Print the summary and CVSSv3 vector for the CVEs passed as arguments

cve-get.py

#!/usr/bin/env python3
# coding: utf-8
# Thu May  9 05:51:35 CEST 2024
# sucata & surmano
#
# https://nvd.nist.gov/vuln/detail/CVE-2018-7105
# https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2018-7105&vector=AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H&version=3.0&source=NIST

"""
Print the summary and CVSS3 vector for the CVEs passed as arguments (March 2014).
Refactorized code (May 2024).

Usage:

    $ python3 ./cve-get.py CVE-2018-7105
    CVE: CVE-2018-7105
    CVSS: 0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    Description: A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of information.

    $ python3 ./cve-get.py CVE-2018-7105 CVE-2018-7110
    CVE: CVE-2018-7105
    CVSS: 0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    Description: A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of information.

    CVE: CVE-2018-7110
    CVSS: 0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
    Description: A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. A race condition under high load in SGF exists where SGF transferred different parameter to the enabler.

"""

import re
import sys
import bs4
import requests

__authors__ = {
    "Cata": "xkill[at]locolandia[dot]net",
    "Surman": "devnull[at]libcrack[dot]so"
}

NIST_URL = 'https://nvd.nist.gov/vuln/detail/'

if __name__ == '__main__':

    if len(sys.argv) == 1:
        print("Usage: {} <CVE-1234-5678> [CVE-1234-5679 CVE-...]".format(__file__))
        sys.exit(1)

    for vuln_cve in sys.argv[1:]:

        try:
            req = requests.get(NIST_URL + "{0}".format(vuln_cve), timeout=3)
            html_content = req.text

            # soup = bs4.BeautifulSoup(req.text, 'html.parser')
            # element = soup.find('body')
            # if element:
            #     # text_content = element.get_text(separator=' | ', strip=True)
            #     text_content = element.get_text(strip=True)
            # else:
            #     raise Exception("Cannot find <body> tag")

            # <p data-testid="vuln-description">A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of information.</p>

            match = re.search(
                r'<p data-testid="vuln-description">(.*?)</p>',
                html_content, re.MULTILINE + re.DOTALL)
            vuln_description = match.groups()[0].strip()

            # <span data-testid="vuln-cvss3-nist-vector" class="tooltipCvss3NistMetrics">CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</span>
            match = re.search(
                # r'<span data-testid="vuln-cvss3-nist-vector".*class="tooltipCvss3NistMetrics">(.*?)</span>',
                r'class="tooltipCvss3NistMetrics">(.*?)</span>',
                html_content, re.MULTILINE + re.DOTALL)
            # vuln_cvss3 = match.groups()[0].strip()
            # vuln_cvss3 = "".join(vuln_cvss3.split(".")[1:])
            vuln_cvss3 = "".join(match.groups()[0].strip().split(".")[1:])

            print(f"\033[1mCVE:\033[0m {vuln_cve}")
            print(f"\033[1mCVSS:\033[0m {vuln_cvss3}")
            print(f"\033[1mDescription:\033[0m {vuln_description}\n")

        except KeyboardInterrupt:
            pass