petskratt/nimbusec_explorer.php

## nimbusec_explorer.php
<?php
/**
 * Parse Nimbusec JSON raport
 * User: petskratt (peeter@zone.ee)
 * Date: 26.08.2016
 * Time: 11:07
 * v1.0
 * - initial version (a quick hack and proof of idea)
 */

// rename self if having original name
if ( basename( __FILE__, '.php' ) === 'nimbusec_explorer' ) {

	$new_name = 'nimbusec_explorer_' . substr( bin2hex( mcrypt_create_iv( 22, MCRYPT_DEV_URANDOM ) ), 0, 8 ) . '.php';

	rename( basename( __FILE__ ), $new_name );

	header( "HTTP/1.0 404 Not Found" );
	echo "I should not be available on predictable address - so I renamed myself, new name is <a href='$new_name'>$new_name</a>. It might be good idea to bookmark it for future use :-)";
	die();

}

// for displaying suspect files in iFrame
if ( isset( $_GET['file'] ) ) {

	if ( file_exists( $_GET['file'] ) ) {
		$handle   = fopen( $_GET['file'], "r" );
		$contents = fread( $handle, 20000 );
		$html     = htmlentities( $contents, ENT_QUOTES );
		?>
		<html>
		<head>
			<title>$filename</title>
		</head>
		<body>
		<pre><?= $html ?></pre>
		</body>
		</html>
		<?php

		die();
	} else {
		header( "HTTP/1.0 404 Not Found" );
		echo "Requested .file not found";
		die();
	}
}

// display list of JSON files  - or read & process JSON

$local_jsons = get_stored_results();

if ( ! empty( $local_jsons ) && empty( $_GET['json'] ) ) {
	$html = generate_filepicker_html( $local_jsons );
} else {

	$filename = basename( $_GET['json'] );
	if ( file_exists( $filename ) ) {
		$json   = file_get_contents( $filename );
		$report = json_decode( $json, true );
		$html   = generate_report_html( $report );
		/*		var_dump($report);
				die();*/
	} else {
		header( "HTTP/1.0 404 Not Found" );
		echo "Requested .json not found";
		die();
	}
}

?>
	<html>
	<head>
		<title>Nimbusec deteceted files</title>
		<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" crossorigin="anonymous">
		<script src="//ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script>
		<script src="//maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
		<style>
			pre.code, iframe {
				width: 100%;
				height: 300px;
				overflow: scroll;
			}

		</style>
		<script>

			function loadFile (panel_id, uri) {
				event.preventDefault();
				document.getElementById('code-' + panel_id).style.display = 'none';
				document.getElementById('button-' + panel_id).style.display = 'none';
				document.getElementById('file-' + panel_id).style.display = 'block';
				document.getElementById('file-' + panel_id).src = '?file=' + uri;
			}

		</script>
	</head>
	<body>
	<div class="container-fluid">
		<div class="row">
			<div class="col-md-12">
				<?= $html ?>
			</div>
		</div>
	</div>

	</body>
	</html>
<?php


function generate_report_html( $report ) {
	$html     = "";
	$panel_id = 0;

	foreach ( $report as $file ) {

		$header = $file['resource'] . ' - ' . $file['threatname'] . PHP_EOL;

		$collapse_class = "collapse";

		$html .= '<div class="panel panel-default">';

		$html .= "<div class=\"panel-heading\" role=\"tab\" id=\"heading_$panel_id\">";
		// add data-parent="#accordion" to have other panels collapse when opening (presumably not desired here)
		$html .= "<h4 class=\"panel-title\"><a role=\"button\" data-toggle=\"collapse\" href=\"#collapse_$panel_id\" aria-expanded=\"true\" aria-controls=\"collapse_$panel_id\">$header</a></h4>";
		$html .= "</div>";

		$html .= "<div id=\"collapse_$panel_id\" class=\"panel-collapse $collapse_class\" role=\"tabpanel\" aria-labelledby=\"heading_$panel_id\">";
		$html .= '<div class="panel-body">';

		if ( file_exists( $file['resource'] ) ) {
			try {
				$handle = @fopen( $file['resource'], "r" );

				if ( ! $handle ) {
					throw new Exception( 'File open failed.' );
				}

				$contents = fread( $handle, 20000 );

				$html .= "<pre class=\"code\" id=\"code-$panel_id\">" . htmlentities( $contents, ENT_QUOTES ) . '</pre>';

				if ( filesize( $file['resource'] ) > 20000 ) {
					$html .= "<a href=\"#\" id=\"button-$panel_id\" class=\"btn btn-default\" onclick=\"loadFile($panel_id, '{$file['resource']}'); \">Load full file into iframe</a>";
					$html .= "<iframe id=\"file-$panel_id\" style='display:none;'></iframe>";
				}
			}
			catch ( Exception $e ) {
				$html .= "<p>Unable to open file!</p>";
			}
		}


		$html .= "</div>";
		$html .= "</div>";

		$html .= "</div>";

		$panel_id ++;

		/*		if ($panel_id > 50) {
					break;
				}*/
	}


	$html = '
				<h1>Nimbusec report for local inspection</h1>
				<p>This script parses Nimbusec report and provides preview of found files.
				</p>
				<div class="panel-group" id="accordion" role="tablist" aria-multiselectable="true">
					' . $html . '
				</div>
				';

	return $html;
}

function get_stored_results() {
	$stored_results = array();
	$files          = array_diff( scandir( '.' ), array( '..', '.' ) );

	foreach ( $files as $file ) {
		if ( strpos( $file, '.json' ) !== false ) {
			$stored_results[] = $file;
		}
	}

	return $stored_results;
}


function generate_filepicker_html( $local_jsons ) {
	$html = '';
	foreach ( $local_jsons as $json ) {
		$html .= "<li><a href='?json=$json'>$json</a></li>";
	}

	$html = '
		<h1>Select stored Nimbusec report for viewing</h1>
		<p>You have launched me in folder with files, that look like stored Nimbusec reports.
		I bet you want to parse one of these?</p>
		<ul>
			' . $html . '
		</ul>
	';

	return $html;
}
	<?php
	/**
	* Parse Nimbusec JSON raport
	* User: petskratt (peeter@zone.ee)
	* Date: 26.08.2016
	* Time: 11:07
	* v1.0
	* - initial version (a quick hack and proof of idea)
	*/

	// rename self if having original name
	if ( basename( __FILE__, '.php' ) === 'nimbusec_explorer' ) {

	$new_name = 'nimbusec_explorer_' . substr( bin2hex( mcrypt_create_iv( 22, MCRYPT_DEV_URANDOM ) ), 0, 8 ) . '.php';

	rename( basename( __FILE__ ), $new_name );

	header( "HTTP/1.0 404 Not Found" );
	echo "I should not be available on predictable address - so I renamed myself, new name is <a href='$new_name'>$new_name</a>. It might be good idea to bookmark it for future use :-)";
	die();

	}

	// for displaying suspect files in iFrame
	if ( isset( $_GET['file'] ) ) {

	if ( file_exists( $_GET['file'] ) ) {
	$handle = fopen( $_GET['file'], "r" );
	$contents = fread( $handle, 20000 );
	$html = htmlentities( $contents, ENT_QUOTES );
	?>
	<html>
	<head>
	<title>$filename</title>
	</head>
	<body>
	<pre><?= $html ?></pre>
	</body>
	</html>
	<?php

	die();
	} else {
	header( "HTTP/1.0 404 Not Found" );
	echo "Requested .file not found";
	die();
	}
	}

	// display list of JSON files - or read & process JSON

	$local_jsons = get_stored_results();

	if ( ! empty( $local_jsons ) && empty( $_GET['json'] ) ) {
	$html = generate_filepicker_html( $local_jsons );
	} else {

	$filename = basename( $_GET['json'] );
	if ( file_exists( $filename ) ) {
	$json = file_get_contents( $filename );
	$report = json_decode( $json, true );
	$html = generate_report_html( $report );
	/* var_dump($report);
	die();*/
	} else {
	header( "HTTP/1.0 404 Not Found" );
	echo "Requested .json not found";
	die();
	}
	}

	?>
	<html>
	<head>
	<title>Nimbusec deteceted files</title>
	<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" crossorigin="anonymous">
	<script src="//ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script>
	<script src="//maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
	<style>
	pre.code, iframe {
	width: 100%;
	height: 300px;
	overflow: scroll;
	}

	</style>
	<script>

	function loadFile (panel_id, uri) {
	event.preventDefault();
	document.getElementById('code-' + panel_id).style.display = 'none';
	document.getElementById('button-' + panel_id).style.display = 'none';
	document.getElementById('file-' + panel_id).style.display = 'block';
	document.getElementById('file-' + panel_id).src = '?file=' + uri;
	}

	</script>
	</head>
	<body>
	<div class="container-fluid">
	<div class="row">
	<div class="col-md-12">
	<?= $html ?>
	</div>
	</div>
	</div>

	</body>
	</html>
	<?php


	function generate_report_html( $report ) {
	$html = "";
	$panel_id = 0;

	foreach ( $report as $file ) {

	$header = $file['resource'] . ' - ' . $file['threatname'] . PHP_EOL;

	$collapse_class = "collapse";

	$html .= '<div class="panel panel-default">';

	$html .= "<div class=\"panel-heading\" role=\"tab\" id=\"heading_$panel_id\">";
	// add data-parent="#accordion" to have other panels collapse when opening (presumably not desired here)
	$html .= "<h4 class=\"panel-title\"><a role=\"button\" data-toggle=\"collapse\" href=\"#collapse_$panel_id\" aria-expanded=\"true\" aria-controls=\"collapse_$panel_id\">$header</a></h4>";
	$html .= "</div>";

	$html .= "<div id=\"collapse_$panel_id\" class=\"panel-collapse $collapse_class\" role=\"tabpanel\" aria-labelledby=\"heading_$panel_id\">";
	$html .= '<div class="panel-body">';

	if ( file_exists( $file['resource'] ) ) {
	try {
	$handle = @fopen( $file['resource'], "r" );

	if ( ! $handle ) {
	throw new Exception( 'File open failed.' );
	}

	$contents = fread( $handle, 20000 );

	$html .= "<pre class=\"code\" id=\"code-$panel_id\">" . htmlentities( $contents, ENT_QUOTES ) . '</pre>';

	if ( filesize( $file['resource'] ) > 20000 ) {
	$html .= "<a href=\"#\" id=\"button-$panel_id\" class=\"btn btn-default\" onclick=\"loadFile($panel_id, '{$file['resource']}'); \">Load full file into iframe</a>";
	$html .= "<iframe id=\"file-$panel_id\" style='display:none;'></iframe>";
	}
	}
	catch ( Exception $e ) {
	$html .= "<p>Unable to open file!</p>";
	}
	}


	$html .= "</div>";
	$html .= "</div>";

	$html .= "</div>";

	$panel_id ++;

	/* if ($panel_id > 50) {
	break;
	}*/
	}


	$html = '
	<h1>Nimbusec report for local inspection</h1>
	<p>This script parses Nimbusec report and provides preview of found files.
	</p>
	<div class="panel-group" id="accordion" role="tablist" aria-multiselectable="true">
	' . $html . '
	</div>
	';

	return $html;
	}

	function get_stored_results() {
	$stored_results = array();
	$files = array_diff( scandir( '.' ), array( '..', '.' ) );

	foreach ( $files as $file ) {
	if ( strpos( $file, '.json' ) !== false ) {
	$stored_results[] = $file;
	}
	}

	return $stored_results;
	}


	function generate_filepicker_html( $local_jsons ) {
	$html = '';
	foreach ( $local_jsons as $json ) {
	$html .= "<li><a href='?json=$json'>$json</a></li>";
	}

	$html = '
	<h1>Select stored Nimbusec report for viewing</h1>
	<p>You have launched me in folder with files, that look like stored Nimbusec reports.
	I bet you want to parse one of these?</p>
	<ul>
	' . $html . '
	</ul>
	';

	return $html;
	}