bpmcdevitt/security_tools
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added cmdline program to pull down exploited vulns from msft bulletins

Browse source
This commit is contained in:
Brendan McDevitt 2022-09-20 09:55:47 -05:00
parent dadf386eb5
commit 70840cb272
3 changed files with 52 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
tools/microsoft/bin/get_cves_and_threat_strings_from_bulletin.rb
View file

@ -1,26 +0,0 @@
#!/usr/bin/env ruby
require '../microsoft_cvrf_client.rb'
require 'optparse'
@options = {}
OptionParser.new do |opts|
opts.on("-id", "--id", "Bulletin ID") do |id|
@options[:id] = id
end
end.parse!
bulletin_id = @options[:id]
api_client = MicrosoftCvrfClient.new
bulletin_response = api_client.get_id(bulletin_id)
cves_and_threat_strings = api_client.cves_and_threat_strings(bulletin_response)
cves_and_threat_strings.each do |cve, threat_strings|
puts "CVE: #{cve}"
puts "-------------------"
puts "THREAT_STRINGS: #{threat_strings}"
puts "-------------------"
end

20
tools/microsoft/bin/get_exploited_vulns_msft_bulletin.rb Executable file
View file

@ -0,0 +1,20 @@
#!/usr/bin/env ruby
require '../microsoft_cvrf_client.rb'
require 'optparse'
require 'json'
@options = {}
OptionParser.new do |opts|
opts.on("-id", "--id", "Bulletin ID") do |id|
@options[:id] = id
end
end.parse!
bulletin_id = @options[:id]
api_client = MicrosoftCvrfClient.new
#bulletin_response = api_client.get_id(bulletin_id)
puts JSON.pretty_generate(api_client.exploited_vulns_only(bulletin_id))

33
tools/microsoft/microsoft_cvrf_client.rb
View file

@ -45,7 +45,8 @@ class MicrosoftCvrfClient
threat_str = get_threat_str_for_vuln(vuln) threat_str = get_threat_str_for_vuln(vuln)
split_t_str_arr = split_threat_str(threat_str) split_t_str_arr = split_threat_str(threat_str)
hashed_t_str = threat_str_arr_to_hash(split_t_str_arr) hashed_t_str = threat_str_arr_to_hash(split_t_str_arr)
{ vuln.cve => hashed_t_str } vuln_hash = { :cve_id => vuln.cve, :exploitability_info => hashed_t_str }
threat_str_hash_to_json(vuln_hash)
end end
end end
@ -67,5 +68,35 @@ class MicrosoftCvrfClient
arr_of_hash.reduce Hash.new, :merge arr_of_hash.reduce Hash.new, :merge
end end
def threat_str_hash_to_json(threat_str_hash)
JSON.parse(threat_str_hash.to_json)
end
def exploited_yes_vulns(bulletin_vuln_json)
bulletin_vuln_json.select do |vuln_info|
vuln_info["exploitability_info"]["Exploited"] == "Yes"
end
end
def exploitation_detected_vulns(bulletin_vuln_json)
bulletin_vuln_json.select do |vuln_info|
exploit_info = vuln_info['exploitability_info']
check_latest = exploit_info["Latest Software Release"] == "Exploitation Detected"
check_oldest = exploit_info["Oldest Software Release"] == "Exploitation Detected"
check_latest || check_oldest
end
end
def exploited_vulns_only(bulletin_id)
r = get_id(bulletin_id)
vuln = cves_threat_strs(r)
exploited_yes = exploited_yes_vulns(vuln)
exploitation_detected = exploitation_detected_vulns(vuln)
{
:bulletin_id => bulletin_id,
:exploited_yes_cve => exploited_yes,
:exploitation_detected_cve => exploitation_detected
}
end
end end