def text_search(search_term, trommel_output):
search_text = Search(search_term).text()
cve_field = re.findall(r'CVE-\d+-\d+', search_text, re.S)
if search_text is not "null":
cve_hit = '"(CVE-\d+-\d+ : .*\.)"'
name_hit = re.findall(cve_hit, search_text)
for match_hit in name_hit:
trommel_output.write(
"Check file version on embedded device - Found %s and it has been associated with %s\n"
% (search_term, match_hit))
#Searches above CVE in Exploit-DB and Metasploit
for cve_hit in cve_field:
edb = exploitdb_result(cve_hit)
msf = metasploit_result(cve_hit)
#Exploit-DB result
if edb is not "null":
url_match = "http://www.exploit-db.com/exploits/\d{1,8}"
urls = re.findall(url_match, edb, re.S)
for url_hit in urls:
trommel_output.write("%s has a known exploit: %s\n" %
(cve_hit, url_hit))
#Metasploit results
if msf is not "null":
msf_fname = "metasploit-framework/modules/.*\.rb"
msf_title = '"title": "(.*)"'
msf_fn_match = re.findall(msf_fname, msf)
msf_title_match = re.findall(msf_title, msf)
for match in msf_fn_match:
for match2 in msf_title_match:
trommel_output.write(
"%s is associated with the following Metasploit Module: %s - %s\n"
% (cve_hit, match2, match))
def text_search(search_term, trommel_vfeed_output):
search_text = Search(search_term).text()
cve_field = re.findall(r'CVE-\d+-\d+', search_text, re.S)
if search_text is not "null":
cve_hit = '"(CVE-\d+-\d+ : .*\.)"'
name_hit = re.findall(cve_hit, search_text)
for match_hit in name_hit:
trommel_vfeed_output.write(
"Found %s and it has been associated with %s\n" %
(search_term, match_hit))
#Searches above CVE in Exploit-DB and Metasploit
for cve_hit in cve_field:
edb = exploitdb_result(cve_hit)
msf = metasploit_result(cve_hit)
snort = snort_result(cve_hit)
nmap = nmap_result(cve_hit)
#Exploit-DB result
if edb is not "null":
url_match = "http://www.exploit-db.com/exploits/\d{1,8}"
urls = re.findall(url_match, edb, re.S)
for url_hit in urls:
trommel_vfeed_output.write("%s has a known exploit: %s\n" %
(cve_hit, url_hit))
#Metasploit results
if msf is not "null":
msf_fname = "metasploit-framework/modules/.*\.rb"
msf_title = '"title": "(.*)"'
msf_fn_match = re.findall(msf_fname, msf)
msf_title_match = re.findall(msf_title, msf)
for match in msf_fn_match:
for match2 in msf_title_match:
trommel_vfeed_output.write(
"%s is associated with the following Metasploit Module: %s - %s\n"
% (cve_hit, match2, match))
#Snort results
if snort is not "null":
snort_sid = 'id": "sid:(.*)'
snort_sid_match = re.findall(snort_sid, snort)
for match in snort_sid_match:
trommel_vfeed_output.write(
"%s is associated with the Snort sid:%s" %
(cve_hit, match))
#Nmap results
if nmap is not "null":
nmap_script = '"file": "(.*)",'
nmap_script_match = re.findall(nmap_script, nmap)
for match in nmap_script_match:
trommel_vfeed_output.write(
"%s is associated with the Nmap script: %s" %
(cve_hit, match))
def cve_search_func(cve_term):
found_cve = Search(cve_term).cve()
return found_cve
cve = "CVE-2011-3402"
print("Metasploit information related to", cve)
metasploit = CveExploit(cve).get_msf()
print(metasploit)
cve = "CVE-2004-0990"
print("Snort information related to", cve)
snort = CveRules(cve).get_snort()
print(snort)
cve = "CVE-2004-0990"
print(ExportJson(cve).json_dump())
cve = "CVE-2004-0990"
print("Search for", cve)
print(Search(cve).cve())
cve = "CVE-2004-1231213233123312313"
print("Search for", cve)
print(Search(cve).cve())
cve = "CVE-AAAA-1_D233123312313"
print("Search for", cve)
print(Search(cve).cve())
cpe = "cpe:/a:invensys:foxboro"
print("Search for", cpe)
print(Search(cpe).cpe())
cpe = "cpe:/a:invensys:AZEAZZEAZEAZEEEAZZA"
print("Search for", cpe)
"--update",
help="Update the Vulnerability and Threat Database",
action="store_true",
required=False)
parser.add_argument("--list",
help="Enumerate the list of available methods",
action="store_true",
required=False)
parser.add_argument("--banner",
help="Print vFeed banner",
action="store_true",
required=False)
args = parser.parse_args()
if args.search:
Search(args.search)
elif args.update:
Update().update()
elif args.banner:
banner()
elif args.stats:
method_name = args.stats[0]
if method_name == "get_stats" or method_name == "get_latest":
result = getattr(Stats(), method_name)
print result()
else:
print "[!] Unknown Method"
elif args.list:
enum_classes("list", "")
elif args.method or args.export:
if args.method:
def process_data(hosts_dict):
global res_dict, host_count
for host, service_list in hosts_dict.iteritems():
for service in service_list:
serv_ver = service[3].split('.')
