mirror of
https://github.com/cliffe/SecGen.git
synced 2026-02-20 13:50:45 +00:00
Page:
SecGen schemas
Clone
15
SecGen schemas
Jjk422 edited this page 2016-08-05 13:51:40 +01:00
Table of Contents
SecGen schema files
Where are the schemas found
What do the schemas actually do?
Base schema
Network schema
Service schema
Utility schema
Vulnerability schema
SecGen schema files
SecGen currently has 6 schemas:
- base_metadata_schema.xsd
- network_metadata_schema.xsd
- scenario_schema.xsd
- service_metadata_schema.xsd
- utility_metadata_schema.xsd
- vulnerability_metadata_schema.xsd
Where are the schemas found?
All schemas can be found under the directory SecGen/lib/schemas/.
What do the schemas actually do?
Schemas ensures all secgen_metadata.xml files and scenario files have a valid structure with valid values. Each schema validates the structure of the corresponding XML tag, e.g. the base_metadata_schema.xsd schema ensures the <base> contains the correct base structure.
Base schema
TODO Schema file contains TODO
Minimal bases secgen_metadata.xml file
<?xml version="1.0"?>
<base xmlns="http://www.github/cliffe/SecGen/base"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/base">
<name>“”</name>
<author>“”</author>
<module_licence>MIT // Apache v2 // GPLv3</module_licence>
<description>“”</description>
<type>server // desktop // cli</type>
<platform>“”</platform>
<distro>“”</distro>
<url>“”</url>
</base>
All values for bases secgen_metadata.xml file
<?xml version="1.0"?>
<base xmlns="http://www.github/cliffe/SecGen/base"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/base">
<name>“”</name>
<author>“”</author>
<module_licence>MIT // Apache v2 // GPLv3</module_licence>
<description>“”</description>
<type>server // desktop // cli</type>
<platform>“”</platform>
<distro>“”</distro>
<url>“”</url>
<reference>“”</reference>
<software_name>“”</software_name>
<software_licence>“”</software_licence>
<conflict>
<module_path>“”</module_path>
<name>“”</name>
<author>“”</author>
<module_licence>“”</module_licence>
<description>“”</description>
<type>“”</type>
<platform>linux // unix // windows</platform>
<distro>“”</distro>
<url>“”</url>
<vagrantbase>“”</vagrantbase>
<reference>“”</reference>
<software_licence>“”</software_licence>
</conflict>
<requires>
<module_path>“”</module_path>
<name>“”</name>
<author>“”</author>
<module_licence>“”</module_licence>
<description>“”</description>
<type>“”</type>
<platform>linux // unix // windows</platform>
<distro>“”</distro>
<url>“”</url>
<vagrantbase>“”</vagrantbase>
<reference>“”</reference>
<software_licence>“”</software_licence>
</requires>
</base>
Network schema
Minimal network secgen_metadata.xml file
<?xml version="1.0"?>
<network xmlns="http://www.github/cliffe/SecGen/network"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/network">
<name>“”</name>
<author>“”</author>
<module_license>MIT // Apache v2 // GPLv3</module_license>
<description>“”</description>
<type>public_network // private_network</type>
<range>***.***.***.*** where * is 0-9</range>
</network>
All values network secgen_metadata.xml file
<?xml version="1.0"?>
<network xmlns="http://www.github/cliffe/SecGen/network"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/network">
<name>“”</name>
<author>“”</author>
<module_license>MIT // Apache v2 // GPLv3</module_license>
<description>“”</description>
<type>public_network // private_network</type>
<range>***.***.***.*** where * is 0-9</range>
<conflict>
<name>“”</name>
<author>“”</author>
<module_license>“”</module_licence>
<description>“”</description>
<type>“”</type>
<range>“”</range>
</conflict>
</network>
Service schema
Minimal service secgen_metadata.xml file
<?xml version="1.0"?>
<service xmlns="http://www.github/cliffe/SecGen/service"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/service">
<name>””</name>
<author>””</author>
<module_license>MIT // Apache v2</module_license>
<description>””</description>
<type>””</type>
<platform>linux // unix // windows</platform>
</service>
All values services secgen_metadata.xml file
<?xml version="1.0"?>
<service xmlns="http://www.github/cliffe/SecGen/service"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/service">
<name>””</name>
<author>””</author>
<module_license>MIT // Apache v2</module_license>
<description>””</description>
<type>””</type>
<platform>linux // unix // windows</platform>
<!--optional details-->
<reference>””</reference>
<software_name>””</software_name>
<software_license>””</software_license>
<!--Conflicts ensure no duplicate software installations-->
<conflict>
<software_name>””</software_name>
<conflict>
<module_path>””</module_path>
<name>””</name>
<author>””</author>
<module_license>””</module_license>
<description>””</description>
<type>””</type>
<platform>linux // unix // windows</platform>
<reference>””</reference>
<software_name>””</software_name>
<software_license>””</software_licence>
</conflict>
<!--Requires ensures all prerequisite modules installed-->
<requires>
<module_path>””</module_path>
<name>””</name>
<author>””</author>
<module_license>””</module_licence>
<description>””</description>
<type>””</type>
