def get_cve_enrichment_new(cve_id):
cve = CVESearch(CVESSEARCH_API_URL)
result = cve.id(cve_id)
cve_enriched = dict()
cve_enriched['id'] = cve_id
cve_enriched['cvss'] = result['cvss']
cve_enriched['summary'] = result['summary']
return cve_enriched
def searcher():
try:
cve = CVESearch()
targetvuln = str(open('banners.txt', 'r'))
morevuln = str(cve.search(targetvuln))
newfile = open("cvelist.txt", "w")
newfile.write(morevuln)
targetvuln.close()
newfile.close()
except:
return
def get_from_pycvesearch(self,
cache: bool = True,
read_cache: bool = True) -> any:
if os.path.exists(self.get_file_name()) and read_cache:
with open(self.get_file_name(), "r") as cvefile:
try:
content = json.load(cvefile)
except Exception:
content = self.get_from_pycvesearch(cache=cache,
read_cache=False)
else:
print("-", end="")
tmp = None
failed_cound = 0
while tmp == None:
try:
tmp = CVESearch().id(self.id)
except Exception:
print("Trouble fetching ", self.id, failed_cound)
import time
failed_cound += 1
time.sleep(failed_cound)
content = tmp
if cache:
self.cache_cve(content)
return content
def search_vulnerability(package_name, package_version):
cve = CVESearch()
ret = 0
print("search vulnerabilities for package: " + package_name + " version: " + package_version)
resp = cve.search(package_name)
for entry in resp["data"]:
vulnerable_product_list = entry["vulnerable_product"]
vulnerable_configuration_list = entry["vulnerable_configuration"]
vulnerabilities = set(vulnerable_product_list + vulnerable_configuration_list)
for product in vulnerabilities:
product_info = product.split(':')
product_name = product_info[4]
product_version = product_info[5]
if package_name == product_name and package_version == product_version:
print("found vulnerability: " + entry["summary"])
ret = 1
return ret
def setup():
global CPEs, CVE
CVE = CVESearch()
cpes_file = 'official-cpe-dictionary_v2.3.xml.gz'
file_url = 'https://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz'
print('Downloading CPE dictionary from NIST ...')
r = requests.get(file_url)
open(cpes_file,'wb').write(r.content)
infile = gzip.open(cpes_file)
content = infile.read()
print('Parsing XML ...')
dom = parseString(content)
print('Getting CPEs ...')
CPEs = dom.getElementsByTagName('cpe-item')
print('Ready to scan urls')
# before continuing.(use [~docs]!)
# minimum and maximum screenshots we
# want Shodan to send.
MIN_SCREENS = 1
MAX_SCREENS = 1
# manual version numbers
vernum= "0.20"
branch = "current"
# library declarations
client = discord.Client()
cve = CVESearch()
# Shodan token goes here
shodan = Shodan('')
# discord bot token goes here
TOKEN = ''
# giving some notification that the discord bot is ready.
@client.event
async def on_ready():
print("Discord Bot: Ready!")
def setUp(self):
self.cve = CVESearch()
class TestPyCVESearch(unittest.TestCase):
def setUp(self):
self.cve = CVESearch()
def test_browse(self):
self.cve.browse('microsoft')
def test_search(self):
self.cve.search('microsoft/office')
def test_id(self):
self.cve.id('CVE-2014-0160')
def test_last(self):
self.cve.last()
def test_last_50(self):
self.cve.last(50)
def test_dbinfo(self):
self.cve.dbinfo()
def test_cpe22(self):
self.cve.cpe22('cpe:2.3:a:microsoft:office:2011:-:mac')
def test_cpe23(self):
self.cve.cpe23('cpe/a:microsoft:office:2011:-:mac')
def test_cvefor(self):
self.cve.cvefor('cpe:/a:microsoft:office:2011::mac')
def parseXML(xml_filename=""):
xml_re = re.compile("\.xml")
comma_re = re.compile(",")
db_filename = xml_re.sub('.db', xml_filename)
conn = sqlite3.connect(db_filename)
cursor = conn.cursor()
create_query = "CREATE TABLE IF NOT EXISTS cve_details (title, published, cve_desc, cvss DOUBLE);"
cursor.execute(create_query)
create_query = "CREATE TABLE IF NOT EXISTS reference (ref_url, ref_desc, cve_id);"
cursor.execute(create_query)
create_query = "CREATE TABLE IF NOT EXISTS affected_systems (vendor, product, ver, cve_id);"
cursor.execute(create_query)
truncate_query = "DELETE FROM cve_details;"
cursor.execute(truncate_query)
truncate_query = "DELETE FROM reference;"
cursor.execute(truncate_query)
truncate_query = "DELETE FROM affected_systems;"
cursor.execute(truncate_query)
conn.commit()
conn.close()
try:
root_node = parse(xml_filename)
cve_dict = {}
cve = CVESearch()
epoch = datetime(1970, 1, 1)
benchtime = (datetime.now() - relativedelta.relativedelta(months=3))
benchtimestamp = int((benchtime - epoch).total_seconds())
vulnerabilities = root_node.getElementsByTagName("Vulnerability")
for vulnerability in vulnerabilities:
title = vulnerability.getElementsByTagName(
"Title")[0].firstChild.nodeValue
