def cve(cveid):
cveid = cveid.upper()
cvesp = cves.last(rankinglookup=True,
namelookup=True,
vfeedlookup=True,
capeclookup=True,
subscorelookup=True,
misplookup=True)
cve = cvesp.getcve(cveid=cveid)
if cve is None:
return render_template('error.html',
status={
'except': 'cve-not-found',
'info': {
'cve': cveid
}
})
cve = markCPEs(cve)
if current_user.is_authenticated():
db.addSeenCVEs(current_user.get_id(), cveid)
bookmarked = "yes" if cveid in db.bookmarks(
current_user.get_id()) else "no"
else:
bookmarked = None
return render_template('cve.html', cve=cve, bookmarked=bookmarked)
def cve(cveid):
cveid = cveid.upper()
cvesp = cves.last(rankinglookup=True,
namelookup=True,
vfeedlookup=True,
capeclookup=True,
subscorelookup=True)
cve = cvesp.getcve(cveid=cveid)
if cve is None:
return render_template('error.html',
status={
'except': 'cve-not-found',
'info': {
'cve': cveid
}
})
cve = markCPEs(cve)
if current_user.is_authenticated():
l = getSeenCVEs()
if not cveid in l:
col = db.mgmt_seen
col.update({"user": current_user.get_id()},
{"$addToSet": {
"seen_cves": cveid
}})
return render_template('cve.html', cve=cve)
def cve(cveid):
cvesp = cves.last(rankinglookup=True, namelookup=True, vfeedlookup=True, capeclookup=True,subscorelookup=True)
cve = cvesp.getcve(cveid=cveid)
if cve is None:
return page_not_found(404)
cve = markCPEs(cve)
return render_template('cve.html', cve=cve)
def cve(cveid):
cveid = cveid.upper()
cvesp = cves.last(rankinglookup=True, namelookup=True, vfeedlookup=True, capeclookup=True,subscorelookup=True)
cve = cvesp.getcve(cveid=cveid)
if cve is None:
return render_template('error.html',status={'except':'cve-not-found','info':{'cve':cveid}},minimal=True)
return render_template('cve.html', cve=cve, minimal=True)
def cve(cveid):
cveid = cveid.upper()
cvesp = cves.last(rankinglookup=True, namelookup=True, vfeedlookup=True, capeclookup=True,subscorelookup=True)
cve = cvesp.getcve(cveid=cveid)
if cve is None:
return render_template('error.html',status={'except':'cve-not-found','info':{'cve':cveid}},minimal=True)
return render_template('cve.html', cve=cve, minimal=True)
def _enhance(self, scan):
cvesp = cves.last(rankinglookup=False,
namelookup=False,
vfeedlookup=True,
capeclookup=False)
for system in scan['systems']:
cpe = system['cpes'] if 'cpes' in system else None
if cpe:
cpes = []
for c in cpe:
c = c.lower()
cpes.append({
'cpe':
c,
'cves': [
cvesp.getcve(x['id'])
for x in db.cvesForCPE(toStringFormattedCPE(c))
]
})
system['cpes'] = cpes
for service in system['services']:
if 'cpe' in service:
service['cves'] = db.cvesForCPE(service['cpe'])
scan['enhanced'] = {"time": int(datetime.now().strftime('%s'))}
return scan
def apiCVEFor(cpe):
cpe=urllib.parse.unquote_plus(cpe)
cpe=toStringFormattedCPE(cpe)
r = []
cvesp = cves.last(rankinglookup=False, namelookup=False, vfeedlookup=True, capeclookup=False)
for x in db.cvesForCPE(cpe):
r.append(cvesp.getcve(x['id']))
return json.dumps(r)
def apiCVEFor(cpe):
cpe=urllib.parse.unquote_plus(cpe)
cpe=toStringFormattedCPE(cpe)
r = []
cvesp = cves.last(rankinglookup=False, namelookup=False, vfeedlookup=True, capeclookup=False)
for x in dbLayer.cvesForCPE(cpe):
r.append(cvesp.getcve(x['id']))
return json.dumps(r)
def api_cve(self, cveid):
cvesp = cves.last(rankinglookup=True,
namelookup=True,
via4lookup=True,
capeclookup=True)
cve = cvesp.getcve(cveid=cveid.upper())
if cve is None: cve = {}
return cve
def api_last(self, limit=None):
limit = limit if limit else 30
cvesp = cves.last(rankinglookup=True,
namelookup=True,
via4lookup=True,
capeclookup=True)
cve = cvesp.get(limit=limit)
return cve
def apilast():
limit = 30
cvesp = cves.last(rankinglookup=True,
