-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathupdatevulnerabilitylist.py
120 lines (103 loc) · 4.58 KB
/
updatevulnerabilitylist.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
#!/usr/bin/env python
# encoding: UTF-8
################################################################################
#
#
# Tasiopoulos Vasilis - tasiopoulos[DOT]vasilis[AT]gmail[DOT]com
#
################################################################################
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
################################################################################
import urllib
import os
from sys import stdout
from time import sleep
import re
import datetime
################################################################################
#
# Function to download the vulnerabilities list
#
################################################################################
def updatevuln():
tim=str(datetime.datetime.now().time())
try:
os.rename("vulnerabilities/drupalvulnerabilitieslist.txt","vulnerabilities/old_vulnerabilities_list/drupalvulnerabilitieslist_"+tim+".txt")
os.rename("vulnerabilities/drupalmodulevulnerabilitieslist.txt","vulnerabilities/old_vulnerabilities_list/drupalmodulevulnerabilitieslist_"+tim+".txt")
except:
pass
loading = 0
print " [+] Drupal Vulnerability list update has started "
url = "http://www.cvedetails.com/vulnerability-list/vendor_id-1367/Drupal.html"
page=urllib.urlopen(url).readlines()
for item in page:
if "Total" in item:
if "number" in item:
if "vulnerabilities" in item:
tnv=item[item.index("<b>")+3:item.index("</b>")]
vulntype=" Type: Not Specified"
for pagenumber in range(1,100):
if loading < int(tnv):
url = "http://www.cvedetails.com/vulnerability-list.php?vendor_id=1367&product_id=&version_id=&page=" + str(pagenumber) + "&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=1&trc=235&sha=5baca71f3e0155964df6d2b1f631f68053857320"
page=urllib.urlopen(url).readlines()
for item in page:
if "href=\"/cve/CVE" in item:
suburl=item[item.index("/cve/CVE"):item.index("/\"")]
title="Title: "+item[item.index("CVE"):item.index("/\"")]
suburl="http://www.cvedetails.com"+suburl
vulnerabiliturl="Url: "+ suburl
subpage=urllib.urlopen(suburl).readlines()
allpage=urllib.urlopen(suburl).read()
table = allpage.replace("\n","")
table=table[table.index("pm_vulnprodstable"):table.index("vulnprodcount\">")]
tibfile = iter(subpage)
for itemsub in tibfile:
if "cvedetailssummary" in itemsub:
description= next(tibfile)
if "<br>" in description:
description =description[:description.index("<")]
description= " Descripion: "+ description
if "span class=\"vt" in itemsub:
vulntype=" Type: " + itemsub[itemsub.index(">")+1:itemsub.index("</")]
if "Product Details" in itemsub:
product=itemsub[itemsub.index("\">")+2:itemsub.index("</")]
vulnproduct=" Vulnerable module: "+product
break
ver=re.findall('[1|2|3|4|5|6|7|8|9|0]'+'[.]'+'[1|2|3|4|5|6|7|8|9|0]',table) #for taking just the vulnerable version
ver1=re.findall('[1|2|3|4|5|6|7|8|9|0]'+'[.]'+'[1|2|3|4|5|6|7|8|9|0]'+'[1|2|3|4|5|6|7|8|9|0]',table) #for taking just the vulnerable version
ver= sorted(set(ver))
ver1= sorted(set(ver1))
versions= " Version: "+ str(ver) + str(ver1)
#
# Split vulnerabilities to module vulnerabilites and drupal core vulnerabilities
#
if product == "Drupal":
fo=open('vulnerabilities/drupalvulnerabilitieslist.txt','a')
fo.write( title+vulntype+description +vulnerabiliturl + str(versions) +"\n");
fo.close()
else:
fo=open('vulnerabilities/drupalmodulevulnerabilitieslist.txt','a')
fo.write( title+vulnproduct+vulntype+description +vulnerabiliturl + str(versions) +"\n");
fo.close()
#
# Vulnerbilities Counter
#
stdout.write("\r [+] %d vulnerabilities indexed from total %s" % (loading+1 , tnv))
stdout.flush()
loading=loading + 1
print "\n[+] Drupal Vulnerability list update is Done"
if __name__ == '__main__':
main()