<platform>linux // unix // windows</platform>
<reference>””</reference>
<software_name>””</software_name>
<software_license>””</software_license>
</requires>
</services>
Utility schema
Minimal utility secgen_metadata.xml file
<?xml version="1.0"?>
<utility xmlns="http://www.github/cliffe/SecGen/utility"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/utility">
<name>””</name>
<author>””</author>
<module_license>MIT // Apache v2</module_license>
<description>””</description>
<type>””</type>
<platform>linux // unix // windows</platform>
</utility>
Utility secgen_metadata.xml file with all available values
<?xml version="1.0"?>
<utility xmlns="http://www.github/cliffe/SecGen/utility"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/utility">
<name>””</name>
<author>””</author>
<module_license>MIT // Apache v2</module_license>
<description>””</description>
<type>””</type>
<platform>linux // unix // windows</platform>
<!--optional details-->
<reference>””</reference>
<software_name>””</software_name>
<software_license>””</software_license>
<!--Conflicts ensure no duplicate software installations-->
<conflict>
<software_name>””</software_name>
<conflict>
<module_path>””</module_path>
<name>””</name>
<author>””</author>
<module_license>””</module_license>
<description>””</description>
<type>””</type>
<platform>linux // unix // windows</platform>
<reference>””</reference>
<software_name>””</software_name>
<software_license>””</software_licence>
</conflict>
<!--Requires ensures all prerequisite modules installed-->
<requires>
<module_path>””</module_path>
<name>””</name>
<author>””</author>
<module_license>””</module_licence>
<description>””</description>
<type>””</type>
<platform>linux // unix // windows</platform>
<reference>””</reference>
<software_name>””</software_name>
<software_license>””</software_license>
</requires>
</utility>
Vulnerability schema
Minimal vulnerability secgen_metadata.xml file
<?xml version="1.0"?>
<vulnerability xmlns="http://www.github/cliffe/SecGen/vulnerability"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
<name>””</name>
<author>””</author>
<module_license>MIT // Apache v2</module_license>
<description>””</description>
<type>””</type>
<privilege>information_leakage // user // root</privilege> ←Todo - Add information leakage to privilege
<access>remote // local</access>
<platform>linux // unix // windows</platform>
</vulnerability>
All values vulnerability secgen_metadata.xml file
<?xml version="1.0"?>
<vulnerability xmlns="http://www.github/cliffe/SecGen/vulnerability"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
<name>””</name>
<author>””</author>
<module_license>MIT // Apache v2</module_license>
<description>””</description>
<type>””</type>
<privilege>information_leakage // user // root</privilege> ←Todo - Add information leakage to privilege
<access>remote // local</access>
<platform>linux // unix // windows</platform>
<!--optional vulnerability details-->
<difficulty>low // medium // high</difficulty>
<cve>CVE-[0-9]{4}-[0-9]{1,39}</cve>
<cvss_base_score>*.* where * is 0-9</cvss_base_score>
<cvss_vector>AV:(L|A|N)/AC:(H|M|L)/Au:(M|S|N)/C:(N|P|C)/I:(N|P|C)/A:(N|P|C)</cvss_vector>
<reference>””</reference>
<software_name>””</software_name>
<software_license>””</software_license>
<!--optional breadcrumb (info that is leaked and required to exploit)-->
<breadcrumb>””</breadcrumb>
<!--optional hints-->
<msf_module>exploit/[a-zA-Z0-9_\-/]+</msf_module>
<hint>””</hint>
<solution>””</solution>
<conflict>
<module_path>””</module_path>
<name>””</name>
<author>””</author>
<module_license>””</module_license>
<description>””</description>
<type>””</type>
<privilege>user // root</privilege>
<access>remote // local</access>
<platform>linux // unix // windows</platform> <-- need to add windows to schema
<difficulty>low // medium // high</difficulty>
<cve>CVE-[0-9]{4}-[0-9]{1,39}</cve>
<cvss_base_score>*.* where * is 0-9</cvss_base_score>
<cvss_vector>AV:(L|A|N)/AC:(H|M|L)/Au:(M|S|N)/C:(N|P|C)/I:(N|P|C)/A:(N|P|C)</cvss_vector>
<reference>””</reference>
<software_name>””</software_name>
<software_license>””</software_license>
<breadcrumb>””</breadcrumb>
<msf_module>exploit/[a-zA-Z0-9_\-/]+</msf_module>
<hint>””</hint>
<solution>”"</solution>
</conflict>
<requires>
<module_path>””</module_path>
<name>””</name>
<author>””</author>
<module_license>””</module_license>
<description>””</description>
<type>””</type>
<privilege>user // root</privilege>
<access>remote // local</access>
<platform>linux // unix // windows</platform> <-- need to add windows to schema
<difficulty>low // medium // high</difficulty>
<cve>CVE-[0-9]{4}-[0-9]{1,39}</cve>
<cvss_base_score>*.* where * is 0-9</cvss_base_score>
<cvss_vector>AV:(L|A|N)/AC:(H|M|L)/Au:(M|S|N)/C:(N|P|C)/I:(N|P|C)/A:(N|P|C)</cvss_vector>
<reference>””</reference>
<software_name>””</software_name>
<software_license>””</software_license>
<breadcrumb>””</breadcrumb>
<msf_module>exploit/[a-zA-Z0-9_\-/]+</msf_module>
<hint>””</hint>
<solution>“”</solution>
</requires>
</vulnerability>
Caution: This wiki is still in development, therefore some parts may not be fully updated, finished or may be missing information