namelookup=True,
vfeedlookup=True,
capeclookup=True)
cve = cvesp.get(limit=limit)
return (jsonify({"results": cve}))
def api_cve(self, cveid):
cvesp = cves.last(rankinglookup=True,
namelookup=True,
via4lookup=True,
capeclookup=True)
cve = cvesp.getcve(cveid=cveid.upper())
if not cve: raise (APIError('cve not found', 404))
return cve
def cvesForCPE(cpe):
cpe = tk.toStringFormattedCPE(cpe)
data = []
if cpe:
cvesp = cves.last(rankinglookup=False, namelookup=False, via4lookup=True, capeclookup=False)
for x in db.cvesForCPE(cpe):
data.append(cvesp.getcve(x['id']))
return data
def cvesForCPE(cpe):
cpe = tk.toStringFormattedCPE(cpe)
data = []
if cpe:
cvesp = cves.last(rankinglookup=False, namelookup=False, via4lookup=True, capeclookup=False)
for x in db.cvesForCPE(cpe):
data.append(cvesp.getcve(x['id']))
return cves
def bookmarked():
cvesp = cves.last(rankinglookup=True,
namelookup=True,
vfeedlookup=True,
capeclookup=True,
subscorelookup=True)
cve = [cvesp.getcve(cveid=x) for x in db.bookmarks(current_user.get_id())]
return render_template('bookmarked.html', cve=cve)
def apiCVE(cveid):
cvesp = cves.last(rankinglookup=True,
namelookup=True,
vfeedlookup=True,
capeclookup=True)
cve = cvesp.getcve(cveid=cveid)
if cve is None:
cve = {}
return (jsonify(cve))
def apiCVEFor(cpe):
cpe=urllib.parse.unquote_plus(cpe)
cpe=toStringFormattedCPE(cpe)
if not cpe: cpe='None'
r = []
cvesp = cves.last(rankinglookup=False, namelookup=False, reflookup=True, capeclookup=False)
for x in dbLayer.cvesForCPE(cpe):
r.append(cvesp.getcve(x['id']))
return json.dumps(r, default=json_util.default)
def cve(cveid):
cveid = cveid.upper()
cvesp = cves.last(rankinglookup=True, namelookup=True, vfeedlookup=True, capeclookup=True,subscorelookup=True)
cve = cvesp.getcve(cveid=cveid)
if cve is None:
return render_template('error.html',status={'except':'cve-not-found','info':{'cve':cveid}})
cve = markCPEs(cve)
if current_user.is_authenticated():
dbLayer.addSeenCVEs(current_user.get_id(), cveid)
return render_template('cve.html', cve=cve)
def cve(cveid):
cvesp = cves.last(rankinglookup=True,
namelookup=True,
vfeedlookup=True,
capeclookup=True,
subscorelookup=True)
cve = cvesp.getcve(cveid=cveid)
if cve is None:
return page_not_found(404)
return render_template('cve-minimal.html', cve=cve)
def apiCVEFor(cpe):
col = db['cves']
cpe=urllib.parse.unquote_plus(cpe)
cpe=toStringFormattedCPE(cpe)
if not cpe: cpe='None'
vulns = col.find({"vulnerable_configuration": {'$regex': cpe}}).sort("Modified", -1)
r = []
cvesp = cves.last(rankinglookup=False, namelookup=False, vfeedlookup=True, capeclookup=False)
for x in vulns:
r.append(cvesp.getcve(x['id']))
return json.dumps(r)
def cve(cveid):
cveid = cveid.upper()
cvesp = cves.last(rankinglookup=True, namelookup=True, vfeedlookup=True, capeclookup=True,subscorelookup=True)
cve = cvesp.getcve(cveid=cveid)
if cve is None:
return render_template('error.html',status={'except':'cve-not-found','info':{'cve':cveid}})
cve = markCPEs(cve)
plugManager.onCVEOpen(cveid, current_user=current_user)
pluginData = plugManager.cvePluginInfo(cveid, current_user=current_user)
return render_template('cve.html', cve=cve, plugins=pluginData)
def summarycvesForCPE(cpe):
cpe = tk.toStringFormattedCPE(cpe)
data = []
if cpe:
cvesp = cves.last(rankinglookup=False,
namelookup=False,
via4lookup=True,
capeclookup=False)
r = db.summarycvesForCPE(cpe)
data = r['results']
return data
def getPage(self, **args):
cvesp = cves.last(rankinglookup=True,
namelookup=True,
vfeedlookup=True,
capeclookup=True,
subscorelookup=True)
data = db.p_queryOne(self.collectionName,
{"user": args["current_user"].get_id()})
