f_description = unicode(exploit.findtext('description')).encode('iso-8859-1').decode('cp1252')
f_description = f_description.replace("\\'", "'").replace('\\x', "0x")
f_source = exploit.findtext('source')
f_level = exploit.findtext('rank') or 'Unknown' # exploiter experience level estimate
f_rank = exploit.findtext('exploitrank') or 'Unknown' # rank of the exploit
# exploit records can have multiple Nexpose vulnerabilitiy identifiers
f_vulnid = []
for nex_id in exploit.findall("vulnerabilities/vulnerability"):
f_vulnid.append(nex_id.get('id').lower())
res = add_exploit(
cve=None,
vuln_ids=f_vulnid,
f_name=f_name,
f_title=f_title,
f_description=f_description,
f_source=f_source,
f_level=f_level,
f_rank=f_rank,
)
if res > 0:
counter += 1
else:
log("Error importing exploit: %s" % f_name, logging.ERROR)
connect_exploits()
log("%d exploits added/updated" % counter)
return True
##----------------------------------------------------------------------------
cve = exploit.get('cve')
# sometimes they forget to put CVE- in front of the CVE ID
if not cve.startswith('CVE-'):
cve = "CVE-%s" % (cve)
f_name = exploit.get('desc')
f_title = exploit.get('name') # seems backwards but not
f_description = f_title
f_source = 'canvas'
f_rank = 'average' # rank is not defined in xml, default to average
f_level = 'Intermediate' # level is not defined in xml, default to Intermediate
res = add_exploit(
cve=cve,
f_name=f_name,
f_title=f_title,
f_description=f_description,
f_source=f_source,
f_rank=f_rank,
f_level=f_level,
)
if res > 0:
counter += 1
else:
logger.error("Error importing exploit: %s" % (f_name))
connect_exploits()
logging.info("%d exploits added/updated" % (counter))
return True
##----------------------------------------------------------------------------
cve = exploit.get('cve')
# sometimes they forget to put CVE- in front of the CVE ID
if not cve.startswith('CVE-'):
cve = "CVE-%s" % (cve)
f_name = exploit.get('desc')
f_title = exploit.get('name') # seems backwards but not
f_description = f_title
f_source = 'canvas'
f_rank = 'average' # rank is not defined in xml, default to average
f_level = 'Intermediate' # level is not defined in xml, default to Intermediate
res = add_exploit(
cve=cve,
f_name=f_name,
f_title=f_title,
f_description=f_description,
f_source=f_source,
f_rank=f_rank,
f_level=f_level,
)
if res > 0:
counter += 1
else:
logger.error("Error importing exploit: %s" % (f_name))
connect_exploits()
logging.info("%d exploits added/updated" % (counter))
return True
##----------------------------------------------------------------------------
