Skip to content

Instantly share code, notes, and snippets.

@jonz-secops
Forked from LuemmelSec/cvemap_wrapper.ps1
Created February 2, 2024 07:32
Show Gist options
  • Save jonz-secops/d3a49cb620957afe070ab5690ed77336 to your computer and use it in GitHub Desktop.
Save jonz-secops/d3a49cb620957afe070ab5690ed77336 to your computer and use it in GitHub Desktop.
cvemap wrapper
# Run cvemap with our desired flags and output to json
# I needed to run this with cvemap version 0.0.2 as 0.0.3 broke the ability to pipe to a file for whatever reason
.\cvemap.exe -severity=critical -severity=high -es '> 0.01' -poc=true -l 1000 -json > new_vulns.json
# Paths to the JSON files
$newJsonFilePath = "new_vulns.json"
$databaseJsonFilePath = "cve_database.json"
# Read the newly fetched JSON file
$newJsonContent = Get-Content -Path $newJsonFilePath | ConvertFrom-Json
# Read the existing CVE database JSON file
if (Test-Path $databaseJsonFilePath) {
$databaseJsonContent = Get-Content -Path $databaseJsonFilePath | ConvertFrom-Json
}
else {
# If it doesn't exist, create an empty database file
$databaseJsonContent = @()
}
# Array to store new vulnerabilities
$newVulnerabilities = @()
# Check if each vulnerability is new
foreach ($vuln in $newJsonContent) {
$cveId = $vuln.cve_id
# Check if CVE ID already exists in the database
$existingVuln = $databaseJsonContent | Where-Object { $_.cve_id -eq $cveId }
if (-not $existingVuln) {
# Append the new vulnerability to the array
$newVulnerabilities += $vuln
}
}
# Create a new array to merge the existing database content and new vulnerabilities
$mergedContent = @()
$mergedContent += $databaseJsonContent
$mergedContent += $newVulnerabilities
# Convert the entire merged content to JSON and write it to file
$mergedContent | ConvertTo-Json -Depth 100 | Set-Content -Path $databaseJsonFilePath
# Define the list of vendors and products to ignore
$ignoreVendors = "bloofox", "vendor2"
$ignoreProducts = "firmware", "product2"
# Convert the ignore lists to regular expressions
$ignoreVendorRegex = ($ignoreVendors | ForEach-Object { [regex]::Escape($_) }) -join "|"
$ignoreProductRegex = ($ignoreProducts | ForEach-Object { [regex]::Escape($_) }) -join "|"
# Now let's parse the new data
# Select relevant fields and filter out entries containing ignored vendors or products
$filteredData = $newVulnerabilities | Where-Object {
$_.cpe.vendor -notmatch $ignoreVendorRegex -and $_.cpe.product -notmatch $ignoreProductRegex
} | ForEach-Object {
[PSCustomObject]@{
Vendor = $_.cpe.vendor
Product = $_.cpe.product
cve_id = $_.cve_id
is_exploited = $_.is_exploited
age = $_.age_in_days
cve_description = $_.cve_description
cvss_score = $_.cvss_score
severity = $_.severity
References = $_.reference -join "`n" # Join references with newline
POCs = $_.poc.url -join "`n" # Join POCs with newline
vendor_advisory = $_.vendor_advisory
}
}
# Display the filtered data with dataset labels
foreach ($dataset in $filteredData) {
Write-Host -ForegroundColor yellow "##########"
$dataset
Write-Host -ForegroundColor yellow "##########"
Write-Host ""
}
<# # Send messages to Teams channel for new vulnerabilities
foreach ($newVuln in $newVulnerabilities) {
$cveId = $newVuln.cve_id
$vendor = $newvuln.cpe.vendor
$product = $newvuln.cpe.product
$teamsWebhookUrl = "<YOUR WEBHOOK URL>"
# Prepare message for Teams
$teamsMessage = @{
"@type" = "MessageCard"
"@context" = "http://schema.org/extensions"
"summary" = "New Vulnerability Detected: $cveId"
"themeColor" = "0078D7"
"sections" = @(
@{
"activityTitle" = "New Vulnerability: " + $vendor + " " + $product
"activitySubtitle" = "CVE ID: $cveId"
"facts" = @(
@{
"name" = "Description"
"value" = $newVuln.cve_description
},
@{
"name" = "Severity"
"value" = $newVuln.severity
},
@{
"name" = "CVSS Score"
"value" = $newVuln.cvss_score
}
@{
"name" = "Vendor Advisory"
"value" = $newVuln.vendor_advisory
}
)
}
)
}
$teamsMessageJson = $teamsMessage | ConvertTo-Json -Depth 100
Invoke-RestMethod -Uri $teamsWebhookUrl -Method Post -Body $teamsMessageJson -ContentType "application/json"
} #>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment