Created
August 26, 2016 08:11
-
-
Save petskratt/7dc3502c1313ba84b9cfd355d8313bb1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* Parse Nimbusec JSON raport | |
* User: petskratt (peeter@zone.ee) | |
* Date: 26.08.2016 | |
* Time: 11:07 | |
* v1.0 | |
* - initial version (a quick hack and proof of idea) | |
*/ | |
// rename self if having original name | |
if ( basename( __FILE__, '.php' ) === 'nimbusec_explorer' ) { | |
$new_name = 'nimbusec_explorer_' . substr( bin2hex( mcrypt_create_iv( 22, MCRYPT_DEV_URANDOM ) ), 0, 8 ) . '.php'; | |
rename( basename( __FILE__ ), $new_name ); | |
header( "HTTP/1.0 404 Not Found" ); | |
echo "I should not be available on predictable address - so I renamed myself, new name is <a href='$new_name'>$new_name</a>. It might be good idea to bookmark it for future use :-)"; | |
die(); | |
} | |
// for displaying suspect files in iFrame | |
if ( isset( $_GET['file'] ) ) { | |
if ( file_exists( $_GET['file'] ) ) { | |
$handle = fopen( $_GET['file'], "r" ); | |
$contents = fread( $handle, 20000 ); | |
$html = htmlentities( $contents, ENT_QUOTES ); | |
?> | |
<html> | |
<head> | |
<title>$filename</title> | |
</head> | |
<body> | |
<pre><?= $html ?></pre> | |
</body> | |
</html> | |
<?php | |
die(); | |
} else { | |
header( "HTTP/1.0 404 Not Found" ); | |
echo "Requested .file not found"; | |
die(); | |
} | |
} | |
// display list of JSON files - or read & process JSON | |
$local_jsons = get_stored_results(); | |
if ( ! empty( $local_jsons ) && empty( $_GET['json'] ) ) { | |
$html = generate_filepicker_html( $local_jsons ); | |
} else { | |
$filename = basename( $_GET['json'] ); | |
if ( file_exists( $filename ) ) { | |
$json = file_get_contents( $filename ); | |
$report = json_decode( $json, true ); | |
$html = generate_report_html( $report ); | |
/* var_dump($report); | |
die();*/ | |
} else { | |
header( "HTTP/1.0 404 Not Found" ); | |
echo "Requested .json not found"; | |
die(); | |
} | |
} | |
?> | |
<html> | |
<head> | |
<title>Nimbusec deteceted files</title> | |
<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" crossorigin="anonymous"> | |
<script src="//ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script> | |
<script src="//maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> | |
<style> | |
pre.code, iframe { | |
width: 100%; | |
height: 300px; | |
overflow: scroll; | |
} | |
</style> | |
<script> | |
function loadFile (panel_id, uri) { | |
event.preventDefault(); | |
document.getElementById('code-' + panel_id).style.display = 'none'; | |
document.getElementById('button-' + panel_id).style.display = 'none'; | |
document.getElementById('file-' + panel_id).style.display = 'block'; | |
document.getElementById('file-' + panel_id).src = '?file=' + uri; | |
} | |
</script> | |
</head> | |
<body> | |
<div class="container-fluid"> | |
<div class="row"> | |
<div class="col-md-12"> | |
<?= $html ?> | |
</div> | |
</div> | |
</div> | |
</body> | |
</html> | |
<?php | |
function generate_report_html( $report ) { | |
$html = ""; | |
$panel_id = 0; | |
foreach ( $report as $file ) { | |
$header = $file['resource'] . ' - ' . $file['threatname'] . PHP_EOL; | |
$collapse_class = "collapse"; | |
$html .= '<div class="panel panel-default">'; | |
$html .= "<div class=\"panel-heading\" role=\"tab\" id=\"heading_$panel_id\">"; | |
// add data-parent="#accordion" to have other panels collapse when opening (presumably not desired here) | |
$html .= "<h4 class=\"panel-title\"><a role=\"button\" data-toggle=\"collapse\" href=\"#collapse_$panel_id\" aria-expanded=\"true\" aria-controls=\"collapse_$panel_id\">$header</a></h4>"; | |
$html .= "</div>"; | |
$html .= "<div id=\"collapse_$panel_id\" class=\"panel-collapse $collapse_class\" role=\"tabpanel\" aria-labelledby=\"heading_$panel_id\">"; | |
$html .= '<div class="panel-body">'; | |
if ( file_exists( $file['resource'] ) ) { | |
try { | |
$handle = @fopen( $file['resource'], "r" ); | |
if ( ! $handle ) { | |
throw new Exception( 'File open failed.' ); | |
} | |
$contents = fread( $handle, 20000 ); | |
$html .= "<pre class=\"code\" id=\"code-$panel_id\">" . htmlentities( $contents, ENT_QUOTES ) . '</pre>'; | |
if ( filesize( $file['resource'] ) > 20000 ) { | |
$html .= "<a href=\"#\" id=\"button-$panel_id\" class=\"btn btn-default\" onclick=\"loadFile($panel_id, '{$file['resource']}'); \">Load full file into iframe</a>"; | |
$html .= "<iframe id=\"file-$panel_id\" style='display:none;'></iframe>"; | |
} | |
} | |
catch ( Exception $e ) { | |
$html .= "<p>Unable to open file!</p>"; | |
} | |
} | |
$html .= "</div>"; | |
$html .= "</div>"; | |
$html .= "</div>"; | |
$panel_id ++; | |
/* if ($panel_id > 50) { | |
break; | |
}*/ | |
} | |
$html = ' | |
<h1>Nimbusec report for local inspection</h1> | |
<p>This script parses Nimbusec report and provides preview of found files. | |
</p> | |
<div class="panel-group" id="accordion" role="tablist" aria-multiselectable="true"> | |
' . $html . ' | |
</div> | |
'; | |
return $html; | |
} | |
function get_stored_results() { | |
$stored_results = array(); | |
$files = array_diff( scandir( '.' ), array( '..', '.' ) ); | |
foreach ( $files as $file ) { | |
if ( strpos( $file, '.json' ) !== false ) { | |
$stored_results[] = $file; | |
} | |
} | |
return $stored_results; | |
} | |
function generate_filepicker_html( $local_jsons ) { | |
$html = ''; | |
foreach ( $local_jsons as $json ) { | |
$html .= "<li><a href='?json=$json'>$json</a></li>"; | |
} | |
$html = ' | |
<h1>Select stored Nimbusec report for viewing</h1> | |
<p>You have launched me in folder with files, that look like stored Nimbusec reports. | |
I bet you want to parse one of these?</p> | |
<ul> | |
' . $html . ' | |
</ul> | |
'; | |
return $html; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment