Created
January 26, 2024 15:58
-
-
Save superducktoes/f13dcb8af82ed222dfd1dc508c807412 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| reads from a file cve_grouping.txt that takes a cve on each line to query greynoise and find ips exploiting each cve | |
| ''' | |
| from greynoise import GreyNoise | |
| from functools import reduce | |
| api_client = GreyNoise(api_key="<api_key>") | |
| cve_grouping = {} | |
| cves_tracked_list = [] | |
| # read the list of cve's from the text file and store in cve list | |
| with open("cve_grouping.txt", "r") as f: | |
| for line in f: | |
| cves_tracked_list.append(line.strip("\n")) | |
| # create a dict for associating ips with a cve | |
| for i in cves_tracked_list: | |
| cve_grouping[i] = [] | |
| # format the greynoise query to use the cves loaded into the list | |
| cve_query_string = ' OR '.join(f"cve:'{cve}'" for cve in cves_tracked_list) | |
| greynoise_query = "({}) AND last_seen:7d".format(cve_query_string) | |
| r = api_client.query(greynoise_query) | |
| # parse results to find cve's for each ip | |
| for i in r["data"]: | |
| for j in i["cve"]: | |
| if(j in cve_grouping): | |
| cve_grouping[j].append(i["ip"]) | |
| # Find intersection of all sets in cves_tracked_list | |
| cve_grouping_sets = {key: set(value) for key, value in cve_grouping.items()} | |
| u = reduce(set.intersection, [cve_grouping_sets[cve] for cve in cves_tracked_list if cve in cve_grouping_sets]) | |
| # finally print the intersection | |
| print(u) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment