Merge pull request #4 from theMiddleBlue/v2/master

Add CVE check via cve.circl.lu API
punitdarji · Oct 24, 2018 · f856867 · f856867
2 parents 8fc4895 + 0262f1a
commit f856867
Show file tree

Hide file tree

Showing 7 changed files with 250 additions and 23 deletions.
diff --git a/.gitignore b/.gitignore
@@ -81,3 +81,6 @@ target/
 
 #Ipython Notebook
 .ipynb_checkpoints
+
+# webmap PDF report
+static/*.pdf
diff --git a/api.py b/api.py
@@ -1,6 +1,6 @@
 from django.shortcuts import render
 from django.http import HttpResponse
-import xmltodict, json, html, os, hashlib, re
+import xmltodict, json, html, os, hashlib, re, requests
 from collections import OrderedDict
 
 def rmNotes(request, hashstr):
@@ -103,3 +103,27 @@ def genPDF(request):
 		os.popen('/opt/wkhtmltox/bin/wkhtmltopdf --cookie sessionid '+request.session._session_key+' --enable-javascript --javascript-delay 6000 http://127.0.0.1:8000/view/pdf/ /opt/nmapdashboard/nmapreport/static/'+pdffile+'.pdf')
 		res = {'ok':'PDF created', 'file':'/static/'+pdffile+'.pdf'}
 		return HttpResponse(json.dumps(res), content_type="application/json")
+
+def getCVE(request):
+	res = {}
+
+	if request.method == "POST":
+		scanfilemd5 = hashlib.md5(str(request.session['scanfile']).encode('utf-8')).hexdigest()
+		hostmd5 = hashlib.md5(str(request.POST['host']).encode('utf-8')).hexdigest()
+		portmd5 = hashlib.md5(str(request.POST['port']).encode('utf-8')).hexdigest()
+
+		# request.POST['host']
+		r = requests.get('http://cve.circl.lu/api/cvefor/'+request.POST['cpe'])
+
+		if request.POST['host'] not in res:
+			res[request.POST['host']] = {}
+
+		cvejson = r.json()
+
+		if type(cvejson) is list and len(cvejson) > 0:
+			res[request.POST['host']][request.POST['port']] = cvejson[0]
+			f = open('/opt/notes/'+scanfilemd5+'_'+hostmd5+'.'+request.POST['port']+'.cve', 'w')
+			f.write(json.dumps(cvejson))
+			f.close()
+
+		return HttpResponse(json.dumps(res), content_type="application/json")
diff --git a/pdf.py b/pdf.py
@@ -22,6 +22,21 @@ def reportPDFView(request):
 	counters = {'po':0,'pc':0,'pf':0,'hostsup':0,'ostype':{},'pi':{},'ss':{}}
 
 	scanmd5 = hashlib.md5(str(request.session['scanfile']).encode('utf-8')).hexdigest()
+
+	# collect all cve in cvehost dict
+	cvehost = {}
+	cvefiles = os.listdir('/opt/notes')
+	for cf in cvefiles:
+		m = re.match('^('+scanmd5+')_([a-z0-9]{32,32})\.([0-9]+)\.cve$', cf)
+		if m is not None:
+			if m.group(1) not in cvehost:
+				cvehost[m.group(1)] = {}
+
+			if m.group(2) not in cvehost[m.group(1)]:
+				cvehost[m.group(1)][m.group(2)] = {}
+
+			cvehost[m.group(1)][m.group(2)][m.group(3)] = open('/opt/notes/'+cf, 'r').read()
+
 	for ik in o['host']:
 
 		# this fix single host report
@@ -184,6 +199,35 @@ def reportPDFView(request):
 				'</div>'
 
 
+		cveout,cveout_html = '',''
+		if scanmd5 in cvehost:
+			if addressmd5 in cvehost[scanmd5]:
+				for cveport in cvehost[scanmd5][addressmd5]:
+					cvejson = json.loads(cvehost[scanmd5][addressmd5][cveport])
+					for cveobj in cvejson:
+
+						cverefout = ''
+						for cveref in cveobj['references']:
+							cverefout += '<a href="'+cveref+'">'+cveref+'</a><br>'
+
+						cveexdbout = ''
+						if 'exploit-db' in cveobj:
+							cveexdbout = '<br><div class="small" style="line-height:20px;"><b>Exploit DB:</b><br>'
+							for cveexdb in cveobj['exploit-db']:
+								if 'title' in cveexdb:
+									cveexdbout += '<a href="'+cveexdb['source']+'">'+html.escape(cveexdb['title'])+'</a><br>'
+							cveexdbout += '</div>'
+
+						cveout += '<div style="line-height:28px;padding:10px;margin-top:10px;border-bottom:solid #ccc 1px;">'+\
+						'	<span class="label red">'+html.escape(cveobj['id'])+'</span> '+html.escape(cveobj['summary'])+'<br><br>'+\
+						'	<div class="small" style="line-height:20px;"><b>References:</b><br>'+cverefout+'</div>'+\
+						cveexdbout+\
+						'</div>'
+
+				cveout_html = '<div style="page-break-before: always;">'+\
+				'	<h3>CVE List for '+saddress+':</h3>'+\
+				cveout+\
+				'</div>'
 
 		if i['status']['@state'] == 'up':
 			hostdetails_html += '<div class="row margintb">'+\
@@ -196,7 +240,8 @@ def reportPDFView(request):
 			hostdetails_html_tr+\
 			'</tbody></table></div>'+\
 			'<div class="">'+portdetails_html_tr+'</div>'+\
-			notesout
+			notesout+\
+			cveout_html
 
 		if portsfound is True:
 			# r['out'] += '1,'
@@ -334,7 +379,7 @@ def reportPDFView(request):
 	r['html'] += ''+\
 	'<div style="page-break-before: always;">'+\
 	'	<div>'+\
-	'		<div style="text-align:center;padding-top:600px;"><b>Generated with</b><br>'+\
+	'		<div style="text-align:center;padding-top:600px;"><b>Generated by</b><br>'+\
 	'			<img src="/static/logoblack.png" style="height:60px;" /><br>'+\
 	'			<a href="https://github.com/Rev3rseSecurity/WebMap">https://github.com/Rev3rseSecurity/WebMap</a>'+\
 	'		</div>'+\

diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1,2 @@
+requests
+xmltodict
diff --git a/static/async.js b/static/async.js
@@ -2,6 +2,74 @@ $(document).ready(function() {
 	// doc ready
 });
 
+var cpetot = 0;
+var cpetimer;
+function checkCVE() {
+	cpe = JSON.parse(atob(decodeURIComponent($('#cpestring').val())));
+	csrftoken = $('input[name="csrfmiddlewaretoken"]').val();
+	console.log(cpe);
+	/* $.get('http://cve.circl.lu/api/cvefor/cpe:/a:openbsd:openssh:7.6').done(function(d) {
+		console.log(d);
+	}); */
+
+	$('#modal1').css('background-color','#3e3e3e');
+	$('#modaltitle').html('Looking for CVE and Exploits');
+	$('#modalbody').html(
+		'This process could take a while, please wait...'+
+		'<div class="progress"><div class="indeterminate"></div></div>'
+	);
+	$('#modalfooter').html('');
+	$('#modal1').modal('open');
+
+	cpetot = Object.keys(cpe).length;
+	console.log(cpetot);
+
+	for(host in cpe) {
+		for(port in cpe[host]) {
+			for(cpestr in cpe[host][port]) {
+				if(/^cpe:.+:.+:.+:.*$/.test(cpestr)) {
+					console.log(cpestr);
+					$.post('/report/api/getcve/', {
+						'cpe': cpestr,
+						'host':host,
+						'port':port,
+						'csrfmiddlewaretoken': csrftoken
+					}).done(function(d) {
+						console.log(d);
+						for(rhost in d) {
+							for(rport in d[rhost]) {
+								$('#modalbody').append('<div class="small"><i>Received: '+d[rhost][rport]['id']+' host:'+rhost+' port:'+rport+'</i></div>');
+							}
+						}
+					}).always(function() { cpetot = (cpetot - 1); });
+				} else {
+					cpetot = (cpetot - 1);
+				}
+
+				console.log(cpetot);
+			}
+		}
+	}
+
+	cpetimer = setInterval(function() {
+		if(checkCPETOT()) {
+			console.log('END');
+			window.clearInterval(cpetimer);
+			$('#modalbody').html('Done. Please, reload this page by clicking on Reload button.');
+			$('#modalfooter').html('<button class="btn blue" onclick="javascript:location.reload();">Reload</button>');
+		}
+	}, 2000);
+
+}
+
+function checkCPETOT() {
+	if(cpetot <= 0) {
+		return true;
+	} else {
+		return false;
+	}
+}
+
 function genPDF(md5scan) {
 	if(/^[a-f0-9]{32,32}$/.test(md5scan)) {
 		$.get('/report/api/pdf/').done(function(data) {

diff --git a/urls.py b/urls.py
@@ -11,6 +11,7 @@
 	path('api/setlabel/<objtype>/<label>/<hashstr>/', api.label, name='api_label'),
 	path('api/rmlabel/<objtype>/<hashstr>/', api.rmlabel, name='api_rmlabel'),
 	path('api/pdf/', api.genPDF, name='genPDF'),
+	path('api/getcve/', api.getCVE, name='getCVE'),
 	path('api/savenotes/', api.saveNotes, name='genPDF'),
 	path('api/rmnotes/<hashstr>/', api.rmNotes, name='api_rmnotes'),
 	path('api/<address>/<portid>/', api.port_details, name='api_port'),