def main():
cveObj = CVESearch()
counter = 0
try:
os.makedirs("jsonFiles")
except FileExistsError:
pass # already exists
os.chdir("jsonFiles")
print("By Henry Weckermann")
print(f"Downloading {len(cveIdList.cves)} files to Folder: /jsonFiles")
print("Please be patient as the program needs to wait every 20 entries to avoid an ip ban")
for cve in cveIdList.cves:
jsonData = cveObj.id(cve)
filename = cve
with open(cve + ".json", "w") as file:
#file.write(jsonData)
json.dump(jsonData, file)
counter = counter + 1
if counter%THRESHOLD == 0:
showProgress(counter)
time.sleep(SLEEPTIME)
def cvebuild(var):
"""Search for a CVE ID and return a STIX formatted response."""
cve = CVESearch()
data = json.loads(cve.id(var))
if data:
try:
from stix.utils import set_id_namespace
namespace = {NS: NS_PREFIX}
set_id_namespace(namespace)
except ImportError:
from mixbox.idgen import set_id_namespace
from mixbox.namespaces import Namespace
namespace = Namespace(NS, NS_PREFIX, "")
set_id_namespace(namespace)
pkg = STIXPackage()
pkg.stix_header = STIXHeader()
pkg = STIXPackage()
pkg.stix_header = STIXHeader()
pkg.stix_header.handling = _marking()
# Define the exploit target
expt = ExploitTarget()
expt.title = data['id']
expt.description = data['summary']
expt.information_source = InformationSource(
identity=Identity(name="National Vulnerability Database"))
# Add the vulnerability object to the package object
expt.add_vulnerability(_vulnbuild(data))
# Add the COA object to the ET object
for coa in COAS:
expt.potential_coas.append(
CourseOfAction(
idref=coa['id'],
timestamp=expt.timestamp))
# Do some TTP stuff with CAPEC objects
if TTPON is True:
try:
for i in data['capec']:
pkg.add_ttp(_buildttp(i, expt))
except KeyError:
pass
expt.add_weakness(_weakbuild(data))
# Add the exploit target to the package object
pkg.add_exploit_target(expt)
xml = pkg.to_xml()
title = pkg.id_.split(':', 1)[-1]
# If the function is not imported then output the xml to a file.
if __name__ == '__main__':
_postconstruct(xml, title)
return xml
else:
sys.exit("[-] Error retrieving details for " + var)
def cvebuild(var):
"""Search for a CVE ID and return a STIX formatted response."""
cve = CVESearch()
data = json.loads(cve.id(var))
if data:
try:
from stix.utils import set_id_namespace
namespace = {NS: NS_PREFIX}
set_id_namespace(namespace)
except ImportError:
from mixbox.idgen import set_id_namespace
from mixbox.namespaces import Namespace
namespace = Namespace(NS, NS_PREFIX, "")
set_id_namespace(namespace)
pkg = STIXPackage()
pkg.stix_header = STIXHeader()
pkg = STIXPackage()
pkg.stix_header = STIXHeader()
pkg.stix_header.handling = _marking()
# Define the exploit target
expt = ExploitTarget()
expt.title = data['id']
expt.description = data['summary']
expt.information_source = InformationSource(identity=Identity(
name="National Vulnerability Database"))
# Add the vulnerability object to the package object
expt.add_vulnerability(_vulnbuild(data))
# Add the COA object to the ET object
for coa in COAS:
expt.potential_coas.append(
CourseOfAction(idref=coa['id'], timestamp=expt.timestamp))
# Do some TTP stuff with CAPEC objects
if TTPON is True:
try:
for i in data['capec']:
pkg.add_ttp(_buildttp(i, expt))
except KeyError:
pass
expt.add_weakness(_weakbuild(data))
# Add the exploit target to the package object
pkg.add_exploit_target(expt)
xml = pkg.to_xml()
title = pkg.id_.split(':', 1)[-1]
# If the function is not imported then output the xml to a file.
if __name__ == '__main__':
_postconstruct(xml, title)
return xml
else:
sys.exit("[-] Error retrieving details for " + var)
def cvebuild(var):
"""Search for a CVE ID and return a STIX formatted response."""
