Python Vulnerability.description Beispiele

Beispiel #1

        print(f"Host {self.ip}")
        print(f"OS fingerprint: {self.os} - {self.version}")
        if not len(self.ports):
            print(f"Ports: none")
            return
        print(f"Ports: ")
        for p in self.ports.values():
            p.print()


if __name__ == "__main__":
    print(f"### device.py example ###\n")

    d = Device("127.0.0.1", "Windows 10", "Build 1901")

    p = Port(25, "tcp")
    p.service = "smtp"
    p.software = "postfix"
    p.version = "2.13"
    v = Vulnerability()
    v.software = p.software
    v.version = p.version
    v.type = "RCE"
    v.description = "sample RCE desc"
    v.addExploit("https://cve.truc/exp1")
    v.addExploit("https://cve.truc/exp2")
    p.addVuln(v)

    d.addPort(p)

    d.print()

Beispiel #2

Datei: parsenessus.py Projekt: ThimoDeSouter/security-audit-scripts

def populateList(root, hosts):

    reporthostnodes = root.findall('.//ReportHost')

    for reporthostnode in reporthostnodes:
        #find host info
        hostip = reporthostnode.attrib['name']
        hostos = None
        hostfqdn = None
        hostmac = None

        hosttags = reporthostnode.findall('HostProperties/tag')
        for hosttag in hosttags:
            if (hosttag.attrib['name'] == "operating-system"):
                hostos = hosttag.text
            if (hosttag.attrib['name'] == "host-fqdn"):
                hostfqdn = hosttag.text
            if (hosttag.attrib['name'] == "mac-address"):
                hostmac = hosttag.text

            host = Host(hostip, hostos, hostfqdn, hostmac)

        reportitems = reporthostnode.findall('ReportItem')

        for reportitem in reportitems:

            port = name = protocol = severity = description = cve = synopsis = solution = pub_date = None
            base_score = 0.0

            port = reportitem.attrib['port']
            name = reportitem.attrib['pluginName']
            protocol = reportitem.attrib['protocol']
            severity = reportitem.attrib['severity']
            description = reportitem.find('description').text
            synopsis = reportitem.find('synopsis').text
            solution = reportitem.find('solution').text

            cve_obj = reportitem.find('cve')
            if cve_obj is not None:
                cve = cve_obj.text

            base_score_obj = reportitem.find('cvss_base_score')
            if base_score_obj is not None:
                base_score = base_score_obj.text

            pub_date_obj = reportitem.find('vuln_publication_date')
            if pub_date_obj is not None:
                pub_date = pub_date_obj.text

            vuln = Vulnerability()
            vuln.name = name
            vuln.port = port
            vuln.protocol = protocol
            vuln.description = description
            vuln.severity = severity
            vuln.cve = cve
            vuln.base_score = base_score
            vuln.synopsis = synopsis
            vuln.solution = solution
            vuln.pub_date = pub_date

            host.addVulnerability(vuln)
        hosts.append(host)