Beispiel #1
0
def import_vulns(self):
    data = self.data.copy()

    if 'vulns' in data.keys():
        for vuln in data['vulns']:
            vuln.pop('id', None)
            try:
                v = Vuln.objects.filter(uuid=vuln['uuid']).first()
                new_vuln = None
                if v is None:
                    # New vuln
                    new_vuln = Vuln(**vuln)
                    new_vuln.save()
                else:
                    v.update(**vuln)
            except Exception as e:
                logger.error(e)

    if 'exploits' in data.keys():
        for exploit in data['exploits']:
            exploit.pop('id', None)
            try:
                v = Vuln.objects.filter(uuid=exploit['vuln_uuid']).first()
                exploit.update({'vuln_id': v.id})
                new_exploit = ExploitMetadata(**exploit)
                new_exploit.save()
            except Exception as e:
                logger.error(e)

    return JsonResponse({}, safe=False)
def import_exploit(data):
    # print(data)
    for cve_id in data['CVE']:
        vuln = Vuln.objects.filter(cveid=cve_id).first()
        if vuln is None:
            return {
                'status': 'error',
                'reason': 'Unknown vulnerability: {}'.format(cve_id)
            }

        try:
            for sl in list(
                    vuln.exploitmetadata_set.values_list('link', flat=True)):
                if data['view_link'].rstrip('/') in sl.rstrip('/'):
                    return {
                        "status": "error",
                        "reason": "Exploit already related to vulnerability"
                    }
            exploit_data = {
                'vuln_id': vuln.id,
                'publicid': data['id'],
                'link': data['view_link'],
                'notes': "{}\n{}".format(data['title'], data['details']),
                'trust_level': 'trusted',
                'tlp_level': 'white',
                'source': data['source'],
                'availability': 'public',
                'published': data['published_at']
            }
            s = ExploitMetadata(**exploit_data)
            s.save()
        except Exception as e:
            # print(e)
            return {
                "status":
                "error",
                "reason":
                "Something goes wrong on ExploitMetadata creation: {}".format(
                    e)
            }
    return {'status': 'success'}
Beispiel #3
0
def sync_exploits_fromvia(cve_id, refs):

    if isinstance(refs, dict) is False:
        return True

    vuln = Vuln.objects.prefetch_related('cve').filter(cveid=cve_id).first()
    if vuln is None:
        return False
    logger.debug("Syncing vuln '{}' --> '{}'".format(vuln, vuln.cve_id))

    reflinks = []
    reflinkids = {}
    exploit_links = list(vuln.exploitmetadata_set.values_list('link', flat=True))

    # Others (from the CVE bulletin)
    if vuln.cve is not None and vuln.cve.references is not None:
        try:
            refs.update(vuln.cve.references)
        except Exception as e:
            logger.error("'{}/{}': refs: {}".format(vuln, cve_id, refs))

    ## Exploit-DB
    if 'exploit-db' in refs.keys():
        vuln.is_exploitable = True
        vuln.is_confirmed = True
        for e in refs['exploit-db']:
            if type(e) == str:
                exploitdb_id = e
                ex_link = 'https://www.exploit-db.com/exploits/{}'.format(exploitdb_id)
                if ex_link not in exploit_links:
                    _new_exploit = {
                        'vuln': vuln,
                        'publicid': exploitdb_id,
                        'link': ex_link,
                        'notes': ex_link,
                        'trust_level': 'trusted',
                        'tlp_level': 'white',
                        'source': 'exploit-db',
                        'availability': 'public',
                        'type': 'exploitation',
                        'maturity': 'functional',
                        'published': None,
                        'modified': None,
                        'raw': e
                    }
            else:
                exploitdb_id = e.get('id', None)
                ex_link = 'https://www.exploit-db.com/exploits/{}'.format(exploitdb_id)
                if ex_link not in exploit_links:
                    e_pubdate, e_update = _extract_exploit_dates(e.get('published', None), e.get('modified', None))
                    _new_exploit = {
                        'vuln': vuln,
                        'publicid': exploitdb_id,
                        'link': ex_link,
                        'notes': "{}-{}\n{}".format(e['id'], e.get('title', '-'), e.get('description', '-')),
                        'trust_level': 'trusted',
                        'tlp_level': 'white',
                        'source': 'exploit-db',
                        'availability': 'public',
                        'type': 'exploitation',
                        'maturity': 'functional',
                        'published': e_pubdate,
                        'modified': e_update,
                        'raw': e
                    }
                ex_hash = hash(json.dumps(_new_exploit, sort_keys=True, default=_json_serial))
                _new_exploit.update({'hash': ex_hash})

                new_exploit = ExploitMetadata(**_new_exploit)
                new_exploit.save()
                reflinks.append('https://www.exploit-db.com/exploits/{}'.format(exploitdb_id))
                reflinkids.update({'edb': exploitdb_id})
                exploit_links.append(_new_exploit['link'])

    ## Metasploit
    if 'metasploit' in refs.keys():
        vuln.is_exploitable = True
        vuln.is_confirmed = True
        for e in refs['metasploit']:
            ex_link = e.get('source', 'https://github.com/rapid7/metasploit-framework/blob/master/modules/')
            if ex_link not in exploit_links:
                e_pubdate, e_update = _extract_exploit_dates(
                    e.get('published', None), e.get('modified', None)
                )
                _new_exploit = {
                    'vuln': vuln,
                    'publicid': e.get('id', 'n/a'),
                    'link': ex_link,
                    'notes': "{}-{}\n{}\n\nLinks:\n{}".format(
                        e['id'],
                        e.get('title', '-'),
                        e.get('description', '-'),
                        e.get('references', '-')
                    ),
                    'trust_level': 'trusted',
                    'tlp_level': 'white',
                    'source': 'metasploit',
                    'availability': 'public',
                    'type': 'exploitation',
                    'maturity': 'functional',
                    'published': e_pubdate,
                    'modified': e_update,
                    'raw': e
                }
                ex_hash = hash(json.dumps(_new_exploit, sort_keys=True, default=_json_serial))
                _new_exploit.update({'hash': ex_hash})
                new_exploit = ExploitMetadata(**_new_exploit)
                new_exploit.save()
                reflinks.extend(e.get('references', []))
                exploit_links.append(_new_exploit['link'])

    ## PacketStorm
    if 'packetstorm' in refs.keys():
        vuln.is_exploitable = True
        vuln.is_confirmed = True
        for e in refs['packetstorm']:
            ex_link = e.get('source', 'https://packetstormsecurity.com')
            if ex_link not in exploit_links:
                e_pubdate, e_update = _extract_exploit_dates(
                    e.get('published', None), e.get('modified', None)
                )
                _new_exploit = {
                    'vuln': vuln,
                    'publicid': e.get('id', 'n/a'),
                    'link': e.get('source', 'https://packetstormsecurity.com'),
                    'notes': "{}-{}\n{}".format(
                        e['id'],
                        e.get('title', '-'),
                        e.get('data source', '-'),
                    ),
                    'trust_level': 'trusted',
                    'tlp_level': 'white',
                    'source': 'packetstorm',
                    'availability': 'public',
                    'type': 'exploitation',
                    'maturity': 'functional',
                    'published': e_pubdate,
                    'modified': e_update,
                    'raw': e
                }
                ex_hash = hash(json.dumps(_new_exploit, sort_keys=True, default=_json_serial))
                _new_exploit.update({'hash': ex_hash})

                new_exploit = ExploitMetadata(**_new_exploit)
                new_exploit.save()
                reflinks.append(e.get('source', None))
                reflinks.append(e.get('data source', None))
                exploit_links.append(_new_exploit['link'])

    ## Vulnerability-lab
    if 'vulner lab' in refs.keys():
        vuln.is_exploitable = True
        vuln.is_confirmed = True
        for e in refs['vulner lab']:
            ex_link = e.get('source', 'n/a')
            if ex_link not in exploit_links:
                e_pubdate, e_update = _extract_exploit_dates(
                    e.get('published', None), e.get('modified', None)
                )
                _new_exploit = {
                    'vuln': vuln,
                    'publicid': e.get('id', 'n/a'),
                    'link': e.get('source', 'n/a'),
                    'notes': "{}-{}".format(
                        e['id'],
                        e.get('title', '-')
                    ),
                    'trust_level': 'trusted',
                    'tlp_level': 'white',
                    'source': 'vulnerabilty-lab',
                    'availability': 'public',
                    'type': 'exploitation',
                    'maturity': 'functional',
                    'published': e_pubdate,
                    'modified': e_update,
                    'raw': e
                }
                ex_hash = hash(json.dumps(_new_exploit, sort_keys=True, default=_json_serial))
                _new_exploit.update({'hash': ex_hash})

                new_exploit = ExploitMetadata(**_new_exploit)
                new_exploit.save()
                reflinks.append(e.get('source', None))
                exploit_links.append(_new_exploit['link'])

    ## Seebug
    if 'Seebug' in refs.keys():
        for e in refs['Seebug']:
            if e['bulletinFamily'] == 'exploit':

                link = ''
                if 'source' in e.keys():
                    link = e['source']
                elif 'id' in e.keys():
                    ssvid = "https://www.seebug.org/vuldb/ssvid-{}".format(
                        e['id'].split(':')[1]
                    )
                    link = ssvid
                if link not in exploit_links:
                    vuln.is_exploitable = True
                    vuln.is_confirmed = True
                    e_pubdate, e_update = _extract_exploit_dates(
                        e.get('published', None), e.get('modified', None)
                    )
                    _new_exploit = {
                        'vuln': vuln,
                        'publicid': e.get('id', 'n/a'),
                        'link': link,
                        'notes': "{}-{}\n{}".format(
                            e['id'],
                            e.get('title', '-'),
                            e.get('description', '-')
                        ),
                        'trust_level': 'trusted',
                        'tlp_level': 'white',
                        'source': 'seebug',
                        'availability': 'public',
                        'type': 'exploitation',
                        'maturity': 'functional',
                        'published': e_pubdate,
                        'modified': e_update,
                        'raw': e
                    }
                    ex_hash = hash(json.dumps(_new_exploit, sort_keys=True, default=_json_serial))
                    _new_exploit.update({'hash': ex_hash})

                    new_exploit = ExploitMetadata(**_new_exploit)
                    new_exploit.save()
                    reflinks.append(link)
                    exploit_links.append(_new_exploit['link'])

    ## Talos
    if 'talos' in refs.keys():
        vuln.is_exploitable = True
        vuln.is_confirmed = True
        for e in refs['talos']:
            if e.get('source', 'n/a') not in exploit_links:
                e_pubdate, e_update = _extract_exploit_dates(
                    e.get('published', None), e.get('modified', None)
                )
                _new_exploit = {
                    'vuln': vuln,
                    'publicid': e.get('id', 'n/a'),
                    'link': e.get('source', 'n/a'),
                    'notes': "{}-{}".format(
                        e['id'],
                        e.get('title', '-')
                    ),
                    'trust_level': 'trusted',
                    'tlp_level': 'white',
                    'source': 'talos',
                    'availability': 'public',
                    'type': 'exploitation',
                    'maturity': 'functional',
                    'published': e_pubdate,
                    'modified': e_update,
                    'raw': e
                }
                ex_hash = hash(json.dumps(_new_exploit, sort_keys=True, default=_json_serial))
                _new_exploit.update({'hash': ex_hash})

                new_exploit = ExploitMetadata(**_new_exploit)
                new_exploit.save()
                reflinks.append(e.get('source', None))
                exploit_links.append(_new_exploit['link'])

