forked from MISP/misp-modules
-
Notifications
You must be signed in to change notification settings - Fork 0
/
vulners.py
69 lines (51 loc) · 2.28 KB
/
vulners.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
import json
import vulners
misperrors = {'error': 'Error'}
mispattributes = {'input': ['vulnerability'], 'output': ['text']}
moduleinfo = {'version': '0.1', 'author': 'Igor Ivanov', 'description': 'An expansion hover module to expand information about CVE id using Vulners API.', 'module-type': ['hover']}
# Get API key from https://vulners.com/userinfo
moduleconfig = ["apikey"]
def handler(q=False):
if q is False:
return False
request = json.loads(q)
if not request.get('vulnerability'):
misperrors['error'] = 'Vulnerability id missing'
return misperrors
ai_summary = ''
exploit_summary = ''
vuln_summary = ''
if not request.get('config') or not request['config'].get('apikey'):
return {'error': "A Vulners api key is required for this module."}
key = request['config']['apikey']
vulners_api = vulners.Vulners(api_key=key)
vulnerability = request.get('vulnerability')
vulners_document = vulners_api.document(vulnerability)
# Get AI scoring from the document if it's already calculated
# There is no need to call AI Scoring method
if 'score' in vulners_document.get('enchantments', {}):
vulners_ai_score = vulners_document['enchantments']['score']['value']
else:
vulners_ai_score = vulners_api.get_ai_score(vulnerability)
if len(vulners_ai_score) == 2:
vulners_ai_score = vulners_ai_score[0]
vulners_exploits = vulners_api.searchExploit(vulnerability)
if vulners_document:
vuln_summary += vulners_document.get('description')
else:
vuln_summary += 'Non existing CVE'
if vulners_ai_score:
ai_summary += 'Vulners AI Score is ' + str(vulners_ai_score) + " "
if vulners_exploits:
exploit_summary += " || " + str(len(vulners_exploits)) + " Public exploits available:\n "
for exploit in vulners_exploits:
exploit_summary += exploit['title'] + " " + exploit['href'] + "\n "
exploit_summary += "|| Vulnerability Description: " + vuln_summary
summary = ai_summary + exploit_summary + vuln_summary
r = {'results': [{'types': mispattributes['output'], 'values': summary}]}
return r
def introspection():
return mispattributes
def version():
moduleinfo['config'] = moduleconfig
return moduleinfo