demos and slides finished

SECTOR 2016 - G.Tool/SECTOR.md

@@ -197,20 +197,33 @@ G.Tool Demo
 * Undoing bad changes is manual
 
 ---
-# Use Case #2 - Vulnerability Remediation
-![](img/vulnremediation_excel.png)
+# Use Case #2 - Attack Tree
+<center><img src="img/attacktree_visio.png"></center>
 
 ---
-# Use Case #2 - Vulnerability Remediation
-show slicer, nodename, num (with range), Date
+# Use Case #2 - Attack Tree
+demonstrate attacktree plugin
 
 ---
-# Use Case #3 - Attack Tree
-<center><img src="img/attacktree_visio.png"></center>
+# Use Case #3 - Vulnerability Remediation
+![](img/vulnremediation_excel.png)
 
 ---
-# Use Case #3 - Attack Tree
-demonstrate attacktree plugin
+# Use Case #3 - Vulnerability Remediation
+G.Tool Demo
+
+---
+# A word on outputs
+Grid Outputs:
+* Excel
+* CSV
+* Table
+
+Tree Outputs:
+* JSON
+* YAML
+* Networkx
+* Graphviz
 
 ---
 # Use Case #4 - Continuous Compliance
@@ -221,6 +234,7 @@ demonstrate attacktree plugin
 # CI Tools provide dashboards
 ![](img/builds.png)
 
+
 ---
 # The roadmap
 

SECTOR 2016 - G.Tool/demo/demo2/classes/attacktree.txt

@@ -0,0 +1,28 @@
+GOAL::
+*file = goal
+*shape = octagon
+*color = red
+*output.1 = @title
+@title:: single: String
+@nodes:: multiple: Nodes (required = False)
+@ands:: multiple: Ands (required = False)
+@description:: single: String (required = False)
+@url: single: Url (required = False)
+
+NODES::
+*file = node
+*shape = square
+*output.1 = @title
+@title:: single: String
+@nodes:: multiple: Nodes (required = False)
+@ands:: multiple: Ands (required = False)
+@description:: single: String (required = False)
+@url: single: Url (required = False)
+
+ANDS::
+*file = and
+*shape = house
+*output.1 = !title
+!title:: Static('AND')
+@nodes:: multiple: Nodes (required = False)
+@ands:: multiple: Ands (required = False)

SECTOR 2016 - G.Tool/demo/demo2/data/goal1/_.txt

@@ -0,0 +1 @@
+@title: world domination!!

SECTOR 2016 - G.Tool/demo/demo2/data/goal1/ands/ands/nodes/1.txt

@@ -0,0 +1,2 @@
+@title: escape cage 3
+@description: get out of the cage 3

SECTOR 2016 - G.Tool/demo/demo2/data/goal1/ands/ands/nodes/2.txt

@@ -0,0 +1,2 @@
+@title: mind control \nassistants 3
+@description: use mind control thinger 3

SECTOR 2016 - G.Tool/demo/demo2/data/goal1/ands/nodes/1.txt

@@ -0,0 +1,2 @@
+@title: escape cage 2
+@description: get out of the cage 2

SECTOR 2016 - G.Tool/demo/demo2/data/goal1/ands/nodes/2.txt

@@ -0,0 +1,2 @@
+@title: mind control \nassistants 2
+@description: use mind control thinger 2

SECTOR 2016 - G.Tool/demo/demo2/data/goal1/nodes/1.txt

@@ -0,0 +1,2 @@
+@title: escape cage
+@description: get out of the cage

SECTOR 2016 - G.Tool/demo/demo2/data/goal1/nodes/2.txt

@@ -0,0 +1,2 @@
+@title: mind control \nassistants
+@description: use mind control thinger

SECTOR 2016 - G.Tool/demo/demo2/data/goal2/_.txt

@@ -0,0 +1 @@
+@title: world domination 2!!

SECTOR 2016 - G.Tool/demo/demo2/data/goal2/ands/ands/nodes/1.txt

@@ -0,0 +1,2 @@
+@title: escape cage 3
+@description: get out of the cage 3

SECTOR 2016 - G.Tool/demo/demo2/data/goal2/ands/ands/nodes/2.txt

@@ -0,0 +1,2 @@
+@title: mind control \nassistants 3
+@description: use mind control thinger 3

SECTOR 2016 - G.Tool/demo/demo2/data/goal2/ands/nodes/1.txt

@@ -0,0 +1,2 @@
+@title: escape cage 2
+@description: get out of the cage 2

SECTOR 2016 - G.Tool/demo/demo2/data/goal2/ands/nodes/2.txt

@@ -0,0 +1,2 @@
+@title: mind control \nassistants 2
+@description: use mind control thinger 2

SECTOR 2016 - G.Tool/demo/demo2/data/goal2/nodes/1.txt

@@ -0,0 +1,2 @@
+@title: escape cage
+@description: get out of the cage

SECTOR 2016 - G.Tool/demo/demo2/data/goal2/nodes/2.txt

@@ -0,0 +1,2 @@
+@title: mind control \nassistants
+@description: use mind control thinger

SECTOR 2016 - G.Tool/demo/demo2/gtool.cfg

@@ -0,0 +1,20 @@
+[output.1]
+plugin: decisiontree
+layout: ortho
+class_goal: goal
+class_node: nodes
+class_and: ands
+attribute_title: title
+attribute_node: nodes
+attribute_and: ands
+attribute_tooltip: description
+attribute_url: url
+
+[output.2]
+plugin: excel
+
+[output.alpha]
+plugin: word
+
+[output.beta]
+plugin: word

SECTOR 2016 - G.Tool/demo/demo2/plugins/dummy.py

@@ -0,0 +1,10 @@
+class Dummy():
+
+    def __init__(self):
+        pass
+
+    def __test__(self):
+        pass
+
+def load():
+    return Dummy

SECTOR 2016 - G.Tool/demo/demo2/test47.dot

@@ -0,0 +1,36 @@
+digraph G {
+0 [label="world domination!!", shape=octagon];
+1 [tooltip="get out of the cage", label="escape cage", shape=square];
+0 -> 1;
+3 [tooltip="use mind control thinger", label="mind control \nassistants", shape=square];
+0 -> 3;
+5 [label=AND, shape=house];
+0 -> 5;
+6 [tooltip="get out of the cage 2", label="escape cage 2", shape=square];
+5 -> 6;
+8 [tooltip="use mind control thinger 2", label="mind control \nassistants 2", shape=square];
+5 -> 8;
+10 [label=AND, shape=house];
+5 -> 10;
+11 [tooltip="get out of the cage 3", label="escape cage 3", shape=square];
+10 -> 11;
+13 [tooltip="use mind control thinger 3", label="mind control \nassistants 3", shape=square];
+10 -> 13;
+17 [label="world domination 2!!", shape=octagon];
+18 [tooltip="get out of the cage", label="escape cage", shape=square];
+17 -> 18;
+20 [tooltip="use mind control thinger", label="mind control \nassistants", shape=square];
+17 -> 20;
+22 [label=AND, shape=house];
+17 -> 22;
+23 [tooltip="get out of the cage 2", label="escape cage 2", shape=square];
+22 -> 23;
+25 [tooltip="use mind control thinger 2", label="mind control \nassistants 2", shape=square];
+22 -> 25;
+27 [label=AND, shape=house];
+22 -> 27;
+28 [tooltip="get out of the cage 3", label="escape cage 3", shape=square];
+27 -> 28;
+30 [tooltip="use mind control thinger 3", label="mind control \nassistants 3", shape=square];
+27 -> 30;
+}

SECTOR 2016 - G.Tool/demo/demo3c/classes/vulnerability.txt

@@ -1,6 +1,7 @@
 CVSS::
 *file = cvss_
-*output = score
+*output = !score
+*output.headers = CVSSv2 Score
 @vector:: single: String
 !score:: Cvssv2('@vector')
 

SECTOR 2016 - G.Tool/demo/demo3d/.GTOOLVERSION

@@ -0,0 +1 @@
+0.1.11 BETA

SECTOR 2016 - G.Tool/demo/demo3d/aggregates/averagecwe.txt

@@ -0,0 +1,4 @@
+AVERAGECWE::
+*name = CWE Average
+*function = average
+*select = @cwe

SECTOR 2016 - G.Tool/demo/demo3d/classes/vulnerability.txt

@@ -0,0 +1,14 @@
+VULNERABILITY::
+*file = vuln_
+*output = !vulnid || @uri || @type || @categorization || @cvss || @cwe || @reported || @description || @fixed
+*output.headers = Vulnerability ID || IP or URL	|| Type	|| Categorization || CVSSv2 Score || CWE Score || Reported || Description || Fixed
+!filename:: Nodename()
+!vulnid:: Slice('!filename[5:]')
+@uri:: single: Url
+@cvss:: single: Real(required = False, min = 0, max = 10)
+@cwe:: single: Real(required = False, min = 0, max = 100)
+@type:: single: Choice (choices = [Infrastructure, Application])
+@categorization:: single: Choice (choices = [Patch, RCE, XSS, SQLi, Info])
+@reported:: single: Date (displayformat = [%m/%d/%Y])
+@description:: single: String
+@fixed:: single: Choice (choices = [Yes, No])

SECTOR 2016 - G.Tool/demo/demo3d/data/vuln_42353.txt

@@ -0,0 +1,7 @@
+@uri: 10.0.0.17
+@cvss: 6
+@type: Infrastructure
+@categorization: Patch
+@reported: 12/21/15
+@description: Yourself required no at thoughts delicate landlord it be. Branched dashwood do is whatever it. Farther be chapter at visited married in it pressed. By distrusts procuring be oh frankness existence believing instantly if
+@fixed: No

SECTOR 2016 - G.Tool/demo/demo3d/data/vuln_42354.txt

@@ -0,0 +1,8 @@
+@uri: internalapp.local/admin
+@cwe: 90
+@type: Application
+@categorization: SQLi
+@reported: 4/15/16
+@description: Doubtful on an juvenile as of servants insisted.
+Judge why maids led sir whose guest drift her point.
+@fixed: No

SECTOR 2016 - G.Tool/demo/demo3d/data/vuln_42355/_.txt

@@ -0,0 +1,6 @@
+@uri: internalapp.local/portal
+@cwe: 45
+@type: Application
+@categorization: XSS
+@reported: 4/16/16
+@fixed: No

SECTOR 2016 - G.Tool/demo/demo3d/data/vuln_42355/description.txt

@@ -0,0 +1,2 @@
+Him comparison especially friendship was who sufficient attachment favourable how.
+Luckily but minutes ask picture man perhaps are inhabit. How her good all sang more why.

SECTOR 2016 - G.Tool/demo/demo3d/data/vuln_42356/_.txt

@@ -0,0 +1,6 @@
+@uri: otherapp.local
+@cwe: 53
+@type: Application
+@categorization: XSS
+@reported: 4/17/16
+@fixed: Yes

SECTOR 2016 - G.Tool/demo/demo3d/data/vuln_42356/description.txt

@@ -0,0 +1 @@
+For norland produce age wishing. To figure on it spring season up. Her provision acuteness had excellent two why intention.

SECTOR 2016 - G.Tool/demo/demo3d/data/vuln_42357/_.txt

@@ -0,0 +1,6 @@
+@uri: 10.0.0.17
+@cwe: 53
+@type: Infrastructure
+@categorization: RCE
+@reported: 4/18/16
+@fixed: No

SECTOR 2016 - G.Tool/demo/demo3d/data/vuln_42357/description.txt

@@ -0,0 +1 @@
+As called mr needed praise at. Assistance imprudence yet sentiments unpleasant expression met surrounded not. Be at talked ye though secure nearer.

SECTOR 2016 - G.Tool/demo/demo3d/gtool.cfg

@@ -0,0 +1,17 @@
+[output.1]
+plugin: excel
+separator: "\n"
+merge: "\n\n"
+aggregates: averagecwe
+
+[output.2]
+plugin: grid
+separator: "\n"
+merge: "\n\n"
+aggregates: averagecwe
+
+[output.3]
+plugin: json
+separator: "\n"
+merge: "\n\n"
+aggregates: averagecwe

SECTOR 2016 - G.Tool/demo/demo3d/plugins/dummy.py

@@ -0,0 +1,14 @@
+class Dummy():
+
+    #inherit from any class
+    #check from gtool.core.types.core for different base classes
+
+    def __init__(self):
+        pass
+
+    def __test__(self):
+        pass
+
+def load():
+    #load() must return the name of the plugin class without initializing it
+    return Dummy