def get_targets(self):
""" callable method - return targets affected by vulnerability"""
# init local list
response = []
self.cur.execute('SELECT * FROM map_cpe_cve WHERE cve_id=?', self.query)
for data in self.cur.fetchall():
# set the CPE identifiers
cpe22_id = data[0]
cpe23_id = data[1]
# set the title
self.cur.execute("SELECT title FROM cpe_db where cpe_id = ?", (cpe22_id,))
title = self.cur.fetchone()
if title is not None:
title = title[0]
# format the response
targets = {"title": title, "cpe2.2": cpe22_id, "cpe2.3": cpe23_id}
response.append(targets)
# set the tag
response = {"targets": response}
return utility.serialize_data(response)
def get_weaknesses(self):
""" callable method - return weaknesses affected by vulnerability"""
# init local list
response = []
self.cur.execute('SELECT * FROM map_cwe_cve WHERE cve_id=?', self.query)
for data in self.cur.fetchall():
cwe_id = data[0]
self.cur.execute("SELECT title,link,class,relations,capec_id FROM cwe_db WHERE cwe_id='%s' " % cwe_id)
cwe_data = self.cur.fetchall()
if cwe_data:
title = cwe_data[0][0]
url = cwe_data[0][1]
cwe_class = cwe_data[0][2]
relationship = cwe_data[0][3]
capec = cwe_data[0][4]
# format the response
weaknesses = {"id": cwe_id,
"parameters": {"class": cwe_class, "title": title,
"relationship": relationship, "url": url,
"attack_patterns": self.enum_capec(capec),
"ranking": {"categorization": self.enum_category(cwe_id),
"wasc": self.enum_wasc(cwe_id),
"att&ck_mitre": self.enum_attack_mitre(capec)}}}
response.append(weaknesses)
# set the tag
response = {"weaknesses": response}
return utility.serialize_data(response)
def search_cve(self):
""" basic search CVE identifiers """
self.result = json.loads(Information(self.id).get_info())
if self.result['description'] != []:
return utility.serialize_data(self.result)
def get_advisory(self):
""" callable method - return bulletins and advisories data """
# init local list
response = []
# get the list of available relevant sources
self.cur.execute("SELECT source FROM advisory_db GROUP BY source")
for source in self.cur.fetchall():
source = source[0].strip()
data = self.enum_bulletins(source)
# get only responses with valid data.
if data:
# format the response
tag = {source: data}
response.append(tag)
# load the patches data to be merged
patches = json.loads(Preventive(self.id).get_patches(),
object_pairs_hook=OrderedDict)
# set the response tag
response = {"preventive": {"bulletins": response, "patches": patches}}
return utility.serialize_data(response)
def get_targets(self):
""" callable method - return targets affected by vulnerability"""
# init local list
targets = []
# count
self.cur.execute('SELECT count(cpe_id) FROM map_cpe_cve WHERE cve_id=?', self.query)
self.count = self.cur.fetchone()
# getting data
self.data = self.cur.execute('SELECT * FROM map_cpe_cve WHERE cve_id=?', self.query)
self.data = self.cur.fetchall()
for i in range(0, self.count[0]):
try:
# setting target title from CPE database
self.cur.execute("SELECT title FROM cpe_db where cpe_id = ?", (self.data[i][0],))
self.title = self.cur.fetchone()
if self.title is not None:
self.title = self.title[0]
response = {"title": self.title, "cpe2.2": self.data[i][0], "cpe2.3": self.data[i][1]}
targets.append(response)
except:
pass
# adding the appropriate tag.
targets = {"targets": targets}
return utility.serialize_data(targets)
def get_patches(self):
""" callable method - return patches & fixed packages data """
# init local list
response = []
# get the list of available relevant vendors (sources)
self.cur.execute("SELECT source FROM patches_db GROUP BY source")
for source in self.cur.fetchall():
source = source[0].strip()
(data, date_published, description) = self.enum_patches(source)