    ## Nessus DB
    if 'nessus' in refs.keys():
        vuln.is_confirmed = True
        for e in refs['nessus']:
            reflinks.append(e['source'])
            e_pubdate, e_update = _extract_exploit_dates(
                e.get('published', None), e.get('modified', None)
            )
            e_info = {
                'exploit_available': False,
                'exploit_available_from': []
            }
            if 'sourceData' in e.keys():
                if '"exploitability_ease", value:"Exploits are available"' in e['sourceData']:
                    vuln.is_exploitable = True
                    e_info.update({'exploit_available': True})
                if '"exploitability_ease", value:"No exploit is required"' in e['sourceData']:
                    vuln.is_exploitable = True
                    e_info.update({'exploit_available': True})
                if '"exploit_available", value:"true"' in e['sourceData']:
                    vuln.is_exploitable = True
                    e_info.update({'exploit_available': True})
                if '"exploit_framework_core", value:"true"' in e['sourceData']:
                    vuln.is_exploitable = True
                    e_info['exploit_available_from'].append("Core Impact")
                if '"exploit_framework_metasploit", value:"true"' in e['sourceData']:
                    vuln.is_exploitable = True
                    e_info['exploit_available_from'].append("Metasploit")
                if '"exploit_framework_canvas", value:"true"' in e['sourceData']:
                    vuln.is_exploitable = True
                    e_info['exploit_available_from'].append("Canvas")
                if '"exploit_framework_exploithub", value:"true"' in e['sourceData']:
                    vuln.is_exploitable = True
                    e_info['exploit_available_from'].append("ExploitHub")
                if '"exploit_framework_d2_elliot", value:"true"' in e['sourceData']:
                    vuln.is_exploitable = True
                    e_info['exploit_available_from'].append("Elliot")
                if '"in_the_news", value:"true"' in e['sourceData']:
                    vuln.is_in_the_news = True
                if '"exploited_by_malware", value:"true"' in e['sourceData']:
                    vuln.is_in_the_wild = True

            if e_info['exploit_available'] is True:
                _new_exploit = {
                    'vuln': vuln,
                    'publicid': e.get('plugin id', 'n/a'),
                    'link': e.get('source', 'n/a'),
                    'notes': "{}-{}\nFramework(s):{}\n{}".format(
                        e['plugin id'],
                        e.get('title', '-'),
                        ", ".join(e_info['exploit_available_from']),
                        e.get('description', '-')
                    ),
                    'trust_level': 'trusted',
                    'tlp_level': 'white',
                    'source': 'nessus',
                    'availability': 'public',
                    'type': 'exploitation',
                    'maturity': 'functional',
                    'published': e_pubdate,
                    'modified': e_update,
                    'raw': e
                }
                ex_hash = hash(json.dumps(_new_exploit, sort_keys=True, default=_json_serial))
                _new_exploit.update({'hash': ex_hash})
                if vuln.exploitmetadata_set.filter(link=_new_exploit['link']).exists() is False:
                    new_exploit = ExploitMetadata(**_new_exploit)
                    new_exploit.save()
                    reflinks.append(e.get('source', None))
                    exploit_links.append(_new_exploit['link'])

    ## THN
    if 'the hacker news' in refs.keys():
        vuln.is_in_the_news = True
        for t in refs['the hacker news']:
            if vuln.threatmetadata_set.filter(link=t.get('source', 'n/a')).exists() is False:
                t_pubdate, t_update = _extract_exploit_dates(
                    t.get('published', None), t.get('modified', None)
                )
                _new_threat = {
                    'vuln': vuln,
                    'link': t.get('source', 'n/a'),
                    'notes': "{}".format(t.get('title', '-')),
                    'trust_level': 'trusted',
                    'tlp_level': 'white',
                    'source': 'the-hacker-news',
                    'is_in_the_news': True,
                    'published': t_pubdate,
                    'modified': t_update,
                    'raw': t
                }
                new_threat = ThreatMetadata(**_new_threat)
                new_threat.save()
                reflinks.append(t.get('source', None))
                exploit_links.append(_new_exploit['link'])

    ## REFMAP
    if 'refmap' in refs.keys() and type(refs['refmap']) == dict:
        reflinkids.update(refs['refmap'])

        # Confirm
        if 'confirm' in refs['refmap'].keys():
            vuln.is_confirmed = True
            for c in refs['refmap']['confirm']:
                reflinks.append(c)

