pyExploitDb 0.2.51__py3-none-any.whl → 0.2.54__py3-none-any.whl

pyExploitDb/__init__.py

@@ -3,199 +3,151 @@ import json
 import csv
 import requests
 import time
-import sys
 import git
+import re
 
 class PyExploitDb:
+    EXPLOIT_DB_REPO = "https://gitlab.com/exploit-database/exploitdb.git"
+    USER_AGENT = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) Chrome/39.0 Safari/537.36'}
+    
     def __init__(self):
         self.cveToExploitMap = {}
         self.currentPath = os.path.dirname(os.path.abspath(__file__))
-        self.edbidToCveFile = self.currentPath + "/edbidToCve.json"
-        self.cveToEdbidFile = self.currentPath + "/cveToEdbid.json"
-        self.exploitDbPath = self.currentPath + "/exploit-database"
+        self.edbidToCveFile = os.path.join(self.currentPath, "edbidToCve.json")
+        self.cveToEdbidFile = os.path.join(self.currentPath, "cveToEdbid.json")
+        self.exploitDbPath = os.path.join(self.currentPath, "exploit-database")
         self.requestCoolOffTime = 1
         self.debug = False
-        self.autoUpdate = True
-        pass
 
+    def logDebug(self, message):
+        if self.debug:
+            print(message)
 
-    def openFile(self, exploitMap = "cveToEdbid.json", encoding="utf-8"):
+    def cloneOrUpdateRepo(self):
         if not os.path.isdir(self.exploitDbPath):
-            print("Cloning exploit-database repository")
-            git.Repo.clone_from("https://gitlab.com/exploit-database/exploitdb.git", self.exploitDbPath)
-            print("Updating db...")
-            self.updateDb()
+            self.logDebug("Cloning exploit-database repository")
+            git.Repo.clone_from(self.EXPLOIT_DB_REPO, self.exploitDbPath)
         else:
-            if self.autoUpdate == True:
-                try:
-                    print("Pulling exploit-database updates...")
-                    git.Git(self.exploitDbPath).pull('origin', 'main')
-                except git.exc.GitCommandError as e:
-                    print("Broken or obsoleted exploit-database clone found. Deleting and re-cloning...")
-                    print("Deleting " + self.currentPath + "/exploit-database/...")
-                    os.system("rm -Rf " + self.currentPath + "/exploit-database/")
-                    print("Cloning exploit-database repository")
-                    git.Repo.clone_from("https://gitlab.com/exploit-database/exploitdb.git", self.exploitDbPath)
-                print("Updating db...")
-                self.updateDb()
-            print("Loading database...")
-            with open(self.currentPath + "/" + exploitMap, encoding="utf-8") as fileData:
-                cveToExploitMap = json.load(fileData)
-                self.cveToExploitMap = cveToExploitMap
-                if self.debug == True:
-                    print(self.cveToExploitMap)
+            self.pullLatestUpdates()
+
+    def pullLatestUpdates(self):
+        try:
+            self.logDebug("Pulling exploit-database updates...")
+            git.Git(self.exploitDbPath).pull('origin', 'main')
+        except git.exc.GitCommandError:
+            self.logDebug("Repo broken, re-cloning...")
+            self.deleteAndRecloneRepo()
 
+    def deleteAndRecloneRepo(self):
+        os.rmdir(self.exploitDbPath)
+        git.Repo.clone_from(self.EXPLOIT_DB_REPO, self.exploitDbPath)
+
+    def openFile(self, exploitMap="cveToEdbid.json", encoding="utf-8"):
+        self.cloneOrUpdateRepo()
+        with open(os.path.join(self.currentPath, exploitMap), encoding=encoding) as fileData:
+            self.cveToExploitMap = json.load(fileData)
+            self.logDebug(self.cveToExploitMap)
 
     def getCveDetails(self, cveSearch):
-        files = open(self.currentPath + "/exploit-database/files_exploits.csv", encoding="utf-8")
-        reader = csv.reader(files)
-        next(reader)
-        result = {}
-        found = False
-        for row in reader:
-            id, file, description, date, author, type, platform, port, _, date_updated, verified, codes, tags, aliases, _, app_url, src_url = tuple(row)
-            if id in self.cveToExploitMap[cveSearch]:
-                found = True
-                result['id'] = id
-                result['file'] = file
-                result['description'] = description
-                result['date'] = date
-                result['author'] = author
-                result['type'] = type
-                result['platform'] = platform
-                result['port'] = port
-                result['date_updated'] = date_updated
-                result['verified'] = verified
-                result['codes'] = codes
-                result['tags'] = tags
-                result['aliases'] = aliases
-                result['app_url'] = app_url
-                result['src_url'] = src_url
-
-                if self.debug == True:
-                    print("Exploit DB Id: {0}".format(id))
-                    print("File: {0}".format(self.exploitDbPath + "/" + file))
-                    print("Date: {0}".format(date))
-                    print("Author: {0}".format(author))
-                    print("Platform: {0}".format(platform))
-                    print("Type: {0}".format(type))
-                    print("Description: {0}".format(description))
-                    print("App URL: {0}".format(app_url))
-                    print("Source URL: {0}".format(src_url))
-                    
-                if port != "0":
-                    result['port'] = port
-                    if self.debug == True:
-                        print("Port: {0}".format(port))
-        if not found:
-            if self.debug == True:
-                print("ERROR - No EDB Id found")
-        files.close()
-        return result
+        with open(os.path.join(self.exploitDbPath, "files_exploits.csv"), encoding="utf-8") as file:
+            reader = csv.reader(file)
+            next(reader)
+            for row in reader:
+                if row[0] in self.cveToExploitMap.get(cveSearch, []):
+                    return self.extractCveDetails(row)
+        self.logDebug("ERROR - No EDB Id found")
+        return {}
 
+    def extractCveDetails(self, row):
+        details = {
+            'id': row[0],
+            'file': row[1],
+            'description': row[2],
+            'date': row[3],
+            'author': row[4],
+            'type': row[5],
+            'platform': row[6],
+            'port': row[7],
+            'date_updated': row[9],
+            'verified': row[10],
+            'codes': row[11],
+            'tags': row[12],
+            'aliases': row[13],
+            'app_url': row[14],
+            'src_url': row[15],
+        }
+        self.logDebug(f"CVE Details: {details}")
+        return details
 
     def searchCve(self, cveSearch):
         if not cveSearch:
             return []
         cveSearch = cveSearch.upper()
-        print(cveSearch)
+        self.logDebug(f"Searching for CVE: {cveSearch}")
         if cveSearch in self.cveToExploitMap:
-            if self.debug == True:
-                print("Found")
-            cveData = self.getCveDetails(cveSearch)
-            if cveData:
-                return cveData
-            else:
-                return cveSearch
+            return self.getCveDetails(cveSearch)
         return []
 
-
     def updateDb(self):
-        data = {}
-        if not os.path.exists(self.edbidToCveFile):
-            os.system("touch {0}".format(self.edbidToCveFile))
-            data = {}
-        else:
-            with open(self.edbidToCveFile, encoding="utf-8") as fileData:
+        data = self.loadExistingData(self.edbidToCveFile)
+        exploits = self.loadExploitCsv()
+        
+        for i, row in enumerate(exploits):
+            edb_id = row[0]
+            if edb_id not in data:
+                data[edb_id] = self.fetchCvesForExploit(edb_id)
+
+        self.writeJson(self.edbidToCveFile, data)
+        self.createCveToExploitMap(data)
+        self.writeJson(self.cveToEdbidFile, self.cveToExploitMap)
+
+    def loadExistingData(self, file_path):
+        if os.path.exists(file_path):
+            with open(file_path, encoding="utf-8") as fileData:
                 try:
-                    data = json.load(fileData)
-                except:
-                    print("Possibly corrupt or empty: {0}".format(self.edbidToCveFile))
-                    os.system("rm -f {0}".format(self.edbidToCveFile))
-                    os.system("touch {0}".format(self.edbidToCveFile))
-                    data = {}
-        files = open(self.exploitDbPath + "/files_exploits.csv", encoding="utf-8")
-        reader = csv.reader(files)
-        next(reader)
-        reader = list(reader)
-        edbCount = len(reader)
-        headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
-        def locations_of_substring(string, substring):
-           import re
-           results = [m.start() for m in re.finditer(substring, string)]
-           return results
-        print("Refreshing EDBID-CVE mapping. This may take a long time.")
-        for i in range(edbCount):
-            percentDone = (i / edbCount) * 100
-            if self.debug == True:
-                print("Processing...{0}%".format(str(percentDone)))
-            edb = tuple(reader[i])[0]
-            if edb in data:
-                if self.debug == True:
-                    print("Skipping {0}".format(str(edb)))
-                pass
-            else:
-                content = ""
-                while True:
-                    try:
-                        requestUri = "https://www.exploit-db.com/exploits/{0}".format(str(edb))
-                        if self.debug == True:
-                            print("Requesting {0}".format(requestUri))
-                        r = requests.get(requestUri, headers = headers, timeout=10)
-                        content = r.content.decode("ISO-8859-1")
-                    except Exception as e:
-                        if self.debug == True:
-                            print("Error {0}".format(e))
-                        time.sleep(self.requestCoolOffTime)
-                        continue
-                    finally:
-                        break
-                indexes = locations_of_substring(content, 'https://nvd.nist.gov/vuln/detail/CVE-')
-                used = []
-                for pos in indexes:
-                      cve = r.content[pos + 33: pos + 33 + 14]
-                      if type(cve) == type(bytes()):
-                          cve = cve.decode("ISO-8859-1")
-                      cve = cve.replace('\"', '')
-                      cve = cve.replace('\r', '')
-                      cve = cve.replace('\n', '')
-                      if cve in used:
-                          continue
-                      used.append(cve)
-                data[edb] = used
-        with open(self.edbidToCveFile, "w", encoding="utf-8") as fileData:
-            json.dump(data, fileData, indent = 2)
-        self.cveToExploitMap = {}
-        for k, v in data.items():
-            for e in v:
-                self.cveToExploitMap[e] = self.cveToExploitMap.get(e, [])
-                self.cveToExploitMap[e].append(k)
-        with open(self.cveToEdbidFile, "w", encoding="utf-8") as fileData:
-            json.dump(self.cveToExploitMap, fileData, indent = 2)
+                    return json.load(fileData)
+                except json.JSONDecodeError:
+                    self.logDebug(f"Corrupt file detected at {file_path}, recreating...")
+        return {}
+
+    def loadExploitCsv(self):
+        with open(os.path.join(self.exploitDbPath, "files_exploits.csv"), encoding="utf-8") as file:
+            reader = csv.reader(file)
+            next(reader)
+            return list(reader)
+
+    def fetchCvesForExploit(self, edb_id):
+        requestUri = f"https://www.exploit-db.com/exploits/{edb_id}"
+        self.logDebug(f"Requesting {requestUri}")
+        while True:
+            try:
+                response = requests.get(requestUri, headers=self.USER_AGENT, timeout=10)
+                return self.parseCvesFromContent(response.content)
+            except requests.RequestException as e:
+                self.logDebug(f"Request error: {e}, retrying after cool-off")
+                time.sleep(self.requestCoolOffTime)
 
+    def parseCvesFromContent(self, content):
+        indexes = [m.start() for m in re.finditer('https://nvd.nist.gov/vuln/detail/CVE-', content)]
+        return {content[pos + 33: pos + 47].decode("ISO-8859-1").strip() for pos in indexes}
+
+    def writeJson(self, file_path, data):
+        with open(file_path, "w", encoding="utf-8") as fileData:
+            json.dump(data, fileData, indent=2)
+
+    def createCveToExploitMap(self, data):
+        for edb_id, cves in data.items():
+            for cve in cves:
+                if cve not in self.cveToExploitMap:
+                    self.cveToExploitMap[cve] = []
+                self.cveToExploitMap[cve].append(edb_id)
 
 def test():
     pEdb = PyExploitDb()
     pEdb.debug = False
     pEdb.openFile()
     results = pEdb.searchCve("CVE-2018-14592")
-    if results:
-        print(results)
-        print('PASS')
-    else:
-        print('FAIL')
-        sys.exit(1)
-
+    print('PASS' if results else 'FAIL')
 
 if __name__ == "__main__":
     test()

{pyExploitDb-0.2.51.dist-info → pyExploitDb-0.2.54.dist-info}/METADATA

@@ -1,7 +1,7 @@
 Metadata-Version: 2.1
 Name: pyExploitDb
-Version: 0.2.51
-Summary: An optimized Python3 library to fetch the most recent exploit-database, create searchable indexes for CVE->EDBID and EDBID -> CVE, and provide methods to perform searches.
+Version: 0.2.54
+Summary: An optimized Python3 library to fetch the most recent exploit-database,
 Home-page: https://github.com/Hackman238/pyExploitDb
 Author: Shane William Scott
 Author-email: gs@shanewilliamscott.com
@@ -28,7 +28,7 @@ This is the new home of "pyExploidDb".
 
 pyExploitDb (https://shanewilliamscott.com)
 ==
-
+[![Python package](https://github.com/Hackman238/pyExploitDb/actions/workflows/master.yml/badge.svg)](https://github.com/Hackman238/pyExploitDb/actions/workflows/master.yml)
 [![Known Vulnerabilities](https://snyk.io/test/github/Hackman238/pyExploitDb/badge.svg?targetFile=requirements.txt)](https://snyk.io/test/github/Hackman238/pyExploitDb?targetFile=requirements.txt)
 [![Maintainability](https://api.codeclimate.com/v1/badges/a11151ec3314f93a777f/maintainability)](https://codeclimate.com/github/Hackman238/pyExploitDb/maintainability)
 

pyExploitDb-0.2.54.dist-info/RECORD

@@ -0,0 +1,8 @@
+pyExploitDb/__init__.py,sha256=gbunzcwgZRZuJMGgafULAAWsUsyYZLQ0qhdfrcYo8fE,5629
+pyExploitDb/cveToEdbid.json,sha256=RzcfsMC1vfN0ieZbFN0hDD4wnRCsF1Bc3G42lp6rPXA,984560
+pyExploitDb/edbidToCve.json,sha256=WaI6yPMbSLG3qjcObz4s-O3BSQqTwalPEUkVIHReaeg,1358145
+pyExploitDb-0.2.54.dist-info/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+pyExploitDb-0.2.54.dist-info/METADATA,sha256=W8tKacIw7Z14K2V6ScZtfd0iYOL-qgOBr22ucaVM2Ew,2693
+pyExploitDb-0.2.54.dist-info/WHEEL,sha256=eOLhNAGa2EW3wWl_TU484h7q1UNgy0JXjjoqKoxAAQc,92
+pyExploitDb-0.2.54.dist-info/top_level.txt,sha256=9RS0bXZhz9Wz4-FytP-Cs8qpdAuVzWqmHQRnjYtuOwk,12
+pyExploitDb-0.2.54.dist-info/RECORD,,

pyExploitDb-0.2.51.dist-info/RECORD

@@ -1,8 +0,0 @@
-pyExploitDb/__init__.py,sha256=dBPIBtm3EWgqm0JuTnxeYrLmqN8Uj5cRZMWsiCJDOGQ,8260
-pyExploitDb/cveToEdbid.json,sha256=RzcfsMC1vfN0ieZbFN0hDD4wnRCsF1Bc3G42lp6rPXA,984560
-pyExploitDb/edbidToCve.json,sha256=WaI6yPMbSLG3qjcObz4s-O3BSQqTwalPEUkVIHReaeg,1358145
-pyExploitDb-0.2.51.dist-info/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
-pyExploitDb-0.2.51.dist-info/METADATA,sha256=6IWsLKujlZ1K356GKXpXI0XJsxylG-VxDLOM16XPAGs,2620
-pyExploitDb-0.2.51.dist-info/WHEEL,sha256=eOLhNAGa2EW3wWl_TU484h7q1UNgy0JXjjoqKoxAAQc,92
-pyExploitDb-0.2.51.dist-info/top_level.txt,sha256=9RS0bXZhz9Wz4-FytP-Cs8qpdAuVzWqmHQRnjYtuOwk,12
-pyExploitDb-0.2.51.dist-info/RECORD,,