reorganize some things in this repo

README.md

@@ -6,3 +6,5 @@
 - **koans** - ruby koans.
 - **modules** - modules to hold various namespaces to more efficiently organize code.
 - **programming_books** - excercises and examples from ruby programming books.
+- **security_tools** - programs that can be associated with security.
+- **testing_things** - programs that are not complete but ones I use to experiment and test things with.

security_tools/kenna_kdi_importer/asset.json

@@ -0,0 +1,25 @@
+{
+  "skip_autoclose": true,
+  "assets": [
+    {
+      "ip_address": "99.45.63.6",
+      "vulns": [
+        {
+          "scanner_identifier": "S9207753E",
+          "scanner_type": "KDI Faker Data",
+          "created_at": "2020-04-29 15:29:18",
+          "last_seen_at": "2020-04-29 15:29:18",
+          "status": "open"
+        }
+      ]
+    }
+  ],
+  "vuln_defs": [
+    {
+      "scanner_identifier": "S9207753E",
+      "scanner_type": "KDI Faker Data",
+      "cve_identifiers": "CVE-2018-0661",
+      "name": "CVE-2018-0661"
+    }
+  ]
+}

security_tools/kenna_kdi_importer/cve_report.rb

@@ -27,7 +27,7 @@ class CveReport
     end
 
     def from_file
-        Zlib::GzipReader.open(filename) do |gz|
+        ::Zlib::GzipReader.open(filename) do |gz|
             JSON.parse(gz.read)
         end
     end

security_tools/kenna_kdi_importer/data/samples/1_asset_1_vuln.json

@@ -0,0 +1,25 @@
+{
+  "skip_autoclose": true,
+  "assets": [
+    {
+      "ip_address": "253.151.121.58",
+      "vulns": [
+        {
+          "scanner_identifier": "S5598672Z",
+          "scanner_type": "KDI Faker Data",
+          "created_at": "2019-10-21 10:14:16",
+          "last_seen_at": "2019-10-21 10:14:16",
+          "status": "open"
+        }
+      ]
+    }
+  ],
+  "vuln_defs": [
+    {
+      "scanner_identifier": "S5598672Z",
+      "scanner_type": "KDI Faker Data",
+      "cve_identifiers": "CVE-2009-0168",
+      "name": "CVE-2009-0168"
+    }
+  ]
+}

security_tools/kenna_kdi_importer/data/samples/2_asset_2_vulns.json

@@ -0,0 +1,69 @@
+{
+  "skip_autoclose": true,
+  "assets": [
+    {
+      "ip_address": "242.91.166.234",
+      "vulns": [
+        {
+          "scanner_identifier": "S6193196A",
+          "scanner_type": "KDI Faker Data",
+          "created_at": "2019-10-21 10:14:24",
+          "last_seen_at": "2019-10-21 10:14:24",
+          "status": "open"
+        },
+        {
+          "scanner_identifier": "S7104785G",
+          "scanner_type": "KDI Faker Data",
+          "created_at": "2019-10-21 10:14:24",
+          "last_seen_at": "2019-10-21 10:14:24",
+          "status": "open"
+        }
+      ]
+    },
+    {
+      "ip_address": "84.44.194.64",
+      "vulns": [
+        {
+          "scanner_identifier": "S6158307F",
+          "scanner_type": "KDI Faker Data",
+          "created_at": "2019-10-21 10:14:24",
+          "last_seen_at": "2019-10-21 10:14:24",
+          "status": "open"
+        },
+        {
+          "scanner_identifier": "S8154624Z",
+          "scanner_type": "KDI Faker Data",
+          "created_at": "2019-10-21 10:14:24",
+          "last_seen_at": "2019-10-21 10:14:24",
+          "status": "open"
+        }
+      ]
+    }
+  ],
+  "vuln_defs": [
+    {
+      "scanner_identifier": "S6193196A",
+      "scanner_type": "KDI Faker Data",
+      "cve_identifiers": "CVE-2019-5284",
+      "name": "CVE-2019-5284"
+    },
+    {
+      "scanner_identifier": "S7104785G",
+      "scanner_type": "KDI Faker Data",
+      "cve_identifiers": "CVE-2014-9275",
+      "name": "CVE-2014-9275"
+    },
+    {
+      "scanner_identifier": "S6158307F",
+      "scanner_type": "KDI Faker Data",
+      "cve_identifiers": "CVE-2001-1527",
+      "name": "CVE-2001-1527"
+    },
+    {
+      "scanner_identifier": "S8154624Z",
+      "scanner_type": "KDI Faker Data",
+      "cve_identifiers": "CVE-2007-5409",
+      "name": "CVE-2007-5409"
+    }
+  ]
+}

