def main(): cveObj = CVESearch() counter = 0 try: os.makedirs("jsonFiles") except FileExistsError: pass # already exists os.chdir("jsonFiles") print("By Henry Weckermann") print(f"Downloading {len(cveIdList.cves)} files to Folder: /jsonFiles") print("Please be patient as the program needs to wait every 20 entries to avoid an ip ban") for cve in cveIdList.cves: jsonData = cveObj.id(cve) filename = cve with open(cve + ".json", "w") as file: #file.write(jsonData) json.dump(jsonData, file) counter = counter + 1 if counter%THRESHOLD == 0: showProgress(counter) time.sleep(SLEEPTIME)
def cvebuild(var): """Search for a CVE ID and return a STIX formatted response.""" cve = CVESearch() data = json.loads(cve.id(var)) if data: try: from stix.utils import set_id_namespace namespace = {NS: NS_PREFIX} set_id_namespace(namespace) except ImportError: from mixbox.idgen import set_id_namespace from mixbox.namespaces import Namespace namespace = Namespace(NS, NS_PREFIX, "") set_id_namespace(namespace) pkg = STIXPackage() pkg.stix_header = STIXHeader() pkg = STIXPackage() pkg.stix_header = STIXHeader() pkg.stix_header.handling = _marking() # Define the exploit target expt = ExploitTarget() expt.title = data['id'] expt.description = data['summary'] expt.information_source = InformationSource( identity=Identity(name="National Vulnerability Database")) # Add the vulnerability object to the package object expt.add_vulnerability(_vulnbuild(data)) # Add the COA object to the ET object for coa in COAS: expt.potential_coas.append( CourseOfAction( idref=coa['id'], timestamp=expt.timestamp)) # Do some TTP stuff with CAPEC objects if TTPON is True: try: for i in data['capec']: pkg.add_ttp(_buildttp(i, expt)) except KeyError: pass expt.add_weakness(_weakbuild(data)) # Add the exploit target to the package object pkg.add_exploit_target(expt) xml = pkg.to_xml() title = pkg.id_.split(':', 1)[-1] # If the function is not imported then output the xml to a file. if __name__ == '__main__': _postconstruct(xml, title) return xml else: sys.exit("[-] Error retrieving details for " + var)
def cvebuild(var): """Search for a CVE ID and return a STIX formatted response.""" cve = CVESearch() data = json.loads(cve.id(var)) if data: try: from stix.utils import set_id_namespace namespace = {NS: NS_PREFIX} set_id_namespace(namespace) except ImportError: from mixbox.idgen import set_id_namespace from mixbox.namespaces import Namespace namespace = Namespace(NS, NS_PREFIX, "") set_id_namespace(namespace) pkg = STIXPackage() pkg.stix_header = STIXHeader() pkg = STIXPackage() pkg.stix_header = STIXHeader() pkg.stix_header.handling = _marking() # Define the exploit target expt = ExploitTarget() expt.title = data['id'] expt.description = data['summary'] expt.information_source = InformationSource(identity=Identity( name="National Vulnerability Database")) # Add the vulnerability object to the package object expt.add_vulnerability(_vulnbuild(data)) # Add the COA object to the ET object for coa in COAS: expt.potential_coas.append( CourseOfAction(idref=coa['id'], timestamp=expt.timestamp)) # Do some TTP stuff with CAPEC objects if TTPON is True: try: for i in data['capec']: pkg.add_ttp(_buildttp(i, expt)) except KeyError: pass expt.add_weakness(_weakbuild(data)) # Add the exploit target to the package object pkg.add_exploit_target(expt) xml = pkg.to_xml() title = pkg.id_.split(':', 1)[-1] # If the function is not imported then output the xml to a file. if __name__ == '__main__': _postconstruct(xml, title) return xml else: sys.exit("[-] Error retrieving details for " + var)