# get only responses with valid data.
if data:
# format the response
tag = {
source: {
"date_published": date_published,
"description": description,
"packages": data
}
}
response.append(tag)
return utility.serialize_data(response)
def get_targets(self):
""" callable method - return targets affected by vulnerability"""
# init local list
response = []
self.cur.execute(
"SELECT configuration FROM map_cpe_cve where cve_id=? GROUP BY configuration order by configuration",
self.query)
for configs in self.cur.fetchall():
self.cur.execute(
'''SELECT * FROM map_cpe_cve WHERE configuration="%s" and cve_id="%s" '''
% (configs[0], self.query[0]))
data = self.cur.fetchall()
config_id = data[0][0]
tag = {"id": config_id, "parameters": self.enum_cpe(data)}
response.append(tag)
# set tag
response = {"targets": response}
return utility.serialize_data(response)
def search_cpe(self):
""" basic search for CPE identifiers """
if not self.id.startswith("cpe:/") and not self.id.startswith("cpe:2.3:"):
response = utility.serialize_error(False, self.id, "Not a valid CPE identifier")
return response
# check whether is CPE 2.2 or CPE 2.3
if "cpe:2.3" in self.id:
col = "cpe23_id"
if "cpe:/" in self.id:
col = "cpe_id"
# query the database
self.cur.execute("SELECT cve_id FROM map_cpe_cve WHERE {tn} = ? ORDER BY cve_id DESC".format(tn=col),
self.query)
data = self.cur.fetchall()
if data:
# init dict
cve = []
for cve_id in data:
cve.append(cve_id[0])
# set the response
response = {"id": self.id, "vulnerability": cve}
return utility.serialize_data(response)
def get_cvss(self):
""" callable method - return both CVSS 2 and 3 scores"""
cvss_2 = json.loads(self.get_cvss2())
cvss_3 = json.loads(self.get_cvss3())
cvss_2.update(cvss_3)
# formatting the response
response = {"risk": {"cvss": cvss_2}}
return utility.serialize_data(response)
def get_all(self):
""" callable method - return both targets and weaknesses affected by vulnerability"""
targets = json.loads(self.get_targets(), object_pairs_hook=OrderedDict)
weaknesses = json.loads(self.get_weaknesses(), object_pairs_hook=OrderedDict)
targets.update(weaknesses)
# format the response
response = {"classification": targets}
return utility.serialize_data(response)
def get_all(self):
""" callable method - return both remote and local scanners signatures"""
remote = json.loads(self.get_remote(), object_pairs_hook=OrderedDict)
local = json.loads(self.get_local(), object_pairs_hook=OrderedDict)
remote.update(local)
# set the tag
response = {"inspection": remote}
return utility.serialize_data(response)
def get_all(self):
""" callable method - return both remote and local scanners signatures"""
advisory = json.loads(Preventive(self.id).get_advisory())
rules = json.loads(Detective(self.id).get_rules())
advisory.update(rules)
# formatting the response
response = {"defense": advisory}
return utility.serialize_data(response)
def get_all(self):
""" callable method - return basic and references as json"""
info = json.loads(self.get_info())
references = json.loads(self.get_references())
# merge
info.update(references)
# formatting the response
response = {"information": info}
return utility.serialize_data(response)
def search_cwe(self):
""" basic search CWE identifiers """
# set the CWE as uppercase
self.cwe = self.id.upper()
# check if valid CWE
if not self.cwe.startswith('CWE-'):
response = utility.serialize_error(False, self.id,
"Not a valid CWE identifier")
return response
# query the database
self.cur.execute(
"SELECT title,class,link FROM cwe_db WHERE cwe_id=? ",
(self.cwe, ))
cwe_data = self.cur.fetchone()
if cwe_data:
# set the CWE data
title = cwe_data[0]
cwe_class = cwe_data[1]
url = cwe_data[2]
# query the database
self.cur.execute(
"SELECT cve_id from map_cwe_cve where cwe_id=? ORDER BY cve_id DESC",
(self.cwe, ))
data = self.cur.fetchall()
if data:
# init dict
cve = []
for cve_id in data:
cve.append(cve_id[0])
# set the response
response = {
"id": self.cwe,
"parameters": {
"title": title,
"class": cwe_class,
"url": url
},
"vulnerability": cve
}
return utility.serialize_data(response)
def __init__(self, identifier, cursor="", query=""):
# init test
response = json.loads(utility.init())
if not response["success"]:
print(utility.serialize_data(response))
sys.exit()
# case CVE lower
if "cve" in identifier:
identifier = identifier.upper()
self.identifier = identifier
self.cur = cursor
self.query = query
self.db = utility.set_db_file()
def get_cvss3(self):
""" callable method - return CVSS 3 score"""
# init
response = {}
# getting cvss data
self.cur.execute('SELECT * FROM cvss_scores WHERE cve_id=?',
self.query)
self.datas = self.cur.fetchall()
for data in self.datas:
# setting cvss3 vectors
self.cvss3_base = data[10]
self.cvss3_impact = data[11]
self.cvss3_exploit = data[12]
self.cvss3_vector = data[13]
self.cvss3_attack_vector = data[14]
self.cvss3_attack_complexity = data[15]
self.cvss3_privileges_required = data[16]
self.cvss3_user_interaction = data[17]
self.cvss3_scope = data[18]
self.cvss3_conf_impact = data[19]
self.cvss3_int_impact = data[20]
self.cvss3_avail_impact = data[21]
# formatting the response
response = {
"vector": self.cvss3_vector,
"base_score": self.cvss3_base,
"impact_score": self.cvss3_impact,
"exploit_score": self.cvss3_exploit,
"attack_vector": self.cvss3_attack_vector,
"attack_complexity": self.cvss3_attack_complexity,
"privileges_required": self.cvss3_privileges_required,
"user_interaction": self.cvss3_user_interaction,
"score": self.cvss3_scope,
"confidentiality_impact": self.cvss3_conf_impact,
"integrity_impact": self.cvss3_int_impact,
"availability_impact": self.cvss3_avail_impact
}
# adding the appropriate tag.
response = {"cvss3": response}
return utility.serialize_data(response)
def get_weaknesses(self):
""" callable method - return weaknesses affected by vulnerability"""
# init local list
weaknesses = []
# count
self.cur.execute('SELECT count(cwe_id) FROM map_cwe_cve WHERE cve_id=?', self.query)
self.count = self.cur.fetchone()
# getting data
self.data = self.cur.execute('SELECT * FROM map_cwe_cve WHERE cve_id=?', self.query)
self.data = self.cur.fetchall()
# extracting CWE/CAPEC/WASC/CATEROGIES
for i in range(0, self.count[0]):
try:
self.cwe_id = self.data[i][0]
self.cur.execute(
"SELECT title,link,class,relations,capec_id FROM cwe_db WHERE cwe_id='%s' " % self.cwe_id)
self.data_2 = self.cur.fetchall()
# setting parameters
self.title = self.data_2[0][0]
self.url = self.data_2[0][1]
self.cwe_class = self.data_2[0][2]
self.relation = self.data_2[0][3]
self.capec = self.data_2[0][4]
# formatting the response
response = {"id": self.data[i][0],
"parameters": {"class": self.cwe_class, "title": self.title,
"relationship": self.relation, "url": self.url,
"attack_patterns": self.enum_capec(),
"ranking": {"category": self.enum_category(),
"wasc": self.enum_wasc()}}}
weaknesses.append(response)
except:
pass
# adding the appropriate tag.
weaknesses = {"weaknesses": weaknesses}
return utility.serialize_data(weaknesses)
def get_cvss2(self):
""" callable method - return CVSS 2 score"""
# init
response = {}
# getting cvss data
self.cur.execute('SELECT * FROM cvss_scores WHERE cve_id=?',
self.query)
self.datas = self.cur.fetchall()
for data in self.datas:
# setting cvss2 vectors
self.cvss2_base = data[0]
self.cvss2_impact = data[1]
self.cvss2_exploit = data[2]
self.cvss2_vector = data[3]
self.cvss2_access_vector = data[4]
self.cvss2_access_complexity = data[5]
self.cvss2_authentication = data[6]
self.cvss2_conf_impact = data[7]
self.cvss2_int_impact = data[8]
self.cvss2_avail_impact = data[9]
# formatting the response
response = {
"vector": self.cvss2_vector,
"base_score": self.cvss2_base,
"impact_score": self.cvss2_impact,
"exploit_score": self.cvss2_exploit,
"access_vector": self.cvss2_access_vector,
"access_complexity": self.cvss2_access_complexity,
"authentication": self.cvss2_authentication,
"confidentiality_impact": self.cvss2_conf_impact,
"integrity_impact": self.cvss2_int_impact,
"availability_impact": self.cvss2_avail_impact
}
# adding the appropriate tag.
response = {"cvss2": response}
return utility.serialize_data(response)
def get_local(self):
""" callable method - local scanners signatures """
# init response dict
response = []
self.cur.execute(
"SELECT source FROM scanners_db WHERE source LIKE '%oval%' and cve_id=? GROUP BY source",
self.query)
for source in self.cur.fetchall():
source = source[0].strip()
data = self.enum_signatures(source)
tag = {source: data}
response.append(tag)
# set the tag
response = {"local": response}
return utility.serialize_data(response)
def get_advisory(self):
""" callable method - return bulletins and advisories data """
# init local list
advisory = []
self.cur.execute("SELECT source FROM advisory_db GROUP BY source")
for data in self.cur.fetchall():
self.source = data[0].strip()
responses = self.enum_bulletins()
# get only responses with valid data. Otherwise the json will be huge (a lot of sources :) )
if responses is not None:
response = {self.source: responses}
advisory.append(response)
# adding the appropriate tag.
advisory = {"preventive": advisory}
return utility.serialize_data(advisory)
def get_rules(self):
""" callable method - return IPS and IDS signatures """
# init local list
rules = []
self.cur.execute("SELECT source FROM detection_db GROUP BY source")
for data in self.cur.fetchall():
self.source = data[0].strip()
responses = self.enum_rules()
# get only responses with valid data. Otherwise the json will be huge (a lot of sources :) )
if responses is not None:
response = {self.source: responses}
rules.append(response)
# adding the appropriate tag.
rules = {"detective": rules}
return utility.serialize_data(rules)
def get_references(self):
""" callable method - return vulnerability references """
# init local list
references = []
self.cur.execute('SELECT * FROM map_refs_cve WHERE cve_id=?',
self.query)
for data in self.cur.fetchall():
# setting reference info
vendor = data[0]
url = data[1]
# formatting the response
response = {"vendor": vendor, "url": url}
references.append(response)
# adding the appropriate tag.
references = {"references": references}
return utility.serialize_data(references)
def search_cve(self):
""" basic search CVE identifiers """
# set the CVE as uppercase
self.id = self.id.upper()
# check if valid CVE
if not self.id.startswith('CVE-'):
response = utility.serialize_error(False, self.id, "Not a valid CVE identifier")
return response
# load CVE data
response = json.loads(Information(self.id).get_info())
exploits = json.loads(Exploitation(self.id).get_exploits())
if response['description'] != []:
# new tag added to search whenever an exploits is available
if exploits['exploitation'] != []:
response.update(exploits)
return utility.serialize_data(response)
def get_rules(self):
""" callable method - return IPS and IDS signatures """
# init local list
response = []
self.cur.execute("SELECT source FROM detection_db GROUP BY source")
for source in self.cur.fetchall():
source = source[0].strip()
data = self.enum_rules(source)
# get only responses with valid data. Otherwise the json will be huge (a lot of sources :) )
if data:
tag = {source: data}
response.append(tag)
