patch_finder 1.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c3c8d250a7aa94b35b8f5aec0c944eac2c0a3935
+  data.tar.gz: 9c92cbd76ea88c27e15fcbecf668a88a645e53bf
+SHA512:
+  metadata.gz: 2a55fda811184d47d0ae322d70a5b3431192f3fe9c93ad8588a48031ecd95af6a97f9499caa0d194b4f22812a4f6d6f5e908081d2db36e2c79ed08d95f28b32d
+  data.tar.gz: bb45dcb3fed06f018861ae979f0dc362e8a838c825d3bbe1866ef86003d4244e764f9ed01c238810052c3286478fa249acb85faab5d5dbce6f03a56544f0ebc0

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/README.md

@@ -0,0 +1,25 @@
+# PatchFinder
+
+PatchFinder is a toolkit to find software patches.
+
+All download clients can be found in the bin directory. Each client is meant for a specific
+type of patch. For example: msu_finder is used to find Microsoft updates (.msu).
+
+For other tools that might be useful to examine the patches, please see the tools directory.
+
+## Installation
+
+To install PatchFinder:
+
+```
+  $ gem install patch_finder
+```
+
+## Usage
+
+Each patch finding client can be found in the bin directory. To learn how to use one, please refer
+to its ```-h``` option, or the [wiki page](https://github.com/wchen-r7/Patch-Finder/wiki).
+
+## License
+
+[BSD-3-Clause](https://opensource.org/licenses/BSD-3-Clause)

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/msu_finder

@@ -0,0 +1,126 @@
+#!/usr/bin/env ruby
+
+##
+#
+# This tool allows you to collect Microsoft patches.
+# Once you have downloaded all the .msu patches, you can use tools/extract_msu.bat to
+# automatically extract them.
+#
+##
+
+lib = File.expand_path('../../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+require 'core/helper'
+require 'core/config'
+require 'optparse'
+require 'msu'
+
+class PatchFinderBin
+
+  include PatchFinder::Helper
+
+  attr_reader :args
+
+  def banner
+    @banner ||= lambda {
+      doc_path = File.join(PatchFinder::Config.doc_directory, 'msu_finder.txt')
+      read_file(doc_path)
+    }.call
+  end
+
+  def get_parsed_options
+    options = {}
+
+    parser = OptionParser.new do |opt|
+      opt.banner = banner
+      opt.separator ''
+      opt.separator 'Specific options:'
+
+      opt.on('-q', '--query <keyword>', 'Find advisories including this keyword') do |v|
+        options[:keyword] = v
+      end
+
+      opt.on('-s', '--search-engine <engine>', '(Optional) The type of search engine to use (Technet or Google). Default: Technet') do |v|
+        case v.to_s
+        when /^google$/i
+          options[:search_engine] = :google
+        when /^technet$/i
+          options[:search_engine] = :technet
+        else
+          fail OptionParser::InvalidOption, "Invalid search engine: #{v}"
+        end
+      end
+
+      opt.on('-r', '--regex <string>', '(Optional) Specify what type of links you want') do |v|
+        options[:regex] = v
+      end
+
+      opt.on('--apikey <key>', '(Optional) Google API key.') do |v|
+        options[:google_api_key] = v
+      end
+
+      opt.on('--cx <id>', '(Optional) Google search engine ID.') do |v|
+        options[:google_search_engine_id] = v
+      end
+
+      opt.on('-d', '--dir <string>', '(Optional) The directory to save the patches') do |v|
+        unless File.directory?(v)
+          fail OptionParser::InvalidOption, "Directory not found: #{v}"
+        end
+
+        options[:destdir] = v
+      end
+
+      opt.on_tail('-h', '--help', 'Show this message') do
+        $stderr.puts opt
+        exit
+      end
+    end
+
+    parser.parse!
+
+    if options.empty?
+      fail OptionParser::MissingArgument, 'No options set, try -h for usage'
+    elsif options[:keyword].nil? || options[:keyword].empty?
+      fail OptionParser::MissingArgument, '-q is required'
+    end
+
+    unless options[:search_engine]
+      options[:search_engine] = :technet
+    end
+
+    if options[:search_engine] == :google
+      if options[:google_api_key].nil? || options[:google_search_engine_id].empty?
+        fail OptionParser::MissingArgument, 'No API key set for Google'
+      elsif options[:google_search_engine_id].nil? || options[:google_search_engine_id].empty?
+        fail OptionParser::MissingArgument, 'No search engine ID set for Google'
+      end
+    end
+
+    options
+  end
+
+  def initialize
+    @args = get_parsed_options
+  rescue OptionParser::InvalidOption, OptionParser::MissingArgument => e
+    print_error(e.message)
+    exit
+  end
+
+  def main
+    cli = PatchFinder::MSU.new
+    links = cli.find_msu_download_links(args)
+    if args[:destdir]
+      print_status("Download links found: #{links.length}")
+      print_status('Downloading files, please wait...')
+      download_files(links, args[:destdir])
+    else
+      print_status('Download links found:')
+      print_line(links * "\n")
+    end
+  end
+end
+
+bin = PatchFinderBin.new
+bin.main

