Created
August 11, 2025 09:19
-
-
Save Arkango/8140630f58935f16a265950ed4d10266 to your computer and use it in GitHub Desktop.
Fills the CVSS score in pwndoc-ng with an heuristic based on the category of the vuln
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (async () => { | |
| const delay = ms => new Promise(r => setTimeout(r, ms)); | |
| // CVSS vector labels to click per category | |
| const cvssMapping = { | |
| 'C': ['Network', 'Low', 'None', 'None', 'Unchanged', 'High', 'High', 'High'], | |
| 'H': ['Network', 'Low', 'Low', 'None', 'Unchanged', 'High', 'High', 'High'], | |
| 'M': ['Network', 'High', 'Low', 'Required', 'Unchanged', 'Low', 'Low', 'Low'], | |
| 'N': ['Network', 'High', 'None', 'Required', 'Unchanged', 'Low', 'None', 'None'], | |
| 'default': ['Network', 'Low', 'None', 'None', 'Unchanged', 'Low', 'Low', 'Low'] | |
| }; | |
| // Get all vuln link containers, remove first 9 | |
| let vulnLinks = Array.from(document.getElementsByClassName("q-item__section column q-item__section--main justify-center")); | |
| vulnLinks.splice(0,9); | |
| for(let i = 0; i < vulnLinks.length; i++) { | |
| let vulnLink = vulnLinks[i]; | |
| let vulnTitle = vulnLink.textContent.trim(); | |
| // Get category from sibling .q-chip__content | |
| let categoryElem = vulnLink.parentElement.querySelector('.q-chip__content'); | |
| let category = categoryElem ? categoryElem.textContent.trim() : 'N'; | |
| console.log(`Processing vuln #${i+1}: ${vulnTitle} [Category: ${category}]`); | |
| // Click vuln to open details | |
| vulnLink.click(); | |
| await delay(2000); // wait for page load | |
| // Click Details tab | |
| let detailsTab = Array.from(document.getElementsByClassName('q-tab__label')) | |
| .find(el => el.textContent.trim() === 'Details'); | |
| if (!detailsTab) { | |
| console.error('Details tab not found, skipping vuln'); | |
| history.back(); | |
| await delay(1500); | |
| continue; | |
| } | |
| detailsTab.click(); | |
| await delay(1000); | |
| // Click CVSS option buttons based on category mapping | |
| let neededLabels = cvssMapping[category] || cvssMapping['default']; | |
| let cvssButtons = Array.from(document.querySelectorAll('span.block')); | |
| for (let label of neededLabels) { | |
| let btn = cvssButtons.find(b => b.textContent.trim() === label); | |
| if (btn) { | |
| btn.click(); | |
| await delay(300); // small delay between clicks | |
| } else { | |
| console.warn(`CVSS option "${label}" not found`); | |
| } | |
| } | |
| // Click Save button (assuming button text includes 'save') | |
| let saveButton = Array.from(document.querySelectorAll('button')) | |
| .find(btn => btn.textContent.toLowerCase().includes('save')); | |
| if (!saveButton) { | |
| console.error('Save button not found, skipping vuln'); | |
| history.back(); | |
| await delay(1500); | |
| continue; | |
| } | |
| saveButton.click(); | |
| await delay(2500); // wait save to complete | |
| // Go back to vuln list | |
| history.back(); | |
| await delay(2000); // wait for list to reload | |
| } | |
| console.log('All vulns processed.'); | |
| })(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment