Created
June 28, 2019 18:55
-
-
Save jgamblin/4a44f9bd9863badbea4cb60b1d78e8f0 to your computer and use it in GitHub Desktop.
A Local Version of VulnerableContainers.org
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import csv | |
import os | |
import re | |
import requests | |
import subprocess | |
import time | |
from datetime import timedelta | |
from more_itertools import unique_everseen | |
start = time.time() | |
containers = [] | |
index = [] | |
def _get_containers(): | |
global containers | |
page = 1 | |
while page <= 1: | |
params = ( | |
('page_size', '100'), | |
('page', (page)), | |
('q', '+'), | |
('source', 'community'), | |
('type', 'imgage,bundle'), | |
('sort', 'popularity'), | |
) | |
response = requests.get( | |
'https://store.docker.com/api/content/v1/products/search', | |
params=params) | |
data = response.json() | |
for summaries in data['summaries']: | |
containers.append(summaries['name']) | |
page = page + 1 | |
containers = list(unique_everseen(containers)) | |
max_size = 10 | |
containers = containers[:max_size] | |
def _pull_containers(): | |
_get_containers() | |
global containers | |
for container in containers: | |
os.system("docker pull %s > /dev/null" % container) | |
def _add_to_index(): | |
_pull_containers() | |
global containers | |
global index | |
for container in containers: | |
url = 'https://hub.docker.com/v2/repositories/%s' % container | |
response = requests.get((url)) | |
data = response.json() | |
pulls = (data['pull_count']) | |
pulls = format(pulls, ',') | |
last_updated = (data['last_updated']) | |
last_updated = re.sub(r'\s*T.*', '', last_updated) | |
index.append([container, pulls, last_updated]) | |
def _vuln_scan(): | |
_add_to_index() | |
global index | |
indextemp = [] | |
for elem in index: | |
container, pulls, last_updated, = elem | |
os.system('trivy --clear-cache -o data/result.json -f json %s \ | |
> /dev/null' % (container)) | |
fileempty = os.stat("data/result.json").st_size == 0 | |
if fileempty is True: | |
cvecount = "" | |
containerreport = "" | |
indextemp.append([container, pulls, last_updated, | |
cvecount, containerreport]) | |
else: | |
cvecount = subprocess.check_output( | |
"cat data/result.json | \ | |
jq -r .[].Vulnerabilities[].VulnerabilityID 2> /dev/null \ | |
| sort -r | uniq | wc -l | tr -d ' ' | tr -d '\n' ", | |
shell=True) | |
cvecount = (cvecount).decode('utf-8') | |
containerreport = container.replace("/", "") | |
indextemp.append([container, pulls, last_updated, | |
cvecount, containerreport]) | |
os.system('cp data/result.json results/%s.json' % containerreport) | |
os.system('rm data/result.json > /dev/null') | |
index = indextemp | |
def _write_csv(): | |
global index | |
with open('data.csv', 'w', newline='') as csvfile: | |
writer = csv.DictWriter(csvfile, | |
fieldnames=["Container", "Pulls", | |
"Last Updated", | |
"Open Vulnerablities", | |
"Report"]) | |
writer.writeheader() | |
writer = csv.writer(csvfile) | |
writer.writerows(index) | |
os.system('cp data.csv results/results.csv') | |
os.system('rm data.csv') | |
def main(): | |
_vuln_scan() | |
_write_csv() | |
elapsed = (time.time() - start) | |
print("Done In:") | |
print(str(timedelta(seconds=elapsed))) | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment