@@ -847,17 +847,19 @@ def cmd_creds(*args)
847847 def cmd_notes_help
848848 print_line "Usage: notes [-h] [-t <type1,type2>] [-n <data string>] [-a] [addr range]"
849849 print_line
850- print_line " -a,--add Add a note to the list of addresses, instead of listing"
851- print_line " -d,--delete Delete the hosts instead of searching"
852- print_line " -n,--note <data> Set the data for a new note (only with -a)"
853- print_line " -t <type1,type2> Search for a list of types"
854- print_line " -h,--help Show this help information"
855- print_line " -R,--rhosts Set RHOSTS from the results of the search"
856- print_line " -S,--search Search string to filter by"
850+ print_line " -a,--add Add a note to the list of addresses, instead of listing"
851+ print_line " -d,--delete Delete the hosts instead of searching"
852+ print_line " -n,--note <data> Set the data for a new note (only with -a)"
853+ print_line " -t <type1,type2> Search for a list of types"
854+ print_line " -h,--help Show this help information"
855+ print_line " -R,--rhosts Set RHOSTS from the results of the search"
856+ print_line " -S,--search Regular expression to match for search"
857+ print_line " --sort <field1,field2> Fields to sort by (case sensitive)"
857858 print_line
858859 print_line "Examples:"
859860 print_line " notes --add -t apps -n 'winzip' 10.1.1.34 10.1.20.41"
860861 print_line " notes -t smb.fingerprint 10.1.1.34 10.1.20.41"
862+ print_line " notes -S 'nmap.nse.(http|rtsp)' --sort type,output"
861863 print_line
862864 end
863865
@@ -892,10 +894,12 @@ def cmd_notes(*args)
892894 return
893895 end
894896 types = typelist . strip ( ) . split ( "," )
895- when '-R' , '--rhosts'
897+ when '-R' , '--rhosts'
896898 set_rhosts = true
897899 when '-S' , '--search'
898900 search_term = /#{ args . shift }
901+ when '--sort'
902+ sort_term = args . shift
899903 when '-h' , '--help'
900904 cmd_notes_help
901905 return
@@ -942,6 +946,43 @@ def cmd_notes(*args)
942946 !n . attribute_names . any? { |a | n [ a . intern ] . to_s . match ( search_term ) }
943947 end
944948 end
949+
950+ # Sort the notes based on the sort_term provided
951+ if sort_term != nil
952+ sort_terms = sort_term . split ( "," )
953+ note_list . sort_by! do |note |
954+ orderlist = [ ]
955+ sort_terms . each do |term |
956+ term = "ntype" if term == "type"
957+ term = "created_at" if term == "time"
958+ if term == nil
959+ orderlist << ""
960+ elsif term == "service"
961+ if note . service != nil
962+ orderlist << make_sortable ( note . service . name )
963+ end
964+ elsif term == "port"
965+ if note . service != nil
966+ orderlist << make_sortable ( note . service . port )
967+ end
968+ elsif term == "output"
969+ orderlist << make_sortable ( note . data [ "output" ] )
970+ elsif note . respond_to? ( term )
971+ orderlist << make_sortable ( note . send ( term ) )
972+ elsif note . respond_to? ( term . to_sym )
973+ orderlist << make_sortable ( note . send ( term . to_sym ) )
974+ elsif note . respond_to? ( "data" ) && note . send ( "data" ) . respond_to? ( term )
975+ orderlist << make_sortable ( note . send ( "data" ) . send ( term ) )
976+ elsif note . respond_to? ( "data" ) && note . send ( "data" ) . respond_to? ( term . to_sym )
977+ orderlist << make_sortable ( note . send ( "data" ) . send ( term . to_sym ) )
978+ else
979+ orderlist << ""
980+ end
981+ end
982+ orderlist
983+ end
984+ end
985+
945986 # Now display them
946987 note_list . each do |note |
947988 next if ( types and types . index ( note . ntype ) . nil? )
@@ -974,6 +1015,22 @@ def cmd_notes(*args)
9741015 }
9751016 end
9761017
1018+ def make_sortable ( input )
1019+ case input . class
1020+ when String
1021+ input = input . downcase
1022+ when Fixnum
1023+ input = "%016" % input
1024+ when Time
1025+ input = input . strftime ( "%Y%m%d%H%M%S%L" )
1026+ when NilClass
1027+ input = ""
1028+ else
1029+ input = input . inspect . downcase
1030+ end
1031+ input
1032+ end
1033+
9771034 def cmd_loot_help
9781035 print_line "Usage: loot <options>"
9791036 print_line " Info: loot [-h] [addr1 addr2 ...] [-t <type1,type2>]"
0 commit comments