def scheduled_scan():
scan_starttime = datetime.datetime.now().strftime("%Y/%m/%d %H:%M:%S")
session_id = base64.b64encode(
scan_starttime.encode("ascii")).decode("ascii")
utils.config_test()
exploitdb_success = False
if cp.get('exploitdb', 'use_exploitdb') == 'True':
ExploitDB.download_vulndata(langdata)
extracted = ExploitDB.extract_windows_exploit(langdata)
exploitdb_vulndata = ExploitDB.parse_vulndata(extracted)
if exploitdb_vulndata is not None:
exploitdb_success = True
if cp.get('general', 'do_not_save_vulndata') == 'True':
os.remove(cp.get('exploitdb', 'vulndata_filename'))
jvn_success = False
if cp.get('jvn', 'use_jvn') == 'True':
jvn_vulndata = JVN.download_vulndata(langdata)
if jvn_vulndata is not None:
jvn_success = True
nvd_success = False
if cp.get('nvd', 'use_nvd') == 'True':
nvd_vulndata = NVD.download_vulndata(langdata)
if nvd_vulndata is not None:
nvd_success = True
installed = {}
installed.update(local_app.getapp_from_wmi())
installed.update(local_app.getapp_from_hklm())
installed.update(local_app.getapp_from_hklmwow64())
installed.update(local_app.getapp_from_hkcu())
result = {}
count = 0
scanret_exploitdb = ExploitDB.scan(langdata, exploitdb_vulndata, installed)
scanret_jvn = JVN.scan(langdata, jvn_vulndata, installed)
scanret_nvd = NVD.scan(langdata, nvd_vulndata, installed)
scanret_winupdate = WindowsUpdate.scan(langdata)
result.update(scanret_exploitdb[0])
result.update(scanret_jvn[0])
result.update(scanret_nvd[0])
result.update(scanret_winupdate[0])
count = scanret_exploitdb[1] + scanret_jvn[1] + scanret_nvd[
1] + scanret_winupdate[1]
scan_endtime = datetime.datetime.now().strftime("%Y/%m/%d %H:%M:%S")
history = '''
Session ID: {}
Scan started at: {}
Scan ended at: {}
Found vulnerable application and available update: {}
DetExploit Version: {}
#####################################################################
'''.format(session_id, scan_starttime, scan_endtime, count,
DETEXPLOIT_VERSION)
with open('../history.detexploit', 'w') as wh:
wh.write(history)
report.generate_report(langdata, DETEXPLOIT_VERSION, session_id, count,
scan_starttime, scan_endtime, exploitdb_success,
jvn_success, nvd_success, result)
def scan(path=None, year=this_year, local=False, verbose=False):
(parser, path) = nvd.get(year, path=path, verbose=verbose)
frozen = freezer(local=local)
for key in sorted(frozen.iterkeys()):
cves = nvd.scan(year=year, name=key, version=frozen[key], verbose=verbose)
if not cves:
continue
print "Found %d vulnerabilities for %s %s:" % (len(cves), key, frozen[key]), cves
for cve in cves:
exploits = exploitdb.search(cve)
if exploits:
print "Found exploits for %s: %s" % (cve, exploits)
def scan():
pythoncom.CoInitialize()
DETEXPLOIT_VERSION = 'v1.4-ALPHA-GUI'
scan_starttime = datetime.datetime.now().strftime("%Y/%m/%d %H:%M:%S")
session_id = base64.b64encode(scan_starttime.encode("ascii")).decode("ascii")
utils.config_test()
progress_label.config(text=langdata['EXPLOITDB_DOWNLOAD_INTRO'])
ExploitDB_RetData = ExploitDB.proc_data(langdata)
ExploitDB_VulnData = ExploitDB_RetData[0]
ExploitDB_Success = ExploitDB_RetData[1]
progress_label.config(text=langdata['JVN_DOWNLOAD_INTRO'])
JVN_RetData = proc_jvn()
JVN_VulnData = JVN_RetData[0]
JVN_Success = JVN_RetData[1]
progress_label.config(text=langdata['NVD_DOWNLOAD_INTRO'])
NVD_RetData = NVD.proc_data(langdata)
NVD_VulnData = NVD_RetData[0]
NVD_Success = NVD_RetData[1]
progress_label.config(text=langdata['GET_LOCAL_APP'])
installed = local_app.get_all()
## Scan #############################################################
result = {}
count = 0
scanret_exploitdb = ExploitDB.scan(langdata, ExploitDB_VulnData, installed)
scanret_jvn = JVN.scan(langdata, JVN_VulnData, installed)
scanret_nvd = NVD.scan(langdata, NVD_VulnData, installed)
scanret_winupdate = WindowsUpdate.scan(langdata)
result.update(scanret_exploitdb[0])
result.update(scanret_jvn[0])
result.update(scanret_nvd[0])
result.update(scanret_winupdate[0])
count = scanret_exploitdb[1] + scanret_jvn[1] + scanret_nvd[1] + scanret_winupdate[1]
#####################################################################
scan_endtime = datetime.datetime.now().strftime("%Y/%m/%d %H:%M:%S")
history = '''
Session ID: {}
Scan started at: {}
Scan ended at: {}
Found vulnerable application and available update: {}
DetExploit Version: {}
#####################################################################
'''.format(session_id, scan_starttime, scan_endtime, count, DETEXPLOIT_VERSION)
with open('../history.detexploit', 'w') as wh:
wh.write(history)
## Report ###########################################################
report.generate_report( langdata,
DETEXPLOIT_VERSION,
session_id,
count,
scan_starttime,
scan_endtime,
ExploitDB_Success,
JVN_Success,
NVD_Success,
result)
def scan():
pythoncom.CoInitialize()
DETEXPLOIT_VERSION = 'v1.4-ALPHA-GUI'
scan_starttime = datetime.datetime.now().strftime("%Y/%m/%d %H:%M:%S")
session_id = base64.b64encode(
scan_starttime.encode("ascii")).decode("ascii")
utils.config_test(cp) ### no cp default
ExploitDB_VulnData = {}
ExploitDB_Success = {}
if os.path.isfile('ExploitDB.pickle') and os.path.isfile(
'ExploitDB_Success.pickle'):
with open('ExploitDB.pickle', 'rb') as f:
ExploitDB_VulnData = pickle.load(f)
with open('ExploitDB_Success.pickle', 'rb') as f:
ExploitDB_Success = pickle.load(f)
else:
progress_label.config(text=langdata['EXPLOITDB_DOWNLOAD_INTRO'])
ExploitDB_RetData = ExploitDB.proc_data(cp, langdata)
ExploitDB_VulnData = ExploitDB_RetData[0]
ExploitDB_Success = ExploitDB_RetData[1]
with open('ExploitDB.pickle', 'wb') as f:
pickle.dump(ExploitDB_VulnData, f, pickle.HIGHEST_PROTOCOL)
with open('ExploitDB_Success.pickle', 'wb') as f:
pickle.dump(ExploitDB_Success, f, pickle.HIGHEST_PROTOCOL)
JVN_VulnData = {}
JVN_Success = {}
if os.path.isfile('JVN.pickle') and os.path.isfile('JVN_Success.pickle'):
with open('JVN.pickle', 'rb') as f:
JVN_VulnData = pickle.load(f)
with open('JVN_Success.pickle', 'rb') as f:
JVN_Success = pickle.load(f)
else:
progress_label.config(text=langdata['JVN_DOWNLOAD_INTRO'])
JVN_RetData = JVN.proc_data(cp, langdata)
JVN_VulnData = JVN_RetData[0]
JVN_Success = JVN_RetData[1]
with open('JVN.pickle', 'wb') as f:
pickle.dump(JVN_VulnData, f, pickle.HIGHEST_PROTOCOL)
with open('JVN_Success.pickle', 'wb') as f:
pickle.dump(JVN_Success, f, pickle.HIGHEST_PROTOCOL)
NVD_VulnData = {}
NVD_Success = {}
if os.path.isfile('NVD.pickle') and os.path.isfile('NVD_Success.pickle'):
with open('NVD.pickle', 'rb') as f:
NVD_VulnData = pickle.load(f)
with open('NVD_Success.pickle', 'rb') as f:
NVD_Success = pickle.load(f)
else:
progress_label.config(text=langdata['NVD_DOWNLOAD_INTRO'])
NVD_RetData = NVD.proc_data(cp, langdata)
NVD_VulnData = NVD_RetData[0]
NVD_Success = NVD_RetData[1]
with open('NVD.pickle', 'wb') as f:
pickle.dump(NVD_VulnData, f, pickle.HIGHEST_PROTOCOL)
with open('NVD_Success.pickle', 'wb') as f:
pickle.dump(NVD_Success, f, pickle.HIGHEST_PROTOCOL)
progress_label.config(text=langdata['GET_LOCAL_APP'])
installed = local_app.get_all()
## Scan #############################################################
count = 0
i = 0
print("DICCIONARIOO EXPLLLLLOITDB_VULNDATA")
#print(len(ExploitDB_VulnData))
for key in ExploitDB_VulnData:
i = i + 1
if i > 10: break
print("Clave: " + key + " Valor: " + ExploitDB_VulnData[key])
i = 0
print("DICCIONARIOO JVN_VulnData")
#print(len(JVN_VulnData))
for key in JVN_VulnData:
i = i + 1
if i > 10: break
print("Clave: " + key + " Valor: " + JVN_VulnData[key])
i = 0
print("DICCIONARIOO NVD_VulnData")
#print(len(NVD_VulnData))
for key in NVD_VulnData:
i = i + 1
if i > 10: break
print("Clave: " + key + " Valor: " + NVD_VulnData[key])
scanret_exploitdb = ExploitDB.scan(langdata, ExploitDB_VulnData, installed)
scanret_jvn = JVN.scan(langdata, JVN_VulnData, installed)
scanret_nvd = NVD.scan(langdata, NVD_VulnData, installed)
scanret_winupdate = WindowsUpdate.scan(langdata)
result = {}
result.update(scanret_exploitdb[0])
result.update(scanret_jvn[0])
result.update(scanret_nvd[0])
result.update(scanret_winupdate[0])
count = scanret_exploitdb[1] + scanret_jvn[1] + scanret_nvd[
1] # + scanret_winupdate[1]
#####################################################################
scan_endtime = datetime.datetime.now().strftime("%Y/%m/%d %H:%M:%S")
history = '''
Session ID: {}
Scan started at: {}
Scan ended at: {}
Found vulnerable application and available update: {}
DetExploit Version: {}
#####################################################################
'''.format(session_id, scan_starttime, scan_endtime, count,
DETEXPLOIT_VERSION)
with open('../history.detexploit', 'w') as wh:
wh.write(history)
resultdict = {}
## Report ###########################################################
report.generate_report(cp, langdata, DETEXPLOIT_VERSION, session_id, count,
scan_starttime, scan_endtime, ExploitDB_Success,
JVN_Success, NVD_Success, result)
def main(session_id, cp, langdata):
DETEXPLOIT_VERSION = 'v1.4-ALPHA-CLI'
scan_starttime = datetime.datetime.now().strftime("%Y/%m/%d %H:%M:%S")
if session_id == None:
session_id = base64.b64encode(
scan_starttime.encode("ascii")).decode("ascii")
utils.config_test(cp)
ExploitDB_RetData = ExploitDB.proc_data(cp, langdata)
ExploitDB_VulnData = ExploitDB_RetData[0]
ExploitDB_Success = ExploitDB_RetData[1]
JVN_RetData = JVN.proc_data(cp, langdata)
JVN_VulnData = JVN_RetData[0]
JVN_Success = JVN_RetData[1]
NVD_RetData = NVD.proc_data(cp, langdata)
NVD_VulnData = NVD_RetData[0]
NVD_Success = NVD_RetData[1]
installed = local_app.get_all()
## Scan #############################################################
result = {}
count = 0
scanret_exploitdb = ExploitDB.scan(langdata, ExploitDB_VulnData, installed)
scanret_jvn = JVN.scan(langdata, JVN_VulnData, installed)
scanret_nvd = NVD.scan(langdata, NVD_VulnData, installed)
scanret_winupdate = WindowsUpdate.scan(langdata)
result.update(scanret_exploitdb[0])
result.update(scanret_jvn[0])
result.update(scanret_nvd[0])
result.update(scanret_winupdate[0])
count = scanret_exploitdb[1] + scanret_jvn[1] + scanret_nvd[
1] + scanret_winupdate[1]
#####################################################################
scan_endtime = datetime.datetime.now().strftime("%Y/%m/%d %H:%M:%S")
history = '''
Session ID: {}
Scan started at: {}
Scan ended at: {}
Found vulnerable application and available update: {}
DetExploit Version: {}
#####################################################################
'''.format(session_id, scan_starttime, scan_endtime, count,
DETEXPLOIT_VERSION)
with open('../history.detexploit', 'w') as wh:
wh.write(history)