bookmarks = data.get("bookmarks", []) if data else []
cve = [cvesp.getcve(cveid=x) for x in bookmarks]
page = "bookmarks.html"
return (page, {"cve": cve})
def cvesForCPE(cpe):
cpe = tk.toStringFormattedCPE(cpe)
data = []
if cpe:
cvesp = cves.last(rankinglookup=False,
namelookup=False,
via4lookup=True,
capeclookup=False)
r = db.cvesForCPE(cpe)
for x in r["results"]:
data.append(cvesp.getcve(x["id"]))
return data
def cve(cveid):
cveid = cveid.upper()
cvesp = cves.last(rankinglookup=True, namelookup=True, vfeedlookup=True, capeclookup=True, subscorelookup=True)
cve = cvesp.getcve(cveid=cveid)
if cve is None:
return render_template("error.html", status={"except": "cve-not-found", "info": {"cve": cveid}})
cve = markCPEs(cve)
if current_user.is_authenticated():
db.addSeenCVEs(current_user.get_id(), cveid)
bookmarked = "yes" if cveid in db.bookmarks(current_user.get_id()) else "no"
else:
bookmarked = None
return render_template("cve.html", cve=cve, bookmarked=bookmarked)
def cve(cveid):
cveid = cveid.upper()
cvesp = cves.last(rankinglookup=True, namelookup=True, vfeedlookup=True, capeclookup=True,subscorelookup=True)
cve = cvesp.getcve(cveid=cveid)
if cve is None:
return render_template('error.html',status={'except':'cve-not-found','info':{'cve':cveid}})
cve = markCPEs(cve)
if current_user.is_authenticated():
l = getSeenCVEs()
if not cveid in l:
col=db.mgmt_seen
col.update({"user":current_user.get_id()},{"$addToSet":{"seen_cves":cveid}})
return render_template('cve.html', cve=cve)
def api_last_time(self, time_type='hour', time=1):
time_types = ['hour', 'minute']
if time_type not in time_types:
return """{"error": "invalid type"}""", 400
cvesp = cves.last(rankinglookup=True,
namelookup=True,
via4lookup=True,
capeclookup=True,
sort_time=True,
time_type=time_type,
time=time)
cve = cvesp.get()
return cve
def _enhance(self, scan):
cvesp = cves.last(rankinglookup=False, namelookup=False, via4lookup=True, capeclookup=False)
for system in scan['systems']:
cpe=system['cpes'] if 'cpes' in system else None
if cpe:
cpes=[]
for c in cpe:
c=c.lower()
cpes.append({'cpe':c, 'cves':[cvesp.getcve(x['id'])
for x in db.cvesForCPE(toStringFormattedCPE(c))]})
system['cpes']=cpes
for service in system['services']:
if 'cpe' in service:
service['cves']=db.cvesForCPE(service['cpe'])
scan['enhanced']={"time": int(datetime.now().strftime('%s'))}
return scan
def apiCVEFor(cpe):
col = db['cves']
cpe = urllib.parse.unquote_plus(cpe)
cpe = toStringFormattedCPE(cpe)
if not cpe: cpe = 'None'
vulns = col.find({
"vulnerable_configuration": {
'$regex': cpe
}
}).sort("Modified", -1)
r = []
cvesp = cves.last(rankinglookup=False,
namelookup=False,
vfeedlookup=True,
capeclookup=False)
for x in vulns:
r.append(cvesp.getcve(x['id']))
return json.dumps(r)
def cve(self, cveid):
cveid = cveid.upper()
cvesp = cves.last(
rankinglookup=True,
namelookup=True,
via4lookup=True,
capeclookup=True,
subscorelookup=True,
)
cve = cvesp.getcve(cveid=cveid)
if cve is None:
return render_template("error.html",
status={
"except": "cve-not-found",
"info": {
"cve": cveid
}
})
cve = self.markCPEs(cve)
self.plugManager.onCVEOpen(cveid, **self.pluginArgs)
pluginData = self.plugManager.cvePluginInfo(cveid, **self.pluginArgs)
return render_template("cve.html", cve=cve, plugins=pluginData)
args = argParser.parse_args()
vSearch = args.p
relaxSearch = args.lax
cveSearch = [x.upper() for x in args.c] if args.c else None
vOutput = args.o
vFreeSearch = args.f
sLatest = args.l
namelookup = args.n
rankinglookup = args.r
capeclookup = args.a
last_ndays = args.t
summary_text= args.s
nlimit =args.i
cves = CVEs.last(rankinglookup=rankinglookup, namelookup=namelookup, capeclookup=capeclookup)
