Loading bin/db_dump.py +4 −3 Original line number Diff line number Diff line Loading @@ -24,9 +24,9 @@ db = Configuration.getMongoConnection() collection = db.cves def dumpallcveid(): def dumpallcveid(limit=False): cveid = [] for x in collection.find({}).sort('_id', 1): for x in collection.find({}).sort('_id', 1).limit(limit): cveid.append(x['id']) return cveid Loading @@ -34,6 +34,7 @@ argParser = argparse.ArgumentParser(description='Dump database in JSON format') argParser.add_argument('-r', default=False, action='store_true', help='Include ranking value') argParser.add_argument('-v', default=False, action='store_true', help='Include vfeed map') argParser.add_argument('-c', default=False, action='store_true', help='Include CAPEC information') argParser.add_argument('-l', default=False, type=int, help='Limit output to n elements (default: unlimited)') args = argParser.parse_args() rankinglookup = args.r Loading @@ -42,6 +43,6 @@ capeclookup = args.c l = cves.last(rankinglookup=rankinglookup, vfeedlookup=vfeedlookup, capeclookup=capeclookup) for cveid in dumpallcveid(): for cveid in dumpallcveid(limit=args.l): item = l.getcve(cveid=cveid) print (json.dumps(item, sort_keys=True, default=json_util.default)) bin/search_fulltext.py +2 −3 Original line number Diff line number Diff line Loading @@ -5,7 +5,7 @@ # # Software is free software released under the "Modified BSD license" # # Copyright (c) 2012-2014 Alexandre Dulaunoy - a@foo.be # Copyright (c) 2012-2015 Alexandre Dulaunoy - a@foo.be # Copyright (c) 2015 Pieter-Jan Moreels - pieterjan.moreels@gmail.com # Imports Loading @@ -20,7 +20,6 @@ import argparse import json from bson import json_util runPath = os.path.dirname(os.path.realpath(__file__)) indexpath = "./indexdir" Loading @@ -32,7 +31,7 @@ argParser = argparse.ArgumentParser(description='Full text search for cve-search argParser.add_argument('-q', action='append', help='query to lookup (one or more)') argParser.add_argument('-t', action='store_true', help='output title of the match CVE(s)') argParser.add_argument('-f', action='store_true', help='output matching CVE(s) in JSON') argParser.add_argument('-m', type=int, default=False, help='most frequent terms)') argParser.add_argument('-m', type=int, default=False, help='most frequent terms in CVE description (m is top-m values)') argParser.add_argument('-l', action='store_true', default=False, help='dump all terms encountered in CVE description') argParser.add_argument('-g', action='store_true', default=False, help='graph of most frequent terms with each matching CVE (JSON output)') argParser.add_argument('-s', action='store_true', default=False, help='enable stemming on graph JSON output (default is False)') Loading lib/CVEs.py +1 −1 Original line number Diff line number Diff line Loading @@ -104,7 +104,7 @@ class last: if rank and rank not in ranking: ranking.append(rank) e['vulnerable_configuration'] = vulconf if self.rankinglookup: if self.rankinglookup and len(ranking) > 0: e['ranking'] = ranking if self.vfeedlookup: f = self.getvfeed(cveid=cveid) Loading lib/Config.py +17 −2 Original line number Diff line number Diff line Loading @@ -19,6 +19,7 @@ import redis import re import datetime import configparser import urllib.parse class Configuration(): Loading @@ -28,6 +29,7 @@ class Configuration(): 'redisVendorDB': 10, 'redisNotificationsDB': 11, 'mongoHost': 'localhost', 'mongoPort': 27017, 'mongoDB': "cvedb", 'mongoUsername': '', 'mongoPassword': '', 'flaskHost': "127.0.0.1", 'flaskPort': 5000, 'flaskDebug': True, 'pageLength': 50, 'loginRequired': False, Loading Loading @@ -75,7 +77,20 @@ class Configuration(): mongoHost = cls.readSetting("Mongo", "Host", cls.default['mongoHost']) mongoPort = cls.readSetting("Mongo", "Port", cls.default['mongoPort']) mongoDB = cls.getMongoDB() mongoUsername = cls.readSetting("Mongo", "Username", cls.default['mongoUsername']) mongoPassword = cls.readSetting("Mongo", "Password", cls.default['mongoPassword']) mongoUsername = urllib.parse.quote( mongoUsername ) mongoPassword = urllib.parse.quote( mongoPassword ) try: if mongoUsername and mongoPassword: mongoURI = "mongodb://{username}:{password}@{host}:{port}/{db}".format( username = mongoUsername, password = mongoPassword, host = mongoHost, port = mongoPort, db = mongoDB ) connect = pymongo.MongoClient(mongoURI) else: connect = pymongo.MongoClient(mongoHost, mongoPort) except: sys.exit("Unable to connect to Mongo. Is it running on %s:%s?"