## Report ###########################################################
report.generate_report(cp, langdata, DETEXPLOIT_VERSION, session_id, count,
scan_starttime, scan_endtime, ExploitDB_Success,
JVN_Success, NVD_Success, result)
cprint('===========================================================',
'red')
cprint(langdata['RESONE'] + str(count) + langdata['RESTWO'], 'red')
cprint('===========================================================',
'red')
def main():
global session_id
cprint(figlet_format(' DetExploit'), 'red', attrs=['bold'], end='')
print('===========================================================')
print(langdata['WELCOME_MESSAGE'])
print('===========================================================')
scan_starttime = datetime.datetime.now().strftime("%Y/%m/%d %H:%M:%S")
if session_id == None:
session_id = base64.b64encode(
scan_starttime.encode("ascii")).decode("ascii")
utils.config_test()
## ExploitDB ########################################################
exploitdb_success = False
if cp.get('exploitdb', 'use_exploitdb') == 'True':
ExploitDB.download_vulndata(langdata)
extracted = ExploitDB.extract_windows_exploit(langdata)
exploitdb_vulndata = ExploitDB.parse_vulndata(extracted)
if exploitdb_vulndata is not None:
exploitdb_success = True
if cp.get('general', 'do_not_save_vulndata') == 'True':
os.remove(cp.get('exploitdb', 'vulndata_filename'))
#####################################################################
## JVN ##############################################################
jvn_success = False
if cp.get('jvn', 'use_jvn') == 'True':
jvn_vulndata = JVN.download_vulndata(langdata)
if jvn_vulndata is not None:
jvn_success = True
#####################################################################
## NVD ##############################################################
nvd_success = False
if cp.get('nvd', 'use_nvd') == 'True':
nvd_vulndata = NVD.download_vulndata(langdata)
if nvd_vulndata is not None:
nvd_success = True
#####################################################################
## Get locally installed applications ###############################
installed = {}
installed.update(local_app.getapp_from_wmi())
installed.update(local_app.getapp_from_hklm())
installed.update(local_app.getapp_from_hklmwow64())
installed.update(local_app.getapp_from_hkcu())
#####################################################################
## Scan #############################################################
result = {}
count = 0
scanret_exploitdb = ExploitDB.scan(langdata, exploitdb_vulndata, installed)
scanret_jvn = JVN.scan(langdata, jvn_vulndata, installed)
scanret_nvd = NVD.scan(langdata, nvd_vulndata, installed)
scanret_winupdate = WindowsUpdate.scan(langdata)
result.update(scanret_exploitdb[0])
result.update(scanret_jvn[0])
result.update(scanret_nvd[0])
result.update(scanret_winupdate[0])
count = scanret_exploitdb[1] + scanret_jvn[1] + scanret_nvd[
1] + scanret_winupdate[1]
#####################################################################
scan_endtime = datetime.datetime.now().strftime("%Y/%m/%d %H:%M:%S")
history = '''
Session ID: {}
Scan started at: {}
Scan ended at: {}
Found vulnerable application and available update: {}
DetExploit Version: {}
#####################################################################
'''.format(session_id, scan_starttime, scan_endtime, count,
DETEXPLOIT_VERSION)
with open('../history.detexploit', 'w') as wh:
wh.write(history)
## Report ###########################################################
report.generate_report(langdata, DETEXPLOIT_VERSION, session_id, count,
