forked from smicallef/spiderfoot
-
Notifications
You must be signed in to change notification settings - Fork 0
/
spiderfoot.schema
97 lines (88 loc) · 2.87 KB
/
spiderfoot.schema
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
-------------------------------------------------------------------------------
-- Name: spiderfoot.schema
-- Purpose: Database schema for SpiderFoot
--
-- Author: Steve Micallef <steve@binarypool.com>
--
-- Created: 10/05/2012
-- Copyright: (c) Steve Micallef 2012
-- Licence: GPL
-------------------------------------------------------------------------------
--
-- Schema is for SQLite but has been left very generic in order to be compatible
-- with any SQL-compliant RDBMS.
--
PRAGMA journal_mode=WAL;
--
-- Descriptions of event types
--
DROP TABLE tbl_event_types;
CREATE TABLE tbl_event_types (
event VARCHAR NOT NULL PRIMARY KEY,
event_descr VARCHAR NOT NULL,
event_raw INT NOT NULL DEFAULT 0
);
--
-- Configuration: The configuration last set.
--
DROP TABLE tbl_config;
CREATE TABLE tbl_config (
scope VARCHAR NOT NULL,
opt VARCHAR NOT NULL,
val VARCHAR NOT NULL,
PRIMARY KEY (scope, opt)
);
--
-- Scan instances: Each scan run by the user against a target.
--
DROP TABLE tbl_scan_instance;
CREATE TABLE tbl_scan_instance (
guid VARCHAR NOT NULL PRIMARY KEY,
name VARCHAR NOT NULL,
seed_target VARCHAR NOT NULL,
created INT DEFAULT 0,
started INT DEFAULT 0,
ended INT DEFAULT 0,
status VARCHAR NOT NULL
);
--
-- Scan events: Log messages generated during the scan.
--
DROP TABLE tbl_scan_log;
CREATE TABLE tbl_scan_log (
scan_instance_id VARCHAR NOT NULL REFERENCES tbl_scan_instance(guid),
generated INT NOT NULL,
component VARCHAR,
type VARCHAR NOT NULL,
message VARCHAR
);
--
-- Scan configs: The configuration used for a scan run.
--
DROP TABLE tbl_scan_config;
CREATE TABLE tbl_scan_config (
scan_instance_id VARCHAR NOT NULL REFERENCES tbl_scan_instance(guid),
component VARCHAR NOT NULL,
opt VARCHAR NOT NULL,
val VARCHAR NOT NULL
);
--
-- Scan results: A collection of events stored in a semi-optimized way.
--
DROP TABLE tbl_scan_results;
CREATE TABLE tbl_scan_results (
scan_instance_id VARCHAR NOT NULL REFERENCES tbl_scan_instance(guid),
hash VARCHAR NOT NULL,
type VARCHAR NOT NULL REFERENCES tbl_event_types(event),
generated INT NOT NULL,
confidence INT NOT NULL DEFAULT 100,
visibility INT NOT NULL DEFAULT 100,
risk INT NOT NULL DEFAULT 0,
module VARCHAR NOT NULL,
data VARCHAR
source_event_hash VARCHAR DEFAULT 'ROOT'
);
CREATE INDEX idx_scan_results_id ON tbl_scan_results (scan_instance_id);
CREATE INDEX idx_scan_results_type ON tbl_scan_results (scan_instance_id, type);
CREATE INDEX idx_scan_results_hash ON tbl_scan_results (hash);
CREATE INDEX idx_scan_logs ON tbl_scan_log (scan_instance_id);