Last active
January 30, 2022 20:30
-
-
Save p0w3rsh3ll/ac9e0a12c0f54f2a38ddc5e58297036e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Get-CISAVulnerabilitiesReport { | |
| <# | |
| .SYNOPSIS | |
| Get known exploited vulnerabilities | |
| .DESCRIPTION | |
| Get the known exploited vulnerabilities catalog from CISA | |
| .PARAMETER StartDate | |
| Datetime object used to filter the catalog | |
| .PARAMETER Last | |
| Last number of entries in the catalog sorted by published date | |
| .EXAMPLE | |
| Get-CISAVulnerabilitiesReport | |
| Get all the known exploited vulnerabilities from the catalog published by CISA | |
| .EXAMPLE | |
| Get-CISAVulnerabilitiesReport | Measure-Object | |
| Get the count of all the known exploited vulnerabilities published in the catalog by CISA | |
| .EXAMPLE | |
| Get-CISAVulnerabilitiesReport -Last 3 | |
| Get the 3 most recent known exploited vulnerabilities from the catalog published by CISA | |
| .EXAMPLE | |
| Get-CISAVulnerabilitiesReport -StartDate (Get-Date).AddDays(-15) | |
| Get the known exploited vulnerabilities from the catalog published by CISA over the last 15 days | |
| #> | |
| [CmdletBinding(DefaultParameterSetName='__AllParameterSets')] | |
| Param( | |
| [Parameter(ParameterSetName = 'ByDate')] | |
| [datetime]$StartDate, | |
| [Parameter(ParameterSetName = 'ByLast')] | |
| [int32]$Last | |
| ) | |
| Begin {} | |
| Process { | |
| $HT = @{ | |
| URI = 'https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json' | |
| ErrorAction = 'Stop' | |
| UseBasicParsing = [switch]::Present | |
| } | |
| try { | |
| $vuln = (Invoke-RestMethod @HT).vulnerabilities | | |
| ForEach-Object -Process { | |
| [PSCustomObject]@{ | |
| CVEId = $_.cveID | |
| Vendor = $_.vendorProject | |
| ProductName = $_.product | |
| Name = $_.vulnerabilityName | |
| StartDate = ([datetime]$_.dateAdded) | |
| Description = $_.shortDescription | |
| ActionRequired = $_.requiredAction | |
| DueDate = ([datetime]$_.dueDate) | |
| } | |
| } | |
| } catch { | |
| Write-Warning -Message "Failed to get data from CISA because $($_.Exception.Message)" | |
| } | |
| if ($vuln) { | |
| Switch ($PSCmdlet.ParameterSetName) { | |
| 'ByDate' { | |
| $vuln | Where-Object { $_.StartDate -gt $StartDate } | |
| break | |
| } | |
| 'ByLast' { | |
| $vuln | Sort-Object -Property StartDate -Descending | Select-Object -First $Last | |
| break | |
| } | |
| default { | |
| $vuln | |
| } | |
| } | |
| } | |
| } | |
| End {} | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment