odle: piping security data

I recently published odle which is a Ruby gem and binary that takes XML data from various security tools and outputs their JSON equivalent. The goal is to be (1) simple, (2) fast, and (3) work on many platforms with only one dependency – nokogiri.

Below are two examples using odle to convert output from one tool (e.g. burpsuite) as input for something else (e.g. nmap scans). From the command line I typically use odle with gron which is an awesome tool that “makes json greppable” =).

Convert Burp to nmap script scan

Often I will take the passive data from one tool and feed it into another tool. One example is burp to something else; in this case, nmap script checks.

1
2
3
4
5
6
7
8
cat burp-scan.xml | odle --burp | gron | grep -i 'affected_hosts' | cut -d \" -f4 | cut -d/ -f3 | cut -d' ' -f1 | sort | uniq | xargs printf "nmap -sS -Pn -p 21 --script ftp-anon %s \n"

nmap -sS -Pn -p 21 --script ftp-anon apis.google.com 
nmap -sS -Pn -p 21 --script ftp-anon developer.cdn.mozilla.net 
nmap -sS -Pn -p 21 --script ftp-anon fakesite.com 
nmap -sS -Pn -p 21 --script ftp-anon fonts.googleapis.com 
nmap -sS -Pn -p 21 --script ftp-anon safebrowsing-cache.google.com 
nmap -sS -Pn -p 21 --script ftp-anon safebrowsing.google.com 

Run nessus results through aquatone

1
2
3
4
5
cat nessus_v2.xml | odle --nessus | ~/Downloads/gron | grep -i 'affected_hosts' | cut -d \" -f4 | cut -d/ -f3 | cut -d' ' -f1 | sort | uniq | xargs printf "aquatone --discover %s \n"

aquatone --discover admin.fb.com
aquatone --discover js.fb.com
aquatone --discover blah.fb.com

Install

To install aquatone you will need ruby and nokogiri:

1
2
gem install nokogiri
gem install odle

Bugs

I am sure there are plenty. Please submit an issue if you find one or if you would like to see other supported tools. I am also interested in inconsistencies between outputs, missing data, and other issues if you see them.