def text_search(search_term, trommel_output): search_text = Search(search_term).text() cve_field = re.findall(r'CVE-\d+-\d+', search_text, re.S) if search_text is not "null": cve_hit = '"(CVE-\d+-\d+ : .*\.)"' name_hit = re.findall(cve_hit, search_text) for match_hit in name_hit: trommel_output.write( "Check file version on embedded device - Found %s and it has been associated with %s\n" % (search_term, match_hit)) #Searches above CVE in Exploit-DB and Metasploit for cve_hit in cve_field: edb = exploitdb_result(cve_hit) msf = metasploit_result(cve_hit) #Exploit-DB result if edb is not "null": url_match = "http://www.exploit-db.com/exploits/\d{1,8}" urls = re.findall(url_match, edb, re.S) for url_hit in urls: trommel_output.write("%s has a known exploit: %s\n" % (cve_hit, url_hit)) #Metasploit results if msf is not "null": msf_fname = "metasploit-framework/modules/.*\.rb" msf_title = '"title": "(.*)"' msf_fn_match = re.findall(msf_fname, msf) msf_title_match = re.findall(msf_title, msf) for match in msf_fn_match: for match2 in msf_title_match: trommel_output.write( "%s is associated with the following Metasploit Module: %s - %s\n" % (cve_hit, match2, match))
def text_search(search_term, trommel_vfeed_output): search_text = Search(search_term).text() cve_field = re.findall(r'CVE-\d+-\d+', search_text, re.S) if search_text is not "null": cve_hit = '"(CVE-\d+-\d+ : .*\.)"' name_hit = re.findall(cve_hit, search_text) for match_hit in name_hit: trommel_vfeed_output.write( "Found %s and it has been associated with %s\n" % (search_term, match_hit)) #Searches above CVE in Exploit-DB and Metasploit for cve_hit in cve_field: edb = exploitdb_result(cve_hit) msf = metasploit_result(cve_hit) snort = snort_result(cve_hit) nmap = nmap_result(cve_hit) #Exploit-DB result if edb is not "null": url_match = "http://www.exploit-db.com/exploits/\d{1,8}" urls = re.findall(url_match, edb, re.S) for url_hit in urls: trommel_vfeed_output.write("%s has a known exploit: %s\n" % (cve_hit, url_hit)) #Metasploit results if msf is not "null": msf_fname = "metasploit-framework/modules/.*\.rb" msf_title = '"title": "(.*)"' msf_fn_match = re.findall(msf_fname, msf) msf_title_match = re.findall(msf_title, msf) for match in msf_fn_match: for match2 in msf_title_match: trommel_vfeed_output.write( "%s is associated with the following Metasploit Module: %s - %s\n" % (cve_hit, match2, match)) #Snort results if snort is not "null": snort_sid = 'id": "sid:(.*)' snort_sid_match = re.findall(snort_sid, snort) for match in snort_sid_match: trommel_vfeed_output.write( "%s is associated with the Snort sid:%s" % (cve_hit, match)) #Nmap results if nmap is not "null": nmap_script = '"file": "(.*)",' nmap_script_match = re.findall(nmap_script, nmap) for match in nmap_script_match: trommel_vfeed_output.write( "%s is associated with the Nmap script: %s" % (cve_hit, match))
def cve_search_func(cve_term): found_cve = Search(cve_term).cve() return found_cve
cve = "CVE-2011-3402" print("Metasploit information related to", cve) metasploit = CveExploit(cve).get_msf() print(metasploit) cve = "CVE-2004-0990" print("Snort information related to", cve) snort = CveRules(cve).get_snort() print(snort) cve = "CVE-2004-0990" print(ExportJson(cve).json_dump()) cve = "CVE-2004-0990" print("Search for", cve) print(Search(cve).cve()) cve = "CVE-2004-1231213233123312313" print("Search for", cve) print(Search(cve).cve()) cve = "CVE-AAAA-1_D233123312313" print("Search for", cve) print(Search(cve).cve()) cpe = "cpe:/a:invensys:foxboro" print("Search for", cpe) print(Search(cpe).cpe()) cpe = "cpe:/a:invensys:AZEAZZEAZEAZEEEAZZA" print("Search for", cpe)
"--update", help="Update the Vulnerability and Threat Database", action="store_true", required=False) parser.add_argument("--list", help="Enumerate the list of available methods", action="store_true", required=False) parser.add_argument("--banner", help="Print vFeed banner", action="store_true", required=False) args = parser.parse_args() if args.search: Search(args.search) elif args.update: Update().update() elif args.banner: banner() elif args.stats: method_name = args.stats[0] if method_name == "get_stats" or method_name == "get_latest": result = getattr(Stats(), method_name) print result() else: print "[!] Unknown Method" elif args.list: enum_classes("list", "") elif args.method or args.export: if args.method:
