odle ruby gem: piping security data

I recently (May 2018) published odle which is a Ruby gem and binary that takes XML data from various security tools and outputs their JSON equivalent. The goal is to be (1) simple, (2) fast, and (3) work on many platforms with only one dependency – nokogiri.

Quick Example of Piping Security Results

Below are two examples using odle to convert output from one tool (e.g. burpsuite) as input for something else (e.g. nmap scans). From the command line I typically use odle with gron which is an awesome tool that “makes json greppable” =).

Convert Burp to nmap script scan

Often I will take the passive data from one tool and feed it into another tool. One example is burp to something else; in this case, nmap script checks.

cat burp-scan.xml | odle --burp | gron | grep -i 'affected_hosts' | cut -d \" -f4 | cut -d/ -f3 | cut -d' ' -f1 | sort | uniq | xargs printf "nmap -sS -Pn -p 21 --script +ftp-anon %s \n"

nmap -sS -Pn -p 21 --script +ftp-anon apis.google.com 
nmap -sS -Pn -p 21 --script +ftp-anon developer.cdn.mozilla.net 
nmap -sS -Pn -p 21 --script +ftp-anon fakesite.com 
nmap -sS -Pn -p 21 --script +ftp-anon fonts.googleapis.com 
nmap -sS -Pn -p 21 --script +ftp-anon safebrowsing-cache.google.com 
nmap -sS -Pn -p 21 --script +ftp-anon safebrowsing.google.com 

Run nessus results through aquatone

cat nessus_v2.xml | odle --nessus | ~/Downloads/gron | grep -i 'affected_hosts' | cut -d \" -f4 | cut -d/ -f3 | cut -d' ' -f1 | sort | uniq | xargs printf "aquatone --discover %s \n"

aquatone --discover admin.fb.com
aquatone --discover js.fb.com
aquatone --discover blah.fb.com

Install

gem install nokogiri
gem install odle

Bugs

I am sure there are plenty. Please submit an issue if you find one or if you would like to see other supported tools. I am also interested in inconsistencies between outputs, missing data, and other issues if you see them.