data/docs/bin/msu_finder.txt

@@ -0,0 +1,38 @@
+Usage: msu_finder [options]
+
+The following example will download all IE updates to directory /tmp:
+msu_finder -q "Internet Explorer" -d /tmp/
+
+Searching advisories via Technet:
+
+When you submit a query, the Technet search engine will first look it up from a product list,
+and then return all the advisories that include the keyword you are looking for. If there's
+no match from the product list, then the script will try a generic search. The generic method
+also means you can search by MSB, KB, or even the CVE number.
+
+Searching advisories via Google:
+
+Searching via Google requires an API key and an Search Engine ID from Google. To obtain these,
+make sure you have a Google account (such as Gmail), and then do the following:
+
+1. Go to Google Developer's Console
+    1. Enable Custom Search API
+    2. Create a browser type credential. The credential is the API key.
+2. Go to Custom Search
+    1. Create a new search engine
+    2. Under Sites to Search, set: technet.microsoft.com
+    3. In your search site, get the Search Engine ID under the Basics tab.
+
+By default, Google has a quota limit of 1000 queries per day. You can raise this limit with
+a fee.
+
+The way this tool uses Google to find advisories is the same as doing the following manually:
+[Query] site:technet.microsoft.com intitle:"Microsoft Security Bulletin" -"Microsoft Security Bulletin Summary"
+
+Dryrun mode:
+Without the -d flag (destination), the tool will not download the patches, it will just find you
+the download links.
+
+Patch Extraction:
+After downloading the patch, you can use the extract_msu.bat tool to automatically extract
+Microsoft patches.

data/lib/core/config.rb

@@ -0,0 +1,19 @@
+module PatchFinder
+  module Config
+
+    # Returns the doc directory.
+    # 
+    # @return [String]
+    def self.doc_directory
+      @doc_directory ||= File.expand_path(File.join(root_directory, '..', 'docs', 'bin'))
+    end
+
+    # Returns the root directory.
+    #
+    # @return [String]
+    def self.root_directory
+      @root_directory ||= File.expand_path(File.join(File.dirname(__FILE__), '..'))
+    end
+
+  end
+end

data/lib/core/helper.rb

@@ -0,0 +1,158 @@
+require 'net/http'
+
+module PatchFinder
+  module Helper
+
+    class PatchFinderException < RuntimeError; end
+
+    # Prints a debug message.
+    #
+    # @return [void]
+    def print_debug(msg = '')
+      $stderr.puts "[DEBUG] #{msg}"
+    end
+
+    # Prints a status message.
+    #
+    # @return [void]
+    def print_status(msg = '')
+      $stderr.puts "[*] #{msg}"
+    end
+
+    # Prints an error message.
+    #
+    # @return [void]
+    def print_error(msg = '')
+      $stderr.puts "[ERROR] #{msg}"
+    end
+
+    # Prints a message.
+    #
+    # @return [void]
+    def print_line(msg = '')
+      $stdout.puts msg
+    end
+
+    # Sends an HTTP request.
+    # @note If the request fails, it will try 3 times before
+    #       passing/raising an exception.
+    #
+    # @param uri [String] URI.
+    # @param ssl [Boolean] Forces SSL option.
+    # @return [Net::HTTPResponse]
+    def send_http_get_request(uri, ssl = false)
+      attempts = 1
+      u = URI.parse(uri)
+      res = nil
+      ssl = u.scheme == 'https' ? true : false
+
+      begin
+        Net::HTTP.start(u.host, u.port, use_ssl: ssl) do |cli|
+          req = Net::HTTP::Get.new(normalize_uri(u.request_uri))
+          req['Host'] = u.host
+          req['Content-Type'] = 'application/x-www-form-urlencoded'
+          res = cli.request(req)
+        end
+      rescue Net::ReadTimeout, IOError, EOFError, Errno::ECONNRESET,
+             Errno::ECONNABORTED, Errno::EPIPE, Net::OpenTimeout,
+             Errno::ETIMEDOUT => e
+        if attempts < 3
+          sleep(5)
+          attempts += 1
+          retry
+        else
+          raise e
+        end
+      end
+
+      res
+    end
+
+    # Returns the content of a file.
+    #
+    # @param file_path [String] File to read.
+    # @return [String]
+    def read_file(file_path)
+      return nil unless File.exist?(file_path)
+
+      buf = ''
+
+      File.open(file_path, 'rb') do |f|
+        buf = f.read
+      end
+
+      buf
+    end
+
+    # Downloads a file to a local directory.
+    # @note When the file is saved, the file name will actually include a timestamp
+    #       in this format: [original filename]_[timestamp].[ext] to avoid
+    #       name collision.
+    #
+    # @param uri [String] URI (to download)
+    # @param dest_dir [String] The folder to save the file.
+    #                          Make sure this folder exists.
+    # @return [void]
+    def download_file(uri, dest_dir)
+      begin
+        u = URI.parse(uri)
+        fname, ext = File.basename(u.path).scan(/(.+)\.(.+)/).flatten
+        dest_file = File.join(dest_dir, "#{fname}_#{Time.now.to_i}.#{ext}")
+        res = send_http_get_request(uri)
+      rescue Net::ReadTimeout, IOError, EOFError, Errno::ECONNRESET,
+             Errno::ECONNABORTED, Errno::EPIPE, Net::OpenTimeout,
+             Errno::ETIMEDOUT => e
+        print_error("#{e.message}: #{uri}")
+        return
+      end
+
+      save_file(res.body, dest_file)
+      print_status("Download completed for #{uri}")
+    end
+
+    # Downloads multiple files to a local directory.
+    # @note 3 clients are used to download all the links.
+    #
+    # @param files [Array] Full URIs.
+    # @param dest_dir [String] The folder to save the files.
+    #                          Make sure this folder exists.
+    # @return pvoid
+    def download_files(files, dest_dir)
+      pool = PatchFinder::ThreadPool.new(3)
+
+      files.each do |f|
+        pool.schedule do
+          download_file(f, dest_dir)
+        end
+      end
+
+      pool.shutdown
+
+      sleep(0.5) until pool.eop?
+    end
+
+    private
+
+    # Saves a file to a specific location.
+    #
+    # @param data [String]
+    # @param dest_file [String]
+    # @return [void]
+    def save_file(data, dest_file)
+      File.open(dest_file, 'wb') do |f|
+        f.write(data)
+      end
+    end
+
+    # Returns the normalized URI by modifying the double slashes.
+    #
+    # @param strs [Array] URI path.
+    # @return [String]
+    def normalize_uri(*strs)
+      new_str = strs * '/'
+      new_str = new_str.gsub!('//', '/') while new_str.index('//')
+      new_str
+    end
+
+  end
+end

data/lib/core/thread_pool.rb

@@ -0,0 +1,61 @@
+module PatchFinder
+  class ThreadPool
+
+    attr_accessor :mutex
+
+    # Initializes the pool.
+    #
+    # @param size [Fixnum] Max number of threads to be running at the same time.
+    # @return [void]
+    def initialize(size)
+      @size = size
+      @mutex = Mutex.new
+      @jobs = Queue.new
+      @pool = Array.new(@size) do |i|
+        Thread.new do
+          Thread.current[:id] = i
+          catch(:exit) do
+            loop do
+              job, args = @jobs.pop
+              job.call(*args)
+            end
+          end
+        end
+      end
+    end
+
+    # Adds a job to the queue.
+    #
+    # @param args [Array] Arguments.
+    # @param block [Proc] Code.
+    def schedule(*args, &block)
+      @jobs << [block, args]
+    end
+
+    # Shuts down all the jobs.
+    #
+    # @return [void]
+    def shutdown
+      @size.times do
+        schedule { throw :exit }
+      end
+
+      @pool.map(&:join)
+    end
+
+    # Returns whether there's anything in the queue left.
+    #
+    # @return [boolean]
+    def eop?
+      @jobs.empty?
+    end
+
+  end
+end
+
+=begin
+ 
+ Nothings that might not work so great in the pool:
+ * Timeout
+  
+=end

data/lib/engine/msu/constants.rb

@@ -0,0 +1,37 @@
+module PatchFinder
+  module Engine
+    module MSU
+
+      MICROSOFT     = 'https://www.microsoft.com'
+      DOWNLOAD_MSFT = 'https://download.microsoft.com'
+      TECHNET       = 'https://technet.microsoft.com'
+
+      # These pattern checks need to be in this order.
+      ADVISORY_PATTERNS = [
+        # This works from MS14-001 until the most recent
+        {
+          check:   '//div[@id="mainBody"]//div//h2//div//span[contains(text(), "Affected Software")]',
+          pattern: '//div[@id="mainBody"]//div//div[@class="sectionblock"]//table//a' 
+        },
+        # This works from ms03-040 until MS07-029
+        {
+          check:   '//div[@id="mainBody"]//ul//li//a[contains(text(), "Download the update")]',
+          pattern: '//div[@id="mainBody"]//ul//li//a[contains(text(), "Download the update")]'
+        },
+        # This works from sometime until ms03-039
+        {
+          check:   '//div[@id="mainBody"]//div//div[@class="sectionblock"]//p//strong[contains(text(), "Download locations")]',
+          pattern: '//div[@id="mainBody"]//div//div[@class="sectionblock"]//ul//li//a'
+        },
+        # This works from MS07-030 until MS13-106 (the last update in 2013)
+        # The check is pretty short so if it kicks in too early, it tends to create false positives.
+        # So it goes last.
+        {
+          check:   '//div[@id="mainBody"]//p//strong[contains(text(), "Affected Software")]',
+          pattern: '//div[@id="mainBody"]//table//a' 
+        }
+      ]
+
+    end
+  end
+end