        # SecurityFocus
        if 'bid' in refs['refmap'].keys():
            for b in refs['refmap']['bid']:
                reflinks.append('https://www.securityfocus.com/bid/{}'.format(b))

        # IBM X-Force
        # if 'xf' in refs['refmap'].keys():
        #     for xf in refs['refmap']['xf']:
        #         reflinks.append('https://exchange.xforce.ibmcloud.com/vulnerabilities/{}'.format(xf))

        # misc
        if 'misc' in refs['refmap'].keys():
            for b in refs['refmap']['misc']:
                reflinks.append(b)
                if b.endswith(".pdf") or b.endswith(".py"):
                    if vuln.exploitmetadata_set.filter(link=b).exists() is False:
                        vuln.is_exploitable = True
                        _new_exploit = {
                            'vuln': vuln,
                            'publicid': 'n/a',
                            'link': b,
                            'notes': "PoC or exploit found:\n{}".format(b),
                            'trust_level': 'unknown',
                            'tlp_level': 'white',
                            'source': 'misc',
                            'availability': 'public',
                            'type': 'unknown',
                            'maturity': 'poc',
                            'published': dtdate.today(),
                            'modified': dtdate.today(),
                            'raw': b
                        }
                        ex_hash = hash(json.dumps(_new_exploit, sort_keys=True, default=_json_serial))
                        _new_exploit.update({'hash': ex_hash})
                        new_exploit = ExploitMetadata(**_new_exploit)
                        new_exploit.save()
                        exploit_links.append(_new_exploit['link'])

                for feed in COMMON_EXPLOIT_FEEDS:
                    if feed in b and vuln.exploitmetadata_set.filter(link=b).exists() is False:
                        vuln.is_exploitable = True
                        _new_exploit = {
                            'vuln': vuln,
                            'publicid': 'n/a',
                            'link': b,
                            'notes': "PoC or exploit found:\n{}".format(b),
                            'trust_level': 'unknown',
                            'tlp_level': 'white',
                            'source': 'misc',
                            'availability': 'public',
                            'type': 'unknown',
                            'maturity': 'poc',
                            'published': dtdate.today(),
                            'modified': dtdate.today(),
                            'raw': b
                        }
                        ex_hash = hash(json.dumps(_new_exploit, sort_keys=True, default=_json_serial))
                        _new_exploit.update({'hash': ex_hash})
                        new_exploit = ExploitMetadata(**_new_exploit)
                        new_exploit.save()
                        exploit_links.append(_new_exploit['link'])

    if 'others' in refs.keys() and type(refs['others']) == list:
        for r in refs['others']:
            for feed in COMMON_EXPLOIT_FEEDS:
                try:
                    if feed in r['url'] and vuln.exploitmetadata_set.filter(link=r['url']).exists() is False:
                        vuln.is_exploitable = True
                        _new_exploit = {
                            'vuln': vuln,
                            'publicid': 'n/a',
                            'link': r['url'],
                            'notes': "PoC or exploit found:\n{}".format(r['url']),
                            'trust_level': 'unknown',
                            'tlp_level': 'white',
                            'source': 'nvd-misc',
                            'availability': 'public',
                            'type': 'unknown',
                            'maturity': 'functional',
                            'published': dtdate.today(),
                            'modified': dtdate.today(),
                            'raw': b
                        }
                        ex_hash = hash(json.dumps(_new_exploit, sort_keys=True, default=_json_serial))
                        _new_exploit.update({'hash': ex_hash})
                        new_exploit = ExploitMetadata(**_new_exploit)
                        new_exploit.save()
                        exploit_links.append(_new_exploit['link'])
                except Exception:
                    pass

    # Update reflinks and reflinkids
    reflinks.extend(vuln.reflinks)
    vuln.reflinks = sorted(list(set(reflinks)))
    vuln.reflinkids.update(reflinkids)
    vuln.save()

    # if sorted(vuln.reflinks) != sorted(list(set(reflinks))) or (not reflinkids.items() <= vuln.reflinkids.items()):
    #     vuln.reflinks = sorted(list(set(reflinks)))
    #     vuln.reflinkids.update(reflinkids)
    #     vuln.save()

    return True
Beispiel #4
0
def _create_vuln(data, packages, cveid=""):
    vuln_data = {
        'cveid': cveid,
        'cvss_vector': data['cvssv2_vector'],
        'cvss3_vector':  data['cvssv3_vector'],
        'summary': '{}\n{}\nSolution: {}'.format(data['title'], data['details'], data['recommendation']),
        # 'exploits': [],
        'feedid': data['id'],
        'is_confirmed':  data['is_confirmed'],
        'is_exploitable': data['is_exploitable'],
        'published': dtparser.parse(data['published_at']),
        'reflinks': data['references'],
        'assigner': data['source']
    }

    cve = CVE.objects.filter(cve_id=cveid).first()
    if cve is not None:
        vuln_data['cve'] = cve.id

    if str(data['cvssv2']).isnumeric():
        vuln_data['cvss'] = float(data['cvssv2'])
    if str(data['cvssv3']).isnumeric():
        vuln_data['cvss3'] = float(data['cvssv3'])

    # Search CWE
    if data['cwe_id'] != "":
        cwe_id = CWE.objects.filter(cwe_id=data['cwe_id']).first()
        if cwe_id is not None:
            vuln_data['cwe'] = cwe_id

    # When no CVSS is set
    if str(data['cvssv2']) == '' and str(data['cvssv3']) == '':
        if data['severity'] == 'critical':
            vuln_data['cvss'] = 10.0
        elif data['severity'] == 'high':
            vuln_data['cvss'] = 8.9
        elif data['severity'] == 'medium':
            vuln_data['cvss'] = 6.9
        elif data['severity'] == 'low':
            vuln_data['cvss'] = 3.9
        else:
            vuln_data['cvss'] = 3.9

    vuln = Vuln(**vuln_data)
    vuln.save()

    for rl in data['references']:
        # Check if it's an exploit
        for feed in COMMON_EXPLOIT_FEEDS:
            if feed in rl:
                vuln.is_exploitable = True
                _new_exploit = {
                    'vuln': vuln,
                    'publicid': 'n/a',
                    'link': rl,
                    'notes': "PoC or exploit found:\n{}".format(rl),
                    'trust_level': 'unknown',
                    'tlp_level': 'white',
                    'source': data['source'],
                    'availability': 'public',
                    'type': 'unknown',
                    'maturity': 'poc',
                    'published': dtdate.today(),
                    'modified': dtdate.today(),
                    'raw': rl
                }
                ex_hash = hash(json.dumps(_new_exploit, sort_keys=True, default=_json_serial))
                _new_exploit.update({'hash': ex_hash})
                new_exploit = ExploitMetadata(**_new_exploit)
                new_exploit.save()

    # Packages
    for package_name in packages:
        vuln.packages.add(package_name)

    if len(data['vulnerable_packages'].keys()) > 0:
        vuln.vulnerable_packages_versions = copy.deepcopy(data['vulnerable_packages'])

    # Products (CPE)
    if 'vulnerable_products' in data.keys() and data['vulnerable_products'] is not None:
        vuln.vulnerable_products = data['vulnerable_products']
        for product in _get_cpe_products(data['vulnerable_products']):
            vuln.products.add(product)

        vuln.save()
        vuln.update_product_versions()
    vuln.save()
    return vuln
Beispiel #5
0
def sync_vuln_fromcve(cve):
    # print(cve.vulnerable_products)
    _vuln_data = {
        'cve': cve,
        'cveid': cve.cve_id,
        'summary': cve.summary,
        'published': cve.published,
        'modified': cve.modified,
        'assigner': cve.assigner,
        'is_confirmed': True,
        'cvss': cve.cvss,
        'cvss_time': cve.cvss_time,
        'cvss_vector': cve.cvss_vector,
        'cvss_version': cve.cvss_version,
        'cvss_metrics': cve.cvss_metrics,
        'cvss3': cve.cvss3,
        'cvss3_vector': cve.cvss3_vector,
        'cvss3_version': cve.cvss3_version,
        'cvss3_metrics': cve.cvss3_metrics,
        'cwe': cve.cwe,
        'vulnerable_products': cve.vulnerable_products,
        'access': cve.access,
        'impact': cve.impact
    }
    vuln = Vuln.objects.filter(cve=cve).first()
    if vuln is None:
        vuln = Vuln(**_vuln_data)
        vuln.save()
    else:
        has_update = False
        for v in _vuln_data.keys():
            if _vuln_data[v] != getattr(vuln, v):
                has_update = True
                setattr(vuln, v, _vuln_data[v])
        if has_update is True:
            vuln.save()

    # Sync Products & Product versions
    for cp in cve.products.all():
        if cp not in vuln.products.all():
            vuln.products.add(cp)

    # Sync exploits tag from cve.references
    reflinks = []
    for ref in cve.references['others']:
        reflinks.append(ref['url'])
        if 'Exploit' in ref['tags']:
            vuln.is_confirmed = True
            vuln.is_exploitable = True
            ex = ExploitMetadata.objects.filter(vuln=vuln, link=ref['url']).first()
            if ex is None:
                new_exploit_data = {
                    'vuln': vuln,
                    'publicid': 'n/a',
                    'link': ref['url'],
                    'notes': "Synced from NVD",
                    'trust_level': 'trusted',
                    'tlp_level': 'white',
                    'source': 'nvd',
                    'availability': 'public',
                    'type': 'exploitation',
                    'maturity': 'unknown',
                    # 'published': e_pubdate,
                    # 'modified': e_update,
                    'raw': ref
                }
                new_exploit = ExploitMetadata(**new_exploit_data)
                new_exploit.save()

    vuln.reflinks = sorted(list(set(reflinks)))

    # Update product versions
    vuln.update_product_versions()

    # Save all
    vuln.save()

    # sync_exploits_fromvia(vuln.id)
    return vuln
Beispiel #6
0
def _update_vuln(vuln, data, packages, cveid=""):
    if cveid != "" and vuln.cveid == "":
        vuln.cveid = cveid

        cve = CVE.objects.filter(cve_id=cveid).first()
        if cve is not None:
            vuln.cve = cve

    if 'feedid' in data.keys() and vuln.feedid == '':
        vuln.feedid = data['feedid']

    if data['cwe_id'] != "":
        cwe = CWE.objects.filter(cwe_id=data['cwe_id']).first()
        if cwe is not None:
            vuln.cwe = cwe

    if str(data['cvssv2']).isnumeric() and vuln.cvss in [None, 0.0]:
        vuln.cvss = float(data['cvssv2'])
    if str(data['cvssv3']).isnumeric() and vuln.cvss3 in [None, 0.0]:
        vuln.cvss3 = float(data['cvssv3'])
    if data['cvssv2_vector'] != '' and vuln.cvss_vector == '':
        vuln.cvss_vector = data['cvssv2_vector']
    if data['cvssv3_vector'] != '' and vuln.cvss3_vector == '':
        vuln.cvss3_vector = data['cvssv3_vector']

    if data['is_exploitable'] is True and vuln.is_exploitable is False:
        vuln.is_exploitable = True
    if data['is_confirmed'] is True and vuln.is_confirmed is False:
        vuln.is_confirmed = True

    for ref in data['references']:
        if ref not in vuln.reflinks and ref.rstrip('/') not in vuln.reflinks:
            vuln_reflinks = list(vuln.reflinks)
            vuln_reflinks.append(ref)
            vuln.reflinks = sorted(list(set(vuln_reflinks)))

            # Check if it's an exploit
            for feed in COMMON_EXPLOIT_FEEDS:
                if feed in ref and vuln.exploitmetadata_set.filter(link=ref).exists() is False:
                    vuln.is_exploitable = True
                    _new_exploit = {
                        'vuln': vuln,
                        'publicid': 'n/a',
                        'link': ref,
                        'notes': "PoC or exploit found:\n{}".format(ref),
                        'trust_level': 'unknown',
                        'tlp_level': 'white',
                        'source': data['source'],
                        'availability': 'public',
                        'type': 'unknown',
                        'maturity': 'poc',
                        'published': dtdate.today(),
                        'modified': dtdate.today(),
                        'raw': ref
                    }
                    ex_hash = hash(json.dumps(_new_exploit, sort_keys=True, default=_json_serial))
                    _new_exploit.update({'hash': ex_hash})
                    new_exploit = ExploitMetadata(**_new_exploit)
                    new_exploit.save()

    # vulnerable_packages
    for package_name in packages:
        if package_name not in vuln.packages.all():
            vuln.packages.add(package_name)

    if len(data['vulnerable_packages'].keys()) > 0:
        vuln.vulnerable_packages_versions = {
            **vuln.vulnerable_packages_versions,
            **data['vulnerable_packages']
        }

    # vulnerable_products
    if 'vulnerable_products' in data.keys() and data['vulnerable_products'] is not None and len(data['vulnerable_products']) > 0:

        if vuln.vulnerable_products is not None and len(vuln.vulnerable_products) > 0:
            vvp = vuln.vulnerable_products.extend(data['vulnerable_products'])
        else:
            vvp = data['vulnerable_products']

        if vvp is not None and len(vvp) > 0:
            vuln.vulnerable_products = sorted(list(set(vvp)))
        else:
            vuln.vulnerable_products = []

        for product in _get_cpe_products(data['vulnerable_products']):
            if product not in vuln.products.all():
                vuln.products.add(product)

        vuln.save()
        vuln.update_product_versions()

    vuln.save()
    return vuln
Beispiel #7
0
def submit_metadata(self):
    submission = self.data.dict().copy()

    vuln = None
    link_type = "exploit"

    # First, search with the CVE ID
    if 'cveid' in submission.keys():
        vuln = Vuln.objects.filter(cveid=submission['cveid']).first()
        submission.pop('cveid', None)

    # Otherwise, check if a vuln ID is given
    if vuln is None and 'vuln_id' in submission.keys():
        vuln = Vuln.objects.filter(id=submission['vuln_id']).first()
        submission.pop('vuln_id', None)

    if vuln is None:
        return JsonResponse(
            {
                "status": "error",
                "message": "Unable to find vuln"
            }, safe=False)

    if 'submit_type' in submission.keys() and submission['submit_type'] in [
            'exploit', 'threat'
    ]:
        link_type = submission['submit_type']
    else:
        link_type = "exploit"

    submission.pop('submit_type', None)
    submission.update({'vuln_id': str(vuln.id)})

    s = None
    if link_type == 'exploit':
        try:
            for sl in vuln.exploitmetadata_set.values_list('link', flat=True):
                if submission['link'].rstrip('/') in sl.rstrip('/'):
                    return JsonResponse(
                        {
                            "status": "error",
                            "message":
                            "Exploit already related to vulnerability"
                        },
                        safe=False)
                s = ExploitMetadata(**submission)
        except Exception as e:
            print(e)
            return JsonResponse(
                {
                    "status": "error",
                    "message":
                    "Something goes wrong on ExploitMetadata creation"
                },
                safe=False)
    elif link_type == 'threat':
        try:
            for sl in vuln.threatmetadata_set.values_list('link', flat=True):
                if submission['link'].rstrip('/') in sl.rstrip('/'):
                    return JsonResponse(
                        {
                            "status":
                            "error",
                            "message":
                            "Threat news already related to vulnerability"
                        },
                        safe=False)
                s = ThreatMetadata(**submission)
        except Exception as e:
            print(e)
            return JsonResponse(
                {
                    "status": "error",
                    "message":
                    "Something goes wrong on ThreatMetadata creation"
                },
                safe=False)

    s.save()

    return JsonResponse({
        "status": "submitted",
        "type": link_type,
        "id": s.id
    },
                        safe=False)