Last active
July 4, 2024 14:57
-
-
Save 7h3rAm/812eff486865f30c0da5c4a9d41ff73e to your computer and use it in GitHub Desktop.
Query circl.lu API for CVE information.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from pprint import pprint | |
| import requests | |
| import json | |
| def circllu_cveinfo(cve): | |
| customheaders = { | |
| "User-Agent": "Some script trying to be nice :)" | |
| } | |
| try: | |
| res = requests.get("http://cve.circl.lu/api/cve/%s" % (cve.upper()), headers=customheaders) | |
| if res.status_code == 200: | |
| reply = res.json() | |
| if len(reply): | |
| return { | |
| "success": True, | |
| "requesturl": res.url, | |
| "cve": cve.upper(), | |
| "summary": reply["summary"], | |
| "references": reply["references"] | |
| } | |
| return { | |
| "success": False, | |
| "reason": "expected HTTP 200 status code but got %d instead for requesturl" % (res.status_code) | |
| } | |
| except Exception as ex: | |
| return { | |
| "success": False, | |
| "exception": ex.message | |
| } | |
| def circllu_cverecent(maxcves=0): | |
| customheaders = { | |
| "User-Agent": "Some script trying to be nice :)" | |
| } | |
| try: | |
| res = requests.get("http://cve.circl.lu/api/last", headers=customheaders) | |
| if res.status_code == 200: | |
| reply = json.loads(res.content) | |
| cves = list() | |
| for node in reply: | |
| if "REJECT" not in node["summary"]: | |
| cves.append(node["id"]) | |
| return { | |
| "success": True, | |
| "requesturl": res.url, | |
| "cves": cves if maxcves == 0 else cves[:maxcves] | |
| } | |
| return { | |
| "success": False, | |
| "reason": "expected HTTP 200 status code but got %d instead for requesturl" % (res.status_code) | |
| } | |
| except Exception as ex: | |
| return { | |
| "success": False, | |
| "exception": ex.message | |
| } | |
| def circllu_cvesearch(vendorproduct, maxcves=0): | |
| if not vendorproduct or vendorproduct == "": | |
| return { | |
| "success": False, | |
| "usage": "<vendor> <product>" | |
| } | |
| customheaders = { | |
| "User-Agent": "Some script trying to be nice :)" | |
| } | |
| try: | |
| res = requests.get("http://cve.circl.lu/api/search/%s" % ("/".join(vendorproduct.lower().split(" "))), headers=customheaders) | |
| if res.status_code == 200: | |
| reply = json.loads(res.content) | |
| if len(reply): | |
| cves = list() | |
| for node in reply: | |
| if "REJECT" not in node["summary"]: | |
| cves.append(node["id"]) | |
| return { | |
| "success": True, | |
| "requesturl": res.url, | |
| "vendorproduct": "/".join(vendorproduct.lower().split(" ")).title(), | |
| "cves": sorted(cves, reverse=True) if maxcves == 0 else sorted(cves, reverse=True)[:maxcves] | |
| } | |
| return { | |
| "success": False, | |
| "reason": "expected HTTP 200 status code but got %d instead for requesturl" % (res.status_code) | |
| } | |
| except Exception as ex: | |
| return { | |
| "success": False, | |
| "exception": ex.message | |
| } | |
| def circllu_dbinfo(): | |
| customheaders = { | |
| "User-Agent": "Some script trying to be nice :)" | |
| } | |
| try: | |
| res = requests.get("https://cve.circl.lu/api/dbInfo", headers=customheaders) | |
| if res.status_code == 200: | |
| result = json.loads(res.content) | |
| return { | |
| "success": True, | |
| "requesturl": res.url, | |
| "result": result, | |
| } | |
| return { | |
| "success": False, | |
| "reason": "expected HTTP 200 status code but got %d instead for requesturl" % (res.status_code) | |
| } | |
| except Exception as ex: | |
| return { | |
| "success": False, | |
| "exception": ex.message | |
| } | |
| if __name__ == "__main__": | |
| print("CIRCL:CVEInfo:") | |
| pprint(circllu_cveinfo("CVE-2021-44228")) | |
| print() | |
| print("CIRCL:RecentCVEs:") | |
| pprint(circllu_cverecent()) | |
| print() | |
| print("CIRCL:CVESearch:") | |
| pprint(circllu_cvesearch(vendorproduct="Adobe Reader")) | |
| print() | |
| print("CIRCL:DBInfo:") | |
| pprint(circllu_dbinfo()) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CIRCL:CVEInfo: | |
| {'cve': 'CVE-2021-44228', | |
| 'references': ['https://logging.apache.org/log4j/2.x/security.html', | |
| 'http://www.openwall.com/lists/oss-security/2021/12/10/1', | |
| 'http://www.openwall.com/lists/oss-security/2021/12/10/2', | |
| 'http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html', | |
| 'https://security.netapp.com/advisory/ntap-20211210-0007/', | |
| 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd', | |
| 'http://www.openwall.com/lists/oss-security/2021/12/10/3', | |
| 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032', | |
| 'https://www.oracle.com/security-alerts/alert-cve-2021-44228.html', | |
| 'https://lists.fedoraproject.org/archives/list/[email protected]/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/', | |
| 'http://www.openwall.com/lists/oss-security/2021/12/13/1', | |
| 'http://www.openwall.com/lists/oss-security/2021/12/13/2', | |
| 'https://twitter.com/kurtseifried/status/1469345530182455296', | |
| 'https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html', | |
| 'https://www.debian.org/security/2021/dsa-5020', | |
| 'https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf', | |
| 'http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html', | |
