Loading .gitignore 0 → 100644 +17 −0 Original line number Diff line number Diff line __pycache__/ bin/__pycache__/ lib/__pycache__/ sbin/__pycache__/ log/ ssl/ tmp/ plugins/ indexdir/ web/templates/plugins/ etc/configuration.ini etc/plugins.ini etc/plugins.txt .gitignore README.md +7 −2 Original line number Diff line number Diff line Loading @@ -279,11 +279,16 @@ Software using cve-search * [cve-search-mt](https://www.github.com/NorthernSec/cve-search-mt) which is a set of management tools for CVE-Search * [cve-scan](https://www.github.com/NorthernSec/cve-scan) which is a NMap CVE system scanner Changelog --------- You can find the changelog [here](https://github.com/cve-search/UpdateLog) License ------- cve-search is free software released under the "Modified BSD license" Copyright (c) 2012 Wim Remes - https://github.com/wimremes/ Copyright (c) 2012-2015 Alexandre Dulaunoy - https://github.com/adulau/ Copyright (c) 2015 Pieter-Jan Moreels - https://github.com/pidgeyl/ Copyright (c) 2012-2016 Alexandre Dulaunoy - https://github.com/adulau/ Copyright (c) 2015-2016 Pieter-Jan Moreels - https://github.com/pidgeyl/ etc/configuration.ini.sample +0 −3 Original line number Diff line number Diff line Loading @@ -24,9 +24,6 @@ CAPEC: http://capec.mitre.org/data/xml/capec_v2.6.xml MSBULLETIN: http://download.microsoft.com/download/6/7/3/673E4349-1CA5-40B9-8879-095C72D5B49D/BulletinSearch.xlsx Ref: https://cve.mitre.org/data/refs/refmap/allrefmaps.zip exploitdb: https://github.com/offensive-security/exploit-database/raw/master/files.csv [MISP] URL: Key: [Webserver] Host: 127.0.0.1 Port: 5000 Loading lib/CVEs.py +3 −16 Original line number Diff line number Diff line Loading @@ -8,7 +8,7 @@ # Software is free software released under the "Modified BSD license" # # Copyright (c) 2012-2015 Alexandre Dulaunoy - a@foo.be # Copyright (c) 2015 Pieter-Jan Moreels - pieterjan.moreels@gmail.com # Copyright (c) 2015-2016 Pieter-Jan Moreels - pieterjan.moreels@gmail.com # Imports import os Loading @@ -23,11 +23,10 @@ from lib.Config import Configuration from lib.Toolkit import exploitabilityScore,impactScore import lib.DatabaseLayer as db class last: class last(): def __init__(self, collection="cves", rankinglookup=False, namelookup=False, vfeedlookup=False, capeclookup=False, subscorelookup=False, reflookup=False, misplookup=False): subscorelookup=False, reflookup=False): self.collectionname = collection self.rankinglookup = rankinglookup Loading @@ -35,7 +34,6 @@ class last: self.vfeedlookup = vfeedlookup self.capeclookup = capeclookup self.subscorelookup = subscorelookup self.misplookup = misplookup self.collection = collection Loading Loading @@ -74,12 +72,6 @@ class last: e = db.getvFeed(cveid) return e if e else cveid def getMISP(self, cveid=None): if not (self.misplookup): return cveid e = db.getMISP(cveid) return e if e else None def getcve(self, cveid=None): if cveid is not None: e = db.getCVE(cveid, collection=self.collection) Loading Loading @@ -110,11 +102,6 @@ class last: impactCVSS =impactScore(e) e['exploitCVSS']=(math.ceil(exploitCVSS*10)/10) if type(exploitCVSS) is not str else exploitCVSS e['impactCVSS']=(math.ceil(impactCVSS*10)/10) if type(impactCVSS) is not str else impactCVSS if self.misplookup: misp = self.getMISP(cveid=cveid) if misp: misp.pop('id') e['misp']=misp else: e = None Loading lib/Config.py +40 −16 Original line number Diff line number Diff line Loading @@ -6,7 +6,7 @@ # Software is free software released under the "Modified BSD license" # # Copyright (c) 2013-2014 Alexandre Dulaunoy - a@foo.be # Copyright (c) 2014-2015 Pieter-Jan Moreels - pieterjan.moreels@gmail.com # Copyright (c) 2014-2016 Pieter-Jan Moreels - pieterjan.moreels@gmail.com # imports import sys Loading Loading @@ -50,7 +50,6 @@ class Configuration(): 'msbulletin': "http://download.microsoft.com/download/6/7/3/673E4349-1CA5-40B9-8879-095C72D5B49D/BulletinSearch.xlsx", 'ref': "https://cve.mitre.org/data/refs/refmap/allrefmaps.zip", 'exploitdb': "https://github.com/offensive-security/exploit-database/raw/master/files.csv", 'misp_url': "", 'misp_key': "", 'logging': True, 'logfile': "./log/cve-search.log", 'maxLogSize': '100MB', 'backlog': 5, 'Indexdir': './indexdir', 'updatelogfile': './log/update.log', Loading @@ -58,7 +57,9 @@ class Configuration(): 'includeCapec': True, 'includeD2Sec': True, 'includeVFeed': True, 'includeVendor': True, 'includeCWE': True, 'http_proxy': '' 'http_proxy': '', 'plugin_load': './etc/plugins.txt', 'plugin_config': './etc/plugins.ini' } @classmethod Loading Loading @@ -104,6 +105,10 @@ class Configuration(): sys.exit("Unable to connect to Mongo. Is it running on %s:%s?"%(mongoHost,mongoPort)) return connect[mongoDB] @classmethod def toPath(cls, path): return path if os.path.isabs(path) else os.path.join(runPath, "..", path) # Redis @classmethod def getRedisHost(cls): Loading Loading @@ -163,11 +168,11 @@ class Configuration(): @classmethod def getSSLCert(cls): return os.path.join(runPath, "..", cls.readSetting("Webserver", "Certificate", cls.default['sslCertificate'])) return cls.toPath(cls.readSetting("Webserver", "Certificate", cls.default['sslCertificate'])) @classmethod def getSSLKey(cls): return os.path.join(runPath, "..", cls.readSetting("Webserver", "Key", cls.default['sslKey'])) return cls.toPath(cls.readSetting("Webserver", "Key", cls.default['sslKey'])) # CVE @classmethod Loading Loading @@ -225,21 +230,14 @@ class Configuration(): def getexploitdbDict(cls): return cls.readSetting("Sources", "exploitdb", cls.default['exploitdb']) # MISP @classmethod def getMISPCredentials(cls): url = cls.readSetting("MISP", "URL", cls.default['misp_url']) key = cls.readSetting("MISP", "Key", cls.default['misp_key']) return (url, key) if url and key else (None, None) # Logging @classmethod def getLogfile(cls): return os.path.join(runPath, "..", cls.readSetting("Logging", "Logfile", cls.default['logfile'])) return cls.toPath(cls.readSetting("Logging", "Logfile", cls.default['logfile'])) @classmethod def getUpdateLogFile(cls): return os.path.join(runPath, "..", cls.readSetting("Logging", "Updatelogfile", cls.default['updatelogfile'])) return cls.toPath(cls.readSetting("Logging", "Updatelogfile", cls.default['updatelogfile'])) @classmethod def getLogging(cls): Loading Loading @@ -275,12 +273,12 @@ class Configuration(): # Indexing @classmethod def getTmpdir(cls): return os.path.join(runPath, "..", cls.readSetting("dbmgt", "Tmpdir", cls.default['Tmpdir'])) return cls.toPath(cls.readSetting("dbmgt", "Tmpdir", cls.default['Tmpdir'])) # Indexing @classmethod def getIndexdir(cls): return os.path.join(runPath, "..", cls.readSetting("FulltextIndex", "Indexdir", cls.default['Indexdir'])) return cls.toPath(cls.readSetting("FulltextIndex", "Indexdir", cls.default['Indexdir'])) # Enabled Feeds @classmethod Loading Loading @@ -340,3 +338,29 @@ class Configuration(): data = gzip.GzipFile(fileobj=buf) return (data, response) # Plugins @classmethod def getPluginLoadSettings(cls): return cls.toPath(cls.readSetting("Plugins", "loadSettings", cls.default['plugin_load'])) @classmethod def getPluginsettings(cls): return cls.toPath(cls.readSetting("Plugins", "pluginSettings", cls.default['plugin_config'])) class ConfigReader(): def __init__(self, file): self.ConfigParser = configparser.ConfigParser() self.ConfigParser.read(file) def read(self, section, item, default): result = default try: if type(default) == bool: result = self.ConfigParser.getboolean(section, item) elif type(default) == int: result = self.ConfigParser.getint(section, item) else: result = self.ConfigParser.get(section, item) except: pass return result Loading
