ThunderstrikeVulnerabilityEA.py
#!/usr/bin/python | |
# Culled from https://gist.github.com/arubdesu/05b4172890450fa2d9e6 | |
# Given a list of FW models and Thunderstrike patched FW versions, | |
# report on whether a machine has been patched. | |
import subprocess | |
import plistlib | |
__version__ = "1.0.0" | |
firmware_dict = {"MM51":"B12", | |
"MM61":"B08", | |
"MM71":"B03", | |
"MP61":"B15", | |
"MB81":"B06", | |
"IM121": "B21", | |
"IM131": "B08", | |
"IM141": "B11", | |
"IM142": "B11", | |
"IM143": "B11", | |
"IM144": "B10", | |
"IM151": "B03", | |
"MBP81": "B2A", | |
"MBP91": "B0B", | |
"MBA41": "B12", | |
"MBA51": "B03", | |
"MBA61": "B19", | |
"MBA71": "B06", | |
"MBP101": "B09", | |
"MBP102": "B08", | |
"MBP111": "B15", | |
"MBP112": "B15", | |
"MBP114": "B04", | |
"MBP121": "B07"} | |
cmd = ["/usr/sbin/system_profiler","SPHardwareDataType", "-xml"] | |
hdwe_stdout = subprocess.check_output(cmd) | |
output_plist = plistlib.readPlistFromString(hdwe_stdout) | |
full_rom = output_plist[0]["_items"][0]["boot_rom_version"] | |
(hdwe_code, _, current_fw_vers) = full_rom.split(".") | |
patched_vers = firmware_dict.get(hdwe_code) | |
if patched_vers: | |
if current_fw_vers >= patched_vers: | |
result = "Patched" | |
else: | |
result = ("Unpatched current version: %s required version: %s" % | |
(current_fw_vers, patched_vers)) | |
else: | |
result = "NotPatchable" | |
print "<result>%s</result>" % result |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
As per Slack, https://gist.github.com/sheagcraig/962b1ec99882b80d03dc#file-thunderstrikevulnerabilityea-py-L24 is indeed wrong as well, it's actually B2A