Skip to content

Script to transform the JSON output of Nuclei to a SQLite database.

License

Notifications You must be signed in to change notification settings

ricardomaia/nuclei2sqlite

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Nuclei2SQLite

Script to transform the JSON output of Nuclei to a SQLite database.

Description

This is a Node.js project that allows you to do X, Y, and Z. It takes input from a JSON file and performs specific actions based on the data provided. The program can be used for tasks like A, B, and C, making it useful for developers working on certain projects.

Usage

Create a Nuclei scan report in JSON format.

nuclei -tags cve -l targets_file.txt -j -o scan-report.json

Now just pass the JSON file as argument to script.

node nuclei2sqlite.js path/to/your/scan-report.json

Replace scan-report.json with the actual name of your JSON file.

Other options

Usage: nuclei2sqlite [options] <json_file_path>

Transform Nuclei JSON output to SQLite database

Options:
  -c, --create  Create the database
  -d, --delete  Delete existing records from the database
  -h, --help    display help for command

image

Installation

  • Make sure you have Node.js and npm installed on your system.
  • Clone this repository to your local machine.
  • Navigate to the project directory in the terminal or command prompt.
  • Run the following command to install the dependencies:
npm install

Examples of SQL queries

Gereneral Report

SELECT ip, 
host, 
REPLACE(REPLACE(info_tags, '[', ''), ']', '') as tags, 
extracted_results,
cve_id, 
cwe_id, 
cvss_metrics, 
cvss_score, 
description, 
remediation,
info_name, 
info_description, 
REPLACE(REPLACE(info_reference, '[', ''), ']', '') as info_reference,
info_severity, 
info_metadata_product, 
info_classification_cpe
FROM scan_history
GROUP BY ip, host
ORDER BY
ip, host,
CASE info_severity
    WHEN 'critical' THEN 1
    WHEN 'high' THEN 2
    WHEN 'medium' THEN 3
    WHEN 'low' THEN 4
    WHEN 'info' THEN 5
    ELSE 6
END;

image

WordPress outdated plugins

SELECT ip, 
host, 
extracted_results,
matcher_name,
meta,
info_name, 
REPLACE(REPLACE(info_tags, '[', ''), ']', '') as tags, 
REPLACE(REPLACE(info_reference, '[', ''), ']', '') as info_reference,
info_severity, 
info_metadata_product, 
info_classification_cpe
FROM scan_history
WHERE matcher_name = 'outdated_version'
GROUP BY ip, host
ORDER BY
ip, host

image

Outdated WordPress plugins (sorted by subdomain)

Example:

  • bar.example.com
  • foo.example.com
  • subdomain1.example.com
SELECT ip, 
host, 
info_severity, 
cve_id, 
cvss_score, 
info_name, 
info_description, 
REPLACE(REPLACE(info_reference, '[', ''), ']', '') as info_reference,
info_metadata_product, 
info_classification_cpe
FROM scan_history
ORDER BY
CASE info_severity
    WHEN 'critical' THEN 1
    WHEN 'high' THEN 2
    WHEN 'medium' THEN 3
    WHEN 'low' THEN 4
    WHEN 'info' THEN 5
    ELSE 6
END,
CASE 
WHEN INSTR(  ( SUBSTR (host, INSTR(host, '://') + 3, INSTR(host, '.example.com') - 9  ) ), '.') = 0 THEN
    ( SUBSTR (host, INSTR(host, '://') + 3, INSTR(host, '.example.com') - 9  ) ) 
ELSE
    SUBSTR ( ( SUBSTR (host, INSTR(host, '://') + 3, INSTR(host, '.df.gov.br') - 9  ) ) , INSTR(  ( SUBSTR (host, INSTR(host, '://') + 3, INSTR(host, '.example.com') - 9  ) ), '.') +1 , LENGTH (( SUBSTR (host, INSTR(host, '://') + 3, INSTR(host, '.example.com') - 9  ) ) ))
END 

Total vulnerabilities per scan (grouped by date, ignoring hour and minute)

SELECT DATE(timestamp) as scan_date, COUNT(*) as total_vulnerabilities
FROM scan_history
GROUP BY DATE(timestamp)
ORDER BY scan_date;

Vulnerabilities per IP

SELECT ip, COUNT(*) as total_vulnerabilities
FROM scan_history
GROUP BY ip
ORDER BY total_vulnerabilities DESC;

Vulnerabilities per host

SELECT host, COUNT(*) as total_vulnerabilities
FROM scan_history
GROUP BY host
ORDER BY total_vulnerabilities DESC;

Vulnerabilities per severity

SELECT severity, COUNT(*) as total_vulnerabilities
FROM scan_history
GROUP BY severity
ORDER BY total_vulnerabilities DESC;

Vulnerabilities per template_id

SELECT template, COUNT(*) as total_vulnerabilities
FROM scan_history
GROUP BY template
ORDER BY total_vulnerabilities DESC;

HTML Report (🚧 Work in progress)

If you want to see a simple HTML report, run server.js script.

node server.js

Now open your browser at http://localhost:3000

image

License

This project is licensed under the MIT License.