all people who
+contribute through reporting issues, posting feature requests, updating
+documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free
+experience for everyone, regardless of level of experience, gender, gender
+identity and expression, sexual orientation, disability, personal appearance,
+body size, race, ethnicity, age, religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information, such as physical or electronic
+  addresses, without explicit permission
+* Other unethical or unprofessional conduct
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+By adopting this Code of Conduct, project maintainers commit themselves to
+fairly and consistently applying these principles to every aspect of managing
+this project. Project maintainers who do not follow or enforce the Code of
+Conduct may be permanently removed from the project team.
+
+This code of conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting a project maintainer at kost@linux.hr. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. Maintainers are
+obligated to maintain confidentiality with regard to the reporter of an
+incident.
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 1.3.0, available at
+[http://contributor-covenant.org/version/1/3/0/][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/3/0/

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in offrep.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 kost
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,57 @@
+# Offrep
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/offrep`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'offrep'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install offrep
+
+## Usage
+
+```
+```
+
+## Scripting
+
+```
+require "bundler/setup"
+require "offrep"
+
+ot=Offrep::Translation.new
+oc=Offrep::CommonXML.new
+on=Offrep::NessusXML.new
+oc.readxml(File.open('bla.commonxml'))
+ot.readxml(File.open('nessus-translations-language.xml'))
+mis=oc.translate(ot.xml)
+puts oc.xmldoc.to_s
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/offrep. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "offrep"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/pry

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "offrep"
+
+require "pry"
+Pry.start
+

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/examples/nessus-merge.rb

@@ -0,0 +1,18 @@
+#!/usr/bin/env ruby
+# nessus-merge.rb fileout *.nessus
+
+require "bundler/setup"
+require "offrep"
+
+out=ARGV.shift
+ot=Offrep::Translation.new
+oc=Offrep::CommonXML.new
+on=Offrep::NessusXML.new
+on.readxml(File.open(ARGV.shift))
+while opt = ARGV.shift do
+        puts opt
+        on.mergexml(opt)
+end
+File.write(out+".nessusxml",on.xmldoc.to_s)
+File.write(out+".commonxml",on.to_common.to_s)
+

data/exe/offrep

@@ -0,0 +1,159 @@
+#!/usr/bin/env ruby
+
+# require "bundler/setup"
+require "offrep"
+
+require 'optparse'
+require 'logger'
+
+
+$PRGNAME="offrep"
+$options = {}
+$options['loglevel'] = 'WARN'
+$options['logname'] = nil
+
+# helpful class for logger
+class MultiDelegator
+  def initialize(*targets)
+    @targets = targets
+  end
+
+  def self.delegate(*methods)
+    methods.each do |m|
+      define_method(m) do |*args|
+	@targets.map { |t| t.send(m, *args) }
+      end
+    end
+    self
+  end
+
+  class <<self
+    alias to new
+  end
+end
+
+
+begin
+	optyaml = YAML::load_file(ENV['HOME']+'/.offrep')
+rescue # Errno::ENOENT
+end
+
+if optyaml != nil then
+	$options.merge!(optyaml)
+end
+
+# initialize logger
+if $options['logname'] != nil then
+	log_file = File.open($options['logname'], 'a')
+	@log = Logger.new MultiDelegator.delegate(:write, :close).to(STDERR, log_file)
+else
+	@log = Logger.new MultiDelegator.delegate(:write, :close).to(STDERR)
+end
+loglevel =  Logger.const_get $options['loglevel'] # Logger::INFO # default is ::WARN
+@log.level = loglevel
+
+
+OptionParser.new do |opts|
+	opts.banner = "Usage: #{$PRGNAME} [options]"
+
+	opts.on("-h", "--help", "Prints this help") do
+		puts opts
+		exit
+	end
+
+	opts.on("-v", "--[no-]verbose", "Run verbosely") do |v|
+		$options['verbose'] = v
+		@log.level = Logger::INFO
+	end
+
+	opts.on("-d", "--[no-]debug", "Run in debug mode") do |v|
+		$options['debug'] = v
+		@log.level = Logger::DEBUG
+	end
+
+	opts.on("-r", "--read NAME", "use NAME as list of files") do |optarg|
+		$options['read'] = optarg
+	end
+
+	opts.on("-c", "--convert NAME", "use NAME to convert text (translation file)") do |optarg|
+		$options['convert'] = optarg
+	end
+
+	opts.on("-t", "--type NAME", "use NAME as type of output") do |optarg|
+		$options['type'] = optarg
+	end
+
+	opts.on("-o", "--output NAME", "use NAME as output xml file") do |optarg|
+		$options['output'] = optarg
+	end
+
+	opts.on("-m", "--missing NAME", "use NAME as missing xml file for translations") do |optarg|
+		$options['missing'] = optarg
+	end
+
+	opts.on("-l", "--log FILE", "log to FILE") do |optarg|
+		$options['logname'] = optarg
+	end
+
+	opts.separator ""
+	opts.separator "Example #1: #{$PRGNAME} -o out.commonxml *.nessus"
+	opts.separator "Example #2: #{$PRGNAME} -c file-hr.xml -m missing.xml all.commonxml"
+end.parse!
+
+# start
+if ARGV.empty? then
+	@log.error("Provide at least one file to process as argument")
+end
+
+total_oc=Offrep::CommonXML.new
+total_on=Offrep::NessusXML.new
+nessuscount=0
+allcount=0
+ARGV.each do |arg|
+	extension = File.extname arg
+	@log.info("processing #{allcount}: #{arg}...with extension #{extension}")
+	if extension == ".nessus" then
+		@log.debug("processing nessus #{arg} with extension #{extension}")
+		if nessuscount==0 then
+			total_on.readxml(File.open(arg))
+		else
+			total_on.mergexml(arg)
+		end
+		nessuscount=nessuscount+1
+	end
+
+	if extension == ".commonxml" then
+		@log.debug("processing commonxml #{arg} with extension #{extension}")
+		total_oc.readxml(File.open(arg)) # TODO: mergexml
+	end
+
+	# on.xmldoc.to_s
+	# on.to_common
+	allcount=allcount+1
+end
+@log.info("Processed #{allcount} items.")
+
+if nessuscount>0 then 
+	@log.debug("Converting all nessus to common XML format")
+	total_oc.readxml(on.to_common.to_s)
+end
+
+if $options['convert'] then
+	@log.debug("Converting all with translations #{$options['convert']}")
+	ot=Offrep::Translation.new
+	ot.readxml(File.open($options['convert']))
+	missingxml=total_oc.translate(ot.xml)
+	if $options['missing'] then
+		@log.debug("Writting all missing to #{$options['missing']}")
+		anonmisxml=oc.anonymize(missingxml)
+		File.write($options['missing'],anonmisxml.to_s)
+	end
+end
+
+if $options['output'] then
+	@log.debug("Outputing to #{$options['output']}")
+	File.write(ARGV[0],total_oc.xmldoc.to_s)
+else
+	puts total_oc.xmldoc.to_s
+end
+

