def get_targets(self): """ callable method - return targets affected by vulnerability""" # init local list response = [] self.cur.execute('SELECT * FROM map_cpe_cve WHERE cve_id=?', self.query) for data in self.cur.fetchall(): # set the CPE identifiers cpe22_id = data[0] cpe23_id = data[1] # set the title self.cur.execute("SELECT title FROM cpe_db where cpe_id = ?", (cpe22_id,)) title = self.cur.fetchone() if title is not None: title = title[0] # format the response targets = {"title": title, "cpe2.2": cpe22_id, "cpe2.3": cpe23_id} response.append(targets) # set the tag response = {"targets": response} return utility.serialize_data(response)
def get_weaknesses(self): """ callable method - return weaknesses affected by vulnerability""" # init local list response = [] self.cur.execute('SELECT * FROM map_cwe_cve WHERE cve_id=?', self.query) for data in self.cur.fetchall(): cwe_id = data[0] self.cur.execute("SELECT title,link,class,relations,capec_id FROM cwe_db WHERE cwe_id='%s' " % cwe_id) cwe_data = self.cur.fetchall() if cwe_data: title = cwe_data[0][0] url = cwe_data[0][1] cwe_class = cwe_data[0][2] relationship = cwe_data[0][3] capec = cwe_data[0][4] # format the response weaknesses = {"id": cwe_id, "parameters": {"class": cwe_class, "title": title, "relationship": relationship, "url": url, "attack_patterns": self.enum_capec(capec), "ranking": {"categorization": self.enum_category(cwe_id), "wasc": self.enum_wasc(cwe_id), "att&ck_mitre": self.enum_attack_mitre(capec)}}} response.append(weaknesses) # set the tag response = {"weaknesses": response} return utility.serialize_data(response)
def search_cve(self): """ basic search CVE identifiers """ self.result = json.loads(Information(self.id).get_info()) if self.result['description'] != []: return utility.serialize_data(self.result)
def get_advisory(self): """ callable method - return bulletins and advisories data """ # init local list response = [] # get the list of available relevant sources self.cur.execute("SELECT source FROM advisory_db GROUP BY source") for source in self.cur.fetchall(): source = source[0].strip() data = self.enum_bulletins(source) # get only responses with valid data. if data: # format the response tag = {source: data} response.append(tag) # load the patches data to be merged patches = json.loads(Preventive(self.id).get_patches(), object_pairs_hook=OrderedDict) # set the response tag response = {"preventive": {"bulletins": response, "patches": patches}} return utility.serialize_data(response)
def get_targets(self): """ callable method - return targets affected by vulnerability""" # init local list targets = [] # count self.cur.execute('SELECT count(cpe_id) FROM map_cpe_cve WHERE cve_id=?', self.query) self.count = self.cur.fetchone() # getting data self.data = self.cur.execute('SELECT * FROM map_cpe_cve WHERE cve_id=?', self.query) self.data = self.cur.fetchall() for i in range(0, self.count[0]): try: # setting target title from CPE database self.cur.execute("SELECT title FROM cpe_db where cpe_id = ?", (self.data[i][0],)) self.title = self.cur.fetchone() if self.title is not None: self.title = self.title[0] response = {"title": self.title, "cpe2.2": self.data[i][0], "cpe2.3": self.data[i][1]} targets.append(response) except: pass # adding the appropriate tag. targets = {"targets": targets} return utility.serialize_data(targets)
def get_patches(self): """ callable method - return patches & fixed packages data """ # init local list response = [] # get the list of available relevant vendors (sources) self.cur.execute("SELECT source FROM patches_db GROUP BY source") for source in self.cur.fetchall(): source = source[0].strip() (data, date_published, description) = self.enum_patches(source) # get only responses with valid data. if data: # format the response tag = { source: { "date_published": date_published, "description": description, "packages": data } } response.append(tag) return utility.serialize_data(response)
def get_targets(self): """ callable method - return targets affected by vulnerability""" # init local list response = [] self.cur.execute( "SELECT configuration FROM map_cpe_cve where cve_id=? GROUP BY configuration order by configuration", self.query) for configs in self.cur.fetchall(): self.cur.execute( '''SELECT * FROM map_cpe_cve WHERE configuration="%s" and cve_id="%s" ''' % (configs[0], self.query[0])) data = self.cur.fetchall() config_id = data[0][0] tag = {"id": config_id, "parameters": self.enum_cpe(data)} response.append(tag) # set tag response = {"targets": response} return utility.serialize_data(response)