def cvebuild(var): """Search for a CVE ID and return a STIX formatted response.""" cve = CVESearch() data = json.loads(cve.id(var)) if data: try: from stix.utils import set_id_namespace namespace = {NS: NS_PREFIX} set_id_namespace(namespace) except ImportError: from stix.utils import idgen from mixbox.namespaces import Namespace namespace = Namespace(NS, NS_PREFIX, "") idgen.set_id_namespace(namespace) pkg = STIXPackage() pkg.stix_header = STIXHeader() pkg = STIXPackage() pkg.stix_header = STIXHeader() pkg.stix_header.handling = marking() # Define the exploit target expt = ExploitTarget() expt.title = data['id'] expt.description = data['summary'] # Add the vulnerability object to the package object expt.add_vulnerability(vulnbuild(data)) # Do some TTP stuff with CAPEC objects try: for i in data['capec']: ttp = TTP() ttp.title = "CAPEC-" + str(i['id']) ttp.description = i['summary'] ttp.exploit_targets.append(ExploitTarget(idref=expt.id_)) pkg.add_ttp(ttp) except KeyError: pass # Do some weakness stuff if data['cwe'] != 'Unknown': weak = Weakness() weak.cwe_id = data['cwe'] expt.add_weakness(weak) # Add the exploit target to the package object pkg.add_exploit_target(expt) xml = pkg.to_xml() # If the function is not imported then output the xml to a file. if __name__ == '__main__': title = pkg.id_.split(':', 1)[-1] with open(title + ".xml", "w") as text_file: text_file.write(xml) return xml
jasper_cve_id = [] git_link = "" git_issue_link = "" is_link_found = False is_issue_link_found = False data = cve.search("jasper")['data'] for item in data: jasper_cve_id.append(item['id']) print('Please write the cve that you wish to inspect') cve_id_input = 'CVE-2016-8882' for link in cve.id(cve_id_input)['references']: if link.startswith('https://github.com/mdadams/jasper/commit'): git_link = link is_link_found = True elif link.startswith('https://github.com/mdadams/jasper/issues'): git_issue_link = link is_issue_link_found = True if is_link_found and is_issue_link_found: break if not is_link_found: print('Link not found on cve, scraping the rest of the links') for link in cve.id(cve_id_input)['references']: git_link = findgitlink(link, 'https://github.com/mdadams/jasper/commit')
cve = CVESearch() orgs = {} with open(r"Stgo445.json", "r") as read_file: data = json.load(read_file) print(len(data)) with open(r"cves.json", "r") as read_file: cves = json.load(read_file) print("Largo cves inicial", len(cves)) for i, dato in enumerate(data): #agrego informacion de las vulnerabilidades vuls = [] if dato.get('vulns'): for x in dato.get('vulns'): if x in cves: vuls.append(cves[x]) else: try: cveid = cve.id(x) vuls.append(cveid) cves[x] = cveid print("Se agrego una nueva vuln: ", x, ", van: ", len(cves)) time.sleep(1) except: print("hubo un problema, nos saltamos una vuln") else: dato['vulns'] = [] with open('cvesV3.json', 'w') as fout: json.dump(cves, fout)
def get(self, cve_id): cve = CVESearch() return cve.id("{}".format(cve_id))
def scanExploit(exploit, id): cveData = '' #empty json data vulnData = {} #the url we want to check url = EXPLOITURL + id #Request the page with the selected headers page = requests.get(url, headers=HEADER) time.sleep(0.1) tree = html.fromstring(page.content) #What to look for on the page, that says if it has app or not #Look in html anchor for href with /apps/ in it #Example: <a href="/apps/786c8d62bf18c6c88d2d82a9443cd1e1-httpd-2.0.44.tar.gz"> hasapp = tree.xpath( "//a[re:match(@href, '/apps/')]", namespaces={"re": "http://exslt.org/regular-expressions"}) #Checks if the exploit is verified, using the checkmark class isverified = tree.xpath("//i[contains(@class, 'mdi-check')]") if hasapp and isverified: vulnData['application_name'] = exploit[2] vulnData['exploitdb_id'] = id vulnData['type'] = exploit[5] vulnData['platform'] = exploit[6] vulnData['published_date'] = exploit[3] vulnData['added_date'] = datetime.datetime.fromtimestamp( time.time()).strftime('%Y-%m-%d') #if the page has an app, scan all the anchors #anchors are normally where hrefs are located #Since both the app and the cve is found in href this is what we need links = tree.xpath('//a') for link in links: #Store the app url #here it is also possible to download the url directly and store elsewhere if '/apps/' in link.attrib['href']: vulnData[ 'file_path'] = 'https://www.exploit-db.com' + link.attrib[ 'href'].strip() if 'CVE' in link.attrib['href']: #CVE is link and text content is the CVE id #Example: 2014-6271 vulnData['cve'] = 'CVE-' + link.text_content().strip() #using https://github.com/barnumbirr/ares #to get cve data #load in CVESearch object cve_search = CVESearch() cveData = cve_search.id(vulnData['cve']) #Sometimes the CVE has no data, so check for that if cveData: if 'summary' in cveData: vulnData['cve_summary'] = cveData.get('summary') if 'cvss' in cveData: vulnData['cvss'] = cveData.get('cvss') if 'cwe' in cveData: vulnData['cwe'] = cveData.get('cwe') if 'impact' in cveData: vulnData['impact'] = cveData.get('impact') if 'msbulletin' in cveData: vulnData['msbulletin'] = cveData.get('msbulletin') if 'vulnerable_configuration_cpe_2_2' in cveData: vulnData['vulnerable_configuration'] = cveData.get( 'vulnerable_configuration_cpe_2_2') if cveData: if collection.insert_one(vulnData).acknowledged == True: return True else: return False else: return False
class TestCVEAPI(unittest.TestCase): def setUp(self): self.cve = CVESearch() def tearDown(self): self.cve.session.close() def test_init(self): self.assertTrue(isinstance(self.cve, CVESearch)) def test_session_headers(self): user_agent = 'ares - python wrapper around cve.circl.lu (github.com/barnumbirr/ares)' self.assertEqual(self.cve.session.headers["Content-Type"], "application/json") self.assertEqual(self.cve.session.headers["User-agent"], user_agent) @unittest.skip("Test too aggressive for provider.") def test_empty_browse(self): response = self.cve.browse() self.assertIsNotNone(response) self.assertIsInstance(response, dict) self.assertIsNone(response["product"]) self.assertIsInstance(response["vendor"], list) self.assertTrue(len(response["vendor"]) > 1000) def test_browse(self): response = self.cve.browse(param="python-requests") self.assertIsNotNone(response) self.assertIsInstance(response, dict) self.assertEqual(response["vendor"], "python-requests") def test_capec(self): response = self.cve.capec(param="13") self.assertIsNotNone(response) self.assertIsInstance(response, dict) self.assertEqual(response["name"], "Subverting Environment Variable Values") @unittest.skip("Endpoint disabled on cve.circl.lu") def test_cpe22(self): response = self.cve.cpe22( 'cpe:2.3:o:microsoft:windows_vista:6.0:sp1:-:-:home_premium:-:-:x64:-' ) self.assertIsNotNone(response) self.assertIsInstance(response, str) self.assertEqual( response, "cpe:/o:microsoft:windows_vista:6.0:sp1:~~home_premium~~x64~") @unittest.skip("Endpoint disabled on cve.circl.lu") def test_cpe23(self): response = self.cve.cpe23( 'cpe:/o:microsoft:windows_vista:6.0:sp1:~-~home_premium~-~x64~-') self.assertIsNotNone(response) self.assertIsInstance(response, str) self.assertEqual( response, "cpe:2.3:o:microsoft:windows_vista:6.0:sp1:-:-:home_premium:-:-:x64" ) @unittest.skip("Endpoint disabled on cve.circl.lu") def test_cvefor(self): response = self.cve.cvefor( 'cpe:/o:microsoft:windows_vista:6.0:sp1:~-~home_premium~-~x64~-') self.assertIsNotNone(response) self.assertIsInstance(response, dict) self.assertEqual(response["id"], "CVE-2005-0100") @unittest.skip("Test too aggressive for provider.") def test_cwe(self): response = self.cve.cwe() self.assertIsNotNone(response) self.assertIsInstance(response, dict) def test_db_info(self): response = self.cve.dbinfo() self.assertIsNotNone(response) self.assertIsInstance(response, dict) def test_id(self): response = self.cve.id(param="CVE-2015-2296") self.assertIsNotNone(response) self.assertIsInstance(response, dict) self.assertEqual(response["Published"], "2015-03-18T16:59:00") def test_bad_id(self): response = self.cve.id(param="CVE-not-real") self.assertIsNone(response) def test_last(self): response = self.cve.last() self.assertIsNotNone(response) self.assertIsInstance(response, list) self.assertEqual(len(response), 30) @unittest.skip("Endpoint disabled on cve.circl.lu") def test_link(self): response = self.cve.link(param="refmap.ms/CVE-2016-3309") self.assertIsNotNone(response) self.assertIsInstance(response, dict) self.assertEqual(response["cves"]["cwe"], "CWE-264") @unittest.skip("Endpoint disabled on cve.circl.lu") def test_search_vendor(self): response = self.cve.search(param="python-requests") self.assertIsNotNone(response) self.assertIsInstance(response, dict) self.assertIsInstance(response["data"], list)