data/lib/engine/msu/google.rb

@@ -0,0 +1,141 @@
+require 'json'
+require 'core/helper'
+require_relative 'constants'
+
+module PatchFinder
+  module Engine
+    module MSU
+
+      class GoogleClientException < RuntimeError ; end
+
+      class Google
+
+        include Helper
+
+        GOOGLEAPIS = 'https://www.googleapis.com'
+
+        attr_reader :api_key
+        attr_reader :search_engine_id
+
+        # API Doc:
+        # https://developers.google.com/custom-search/json-api/v1/using_rest
+        # Known bug:
+        # * Always gets 20 MSB results. Weird.
+
+        # Initializes the Google API client.
+        #
+        # @param opts [Hash]
+        # @option opts [String] :api_key Google API key.
+        # @option opts [String] :search_engine_id Google Search engine ID.
+        def initialize(opts = {})
+          @api_key = opts[:api_key]
+          @search_engine_id = opts[:search_engine_id]
+        end
+
+        # Returns the MSB (advisories) numbers for a search keyword.
+        #
+        # @param keyword [String]
+        # @return [Array]
+        def find_msb_numbers(keyword)
+          msb_numbers = []
+          next_starting_index = 1
+          search_opts = {
+            keyword: keyword,
+            starting_index: next_starting_index
+          }
+
+          begin
+            while
+              results = search(search_opts)
+              items = results['items']
+              items.each do |item|
+                title = item['title']
+                msb = title.scan(/Microsoft Security Bulletin (MS\d\d\-\d\d\d)/).flatten.first
+                msb_numbers << msb.downcase if msb
+              end
+
+              next_starting_index = get_next_index(results)
+              next_page = results['queries']['nextPage']
+
+              # Google API Documentation:
+              # https://developers.google.com/custom-search/json-api/v1/using_rest
+              # "This role is not present if the current results are the last page.
+              # Note: This API returns up to the first 100 results only."
+              break if next_page.nil? || next_starting_index > 100
+            end
+          rescue GoogleClientException => e
+            print_error(e.message)
+            return msb_numbers.uniq
+          end
+
+          msb_numbers.uniq
+        end
+
+        # Searches the Google API.
+        #
+        # @param opts [Hash]
+        # @option opts [Fixnum] :starting_index
+        # @option opts [String] :keyword
+        # @return [Hash] JSON
+        def search(opts = {})
+          starting_index = opts[:starting_index]
+
+          search_string = URI.escape([
+            opts[:keyword],
+            'intitle:"Microsoft Security Bulletin"',
+            '-"Microsoft Security Bulletin Summary"'
+          ].join(' '))
+
+          req_str = "#{GOOGLEAPIS}/customsearch/v1?"
+          req_str << "key=#{api_key}&"
+          req_str << "cx=#{search_engine_id}&"
+          req_str << "q=#{search_string}&"
+          req_str << "start=#{starting_index.to_s}&"
+          req_str << 'num=10&'
+          req_str << 'c2coff=1'
+
+          res = send_http_get_request(req_str)
+          results = parse_results(res)
+          if starting_index == 1
+            print_status("Number of search results: #{get_total_results(results)}")
+          end
+
+          results
+        end
+
+        # Returns the string data to JSON.
+        #
+        # @raise [GoogleClientException] The Google Search API returns an error.
+        # @param res [Net::HTTPResponse]
+        def parse_results(res)
+          j = JSON.parse(res.body)
+
+          if j['error']
+            message = j['error']['errors'].first['message']
+            reason  = j['error']['errors'].first['reason']
+            fail GoogleClientException, "Google Search failed. #{message} (#{reason})"
+          end
+
+          j
+        end
+
+        # Returns totalResults
+        #
+        # @param j [Hash] JSON response.
+        # @return [Fixnum]
+        def get_total_results(j)
+          j['queries']['request'].first['totalResults'].to_i
+        end
+
+        # Returns startIndex
+        #
+        # @param j [Hash] JSON response.
+        # @return [Fixnum]
+        def get_next_index(j)
+          j['queries']['nextPage'] ? j['queries']['nextPage'].first['startIndex'] : 0
+        end
+
+      end
+    end
+  end
+end

