-
Notifications
You must be signed in to change notification settings - Fork 3
/
setup
executable file
·99 lines (82 loc) · 3.03 KB
/
setup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#!/usr/bin/python
import os
"""
CVE_JSON FORMAT
{u'Modified': u'2014-07-17T01:07:29.683-04:00',
u'Published': u'2014-06-16T14:55:09.713-04:00',
u'cvss': 6.8,
u'cwe': u'CWE-352',
u'id': u'CVE-2014-4162',
u'references': [u'http://www.exploit-db.com/exploits/33518',
u'http://secunia.com/advisories/58513',
u'http://packetstormsecurity.com/files/126812/Zyxel-P-660HW-T1-Cross-Site-Request-Forgery.html',
u'http://osvdb.org/show/osvdb/107449'],
u'summary': u'Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to Forms/WLAN_General_1.',
u'vulnerable_configuration': [u'cpe:/h:zyxel:p-660hw:_t1:v3']}
"""
md = "README.md"
def make_directory(name) :
if not os.path.exists(name) :
os.makedirs(name)
def make_form(f, name) :
cont = "# " + name + "\n\n\n"
cont += "| CVE id | CVSS | Summary | reference |\n"
cont += "| :----- | :--- | :------ | :-------- |\n"
f.write(cont)
def make_content(f, js) :
ref_list = ""
for ref in js["references"] :
ref_list += ref + ", "
cont = "| " + js["id"] + " | " + str(js["cvss"]) + " | " + js["summary"] + " | " + ref_list[:-2] + " |\n"
f.write(cont)
def make_readme(js) :
root = "CVEs"
make_directory(root)
name = root + "/" + js["id"]
make_directory(name)
if not os.path.exists(name + "/" + md) :
f = open(name + "/" + md, "w")
make_form(f, js["id"])
make_content(f, js)
f.close()
def make_mform(f) :
cont = "# CVE-Study\n\n\n"
cont += "| CVE id | CVSS |\n"
cont += "| :----- | :--- |\n"
f.write(cont)
def make_mcontent(f, js_list) :
rootaddr = "https://github.com/thdusdl1219/CVE-Study/tree/master/CVEs"
for js in js_list :
addr = rootaddr + "/" + js["id"]
cont = "| [" + js["id"] + "](" + addr + ")" + " | " + str(js["cvss"]) + " |\n"
f.write(cont)
def make_main(js_list) :
if not os.path.exists(md) :
f = open(md, "w")
make_mform(f)
make_mcontent(f, js_list)
f.close()
def parse_year(cveid) :
l = cveid.split("-")
return l[1]
def main() :
cve_list = open("CVE_LIST", "r")
js_list = eval(cve_list.read())
list_2017 = []
list_2016 = []
list_2015 = []
for js in js_list :
if parse_year(js["id"]) == "2015" :
list_2015.append(js)
elif parse_year(js["id"]) == "2016" :
list_2016.append(js)
elif parse_year(js["id"]) == "2017" :
list_2017.append(js)
nlist_2017 = sorted(list_2017, key=lambda js : js["cvss"], reverse=True)
nlist_2016 = sorted(list_2016, key=lambda js : js["cvss"], reverse=True)
nlist_2015 = sorted(list_2015, key=lambda js : js["cvss"], reverse=True)
real_list = nlist_2017 + nlist_2016 + nlist_2015
make_main(real_list)
for js in real_list :
make_readme(js)
main()