data/lib/offrep/commonxml.rb

@@ -0,0 +1,303 @@
+require 'nokogiri'
+require 'logger'
+
+require 'pry'
+
+module Offrep
+  class CommonXML
+    attr_accessor :xmldoc, :log
+
+    def initialize
+      @log=Logger.new(STDERR)
+      @log.level = Logger::WARN
+    end
+
+    def readxml(trxml)
+      # f=File.open(trxml)
+      @xmldoc=Nokogiri::XML(trxml)
+      #f.close
+    end
+
+    def importxml(trxml)
+	if @xmldoc.nil? then
+          readxml(trxml)
+        else
+          mergexml(trxml)
+        end
+    end
+
+    def sevnum2text(sev)
+      str="NOT"
+      nsev=0
+      if sev.is_a? Integer
+	nsev=sev
+      else
+        nsev=sev.to_i
+      end
+
+      case nsev
+        when 4
+          str="CRITICAL"
+        when 3
+          str="HIGH"
+        when 2
+          str="MEDIUM"
+        when 1
+          str="LOW"
+        when 0
+          str="INFO"
+        else
+          str="UNKNOWN"
+        end
+      return str
+    end
+
+    def sev2i(sev)
+      sevnum=0
+      if sev.is_a? Integer
+        sevnum=sev
+      else
+        sevnum=sev.to_i
+      end
+      return sevnum
+    end
+
+    def cvss2f(score)
+      scorenum=0.to_f
+      if score.is_a? Float
+        scorenum=score
+      else
+        scorenum=score.to_f
+      end
+      return scorenum
+    end
+
+    def removesev(sev)
+      @xmldoc.xpath("/vulnerabilities/vulnerability[./data/common/severity='#{sev}']").each do |vuln|
+        vuln.remove
+      end
+      @xmldoc
+    end
+
+    def anonymize(xmln) 
+      xmln.xpath('/vulnerabilities/vulnerability/target').each do |target|
+        target.remove
+      end
+      xmln.xpath('/vulnerabilities/vulnerability/data/common/output').each do |output|
+        output.remove
+      end 
+      return xmln   
+    end
+
+    def emptyxml
+      misvulns = Nokogiri::XML::Builder.new do |xml|
+	  xml.vulnerabilities {
+	  }
+      end # misvulns
+      misxml = Nokogiri::XML(misvulns.to_xml)
+      return misxml
+    end
+
+    def removebydef(defxml)
+      defxml.xpath("/vulnerabilities/vulnerability").each do |vulndef|
+        vulndef.element_children.each do |vulnele|
+          vulnele.element_children.each do |vulnele|
+          end
+        end
+      end
+    end
+
+    def swapvuln(vuln1,vuln2)
+      tempvuln=vuln1.dup
+      vuln1=vuln2
+      vuln2=tempvuln
+    end
+
+    def cmpvuln(vuln1,vuln2)
+      sev1=sev2i(getcontent(vuln1.at_xpath('./data/common/severity'),'0'))
+      cvss1=cvss2f(getcontent(vuln1.at_xpath('./data/common/score'),'0.0'))
+      sev2=sev2i(getcontent(vuln2.at_xpath('./data/common/severity'),'0'))
+      cvss2=cvss2f(getcontent(vuln2.at_xpath('./data/common/score'),'0.0'))
+      ret=0
+      case
+	when sev1>sev2
+          ret=1
+	when sev1<sev2
+	  ret=-1
+	when sev1==sev2
+          case
+	    when cvss1>cvss2
+              ret=1
+	    when cvss1<cvss2
+	      ret=-1
+            when cvss1==cvss2
+              ret=0
+	  end
+      end
+      return ret
+    end
+
+    def isortbysev!
+      vulnxml=sortbysev
+      @xmldoc=vulnxml
+    end
+
+    def isortbysevrev!
+      vulnxml=sortbysevrev
+      @xmldoc=vulnxml
+    end
+
+    def sortbysevrev
+      sorted=xsortbysev.reverse
+      sorted.each do |vuln|
+	@xmldoc.at_xpath('/vulnerabilities').add_child(vuln)
+      end
+    end
+
+    def sortbysev
+      sorted=xsortbysev
+      sorted.each do |vuln|
+        @xmldoc.at_xpath('/vulnerabilities').add_child(vuln)
+      end
+    end
+
+    def xsortbysev
+      vulnsnode=@xmldoc.at_xpath('/vulnerabilities')
+      vulns=vulnsnode.xpath('./vulnerability')
+      sorted=vulns.sort {|a,b| cmpvuln(a,b) }
+      return sorted
+    end
+
+    def osortbysev!
+      vulns=@xmldoc.xpath('/vulnerabilities/vulnerability')
+      sorted=vulns.sort{|a,b| cmpvuln(a,b) }
+      vulns=sorted
+    end
+
+    def osortbysev
+      vulns=@xmldoc.xpath('/vulnerabilities/vulnerability')
+      sorted=vulns.sort{|a,b| cmpvuln(a,b) }