scan_starttime, scan_endtime, exploitdb_success,
jvn_success, nvd_success, result)
cprint('===========================================================',
'red')
cprint(langdata['RESONE'] + str(count) + langdata['RESTWO'], 'red')
cprint('===========================================================',
'red')
def scan_main(self):
pythoncom.CoInitialize()
scan_starttime = datetime.datetime.now().strftime("%Y/%m/%d %H:%M:%S")
session_id = base64.b64encode(scan_starttime.encode("ascii")).decode("ascii")
self.update_status(langdata['OP_START'])
## ExploitDB ########################################################
exploitdb_success = False
self.update_status(langdata['EXPLOITDB_DOWNLOAD_INTRO'])
if cp.get('exploitdb', 'use_exploitdb') == 'True':
ExploitDB.download_vulndata(langdata)
self.update_status(langdata['EXPLOITDB_EXTRACT_GUI'])
extracted = ExploitDB.extract_windows_exploit(langdata)
self.update_status(langdata['EXPLOITDB_PARSE'])
exploitdb_vulndata = ExploitDB.parse_vulndata(extracted)
if exploitdb_vulndata is not None:
exploitdb_success = True
if cp.get('general', 'do_not_save_vulndata') == 'True':
os.remove(cp.get('exploitdb', 'vulndata_filename'))
#####################################################################
## JVN ##############################################################
jvn_success = False
self.update_status(langdata['JVN_DOWNLOAD_INTRO'])
if cp.get('jvn', 'use_jvn') == 'True':
self.jvn_download_vulndata(langdata)
jvn_vulndata = product_dict
if jvn_vulndata is not None:
jvn_success = True
#####################################################################
## NVD ##############################################################
nvd_success = False
self.update_status(langdata['NVD_DOWNLOAD_INTRO'])
if cp.get('nvd', 'use_nvd') == 'True':
nvd_vulndata = NVD.download_vulndata(langdata)
if nvd_vulndata is not None:
nvd_success = True
#####################################################################
## Get locally installed applications ###############################
installed = {}
self.update_status(langdata['WMI_APP_RET'])
installed.update(local_app.getapp_from_wmi())
self.update_status(langdata['REG_APP_RET'])
installed.update(local_app.getapp_from_hklm())
installed.update(local_app.getapp_from_hklmwow64())
installed.update(local_app.getapp_from_hkcu())
#####################################################################
## Scan #############################################################
result = {}
count = 0
self.update_status(langdata['SCAN_MSG_ONE'])
scanret_exploitdb = ExploitDB.scan(langdata, exploitdb_vulndata, installed)
scanret_jvn = JVN.scan(langdata, jvn_vulndata, installed)
scanret_nvd = NVD.scan(langdata, nvd_vulndata, installed)
self.update_status(langdata['SCAN_MSG_TWO'])
scanret_winupdate = WindowsUpdate.scan(langdata)
result.update(scanret_exploitdb[0])
result.update(scanret_jvn[0])
result.update(scanret_winupdate[0])
count = scanret_exploitdb[1] + scanret_jvn[1] + scanret_winupdate[1]
#####################################################################
scan_endtime = datetime.datetime.now().strftime("%Y/%m/%d %H:%M:%S")
## Report ###########################################################
self.update_status(langdata['GEN_REPORT'])
report.generate_report( langdata,
'v1.4-ALPHA-GUI',
session_id,
count,
scan_starttime,
scan_endtime,
exploitdb_success,
jvn_success,
nvd_success,
result)
#####################################################################
self.update_status(langdata['SCAN_END'])