xaitax / sploitscan Goto Github PK
View Code? Open in Web Editor NEWSploitScan is a sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated exploits.
License: GNU General Public License v3.0
SploitScan is a sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated exploits.
License: GNU General Public License v3.0
I change the code so that it can read oldest CVSS type 2.0, but always giving priority to 3.x
`def display_nvd_data(cve_data):
if (
cve_data
and "vulnerabilities" in cve_data
and len(cve_data["vulnerabilities"]) > 0
):
cve_item = cve_data["vulnerabilities"][0]["cve"]
published = cve_item.get("published", "")
if published:
published_date = datetime.datetime.fromisoformat(published)
published = published_date.strftime("%Y-%m-%d")
descriptions = cve_item.get("descriptions", [])
description = next(
(desc["value"] for desc in descriptions if desc["lang"] == "en"),
"No description available",
)
metrics = cve_item.get("metrics", {})
baseScore = baseSeverity = vectorString = "N/A"
# First try to get CVSS v3*
for key, value in metrics.items():
if key.startswith("cvssMetricV3"):
cvss_data = value[0].get("cvssData", {})
baseScore = cvss_data.get("baseScore", "N/A")
baseSeverity = cvss_data.get("baseSeverity", "N/A")
vectorString = cvss_data.get("vectorString", "N/A")
break # Stop at the first occurrence
# If CVSS v3* is not available, try to get CVSS v2
if baseScore == "N/A":
for key, value in metrics.items():
if key.startswith("cvssMetricV2"):
cvss_data = value[0].get("cvssData", {})
baseScore = cvss_data.get("baseScore", "N/A")
baseSeverity = cvss_data.get("baseSeverity", "N/A")
vectorString = cvss_data.get("vectorString", "N/A")
break # Stop at the first occurrence
label_width = max(
len("Description:"),
len("Published:"),
len("Base Score:"),
len("Base Severity:"),
len("Vector String:"),
)
description_label = "Description:".ljust(label_width)
published_label = "Published:".ljust(label_width)
base_score_label = "Base Score:".ljust(label_width)
base_severity_label = "Base Severity:".ljust(label_width)
vector_string_label = "Vector String:".ljust(label_width)
print(
f"\n{description_label} {description}\n"
f"{published_label} {published}\n"
f"{base_score_label} {baseScore}\n"
f"{base_severity_label} {baseSeverity}\n"
f"{vector_string_label} {vectorString}\n"
)
else:
print("\n❌ No NVD data found for this CVE ID.\n")`
after adding my API key from VulnCheck this msg appears
Error fetching data from VulnCheck: 401 Client Error: Unauthorized for url: https://api.vulncheck.com/v3/index/vulncheck-kev?cve=CVE-2024-3494
and I`m already in the VulnCheck
Try this
./sploitscan CVE-2020-8813...
With v0.10.2 I get
┌───[ 💥 VulnCheck Exploits ]
|
├ Date: 2022-09-30
└ URL: https://github.com/p0dalirius/CVE-2020-8813-Cacti-RCE-in-graph_realtime
|
├ Date: 2021-05-11
└ URL: https://github.com/0xm4ud/Cacti-CVE-2020-8813
With v0.10.3 - no VulnCheck Exploit section in output! Nothing at all. Same with other CVEs...
I put in my API key from OpenAI and edited in the conf file. When I run with a nessus file, I got this error.
┌───[ 🤖 AI-Powered Risk Assessment ] | | ❌ Error fetching data from OpenAI: Error code: 404 - {'error': {'message': 'The model `gpt-4o` | does not exist or you do not have access to it.', 'type': 'invalid_request_error', 'param': None, | 'code': 'model_not_found'}}
Hi,
I copied my VulnCheck API key to config.json file like this:
{
"vulncheck_api_key": "vulncheck_64b239d2f920 [etc..long alphanum string]...644a043",
"openai_api_key": ""
}
I have this config file in local directory, and in ~/.config/sploitscan and /etc/sploitscan directories.
I keep getting the error as in the title above:
"API key for VulnCheck is not configured correctly"
In html export file the section "VulnCheck exploits" is empty... Not even "N/A" as in other empty sections.
Regards,
cikasole
I thought about implementing a file entry, where it reads the file that contains the CVEs. This way, if the user wants to check a file with more CVEs, the input may be better.
