def main(parsed_args): if parsed_args.is_initialization_required(): # Init db db_composer = DBComposer() db_composer.compose_vuln_db() elif parsed_args.get_cve(): # Get product from CVE m = MongoDbDriver() print( json.dumps(m.get_products_from_CVE(parsed_args.get_cve()), sort_keys=True, indent=4)) elif parsed_args.get_bid(): # Get product from BID m = MongoDbDriver() print( json.dumps(m.get_products_from_BID(parsed_args.get_bid()), sort_keys=True, indent=4)) else: m = MongoDbDriver() if parsed_args.is_only_product_check(): # Checks if vulnerabilities exists print( m.has_vulnerabilities(parsed_args.get_product(), parsed_args.get_product_version())) else: # Gets cves print( json.dumps(m.get_vulnerabilities( parsed_args.get_product(), parsed_args.get_product_version()), sort_keys=True, indent=4))
def main(parsed_args): m = MongoDbDriver() if not parsed_args.is_history_requested(): docker_driver = DockerDriver() # Scans the docker image/container if parsed_args.get_docker_image_name(): # Scan the docker image products = get_soft_from_docker_image( docker_driver, parsed_args.get_docker_image_name()) image_name = parsed_args.get_docker_image_name() else: # Scan the docker container products = get_soft_from_docker_container_id( docker_driver, parsed_args.get_container_id()) image_name = docker_driver.get_docker_image_name_from_container_id( parsed_args.get_container_id()) # Evaluate the installed software evaluated_docker_image = evaluate_products(image_name, products) # Update the scan history m.insert_docker_image_scan_result_to_history(evaluated_docker_image) # Prepares output evaluated_docker_image['timestamp'] = str( datetime.datetime.utcfromtimestamp( evaluated_docker_image['timestamp'])) del evaluated_docker_image['_id'] print(json.dumps(evaluated_docker_image, sort_keys=True, indent=4)) else: # Gets the history print( json.dumps(m.get_docker_image_history( parsed_args.get_docker_image_name()), sort_keys=True, indent=4))
def __init__(self): super(DBComposer, self).__init__() self.mongoDbDriver = MongoDbDriver()
class DBComposer: # -- Public methods # DBComposer Constructor def __init__(self): super(DBComposer, self).__init__() self.mongoDbDriver = MongoDbDriver() # Compose vuln DB def compose_vuln_db(self): # Clean collections print("Cleaning vuln_DB ...", flush=True) self.mongoDbDriver.delete_cve_collection() self.mongoDbDriver.delete_bid_collection() self.mongoDbDriver.delete_exploit_db_collection() # Adding CVEs print("\nAdding CVEs ...", flush=True) time.sleep(1) # Avoids race condition in stdout bar = progressbar.ProgressBar(redirect_stdout=True) for i in bar(range(2002, 2017)): self.mongoDbDriver.bulk_insert_cves( self.__get_cve_list_from_file(i)) # Adding Exploit_db time.sleep(1) # Avoids race condition in stdout print("\nAdding Exploit_db ...", flush=True) self.__get_and_insert_exploit_db_from_csv() # Adding BugTraqs time.sleep(1) # Avoids race condition in stdout print("\nAdding BugTraqs (BIDs) ...", flush=True) self.__get_and_insert_bug_traqs_from_file() # -- Private methods # Gets and inserts BugTraq list from file def __get_and_insert_bug_traqs_from_file(self): r = requests.get( "https://github.com/eliasgranderubio/bidDB_downloader/raw/master/bonus_track/20161118_sf_db.json.gz" ) compressed_file = io.BytesIO(r.content) decompressed_file = gzip.GzipFile(fileobj=compressed_file) bar = progressbar.ProgressBar(redirect_stdout=True, max_value=len( decompressed_file.readlines())) decompressed_file.seek(0) counter = 0 items = set() for line in decompressed_file: counter += 1 bar.update(counter) try: json_data = json.loads(line.decode("utf-8")) bugtraq_id = json_data['bugtraq_id'] vuln_products = json_data['vuln_products'] for vuln_product in vuln_products: matchObj = re.search("[\s\-]([0-9]+(\.[0-9]+)*)", vuln_product) if matchObj: version = matchObj.group() version = version.rstrip().lstrip() if version.startswith('-'): version = version[1:] if version: product = vuln_product[:vuln_product.index(version ) - 1].rstrip().lstrip() item = str(bugtraq_id) + "#" + product.lower( ) + "#" + str(version) if item not in items: items.add(item) except: None # Bulk insert if len(items) > 8000: self.mongoDbDriver.bulk_insert_bids(list(items)) items.clear() # Final bulk insert if len(items) > 0: self.mongoDbDriver.bulk_insert_bids(list(items)) items.clear() # Gets and inserts Exploit_db list from csv file def __get_and_insert_exploit_db_from_csv(self): r = requests.get( 'https://github.com/offensive-security/exploit-database/raw/master/files.csv' ) items = set() bar = progressbar.ProgressBar(redirect_stdout=True) for line in bar(r.content.decode("utf-8").split("\n")): splitted_line = line.split(',') if splitted_line[0] != 'id' and len(splitted_line) > 3: exploit_db_id = splitted_line[0] description = splitted_line[2][1:len(splitted_line[2]) - 1] if '-' in description: description = description[0:description.index('-')].lstrip( ).rstrip().lower() iterator = re.finditer("([0-9]+(\.[0-9]+)+)", description) match = next(iterator, None) if match: version = match.group() description = description[:description.index( version)].rstrip().lstrip() item = str(exploit_db_id ) + "#" + description + "#" + str(version) if item not in items: items.add(item) for match in iterator: version = match.group() item = str( exploit_db_id) + "#" + description + "#" + str( version) if item not in items: items.add(item) # Bulk insert if len(items) > 8000: self.mongoDbDriver.bulk_insert_exploit_db_ids( list(items)) items.clear() # Final bulk insert if len(items) > 0: self.mongoDbDriver.bulk_insert_exploit_db_ids(list(items)) items.clear() # -- Static methods # Generate CVE list from file @staticmethod def __get_cve_list_from_file(year): cve_set = set() r = requests.get( "https://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-" + str(year) + ".xml.gz") xml_file_content = zlib.decompress(r.content, 16 + zlib.MAX_WBITS) root = ET.fromstring(xml_file_content) for entry in root.findall( "{http://scap.nist.gov/schema/feed/vulnerability/2.0}entry"): vuln_soft_list = entry.find( "{http://scap.nist.gov/schema/vulnerability/0.4}vulnerable-software-list" ) if vuln_soft_list is not None: for vuln_product in vuln_soft_list.findall( "{http://scap.nist.gov/schema/vulnerability/0.4}product" ): splitted_product = vuln_product.text.split(":") if len(splitted_product) > 4: item = entry.attrib.get("id") + "#" + splitted_product[ 3] + "#" + splitted_product[4] if item not in cve_set: cve_set.add(item) return list(cve_set)
def check_cves(product, version): m = MongoDbDriver() if m.has_vulnerabilities(product, version): return 'VULN' else: return 'OK'