# set tag.
response = {"detective": response}
return utility.serialize_data(response)
def search_cpe(self):
""" basic search for CPE identifiers """
if "cpe" not in self.id:
response = utility.serialize_error(False, self.id,
"Not a valid CPE identifier")
return response
# check whether is CPE 2.2 or CPE 2.3
if "cpe:2.3" in self.id:
col = "cpe23_id"
if "cpe:/" in self.id:
col = "cpe_id"
self.cur.execute(
"SELECT count(DISTINCT {tn}) FROM map_cpe_cve WHERE {tn} = ? ORDER BY cve_id DESC"
.format(tn=col), self.query)
self.count_cpe = self.cur.fetchone()
self.cur.execute(
"SELECT * FROM map_cpe_cve WHERE {tn} = ? ORDER BY cve_id DESC".
format(tn=col), self.query)
data = self.cur.fetchall()
if data:
for i in range(0, self.count_cpe[0]):
# init dict
cve = []
self.cur.execute(
"SELECT cve_id FROM map_cpe_cve WHERE {tn} = ? ORDER BY cve_id DESC"
.format(tn=col), self.query)
for cve_id in self.cur.fetchall():
cve.append(cve_id[0])
item = {"id": self.id, "vulnerability": cve}
self.result.append(item)
return utility.serialize_data(self.result)
def get_advisory(self):
""" callable method - return bulletins and advisories data """
# init local list
response = []
self.cur.execute("SELECT source FROM advisory_db GROUP BY source")
for source in self.cur.fetchall():
source = source[0].strip()
data = self.enum_bulletins(source)
# get only responses with valid data.
if data:
# format the response
tag = {source: data}
response.append(tag)
# set tag
response = {"preventive": response}
return utility.serialize_data(response)
def get_packages(self):
""" callable method - return affected packages & libraries (vendor, product, version) by vulnerability"""
# init local list
response = []
self.cur.execute("SELECT vendor FROM packages_db WHERE cve_id=? GROUP BY vendor", self.query)
for vendor in self.cur.fetchall():
vendor = vendor[0].strip()
data = self.enum_packages(vendor)
# get only responses with valid data.
if data:
# format the response
tag = {vendor: data}
response.append(tag)
# set tag
response = {"packages": response}
return utility.serialize_data(response)
def get_exploits(self):
""" callable method - return exploits and PoC signatures"""
# init local list
exploits = []
self.cur.execute("SELECT source FROM exploits_db GROUP BY source")
self.datas = self.cur.fetchall()
for data in self.datas:
self.source = data[0].strip()
responses = self.enum_exploits()
# get only responses with valid data. Othewise the json will be huge (a lot of sources :) )
if responses is not None:
response = {self.source: responses}
exploits.append(response)
# adding the appropriate tag.
exploits = {"exploitation": exploits}
return utility.serialize_data(exploits)
def get_exploits(self):
""" callable method - return exploits and PoC signatures"""
# init local list
response = []
self.cur.execute("SELECT source FROM exploits_db GROUP BY source")
for source in self.cur.fetchall():
source = source[0].strip()
data = self.enum_exploits(source)
# get only responses with valid data.
if data:
# format the response
tag = {source: data}
response.append(tag)
# set the tag
response = {"exploitation": response}
return utility.serialize_data(response)
def get_info(self):
""" callable method - return vulnerability basic info as JSON """
# init local list
response = []
self.cur.execute('SELECT * FROM cve_db WHERE cve_id=?', self.query)
for data in self.cur.fetchall():
# format the response
information = {
"id": self.id,
"parameters": {
"published": data[1],
"modified": data[2],
"summary": data[3]
}
}
response.append(information)
# set the tag
response = {"description": response}
return utility.serialize_data(response)