def search_cpe(self): """ basic search for CPE identifiers """ if not self.id.startswith("cpe:/") and not self.id.startswith("cpe:2.3:"): response = utility.serialize_error(False, self.id, "Not a valid CPE identifier") return response # check whether is CPE 2.2 or CPE 2.3 if "cpe:2.3" in self.id: col = "cpe23_id" if "cpe:/" in self.id: col = "cpe_id" # query the database self.cur.execute("SELECT cve_id FROM map_cpe_cve WHERE {tn} = ? ORDER BY cve_id DESC".format(tn=col), self.query) data = self.cur.fetchall() if data: # init dict cve = [] for cve_id in data: cve.append(cve_id[0]) # set the response response = {"id": self.id, "vulnerability": cve} return utility.serialize_data(response)
def get_cvss(self): """ callable method - return both CVSS 2 and 3 scores""" cvss_2 = json.loads(self.get_cvss2()) cvss_3 = json.loads(self.get_cvss3()) cvss_2.update(cvss_3) # formatting the response response = {"risk": {"cvss": cvss_2}} return utility.serialize_data(response)
def get_all(self): """ callable method - return both targets and weaknesses affected by vulnerability""" targets = json.loads(self.get_targets(), object_pairs_hook=OrderedDict) weaknesses = json.loads(self.get_weaknesses(), object_pairs_hook=OrderedDict) targets.update(weaknesses) # format the response response = {"classification": targets} return utility.serialize_data(response)
def get_all(self): """ callable method - return both remote and local scanners signatures""" remote = json.loads(self.get_remote(), object_pairs_hook=OrderedDict) local = json.loads(self.get_local(), object_pairs_hook=OrderedDict) remote.update(local) # set the tag response = {"inspection": remote} return utility.serialize_data(response)
def get_all(self): """ callable method - return both remote and local scanners signatures""" advisory = json.loads(Preventive(self.id).get_advisory()) rules = json.loads(Detective(self.id).get_rules()) advisory.update(rules) # formatting the response response = {"defense": advisory} return utility.serialize_data(response)
def get_all(self): """ callable method - return basic and references as json""" info = json.loads(self.get_info()) references = json.loads(self.get_references()) # merge info.update(references) # formatting the response response = {"information": info} return utility.serialize_data(response)
def search_cwe(self): """ basic search CWE identifiers """ # set the CWE as uppercase self.cwe = self.id.upper() # check if valid CWE if not self.cwe.startswith('CWE-'): response = utility.serialize_error(False, self.id, "Not a valid CWE identifier") return response # query the database self.cur.execute( "SELECT title,class,link FROM cwe_db WHERE cwe_id=? ", (self.cwe, )) cwe_data = self.cur.fetchone() if cwe_data: # set the CWE data title = cwe_data[0] cwe_class = cwe_data[1] url = cwe_data[2] # query the database self.cur.execute( "SELECT cve_id from map_cwe_cve where cwe_id=? ORDER BY cve_id DESC", (self.cwe, )) data = self.cur.fetchall() if data: # init dict cve = [] for cve_id in data: cve.append(cve_id[0]) # set the response response = { "id": self.cwe, "parameters": { "title": title, "class": cwe_class, "url": url }, "vulnerability": cve } return utility.serialize_data(response)
def __init__(self, identifier, cursor="", query=""): # init test response = json.loads(utility.init()) if not response["success"]: print(utility.serialize_data(response)) sys.exit() # case CVE lower if "cve" in identifier: identifier = identifier.upper() self.identifier = identifier self.cur = cursor self.query = query self.db = utility.set_db_file()
def get_cvss3(self): """ callable method - return CVSS 3 score""" # init response = {} # getting cvss data self.cur.execute('SELECT * FROM cvss_scores WHERE cve_id=?', self.query) self.datas = self.cur.fetchall() for data in self.datas: # setting cvss3 vectors self.cvss3_base = data[10] self.cvss3_impact = data[11] self.cvss3_exploit = data[12] self.cvss3_vector = data[13] self.cvss3_attack_vector = data[14] self.cvss3_attack_complexity = data[15] self.cvss3_privileges_required = data[16] self.cvss3_user_interaction = data[17] self.cvss3_scope = data[18] self.cvss3_conf_impact = data[19] self.cvss3_int_impact = data[20] self.cvss3_avail_impact = data[21] # formatting the response response = { "vector": self.cvss3_vector, "base_score": self.cvss3_base, "impact_score": self.cvss3_impact, "exploit_score": self.cvss3_exploit, "attack_vector": self.cvss3_attack_vector, "attack_complexity": self.cvss3_attack_complexity, "privileges_required": self.cvss3_privileges_required, "user_interaction": self.cvss3_user_interaction, "score": self.cvss3_scope, "confidentiality_impact": self.cvss3_conf_impact, "integrity_impact": self.cvss3_int_impact, "availability_impact": self.cvss3_avail_impact } # adding the appropriate tag. response = {"cvss3": response} return utility.serialize_data(response)
