From dcd36fc090f3c04ca874cdd4980fcf16a2e7ab03 Mon Sep 17 00:00:00 2001
From: atrent <ego@atrent.it>
Date: Sun, 4 Oct 2015 10:32:08 +0200
Subject: [PATCH] Create prads2dot.sh

first attempt to create a prads log to dot graph
---
 tools/prads2dot.sh | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 121 insertions(+)
 create mode 100644 tools/prads2dot.sh

diff --git a/tools/prads2dot.sh b/tools/prads2dot.sh
new file mode 100644
index 0000000..b0a15fc
--- /dev/null
+++ b/tools/prads2dot.sh
@@ -0,0 +1,121 @@
+#!/bin/bash
+#######################################################################
+# prads to dotviz script - Version 0.91_RC
+# Copyright © 2015  Andrea Trentini (www.atrent.it)
+#
+#    This program is free software; you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation; either version 2 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program; if not, write to the Free Software
+#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#    or browse http://www.gnu.org/licenses/gpl.txt
+#######################################################################
+#
+# this version connects the nodes, it just sorts services to
+# group them on a per-node basis, something like this:
+#
+# (localhost)---(samenet1)---(samenet2)---...---(samenetM)
+#  |
+# (hop1router[dummy])---(hop1.1)---(hop1.2)---...---(hop1.N)
+#  |
+# (hop2router[dummy])---(hop2.1)---(hop2.2)---...---(hop2.O)
+#  |
+# (hop3router[dummy])---(hop3.1)---(hop3.2)---...---(hop3.P)
+#  |
+#  ...
+#  |
+# (hopZrouter[dummy])---(hopZ.1)---(hopZ.2)---...---(hopZ.X)
+#
+# it generates a dot file, then use
+# xdot to view it or
+# dot to convert to image
+#
+#######################################################################
+# use csvtool?
+# only if this gets very complicated
+
+#the general format fo this data is:
+#asset,vlan,port,proto,service,[service-info],distance,discovered
+
+### inside [service info] there is again "," !!!
+### standby...
+
+#1 asset       = The ip address of the asset.
+#2 vlan        = The virtual lan tag of the asset.
+#3 port        = The port number of the detected service.
+#4 proto       = The protocol number of the matching fingerprint.
+#5 service     = The "Service" detected, like: TCP-SERVICE, UDP-SERVICE, SYN, SYNACK,MAC,.....
+#6 service-info= The fingerprint that the match was done on, with info.
+#7 distance    = Distance based on guessed initial TTL (service = SYN/SYNACK)
+#8 discovered  = The timestamp when the data was collected
+
+#######################################################################
+
+FILE=net.inventory  # log from prads (in final will be passed as a command line parameter)
+#cut -f1,7 -d"," $FILE|sort|uniq > $FILE.filtered
+
+# sort on distance?
+#sort -k7 -b -n -t"," $FILE
+#exit
+
+# it can be optimized... ;)
+
+#NODES=$(cut -f1 -d"," $FILE|sort -n|uniq|grep 192.168)  # 192.168 just to test it
+NODES=$(grep -v -F "asset,vlan,port,proto,service,[service-info],distance,discovered" $FILE|cut -f1 -d","|sort -n|uniq)
+#echo \#Nodes: $NODES
+
+#DISTANCES=$(cut -f7 -d"," $FILE|sort -n|uniq|sed '/^\s*$/d'|tail -n +2)
+DISTANCES=$(grep -v -F "asset,vlan,port,proto,service,[service-info],distance,discovered" $FILE|cut -f7 -d"," |sort -n|uniq)  # servono tutte perche' mi servono i target
+#echo \#Distances: $DISTANCES
+
+echo "digraph \"$FILE\" {"
+#echo "node [shape=parallelogram]"
+echo "graph [rankdir = \"LR\"];"
+
+for node in $NODES
+do
+
+#echo $node \($(host $node)\);
+echo \"Node_$node\" #  |tr "." "_"
+
+#fields=$(grep $node $FILE|head -n 1|cut -f 2- -d"," | tr -d " "|tr "," "\n")
+
+echo -n "[ label = "
+echo \"$node \|
+
+#echo $fields\"|tr -d "[]\n"
+grep -F "$node," $FILE | cut -f 2- -d"," | tr -d " "|tr "\n" "|"|rev|cut -c2-|rev
+echo \"
+echo -n shape = record
+echo "];"
+
+##	grep $node $FILE|cut -f 2,3,4,5,6,8 -d","
+#	grep $node $FILE|cut -f 2- -d","
+done
+
+for dist in $DISTANCES
+do
+ #echo \#  === distance $dist
+ if
+  test "$prev"
+ then
+  echo Distance_$prev " ->" Distance_$dist\;
+ fi
+ 
+ for node in $(cut -f1,7 -d"," $FILE|sort|uniq|grep ",${dist}$"|cut -f1 -d",")    #repetitive, optimize?
+ do
+  echo -n Distance_$dist " ->"
+  echo \"Node_$node\"\;
+ done
+ prev=$dist
+done
+
+echo "}"
-- 
2.11.4.GIT