Exemplo n.º 1
0
    def get_ness_report(self):
        cve_detail_list = self.cve_list_rp
        for cve in cve_detail_list:
            #topvas
            nvt_topvas_list = Sql.select_nvts_topvas_by_cve(cve)
            topvas_exist = 'no'
            topvas_file = ''
            if len(nvt_topvas_list) != 0:
                topvas_exist = 'yes'
                topvas_file = ''
                count = 0
                for file in nvt_topvas_list:
                    count = count + 1
                    if count == 1:
                        topvas_file = file[0]
                    else:
                        topvas_file = topvas_file + ',' + file[0]

            #nessus
            nvt_ness_list = Sql.select_nvts_ness_by_cve(cve)
            nessus_file = ''
            nessus_exist = 'no'
            if len(nvt_ness_list) != 0:
                nessus_exist = 'yes'
                nessus_file = ''
                count = 0
                for file in nvt_ness_list:
                    count = count + 1
                    if count == 1:
                        nessus_file = file[0]
                    else:
                        nessus_file = nessus_file + ',' + file[0]
            Sql.insert_ness_report(cve, topvas_file, topvas_exist, nessus_file, nessus_exist)
Exemplo n.º 2
0
    def data_nvts_en(self):
        Sql.insert_nvts_en()
        Sql.ctl_index_nvts_en()
        #统计nvts_en数据量
        nvt_num_info = Sql.select_count_nvts_en_by_cn_ok('no')
        for info_n in nvt_num_info:
            count_nvts_numbers = info_n[0]

        return count_nvts_numbers
Exemplo n.º 3
0
 def translate_family(self, google_translate):
     #翻译family
     results_family = Sql.select_family_from_blog_blogspost()
     for family_info in results_family:
         family = family_info[0]
         print('##family:' + family)
         try:
             family_cn = google_translate.translate_cn(family)
         except:
             print('#->fanyi family error:family=%s' % (family))
             continue
         Sql.update_blog_blogspost_by_family(family_cn, family)
Exemplo n.º 4
0
    def data_init(self, flag):
        #####创建表 blog_blogspost 并插入数据
        #只有入参为True,则需要重新构建 blog_blogspost 里面的数据
        print('flag=' + str(flag))
        if flag == True:
            print('first')
            #插入数据
            Sql.insert_blog_blogspost()

        #同步表nvts与blog_blogspost的数据
        #self.sync_data()
        #更新tag
        self.update_tag()
Exemplo n.º 5
0
    def cve_report(self):
        #cve topvas
        cve_detail_list = Sql.select_cve_detail_list()
        
        for cve_info in cve_detail_list:
            product_id = cve_info[0]
            product_name = cve_info[1]
            year = cve_info[2]
            vul_type = cve_info[3]
            cve = cve_info[4]

            topvas_file_tmp = ''

            #topvas
            nvt_topvas_list = Sql.select_nvts_topvas_by_cve(cve)
            topvas_exist = 'no'
            topvas_file = ''
            if len(nvt_topvas_list) != 0:
                topvas_exist = 'yes'
                topvas_file = ''
                count = 0
                for file in nvt_topvas_list:
                    count = count + 1
                    if count == 1:
                        topvas_file = file[0]
                    else:
                        topvas_file = topvas_file + ',' + file[0]

            #nessus
            nvt_ness_list = Sql.select_nvts_ness_by_cve(cve)
            nessus_file = ''
            nessus_exist = 'no'
            if len(nvt_ness_list) != 0:
                nessus_exist = 'yes'
                nessus_file = ''
                count = 0
                for file in nvt_ness_list:
                    count = count + 1
                    if count == 1:
                        nessus_file = file[0]
                    else:
                        nessus_file = nessus_file + ',' + file[0]
            #生成报告
            Sql.insert_cve_report(product_id, product_name, year, vul_type, cve, topvas_file, topvas_exist, nessus_file, nessus_exist)
Exemplo n.º 6
0
    def get_tag_info(self, sync_data):
        all_nvts = Sql.select_tag_from_nvts()

        for info_nvts in all_nvts:
            tag_data = info_nvts[0]
            if tag_data != 'NOTAG':
                dict_data = sync_data.data_to_dict(tag_data, '=', '|')
                for key in dict_data:
                    if key not in self.Tag_all_name_en:
                        self.Tag_all_name_en.append(key)

