forked from adulau/cve-search
-
Notifications
You must be signed in to change notification settings - Fork 0
/
search.py
executable file
·190 lines (170 loc) · 6.62 KB
/
search.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
#! /usr/local/bin/python3
# license : GWL (Global Wimming License) --
# Means that you can do whatever you want with this code as long as
# you make it better and don't use it commercially. For the rest ... WIMMING!
# Make sure these modules are on your system :)
import pymongo
import sys
import re
import argparse
import csv
from urllib.parse import urlparse
# connect to DB
# todo1 : offload db config to config file
connect = pymongo.Connection()
db = connect.cvedb
collection = db.cves
# init control variables
csvOutput = 0
htmlOutput = 0
jsonOutput = 0
xmlOutput = 0
# init various variables :-)
vSearch = ""
vOutput = ""
vFreeSearch = ""
def lookupcpe(cpeid = None):
e = db.cpe.find_one({'id': cpeid})
if e is None:
return cpeid
if 'id' in e:
return e['title']
def findranking(cpe = None, loosy = True):
if cpe is None:
return False
r = db.ranking
result = False
if loosy:
for x in cpe.split(':'):
if x is not '':
i = r.find_one({'cpe': {'$regex':x}})
if i is None:
continue
if 'rank' in i:
result = i['rank']
else:
i = r.find_one({'cpe': {'$regex':cpe}})
print (cpe)
if i is None:
return result
if 'rank' in i:
result = i['rank']
return result
# parse command-line arguments
argParser = argparse.ArgumentParser(description='Search for vulnerabilities in the National Vulnerability DB. Data from http://nvd.nist.org.')
argParser.add_argument('-p', type=str, help='S = search product, e.g. o:microsoft:windows_7 or o:cisco:ios:12.1')
argParser.add_argument('-f', type=str, help='F = free text search in vulnerability summary')
argParser.add_argument('-c', action='append', help='search one or more CVE-ID')
argParser.add_argument('-o', type=str, help='O = output format [csv|html|json|xml]')
argParser.add_argument('-l', action='store_true', help='sort in descending mode')
argParser.add_argument('-n', action='store_true', help='lookup complete cpe (Common Platform Enumeration) name for vulnerable configuration')
argParser.add_argument('-r', action='store_true', help='lookup ranking of vulnerable configuration')
argParser.add_argument('-v', type=str, help='vendor name to lookup in reference URLs')
args = argParser.parse_args()
vSearch = args.p
cveSearch = args.c
vOutput = args.o
vFreeSearch = args.f
sLatest = args.l
namelookup = args.n
rankinglookup = args.r
# replace special characters in vSearch with encoded version.
# Basically cuz I'm to lazy to handle conversion on DB creation ...
if vSearch:
vSearch = re.sub(r'\(','%28', vSearch)
vSearch = re.sub(r'\)','%29', vSearch)
# define which output to generate, xml is not supported yet.
if vOutput == "csv":
csvOutput = 1
elif vOutput == "html":
htmlOutput = 1
elif vOutput == "xml":
xmlOutput = 1
elif vOutput == "json":
jsonOutput = 1
# Print first line of html output
if htmlOutput:
print("<html><body><h1>"+sys.argv[1]+"</h1>")
# search default is ascending mode
sorttype=1
if sLatest:sorttype=-1
if cveSearch:
for cveid in cveSearch:
for item in collection.find({'id': cveid}).sort("last-modified",sorttype):
if not namelookup and not rankinglookup:
print(item)
else:
if "vulnerable_configuration" in item:
vulconf = []
ranking = []
for conf in item['vulnerable_configuration']:
vulconf.append(lookupcpe(cpeid=conf))
if rankinglookup:
rank = findranking(cpe=conf)
if rank and rank not in ranking:
ranking.append(rank)
item['vulnerable_configuration'] = vulconf
if rankinglookup:
item['ranking'] = ranking
print(item)
# Basic freetext search (in vulnerability summary).
# todo2 : elaborate on freetext search and integrate with fancy output
if vFreeSearch:
for item in collection.find({'summary': {'$regex' : re.compile(vFreeSearch, re.IGNORECASE)}}).sort("last-modified",sorttype):
print(item)
# Search Product (best to use CPE notation, e.g. cisco:ios:12.2
if vSearch:
for item in collection.find({"vulnerable_configuration": {'$regex' : vSearch}}).sort("last-modified",sorttype):
# the scvOutput module is far from finished !!
if csvOutput:
# We assume that the vendor name is usually in the hostame of the
# URL to avoid any match on the resource part
refs=[]
for entry in item['references']:
if args.v is not None:
url = urlparse(entry)
hostname = url.netloc
if re.search(args.v, hostname):
refs.append(entry)
if not refs:
refs = "[no vendor link found]"
csvoutput = csv.writer(sys.stdout, delimiter='|', quotechar='|', quoting=csv.QUOTE_MINIMAL)
csvoutput.writerow([item['id'],item['Published'],item['cvss'],item['summary'],refs])
elif htmlOutput:
print("<h2>"+item['id']+"<br></h2>CVSS score: "+item['cvss']+"<br>"+"<b>"+item['Published']+"<b><br>"+item['summary']+"<br>")
print("References:<br>")
for entry in item['references']:
print(entry+"<br>")
print("<hr><hr>")
# just dump the json from MongoDB
elif jsonOutput:
if not namelookup:
print(item)
else:
if "vulnerable_configuration" in item:
vulconf = []
for conf in item['vulnerable_configuration']:
vulconf.append(lookupcpe(cpeid=conf))
item['vulnerable_configuration'] = vulconf
print(item)
# plain text output, nothing fancy, just works.
else:
print("CVE\t: " + item['id'])
print("DATE\t: " + item['Published'])
print("CVSS\t: " + item['cvss'])
print(item['summary'])
print("\nReferences:")
print("-----------")
for entry in item['references']:
print(entry)
print("\nVulnerable Configs:")
print("-------------------")
for entry in item['vulnerable_configuration']:
if not namelookup:
print(entry)
else:
print(lookupcpe(cpeid=entry))
print("\n\n")
#close the html output properly
if htmlOutput:
print("</body></html>")