From 5dc05bfafcd6d1a6028472791d14d87f5eaf8b6a Mon Sep 17 00:00:00 2001
From: Igor Ivanov <evanowe@gmail.com>
Date: Tue, 18 Sep 2018 11:18:55 +0200
Subject: [PATCH 1/3] initial Vulners module PoC

---
 REQUIREMENTS                              |  1 +
 misp_modules/modules/expansion/vulners.py | 39 +++++++++++++++++++++++
 2 files changed, 40 insertions(+)
 create mode 100644 misp_modules/modules/expansion/vulners.py

diff --git a/REQUIREMENTS b/REQUIREMENTS
index c004afe..6ab46cc 100644
--- a/REQUIREMENTS
+++ b/REQUIREMENTS
@@ -25,3 +25,4 @@ yara
 sigmatools
 stix2-patterns
 maclookup
+vulners
\ No newline at end of file
diff --git a/misp_modules/modules/expansion/vulners.py b/misp_modules/modules/expansion/vulners.py
new file mode 100644
index 0000000..70b5d12
--- /dev/null
+++ b/misp_modules/modules/expansion/vulners.py
@@ -0,0 +1,39 @@
+import json
+import requests
+import vulners
+
+misperrors = {'error': 'Error'}
+mispattributes = {'input': ['vulnerability'], 'output': ['text']}
+moduleinfo = {'version': '0.1', 'author': 'Igor Ivanov', 'description': 'An expansion hover module to expand information about CVE id using Vulners API.', 'module-type': ['hover']}
+
+# Get API key from https://vulners.com/userinfo
+moduleconfig = ["apikey"]
+
+
+def handler(q=False):
+    if q is False:
+        return False
+    request = json.loads(q)
+    if not request.get('vulnerability'):
+        misperrors['error'] = 'Vulnerability id missing'
+        return misperrors
+
+    key = q["config"]["apikey"]
+    vulners_api = vulners.Vulners(api_key=key)
+    vulners_document = vulners_api.document("CVE-2017-14174")
+    if vulners_document:
+        summary = vulners_document.get('description')
+    else:
+        summary = 'Non existing CVE'
+
+    r = {'results': [{'types': mispattributes['output'], 'values': summary}]}
+    return r
+
+
+def introspection():
+    return mispattributes
+
+
+def version():
+    moduleinfo['config'] = moduleconfig
+    return moduleinfo

From 8d7d37746450d653e23398ab77a802789e225324 Mon Sep 17 00:00:00 2001
From: Igor Ivanov <evanowe@gmail.com>
Date: Tue, 18 Sep 2018 12:11:47 +0200
Subject: [PATCH 2/3] added exploit information

---
 misp_modules/modules/expansion/__init__.py |  2 +-
 misp_modules/modules/expansion/vulners.py  | 11 +++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py
index c6e81a7..fce9343 100644
--- a/misp_modules/modules/expansion/__init__.py
+++ b/misp_modules/modules/expansion/__init__.py
@@ -1,3 +1,3 @@
 from . import _vmray
 
-__all__ = ['vmray_submit', 'asn_history', 'circl_passivedns', 'circl_passivessl', 'countrycode', 'cve', 'dns', 'domaintools', 'eupi', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal', 'whois', 'shodan', 'reversedns', 'geoip_country', 'wiki', 'iprep', 'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon', 'yara_syntax_validator', 'hashdd', 'onyphe', 'onyphe_full', 'rbl', 'xforceexchange', 'sigma_syntax_validator', 'stix2_pattern_syntax_validator', 'sigma_queries', 'dbl_spamhaus']
+__all__ = ['vmray_submit', 'asn_history', 'circl_passivedns', 'circl_passivessl', 'countrycode', 'cve', 'dns', 'domaintools', 'eupi', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal', 'whois', 'shodan', 'reversedns', 'geoip_country', 'wiki', 'iprep', 'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon', 'yara_syntax_validator', 'hashdd', 'onyphe', 'onyphe_full', 'rbl', 'xforceexchange', 'sigma_syntax_validator', 'stix2_pattern_syntax_validator', 'sigma_queries', 'dbl_spamhaus', 'vulners']
diff --git a/misp_modules/modules/expansion/vulners.py b/misp_modules/modules/expansion/vulners.py
index 70b5d12..7d1b54b 100644
--- a/misp_modules/modules/expansion/vulners.py
+++ b/misp_modules/modules/expansion/vulners.py
@@ -18,14 +18,21 @@ def handler(q=False):
         misperrors['error'] = 'Vulnerability id missing'
         return misperrors
 
-    key = q["config"]["apikey"]
+    key = request['config'].get('apikey')
     vulners_api = vulners.Vulners(api_key=key)
-    vulners_document = vulners_api.document("CVE-2017-14174")
+    vulners_document = vulners_api.document(request.get('vulnerability'))
+    vulners_exploits = vulners_api.searchExploit(request.get('vulnerability'))
     if vulners_document:
         summary = vulners_document.get('description')
     else:
         summary = 'Non existing CVE'
 
+    if vulners_exploits:
+        for exploit in vulners_exploits[0]:
+            exploit_summary += exploit['title'] + " " + exploit['href'] + "\n"
+        summary +=  vulners_exploits[1] + " Public exploits available:\n " + exploit_summary
+
+
     r = {'results': [{'types': mispattributes['output'], 'values': summary}]}
     return r
 

From 3e9589d0f44d8ef500e91b05e9568ee7c71cac44 Mon Sep 17 00:00:00 2001
From: Igor Ivanov <evanowe@gmail.com>
Date: Tue, 18 Sep 2018 14:38:49 +0200
Subject: [PATCH 3/3] code cleanup and formatting

---
 misp_modules/modules/expansion/vulners.py | 28 ++++++++++++++++-------
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/misp_modules/modules/expansion/vulners.py b/misp_modules/modules/expansion/vulners.py
index 7d1b54b..c7d48de 100644
--- a/misp_modules/modules/expansion/vulners.py
+++ b/misp_modules/modules/expansion/vulners.py
@@ -18,21 +18,33 @@ def handler(q=False):
         misperrors['error'] = 'Vulnerability id missing'
         return misperrors
 
+    ai_summary = ''
+    exploit_summary = ''
+    vuln_summary = ''
+
     key = request['config'].get('apikey')
     vulners_api = vulners.Vulners(api_key=key)
-    vulners_document = vulners_api.document(request.get('vulnerability'))
-    vulners_exploits = vulners_api.searchExploit(request.get('vulnerability'))
+    vulnerability = request.get('vulnerability')
+    vulners_document = vulners_api.document(vulnerability)
+    vulners_exploits = vulners_api.searchExploit(vulnerability)
+    vulners_ai_score = vulners_api.aiScore(vulnerability)
+
     if vulners_document:
-        summary = vulners_document.get('description')
+        vuln_summary += vulners_document.get('description')
     else:
-        summary = 'Non existing CVE'
+        vuln_summary += 'Non existing CVE'
+
+    if vulners_ai_score:
+        ai_summary += 'Vulners AI Score is ' + str(vulners_ai_score[0]) + " "
 
     if vulners_exploits:
+        exploit_summary += " ||  " + str(len(vulners_exploits[0])) + " Public exploits available:\n  "
         for exploit in vulners_exploits[0]:
-            exploit_summary += exploit['title'] + " " + exploit['href'] + "\n"
-        summary +=  vulners_exploits[1] + " Public exploits available:\n " + exploit_summary
-
-
+            exploit_summary += exploit['title'] + " " + exploit['href'] + "\n  "
+        exploit_summary +=  "|| Vulnerability Description:  " + vuln_summary
+    
+    summary = ai_summary + exploit_summary + vuln_summary    
+    
     r = {'results': [{'types': mispattributes['output'], 'values': summary}]}
     return r