data/lib/engine/msu/technet.rb

@@ -0,0 +1,115 @@
+require 'json'
+require 'nokogiri'
+require 'core/helper'
+require_relative 'constants'
+
+module PatchFinder
+  module Engine
+    module MSU
+      class Technet
+
+        include Helper
+
+        # Initializes the Technet client.
+        #
+        # @return [void]
+        def initialize
+          @firstpage ||= lambda {
+            uri = '/en-us/security/bulletin/dn602597.aspx'
+            res = send_http_get_request("#{TECHNET}#{uri}")
+            return res.body
+          }.call
+        end
+
+        # Returns the MSB (advisories) numbers for a search keyword.
+        #
+        # @param keyword [String]
+        # @return [Array]
+        def find_msb_numbers(keyword)
+          product_list_matches = get_product_dropdown_list.select { |p| Regexp.new(keyword) === p[:option_text] }
+          if product_list_matches.empty?
+            print_status('No match from the product list, attempting a generic search')
+            search_by_keyword(keyword)
+          else
+            product_names = []
+            ids = []
+            product_list_matches.each do |e|
+              ids << e[:option_value]
+              product_names << e[:option_text]
+            end
+            print_status("Matches from the product list (#{product_names.length}): #{ product_names * ', ' }")
+            search_by_product_ids(ids)
+          end
+        end
+
+        # Searches the Technet engine.
+        #
+        # @param keyword [String]
+        # @return [Hash] JSON
+        def search(keyword)
+          req_str = "#{TECHNET}/security/bulletin/services/GetBulletins?"
+          req_str << "searchText=#{keyword}&"
+          req_str << 'sortField=0&'
+          req_str << 'sortOrder=1&'
+          req_str << 'currentPage=1&'
+          req_str << 'bulletinsPerPage=9999&'
+          req_str << 'locale=en-us'
+
+          res = send_http_get_request(req_str)
+          begin
+            return JSON.parse(res.body)
+          rescue JSON::ParserError
+          end
+
+          {}
+        end
+
+        # Searches for the MSBs (advisories) based on product IDs (as search keywords)
+        #
+        # @param ids [Array]
+        # @return [Array]
+        def search_by_product_ids(ids)
+          msb_numbers = []
+
+          ids.each do |id|
+            j = search(id)
+            msb = j['b'].collect { |e| e['Id'] }.map { |e| e.downcase }
+            msb_numbers.concat(msb)
+          end
+
+          msb_numbers
+        end
+
+        # Searches for the MSBs (advisories) based on a keyword.
+        #
+        # @param keyword [String]
+        # @return [Hash]
+        def search_by_keyword(keyword)
+          j = search(keyword)
+          j['b'].collect { |e| e['Id'] }.map { |e| e.downcase }
+        end
+
+        # Returns the Technet product list.
+        #
+        # @return [Array]
+        def get_product_dropdown_list
+          @product_dropdown_list ||= lambda {
+            list = []
+
+            page = ::Nokogiri::HTML(firstpage)
+            page.search('//div[@class="sb-search"]//select[@id="productDropdown"]//option').each do |product|
+              option_value = product.attributes['value'].value
+              option_text  = product.text
+              next if option_value == '-1' # This is the ALL option
+              list << { option_value: option_value, option_text: option_text }
+            end
+
+            list
+          }.call
+        end
+
+        attr_reader :firstpage
+      end
+    end
+  end
+end

data/lib/msu.rb

@@ -0,0 +1,234 @@
+require 'nokogiri'
+require 'core/thread_pool'
+require 'engine/msu/google'
+require 'engine/msu/technet'
+require 'engine/msu/constants'
+
+module PatchFinder
+  class MSU
+
+    include Helper
+
+    MAX_THREADS = 10
+
+    # Returns the download links.
+    #
+    # @param args [Hash] Arguments created by the user.
+    # @return [Array]
+    def find_msu_download_links(args)
+      msb_numbers = collect_msbs(args)
+
+      unless msb_numbers.empty?
+        print_status("Advisories found (#{msb_numbers.length}): #{msb_numbers * ', '}")
+        print_status('Please wait while the download links are being collected...')
+      end
+
+      download_links = []
+
+      print_status("Max number of active collecting clients: #{MAX_THREADS}")
+      pool = PatchFinder::ThreadPool.new(MAX_THREADS)
+
+      msb_numbers.each do |msb|
+        pool.schedule do
+          links = collect_links_from_msb(msb, args[:regex])
+          pool.mutex.synchronize do
+            download_links.concat(links)
+          end
+        end
+      end
+
+      pool.shutdown
+
+      sleep(0.5) until pool.eop?
+
+      download_links
+    end
+
+    private
+
+    # Returns the MSBs (advisories) numbers.
+    #
+    # @param args [Hash]
+    # @return [Array]
+    def collect_msbs(args)
+      msb_numbers = []
+
+      case args[:search_engine]
+      when :technet
+        print_status("Searching advisories that include #{args[:keyword]} via Technet")
+        msb_numbers = technet_search(args[:keyword])
+      when :google
+        print_status("Searching advisories that include #{args[:keyword]} via Google")
+        msb_numbers = google_search(args[:keyword], args[:google_api_key], args[:google_search_engine_id])
+      end
+
+      msb_numbers
+    end
+
+    # Returns the download links for an advisory.
+    #
+    # @param msb [String]
+    # @param regex [Regexp] Search filter
+    # @return [Array]
+    def collect_links_from_msb(msb, regex = nil)
+      unless is_valid_msb?(msb)
+        print_error "Not a valid MSB format: #{msb}"
+        print_error 'Example of a correct one: ms15-100'
+        return []
+      end
+
+      res = download_advisory(msb)
+
+      if !has_advisory?(res)
+        print_error "The advisory cannot be found for #{msb}"
+        return []
+      end
+
+      links = get_details_aspx(res)
+      if links.length == 0
+        print_error "Unable to find download.microsoft.com links for #{msb}."
+        return []
+      else
+        print_status("Found #{links.length} affected products for #{msb}.")
+      end
+
+      link_collector = []
+
+      links.each do |link|
+        download_page = get_download_page(link)
+        download_links = get_download_links(download_page.body)
+        if regex
+          filtered_links = download_links.select { |l| Regexp.new(regex) === l }
+          link_collector.concat(filtered_links)
+        else
+          link_collector.concat(download_links)
+        end
+      end
+
+      link_collector
+    end
+
+    # Returns the download page.
+    #
+    # @param link [string]
+    # @return [Net::Response]
+    def get_download_page(link)
+      res = send_http_get_request(link)
+
+      if res.header['Location']
+        return send_http_get_request("#{PatchFinder::Engine::MSU::MICROSOFT}/#{res.header['Location']}")
+      end
+
+      res
+    end
+
+    # Returns the MSB advisories found from Google.
+    #
+    # @param keyword [String]
+    # @param api_key [String]
+    # @param cx [String]
+    # @return [Array]
+    def google_search(keyword, api_key, cx)
+      search = PatchFinder::Engine::MSU::Google.new(api_key: api_key, search_engine_id: cx)
+      search.find_msb_numbers(keyword)
+    end
+
+    # Returns the MSB advisories found from Technet.
+    #
+    # @param keyword [String]
+    # @return [Array]
+    def technet_search(keyword)
+      search = PatchFinder::Engine::MSU::Technet.new
+      search.find_msb_numbers(keyword)
+    end
+
+    # Returns the advisory page.
+    #
+    # @param msb [String]
+    # @return [String]
+    def download_advisory(msb)
+      send_http_get_request("#{PatchFinder::Engine::MSU::TECHNET}/en-us/library/security/#{msb}.aspx")
+    end
+
+    # Returns the found details pages
+    #
+    # @param res [Res::Response]
+    # @return [Array]
+    def get_details_aspx(res)
+      links = []
+
+      page = res.body
+      n = ::Nokogiri::HTML(page)
+
+      appropriate_pattern = get_appropriate_pattern(n)
+      return links unless appropriate_pattern
+
+      n.search(appropriate_pattern).each do |anchor|
+        found_link = anchor.attributes['href'].value
+        if /https:\/\/www\.microsoft\.com\/downloads\/details\.aspx\?familyid=/i === found_link
+          begin
+            links << found_link
+          rescue ::URI::InvalidURIError
+            print_error "Unable to parse URI: #{found_link}"
+          end
+        end
+      end
+
+      links
+    end
+
+    # Returns the downloads links
+    #
+    # @param page [String] HTML page
+    # @return [Array]
+    def get_download_links(page)
+      page = ::Nokogiri::HTML(page)
+
+      relative_uri = page.search('a').select { |a|
+        a.attributes['href'] && a.attributes['href'].value.include?('confirmation.aspx?id=')
+      }.first
+
+      return [] unless relative_uri
+      relative_uri = relative_uri.attributes['href'].value
+
+      res = send_http_get_request("#{PatchFinder::Engine::MSU::MICROSOFT}/en-us/download/#{relative_uri}")
+      n = ::Nokogiri::HTML(res.body)
+
+      n.search('a').select { |a|
+        a.attributes['href'] && a.attributes['href'].value.include?("#{PatchFinder::Engine::MSU::DOWNLOAD_MSFT}/download/")
+      }.map! { |a| a.attributes['href'].value }.uniq
+    end
+
+    # Returns a pattern that matches the advisory page.
+    #
+    # @param n [Nokogiri::HTML::Document]
+    # @return [String] If a match is found
+    # @return [NilClass] If no match found
+    def get_appropriate_pattern(n)
+      PatchFinder::Engine::MSU::ADVISORY_PATTERNS.each do |pattern|
+        if n.at_xpath(pattern[:check])
+          return pattern[:pattern]
+        end
+      end
+
+      nil
+    end
+
+    # Checks if the page is an advisory.
+    #
+    # @param res [Net::Response]
+    # @return [Boolean]
+    def has_advisory?(res)
+      !res.body.include?('We are sorry. The page you requested cannot be found')
+    end
+
+    # Checks if the string is a MSB format.
+    #
+    # @param msb [String]
+    # @return [Boolean]
+    def is_valid_msb?(msb)
+      /^ms\d\d\-\d\d\d$/i === msb
+    end
+
+  end
+end