%(mongoHost,mongoPort)) Loading lib/Query.py +14 −3 Original line number Diff line number Diff line Loading @@ -5,12 +5,17 @@ # # Software is free software released under the "Modified BSD license" # # Copyright (c) 2014-2015 Alexandre Dulaunoy - a@foo.be # Copyright (c) 2014-2015 Pieter-Jan Moreels - pieterjan.moreels@gmail.com import urllib.parse import json import requests import os import sys runPath = os.path.dirname(os.path.realpath(__file__)) sys.path.append(os.path.join(runPath, "..")) from lib.Config import Configuration Loading Loading @@ -50,9 +55,10 @@ def lookupcpe(cpeid=None): return e['title'] def lastentries(limit=5, namelookup=False): def lastentries(limit=5, namelookup=False, rankinglookup=True): entries = [] for item in collection.find({}).sort("Modified", -1).limit(limit): item.pop('_id') if not namelookup and rankinglookup is not True: entries.append(item) else: Loading @@ -69,7 +75,7 @@ def lastentries(limit=5, namelookup=False): if rank and rank not in ranking: ranking.append(rank) item['vulnerable_configuration'] = vulconf if rankinglookup: if rankinglookup and len(ranking) > 0: item['ranking'] = ranking entries.append(item) return entries Loading Loading @@ -109,3 +115,8 @@ def apisearch(api, query=None): return r.text else: return False def _test(): print (lastentries(limit=10)) if __name__ == "__main__": _test() Loading
bin/db_dump.py +4 −3 Original line number Diff line number Diff line Loading @@ -24,9 +24,9 @@ db = Configuration.getMongoConnection() collection = db.cves def dumpallcveid(): def dumpallcveid(limit=False): cveid = [] for x in collection.find({}).sort('_id', 1): for x in collection.find({}).sort('_id', 1).limit(limit): cveid.append(x['id']) return cveid Loading @@ -34,6 +34,7 @@ argParser = argparse.ArgumentParser(description='Dump database in JSON format') argParser.add_argument('-r', default=False, action='store_true', help='Include ranking value') argParser.add_argument('-v', default=False, action='store_true', help='Include vfeed map') argParser.add_argument('-c', default=False, action='store_true', help='Include CAPEC information') argParser.add_argument('-l', default=False, type=int, help='Limit output to n elements (default: unlimited)') args = argParser.parse_args() rankinglookup = args.r Loading @@ -42,6 +43,6 @@ capeclookup = args.c l = cves.last(rankinglookup=rankinglookup, vfeedlookup=vfeedlookup, capeclookup=capeclookup) for cveid in dumpallcveid(): for cveid in dumpallcveid(limit=args.l): item = l.getcve(cveid=cveid) print (json.dumps(item, sort_keys=True, default=json_util.default))
bin/search_fulltext.py +2 −3 Original line number Diff line number Diff line Loading @@ -5,7 +5,7 @@ # # Software is free software released under the "Modified BSD license" # # Copyright (c) 2012-2014 Alexandre Dulaunoy - a@foo.be # Copyright (c) 2012-2015 Alexandre Dulaunoy - a@foo.be # Copyright (c) 2015 Pieter-Jan Moreels - pieterjan.moreels@gmail.com # Imports Loading @@ -20,7 +20,6 @@ import argparse import json from bson import json_util runPath = os.path.dirname(os.path.realpath(__file__)) indexpath = "./indexdir" Loading @@ -32,7 +31,7 @@ argParser = argparse.ArgumentParser(description='Full text search for cve-search argParser.add_argument('-q', action='append', help='query to lookup (one or more)') argParser.add_argument('-t', action='store_true', help='output title of the match CVE(s)') argParser.add_argument('-f', action='store_true', help='output matching CVE(s) in JSON') argParser.add_argument('-m', type=int, default=False, help='most frequent terms)') argParser.add_argument('-m', type=int, default=False, help='most frequent terms in CVE description (m is top-m values)') argParser.add_argument('-l', action='store_true', default=False, help='dump all terms encountered in CVE description') argParser.add_argument('-g', action='store_true', default=False, help='graph of most frequent terms with each matching CVE (JSON output)') argParser.add_argument('-s', action='store_true', default=False, help='enable stemming on graph JSON output (default is False)') Loading
lib/CVEs.py +1 −1 Original line number Diff line number Diff line Loading @@ -104,7 +104,7 @@ class last: if rank and rank not in ranking: ranking.append(rank) e['vulnerable_configuration'] = vulconf if self.rankinglookup: if self.rankinglookup and len(ranking) > 0: e['ranking'] = ranking if self.vfeedlookup: f = self.getvfeed(cveid=cveid) Loading
lib/Config.py +17 −2 Original line number Diff line number Diff line Loading @@ -19,6 +19,7 @@ import redis import re import datetime import configparser import urllib.parse class Configuration(): Loading @@ -28,6 +29,7 @@ class Configuration(): 'redisVendorDB': 10, 'redisNotificationsDB': 11, 'mongoHost': 'localhost', 'mongoPort': 27017, 'mongoDB': "cvedb", 'mongoUsername': '', 'mongoPassword': '', 'flaskHost': "127.0.0.1", 'flaskPort': 5000, 'flaskDebug': True, 'pageLength': 50, 'loginRequired': False, Loading Loading @@ -75,7 +77,20 @@ class Configuration(): mongoHost = cls.readSetting("Mongo", "Host", cls.default['mongoHost']) mongoPort = cls.readSetting("Mongo", "Port", cls.default['mongoPort']) mongoDB = cls.getMongoDB() mongoUsername = cls.readSetting("Mongo", "Username", cls.default['mongoUsername']) mongoPassword = cls.readSetting("Mongo", "Password", cls.default['mongoPassword']) mongoUsername = urllib.parse.quote( mongoUsername ) mongoPassword = urllib.parse.quote( mongoPassword ) try: if mongoUsername and mongoPassword: mongoURI = "mongodb://{username}:{password}@{host}:{port}/{db}".format( username = mongoUsername, password = mongoPassword, host = mongoHost, port = mongoPort, db = mongoDB ) connect = pymongo.MongoClient(mongoURI) else: connect = pymongo.MongoClient(mongoHost, mongoPort) except: sys.exit("Unable to connect to Mongo. Is it running on %s:%s?"%(mongoHost,mongoPort)) Loading
lib/Query.py +14 −3 Original line number Diff line number Diff line Loading @@ -5,12 +5,17 @@ # # Software is free software released under the "Modified BSD license" # # Copyright (c) 2014-2015 Alexandre Dulaunoy - a@foo.be # Copyright (c) 2014-2015 Pieter-Jan Moreels - pieterjan.moreels@gmail.com import urllib.parse import json import requests import os import sys runPath = os.path.dirname(os.path.realpath(__file__)) sys.path.append(os.path.join(runPath, "..")) from lib.Config import Configuration Loading Loading @@ -50,9 +55,10 @@ def lookupcpe(cpeid=None): return e['title'] def lastentries(limit=5, namelookup=False): def lastentries(limit=5, namelookup=False, rankinglookup=True): entries = [] for item in collection.find({}).sort("Modified", -1).limit(limit): item.pop('_id') if not namelookup and rankinglookup is not True: entries.append(item) else: Loading @@ -69,7 +75,7 @@ def lastentries(limit=5, namelookup=False): if rank and rank not in ranking: ranking.append(rank) item['vulnerable_configuration'] = vulconf if rankinglookup: if rankinglookup and len(ranking) > 0: item['ranking'] = ranking entries.append(item) return entries Loading Loading @@ -109,3 +115,8 @@ def apisearch(api, query=None): return r.text else: return False def _test(): print (lastentries(limit=10)) if __name__ == "__main__": _test()
