added a way to pull exploit feed info from inthewild.io exploits feed
This commit is contained in:
parent
bc06defa7c
commit
b439d4fc60
11 changed files with 138 additions and 6 deletions
10
app/controllers/inthewild_cve_exploits_controller.rb
Normal file
10
app/controllers/inthewild_cve_exploits_controller.rb
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
class InthewildCveExploitsController < ApplicationController
|
||||||
|
def index
|
||||||
|
@cves = InthewildCveExploit.all
|
||||||
|
end
|
||||||
|
|
||||||
|
def show
|
||||||
|
@cve = InthewildCveExploit.find_by(:id => params[:cve_id])
|
||||||
|
render json: @poc.to_json
|
||||||
|
end
|
||||||
|
end
|
2
app/models/inthewild_cve_exploit.rb
Normal file
2
app/models/inthewild_cve_exploit.rb
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
class InthewildCveExploit < ActiveRecord::Base
|
||||||
|
end
|
2
app/views/inthewild_cve_exploits/index.html.erb
Normal file
2
app/views/inthewild_cve_exploits/index.html.erb
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
<h1>InthewildCveExploits#index</h1>
|
||||||
|
|
2
app/views/inthewild_cve_exploits/show.html.erb
Normal file
2
app/views/inthewild_cve_exploits/show.html.erb
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
<h1> @cves </h1>
|
||||||
|
|
|
@ -10,4 +10,6 @@ Rails.application.routes.draw do
|
||||||
get "/github_pocs", to: "github_pocs#index"
|
get "/github_pocs", to: "github_pocs#index"
|
||||||
get "/github_pocs/:id", to: "github_pocs#show"
|
get "/github_pocs/:id", to: "github_pocs#show"
|
||||||
get "/github_pocs/cve/:cve_id", to: "github_pocs#show_for_cve"
|
get "/github_pocs/cve/:cve_id", to: "github_pocs#show_for_cve"
|
||||||
|
|
||||||
|
get "inthewild/cve/:cve_id", to: "inthewild_exploitations#show"
|
||||||
end
|
end
|
||||||
|
|
8
db/migrate/20220406064613_inthewild_cve_exploits.rb
Normal file
8
db/migrate/20220406064613_inthewild_cve_exploits.rb
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
class InthewildCveExploits < ActiveRecord::Migration[7.0]
|
||||||
|
def change
|
||||||
|
create_table :inthewild_cve_exploits do |t|
|
||||||
|
t.string :cve_id
|
||||||
|
t.date :earliest_report
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
32
db/schema.rb
32
db/schema.rb
|
@ -10,7 +10,7 @@
|
||||||
#
|
#
|
||||||
# It's strongly recommended that you check this file into your version control system.
|
# It's strongly recommended that you check this file into your version control system.
|
||||||
|
|
||||||
ActiveRecord::Schema[7.0].define(version: 2022_04_04_150811) do
|
ActiveRecord::Schema[7.0].define(version: 2022_04_06_064613) do
|
||||||
# These are extensions that must be enabled in order to support this database
|
# These are extensions that must be enabled in order to support this database
|
||||||
enable_extension "plpgsql"
|
enable_extension "plpgsql"
|
||||||
|
|
||||||
|
@ -39,4 +39,34 @@ ActiveRecord::Schema[7.0].define(version: 2022_04_04_150811) do
|
||||||
t.index ["cve_id"], name: "index_cves_on_cve_id", unique: true
|
t.index ["cve_id"], name: "index_cves_on_cve_id", unique: true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
create_table "github_pocs", force: :cascade do |t|
|
||||||
|
t.integer "github_poc_id"
|
||||||
|
t.string "cve_id", default: "None"
|
||||||
|
t.string "name"
|
||||||
|
t.string "full_name"
|
||||||
|
t.jsonb "owner"
|
||||||
|
t.string "html_url"
|
||||||
|
t.string "description"
|
||||||
|
t.boolean "fork"
|
||||||
|
t.date "created_at"
|
||||||
|
t.date "updated_at"
|
||||||
|
t.date "pushed_at"
|
||||||
|
t.integer "stargazers_count"
|
||||||
|
t.integer "watchers_count"
|
||||||
|
t.integer "forks_count"
|
||||||
|
t.boolean "allow_forking"
|
||||||
|
t.boolean "is_template"
|
||||||
|
t.string "topics", array: true
|
||||||
|
t.string "visibility"
|
||||||
|
t.integer "forks"
|
||||||
|
