Documentation

[simulationKYLE]

Can you provide further insight to what is the command line arguments specifically revolving around the schema. For example, if I have a json of FTP results. Here is what I have tried with Python errors revolving around the schema name:

zschema elasticsearch zgrab2-ftp ftp.json

Any further insight would be helpful. Thank you.

[zakird]

What are you trying to accomplish?

[simulationKYLE]

take my ftp.json file and make it into the ElasticSearch format...but as I type this...json is already good to go for ElasticSearch...so I probably don't need to convert it, correct?

[zakird]

Yeah, so zschema is mostly going to allow you to define the schema that you tell elasticsearch ftp.json is in so that it knows how to interpret that data.

[simulationKYLE]

what the [file] that zschema needs? Is that just a file where the output schema goes?

[simulationKYLE]

I guess what I'm asking what is a example command line argument for FTP results from zgrab2 that are in json format?

[tdsnoke]

Hello, I am working with komeara1 on this activity.
I think a different way to ask the question is how do you either add schemas to the zschema registry or use the schemas from zmap to identify the module.
If I look in the file: zgrab2/zgrab2_schemas/zgrab2/ftp.py
it says that it registers zgrab2-ftp globally, is there a way to test it running
zschema elasticsearch zgrab2-ftp:ftp_scan_response ftp.json
produces an error.

Traceback (most recent call last):
  File "/usr/local/bin/zschema", line 11, in <module>
    load_entry_point('zschema==0.10.2', 'console_scripts', 'zschema')()
  File "/usr/local/lib/python2.7/dist-packages/zschema-0.10.2-py2.7.egg/zschema/__main__.py", line 74, in main
    load_source('module', path)
IOError: [Errno 2] No such file or directory

[sei-mwd]

There is a bug in zschema:

zschema --module zgrab2_schemas.zgrab2 elasticsearch zgrab2-ftp /mnt/hgfs/Shared/ftp_dod_cidr.json
Traceback (most recent call last):
  File "/usr/local/bin/zschema", line 11, in <module>
    load_entry_point('zschema==0.10.2', 'console_scripts', 'zschema')()
  File "/home/juser/.local/lib/python2.7/site-packages/zschema/__main__.py", line 87, in main
    print json.dumps(record.to_es(recname))
UnboundLocalError: local variable 'recname' referenced before assignment

Removing recname from the to_es() call seems to fix this bug. You should probably check the other to_X() calls, as using recname is not correct most of the time.

[zakird]

Thanks for the notes here. @sei-mwd, I think this bug is unrelated to the question on hand. Would you be willing to open a separate issue so that we can track this?

Instead of answering the documentation questions here, I'm going to try to update the project's README with how you can actually use the tool, then loop back here and see if it explains explain. That way we can hopefully help future folks as well.

[sei-mwd]

Filed as #64.

[zakird]

I've pushed some documentation to README in master.