def get_weaknesses(self): """ callable method - return weaknesses affected by vulnerability""" # init local list weaknesses = [] # count self.cur.execute('SELECT count(cwe_id) FROM map_cwe_cve WHERE cve_id=?', self.query) self.count = self.cur.fetchone() # getting data self.data = self.cur.execute('SELECT * FROM map_cwe_cve WHERE cve_id=?', self.query) self.data = self.cur.fetchall() # extracting CWE/CAPEC/WASC/CATEROGIES for i in range(0, self.count[0]): try: self.cwe_id = self.data[i][0] self.cur.execute( "SELECT title,link,class,relations,capec_id FROM cwe_db WHERE cwe_id='%s' " % self.cwe_id) self.data_2 = self.cur.fetchall() # setting parameters self.title = self.data_2[0][0] self.url = self.data_2[0][1] self.cwe_class = self.data_2[0][2] self.relation = self.data_2[0][3] self.capec = self.data_2[0][4] # formatting the response response = {"id": self.data[i][0], "parameters": {"class": self.cwe_class, "title": self.title, "relationship": self.relation, "url": self.url, "attack_patterns": self.enum_capec(), "ranking": {"category": self.enum_category(), "wasc": self.enum_wasc()}}} weaknesses.append(response) except: pass # adding the appropriate tag. weaknesses = {"weaknesses": weaknesses} return utility.serialize_data(weaknesses)
def get_cvss2(self): """ callable method - return CVSS 2 score""" # init response = {} # getting cvss data self.cur.execute('SELECT * FROM cvss_scores WHERE cve_id=?', self.query) self.datas = self.cur.fetchall() for data in self.datas: # setting cvss2 vectors self.cvss2_base = data[0] self.cvss2_impact = data[1] self.cvss2_exploit = data[2] self.cvss2_vector = data[3] self.cvss2_access_vector = data[4] self.cvss2_access_complexity = data[5] self.cvss2_authentication = data[6] self.cvss2_conf_impact = data[7] self.cvss2_int_impact = data[8] self.cvss2_avail_impact = data[9] # formatting the response response = { "vector": self.cvss2_vector, "base_score": self.cvss2_base, "impact_score": self.cvss2_impact, "exploit_score": self.cvss2_exploit, "access_vector": self.cvss2_access_vector, "access_complexity": self.cvss2_access_complexity, "authentication": self.cvss2_authentication, "confidentiality_impact": self.cvss2_conf_impact, "integrity_impact": self.cvss2_int_impact, "availability_impact": self.cvss2_avail_impact } # adding the appropriate tag. response = {"cvss2": response} return utility.serialize_data(response)
def get_local(self): """ callable method - local scanners signatures """ # init response dict response = [] self.cur.execute( "SELECT source FROM scanners_db WHERE source LIKE '%oval%' and cve_id=? GROUP BY source", self.query) for source in self.cur.fetchall(): source = source[0].strip() data = self.enum_signatures(source) tag = {source: data} response.append(tag) # set the tag response = {"local": response} return utility.serialize_data(response)
def get_advisory(self): """ callable method - return bulletins and advisories data """ # init local list advisory = [] self.cur.execute("SELECT source FROM advisory_db GROUP BY source") for data in self.cur.fetchall(): self.source = data[0].strip() responses = self.enum_bulletins() # get only responses with valid data. Otherwise the json will be huge (a lot of sources :) ) if responses is not None: response = {self.source: responses} advisory.append(response) # adding the appropriate tag. advisory = {"preventive": advisory} return utility.serialize_data(advisory)
def get_rules(self): """ callable method - return IPS and IDS signatures """ # init local list rules = [] self.cur.execute("SELECT source FROM detection_db GROUP BY source") for data in self.cur.fetchall(): self.source = data[0].strip() responses = self.enum_rules() # get only responses with valid data. Otherwise the json will be huge (a lot of sources :) ) if responses is not None: response = {self.source: responses} rules.append(response) # adding the appropriate tag. rules = {"detective": rules} return utility.serialize_data(rules)
def get_references(self): """ callable method - return vulnerability references """ # init local list references = [] self.cur.execute('SELECT * FROM map_refs_cve WHERE cve_id=?', self.query) for data in self.cur.fetchall(): # setting reference info vendor = data[0] url = data[1] # formatting the response response = {"vendor": vendor, "url": url} references.append(response) # adding the appropriate tag. references = {"references": references} return utility.serialize_data(references)