cve = CVESearch()
data = json.loads(cve.id(var))
if data:
try:
from stix.utils import set_id_namespace
namespace = {NS: NS_PREFIX}
set_id_namespace(namespace)
except ImportError:
from stix.utils import idgen
from mixbox.namespaces import Namespace
namespace = Namespace(NS, NS_PREFIX, "")
idgen.set_id_namespace(namespace)
pkg = STIXPackage()
pkg.stix_header = STIXHeader()
pkg = STIXPackage()
pkg.stix_header = STIXHeader()
pkg.stix_header.handling = marking()
# Define the exploit target
expt = ExploitTarget()
expt.title = data['id']
expt.description = data['summary']
# Add the vulnerability object to the package object
expt.add_vulnerability(vulnbuild(data))
# Do some TTP stuff with CAPEC objects
try:
for i in data['capec']:
ttp = TTP()
ttp.title = "CAPEC-" + str(i['id'])
ttp.description = i['summary']
ttp.exploit_targets.append(ExploitTarget(idref=expt.id_))
pkg.add_ttp(ttp)
except KeyError:
pass
# Do some weakness stuff
if data['cwe'] != 'Unknown':
weak = Weakness()
weak.cwe_id = data['cwe']
expt.add_weakness(weak)
# Add the exploit target to the package object
pkg.add_exploit_target(expt)
xml = pkg.to_xml()
# If the function is not imported then output the xml to a file.
if __name__ == '__main__':
title = pkg.id_.split(':', 1)[-1]
with open(title + ".xml", "w") as text_file:
text_file.write(xml)
return xml
jasper_cve_id = []
git_link = ""
git_issue_link = ""
is_link_found = False
is_issue_link_found = False
data = cve.search("jasper")['data']
for item in data:
jasper_cve_id.append(item['id'])
print('Please write the cve that you wish to inspect')
cve_id_input = 'CVE-2016-8882'
for link in cve.id(cve_id_input)['references']:
if link.startswith('https://github.com/mdadams/jasper/commit'):
git_link = link
is_link_found = True
elif link.startswith('https://github.com/mdadams/jasper/issues'):
git_issue_link = link
is_issue_link_found = True
if is_link_found and is_issue_link_found:
break
if not is_link_found:
print('Link not found on cve, scraping the rest of the links')
for link in cve.id(cve_id_input)['references']:
git_link = findgitlink(link,
'https://github.com/mdadams/jasper/commit')
cve = CVESearch()
orgs = {}
with open(r"Stgo445.json", "r") as read_file:
data = json.load(read_file)
print(len(data))
with open(r"cves.json", "r") as read_file:
cves = json.load(read_file)
print("Largo cves inicial", len(cves))
for i, dato in enumerate(data):
#agrego informacion de las vulnerabilidades
vuls = []
if dato.get('vulns'):
for x in dato.get('vulns'):
if x in cves:
vuls.append(cves[x])
else:
try:
cveid = cve.id(x)
vuls.append(cveid)
cves[x] = cveid
print("Se agrego una nueva vuln: ", x, ", van: ",
len(cves))
time.sleep(1)
except:
print("hubo un problema, nos saltamos una vuln")
else:
dato['vulns'] = []
with open('cvesV3.json', 'w') as fout:
json.dump(cves, fout)
def get(self, cve_id):
cve = CVESearch()
return cve.id("{}".format(cve_id))
def scanExploit(exploit, id):
cveData = ''
#empty json data
vulnData = {}
#the url we want to check
url = EXPLOITURL + id
#Request the page with the selected headers
page = requests.get(url, headers=HEADER)
time.sleep(0.1)
tree = html.fromstring(page.content)
#What to look for on the page, that says if it has app or not
#Look in html anchor for href with /apps/ in it
#Example: <a href="/apps/786c8d62bf18c6c88d2d82a9443cd1e1-httpd-2.0.44.tar.gz">
hasapp = tree.xpath(
"//a[re:match(@href, '/apps/')]",
namespaces={"re": "http://exslt.org/regular-expressions"})
#Checks if the exploit is verified, using the checkmark class
isverified = tree.xpath("//i[contains(@class, 'mdi-check')]")
if hasapp and isverified:
vulnData['application_name'] = exploit[2]
vulnData['exploitdb_id'] = id
vulnData['type'] = exploit[5]
vulnData['platform'] = exploit[6]
vulnData['published_date'] = exploit[3]
vulnData['added_date'] = datetime.datetime.fromtimestamp(
time.time()).strftime('%Y-%m-%d')
#if the page has an app, scan all the anchors
#anchors are normally where hrefs are located
#Since both the app and the cve is found in href this is what we need
links = tree.xpath('//a')
for link in links:
#Store the app url
#here it is also possible to download the url directly and store elsewhere
if '/apps/' in link.attrib['href']:
vulnData[
'file_path'] = 'https://www.exploit-db.com' + link.attrib[
'href'].strip()
if 'CVE' in link.attrib['href']:
#CVE is link and text content is the CVE id
#Example: 2014-6271
vulnData['cve'] = 'CVE-' + link.text_content().strip()
#using https://github.com/barnumbirr/ares
#to get cve data
#load in CVESearch object
cve_search = CVESearch()
cveData = cve_search.id(vulnData['cve'])
#Sometimes the CVE has no data, so check for that
if cveData:
if 'summary' in cveData:
vulnData['cve_summary'] = cveData.get('summary')
if 'cvss' in cveData:
vulnData['cvss'] = cveData.get('cvss')
if 'cwe' in cveData: vulnData['cwe'] = cveData.get('cwe')
if 'impact' in cveData:
vulnData['impact'] = cveData.get('impact')
if 'msbulletin' in cveData:
vulnData['msbulletin'] = cveData.get('msbulletin')
if 'vulnerable_configuration_cpe_2_2' in cveData:
vulnData['vulnerable_configuration'] = cveData.get(
'vulnerable_configuration_cpe_2_2')
if cveData:
if collection.insert_one(vulnData).acknowledged == True:
return True
else:
return False
else:
return False
class TestCVEAPI(unittest.TestCase):
def setUp(self):
self.cve = CVESearch()
def tearDown(self):
self.cve.session.close()
def test_init(self):
self.assertTrue(isinstance(self.cve, CVESearch))
def test_session_headers(self):
user_agent = 'ares - python wrapper around cve.circl.lu (github.com/barnumbirr/ares)'
self.assertEqual(self.cve.session.headers["Content-Type"],
"application/json")
self.assertEqual(self.cve.session.headers["User-agent"], user_agent)
@unittest.skip("Test too aggressive for provider.")
