Ejemplo n.º 1
0
		print ("Host: " + sourceHost)
		
		if os.path.exists('Results'):
			shutil.rmtree('Results')
		directory='Results'
		#Create results directory to store the raw output
		if not os.path.exists(directory):
			os.makedirs(directory)
		if not os.path.exists(directory + '/' + sourceIP):
			os.makedirs(directory + '/' + sourceIP)
		
		#Get CVE from STIX
		stix_package = STIXPackage.from_xml(file)
		for target in stix_package.exploit_targets:
			for vuln in target.vulnerabilities:
				print "CVE: " + vuln.cve_id
				print "DESC:" + str(vuln.description)
				vulnObject=str(vuln.description)
				cve = vuln.cve_id
		if len(cve) > 0:
			if len(vulnObject) > 0:
				if not os.path.exists('VulnXML/' + vuln.cve_id + '.xml'):
					shutil.copyfile(file,'VulnXML/' + vuln.cve_id + '.xml')
				numResults=TARDIS.main(cve, vulnObject, sourceIP, sourceHost)
			else:
				print("Description missing from Exploit Target")
		else:
			print("CVE Missing from STIX File")

	else:
		print ("Unable to resolve hostname, please provide one with -d option")
Ejemplo n.º 2
0
        shutil.rmtree("Results")

    numHosts = 0

    for host in root.findall("./audit/hosts/host"):
        numHosts = numHosts + 1
        directory = "Results"
        # Create results directory to store the raw output
        if not os.path.exists(directory):
            os.makedirs(directory)
            # Get IP address to run threat search against
        for ip in host.findall("./ip"):
            sourceIP = ip.text
            # We like individual directories per IP
            if not os.path.exists(directory + "/" + sourceIP):
                os.makedirs(directory + "/" + sourceIP)
        for hostname in host.findall("./dnsName"):
            sourceHost = hostname.text
        for vulnerability in host.findall("./vulnerabilities/vulnerability"):
            internalVulnerabilityID = vulnerability.get("id")
            vulnName = internalVulnerabilityID
            # Convert internal vulnerability ID into a human readable name
            for line in open("idmap.config"):
                if internalVulnerabilityID in line:
                    vulnName = re.sub("\d+\:", "", line)
                    vulnName = re.sub("(\r\n|\r|\n)", "", vulnName)
                    internalVulnerabilityID = vulnName
            numResults = TARDIS.main(vulnName, sourceIP, sourceHost)
    if numHosts < 1:
        sys.exit("Not a valid XML file, use IP360 XML3 audit output")
Ejemplo n.º 3
0
        print("Host: " + sourceHost)

        if os.path.exists('Results'):
            shutil.rmtree('Results')
        directory = 'Results'
        #Create results directory to store the raw output
        if not os.path.exists(directory):
            os.makedirs(directory)
        if not os.path.exists(directory + '/' + sourceIP):
            os.makedirs(directory + '/' + sourceIP)

        #Get CVE from STIX
        stix_package = STIXPackage.from_xml(file)
        for target in stix_package.exploit_targets:
            for vuln in target.vulnerabilities:
                print "CVE: " + vuln.cve_id
                print "DESC:" + str(vuln.description)
                vulnObject = str(vuln.description)
                cve = vuln.cve_id
        if len(cve) > 0:
            if len(vulnObject) > 0:
                if not os.path.exists('VulnXML/' + vuln.cve_id + '.xml'):
                    shutil.copyfile(file, 'VulnXML/' + vuln.cve_id + '.xml')
                numResults = TARDIS.main(cve, vulnObject, sourceIP, sourceHost)
            else:
                print("Description missing from Exploit Target")
        else:
            print("CVE Missing from STIX File")

    else:
        print("Unable to resolve hostname, please provide one with -d option")