# replace special characters in vSearch with encoded version.
# Basically cuz I'm to lazy to handle conversion on DB creation ...
if vSearch:
vSearch = re.sub(r'\(', '%28', vSearch)
vSearch = re.sub(r'\)', '%29', vSearch)
# define which output to generate.
if vOutput == "csv":
csvOutput = 1
elif vOutput == "html":
htmlOutput = 1
elif vOutput == "xml":
xmlOutput = 1
from xml.etree.ElementTree import Element, SubElement, tostring
argParser.add_argument('-f', action='store_true', help='output matching CVE(s) in JSON')
argParser.add_argument('-m', type=int, default=False, help='most frequent terms in CVE description (m is top-m values)')
argParser.add_argument('-l', action='store_true', default=False, help='dump all terms encountered in CVE description')
argParser.add_argument('-g', action='store_true', default=False, help='graph of most frequent terms with each matching CVE (JSON output)')
argParser.add_argument('-s', action='store_true', default=False, help='enable stemming on graph JSON output (default is False)')
argParser.add_argument('-n', action='store_true', help='lookup complete cpe (Common Platform Enumeration) name for vulnerable configuration')
argParser.add_argument('-r', action='store_true', help='lookup ranking of vulnerable configuration')
args = argParser.parse_args()
if not args.q and not args.l and not args.g and not args.m:
argParser.print_help()
exit(1)
if args.f or args.t:
from lib import CVEs
cves = CVEs.last(rankinglookup=args.r, namelookup=args.n)
if args.q:
with ix.searcher() as searcher:
query = QueryParser("content", ix.schema).parse(" ".join(args.q))
results = searcher.search(query, limit=None)
for x in results:
if not args.f:
print (x['path'])
else:
print(json.dumps(cves.getcve(x['path']), sort_keys=True, default=json_util.default))
if args.t and not args.f:
print (" -- " + x['title'])
elif args.m:
xr = ix.searcher().reader()
for x in xr.most_frequent_terms("content", number=args.m):
import argparse
import json
from bson import json_util
import lib.CVEs as cves
import lib.DatabaseLayer as db
argParser = argparse.ArgumentParser(description='Dump database in JSON format')
argParser.add_argument('-r', default=False, action='store_true', help='Include ranking value')
argParser.add_argument('-v', default=False, action='store_true', help='Include via4 map')
argParser.add_argument('-c', default=False, action='store_true', help='Include CAPEC information')
argParser.add_argument('-l', default=False, type=int, help='Limit output to n elements (default: unlimited)')
args = argParser.parse_args()
rankinglookup = args.r
via4lookup = args.v
capeclookup = args.c
l = cves.last(rankinglookup=rankinglookup, via4lookup=via4lookup, capeclookup=capeclookup)
for cveid in db.getCVEIDs(limit=args.l):
item = l.getcve(cveid=cveid)
if 'cvss' in item:
if type(item['cvss']) == str:
item['cvss'] = float(item['cvss'])
date_fields = ['cvss-time', 'Modified', 'Published']
for field in date_fields:
if field in item:
item[field] = str(item[field])
print(json.dumps(item, sort_keys=True, default=json_util.default))
def api_cve(self, cveid):
cvesp = cves.last(rankinglookup=True, namelookup=True, via4lookup=True, capeclookup=True)
cve = cvesp.getcve(cveid=cveid.upper())
if not cve: raise(APIError('cve not found', 404))
return cve
def search_func(args, output=sys.__stdout__):
"Implement main cve-search function."
# set output pipe
# output is set back to sys.__stdout__ at the end of
# the function
sys.stdout = output
# init control variables
csvOutput = 0
htmlOutput = 0
jsonOutput = 0
xmlOutput = 0
last_ndays = 0
nlimit = 0
# init various variables :-)
vSearch = ""
vOutput = ""
vFreeSearch = ""
summary_text = ""
vSearch = args["p"]
cveSearch = [x.upper() for x in args["c"]] if args["c"] else None
vOutput = args["o"]
vFreeSearch = args["f"]
sLatest = args["l"]
namelookup = args["n"]
rankinglookup = args["r"]
capeclookup = args["a"]
last_ndays = args["t"]
summary_text = args["s"]
nlimit = args["i"]
cves = CVEs.last(rankinglookup=rankinglookup,
namelookup=namelookup,
capeclookup=capeclookup)