        for tag in self.Tag_all_name_en:
            print('#nvts tag:' + tag)
Exemplo n.º 7
0
 def get_cve_report_files(self):
     file_list = []
     product_name_list = Sql.select_tb_cve_report_by_product_name()
     for product_name_info in product_name_list:
         product_name = product_name_info[0]
         print('###product_name=' + product_name)
         result_file = Sql.select_tb_cve_report(product_name)
         file_count = 0
         ness_file = ''
         for item in result_file:
             #file_tmp_list = item[0]
             #print(file_tmp_list)
             file_tmp_list = item[0].split(',')
             for file in file_tmp_list:
                if file not in file_list:
                    #print('ness file:' + file)
                    file_count = file_count + 1
                    ness_file = ness_file + ' ' + file
                    #file_list.append(file)
         print('file_count=' + str(file_count))
         print('ness_file=' + ness_file)
         Sql.insert_ness_report_dist(product_name, file_count, ness_file)
Exemplo n.º 8
0
 def main(self):
     progress = 0
     sr_nvts_list = Sql.select_nvts()
     for nvts_info in sr_nvts_list:
         id = nvts_info[0]
         uuid = nvts_info[1]
         oid = nvts_info[2]
         version = nvts_info[3]
         name = nvts_info[4]
         comment = nvts_info[5]
         copyright = nvts_info[6]
         cve = nvts_info[7]
         bid = nvts_info[8]
         xref = nvts_info[9]
         tag = nvts_info[10]
         category = nvts_info[11]
         family = nvts_info[12]
         cvss_base = nvts_info[13]
         creation_time = nvts_info[14]
         modification_time = nvts_info[15]
         solution_type = nvts_info[16]
         qod = nvts_info[17]
         qod_type = nvts_info[18]
         family_cn = ''
         #根据oid查找对应的中文信息
         nvts_cn_list = MySql.select_nvts_cn_tmp(oid)
         for nvts_cn_info in nvts_cn_list:
             name = nvts_cn_info[0]
             tag = nvts_cn_info[1]
             family_cn = nvts_cn_info[2]
         progress = progress + 1
         if progress % 100 == 0:
             print('progress:%d' % (progress))
         MySql.insert_nvts_cn(id, uuid, oid, version, name, comment,
                              copyright, cve, bid, xref, tag, category,
                              family, cvss_base, creation_time,
                              modification_time, solution_type, qod,
                              qod_type, family_cn)
Exemplo n.º 9
0
    def data_process(self, all_nvts, google_translate):
        for info_nvts in all_nvts:
            self.count_progress = self.count_progress + 1
            nvts_id = info_nvts[0]
            nvts_oid = info_nvts[1]
            nvts_name = info_nvts[2]
            nvts_summary = info_nvts[3]
            nvts_affected = info_nvts[4]
            nvts_solution = info_nvts[5]
            nvts_insight = info_nvts[6]
            nvts_vuldetect = info_nvts[7]
            nvts_impact = info_nvts[8]
            nvts_synopsis = info_nvts[9]
            nvts_description = info_nvts[10]
            nvts_exploitability_ease = info_nvts[11]
            nvts_risk_factor = info_nvts[12]
            nvts_metasploit_name = info_nvts[13]
            nvts_d2_elliot_name = info_nvts[14]

            #1.name
            nvts_name_cn = ''
            if '' != nvts_name:
                try:
                    nvts_name_cn = google_translate.translate_cn(
                        nvts_name).replace('\'', '\'\'').replace('\\n', '\n')
                    nvts_name = nvts_name.replace('\'', '\'\'')
                except:
                    print('#->fanyi Name error:oid=' + nvts_oid + ', name=' +
                          nvts_name)
                    continue

            #2.summary
            nvts_summary_cn = ''
            if '' != nvts_summary:
                try:
                    nvts_summary_cn = google_translate.translate_cn(
                        nvts_summary).replace('\'',
                                              '\'\'').replace('\\n', '\n')
                except:
                    print('#->fanyi summary error:oid=' + nvts_oid +
                          ', summary=' + nvts_summary)
                    continue

            #3.affected
            nvts_affected_cn = ''
            if '' != nvts_affected:
                try:
                    nvts_affected_cn = google_translate.translate_cn(
                        nvts_affected).replace('\'',
                                               '\'\'').replace('\\n', '\n')
                except:
                    print('#->fanyi affected error:oid=' + nvts_oid +
                          ', affected=' + nvts_affected)
                    continue

            #4.solution
            nvts_solution_cn = ''
            if '' != nvts_solution:
                try:
                    nvts_solution_cn = google_translate.translate_cn(
                        nvts_solution).replace('\'',
                                               '\'\'').replace('\\n', '\n')
                except:
                    print('#->fanyi solution error:oid=' + nvts_oid +
                          ', solution=' + nvts_solution)
                    continue

            #5.insight
            nvts_insight_cn = ''
            if '' != nvts_insight:
                try:
                    #text.decode("utf-8").
                    nvts_insight_cn = google_translate.translate_cn(
                        nvts_insight).replace('\'',
                                              '\'\'').replace('\\n', '\n')
                except:
                    print('#->fanyi insight error:oid=' + nvts_oid +
                          ', insight=' + nvts_insight)
                    continue

            #6.vuldetect
            nvts_vuldetect_cn = ''
            if '' != nvts_vuldetect:
                try:
                    nvts_vuldetect_cn = google_translate.translate_cn(
                        nvts_vuldetect).replace('\'',
                                                '\'\'').replace('\\n', '\n')
                except:
                    print('#->fanyi vuldetect error:oid=' + nvts_oid +
                          ', vuldetect=' + nvts_vuldetect)
                    continue

            #7.impact
            nvts_impact_cn = ''
            if '' != nvts_impact:
                try:
                    nvts_impact_cn = google_translate.translate_cn(
                        nvts_impact).replace('\'',
                                             '\'\'').replace('\\n', '\n')
                except:
                    print('#->fanyi impact error:oid=' + nvts_oid +
                          ', impact=' + nvts_impact)
                    continue

            #8.synopsis
            nvts_synopsis_cn = ''
            if '' != nvts_synopsis:
                try:
                    nvts_synopsis_cn = google_translate.translate_cn(
                        nvts_synopsis).replace('\'',
                                               '\'\'').replace('\\n', '\n')
                except:
                    print('#->fanyi synopsis error:oid=' + nvts_oid +
                          ', synopsis=' + nvts_synopsis)
                    continue

            #9.description
            nvts_description_cn = ''
            if '' != nvts_description:
                try:
                    nvts_description_cn = google_translate.translate_cn(
                        nvts_description).replace('\'',
                                                  '\'\'').replace('\\n', '\n')
                except:
                    print('#->fanyi description error:oid=' + nvts_oid +
                          ', description=' + nvts_description)
                    continue

            #10.exploitability_ease
            nvts_exploitability_ease_cn = ''
            if '' != nvts_exploitability_ease:
                try:
                    nvts_exploitability_ease_cn = google_translate.translate_cn(
                        nvts_exploitability_ease).replace('\'',
                                                          '\'\'').replace(
                                                              '\\n', '\n')
                except:
                    print('#->fanyi exploitability_ease error:oid=' +
                          nvts_oid + ', exploitability_ease=' +
                          nvts_exploitability_ease)
                    continue

            #11.risk_factor
            nvts_risk_factor_cn = ''
            if '' != nvts_risk_factor:
                try:
                    nvts_risk_factor_cn = google_translate.translate_cn(
                        nvts_risk_factor,
                        'en').replace('\'', '\'\'').replace('\\n', '\n')
                except:
                    print('#->fanyi risk_factor error:oid=' + nvts_oid +
                          ', risk_factor=' + nvts_risk_factor)
                    continue

            #12.metasploit_name
            nvts_metasploit_name_cn = ''
            if '' != nvts_metasploit_name:
                try:
                    nvts_metasploit_name_cn = google_translate.translate_cn(
                        nvts_metasploit_name,
                        'en').replace('\'', '\'\'').replace('\\n', '\n')
                except:
                    print('#->fanyi metasploit_name error:oid=' + nvts_oid +
                          ', metasploit_name=' + nvts_metasploit_name)
                    continue

            #13.d2_elliot_name
            nvts_d2_elliot_name_cn = ''
            if '' != nvts_d2_elliot_name:
                try:
                    nvts_d2_elliot_name_cn = google_translate.translate_cn(
                        nvts_d2_elliot_name).replace('\'', '\'\'').replace(
                            '\\n', '\n')
                except:
                    print('#->fanyi d2_elliot_name error:oid=' + nvts_oid +
                          ', d2_elliot_name=' + nvts_d2_elliot_name)
                    continue

            print("##->progress=" + str(self.count_progress))

