def get_ness_report(self):
cve_detail_list = self.cve_list_rp
for cve in cve_detail_list:
#topvas
nvt_topvas_list = Sql.select_nvts_topvas_by_cve(cve)
topvas_exist = 'no'
topvas_file = ''
if len(nvt_topvas_list) != 0:
topvas_exist = 'yes'
topvas_file = ''
count = 0
for file in nvt_topvas_list:
count = count + 1
if count == 1:
topvas_file = file[0]
else:
topvas_file = topvas_file + ',' + file[0]
#nessus
nvt_ness_list = Sql.select_nvts_ness_by_cve(cve)
nessus_file = ''
nessus_exist = 'no'
if len(nvt_ness_list) != 0:
nessus_exist = 'yes'
nessus_file = ''
count = 0
for file in nvt_ness_list:
count = count + 1
if count == 1:
nessus_file = file[0]
else:
nessus_file = nessus_file + ',' + file[0]
Sql.insert_ness_report(cve, topvas_file, topvas_exist, nessus_file, nessus_exist)
def data_nvts_en(self):
Sql.insert_nvts_en()
Sql.ctl_index_nvts_en()
#统计nvts_en数据量
nvt_num_info = Sql.select_count_nvts_en_by_cn_ok('no')
for info_n in nvt_num_info:
count_nvts_numbers = info_n[0]
return count_nvts_numbers
def translate_family(self, google_translate):
#翻译family
results_family = Sql.select_family_from_blog_blogspost()
for family_info in results_family:
family = family_info[0]
print('##family:' + family)
try:
family_cn = google_translate.translate_cn(family)
except:
print('#->fanyi family error:family=%s' % (family))
continue
Sql.update_blog_blogspost_by_family(family_cn, family)
def data_init(self, flag):
#####创建表 blog_blogspost 并插入数据
#只有入参为True,则需要重新构建 blog_blogspost 里面的数据
print('flag=' + str(flag))
if flag == True:
print('first')
#插入数据
Sql.insert_blog_blogspost()
#同步表nvts与blog_blogspost的数据
#self.sync_data()
#更新tag
self.update_tag()
def cve_report(self):
#cve topvas
cve_detail_list = Sql.select_cve_detail_list()
for cve_info in cve_detail_list:
product_id = cve_info[0]
product_name = cve_info[1]
year = cve_info[2]
vul_type = cve_info[3]
cve = cve_info[4]
topvas_file_tmp = ''
#topvas
nvt_topvas_list = Sql.select_nvts_topvas_by_cve(cve)
topvas_exist = 'no'
topvas_file = ''
if len(nvt_topvas_list) != 0:
topvas_exist = 'yes'
topvas_file = ''
count = 0
for file in nvt_topvas_list:
count = count + 1
if count == 1:
topvas_file = file[0]
else:
topvas_file = topvas_file + ',' + file[0]
#nessus
nvt_ness_list = Sql.select_nvts_ness_by_cve(cve)
nessus_file = ''
nessus_exist = 'no'
if len(nvt_ness_list) != 0:
nessus_exist = 'yes'
nessus_file = ''
count = 0
for file in nvt_ness_list:
count = count + 1
if count == 1:
nessus_file = file[0]
else:
nessus_file = nessus_file + ',' + file[0]
#生成报告
Sql.insert_cve_report(product_id, product_name, year, vul_type, cve, topvas_file, topvas_exist, nessus_file, nessus_exist)
def get_tag_info(self, sync_data):
all_nvts = Sql.select_tag_from_nvts()
for info_nvts in all_nvts:
tag_data = info_nvts[0]
if tag_data != 'NOTAG':
dict_data = sync_data.data_to_dict(tag_data, '=', '|')
for key in dict_data:
if key not in self.Tag_all_name_en:
self.Tag_all_name_en.append(key)
for tag in self.Tag_all_name_en:
print('#nvts tag:' + tag)
def get_cve_report_files(self):
file_list = []
product_name_list = Sql.select_tb_cve_report_by_product_name()
for product_name_info in product_name_list:
product_name = product_name_info[0]
print('###product_name=' + product_name)
result_file = Sql.select_tb_cve_report(product_name)
file_count = 0
ness_file = ''
for item in result_file:
#file_tmp_list = item[0]
#print(file_tmp_list)
file_tmp_list = item[0].split(',')
for file in file_tmp_list:
if file not in file_list:
#print('ness file:' + file)
file_count = file_count + 1
ness_file = ness_file + ' ' + file
#file_list.append(file)
print('file_count=' + str(file_count))
print('ness_file=' + ness_file)
Sql.insert_ness_report_dist(product_name, file_count, ness_file)
def main(self):
progress = 0
sr_nvts_list = Sql.select_nvts()
for nvts_info in sr_nvts_list:
id = nvts_info[0]
uuid = nvts_info[1]
oid = nvts_info[2]
version = nvts_info[3]
name = nvts_info[4]
comment = nvts_info[5]
copyright = nvts_info[6]
cve = nvts_info[7]
bid = nvts_info[8]
