1111 | | | '_ \| '__/ _ \/ _` | __|| | '__/ _` |/ __/ _ \ '__|
1212 | | | | | | | | __/ (_| | |_ | | | | (_| | (_| __/ |
1313 |_| |_| |_|_| \___|\__,_|\__||_|_| \__,_|\___\___|_| Version 2.1
14- A Script to identify CVE & Public Exploit by product/component's name & version
14+ A Script to identify CVE using CPE by name & version
1515 Credit: @FR13ND0x7F @0xCaretaker @meppohak5
1616"""
1717
@@ -25,7 +25,7 @@ def find_cpes(component, version):
2525 }
2626
2727 response = requests .get (base_url , params = params )
28- print (f"URL Used: { response .url } ) # Print the URL used to find CPE
28+ # print(f"URL Used: {response.url}") Print the URL used to find CPE
2929 content = response .text
3030
3131 cpe_matches = re .findall (r'cpe:(.*?)<' , content )
@@ -53,7 +53,7 @@ def fetch_cve_details(cpe_string):
5353 data = response .json ()
5454 except json .JSONDecodeError :
5555 print (colored (f"Error decoding JSON for CPE: { cpe_string } , "red" ))
56- return []
56+ return [] # Return an empty list to indicate the error
5757
5858 if "result" in data :
5959 cves = data ["result" ]["CVE_Items" ]
@@ -81,9 +81,9 @@ def fetch_cve_details(cpe_string):
8181 pEdb .openFile ()
8282 exploit_status = pEdb .searchCve (cve_id )
8383 if exploit_status :
84- exploit_status = "Public Exploit Found"
84+ exploit_status = "Public Exploit Found over Exploit-DB "
8585 else :
86- exploit_status = "No Public Exploit Found"
86+ exploit_status = "No Public Exploit Found over Exploit-DB "
8787
8888 cve_details = {
8989 "CVE ID" : cve_id ,
@@ -98,6 +98,17 @@ def fetch_cve_details(cpe_string):
9898
9999 return results
100100
101+ def fetch_github_urls (cve_id ):
102+ api_url = f"https://poc-in-github.motikan2010.net/api/v1/?cve_id={ cve_id }
103+ response = requests .get (api_url )
104+
105+ if response .status_code == 200 :
106+ data = response .json ()
107+ if "pocs" in data and data ["pocs" ]:
108+ github_urls = [poc ["html_url" ] for poc in data ["pocs" ]]
109+ return github_urls
110+ return []
111+
101112if __name__ == "__main__" :
102113 print (colored ("CPE Finder Script" , "green" , attrs = ["bold" ]))
103114 print ("This script searches for the CPEs of a component and version.\n " )
@@ -116,17 +127,24 @@ def fetch_cve_details(cpe_string):
116127 if results :
117128 print (colored ("\n CVE Details" , "cyan" , attrs = ["underline" ]))
118129 for result in results :
119- print (colored (f"CVE ID: { result ['CVE ID' ]} , "white" ))
130+ cve_id = result ["CVE ID" ]
131+ print (colored (f"\n CVE ID: { cve_id } , "white" ))
120132 if result ["Short Name" ]:
121133 print (colored (f"Short Name: { result ['Short Name' ]} , "light_blue" ))
122134 print (colored (f"Description: { result ['Description' ]} , "yellow" ))
123135 if result ["Weaknesses" ]:
124136 print (colored (f"Weaknesses: { result ['Weaknesses' ]} , "magenta" ))
125137 print (colored (f"Link: { result ['Link' ]} , "blue" ))
138+ github_urls = fetch_github_urls (cve_id ) # Print GitHub URLs for this CVE
139+ if github_urls :
140+ print (colored ("Public Exploit/ POC Over Github found:" , "red" ))
141+ for url in github_urls :
142+ print (colored (f" { url } , "blue" ))
143+ else :
144+ print (colored ("Public Exploit/ POC Over Github not found, you might need to check manually" , "green" ))
126145 if result ["Exploit Status" ] == "Public Exploit Found" :
127- print (colored (f"Exploit Status: { result ['Exploit Status' ]} \n " , "red" ))
146+ print (colored (f"Exploit Status: { result ['Exploit Status' ]} , "red" ))
128147 else :
129- print (colored (f"Exploit Status: { result ['Exploit Status' ]} \n " , "green" ))
148+ print (colored (f"Exploit Status: { result ['Exploit Status' ]} , "green" ))
130149 else :
131150 print (colored ("CPEs not found for the provided component and version." , "red" ))
132-
0 commit comments