Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
<?php
/**
* Parse Nimbusec JSON raport
* User: petskratt (peeter@zone.ee)
* Date: 26.08.2016
* Time: 11:07
* v1.0
* - initial version (a quick hack and proof of idea)
*/
// rename self if having original name
if ( basename( __FILE__, '.php' ) === 'nimbusec_explorer' ) {
$new_name = 'nimbusec_explorer_' . substr( bin2hex( mcrypt_create_iv( 22, MCRYPT_DEV_URANDOM ) ), 0, 8 ) . '.php';
rename( basename( __FILE__ ), $new_name );
header( "HTTP/1.0 404 Not Found" );
echo "I should not be available on predictable address - so I renamed myself, new name is <a href='$new_name'>$new_name</a>. It might be good idea to bookmark it for future use :-)";
die();
}
// for displaying suspect files in iFrame
if ( isset( $_GET['file'] ) ) {
if ( file_exists( $_GET['file'] ) ) {
$handle = fopen( $_GET['file'], "r" );
$contents = fread( $handle, 20000 );
$html = htmlentities( $contents, ENT_QUOTES );
?>
<html>
<head>
<title>$filename</title>
</head>
<body>
<pre><?= $html ?></pre>
</body>
</html>
<?php
die();
} else {
header( "HTTP/1.0 404 Not Found" );
echo "Requested .file not found";
die();
}
}
// display list of JSON files - or read & process JSON
$local_jsons = get_stored_results();
if ( ! empty( $local_jsons ) && empty( $_GET['json'] ) ) {
$html = generate_filepicker_html( $local_jsons );
} else {
$filename = basename( $_GET['json'] );
if ( file_exists( $filename ) ) {
$json = file_get_contents( $filename );
$report = json_decode( $json, true );
$html = generate_report_html( $report );
/* var_dump($report);
die();*/
} else {
header( "HTTP/1.0 404 Not Found" );
echo "Requested .json not found";
die();
}
}
?>
<html>
<head>
<title>Nimbusec deteceted files</title>
<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" crossorigin="anonymous">
<script src="//ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script>
<script src="//maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<style>
pre.code, iframe {
width: 100%;
height: 300px;
overflow: scroll;
}
</style>
<script>
function loadFile (panel_id, uri) {
event.preventDefault();
document.getElementById('code-' + panel_id).style.display = 'none';
document.getElementById('button-' + panel_id).style.display = 'none';
document.getElementById('file-' + panel_id).style.display = 'block';
document.getElementById('file-' + panel_id).src = '?file=' + uri;
}
</script>
</head>
<body>
<div class="container-fluid">
<div class="row">
<div class="col-md-12">
<?= $html ?>
</div>
</div>
</div>
</body>
</html>
<?php
function generate_report_html( $report ) {
$html = "";
$panel_id = 0;
foreach ( $report as $file ) {
$header = $file['resource'] . ' - ' . $file['threatname'] . PHP_EOL;
$collapse_class = "collapse";
$html .= '<div class="panel panel-default">';
$html .= "<div class=\"panel-heading\" role=\"tab\" id=\"heading_$panel_id\">";
// add data-parent="#accordion" to have other panels collapse when opening (presumably not desired here)
$html .= "<h4 class=\"panel-title\"><a role=\"button\" data-toggle=\"collapse\" href=\"#collapse_$panel_id\" aria-expanded=\"true\" aria-controls=\"collapse_$panel_id\">$header</a></h4>";
$html .= "</div>";
$html .= "<div id=\"collapse_$panel_id\" class=\"panel-collapse $collapse_class\" role=\"tabpanel\" aria-labelledby=\"heading_$panel_id\">";
$html .= '<div class="panel-body">';
if ( file_exists( $file['resource'] ) ) {
try {
$handle = @fopen( $file['resource'], "r" );
if ( ! $handle ) {
throw new Exception( 'File open failed.' );
}
$contents = fread( $handle, 20000 );
$html .= "<pre class=\"code\" id=\"code-$panel_id\">" . htmlentities( $contents, ENT_QUOTES ) . '</pre>';
if ( filesize( $file['resource'] ) > 20000 ) {
$html .= "<a href=\"#\" id=\"button-$panel_id\" class=\"btn btn-default\" onclick=\"loadFile($panel_id, '{$file['resource']}'); \">Load full file into iframe</a>";
$html .= "<iframe id=\"file-$panel_id\" style='display:none;'></iframe>";
}
}
catch ( Exception $e ) {
$html .= "<p>Unable to open file!</p>";
}
}
$html .= "</div>";
$html .= "</div>";
$html .= "</div>";
$panel_id ++;
/* if ($panel_id > 50) {
break;
}*/
}
$html = '
<h1>Nimbusec report for local inspection</h1>
<p>This script parses Nimbusec report and provides preview of found files.
</p>
<div class="panel-group" id="accordion" role="tablist" aria-multiselectable="true">
' . $html . '
</div>
';
return $html;
}
function get_stored_results() {
$stored_results = array();
$files = array_diff( scandir( '.' ), array( '..', '.' ) );
foreach ( $files as $file ) {
if ( strpos( $file, '.json' ) !== false ) {
$stored_results[] = $file;
}
}
return $stored_results;
}
function generate_filepicker_html( $local_jsons ) {
$html = '';
foreach ( $local_jsons as $json ) {
$html .= "<li><a href='?json=$json'>$json</a></li>";
}
$html = '
<h1>Select stored Nimbusec report for viewing</h1>
<p>You have launched me in folder with files, that look like stored Nimbusec reports.
I bet you want to parse one of these?</p>
<ul>
' . $html . '
</ul>
';
return $html;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.