.gitignore 0 → 100644 +17 −0 Original line number Diff line number Diff line __pycache__/ bin/__pycache__/ lib/__pycache__/ sbin/__pycache__/ log/ ssl/ tmp/ plugins/ indexdir/ web/templates/plugins/ etc/configuration.ini etc/plugins.ini etc/plugins.txt .gitignore
README.md +7 −2 Original line number Diff line number Diff line Loading @@ -279,11 +279,16 @@ Software using cve-search * [cve-search-mt](https://www.github.com/NorthernSec/cve-search-mt) which is a set of management tools for CVE-Search * [cve-scan](https://www.github.com/NorthernSec/cve-scan) which is a NMap CVE system scanner Changelog --------- You can find the changelog [here](https://github.com/cve-search/UpdateLog) License ------- cve-search is free software released under the "Modified BSD license" Copyright (c) 2012 Wim Remes - https://github.com/wimremes/ Copyright (c) 2012-2015 Alexandre Dulaunoy - https://github.com/adulau/ Copyright (c) 2015 Pieter-Jan Moreels - https://github.com/pidgeyl/ Copyright (c) 2012-2016 Alexandre Dulaunoy - https://github.com/adulau/ Copyright (c) 2015-2016 Pieter-Jan Moreels - https://github.com/pidgeyl/
etc/configuration.ini.sample +0 −3 Original line number Diff line number Diff line Loading @@ -24,9 +24,6 @@ CAPEC: http://capec.mitre.org/data/xml/capec_v2.6.xml MSBULLETIN: http://download.microsoft.com/download/6/7/3/673E4349-1CA5-40B9-8879-095C72D5B49D/BulletinSearch.xlsx Ref: https://cve.mitre.org/data/refs/refmap/allrefmaps.zip exploitdb: https://github.com/offensive-security/exploit-database/raw/master/files.csv [MISP] URL: Key: [Webserver] Host: 127.0.0.1 Port: 5000 Loading
lib/CVEs.py +3 −16 Original line number Diff line number Diff line Loading @@ -8,7 +8,7 @@ # Software is free software released under the "Modified BSD license" # # Copyright (c) 2012-2015 Alexandre Dulaunoy - a@foo.be # Copyright (c) 2015 Pieter-Jan Moreels - pieterjan.moreels@gmail.com # Copyright (c) 2015-2016 Pieter-Jan Moreels - pieterjan.moreels@gmail.com # Imports import os Loading @@ -23,11 +23,10 @@ from lib.Config import Configuration from lib.Toolkit import exploitabilityScore,impactScore import lib.DatabaseLayer as db class last: class last(): def __init__(self, collection="cves", rankinglookup=False, namelookup=False, vfeedlookup=False, capeclookup=False, subscorelookup=False, reflookup=False, misplookup=False): subscorelookup=False, reflookup=False): self.collectionname = collection self.rankinglookup = rankinglookup Loading @@ -35,7 +34,6 @@ class last: self.vfeedlookup = vfeedlookup self.capeclookup = capeclookup self.subscorelookup = subscorelookup self.misplookup = misplookup self.collection = collection Loading Loading @@ -74,12 +72,6 @@ class last: e = db.getvFeed(cveid) return e if e else cveid def getMISP(self, cveid=None): if not (self.misplookup): return cveid e = db.getMISP(cveid) return e if e else None def getcve(self, cveid=None): if cveid is not None: e = db.getCVE(cveid, collection=self.collection) Loading Loading @@ -110,11 +102,6 @@ class last: impactCVSS =impactScore(e) e['exploitCVSS']=(math.ceil(exploitCVSS*10)/10) if type(exploitCVSS) is not str else exploitCVSS e['impactCVSS']=(math.ceil(impactCVSS*10)/10) if type(impactCVSS) is not str else impactCVSS if self.misplookup: misp = self.getMISP(cveid=cveid) if misp: misp.pop('id') e['misp']=misp else: e = None Loading
