From fa878447cc5a4165c78854e46d39932a5cf65bbc Mon Sep 17 00:00:00 2001 From: starnightcyber Date: Thu, 2 Jul 2020 17:01:55 +0800 Subject: [PATCH] update with NVD --- script-v2.1.py => script-v2.py | 25 +++++++++---------------- script-v3.1.py => script-v3.py | 27 +++++++++++---------------- 2 files changed, 20 insertions(+), 32 deletions(-) rename script-v2.1.py => script-v2.py (83%) rename script-v3.1.py => script-v3.py (92%) diff --git a/script-v2.1.py b/script-v2.py similarity index 83% rename from script-v2.1.py rename to script-v2.py index 3593027..b438566 100644 --- a/script-v2.1.py +++ b/script-v2.py @@ -68,26 +68,19 @@ def fetch_severity(index, total, CVE): try: resp = requests.get(url, timeout=5, headers=headers) if resp.status_code == 200: - content = resp.text - severity = re.findall('"vuln-cvss3-panel-score">(.*)?', content) - # print(severity) + html = resp.text - score, cve_level, _ = severity[0].split(' ') + soup = BeautifulSoup(html, "html.parser") + severity = soup.find('a', id="Cvss3NistCalculatorAnchor").get_text() + score, cve_level = severity.split(' ') cve_obj[CVE] = cve_level print(score, cve_level) except: print('v3 not scored, switch to v2...') - try: - soup = BeautifulSoup(content, "html.parser") - score_level = soup.find('a', - id="p_lt_WebPartZone1_zoneCenter_pageplaceholder_p_lt_WebPartZone1_zoneCenter_VulnerabilityDetail_VulnFormView_Cvss2CalculatorAnchor").get_text() - - score, cve_level = score_level.split(' ') - cve_obj[CVE] = cve_level - print(score, cve_level) - except: - pass - pass + severity = soup.find('a', id="Cvss2CalculatorAnchor").get_text() + score, cve_level = severity.split(' ') + cve_obj[CVE] = cve_level + print(score, cve_level) finally: pass pass @@ -127,7 +120,7 @@ def fetch_vul_info(): print(query_str) print(vuls_info) - with open('result-v2.txt', 'a+', encoding='utf-8') as fw: + with open('cves.txt', 'a+', encoding='utf-8') as fw: fw.write(query_str) fw.write(url) fw.write('\n') diff --git a/script-v3.1.py b/script-v3.py similarity index 92% rename from script-v3.1.py rename to script-v3.py index 19e6df6..27730e7 100644 --- a/script-v3.1.py +++ b/script-v3.py @@ -22,7 +22,7 @@ class CveObject: """ print('----------------------------------') print('编号:', self.cve_no) - print('漏洞描述:', self.cve_description[:10]) + print('漏洞描述:', self.cve_description) print('漏洞等级:', self.cve_level) print('漏洞评分:', self.cve_score) print('\n\n') @@ -70,25 +70,20 @@ def fill_with_nvd(cve, cve_obj): description = re.findall('

(.*).

?', content) cve_obj.cve_description = description[0] - severity = re.findall('"vuln-cvss3-panel-score">(.*)?', content) - # print(severity) - score, cve_level, _ = severity[0].split(' ') + soup = BeautifulSoup(content, "html.parser") + severity = soup.find('a', id="Cvss3NistCalculatorAnchor").get_text() + score, cve_level = severity.split(' ') cve_obj.cve_score = score cve_obj.cve_level = cve_level print(score, cve_level) except: print('v3 not scored, switch to v2...') - try: - soup = BeautifulSoup(content, "html.parser") - score_level = soup.find('a', - id="p_lt_WebPartZone1_zoneCenter_pageplaceholder_p_lt_WebPartZone1_zoneCenter_VulnerabilityDetail_VulnFormView_Cvss2CalculatorAnchor").get_text() - score, cve_level = score_level.split(' ') - cve_obj.cve_score = score - cve_obj.cve_level = cve_level - print(score, cve_level) - except: - pass + severity = soup.find('a', id="Cvss2CalculatorAnchor").get_text() + score, cve_level = severity.split(' ') + cve_obj.cve_score = score + cve_obj.cve_level = cve_level + print(score, cve_level) finally: pass pass @@ -170,8 +165,8 @@ def save_cve_objs(): cve_info = '{}|{}|{}|{}|{}|{}\n'.format(obj.cve_no, obj.cve_nvd_url, obj.cve_score, obj.cve_level, obj.cve_cna, obj.cve_description) - with open('cve.txt', 'a+') as fw: - fw.write(cve_info) + # with open('cve.txt', 'a+') as fw: + # fw.write(cve_info) def write2html():