`import pandas as pd
def read_cve_ids(file_path):
cve_pattern = r'\bCVE-\d{4}-\d{4,7}\b'
cve_ids = set()
try:
if file_path.endswith('.csv'):
data = pd.read_csv(file_path)
elif file_path.endswith('.xlsx'):
data = pd.read_excel(file_path)
elif file_path.endswith('.json'):
data = pd.read_json(file_path)
else:
with open(file_path, 'r') as file:
data = file.read()
cves_found = re.findall(cve_pattern, str(data))
cve_ids.update(cves_found)
except Exception as e:
print(f"Erro ao ler o arquivo: {e}")
return cve_ids`
Hi,
I get an error with this CVE code:
└─# ./sploitscan.py CVE-2023-5678 -e html
....
....
Error exporting to HTML: 'dict object' has no attribute 'cvssV3_1'
I tried export to csv, and it works fine.
Can you, please, help me with this?
Best regards,
cikasole
Hi Alexander!
I hope you are well!
It's always good to talk to you!
There is an RC bug open for sploitscan and I need to close it:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072816
The problem is that there are two files in the main package:
config.json
templates/report_template.html
I would like to know if they are necessary for the module to function?
If not, I will move to another location.
If you can explain I would be very grateful as I will reference this issue when closing Bug RC.
grateful!
Hi!
I'm a Debian packager, I found your work interesting. I'm taking it to our distro.
I noticed that you didn't make the setupy /pyproject.tolm configuration file available.
What version of this project would be? Would you like to version it?
Nilson
Parsing API keys took a few stabs...
def load_config():
default_config = {"vulncheck_api_key": None, "openai_api_key": None}
base_path = os.path.dirname(os.path.abspath(__file__))
config_paths = [
os.path.join(base_path, "config.json"),
os.path.expanduser("~/.sploitscan/config.json"),
os.path.expanduser("~/.config/sploitscan/config.json"),
"/etc/sploitscan/config.json",
]
for config_path in config_paths:
if os.path.exists(config_path):
try:
print(f"Attempting to load config file from: {config_path}") # Debugging statement
with open(config_path, "r", encoding="utf-8") as file:
config = json.load(file)
print(f"Successfully loaded config file: {config_path}") # Debugging statement
return config
except json.JSONDecodeError as e:
print(f"⚠️ Error decoding JSON from the config file {config_path}: {e}")
except Exception as e:
print(f"⚠️ Unexpected error reading config file {config_path}: {e}")
print("⚠️ Config file not found in any checked locations, using default settings.")
return default_config
I'm using the version packaged by Debian: sploitscan/unstable,now 0.10.3-1
for some CVE IDs (not all), sploiscan crash (CVE-2024-36387
is OK for example)
❯ sploitscan CVE-2024-5535
███████╗██████╗ ██╗ ██████╗ ██╗████████╗███████╗ ██████╗ █████╗ ███╗ ██╗
██╔════╝██╔══██╗██║ ██╔═══██╗██║╚══██╔══╝██╔════╝██╔════╝██╔══██╗████╗ ██║
███████╗██████╔╝██║ ██║ ██║██║ ██║ ███████╗██║ ███████║██╔██╗ ██║
╚════██║██╔═══╝ ██║ ██║ ██║██║ ██║ ╚════██║██║ ██╔══██║██║╚██╗██║
███████║██║ ███████╗╚██████╔╝██║ ██║ ███████║╚██████╗██║ ██║██║ ╚████║
╚══════╝╚═╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═╝ ╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═══╝
v0.10.3 / Alexander Hagenah / @xaitax / [email protected]
╔═══════════════════════╗
║ CVE ID: CVE-2024-5535 ║
╚═══════════════════════╝
┌───[ 🔍 Vulnerability information ]
|
├ Published: 2024-06-27
├ Base Score: N/A (N/A)
├ Vector: N/A
└ Description:
[…]
┌───[ ♾️ Exploit Prediction Score (EPSS) ]
|
└ EPSS Score: 0.04% Probability of exploitation.
┌───[ 🛡️ CISA KEV Catalog ]
|
└ ❌ No data found.
Traceback (most recent call last):
File "/usr/bin/sploitscan", line 8, in <module>
sys.exit(cli())
^^^^^
File "/usr/lib/python3/dist-packages/sploitscan/sploitscan.py", line 1067, in cli
main(args.cve_ids, args.export, args.import_file, args.type, args.config, args.debug)
File "/usr/lib/python3/dist-packages/sploitscan/sploitscan.py", line 984, in main
public_exploits = fetch_and_display_public_exploits(cve_id)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/sploitscan/sploitscan.py", line 880, in fetch_and_display_public_exploits
display_public_exploits(github_data, vulncheck_data, exploitdb_data, packetstorm_data, nuclei_data, vulncheck_error)
File "/usr/lib/python3/dist-packages/sploitscan/sploitscan.py", line 365, in display_public_exploits
exploits, total = template(True)
^^^^^^^^^^^^^^^
ValueError: not enough values to unpack (expected 2, got 1)
Have tried importing two different nessus files and both have returned the same error. Am not the best with python, so any thoughts? Is this coding, or did I miss a syntax where I needed to provide an api key?