xref = nvts_info[9]
tag = nvts_info[10]
category = nvts_info[11]
family = nvts_info[12]
cvss_base = nvts_info[13]
creation_time = nvts_info[14]
modification_time = nvts_info[15]
solution_type = nvts_info[16]
qod = nvts_info[17]
qod_type = nvts_info[18]
family_cn = ''
#根据oid查找对应的中文信息
nvts_cn_list = MySql.select_nvts_cn_tmp(oid)
for nvts_cn_info in nvts_cn_list:
name = nvts_cn_info[0]
tag = nvts_cn_info[1]
family_cn = nvts_cn_info[2]
progress = progress + 1
if progress % 100 == 0:
print('progress:%d' % (progress))
MySql.insert_nvts_cn(id, uuid, oid, version, name, comment,
copyright, cve, bid, xref, tag, category,
family, cvss_base, creation_time,
modification_time, solution_type, qod,
qod_type, family_cn)
def data_process(self, all_nvts, google_translate):
for info_nvts in all_nvts:
self.count_progress = self.count_progress + 1
nvts_id = info_nvts[0]
nvts_oid = info_nvts[1]
nvts_name = info_nvts[2]
nvts_summary = info_nvts[3]
nvts_affected = info_nvts[4]
nvts_solution = info_nvts[5]
nvts_insight = info_nvts[6]
nvts_vuldetect = info_nvts[7]
nvts_impact = info_nvts[8]
nvts_synopsis = info_nvts[9]
nvts_description = info_nvts[10]
nvts_exploitability_ease = info_nvts[11]
nvts_risk_factor = info_nvts[12]
nvts_metasploit_name = info_nvts[13]
nvts_d2_elliot_name = info_nvts[14]
#1.name
nvts_name_cn = ''
if '' != nvts_name:
try:
nvts_name_cn = google_translate.translate_cn(
nvts_name).replace('\'', '\'\'').replace('\\n', '\n')
nvts_name = nvts_name.replace('\'', '\'\'')
except:
print('#->fanyi Name error:oid=' + nvts_oid + ', name=' +
nvts_name)
continue
#2.summary
nvts_summary_cn = ''
if '' != nvts_summary:
try:
nvts_summary_cn = google_translate.translate_cn(
nvts_summary).replace('\'',
'\'\'').replace('\\n', '\n')
except:
print('#->fanyi summary error:oid=' + nvts_oid +
', summary=' + nvts_summary)
continue
#3.affected
nvts_affected_cn = ''
if '' != nvts_affected:
try:
nvts_affected_cn = google_translate.translate_cn(
nvts_affected).replace('\'',
'\'\'').replace('\\n', '\n')
except:
print('#->fanyi affected error:oid=' + nvts_oid +
', affected=' + nvts_affected)
continue
#4.solution
nvts_solution_cn = ''
if '' != nvts_solution:
try:
nvts_solution_cn = google_translate.translate_cn(
nvts_solution).replace('\'',
'\'\'').replace('\\n', '\n')
except:
print('#->fanyi solution error:oid=' + nvts_oid +
', solution=' + nvts_solution)
continue
#5.insight
nvts_insight_cn = ''
if '' != nvts_insight:
try:
#text.decode("utf-8").
nvts_insight_cn = google_translate.translate_cn(
nvts_insight).replace('\'',
'\'\'').replace('\\n', '\n')
except:
print('#->fanyi insight error:oid=' + nvts_oid +
', insight=' + nvts_insight)
continue
#6.vuldetect
nvts_vuldetect_cn = ''
if '' != nvts_vuldetect:
try:
nvts_vuldetect_cn = google_translate.translate_cn(
nvts_vuldetect).replace('\'',
'\'\'').replace('\\n', '\n')
except:
print('#->fanyi vuldetect error:oid=' + nvts_oid +
', vuldetect=' + nvts_vuldetect)
continue
#7.impact
nvts_impact_cn = ''
if '' != nvts_impact:
try:
nvts_impact_cn = google_translate.translate_cn(
nvts_impact).replace('\'',
'\'\'').replace('\\n', '\n')
except:
print('#->fanyi impact error:oid=' + nvts_oid +
', impact=' + nvts_impact)
continue
#8.synopsis
nvts_synopsis_cn = ''
if '' != nvts_synopsis:
try:
nvts_synopsis_cn = google_translate.translate_cn(
nvts_synopsis).replace('\'',
'\'\'').replace('\\n', '\n')
except:
print('#->fanyi synopsis error:oid=' + nvts_oid +
', synopsis=' + nvts_synopsis)
continue
#9.description
nvts_description_cn = ''
if '' != nvts_description:
try:
nvts_description_cn = google_translate.translate_cn(
nvts_description).replace('\'',
'\'\'').replace('\\n', '\n')
except:
print('#->fanyi description error:oid=' + nvts_oid +
', description=' + nvts_description)
continue
#10.exploitability_ease
nvts_exploitability_ease_cn = ''
if '' != nvts_exploitability_ease:
try:
nvts_exploitability_ease_cn = google_translate.translate_cn(
nvts_exploitability_ease).replace('\'',
'\'\'').replace(
'\\n', '\n')
