2018-09-18 11:18:55 +02:00
import json
import vulners
misperrors = { ' error ' : ' Error ' }
mispattributes = { ' input ' : [ ' vulnerability ' ] , ' output ' : [ ' text ' ] }
moduleinfo = { ' version ' : ' 0.1 ' , ' author ' : ' Igor Ivanov ' , ' description ' : ' An expansion hover module to expand information about CVE id using Vulners API. ' , ' module-type ' : [ ' hover ' ] }
# Get API key from https://vulners.com/userinfo
moduleconfig = [ " apikey " ]
def handler ( q = False ) :
if q is False :
return False
request = json . loads ( q )
if not request . get ( ' vulnerability ' ) :
misperrors [ ' error ' ] = ' Vulnerability id missing '
return misperrors
2018-09-18 14:38:49 +02:00
ai_summary = ' '
exploit_summary = ' '
vuln_summary = ' '
2019-10-31 11:48:59 +01:00
if not request . get ( ' config ' ) or not request [ ' config ' ] . get ( ' apikey ' ) :
return { ' error ' : " A Vulners api key is required for this module. " }
key = request [ ' config ' ] [ ' apikey ' ]
2018-09-18 11:18:55 +02:00
vulners_api = vulners . Vulners ( api_key = key )
2018-09-18 14:38:49 +02:00
vulnerability = request . get ( ' vulnerability ' )
vulners_document = vulners_api . document ( vulnerability )
2018-09-18 17:36:12 +02:00
# Get AI scoring from the document if it's already calculated
# There is no need to call AI Scoring method
if ' score ' in vulners_document . get ( ' enchantments ' , { } ) :
vulners_ai_score = vulners_document [ ' enchantments ' ] [ ' score ' ] [ ' value ' ]
else :
vulners_ai_score = None
2018-09-18 14:38:49 +02:00
vulners_exploits = vulners_api . searchExploit ( vulnerability )
2018-09-18 11:18:55 +02:00
if vulners_document :
2018-09-18 14:38:49 +02:00
vuln_summary + = vulners_document . get ( ' description ' )
2018-09-18 11:18:55 +02:00
else :
2018-09-18 14:38:49 +02:00
vuln_summary + = ' Non existing CVE '
if vulners_ai_score :
ai_summary + = ' Vulners AI Score is ' + str ( vulners_ai_score [ 0 ] ) + " "
2018-09-18 11:18:55 +02:00
2018-09-18 12:11:47 +02:00
if vulners_exploits :
2019-10-31 11:48:59 +01:00
exploit_summary + = " || " + str ( len ( vulners_exploits ) ) + " Public exploits available: \n "
for exploit in vulners_exploits :
2018-09-18 14:38:49 +02:00
exploit_summary + = exploit [ ' title ' ] + " " + exploit [ ' href ' ] + " \n "
2018-12-11 15:29:09 +01:00
exploit_summary + = " || Vulnerability Description: " + vuln_summary
summary = ai_summary + exploit_summary + vuln_summary
2018-09-18 11:18:55 +02:00
r = { ' results ' : [ { ' types ' : mispattributes [ ' output ' ] , ' values ' : summary } ] }
return r
def introspection ( ) :
return mispattributes
def version ( ) :
moduleinfo [ ' config ' ] = moduleconfig
return moduleinfo