# replace special characters in vSearch with encoded version.
# Basically cuz I'm to lazy to handle conversion on DB creation ...
if vSearch:
vSearch = re.sub(r"\(", "%28", vSearch)
vSearch = re.sub(r"\)", "%29", vSearch)
# define which output to generate.
if vOutput == "csv":
csvOutput = 1
elif vOutput == "html":
htmlOutput = 1
elif vOutput == "xml":
xmlOutput = 1
r = Element("cve-search")
elif vOutput == "json":
jsonOutput = 1
elif vOutput == "cveid":
cveidOutput = 1
else:
cveidOutput = False
# Print first line of html output
if htmlOutput and args["p"] is not None:
print("<html><body><h1>CVE search " + args["p"] + " </h1>")
elif htmlOutput and args["c"] is not None:
print("<html><body><h1>CVE-ID " + str(args["c"]) + " </h1>")
# search default is ascending mode
sorttype = 1
if sLatest:
sorttype = -1
if cveSearch:
results = db.getCVEs(cves=cveSearch)
for index, item in enumerate(results):
if csvOutput:
printCVE_csv(item, namelookup, rankinglookup, cves)
elif htmlOutput:
printCVE_html(item, rankinglookup, cves)
# bson straight from the MongoDB db - converted to JSON default
# representation
elif jsonOutput:
printCVE_json(item, namelookup, rankinglookup, capeclookup,
cves)
if index != len(results) - 1:
print(",", end="")
elif xmlOutput:
printCVE_xml(item, rankinglookup, cves, r)
elif cveidOutput:
printCVE_id(item)
else:
printCVE_human(item, namelookup, rankinglookup, cves)
if htmlOutput:
print("</body></html>")
sys.stdout = sys.__stdout__
return 1
# Basic freetext search (in vulnerability summary).
# Full-text indexing is more efficient to search across all CVEs.
if vFreeSearch:
try:
results = db.getFreeText(vFreeSearch)
for index, item in enumerate(results):
if jsonOutput:
printCVE_json(item,
namelookup,
rankinglookup,
capeclookup,
cves,
indent=2)
if index != len(results) - 1:
print(",", end="")
else:
printCVE_human(item, namelookup, rankinglookup, cves)
except:
sys.exit("Free text search not enabled on the database!")
sys.stdout = sys.__stdout__
return 1
# Search Product (best to use CPE notation, e.g. cisco:ios:12.2
if vSearch:
results = db.cvesForCPE(vSearch)
for index, item in enumerate(results):
if not last_ndays:
if csvOutput:
printCVE_csv(item, namelookup, rankinglookup, cves)
elif htmlOutput:
printCVE_html(item, rankinglookup, cves)
# bson straight from the MongoDB db - converted to JSON default
# representation
elif jsonOutput:
printCVE_json(item, namelookup, rankinglookup, capeclookup,
cves)
if index != len(results) - 1:
print(",", end="")
elif xmlOutput:
printCVE_xml(item, rankinglookup, cves, r)
elif cveidOutput:
printCVE_id(item)
else:
printCVE_human(item, namelookup, rankinglookup, cves)
else:
date_n_days_ago = datetime.now() - timedelta(days=last_ndays)
if item["Published"] > date_n_days_ago:
if csvOutput:
printCVE_csv(item, namelookup, rankinglookup, cves)
elif htmlOutput:
printCVE_html(item, rankinglookup, cves)
# bson straight from the MongoDB db - converted to JSON default
# representation
elif jsonOutput:
printCVE_json(item, namelookup, rankinglookup,
capeclookup, cves)
elif xmlOutput:
printCVE_xml(item, rankinglookup, cves, r)
elif cveidOutput:
printCVE_id(item)
else:
printCVE_human(item, namelookup, rankinglookup, cves)
if htmlOutput:
print("</body></html>")
sys.stdout = sys.__stdout__
return 1
# Search text in summary
if summary_text:
import lib.CVEs as cves
l = cves.last(rankinglookup=rankinglookup,
namelookup=namelookup,
capeclookup=capeclookup)
for cveid in db.getCVEIDs(limit=nlimit):
item = l.getcve(cveid=cveid)
if "cvss" in item:
if type(item["cvss"]) == str:
item["cvss"] = float(item["cvss"])
date_fields = ["cvss-time", "Modified", "Published"]
for field in date_fields:
if field in item:
item[field] = str(item[field])
if summary_text.upper() in item["summary"].upper():
if not last_ndays:
if vOutput:
printCVE_id(item)
else:
print(
json.dumps(item,
sort_keys=True,
default=json_util.default))
else:
date_n_days_ago = datetime.now() - timedelta(
days=last_ndays)
# print(item['Published'])
# print(type (item['Published']))
# print("Last n day " +str(last_ndays))
try:
if (datetime.strptime(item["Published"],
"%Y-%m-%d %H:%M:%S.%f") >
date_n_days_ago):
if vOutput:
printCVE_id(item)
else:
print(
json.dumps(item,
sort_keys=True,
default=json_util.default))
except:
pass
if htmlOutput:
print("</body></html>")
sys.stdout = sys.__stdout__
return 1
if xmlOutput:
# default encoding is UTF-8. Should this be detected on the terminal?
s = tostring(r).decode("utf-8")
print(s)
sys.stdout = sys.__stdout__
return 1
else:
sys.stdout = sys.__stdout__
return 0
sys.stdout = sys.__stdout__
return 1
args = argParser.parse_args()
vSearch = args.p
cveSearch = [x.upper() for x in args.c] if args.c else None
vOutput = args.o
vFreeSearch = args.f
sLatest = args.l
namelookup = args.n
rankinglookup = args.r
capeclookup = args.a
last_ndays = args.t
summary_text = args.s
nlimit = args.i
cves = CVEs.last(rankinglookup=rankinglookup,
namelookup=namelookup,
capeclookup=capeclookup)
# replace special characters in vSearch with encoded version.
# Basically cuz I'm to lazy to handle conversion on DB creation ...
if vSearch:
vSearch = re.sub(r'\(', '%28', vSearch)
vSearch = re.sub(r'\)', '%29', vSearch)
# define which output to generate.
if vOutput == "csv":
csvOutput = 1
elif vOutput == "html":
htmlOutput = 1
elif vOutput == "xml":
xmlOutput = 1
def api_cve(self, cveid):
cvesp = cves.last(rankinglookup=True, namelookup=True, via4lookup=True, capeclookup=True)
cve = cvesp.getcve(cveid=cveid.upper())
if cve is None: cve = {}
return cve
action='store_true',
default=False,
help='Verbose logging')
argParser.add_argument('-l',
default=None,
help='Number of last entries to index')
argParser.add_argument(
'-n',
action='store_true',
default=False,
help=
'lookup complete cpe (Common Platform Enumeration) name for vulnerable configuration to add in the index'
)
args = argParser.parse_args()
c = cves.last(namelookup=args.n)
indexpath = Configuration.getIndexdir()
from whoosh.index import create_in, exists_in, open_dir
from whoosh.fields import Schema, TEXT, ID
schema = Schema(title=TEXT(stored=True),
path=ID(stored=True, unique=True),
content=TEXT)
if not os.path.exists(indexpath):
os.mkdir(indexpath)
if not exists_in(indexpath):
ix = create_in(indexpath, schema)
action='store_true',
help='Include vfeed map') # TODO change
argParser.add_argument('-c',
default=False,
action='store_true',
help='Include CAPEC information')
argParser.add_argument('-l',
default=False,
type=int,
help='Limit output to n elements (default: unlimited)')
args = argParser.parse_args()
rankinglookup = args.r
reflookup = args.v
capeclookup = args.c
l = cves.last(rankinglookup=rankinglookup,
reflookup=reflookup,
capeclookup=capeclookup)
for cveid in db.getCVEIDs(limit=args.l):
item = l.getcve(cveid=cveid)
if 'cvss' in item:
if type(item['cvss']) == str:
item['cvss'] = float(item['cvss'])
date_fields = ['cvss-time', 'Modified', 'Published']
for field in date_fields:
if field in item:
item[field] = str(item[field])
print(json.dumps(item, sort_keys=True, default=json_util.default))
argParser = argparse.ArgumentParser(description='Dump last CVE entries in RSS/Atom format or in HTML tables')
argParser.add_argument('-f', type=str, help='Output format (rss1,rss2,atom,html)', default='rss1')
argParser.add_argument('-l', type=int, help='Last n items (default:10)', default=10)
argParser.add_argument('-n', action='store_false', help='Disable lookup CPE name (default is True)')
argParser.add_argument('-r', action='store_true', help='Enable CVE ranking (default is False) and only print entries with ranking')
argParser.add_argument('-c', default=False, action='store_true', help='Display CAPEC values')
args = argParser.parse_args()
if args.l:
last = args.l
else:
last = 10
ref = "http://adulau.github.com/cve-search/"
cvelist = cves.last(rankinglookup=args.r, namelookup=args.n, capeclookup=args.c)
if not(args.f == "html"):
from feedformatter import Feed
feed = Feed()
feed.feed['title'] = "cve-search Last " + str(last) + " CVE entries generated on " + str(datetime.datetime.now())
feed.feed['link'] = "http://adulau.github.com/cve-search/"
feed.feed['author'] = "Generated with cve-search available at http://adulau.github.com/cve-search/"
feed.feed['description'] = ""
else:
print ("<html><head>")
print ("<style>.cve table { border-collapse: collapse; text-align: left; width: 100%; } .cve {font: normal 12px/150% Geneva, Arial, Helvetica, sans-serif; background: #fff; overflow: hidden; border: 1px solid #006699; -webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; }.cve table td, .cve table th { padding: 3px 10px; }.cve table tbody td { color: #00496B; border-left: 1px solid #E1EEF4;font-size: 12px;font-weight: normal; }.cve table tbody .alt td { background: #E1EEF4; color: #00496B; }.cve table tbody td:first-child { border-left: none; }.cve table tbody tr:last-child td { border-bottom: none; }.cve table tfoot td div { border-top: 1px solid #006699;background: #E1EEF4;} .cve table tfoot td { padding: 0; font-size: 12px } .cve table tfoot td div{ padding: 0px; }</style>")
print ("<title>Last " + str(args.l) + " CVE entries</title>")
print ("</head><body>")
for x in cvelist.get(limit=last):
def apiCVE(cveid):
cvesp = cves.last(rankinglookup=True, namelookup=True, vfeedlookup=True, capeclookup=True)
cve = cvesp.getcve(cveid=cveid)
if cve is None:
cve = {}
return (jsonify(cve))
argParser.add_argument('-c', type=str, help='Access complexity')
argParser.add_argument('-l', default=False, action='store_true', help='Print fix-related links')
args = argParser.parse_args()
cvss_lower_bound = args.s if args.s else 0.0
product = args.p
keyword = args.k if args.k else '.*'
start_year = args.b if args.b else 1997
end_year = args.e if args.e else 2050
start_year = date_parser.parse(str(start_year) + '-01-01').isoformat()
end_year = date_parser.parse(str(end_year+1) + '-01-01').isoformat()
cves = CVEs.last(rankinglookup='', namelookup='', capeclookup='')
printer = CVEFilePrinter(cves=cves, rankinglookup='', namelookup='', capeclookup='')
if args.p:
if args.d:
# print_distinct_cves_to_excel(product, keyword, cvss_lower_bound)
dump_fixes(product, keyword)
elif args.y:
print_cve_counts_by_year_to_excel(product, keyword, cvss_lower_bound)
elif args.m:
access_complexity = args.c if args.c != None else ".*"
print_cve_counts_by_month_to_excel(product, keyword, cvss_lower_bound, access_complexity)
elif args.t:
(total, hits) = query.count_keywords(product_pattern=args.p, cvss_lower_bound=cvss_lower_bound, start_year=start_year, end_year=end_year)
print_summary(total, hits)
elif args.l:
runPath = os.path.dirname(os.path.realpath(__file__))
sys.path.append(os.path.join(runPath, ".."))
import argparse
import json
from bson import json_util
import lib.CVEs as cves
import lib.DatabaseLayer as db
from lib.Config import Configuration
argParser = argparse.ArgumentParser(description='Dump database in JSON format')
argParser.add_argument('-r', default=False, action='store_true', help='Include ranking value')
argParser.add_argument('-v', default=False, action='store_true', help='Include vfeed map')
argParser.add_argument('-c', default=False, action='store_true', help='Include CAPEC information')
argParser.add_argument('-l', default=False, type=int, help='Limit output to n elements (default: unlimited)')
args = argParser.parse_args()
rankinglookup = args.r
vfeedlookup = args.v
capeclookup = args.c
l = cves.last(rankinglookup=rankinglookup, vfeedlookup=vfeedlookup, capeclookup=capeclookup)
for cveid in db.getCVEIDs(limit=args.l):
item = l.getcve(cveid=cveid)
if 'cvss' in item:
if type(item['cvss']) == str:
item['cvss'] = float(item['cvss'])
print (json.dumps(item, sort_keys=True, default=json_util.default))
def apilast():
limit = 30
cvesp = cves.last(rankinglookup=True, namelookup=True, vfeedlookup=True, capeclookup=True)
cve = cvesp.get(limit=limit)
return (jsonify({"results": cve} ))
def view_cve_slack(self, cve=None):
cveid = request.form.get('text')
self.status_code = 200
cvesp = cves.last(rankinglookup=True, namelookup=True, via4lookup=True, capeclookup=True)
cve = cvesp.getcve(cveid=cveid.upper())
return cve
action='store_true',
help=
'lookup complete cpe (Common Platform Enumeration) name for vulnerable configuration'
)
argParser.add_argument('-r',
action='store_true',
help='lookup ranking of vulnerable configuration')
args = argParser.parse_args()
if not args.q and not args.l and not args.g and not args.m:
argParser.print_help()
exit(1)
if args.f or args.t:
from lib import CVEs
cves = CVEs.last(rankinglookup=args.r, namelookup=args.n)
if args.q:
with ix.searcher() as searcher:
if not args.o:
query = QueryParser("content", ix.schema).parse(" ".join(args.q))
else:
query = QueryParser("content",
schema=ix.schema,
group=qparser.OrGroup).parse(" ".join(args.q))
results = searcher.search(query, limit=None)
for x in results:
if not args.f:
print(x['path'])
else:
def api_last(self, limit=None): limit = limit if limit else 30 cvesp = cves.last(rankinglookup=True, namelookup=True, via4lookup=True, capeclookup=True) cve = cvesp.get(limit=limit) return cve
action='store_true',
help='Include via4 map')
argParser.add_argument('-c',
default=False,
action='store_true',
help='Include CAPEC information')
argParser.add_argument('-l',
default=False,
type=int,
help='Limit output to n elements (default: unlimited)')
args = argParser.parse_args()
rankinglookup = args.r
via4lookup = args.v
capeclookup = args.c
l = cves.last(rankinglookup=rankinglookup,
via4lookup=via4lookup,
capeclookup=capeclookup)
for cveid in db.getCVEIDs(limit=args.l):
item = l.getcve(cveid=cveid)
if 'cvss' in item:
if type(item['cvss']) == str:
item['cvss'] = float(item['cvss'])
date_fields = ['cvss-time', 'Modified', 'Published']
for field in date_fields:
if field in item:
item[field] = str(item[field])
print(json.dumps(item, sort_keys=True, default=json_util.default))
sys.path.append(os.path.join(runPath, ".."))