notes = vulnerability.getElementsByTagName("Notes")
for note in notes:
stored_notes = note.getElementsByTagName("Note")
desc = ""
published = 0
for stored_note in stored_notes:
type = stored_note.getAttribute("Type")
if type == "Description":
desc = stored_note.firstChild.nodeValue
if type == "Other":
note_title = stored_note.getAttribute("Title")
if note_title == "Published":
published_time = stored_note.firstChild.nodeValue
published = int((
datetime.strptime(published_time, "%Y-%m-%d") -
epoch).total_seconds())
if published >= benchtimestamp:
ref_list = []
try:
references = vulnerability.getElementsByTagName(
"References")
stored_references = references[0].getElementsByTagName(
"Reference")
for reference in stored_references:
url = reference.getElementsByTagName(
"URL")[0].firstChild.nodeValue
ref_desc = reference.getElementsByTagName(
"Description")[0].firstChild.nodeValue
ref_list.append({"url": url, "desc": ref_desc})
except Exception as e:
print(e.with_traceback, end='\r', flush=True)
conn = sqlite3.connect(db_filename)
cursor = conn.cursor()
insert_query = "INSERT INTO cve_details VALUES (?, ?, ?, ?);"
insert_values = (title, published, desc, 0.0)
cursor.execute(insert_query, insert_values)
stored_id = cursor.lastrowid
insert_query = "INSERT INTO reference VALUES (?, ?, ?);"
for reference in ref_list:
insert_values = (reference["url"], reference["desc"],
stored_id)
cursor.execute(insert_query, insert_values)
conn.commit()
conn.close()
try:
result = cve.id(title)
affected_systems = result["vulnerable_configuration"]
conn = sqlite3.connect(db_filename)
cursor = conn.cursor()
insert_query = "INSERT INTO affected_systems VALUES (?, ?, ?, ?);"
for affected_system in affected_systems:
cpe = affected_system["id"]
cpe_values = cpe.split(":")
vendor = cpe_values[3]
product = cpe_values[4]
try:
version = cpe_values[5]
except:
version = ""
insert_values = (vendor, product, version, stored_id)
cursor.execute(insert_query, insert_values)
conn.commit()
cvss = float(result["cvss"])
update_query = "UPDATE cve_details SET cvss=:cvss WHERE rowid = :rowid;"
update_values = {"cvss": cvss, "rowid": stored_id}
cursor.execute(update_query, update_values)
conn.commit()
conn.close()
except Exception as e:
print(e, end='\r', flush=True)
result = {}
print("[*] Parsing data for {}".format(title),
end='\r',
flush=True)
output_filename = xml_re.sub(".csv", xml_filename)
csv_data = "Sr. No, Title, Description, Published, Severity, Affected System, References\n"
srno = 1
confs = readConf()
conn = sqlite3.connect(db_filename)
cursor_product = conn.cursor()
for desc in confs.keys():
product = confs[desc]["product"]
vendor = confs[desc]["vendor"]
version = confs[desc]["version"]
sql_query = "SELECT * FROM affected_systems WHERE product=:product AND vendor=:vendor;"
values = {"product": product, "vendor": vendor}
results = cursor_product.execute(sql_query, values)
cursor_cve = conn.cursor()
cursor_ref = conn.cursor()
for row in results:
(as_vendor, as_product, as_version, cve_id) = row
sql_query = "SELECT * FROM cve_details WHERE rowid=:rowid ORDER BY cvss DESC;"
values = {"rowid": cve_id}
cve_results = cursor_cve.execute(sql_query, values)
for cve_details in cve_results:
title = cve_details[0]
published = datetime.utcfromtimestamp(
cve_details[1]).strftime('%Y-%m-%d')
cve_desc = unicodedata.normalize(
'NFKD',
cve_details[2]).encode('ascii',
'ignore').decode('ascii')
cve_desc = comma_re.sub(";", cve_desc)
cvss = cve_details[3]
references = ""
sql_query = "SELECT * FROM reference WHERE cve_id=:rowid;"
refs = cursor_ref.execute(sql_query, values)
for ref in refs:
references += "{} ({});".format(ref[1], ref[0])
csv_data += "{}, {}, \"{}\", {}, {}, {}, {}\n".format(
srno, title, cve_desc, published, cvss, desc,
references)
srno += 1
conn.close()
csv_file = open(output_filename, "w")
csv_file.write(csv_data)
csv_file.close()
print("[*] Output written to {}".format(output_filename))
except Exception as e:
print("[-] Unable to parse XML file. {}".format(e))
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sys
import json
from pycvesearch import CVESearch
if len(sys.argv) < 4:
print('Syntax \'python ./CVESearch.py [vendor] [product] [version]\'')
exit(1)
cve = CVESearch()
vendor = sys.argv[1]
product = sys.argv[2]
version = sys.argv[3]
search_string = 'cpe:/a:{0}:{1}:{2}'.format(vendor, product, version)
print(search_string)
results = cve.cvefor(search_string)
print(results)
for cve in results:
print(cve['id'])
print(cve['cvss'])
def cve(all, vendor, product, push):
"""
Search CVEs and CPEs from cve-search enabled DB, import them.