| 'http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html', | |
| 'http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html', | |
| 'http://www.openwall.com/lists/oss-security/2021/12/14/4', | |
| 'https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html', | |
| 'https://www.kb.cert.org/vuls/id/930724', | |
| 'http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html', | |
| 'http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html', | |
| 'http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html', | |
| 'http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html', | |
| 'http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html', | |
| 'http://www.openwall.com/lists/oss-security/2021/12/15/3', | |
| 'https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf', | |
| 'https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/', | |
| 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd', | |
| 'https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf', | |
| 'http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html', | |
| 'https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf', | |
| 'http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html', | |
| 'https://lists.fedoraproject.org/archives/list/[email protected]/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/', | |
| 'https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md', | |
| 'http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html', | |
| 'http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html', | |
| 'https://www.oracle.com/security-alerts/cpujan2022.html', | |
| 'https://github.com/cisagov/log4j-affected-db', | |
| 'https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001', | |
| 'https://support.apple.com/kb/HT213189', | |
| 'http://seclists.org/fulldisclosure/2022/Mar/23', | |
| 'https://www.oracle.com/security-alerts/cpuapr2022.html', | |
| 'https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228', | |
| 'https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html', | |
| 'http://seclists.org/fulldisclosure/2022/Jul/11', | |
| 'http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html', | |
| 'http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html', | |
| 'http://seclists.org/fulldisclosure/2022/Dec/2', | |
| 'http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html'], | |
| 'requesturl': 'https://cve.circl.lu/api/cve/CVE-2021-44228', | |
| 'success': True, | |
| 'summary': 'Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security ' | |
| 'releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in ' | |
| 'configuration, log messages, and parameters do not protect ' | |
| 'against attacker controlled LDAP and other JNDI related ' | |
| 'endpoints. An attacker who can control log messages or log ' | |
| 'message parameters can execute arbitrary code loaded from LDAP ' | |
| 'servers when message lookup substitution is enabled. From log4j ' | |
| '2.15.0, this behavior has been disabled by default. From version ' | |
| '2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality ' | |
| 'has been completely removed. Note that this vulnerability is ' | |
| 'specific to log4j-core and does not affect log4net, log4cxx, or ' | |
| 'other Apache Logging Services projects.'} | |
| CIRCL:RecentCVEs: | |
| {'cves': ['CVE-2024-28436', | |
| 'CVE-2023-4091', | |
| 'CVE-2022-2127', | |
| 'CVE-2023-25948', | |
| 'CVE-2023-26597', | |
| 'CVE-2023-24480', | |
| 'CVE-2023-25178', | |
| 'CVE-2023-25770', | |
| 'CVE-2023-23585', | |
| 'CVE-2023-25078', | |
| 'CVE-2022-3437', | |
| 'CVE-2022-32742', | |
| 'CVE-2020-14318', | |
| 'CVE-2020-14383', | |
| 'CVE-2020-14323', | |
| 'CVE-2022-34560', | |
| 'CVE-2022-34561', | |
| 'CVE-2022-34562', | |
| 'CVE-2022-35503', | |
| 'CVE-2023-38290', | |
| 'CVE-2023-38291', | |
| 'CVE-2023-38292', | |
| 'CVE-2023-38293', | |
| 'CVE-2023-38294', | |
| 'CVE-2023-38295', | |
| 'CVE-2023-38296', | |
| 'CVE-2023-38297', | |
| 'CVE-2023-38298', | |
| 'CVE-2023-38299', | |
| 'CVE-2023-38300'], | |
| 'requesturl': 'https://cve.circl.lu/api/last', | |
| 'success': True} | |
| CIRCL:CVESearch: | |
| {'reason': 'expected HTTP 200 status code but got 404 instead for requesturl', | |
| 'success': False} | |
| CIRCL:DBInfo: | |
| {'requesturl': 'https://cve.circl.lu/api/dbInfo', | |
| 'result': {'capec': {'last_update': '2019-09-30T18:53:48', 'size': 570}, | |
| 'cpe': {'last_update': '2024-04-20T04:30:10', 'size': 822309}, | |
| 'cpeOther': {'last_update': '2020-10-02T05:15:22', 'size': 0}, | |
| 'cves': {'last_update': '2024-04-22T18:00:06', 'size': 246571}, | |
| 'cwe': {'last_update': '2020-06-25T22:10:26', 'size': 1245}, | |
| 'via4': {'last_update': '2021-01-23T15:47:42', 'size': 148446}}, | |
| 'success': True} |
@SarotecK Thanks for reporting. Fixed the HTTPS certificate issue (InsecureRequestWarning). You are right about the search API, it is not working anymore.
@SarotecK Thanks for reporting. Fixed the HTTPS certificate issue (InsecureRequestWarning). You are right about the search API, it is not working anymore.
switch to https://cvepremium.circl.lu/api/
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Doesnt work for me anymore.