print ("Host: " + sourceHost)
if os.path.exists('Results'):
shutil.rmtree('Results')
directory='Results'
#Create results directory to store the raw output
if not os.path.exists(directory):
os.makedirs(directory)
if not os.path.exists(directory + '/' + sourceIP):
os.makedirs(directory + '/' + sourceIP)
#Get CVE from STIX
stix_package = STIXPackage.from_xml(file)
for target in stix_package.exploit_targets:
for vuln in target.vulnerabilities:
print "CVE: " + vuln.cve_id
print "DESC:" + str(vuln.description)
vulnObject=str(vuln.description)
cve = vuln.cve_id
if len(cve) > 0:
if len(vulnObject) > 0:
if not os.path.exists('VulnXML/' + vuln.cve_id + '.xml'):
shutil.copyfile(file,'VulnXML/' + vuln.cve_id + '.xml')
numResults=TARDIS.main(cve, vulnObject, sourceIP, sourceHost)
else:
print("Description missing from Exploit Target")
else:
print("CVE Missing from STIX File")
else:
print ("Unable to resolve hostname, please provide one with -d option")
shutil.rmtree("Results")
numHosts = 0
for host in root.findall("./audit/hosts/host"):
numHosts = numHosts + 1
directory = "Results"
# Create results directory to store the raw output
if not os.path.exists(directory):
os.makedirs(directory)
# Get IP address to run threat search against
for ip in host.findall("./ip"):
sourceIP = ip.text
# We like individual directories per IP
if not os.path.exists(directory + "/" + sourceIP):
os.makedirs(directory + "/" + sourceIP)
for hostname in host.findall("./dnsName"):
sourceHost = hostname.text
for vulnerability in host.findall("./vulnerabilities/vulnerability"):
internalVulnerabilityID = vulnerability.get("id")
vulnName = internalVulnerabilityID
# Convert internal vulnerability ID into a human readable name
for line in open("idmap.config"):
if internalVulnerabilityID in line:
vulnName = re.sub("\d+\:", "", line)
vulnName = re.sub("(\r\n|\r|\n)", "", vulnName)
internalVulnerabilityID = vulnName
numResults = TARDIS.main(vulnName, sourceIP, sourceHost)
if numHosts < 1:
sys.exit("Not a valid XML file, use IP360 XML3 audit output")
print("Host: " + sourceHost)
if os.path.exists('Results'):
shutil.rmtree('Results')
directory = 'Results'
#Create results directory to store the raw output
if not os.path.exists(directory):
os.makedirs(directory)
if not os.path.exists(directory + '/' + sourceIP):
os.makedirs(directory + '/' + sourceIP)
#Get CVE from STIX
stix_package = STIXPackage.from_xml(file)
for target in stix_package.exploit_targets:
for vuln in target.vulnerabilities:
print "CVE: " + vuln.cve_id
print "DESC:" + str(vuln.description)
vulnObject = str(vuln.description)
cve = vuln.cve_id
if len(cve) > 0:
if len(vulnObject) > 0:
if not os.path.exists('VulnXML/' + vuln.cve_id + '.xml'):
shutil.copyfile(file, 'VulnXML/' + vuln.cve_id + '.xml')
numResults = TARDIS.main(cve, vulnObject, sourceIP, sourceHost)
else:
print("Description missing from Exploit Target")
else:
print("CVE Missing from STIX File")
else:
print("Unable to resolve hostname, please provide one with -d option")