tools/prads2dot.sh

   1 #!/bin/bash
   2 #######################################################################
   3 # prads to dotviz script - Version 0.91_RC
   4 # Copyright © 2015  Andrea Trentini (www.atrent.it)
   5 #
   6 #    This program is free software; you can redistribute it and/or modify
   7 #    it under the terms of the GNU General Public License as published by
   8 #    the Free Software Foundation; either version 2 of the License, or
   9 #    (at your option) any later version.
  10 #
  11 #    This program is distributed in the hope that it will be useful,
  12 #    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14 #    GNU General Public License for more details.
  15 #
  16 #    You should have received a copy of the GNU General Public License
  17 #    along with this program; if not, write to the Free Software
  18 #    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  19 #    or browse http://www.gnu.org/licenses/gpl.txt
  20 #######################################################################
  21 #
  22 # this version connects the nodes, it just sorts services to
  23 # group them on a per-node basis, something like this:
  24 #
  25 # (localhost)---(samenet1)---(samenet2)---...---(samenetM)
  26 #  |
  27 # (hop1router[dummy])---(hop1.1)---(hop1.2)---...---(hop1.N)
  28 #  |
  29 # (hop2router[dummy])---(hop2.1)---(hop2.2)---...---(hop2.O)
  30 #  |
  31 # (hop3router[dummy])---(hop3.1)---(hop3.2)---...---(hop3.P)
  32 #  |
  33 #  ...
  34 #  |
  35 # (hopZrouter[dummy])---(hopZ.1)---(hopZ.2)---...---(hopZ.X)
  36 #
  37 # it generates a dot file, then use
  38 # xdot to view it or
  39 # dot to convert to image
  40 #
  41 #######################################################################
  42 # use csvtool?
  43 # only if this gets very complicated
  44
  45 #the general format fo this data is:
  46 #asset,vlan,port,proto,service,[service-info],distance,discovered
  47
  48 ### inside [service info] there is again "," !!!
  49 ### standby...
  50
  51 #1 asset       = The ip address of the asset.
  52 #2 vlan        = The virtual lan tag of the asset.
  53 #3 port        = The port number of the detected service.
  54 #4 proto       = The protocol number of the matching fingerprint.
  55 #5 service     = The "Service" detected, like: TCP-SERVICE, UDP-SERVICE, SYN, SYNACK,MAC,.....
  56 #6 service-info= The fingerprint that the match was done on, with info.
  57 #7 distance    = Distance based on guessed initial TTL (service = SYN/SYNACK)
  58 #8 discovered  = The timestamp when the data was collected
  59
  60 #######################################################################
  61
  62 FILE=net.inventory  # log from prads (in final will be passed as a command line parameter)
  63 #cut -f1,7 -d"," $FILE|sort|uniq > $FILE.filtered
  64
  65 # sort on distance?
  66 #sort -k7 -b -n -t"," $FILE
  67 #exit
  68
  69 # it can be optimized... ;)
  70
  71 #NODES=$(cut -f1 -d"," $FILE|sort -n|uniq|grep 192.168)  # 192.168 just to test it
  72 NODES=$(grep -v -F "asset,vlan,port,proto,service,[service-info],distance,discovered" $FILE|cut -f1 -d","|sort -n|uniq)
  73 #echo \#Nodes: $NODES
  74
  75 #DISTANCES=$(cut -f7 -d"," $FILE|sort -n|uniq|sed '/^\s*$/d'|tail -n +2)
  76 DISTANCES=$(grep -v -F "asset,vlan,port,proto,service,[service-info],distance,discovered" $FILE|cut -f7 -d"," |sort -n|uniq)  # servono tutte perche' mi servono i target
  77 #echo \#Distances: $DISTANCES
  78
  79 echo "digraph \"$FILE\" {"
  80 #echo "node [shape=parallelogram]"
  81 echo "graph [rankdir = \"LR\"];"
  82
  83 for node in $NODES
  84 do
  85
  86 #echo $node \($(host $node)\);
  87 echo \"Node_$node\" #  |tr "." "_"
  88
  89 #fields=$(grep $node $FILE|head -n 1|cut -f 2- -d"," | tr -d " "|tr "," "\n")
  90
  91 echo -n "[ label = "
  92 echo \"$node \|
  93
  94 #echo $fields\"|tr -d "[]\n"
  95 grep -F "$node," $FILE | cut -f 2- -d"," | tr -d " "|tr "\n" "|"|rev|cut -c2-|rev
  96 echo \"
  97 echo -n shape = record
  98 echo "];"
  99
 100 ##      grep $node $FILE|cut -f 2,3,4,5,6,8 -d","
 101 #       grep $node $FILE|cut -f 2- -d","
 102 done
 103
 104 for dist in $DISTANCES
 105 do
 106  #echo \#  === distance $dist
 107  if
 108   test "$prev"
 109  then
 110   echo Distance_$prev " ->" Distance_$dist\;
 111  fi
 112
 113  for node in $(cut -f1,7 -d"," $FILE|sort|uniq|grep ",${dist}$"|cut -f1 -d",")    #repetitive, optimize?
 114  do
 115   echo -n Distance_$dist " ->"
 116   echo \"Node_$node\"\;
 117  done
 118  prev=$dist
 119 done
 120
 121 echo "}"