import argparse
from lib.Config import Configuration
from lib.ProgressBar import progressbar
import lib.CVEs as cves
import lib.DatabaseLayer as db
argParser = argparse.ArgumentParser(description='Fulltext indexer for the MongoDB CVE collection')
argParser.add_argument('-v', action='store_true', default=False, help='Verbose logging')
argParser.add_argument('-l', default=5, help='Number of last entries to index (Default: 5) - 0 to index all documents')
argParser.add_argument('-n', action='store_true', default=False, help='lookup complete cpe (Common Platform Enumeration) name for vulnerable configuration to add in the index')
args = argParser.parse_args()
c = cves.last(namelookup=args.n)
indexpath = Configuration.getIndexdir()
from whoosh.index import create_in, exists_in, open_dir
from whoosh.fields import Schema, TEXT, ID
schema = Schema(title=TEXT(stored=True), path=ID(stored=True, unique=True), content=TEXT)
if not os.path.exists(indexpath):
os.mkdir(indexpath)
if not exists_in(indexpath):
ix = create_in(indexpath, schema)
else:
ix = open_dir(indexpath)
action='store_true',
help='Include vfeed map')
argParser.add_argument('-c',
default=False,
action='store_true',
help='Include CAPEC information')
argParser.add_argument('-l',
default=False,
type=int,
help='Limit output to n elements (default: unlimited)')
args = argParser.parse_args()
rankinglookup = args.r
vfeedlookup = args.v
capeclookup = args.c
l = cves.last(rankinglookup=rankinglookup,
vfeedlookup=vfeedlookup,
capeclookup=capeclookup)
for cveid in db.getCVEIDs(limit=args.l):
item = l.getcve(cveid=cveid)
if 'cvss' in item:
if type(item['cvss']) == str:
item['cvss'] = float(item['cvss'])
date_fields = ['cvss-time', 'Modified', 'Published']
for field in date_fields:
if field in item:
item[field] = str(item[field])
print(json.dumps(item, sort_keys=True, default=json_util.default))
def bookmarked():
cvesp = cves.last(rankinglookup=True, namelookup=True, vfeedlookup=True, capeclookup=True,subscorelookup=True)
cve=[cvesp.getcve(cveid=x) for x in dbLayer.bookmarks(current_user.get_id())]
return render_template('bookmarked.html', cve=cve)
import argparse
import json
from bson import json_util
import lib.CVEs as cves
import lib.DatabaseLayer as db
argParser = argparse.ArgumentParser(description='Dump database in JSON format')
argParser.add_argument('-r', default=False, action='store_true', help='Include ranking value')
argParser.add_argument('-v', default=False, action='store_true', help='Include vfeed map') # TODO change
argParser.add_argument('-c', default=False, action='store_true', help='Include CAPEC information')
argParser.add_argument('-l', default=False, type=int, help='Limit output to n elements (default: unlimited)')
args = argParser.parse_args()
rankinglookup = args.r
reflookup = args.v
capeclookup = args.c
l = cves.last(rankinglookup=rankinglookup, reflookup=reflookup, capeclookup=capeclookup)
for cveid in db.getCVEIDs(limit=args.l):
item = l.getcve(cveid=cveid)
if 'cvss' in item:
if type(item['cvss']) == str:
item['cvss'] = float(item['cvss'])
date_fields = ['cvss-time', 'Modified', 'Published']
for field in date_fields:
if field in item:
item[field] = str(item[field])
print(json.dumps(item, sort_keys=True, default=json_util.default))