Search in CVE (Common Vulnerabilities and Exposures) and
CPE (Common Platform Enumeration)and import them to RVD.
Makes use of the following:
- https://github.com/cve-search/PyCVESearch
- (indirectly) https://github.com/cve-search/cve-search
"""
# cve = CVESearch()
cyan("Searching for CVEs and CPEs with cve-search ...")
from pycvesearch import CVESearch
if all:
if vendor:
cve = CVESearch()
vendor_flaws = cve.browse(vendor)
products = vendor_flaws['product']
for product in products:
results = cve.search(vendor + "/" + product)
# Start producing flaws in here
for result in results['results']:
# pprint.pprint(result)
document = default_document() # get the default document
# Add relevant elements to the document
document['title'] = result['summary'][:65]
document['type'] = "vulnerability"
document['description'] = result['summary']
document['cve'] = result['id']
document['cwe'] = result['cwe']
document['severity']['cvss-vector'] = "CVSS:3.0/" + str(
result['cvss-vector'])
document['severity']['cvss-score'] = result['cvss']
document['links'] = result['references']
document['flaw']['reported-by'] = result['assigner']
document['flaw']['date-reported'] = arrow.get(
result['Published']).format('YYYY-MM-DD')
# Create a flaw out of the document
flaw = Flaw(document)
# new_flaw = edit_function(0, subsequent=False, flaw=flaw)
new_flaw = flaw
if new_flaw:
print(new_flaw)
else:
continue
if push:
pusher = Base(
) # instantiate the class to push changes
labels = ['vulnerability']
vendor_label = "vendor: " + str(vendor)
labels.append(vendor_label)
# new_keywords = ast.literal_eval(new_flaw.keywords)
# for l in new_keywords:
# labels.append(l)
issue = pusher.new_ticket(new_flaw, labels)
# Update id
new_flaw.id = issue.number
# Update issue and links
if isinstance(new_flaw.links, list):
links = new_flaw.links
else:
links = []
if new_flaw.links.strip() != "":
links.append(new_flaw.links.strip())
links.append(issue.html_url)
new_flaw.links = links
new_flaw.issue = issue.html_url
if flaw.title[:4] != "RVD#": # already has the syntax
new_title = "RVD#" + str(
issue.number) + ": " + flaw.title
flaw.title = new_title
pusher.update_ticket(issue, new_flaw)
else:
red("Error, vendor is required with --all")
sys.exit(1)
return
if vendor and product:
cve = CVESearch()
cyan("Searching for vendor/product: ", end="")
print(vendor + "/" + product)
results = cve.search(vendor + "/" + product)
# Start producing flaws in here
for result in results['results']:
# pprint.pprint(result)
document = default_document() # get the default document
# Add relevant elements to the document
document['title'] = result['summary'][:65]
document['description'] = result['summary']
document['cve'] = result['id']
document['cwe'] = result['cwe']
document['severity']['cvss-vector'] = "CVSS:3.0/" + str(
result['cvss-vector'])
document['severity']['cvss-score'] = result['cvss']
document['links'] = result['references']
document['flaw']['reported-by'] = result['assigner']
document['flaw']['date-reported'] = arrow.get(
result['Published']).format('YYYY-MM-DD')
# Create a flaw out of the document
flaw = Flaw(document)
new_flaw = edit_function(0,
subsequent=False,
label=None,
flaw=flaw)
if new_flaw:
print(new_flaw)
else:
continue
if push:
pusher = Base() # instantiate the class to push changes
labels = ['vulnerability']
new_keywords = ast.literal_eval(new_flaw.keywords)
for l in new_keywords:
labels.append(l)
issue = pusher.new_ticket(new_flaw, labels)
# Update id
new_flaw.id = issue.number
# Update issue and links
if isinstance(new_flaw.links, list):
links = new_flaw.links
else:
links = []
if new_flaw.links.strip() != "":
links.append(new_flaw.links.strip())
links.append(issue.html_url)
new_flaw.links = links
new_flaw.issue = issue.html_url
if flaw.title[:4] != "RVD#": # already has the syntax
new_title = "RVD#" + str(issue.number) + ": " + flaw.title
flaw.title = new_title
pusher.update_ticket(issue, new_flaw)
elif vendor:
cve = CVESearch()
cyan("Browsing for vendor: ", end="")
print(vendor)
pprint.pprint(cve.browse(vendor))
elif product:
red("Error, vendor is required")
sys.exit(1)
else:
red("Error, vendor or vendor and product required")
sys.exit(1)
#! /usr/bin/env python
# -*- coding: utf-8 -
import asyncio
import logging
from datetime import datetime
from pycvesearch import CVESearch
from bootstrap import db
from web.models import CVE, get_or_create
logger = logging.getLogger(__name__)
sem = asyncio.Semaphore(20)
cve_search = CVESearch()
async def get_cve(*args, **kwargs):
try:
data = cve_search.search('{}/{}'.format(args[0], args[1]))
logger.info('CVE for {} retrieved'.format(args[2]))
return data
except Exception as e:
raise e
async def insert_database(project):
with (await sem):
logger.info('Retrieving CVE for {}'.format(project.name))
cves = await get_cve(project.cve_vendor, project.cve_product,
def get_CVE():
CVESearch.search()
def main():
cve = CVESearch() # Beginning the PyCVESearch api search
latex_script_string = ""
latex_ip_table_string = ""
latex_devices_table_string = ""
latex_cve_table = ""
cve_severity_average = 0
cve_severity_average_counter = 0
cve_severity_low_total = 0
cve_severity_medium_total = 0
cve_severity_high_total = 0
cve_severity_critical_total = 0
latex_technical_specifics = ""
latex_technical_specifics_vulnerable_configs_column_count = 1
time_now = datetime.datetime.now()
formatted_time = time_now.strftime(
"%Y-%m-%d %H:%M") # Get the time and date for filenames
scan_question = input(
time_now.strftime("%H:%M") + " Do you have an IP to scan ? (Y/N): "
) # If user wishes to run a simple NMAP scan , if not they can use an existing results file
if scan_question == "Y" or scan_question == "y":
scan_ip = input(
time_now.strftime("%H:%M") +
" Enter IP Address to be scanned: ") # Enter IP address for scan
nmap_process = subprocess.Popen([
'nmap', '-v', '-sV', '--script', 'nmap-vulners', '-oX',
formatted_time + '.xml', scan_ip
]) # Run the NMAP scan
nmap_output = nmap_process.communicate()
results_file = formatted_time + '.xml' # Grabs result file created from NMAP scan
else:
file_extension_check_loop = True
while file_extension_check_loop: # loop to make sure an existing file is used
results_file = input(
time_now.strftime("%H:%M") +
" Enter NMAP output .xml file name: "
) # Input .xml file name with or without .xml file extension
file_extension_check = results_file[
-4:] # Checks if .xml file extension was added
if file_extension_check != ".xml": # Adds .xml to end of input if not
results_file = results_file + ".xml"
try:
file_exist_check = open(results_file,
"r") # Checking if file exists
file_extension_check_loop = False
except FileNotFoundError:
print(
time_now.strftime("%H:%M") +
" ERROR: File not found please input an existing NMAP .xml output file"
) # File doesnt exist, loops back
latex_title_input = input(
time_now.strftime("%H:%M") + " Please enter organisation title: ")
try: # Testing the file is readable
untangle_object = untangle.parse(
results_file) # Object file created from .xml results
except SAXParseException:
print(time_now.strftime("%H:%M") + " ERROR: File unreadable")
exit()
untangle_object_scan_start_time = untangle_object.nmaprun["startstr"]
untangle_object_scan_finish_time = untangle_object.nmaprun.runstats.finished[
"timestr"]
untangle_object_hosts = untangle_object.nmaprun.host
for untangle_object_host in untangle_object_hosts: # Looping through the hosts in NMAP output
untangle_object_host_address_ip = ""
untangle_object_combined_ports = ""
untangle_object_combined_devices = ""
latex_technical_specifics_combined = ""
cve_severity_low = 0
cve_severity_medium = 0
cve_severity_high = 0
cve_severity_critical = 0
cve_severity_total = 0
for untangle_object_host_addresstype in untangle_object_host.address:
if untangle_object_host_addresstype[
"addrtype"] == "ipv4": # Parses out only the ipv4 address, stops crashes with mac address
untangle_object_host_address_ip = untangle_object_host_addresstype[
"addr"]
print(
time_now.strftime("%H:%M") +
" PARSING: IP Address: {}".format(
untangle_object_host_address_ip))
try: # Testing untangle_object_host_addresstypeif the NMAP has performed OS detection or not
untangle_object_vendors = set()
untangle_object_osmatch_iterator = untangle_object_host.os.osmatch
for untangle_object_osmatch in untangle_object_osmatch_iterator: # Looping through fingerprinted OS for each host
