def start(self,port=None,systems=None): connect = Configuration.getMongoConnection() self.db = connect['cves'] self.systems=systems app = Flask(__name__, static_folder='static', static_url_path='/static') app.config['MONGO_DBNAME'] = Configuration.getMongoDB() # functions def getEnhance(): for system in self.systems: cpe=system['cpe'] if cpe: system['cves']=list(self.db.find({'vulnerable_configuration': system['cpe']})) #get possible dpe info and store in dpe for service in system['services']: if 'cpe' in service: service['cves']=list(self.db.find({'vulnerable_configuration':service['cpe']})) #get dpe info for service return systems # routes @app.route('/') def index(): systems=getEnhance() return render_template('index.html', systems=systems) @app.route('/cve/<cveid>') def cve(cveid): cvesp = cves.last(rankinglookup = True, namelookup = True, vfeedlookup = True) cve = cvesp.getcve(cveid=cveid) if cve is None: return page_not_found(404) cve = markCPEs(cve) return render_template('cve.html', cve=cve) # filters @app.template_filter('product') def product(banner): if banner: p=re.search('(product:).([^\s]+)', banner) return p.group(2) else: return "unknown" # debug filter @app.template_filter('type') def isType(var): return type(var) #start webserver app.run(host='127.0.0.1', port=5000, debug=True)
def __init__(self, collection="cves", rankinglookup=False, namelookup=False, vfeedlookup=False): self.collectionname = collection self.rankinglookup = rankinglookup self.namelookup = namelookup self.vfeedlookup = vfeedlookup connectdb = Configuration.getMongoConnection() self.collection = connectdb[self.collectionname] if rankinglookup: self.ranking = connectdb['ranking'] if namelookup: if "cpeother" in connectdb.collection_names(): self.cpe = connectdb['cpeother'] else: self.cpe = connectdb['cpe'] if vfeedlookup: self.vfeed = connectdb['vfeed']
from Config import Configuration from list import CPEList # parse command line arguments argparser = argparse.ArgumentParser(description='populate/update the whitelist used in webviews') argparser.add_argument('-a', action='append', help='add one or more CPE to whitelist') argparser.add_argument('-r', action='append', help='remove one or more CPE from whitelist') argparser.add_argument('-i', help='filename of the whitelist to import') argparser.add_argument('-e', help='filename of the whitelist to export') argparser.add_argument('-d', action='store_true', help='drop the whitelist') argparser.add_argument('-f', action='store_true', help='force an action') argparser.add_argument('-v', action='store_true', help='verbose output') args = argparser.parse_args() # connect to db db = Configuration.getMongoConnection() collection = db.mgmt_whitelist def importWhitelist(importFile): oList = CPEList(collection, args) oList.importList(importFile) def exportWhitelist(exportFile): oList = CPEList(collection, args) oList.exportList(exportFile) def dropWhitelist(): oList = CPEList(collection, args) oList.dropCollection() def countWhitelist():
import sys runPath = os.path.dirname(os.path.realpath(__file__)) sys.path.append(os.path.join(runPath, "./lib/")) from urllib.request import urlopen import tarfile import shutil import sqlite3 from Config import Configuration vFeedurl = Configuration.getvFeedURL() vFeedstatus = Configuration.getvFeedStatus() # connect to db db = Configuration.getMongoConnection() info = db.info u = urlopen(vFeedurl) i = info.find_one({'db': 'vfeed'}) if i is not None: if u.headers['last-modified'] == i['last-modified']: sys.exit("Not modified") info.update({'db': 'vfeed'}, {"$set": { 'last-modified': u.headers['last-modified'] }}, upsert=True) if not os.path.exists('./tmp'): os.mkdir('./tmp')
def nbelement(db = Configuration.getMongoDB(), collection = None): if collection is None: collection = "cves" c = Configuration.getMongoConnection() return c[collection].count()
def main(): # Imports import os import sys _runPath = os.path.dirname(os.path.realpath(__file__)) sys.path.append(os.path.join(_runPath, "./lib/")) import re import argparse import csv from urllib.parse import urlparse import json from bson import json_util import cves from Config import Configuration # connect to DB db = Configuration.getMongoConnection() collection = db.cves # init control variables csvOutput = 0 htmlOutput = 0 jsonOutput = 0 xmlOutput = 0 # init various variables :-) vSearch = "" vOutput = "" vFreeSearch = "" # parse command-line arguments argParser = argparse.ArgumentParser(description='Search for vulnerabilities in the National Vulnerability DB. Data from http://nvd.nist.org.') argParser.add_argument('-p', type=str, help='S = search product, e.g. o:microsoft:windows_7 or o:cisco:ios:12.1') argParser.add_argument('-f', type=str, help='F = free text search in vulnerability summary') argParser.add_argument('-c', action='append', help='search one or more CVE-ID') argParser.add_argument('-o', type=str, help='O = output format [csv|html|json|xml|cveid]') argParser.add_argument('-l', action='store_true', help='sort in descending mode') argParser.add_argument('-n', action='store_true', help='lookup complete cpe (Common Platform Enumeration) name for vulnerable configuration') argParser.add_argument('-r', action='store_true', help='lookup ranking of vulnerable configuration') argParser.add_argument('-v', type=str, help='vendor name to lookup in reference URLs') args = argParser.parse_args() vSearch = args.p cveSearch = args.c vOutput = args.o vFreeSearch = args.f sLatest = args.l namelookup = args.n rankinglookup = args.r cves = cves.last(rankinglookup = rankinglookup, namelookup = namelookup) # replace special characters in vSearch with encoded version. # Basically cuz I'm to lazy to handle conversion on DB creation ... if vSearch: vSearch = re.sub(r'\(','%28', vSearch) vSearch = re.sub(r'\)','%29', vSearch) # define which output to generate. if vOutput == "csv": csvOutput = 1 elif vOutput == "html": htmlOutput = 1 elif vOutput == "xml": xmlOutput = 1 from xml.etree.ElementTree import Element, SubElement, tostring from xml.sax.saxutils import escape as SaxEscape r = Element('cve-search') elif vOutput == "json": jsonOutput = 1 elif vOutput == "cveid": cveidOutput = 1 else: cveidOutput = False # Print first line of html output if htmlOutput and args.p is not None: print("<html><body><h1>CVE search "+ args.p +" </h1>") elif htmlOutput and args.c is not None: print("<html><body><h1>CVE-ID "+ str(args.c) +" </h1>") # search default is ascending mode sorttype=1 if sLatest:sorttype=-1 def printCVE(item): if not namelookup and not rankinglookup: print(json.dumps(item, sort_keys=True, default=json_util.default)) else: if "vulnerable_configuration" in item: vulconf = [] ranking = [] for conf in item['vulnerable_configuration']: if namelookup: vulconf.append(cves.getcpe(cpeid=conf)) if rankinglookup: rank = cves.getranking(cpeid=conf) if rank and rank not in ranking: ranking.append(rank) if namelookup: item['vulnerable_configuration'] = vulconf if rankinglookup: item['ranking'] = ranking print(json.dumps(item, sort_keys=True, default=json_util.default)) if cveSearch: for cveid in cveSearch: for item in collection.find({'id': cveid}).sort("Modified",sorttype): printCVE(item) # Basic freetext search (in vulnerability summary). # Full-text indexing is more efficient to search across all CVEs. if vFreeSearch: for item in collection.find({'summary': {'$regex' : re.compile(vFreeSearch, re.IGNORECASE)}}).sort("Modified",sorttype): print(item) # Search Product (best to use CPE notation, e.g. cisco:ios:12.2 if vSearch: for item in collection.find({"vulnerable_configuration": {'$regex' : vSearch}}).sort("Modified",sorttype): if csvOutput: # We assume that the vendor name is usually in the hostame of the # URL to avoid any match on the resource part refs=[] for entry in item['references']: if args.v is not None: url = urlparse(entry) hostname = url.netloc if re.search(args.v, hostname): refs.append(entry) if not refs: refs = "[no vendor link found]" if namelookup: nl = " ".join(item['vulnerable_configuration']) csvoutput = csv.writer(sys.stdout, delimiter='|', quotechar='|', quoting=csv.QUOTE_MINIMAL) if not namelookup: csvoutput.writerow([item['id'],item['Published'],item['cvss'],item['summary'],refs]) else: csvoutput.writerow([item['id'],item['Published'],item['cvss'],item['summary'],refs,nl]) elif htmlOutput: print("<h2>"+item['id']+"<br></h2>CVSS score: "+item['cvss']+"<br>"+"<b>"+item['Published']+"<b><br>"+item['summary']+"<br>") print("References:<br>") for entry in item['references']: print(entry+"<br>") print("<hr><hr>") # bson straight from the MongoDB db - converted to JSON default # representation elif jsonOutput: printCVE(item) elif xmlOutput: c = SubElement(r,'id') c.text = item['id'] c = SubElement(r,'Published') c.text = item['Published'] c = SubElement(r,'cvss') c.text = item['cvss'] c = SubElement(r,'summary') c.text = SaxEscape(item['summary']) for e in item['references']: c = SubElement(r,'references') c.text = SaxEscape(e) for e in item['vulnerable_configuration']: c = SubElement(r,'vulnerable_configuration') c.text = SaxEscape(e) elif cveidOutput: print(item['id']) else: print("CVE\t: " + item['id']) print("DATE\t: " + item['Published']) print("CVSS\t: " + str(item['cvss'])) print(item['summary']) print("\nReferences:") print("-----------") for entry in item['references']: print(entry) print("\nVulnerable Configs:") print("-------------------") for entry in item['vulnerable_configuration']: if not namelookup: print(entry) else: print(cves.getcpe(cpeid=entry)) print("\n\n") if htmlOutput: print("</body></html>") if xmlOutput: # default encoding is UTF-8. Should this be detected on the terminal? s = tostring(r).decode("utf-8") print(s)