-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathvulristics.py
158 lines (131 loc) · 8.16 KB
/
vulristics.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
from vulristics_code import functions_report_vulnerabilities, functions_report_ms_patch_tuesday, functions_profile
import argparse
import re
current_version = "1.0.9"
parser = argparse.ArgumentParser(description='An extensible framework for analyzing publicly available information about vulnerabilities')
const = ""
parser.add_argument('--report-type', help='Report type (ms_patch_tuesday, ms_patch_tuesday_extended, cve_list or custom_profile)')
parser.add_argument('--mspt-year', help='Microsoft Patch Tuesday year')
parser.add_argument('--mspt-month', help='Microsoft Patch Tuesday month')
parser.add_argument('--mspt-comments-links-path', help='Microsoft Patch Tuesday comments links file. Format: "Qualys|Description|URL"')
parser.add_argument('--cve-project-name', help='Name of the CVE Project')
parser.add_argument('--cve-list-path', help='Path to the list of CVE IDs (each per line)')
parser.add_argument('--cve-comments-path', help='Path to the CVE comments file')
parser.add_argument('--cve-data-sources', help='Data sources for analysis, e.g. "ms,nvd,bdu,epss,vulners,attackerkb,bdu,custom"')
parser.add_argument('--profile-json-path', help='Custom profile for analysis')
parser.add_argument('--result-formats', help='Result formats, e.g. "html,json", Default - "html"')
parser.add_argument('--result-html-path', help='Path to the results file in html format (Default - will be created in reports directory)')
parser.add_argument('--result-html-label', help='Additional optional banner for HTML report ("lpw" for the Linux Patch Wednesday banner, "mspt" for the Microsoft Patch Tuesday banner or custom image URL)')
parser.add_argument('--result-json-path', help='Path to the results file in json format')
parser.add_argument('--rewrite-flag', help='Rewrite Flag (True/False, Default - False)')
parser.add_argument('--vulners-use-github-exploits-flag', help='Use Vulners Github exploits data Flag (True/False, Default - True)')
parser.add_argument('--bdu-use-product-names-flag', help='Use BDU product names Flag (True/False, Default - True)')
parser.add_argument('--bdu-use-vulnerability-descriptions-flag', help='Use BDU vulnerability descriptions data Flag (True/False, Default - True)')
parser.add_argument('-v', '--version', action='version', version=current_version)
args = parser.parse_args()
banner = r'''
/$$ /$$ /$$ /$$
| $$ |__/ | $$ |__/
/$$ /$$ /$$ /$$| $$ /$$$$$$ /$$ /$$$$$$$ /$$$$$$ /$$ /$$$$$$$ /$$$$$$$
| $$ /$$/| $$ | $$| $$ /$$__ $$| $$ /$$_____/|_ $$_/ | $$ /$$_____/ /$$_____/
\ $$/$$/ | $$ | $$| $$| $$ \__/| $$| $$$$$$ | $$ | $$| $$ | $$$$$$
\ $$$/ | $$ | $$| $$| $$ | $$ \____ $$ | $$ /$$| $$| $$ \____ $$
\ $/ | $$$$$$/| $$| $$ | $$ /$$$$$$$/ | $$$$/| $$| $$$$$$$ /$$$$$$$/
\_/ \______/ |__/|__/ |__/|_______/ \___/ |__/ \_______/|_______/ '''
print("\n", re.sub("^\n","",banner), "\n")
source_config = dict()
source_config['rewrite_flag'] = False
if args.rewrite_flag == "True" or args.rewrite_flag == "true":
source_config['rewrite_flag'] = True
source_config['vulners_use_github_exploits_flag'] = True
if args.vulners_use_github_exploits_flag == "False" or args.vulners_use_github_exploits_flag == "false":
source_config['vulners_use_github_exploits_flag'] = False
source_config['bdu_use_product_names_flag'] = True
if args.bdu_use_product_names_flag == "False" or args.bdu_use_product_names_flag == "false":
source_config['bdu_use_product_names_flag'] = False
source_config['bdu_use_vulnerability_descriptions_flag'] = True
if args.bdu_use_vulnerability_descriptions_flag == "False" or args.bdu_use_vulnerability_descriptions_flag == "false":
source_config['bdu_use_vulnerability_descriptions_flag'] = False
source_config['data_sources'] = []
if args.cve_data_sources:
source_config['data_sources'] = args.cve_data_sources.split(",")
result_config = dict()
if args.result_formats:
result_config['result_formats'] = set(args.result_formats.split(","))
else:
result_config['result_formats'] = {'html'}
if args.result_json_path:
result_config['result_json_path'] = args.result_json_path
result_config['result_formats'].add('json')
else:
result_config['result_json_path'] = False
if args.result_html_path:
result_config['result_html_path'] = args.result_html_path
result_config['result_formats'].add('html')
else:
result_config['result_html_path'] = False
if args.result_html_label:
result_config['result_html_label'] = args.result_html_label
else:
result_config['result_html_label'] = False
if args.report_type == "ms_patch_tuesday" or args.report_type == "ms_patch_tuesday_extended":
year = str(args.mspt_year) # 2021
month = args.mspt_month # September
if not result_config['result_html_label']:
result_config['result_html_label'] = "mspt"
comments_links_path = False
if args.mspt_comments_links_path:
comments_links_path = args.mspt_comments_links_path
if args.report_type == "ms_patch_tuesday":
pt_type = "Normal"
elif args.report_type == "ms_patch_tuesday_extended":
pt_type = "Extended"
functions_report_ms_patch_tuesday.make_ms_patch_tuesday_report(pt_type=pt_type,
year=year,
month=month,
comments_links_path = comments_links_path,
source_config=source_config,
result_config=result_config)
elif args.report_type == "cve_list":
name = args.cve_project_name
report_name = name + ' report'
file_name_prefix = re.sub(" ","_",name).lower()
cve_list_text = ""
with open(args.cve_list_path, 'r') as file:
cve_list_text = file.read()
comments = dict()
if args.cve_comments_path:
with open(args.cve_comments_path, 'r') as file:
cve_comments_text = file.read()
if cve_comments_text != "":
for line in cve_comments_text.split("\n"):
if "|" in line:
group = line.split("|")[0]
line = re.sub(r"[^\|]*\|","",line)
else:
group = "Comment"
if not group in comments:
comments[group] = ""
comments[group] += line + "\n"
products_text = ""
file_name = name + "_profile.json"
report_id = name + "_report"
profile_file_path = "data/profiles/" + file_name
functions_profile.save_profile(profile_file_path=profile_file_path,
report_id=report_id,
report_name=report_name,
file_name_prefix=file_name_prefix,
cve_list_text=cve_list_text,
products_text=products_text,
data_sources=source_config['data_sources'],
comments=comments)
functions_report_vulnerabilities.make_vulnerability_report_for_profile(profile_file_path=profile_file_path,
source_config=source_config,
result_config=result_config)
elif args.report_type == "custom_profile":
functions_report_vulnerabilities.make_vulnerability_report_for_profile(profile_file_path=args.profile_json_path,
source_config=source_config,
result_config=result_config)
else:
parser.print_help()
print('\nExamples:\n$ python3 vulristics.py --report-type "cve_list" --cve-project-name "New Project" --cve-list-path "cves.txt"\n$ python3 vulristics.py --report-type "ms_patch_tuesday" --mspt-year 2024 --mspt-month "August" --rewrite-flag "True"')