t.integer "watchers"
|
||||||
|
t.integer "score"
|
||||||
|
t.index ["github_poc_id"], name: "index_github_pocs_on_github_poc_id", unique: true
|
||||||
|
end
|
||||||
|
|
||||||
|
create_table "inthewild_cve_exploits", force: :cascade do |t|
|
||||||
|
t.string "cve_id"
|
||||||
|
t.date "earliest_report"
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
33
db/seeds.rb
33
db/seeds.rb
|
@ -8,8 +8,37 @@
|
||||||
|
|
||||||
require '/data_importer/lib/cpe_importer.rb'
|
require '/data_importer/lib/cpe_importer.rb'
|
||||||
require '/data_importer/lib/cve_list_importer.rb'
|
require '/data_importer/lib/cve_list_importer.rb'
|
||||||
|
require '/data_importer/lib/poc_in_github_importer.rb'
|
||||||
|
require '/data_importer/lib/inthewild_cve_exploit_importer.rb'
|
||||||
|
|
||||||
# this should get any new Cves and create them in the db
|
def line_sep
|
||||||
|
puts '----------' * 12
|
||||||
|
end
|
||||||
|
|
||||||
|
def perform
|
||||||
|
import_cves
|
||||||
|
import_github_pocs
|
||||||
|
import_cpes
|
||||||
|
end
|
||||||
|
|
||||||
|
def import_cves
|
||||||
|
line_sep
|
||||||
CveListImporter.new.import
|
CveListImporter.new.import
|
||||||
# this should recreate CPE data
|
end
|
||||||
|
|
||||||
|
def import_cpes
|
||||||
|
line_sep
|
||||||
CpeImporter.download_and_import
|
CpeImporter.download_and_import
|
||||||
|
end
|
||||||
|
|
||||||
|
def import_github_pocs
|
||||||
|
line_sep
|
||||||
|
PocInGithubImporter.new.import
|
||||||
|
end
|
||||||
|
|
||||||
|
def import_inthewild_cve_exploits
|
||||||
|
line_sep
|
||||||
|
InthewildCveExploitImporter.new.import
|
||||||
|
end
|
||||||
|
|
||||||
|
import_inthewild_cve_exploits
|
|
@ -2,7 +2,6 @@
|
||||||
|
|
||||||
require 'bulk_insert'
|
require 'bulk_insert'
|
||||||
require 'nokogiri'
|
require 'nokogiri'
|
||||||
require 'net/http'
|
|
||||||
|
|
||||||
# use this to import CPE data into postgres database
|
# use this to import CPE data into postgres database
|
||||||
class CpeImporter
|
class CpeImporter
|
||||||
|
|
|
@ -72,6 +72,7 @@ class CveListImporter
|
||||||
git_clone_repo
|
git_clone_repo
|
||||||
end
|
end
|
||||||
|
|
||||||
|
puts "Now starting import for CveList."
|
||||||
(1999..Date.today.year).map do |year|
|
(1999..Date.today.year).map do |year|
|
||||||
cves_from_json = cves_for_year(year)
|
cves_from_json = cves_for_year(year)
|
||||||
|
|
||||||
|
|
47
lib/inthewild_cve_exploit_importer.rb
Normal file
47
lib/inthewild_cve_exploit_importer.rb
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
require 'bulk_insert'
|
||||||
|
require 'json'
|
||||||
|
|
||||||
|
class InthewildCveExploitImporter
|
||||||
|
attr_accessor :url
|
||||||
|
def initialize
|
||||||
|
@url = 'https://inthewild.io/api/exploited'
|
||||||
|
end
|
||||||
|
|
||||||
|
def get_exploit_feed
|
||||||
|
r = RestClient::Request.execute(
|
||||||
|
:method => :get,
|
||||||
|
:url => url,
|
||||||
|
:headers => {"Content-type": "application/json"}
|
||||||
|
)
|
||||||
|
if r.code == 200
|
||||||
|
JSON.parse(r.body)
|
||||||
|
else
|
||||||
|
puts "HTTP Code #{r.code}"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def cve_attrs_from_item(json)
|
||||||
|
cve_attrs = {}
|
||||||
|
cve_attrs[:cve_id] = json['id']
|
||||||
|
cve_attrs[:earliest_report] = json['earliestReport']
|
||||||
|
cve_attrs
|
||||||
|
end
|
||||||
|
|
||||||
|
def bulk_insert(cves)
|
||||||
|
InthewildCveExploit.bulk_insert do |worker|
|
||||||
|
cves.each do |attrs|
|
||||||
|
worker.add(attrs)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def import
|
||||||
|
feed = get_exploit_feed
|
||||||
|
puts "Now importing InthewildCveExploits."
|
||||||
|
cves = feed.map do |cve_entry|
|
||||||
|
cve_attrs_from_item(cve_entry)
|
||||||
|
end
|
||||||
|
|
||||||
|
bulk_insert(cves)
|
||||||
|
end
|
||||||
|
end
|
Loading…
Add table
Reference in a new issue