+      return sorted
+    end
+
+    def sortbyvuln
+      vulnxml=emptyxml()
+      xmldoc=@xmldoc
+      xmldoc.xpath("/vulnerabilities/vulnerability").each do |vuln|
+        foundid=false
+        vuln.at_xpath('./id').element_children.each do |ids|
+          if foundid then
+            next
+          end
+	  foundvuln=vulnxml.at_xpath("/vulnerabilities/vulnerability[./id/#{ids.name}='#{ids.content}']")
+          if foundvuln.nil?
+            # if not found add complete vulnerability
+	    vulnxml.at_xpath('/vulnerabilities').add_child(vuln.dup)
+          else
+            # if found, add only target part
+            foundvuln.add_child(vuln.at_xpath('./target').dup)
+            # TODO: add output as well
+            foundid=true
+          end
+        end
+      end
+      return vulnxml
+    end
+
+    def translate(trxml)
+      misxml = emptyxml()
+      @xmldoc.xpath('/vulnerabilities/vulnerability').each do |vuln| 
+        foundit=false
+        # binding.pry
+        vuln.at_xpath('./id').element_children.each do |ids|
+          if ids.name=='cve' then
+            next 
+          end
+	  # binding.pry
+	  trid=trxml.at_xpath("/vulnerabilities/vulnerability[./id/#{ids.name}='#{ids.content}']")
+          if not trid.nil? then
+            foundit=true
+            # replace all XML elements inside /data/common to translated ones
+            trid.at_xpath('./data/common').element_children.each do |ele| 
+              # puts ele.name
+              foundele=vuln.at_xpath("./data/common/#{ele.name}")
+              # if element not found, add as a child in common
+              # binding.pry
+              if foundele.nil?
+                vuln.at_xpath("./data/common").add_child(trid.at_xpath("./data/common").dup)
+              else
+                foundele.content = ele.content
+              end
+            end # trid.at_xpath
+          end # if not trid
+        end # vuln.at_xpath .. ids
+
+        # trxml.xpath('/vulnerabilities/vulnerability').each do |trvuln|
+        # vuln.at_xpath('./data/common').element_children.each { |e| puts e.name }
+
+        if foundit then
+          # puts "Found for #{vuln.to_s[0..60]}"
+        else
+          # puts "Not found for #{vuln.to_s[0..60]}"
+          # binding.pry
+          misxml.at_xpath('/vulnerabilities').add_child(vuln.dup)
+        end
+      end # @xmldoc ... vuln
+      # puts misxml
+      return misxml
+    end
+
+    def mergexml(trxml)
+      doc = Nokogiri::XML(trxml)
+      doc.xpath("/vulnerabilities/vulnerability").each do |vuln|
+      end
+    end
+
+    def getcontent(cont,defvalue)
+      if cont.nil? then
+        return defvalue
+      else
+        return cont.content
+      end
+    end
+
+    def to_common
+      return @xmldoc
+    end
+
+    def to_com
+builder = Nokogiri::XML::Builder.new do |xml|
+    xml.vulnerabilities {
+      @xmldoc.xpath("/NessusClientData_v2/Report/ReportHost").each do |host|
+      host.xpath("./ReportItem").each do |ri|
+      xml.vulnerability_ {
+        xml.target_ {
+          xml.ip_ host.attribute("name").to_s || '0'
+          xml.port_ ri.attribute("port").to_s || '0'
+          xml.protocol_ ri.attribute("protocol").to_s || 'ip'
+          xml.service_ ri.attribute("svc_name").to_s || 'general'
+	}
+        xml.id_ {
+          xml.nessusPluginId_ ri.attribute("pluginID").to_s || '0'
+        }
+        xml.data_ {
+          xml.common {
+            xml.severity_ ri.attribute("severity").to_s || '0'
+            xml.score_ getcontent(ri.at_xpath('./cvss_base_score'),'')
+            xml.title_ ri.attribute("pluginName").to_s || ''
+	    xml.synopsis_ getcontent(ri.at_xpath('./synopsis'),'')
+	    xml.description_ getcontent(ri.at_xpath('./description'),'')
+	    xml.solution_ getcontent(ri.at_xpath('./solution'),'')
+          }
+        }
+      }
+      end # host.xpath
+      end # @xmldoc.xpath
+    }
+end
+return builder.to_xml
+
+    end
+
+  end
+end

data/lib/offrep/nessusxml.rb

@@ -0,0 +1,107 @@
+require 'nokogiri'
+require 'logger'
+
+module Offrep
+  class NessusXML
+    attr_accessor :xmldoc, :log
+
+    def initialize
+      @log=Logger.new(STDERR)
+      @log.level = Logger::WARN
+    end
+
+    def readxml(trxml)
+      # f=File.open(trxml)
+      @xmldoc=Nokogiri::XML(trxml)
+      #f.close
+    end
+
+    def importxml(trxml)
+	if @xmldoc.nil? then
+          readxml(trxml)
+        else
+          mergexml(trxml)
+        end
+    end
+
+    def mergexml(trxml)
+	f = File.open(trxml)
+	doc = Nokogiri::XML(f)
+
+        reportnode=@xmldoc.at_xpath("/NessusClientData_v2/Report")
+	doc.xpath("/NessusClientData_v2/Report/ReportHost").each { |host|
+	  hostname=host.attribute("name").to_s
+	  result=@xmldoc.xpath('/NessusClientData_v2/Report/ReportHost[@name="'+hostname+'"]')
+	  if result.empty?
+	    reportnode.add_child(host)
+	    @log.debug("host "+hostname+": not found, added")
+	  else
+	    @log.debug("host "+hostname+": found, not added new")
+	    rhnode=@xmldoc.at_xpath('/NessusClientData_v2/Report/ReportHost[@name="'+hostname+'"]')
+	    host.xpath("./ReportItem").each { |ri|
+	      port=ri.attribute("port").to_s
+	      pluginid=ri.attribute("pluginID").to_s
+	      protocol=ri.attribute("protocol").to_s
+
+	      resultri=@xmldoc.xpath('/NessusClientData_v2/Report/ReportHost[@name="'+hostname+'"]/ReportItem[@pluginID="'+pluginid+
+	      '" and @port="'+port+
+	      '" and @protocol="'+protocol+'"]')
+	      if resultri.empty?
+		rhnode.add_child(ri)
+		@log.debug(port+";"+protocol+";"+pluginid+": not found, added")
+	      else
+		@log.debug(port+";"+protocol+";"+pluginid+": found, not added new")
+	      end
+	    } # host.xpath
+	  end
+	} # xpath.each host
+
+	f.close
+    end
+
+    def getcontent(cont,defvalue)
+      if cont.nil? then
+        return defvalue
+      else
+        return cont.content
+      end
+    end
+
+    def to_common
+builder = Nokogiri::XML::Builder.new do |xml|
+    xml.vulnerabilities {
+      @xmldoc.xpath("/NessusClientData_v2/Report/ReportHost").each do |host|
+      host.xpath("./ReportItem").each do |ri|
+      xml.vulnerability_ {
+        xml.target_ {
+          xml.ip_ host.attribute("name").to_s || '0'
+          xml.port_ ri.attribute("port").to_s || '0'
+          xml.protocol_ ri.attribute("protocol").to_s || 'ip'
+          xml.service_ ri.attribute("svc_name").to_s || 'general'
+	}
+        xml.id_ {
+          xml.nessusPluginId_ ri.attribute("pluginID").to_s || '0'
+        }
+        xml.data_ {
+          xml.common {
+            xml.severity_ ri.attribute("severity").to_s || '0'
+            xml.score_ getcontent(ri.at_xpath('./cvss_base_score'),'')
+            xml.title_ ri.attribute("pluginName").to_s || ''
+	    xml.synopsis_ getcontent(ri.at_xpath('./synopsis'),'')
+	    xml.description_ getcontent(ri.at_xpath('./description'),'')
+	    xml.solution_ getcontent(ri.at_xpath('./solution'),'')
+	    xml.output_ getcontent(ri.at_xpath('./plugin_output'),'')
+	    xml.references_ getcontent(ri.at_xpath('./see_also'),'')
+          }
+        }
+      }
+      end # host.xpath
+      end # @xmldoc.xpath
+    }
+end
+return builder.to_xml
+
+    end
+
+  end
+end

data/lib/offrep/report.rb

@@ -0,0 +1,43 @@
+require 'nokogiri'
+require 'logger'
+
+require 'erb'
+
+module Offrep
+  class Reportvuln
+	  def initialize (vulns)
+		  @vulns=vulns
+	  end
+
+	  def get_binding
+		  binding
+	  end
+  end # of class 
+
+  class Report
+    attr_accessor :xml, :log, :template
+
+    def initialize
+      @log = Logger.new
+      @template="<% @vulns.each do |v| %>\n"+
+                "<%= lineitem=v['pid']+';'+v['title']+';'+v['hosts'] %>"+
+	        "<% end %>"
+    end
+
+    def output (allvulns)
+      rhtml = ERB.new(@template)
+      # Set up template data.
+      gvuln = Reportvuln.new( allvulns )
+      # vulns=allvulns
+      # rhtml.result
+      rhtml.run(gvuln.get_binding)
+    end
+
+    def readxml(trxml)
+      f=File.open(fn)
+      @xml=Nokogiri::XML(trxml)
+      f.close
+    end
+
+  end # class
+end # module

data/lib/offrep/translation.rb

@@ -0,0 +1,26 @@
+require 'nokogiri'
+
+module Offrep
+  class Translation
+    attr_accessor :xml
+
+    def readxml(xmlparm)
+      @xml = Nokogiri::XML(xmlparm)
+    end
+
+    def nessusid(pluginid)
+      @xml.xpath("/vulnerabilities/vulnerability[./id/nessusPluginId='#{pluginid}']")
+    end
+
+    # getelement('nessusPluginId',10072)
+    def getvulnele(pluginelement,pluginid)
+      @xml.at_xpath("/vulnerabilities/vulnerability[./id/#{pluginelement}='#{pluginid}']")
+    end
+
+    # getvulncommon('nessusPluginId',10072,'title')
+    def getvulncommon(pluginelement,pluginid,commonelement)
+      getvulnele(pluginelement,pluginid).at_xpath("./data/common/#{commonelement}").content
+    end
+
+  end # class
+end # module

data/lib/offrep/version.rb

@@ -0,0 +1,3 @@
+module Offrep
+  VERSION = "0.1.0"
+end

data/lib/offrep.rb

@@ -0,0 +1,9 @@
+require "offrep/version"
+require "offrep/translation"
+require "offrep/nessusxml"
+require "offrep/commonxml"
+require "offrep/report"
+
+module Offrep
+  # Your code goes here...
+end

data/offrep.gemspec

@@ -0,0 +1,28 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'offrep/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "offrep"
+  spec.version       = Offrep::VERSION
+  spec.authors       = ["Vlatko Kosturjak"]
+  spec.email         = ["kost@linux.hr"]
+
+  spec.summary       = %q{Offensive reporting.}
+  spec.description   = %q{Offensive reporting.}
+  spec.homepage      = "https://github.com/kost/offrep"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", ">= 1.3"
+  spec.add_development_dependency "rake", ">= 1.0"
+  spec.add_development_dependency "rspec", ">= 1.0"
+  spec.add_development_dependency "pry", ">= 0"
+
+  spec.add_runtime_dependency 'nokogiri', '>= 0'
+end

metadata

@@ -0,0 +1,135 @@
+--- !ruby/object:Gem::Specification
+name: offrep
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Vlatko Kosturjak
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-04-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Offensive reporting.
+email:
+- kost@linux.hr
+executables:
+- offrep
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- bin/console
+- bin/pry
+- bin/setup
+- examples/nessus-merge.rb
+- exe/offrep
+- lib/offrep.rb
+- lib/offrep/commonxml.rb
+- lib/offrep/nessusxml.rb
+- lib/offrep/report.rb
+- lib/offrep/translation.rb
+- lib/offrep/version.rb
+- offrep.gemspec
+homepage: https://github.com/kost/offrep
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.10
+signing_key: 
+specification_version: 4
+summary: Offensive reporting.
+test_files: []