security_tools/kenna_kdi_importer/data/samples/3_asset_3_vulns.json

@@ -0,0 +1,139 @@
+{
+  "skip_autoclose": true,
+  "assets": [
+    {
+      "ip_address": "110.30.83.241",
+      "vulns": [
+        {
+          "scanner_identifier": "S8972724C",
+          "scanner_type": "KDI Faker Data",
+          "created_at": "2019-10-21 10:14:33",
+          "last_seen_at": "2019-10-21 10:14:33",
+          "status": "open"
+        },
+        {
+          "scanner_identifier": "S8891522D",
+          "scanner_type": "KDI Faker Data",
+          "created_at": "2019-10-21 10:14:33",
+          "last_seen_at": "2019-10-21 10:14:33",
+          "status": "open"
+        },
+        {
+          "scanner_identifier": "S6632609H",
+          "scanner_type": "KDI Faker Data",
+          "created_at": "2019-10-21 10:14:33",
+          "last_seen_at": "2019-10-21 10:14:33",
+          "status": "open"
+        }
+      ]
+    },
+    {
+      "ip_address": "221.4.62.144",
+      "vulns": [
+        {
+          "scanner_identifier": "S8050694E",
+          "scanner_type": "KDI Faker Data",
+          "created_at": "2019-10-21 10:14:33",
+          "last_seen_at": "2019-10-21 10:14:33",
+          "status": "open"
+        },
+        {
+          "scanner_identifier": "S6500311B",
+          "scanner_type": "KDI Faker Data",
+          "created_at": "2019-10-21 10:14:33",
+          "last_seen_at": "2019-10-21 10:14:33",
+          "status": "open"
+        },
+        {
+          "scanner_identifier": "S9091412Z",
+          "scanner_type": "KDI Faker Data",
+          "created_at": "2019-10-21 10:14:33",
+          "last_seen_at": "2019-10-21 10:14:33",
+          "status": "open"
+        }
+      ]
+    },
+    {
+      "ip_address": "203.77.87.246",
+      "vulns": [
+        {
+          "scanner_identifier": "S6029370H",
+          "scanner_type": "KDI Faker Data",
+          "created_at": "2019-10-21 10:14:33",
+          "last_seen_at": "2019-10-21 10:14:33",
+          "status": "open"
+        },
+        {
+          "scanner_identifier": "S8933594I",
+          "scanner_type": "KDI Faker Data",
+          "created_at": "2019-10-21 10:14:33",
+          "last_seen_at": "2019-10-21 10:14:33",
+          "status": "open"
+        },
+        {
+          "scanner_identifier": "S6384884J",
+          "scanner_type": "KDI Faker Data",
+          "created_at": "2019-10-21 10:14:33",
+          "last_seen_at": "2019-10-21 10:14:33",
+          "status": "open"
+        }
+      ]
+    }
+  ],
+  "vuln_defs": [
+    {
+      "scanner_identifier": "S8972724C",
+      "scanner_type": "KDI Faker Data",
+      "cve_identifiers": "CVE-2014-4335",
+      "name": "CVE-2014-4335"
+    },
+    {
+      "scanner_identifier": "S8891522D",
+      "scanner_type": "KDI Faker Data",
+      "cve_identifiers": "CVE-2018-17337",
+      "name": "CVE-2018-17337"
+    },
+    {
+      "scanner_identifier": "S6632609H",
+      "scanner_type": "KDI Faker Data",
+      "cve_identifiers": "CVE-2008-1059",
+      "name": "CVE-2008-1059"
+    },
+    {
+      "scanner_identifier": "S8050694E",
+      "scanner_type": "KDI Faker Data",
+      "cve_identifiers": "CVE-2009-4304",
+      "name": "CVE-2009-4304"
+    },
+    {
+      "scanner_identifier": "S6500311B",
+      "scanner_type": "KDI Faker Data",
+      "cve_identifiers": "CVE-2015-4605",
+      "name": "CVE-2015-4605"
+    },
+    {
+      "scanner_identifier": "S9091412Z",
+      "scanner_type": "KDI Faker Data",
+      "cve_identifiers": "CVE-2005-1364",
+      "name": "CVE-2005-1364"
+    },
+    {
+      "scanner_identifier": "S6029370H",
+      "scanner_type": "KDI Faker Data",
+      "cve_identifiers": "CVE-2013-4471",
+      "name": "CVE-2013-4471"
+    },
+    {
+      "scanner_identifier": "S8933594I",
+      "scanner_type": "KDI Faker Data",
+      "cve_identifiers": "CVE-2011-0134",
+      "name": "CVE-2011-0134"
+    },
+    {
+      "scanner_identifier": "S6384884J",
+      "scanner_type": "KDI Faker Data",
+      "cve_identifiers": "CVE-2018-6690",
+      "name": "CVE-2018-6690"
+    }
+  ]
+}

security_tools/kenna_kdi_importer/data/samples/sample_multiple_vuln_sample_vulndef.json

