def main():
cveObj = CVESearch()
counter = 0
try:
os.makedirs("jsonFiles")
except FileExistsError:
pass # already exists
os.chdir("jsonFiles")
print("By Henry Weckermann")
print(f"Downloading {len(cveIdList.cves)} files to Folder: /jsonFiles")
print("Please be patient as the program needs to wait every 20 entries to avoid an ip ban")
for cve in cveIdList.cves:
jsonData = cveObj.id(cve)
filename = cve
with open(cve + ".json", "w") as file:
#file.write(jsonData)
json.dump(jsonData, file)
counter = counter + 1
if counter%THRESHOLD == 0:
showProgress(counter)
time.sleep(SLEEPTIME)
def get_cve(cveid):
print 'Zhanam ' + cveid + ' ...'
cve = CVESearch()
print cve.search(cveid)
def __init__(self):
self.cve = CVESearch()
self.store_name = 'cvestore.db'
self.cached_cve_ids = []
self.message_queue = CustQueue()
self.mastodonClass = MastodonClass()
self.mastodonClass.initalize()
self.readCVEListFromFile()
def cvebuild(var):
"""Search for a CVE ID and return a STIX formatted response."""
cve = CVESearch()
data = json.loads(cve.id(var))
if data:
try:
from stix.utils import set_id_namespace
namespace = {NS: NS_PREFIX}
set_id_namespace(namespace)
except ImportError:
from mixbox.idgen import set_id_namespace
from mixbox.namespaces import Namespace
namespace = Namespace(NS, NS_PREFIX, "")
set_id_namespace(namespace)
pkg = STIXPackage()
pkg.stix_header = STIXHeader()
pkg = STIXPackage()
pkg.stix_header = STIXHeader()
pkg.stix_header.handling = _marking()
# Define the exploit target
expt = ExploitTarget()
expt.title = data['id']
expt.description = data['summary']
expt.information_source = InformationSource(identity=Identity(
name="National Vulnerability Database"))
# Add the vulnerability object to the package object
expt.add_vulnerability(_vulnbuild(data))
# Add the COA object to the ET object
for coa in COAS:
expt.potential_coas.append(
CourseOfAction(idref=coa['id'], timestamp=expt.timestamp))
# Do some TTP stuff with CAPEC objects
if TTPON is True:
try:
for i in data['capec']:
pkg.add_ttp(_buildttp(i, expt))
except KeyError:
pass
expt.add_weakness(_weakbuild(data))
# Add the exploit target to the package object
pkg.add_exploit_target(expt)
xml = pkg.to_xml()
title = pkg.id_.split(':', 1)[-1]
# If the function is not imported then output the xml to a file.
if __name__ == '__main__':
_postconstruct(xml, title)
return xml
else:
sys.exit("[-] Error retrieving details for " + var)
def cvebuild(var):
"""Search for a CVE ID and return a STIX formatted response."""
cve = CVESearch()
data = json.loads(cve.id(var))
if data:
try:
from stix.utils import set_id_namespace
namespace = {NS: NS_PREFIX}
set_id_namespace(namespace)
except ImportError:
from stix.utils import idgen
from mixbox.namespaces import Namespace
namespace = Namespace(NS, NS_PREFIX, "")
idgen.set_id_namespace(namespace)
pkg = STIXPackage()
pkg.stix_header = STIXHeader()
pkg = STIXPackage()
pkg.stix_header = STIXHeader()
pkg.stix_header.handling = marking()
# Define the exploit target
expt = ExploitTarget()
expt.title = data['id']
expt.description = data['summary']
# Add the vulnerability object to the package object
expt.add_vulnerability(vulnbuild(data))
# Do some TTP stuff with CAPEC objects
try:
for i in data['capec']:
ttp = TTP()
ttp.title = "CAPEC-" + str(i['id'])
ttp.description = i['summary']
ttp.exploit_targets.append(ExploitTarget(idref=expt.id_))
pkg.add_ttp(ttp)
except KeyError:
pass
# Do some weakness stuff
if data['cwe'] != 'Unknown':
weak = Weakness()
weak.cwe_id = data['cwe']
expt.add_weakness(weak)
# Add the exploit target to the package object
pkg.add_exploit_target(expt)
xml = pkg.to_xml()
# If the function is not imported then output the xml to a file.
if __name__ == '__main__':
title = pkg.id_.split(':', 1)[-1]
with open(title + ".xml", "w") as text_file:
text_file.write(xml)
return xml
def __init__(self):
self.cve = CVESearch()
self.store_name = 'cvestoredetails.db'
self.cached_cve_ids = []
self.message_queue = CustQueue()
self.mastodonClass = MastodonClass()
self.mastodonClass.initalize()
self.readCVEListFromFile()
self.url = "http://www.cvedetails.com/json-feed.php?numrows=30&vendor_id=0&product_id=0&version_id=0&hasexp=0&opec=0&opov=0&opcsrf=0&opfileinc=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opginf=0&opdos=0&orderby=3&cvssscoremin=6"
def get_cves(self):
from packaging import version
from ares import CVESearch
# use product and version to search via api
# get cve ids from response
# query local db for cve_id
#
# return
base_url = 'https://cve.circl.lu/api/cvefor/'
cpe_string = 'cpe:2.3:o:' + str(
self.vendor) + ':' + self.product + ':' + self.version
cve = CVESearch()
# result = cve.search(str(self.vendor) + '/' + self.product)
result = cve.cvefor(base_url + cpe_string)
return result
def search(company,product):
try:
cve = CVESearch()
#res = cve.search(keyword)
#vendor = cve.browse(company)
#print type(res)
#if vendor and isinstance(vendor,dict):
print "Searching {0}\n".format(company.encode('ascii', 'ignore'))
cve_list = extract_cve_details(company)
print "Searching {0}\n".format(product.encode('ascii', 'ignore'))
cve_list.extend(extract_cve_details(product))
return cve_list
#else:
# return []
except requests.exceptions.RequestException as e:
print e
def lastcve():
"""Grab the last 30 CVEs."""
cve = CVESearch()
data = json.loads(cve.last())
print("[+] Attempting to retrieve the latest 30 CVEs")
if data:
try:
for vulns in data['results']:
with open('history.txt', 'ab+') as history_file:
if vulns['id'] in history_file.read():
print("[-] Package already generated: " + vulns['id'])
else:
history_file.seek(0, 2)
cvebuild(vulns['id'])
history_file.write(vulns['id'] + "\n")
except ImportError:
pass
def get_cves(self):
from vulnerabilities.models import NISTCVE
from packaging import version
v = None
# use product and version to search via api
# get cve ids from response
# query local db for cve_id
#
# return
base_url = 'https://cve.circl.lu/api/cvefor/'
cpe_string = 'cpe:2.3:a:' + str(
self.vendor) + ':' + self.product + ':' + self.version
cve = CVESearch()
# result = cve.search(str(self.vendor) + '/' + self.product)
result = cve.cvefor(base_url + cpe_string)
# https://cve.circl.lu/api/cvefor/cpe:2.3:a:apache:http_server:2.4.37
return result
def extract_cve_details(keyword):
try:
cve = CVESearch()
cve_list = []
data = cve.search(keyword)['data']
for cve_item in data:
if re.search(r'\b' + keyword.lower() + r'\b', cve_item['summary'].lower()):
print "matched " + keyword + " in " + str(cve_item['id'])
else:
#print "Not Matched"
continue
cvss = [cve_item[xx] for xx in cve_item if xx == "cvss"]
impact = [cve_item[xx] for xx in cve_item if xx == "impact"]
access = [cve_item[xx] for xx in cve_item if xx == "access"]
vuln_conf = [cve_item[xx] for xx in cve_item if xx == "vulnerable_configuration"]
last_modified = [cve_item[xx] for xx in cve_item if xx == "Modified"]
cwe_id = [cve_item[xx].encode("UTF8") for xx in cve_item if xx == "cwe"]
if len(cwe_id) == 0:
continue
cwe_id = cwe_id[0].replace("CWE-", '')
res = [row for row in cwe_list if row['CWE-ID'] == cwe_id]
if res:
res = res[0]
print res
cwe = CWE(cwe_id, res['Name'], (res['Likelihood of Exploit'] if res['Likelihood of Exploit'] else None))
else:
cwe = None
#cve_obj = CVE(cve_item['id'],cvss, impact, access, cwe, vuln_conf, last_modified,cve_item['summary'])
cve_obj = CVE(cve_item['id'], cve_item['cvss'], cve_item['impact'], cve_item['access'], cwe, cve_item['vulnerable_configuration'], cve_item['Modified'], cve_item['summary'])
cve_list.append(cve_obj)
return cve_list
except Timeout:
logger.exception('Timeout while connecting to %s' % url)
return []
except requests.exceptions.RequestException as e:
print e
import os
import re
import csv
import click
import json
from ares import CVESearch
from collections import defaultdict
PRIORITY_PATTERNS = {
'low': re.compile('Priority:'),
'medium': re.compile('Priority: [mh]'),
'high': re.compile('Priority: [h]'),
}
CVE = CVESearch()
CVE_DETAILS_TEMPLATE = """
CVE: {id}
Package: {package}
CVSS: {cvss}
Published: {published}
Modified: {modified}
Summary: {summary}
References: {references}
"""
CVE_NO_DETAILS_TEMPLATE = """
CVE: {id}
Package: {package}
No further details available.
