forked from cve-search/cve-search
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsearch.py
executable file
·238 lines (217 loc) · 8.59 KB
/
search.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
#!/usr/bin/env python
#
# search is the search component of cve-search querying the MongoDB database.
#
# Software is free software released under the "Modified BSD license"
#
# Copyright (c) 2012-2013 Alexandre Dulaunoy - [email protected]
# Copyright (c) 2012 Wim Remes
import pymongo
import sys
import re
import argparse
import csv
from urllib.parse import urlparse
import json
from bson import json_util
# connect to DB
# todo1 : offload db config to config file
connect = pymongo.Connection()
db = connect.cvedb
db.set_profiling_level(1)
collection = db.cves
# init control variables
csvOutput = 0
htmlOutput = 0
jsonOutput = 0
xmlOutput = 0
# init various variables :-)
vSearch = ""
vOutput = ""
vFreeSearch = ""
def lookupcpe(cpeid = None):
e = db.cpe.find_one({'id': cpeid})
if e is None:
return cpeid
if 'id' in e:
return e['title']
def findranking(cpe = None, loosy = True):
if cpe is None:
return False
r = db.ranking
result = False
if loosy:
for x in cpe.split(':'):
if x is not '':
i = r.find_one({'cpe': {'$regex':x}})
if i is None:
continue
if 'rank' in i:
result = i['rank']
else:
i = r.find_one({'cpe': {'$regex':cpe}})
print (cpe)
if i is None:
return result
if 'rank' in i:
result = i['rank']
return result
# parse command-line arguments
argParser = argparse.ArgumentParser(description='Search for vulnerabilities in the National Vulnerability DB. Data from http://nvd.nist.org.')
argParser.add_argument('-p', type=str, help='S = search product, e.g. o:microsoft:windows_7 or o:cisco:ios:12.1')
argParser.add_argument('-f', type=str, help='F = free text search in vulnerability summary')
argParser.add_argument('-c', action='append', help='search one or more CVE-ID')
argParser.add_argument('-o', type=str, help='O = output format [csv|html|json|xml|cveid]')
argParser.add_argument('-l', action='store_true', help='sort in descending mode')
argParser.add_argument('-n', action='store_true', help='lookup complete cpe (Common Platform Enumeration) name for vulnerable configuration')
argParser.add_argument('-r', action='store_true', help='lookup ranking of vulnerable configuration')
argParser.add_argument('-v', type=str, help='vendor name to lookup in reference URLs')
args = argParser.parse_args()
vSearch = args.p
cveSearch = args.c
vOutput = args.o
vFreeSearch = args.f
sLatest = args.l
namelookup = args.n
rankinglookup = args.r
# replace special characters in vSearch with encoded version.
# Basically cuz I'm to lazy to handle conversion on DB creation ...
if vSearch:
vSearch = re.sub(r'\(','%28', vSearch)
vSearch = re.sub(r'\)','%29', vSearch)
# define which output to generate.
if vOutput == "csv":
csvOutput = 1
elif vOutput == "html":
htmlOutput = 1
elif vOutput == "xml":
xmlOutput = 1
from xml.etree.ElementTree import Element, SubElement, tostring
from xml.sax.saxutils import escape as SaxEscape
r = Element('cve-search')
elif vOutput == "json":
jsonOutput = 1
elif vOutput == "cveid":
cveidOutput = 1
else:
cveidOutput = 1
# Print first line of html output
if htmlOutput:
print("<html><body><h1>CVE search "+ args.p +" </h1>")
# search default is ascending mode
sorttype=1
if sLatest:sorttype=-1
if cveSearch:
for cveid in cveSearch:
for item in collection.find({'id': cveid}).sort("last-modified",sorttype):
if not namelookup and not rankinglookup:
print(json.dumps(item, sort_keys=True, default=json_util.default))
else:
if "vulnerable_configuration" in item:
vulconf = []
ranking = []
for conf in item['vulnerable_configuration']:
if namelookup:
vulconf.append(lookupcpe(cpeid=conf))
if rankinglookup:
rank = findranking(cpe=conf)
if rank and rank not in ranking:
ranking.append(rank)
if namelookup:
item['vulnerable_configuration'] = vulconf
if rankinglookup:
item['ranking'] = ranking
print(json.dumps(item, sort_keys=True, default=json_util.default))
# Basic freetext search (in vulnerability summary).
# Full-text indexing is more efficient to search across all CVEs.
if vFreeSearch:
for item in collection.find({'summary': {'$regex' : re.compile(vFreeSearch, re.IGNORECASE)}}).sort("last-modified",sorttype):
print(item)
# Search Product (best to use CPE notation, e.g. cisco:ios:12.2
if vSearch:
# print("Query: collection.find({'vulnerable_configuration': {'$regex' : %s}})" % (vSearch))
# for item in collection.find({"vulnerable_configuration": {'$regex' : vSearch}}).sort("last-modified",sorttype):
for item in collection.find({"vulnerable_configuration": vSearch}).sort("last-modified",sorttype):
# print("Item: %s" % item)
if csvOutput:
# We assume that the vendor name is usually in the hostame of the
# URL to avoid any match on the resource part
refs=[]
for entry in item['references']:
if args.v is not None:
url = urlparse(entry)
hostname = url.netloc
if re.search(args.v, hostname):
refs.append(entry)
if not refs:
refs = "[no vendor link found]"
csvoutput = csv.writer(sys.stdout, delimiter='|', quotechar='|', quoting=csv.QUOTE_MINIMAL)
csvoutput.writerow([item['id'],item['Published'],item['cvss'],item['summary'],refs])
elif htmlOutput:
print("<h2>"+item['id']+"<br></h2>CVSS score: "+item['cvss']+"<br>"+"<b>"+item['Published']+"<b><br>"+item['summary']+"<br>")
print("References:<br>")
for entry in item['references']:
print(entry+"<br>")
print("<hr><hr>")
# bson straight from the MongoDB db - converted to JSON default
# representation
elif jsonOutput:
if not namelookup and not rankinglookup:
print(json.dumps(item, sort_keys=True, default=json_util.default))
else:
if "vulnerable_configuration" in item:
vulconf = []
ranking = []
for conf in item['vulnerable_configuration']:
if namelookup:
vulconf.append(lookupcpe(cpeid=conf))
if rankinglookup:
rank = findranking(cpe=conf)
if rank and rank not in ranking:
ranking.append(rank)
if namelookup:
item['vulnerable_configuration'] = vulconf
if rankinglookup:
item['ranking'] = ranking
print(json.dumps(item, sort_keys=True, default=json_util.default))
elif xmlOutput:
c = SubElement(r,'id')
c.text = item['id']
c = SubElement(r,'Published')
c.text = item['Published']
c = SubElement(r,'cvss')
c.text = item['cvss']
c = SubElement(r,'summary')
c.text = SaxEscape(item['summary'])
for e in item['references']:
c = SubElement(r,'references')
c.text = SaxEscape(e)
for e in item['vulnerable_configuration']:
c = SubElement(r,'vulnerable_configuration')
c.text = SaxEscape(e)
elif cveidOutput:
print(item['id'])
#print("Profile info: %s" % db.profiling_info())
else:
print("CVE\t: " + item['id'])
print("DATE\t: " + item['Published'])
print("CVSS\t: " + item['cvss'])
print(item['summary'])
print("\nReferences:")
print("-----------")
for entry in item['references']:
print(entry)
print("\nVulnerable Configs:")
print("-------------------")
for entry in item['vulnerable_configuration']:
if not namelookup:
print(entry)
else:
print(lookupcpe(cpeid=entry))
print("\n\n")
if htmlOutput:
print("</body></html>")
if xmlOutput:
# default encoding is UTF-8. Should this be detected on the terminal?
s = tostring(r).decode("utf-8")
print(s)