Merge pull request #229 from lctrcl/master

New vulners module added
pull/231/head
Alexandre Dulaunoy 4 years ago committed by GitHub
commit 84124f819d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 1
      REQUIREMENTS
  2. 2
      misp_modules/modules/expansion/__init__.py
  3. 58
      misp_modules/modules/expansion/vulners.py

@ -25,3 +25,4 @@ yara
sigmatools
stix2-patterns
maclookup
vulners

@ -1,3 +1,3 @@
from . import _vmray
__all__ = ['vmray_submit', 'asn_history', 'circl_passivedns', 'circl_passivessl', 'countrycode', 'cve', 'dns', 'domaintools', 'eupi', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal', 'whois', 'shodan', 'reversedns', 'geoip_country', 'wiki', 'iprep', 'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon', 'yara_syntax_validator', 'hashdd', 'onyphe', 'onyphe_full', 'rbl', 'xforceexchange', 'sigma_syntax_validator', 'stix2_pattern_syntax_validator', 'sigma_queries', 'dbl_spamhaus']
__all__ = ['vmray_submit', 'asn_history', 'circl_passivedns', 'circl_passivessl', 'countrycode', 'cve', 'dns', 'domaintools', 'eupi', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal', 'whois', 'shodan', 'reversedns', 'geoip_country', 'wiki', 'iprep', 'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon', 'yara_syntax_validator', 'hashdd', 'onyphe', 'onyphe_full', 'rbl', 'xforceexchange', 'sigma_syntax_validator', 'stix2_pattern_syntax_validator', 'sigma_queries', 'dbl_spamhaus', 'vulners']

@ -0,0 +1,58 @@
import json
import requests
import vulners
misperrors = {'error': 'Error'}
mispattributes = {'input': ['vulnerability'], 'output': ['text']}
moduleinfo = {'version': '0.1', 'author': 'Igor Ivanov', 'description': 'An expansion hover module to expand information about CVE id using Vulners API.', 'module-type': ['hover']}
# Get API key from https://vulners.com/userinfo
moduleconfig = ["apikey"]
def handler(q=False):
if q is False:
return False
request = json.loads(q)
if not request.get('vulnerability'):
misperrors['error'] = 'Vulnerability id missing'
return misperrors
ai_summary = ''
exploit_summary = ''
vuln_summary = ''
key = request['config'].get('apikey')
vulners_api = vulners.Vulners(api_key=key)
vulnerability = request.get('vulnerability')
vulners_document = vulners_api.document(vulnerability)
vulners_exploits = vulners_api.searchExploit(vulnerability)
vulners_ai_score = vulners_api.aiScore(vulnerability)
if vulners_document:
vuln_summary += vulners_document.get('description')
else:
vuln_summary += 'Non existing CVE'
if vulners_ai_score:
ai_summary += 'Vulners AI Score is ' + str(vulners_ai_score[0]) + " "
if vulners_exploits:
exploit_summary += " || " + str(len(vulners_exploits[0])) + " Public exploits available:\n "
for exploit in vulners_exploits[0]:
exploit_summary += exploit['title'] + " " + exploit['href'] + "\n "
exploit_summary += "|| Vulnerability Description: " + vuln_summary
summary = ai_summary + exploit_summary + vuln_summary
r = {'results': [{'types': mispattributes['output'], 'values': summary}]}
return r
def introspection():
return mispattributes
def version():
moduleinfo['config'] = moduleconfig
return moduleinfo
Loading…
Cancel
Save