"""
@click.command()
table = PrettyTable(header_style='upper',
field_names=[
"Database Name", "Engine Name", "Engine version",
"Region", 'Availability Zone', "CVE ID", "Score",
"Impact"
])
impactTable = PrettyTable(header_style='upper',
field_names=[
"Database Name", "Engine Name", "Engine version",
"Region", 'Availability Zone', "CVE ID", "Score",
"Impact"
])
securityAdminsession = boto3.Session(profile_name='securityAdmin',
region_name='us-west-2')
cve = CVESearch()
ec2 = securityAdminsession.client('ec2')
regions = ec2.describe_regions()
for region in regions["Regions"]:
source = securityAdminsession.client('rds',
region_name=region["RegionName"])
instances = source.describe_db_instances()
db_instanceCount = np.array(instances.get('DBInstances')).size
for dbInstance in instances.get('DBInstances'):
engine_version = dbInstance.get('EngineVersion')
engine = dbInstance.get('Engine')
dbName = dbInstance.get('MasterUsername')
availability_Zone = dbInstance.get('AvailabilityZone')
if (engine == "mysql"):
dbvendor = cve.search('oracle/mysql')
def scanExploit(exploit, id):
cveData = ''
#empty json data
vulnData = {}
#the url we want to check
url = EXPLOITURL + id
#Request the page with the selected headers
page = requests.get(url, headers=HEADER)
time.sleep(0.1)
tree = html.fromstring(page.content)
#What to look for on the page, that says if it has app or not
#Look in html anchor for href with /apps/ in it
#Example: <a href="/apps/786c8d62bf18c6c88d2d82a9443cd1e1-httpd-2.0.44.tar.gz">
hasapp = tree.xpath(
"//a[re:match(@href, '/apps/')]",
namespaces={"re": "http://exslt.org/regular-expressions"})
#Checks if the exploit is verified, using the checkmark class
isverified = tree.xpath("//i[contains(@class, 'mdi-check')]")
if hasapp and isverified:
vulnData['application_name'] = exploit[2]
vulnData['exploitdb_id'] = id
vulnData['type'] = exploit[5]
vulnData['platform'] = exploit[6]
vulnData['published_date'] = exploit[3]
vulnData['added_date'] = datetime.datetime.fromtimestamp(
time.time()).strftime('%Y-%m-%d')
#if the page has an app, scan all the anchors
#anchors are normally where hrefs are located
#Since both the app and the cve is found in href this is what we need
links = tree.xpath('//a')
for link in links:
#Store the app url
#here it is also possible to download the url directly and store elsewhere
if '/apps/' in link.attrib['href']:
vulnData[
'file_path'] = 'https://www.exploit-db.com' + link.attrib[
'href'].strip()
if 'CVE' in link.attrib['href']:
#CVE is link and text content is the CVE id
#Example: 2014-6271
vulnData['cve'] = 'CVE-' + link.text_content().strip()
#using https://github.com/barnumbirr/ares
#to get cve data
#load in CVESearch object
cve_search = CVESearch()
cveData = cve_search.id(vulnData['cve'])
#Sometimes the CVE has no data, so check for that
if cveData:
if 'summary' in cveData:
vulnData['cve_summary'] = cveData.get('summary')
if 'cvss' in cveData:
vulnData['cvss'] = cveData.get('cvss')
if 'cwe' in cveData: vulnData['cwe'] = cveData.get('cwe')
if 'impact' in cveData:
vulnData['impact'] = cveData.get('impact')
if 'msbulletin' in cveData:
vulnData['msbulletin'] = cveData.get('msbulletin')
if 'vulnerable_configuration_cpe_2_2' in cveData:
vulnData['vulnerable_configuration'] = cveData.get(
'vulnerable_configuration_cpe_2_2')
if cveData:
if collection.insert_one(vulnData).acknowledged == True:
return True
else:
return False
else:
return False
def get(self, product_id):
cve = CVESearch()
return cve.search("microsoft/{}".format(product_id))
def get(self, cve_id):
cve = CVESearch()
return cve.id("{}".format(cve_id))
def setUp(self):
self.cve = CVESearch()
def get(self):
cve = CVESearch()
return cve.browse('microsoft')
