工具|Windows主机漏洞扫描工具v2

0x01 前言

之前发布了一篇Windows主机漏洞扫描工具v1,目前由于微软官方更新了查询安全更新的站点,因而本工具需要进行相应的更新。

微软官方安全通知网站

https://msrc.microsoft.com/update-guide
项目地址GitHub

https://github.com/chroblert/WindowsVulnScan

0x02 更新内容:

  • get_page_num()函数

  • def get_page_num(dstDateStrArg = None):
        headers = {
            'origin': 'https://msrc.microsoft.com',
            'referer': 'https://msrc.microsoft.com/update-guide',
            'accept-language': 'zh-CN',
            'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299',
            'accept': 'application/json, text/plain, */*',
            'accept-encoding': 'gzip, deflate',
            'host': 'api.msrc.microsoft.com',
            'connection': 'close',
            'cache-control': 'no-cache',
            }

    url = 'https://api.msrc.microsoft.com/sug/v2.0/en-US/affectedProduct'
        dstDateStr = str(datetime.date.today()) if dstDateStrArg == None else dstDateStrArg
        params = {
            '$$orderby':'releaseDate desc',
            '$filter':'(releaseDate gt 1000-03-01T00:00:00 08:06) and (releaseDate lt '  dstDateStr  'T23:59:59 08:00)',
        }
        dataCount = 500
        try:
            response = requests.request('GET', url, params=params, headers=headers, verify = False)
            dataCount = json.loads(response.text)['@odata.count']
        except Exception as e:
            print(e)
        return math.ceil(int(dataCount)/DATA_PER_PAGE)

  • update_onepage_cvedb_database()函数

  • def update_onepage_cvedb_database(num=1,pageSize=500):    pass    skip = num * DATA_PER_PAGE    headers = {        'origin': 'https://msrc.microsoft.com',        'referer': 'https://msrc.microsoft.com/update-guide',        'accept-language': 'zh-CN',        'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299',        'accept': 'application/json, text/plain, */*',        'accept-encoding': 'gzip, deflate',        'host': 'api.msrc.microsoft.com',        'connection': 'close',        'cache-control': 'no-cache',        }
    
        url = 'https://api.msrc.microsoft.com/sug/v2.0/en-US/affectedProduct'    params = {        '$$orderby':'releaseDate desc',        '$filter':'(releaseDate gt 1000-03-01T00:00:00 08:06) and (releaseDate lt ' str(datetime.date.today()) 'T23:59:59 08:00)',        '$skip':skip    }   # print(params)    resultList = []    try:        response = requests.request('GET', url, params=params, headers=headers, verify = False)        resultList = json.loads(response.text)['value']    except Exception as e:        print(e)        #print(response.text)    conn = sqlite3.connect(DBFileName)    create_sql = '''Create Table IF NOT EXISTS {} (        hash TEXT UNIQUE,        name TEXT,        KBName TEXT,        CVEName TEXT,        impact TEXT,        hasPOC TEXT)'''.format(TableName)    conn.execute(create_sql)    conn.commit()    conn.close()    for result in resultList:        KBName = ''        for KBNode in result['kbArticles']:            KBName  = KBNode['articleName']   ';' if (KBNode['articleName'] != None) and KBNode['articleName'].isdigit() else ''        if KBName == '':            continue        h1 = hashlib.md5()        metaStr = result['product']   KBName   result['cveNumber']   result['impact']        h1.update(metaStr.encode('utf-8'))        #hasPOC = check_POC_every_CVE(result['cveNumber'])        # 收集到所有的KB后再搜索有没有公开的EXP        hasPOC = ''        sql = 'INSERT OR IGNORE INTO ' TableName ' VALUES (''   h1.hexdigest()   '',''   result['product']   '',''   KBName   '',''   result['cveNumber']   '',''   result['impact']   '',''   hasPOC '')'        with lock:            global insertSQL            insertSQL.append(sql)

0x03 目录结构:

  • version1:第一版

  • version2:第二版

0x04 运行效果:

0x05 示例

  1. 首先运行powershell脚本KBCollect.ps收集一些信息
    .\KBCollect.ps1

  2. 将运行后产生的KB.json文件移动到cve-check.py所在的目录

  3. 安装一些python3模块
    python3 -m pip install requirements.txt

  4. 运行cve-check.py -u创建CVEKB数据库

  5. 运行cve-check.py -U更新CVEKB数据库中的hasPOC字段

  6. 此处可以使用-m选择更新模式。 -m All:更新所有 -m Empty:只更新hasPOC字段为空的 -m Error:只更新hasPOC字段为Error的
  7. 运行cve-check.py -C -f KB.json查看具有公开EXP的CVE,如下

(0)

相关推荐