untangle_object_device = untangle_object_osmatch["name"]
print(
time_now.strftime("%H:%M") +
" Device: {}".format(untangle_object_device))
untangle_object_osclass_iterator = untangle_object_osmatch.osclass
for untangle_object_osclass in untangle_object_osclass_iterator:
untangle_object_vendor = untangle_object_osclass["vendor"]
if untangle_object_vendor is not None:
untangle_object_vendors.add(untangle_object_vendor)
print(
time_now.strftime("%H:%M") +
" PARSING: OS Vendors: {}".format(untangle_object_vendors))
for vendor in untangle_object_vendors:
untangle_object_combined_devices = untangle_object_combined_devices + vendor + " "
except AttributeError as e:
print(
time_now.strftime("%H:%M") +
" ERROR: No OS fingerprinting detected")
untangle_object_combined_devices = untangle_object_combined_devices + "No OS identified" + " "
latex_cve_table = latex_cve_table + "\subsection{Critical and high CVE details of host: " + untangle_object_host_address_ip + "}" # Begins string of CVE table for current port
untangle_object_ports = untangle_object_host.ports.port
for untangle_object_port in untangle_object_ports: # Looping through all open ports discovered for each host
untangle_object_combined_scriptoutput = ""
untangle_object_combined_cve = ""
print(
time_now.strftime("%H:%M") +
" PARSING: Port: {}".format(untangle_object_port["portid"]))
try:
untangle_object_scripts = untangle_object_port.script
for untangle_object_script in untangle_object_scripts: # Looping through each script on the current port
untangle_object_cve_regex = re.findall(
r"(CVE-\d*-\d*)\t*(\d*.\d)\t*(https:\/\/vulners.com\/cve\/CVE-\d*-\d*)",
untangle_object_script["output"],
flags=re.MULTILINE
) # Using Regex to search for the CVE, its severity and URL from the nmap-vulners script
if untangle_object_script[
"id"] == "vulners": # CVE information will only be pulled out for scripts that were run by nmap-vulners
for untangle_object_cve in untangle_object_cve_regex:
latex_technical_specifics_summary = ""
latex_technical_specifics_vulnerable_configs = ""
latex_technical_specifics_references = ""
latex_technical_specifics_cve_cwe_cvss_table = ""
cve_severity_average = cve_severity_average + float(
untangle_object_cve[1]
) # Calculations for average severity score from each CVE
cve_severity_average_counter = cve_severity_average_counter + 1
cve_search_api = cve.id(
untangle_object_cve[0]
) # Using PyCVESearch to search the API for current CVE
if "id" in cve_search_api:
print(
time_now.strftime("%H:%M") +
" API SEARCH: CVE ID: " +
cve_search_api["id"])
latex_technical_specifics_cve_cwe_cvss_table = "\\begin{center}\scalebox{1.5}{\\begin{tabular}{lr}\hline\multicolumn{2}{c}{" + cve_search_api[
"id"] + " Information} \\\\"
else:
print(
time_now.strftime("%H:%M") +
" ERROR: No CVE ID available")
if "summary" in cve_search_api:
print(
time_now.strftime("%H:%M ") +
cve_search_api["id"] +
" API SEARCH: Summary: " +
cve_search_api["summary"])
latex_technical_specifics_summary = latex_technical_specifics_summary + "\paragraph{Summary} \mbox{} \\\\" + "\n" + "\\detokenize{" + cve_search_api[
"summary"] + "}"
latex_technical_specifics_combined = latex_technical_specifics_combined + latex_technical_specifics_summary
else:
print(
time_now.strftime("%H:%M ") +
cve_search_api["id"] +
" API SEARCH ERROR: Summary: No information available"
)
latex_technical_specifics_summary = latex_technical_specifics_summary + "\paragraph{Summary} \mbox{} \\\\" + "\n" + "Information unavailable" + "}"
latex_technical_specifics_combined = latex_technical_specifics_combined + latex_technical_specifics_summary
if "cvss" in cve_search_api:
print(
time_now.strftime("%H:%M ") +
cve_search_api["id"] +
" API SEARCH: CVSS Score: " +
str(cve_search_api["cvss"]))
latex_technical_specifics_cve_cwe_cvss_table = latex_technical_specifics_cve_cwe_cvss_table + "\hline CVSS Score & " + str(
cve_search_api["cvss"]) + "\\\\CWE & "
else:
print(
time_now.strftime("%H:%M ") +
cve_search_api["id"] +
" API SEARCH ERROR: CVSS Score: No information available"
)
if "cwe" in cve_search_api:
print(
time_now.strftime("%H:%M ") +
cve_search_api["id"] +
" API SEARCH: CWE: " +
cve_search_api["cwe"])
latex_technical_specifics_cve_cwe_cvss_table = latex_technical_specifics_cve_cwe_cvss_table + cve_search_api[
"cwe"] + "\\\\\hline"
else:
print(
time_now.strftime("%H:%M ") +
cve_search_api["id"] +
" API SEARCH ERROR: CWE: No information available"
)
if "impact" in cve_search_api:
print(
time_now.strftime("%H:%M ") +
cve_search_api["id"] +
" API SEARCH: Confidentiality impact: " +
cve_search_api["impact"]["confidentiality"]
)
print(
time_now.strftime("%H:%M ") +
cve_search_api["id"] +
" API SEARCH: Integrity impact: " +
cve_search_api["impact"]["integrity"])
print(
time_now.strftime("%H:%M ") +
cve_search_api["id"] +
" API SEARCH: Availability impact: " +
cve_search_api["impact"]["availability"])
latex_technical_specifics_cve_cwe_cvss_table = latex_technical_specifics_cve_cwe_cvss_table + " Vulnerability impact \\\\\hline Confidentiality & " + cve_search_api[
"impact"][
"confidentiality"] + "\\\\Integrity & " + cve_search_api[
"impact"][
"integrity"] + "\\\\Availability & " + cve_search_api[
"impact"][
"availability"] + "\\\\\hline"
else:
print(
time_now.strftime("%H:%M ") +
cve_search_api["id"] +
" API SEARCH ERROR: Impact: No information available"
)
if "access" in cve_search_api:
print(
time_now.strftime("%H:%M ") +
cve_search_api["id"] +
" API SEARCH: Acess authentication: " +
cve_search_api["access"]["authentication"])
print(
time_now.strftime("%H:%M ") +
cve_search_api["id"] +
" API SEARCH: Access complexity: " +
cve_search_api["access"]["complexity"])
print(
time_now.strftime("%H:%M ") +
cve_search_api["id"] +
" API SEARCH: Access vector: " +
cve_search_api["access"]["vector"])
latex_technical_specifics_cve_cwe_cvss_table = latex_technical_specifics_cve_cwe_cvss_table + " Access methodology information \\\\\hline Vector & " + cve_search_api[
"access"]["vector"] + "\\\\Complexity & " + cve_search_api[
"access"][
"complexity"] + "\\\\Authentication & \detokenize{" + cve_search_api[
"access"][
"authentication"] + "}\\\\\hline"
else:
print(
time_now.strftime("%H:%M ") +
cve_search_api["id"] +
" API SEARCH ERROR: Access: No information available"
)
latex_technical_specifics_combined = latex_technical_specifics_combined + latex_technical_specifics_cve_cwe_cvss_table + "\end{tabular}}\end{center}"
if "vulnerable_configuration" in cve_search_api:
latex_technical_specifics_vulnerable_configs = latex_technical_specifics_vulnerable_configs + "\\begin{tiny}\\begin{spacing}{1.0} \n \paragraph{Vulnerable configs} \mbox{} \\\\" + "\n"
for vulnerable_config in cve_search_api[
"vulnerable_configuration"]:
latex_technical_specifics_vulnerable_configs = latex_technical_specifics_vulnerable_configs + "\\detokenize{" + vulnerable_config[
"title"] + "}" + " \hfill "
if latex_technical_specifics_vulnerable_configs_column_count % 3 == 0: # This creates 3 columns of the vulnerable configurations to save room
latex_technical_specifics_vulnerable_configs = latex_technical_specifics_vulnerable_configs + r'''\par\noindent'''
latex_technical_specifics_vulnerable_configs_column_count = latex_technical_specifics_vulnerable_configs_column_count + 1
latex_technical_specifics_combined = latex_technical_specifics_combined + latex_technical_specifics_vulnerable_configs + r'''\\\\''' + "\\end{spacing}" + "\\end{tiny}"
else:
print(
time_now.strftime("%H:%M ") +
cve_search_api["id"] +
" API SEARCH ERROR: Vulnerable configurations: No information available"
)
latex_technical_specifics_vulnerable_configs = latex_technical_specifics_vulnerable_configs + "\paragraph{Vulnerable configs} \mbox{} \\\\" + "No information available"
latex_technical_specifics_combined = latex_technical_specifics_combined + latex_technical_specifics_vulnerable_configs
if "references" in cve_search_api:
latex_technical_specifics_references = latex_technical_specifics_references + "\paragraph{References} \mbox{} \\\\"
for reference in cve_search_api["references"]:
latex_technical_specifics_references = latex_technical_specifics_references + "\href{" + reference + "}{\\detokenize{" + reference + "}} \\\\"
latex_technical_specifics_references_nopercent = re.sub(
r"%", "\%",
latex_technical_specifics_references)
latex_technical_specifics_combined = latex_technical_specifics_combined + latex_technical_specifics_references_nopercent + r'''\\\\'''
else:
print(
time_now.strftime("%H:%M ") +
cve_search_api["id"] +
" API SEARCH ERROR: References: No information available"
)
latex_technical_specifics_references = latex_technical_specifics_references + "\paragraph{References} \mbox{} \\\\" + "No information available"
latex_technical_specifics_combined = latex_technical_specifics_combined + latex_technical_specifics_references
latex_technical_specifics_combined = latex_technical_specifics_combined + "\\newpage" # Completes the report page for current CVE
cve_severity = float(untangle_object_cve[1])
if cve_severity <= 3: # Determines the colour of severity cell in CVE table
cve_severity_low = cve_severity_low + 1
cve_severity_total = cve_severity_total + 1
cve_severity_low_total = cve_severity_low_total + 1
else:
if cve_severity > 3 and cve_severity <= 6:
cve_severity_medium = cve_severity_medium + 1
cve_severity_total = cve_severity_total + 1
cve_severity_medium_total = cve_severity_medium_total + 1
else:
if cve_severity > 6 and cve_severity < 9:
cve_severity_total = cve_severity_total + 1
cve_severity_high = cve_severity_high + 1
cve_severity_high_total = cve_severity_high_total + 1
else:
if cve_severity >= 9:
cve_severity_total = cve_severity_total + 1
cve_severity_critical = cve_severity_critical + 1
cve_severity_critical_total = cve_severity_critical_total + 1
latex_cve_table = latex_cve_table + re.sub(
r"(REGEXCVETABLEREGEX)",
untangle_object_combined_cve,
latex_template_cve_table,
count=0,
flags=0
) # Creating the table string from table template
latex_cve_table = re.sub(
r"(REGEXPORTHERE)",
untangle_object_port["portid"],
latex_cve_table,
count=0,
flags=0)
untangle_object_combined_scriptoutput = untangle_object_combined_scriptoutput + " NMAP Script run: " + untangle_object_script[
"id"] + " NMAP Script Result: " + untangle_object_script[
"output"] # Creating a string of the raw scripts information of every script run
except AttributeError as e:
print(
time_now.strftime("%H:%M") + " ERROR: No scripts detected")
untangle_object_combined_ports = untangle_object_combined_ports + untangle_object_port[
"portid"] + " " # Creating a combined string of each host and its discovered ports
latex_script_string = latex_script_string + untangle_object_combined_scriptoutput + "\n" # Creating a LaTeX string from template file and combined script string
latex_technical_specifics = latex_technical_specifics + "\\newpage\subsection{Vulnerability details of host: " + untangle_object_host_address_ip + "}" # Begins string of CVE table for current port
latex_technical_specifics_perhost_severity_string = "Critical\cellcolor{red}&\cellcolor{red} " + str(
cve_severity_critical
) + r'\\\\' + "High\cellcolor{orange}&\cellcolor{orange}" + str(
cve_severity_high
) + r'''\\\\''' + "Medium\cellcolor{yellow}&\cellcolor{yellow}" + str(
cve_severity_medium
) + r'''\\\\''' + "Low \cellcolor{green}&\cellcolor{green}" + str(
cve_severity_low) + r'''\\\\\hline Total& ''' + str(
cve_severity_total)
latex_technical_specifics_perhost_severity = re.sub(
r"(REGEXPERHOSTSEVERITYREGEX)",
latex_technical_specifics_perhost_severity_string,
latex_template_technical_specifics_perhost_severity,
count=0,
flags=0)
latex_technical_specifics = latex_technical_specifics + latex_technical_specifics_perhost_severity + latex_technical_specifics_combined
latex_cve_table = latex_cve_table + r'''\newpage'''
latex_devices_table_string = latex_devices_table_string + untangle_object_host_address_ip + "&" + untangle_object_combined_devices + r'''\\\\''' # Creating a LaTeX table string from template file and combined devices string
latex_ip_table_string = latex_ip_table_string + untangle_object_host_address_ip + " & " + untangle_object_combined_ports + "&" + untangle_object_combined_devices + r'''\\\\''' # Creating a LaTeX table string from template file and combined ports string
latex_ip_table_string = latex_ip_table_string + "\hline Scan start time & " + untangle_object_scan_start_time + r'\\\\' + "Scan end time & " + untangle_object_scan_finish_time + r'\\\\'
cve_severity_average = cve_severity_average / cve_severity_average_counter # Finishing calculation of severity average