data/patch_finder.gemspec

@@ -0,0 +1,22 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+Gem::Specification.new do |spec|
+  spec.name          = 'patch_finder'
+  spec.version       = '1.0.1'
+  spec.authors       = ['wchen-r7']
+  spec.email         = ['wei_chen@rapid7.com']
+  spec.summary       = 'Patch Finder'
+  spec.description   = 'Generic Patch Finder'
+  spec.homepage      = 'http://github.com/wchen-r7/patch-finder'
+  spec.license       = 'BSD-3-clause'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.executables   = Dir.glob('bin/*').map{ |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.11"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+end

data/tools/extract_msu.bat

@@ -0,0 +1,47 @@
+@echo off
+@setlocal EnableDelayedExpansion
+
+@set arg=%~1
+
+if [%arg%] == [] (
+	echo Argument Missing:
+	echo You must provide a directory that contains
+	echo all the Windows patches in *.msu format.
+	echo To Download patches manually, please go:
+	echo http://mybulletins.technet.microsoft.com/BulletinPages/Dashboard
+	exit /B
+)
+
+if not "!arg:~-1,1!" == "\" (
+	@set arg=!arg!\
+)
+
+
+for /f %%f in ('dir /B %arg%') DO (
+	@set fname=%%f
+	@set lastfourchars=!fname:~-4,4!
+	if "!lastfourchars!" == ".msu" (
+		rem The -15 length is specific to filenames generated by msu_finder, and filters out the following things:
+		rem * The time stamp: "_xxxxxxxxxx"
+		rem * The extension name: ".msu"
+		rem To make this script generic (no time stamp in the filename), instead of -15, you should do -4.
+		@set newname=!fname:~0,-15!
+
+		rem This is the destination path that contains the time stamp.
+		rem The use of time stamp allows the patches to avoid filename collision,
+		rem because sometimes even though the patches are different, they might have the
+		rem same name.
+		@set newdest=!fname:~0,-4!
+
+		mkdir %arg%!newdest!
+		mkdir %arg%!newdest!\extracted
+		expand /F:* %arg%!fname! %arg%!newdest!
+		expand /F:* %arg%!newdest!\!newname!.cab %arg%!newdest!\extracted
+	)
+
+)
+
+echo Done!
+echo Now go to %arg%,
+echo and then use the search feature from Windows to
+echo find the files you're interested in.

data/tools/list_dll.rb

@@ -0,0 +1,220 @@
+# -*- coding: binary -*-
+#!/usr/bin/env ruby
+
+require 'optparse'
+require 'find'
+
+class String
+  def to_decimal
+    self.unpack("c*").reverse.pack("c*").unpack("N*").first
+  end
+
+  def to_hex
+    self.unpack("c*").reverse.pack("c*")
+  end
+
+  def to_printable_hex_32
+    self.unpack("c*").reverse.pack("c*").unpack("H*").first
+  end
+
+  def to_printable_hex_64
+    self.unpack("s*").pack("s*").reverse.unpack("H*").first
+  end
+
+  def unicode
+    buf = ''
+
+    self.each_char do |c|
+      buf << "#{c}\x00"
+    end
+
+    buf
+  end
+
+  def ansi
+    buf = ''
+
+    self.each_char do |c|
+      next if c == "\x00"
+      buf << c
+    end
+
+    buf
+  end
+end
+
+class DLLInformation
+  X64_86 = :x64_86
+  X86    = :x86
+
+  def initialize(file)
+    f = open(file, 'rb')
+    begin
+      @bin = f.read
+    ensure
+      f.close if f
+    end
+  end
+ 
+  def cpu_type
+    @cpu_type ||= lambda {
+      type = @bin.scan(/\x50\x45\x00\x00(..)/).flatten.first || ''
+      type == "\x64\x86" ? X64_86 : X86
+    }.call
+  end
+
+  def base_address
+    case cpu_type
+    when X64_86
+      base_address_x64_86
+    when X86
+      base_address_x86
+    end
+  end
+
+  def timestamp
+    pe_signature_offset = @bin[60,4].to_decimal
+    @bin[pe_signature_offset+8, 4].to_printable_hex_32
+  end
+
+  def version_info
+    signature_start = "...\x00\x00\x00"
+    signature_start << "VS_VERSION_INFO".unicode
+    signature_end   = "\x00\x00\x00\x00\x09\x04\xb0\x04"
+    info = @bin.scan(/(#{signature_start}.+#{signature_end})/).flatten[0]
+    return '' if info.nil?
+
+    signature_start = "FileVersion".unicode
+    signature_start << "\x00\x00".unicode
+    signature_end   = "InternalName".unicode
+    file_version = info.scan(/#{signature_start}(.+)\x00\x00.+#{signature_end}/).flatten[0]
+    return '' if file_version.nil?
+
+    file_version
+  end
+
+  def size
+    @bin.length
+  end
+
+  private
+
+  def base_address_x86
+    @base_address_x86 ||= lambda {
+      pe_signature_offset = @bin[60,4].to_decimal
+      coff_header_offset  = pe_signature_offset + 4 + 44 + 4
+      @bin[coff_header_offset, 4].to_printable_hex_32
+    }.call
+  end
+
+  def base_address_x64_86
+    @base_address_x64_86 ||= lambda {
+      pe_signature_offset =  @bin.index("\x50\x45\x00\x00")
+      image_base_offset = pe_signature_offset + 48
+      @bin[image_base_offset, 8].to_printable_hex_64
+    }.call
+  end
+
+end
+
+class Table
+  def initialize(opts)
+    @path      = opts[:path]
+    @size      = opts[:size]
+    @version   = opts[:version]
+    @base      = opts[:base]
+    @timestamp = opts[:timestamp]
+  end
+
+  def show
+    puts '#{get_size}  #{get_base}  #{get_timestamp}  #{get_version}  #{get_path}'
+  end
+
+  private
+
+  def get_size
+    s = [@size].pack("V*").unpack("H*")[0]
+    "0x#{s.rjust(8, '0')}"
+  end
+
+  def get_path
+    base = "#{Dir.pwd}/"
+    p = @path.gsub(/^#{base}/, '')
+
+    # Max out the length at 44 characters
+    p = "#{p[0,44]}..." if p.length > 44
+
+    p
+  end
+
+  def get_version
+    @version.ansi.scan(/^([0-9\.]+) /).flatten.first.ljust(16, ' ')
+  end
+
+  def get_base
+    "0x#{@base.ljust(16, ' ')}"
+  end
+
+  def get_timestamp
+    "0x#{@timestamp.rjust(8, '0')}"
+  end
+end
+
+def init_args
+  opts = {}
+  opt = OptionParser.new
+  opt.banner = "Usage: #{__FILE__} [options]"
+  opt.separator('')
+  opt.separator('Options:')
+
+  opt.on('-d', '--dll [string]', String, 'DLL to specify') do |n|
+    opts[:dll_name] = n
+  end
+
+  opt.on_tail('-h', '--help', 'Show usage') do
+    puts opt
+    exit(0)
+  end
+
+  opt.parse!
+  opts
+end
+
+def list_dll(dir, dll_name)
+  puts 'Size        Base                Timestamp   Version           Path'
+
+  Find.find(dir) do |p|
+    next if p !~ /\.dll$/i
+    next if dll_name && p !~ /#{dll_name}/
+
+    dll = DLLInformation.new(p)
+    size         = dll.size
+    version      = dll.version_info
+    base_address = dll.base_address
+    timestamp    = dll.timestamp
+
+    t = Table.new({
+      :path      => p,
+      :size      => size,
+      :version   => version,
+      :base      => base_address,
+      :timestamp => timestamp
+    })
+
+    t.show
+  end
+end
+
+def main(args)
+  base_dir = Dir.pwd
+  list_dll(base_dir, args[:dll_name])
+end
+
+args = init_args
+begin
+  main(args)
+rescue RuntimeError => e
+  puts e.message
+  exit(0)
+rescue Interrupt
+end

metadata

@@ -0,0 +1,102 @@
+--- !ruby/object:Gem::Specification
+name: patch_finder
+version: !ruby/object:Gem::Version
+  version: 1.0.1
+platform: ruby
+authors:
+- wchen-r7
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-03-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: Generic Patch Finder
+email:
+- wei_chen@rapid7.com
+executables:
+- msu_finder
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- README.md
+- Rakefile
+- bin/msu_finder
+- docs/bin/msu_finder.txt
+- lib/core/config.rb
+- lib/core/helper.rb
+- lib/core/thread_pool.rb
+- lib/engine/msu/constants.rb
+- lib/engine/msu/google.rb
+- lib/engine/msu/technet.rb
+- lib/msu.rb
+- patch_finder.gemspec
+- tools/extract_msu.bat
+- tools/list_dll.rb
+homepage: http://github.com/wchen-r7/patch-finder
+licenses:
+- BSD-3-clause
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: Patch Finder
+test_files: []