def start(self,port=None,systems=None):
connect = Configuration.getMongoConnection()
self.db = connect['cves']
self.systems=systems
app = Flask(__name__, static_folder='static', static_url_path='/static')
app.config['MONGO_DBNAME'] = Configuration.getMongoDB()
# functions
def getEnhance():
for system in self.systems:
cpe=system['cpe']
if cpe:
system['cves']=list(self.db.find({'vulnerable_configuration': system['cpe']}))
#get possible dpe info and store in dpe
for service in system['services']:
if 'cpe' in service:
service['cves']=list(self.db.find({'vulnerable_configuration':service['cpe']}))
#get dpe info for service
return systems
# routes
@app.route('/')
def index():
systems=getEnhance()
return render_template('index.html', systems=systems)
@app.route('/cve/<cveid>')
def cve(cveid):
cvesp = cves.last(rankinglookup = True, namelookup = True, vfeedlookup = True)
cve = cvesp.getcve(cveid=cveid)
if cve is None:
return page_not_found(404)
cve = markCPEs(cve)
return render_template('cve.html', cve=cve)
# filters
@app.template_filter('product')
def product(banner):
if banner:
p=re.search('(product:).([^\s]+)', banner)
return p.group(2)
else:
return "unknown"
# debug filter
@app.template_filter('type')
def isType(var):
return type(var)
#start webserver
app.run(host='127.0.0.1', port=5000, debug=True)
def __init__(self,
collection="cves",
rankinglookup=False,
namelookup=False,
vfeedlookup=False):
self.collectionname = collection
self.rankinglookup = rankinglookup
self.namelookup = namelookup
self.vfeedlookup = vfeedlookup
connectdb = Configuration.getMongoConnection()
self.collection = connectdb[self.collectionname]
if rankinglookup:
self.ranking = connectdb['ranking']
if namelookup:
if "cpeother" in connectdb.collection_names():
self.cpe = connectdb['cpeother']
else:
self.cpe = connectdb['cpe']
if vfeedlookup:
self.vfeed = connectdb['vfeed']
from Config import Configuration
from list import CPEList
# parse command line arguments
argparser = argparse.ArgumentParser(description='populate/update the whitelist used in webviews')
argparser.add_argument('-a', action='append', help='add one or more CPE to whitelist')
argparser.add_argument('-r', action='append', help='remove one or more CPE from whitelist')
argparser.add_argument('-i', help='filename of the whitelist to import')
argparser.add_argument('-e', help='filename of the whitelist to export')
argparser.add_argument('-d', action='store_true', help='drop the whitelist')
argparser.add_argument('-f', action='store_true', help='force an action')
argparser.add_argument('-v', action='store_true', help='verbose output')
args = argparser.parse_args()
# connect to db
db = Configuration.getMongoConnection()
collection = db.mgmt_whitelist
def importWhitelist(importFile):
oList = CPEList(collection, args)
oList.importList(importFile)
def exportWhitelist(exportFile):
oList = CPEList(collection, args)
oList.exportList(exportFile)
def dropWhitelist():
oList = CPEList(collection, args)
oList.dropCollection()
def countWhitelist():
import sys
runPath = os.path.dirname(os.path.realpath(__file__))
sys.path.append(os.path.join(runPath, "./lib/"))
from urllib.request import urlopen
import tarfile
import shutil
import sqlite3
from Config import Configuration
vFeedurl = Configuration.getvFeedURL()
vFeedstatus = Configuration.getvFeedStatus()
# connect to db
db = Configuration.getMongoConnection()
info = db.info
u = urlopen(vFeedurl)
i = info.find_one({'db': 'vfeed'})
if i is not None:
if u.headers['last-modified'] == i['last-modified']:
sys.exit("Not modified")
info.update({'db': 'vfeed'},
{"$set": {
'last-modified': u.headers['last-modified']
}},
upsert=True)
if not os.path.exists('./tmp'):
os.mkdir('./tmp')
def nbelement(db = Configuration.getMongoDB(), collection = None):
if collection is None:
collection = "cves"
c = Configuration.getMongoConnection()
return c[collection].count()
def main():
# Imports
import os
import sys
_runPath = os.path.dirname(os.path.realpath(__file__))
sys.path.append(os.path.join(_runPath, "./lib/"))
import re
import argparse
import csv
from urllib.parse import urlparse
import json
from bson import json_util
import cves
from Config import Configuration
# connect to DB
db = Configuration.getMongoConnection()
collection = db.cves
# init control variables
csvOutput = 0
htmlOutput = 0
jsonOutput = 0
xmlOutput = 0
# init various variables :-)
vSearch = ""
vOutput = ""
vFreeSearch = ""
# parse command-line arguments
argParser = argparse.ArgumentParser(description='Search for vulnerabilities in the National Vulnerability DB. Data from http://nvd.nist.org.')
argParser.add_argument('-p', type=str, help='S = search product, e.g. o:microsoft:windows_7 or o:cisco:ios:12.1')
argParser.add_argument('-f', type=str, help='F = free text search in vulnerability summary')
argParser.add_argument('-c', action='append', help='search one or more CVE-ID')
argParser.add_argument('-o', type=str, help='O = output format [csv|html|json|xml|cveid]')
argParser.add_argument('-l', action='store_true', help='sort in descending mode')
argParser.add_argument('-n', action='store_true', help='lookup complete cpe (Common Platform Enumeration) name for vulnerable configuration')
argParser.add_argument('-r', action='store_true', help='lookup ranking of vulnerable configuration')
argParser.add_argument('-v', type=str, help='vendor name to lookup in reference URLs')
args = argParser.parse_args()
vSearch = args.p
cveSearch = args.c
vOutput = args.o
vFreeSearch = args.f
sLatest = args.l
namelookup = args.n
rankinglookup = args.r
cves = cves.last(rankinglookup = rankinglookup, namelookup = namelookup)
# replace special characters in vSearch with encoded version.
# Basically cuz I'm to lazy to handle conversion on DB creation ...
if vSearch:
vSearch = re.sub(r'\(','%28', vSearch)
vSearch = re.sub(r'\)','%29', vSearch)
# define which output to generate.
if vOutput == "csv":
csvOutput = 1
elif vOutput == "html":
htmlOutput = 1
elif vOutput == "xml":
xmlOutput = 1
from xml.etree.ElementTree import Element, SubElement, tostring
from xml.sax.saxutils import escape as SaxEscape
r = Element('cve-search')
elif vOutput == "json":
jsonOutput = 1
elif vOutput == "cveid":
cveidOutput = 1
else:
cveidOutput = False
# Print first line of html output
if htmlOutput and args.p is not None:
print("<html><body><h1>CVE search "+ args.p +" </h1>")
elif htmlOutput and args.c is not None:
print("<html><body><h1>CVE-ID "+ str(args.c) +" </h1>")
# search default is ascending mode
sorttype=1
if sLatest:sorttype=-1
def printCVE(item):
if not namelookup and not rankinglookup:
print(json.dumps(item, sort_keys=True, default=json_util.default))
else:
if "vulnerable_configuration" in item:
vulconf = []
ranking = []
for conf in item['vulnerable_configuration']:
if namelookup:
vulconf.append(cves.getcpe(cpeid=conf))
if rankinglookup:
rank = cves.getranking(cpeid=conf)
if rank and rank not in ranking:
ranking.append(rank)
if namelookup:
item['vulnerable_configuration'] = vulconf
if rankinglookup:
item['ranking'] = ranking
print(json.dumps(item, sort_keys=True, default=json_util.default))
if cveSearch:
for cveid in cveSearch:
for item in collection.find({'id': cveid}).sort("Modified",sorttype):
printCVE(item)
# Basic freetext search (in vulnerability summary).
# Full-text indexing is more efficient to search across all CVEs.
if vFreeSearch:
for item in collection.find({'summary': {'$regex' : re.compile(vFreeSearch, re.IGNORECASE)}}).sort("Modified",sorttype):
print(item)
# Search Product (best to use CPE notation, e.g. cisco:ios:12.2
if vSearch:
for item in collection.find({"vulnerable_configuration": {'$regex' : vSearch}}).sort("Modified",sorttype):
if csvOutput:
# We assume that the vendor name is usually in the hostame of the
# URL to avoid any match on the resource part
refs=[]
for entry in item['references']:
if args.v is not None:
url = urlparse(entry)
hostname = url.netloc
if re.search(args.v, hostname):
refs.append(entry)
if not refs:
refs = "[no vendor link found]"
if namelookup:
nl = " ".join(item['vulnerable_configuration'])
csvoutput = csv.writer(sys.stdout, delimiter='|', quotechar='|', quoting=csv.QUOTE_MINIMAL)
if not namelookup:
csvoutput.writerow([item['id'],item['Published'],item['cvss'],item['summary'],refs])
else:
csvoutput.writerow([item['id'],item['Published'],item['cvss'],item['summary'],refs,nl])
elif htmlOutput:
print("<h2>"+item['id']+"<br></h2>CVSS score: "+item['cvss']+"<br>"+"<b>"+item['Published']+"<b><br>"+item['summary']+"<br>")
print("References:<br>")
for entry in item['references']:
print(entry+"<br>")
print("<hr><hr>")
# bson straight from the MongoDB db - converted to JSON default
# representation
elif jsonOutput:
printCVE(item)
elif xmlOutput:
c = SubElement(r,'id')
c.text = item['id']
c = SubElement(r,'Published')
c.text = item['Published']
c = SubElement(r,'cvss')
c.text = item['cvss']
c = SubElement(r,'summary')
c.text = SaxEscape(item['summary'])
for e in item['references']:
c = SubElement(r,'references')
c.text = SaxEscape(e)
for e in item['vulnerable_configuration']:
c = SubElement(r,'vulnerable_configuration')
c.text = SaxEscape(e)
elif cveidOutput:
print(item['id'])
else:
print("CVE\t: " + item['id'])
print("DATE\t: " + item['Published'])
print("CVSS\t: " + str(item['cvss']))
print(item['summary'])
print("\nReferences:")
print("-----------")
for entry in item['references']:
print(entry)
print("\nVulnerable Configs:")
print("-------------------")
for entry in item['vulnerable_configuration']:
if not namelookup:
print(entry)
else:
print(cves.getcpe(cpeid=entry))
print("\n\n")
if htmlOutput:
print("</body></html>")
if xmlOutput:
# default encoding is UTF-8. Should this be detected on the terminal?
s = tostring(r).decode("utf-8")
print(s)