def process_data(hosts_dict): global res_dict, host_count for host, service_list in hosts_dict.iteritems(): for service in service_list: serv_ver = service[3].split('.') good_version = '{} {}'.format(service[2], service[3]) vfeed_search = Search(good_version) vuln_list = vfeed_search.detect_entry() if not vuln_list: good_version = '{} {}'.format(service[2], '.'.join(serv_ver[0]+serv_ver[1])) vfeed_search = Search(good_version) vuln_list = vfeed_search.detect_entry() if vuln_list: if good_version not in res_dict: res_dict[good_version] = ([],[],[],[]) # CVE, INFO, HOSTS, Exploit PoC for vuln in vuln_list: write_vuln = False vuln_severity_json = CveRisk(vuln[0]).get_severity() vuln_severity = json.loads(vuln_severity_json) if len(vuln_severity) != 0: for data in vuln_severity: for key, value in data.iteritems(): if key == 'severity' and value in ['Moderate', 'High']: vuln_severity = value write_vuln = True if write_vuln: if vuln[0] not in res_dict[good_version][0]: res_dict[good_version][0].append(vuln[0]) host_to_write = '{} ({} {})'.format(host, service[2], service[3]) if host_to_write not in res_dict[good_version][2]: res_dict[good_version][2].append(host_to_write) info = CveInfo(vuln[0]).get_cve() cve_info = json.loads(info) for vuln_info in cve_info: for key, value in vuln_info.iteritems(): vuln_summ = '\n'+vuln[0]+': '+value+'\nSeverity: '+vuln_severity if key == 'summary' and vuln_summ not in res_dict[good_version][1]: res_dict[good_version][1].append(vuln_summ) msf = CveExploit(vuln[0]).get_msf() if len(json.loads(msf)) != 0: msf_data = json.loads(msf) for vuln_dict in msf_data: for key, value in vuln_dict.iteritems(): if key == 'file' and value not in res_dict[good_version][3]: res_dict[good_version][3].append(value) edb = CveExploit(vuln[0]).get_edb() if len(json.loads(edb)) != 0: edb_data = json.loads(edb) for vuln_dict in edb_data: for key, value in vuln_dict.iteritems(): if key == 'url' and value not in res_dict[good_version][3]: res_dict[good_version][3].append(value) host_count += 1 return
parser.add_argument("--banner", help="Print the banner", action="store_true", required=False) parser.add_argument("--migrate", help="Migration to MongoDB", action="store_true", required=False) args = parser.parse_args() if args.search: method = args.search[0] cve_id = args.search[1] try: result = getattr(Search(cve_id), method) print(result()) except Exception as e: print("[!] Unknown built-in function:", str(e)) if args.update: print( "[+] The vFeed Database must be downloaded from the official repository at https://vfeed.io" ) print("[+] Once downloaded, decompress it into your API repository.") if args.banner: banner() if args.migrate: # checking whether the MongoDB server is running
def text_search(search_term, trommel_output): search_text = Search(search_term).text() cve_field = re.findall(r'CVE-\d+-\d+', search_text, re.S) #trommel_output.write("cvefile%s" %(cve_field)) if search_text is not "null": cve_hit = '"(CVE-\d+-\d+ : .*\.)"' name_hit = re.findall(cve_hit, search_text) for match_hit in name_hit: #trommel_output.write("Check file version on embedded device - Found %s and it has been associated with %s\n" % (search_term, match_hit)) match_hitcve=match_hit.split(':',1)[0] match_desccve=match_hit.split(':',1)[-1] trommel_output.write("AAAA%s & %s & %s \n" % (search_term, match_hitcve, match_desccve)) ''' #从关联的漏洞中找Exploit-DB and Metasploit攻击模块 flagAttackM=0 for cve_hit in cve_field: edb = exploitdb_result(cve_hit) msf = metasploit_result(cve_hit) #Exploit-DB result if edb is not "null": url_match = "http://www.exploit-db.com/exploits/\d{1,8}" urls = re.findall(url_match, edb, re.S) for url_hit in urls: #trommel_output.write("%s has a known exploit: %s\n" % (cve_hit, url_hit)) trommel_output.write("embedded -Found %s associated: %s:%s\n" % (search_term, match_hitcve, url_hit)) flagAttackM=1 #Metasploit results if msf is not "null": msf_fname = "metasploit-framework/modules/.*\.rb" msf_title = '"title": "(.