def test_empty_browse(self):
response = self.cve.browse()
self.assertIsNotNone(response)
self.assertIsInstance(response, dict)
self.assertIsNone(response["product"])
self.assertIsInstance(response["vendor"], list)
self.assertTrue(len(response["vendor"]) > 1000)
def test_browse(self):
response = self.cve.browse(param="python-requests")
self.assertIsNotNone(response)
self.assertIsInstance(response, dict)
self.assertEqual(response["vendor"], "python-requests")
def test_capec(self):
response = self.cve.capec(param="13")
self.assertIsNotNone(response)
self.assertIsInstance(response, dict)
self.assertEqual(response["name"],
"Subverting Environment Variable Values")
@unittest.skip("Endpoint disabled on cve.circl.lu")
def test_cpe22(self):
response = self.cve.cpe22(
'cpe:2.3:o:microsoft:windows_vista:6.0:sp1:-:-:home_premium:-:-:x64:-'
)
self.assertIsNotNone(response)
self.assertIsInstance(response, str)
self.assertEqual(
response,
"cpe:/o:microsoft:windows_vista:6.0:sp1:~~home_premium~~x64~")
@unittest.skip("Endpoint disabled on cve.circl.lu")
def test_cpe23(self):
response = self.cve.cpe23(
'cpe:/o:microsoft:windows_vista:6.0:sp1:~-~home_premium~-~x64~-')
self.assertIsNotNone(response)
self.assertIsInstance(response, str)
self.assertEqual(
response,
"cpe:2.3:o:microsoft:windows_vista:6.0:sp1:-:-:home_premium:-:-:x64"
)
@unittest.skip("Endpoint disabled on cve.circl.lu")
def test_cvefor(self):
response = self.cve.cvefor(
'cpe:/o:microsoft:windows_vista:6.0:sp1:~-~home_premium~-~x64~-')
self.assertIsNotNone(response)
self.assertIsInstance(response, dict)
self.assertEqual(response["id"], "CVE-2005-0100")
@unittest.skip("Test too aggressive for provider.")
def test_cwe(self):
response = self.cve.cwe()
self.assertIsNotNone(response)
self.assertIsInstance(response, dict)
def test_db_info(self):
response = self.cve.dbinfo()
self.assertIsNotNone(response)
self.assertIsInstance(response, dict)
def test_id(self):
response = self.cve.id(param="CVE-2015-2296")
self.assertIsNotNone(response)
self.assertIsInstance(response, dict)
self.assertEqual(response["Published"], "2015-03-18T16:59:00")
def test_bad_id(self):
response = self.cve.id(param="CVE-not-real")
self.assertIsNone(response)
def test_last(self):
response = self.cve.last()
self.assertIsNotNone(response)
self.assertIsInstance(response, list)
self.assertEqual(len(response), 30)
@unittest.skip("Endpoint disabled on cve.circl.lu")
def test_link(self):
response = self.cve.link(param="refmap.ms/CVE-2016-3309")
self.assertIsNotNone(response)
self.assertIsInstance(response, dict)
self.assertEqual(response["cves"]["cwe"], "CWE-264")
@unittest.skip("Endpoint disabled on cve.circl.lu")
def test_search_vendor(self):
response = self.cve.search(param="python-requests")
self.assertIsNotNone(response)
self.assertIsInstance(response, dict)
self.assertIsInstance(response["data"], list)
