f_description = unicode(exploit.findtext('description')).encode('iso-8859-1').decode('cp1252') f_description = f_description.replace("\\'", "'").replace('\\x', "0x") f_source = exploit.findtext('source') f_level = exploit.findtext('rank') or 'Unknown' # exploiter experience level estimate f_rank = exploit.findtext('exploitrank') or 'Unknown' # rank of the exploit # exploit records can have multiple Nexpose vulnerabilitiy identifiers f_vulnid = [] for nex_id in exploit.findall("vulnerabilities/vulnerability"): f_vulnid.append(nex_id.get('id').lower()) res = add_exploit( cve=None, vuln_ids=f_vulnid, f_name=f_name, f_title=f_title, f_description=f_description, f_source=f_source, f_level=f_level, f_rank=f_rank, ) if res > 0: counter += 1 else: log("Error importing exploit: %s" % f_name, logging.ERROR) connect_exploits() log("%d exploits added/updated" % counter) return True ##----------------------------------------------------------------------------
cve = exploit.get('cve') # sometimes they forget to put CVE- in front of the CVE ID if not cve.startswith('CVE-'): cve = "CVE-%s" % (cve) f_name = exploit.get('desc') f_title = exploit.get('name') # seems backwards but not f_description = f_title f_source = 'canvas' f_rank = 'average' # rank is not defined in xml, default to average f_level = 'Intermediate' # level is not defined in xml, default to Intermediate res = add_exploit( cve=cve, f_name=f_name, f_title=f_title, f_description=f_description, f_source=f_source, f_rank=f_rank, f_level=f_level, ) if res > 0: counter += 1 else: logger.error("Error importing exploit: %s" % (f_name)) connect_exploits() logging.info("%d exploits added/updated" % (counter)) return True ##----------------------------------------------------------------------------