            Sql.update_blog_blogspost_cn(
                nvts_name_cn, nvts_summary_cn, nvts_affected_cn,
                nvts_solution_cn, nvts_insight_cn, nvts_vuldetect_cn,
                nvts_impact_cn, nvts_synopsis_cn, nvts_description_cn,
                nvts_exploitability_ease_cn, nvts_risk_factor_cn,
                nvts_metasploit_name_cn, nvts_d2_elliot_name_cn, nvts_oid,
                nvts_name)
Exemplo n.º 10
0
 def nomal_data_proc(self, threadName, min, max, google_translate):
     results = Sql.select_nvts_en_limit(min, max)
     self.data_process(results, google_translate)
Exemplo n.º 11
0
 def __init__(self):
     #Sql.drop_tb_cve_report()
     Sql.ctl_tb_cve_report()
     Sql.cls_tb_cve_report()
     Sql.ctl_index_nvts_ness()
     Sql.ctl_tb_ness_report()
     Sql.cls_tb_ness_report()
     Sql.ctl_tb_ness_report_dist()
     Sql.cls_tb_ness_report_dist()
Exemplo n.º 12
0
    def __init__(self):
        Sql.drop_blog_blogspost()
        #创建表blog_blogspost
        Sql.ctl_tb_blog_blogspost()
        #清空表blog_blogspost数据
        Sql.clr_blog_blogspost()
        #创建索引
        Sql.ctl_index_blog_blogspost()

        #创建表nvts_en 用于保存带翻译的英文数据
        Sql.drop_tb_nvts_en()
        Sql.ctl_tb_nvts_en()
Exemplo n.º 13
0
    def update_tag(self):
        #更新tag数据
        count_set = 0
        result_tag = Sql.select_blog_blogspost_by_cn_ok('no')
        for info in result_tag:
            oid = info[0]
            name = info[1].replace('\'', '\'\'')
            tag_data = info[2]
            summary = ''
            affected = ''
            solution = ''
            insight = ''
            vuldetect = ''
            impact = ''
            synopsis = ''
            description = ''
            exploitability_ease = ''
            risk_factor = ''
            metasploit_name = ''
            d2_elliot_name = ''

            if tag_data != 'NOTAG':
                key_list = []
                dict_data = self.data_to_dict(tag_data, '=', '|')
                for key in dict_data:
                    key_list.append(key)
                if 'summary' in key_list:
                    summary = dict_data['summary'].replace('\'', '\'\'')
                if 'affected' in key_list:
                    affected = dict_data['affected'].replace('\'', '\'\'')
                if 'solution' in key_list:
                    solution = dict_data['solution'].replace('\'', '\'\'')
                if 'insight' in key_list:
                    insight = dict_data['insight'].replace('\'', '\'\'')
                if 'vuldetect' in key_list:
                    vuldetect = dict_data['vuldetect'].replace('\'', '\'\'')
                if 'impact' in key_list:
                    impact = dict_data['impact'].replace('\'', '\'\'')
                if 'synopsis' in key_list:
                    synopsis = dict_data['synopsis'].replace('\'', '\'\'')
                if 'description' in key_list:
                    description = dict_data['description'].replace(
                        '\'', '\'\'')
                if 'exploitability_ease' in key_list:
                    exploitability_ease = dict_data[
                        'exploitability_ease'].replace('\'', '\'\'')
                if 'risk_factor' in key_list:
                    risk_factor = dict_data['risk_factor'].replace(
                        '\'', '\'\'')
                if 'metasploit_name' in key_list:
                    metasploit_name = dict_data['metasploit_name'].replace(
                        '\'', '\'\'')
                if 'd2_elliot_name' in key_list:
                    d2_elliot_name = dict_data['d2_elliot_name'].replace(
                        '\'', '\'\'')

            count_set = count_set + 1
            print('##Update Progress##' + str(count_set))
            Sql.update_blog_blogspost(summary, affected, solution, insight,
                                      vuldetect, impact, synopsis, description,
                                      exploitability_ease, risk_factor,
                                      metasploit_name, d2_elliot_name, oid,
                                      name)
Exemplo n.º 14
0
 def sync_data(self):
     Sql.sync_blog_blogspost_and_nvts()