good_version = '{} {}'.format(service[2], service[3])
vfeed_search = Search(good_version)
vuln_list = vfeed_search.detect_entry()
if not vuln_list:
good_version = '{} {}'.format(service[2], '.'.join(serv_ver[0]+serv_ver[1]))
vfeed_search = Search(good_version)
vuln_list = vfeed_search.detect_entry()
if vuln_list:
if good_version not in res_dict:
res_dict[good_version] = ([],[],[],[]) # CVE, INFO, HOSTS, Exploit PoC
for vuln in vuln_list:
write_vuln = False
vuln_severity_json = CveRisk(vuln[0]).get_severity()
vuln_severity = json.loads(vuln_severity_json)
if len(vuln_severity) != 0:
for data in vuln_severity:
for key, value in data.iteritems():
if key == 'severity' and value in ['Moderate', 'High']:
vuln_severity = value
write_vuln = True
if write_vuln:
if vuln[0] not in res_dict[good_version][0]:
res_dict[good_version][0].append(vuln[0])
host_to_write = '{} ({} {})'.format(host, service[2], service[3])
if host_to_write not in res_dict[good_version][2]:
res_dict[good_version][2].append(host_to_write)
info = CveInfo(vuln[0]).get_cve()
cve_info = json.loads(info)
for vuln_info in cve_info:
for key, value in vuln_info.iteritems():
vuln_summ = '\n'+vuln[0]+': '+value+'\nSeverity: '+vuln_severity
if key == 'summary' and vuln_summ not in res_dict[good_version][1]:
res_dict[good_version][1].append(vuln_summ)
msf = CveExploit(vuln[0]).get_msf()
if len(json.loads(msf)) != 0:
msf_data = json.loads(msf)
for vuln_dict in msf_data:
for key, value in vuln_dict.iteritems():
if key == 'file' and value not in res_dict[good_version][3]:
res_dict[good_version][3].append(value)
edb = CveExploit(vuln[0]).get_edb()
if len(json.loads(edb)) != 0:
edb_data = json.loads(edb)
for vuln_dict in edb_data:
for key, value in vuln_dict.iteritems():
if key == 'url' and value not in res_dict[good_version][3]:
res_dict[good_version][3].append(value)
host_count += 1
return
parser.add_argument("--banner",
help="Print the banner",
action="store_true",
required=False)
parser.add_argument("--migrate",
help="Migration to MongoDB",
action="store_true",
required=False)
args = parser.parse_args()
if args.search:
method = args.search[0]
cve_id = args.search[1]
try:
result = getattr(Search(cve_id), method)
print(result())
except Exception as e:
print("[!] Unknown built-in function:", str(e))
if args.update:
print(
"[+] The vFeed Database must be downloaded from the official repository at https://vfeed.io"
)
print("[+] Once downloaded, decompress it into your API repository.")
if args.banner:
banner()
if args.migrate:
# checking whether the MongoDB server is running
def text_search(search_term, trommel_output):
search_text = Search(search_term).text()
cve_field = re.findall(r'CVE-\d+-\d+', search_text, re.S)
#trommel_output.write("cvefile%s" %(cve_field))
if search_text is not "null":
cve_hit = '"(CVE-\d+-\d+ : .*\.)"'
name_hit = re.findall(cve_hit, search_text)
for match_hit in name_hit:
#trommel_output.write("Check file version on embedded device - Found %s and it has been associated with %s\n" % (search_term, match_hit))
match_hitcve=match_hit.split(':',1)[0]
match_desccve=match_hit.split(':',1)[-1]
trommel_output.write("AAAA%s & %s & %s \n" % (search_term, match_hitcve, match_desccve))
'''
#从关联的漏洞中找Exploit-DB and Metasploit攻击模块
flagAttackM=0
for cve_hit in cve_field:
edb = exploitdb_result(cve_hit)
msf = metasploit_result(cve_hit)
#Exploit-DB result
if edb is not "null":
url_match = "http://www.exploit-db.com/exploits/\d{1,8}"
urls = re.findall(url_match, edb, re.S)
for url_hit in urls:
#trommel_output.write("%s has a known exploit: %s\n" % (cve_hit, url_hit))
trommel_output.write("embedded -Found %s associated: %s:%s\n" % (search_term, match_hitcve, url_hit))
flagAttackM=1
#Metasploit results
if msf is not "null":
msf_fname = "metasploit-framework/modules/.*\.rb"
msf_title = '"title": "(.*)"'
msf_fn_match = re.findall(msf_fname, msf)
msf_title_match = re.findall(msf_title, msf)
for match in msf_fn_match:
for match2 in msf_title_match:
#trommel_output.write("%s is associated Metasploit: %s - %s\n" % (cve_hit, match2, match))
trommel_output.write("embedded -Found %s associated: %s:%s - %s\n" % (search_term, match_hitcve, match2, match))
flagAttackM=1
if flagAttackM==1:
flagAttackM=0
else:
trommel_output.write("embedded -Found %s associated: %s\n" % (search_term, match_hitcve))
'''
#Searches above CVE in Exploit-DB and Metasploit
for cve_hit in cve_field:
edb = exploitdb_result(cve_hit)
msf = metasploit_result(cve_hit)
#Exploit-DB result
if edb is not "null":
url_match = "http://www.exploit-db.com/exploits/\d{1,8}"
urls = re.findall(url_match, edb, re.S)
for url_hit in urls:
#trommel_output.write("%s has a known exploit: %s\n" % (cve_hit, url_hit))
trommel_output.write("%s & %s\n" % (cve_hit, url_hit))
#Metasploit results
if msf is not "null":
msf_fname = "metasploit-framework/modules/.*\.rb"
msf_title = '"title": "(.*)"'
msf_fn_match = re.findall(msf_fname, msf)
msf_title_match = re.findall(msf_title, msf)
for match in msf_fn_match:
for match2 in msf_title_match:
#trommel_output.write("%s is associated with the following Metasploit Module: %s - %s\n" % (cve_hit, match2, match))
trommel_output.write("%s & %s - %s\n" % (cve_hit, match2, match))
def process_data(hosts_dict):
global res_dict, host_count
for host, service_list in hosts_dict.iteritems():
for service in service_list:
serv_ver = service[3].split('.')
vfeed_search = Search('{} {}'.format(service[2], service[3]))
good_version = '{} {}'.format(service[2], service[3])
vuln_list = vfeed_search.detect_entry()
if not vuln_list:
vfeed_search = Search('{} {}'.format(
service[2], '.'.join(serv_ver[0] + serv_ver[1])))
good_version = '{} {}'.format(
service[2], '.'.join(serv_ver[0] + serv_ver[1]))
vuln_list = vfeed_search.detect_entry()
if vuln_list:
if good_version not in res_dict:
res_dict[good_version] = (
[], [], [], []) # CVE, INFO, HOSTS, Exploit PoC
for vuln in vuln_list:
write_vuln = False
vuln_severity_json = CveRisk(vuln[0]).get_severity()
vuln_severity = json.loads(vuln_severity_json)
if len(vuln_severity) != 0:
for data in vuln_severity:
for key, value in data.iteritems():
if key == 'severity' and value in [
'Moderate', 'High'
]:
vuln_severity = value
write_vuln = True
if write_vuln:
if vuln[0] not in res_dict[good_version][0]:
res_dict[good_version][0].append(vuln[0])
host_to_write = '{} ({} {})'.format(
host, service[2], service[3])
if host_to_write not in res_dict[good_version][2]:
res_dict[good_version][2].append(host_to_write)
info = CveInfo(vuln[0]).get_cve()
cve_info = json.loads(info)
for vuln_info in cve_info:
for key, value in vuln_info.iteritems():
vuln_summ = '\n' + vuln[
0] + ': ' + value + '\nSeverity: ' + vuln_severity
if key == 'summary' and vuln_summ not in res_dict[
good_version][1]:
res_dict[good_version][1].append(vuln_summ)
msf = CveExploit(vuln[0]).get_msf()
if len(json.loads(msf)) != 0:
msf_data = json.loads(msf)
for vuln_dict in msf_data:
for key, value in vuln_dict.iteritems():
if key == 'file' and value not in res_dict[
good_version][3]:
res_dict[good_version][3].append(value)
edb = CveExploit(vuln[0]).get_edb()
if len(json.loads(edb)) != 0:
edb_data = json.loads(edb)
for vuln_dict in edb_data:
for key, value in vuln_dict.iteritems():
if key == 'url' and value not in res_dict[
good_version][3]:
res_dict[good_version][3].append(value)
host_count += 1
return
cve = "CVE-2011-3402" print "Metasploit information related to", cve metasploit = CveExploit(cve).get_msf() print metasploit cve = "CVE-2004-0990" print "Snort information related to", cve snort = CveRules(cve).get_snort() print snort from lib.core.search import Search cpe = "cpe:/a:invensys:foxboro" print "Search for", cpe Search(cpe) cwe = "cwe-89" print "Search for", cwe Search(cwe) cve = "CVE-2004-0990" print "Search for", cve Search(cve) oval = "oval:org.mitre.oval:def:17538" print "Search for", oval Search(oval) cve = "CVE-2004-0990" export = ExportJson(cve).json_dump()
def get_cpe(cpe):
return Search(cpe).cpe()
action="store_true",
required=False)
parser.add_argument("--migrate",
help="Migration to MongoDB",
action="store_true",
required=False)
parser.add_argument(
"-t",
"--hsearch",
metavar="id",
type=str,
help="Search High risk vuln for CVE,CPE,CWE, OVAL or free text")
args = parser.parse_args()
if args.search:
Search(args.search, False)
if args.hsearch:
Search(args.hsearch, True)
elif args.update:
Update().update()
elif args.banner:
banner()
elif args.migrate:
Migrate()
elif args.stats:
method_name = args.stats[0]
if method_name == "get_stats" or method_name == "get_latest":
result = getattr(Stats(), method_name)
print result()
else:
print "[!] Unknown Method"