lib/Config.py +40 −16 Original line number Diff line number Diff line Loading @@ -6,7 +6,7 @@ # Software is free software released under the "Modified BSD license" # # Copyright (c) 2013-2014 Alexandre Dulaunoy - a@foo.be # Copyright (c) 2014-2015 Pieter-Jan Moreels - pieterjan.moreels@gmail.com # Copyright (c) 2014-2016 Pieter-Jan Moreels - pieterjan.moreels@gmail.com # imports import sys Loading Loading @@ -50,7 +50,6 @@ class Configuration(): 'msbulletin': "http://download.microsoft.com/download/6/7/3/673E4349-1CA5-40B9-8879-095C72D5B49D/BulletinSearch.xlsx", 'ref': "https://cve.mitre.org/data/refs/refmap/allrefmaps.zip", 'exploitdb': "https://github.com/offensive-security/exploit-database/raw/master/files.csv", 'misp_url': "", 'misp_key': "", 'logging': True, 'logfile': "./log/cve-search.log", 'maxLogSize': '100MB', 'backlog': 5, 'Indexdir': './indexdir', 'updatelogfile': './log/update.log', Loading @@ -58,7 +57,9 @@ class Configuration(): 'includeCapec': True, 'includeD2Sec': True, 'includeVFeed': True, 'includeVendor': True, 'includeCWE': True, 'http_proxy': '' 'http_proxy': '', 'plugin_load': './etc/plugins.txt', 'plugin_config': './etc/plugins.ini' } @classmethod Loading Loading @@ -104,6 +105,10 @@ class Configuration(): sys.exit("Unable to connect to Mongo. Is it running on %s:%s?"%(mongoHost,mongoPort)) return connect[mongoDB] @classmethod def toPath(cls, path): return path if os.path.isabs(path) else os.path.join(runPath, "..", path) # Redis @classmethod def getRedisHost(cls): Loading Loading @@ -163,11 +168,11 @@ class Configuration(): @classmethod def getSSLCert(cls): return os.path.join(runPath, "..", cls.readSetting("Webserver", "Certificate", cls.default['sslCertificate'])) return cls.toPath(cls.readSetting("Webserver", "Certificate", cls.default['sslCertificate'])) @classmethod def getSSLKey(cls): return os.path.join(runPath, "..", cls.readSetting("Webserver", "Key", cls.default['sslKey'])) return cls.toPath(cls.readSetting("Webserver", "Key", cls.default['sslKey'])) # CVE @classmethod Loading Loading @@ -225,21 +230,14 @@ class Configuration(): def getexploitdbDict(cls): return cls.readSetting("Sources", "exploitdb", cls.default['exploitdb']) # MISP @classmethod def getMISPCredentials(cls): url = cls.readSetting("MISP", "URL", cls.default['misp_url']) key = cls.readSetting("MISP", "Key", cls.default['misp_key']) return (url, key) if url and key else (None, None) # Logging @classmethod def getLogfile(cls): return os.path.join(runPath, "..", cls.readSetting("Logging", "Logfile", cls.default['logfile'])) return cls.toPath(cls.readSetting("Logging", "Logfile", cls.default['logfile'])) @classmethod def getUpdateLogFile(cls): return os.path.join(runPath, "..", cls.readSetting("Logging", "Updatelogfile", cls.default['updatelogfile'])) return cls.toPath(cls.readSetting("Logging", "Updatelogfile", cls.default['updatelogfile'])) @classmethod def getLogging(cls): Loading Loading @@ -275,12 +273,12 @@ class Configuration(): # Indexing @classmethod def getTmpdir(cls): return os.path.join(runPath, "..", cls.readSetting("dbmgt", "Tmpdir", cls.default['Tmpdir'])) return cls.toPath(cls.readSetting("dbmgt", "Tmpdir", cls.default['Tmpdir'])) # Indexing @classmethod def getIndexdir(cls): return os.path.join(runPath, "..", cls.readSetting("FulltextIndex", "Indexdir", cls.default['Indexdir'])) return cls.toPath(cls.readSetting("FulltextIndex", "Indexdir", cls.default['Indexdir'])) # Enabled Feeds @classmethod Loading Loading @@ -340,3 +338,29 @@ class Configuration(): data = gzip.GzipFile(fileobj=buf) return (data, response) # Plugins @classmethod def getPluginLoadSettings(cls): return cls.toPath(cls.readSetting("Plugins", "loadSettings", cls.default['plugin_load'])) @classmethod def getPluginsettings(cls): return cls.toPath(cls.readSetting("Plugins", "pluginSettings", cls.default['plugin_config'])) class ConfigReader(): def __init__(self, file): self.ConfigParser = configparser.ConfigParser() self.ConfigParser.read(file) def read(self, section, item, default): result = default try: if type(default) == bool: result = self.ConfigParser.getboolean(section, item) elif type(default) == int: result = self.ConfigParser.getint(section, item) else: result = self.ConfigParser.get(section, item) except: pass return result