def search_cve(self): """ basic search CVE identifiers """ # set the CVE as uppercase self.id = self.id.upper() # check if valid CVE if not self.id.startswith('CVE-'): response = utility.serialize_error(False, self.id, "Not a valid CVE identifier") return response # load CVE data response = json.loads(Information(self.id).get_info()) exploits = json.loads(Exploitation(self.id).get_exploits()) if response['description'] != []: # new tag added to search whenever an exploits is available if exploits['exploitation'] != []: response.update(exploits) return utility.serialize_data(response)
def get_rules(self): """ callable method - return IPS and IDS signatures """ # init local list response = [] self.cur.execute("SELECT source FROM detection_db GROUP BY source") for source in self.cur.fetchall(): source = source[0].strip() data = self.enum_rules(source) # get only responses with valid data. Otherwise the json will be huge (a lot of sources :) ) if data: tag = {source: data} response.append(tag) # set tag. response = {"detective": response} return utility.serialize_data(response)
def search_cpe(self): """ basic search for CPE identifiers """ if "cpe" not in self.id: response = utility.serialize_error(False, self.id, "Not a valid CPE identifier") return response # check whether is CPE 2.2 or CPE 2.3 if "cpe:2.3" in self.id: col = "cpe23_id" if "cpe:/" in self.id: col = "cpe_id" self.cur.execute( "SELECT count(DISTINCT {tn}) FROM map_cpe_cve WHERE {tn} = ? ORDER BY cve_id DESC" .format(tn=col), self.query) self.count_cpe = self.cur.fetchone() self.cur.execute( "SELECT * FROM map_cpe_cve WHERE {tn} = ? ORDER BY cve_id DESC". format(tn=col), self.query) data = self.cur.fetchall() if data: for i in range(0, self.count_cpe[0]): # init dict cve = [] self.cur.execute( "SELECT cve_id FROM map_cpe_cve WHERE {tn} = ? ORDER BY cve_id DESC" .format(tn=col), self.query) for cve_id in self.cur.fetchall(): cve.append(cve_id[0]) item = {"id": self.id, "vulnerability": cve} self.result.append(item) return utility.serialize_data(self.result)
def get_advisory(self): """ callable method - return bulletins and advisories data """ # init local list response = [] self.cur.execute("SELECT source FROM advisory_db GROUP BY source") for source in self.cur.fetchall(): source = source[0].strip() data = self.enum_bulletins(source) # get only responses with valid data. if data: # format the response tag = {source: data} response.append(tag) # set tag response = {"preventive": response} return utility.serialize_data(response)
def get_packages(self): """ callable method - return affected packages & libraries (vendor, product, version) by vulnerability""" # init local list response = [] self.cur.execute("SELECT vendor FROM packages_db WHERE cve_id=? GROUP BY vendor", self.query) for vendor in self.cur.fetchall(): vendor = vendor[0].strip() data = self.enum_packages(vendor) # get only responses with valid data. if data: # format the response tag = {vendor: data} response.append(tag) # set tag response = {"packages": response} return utility.serialize_data(response)
def get_exploits(self): """ callable method - return exploits and PoC signatures""" # init local list exploits = [] self.cur.execute("SELECT source FROM exploits_db GROUP BY source") self.datas = self.cur.fetchall() for data in self.datas: self.source = data[0].strip() responses = self.enum_exploits() # get only responses with valid data. Othewise the json will be huge (a lot of sources :) ) if responses is not None: response = {self.source: responses} exploits.append(response) # adding the appropriate tag. exploits = {"exploitation": exploits} return utility.serialize_data(exploits)
def get_exploits(self): """ callable method - return exploits and PoC signatures""" # init local list response = [] self.cur.execute("SELECT source FROM exploits_db GROUP BY source") for source in self.cur.fetchall(): source = source[0].strip() data = self.enum_exploits(source) # get only responses with valid data. if data: # format the response tag = {source: data} response.append(tag) # set the tag response = {"exploitation": response} return utility.serialize_data(response)
def get_info(self): """ callable method - return vulnerability basic info as JSON """ # init local list response = [] self.cur.execute('SELECT * FROM cve_db WHERE cve_id=?', self.query) for data in self.cur.fetchall(): # format the response information = { "id": self.id, "parameters": { "published": data[1], "modified": data[2], "summary": data[3] } } response.append(information) # set the tag response = {"description": response} return utility.serialize_data(response)