m1el/do.sh

## do.sh
wget https://cve.mitre.org/data/downloads/allitems-cvrf.xml
python3 vgrep.py

## output.txt
rexec: 19268
DoS: 14849
xss: 9236
memory: 8212
sqlinj: 6230
privilege: 3321
dirtraversal: 2762
arith: 1260
csrf: 1117

## vgrep.py
from lxml import etree
from collections import defaultdict
import re

ns = {
  'cvrf': 'http://www.icasi.org/CVRF/schema/cvrf/1.1',
  'vuln': 'http://www.icasi.org/CVRF/schema/vuln/1.1'
  }

vuln_xpath = '/cvrf:cvrfdoc/vuln:Vulnerability'
desc_xpath = 'vuln:Notes/vuln:Note[@Type="Description"]'

vuln_texts = [
    ('sqlinj', re.compile(r'SQL injection', re.I)),
    ('xss', re.compile(r'cross.site.scripting|script injection', re.I)),
    ('privilege', re.compile(r'gain privileges|root privileges|dropping privileges|additional privileges|gain additional group privileges', re.I)),
    ('DoS', re.compile(r'denial of service', re.I)),
    ('memory', re.compile(r'buffer overflow|double free|stack corruption|Use.after.free|ASLR', re.I)),
    ('csrf', re.compile(r'Cross-site request forgery', re.I)),
    ('rexec', re.compile(r'remote( code| command)? execution|execute.*?(arbitrary code|programs|command)')),
    #('reserved', re.compile(r'^\*\* RESERVED \*\*')),
    #('reject', re.compile(r'^\*\* REJECT \*\*')),
    #('unspecified', re.compile(r'Unspecified vulnerability', re.I)),
    ('dirtraversal', re.compile(r'directory traversal', re.I)),
    ('arith', re.compile(r'Integer overflow|integer underflow|Integer signedness|signed integer', re.I)),
    ]

if __name__ == '__main__':
  count = defaultdict(int)
  tree = etree.parse('allitems-cvrf.xml')
  for vuln in tree.xpath(vuln_xpath, namespaces=ns):
    description = vuln.xpath(desc_xpath, namespaces=ns)
    if not description:
      continue
    description = description[0].text.replace('\n', ' ')
    for typ, regex in vuln_texts:
      if re.search(regex, description):
        count[typ] += 1
  keys = [x[0] for x in vuln_texts]
  keys = sorted(keys, key=lambda x:count[x], reverse=True)
  for k in keys:
    print('%s: %d' % (k, count[k]))
	wget https://cve.mitre.org/data/downloads/allitems-cvrf.xml
	python3 vgrep.py
	rexec: 19268
	DoS: 14849
	xss: 9236
	memory: 8212
	sqlinj: 6230
	privilege: 3321
	dirtraversal: 2762
	arith: 1260
	csrf: 1117
	from lxml import etree
	from collections import defaultdict
	import re

	ns = {
	'cvrf': 'http://www.icasi.org/CVRF/schema/cvrf/1.1',
	'vuln': 'http://www.icasi.org/CVRF/schema/vuln/1.1'
	}

	vuln_xpath = '/cvrf:cvrfdoc/vuln:Vulnerability'
	desc_xpath = 'vuln:Notes/vuln:Note[@Type="Description"]'

	vuln_texts = [
	('sqlinj', re.compile(r'SQL injection', re.I)),
	('xss', re.compile(r'cross.site.scripting\|script injection', re.I)),
	('privilege', re.compile(r'gain privileges\|root privileges\|dropping privileges\|additional privileges\|gain additional group privileges', re.I)),
	('DoS', re.compile(r'denial of service', re.I)),
	('memory', re.compile(r'buffer overflow\|double free\|stack corruption\|Use.after.free\|ASLR', re.I)),
	('csrf', re.compile(r'Cross-site request forgery', re.I)),
	('rexec', re.compile(r'remote( code\| command)? execution\|execute.*?(arbitrary code\|programs\|command)')),
	#('reserved', re.compile(r'^\\ RESERVED \\')),
	#('reject', re.compile(r'^\\ REJECT \\')),
	#('unspecified', re.compile(r'Unspecified vulnerability', re.I)),
	('dirtraversal', re.compile(r'directory traversal', re.I)),
	('arith', re.compile(r'Integer overflow\|integer underflow\|Integer signedness\|signed integer', re.I)),
	]

	if __name__ == '__main__':
	count = defaultdict(int)
	tree = etree.parse('allitems-cvrf.xml')
	for vuln in tree.xpath(vuln_xpath, namespaces=ns):
	description = vuln.xpath(desc_xpath, namespaces=ns)
	if not description:
	continue
	description = description[0].text.replace('\n', ' ')
	for typ, regex in vuln_texts:
	if re.search(regex, description):
	count[typ] += 1
	keys = [x[0] for x in vuln_texts]
	keys = sorted(keys, key=lambda x:count[x], reverse=True)
	for k in keys:
	print('%s: %d' % (k, count[k]))