Syntax used:
python sploitscan.py --import-file /path/to/file/filename.nessus --type nessus
Fetching GitHub exploits / PoC:
❌ An error occurred fetching PoC data: HTTPSConnectionPool(host='poc-in-github.motikan2010.net', port=443): Max retries exceeded with url: /api/v1/?cve_id=CVE-2012-0159&sort=stargazers_count (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)')))
Traceback (most recent call last):
File "/home/kali/Desktop/SploitScan/sploitscan.py", line 703, in
main(args.cve_ids, args.export, args.import_file, args.type)
File "/home/kali/Desktop/SploitScan/sploitscan.py", line 586, in main
cve_result = collect_cve_data(cve_id)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/Desktop/SploitScan/sploitscan.py", line 622, in collect_cve_data
display_github_data(github_data)
File "/home/kali/Desktop/SploitScan/sploitscan.py", line 164, in display_github_data
if "pocs" in data and len(data["pocs"]) > 0:
^^^^^^^^^^^^^^
TypeError: argument of type 'NoneType' is not iterable
When vulncheck_data is "None" the script gives the following error
https://github.com/xaitax/SploitScan/blob/main/sploitscan.py#L385
Traceback (most recent call last):
File "/usr/bin/sploitscan", line 31, in <module>
main(args.cve_ids, args.export)
File "/usr/share/sploitscan/sploitscan.py", line 708, in main
cve_result = collect_cve_data(cve_id)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/share/sploitscan/sploitscan.py", line 658, in collect_cve_data
priority = calculate_priority(
^^^^^^^^^^^^^^^^^^^
File "/usr/share/sploitscan/sploitscan.py", line 385, in calculate_priority
or bool(vulncheck_data.get("data"))
^^^^^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'get'
I would like to findout if you help automating the process of checking all the monthly patches from Microsoft on Patch Tuesday and passing each CVE ID through a script, I use the script https://github.com/Immersive-Labs-Sec/msrc-api/blob/main/patch_review.py, is it possible to take the each of the cve ID and pass it through your script to output?
w0rd up,
nice work, minimal change proposal: how about including
#!/usr/bin/env python3
in the first line of sploitscan.py,
regards
Hi,
I've tried -e html option on v0.10.3.
It seems that the titles for CVEs in output html report are missing.
I tried on a long list of CVEs, and on just one CVE... Only grey strips without CVE numbers.
Best regards,
cs
when i creat config.json file on the $(pwd) .
sudo docker run -v $(pwd)config.json:/etc/sploitscan/config.json --rm sploitscan CVE-2024-1709
┌───[ VulnCheck Exploits ]
|
└ API key for VulnCheck is not configured correctly.
┌───[ 烙 AI-Powered Risk Assessment ]
|
| ❌ OpenAI API key is not configured correctly.
|
└────────────────────────────────────────
I implemented a query in exploitDB, where it queries the existence of exploits for that CVE. I believe this new implemented base could be interesting
`def fetch_exploitdb_data(cve_id):
try:
response = requests.get("https://gitlab.com/exploit-database/exploitdb/-/raw/main/files_exploits.csv?ref_type=heads")
response.raise_for_status()
exploitdb_data = response.text
# Procurando a CVE no campo "codes"
cve_pattern = re.compile(r"CVE-\d{4}-\d{4,7}")
csv_reader = csv.DictReader(exploitdb_data.splitlines())
relevant_data = []
for row in csv_reader:
if cve_pattern.search(row["codes"]) and cve_id in row["codes"]:
relevant_data.append(row)
return relevant_data
except requests.exceptions.RequestException as e:
print(f"❌ An error occurred fetching exploitdb data: {e}")
return None
def display_exploitdb_data(exploitdb_data, cve_id):
if exploitdb_data:
print("ExploitDB Data:\n")
headers = ["Name", "Author", "Date", "URL"]
table = []
for data in exploitdb_data:
cve_id_display = cve_id
date_published = data.get("date", "N/A")
author = data.get("author", "N/A")
exploit_id = data.get("id", "N/A")
url = f"https://www.exploit-db.com/exploits/{exploit_id}"
row = [cve_id_display, author, date_published, url]
table.append(row)
print(tabulate(table, headers=headers, tablefmt="fancy_grid") + "\n")
else:
print("No ExploitDB data found.\n")`
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.