tools/prads2dot.sh

   1 #!/bin/bash
   2 #######################################################################
   3 # prads to dotviz script - Version 1.0
   4 # Copyright © 2015  Andrea Trentini (www.atrent.it)
   5 #
   6 #    This program is free software; you can redistribute it and/or modify
   7 #    it under the terms of the GNU General Public License as published by
   8 #    the Free Software Foundation; either version 2 of the License, or
   9 #    (at your option) any later version.
  10 #
  11 #    This program is distributed in the hope that it will be useful,
  12 #    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14 #    GNU General Public License for more details.
  15 #
  16 #    You should have received a copy of the GNU General Public License
  17 #    along with this program; if not, write to the Free Software
  18 #    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  19 #    or browse http://www.gnu.org/licenses/gpl.txt
  20 #######################################################################
  21 #
  22 # this version connects the nodes, it just sorts services to
  23 # group them on a per-node basis, something like this:
  24 #
  25 # (localhost)---(samenet1)---(samenet2)---...---(samenetM)
  26 #  |
  27 # (hop1router[dummy])---(hop1.1)---(hop1.2)---...---(hop1.N)
  28 #  |
  29 # (hop2router[dummy])---(hop2.1)---(hop2.2)---...---(hop2.O)
  30 #  |
  31 # (hop3router[dummy])---(hop3.1)---(hop3.2)---...---(hop3.P)
  32 #  |
  33 #  ...
  34 #  |
  35 # (hopZrouter[dummy])---(hopZ.1)---(hopZ.2)---...---(hopZ.X)
  36 #
  37 # it generates a dot file, then use
  38 # xdot to view it or
  39 # dot to convert to image
  40 #
  41 #######################################################################
  42 # use csvtool?
  43 # only if this gets very complicated
  44 #
  45 # it can be optimized... ;)
  46 #######################################################################
  47 #
  48 #the general format for prads data is:
  49 #asset,vlan,port,proto,service,[service-info],distance,discovered
  50 #
  51 ### inside [service info] there is again "," !!!
  52 ### standby... temporarily solved by prads author
  53 #
  54 #1 asset       = The ip address of the asset.
  55 #2 vlan        = The virtual lan tag of the asset.
  56 #3 port        = The port number of the detected service.
  57 #4 proto       = The protocol number of the matching fingerprint.
  58 #5 service     = The "Service" detected, like: TCP-SERVICE, UDP-SERVICE, SYN, SYNACK,MAC,.....
  59 #6 service-info= The fingerprint that the match was done on, with info.
  60 #7 distance    = Distance based on guessed initial TTL (service = SYN/SYNACK)
  61 #8 discovered  = The timestamp when the data was collected
  62 #
  63 #######################################################################
  64
  65 if
  66  test $# -ne 1
  67 then
  68  echo Usage: $0 '<logfile from prads>'
  69  exit
  70 fi
  71 PRADSLOG=$1
  72
  73 FILE=$(mktemp)
  74
  75 # convert file to substitute internal "," in "[]" field
  76 cat $PRADSLOG|while
  77  read LINE
  78 do
  79  LEFT=$(echo $LINE|cut -f1 -d"[")
  80  MIDDLE=$(echo $LINE|cut -f2 -d"["|cut -f1 -d"]"|tr "," ";")
  81  RIGHT=$(echo $LINE|cut -f2 -d"]")
  82  echo $LEFT"["$MIDDLE"]"$RIGHT
  83 done > $FILE
  84
  85 # sort on distance?
  86 #sort -k7 -b -n -t"," $FILE
  87 #exit
  88
  89 #NODES=$(cut -f1 -d"," $FILE|sort -n|uniq|grep 192.168)  # 192.168 just to test it
  90 NODES=$(grep -v -F "asset,vlan,port,proto,service,[service-info],distance,discovered" $FILE|cut -f1 -d","|sort -n|uniq)
  91 #echo \#Nodes: $NODES
  92
  93 DISTANCES=$(grep -v -F "asset,vlan,port,proto,service,[service-info],distance,discovered" $FILE|cut -f7 -d"," |sort -n|uniq)
  94 #echo \#Distances: $DISTANCES
  95
  96 echo "digraph \"$FILE\" {"
  97 #echo "node [shape=parallelogram]"
  98 echo "graph [root=\"Distance_0\",ratio=\"1\",rankdir = \"LR\"];"
  99
 100 # nodes loop
 101 for node in $NODES
 102 do
 103
 104  #echo $node \($(host $node)\);
 105  echo \"Node_$node\" #  |tr "." "_"
 106
 107  #fields=$(grep $node $FILE|head -n 1|cut -f 2- -d"," | tr -d " "|tr "," "\n")
 108
 109  echo -n "[ label = "
 110  echo \"$node \|
 111
 112  #echo $fields\"|tr -d "[]\n"
 113  grep -F "$node," $FILE | cut -f 2- -d"," | tr -d " "|tr "\n" "|"|rev|cut -c2-|rev
 114  echo \"
 115  echo -n shape = record
 116  echo "];"
 117
 118  ##     grep $node $FILE|cut -f 2,3,4,5,6,8 -d","
 119  #      grep $node $FILE|cut -f 2- -d","
 120 done
 121
 122 # connect the dots
 123 for dist in $DISTANCES
 124 do
 125  #echo \#  === distance $dist
 126  if
 127   test "$prev"
 128  then
 129   echo Distance_$prev " ->" Distance_$dist\;
 130  fi
 131
 132  for node in $(cut -f1,7 -d"," $FILE|sort|uniq|grep ",${dist}$"|cut -f1 -d",")    #repetitive, optimize?
 133  do
 134   echo -n Distance_$dist " ->"
 135   echo \"Node_$node\"\;
 136  done
 137  prev=$dist
 138 done
 139
 140 echo "}"
 141
 142 # cleaning...
 143 rm $FILE