@@ -0,0 +1,34 @@
+{
+  "skip_autoclose": true,
+  "assets": [
+    {
+      "ip_address": "42.12.166.72",
+      "vulns": [
+        {
+          "scanner_identifier": "S9167228F",
+          "scanner_type": "KDI Faker Data",
+          "created_at": "2019-08-16 16:33:20",
+          "last_seen_at": "2019-08-16 16:33:20",
+          "status": "open",
+	  "port": 665
+        },
+        {
+          "scanner_identifier": "S9167228F",
+          "scanner_type": "KDI Faker Data",
+          "created_at": "2019-08-16 16:33:20",
+          "last_seen_at": "2019-08-16 16:33:20",
+          "status": "open",
+	  "port": 666
+        }
+      ]
+    }
+  ],
+  "vuln_defs": [
+    {
+      "scanner_identifier": "S9167228F",
+      "scanner_type": "KDI Faker Data",
+      "cve_identifiers": "CVE-2007-0845",
+      "name": "CVE-2007-0845"
+    }
+  ]
+}

security_tools/kenna_kdi_importer/generate_cve_ids.rb

@@ -1,4 +1,6 @@
 require './cve_report'
+require 'zlib'
+require 'json'
 
 module KennaKdi
   class GenerateCveIdsJson

security_tools/kenna_kdi_importer/kdi_file.json

@@ -0,0 +1,25 @@
+{
+  "skip_autoclose": true,
+  "assets": [
+    {
+      "ip_address": "243.205.78.181",
+      "vulns": [
+        {
+          "scanner_identifier": "S7943578C",
+          "scanner_type": "KDI Faker Data",
+          "created_at": "2020-06-10 18:17:02",
+          "last_seen_at": "2020-06-10 18:17:02",
+          "status": "open"
+        }
+      ]
+    }
+  ],
+  "vuln_defs": [
+    {
+      "scanner_identifier": "S7943578C",
+      "scanner_type": "KDI Faker Data",
+      "cve_identifiers": "CVE-2014-1353",
+      "name": "CVE-2014-1353"
+    }
+  ]
+}

security_tools/kenna_kdi_importer/kenna_kdi_importer.rb

@@ -14,6 +14,7 @@ OptionParser.new do |opts|
 
   opts.on('-a NUM', '--assets', Integer, "Number of assets to create") { |a| params[:assets] = a }
   opts.on('-v NUM', '--vulns', Integer, "Number of vulns that may be created per asset") {|v| params[:vulns] = v }
+#  opts.on('-g BOOLEAN', '--generate', Boolean, "Generate a new json of cve ids in an array") {|g| params[:generate] = g }
 
   opts.on_tail("-h", "--help", "Show this message") do
     puts opts

security_tools/kenna_kdi_importer/sample_asset_with_tags_kdi.json

@@ -0,0 +1,35 @@
+{
+  "skip_autoclose": true,
+  "assets": [
+    {
+      "hostname": "floop.com",
+      "url": "https://floop.com/resource/doop",
+      "fqdn": "big.compute.floop.com",
+      "external_id": "bleepbloopvulnhere",
+      "tags": [
+        "Risks: External, PHI"
+      ],
+      "priority": 10,
+      "vulns": [
+        {
+          "scanner_identifier" : "ticket 13443 test",
+          "scanner_type": "SamBSecure_KDI",
+          "scanner_score" : 2,
+          "created_at" : "20191220T223746,289-0800",
+          "last_seen_at" : "20200323T105036,448-0700",
+          "last_fixed_on" : "20200323T105034,228-0700",
+          "status" : "open"
+        }
+      ]
+    }
+  ],
+  "vuln_defs": [
+    {
+      "scanner_identifier" : "ticket 13443 test",
+      "scanner_type": "SamBSecure_KDI",
+      "name" : "Auditing for SQL database should be set to On",
+      "description" : "Database events are tracked by the Auditing feature and the events are written to an audit log in your Azure storage account. This process helps you to monitor database activity, and get insight into anomalies that could indicate business concerns or suspected security violations.",
+      "solution" : "1. Log in to Azure Portal.\n2. Go to SQL database.\n3. For each DB instance, click on Auditing & Threat Detection\n4. Set Auditing to On\n5. Click Save"
+    }
+  ]
+}