1313 | | | |__ _ __ ___ __ _| |_ | |_ __ __ _ ___ ___ _ __
1414 | | | '_ \| '__/ _ \/ _` | __|| | '__/ _` |/__ / _ \ '__|
1515 | | | | | | | | __/ (_| | |_ | | | | (_| | (_| __/ |
16- |_| |_| |_|_| \___|\__,_|\__||_|_| \__,_|\___\___|_| Version 2.1
16+ |_| |_| |_|_| \___|\__,_|\__||_|_| \__,_|\___\___|_| Version 2.2
1717 A Script to identify CVE and public exploits using CPE by name & version
1818 -+ Hunt for 0Days and unpublished exploits +-
1919 Credit: @FR13ND0x7F @0xCaretaker @meppohak5
@@ -44,43 +44,39 @@ def synk_db(cve_id):
4444 return snyk_short_name
4545
4646def fetch_cve_details (cpe_string ):
47- base_url = "https://services.nvd.nist.gov/rest/json/cves/1.0"
48- results = []
47+ base_url = "https://services.nvd.nist.gov/rest/json/cves/2.0"
4948
50- cve_query_string = ":" .join (cpe_string .split (":" )[1 :5 ])
51- url = f"{ base_url } { cve_query_string }
49+ cves = []
5250
53- response = requests .get (url )
54-
55- if response .status_code != 200 :
56- print (colored (f"Error: Unable to retrieve CVE data for CPE: { cpe_string } { response .status_code } , "red" ))
57- return []
51+ for index , cpe_string in enumerate (cpe_strings [:2 ]):
52+ cve_query_string = ":" .join (cpe_string .split (":" )[1 :5 ])
53+ url = f"{ base_url } { cpe_string }
54+ print (colored (f"Querying: { url } , "red" ))
5855
59- try :
60- data = response .json ()
61- except json .JSONDecodeError :
62- print (colored (f"Error decoding JSON for CPE: { cpe_string } , "red" ))
63- return []
64-
65- if "result" in data :
66- cves = data ["result" ]["CVE_Items" ]
67- for cve_item in cves :
68- cve_id = cve_item ["cve" ]["CVE_data_meta" ]["ID" ]
69- snyk_short_name = synk_db (cve_id )
56+ response = requests .get (url )
7057
71- description = cve_item ["cve" ]["description" ]["description_data" ][0 ]["value" ]
72- link = f"https://nvd.nist.gov/vuln/detail/{ cve_id }
58+ if response .status_code != 200 :
59+ print (colored (f"Error: Unable to retrieve CVE data for CPE: { cpe_string } { response .status_code } , "red" ))
60+ return []
7361
74- weaknesses = []
75- if "problemtype" in cve_item [ "cve" ]:
76- for problem_type in cve_item [ "cve" ][ "problemtype" ][ "problemtype_data" ] :
77- for description in problem_type [ "description" ]:
78- weaknesses . append ( description [ "value" ])
62+ try :
63+ data = response . json ()
64+ except json . JSONDecodeError :
65+ print ( colored ( f"Error decoding JSON for CPE: { cpe_string } . Skipping." , "red" ))
66+ return []
7967
80- if "description_data" in cve_item ["cve" ]["description" ]:
81- description_text = cve_item ["cve" ]["description" ]["description_data" ][0 ]["value" ]
82- else :
83- description_text = "Description not available."
68+ for cve_item in data ["vulnerabilities" ]:
69+
70+ all_cve_details = []
71+
72+ cve_id = cve_item ["cve" ]["id" ]
73+ description_text = cve_item ["cve" ]["descriptions" ][0 ]["value" ]
74+ link = f"https://nvd.nist.gov/vuln/detail/{ cve_id }
75+
76+ weaknesses = []
77+ for problem_type in cve_item ["cve" ]["weaknesses" ]:
78+ for description in problem_type ["description" ]:
79+ weaknesses .append (description ["value" ])
8480
8581 pEdb = PyExploitDb ()
8682 pEdb .debug = False
@@ -90,19 +86,19 @@ def fetch_cve_details(cpe_string):
9086 exploit_status = "Public Exploit Found over Exploit-DB"
9187 else :
9288 exploit_status = "No Public Exploit Found over Exploit-DB"
89+
90+ snyk_short_name = synk_db (cve_id )
9391
94- cve_details = {
92+ all_cve_details . append ( {
9593 "CVE ID" : cve_id ,
9694 "Short Name" : snyk_short_name ,
9795 "Description" : description_text ,
9896 "Weaknesses" : ", " .join (weaknesses ),
9997 "Link" : link ,
10098 "Exploit Status" : exploit_status
101- }
102-
103- results .append (cve_details )
99+ })
104100
105- return results
101+ return all_cve_details
106102
107103def fetch_github_urls (cve_id ):
108104 api_url = f"https://poc-in-github.motikan2010.net/api/v1/?cve_id={ cve_id }
0 commit comments