forked from bitsadmin/wesng
-
Notifications
You must be signed in to change notification settings - Fork 0
/
collect_msrc.ps1
111 lines (94 loc) · 3.82 KB
/
collect_msrc.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
<#
Author: Arris Huijgen - @bitsadmin
Website: https://github.com/bitsadmin
License: BSD 3-Clause
#>
# Instructions
# 1. Install the MSRC module using: Install-Module MSRCSecurityUpdates -Force
# 2. Request your own API key via https://portal.msrc.microsoft.com/en-us/developer and store it in apikey.txt
$apikey = Get-Content apikey.txt
if(-not $apikey)
{
Write-Error 'Make sure your MSRC API key is stored in apikey.txt'
Exit
}
# 3. Execute the script and wait for the MSRC.csv file to be created
# Import module
Import-Module MSRCSecurityUpdates
# Fetch MSRC CVRF documents
$dateformat = "hh:mm"
Set-MSRCApiKey -ApiKey $apikey
$msu = (Get-MsrcSecurityUpdate).value
$docs = @()
"Start: {0}" -f [DateTime]::Now
"[+] Downloading documents from MSRC"
$i=1
foreach($secupdate in $msu)
{
"- [{0:000}/{1:000}]: {2}" -f $i,$msu.Length,$secupdate.DocumentTitle
$docs += Get-MsrcCvrfDocument -id $secupdate.ID
$i++
}
# Sort documents chronologically
$docs = $docs | sort @{Expression={$_.DocumentTracking.InitialReleaseDate}}
# DEBUG
#$docs | Export-Clixml "MSRCdocs.xml"
#$docs = Import-Clixml "MSRCdocs.xml"
"[+] Processing MSRC documents"
$allProductIDS = @()
$cves_msrc = @()
$i = 1
# Monthly releases
foreach($doc in $docs)
{
# Print current month to screen
"- [{0:000}/{1:000}]: {2}" -f $i,$docs.Length,$doc.DocumentTitle.Value
# Compile list of all products
$allProductIDS += $doc.ProductTree.FullProductName
# Iterate over CVEs per monthly release
foreach($cve in $doc.Vulnerability)
{
$DatePosted = [System.Convert]::ToDateTime(($cve.RevisionHistory | select -Last 1).Date).ToString("yyyyMMdd")
$CveID = $cve.CVE
$Title = $cve.Title.Value
$AffectedComponent = ($cve.Notes | select -Last 1).Title
#$description = ($cve.Notes | ? Title -eq "Description" | select -expand Value) -replace "<p>","" -replace "</p>`n", " " -replace "`r", ""
# Iterate over KBs per CVE
foreach($kb in $cve.Remediations)
{
$BulletinKB = $kb.Description.Value
$Supersedes = $kb.Supercedence -split {$_ -eq ";" -or $_ -eq "," -or $_ -eq " "} | ? { $_ -and $_ -inotlike '*MS*' }
if($Supersedes -eq $null) { $Supersedes = @("") }
# Iterate over products patched by the KB
foreach($productid in $kb.ProductID)
{
$threats = $cve.Threats | ? ProductID -Contains $productid
$Severity = ($threats | ? Type -EQ 3).Description.Value
$Impact = ($threats | ? Type -EQ 0).Description.Value
$AffectedProduct = $doc.ProductTree.FullProductName | ? ProductId -EQ $productid | select -expand Value
# Fix-up for mistakes in the AffectedProduct and AffectedComponent fields
$AffectedProduct = $AffectedProduct.TrimEnd() -replace ' ', ' '
$AffectedComponent = $AffectedComponent.TrimEnd() -replace ' ', ' '
$cves_msrc += [PSCustomObject]@{
DatePosted=$DatePosted;
CVE=$CveID;
BulletinKB=$BulletinKB;
Title=$Title;
AffectedProduct=$AffectedProduct;
AffectedComponent=$AffectedComponent;
Severity=$Severity;
Impact=$Impact;
Supersedes=$Supersedes -join ";"
}
}
}
}
$i++
}
# DEBUG
#$cve_bulletin | Export-Clixml "MSRC.xml"
#$cve_bulletin = Import-Clixml "MSRC.xml"
"[+] {{{0}}} Writing CVEs from MSRC to file" -f [DateTime]::Now.ToString($dateformat)
$cves_msrc | Export-Csv -NoTypeInformation -Encoding utf8 "MSRC.csv"
"[+] Done!"
"End: {0}" -f [DateTime]::Now