except:
print('#->fanyi exploitability_ease error:oid=' +
nvts_oid + ', exploitability_ease=' +
nvts_exploitability_ease)
continue
#11.risk_factor
nvts_risk_factor_cn = ''
if '' != nvts_risk_factor:
try:
nvts_risk_factor_cn = google_translate.translate_cn(
nvts_risk_factor,
'en').replace('\'', '\'\'').replace('\\n', '\n')
except:
print('#->fanyi risk_factor error:oid=' + nvts_oid +
', risk_factor=' + nvts_risk_factor)
continue
#12.metasploit_name
nvts_metasploit_name_cn = ''
if '' != nvts_metasploit_name:
try:
nvts_metasploit_name_cn = google_translate.translate_cn(
nvts_metasploit_name,
'en').replace('\'', '\'\'').replace('\\n', '\n')
except:
print('#->fanyi metasploit_name error:oid=' + nvts_oid +
', metasploit_name=' + nvts_metasploit_name)
continue
#13.d2_elliot_name
nvts_d2_elliot_name_cn = ''
if '' != nvts_d2_elliot_name:
try:
nvts_d2_elliot_name_cn = google_translate.translate_cn(
nvts_d2_elliot_name).replace('\'', '\'\'').replace(
'\\n', '\n')
except:
print('#->fanyi d2_elliot_name error:oid=' + nvts_oid +
', d2_elliot_name=' + nvts_d2_elliot_name)
continue
print("##->progress=" + str(self.count_progress))
Sql.update_blog_blogspost_cn(
nvts_name_cn, nvts_summary_cn, nvts_affected_cn,
nvts_solution_cn, nvts_insight_cn, nvts_vuldetect_cn,
nvts_impact_cn, nvts_synopsis_cn, nvts_description_cn,
nvts_exploitability_ease_cn, nvts_risk_factor_cn,
nvts_metasploit_name_cn, nvts_d2_elliot_name_cn, nvts_oid,
nvts_name)
def nomal_data_proc(self, threadName, min, max, google_translate):
results = Sql.select_nvts_en_limit(min, max)
self.data_process(results, google_translate)
def __init__(self):
#Sql.drop_tb_cve_report()
Sql.ctl_tb_cve_report()
Sql.cls_tb_cve_report()
Sql.ctl_index_nvts_ness()
Sql.ctl_tb_ness_report()
Sql.cls_tb_ness_report()
Sql.ctl_tb_ness_report_dist()
Sql.cls_tb_ness_report_dist()
def __init__(self):
Sql.drop_blog_blogspost()
#创建表blog_blogspost
Sql.ctl_tb_blog_blogspost()
#清空表blog_blogspost数据
Sql.clr_blog_blogspost()
#创建索引
Sql.ctl_index_blog_blogspost()
#创建表nvts_en 用于保存带翻译的英文数据
Sql.drop_tb_nvts_en()
Sql.ctl_tb_nvts_en()
def update_tag(self):
#更新tag数据
count_set = 0
result_tag = Sql.select_blog_blogspost_by_cn_ok('no')
for info in result_tag:
oid = info[0]
name = info[1].replace('\'', '\'\'')
tag_data = info[2]
summary = ''
affected = ''
solution = ''
insight = ''
vuldetect = ''
impact = ''
synopsis = ''
description = ''
exploitability_ease = ''
risk_factor = ''
metasploit_name = ''
d2_elliot_name = ''
if tag_data != 'NOTAG':
key_list = []
dict_data = self.data_to_dict(tag_data, '=', '|')
for key in dict_data:
key_list.append(key)
if 'summary' in key_list:
summary = dict_data['summary'].replace('\'', '\'\'')
if 'affected' in key_list:
affected = dict_data['affected'].replace('\'', '\'\'')
if 'solution' in key_list:
solution = dict_data['solution'].replace('\'', '\'\'')
if 'insight' in key_list:
insight = dict_data['insight'].replace('\'', '\'\'')
if 'vuldetect' in key_list:
vuldetect = dict_data['vuldetect'].replace('\'', '\'\'')
if 'impact' in key_list:
impact = dict_data['impact'].replace('\'', '\'\'')
if 'synopsis' in key_list:
synopsis = dict_data['synopsis'].replace('\'', '\'\'')
if 'description' in key_list:
description = dict_data['description'].replace(
'\'', '\'\'')
if 'exploitability_ease' in key_list:
exploitability_ease = dict_data[
'exploitability_ease'].replace('\'', '\'\'')
if 'risk_factor' in key_list:
risk_factor = dict_data['risk_factor'].replace(
'\'', '\'\'')
if 'metasploit_name' in key_list:
metasploit_name = dict_data['metasploit_name'].replace(
'\'', '\'\'')
if 'd2_elliot_name' in key_list:
d2_elliot_name = dict_data['d2_elliot_name'].replace(
'\'', '\'\'')
count_set = count_set + 1
print('##Update Progress##' + str(count_set))
Sql.update_blog_blogspost(summary, affected, solution, insight,
vuldetect, impact, synopsis, description,
exploitability_ease, risk_factor,
metasploit_name, d2_elliot_name, oid,
name)
def sync_data(self):
Sql.sync_blog_blogspost_and_nvts()