odle: piping security data

I recently published odle which is a Ruby gem and binary that takes XML data from various security tools and outputs their JSON equivalent. The goal is to be (1) simple, (2) fast, and (3) work on many platforms with only one dependency – nokogiri.

Below are two examples using odle to convert output from one tool (e.g. burpsuite) as input for something else (e.g. nmap scans). From the command line I typically use odle with gron which is an awesome tool that “makes json greppable” =).

Convert Burp to nmap script scan

Often I will take the passive data from one tool and feed it into another tool. One example is burp to something else; in this case, nmap script checks.

1
2
3
4
5
6
7
8
cat burp-scan.xml | odle --burp | gron | grep -i 'affected_hosts' | cut -d \" -f4 | cut -d/ -f3 | cut -d' ' -f1 | sort | uniq | xargs printf "nmap -sS -Pn -p 21 --script ftp-anon %s \n"

nmap -sS -Pn -p 21 --script ftp-anon apis.google.com 
nmap -sS -Pn -p 21 --script ftp-anon developer.cdn.mozilla.net 
nmap -sS -Pn -p 21 --script ftp-anon fakesite.com 
nmap -sS -Pn -p 21 --script ftp-anon fonts.googleapis.com 
nmap -sS -Pn -p 21 --script ftp-anon safebrowsing-cache.google.com 
nmap -sS -Pn -p 21 --script ftp-anon safebrowsing.google.com 

Run nessus results through aquatone

1
2
3
4
5
cat nessus_v2.xml | odle --nessus | ~/Downloads/gron | grep -i 'affected_hosts' | cut -d \" -f4 | cut -d/ -f3 | cut -d' ' -f1 | sort | uniq | xargs printf "aquatone --discover %s \n"

aquatone --discover admin.fb.com
aquatone --discover js.fb.com
aquatone --discover blah.fb.com

Install

To install odle you will need ruby and nokogiri:

1
2
gem install nokogiri
gem install odle

Bugs

I am sure there are plenty. Please submit an issue if you find one or if you would like to see other supported tools. I am also interested in inconsistencies between outputs, missing data, and other issues if you see them.

Blackhat USA 2019

@AndresRiancho and I (@0xrst) have an outstanding training coming up at Blackhat USA 2019. There are two dates available and you should join us!!! You won’t be disappointed.

August 3rd-4th: THE WEB APPLICATION HACKER LEVEL-UP LAB (THE WAHLL)

August 5th-6th: THE WEB APPLICATION HACKER LEVEL-UP LAB (THE WAHLL)