*)"' msf_fn_match = re.findall(msf_fname, msf) msf_title_match = re.findall(msf_title, msf) for match in msf_fn_match: for match2 in msf_title_match: #trommel_output.write("%s is associated Metasploit: %s - %s\n" % (cve_hit, match2, match)) trommel_output.write("embedded -Found %s associated: %s:%s - %s\n" % (search_term, match_hitcve, match2, match)) flagAttackM=1 if flagAttackM==1: flagAttackM=0 else: trommel_output.write("embedded -Found %s associated: %s\n" % (search_term, match_hitcve)) ''' #Searches above CVE in Exploit-DB and Metasploit for cve_hit in cve_field: edb = exploitdb_result(cve_hit) msf = metasploit_result(cve_hit) #Exploit-DB result if edb is not "null": url_match = "http://www.exploit-db.com/exploits/\d{1,8}" urls = re.findall(url_match, edb, re.S) for url_hit in urls: #trommel_output.write("%s has a known exploit: %s\n" % (cve_hit, url_hit)) trommel_output.write("%s & %s\n" % (cve_hit, url_hit)) #Metasploit results if msf is not "null": msf_fname = "metasploit-framework/modules/.*\.rb" msf_title = '"title": "(.*)"' msf_fn_match = re.findall(msf_fname, msf) msf_title_match = re.findall(msf_title, msf) for match in msf_fn_match: for match2 in msf_title_match: #trommel_output.write("%s is associated with the following Metasploit Module: %s - %s\n" % (cve_hit, match2, match)) trommel_output.write("%s & %s - %s\n" % (cve_hit, match2, match))
def process_data(hosts_dict): global res_dict, host_count for host, service_list in hosts_dict.iteritems(): for service in service_list: serv_ver = service[3].split('.') vfeed_search = Search('{} {}'.format(service[2], service[3])) good_version = '{} {}'.format(service[2], service[3]) vuln_list = vfeed_search.detect_entry() if not vuln_list: vfeed_search = Search('{} {}'.format( service[2], '.'.join(serv_ver[0] + serv_ver[1]))) good_version = '{} {}'.format( service[2], '.'.join(serv_ver[0] + serv_ver[1])) vuln_list = vfeed_search.detect_entry() if vuln_list: if good_version not in res_dict: res_dict[good_version] = ( [], [], [], []) # CVE, INFO, HOSTS, Exploit PoC for vuln in vuln_list: write_vuln = False vuln_severity_json = CveRisk(vuln[0]).get_severity() vuln_severity = json.loads(vuln_severity_json) if len(vuln_severity) != 0: for data in vuln_severity: for key, value in data.iteritems(): if key == 'severity' and value in [ 'Moderate', 'High' ]: vuln_severity = value write_vuln = True if write_vuln: if vuln[0] not in res_dict[good_version][0]: res_dict[good_version][0].append(vuln[0]) host_to_write = '{} ({} {})'.format( host, service[2], service[3]) if host_to_write not in res_dict[good_version][2]: res_dict[good_version][2].append(host_to_write) info = CveInfo(vuln[0]).get_cve() cve_info = json.loads(info) for vuln_info in cve_info: for key, value in vuln_info.iteritems(): vuln_summ = '\n' + vuln[ 0] + ': ' + value + '\nSeverity: ' + vuln_severity if key == 'summary' and vuln_summ not in res_dict[ good_version][1]: res_dict[good_version][1].append(vuln_summ) msf = CveExploit(vuln[0]).get_msf() if len(json.loads(msf)) != 0: msf_data = json.loads(msf) for vuln_dict in msf_data: for key, value in vuln_dict.iteritems(): if key == 'file' and value not in res_dict[ good_version][3]: res_dict[good_version][3].append(value) edb = CveExploit(vuln[0]).get_edb() if len(json.loads(edb)) != 0: edb_data = json.loads(edb) for vuln_dict in edb_data: for key, value in vuln_dict.iteritems(): if key == 'url' and value not in res_dict[ good_version][3]: res_dict[good_version][3].append(value) host_count += 1 return
cve = "CVE-2011-3402" print "Metasploit information related to", cve metasploit = CveExploit(cve).get_msf() print metasploit cve = "CVE-2004-0990" print "Snort information related to", cve snort = CveRules(cve).get_snort() print snort from lib.core.search import Search cpe = "cpe:/a:invensys:foxboro" print "Search for", cpe Search(cpe) cwe = "cwe-89" print "Search for", cwe Search(cwe) cve = "CVE-2004-0990" print "Search for", cve Search(cve) oval = "oval:org.mitre.oval:def:17538" print "Search for", oval Search(oval) cve = "CVE-2004-0990" export = ExportJson(cve).json_dump()
def get_cpe(cpe): return Search(cpe).cpe()
action="store_true", required=False) parser.add_argument("--migrate", help="Migration to MongoDB", action="store_true", required=False) parser.add_argument( "-t", "--hsearch", metavar="id", type=str, help="Search High risk vuln for CVE,CPE,CWE, OVAL or free text") args = parser.parse_args() if args.search: Search(args.search, False) if args.hsearch: Search(args.hsearch, True) elif args.update: Update().update() elif args.banner: banner() elif args.migrate: Migrate() elif args.stats: method_name = args.stats[0] if method_name == "get_stats" or method_name == "get_latest": result = getattr(Stats(), method_name) print result() else: print "[!] Unknown Method"