Beispiel #1
0
    def check_vulns(self):
        vulns = []
        for possible_flow in self.tracked_patterns:
            for pat_name, tracked in possible_flow.items():
                if len(tracked['sources']) > 0 and len(tracked['sinks']) > 0:
                    for sink in tracked['sinks']:
                        # [:] makes a copy of the array, so the reported vuln isn't changed
                        # after being reported
                        vuln_name = pat_name
                        src = tracked['sources'][:]
                        san = tracked['sanitizers'][:]
                        snk = [sink][:]

                        vuln = Vulnerability(vuln_name, src, san, snk)
                        duplicated = False

                        for rv in self.reported_vuls:
                            duplicated = False
                            if str(rv) == str(vuln):
                                duplicated = True
                                break
                        if not duplicated:
                            self.reported_vuls.append(vuln)
                            vulns.append(vuln)
                    # clear already reported sinks
                    tracked['sinks'] = []
        return vulns
Beispiel #2
0
 def register_vuln(self, vuln=None, name=None, i18n_name=None, category=None, description=None, solution=None,
                   risk_level=None):
     if not vuln:
         vuln = Vulnerability(name=name, i18n_name=i18n_name, category=category, description=description,
                              solution=solution,
                              risk_level=risk_level)
     report = self.db.filter(name=vuln.name, plugin_name=self.plugin_name)
     if len(report):
         return
     report = VulnReport(vuln, plugin_name=self.plugin_name)
     self.db.add(report)
Beispiel #3
0
def parseVulRow(tableRow):
    tdElems = tableRow.find_all('td')
    strs = list(tdElems[0].strings)
    lenovoCode = clearSpecialChars(strs[0])
    description = clearSpecialChars(strs[1])

    aElems = tdElems[0].find_all('a')
    link = lenovoSupportHome + aElems[0]['href']

    firstDate = clearSpecialChars(tdElems[1].string)
    lastDate = clearSpecialChars(tdElems[2].string)

    ve = Vulnerability(lenovoCode, description, link, firstDate, lastDate)
    vulCollection[lenovoCode] = ve
Beispiel #4
0
 def start_element(self, name, attrs):
     if name == self.VULNERABILITY:
         self.vul = Vulnerability()
         self.vul.setName(attrs[self.VULNERABILITY_NAME])
     elif name == self.VULNERABILITY_DESCRIPTION:
         self.tag = self.VULNERABILITY_DESCRIPTION
     elif name == self.VULNERABILITY_SOLUTION:
         #self.tag = self.VULNERABILITY_SOLUTION
         self.vul.setSolution(attrs["text"])
     elif name == self.VULNERABILITY_REFERENCES:
         self.references = {}
     elif name == self.VULNERABILITY_REFERENCE:
         self.tag = self.VULNERABILITY_REFERENCE
     elif name == self.VULNERABILITY_REFERENCE_TITLE:
         self.tag = self.VULNERABILITY_REFERENCE_TITLE
     elif name == self.VULNERABILITY_REFERENCE_URL:
         self.tag = self.VULNERABILITY_REFERENCE_URL
Beispiel #5
0
 def setUp(self) -> None:
     self.v1 = Vulnerability()
     self.v1.set_vector("AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L")
     self.v1.set_metric("E", "P")
     self.v1.set_metric("RL", "T")
     self.v1.set_metric("RC", "X")
     self.v1.set_metric("MAC", "H")
     self.v1.set_metric("MUI", "R")
     self.v1.set_metric("MI", "N")
     # AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:T/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:H/MPR:X/MUI:R/MS:X/MC:X/MI:N/MA:X 4.3 3.9 3.1
     self.v2 = Vulnerability()
     self.v2.set_vector("AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L")
     self.v2.set_metric("RL", "U")
     self.v2.set_metric("CR", "L")
     self.v2.set_metric("IR", "L")
     self.v2.set_metric("MAV", "A")
     self.v2.set_metric("MAC", "H")
     self.v2.set_metric("MPR", "N")
     self.v2.set_metric("MUI", "R")
     self.v2.set_metric("MS", "U")
     # AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L/E:X/RL:U/RC:X/CR:L/IR:L/AR:X/MAV:A/MAC:H/MPR:N/MUI:R/MS:U/MC:X/MI:X/MA:X 2.6 2.6 2.6
     self.v3 = Vulnerability()
     self.v3.set_vector("AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H")
     self.v3.set_metric("E", "P")
     self.v3.set_metric("AR", "H")
     self.v3.set_metric("MPR", "H")
     self.v3.set_metric("MUI", "N")
     self.v3.set_metric("MS", "U")
     # AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:X/RC:X/CR:X/IR:X/AR:H/MAV:X/MAC:X/MPR:H/MUI:N/MS:U/MC:X/MI:X/MA:X 5.8 5.5 6.0
     self.v4 = Vulnerability()
     self.v4.set_vector("AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H")
     self.v4.set_metric("E", "P")
     self.v4.set_metric("RL", "U")
     self.v4.set_metric("AR", "H")
     self.v4.set_metric("MUI", "R")
     self.v4.set_metric("MS", "U")
     self.v4.set_metric("MC", "L")
     self.v4.set_metric("MI", "N")
     self.v4.set_metric("MA", "N")
     # AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H/E:P/RL:U/RC:X/CR:X/IR:X/AR:H/MAV:X/MAC:X/MPR:X/MUI:R/MS:U/MC:L/MI:N/MA:N 6.1 5.8 3.0
     self.v5 = Vulnerability()
     self.v5.set_vector("AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:H")
     self.v5.set_metric("E", "P")
     self.v5.set_metric("RL", "O")
     self.v5.set_metric("IR", "M")
     self.v5.set_metric("MAV", "N")
     self.v5.set_metric("MAC", "H")
     self.v5.set_metric("MC", "L")
     self.v5.set_metric("MA", "N")
     # AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:H/E:P/RL:O/RC:X/CR:X/IR:M/AR:X/MAV:N/MAC:H/MPR:X/MUI:X/MS:X/MC:L/MI:X/MA:N 7.7 6.9 3.6
     self.v6 = Vulnerability()
     self.v6.set_vector("AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H")
     self.v6.set_metric("RL", "W")
     self.v6.set_metric("RC", "R")
     self.v6.set_metric("IR", "M")
     self.v6.set_metric("MAV", "N")
     self.v6.set_metric("MAC", "H")
     self.v6.set_metric("MPR", "L")
     self.v6.set_metric("MUI", "N")
     self.v6.set_metric("MC", "L")
     self.v6.set_metric("MI", "L")
     self.v6.set_metric("MA", "L")
     # AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:X/RL:W/RC:R/CR:X/IR:M/AR:X/MAV:N/MAC:H/MPR:L/MUI:N/MS:X/MC:L/MI:L/MA:L 6.3 5.9 4.7
     self.v7 = Vulnerability()
     self.v7.set_vector("AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N")
     self.v7.set_metric("RL", "U")
     self.v7.set_metric("RC", "U")
     self.v7.set_metric("MAV", "N")
     self.v7.set_metric("MUI", "N")
     self.v7.set_metric("MA", "L")
     # AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N/E:X/RL:U/RC:U/CR:X/IR:X/AR:X/MAV:N/MAC:X/MPR:X/MUI:N/MS:X/MC:X/MI:X/MA:L 6.5 6.0 7.6
     self.v8 = Vulnerability()
     self.v8.set_vector("AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H")
     self.v8.set_metric("E", "F")
     self.v8.set_metric("RL", "T")
     self.v8.set_metric("IR", "L")
     self.v8.set_metric("MAV", "N")
     self.v8.set_metric("MAC", "L")
     self.v8.set_metric("MUI", "N")
     self.v8.set_metric("MC", "L")
     self.v8.set_metric("MI", "N")
     self.v8.set_metric("MA", "L")
     # AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:T/RC:X/CR:X/IR:L/AR:X/MAV:N/MAC:L/MPR:X/MUI:N/MS:X/MC:L/MI:N/MA:L 7.0 6.6 5.1
     self.v9 = Vulnerability()
     self.v9.set_vector("AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N")
     self.v9.set_metric("E", "U")
     self.v9.set_metric("RL", "O")
     self.v9.set_metric("IR", "L")
     self.v9.set_metric("MAV", "N")
     self.v9.set_metric("MAC", "L")
     self.v9.set_metric("MUI", "R")
     self.v9.set_metric("MI", "L")
     # AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:X/CR:X/IR:L/AR:X/MAV:N/MAC:L/MPR:X/MUI:R/MS:X/MC:X/MI:L/MA:X 2.1 1.9 2.6
     self.v10 = Vulnerability()
     self.v10.set_vector("AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N")
     self.v10.set_metric("RL", "W")
     self.v10.set_metric("IR", "L")
     self.v10.set_metric("CR", "H")
     self.v10.set_metric("MAV", "N")
     self.v10.set_metric("MAC", "H")
     self.v10.set_metric("MPR", "H")
     self.v10.set_metric("MUI", "R")
     self.v10.set_metric("MC", "L")
     self.v10.set_metric("MI", "N")
     self.v10.set_metric("MA", "N")
     # AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:X/RL:W/RC:X/CR:H/IR:L/AR:X/MAV:N/MAC:H/MPR:H/MUI:R/MS:X/MC:L/MI:N/MA:N 6.7 6.5 3.4
     self.v11 = Vulnerability()
     self.v11.set_vector("AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H")
     self.v11.set_metric("E", "P")
     self.v11.set_metric("RL", "T")
     self.v11.set_metric("RC", "R")
     self.v11.set_metric("CR", "H")
     self.v11.set_metric("IR", "H")
     self.v11.set_metric("AR", "H")
     self.v11.set_metric("MAV", "A")
     self.v11.set_metric("MAC", "H")
     self.v11.set_metric("MPR", "L")
     self.v11.set_metric("MUI", "R")
     self.v11.set_metric("MS", "C")
     self.v11.set_metric("MC", "H")
     self.v11.set_metric("MI", "H")
     self.v11.set_metric("MA", "H")
Beispiel #6
0
 def test_enter_wrong_metric_key(self):
     v_wrong = Vulnerability()
     self.assertRaises(KeyError, v_wrong.set_metric, "AX", "N")
Beispiel #7
0
 def test_enter_wrong_metric_value(self):
     v_wrong = Vulnerability()
     self.assertRaises(ValueError, v_wrong.set_metric, "AV", "K")
Beispiel #8
0
 def test_enter_base_score_in_wrong_order(self):
     v_wrong = Vulnerability()
     self.assertRaises(ValueError, v_wrong.set_vector,
                       "AV:A/AC:H/PR:L/UI:R/S:U/I:L/C:L/A:L")
Beispiel #9
0
 def test_enter_more_more_than_base_score(self):
     v_wrong = Vulnerability()
     self.assertRaises(ValueError, v_wrong.set_vector,
                       "AV:A/AC:H/PR:L/UI:R/S:U/C:L:I:X/A:L/MAV/AC")
Beispiel #10
0
 def test_enter_wrong_metric_for_base_score(self):
     v_wrong = Vulnerability()
     self.assertRaises(ValueError, v_wrong.set_vector,
                       "AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:X/A:L")
Beispiel #11
0
        print(f"Host {self.ip}")
        print(f"OS fingerprint: {self.os} - {self.version}")
        if not len(self.ports):
            print(f"Ports: none")
            return
        print(f"Ports: ")
        for p in self.ports.values():
            p.print()


if __name__ == "__main__":
    print(f"### device.py example ###\n")

    d = Device("127.0.0.1", "Windows 10", "Build 1901")

    p = Port(25, "tcp")
    p.service = "smtp"
    p.software = "postfix"
    p.version = "2.13"
    v = Vulnerability()
    v.software = p.software
    v.version = p.version
    v.type = "RCE"
    v.description = "sample RCE desc"
    v.addExploit("https://cve.truc/exp1")
    v.addExploit("https://cve.truc/exp2")
    p.addVuln(v)

    d.addPort(p)

    d.print()
Beispiel #12
0
def populateList(root, hosts):

    reporthostnodes = root.findall('.//ReportHost')

    for reporthostnode in reporthostnodes:
        #find host info
        hostip = reporthostnode.attrib['name']
        hostos = None
        hostfqdn = None
        hostmac = None

        hosttags = reporthostnode.findall('HostProperties/tag')
        for hosttag in hosttags:
            if (hosttag.attrib['name'] == "operating-system"):
                hostos = hosttag.text
            if (hosttag.attrib['name'] == "host-fqdn"):
                hostfqdn = hosttag.text
            if (hosttag.attrib['name'] == "mac-address"):
                hostmac = hosttag.text

            host = Host(hostip, hostos, hostfqdn, hostmac)

        reportitems = reporthostnode.findall('ReportItem')

        for reportitem in reportitems:

            port = name = protocol = severity = description = cve = synopsis = solution = pub_date = None
            base_score = 0.0

            port = reportitem.attrib['port']
            name = reportitem.attrib['pluginName']
            protocol = reportitem.attrib['protocol']
            severity = reportitem.attrib['severity']
            description = reportitem.find('description').text
            synopsis = reportitem.find('synopsis').text
            solution = reportitem.find('solution').text

            cve_obj = reportitem.find('cve')
            if cve_obj is not None:
                cve = cve_obj.text

            base_score_obj = reportitem.find('cvss_base_score')
            if base_score_obj is not None:
                base_score = base_score_obj.text

            pub_date_obj = reportitem.find('vuln_publication_date')
            if pub_date_obj is not None:
                pub_date = pub_date_obj.text

            vuln = Vulnerability()
            vuln.name = name
            vuln.port = port
            vuln.protocol = protocol
            vuln.description = description
            vuln.severity = severity
            vuln.cve = cve
            vuln.base_score = base_score
            vuln.synopsis = synopsis
            vuln.solution = solution
            vuln.pub_date = pub_date

            host.addVulnerability(vuln)
        hosts.append(host)
Beispiel #13
0
 def __init__(self):
     self._model = Vulnerability()
     self.username = ""
     self.password = ""
     self.msg = ""
     self.check_auth = False