latex_title = re.sub(
r"(REGEXTITLEHEREREGEX)",
latex_title_input,
latex_template_title,
count=0,
flags=0
) # Using Regex to replace the placeholder title in title LaTeX template
latex_executive_summary = re.sub(
r"(REGEXTITLEHEREREGEX)",
latex_title_input,
latex_template_executive_summary,
count=0,
flags=0
) # Using Regex to replace the placeholder title in executive summary LaTeX template
if cve_severity_average == 0: # Determines what executive summary is chosen, determined by the average severity score
latex_executive_summary = re.sub(
r"(REGEXRISKSTATEMENTREGEX)",
latex_template_executive_summary_risk_none,
latex_executive_summary,
count=0,
flags=0)
else:
if cve_severity_average > 0 and cve_severity_average <= 3:
latex_executive_summary = re.sub(
r"(REGEXRISKSTATEMENTREGEX)",
latex_template_executive_summary_risk_low,
latex_executive_summary,
count=0,
flags=0)
else:
if cve_severity_average > 3 and cve_severity_average <= 6:
latex_executive_summary = re.sub(
r"(REGEXRISKSTATEMENTREGEX)",
latex_template_executive_summary_risk_medium,
latex_executive_summary,
count=0,
flags=0)
else:
if cve_severity_average > 6:
latex_executive_summary = re.sub(
r"(REGEXRISKSTATEMENTREGEX)",
latex_template_executive_summary_risk_high,
latex_executive_summary,
count=0,
flags=0)
latex_overall_severity_results_string = "Critical\cellcolor{red}&\cellcolor{red} " + str(
cve_severity_critical_total
) + r'\\\\' + "High\cellcolor{orange}&\cellcolor{orange}" + str(
cve_severity_high_total
) + r'''\\\\''' + "Medium\cellcolor{yellow}&\cellcolor{yellow}" + str(
cve_severity_medium_total
) + r'''\\\\''' + "Low \cellcolor{green}&\cellcolor{green}" + str(
cve_severity_low_total) + r'''\\\\\hline Total& ''' + str(
cve_severity_average_counter)
latex_overall_severity_results = re.sub(
r"(REGEXSEVERITYOVERALLHEREREGEX)",
latex_overall_severity_results_string,
latex_template_technical_specifics_overall_severity_results,
count=0,
flags=0)
latex_results_table = re.sub(
r"(REGEXIPPORTTABLEHEREREGEX)",
latex_ip_table_string,
latex_template_results_table,
count=0,
flags=0
) # Using Regex to replace the placeholder table in results table LaTeX template with the host and ports
latex_raw_results = re.sub(
r"(REGEXSCRIPTSTUFFREGEX)",
latex_script_string,
latex_template_raw_results,
count=0,
flags=0
) # Using Regex to replace the raw scripts placeholder in LateX template
file_latex = open(latex_title_input + 'GeneratedReport.tex',
"w+") # Creating the LaTeX .tex file
latex_template = latex_template_packages + latex_title + latex_executive_summary + latex_template_technical_specifics + latex_results_table + latex_overall_severity_results + latex_technical_specifics + latex_raw_results # Combining the LaTeX template strings to create the entire template
file_latex.write(
latex_template) # Writing the LaTeX template to the .tex file
file_latex.close()
pdflatex_process = subprocess.Popen(
['pdflatex', latex_title_input + 'GeneratedReport.tex']
) # Generate PDF report from LaTex .tex file (LaTeX only produces contents file on second report generation)
pdflatex_process.communicate()
pdflatex_process = subprocess.Popen(
['pdflatex', latex_title_input + 'GeneratedReport.tex']
) # Run a second time as pdfLatex produces contents .toc file after starting pdf generation
pdflatex_process.communicate()
import json
import requests
import datetime
from pycvesearch import CVESearch
base_url = "https://api.msrc.microsoft.com/"
api_key = "15ec9ebc4fe9469784f10724bf752f82"
cve = CVESearch()
vuln_list = cve.search("microsoft/windows_server_2008")
win_2008 = set()
for element in vuln_list:
win_2008.add(element["id"])
win_2008_map = []
for cve_id in list(win_2008):
url = "{}Updates('{}')?api-version={}".format(base_url,\
cve_id, str(datetime.datetime.now().year))
headers = {'api-key': api_key}
response = requests.get(url, headers=headers)
if response.status_code == 200:
data = json.loads(response.content)
id = data["value"][0]["ID"]
win_2008_map.append({"cve_id":cve_id, "cvrf_id":id})
print(cve_id + " : " + id)
else:
print(cve_id " + not found")
with open("data/versions/windows_server_2008", "w") as outfile:
outfile.write(json.dumps(win_2008_map, indent = 4,\
sort_keys = True))